Re: Python 3.5 and 3.6 removal (was Re: Bonfire of the Packages)
On 29/03/2024 18:32, David Rothenberger via Cygwin-apps wrote: On 3/28/2024 10:50 AM, Jon Turney via Cygwin-apps wrote: [...] David, Is it possible to update/rebuild rdiff-backup, which replies upon the soon-to-be removed python36? (Or indicate that you are no longer interested in maintaining this package, which will probably lead to it's removal). Please remove me as the maintainer from that package. I no longer use it, and no longer have an environment for building packages for Cygwin. No problem. Thanks for maintaining it in the past. Is the same true for your other packages? $ grep Rothenberger cygwin-pkg-maint | grep -v ORPHANED cyrus-sasl David Rothenberger flac David Rothenberger libaoDavid Rothenberger libapr1 David Rothenberger libaprutil1 David Rothenberger libkate David Rothenberger libogg David Rothenberger librsync David Rothenberger libtheoraDavid Rothenberger libvorbisDavid Rothenberger rdiff-backup David Rothenberger speexDavid Rothenberger speexdsp David Rothenberger vorbis-tools David Rothenberger whichDavid Rothenberger whoisDavid Rothenberger
Re: xz upstream backdoor compromise (was: Cygwin: Linux xz issue)
On 2024-03-29 16:43, Ron Murray via Cygwin wrote: There is a serious security issue with xz (and liblzma) versions 5.6.0-1 and 5.6.1-1. I note that cywin currently is suggesting an upgrade to 5.6.1-1, which is unsafe. I've looked at the cygwin archives and I don't see a reference to this: sorry if you're already aware of this issue. References: https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://access.redhat.com/security/cve/CVE-2024-3094 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094 https://sysdig.com/blog/cve-2024-3094-detecting-the-sshd-backdoor-in-xz-utils/ https://seclists.org/oss-sec/2024/q1/268 -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry