* [ANNOUNCEMENT] openssl 1.0.2h-1
@ 2016-05-04 18:02 Yaakov Selkowitz
2016-08-31 12:12 ` Gerrit Haase
0 siblings, 1 reply; 5+ messages in thread
From: Yaakov Selkowitz @ 2016-05-04 18:02 UTC (permalink / raw)
To: cygwin
The following packages have been uploaded to the Cygwin distribution:
* openssl-1.0.2h-1
* openssl-devel-1.0.2h-1
* openssl-perl-1.0.2h-1
* libopenssl100-1.0.2h-1
* mingw64-i686-openssl-1.0.2h-1
* mingw64-x86_64-openssl-1.0.2h-1
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.
This is an update to the latest upstream release, which includes fixes for
CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176:
https://www.openssl.org/news/secadv/20160503.txt
Support for the SSLv2 protocol, which is vulnerable to DROWN, has been
completely removed in this release, while maintaining ABI compatibility
(which was not possible OOTB with 1.0.2g).
--
Yaakov
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ANNOUNCEMENT] openssl 1.0.2h-1
2016-05-04 18:02 [ANNOUNCEMENT] openssl 1.0.2h-1 Yaakov Selkowitz
@ 2016-08-31 12:12 ` Gerrit Haase
2016-08-31 12:18 ` Corinna Vinschen
0 siblings, 1 reply; 5+ messages in thread
From: Gerrit Haase @ 2016-08-31 12:12 UTC (permalink / raw)
To: cygwin
2016-05-04 19:35 GMT+02:00 Yaakov Selkowitz:
>
> The following packages have been uploaded to the Cygwin distribution:
>
> * openssl-1.0.2h-1
> * openssl-devel-1.0.2h-1
> * openssl-perl-1.0.2h-1
> * libopenssl100-1.0.2h-1
> * mingw64-i686-openssl-1.0.2h-1
> * mingw64-x86_64-openssl-1.0.2h-1
>
> ...
Hello Yaakov,
25-Aug-2016: OpenSSL 1.1.0 is now available
https://www.openssl.org/news/newslog.html
:-)
Gerrit
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ANNOUNCEMENT] openssl 1.0.2h-1
2016-08-31 12:12 ` Gerrit Haase
@ 2016-08-31 12:18 ` Corinna Vinschen
2016-08-31 18:30 ` Yaakov Selkowitz
0 siblings, 1 reply; 5+ messages in thread
From: Corinna Vinschen @ 2016-08-31 12:18 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 991 bytes --]
On Aug 31 12:50, Gerrit Haase wrote:
> 2016-05-04 19:35 GMT+02:00 Yaakov Selkowitz:
> >
> > The following packages have been uploaded to the Cygwin distribution:
> >
> > * openssl-1.0.2h-1
> > * openssl-devel-1.0.2h-1
> > * openssl-perl-1.0.2h-1
> > * libopenssl100-1.0.2h-1
> > * mingw64-i686-openssl-1.0.2h-1
> > * mingw64-x86_64-openssl-1.0.2h-1
> >
> > ...
>
>
> Hello Yaakov,
>
> 25-Aug-2016: OpenSSL 1.1.0 is now available
We can't and we won't switch to OpenSSH 1.1.0 unless at least the first
problems are ironed out. There were a lot of partially backward
incompatible changes, one of them results in OpenSSH not working with
OpenSSL 1.1.0 yet.
So, for the time being, we stay with 1.0.2. It will be supported by
upstream for at least another two years, so there's no reason for hurry.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ANNOUNCEMENT] openssl 1.0.2h-1
2016-08-31 12:18 ` Corinna Vinschen
@ 2016-08-31 18:30 ` Yaakov Selkowitz
2016-08-31 18:38 ` Corinna Vinschen
0 siblings, 1 reply; 5+ messages in thread
From: Yaakov Selkowitz @ 2016-08-31 18:30 UTC (permalink / raw)
To: cygwin
On 2016-08-31 06:10, Corinna Vinschen wrote:
> We can't and we won't switch to OpenSSH 1.1.0 unless at least the first
> problems are ironed out. There were a lot of partially backward
> incompatible changes, one of them results in OpenSSH not working with
> OpenSSL 1.1.0 yet.
>
> So, for the time being, we stay with 1.0.2. It will be supported by
> upstream for at least another two years, so there's no reason for hurry.
+1. I suggest we wait until one or more of the major Linux distros has
tackled this first so that patches for the API incompatibilities will
already be available.
--
Yaakov
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ANNOUNCEMENT] openssl 1.0.2h-1
2016-08-31 18:30 ` Yaakov Selkowitz
@ 2016-08-31 18:38 ` Corinna Vinschen
0 siblings, 0 replies; 5+ messages in thread
From: Corinna Vinschen @ 2016-08-31 18:38 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 856 bytes --]
On Aug 31 11:42, Yaakov Selkowitz wrote:
> On 2016-08-31 06:10, Corinna Vinschen wrote:
> > We can't and we won't switch to OpenSSH 1.1.0 unless at least the first
> > problems are ironed out. There were a lot of partially backward
> > incompatible changes, one of them results in OpenSSH not working with
> > OpenSSL 1.1.0 yet.
> >
> > So, for the time being, we stay with 1.0.2. It will be supported by
> > upstream for at least another two years, so there's no reason for hurry.
>
> +1. I suggest we wait until one or more of the major Linux distros has
> tackled this first so that patches for the API incompatibilities will
> already be available.
ACK. Sounds good.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-08-31 17:41 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-04 18:02 [ANNOUNCEMENT] openssl 1.0.2h-1 Yaakov Selkowitz
2016-08-31 12:12 ` Gerrit Haase
2016-08-31 12:18 ` Corinna Vinschen
2016-08-31 18:30 ` Yaakov Selkowitz
2016-08-31 18:38 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).