[maemo-community] libcurl3

From: Pali Rohár pali.rohar at gmail.com
Date: Mon Apr 30 19:08:47 EEST 2012
On Sunday 29 April 2012 23:50:24 Piotr Jawidzyk wrote:
> http://maemo.org/packages/view/libcurl3/
> 
> Situation quite similar to libxau6, yet from 30.03.2012. No
> changelog, not uploaded by maintainer, also replacing
> component from fremantle armel SSU. No idea, who uploaded
> "new" version and why.
> 
> Could anyone knowledgeable drop an eye on the source code, and
> check WTF?
> 
> /Estel

Hi! I looked at this problematic package.

Package has changelog in debian subfolder. Here is:

===
curl (7.25.0-1maemo2) fremantle; urgency=low
  * Maemo package cleanup

 -- Ludek Finstrle <luf at pzkagis.cz>  Fri, 30 Mar 2012 10:07:43 +0200

curl (7.25.0-1maemo1) fremantle; urgency=high
  * New upstream release
    - Fix builds with proxy or http disabled
    - Fix a numeric overflow in parsing date
    - COOKIES: strip the numerical ipv6 host properly
    - Fix CONNECT: fix multi interface regression
      http://curl.haxx.se/mail/lib-2012-03/0162.html
    - SWS: refuse to serve CONNECT unless running as proxy
    - Update detection logic of getaddrinfo() thread-safeness
    - Fix --libcurl option output file text translation mode
    - Fix OOM handling
    - Fix resolve with c-ares: don't resolve IPv6 when not working
      http://curl.haxx.se/mail/lib-2012-03/0045.html
    - SMTP: Changed the curl error code for EHLO and HELO responses

 -- Ludek Finstrle <luf at pzkagis.cz>  Fri, 23 Mar 2012 09:29:36 +0100
===

Source code of version in extras is here:
http://repository.maemo.org/extras-devel/pool/fremantle/free/source/c/curl/

tarball curl_7.25.0.orig.tar.gz from extras-devel is same as
upstream 7.25.0 version on: http://curl.haxx.se/download.html

I checked also additional patches and all are only compile flags, nothing more.

So I did not found anything strange in source code (no backdoor, etc..).

Package is only "New upstream release". But still it is bad that anybody
can push new version of maemo core packages (also if it fixing strange bugs)
without any informations...

-- 
Pali Rohár
pali.rohar at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.maemo.org/pipermail/maemo-community/attachments/20120430/b8441a9d/attachment.pgp>
More information about the maemo-community mailing list