Re-Release: ca-certificates-2022.2.60-3

Achim Gratz
Sun Feb 12 19:14:11 GMT 2023

The following packages have been uploaded to the Cygwin distribution:


This re-release fixes an upstream and a packaging bug that arises
because p11kit makes certain directories unwritable after population.
This becomes noticeable only when the user invoking those scripts is not
an administrator (or more specifically on Windows doesn't have
SeBackupPrivilege and SeRestorePrivilege).  Please note that the fix
temporarily needs to make the directory writable, which will again fail
if the user attempting to do that has insufficient rights for this

Mozilla's CA root certificates for use with OpenSSL, NSS, GnuTLS, and
other software that handles certificate verification.

This is an update to the latest upstream release.

This update contains the ca-certificates-letsencrypt package, whose
installation will make the ISRG R3 intermediate CA a trust anchor and
removes trust for the already expired DST X3 root CA (this should
strictly not be necessary, but works around bugs present in some
libraries in how alternate chains are constructed and verified).  This
will allow to successfully verify certificates using the Letsencrypt
legacy cert chain in certain applications.  Install this package when
you currently have trouble accessing sites (due to validation
complaining about an expired certificate) that had no problems until
about September 30 or October 1 2021 depending on your timezone.

The release numbering scheme has been aligned with Fedora.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:

If you need more information on unsubscribing, start reading here:

Please read *all* of the information on unsubscribing that is available
starting at this URL.

More information about the Cygwin-announce mailing list