The following packages have been uploaded to the Cygwin distribution: ca-certificates-2022.2.54-3 ca-certificates-letsencrypt-2022.2.54-3 This re-release fixes an upstream and a packaging bug that arises because p11kit makes certain directories unwritable after population. This becomes noticeable only when the user invoking those scripts is not an administrator (or more specifically on Windows doesn't have SeBackupPrivilege and SeRestorePrivilege). Please note that the fix temporarily needs to make the directory writable, which will again fail if the user attempting to do that has insufficient rights for this operation. Mozilla's CA root certificates for use with OpenSSL, NSS, GnuTLS, and other software that handles certificate verification. This is an update to the latest upstream release. This update contains the ca-certificates-letsencrypt package, whose installation will make the ISRG R3 intermediate CA a trust anchor and removes trust for the already expired DST X3 root CA (this should strictly not be necessary, but works around bugs present in some libraries in how alternate chains are constructed and verified). This will allow to successfully verify certificates using the Letsencrypt legacy cert chain in certain applications. Install this package when you currently have trouble accessing sites (due to validation complaining about an expired certificate) that had no problems until about September 30 or October 1 2021 depending on your timezone. The release numbering scheme has been aligned with Fedora. -- *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com If you need more information on unsubscribing, start reading here: http://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL.
Greetings, Achim Gratz! > The following packages have been uploaded to the Cygwin distribution: > ca-certificates-2022.2.54-3 > ca-certificates-letsencrypt-2022.2.54-3 The `/etc/pki/ca-trust/extracted/pem/directory-hash` directory does not exist and is not created during package installation. Re-running postinstall script still fails, but this time due to pre-existing links. # ./ca-certificates.sh chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': Bad address /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': Bad address chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory # ls -ld /etc/pki/ca-trust/extracted/pem/directory-hash ls: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory # mkdir /etc/pki/ca-trust/extracted/pem/directory-hash # ./ca-certificates.sh # ./ca-certificates.sh /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': File exists /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': File exists -- With best regards, Andrey Repin Wednesday, September 7, 2022 22:56:27 Sorry for my terrible english...
Andrey Repin writes: > Re-running postinstall script still fails, but this time due to pre-existing > links. > > # ./ca-certificates.sh > chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory > /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-certificates.crt': Bad address > /usr/bin/ln: failed to create symbolic link '/etc/pki/ca-trust/extracted/pem/directory-hash/ca-bundle.crt': Bad address > chmod: cannot access '/etc/pki/ca-trust/extracted/pem/directory-hash': No such file or directory […] These messages seem to come from update-ca-trust, which means your p11-kit isn't working the way it should. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
Achim: Hi. Whatever you did worked just fine. Now all PCs are updated just fine. Thanks. Lester
Lester Ingber via Cygwin writes: > Hi. Whatever you did worked just fine. Now all PCs are updated just > fine. Thanks for the confirmation. Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ DIY Stuff: http://Synth.Stromeko.net/DIY.html
Greetings, Achim Gratz! I've had a strange behavior on my work laptop. After recent spin of troubles with ca-certificates package I've had an issue where update-ca-trust was not generating any certificates in /etc/ssl/certs. Turned out, I've had to reinstall p11-kit/p11-trust to get the system in working order. > The following packages have been uploaded to the Cygwin distribution: > ca-certificates-2022.2.54-3 > ca-certificates-letsencrypt-2022.2.54-3 -- With best regards, Andrey Repin Tuesday, September 13, 2022 15:47:17 Sorry for my terrible english...