Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Eric Blake
> > The thread was kind of spread out. I don't see any reason to keep -1 > around since it's identical to -2 except lacking the backport, so I'd > say delete it. OK, curl/libcurl2/libcurl2-7.11.1-1 is gone; libcurl2 now only has a current version of 7.11.1-2 with no previous. -- Eric Blake

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Brian Dessent
Eric Blake wrote: > Sorry about that - the problem stemmed from me trying to chase down > several emails for the files to download, due to the churn on this topic. > -2 is now uploaded; I also left the -1 there unless you tell me to remove > it. Thanks for adopting the package, and addressing the

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Eric Blake
> > Hmm, it looks like you uploaded the -1 version of the libcurl2 package, > > but the -2 version contains the security fix: > > . Sorry about that - the problem stemmed from me trying to chase down several emails for the files to download,

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Brian Dessent
Brian Dessent wrote: > Hmm, it looks like you uploaded the -1 version of the libcurl2 package, > but the -2 version contains the security fix: > . Also, the vorbis-tools setup.hint needs to be edited to call for libcurl2 instead of curl. Br

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Brian Dessent
Eric Blake wrote: > I have just uploaded curl-7.15.0-3, based on this recommendation. > I deleted all remnants of 7.10.8-1, but was unsure whether to remove > the old curl/curl-7.11.1-1* in favor of the new curl/libcurl2/*7.11.1* > files. Please advise. Hmm, it looks like you uploaded the -1 ver

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Brian Dessent
Eric Blake wrote: > > In any case, this is a minor nit. At this point, it's more important to > > get curl updated for the security flaw, so I'm calling this GTG. > > > > Please, though, try to get c-ares and libidn included when you can. > > I have just uploaded curl-7.15.0-3, based on this rec

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Eric Blake
> In any case, this is a minor nit. At this point, it's more important to > get curl updated for the security flaw, so I'm calling this GTG. > > Please, though, try to get c-ares and libidn included when you can. I have just uploaded curl-7.15.0-3, based on this recommendation. I deleted all rem

Re: [ITP-adopt] curl 7.15.0

2005-11-24 Thread Yaakov S (Cygwin Ports)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Dessent wrote: > That aside, I do agree that it's ugly and unnecessary. So I patched > configure.ac to not add those when building for Cygwin. New -3 packages > listed below (sans build logs in -src package.) Except that the *new* -src package

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
"Yaakov S (Cygwin Ports)" wrote: > # Libraries that this one depends upon. > dependency_libs=' -L/usr/lib -lssl -lcrypto -lgdi32 -lwinmm -lz' > > Libtool hence will unnecessarily require w32api to be installed in order > to link with these two. So I'd still say that they need to be avoided. Wel

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Yaakov S (Cygwin Ports)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Dessent wrote: > I noticed that too (that it was adding -lwinmm to the link line) but as > far as I can tell it does not actually import anything from them: Looking at the code, everything Windows related is #ifdef WIN32, so it would appear not

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
"Yaakov S (Cygwin Ports)" wrote: > curl's configure looks for gdi32 and winmm libs for building on MinGW. > If w32api is installed, configure will pick these up, even though we > don't necessary want them on Cygwin. I noticed that too (that it was adding -lwinmm to the link line) but as far as I

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Yaakov S (Cygwin Ports)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Dessent wrote: > Okay, here's the current set. The setup.hints are unchanged except for > the "requires" line so I won't paste them in the message. (I include > the libcurl2 package URLs here too just for convenience even though they > are not

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
"Yaakov S (Cygwin Ports)" wrote: > 1) I don't think that we should keep libcurl2 as-is, being that it's > vulnerable. Either we could drop it entirely (and recompile > vorbis-tools against libcurl3 immediately), or rebuild curl-7.11 with > the following patch: > > http://curl.haxx.se/libcurl-ntl

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Yaakov S (Cygwin Ports)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Dessent wrote: > I would like to adopt these packages and maintain them. The current > packaged version is somewhat old anyway, and I believe that someone > mentioned it being vulnerable to a security flaw. Below are packages > for 7.15.0. Fir

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Corinna Vinschen
On Nov 23 03:57, Brian Dessent wrote: > Corinna Vinschen wrote: > > > It's not an issue for Cygwin and in theory I'd prefer if you could link > > curl against OpenSSL. OTOH, GNUTLS would be a fine additional package > > for Cygwin, too (*hint, hint*). Where is the GNUTLS package? I don't > > se

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
Brian Dessent wrote: > So, I'll switch back to OpenSSL and make a -2 version. Okay, here's the current set. The setup.hints are unchanged except for the "requires" line so I won't paste them in the message. (I include the libcurl2 package URLs here too just for convenience even though they are

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
Corinna Vinschen wrote: > It's not an issue for Cygwin and in theory I'd prefer if you could link > curl against OpenSSL. OTOH, GNUTLS would be a fine additional package > for Cygwin, too (*hint, hint*). Where is the GNUTLS package? I don't > see it in your list of packages. Since you linked c

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Corinna Vinschen
On Nov 22 20:49, Brian Dessent wrote: > Brian Dessent wrote: > > > I did not check vorbis-tools but I assume it's the > > same situation. > > Perhaps I should have, because /usr/bin/ogg123 is in fact linked to > cygcurl-2.dll, which would no longer exist. Since the DLL version was > bumped I'm g

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Corinna Vinschen
On Nov 22 19:55, Brian Dessent wrote: > 2. I linked against GNUTLS instead of OpenSSL. This eliminates a nasty > potential GPL issue, which is detailed at > . Essentially, the situation is > that OpenSSL+libcurl is fine license-wise, but if someone then trie

Re: [ITP-adopt] curl 7.15.0

2005-11-23 Thread Brian Dessent
Charles Wilson wrote: > That's *exactly* what I do. Go for it. Thanks for the sanity check. Here are the libcurl2 files. sdesc: "compatibility runtime library for libcurl 7.11.x" ldesc: "cURL is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, TFTP, HTTP, HTTP

Re: [ITP-adopt] curl 7.15.0

2005-11-22 Thread Charles Wilson
Brian Dessent wrote: Question: I have read Chuck W's emails on this in the past, but I just want to confirm that the following is kosher. Can I simply *rename* the current *source* package curl-7.11.1-1-src.tar.bz2 to libcurl2-7.11.1-1-src.tar.bz2, and create a libcurl2-7.11.1-1.tar.bz2 contain

Re: [ITP-adopt] curl 7.15.0

2005-11-22 Thread Brian Dessent
Brian Dessent wrote: > I did not check vorbis-tools but I assume it's the > same situation. Perhaps I should have, because /usr/bin/ogg123 is in fact linked to cygcurl-2.dll, which would no longer exist. Since the DLL version was bumped I'm going to assume that the ABI was changed too, so I gues