David Rothenberger | 3 Aug 21:39 2008
Picon

Updated: {speex,speex-devel,libspeex1}-1.2rc1-1

A new version of the speex, speex-devel, and libspeex1 packages are
now available for download.

NEWS:
=====
Updated to the 1.2rc1 upstream release. Although marked a beta
release, this is the version recommended by upstream. See also the
package documentation in /usr/share/doc/speex-1.2rc1/.

DESCRIPTION:
============
Speex is an Open Source/Free Software patent-free audio compression
format designed for speech. The Speex Project aims to lower the
barrier of entry for voice applications by providing a free
alternative to expensive proprietary speech codecs. Moreover, Speex
is well-adapted to Internet applications and provides useful
features that are not present in most other codecs. Finally, Speex
is part of the GNU Project and is available under the revised BSD
license.

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to
you: http://cygwin.com/mirrors.html

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
(Continue reading)

Dave Korn | 5 Aug 15:30 2008

Updated: Setup.exe updated to version 2.573.2.3


  I've updated the version of setup.exe at <http://cygwin.com/setup.exe> to
version 2.573.2.3.

  This version incorporates major new security-related features and 
a number of bug fixes, as listed below.

  No action is required by maintainers of standard Cygwin mirrors, but
maintainers of customised package repositories will need to take action.
Please see the "Custom Mirrors" section below for more information.

SECURITY ISSUES
===============

  This release fixes the security vulnerability CVE-2008-3323 identified by
Derek Callaway of Security Objectives.[1][2][3]  Derek observed that there
was no protection against either a corrupt mirror or a DNS hijacker or other
MitM feeding a modified setup.ini file to setup.exe and thereby causing it
to download and install a maliciously-modified package tarball.

  To verify that users are not fed a malicious setup.ini, we have instituted
GPG signing of setup.ini, setup.bz2, and their -1.7 equivalents on the
Cygwin.com website.  Setup.exe now contains a public key, and verifies any
of the setup index files it downloads against that key.  If an index file
fails to verify, or no .sig file is present on the mirror, setup.exe refuses
to accept the untrusted index file.

  By guaranteeing that setup.exe only accepts genuine index files, we can
guarantee the md5sums in those index files are untampered; as setup.exe
verifies the md5sums of downloaded packages against those indicated in the
(Continue reading)

David Rothenberger | 7 Aug 18:18 2008
Picon

New packages: {serf,libserf0_0,libserf0-devel}-0.2.0-1

Three new packages containing the serf library have been added to
the Cygwin distribution. More information about serf can be found at
http://code.google.com/p/serf/.

DESCRIPTION:
============
The serf library is a C-based HTTP client library built upon the
Apache Portable Runtime (APR) library. It multiplexes connections,
running the read/write communication asynchronously. Memory copies
and transformations are kept to a minimum to provide high
performance operation.

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to
you: http://cygwin.com/mirrors.html

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send
email to the address specified there.  It will be in the format:

(Continue reading)

Yaakov (Cygwin Ports | 8 Aug 00:48 2008
Picon
Picon

New package: cvs2svn-2.1.1-1


The following package has been added to the Cygwin net release:

+++ cvs2svn-2.1.1-1

cvs2svn is a tool for migrating a CVS repository to Subversion or git.
The main design goals are robustness and 100% data preservation. cvs2svn
can convert just about any CVS repository.

Yaakov

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to
you: http://cygwin.com/mirrors.html

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send
email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM <at> cygwin.com
(Continue reading)

David Rothenberger | 7 Aug 20:32 2008
Picon

Updated: {subversion,subversion-apache2,subversion-devel,subversion-perl,subversion-python,subversion-ruby}-1.5.1-1

A new version the subversion is now available for download.

NEWS:
=====
This is a new upstream release.

IMPORTANT: This release will silently upgrade your Subversion
working copies to the 1.5 format, rendering them unusable with
previous versions of Subversion.

Please see the release notes

  http://subversion.tigris.org/svn_1.5_releasenotes.html

for more details about the changes in Subversion.

DESCRIPTION:
============
Subversion is a version control system designed to be a compelling
successor to CVS.

Please see

  http://svnbook.red-bean.com/en/1.5/index.html

for more details about using SVN.

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
(Continue reading)

Yaakov (Cygwin Ports | 8 Aug 00:44 2008
Picon
Picon

Updated: libxslt-1.1.24-2 [SECURITY]


The following packages have been updated in the Cygwin net release:

*** libxslt-1.1.24-2
*** libxslt-devel-1.1.24-2
*** libxslt-doc-1.1.24-2
*** python-libxslt-1.1.24-2

This release includes a patch for CVE-2008-2935.

Yaakov

*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com <at> cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.
David Billinghurst | 9 Aug 02:51 2008
Picon

Updated: {gmp/libgmp3/libgmp-devel}-4.2.3-1

Version 4.2.3-1 of gmp, libgmp3 and libgmp-devel have been uploaded.

PACKAGE DESCRIPTION
===================

Homepage: http://swox.com/gmp
License : GNU LGPL

GMP is a free library for arbitrary precision arithmetic, operating
on signed integers, rational numbers, and floating point numbers. There 
is no practical limit to the precision except the ones implied by the 
available memory in the machine GMP runs on. GMP has a rich set of 
functions, and the functions have a regular interface.

CHANGES SINCE LAST RELEASE
==========================

Minor bug fixes.  See http://gmplib.org/

NOTE
====

Starting with release gmp-4.2.2, the upstream build increased the 
version number of libgmpxx.  This change was reverted as cyggmpxx-3.dll 
is backward compatible with the previous 4.1 and 4.2 releases.

INSTALL OR UPGRADE NOTES
========================

Standard install.
(Continue reading)

Corinna Vinschen | 11 Aug 10:32 2008

Updated: vim-7.2-1

I have updated the version of vim on cygwin.com to 7.2-1.

This is an update to the new upstream version 7.2.  Cygwin Vim
builds from the vanilla sources.

The official release message:

=======================================================================
Hello Vim users,

Announcing:  Vim (Vi IMproved) version 7.2

This is a minor release of Vim.  In the 15 months since Vim 7.1 many
bugs were fixed and runtime files have been added and updated.  There
are also security improvements, therefore it's a good idea to upgrade.

The main new feature since 7.1 is floating point support.  You can use
it in the Vim script language to add up a list of amounts, for example.

Once you have installed Vim 7.2 you can find details about the changes
since Vim 7.1 with ":help version-7.2".

Notes
-----

The new O'Reilly book "Learning the Vi and Vim editors" is now
available.  See http://iccf-holland.org/click5.html

I will not make an Amiga or OS/2 binary for Vim 7.2.  A Mac version is
hopefully available soon on http://macvim.org/  and/or from the MacVim
(Continue reading)

Eric Blake | 11 Aug 14:37 2008
Picon

Updated: bash-3.2.39-20


A new release of bash, 3.2.39-29, has been uploaded, replacing 3.2.39-19
as current, and leaving 3.1-6 as previous.

NEWS:
=====
This is a minor patch release, which blindly installs /bin/sh rather than
using a postinstall script prone to failure.

There are a few things you should be aware of before using this version:
1. When using binary mounts, cygwin programs try to emulate Linux.  Bash
on Linux does not understand \r\n line endings, but interprets the \r
literally, which leads to syntax errors or odd variable assignments.
Therefore, you will get the same behavior on Cygwin binary mounts by default.
2. d2u is your friend.  You can use it to convert any problematic script
into binary line endings.
3. Cygwin text mounts automatically work with either line ending style,
because the \r is stripped before bash reads the file.  If you absolutely
must use files with \r\n line endings, consider mounting the directory
where those files live as a text mount.  However, text mounts are not as
well tested or supported on the cygwin mailing list, so you may encounter
other problems with other cygwin tools in those directories.
4. This version of bash has a cygwin-specific shell option, named "igncr"
to force bash to ignore \r, independently of cygwin's mount style.  As of
bash-3.2.3-5, it controls regular scripts, command substitution, and
sourced files.  I hope to convince the upstream bash maintainer to accept
this patch into the future bash 4.0 even on Linux, rather than keeping it
a cygwin-specific patch, but only time will tell.  There are several ways
to activate this option:
4a. For a single affected script, add this line just after the she-bang:
(Continue reading)

Yaakov (Cygwin Ports | 11 Aug 20:38 2008
Picon
Picon

Updated: gvim-7.2-1


The following packages have been updated in the Cygwin net release:

*** gvim-7.2-1

This is an update to the vim GTK+2 GUI.  It requires a simultaneous
update to vim-7.2.* for the runtime files.

Yaakov

DOWNLOAD:
=========
Note that downloads from sources.redhat.com (aka cygwin.com) aren't
allowed due to bandwidth limitations.  This means that you will need to
find a mirror which has this update, please choose the one nearest to
you: http://cygwin.com/mirrors.html

QUESTIONS:
==========
If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

CYGWIN-ANNOUNCE UNSUBSCRIBE INFO:
=================================
To unsubscribe to the cygwin-announce mailing list, look at the
"List-Unsubscribe: " tag in the email header of this message.  Send
email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-YOU=YOURDOMAIN.COM <at> cygwin.com

(Continue reading)


Gmane