[ANNOUNCEMENT] WindowMaker 0.95.8-1
The following packages have been uploaded to the Cygwin distribution: * WindowMaker-0.95.8-1 * libwraster6-0.95.8-1 * libwraster-devel-0.95.8-1 * libWMaker1-0.95.8-1 * libWMaker-devel-0.95.8-1 * libWINGs3-0.95.8-1 * libWINGs-devel-0.95.8-1 Window Maker is an X11 window manager originally designed to provide integration support for the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP user interface. It is fast, feature rich, easy to configure, and easy to use. This is an update to the latest upstream release, and includes an improved default root menu configuration. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
WindowMaker 0.95.8-1
The following packages have been uploaded to the Cygwin distribution: * WindowMaker-0.95.8-1 * libwraster6-0.95.8-1 * libwraster-devel-0.95.8-1 * libWMaker1-0.95.8-1 * libWMaker-devel-0.95.8-1 * libWINGs3-0.95.8-1 * libWINGs-devel-0.95.8-1 Window Maker is an X11 window manager originally designed to provide integration support for the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP user interface. It is fast, feature rich, easy to configure, and easy to use. This is an update to the latest upstream release, and includes an improved default root menu configuration. -- Yaakov
[ANNOUNCEMENT] dmtx-utils 0.7.4-3
The following packages have been uploaded to the Cygwin distribution: * dmtx-utils-0.7.4-3 libdmtx is a software library that enables programs to read and write Data Matrix barcodes of the modern ECC200 variety. This package provides command line utilities that allow scripts to use libdmtx functionality. This release was rebuilt for ImageMagick-6.9.9. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] psiconv 0.9.9-1
The following packages have been uploaded to the Cygwin distribution: * psiconv-0.9.9-1 * psiconv-doc-0.9.9-1 * libpsiconv6-0.9.9-1 * libpsiconv-devel-0.9.9-1 This package is meant to make the Psion 5 series of PDAs, as well as other small computers running EPOC 32, more usable to non-Windows users. This is an update to the latest (and perhaps final) upstream release, and built with ImageMagick 6.9.9. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
psiconv 0.9.9-1
The following packages have been uploaded to the Cygwin distribution: * psiconv-0.9.9-1 * psiconv-doc-0.9.9-1 * libpsiconv6-0.9.9-1 * libpsiconv-devel-0.9.9-1 This package is meant to make the Psion 5 series of PDAs, as well as other small computers running EPOC 32, more usable to non-Windows users. This is an update to the latest (and perhaps final) upstream release, and built with ImageMagick 6.9.9. -- Yaakov
dmtx-utils 0.7.4-3
The following packages have been uploaded to the Cygwin distribution: * dmtx-utils-0.7.4-3 libdmtx is a software library that enables programs to read and write Data Matrix barcodes of the modern ECC200 variety. This package provides command line utilities that allow scripts to use libdmtx functionality. This release was rebuilt for ImageMagick-6.9.9. -- Yaakov
Re: EXTERNAL: Re: Requesting updated unzip for Zip64 Support
On 11/10/2017 10:04 AM, Brian Inglis wrote: On 2017-11-09 23:25, OwN-3m-All wrote: Any chance unzip can be updated to support Zip64? http://www.paehl.com/open_source/downloads/unzip.7z http://www.paehl.com/open_source/?ZIP_UNZIP Current zip has supported Zip64 since 2008 and unzip since 2009. $ zip -v; unzip -v should both show ZIP64_SUPPORT. as it does on my cygwin install, uname -a: CYGWIN_NT-10.0 rwells-x240 2.9.0(0.318/5/3) 2017-09-12 10:18 x86_64 Cygwin zip -v . . Zip special compilation options: USE_EF_UT_TIME (store Universal Time) BZIP2_SUPPORT (bzip2 library version 1.0.6, 6-Sept-2010) bzip2 code and library copyright (c) Julian R Seward (See the bzip2 license for terms of use) SYMLINK_SUPPORT (symbolic links supported) LARGE_FILE_SUPPORT (can read and write large files on file system) ZIP64_SUPPORT (use Zip64 to store large files in archives) UNICODE_SUPPORT (store and read UTF-8 Unicode paths) STORE_UNIX_UIDs_GIDs (store UID/GID sizes/values using new extra field) UIDGID_NOT_16BIT (old Unix 16-bit UID/GID extra field not used) [encryption, version 2.91 of 05 Jan 2007] (modified for Zip 3) unzip -v . . UnZip special compilation options: COPYRIGHT_CLEAN (PKZIP 0.9x unreducing method not supported) SET_DIR_ATTRIB SYMLINKS (symbolic links supported, if RTL and file system permit) TIMESTAMP UNIXBACKUP USE_EF_UT_TIME USE_UNSHRINK (PKZIP/Zip 1.x unshrinking method supported) USE_DEFLATE64 (PKZIP 4.x Deflate64(tm) supported) UNICODE_SUPPORT [wide-chars, char coding: UTF-8] (handle UTF-8 paths) MBCS-support (multibyte character support, MB_CUR_MAX = 6) LARGE_FILE_SUPPORT (large files over 2 GiB supported) ZIP64_SUPPORT (archives using Zip64 for large files supported) USE_BZIP2 (PKZIP 4.6+, using bzip2 lib version 1.0.6, 6-Sept-2010) VMS_TEXT_CONV [decryption, version 2.11 of 05 Jan 2007] -- Roger Wells, P.E. leidos 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.we...@leidos.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Requesting updated unzip for Zip64 Support
Strange, for some reason the current version would fail on some very large archives (8GB+), but the version I linked worked fine in these cases too. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Requesting updated unzip for Zip64 Support
On 2017-11-09 23:25, OwN-3m-All wrote: > Any chance unzip can be updated to support Zip64? > http://www.paehl.com/open_source/downloads/unzip.7z > http://www.paehl.com/open_source/?ZIP_UNZIP Current zip has supported Zip64 since 2008 and unzip since 2009. $ zip -v; unzip -v should both show ZIP64_SUPPORT. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[PATCH setup 5/5] Limit the number of packages shown in the IDD_DOWNLOAD_ERROR listbox
---
download.cc | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/download.cc b/download.cc
index b059bf5..6e6d6e8 100644
--- a/download.cc
+++ b/download.cc
@@ -188,6 +188,7 @@ download_one (packagesource & pkgsource, HWND owner)
static std::vector download_failures;
static std::string download_warn_pkgs;
+static const int max_pkgs = 20;
static INT_PTR CALLBACK
download_error_proc (HWND h, UINT message, WPARAM wParam, LPARAM lParam)
@@ -224,12 +225,19 @@ query_download_errors (HINSTANCE h, HWND owner)
{
download_warn_pkgs = "";
Log (LOG_PLAIN) << "The following package(s) had download errors:" << endLog;
+ int count = 0;
for (std::vector ::const_iterator i =
download_failures.begin (); i != download_failures.end (); i++)
{
packageversion pv = *i;
std::string pvs = pv.Name () + "-" + pv.Canonical_version ();
Log (LOG_PLAIN) << " " << pvs << endLog;
- download_warn_pkgs += pvs + "\r\n";
+ if (count < max_pkgs)
+ download_warn_pkgs += pvs + "\r\n";
+ else if (count == max_pkgs)
+ download_warn_pkgs += "...and "
+ + std::to_string (download_failures.size () - max_pkgs)
+ + " more.";
+ count++;
}
return DialogBox (h, MAKEINTRESOURCE (IDD_DOWNLOAD_ERROR), owner,
download_error_proc);
--
2.15.0
[PATCH setup 2/5] Fix off-by-one error in download retry report
'retries' was decremented after it was tested but before it was
reported in the log, so the reported number was always 1 too low.
---
download.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/download.cc b/download.cc
index f6aa6fc..a430f7f 100644
--- a/download.cc
+++ b/download.cc
@@ -245,8 +245,8 @@ do_download_thread (HINSTANCE h, HWND owner)
if (errors)
{
// In unattended mode we retry the download, but not forever.
- static int retries = 4;
- if (unattended_mode && retries-- <= 0)
+ static int retries = 5;
+ if (unattended_mode && --retries <= 0)
{
Log (LOG_PLAIN) << "download error in unattended_mode: out of
retries" << endLog;
Logger ().setExitMsg (IDS_INSTALL_INCOMPLETE);
--
2.15.0
[PATCH setup 4/5] Query user after download error in interactive mode
Instead of just giving the user a "Try again?" Yes/No choice that goes
to IDD_SITE on Yes, create a dialog IDD_DOWNLOAD_ERROR with the
following choices: 'Retry' (retry the download), 'Back' (return to
IDD_CHOOSE), 'Continue' (ignore the errors), or 'Cancel' (exit).
The dialog lists the packages that had download errors so that the
user can make an informed choice.
Users who liked the old behavior (IDD_SITE) can select Back twice.
---
download.cc | 76 +
res.rc | 22 ++
resource.h | 2 ++
3 files changed, 95 insertions(+), 5 deletions(-)
diff --git a/download.cc b/download.cc
index 841f680..b059bf5 100644
--- a/download.cc
+++ b/download.cc
@@ -25,6 +25,7 @@
#include
#include
#include
+#include
#include "resource.h"
#include "msg.h"
@@ -182,16 +183,65 @@ download_one (packagesource & pkgsource, HWND owner)
}
if (success)
return 0;
- /* FIXME: Do we want to note this? if so how? */
return 1;
}
+static std::vector download_failures;
+static std::string download_warn_pkgs;
+
+static INT_PTR CALLBACK
+download_error_proc (HWND h, UINT message, WPARAM wParam, LPARAM lParam)
+{
+ switch (message)
+{
+case WM_INITDIALOG:
+ eset (h, IDC_DOWNLOAD_EDIT, download_warn_pkgs);
+ SetFocus (GetDlgItem(h, IDRETRY));
+ return FALSE;
+
+case WM_COMMAND:
+ switch (LOWORD (wParam))
+ {
+ case IDRETRY:
+ case IDC_BACK:
+ case IDIGNORE:
+ case IDABORT:
+ EndDialog (h, LOWORD (wParam));
+ default:
+ // Not reached.
+ return 0;
+ }
+
+default:
+ // Not handled.
+ return FALSE;
+}
+ return TRUE;
+}
+
+static int
+query_download_errors (HINSTANCE h, HWND owner)
+{
+ download_warn_pkgs = "";
+ Log (LOG_PLAIN) << "The following package(s) had download errors:" << endLog;
+ for (std::vector ::const_iterator i =
download_failures.begin (); i != download_failures.end (); i++)
+{
+ packageversion pv = *i;
+ std::string pvs = pv.Name () + "-" + pv.Canonical_version ();
+ Log (LOG_PLAIN) << " " << pvs << endLog;
+ download_warn_pkgs += pvs + "\r\n";
+}
+ return DialogBox (h, MAKEINTRESOURCE (IDD_DOWNLOAD_ERROR), owner,
+ download_error_proc);
+}
+
static int
do_download_thread (HINSTANCE h, HWND owner)
{
int errors = 0;
total_download_bytes = 0;
total_download_bytes_sofar = 0;
+ download_failures.clear ();
Progress.SetText1 ("Checking for packages to download...");
Progress.SetText2 ("");
@@ -235,6 +285,8 @@ do_download_thread (HINSTANCE h, HWND owner)
int e = 0;
e += download_one (*version.source(), owner);
errors += e;
+ if (e)
+ download_failures.push_back (version);
#if 0
if (e)
pkg->action = ACTION_ERROR;
@@ -246,21 +298,35 @@ do_download_thread (HINSTANCE h, HWND owner)
{
// In unattended mode we retry the download, but not forever.
static int retries = 5;
+ int rc;
if (unattended_mode && --retries <= 0)
{
Log (LOG_PLAIN) << "download error in unattended_mode: out of
retries" << endLog;
- Logger ().setExitMsg (IDS_INSTALL_INCOMPLETE);
- Logger ().exit (1);
+ rc = IDABORT;
}
else if (unattended_mode)
{
Log (LOG_PLAIN) << "download error in unattended_mode: " << retries
<< (retries > 1 ? " retries" : " retry") << " remaining." << endLog;
+ rc = IDRETRY;
+ }
+ else
+ rc = query_download_errors (h, owner);
+ switch (rc)
+ {
+ case IDRETRY:
Progress.SetActivateTask (WM_APP_START_DOWNLOAD);
return IDD_INSTATUS;
+ case IDC_BACK:
+ return IDD_CHOOSE;
+ case IDABORT:
+ Logger ().setExitMsg (IDS_DOWNLOAD_INCOMPLETE_EXIT);
+ Logger ().exit (1);
+ case IDIGNORE:
+ break;
+ default:
+ break;
}
- else if (yesno (owner, IDS_DOWNLOAD_INCOMPLETE) == IDYES)
- return IDD_SITE;
}
if (source == IDC_SOURCE_DOWNLOAD)
diff --git a/res.rc b/res.rc
index d1f0871..62fbe40 100644
--- a/res.rc
+++ b/res.rc
@@ -416,6 +416,28 @@ BEGIN
END
+IDD_DOWNLOAD_ERROR DIALOG DISCARDABLE 0, 0, SETUP_STANDARD_DIALOG_DIMS
+STYLE DS_MODALFRAME | DS_CENTER | WS_POPUP | WS_CAPTION
+CAPTION "Download Incomplete"
+FONT 8, "MS Shell Dlg"
+BEGIN
+ICONIDI_WARNING,IDC_HEADICON,10,10
+LTEXT "The following package(s) had download errors:",
+IDC_STATIC,7,8,320,16
+EDITTEXTIDC_DOWNLOAD_EDIT,7,24,320,88,WS_VSCROLL |
+ES_LEFT | ES_MULTILINE | ES_READONLY |
+ES_AUTOVSCROLL
+LTEXT "Select 'Retry' to retry the download, "
+"'Back' to return to the package selection page, "
+"'Continue' to
[PATCH setup 3/5] Remove "Try again?" from exit message.
---
download.cc | 2 +-
res.rc | 1 +
resource.h | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/download.cc b/download.cc
index a430f7f..841f680 100644
--- a/download.cc
+++ b/download.cc
@@ -266,7 +266,7 @@ do_download_thread (HINSTANCE h, HWND owner)
if (source == IDC_SOURCE_DOWNLOAD)
{
if (errors)
- Logger ().setExitMsg (IDS_DOWNLOAD_INCOMPLETE);
+ Logger ().setExitMsg (IDS_DOWNLOAD_INCOMPLETE_EXIT);
else if (!unattended_mode)
Logger ().setExitMsg (IDS_DOWNLOAD_COMPLETE);
return IDD_DESKTOP;
diff --git a/res.rc b/res.rc
index 76a871f..d1f0871 100644
--- a/res.rc
+++ b/res.rc
@@ -526,6 +526,7 @@ BEGIN
IDS_ERR_CHDIR "Could not change dir to %s: %s [%.8x]"
IDS_OLD_SETUP_VERSION "This setup is version %s, but setup.ini claims
version %s is available.\nYou might want to upgrade to get the latest features
and bug fixes."
IDS_DOWNLOAD_INCOMPLETE "Download Incomplete. Try again?"
+IDS_DOWNLOAD_INCOMPLETE_EXIT "Download incomplete. Check %s for details"
IDS_INSTALL_ERROR "Installation error (%s), Continue with other
packages?"
IDS_INSTALL_INCOMPLETE "Installation incomplete. Check %s for details"
IDS_CORRUPT_PACKAGE "Package file %s has a corrupt local copy, please
remove and retry."
diff --git a/resource.h b/resource.h
index 172b2c8..98a4a0f 100644
--- a/resource.h
+++ b/resource.h
@@ -40,6 +40,7 @@
#define IDS_ELEVATED 139
#define IDS_INSTALLEDB_VERSION140
#define IDS_TRUSTSYNC_TOOLTIP 141
+#define IDS_DOWNLOAD_INCOMPLETE_EXIT 142
// Dialogs
--
2.15.0
[PATCH setup 1/5] Just retry download after error in unattended mode
After a download error, setup was going back to IDD_SITE. This is
pointless in unattended mode, since no changes in the mirrors or
packages can be made.
Change misleading comment about retries in unattended mode; the Yes/No
dialog is not used in that case.
---
download.cc | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/download.cc b/download.cc
index e561c24..f6aa6fc 100644
--- a/download.cc
+++ b/download.cc
@@ -244,11 +244,7 @@ do_download_thread (HINSTANCE h, HWND owner)
if (errors)
{
- /* In unattended mode, all dialog boxes automatically get
- answered with a Yes/OK/other positive response. This
-means that if there's a download problem, setup will
-potentially retry forever if we don't take care to give
-up at some finite point. */
+ // In unattended mode we retry the download, but not forever.
static int retries = 4;
if (unattended_mode && retries-- <= 0)
{
@@ -260,7 +256,8 @@ do_download_thread (HINSTANCE h, HWND owner)
{
Log (LOG_PLAIN) << "download error in unattended_mode: " << retries
<< (retries > 1 ? " retries" : " retry") << " remaining." << endLog;
- return IDD_SITE;
+ Progress.SetActivateTask (WM_APP_START_DOWNLOAD);
+ return IDD_INSTATUS;
}
else if (yesno (owner, IDS_DOWNLOAD_INCOMPLETE) == IDYES)
return IDD_SITE;
--
2.15.0
[PATCH setup 0/5] Improve behavior after download error, v2
Currently setup goes back to the mirror selection page after a download error if the user answers "Yes" to "Download incomplete. Try again?". The same happens in unattended mode until the retries have been exhausted. And if the user answers "No", then installation continues, even though this can damage the user's installation. For example, if a package is selected for reinstall but cannot be downloaded, it will be uninstalled. This series of patches changes the behavior as follows: - In unattended mode, simply retry the download. - In interactive mode, pop up a dialog showing which packages had download errors and giving the user the following options: - Retry (retries download) - Back (return to the package selection page) - Continue, with a warning - Cancel (exit) Ken Brown (5): Just retry download after error in unattended mode Fix off-by-one error in download retry report Remove "Try again?" from exit message. Query user after download error in interactive mode Limit the number of packages shown in the IDD_DOWNLOAD_ERROR listbox download.cc | 99 - res.rc | 23 ++ resource.h | 3 ++ 3 files changed, 111 insertions(+), 14 deletions(-) -- 2.15.0
Re: [PATCH setup 0/2] Improve behavior after download error
On 11/9/2017 11:42 AM, Ken Brown wrote: On 11/9/2017 8:21 AM, Jon Turney wrote: On 08/11/2017 18:52, Brian Inglis wrote: On 2017-11-08 07:35, Ken Brown wrote: On 11/7/2017 1:56 PM, Jon Turney wrote: On 07/11/2017 04:28, Brian Inglis wrote: On 2017-11-06 14:49, Ken Brown wrote: This is a followup to https://sourceware.org/ml/cygwin-apps/2017-11/msg3.html. The focus of that thread was a crash that occurs on the topic/libsolv branch. Here I'm more interested in a UI issue. Namely, I don't think it's reasonable that setup goes back to the site page if the user clicks Yes in response to "Download Incomplete. Try again?". This is not what the message says will happen, and I'm not convinced that it even works right if the user changes mirrors after being sent to the site page. Would it make more sense to drop to the package chooser page, after issuing the error message and advising the user to: select Back to go to the package chooser page, select Next to retry the downloads, or select Cancel to exit? Do we actually report the package name for the failed download so that the user could make an informed change in the package chooser? No. Currently the only way for the user to find out is to finish the setup run and then look at the log. There's been a FIXME about this at the end of download.cc:download_one() since 2001. Maybe it's time to fix this. We could simply keep a list of packages (or files?) for which the download failed, and then report this in the "Download incomplete" dialog. Note that in the pathological case of a mirror which only has a setup.ini, the list of failed packages could be very large. I guess we should limit the number of failed packages that we report. I'm about to send a patch series that implements Brian's suggestion and adds a (limited) list of failed packages. Jon, these patches are to be applied to the libsolv branch, on top of your recent series of 5 patches. Ken
Updated: openssl-1.0.2m-1
Hi folks, I've updated the version of OpenSSL to 1.0.2m-1. This is a security bugfix release. OpenSSL Security Advisory [02 Nov 2017] bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) == Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Note: This issue is very similar to CVE-2017-3732 and CVE-2015-3193 but must be treated as a separate problem. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Severity: Low This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m Note Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
[ANNOUNCEMENT] Updated: openssl-1.0.2m-1
Hi folks, I've updated the version of OpenSSL to 1.0.2m-1. This is a security bugfix release. OpenSSL Security Advisory [02 Nov 2017] bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) == Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Note: This issue is very similar to CVE-2017-3732 and CVE-2015-3193 but must be treated as a separate problem. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Severity: Low This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m Note Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
