From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna-cygwin@cygwin.com>
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135])
 by sourceware.org (Postfix) with ESMTPS id 39C3F3858401
 for <cygwin-apps@cygwin.com>; Sat,  6 Nov 2021 17:24:24 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 39C3F3858401
Received: from calimero.vinschen.de ([24.134.7.25]) by
 mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis)
 id 1MS43X-1nBkzN3y2N-00TXUH for <cygwin-apps@cygwin.com>; Sat, 06 Nov 2021
 18:24:22 +0100
Received: by calimero.vinschen.de (Postfix, from userid 500)
 id 7D4E3A80D53; Sat,  6 Nov 2021 18:24:22 +0100 (CET)
Date: Sat, 6 Nov 2021 18:24:22 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-apps@cygwin.com
Subject: Re: OpenSSL package updates
Message-ID: <YYa6Ro7/tQNsYuNU@calimero.vinschen.de>
Reply-To: cygwin-apps@cygwin.com
Mail-Followup-To: cygwin-apps@cygwin.com
References: <87mtmyqwbv.fsf@Rainer.invalid>
 <87y261l1i0.fsf@Rainer.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <87y261l1i0.fsf@Rainer.invalid>
X-Provags-ID: V03:K1:CKFJp7bpdQWxxc229+j/JkjZxkteGlMCu6ZD+dcm49rITnqnrvo
 z42GdMAf82dbV+GOc03Iza09Xl+wcUTYVeb+7PsjC1S+up7+yW3xvruLdsxpf0AkpRqGEqH
 WxQ07fdlI0vuhLaAttX5QjhR8tDnxXOmON76c+ozG59i4uD1aLX7X4CJ86TINAoUxdulYpF
 JyPykfsqOZCF4hL+wDOcQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:AQPM9bjsIJ4=:8UpzAzK17klHYiv0X/Dvb7
 ctXGbLNaOyvm9p0AxMhusyGLzz+HYLyMnqXig/1Q4rbOboGLkpbOAbzu74n9aE5nOsxpXxyRI
 ow3r4g0CczSMqTZCiXveA2t6FJ5p3r0CaqIgMo3yWHx4aOxLQk0KHxatnr8kYkfXWTPwRC94M
 lkk/p1+u7p4epC2p3/zzu7m6lEeCfG3548lDhHo0ut/HXj7izATa7hHF/3dfciurK2pmXJ10P
 wdTT3cn+IFJ2LrgIA3y8OrSDaJ0CIJgggCULV0QE7vmoqLlhdEpmBO0yFl5h++zQDVJ0vQZmM
 5aR9Y8icHFiOaNgZ0FdcHtsKuzEmJuHeu3Wrke0E0Y8P0yiEiQ9/SgJIf0lznHjuVADaUjDM4
 OrqANiDGGjENZH/erutQGDNLTqyeAlSNMDuzYVaz10dW54D5eN7TGuXVCaCMNBGY8DtNxW2ys
 oUYDcaaexqZWcWHJX4v5SjqdCEHT8G6Tegk9Qd7gPuHY5SJzsNqqTPGLH7fuO0S4uaBEUF/Sd
 i7Y6DEvwyARUAASSjq5FhHelA/O7+0PIqOTHU6diJzri5MRBHCQcHpYYY++9bWB7tB7VBcIZt
 qnstbOmBgkIsZE/7DgKg8NvxaTdPCEA9HFAJF4jqkPEnUTE5bA1s8zBLQX8tPb+5wXxi85Xju
 8P9wbUVWeM0fSoyQ8mEHbXbQIjjtZz4z1Dd7f3K2KXM1GO6uBs1f/hDlLQfWaYkSlVxiMlHvm
 IgxWAFvJARHWfR61
X-Spam-Status: No, score=-99.3 required=5.0 tests=BAYES_00,
 GOOD_FROM_CORINNA_CYGWIN, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NEUTRAL,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin-apps@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin package maintainer discussion list <cygwin-apps.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Sat, 06 Nov 2021 17:24:26 -0000

On Nov  6 16:58, Achim Gratz wrote:
> Achim Gratz writes:
> > I have updated the recently released Cygwin packages with all upstream
> > patches from Fedora plus the patches for all CVE affecting version 1.0.2
> > since the last official version and changed the cygport files so they
> > build on AppVeyor.  The packages have been pushed to the respective
> > playground branches:
> >
> > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl10.git;a=shortlog;h=refs/heads/playground
> > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl.git;a=shortlog;h=refs/heads/playground
> 
> I've just updated the playground branches with the respective MinGW64
> OpenSSL packages integrated (I needed to drop two patches from Fedora
> for OpernSSL 1.0 because they were using an API not available on
> MinGW64.
> 
> > I have not yet looked at the MingW64 libraries and I will not have time
> > next week to do any further work.  I might do an ITA later on when I
> > have everything completed.  I'd appreciate if someone would take a look
> > and test these builds in the meantime.
> 
> So it turns out that there weren't any OpenSSL 1.1 packages for MinGW64
> existing and so the OpenSSL 1.0 packages are still named *-openssl
> instead of *-openssl10.  I haven't yet tried to build the 1.1 versdion
> for MinGW64, but I'd tend to do the rename first and then clobber the
> *-openssl name for the newer version.  How was that handled for the
> Cygwin packages?

That started with OpenSSL 0.9.5 I think, I'm not sure anymore.  You
should be able to do this in a single step, as long as you craft the
dependencies so that an update of the openssl package pulls in the
openssl10 package with the old lib.  As soon as all dependent distro
packages are updated, you can just drop the dependency and then the old
package entirely.


Corinna