From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137]) by sourceware.org (Postfix) with ESMTPS id E8A713857C4F for ; Sun, 30 May 2021 16:17:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E8A713857C4F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([68.147.0.90]) by shaw.ca with ESMTP id nO8Sl7ktC7YjPnO8Tlyuzb; Sun, 30 May 2021 10:17:57 -0600 X-Authority-Analysis: v=2.4 cv=fPVaYbWe c=1 sm=1 tr=0 ts=60b3bab5 a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17 a=IkcTkHD0fZMA:10 a=Ntg_Zx-WAAAA:8 a=94nOnFI1EgyDtX4ev68A:9 a=QEXdDO2ut3YA:10 a=RUfouJl5KNV7104ufCm4:22 From: Brian Inglis Subject: Re: openssl needs updated Reply-To: cygwin-apps@cygwin.com To: cygwin-apps@cygwin.com References: <6da35f2f-4d40-58e4-7075-1a867ddbb6e1@SystematicSw.ab.ca> <87fsy4lk7f.fsf@Rainer.invalid> Organization: Systematic Software Message-ID: Date: Sun, 30 May 2021 10:17:56 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <87fsy4lk7f.fsf@Rainer.invalid> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfP/UjhfL5kndRhB7kWP0nU59h2nM6KZ1K/J8+4IiB5yqZTDzVaa/PrEnjL6/4+0zRqzKkeqJrJLtjF6p9UjF5X3sY2xlQJ12xcf3xKNOUWMqmJ9d9eJl CkclarwQ9yGH8dRJwRVBz4u2U+zqpiBarTR8u596OTPO8v8dT0jQ8LmUUhboi4BvRs+tEDHNLkW4COAyGlyt86Y/Y2H6P2RhFOQ= X-Spam-Status: No, score=-3488.2 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 May 2021 16:18:00 -0000 On 2021-05-30 02:06, Achim Gratz wrote: > Brian Inglis writes: >> On 2021-05-28 11:13, Brian Inglis wrote: >>> openssl/libssl has not been updated since 1.1.f two years ago >>> and now has four high sev CVEs outstanding in upstream 1.1.1k: >>> two last year, two this year. >>> If maintainer is short of time, I may be able to co-maintain? > If you really want co-maint and not just take over I'd suggest you > refrain from purely stylistic changes like these: > src_compile() { > - cd ${S} > + cd $S > lndirs Those are from my own local builds I keep more up to date than releases. I manually switch from release or local tars to check builds. > I'd like to see the existing MingW64 packages moving to *-openssl10 > (and getting updated to the latest version as well), then updating > *-openssl to the 1.1 branch. OpenSSL 1.0.2u was EoL and unsupported end of 2019: https://www.openssl.org/blog/blog/2019/11/07/3.0-update/ Cygwin current is 1.0.2t so close but mingw is 1.0.2o 3 years ago. OpenSSL 3 came out a year ago and is still in alpha # 17. I haven't even looked at mingw packages because they are so outdated. I am afraid to find out why they have not been updated to 1.1.1! ;^> -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]