Version 2.2-1 of "tmux" has been uploaded
tmux is a terminal multiplexer, similar to GNU screen. It enables a number of terminals (or windows) to be accessed and controlled from a single terminal like GNU screen. tmux runs as a server-client system. Moreover tmux provides a consistent and well-documented command interface, with the same syntax whether used interactively, as a key binding, or from the shell. It offers a choice of vim or Emacs key layouts. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com cygwin.com If you need more information on unsubscribing, start reading here: http://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL.
httpd 2.4.20-1
The following packages have been uploaded to the Cygwin distribution: * httpd-2.4.20-1 * httpd-devel-2.4.20-1 * httpd-manual-2.4.20-1 * httpd-tools-2.4.20-1 * httpd-mod_http2-2.4.20-1 * httpd-mod_ldap-2.4.20-1 * httpd-mod_lua-2.4.20-1 * httpd-mod_proxy_html-2.4.20-1 * httpd-mod_ssl-2.4.20-1 The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. This is an update to the latest upstream release: http://www.apache.org/dist/httpd/CHANGES_2.4.20 -- Yaakov
Updated: plotutils-2.6-5
New versions of font-tektronix-misc libplot-devel libplot2 libplotter-devel libplotter2 libxmi-devel libxmi0 plotutils are available in the Cygwin distribution. CYGWIN CHANGES rebuild for postinstall fonts update DESCRIPTION The GNU plotutils package contains software for both programmers and technical users. Its centerpiece is libplot, a powerful C/C++ function library for exporting 2-D vector graphics in many file formats, both vector and raster. It can also do vector graphics animations. libplot is device-independent in the sense that its API (application programming interface) does not depend on the type of graphics file to be exported. Besides libplot, the package contains command-line programs for plotting scientific data. Many of them use libplot to export graphics. HOMEPAGE http://www.gnu.org/software/plotutils/ Marco Atzeri -- If you have questions or comments, please send them to the cygwin mailing list at: cygwin (at) cygwin (dot) com .
imlib2 1.4.8-1
The following packages have been uploaded to the Cygwin distribution: * imlib2-1.4.8-1 * libImlib2_1-1.4.8-1 * libImlib2-devel-1.4.8-1 This is the Imlib 2 library - a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing speed. This is an update to the latest upstream release, along with fixes for CVE-2011-5326 and CVE-2016-3994: https://bugzilla.redhat.com/show_bug.cgi?id=1323060 https://bugzilla.redhat.com/show_bug.cgi?id=1323080 -- Yaakov
CVE-2016-3067: network privilege escalation in Cygwin set(e)uid
In versions of Cygwin prior to 2.5.0, a process which switched user contexts on a system where neither the Cygwin LSA module was enabled, nor the user password stored thereon with 'passwd -R', would retain the network credentials of the original user context even after switching. In the case of system services, such as a user which logged into a Cygwin SSHD or a command run from a cronjob, this would allow access to networks shares to which the system service account (normally 'cyg_server', which is in the Administrators group) has access but to which the user would otherwise be denied. This issue was reported[1][2] by David Willis on 2016-Feb-08 and a fix committed[3] to the upstream repository by Corinna Vinschen on 2016-Feb-18. The fix was first included in the 2.5.0-0.4 test release on the same day[4] and in the 2.5.0-1 stable release which shipped[5] on 2016-Apr-11. Red Hat Product Security has assigned CVE-2016-3067 for this issue. [1] https://cygwin.com/ml/cygwin/2016-02/msg00101.html [2] https://cygwin.com/ml/cygwin/2016-02/msg00129.html and thread [3] https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044 [4] https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html [5] https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html -- Yaakov
Updated: gzip-1.7-2
A new release of gzip, 1.7-2, has been uploaded and will soon reach a mirror near you; leaving the previous version at 1.7-1. NEWS: = This is a bug fix build for the recently-reported upstream 'gzip -l' regression. For more details on the upstream changes, see the documentation in /usr/share/doc/gzip/. DESCRIPTION: GNU Gzip is a popular data compression program originally written by Jean-loup Gailly for the GNU project. Mark Adler wrote the decompression part. It was developed as a replacement for compress because of Unisys and IBM patents covering the LZW algorithm at the time. The superior compression ratio of gzip is just a bonus. UPDATE: === To update your installation, click on the "Install Cygwin now" link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Save it and run setup, answer the questions and pick up 'gzip' in the 'Base' category (it should already be selected). DOWNLOAD: = Note that downloads from cygwin.com aren't allowed due to bandwidth limitations. This means that you will need to find a mirror which has this update, please choose the one nearest to you: http://cygwin.com/mirrors.html QUESTIONS: == If you want to make a point or ask a question the Cygwin mailing list is the appropriate place. -- Eric Blake volunteer cygwin gzip package maintainer For more details on this list (including unsubscription), see: http://sourceware.org/lists.html signature.asc Description: OpenPGP digital signature