Hi Everybody

It seems that the Cygwin-X86_64 setup is installing the cygwin32 openssl 
package as show in the below window capture and the find command result. 
Did I miss something?

FrancisANDRE@idefix /usr> find . -name "*ssl.a"
./i686-pc-cygwin/sys-root/usr/lib/libssl.a
./lib/w32api/libw3ssl.a

no libssl.a found in usr/x86_64-pc-cygwin/sys-root/usr/lib/

Regards

FA





Le 14/07/2015 09:39, Corinna Vinschen a écrit :
> Hi folks,
>
>
> I've updated the version of OpenSSL to 1.0.2d-1.  This is a security
> bugfix release.
>
> ------------------------------------------------------------------------
>
> OpenSSL Security Advisory [9 Jul 2015]
> =======================================
>
> Alternative chains certificate forgery (CVE-2015-1793)
> ======================================================
>
> Severity: High
>
> During certificate verification, OpenSSL (starting from version 1.0.1n
> and
> 1.0.2b) will attempt to find an alternative certificate chain if the
> first
> attempt to build such a chain fails. An error in the implementation of
> this
> logic can mean that an attacker could cause certain checks on untrusted
> certificates to be bypassed, such as the CA flag, enabling them to use
> a valid
> leaf certificate to act as a CA and "issue" an invalid certificate.
>
> This issue will impact any application that verifies certificates
> including
> SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
> authentication.
>
> This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
>
> OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
> OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
>
> This issue was reported to OpenSSL on 24th June 2015 by Adam
> Langley/David
> Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL
> project.
>
> Note
> ====
>
> As per our previous announcements and our Release Strategy
> (https://www.openssl.org/about/releasestrat.html), support for OpenSSL
> versions
> 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates
> for these
> releases will be provided after that date. Users of these releases are
> advised
> to upgrade.
>
> References
> ==========
>
> URL for this Security Advisory:
> https://www.openssl.org/news/secadv_20150709.txt
>
> Note: the online version of the advisory may be updated with additional
> details over time.
>
> For details of OpenSSL severity classifications please see:
> https://www.openssl.org/about/secpolicy.html
>
> ------------------------------------------------------------------------
>
>
> Peace,
> Corinna
>





Le 14/07/2015 09:39, Corinna Vinschen a écrit :
> Hi folks,
>
>
> I've updated the version of OpenSSL to 1.0.2d-1.  This is a security
> bugfix release.
>
> ------------------------------------------------------------------------
>
> OpenSSL Security Advisory [9 Jul 2015]
> =======================================
>
> Alternative chains certificate forgery (CVE-2015-1793)
> ======================================================
>
> Severity: High
>
> During certificate verification, OpenSSL (starting from version 1.0.1n
> and
> 1.0.2b) will attempt to find an alternative certificate chain if the
> first
> attempt to build such a chain fails. An error in the implementation of
> this
> logic can mean that an attacker could cause certain checks on untrusted
> certificates to be bypassed, such as the CA flag, enabling them to use
> a valid
> leaf certificate to act as a CA and "issue" an invalid certificate.
>
> This issue will impact any application that verifies certificates
> including
> SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
> authentication.
>
> This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
>
> OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
> OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
>
> This issue was reported to OpenSSL on 24th June 2015 by Adam
> Langley/David
> Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL
> project.
>
> Note
> ====
>
> As per our previous announcements and our Release Strategy
> (https://www.openssl.org/about/releasestrat.html), support for OpenSSL
> versions
> 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates
> for these
> releases will be provided after that date. Users of these releases are
> advised
> to upgrade.
>
> References
> ==========
>
> URL for this Security Advisory:
> https://www.openssl.org/news/secadv_20150709.txt
>
> Note: the online version of the advisory may be updated with additional
> details over time.
>
> For details of OpenSSL severity classifications please see:
> https://www.openssl.org/about/secpolicy.html
>
> ------------------------------------------------------------------------
>
>
> Peace,
> Corinna
>



This email has been protected by YAC (Yet Another Cleaner) http://www.yac.mx