From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] privoxy: Update to 3.0.24
Date: Tue, 29 Mar 2016 15:04:46 +0100 [thread overview]
Message-ID: <1459260286.30749.203.camel@ipfire.org> (raw)
In-Reply-To: <56A684BB.40809@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2131 bytes --]
Hi,
indeed. Never bundle a library. Never. Never. Never.
PCRE had some severe security issues recently and I assume that these are not
fixed in the privoxy release tarball. If we fix the issues in pcre it will
automatically be fixed in privoxy too when dynamically linked. If pcre is
statically linked we usually wouldn't know that a vulnerable version of pcre is
in there and even if we would this would create extra work to fix the same issue
there, too.
So just don't do it. They should actually remove the bundled version upstream.
-Michael
On Mon, 2016-01-25 at 21:25 +0100, Matthias Fischer wrote:
> Hi,
>
> I got some short questions about using the feature
> "FEATURE_DYNAMIC_PCRE" in privoxy and would be grateful if someone could
> give me some shorts hint or explanations.
>
> In the past this feature was always disabled through the
> configure-option "--disable-dynamic-pcre". The only explanation
> 'privoxy' gives is the 'configure --help' text:
>
> "--disable-dynamic-pcre Use the built-in, static pcre, even if
> libpcre is available".
>
> The 'privoxy' status tells me:
> "FEATURE_DYNAMIC_PCRE => Dynamically link to the PCRE library. This is
> set automatically by ./configure if you do not have libpcre installed.
> Dynamically linking to an external libpcre is recommended as the one
> that is distributed with Privoxy itself is outdated and lacks various
> features and bug-fixes you may be interested in."
>
> So for testing purposes - being curious - I enabled this feature by
> deleting "--disable-dynamic-pcre" from 'privoxy'-lfs-file. Everything
> was built, everything seems to be running fine. But although I searched
> for a better statement what this option really does I didn't find some
> and now I would like to know what are the dis/advantages of this option.
>
> Disable or enable dynamic PCRE - what is better for 'privoxy' and
> IPFire? And what does it do? Some short statements or hints would be
> sufficient!
>
> Sorry, if this seems to be some dumb question, but I want to be sure...
>
> Best,
> Matthias
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-03-29 14:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-24 0:11 Matthias Fischer
2016-01-24 19:42 ` Michael Tremer
2016-01-24 20:21 ` Matthias Fischer
2016-01-25 20:25 ` Matthias Fischer
2016-03-29 14:04 ` Michael Tremer [this message]
2016-03-29 15:48 ` Matthias Fischer
2016-03-29 17:54 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1459260286.30749.203.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox