Re: OpenSSL package updates
On Nov 6 20:59, Achim Gratz wrote: > Corinna Vinschen via Cygwin-apps writes: > > That started with OpenSSL 0.9.5 I think, I'm not sure anymore. You > > should be able to do this in a single step, as long as you craft the > > dependencies so that an update of the openssl package pulls in the > > openssl10 package with the old lib. As soon as all dependent distro > > packages are updated, you can just drop the dependency and then the old > > package entirely. > > I was hoping there was a precedent we could use for this. > > The idea would be that the old openssl dependencies are all converted to > point to mingw64-*-openssl10 instead and the old packages either renamed > or removed before the (final?) update to mingw64-*-openssl-1.0.2u+za. > Then drop in mingw64-*-openssl-1.1.1l openssl, which most packages that > are still actively maintained would probably need anyway during one of > their next updates. You create a new mingw-openssl10 package set, or even just a single package only providing the openssl 1.0 DLLs, i.e. mingw-libopenssl100. Then you create the mingw-openssl packages with the new 1.1 version. The mingw-libopenssl110 package gets an extra dependency to mingw-libopenssl100. That will work OOTB without having to fix the dependent package hints. The old openssl packages providing the previous 1.0 versions should better get removed, I guess. In a second step the dependencies in the below packages could be changed to require the mingw-libopenssl100 package. At least that would be better for bookkeeping. Does that require manual intervention on the server? I'm not sure, Jon would know this better. Corinna > > The packages that are affected: > > mingw64-*-botan > mingw64-*-curl > mingw64-*-gnome-vfs > mingw64-*-gstreamer > mingw64-*-libevent > mingw64-*-libgda > mingw64-*-liboauth > mingw64-*-libshout > mingw64-*-libssl2 > mingw64-*-libzip > mingw64-*-mariadb-connector > mingw64-*-neon > mingw64-*-nghttp > mingw64-*-opusfile > mingw64-*-postgresql > mingw64-*-qca > mingw64-*-qt4 > mingw64-*-qt5-base > mingw64-*-glib2 > mingw64-*-unbound
Re: OpenSSL package updates
Corinna Vinschen via Cygwin-apps writes: > That started with OpenSSL 0.9.5 I think, I'm not sure anymore. You > should be able to do this in a single step, as long as you craft the > dependencies so that an update of the openssl package pulls in the > openssl10 package with the old lib. As soon as all dependent distro > packages are updated, you can just drop the dependency and then the old > package entirely. I was hoping there was a precedent we could use for this. The idea would be that the old openssl dependencies are all converted to point to mingw64-*-openssl10 instead and the old packages either renamed or removed before the (final?) update to mingw64-*-openssl-1.0.2u+za. Then drop in mingw64-*-openssl-1.1.1l openssl, which most packages that are still actively maintained would probably need anyway during one of their next updates. The packages that are affected: mingw64-*-botan mingw64-*-curl mingw64-*-gnome-vfs mingw64-*-gstreamer mingw64-*-libevent mingw64-*-libgda mingw64-*-liboauth mingw64-*-libshout mingw64-*-libssl2 mingw64-*-libzip mingw64-*-mariadb-connector mingw64-*-neon mingw64-*-nghttp mingw64-*-opusfile mingw64-*-postgresql mingw64-*-qca mingw64-*-qt4 mingw64-*-qt5-base mingw64-*-glib2 mingw64-*-unbound Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf Blofeld V1.15B11: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
Re: OpenSSL package updates
On Nov 6 16:58, Achim Gratz wrote: > Achim Gratz writes: > > I have updated the recently released Cygwin packages with all upstream > > patches from Fedora plus the patches for all CVE affecting version 1.0.2 > > since the last official version and changed the cygport files so they > > build on AppVeyor. The packages have been pushed to the respective > > playground branches: > > > > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl10.git;a=shortlog;h=refs/heads/playground > > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl.git;a=shortlog;h=refs/heads/playground > > I've just updated the playground branches with the respective MinGW64 > OpenSSL packages integrated (I needed to drop two patches from Fedora > for OpernSSL 1.0 because they were using an API not available on > MinGW64. > > > I have not yet looked at the MingW64 libraries and I will not have time > > next week to do any further work. I might do an ITA later on when I > > have everything completed. I'd appreciate if someone would take a look > > and test these builds in the meantime. > > So it turns out that there weren't any OpenSSL 1.1 packages for MinGW64 > existing and so the OpenSSL 1.0 packages are still named *-openssl > instead of *-openssl10. I haven't yet tried to build the 1.1 versdion > for MinGW64, but I'd tend to do the rename first and then clobber the > *-openssl name for the newer version. How was that handled for the > Cygwin packages? That started with OpenSSL 0.9.5 I think, I'm not sure anymore. You should be able to do this in a single step, as long as you craft the dependencies so that an update of the openssl package pulls in the openssl10 package with the old lib. As soon as all dependent distro packages are updated, you can just drop the dependency and then the old package entirely. Corinna
Re: OpenSSL package updates
Achim Gratz writes: > I have updated the recently released Cygwin packages with all upstream > patches from Fedora plus the patches for all CVE affecting version 1.0.2 > since the last official version and changed the cygport files so they > build on AppVeyor. The packages have been pushed to the respective > playground branches: > > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl10.git;a=shortlog;h=refs/heads/playground > https://cygwin.com/git-cygwin-packages?p=git/cygwin-packages/openssl.git;a=shortlog;h=refs/heads/playground I've just updated the playground branches with the respective MinGW64 OpenSSL packages integrated (I needed to drop two patches from Fedora for OpernSSL 1.0 because they were using an API not available on MinGW64. > I have not yet looked at the MingW64 libraries and I will not have time > next week to do any further work. I might do an ITA later on when I > have everything completed. I'd appreciate if someone would take a look > and test these builds in the meantime. So it turns out that there weren't any OpenSSL 1.1 packages for MinGW64 existing and so the OpenSSL 1.0 packages are still named *-openssl instead of *-openssl10. I haven't yet tried to build the 1.1 versdion for MinGW64, but I'd tend to do the rename first and then clobber the *-openssl name for the newer version. How was that handled for the Cygwin packages? Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Q+, Q and microQ: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
Re: cygport development
On 29/06/2020 18.04, Federico Kircheis wrote: On 6/12/20 9:55 AM, Federico Kircheis wrote: On May 29, 2020 4:38:53 AM UTC, Federico Kircheis wrote: I did not get any response to my last questions, so I hope this patch is enough. Any thought about my other arguments? Federico Ping. Any updates or comments? Is the patch ok? Ping I know it's been a while, I still would like cygport to avoid messing up unrelated directories. Are there any disadvantage stopping when cd fails? I did not get any feedback. AFAIK my patch has not been integrated and still applies to current master. Best Federico