From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kbrown@cornell.edu>
Received: from NAM10-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam10on2128.outbound.protection.outlook.com [40.107.94.128])
 by sourceware.org (Postfix) with ESMTPS id 971293851C2B
 for <cygwin-apps@cygwin.com>; Thu,  8 Oct 2020 21:31:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 971293851C2B
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=OHJUeLER0Zf+IiDLWzfo6FBIoPdm8T+wL7qFwcXM+VHzuMgWicRMHACjligheUjVY6SC9lc4lpgcKgEzTOR+UiyF3anWYma/m6DA9d3DSvmFdHLw8y95OlWbtNN51OQiCYR16KivmwBNtzFWr3QNP7IJtZgWL670c5P/ID+uABmYxLjh1T+n2KnvKGkOZXemr0+BQYET+1FRF4WFWBadO+gARuxOx8aHLINwO1SRzMe0PDeqgIDQ3PuEfXrbiQF/3dqepc2O6gitu2vkGqjLYRTBU1ZzgYbOvA2Z6YUA8MhOMpoZhfinmxEBhbxe87yXuMy6O/VVRTmFArIzeq4Ryg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=nz+gmAgGtYeORn5t6DRnjl0rvVARr7zlIubUgfGVYaM=;
 b=Y/rn6+ImTLtFAOzS6RoWYomAXnZZee541jcAIacCa02UfBV+kG0UB4HWH83ze3GQ4v0AjOnL1UvKVSFDsDCD3Ge/v2yki1DqR6IXkPEVvlEBZgN890P/BVNF6+1Mx1TVcbH6mpicOIc1F824Me9zFkSWJ94WBWleC+MC2CIJekRy8V+cIp3xSqsbegaGXSxU9vOqXSR6D9ikhMPRYd7UbFrQyYEO46lsQNTFXOgIaXJuAAKEc3OEJZgGTqTs1A+fKxvJi8M4WfP85m9d9zwUYC1rqWtfcKwFHTNDjVNusgOiNInhOI+RVdhu2pkOmLeeWu61JLxmmUI9jb9jrXFaOA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu;
 dkim=pass header.d=cornell.edu; arc=none
Received: from MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13)
 by MN2PR04MB5935.namprd04.prod.outlook.com (2603:10b6:208:fe::17)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21; Thu, 8 Oct
 2020 21:31:17 +0000
Received: from MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::c144:d206:c369:af44]) by MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::c144:d206:c369:af44%7]) with mapi id 15.20.3433.044; Thu, 8 Oct 2020
 21:31:17 +0000
Subject: Re: brotli packages: security update
To: cygwin-apps@cygwin.com
References: <20201009005909.A944.50F79699@gmail.com>
From: Ken Brown <kbrown@cornell.edu>
Message-ID: <a7e1dd12-7079-6b20-da7b-e3bc58a7cb9e@cornell.edu>
Date: Thu, 8 Oct 2020 17:31:15 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.1
In-Reply-To: <20201009005909.A944.50F79699@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2604:6000:b407:7f00:946b:663a:1a3:dfd2]
X-ClientProxiedBy: CH2PR07CA0028.namprd07.prod.outlook.com
 (2603:10b6:610:20::41) To MN2PR04MB6176.namprd04.prod.outlook.com
 (2603:10b6:208:e3::13)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2604:6000:b407:7f00:946b:663a:1a3:dfd2]
 (2604:6000:b407:7f00:946b:663a:1a3:dfd2) by
 CH2PR07CA0028.namprd07.prod.outlook.com (2603:10b6:610:20::41) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3455.23 via Frontend Transport; Thu, 8 Oct 2020 21:31:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e67af5b9-482b-4e25-891c-08d86bd17d42
X-MS-TrafficTypeDiagnostic: MN2PR04MB5935:
X-Microsoft-Antispam-PRVS: <MN2PR04MB5935AF274A2F43B7E383B4FDD80B0@MN2PR04MB5935.namprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 1/xlcGQbbQUNqhppp8j7M5+AJ9TRM4nulBAPlDmEtXV8xiwKIdhwa+csWEuxAq2am1Npuj6kD6rJ8xWlYQCpyQA+bnlTXzMw+WyGTntQO32SPmojQIXsh2FIN2TYSE1ypxwX3LLqkFDJC2rmWKlnp/T7mGCi9kCvfewYOfAZSDwoSINz/4Qu+STlZqt28VybUGU0xTQz7mIXvi/hgM0XCcHS/zplnQ3LDpP5gtuGeYuh5YStpNULqJ6WJNV948lnC4Bw/XtVwRCwsQJXgeHnMMT0jnMaSBw7yiZqU+kdHPOZrQxmtmmnKMdx1imKY6D9FwipUgLseBEIq8FytD8VxhgIe7PyRUo17lkzS+j0ekVsEN9xsj3RPj5CYUVuTRf5rK8Re/UTTsXJ1FWMb70xQXbvpWv85PSrCgqlWP9UqmEEAMLld6x5qroanb7Vn33ppLPD1n3gq4pvOB4p9Tq+fQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(136003)(39860400002)(376002)(366004)(396003)(346002)(31686004)(6486002)(53546011)(8936002)(2906002)(8676002)(83380400001)(52116002)(5660300002)(186003)(15650500001)(66556008)(2616005)(66946007)(66476007)(4744005)(83080400001)(75432002)(86362001)(6916009)(966005)(316002)(786003)(31696002)(478600001)(36756003)(16526019)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData: S6j83J6yAhphUA3k3g8de50l2FYoq+t4fAUV0w6JOt5hSCGnI5zFrsD5tJWcz+2K3cxyWHy57oMbh9CmgaU0mDqRftKkEeGR2pVwh3nOTFyuSCGYQTrJr0hRyNXaeSmyOqx9tGRskJ7Mg92k7t7Vq26FVn3ctOUxq0Cgc8xLQze1IZhcg36TDHysGOB7QIgK/5l2vobOUkAHg4hDzpR+CaDE/tRgMHrQGsa243u9P3SjlcMNMyq8PfFEc7s2FQgiVFBPRptezYDUVtoWzJqLr6m3f4JMmpvzRY6IcdUz0/e/a16sKMe2tWVu88LKV6yZmeL88f0TednMMMrHpCU5IW7O8TMqIw01kwJ+BsFDZjKS7IaBOlWR2gTLikYn05nolV3WLlpFWSQn5F5qLDaSp7xwUaGHnsVBb/pqShmNSCXupPIGMoBC8o6cTpBcwta4Skj8XoyDWzKUYt56sGZeLYfWjhBJrJhpb2PzmoyAFGMVZhzlp4TBIqGShBKouarVsl+Y1JkJRYFWmXymHnvzCESo51NWNuiTc1E2QlRIhmNIHMOhcUzDyDs6X5zGjg79mgBbmM6/KLRhKV5NbWn2QCncmD73axbplYY6H1rURFb/ZfVhATERYT6HMftlE76P4dK6Wk9v7XeoeZg9UPZ8WRSNNS78tEcq04vtLVxBsxu/M9RXQbo680VIa+LqfYTIBTWb1pBufYqHcOOePdJ8PQ==
X-OriginatorOrg: cornell.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: e67af5b9-482b-4e25-891c-08d86bd17d42
X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB6176.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Oct 2020 21:31:16.9523 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: W1Jicokz66IhrYARKvk0xBYHiIlN8LS0rGiHV5cY4y6rnCGH68uTutoGcYxvl8lQQXZDamCPJyNrxh0HI2qxGQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5935
X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MSGID_FROM_MTA_HEADER, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin-apps@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin package maintainer discussion list <cygwin-apps.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 21:31:21 -0000

The maintainer is Yaakov.  Do you want to adopt it and do the update?

Ken

On 10/8/2020 11:59 AM, Lemures Lemniscati via Cygwin-apps wrote:
> Hi!
> 
> Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].
> 
> Please update it.
> 
> 
> A cygport file for updating is placed at
>    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .
> 
> 
> Test packages generated from it are placed at
>    https://cygwin-lem.github.io/brotli-cygport/ ,
> or
>    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .
> 
> 
> But the cygport file is not tested under Cygwin CI AppVeyor, yet.
> So BUILD_REQUIRES in brotli.cygport might be insufficient.
> 
> 
> [1]: https://github.com/google/brotli/blob/master/README.md
> 
> 
> Regards,
> 
> Lem
>