[ATTN MAINTAINERS] OpenSSL 1.0 dependencies

[ATTN MAINTAINERS] OpenSSL 1.0 dependencies

[Achim Gratz]

We should get rid of dependencies to the obsolete OpensSSL 1.0 library
that is no longer maintained upstream and has several critical bugs.

Current and previous versions of the following packages depend on the
outdated libopenssl100 (a lot of these have many packages depending on
them in turn and/or are orphaned):

c3270
cgit
clamav
ctorrent
email
exim
fossil
glib2.0-openssl
gq
gstreamer1.0-plugins-bad-free
gwenhywfar
hexchat
httperf
httping
kdebase3
krb5-k5tls
krb5-pkinit
lftp
libbotan1.10_1
libclamav7
libdns165
libdns166
libdns169
libesmtp6
libevent2.0_5
libfreerdp1.0
libfreerdp1.2
libfreerdp2_2
libgda5.0_4
libgdal20
libgit2_23
libgit2_24
libgit2_25
libgnomevfs2_0
libisc160
libisc166
libkdecore4
libkdecore5
libKF5KDELibs4Support5
liblrdf2
libmysqlclient18
libmysqld18
libneon27
liboauth0
libopenrawgnome7
libopusfile0
libpoco31
libpoco43
libpoco45
libpoco47
libpoco48
libpoco49
libpoco50
libpoco51
libpoco60
libpodofo0.9.3
libpodofo0.9.4
libpodofo0.9.5
libqca-qt5_2
libqca2
libQt5Core5
libQtNetwork4
libserf1_0
libshout3
libspice-client-glib2.0_8
libspice-server1
libsqlcipher0
libssh4
libssl1.0
libtorrent18
libtorrent19
libwinpr1.1
libwinpr2_2
libxmlsec1-openssl1
libzip5
links
lua-crypto
lynx
mysql
mysql-server
mysql-test
nginx
nmh
odbc-psql
pl
podofo
postfix
pr3287
pure-ftpd
python2-cryptography
python35
qupzilla
remmina
ruby
s3270
sendmail
slrn
snownews
squid
ssmtp
suck
syslog-ng
tcl3270
tnftp
transmission
transmission-gtk
transmission-qt
unbound
uw-imap-imapd
uw-imap-util
w3m
x11vnc
x3270

Previous versions of the following packages depend on libopenssl100:

httpd-mod_http2
httpd-mod_ssl
httpd-tools
libsasl2_3
libssh2_1
net-snmp-libs
net-snmp-utils
nginx-mod_mail
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-ECDSA
perl-Crypt-OpenSSL-Random
ruby-puma

The three Perl distribution packages belong to an older Perl version I
think, so I'd suggest to unceremoniously remove them.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf Blofeld V1.15B11:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies

[Andrew Schulman]

> 
> We should get rid of dependencies to the obsolete OpensSSL 1.0 library
> that is no longer maintained upstream and has several critical bugs.
> 
> Current and previous versions of the following packages depend on the
> outdated libopenssl100 (a lot of these have many packages depending on
> them in turn and/or are orphaned):
...
> lftp
...

Are you sure about lftp? AFAIK it only uses libssl1.1:

$ lftp --version
LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov
...
Libraries used: Expat 2.4.1, idn2 2.3.2, libiconv 1.16, OpenSSL 1.1.1l  24
Aug 2021, Readline 8.1,
zlib 1.2.11

$ ldd /usr/bin/lftp | grep ssl
    cygssl-1.1.dll => /usr/bin/cygssl-1.1.dll (0x4c7bc0000)

Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies

[Achim Gratz]

Andrew Schulman via Cygwin-apps writes:
> Are you sure about lftp? AFAIK it only uses libssl1.1:

It's a false positivie due to a previous version still using
libopenssl100.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies

[Lemures Lemniscati]

On Sat, 23 Oct 2021 19:44:25 +0200, Achim Gratz
> 
> We should get rid of dependencies to the obsolete OpensSSL 1.0 library
> that is no longer maintained upstream and has several critical bugs.
> 
> Current and previous versions of the following packages depend on the
> outdated libopenssl100 (a lot of these have many packages depending on
> them in turn and/or are orphaned):
...
> lua-crypto
...


I've rebuilt lua-crypto-0.3.2 as lua-crypto-0.3.2p4

https://cygwin.com/cgi-bin2/jobs.cgi?id=3509

The cygport file is placed at
  https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1
and its packages are placed at
  https://cygwin-lem.github.io/lua-crypto-cygport/
  https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1_gh-pages/

Should I ITA for lua-crypto?

Regards,

Lem

[ITA] lua-crypto-0.3.2p4

[Lemures Lemniscati]

On Sun, 07 Nov 2021 20:46:25 +0900, Lemures Lemniscati
> On Sat, 23 Oct 2021 19:44:25 +0200, Achim Gratz
> > 
> > We should get rid of dependencies to the obsolete OpensSSL 1.0 library
> > that is no longer maintained upstream and has several critical bugs.
> > 
> > Current and previous versions of the following packages depend on the
> > outdated libopenssl100 (a lot of these have many packages depending on
> > them in turn and/or are orphaned):
> ...
> > lua-crypto
> ...
> 
> 
> I've rebuilt lua-crypto-0.3.2 as lua-crypto-0.3.2p4
> 
> https://cygwin.com/cgi-bin2/jobs.cgi?id=3509
> 
> The cygport file is placed at
>   https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1
> and its packages are placed at
>   https://cygwin-lem.github.io/lua-crypto-cygport/
>   https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1_gh-pages/

Hi, 

ITA for lua-crypto-0.3.2p4, just because of necessity for rebuilding it
with libssl1.0.

Regards,

Lem

Re: [ITA] lua-crypto-0.3.2p4

[Marco Atzeri]

On 07.11.2021 13:07, Lemures Lemniscati via Cygwin-apps wrote:
> On Sun, 07 Nov 2021 20:46:25 +0900, Lemures Lemniscati
>> On Sat, 23 Oct 2021 19:44:25 +0200, Achim Gratz
>>>

> 
> Hi,
> 
> ITA for lua-crypto-0.3.2p4, just because of necessity for rebuilding it
> with libssl1.0.
> 
> Regards,
> 
> Lem
> 

changed to you

Re: [ITA] lua-crypto-0.3.2p4

[Lemures Lemniscati]

On Tue, 9 Nov 2021 19:17:29 +0100, Marco Atzeri via Cygwin-apps
> On 07.11.2021 13:07, Lemures Lemniscati via Cygwin-apps wrote:
> > On Sun, 07 Nov 2021 20:46:25 +0900, Lemures Lemniscati
> >> On Sat, 23 Oct 2021 19:44:25 +0200, Achim Gratz
> >>>
> 
> >
> > Hi,
> >
> > ITA for lua-crypto-0.3.2p4, just because of necessity for rebuilding it
> > with libssl1.0.
> >
> > Regards,
> >
> > Lem
> > 
> changed to you

Thank you, Marco.

Lem