| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:cc:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=E2jdahGpb3IokvI3xkFlVd/HaqOteWUlc9BLUKAqt5RDxC+EnrS0b | |
| nkQPNZ1Jx4vnFLqOjkwGCMPfy8jcJvXgxv/JP3hzM3aKMMqsquV98l35tE6K2aQU | |
| /DSRDvHKyXiWBOAYTYHdoCi+L70RU046OKItIhH23il5PL9nPtawx0= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:cc:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=MEVcUXuvK6jubDZjY3DbSSSdUfc=; b=bupC4HO3ubPfxTyWDcsMI+jDvikL | |
| 2tOzMVUcAi07fRXs3AC8ektHEeZT6Mbc+kpz2RHDJeFGj4cYAPVqQPe11vCpayq4 | |
| IIFMLYg3655MQkivYIOD6xPtiIGBTCGMN3PMUiAbcLgHABpj4OdIA6JbB58mu+Ea | |
| z4nbqxzxoZ7xbVY= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-104.9 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=MESSAGE, cygwin-announce, cygwinannounce, SECURITY |
| X-HELO: | mout.kundenserver.de |
| Date: | Wed, 28 Aug 2019 14:52:57 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | Matthias Andree <matthias DOT andree AT gmx DOT de> |
| Cc: | cygwin AT cygwin DOT com |
| Subject: | Re: HEADS UP package "fetchmail" vulnerable and 6.4.0 release candidate out |
| Message-ID: | <20190828125257.GJ11632@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | Matthias Andree <matthias DOT andree AT gmx DOT de>, cygwin AT cygwin DOT com |
| References: | <18a325b3-0934-0e7f-aa6b-45828ae03ce7 AT gmx DOT de> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <18a325b3-0934-0e7f-aa6b-45828ae03ce7@gmx.de> |
| User-Agent: | Mutt/1.11.3 (2019-02-01) |
--jTIjG9KbdIQeEVp/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Matthias, On Aug 20 19:49, Matthias Andree wrote: >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 >=20 > Corinna, and everyone else who is interested, >=20 > checking <https://cygwin.com/packages/summary/fetchmail.html>, > I see that Cygwin packages a very old fetchmail version that has unfixed > security vulnerabilities and unfixed critical (data loss) bugs. >=20 > Constructively moving forward, please: >=20 > 1. I am about to release 6.4.0 in a few weeks' time with a few important > SSL/TLS/OpenSSL updates that permit newer OpenSSL versions, require > OpenSSL v1.0.2, and practically permit TLS v1.3 if linked against a > sufficiently new OpenSSL. > We're shy of 200 commits since the last formal release 6.3.26, and 276 > changes past 6.3.21, the younger x86 (32bit) package for Cygwin. > High-level details in the NEWS file linked below. Care was taken to not > break the interfaces too hard, but in the sense of security, I carefully > changed --sslproto semantics and flipped the switch >=20 > 2. Note that fetchmail has seen several SECURITY and CRITICAL bug fixes > since 6.3.21/6.3.22. > Review <https://gitlab.com/fetchmail/fetchmail/blob/legacy_64/NEWS> for > details, and look for these two capitalized words. >=20 > 3. Please try to package 6.4.0.rc2 for x86 and x86_64 against Cygwin's > libssl1.1, and see if you find any portability issues that would require > fixing before 6.4.0. Deadline end of August 2019, and unless really > needed for non-trivial code changes, rc2 is also the planned final > candidate. Builds fine against OpenSSL-1.1. I can't test it ATM, but I prepared a test release of the current rc3 for our users https://cygwin.com/ml/cygwin-announce/2019-08/msg00022.html Thanks, Corinna --=20 Corinna Vinschen Cygwin Maintainer --jTIjG9KbdIQeEVp/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAl1meSkACgkQ9TYGna5E T6CH0A/+OPj5A95T1DW4jh8PvFFDNDtTMUjaKPO1DOf69qJAhtzDD0j9apCJt2Wd q3PjC1nAdTH/9ysrZ9Ud290SIBTwCU1vrAni+niKCEjW/iPfUcOriOfjPh5KYGHK lDanCEq/7j816630CFsp+PCNtVLBHBTot8pU8lECdES6ag1msJB9W6mrw0xVyh+Q Dvk3o74ELTdxl7bCDBuhG7A2jR25XtPk2ryfHYrOreaA0XEM0bSY8gw31MjVBNiA oPHD5q9g5IPGAFuu1g3OMtPLCZK83Rtug2R/KGSieEVCLPue8CjWDxPs4Q7IRgaJ 9hUfWuLP9vpLuXxK/LWpjGuAD9Jb2Sv6qKIlUVw7Q9APXDucd7Y6GGmBTW2ZRXys HdEtErwtigsXqaaZ1NbR2oHHkKB99nd+8LfwTN59+AdAbcDPRogwGleGcCYSMYuV TIj0M1vPYpbFIcZIrmInLBY6SD1DDggvFJci3N1bjej0Uoz1bBCiTgE1YAOn9cMT O4XN/9SJsiXVMvr9o+3HUAdbb6NM5KT1SbTaPoX7fs4ku4WU/iaxt2BTRj7J8Yzk 1Rcz0sDMz/O7B1VzJhbIWc51pTTTRxYohQN9VrL+dk6b9832ak8z0+d7s4140FVM AH69a7gRvA5fQ154QtPFieMGl2al/1R6iLHRcqMvMDKdj26lYU4= =PfD8 -----END PGP SIGNATURE----- --jTIjG9KbdIQeEVp/--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |