[ANNOUNCEMENT] Updated: openssl-1.0.2m-1
Hi folks, I've updated the version of OpenSSL to 1.0.2m-1. This is a security bugfix release. OpenSSL Security Advisory [02 Nov 2017] bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) == Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Note: This issue is very similar to CVE-2017-3732 and CVE-2015-3193 but must be treated as a separate problem. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Severity: Low This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity. OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m Note Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Requesting updated unzip for Zip64 Support
On 2017-11-09 23:25, OwN-3m-All wrote: > Any chance unzip can be updated to support Zip64? > http://www.paehl.com/open_source/downloads/unzip.7z > http://www.paehl.com/open_source/?ZIP_UNZIP Current zip has supported Zip64 since 2008 and unzip since 2009. $ zip -v; unzip -v should both show ZIP64_SUPPORT. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Requesting updated unzip for Zip64 Support
Strange, for some reason the current version would fail on some very large archives (8GB+), but the version I linked worked fine in these cases too. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: EXTERNAL: Re: Requesting updated unzip for Zip64 Support
On 11/10/2017 10:04 AM, Brian Inglis wrote: On 2017-11-09 23:25, OwN-3m-All wrote: Any chance unzip can be updated to support Zip64? http://www.paehl.com/open_source/downloads/unzip.7z http://www.paehl.com/open_source/?ZIP_UNZIP Current zip has supported Zip64 since 2008 and unzip since 2009. $ zip -v; unzip -v should both show ZIP64_SUPPORT. as it does on my cygwin install, uname -a: CYGWIN_NT-10.0 rwells-x240 2.9.0(0.318/5/3) 2017-09-12 10:18 x86_64 Cygwin zip -v . . Zip special compilation options: USE_EF_UT_TIME (store Universal Time) BZIP2_SUPPORT (bzip2 library version 1.0.6, 6-Sept-2010) bzip2 code and library copyright (c) Julian R Seward (See the bzip2 license for terms of use) SYMLINK_SUPPORT (symbolic links supported) LARGE_FILE_SUPPORT (can read and write large files on file system) ZIP64_SUPPORT (use Zip64 to store large files in archives) UNICODE_SUPPORT (store and read UTF-8 Unicode paths) STORE_UNIX_UIDs_GIDs (store UID/GID sizes/values using new extra field) UIDGID_NOT_16BIT (old Unix 16-bit UID/GID extra field not used) [encryption, version 2.91 of 05 Jan 2007] (modified for Zip 3) unzip -v . . UnZip special compilation options: COPYRIGHT_CLEAN (PKZIP 0.9x unreducing method not supported) SET_DIR_ATTRIB SYMLINKS (symbolic links supported, if RTL and file system permit) TIMESTAMP UNIXBACKUP USE_EF_UT_TIME USE_UNSHRINK (PKZIP/Zip 1.x unshrinking method supported) USE_DEFLATE64 (PKZIP 4.x Deflate64(tm) supported) UNICODE_SUPPORT [wide-chars, char coding: UTF-8] (handle UTF-8 paths) MBCS-support (multibyte character support, MB_CUR_MAX = 6) LARGE_FILE_SUPPORT (large files over 2 GiB supported) ZIP64_SUPPORT (archives using Zip64 for large files supported) USE_BZIP2 (PKZIP 4.6+, using bzip2 lib version 1.0.6, 6-Sept-2010) VMS_TEXT_CONV [decryption, version 2.11 of 05 Jan 2007] -- Roger Wells, P.E. leidos 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.we...@leidos.com -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] psiconv 0.9.9-1
The following packages have been uploaded to the Cygwin distribution: * psiconv-0.9.9-1 * psiconv-doc-0.9.9-1 * libpsiconv6-0.9.9-1 * libpsiconv-devel-0.9.9-1 This package is meant to make the Psion 5 series of PDAs, as well as other small computers running EPOC 32, more usable to non-Windows users. This is an update to the latest (and perhaps final) upstream release, and built with ImageMagick 6.9.9. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] dmtx-utils 0.7.4-3
The following packages have been uploaded to the Cygwin distribution: * dmtx-utils-0.7.4-3 libdmtx is a software library that enables programs to read and write Data Matrix barcodes of the modern ECC200 variety. This package provides command line utilities that allow scripts to use libdmtx functionality. This release was rebuilt for ImageMagick-6.9.9. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] WindowMaker 0.95.8-1
The following packages have been uploaded to the Cygwin distribution: * WindowMaker-0.95.8-1 * libwraster6-0.95.8-1 * libwraster-devel-0.95.8-1 * libWMaker1-0.95.8-1 * libWMaker-devel-0.95.8-1 * libWINGs3-0.95.8-1 * libWINGs-devel-0.95.8-1 Window Maker is an X11 window manager originally designed to provide integration support for the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP user interface. It is fast, feature rich, easy to configure, and easy to use. This is an update to the latest upstream release, and includes an improved default root menu configuration. -- Yaakov -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
