From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: [PATCH 0/1] curl: Fix CVE-2016-3739.
Date: Mon, 13 Jun 2016 12:14:14 -0400
Message-ID: <20160613161414.GB14259@jasmine>
References: <cover.1465702340.git.leo@famulari.name> <87inxei119.fsf@gnu.org>
	<20160612210232.GA5479@khazad-dum> <20160613011231.GA13522@jasmine>
	<87eg81cel0.fsf@gnu.org> <20160613154247.GB4065@khazad-dum>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51282)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bCUVR-0000Kn-JB
	for guix-devel@gnu.org; Mon, 13 Jun 2016 12:14:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bCUVM-0005tM-Er
	for guix-devel@gnu.org; Mon, 13 Jun 2016 12:14:28 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:39498)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bCUVL-0005nn-8B
	for guix-devel@gnu.org; Mon, 13 Jun 2016 12:14:24 -0400
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
	by mail.messagingengine.com (Postfix) with ESMTPA id 0DB68CCD2E
	for <guix-devel@gnu.org>; Mon, 13 Jun 2016 12:14:15 -0400 (EDT)
Content-Disposition: inline
In-Reply-To: <20160613154247.GB4065@khazad-dum>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

On Mon, Jun 13, 2016 at 03:42:47PM +0000, ng0 wrote:
> From the way it was done in Gentoo, I assume this is not needed?
> mbedtls is a separate package, and I have libressl as the curlssl provider,
> which is a curl built against libressl.
> 
> If I am wrong, correct me.
> My initial comment was a bit out of place, but I just assume it will
> justwork™ on guix, otherwise a curl-with-mbedtls would have to be
> created.
> 
> Sorry for the confusion.

I think the confusion was mine. Unless Hiawatha requires a curl linked
against mbedTLS, I don't think there will be any problem with
CVE-2016-3739 and Hiawatha.