From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna-cygwin@cygwin.com>
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24])
 by sourceware.org (Postfix) with ESMTPS id 577EB3858401
 for <cygwin-apps@cygwin.com>; Sat,  6 Nov 2021 21:17:09 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 577EB3858401
Received: from calimero.vinschen.de ([24.134.7.25]) by
 mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis)
 id 1N7zJl-1meXOi3wH5-0151R7 for <cygwin-apps@cygwin.com>; Sat, 06 Nov 2021
 22:17:07 +0100
Received: by calimero.vinschen.de (Postfix, from userid 500)
 id 786C0A80D7E; Sat,  6 Nov 2021 22:17:07 +0100 (CET)
Date: Sat, 6 Nov 2021 22:17:07 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-apps@cygwin.com
Subject: Re: OpenSSL package updates
Message-ID: <YYbw0ysKjsGwqymH@calimero.vinschen.de>
Reply-To: cygwin-apps@cygwin.com
Mail-Followup-To: cygwin-apps@cygwin.com
References: <87mtmyqwbv.fsf@Rainer.invalid> <87y261l1i0.fsf@Rainer.invalid>
 <YYa6Ro7/tQNsYuNU@calimero.vinschen.de>
 <87mtmhkqbn.fsf@Rainer.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <87mtmhkqbn.fsf@Rainer.invalid>
X-Provags-ID: V03:K1:zDwVzJf22gA/QbMYphnEV2tbA+hhBOlmyimXEaDe2erkXEy841Z
 E07wv0JEGlj9tdRKeLIkr+ahdD3M+NSEy6VtQr/eI2D/aaYcdvSjVO+d0Ca6Qlrcwg2qP7c
 yvE5TMxga+uclK+RhVsZv2o8Fom7Rh2of+dqm9gEyiL4tjvBljbTEuOqBDkgY+2+FhU/3PN
 9vOV+MC6kXjHvvYrnah1w==
X-UI-Out-Filterresults: notjunk:1;V03:K0:tcA16nwimTo=:VW5DRLyW6ALHtdxq+LyWmO
 AAnbFxuoLkomTgJLuE/zZIrrkAm7q7P5d6hYjvkXRp141nWqLauDYJJWuvYNcvwTaCPOpnxpx
 AA4/i3kxSDGyjqbqG3wRMU5dPDXMRhGRLmZpT1ZlbwDPpzWQgG6PRYBMGJ1HnFXwlDyfeuWGW
 DB8vZhmHcFAU/BObVZbEH6UdpavsIzEx2C2sf4G2YBx7PMfqGxeJ2LxjH1qmB1y6pD/6oTkxO
 JKpPy1yWuY2ANsSGMJQxnC/jusJ7+IMDL8p4R31Y2yWJnNzj04qphXEt6VN/SZpKrbhMd91KA
 2Q2qNFrsWAcof4knDvt7MZ7y4hHPmb/UHuPCs+Od+gaGbeHKlD4nL9Vl3tFocnIBm2HQlcbhk
 hP62pnYH8iFfiPYdpKcBbygmHBNCBMbQYrkvI9B7SsF+IY3DSdBJGpWaxUstZlcNGXwV8x5MZ
 SfWkABSNylZjRBY5tjVF9l4XWm3TiQ2PoUdBNXDkQklvt9KV7dc6GVr2OLB1TylgzOgiq71Ov
 3M5r6ckkcc+yu145STXvClNnh8q7xYQu0tcc5kekfC5LpycRng2zxo7ctB+1JIuqKCkfl7YgI
 YRgwmSG5W9n7pVSosOuiDa05sl4cQ6+vOkpZ23/9lwl+2SZepahdGPyvlXMjOHeh///wu1v6B
 dbKrKEoehT4MJx2KdVQl/XxGnlUWzdDY6E4w9kfaHMIhxu6xzG6WE8bjoib+kDR4pYj23YgU2
 IbCQOjOD3O1GbKwO
X-Spam-Status: No, score=-99.3 required=5.0 tests=BAYES_00,
 GOOD_FROM_CORINNA_CYGWIN, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS,
 SPF_HELO_NONE, SPF_NEUTRAL,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: cygwin-apps@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin package maintainer discussion list <cygwin-apps.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Sat, 06 Nov 2021 21:17:10 -0000

On Nov  6 20:59, Achim Gratz wrote:
> Corinna Vinschen via Cygwin-apps writes:
> > That started with OpenSSL 0.9.5 I think, I'm not sure anymore.  You
> > should be able to do this in a single step, as long as you craft the
> > dependencies so that an update of the openssl package pulls in the
> > openssl10 package with the old lib.  As soon as all dependent distro
> > packages are updated, you can just drop the dependency and then the old
> > package entirely.
> 
> I was hoping there was a precedent we could use for this.
> 
> The idea would be that the old openssl dependencies are all converted to
> point to mingw64-*-openssl10 instead and the old packages either renamed
> or removed before the (final?) update to mingw64-*-openssl-1.0.2u+za.
> Then drop in mingw64-*-openssl-1.1.1l openssl, which most packages that
> are still actively maintained would probably need anyway during one of
> their next updates.

You create a new mingw-openssl10 package set, or even just a single
package only providing the openssl 1.0 DLLs, i.e. mingw-libopenssl100.

Then you create the mingw-openssl packages with the new 1.1 version.
The mingw-libopenssl110 package gets an extra dependency to
mingw-libopenssl100.  That will work OOTB without having to fix the
dependent package hints.

The old openssl packages providing the previous 1.0 versions should
better get removed, I guess.

In a second step the dependencies in the below packages could be changed
to require the mingw-libopenssl100 package.  At least that would be
better for bookkeeping.  Does that require manual intervention on the
server?  I'm not sure, Jon would know this better.

Corinna


> 
> The packages that are affected:
> 
> mingw64-*-botan
> mingw64-*-curl
> mingw64-*-gnome-vfs
> mingw64-*-gstreamer
> mingw64-*-libevent
> mingw64-*-libgda
> mingw64-*-liboauth
> mingw64-*-libshout
> mingw64-*-libssl2
> mingw64-*-libzip
> mingw64-*-mariadb-connector
> mingw64-*-neon
> mingw64-*-nghttp
> mingw64-*-opusfile
> mingw64-*-postgresql
> mingw64-*-qca
> mingw64-*-qt4
> mingw64-*-qt5-base
> mingw64-*-glib2
> mingw64-*-unbound