Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies
On Sat, 23 Oct 2021 19:44:25 +0200, Achim Gratz > > We should get rid of dependencies to the obsolete OpensSSL 1.0 library > that is no longer maintained upstream and has several critical bugs. > > Current and previous versions of the following packages depend on the > outdated libopenssl100 (a lot of these have many packages depending on > them in turn and/or are orphaned): ... > lua-crypto ... I've rebuilt lua-crypto-0.3.2 as lua-crypto-0.3.2p4 https://cygwin.com/cgi-bin2/jobs.cgi?id=3509 The cygport file is placed at https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1 and its packages are placed at https://cygwin-lem.github.io/lua-crypto-cygport/ https://github.com/cygwin-lem/lua-crypto-cygport/tree/s_0.3.2p4-1_gh-pages/ Should I ITA for lua-crypto? Regards, Lem
Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies
Andrew Schulman via Cygwin-apps writes: > Are you sure about lftp? AFAIK it only uses libssl1.1: It's a false positivie due to a previous version still using libopenssl100. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
Re: [ATTN MAINTAINERS] OpenSSL 1.0 dependencies
> > We should get rid of dependencies to the obsolete OpensSSL 1.0 library > that is no longer maintained upstream and has several critical bugs. > > Current and previous versions of the following packages depend on the > outdated libopenssl100 (a lot of these have many packages depending on > them in turn and/or are orphaned): ... > lftp ... Are you sure about lftp? AFAIK it only uses libssl1.1: $ lftp --version LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov ... Libraries used: Expat 2.4.1, idn2 2.3.2, libiconv 1.16, OpenSSL 1.1.1l 24 Aug 2021, Readline 8.1, zlib 1.2.11 $ ldd /usr/bin/lftp | grep ssl cygssl-1.1.dll => /usr/bin/cygssl-1.1.dll (0x4c7bc)