From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kbrown@cornell.edu>
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
 (mail-bn8nam12on2134.outbound.protection.outlook.com [40.107.237.134])
 by sourceware.org (Postfix) with ESMTPS id 7F21D386EC4B
 for <cygwin-apps@cygwin.com>; Fri,  9 Oct 2020 18:59:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 7F21D386EC4B
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RKS5+m3yVsuodTxydDIpFO7D8jNDdkrcS1mOLob0hErrfAM2vt3JuiOyDYEgl9EygTlqflbwZ8xia8S/zLKwtdSb4l98s+65dM3XjNNHFAx+tBzYPCWM0RjcPky3e3f4xz9rT2z9Z4qfJzrzbuvWmD8Q+I2ajm6PEtAstQtEcORCZ+h6h2DR9z9gvOqChS8vGpxtPJmfknFr5EkoEao4f8APcW3cO2clFMNBwzGlIqWeFZlERhukmOBbbIp4Kx32oW0ZpTZm0NakR2szuJtsu/Sm9bzUWz+qCVao3LMsJXtGWUFy2qOnWMIkq1VaV41ohM0iP1c7z2Q7tngB5YrmgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=g4T5qYPJs/isR+RfdkDGFf/KACeydHxsdJZViyqu5/s=;
 b=DcvWFQGml2SluGqqwJvFrXn4fbzfSFyVkbqVrRJ/jX9RkK+JL6cXMzBtaNui4ylvwA/q9ECSjx72n+OewhnFcc3aISM1QDR+h2sJQZfb91KZtnn+YTZLrtOoAFTcCeIdpt3oD0k9ZChAfbx56oQ33z1+r8STN2USo5gSfxBa7s2zF67J998H1s770788nGokKLlVV+42lljEE1Shd7Q4C/MZHRwY2B6mcx8+f/Mg4Vvjw4zC2g2y2NE0GDO8KIKWOhSj65vzwvGSPvVSCebgtFF2vR1+rC8fJ2xQuMzH72G0mqi8S4XNqpoO2swBjlvp34EfPb6/pWbdI4JIqt+3Dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu;
 dkim=pass header.d=cornell.edu; arc=none
Received: from MN2PR04MB6176.namprd04.prod.outlook.com (2603:10b6:208:e3::13)
 by MN2PR04MB5647.namprd04.prod.outlook.com (2603:10b6:208:3f::27)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21; Fri, 9 Oct
 2020 18:59:51 +0000
Received: from MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::c144:d206:c369:af44]) by MN2PR04MB6176.namprd04.prod.outlook.com
 ([fe80::c144:d206:c369:af44%7]) with mapi id 15.20.3433.048; Fri, 9 Oct 2020
 18:59:51 +0000
Subject: Re: brotli packages: security update
To: cygwin-apps@cygwin.com
References: <20201009005909.A944.50F79699@gmail.com>
 <a7e1dd12-7079-6b20-da7b-e3bc58a7cb9e@cornell.edu>
 <20201009174935.CFC5.50F79699@gmail.com>
From: Ken Brown <kbrown@cornell.edu>
Message-ID: <cae4a3aa-e3d9-3359-87d2-7f27d17dd263@cornell.edu>
Date: Fri, 9 Oct 2020 14:59:50 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.1
In-Reply-To: <20201009174935.CFC5.50F79699@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [68.175.129.7]
X-ClientProxiedBy: MN2PR20CA0055.namprd20.prod.outlook.com
 (2603:10b6:208:235::24) To MN2PR04MB6176.namprd04.prod.outlook.com
 (2603:10b6:208:e3::13)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.0.17] (68.175.129.7) by
 MN2PR20CA0055.namprd20.prod.outlook.com (2603:10b6:208:235::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.23 via Frontend
 Transport; Fri, 9 Oct 2020 18:59:50 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7e3dd5b4-cb27-4b8c-fd9e-08d86c858025
X-MS-TrafficTypeDiagnostic: MN2PR04MB5647:
X-Microsoft-Antispam-PRVS: <MN2PR04MB5647F34106E0A0D93D9EFB6FD8080@MN2PR04MB5647.namprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: TQDGC3hpdQeNTUgyIqetzbviWxYGET3G2Zuo1GNMW/IaGB7WJJAepQR9hN1PMqcUBotq0Au6BQAqelm2ehTei6BjZQ43KPLEalwhRvRzhdoiFU9PxRNWTRjw56acQGUaCKwBhJUaEchxsldVy2mVOHRkiDin4vUEpv4nVRrKiXJxFK7jNn9oOi+wD7rH8GmiKZ6UZloT9GAQz+c2O46qyhPkInU0C3KZfswIdQMMAr5V8QprqFACWKCpYRuqN9tGbjW+wBy84bqRCNcMNcTnI1n5flFve/1ggeZ+Da0m6jCIXVDPH2mhuf+nV856yBfnQ/fz0htSVQ8Mqo0/mPPGkf8FRPZyaew04aLm8d4SMfmnXLKbHkN1Fqt215DWU6YmWCu594PE8eN0JKM1E1R9t3ziVcQPU20KJZwh4ddVVIGsqa+gINlgEgQ4ikjUIBW//5QbfDZ6LCOyIuF1tnYTbw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MN2PR04MB6176.namprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(39860400002)(136003)(346002)(366004)(376002)(396003)(786003)(16526019)(6916009)(26005)(83380400001)(66556008)(31696002)(6486002)(16576012)(966005)(86362001)(8676002)(15650500001)(52116002)(75432002)(8936002)(83080400001)(478600001)(66476007)(316002)(2906002)(31686004)(956004)(36756003)(2616005)(5660300002)(53546011)(66946007)(186003)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData: YSwXNtZQX/bbr7lABnQHypt41LdCMrtlSqjGDFTv5vaDMagBu62eZlSHBXvDUjW5rNUMmol9O9Yyt/CH3mrXForLRdGA+q8rZgJl1YS2QU1wjTckSRNvn71/wUYbt1bv5XpOim7234kZS2RSR4bZcttA2NRs28rZIZFsrYfVripVyXxfGa80n/28L2tsy9TTFn1VPzE9bbJRXdVdvTnsJ1OP0HHawWviTEfQZsyivprWHKeAnf7k6WuRUPZC0kFbvyflY4OmSTnnjOiVtEN+U5OBvF9g+iARUrdbo0AZG2kg0FtUZc2Tx86d8qUQY5FJrwLId2nzxh2g542yRf8yBol0jQsCGAW8vcj/Ls6fVxdNnpev2znB4jB6uGINqFjnSwomj03DKGXvr9wp14dHO3a0uif6pUSnCd/toXNsWLVweWzRVX7m5dsT2WqiifUEPvGHFzaoVSoi9lq7c1ZjIFFz5a1OU/+ziVItSTvQOv2MjD76k8HuPqJUHkVnQAh5y7outakAxZEaZIn/UZgWxpIUTuyszNSQgmQIqoDyUVosS6DbitsOQILnvgSzWd3dB03+D1hGfx0sn6Ep9I9edVYi9fLYqyNUmnB4UeDphEW0KhgGApnlxkfNTuxiH5MnpAQXI1lIb2Z2lWKnNoZ6Mw==
X-OriginatorOrg: cornell.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e3dd5b4-cb27-4b8c-fd9e-08d86c858025
X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB6176.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Oct 2020 18:59:51.3426 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dupf/dUef6fvZ3GqVeYT1sPgxJ+AFWagDhp8ha4dAcKQv7M4pDo/SagMBMGMUpFO5VBf6kYYU57Z0wlBa7nFsQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB5647
X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MSGID_FROM_MTA_HEADER, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin-apps@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin package maintainer discussion list <cygwin-apps.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-apps>,
 <mailto:cygwin-apps-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2020 18:59:58 -0000



On 10/9/2020 4:49 AM, Lemures Lemniscati via Cygwin-apps wrote:
>> On 10/8/2020 11:59 AM, Lemures Lemniscati via Cygwin-apps wrote:
>>> Hi!
>>>
>>> Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].
>>>
>>> Please update it.
>>>
>>>
>>> A cygport file for updating is placed at
>>>     https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .
>>>
>>>
>>> Test packages generated from it are placed at
>>>     https://cygwin-lem.github.io/brotli-cygport/ ,
>>> or
>>>     https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .
>>>
>>>
>>> But the cygport file is not tested under Cygwin CI AppVeyor, yet.
>>> So BUILD_REQUIRES in brotli.cygport might be insufficient.
>>>
>>>
>>> [1]: https://github.com/google/brotli/blob/master/README.md
>>>
>>>
>>> Regards,
>>>
>>> Lem
>>>
> 
> 
> On Thu, 8 Oct 2020 17:31:15 -0400, Ken Brown via Cygwin-apps
>> The maintainer is Yaakov.  Do you want to adopt it and do the update?
>>
>> Ken
> 
> Alright, I'd like to adopt brotli and to update it.

OK, it's yours.

Ken