Re: perl 5.32
Marco Atzeri via Cygwin-apps writes: > should we add the perl5_032 to REQUIRES ? Yes, as I'd written earlier in this thread: --8<---cut here---start->8--- Please note that you need to manually insert a dependency on perl5_032 in addition to any dependencies to perl_base or perl into your packages since the officially released cygport does not yet generate this extra dependency. --8<---cut here---end--->8--- You could alternatively build and use my patched cygport that should do it automatically (please report back if not): https://repo.or.cz/cygport/rpm-style.git specifically the to-upstream branch. Or build from a snapshot: https://repo.or.cz/cygport/rpm-style.git/snapshot/to-upstream-d495ecc.tar.gz Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
[ANNOUNCEMENT] Updated: rsh-0.17-3
CAUTION For security reasons, the use of the r-command is completely discouraged. Instead, you should seriously consider use of the ssh related tools. This package is mainly intended for compatibility. * The following packages have been uploaded to the Cygwin distribution: * rsh-0.17-3 * rsh-server-0.17-3 This is probably the final release of rsh package for cygwin because the r-commands are outdated and removed from some Linux and BSD distributions such as RedHat Enterprise Linux 8 for security reasons. The rsh-server package contains a set of programs which allow users to run commmands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). All three of these commands use rhosts style authentication. This package contains the servers needed for all of these services. It also contains a server for rexec, an alternate method of executing remote commands. All of these servers must be run by a 'super-server' such as inetd or xinetd, and as such are configured by /etc/inetd.conf or /etc/xinetd.d/* -- the servers can not be launched standalone nor via cygrunsrv. Change History -- rsh-0.17-3 -- 2021 Feb 6 --- * Introduced some new patches from fedora * Added IPv6 support to rexec and rcp *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com cygwin.com If you need more information on unsubscribing, start reading here: https://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Takashi Yano -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] Updated: inetutils-2.0-1
The following packages have been uploaded to the Cygwin distribution: * inetutils-2.0-1 * inetutils-server-2.0-1 * ping-2.0-1 inetutils provides common networking clients and servers, including the inetd super-server, telnetd and telnet, ftpd and ftp, talkd and talk, uucpd (but no uucp client), and syslogd, as well as ping/ping6. Change History -- inetutils-2.0-1 -- 6 Feb 2021 --- * Updated to latest upstream release *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com cygwin.com If you need more information on unsubscribing, start reading here: https://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Takashi Yano -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Updated: rsh-0.17-3
CAUTION For security reasons, the use of the r-command is completely discouraged. Instead, you should seriously consider use of the ssh related tools. This package is mainly intended for compatibility. * The following packages have been uploaded to the Cygwin distribution: * rsh-0.17-3 * rsh-server-0.17-3 This is probably the final release of rsh package for cygwin because the r-commands are outdated and removed from some Linux and BSD distributions such as RedHat Enterprise Linux 8 for security reasons. The rsh-server package contains a set of programs which allow users to run commmands on remote machines, login to other machines and copy files between machines (rsh, rlogin and rcp). All three of these commands use rhosts style authentication. This package contains the servers needed for all of these services. It also contains a server for rexec, an alternate method of executing remote commands. All of these servers must be run by a 'super-server' such as inetd or xinetd, and as such are configured by /etc/inetd.conf or /etc/xinetd.d/* -- the servers can not be launched standalone nor via cygrunsrv. Change History -- rsh-0.17-3 -- 2021 Feb 6 --- * Introduced some new patches from fedora * Added IPv6 support to rexec and rcp *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com cygwin.com If you need more information on unsubscribing, start reading here: https://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Takashi Yano
Updated: inetutils-2.0-1
The following packages have been uploaded to the Cygwin distribution: * inetutils-2.0-1 * inetutils-server-2.0-1 * ping-2.0-1 inetutils provides common networking clients and servers, including the inetd super-server, telnetd and telnet, ftpd and ftp, talkd and talk, uucpd (but no uucp client), and syslogd, as well as ping/ping6. Change History -- inetutils-2.0-1 -- 6 Feb 2021 --- * Updated to latest upstream release *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=yourdomain.com cygwin.com If you need more information on unsubscribing, start reading here: https://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Takashi Yano
Re: TLS version problem downloading mirrors.lst?
On 2021-02-06 11:23, Brad Wetmore via Cygwin wrote: On 2021-02-05 18:00, Brad Wetmore via Cygwin wrote: I am trying to install a new instance of cygwin on Windows 2016 Server MSDN instance and am having problems downloading the mirrors list: 2021/02/05 14:21:39 connection error: 12029 fetching https://cygwin.com/mirrors.lst Using Wireshark and configuration options in Firefox, the root cause appears to be that the setup-x86_64.exe is trying to use TLSv1.0 and SSLv3 to download this file, but the download is failing as the response is a fatal TLS alert: invalid protocol (2/70). Many Internet servers have been shutting off TLSv1.0/SSLv3 in favor of TLSv1.2/1.3 these days, is this a case of that? If so, the setup app needs to be updated. Cygwin setup is a Windows app using Windows libraries built using open tools. I can specify a specific server URL after the mirrors.lst download fails and can at least get something installed. Is there any workaround to force setup-x86_64.exe to default to TLSv1.2/1.3? Or is this something that the MSDN version of Windows 2016 Server has configured? More details/symptoms: I am behind a firewall, but the proxy settings in IE allow me to tunnel out. The corresponding "Use System Proxy Settings" in Firefox works fine. But when I set the TLS settings in Firefox's "about:config" to use only TLSv1.0/SSLv3, I see the same alert being returned to Firefox. Wireshark reports: CONNECT cygwin.com:443 HTTP1.0 -> User-Agent: ...deleted <- HTTP/1.0 200 Connection established ClientHello -> v1.0 <- Fatal Alert: 2/70 Supposedly SCHANNEL has TLSv1.2 on by default, but have no idea how the setup app is written. *NOT* by default on W2016 for SCHANNEL and may need enabled for both CLIENT and SERVER uses: https://github.com/MicrosoftDocs/windowsserverdocs/issues/2783 https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Cygwin setup is written like most other Windows GUI apps, but you can clone the sources, modify, and build it using only Cygwin tools. https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- https://docs.microsoft.com/en-us/archive/blogs/kaushal/support-for-ssltls-protocols-on-windows My previous installs of cygwin aren't having any problems when trying to incrementally add software, maybe the mirrors file is cached somewhere? Are any of them running legacy Server instances? Thanks for any tips, It's possible that W2016 might not support the root CA, support available TLS 1.2 Cipher suites (although that seems unlikely with the WEAK ratings), TLS 1.3, HTTP2, etc: https://www.ssllabs.com/ssltest/analyze.html?d=cygwin.com > Horray for conflicting information from MS. > > I will look at the IIS tool mentioned in one of the posts. > > My registry entries for SCHANNEL and the TLSv1.2 look to be the same between my previous Windows 2012 install and this new Windows 2016 one, so a little surprising. Please check that your server TLS/SCHANNEL registry entries match those in the referenced article for TLS 1.2 well down the page in the Enabled case. > Do you happen to know if the cygwin.com server hosting cygwin.com/mirrors.lst was recently upgraded to no longer support the earlier TLS versions? See the ssllabs test results and comments above. > Is mirrors.lst cached somewhere during the install, and where would I find it? Just wondering why I can't seem to find it on different Windows instances but can still connect. Every Cygwin install has /etc/setup/setup.rc which contains a copy of the then active mirrors list as well as your most recently selected mirror, and a list could even be baked into Cygwin setup at build time. My previous installs of cygwin aren't having any problems when trying to incrementally add software, maybe the mirrors file is cached somewhere? >> Are any of them running legacy Server instances? > > I think you are asking whether the mirror server (sonic.net) that I eventually contacted still has TLSv1.0 on. Probably. I can check that next week. Are any of your previous installs of Cygwin also on legacy Server 2016 or 2012 instances that you also have installed from the same source? These SCHANNEL entries are *Disabled by Default* and have registry entries to that effect! [Previous post restored: this is why keeping and trimming comments and replying inline is so important in this and similar groups, so everyone understands the context; TOFU/Jeopardy style is okay for org emails about simple business issues, and simple technical issues answered in a one liner.] Check using: $ regtool list -v /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/TLS 1.2/Server/ and
[ANNOUNCEMENT] Updated: neomutt-20210205-1
Version 20210205-1 of neomutt has been uploaded. The command line mail reader neomutt reached version 20210205. On GitHub it is possible to find the changelog for the new release: https://github.com/neomutt/neomutt/releases Federico -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Updated: neomutt-20210205-1
Version 20210205-1 of neomutt has been uploaded. The command line mail reader neomutt reached version 20210205. On GitHub it is possible to find the changelog for the new release: https://github.com/neomutt/neomutt/releases Federico
[ANNOUNCEMENT] Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.75
The following packages have been upgraded in the Cygwin distribution: * curl 7.75 * libcurl4 7.75 * libcurl-devel 7.75 * libcurl-doc 7.75 * mingw64-x86_64-curl 7.75 * mingw64-i686-curl 7.75 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation for complete details: https://curl.se/changes.html curl and libcurl 7.75.0: Public curl releases:197 Command line options:237 curl_easy_setopt() options: 285 Public functions in libcurl: 85 Contributors: 2322 This release includes the following changes: o curl: add --create-file-mode [mode] [28] o curl: add new variables to --write-out [25] o dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries [53] o gopher: implement secure gopher protocol [2] o http: add Hyper as new optional HTTP backend [24] o http: introduce AWS HTTP v4 Signature support [26] This release includes the following known bugs: o see /usr/share/doc/curl/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: o badsymbols.pl: add verbose mode -v [31] o badsymbols.pl: ignore stand-alone single hash lines [40] o BUG-BOUNTY: minor language updates [5] o build: fix djgpp builds [84] o cleanup: fix empty expression statement has no effect o cmake: Add an option to disable libidn2 [48] o cmake: enable gophers correctly in curl-config [10] o cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG [32] o cmdline-opts/gen.pl: return hard on errors [11] o cmdline-opts/retry.d: mention response code 429 as well [47] o configure: set -Wextra-semi-stmt for clang with --enable-debug [52] o connect: defer port selection until connect() time [22] o connect: mark intentional ignores of setsockopt return values [75] o connect: on linux, enable reporting of all ICMP errors on UDP sockets [27] o connect: zero variable on stack to silence valgrind complaint [23] o cookie: avoid the C1001 internal compiler error with MSVC 14 [36] o curl.1: fix typo microsft -> microsoft [56] o curl: fix handling of -q option [39] o curl: include the file name in --xattr/--remote-time error msgs o curl: move fprintf outputs to warnf [105] o Curl_chunker: shrink the struct [104] o curl_easy_pause.3: add multiplexed pause effects [41] o CURLINFO_PRETRANSFER_TIME.3: clarify [61] o CURLOPT_URL.3: remove scheme specific details [12] o digest_sspi: Show InitializeSecurityContext errors in verbose mode [8] o docs/examples: adjust prototypes for CURLOPT_READFUNCTION [51] o docs/URL-SYNTAX: the URL syntax curl accepts and works with [15] o docs: enable syntax highlighting in several docs files [16] o docs: fix line length bug in gen.pl [70] o docs: fix typos in NEW-PROTOCOL.md [102] o docs: fix wrong documentation in help.d [71] o docs: remove redundant "better" in --fail help [55] o doh: allocate state struct on demand [85] o examples/libtest: add .checksrc to dist [14] o examples: remove superfluous asterisk uses o failf: remove newline from formatting strings [35] o file: don't provide content-length for directories [49] o getinfo: build with disabled HTTP support o gitattributes: Set batch files to CRLF line endings on checkout [65] o h2: do not wait for RECV on paused transfers [43] o HISTORY: added dates to early history o http: empty reply connection are not left intact [80] o http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy [83] o http: have CURLOPT_FAILONERROR fail after all headers [54] o http: make providing Proxy-Connection header not cause duplicated headers [92] o http: show the request as headers even when split-sending [7] o http_chunks: correct and clarify a comment on hexnumber length [88] o http_proxy: Fix CONNECT chunked encoding race condition [76] o httpauth: make multi-request auth work with custom port [45] o INSTALL: now at 85 operating systems o INSTALL: update the list known OSes and CPU archs curl has run on [38] o lib/unit tests: add missing curl_global_cleanup() calls o lib1564/5: verify that curl_multi_wakeup returns OK o lib: pass in 'struct Curl_easy *' to most functions [101] o lib: remove Curl_ prefix from many static functions [66] o lib: save a bit of space with some structure packing [82] o libssh2: fix "Value stored to 'readdir_len' is never read" o libssh2: move data from connection object to transfer object [114] o libssh: avoid plain free() of libssh-memory [99] o mime: make sure
Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.75
The following packages have been upgraded in the Cygwin distribution: * curl 7.75 * libcurl4 7.75 * libcurl-devel 7.75 * libcurl-doc 7.75 * mingw64-x86_64-curl 7.75 * mingw64-i686-curl 7.75 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation for complete details: https://curl.se/changes.html curl and libcurl 7.75.0: Public curl releases:197 Command line options:237 curl_easy_setopt() options: 285 Public functions in libcurl: 85 Contributors: 2322 This release includes the following changes: o curl: add --create-file-mode [mode] [28] o curl: add new variables to --write-out [25] o dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries [53] o gopher: implement secure gopher protocol [2] o http: add Hyper as new optional HTTP backend [24] o http: introduce AWS HTTP v4 Signature support [26] This release includes the following known bugs: o see /usr/share/doc/curl/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: o badsymbols.pl: add verbose mode -v [31] o badsymbols.pl: ignore stand-alone single hash lines [40] o BUG-BOUNTY: minor language updates [5] o build: fix djgpp builds [84] o cleanup: fix empty expression statement has no effect o cmake: Add an option to disable libidn2 [48] o cmake: enable gophers correctly in curl-config [10] o cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG [32] o cmdline-opts/gen.pl: return hard on errors [11] o cmdline-opts/retry.d: mention response code 429 as well [47] o configure: set -Wextra-semi-stmt for clang with --enable-debug [52] o connect: defer port selection until connect() time [22] o connect: mark intentional ignores of setsockopt return values [75] o connect: on linux, enable reporting of all ICMP errors on UDP sockets [27] o connect: zero variable on stack to silence valgrind complaint [23] o cookie: avoid the C1001 internal compiler error with MSVC 14 [36] o curl.1: fix typo microsft -> microsoft [56] o curl: fix handling of -q option [39] o curl: include the file name in --xattr/--remote-time error msgs o curl: move fprintf outputs to warnf [105] o Curl_chunker: shrink the struct [104] o curl_easy_pause.3: add multiplexed pause effects [41] o CURLINFO_PRETRANSFER_TIME.3: clarify [61] o CURLOPT_URL.3: remove scheme specific details [12] o digest_sspi: Show InitializeSecurityContext errors in verbose mode [8] o docs/examples: adjust prototypes for CURLOPT_READFUNCTION [51] o docs/URL-SYNTAX: the URL syntax curl accepts and works with [15] o docs: enable syntax highlighting in several docs files [16] o docs: fix line length bug in gen.pl [70] o docs: fix typos in NEW-PROTOCOL.md [102] o docs: fix wrong documentation in help.d [71] o docs: remove redundant "better" in --fail help [55] o doh: allocate state struct on demand [85] o examples/libtest: add .checksrc to dist [14] o examples: remove superfluous asterisk uses o failf: remove newline from formatting strings [35] o file: don't provide content-length for directories [49] o getinfo: build with disabled HTTP support o gitattributes: Set batch files to CRLF line endings on checkout [65] o h2: do not wait for RECV on paused transfers [43] o HISTORY: added dates to early history o http: empty reply connection are not left intact [80] o http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy [83] o http: have CURLOPT_FAILONERROR fail after all headers [54] o http: make providing Proxy-Connection header not cause duplicated headers [92] o http: show the request as headers even when split-sending [7] o http_chunks: correct and clarify a comment on hexnumber length [88] o http_proxy: Fix CONNECT chunked encoding race condition [76] o httpauth: make multi-request auth work with custom port [45] o INSTALL: now at 85 operating systems o INSTALL: update the list known OSes and CPU archs curl has run on [38] o lib/unit tests: add missing curl_global_cleanup() calls o lib1564/5: verify that curl_multi_wakeup returns OK o lib: pass in 'struct Curl_easy *' to most functions [101] o lib: remove Curl_ prefix from many static functions [66] o lib: save a bit of space with some structure packing [82] o libssh2: fix "Value stored to 'readdir_len' is never read" o libssh2: move data from connection object to transfer object [114] o libssh: avoid plain free() of libssh-memory [99] o mime: make sure
Re: perl 5.32
On 08.12.2020 20:05, Achim Gratz wrote: Ken Brown via Cygwin-apps writes: Well, I get that they always want to be on the bleeding edge of UTF-8, but otherwise is that version really a requirement? The update itself isn't much of a problem I'd think, it's just that there's this slew of other packages to update in concert and the fact that most of them haven't yet added the perl5_030 require to prevent the update doing damage to an installation until such a package is actually updated. Regards, Achim. should we add the perl5_032 to REQUIRES ? Regards Marco
Re: [Attn. Maintainers] prepare your packages for release of perl-5.32
Marco Atzeri via Cygwin-apps writes: > we will need some extra work or adopting As I said, some of these haven't seen an update for perl-5.30 and so can't have worked for almost a year already without anybody noticing, so I'm not overly worried… Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables
Re: [Attn. Maintainers] prepare your packages for release of perl-5.32
On 06.02.2021 17:13, Achim Gratz wrote: Achim Gratz writes: Please prepare your packages for the release of perl-5.32 and report on this list about their status. The one package that I intend to wait for the release is subversion-perl, everything else either is under my maintenance already or can be updated slightly later without too much disturbance based on the last two updates of Perl. These are the source packages that touch the previous Perl installations (some of these weren't updated for perl-5.30, so I checked perl-5.26 also) and need updating for perl-5.32: we will need some extra work or adopting GraphicsMagick Marco Atzeri ImageMagick Marco Atzeri biberKen Brown graphviz Yaakov Selkowitz libproxy Yaakov Selkowitz libsolv Jon Turney link-grammar Yaakov Selkowitz marisa Yaakov Selkowitz ming ORPHANED (Dr. Volker Zell) net-snmp David Rothenberger nginxYaakov Selkowitz openbabelLemures Lemniscati openwsmanYaakov Selkowitz po4a Erwin Waterlander pristine-tar Jari Aalto sendxmpp Jari Aalto stow Andrew Schulman subversion Marco Atzeri xfconf Yaakov Selkowitz zbar Yaakov Selkowitz zinnia Yaakov Selkowitz Please note that I can't easily figure out if a package uses an embedded Perl interpreter or sets up its own installation paths for Perl modules. These packages have previously been determined to fall under that category (some may have dropped that dependency in the meantime, but the maintainer would hopefully know): gdal Marco Atzeri cgit Yaakov Selkowitz git Adam Dinwoodie stgitJari Aalto grepmail Jari Aalto irssiMarco Atzeri postgresql Marco Atzeri rxvt Yaakov Selkowitz texinfo Ken Brown weechat Sebastien Helleu znc Alexey Sokolov Regards, Achim. Thanks Marco
Re: TLS version problem downloading mirrors.lst?
Hi Brian, and thanks for the response. Horray for conflicting information from MS. I will look at the IIS tool mentioned in one of the posts. My registry entries for SCHANNEL and the TLSv1.2 look to be the same between my previous Windows 2012 install and this new Windows 2016 one, so a little surprising. Do you happen to know if the cygwin.com server hosting cygwin.com/mirrors.lst was recently upgraded to no longer support the earlier TLS versions? Is mirrors.lst cached somewhere during the install, and where would I find it? Just wondering why I can't seem to find it on different Windows instances but can still connect. > Are any of them running legacy Server instances? I think you are asking whether the mirror server (sonic.net) that I eventually contacted still has TLSv1.0 on. Probably. I can check that next week. Thanks, Brad From: Brian Inglis Sent: Friday, February 5, 2021 7:53 PM To: cygwin@cygwin.com Subject: Re: TLS version problem downloading mirrors.lst? On 2021-02-05 18:00, Brad Wetmore via Cygwin wrote: > I am trying to install a new instance of cygwin on Windows 2016 Server MSDN > instance and am having problems downloading the mirrors list: > 2021/02/05 14:21:39 connection error: 12029 fetching > https://cygwin.com/mirrors.lst > Using Wireshark and configuration options in Firefox, the root cause appears > to be that the setup-x86_64.exe is trying to use TLSv1.0 and SSLv3 to > download this file, but the download is failing as the response is a fatal > TLS alert: invalid protocol (2/70). Many Internet servers have been shutting > off TLSv1.0/SSLv3 in favor of TLSv1.2/1.3 these days, is this a case of that? > If so, the setup app needs to be updated. Cygwin setup is a Windows app using Windows libraries built using open tools. > I can specify a specific server URL after the mirrors.lst download fails and > can at least get something installed. > Is there any workaround to force setup-x86_64.exe to default to TLSv1.2/1.3? > Or is this something that the MSDN version of Windows 2016 Server has > configured? > More details/symptoms: > I am behind a firewall, but the proxy settings in IE allow me to tunnel out. > The corresponding "Use System Proxy Settings" in Firefox works fine. But when > I set the TLS settings in Firefox's "about:config" to use only TLSv1.0/SSLv3, > I see the same alert being returned to Firefox. > Wireshark reports: > CONNECT cygwin.com:443 HTTP1.0 -> > User-Agent: ...deleted > <- HTTP/1.0 200 Connection established > ClientHello -> > v1.0 > <- Fatal Alert: 2/70 > Supposedly SCHANNEL has TLSv1.2 on by default, but have no idea how the > setup app is written. *NOT* by default on W2016 for SCHANNEL and may need enabled for both CLIENT and SERVER uses: https://github.com/MicrosoftDocs/windowsserverdocs/issues/2783 https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Cygwin setup is written like most other Windows GUI apps, but you can clone the sources, modify, and build it using only Cygwin tools. > https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp- > https://docs.microsoft.com/en-us/archive/blogs/kaushal/support-for-ssltls-protocols-on-windows > My previous installs of cygwin aren't having any problems when trying to > incrementally add software, maybe the mirrors file is cached somewhere? Are any of them running legacy Server instances? > Thanks for any tips, It's possible that W2016 might not support the root CA, support available TLS 1.2 Cipher suites (although that seems unlikely with the WEAK ratings), TLS 1.3, HTTP2, etc: https://www.ssllabs.com/ssltest/analyze.html?d=cygwin.com -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: [Attn. Maintainers] prepare your packages for release of perl-5.32
On 2/6/2021 11:13 AM, Achim Gratz wrote: Achim Gratz writes: Please prepare your packages for the release of perl-5.32 and report on this list about their status. The one package that I intend to wait for the release is subversion-perl, everything else either is under my maintenance already or can be updated slightly later without too much disturbance based on the last two updates of Perl. Please note that I can't easily figure out if a package uses an embedded Perl interpreter or sets up its own installation paths for Perl modules. These packages have previously been determined to fall under that category (some may have dropped that dependency in the meantime, but the maintainer would hopefully know): texinfo No problem here. I tested by running 'make check' in the texinfo source tree, with perl-5.32 installed. Ken
Re: [Attn. Maintainers] prepare your packages for release of perl-5.32
Achim Gratz writes: > Please prepare your packages for the release of perl-5.32 and report on > this list about their status. The one package that I intend to wait for > the release is subversion-perl, everything else either is under my > maintenance already or can be updated slightly later without too much > disturbance based on the last two updates of Perl. These are the source packages that touch the previous Perl installations (some of these weren't updated for perl-5.30, so I checked perl-5.26 also) and need updating for perl-5.32: GraphicsMagick ImageMagick biber graphviz libproxy libsolv link-grammar marisa ming net-snmp nginx openbabel openwsman po4a pristine-tar sendxmpp stow subversion xfconf zbar zinnia Please note that I can't easily figure out if a package uses an embedded Perl interpreter or sets up its own installation paths for Perl modules. These packages have previously been determined to fall under that category (some may have dropped that dependency in the meantime, but the maintainer would hopefully know): gdal git git-svn grepmail irssi postgresql rxvt texinfo weechat znc Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
Re: [ANNOUNCEMENT] TeX Live collections 20210118-1
On 2/6/2021 9:03 AM, airplanemath via Cygwin wrote: texlive-collection-latexrecommended contains "/usr/share/texmf-dist/tex/latex/ragged2e/ragged2e.sty". On line 145, this file uses everysel.sty, which appears to have been dropped from the 2021 rebuild: $ cygcheck -p everysel.sty Found 5 matches for everysel.sty texlive-collection-langjapanese-20190509-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-langjapanese-20200406-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-langjapanese-20210118-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-latexrecommended-20190509-1 - texlive-collection-latexrecommended: TeX Live latexrecommended package collection texlive-collection-latexrecommended-20200406-1 - texlive-collection-latexrecommended: TeX Live latexrecommended package collection One of my LaTeX files uses ragged2e, and broke. Running "tlmgr --usermode install everysel" fixed the problem and allowed ragged2e to finish loading. Was this intentional? Am I missing something? everysel is obsolete: https://ctan.org/pkg/everysel?lang=en It looks like the ragged2e maintainer removed the dependency on everysel just yesterday and is preparing an upload to CTAN: https://gitlab.com/TeXhackse/ragged2e I'll try to remember to update texlive-collection-latexrecommended when the new ragged2e makes it into TeX Live. [Note to self: This is why it's a bad idea to update the TeX Live collections between the official annual releases.] Ken -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: [ANNOUNCEMENT] TeX Live collections 20210118-1
texlive-collection-latexrecommended contains "/usr/share/texmf-dist/tex/latex/ragged2e/ragged2e.sty". On line 145, this file uses everysel.sty, which appears to have been dropped from the 2021 rebuild: $ cygcheck -p everysel.sty Found 5 matches for everysel.sty texlive-collection-langjapanese-20190509-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-langjapanese-20200406-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-langjapanese-20210118-1 - texlive-collection-langjapanese: TeX Live japanese language support texlive-collection-latexrecommended-20190509-1 - texlive-collection-latexrecommended: TeX Live latexrecommended package collection texlive-collection-latexrecommended-20200406-1 - texlive-collection-latexrecommended: TeX Live latexrecommended package collection One of my LaTeX files uses ragged2e, and broke. Running "tlmgr --usermode install everysel" fixed the problem and allowed ragged2e to finish loading. Was this intentional? Am I missing something? -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
