GNU bug report logs - #53461
[kiasoc5@tutanota.com: Rust CVE]

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Leo Famulari <leo@HIDDEN>; merged with #54439; dated Sun, 23 Jan 2022 00:31:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.
Merged 53461 54439. Request was from Liliana Marie Prikler <liliana.prikler@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 27 Feb 2022 06:50:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 27 01:50:48 2022
Received: from localhost ([127.0.0.1]:56729 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nODOJ-00045q-Uy
	for submit <at> debbugs.gnu.org; Sun, 27 Feb 2022 01:50:48 -0500
Received: from w1.tutanota.de ([81.3.6.162]:59622)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kiasoc5@HIDDEN>) id 1nODOJ-00042y-0o
 for 53461 <at> debbugs.gnu.org; Sun, 27 Feb 2022 01:50:47 -0500
Received: from w3.tutanota.de (unknown [192.168.1.164])
 by w1.tutanota.de (Postfix) with ESMTP id E25CBFBB3BC;
 Sun, 27 Feb 2022 06:50:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1645944640; 
 s=s1; d=tutanota.com;
 h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:References:Sender;
 bh=UIZbiD07H5WjDa4SOleAB1cRRWXNYzHYcYBL8kijpB0=;
 b=j8fnEp2pwmTtb+H0NPWUUsOR4WOyZWAkL1DuEbgTtm4OgBVGYXxZJ11+/fOpxuC6
 b97vO8gKVblZGz3oj49fLpQVloQSIB47DbQ81fE6S0qYAqPaqkee4Eag6y31VNIhX6N
 GJ3Z0KZLmz+mmMTEJ/DBJCYmtSzVfMYfkwzfWn4w2i3pjFMbgPEZUQNY63oLCLkj9IE
 ELYaZJ1KZv9fgQy1Qrv2ukYSZq6f1yPQyShOEHht3jPX0rNUfXuCULFyrYXK85z1m+T
 INWywyUsD9Mmo1xw9aq0RGMxxVdJXOOv7A4u1KyKvF2D+EAQT1wCUs12jPKU1Y/4Stt
 QbWZZI7i7g==
Date: Sun, 27 Feb 2022 07:50:40 +0100 (CET)
From: kiasoc5@HIDDEN
To: Maxime Devos <maximedevos@HIDDEN>, 53461 <53461 <at> debbugs.gnu.org>
Message-ID: <MwtwWAK--3-2@HIDDEN>
In-Reply-To: <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN>
References: <MwocHBM--3-2@HIDDEN>
 <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN>
Subject: Re: [bug#53461] [kiasoc5@HIDDEN: Rust CVE]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  mrustc v0.10 was just released, and can bootstrap Rust 1.54.
 It would help to update mrustc first, then we can try to bootstrap 1.59 from
 1.54 and hopefully save some compile time :) Feb 26, 2022,
 10:35 by maximedevos@HIDDEN:
 Content analysis details:   (1.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [81.3.6.162 listed in wl.mailspike.net]
 1.5 FROM_FMBLA_NEWDOM      From domain was registered in last 7 days
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Debbugs-Envelope-To: 53461
Cc: 53461 <53461 <at> debbugs.gnu.org>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.5 (/)

mrustc v0.10 was just released, and can bootstrap Rust 1.54. It would help =
to update mrustc first, then we can try to bootstrap 1.59 from 1.54 and hop=
efully save some compile time :)


Feb 26, 2022, 10:35 by maximedevos@HIDDEN:

> kiasoc5--- via Guix-patches via schreef op za 26-02-2022 om 07:07
> [+0100]:
>
>> +(define rust-1.59
>> +=C2=A0 (rust-bootstrapped-package
>> +=C2=A0=C2=A0 rust-1.58 "1.59.0"
>> "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57"))
>>
>
> Is building rust@HIDDEN with rust@HIDDEN necessary?  Can it be built
> with an earlier rust instead?  I.e., would
>
> (define rust-1.59 (rust-bootstrapped-package rust-1.57 "1.59.0" [...]))
>
> or even
>
> (define rust-1.59=C2=A0
>  (package
>  (inherit rust-1.56)
>  (source
>  (origin
>  (inherit (package-source rust-1.56))
>  (uri (rust-uri version))
>  (sha256 (base32 [...]))))))
>
> work?
>
> Greetings,
> Maxime.
>





Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 26 Feb 2022 10:35:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 26 05:35:58 2022
Received: from localhost ([127.0.0.1]:54329 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nNuQg-0007TS-9w
	for submit <at> debbugs.gnu.org; Sat, 26 Feb 2022 05:35:58 -0500
Received: from albert.telenet-ops.be ([195.130.137.90]:56870)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1nNuQd-0007TE-PR
 for 53461 <at> debbugs.gnu.org; Sat, 26 Feb 2022 05:35:56 -0500
Received: from [192.168.104.254] ([188.189.133.236])
 by albert.telenet-ops.be with bizsmtp
 id zmbt2600D56BEPw06mbtRa; Sat, 26 Feb 2022 11:35:54 +0100
Message-ID: <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN>
Subject: Re: [bug#53461] [kiasoc5@HIDDEN: Rust CVE]
From: Maxime Devos <maximedevos@HIDDEN>
To: kiasoc5@HIDDEN, 53461 <at> debbugs.gnu.org
Date: Sat, 26 Feb 2022 11:35:42 +0100
In-Reply-To: <MwocHBM--3-2@HIDDEN>
References: <YeyhhR4Mxc+GzETW@HIDDEN> <MwocHBM--3-2@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-cIMNRuQ6IDqdRzY2xmYs"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1645871754; bh=4yMdogdtUm+RjA6dkK/VuJ3+XuOd2ahJA39PWYldwU8=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=QfTh3RFo+c44OiCOOxcSf14YD8a0+6AZ4jYYHnfMSqlBSuwnTjybsz9THd4mEIpvi
 h+Out6LO7AfMKN/zMoM0X9Xc62nHlKc47WkrqXsvJWcRxT3mn8o5UZfxjCx5AsXoNj
 cGdhorsAvWPv/43vgP102m4nCeLm6qjgtBvFRI98YrAur56LNOVAc0MziXNb+Xo/fs
 pg+3WjNeoR4VU5lFQttHyxi9H/HOFY36vAW5MFuP9+xac/Hdmq+XTu8/8DhsmuRJSs
 KNgB8Ad0R2QhtGdfux90X3r+WDwto4PjckyO0FSDM5rrkBNlYFjt8a/ACwRfRxE/SG
 dKP2QNqNbeYfA==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53461
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--=-cIMNRuQ6IDqdRzY2xmYs
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

kiasoc5--- via Guix-patches via schreef op za 26-02-2022 om 07:07
[+0100]:
> +(define rust-1.59
> +=C2=A0 (rust-bootstrapped-package
> +=C2=A0=C2=A0 rust-1.58 "1.59.0"
> "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57"))

Is building rust@HIDDEN with rust@HIDDEN necessary?  Can it be built
with an earlier rust instead?  I.e., would

(define rust-1.59 (rust-bootstrapped-package rust-1.57 "1.59.0" [...]))

or even

(define rust-1.59=C2=A0
  (package
    (inherit rust-1.56)
    (source
      (origin
        (inherit (package-source rust-1.56))
        (uri (rust-uri version))
        (sha256 (base32 [...]))))))

work?

Greetings,
Maxime.

--=-cIMNRuQ6IDqdRzY2xmYs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYhoCfhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7sUeAPwPLjc4OmkfdjHdYe5WMKQZ7WG2
47mr066g70NielY/+gEAyaSKn5L2vCNE9DNlEtkTJWOOLcaewYP2dtNAUDGyOQo=
=vpCK
-----END PGP SIGNATURE-----

--=-cIMNRuQ6IDqdRzY2xmYs--





Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 26 Feb 2022 06:07:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 26 01:07:41 2022
Received: from localhost ([127.0.0.1]:54140 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nNqF2-0008KA-W7
	for submit <at> debbugs.gnu.org; Sat, 26 Feb 2022 01:07:41 -0500
Received: from w1.tutanota.de ([81.3.6.162]:44820)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kiasoc5@HIDDEN>) id 1nNqF0-0008Jt-9B
 for 53461 <at> debbugs.gnu.org; Sat, 26 Feb 2022 01:07:39 -0500
Received: from w3.tutanota.de (unknown [192.168.1.164])
 by w1.tutanota.de (Postfix) with ESMTP id 3ECB3FBF821
 for <53461 <at> debbugs.gnu.org>; Sat, 26 Feb 2022 06:07:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1645855652; 
 s=s1; d=tutanota.com;
 h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender;
 bh=tGWogJTNEewglWzvPN0nE27ySMxwrSFdX86zZ6V4y3I=;
 b=Jg1UKzPp8zqjc5pQxEqctc5rQujVZOmmC47CXHceEo4hpVwFRJekOGDYPGlSVgPM
 JwwKL1w8aJcXPtlZUNgpdU7NKjaVOpysEEfIZeP/xOZTtnzVdGX8ieHBNLj1E/eDBPk
 DTfWzEHOMnPySBfNSd6F5dWMMTpWpl8Eou3x3a33cMZCIgUzH7p0+ISafm7Lpn6caWG
 eU+HCz6vbQ/z3Bk21+ADDg/nqThtJgsKhsCnBVmJZwgdcD3Ym2TCiUThLxYKILAxXVV
 jDK+iWI+9sDcioosBQq4ISjkgQYz1YZwJoBojGRg0E+zHnYb5S2/9PLUTHk2MvrEQZE
 a9IXptw8MQ==
Date: Sat, 26 Feb 2022 07:07:32 +0100 (CET)
From: kiasoc5@HIDDEN
To: 53461 <at> debbugs.gnu.org
Message-ID: <MwocHBM--3-2@HIDDEN>
Subject: RE: [kiasoc5@HIDDEN: Rust CVE]
MIME-Version: 1.0
Content-Type: multipart/mixed; 
 boundary="----=_Part_319767_170130096.1645855652248"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53461
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

------=_Part_319767_170130096.1645855652248
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Rust 1.59.0 was released, I've updated this patch. Rust 1.59.0 builds fine but I haven't had a chance to rebuild the world yet. Not sure how to do the commit message here.

------=_Part_319767_170130096.1645855652248
Content-Type: text/x-patch; charset=us-ascii; 
	name=0001-gnu-Add-rust-1.58.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=0001-gnu-Add-rust-1.58.patch

From 9a2a3c79a43f6ebf8d9381cf8aed73ac366e10c9 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Sat, 22 Jan 2022 19:10:50 -0500
Subject: [PATCH 1/2] gnu: Add rust-1.58.

* gnu/packages/rust.scm (rust-1.58): New variable.
---
 gnu/packages/rust.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 26d6df7a94..9652f331cf 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -784,6 +784,10 @@ (define rust-1.57
                             `("procps" ,procps)
                             (package-native-inputs base-rust))))))
 
+(define rust-1.58
+  (rust-bootstrapped-package
+   rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+
 ;;; Note: Only the latest versions of Rust are supported and tested.  The
 ;;; intermediate rusts are built for bootstrapping purposes and should not
 ;;; be relied upon.  This is to ease maintenance and reduce the time

base-commit: e725b24d119b47fcfceb9e9ba79ee832318c289e
-- 
2.35.1


------=_Part_319767_170130096.1645855652248
Content-Type: text/x-patch; charset=us-ascii; 
	name=0002-gnu-Add-rust-1.59.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=0002-gnu-Add-rust-1.59.patch

From 8e03a6a0a100c751338c1ddfa8d58fd49316e427 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Fri, 25 Feb 2022 09:35:56 -0500
Subject: [PATCH 2/2] gnu: Add rust 1.59.

* gnu/packages/rust.scm (rust-1.59): New variable.
---
 gnu/packages/rust.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 9652f331cf..589c8a1b21 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -788,11 +788,14 @@ (define rust-1.58
   (rust-bootstrapped-package
    rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
 
+(define rust-1.59
+  (rust-bootstrapped-package
+   rust-1.58 "1.59.0" "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57"))
 ;;; Note: Only the latest versions of Rust are supported and tested.  The
 ;;; intermediate rusts are built for bootstrapping purposes and should not
 ;;; be relied upon.  This is to ease maintenance and reduce the time
 ;;; required to build the full Rust bootstrap chain.
-(define-public rust rust-1.57)
+(define-public rust rust-1.59)
 
 (define-public rust-src
   (hidden-package
-- 
2.35.1


------=_Part_319767_170130096.1645855652248--




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 27 Jan 2022 21:59:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 27 16:59:52 2022
Received: from localhost ([127.0.0.1]:56749 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nDCo4-0005Je-04
	for submit <at> debbugs.gnu.org; Thu, 27 Jan 2022 16:59:52 -0500
Received: from mail-qv1-f52.google.com ([209.85.219.52]:47016)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1nDCo0-0005JP-0G
 for 53461 <at> debbugs.gnu.org; Thu, 27 Jan 2022 16:59:50 -0500
Received: by mail-qv1-f52.google.com with SMTP id o9so4067246qvy.13
 for <53461 <at> debbugs.gnu.org>; Thu, 27 Jan 2022 13:59:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=QoFNxrR396QuUtD6p31IPsr/gGVXhLBq5BFCMmy8Ajc=;
 b=XJKyUEbWxA1I7NRnHsZxlbXV2Xb5vQGteT4pkYoLDvvJGMifJ4UcRgpiByrZg4uR7+
 AtKJ5yT7ccRph/HRl0OAexMrRJfIbgYSGs7+OaIXrVsgEeuQbRag6lugpGLgQufP9ayu
 PAiiw1ZRuERQiRfP3VnyVy0Mp1Uv/vuPMUxGdAR8sZXiSXrHJJbAOB1SzGB1Che08O05
 vRomxvvfab5kJj3zz91TnXG/ZLEvYZwq99HfekXjCBGVVzYxrGcHM9y5Gqtrj1yb8mby
 aqldIpngZSGEvYMe903eZ8+P5en4p69FhH5OEqCrM5EJ0yDDBtA+s+aY0pOqNpSh+bK5
 2DvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=QoFNxrR396QuUtD6p31IPsr/gGVXhLBq5BFCMmy8Ajc=;
 b=BD3PkDGFOhoM8IZ2jKQY39lQDXsOaHd1U66DRTHzqf4qEyYMGP7HO5BvREPg8lCcFE
 alB8nwANv1nI8+2wDu4g0cCIZSOlNVCqEe1VjzZJdrsF7pYjHJW1bAnPMV6P5LasJ6D7
 pN6Crof7Z6JMYqE19xXhNCvTali7WSSkvHsh1QcT0Zj6kntu+7tkyNV25ZqLps79ObQt
 gSZ88xaPJfkc1o51JMdv2Lkr8JU26Ff44IJdPrmMdBSotOGaEPR8qdtOwKM5VM+ORS1M
 1NpWjXjXzKEs0OZTOZ/TLK/ursn0LfdKfsOV8H/wO6tjWn27xXFMy0UOc83wErweqjr3
 HTlA==
X-Gm-Message-State: AOAM532pzsAMhbVpQP25Fj/0F15/Y72Huwk3IIV3K/C208GtkSUgzoYE
 B1T7E5TEvfZwRjYdymfckbtFgpYUOVw=
X-Google-Smtp-Source: ABdhPJzi0d1EtjI1N+OJg9X1BpQPNOlyUcfUGpwU39GIwK/kp82YZ8Wvt+23VlZTHezm/nLHoST8dQ==
X-Received: by 2002:a05:6214:2589:: with SMTP id
 fq9mr4927759qvb.31.1643320782182; 
 Thu, 27 Jan 2022 13:59:42 -0800 (PST)
Received: from hurd (dsl-152-51.b2b2c.ca. [66.158.152.51])
 by smtp.gmail.com with ESMTPSA id t123sm1997454qkh.31.2022.01.27.13.59.41
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 27 Jan 2022 13:59:41 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN>
 <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN>
 <Ye99A70hzK4zXHgO@HIDDEN> <87ee4v4dps.fsf@HIDDEN>
 <YfC4km4gTGOaevY+@jasmine.lan>
Date: Thu, 27 Jan 2022 16:59:40 -0500
In-Reply-To: <YfC4km4gTGOaevY+@jasmine.lan> (Leo Famulari's message of "Tue,
 25 Jan 2022 21:57:22 -0500")
Message-ID: <87mtjgzvoz.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

Leo Famulari <leo@HIDDEN> writes:

> On Tue, Jan 25, 2022 at 06:06:55PM -0500, Maxim Cournoyer wrote:
>> > I suppose we could do it quickly on a branch.
>> 
>> Note that Rust is now needed to build all of GTK, at least on x86_64.
>> That's a rather large rebuild.
>
> Oh, right.
>
> Well, I wonder what we should do?

Perhaps a rebuild branch for it... but let's finish migrating to the new
SSD storage first (we're still just copying part of /var/cache into it).

This should give us some time to update the Rust chain to 1.58.1.  Would
you or anyone else like to try?  It's nothing to difficult; it consists
of moving the tests bits to 1.58.1 (the leaf package), and hide the
previous versions (Rust only support the latest release).  Then rebuild
the world with it.  We could use this opportunity to ungraft too.

Thanks,

Maxim




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 26 Jan 2022 02:57:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 25 21:57:31 2022
Received: from localhost ([127.0.0.1]:50629 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nCYV1-00034u-EU
	for submit <at> debbugs.gnu.org; Tue, 25 Jan 2022 21:57:31 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:50725)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1nCYUz-00034h-Oi
 for 53461 <at> debbugs.gnu.org; Tue, 25 Jan 2022 21:57:30 -0500
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 962335C0040;
 Tue, 25 Jan 2022 21:57:24 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Tue, 25 Jan 2022 21:57:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=mesmtp; bh=UgdiBfH2Z6uHpZf6HcBBsdlcGVu
 HMm9+J1yABUD95pk=; b=dSaYoxBB+wumzezD/omQ7Xok1WM+wGVpjr1M6iNPcDw
 fjgAJyspT+uxGhQMK8SapV9dw9Oc5cNYkwxfn8fQszGj16uzsRQb3Y2+fEmDs2Vr
 Ln80kMkrEKJevOOEQcLDqg+sfh9inbYadJOTq0H6a2VTSiG0hF06UUA37uo+FiVE
 =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UgdiBfH2Z6uHpZf6H
 cBBsdlcGVuHMm9+J1yABUD95pk=; b=OnFw97JmegI03gBp1uAcAqTeramPEj6cB
 99Yrz0LMh4k1sJkTQfpFX3GYEZomkggddomPv7HqH6NEUgSQ3DUrD9TUYo+qrrgD
 NJmjw7BsSEO+4j8VUCxYiW4Mvf2OSFoL/0OUSBE0SR6w8JgVCyVDtSUCNj/6Rr+U
 rdlKl8l8hv1Ye+Fb9j3puJh7W+CbroB+yGATkaP1hUG9jg4N0rFRXOf7NOoxrT+Z
 nKRdFAOLy2AvP8WL1rymzLwr21pZSOANRESAasIN8qJk8lde1RHf4LstjVbhF1Wp
 5YS76nHjEFiJlvwBnbPnk8+i6T4XCFB5SAauxWJVFBeUuVBQlkErw==
X-ME-Sender: <xms:lLjwYb6q0a7adM-oZxULbloXvzuGTEryhE6oleHIGO8tihuEc110PQ>
 <xme:lLjwYQ6DykFff3ui00P5Cx77pCezbE0mkVfmMf0lC2M1Q-4U6PsjWWl4z5QTVlx0U
 rmXhK27XZdzVu3VXw>
X-ME-Received: <xmr:lLjwYSe5QOFP7DemNbC_i1u-ByjQzWxLaSkBd3evdLbqnm56HrDVkbU540qOa_mVobEhn1OvZPUvsi5nN3JhEicvHg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrfedtgdehfecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr
 mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg
 hrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheffvefg
 necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh
 esfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:lLjwYcJLv9WWdTYAvZO67eMzRwHCy5zXiH3oW8a1wsYl5xqTt3itrA>
 <xmx:lLjwYfJRny9z4ySxPXfmj2FrFxCLQ8cD5GPRnAD-jZzqL47rA-prVw>
 <xmx:lLjwYVzsc1LONm4vvUSzxusKD3HJbYoEQkh-pKs9yseCDK3nKaTmzw>
 <xmx:lLjwYRw0R2AXI7t79NbBjV6MuoJbNCXNshaV5SZM71RI6D3j4TsxYA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 25 Jan 2022 21:57:24 -0500 (EST)
Date: Tue, 25 Jan 2022 21:57:22 -0500
From: Leo Famulari <leo@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
Message-ID: <YfC4km4gTGOaevY+@jasmine.lan>
References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN>
 <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN>
 <Ye99A70hzK4zXHgO@HIDDEN> <87ee4v4dps.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87ee4v4dps.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Tue, Jan 25, 2022 at 06:06:55PM -0500, Maxim Cournoyer wrote:
> > I suppose we could do it quickly on a branch.
> 
> Note that Rust is now needed to build all of GTK, at least on x86_64.
> That's a rather large rebuild.

Oh, right.

Well, I wonder what we should do?




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 25 Jan 2022 23:07:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 25 18:07:07 2022
Received: from localhost ([127.0.0.1]:50476 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nCUu3-0005Yk-9j
	for submit <at> debbugs.gnu.org; Tue, 25 Jan 2022 18:07:07 -0500
Received: from mail-qt1-f169.google.com ([209.85.160.169]:34375)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1nCUtz-0005Y6-IC
 for 53461 <at> debbugs.gnu.org; Tue, 25 Jan 2022 18:07:06 -0500
Received: by mail-qt1-f169.google.com with SMTP id c15so12865819qtv.1
 for <53461 <at> debbugs.gnu.org>; Tue, 25 Jan 2022 15:07:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=xcxSUcd9AwHZTnEyUR0eQD61MAvk4/kEoy87qWcQLwQ=;
 b=FPi6kU41XoPrwf49QukHMM1PHqdqApVlxdYWXsUpoB3qIR4lAuxxG4vpgbkrqiCGBk
 +E2np5+fX3sMiPYWPVe3jrqh0bwWDCc1uoShJC9p1bb8PVok1VEF2bLr0RVY90NeQhTL
 NdgDv7b6cxLDGWcyXEetgB2buW9q12fUZKYDnnKVN7nBgte+8pyk3dPHpal7fmt+RM4K
 ED9HV6Z7Ew7T3zSFJaI5LseOt6Y38Qa11P23DjtnkX/FZUqZHGZpMF1abBy09qDHTrOJ
 YDURyu0XjEunrfaveEvjhWEzOnuJn+OmQVajtIOG8tSZTXC7gpSoEE5/bjEwwY5IJej9
 3v4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=xcxSUcd9AwHZTnEyUR0eQD61MAvk4/kEoy87qWcQLwQ=;
 b=GC1rtQK7+O/Y62wW4CspBRtk5nxOkmehbF68NLssc3G33ap0OpPBqAFzEiw/z6gekA
 VYicFDGfdn78biTyCDlXtjslSnwRumdqZwqXQ/pi/aUgErxWy0Cx5AVmSP+wdVcOBFjD
 aS74EPj9KSp0F5InlDgzDzSXGZtDkh7jb5Nwm+w/uDVxCt6bd4fI/BtvJ7OH8FLVAnov
 SnakQKPYQ9j4YK9eSl335PzUv2vbxa0FVQksQKkcCN94VKsCMtgtX5U3launAQJZ5nJK
 EwdSaxltFRTS4xIdukKuRulT+iCC8cTPLs+nVf8I6kcO0Ks5Z0fXRrttph5DqxUe5XMR
 zN3Q==
X-Gm-Message-State: AOAM533ciWMUaSE9CJW5J6vMO1WlzaFDEL7V40VC7KJpL3TzFBvvlOqK
 0bLOSQvs0Qsf1JV5QpEZEY6ZecTy4hU=
X-Google-Smtp-Source: ABdhPJwRdabi7FSxU1FYtkH1X+jGC8d7XzPUOPJ4LmdRs2yEbCgaodV4mXzjqrBYpb6AzK67kZB7YQ==
X-Received: by 2002:a05:622a:1a9e:: with SMTP id
 s30mr18905969qtc.119.1643152016337; 
 Tue, 25 Jan 2022 15:06:56 -0800 (PST)
Received: from hurd (dsl-10-136-58.b2b2c.ca. [72.10.136.58])
 by smtp.gmail.com with ESMTPSA id bp35sm9882719qkb.72.2022.01.25.15.06.55
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 25 Jan 2022 15:06:55 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN>
 <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN>
 <Ye99A70hzK4zXHgO@HIDDEN>
Date: Tue, 25 Jan 2022 18:06:55 -0500
In-Reply-To: <Ye99A70hzK4zXHgO@HIDDEN> (Leo Famulari's message of "Mon,
 24 Jan 2022 23:30:59 -0500")
Message-ID: <87ee4v4dps.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

Leo Famulari <leo@HIDDEN> writes:

> On Mon, Jan 24, 2022 at 04:31:25PM -0500, Maxim Cournoyer wrote:
>> OK!  I just asked in #rust and they confirmed what I thought (all crates
>> -- well the ones using 'std::fs::remove_dir_all' but we can't easily
>> know) needs to be rebuilt if we are to patch that CVE.
>
> Okay. Let's see...
>
> ------
> $ git grep cargo-build-system gnu/packages | wc -l
> 2152
> ------
>
> I suppose we could do it quickly on a branch.

Note that Rust is now needed to build all of GTK, at least on x86_64.
That's a rather large rebuild.

Maxim




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 25 Jan 2022 04:31:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 24 23:31:12 2022
Received: from localhost ([127.0.0.1]:46544 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nCDU8-0006Mv-3c
	for submit <at> debbugs.gnu.org; Mon, 24 Jan 2022 23:31:12 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:51405)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1nCDU3-0006Md-PE
 for 53461 <at> debbugs.gnu.org; Mon, 24 Jan 2022 23:31:10 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 3A1205C008D;
 Mon, 24 Jan 2022 23:31:02 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Mon, 24 Jan 2022 23:31:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=mesmtp; bh=TNwMlGZO89e3o3fig5nSrbLfFFN
 W3Fvl+fBaw8S0Tzs=; b=1LoJfnqVGexc0zaFZzzIU4N7OnQwdjqTQUSt0pyg1rg
 G3O9QOwCNLDnNQnnZfzNJpPzRmuAzo4kD+R5/dG51+W11pm+MnZVi4aNZPQ6rDwm
 bwkBq9OyYhAoWcBXaCJCFPCvzFfxgBddyV+Y+I5g/EFhftQeJg9XaGf44S2iPTaI
 =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=TNwMlGZO89e3o3fig
 5nSrbLfFFNW3Fvl+fBaw8S0Tzs=; b=SNLcBtyj4Mu8lSZ/gwwjYQSjfJii7e1JK
 AicbHr2LIGd8egKfAAwPAG9tM23/cdoREB0X/5B/lfAa+v4QxcxIeE9JJWejtPsJ
 YlAM1AGkNvNzKD3p68fUtJEXS9ekwuVp8QWpHb0+7++KE9rKZzosF8ub+B1XJK44
 2QgWuh/fgC23xLar0KQJLf8+SAIzY/rqDvCbzAHwomuOMVyZZwnSe/Dok1vU0WA8
 Tgg2UUfvBsXqhV0Y/HIU8asyDyuZln3ek3LTv/ShaY23wAgeuhRtUhmV3Z61isdO
 HOqHXO/+QAz2kvf5DcmdroGqw0MHVlh9VJfb5y2NYSS/hzzIFBlUA==
X-ME-Sender: <xms:Bn3vYSaUzVSSavvpnKJXAAkgYgTzMPX7wJcrMHsOfL28d0LwqGqGLQ>
 <xme:Bn3vYVZUoJ1IAuClqzLsFqSG_YvKelrXiSjxIkD_3GHPNjgdowPk6ACy60GucqOdj
 BxuxbJEOvI1opBKsA>
X-ME-Received: <xmr:Bn3vYc-EsXOPKCAd-Qs0R7fYf015vj1D5WXvSoIMDWEaikgGoDvfdg1TC5UTM_TIFnlXUbQLGmDV8Uc4rqIgwFAQHw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdekgdejtdcutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr
 mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg
 hrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheffvefg
 necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh
 esfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:Bn3vYUrynvUTTe75dqnvbKFLQXDHlG-kUsNIaDfLlqm3uGfAhJQ-2w>
 <xmx:Bn3vYdpp1yYuo5JJgpwLqayBD4TR5Pc_zf18AdRNcBKDOg3dh7_E6w>
 <xmx:Bn3vYSSKsDSVUH9KjjGjZsbvpbDiyRxcS6Se2xzF_Wa17RkCsHMF9w>
 <xmx:Bn3vYcTMlhbZBNSvvQ6j5x1odozrTAsEgDuyp7xHyYTgYDbiMkwa3Q>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 24 Jan 2022 23:31:01 -0500 (EST)
Date: Mon, 24 Jan 2022 23:30:59 -0500
From: Leo Famulari <leo@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
Message-ID: <Ye99A70hzK4zXHgO@HIDDEN>
References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN>
 <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87ee4w6csy.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Mon, Jan 24, 2022 at 04:31:25PM -0500, Maxim Cournoyer wrote:
> OK!  I just asked in #rust and they confirmed what I thought (all crates
> -- well the ones using 'std::fs::remove_dir_all' but we can't easily
> know) needs to be rebuilt if we are to patch that CVE.

Okay. Let's see...

------
$ git grep cargo-build-system gnu/packages | wc -l
2152
------

I suppose we could do it quickly on a branch.




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 24 Jan 2022 21:31:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 24 16:31:36 2022
Received: from localhost ([127.0.0.1]:46079 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nC6w4-0007gC-0X
	for submit <at> debbugs.gnu.org; Mon, 24 Jan 2022 16:31:36 -0500
Received: from mail-qk1-f182.google.com ([209.85.222.182]:45604)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1nC6w1-0007fu-55
 for 53461 <at> debbugs.gnu.org; Mon, 24 Jan 2022 16:31:34 -0500
Received: by mail-qk1-f182.google.com with SMTP id d11so21954223qkj.12
 for <53461 <at> debbugs.gnu.org>; Mon, 24 Jan 2022 13:31:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=xF9dAgci/kXItCNeEikbfnLRyABmBVuWKa7G6/6OJ9s=;
 b=BKWvX0AtVgy+riEztDg+QPgxsWEm1ggWAEMGD39F7jubD13dh6lmzemwz3tf1Nesk0
 Dgog+R4igNzLVeQrA3INHKu6KEvK8rclw38PMO3lccX7AYdJNnGwLhi+U+jNBFnYIHli
 PjbLLFFOnrlOE1c/FNuwWaUia7kbTRQv2s+7UxbLa6jX+I3KywXIZF2lM1q+Osnv9aPV
 3lcDCNzqApfNM5GfT/Z5iDChuuA4J7YfB8KdQ26a6RFSeqOFQDyssOdE1oeWnzxjp3vi
 Z8+1xtddDsdvvKJ2mAQ0PV46C8XSRPlR1D9T/pBVh66xUlrTPW82llOohTTm0BL2Vc6A
 GIdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=xF9dAgci/kXItCNeEikbfnLRyABmBVuWKa7G6/6OJ9s=;
 b=Mclh9Mis7E+WcxuHsswF3FPPcJ5mzEvb06OzrvU1/y5eepFJO5GGfKpYCk3FdEEuCF
 ot/6SZGnVuA+xE3RUp3lp/KeqzPPpzZQSbtrfpQQI4EUfQ0oR5YG6B6V106LFkP8Y/b9
 D5V+rvQIL01q4VBdQ/zUyZGRwqmaSH/yq34bPj5XIcvfuWP22y6/HY0IaBZ4b/V2Joyu
 nwFXZrr/6pqhwC4SACvyr02lzGQe5VODiOMFpktUerlXUEBv41hdHRsQoY0TEE8HAEiX
 6Asfm1fbSVCFOPD4o0dRdDowazXgVC4J1Ukj955Iyu7pH/IpOS8IiBVFaUS/ymO5ypp4
 HD+Q==
X-Gm-Message-State: AOAM5328+jvDMuFiekfLrZYPuEvN9eCPl52DvPj9bhEchGriTGZFaxAM
 gmvmldJ0eWHqY0G1CEaXSqydd+cyGj4=
X-Google-Smtp-Source: ABdhPJwuFMR+d60b0MBWPOtQl+REx8EKnNRPIiRwbyHaUoK2MSdNT6ytM1MzZtpP3t6kcW/946s/uw==
X-Received: by 2002:a05:620a:71a:: with SMTP id
 26mr5528933qkc.421.1643059887350; 
 Mon, 24 Jan 2022 13:31:27 -0800 (PST)
Received: from hurd (dsl-205-233-125-146.b2b2c.ca. [205.233.125.146])
 by smtp.gmail.com with ESMTPSA id g11sm8484131qko.86.2022.01.24.13.31.26
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Jan 2022 13:31:26 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN>
 <Ye2sclMdhTU/E5xE@HIDDEN>
Date: Mon, 24 Jan 2022 16:31:25 -0500
In-Reply-To: <Ye2sclMdhTU/E5xE@HIDDEN> (Leo Famulari's message of "Sun,
 23 Jan 2022 14:28:50 -0500")
Message-ID: <87ee4w6csy.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Leo Famulari <leo@HIDDEN> writes:

> On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote:
>> The rust-1.57 variable should probably be made private or hidden now.
>> 
>> Also, unless we rebuild all crates with rust-1.58, it seems to me like
>> we won't be addressing the problem, as the CVE touches the
>> 'remove_dir_all' procedure part of the standard library of Rust (and we
>> all know Rust likes to build things statically).
>> 
>> Am I missing something?
>
> I don't know about Rust things! I just forwarded this message from the
> private list to the public list.

OK!  I just asked in #rust and they confirmed what I thought (all crates
-- well the ones using 'std::fs::remove_dir_all' but we can't easily
know) needs to be rebuilt if we are to patch that CVE.

Maxim




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 23 Jan 2022 19:29:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 23 14:29:00 2022
Received: from localhost ([127.0.0.1]:41316 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nBiXs-0005dn-M0
	for submit <at> debbugs.gnu.org; Sun, 23 Jan 2022 14:29:00 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:34581)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1nBiXq-0005dZ-Mu
 for 53461 <at> debbugs.gnu.org; Sun, 23 Jan 2022 14:28:59 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 4D26B5C003B;
 Sun, 23 Jan 2022 14:28:52 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sun, 23 Jan 2022 14:28:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=mesmtp; bh=65Cd/j4WkC07ilX4OoZQsddN2Un
 l3h69y28G3+ycBbs=; b=Rs/Ag/FD5nWNB9GvADBHXZumyRArUd7Thfwg+UBYezV
 g/PPmMEpXIz3YhTMl8xnk0/2jJ2/5sQW/b/XL1H/dUMeoz1Czm8ukq07+FfrqU9u
 U1Z5QVTBOrpzrCwgW7+VStuA/aT4KmXgy+dQBCVaIbLCy8mc3AWy/kkTl/Lh8Qk0
 =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=65Cd/j4WkC07ilX4O
 oZQsddN2Unl3h69y28G3+ycBbs=; b=CWpET67ubbPi/eiOFyV+4fUNuOFW701kE
 3kk9g2Wx3E1xeGIl/RO6YlcsGObcviNe1YT8gMNxrNzuKMcl6GEp3+F/bmjuqc6+
 ROoQ9HnzLQ7lxLblmfZIHO6iTCXovnWi5a5LlcLQ5a3qm0SM5qTZPR58lqJRvvXL
 xHmQrpptQlXQXrooGrUsSqy8+HKfvLxRIJAT8mSvDgTkMnB6DIZbEmNsH2Why0Y5
 EZt4UIMjMF8IFyFU28EnoU75sJ/Wq/KyLyNt11o1tk8V5t3SzDpQM/v6azGAs9F1
 BtS5Qt+Q8yaSaljZZTJl+V959vMBegMU/dFuNH5j5gQLEEYW0MBLg==
X-ME-Sender: <xms:dKztYZjVqzxPFvTXVLutscOiMOMVPI7fqXQDg1O8UVYTyfwAJlJLIg>
 <xme:dKztYeCdJjeg6rF6MT-ZHq3IWpNSNuCUXvKzMQ7mAMPArvpTA3xDk0wHWpAzpoQyw
 QdBKqumPT0JIKSIyg>
X-ME-Received: <xmr:dKztYZHQKO8JJAN0-wFdqPJrjARbl24HIxvscKRYiPE3VFsIZQbBo75GSy25-H0betQ9y7z3e9hUMzvcGcox_DATpg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdeggdduvdeiucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefnvghoucfh
 rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth
 gvrhhnpeeukeektdffvddtudegjeegtdevhfeufeeivdejiedtieegtdevjedvjeehffev
 gfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg
 hosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:dKztYeR_UsipVcZCpGoqtlpIJSpw9ZcPSpx78zGanE8RnU7B9SdyKw>
 <xmx:dKztYWwQe0QGf1u8M5zii88OvIywrJNEGfA3MzGuwI6iK7zPxTR-KQ>
 <xmx:dKztYU6inQU-JONc-4Ez_-ZCt2RuGe7XWVQ-dTlvkdmKx-3UavfQkw>
 <xmx:dKztYcYOD4rVsjAldGYpd4TwLvQrMhQtKbftE3ALquPE9GuexU4UAg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 23 Jan 2022 14:28:52 -0500 (EST)
Date: Sun, 23 Jan 2022 14:28:50 -0500
From: Leo Famulari <leo@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
Message-ID: <Ye2sclMdhTU/E5xE@HIDDEN>
References: <YeyhhR4Mxc+GzETW@HIDDEN>
 <87ilub6s7z.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87ilub6s7z.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote:
> The rust-1.57 variable should probably be made private or hidden now.
> 
> Also, unless we rebuild all crates with rust-1.58, it seems to me like
> we won't be addressing the problem, as the CVE touches the
> 'remove_dir_all' procedure part of the standard library of Rust (and we
> all know Rust likes to build things statically).
> 
> Am I missing something?

I don't know about Rust things! I just forwarded this message from the
private list to the public list.




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at 53461 <at> debbugs.gnu.org:


Received: (at 53461) by debbugs.gnu.org; 23 Jan 2022 03:34:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 22 22:34:01 2022
Received: from localhost ([127.0.0.1]:38356 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nBTdh-00083H-CV
	for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 22:34:01 -0500
Received: from mail-qv1-f45.google.com ([209.85.219.45]:38716)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1nBTdf-000830-La
 for 53461 <at> debbugs.gnu.org; Sat, 22 Jan 2022 22:34:00 -0500
Received: by mail-qv1-f45.google.com with SMTP id kl12so15859350qvb.5
 for <53461 <at> debbugs.gnu.org>; Sat, 22 Jan 2022 19:33:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=/Jz03IEnVkePh8Qt/mQNEmsyFRj3GZvsK9VG+9faB0k=;
 b=iBbmJCKj+biJs3H3f36OPskN7mOuZS0d41+SKeDnzDiLePL0lwGDhfAjP5DNauNKBo
 OWmtxfcjo43f2WpW2nSTbWNPsjgfLpcGwEfluIzz434JQw64DPuHUQt15I0TaVlN66Gc
 Uj7FUnWEtjhUo1BRsnf5cc+q5RkWXGuUNRbZi9XT/6gbSvXuxgvbwo3mtlNQN/oyL8WO
 d7Be9wEZhd1xRyGVmwesdgof7Aa2TDcqfwcUaiRJKkbB1WGS+uDsw09wyDtrfrTNo0Xo
 OdiJz+KVRN1qLur/dJ4J3UUzscaVlGuqjl6Nx0BuQDnYBBM1//YBaujZDPOv+WuL2aDL
 SsXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=/Jz03IEnVkePh8Qt/mQNEmsyFRj3GZvsK9VG+9faB0k=;
 b=bgHp6tWLXU4n2odRJV9X+H5lWqIIZU3shA/yHhpZ4pe3wPlg1Hsnf5/tMuUHjnc42x
 ngkfM5cQ04hOLFJiZ6QPDwRxWzq6xsXiFBR+TazMs68znYO3wFRdQoWsCDYRnCg/EVeT
 0yW0ouxEt+qL6y8HQPUnPeiMOMrQWGqc33RL3QPy53Cr8k8QiIs8yCrM56x5nK+LeeIs
 uVMmzd/jeH/7UQSpZQWXKE4/LxdtZJHQR3V4ZBPNpvQnSfS9XhduyY5gvSFSlZ63jgY9
 8PGps0pPqkC+zGcEQrvKcQ/zTWBxX0OeDYtgg1i+R44uLkEDC63AgyIQ9buEX/QEI3zs
 PNvw==
X-Gm-Message-State: AOAM53387eS09rtKlkwiTlMvS4skxB4QTb5AQsxm2FB3TYRzz/COQ1+u
 czjjdFVIL0KBBPHCk9ghGADhxDWhn+k=
X-Google-Smtp-Source: ABdhPJyCc3IhFHBF9rrJGJuOkPhLnPOU22VnvfkpU5RM4yq4buA6dxW7S5WAiarEIk4d1Xxlz2oWUQ==
X-Received: by 2002:a05:6214:2389:: with SMTP id
 fw9mr9784466qvb.19.1642908833505; 
 Sat, 22 Jan 2022 19:33:53 -0800 (PST)
Received: from hurd (dsl-205-236-230-254.b2b2c.ca. [205.236.230.254])
 by smtp.gmail.com with ESMTPSA id b4sm5372882qkf.61.2022.01.22.19.33.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Jan 2022 19:33:53 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
References: <YeyhhR4Mxc+GzETW@HIDDEN>
Date: Sat, 22 Jan 2022 22:33:52 -0500
In-Reply-To: <YeyhhR4Mxc+GzETW@HIDDEN> (Leo Famulari's message of "Sat,
 22 Jan 2022 19:29:57 -0500")
Message-ID: <87ilub6s7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Leo,

Leo Famulari <leo@HIDDEN> writes:

> From: kiasoc5@HIDDEN
> Subject: Rust CVE
> To: guix-security@HIDDEN
> Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET) (3 hours, 7 minutes ago)
>
> Hi,
>
> Rust has a new cve that is only mitigated by upgrading to Rust 1.58+.
>
> https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
>
> Attached is a patch that adds rust-1.58.1. It doesn't replace the
> default as I'm not sure whether this should be grafted or not.
>
> Thanks
> kiasoc5
>
>>From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@HIDDEN>
> Date: Sat, 22 Jan 2022 19:10:50 -0500
> Subject: [PATCH] gnu: Add rust-1.58.
>
> * gnu/packages/rust.scm (rust-1.58): New variable.
> ---
>  gnu/packages/rust.scm | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
> index 5a6d4a5c30..c9b44da844 100644
> --- a/gnu/packages/rust.scm
> +++ b/gnu/packages/rust.scm
> @@ -784,6 +784,10 @@ (define rust-1.57
>                              `("procps" ,procps)
>                              (package-native-inputs base-rust))))))
>  
> +(define rust-1.58
> +  (rust-bootstrapped-package
> +   rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
> +

The rust-1.57 variable should probably be made private or hidden now.

Also, unless we rebuild all crates with rust-1.58, it seems to me like
we won't be addressing the problem, as the CVE touches the
'remove_dir_all' procedure part of the standard library of Rust (and we
all know Rust likes to build things statically).

Am I missing something?

Thanks,

Maxim




Information forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 23 Jan 2022 00:30:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 22 19:30:10 2022
Received: from localhost ([127.0.0.1]:38215 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nBQli-0003Ph-Pk
	for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 19:30:10 -0500
Received: from lists.gnu.org ([209.51.188.17]:52858)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1nBQlf-0003PT-K7
 for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 19:30:05 -0500
Received: from eggs.gnu.org ([209.51.188.92]:34188)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1nBQlf-0001cN-AV
 for guix-patches@HIDDEN; Sat, 22 Jan 2022 19:30:03 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:32833)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1nBQld-0001Z0-AV
 for guix-patches@HIDDEN; Sat, 22 Jan 2022 19:30:03 -0500
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
 by mailout.nyi.internal (Postfix) with ESMTP id 754C85C00A6;
 Sat, 22 Jan 2022 19:29:59 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Sat, 22 Jan 2022 19:29:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:date:from:from:in-reply-to:message-id
 :mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp;
 bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHiBs=; b=V+SAGjxSEciz
 PR1frcY54g0vMlqUwTQXLZSav9I2JcZMimWxIm+ftkb0sOoi8Id1Kq+8UFa4z4ul
 GeTNnnyuPc/f4NmfxsLtlNav/4M7YvZ1L7ZNyNBrp1BjPjY0qsi5YbMXvPsal18L
 b3HyzTh943Bi/dKBq65Nl8HgWwT11qY=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm1; bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHi
 Bs=; b=QouShFrsuNLosXc8pV29LhS0L2usxHCjmeJb1/QJnZdy56LA/a/KcRKB+
 fQ1Qs51gQi1gvuM+wzH5qwSY3kdKiGEAqH5o22glBvT3c1XF/4OQRyGi+rLUL7rI
 JL13BRoUqZo8eMO9QPE17lljXCO26I/MATt0Z28GkH7+KJBzOVA0WxPNIfIdgQ15
 XcVZbJyYScqBqUdCP7RJSUuyv2yIBDSrJhTBlDjsir3MvwCSeWYHABb5QmA86a61
 nnMlwYf1Xdlx8TSlzwaCMk7NVs2wPAH7ioNvK1vYL+t6288fYfQqvpniyErDPO1E
 3APGbibAtdsmPWZt0WY9v5kRqu9vQ==
X-ME-Sender: <xms:h6HsYbsq-v9z2c4vrFDSqsV3y9ouHfmnglmZvycVHyEI_MnkbdeXEA>
 <xme:h6HsYcdPQpZb2gO9qQT8uH5Xc49Jkc2QvJolSrKOGhoxPw_YxHkGvjhyUqNhywklR
 RuX4LA7QezGGuWv4Q>
X-ME-Received: <xmr:h6HsYewZvaLOHxOkYhMBDmU1rLe8sBSLWFZDpDqf4aIzeMVKvrS8bVlZa2k9Wsxmk3lDglaWqHuPkZPh1vCwH-NxUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdefgddvfecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertddttd
 dvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr
 nhgrmhgvqeenucggtffrrghtthgvrhhnpeeguddugfejteffieeuvddvleetueegfffhve
 dtgfehudegueffteegtdehtdejteenucffohhmrghinheprhhushhtqdhlrghnghdrohhr
 ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg
 hosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:h6HsYaN9QQJKE_8rOaPSYHFxdv7ABtETtEAOkSoiL-cHmWorg4RIbA>
 <xmx:h6HsYb-0SjWGmoTFhICWeuqnivjGYk2ICrb3bZYPGZU8G0V0uCOZwA>
 <xmx:h6HsYaUrLZK2WVAzasJ8AtU6Oy37GxWumcZf5K-F-cDzeA3Q_Ztm3g>
 <xmx:h6HsYYIUoB414r7Vn1SjKofHbN5CGFO0sxeZVVl6b2dQMgMwNgLzpA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <guix-patches@HIDDEN>; Sat, 22 Jan 2022 19:29:59 -0500 (EST)
Date: Sat, 22 Jan 2022 19:29:57 -0500
From: Leo Famulari <leo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [kiasoc5@HIDDEN: Rust CVE]
Message-ID: <YeyhhR4Mxc+GzETW@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=66.111.4.25; envelope-from=leo@HIDDEN;
 helo=out1-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)

----- Forwarded message from kiasoc5@HIDDEN -----

Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET)
From: kiasoc5@HIDDEN
To: guix-security@HIDDEN
Subject: Rust CVE

Hi,

Rust has a new cve that is only mitigated by upgrading to Rust 1.58+.

https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html

Attached is a patch that adds rust-1.58.1. It doesn't replace the default as I'm not sure whether this should be grafted or not.

Thanks
kiasoc5

From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Sat, 22 Jan 2022 19:10:50 -0500
Subject: [PATCH] gnu: Add rust-1.58.

* gnu/packages/rust.scm (rust-1.58): New variable.
---
 gnu/packages/rust.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 5a6d4a5c30..c9b44da844 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -784,6 +784,10 @@ (define rust-1.57
                             `("procps" ,procps)
                             (package-native-inputs base-rust))))))
 
+(define rust-1.58
+  (rust-bootstrapped-package
+   rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+
 ;;; Note: Only the latest versions of Rust are supported and tested.  The
 ;;; intermediate rusts are built for bootstrapping purposes and should not
 ;;; be relied upon.  This is to ease maintenance and reduce the time

base-commit: dfc32d8d997da74a6e838b450649bd89905ffdc3
-- 
2.34.1



----- End forwarded message -----




Acknowledgement sent to Leo Famulari <leo@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#53461; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 18 Mar 2022 07:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.