On Sat, Oct 10, 2009 at 12:17 AM, Micah Cowan wrote: > Michael S Gilbert wrote: >> package: wget >> version: 1.12-1 >> severity: important >> tags: security >> >> hi, >> >> wget implements a forked version of libntlm. in order to provide >> timely security support (and to reduce some of the burden on the >> security team), it would be very desirable (if possible) for wget to >> link to the existing libntlm library, rather than implementing its own >> version. thanks. > > This is untrue. Wget's ntlm support was taken from curl, not from libntlm.
it appeared to me to be a fork since essentially the same code is implemented with slightly differing function names. i imagine that this is a consequence of the fact that there is one right way to implement support for the ntlm standard. > Taking advantage of libntlm could be a possible goal, however it > currently lacks support for the most recent version of the protocol, > whereas a user has recently contributed that support to Wget. It is not > present in 1.12 because it hasn't been sufficiently tested (mainly > against the earlier versions of the protocol). > > It'd probably be ideal for that support to find its way into libntlm. At > that time, we'd probably consider using it. For the immediate future, > though, we (upstream) are probably not going to pursue that just yet. thanks for the info and quick response! mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
