openssl needs updated

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Sun May 30 16:17:56 GMT 2021


On 2021-05-30 02:06, Achim Gratz wrote:
> Brian Inglis writes:
>> On 2021-05-28 11:13, Brian Inglis wrote:
>>> openssl/libssl has not been updated since 1.1.f two years ago
>>> and now has four high sev CVEs outstanding in upstream 1.1.1k:
>>> two last year, two this year. >>> If maintainer is short of time, I may be able to co-maintain?

> If you really want co-maint and not just take over I'd suggest you
> refrain from purely stylistic changes like these:
>   src_compile() {
> -       cd ${S}
> +       cd $S
>          lndirs

Those are from my own local builds I keep more up to date than releases.
I manually switch from release or local tars to check builds.

> I'd like to see the existing MingW64 packages moving to *-openssl10
> (and getting updated to the latest version as well), then updating
> *-openssl to the 1.1 branch.
OpenSSL 1.0.2u was EoL and unsupported end of 2019:
https://www.openssl.org/blog/blog/2019/11/07/3.0-update/
Cygwin current is 1.0.2t so close but mingw is 1.0.2o 3 years ago.

OpenSSL 3 came out a year ago and is still in alpha # 17.

I haven't even looked at mingw packages because they are so outdated.
I am afraid to find out why they have not been updated to 1.1.1! ;^>

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]




More information about the Cygwin-apps mailing list