brotli packages: security update

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

brotli packages: security update

cygwin-apps mailing list
Hi!

Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].

Please update it.


A cygport file for updating is placed at
  https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .


Test packages generated from it are placed at
  https://cygwin-lem.github.io/brotli-cygport/ ,
or
  https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .


But the cygport file is not tested under Cygwin CI AppVeyor, yet.
So BUILD_REQUIRES in brotli.cygport might be insufficient.


[1]: https://github.com/google/brotli/blob/master/README.md


Regards,

Lem

0001-brotli-1.0.9-cygport.patch (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: brotli packages: security update

cygwin-apps mailing list
The maintainer is Yaakov.  Do you want to adopt it and do the update?

Ken

On 10/8/2020 11:59 AM, Lemures Lemniscati via Cygwin-apps wrote:

> Hi!
>
> Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].
>
> Please update it.
>
>
> A cygport file for updating is placed at
>    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .
>
>
> Test packages generated from it are placed at
>    https://cygwin-lem.github.io/brotli-cygport/ ,
> or
>    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .
>
>
> But the cygport file is not tested under Cygwin CI AppVeyor, yet.
> So BUILD_REQUIRES in brotli.cygport might be insufficient.
>
>
> [1]: https://github.com/google/brotli/blob/master/README.md
>
>
> Regards,
>
> Lem
>
Reply | Threaded
Open this post in threaded view
|

Re: brotli packages: security update

cygwin-apps mailing list
> On 10/8/2020 11:59 AM, Lemures Lemniscati via Cygwin-apps wrote:
> > Hi!
> >
> > Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].
> >
> > Please update it.
> >
> >
> > A cygport file for updating is placed at
> >    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .
> >
> >
> > Test packages generated from it are placed at
> >    https://cygwin-lem.github.io/brotli-cygport/ ,
> > or
> >    https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .
> >
> >
> > But the cygport file is not tested under Cygwin CI AppVeyor, yet.
> > So BUILD_REQUIRES in brotli.cygport might be insufficient.
> >
> >
> > [1]: https://github.com/google/brotli/blob/master/README.md
> >
> >
> > Regards,
> >
> > Lem
> >


On Thu, 8 Oct 2020 17:31:15 -0400, Ken Brown via Cygwin-apps
> The maintainer is Yaakov.  Do you want to adopt it and do the update?
>
> Ken

Alright, I'd like to adopt brotli and to update it.

Regards,

Lem
Reply | Threaded
Open this post in threaded view
|

Re: brotli packages: security update

cygwin-apps mailing list


On 10/9/2020 4:49 AM, Lemures Lemniscati via Cygwin-apps wrote:

>> On 10/8/2020 11:59 AM, Lemures Lemniscati via Cygwin-apps wrote:
>>> Hi!
>>>
>>> Brotli 1.0.9 contains a security update, which fixes an "integer overflow" problem [1].
>>>
>>> Please update it.
>>>
>>>
>>> A cygport file for updating is placed at
>>>     https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1 .
>>>
>>>
>>> Test packages generated from it are placed at
>>>     https://cygwin-lem.github.io/brotli-cygport/ ,
>>> or
>>>     https://github.com/cygwin-lem/brotli-cygport/tree/n_1.0.9-1_gh-pages .
>>>
>>>
>>> But the cygport file is not tested under Cygwin CI AppVeyor, yet.
>>> So BUILD_REQUIRES in brotli.cygport might be insufficient.
>>>
>>>
>>> [1]: https://github.com/google/brotli/blob/master/README.md
>>>
>>>
>>> Regards,
>>>
>>> Lem
>>>
>
>
> On Thu, 8 Oct 2020 17:31:15 -0400, Ken Brown via Cygwin-apps
>> The maintainer is Yaakov.  Do you want to adopt it and do the update?
>>
>> Ken
>
> Alright, I'd like to adopt brotli and to update it.

OK, it's yours.

Ken