Liliana Marie Prikler <liliana.prikler@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 53461) by debbugs.gnu.org; 27 Feb 2022 06:50:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 27 01:50:48 2022 Received: from localhost ([127.0.0.1]:56729 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nODOJ-00045q-Uy for submit <at> debbugs.gnu.org; Sun, 27 Feb 2022 01:50:48 -0500 Received: from w1.tutanota.de ([81.3.6.162]:59622) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <kiasoc5@HIDDEN>) id 1nODOJ-00042y-0o for 53461 <at> debbugs.gnu.org; Sun, 27 Feb 2022 01:50:47 -0500 Received: from w3.tutanota.de (unknown [192.168.1.164]) by w1.tutanota.de (Postfix) with ESMTP id E25CBFBB3BC; Sun, 27 Feb 2022 06:50:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1645944640; s=s1; d=tutanota.com; h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:References:Sender; bh=UIZbiD07H5WjDa4SOleAB1cRRWXNYzHYcYBL8kijpB0=; b=j8fnEp2pwmTtb+H0NPWUUsOR4WOyZWAkL1DuEbgTtm4OgBVGYXxZJ11+/fOpxuC6 b97vO8gKVblZGz3oj49fLpQVloQSIB47DbQ81fE6S0qYAqPaqkee4Eag6y31VNIhX6N GJ3Z0KZLmz+mmMTEJ/DBJCYmtSzVfMYfkwzfWn4w2i3pjFMbgPEZUQNY63oLCLkj9IE ELYaZJ1KZv9fgQy1Qrv2ukYSZq6f1yPQyShOEHht3jPX0rNUfXuCULFyrYXK85z1m+T INWywyUsD9Mmo1xw9aq0RGMxxVdJXOOv7A4u1KyKvF2D+EAQT1wCUs12jPKU1Y/4Stt QbWZZI7i7g== Date: Sun, 27 Feb 2022 07:50:40 +0100 (CET) From: kiasoc5@HIDDEN To: Maxime Devos <maximedevos@HIDDEN>, 53461 <53461 <at> debbugs.gnu.org> Message-ID: <MwtwWAK--3-2@HIDDEN> In-Reply-To: <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN> References: <MwocHBM--3-2@HIDDEN> <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN> Subject: Re: [bug#53461] [kiasoc5@HIDDEN: Rust CVE] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.5 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: mrustc v0.10 was just released, and can bootstrap Rust 1.54. It would help to update mrustc first, then we can try to bootstrap 1.59 from 1.54 and hopefully save some compile time :) Feb 26, 2022, 10:35 by maximedevos@HIDDEN: Content analysis details: (1.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [81.3.6.162 listed in wl.mailspike.net] 1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Debbugs-Envelope-To: 53461 Cc: 53461 <53461 <at> debbugs.gnu.org> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.5 (/) mrustc v0.10 was just released, and can bootstrap Rust 1.54. It would help = to update mrustc first, then we can try to bootstrap 1.59 from 1.54 and hop= efully save some compile time :) Feb 26, 2022, 10:35 by maximedevos@HIDDEN: > kiasoc5--- via Guix-patches via schreef op za 26-02-2022 om 07:07 > [+0100]: > >> +(define rust-1.59 >> +=C2=A0 (rust-bootstrapped-package >> +=C2=A0=C2=A0 rust-1.58 "1.59.0" >> "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57")) >> > > Is building rust@HIDDEN with rust@HIDDEN necessary? Can it be built > with an earlier rust instead? I.e., would > > (define rust-1.59 (rust-bootstrapped-package rust-1.57 "1.59.0" [...])) > > or even > > (define rust-1.59=C2=A0 > (package > (inherit rust-1.56) > (source > (origin > (inherit (package-source rust-1.56)) > (uri (rust-uri version)) > (sha256 (base32 [...])))))) > > work? > > Greetings, > Maxime. >
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.
Received: (at 53461) by debbugs.gnu.org; 26 Feb 2022 10:35:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 26 05:35:58 2022
Received: from localhost ([127.0.0.1]:54329 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nNuQg-0007TS-9w
for submit <at> debbugs.gnu.org; Sat, 26 Feb 2022 05:35:58 -0500
Received: from albert.telenet-ops.be ([195.130.137.90]:56870)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maximedevos@HIDDEN>) id 1nNuQd-0007TE-PR
for 53461 <at> debbugs.gnu.org; Sat, 26 Feb 2022 05:35:56 -0500
Received: from [192.168.104.254] ([188.189.133.236])
by albert.telenet-ops.be with bizsmtp
id zmbt2600D56BEPw06mbtRa; Sat, 26 Feb 2022 11:35:54 +0100
Message-ID: <1174c7a10cf26efa69c9e2ee31d8f115cf65e851.camel@HIDDEN>
Subject: Re: [bug#53461] [kiasoc5@HIDDEN: Rust CVE]
From: Maxime Devos <maximedevos@HIDDEN>
To: kiasoc5@HIDDEN, 53461 <at> debbugs.gnu.org
Date: Sat, 26 Feb 2022 11:35:42 +0100
In-Reply-To: <MwocHBM--3-2@HIDDEN>
References: <YeyhhR4Mxc+GzETW@HIDDEN> <MwocHBM--3-2@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-cIMNRuQ6IDqdRzY2xmYs"
User-Agent: Evolution 3.38.3-1
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1645871754; bh=4yMdogdtUm+RjA6dkK/VuJ3+XuOd2ahJA39PWYldwU8=;
h=Subject:From:To:Date:In-Reply-To:References;
b=QfTh3RFo+c44OiCOOxcSf14YD8a0+6AZ4jYYHnfMSqlBSuwnTjybsz9THd4mEIpvi
h+Out6LO7AfMKN/zMoM0X9Xc62nHlKc47WkrqXsvJWcRxT3mn8o5UZfxjCx5AsXoNj
cGdhorsAvWPv/43vgP102m4nCeLm6qjgtBvFRI98YrAur56LNOVAc0MziXNb+Xo/fs
pg+3WjNeoR4VU5lFQttHyxi9H/HOFY36vAW5MFuP9+xac/Hdmq+XTu8/8DhsmuRJSs
KNgB8Ad0R2QhtGdfux90X3r+WDwto4PjckyO0FSDM5rrkBNlYFjt8a/ACwRfRxE/SG
dKP2QNqNbeYfA==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 53461
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
--=-cIMNRuQ6IDqdRzY2xmYs
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
kiasoc5--- via Guix-patches via schreef op za 26-02-2022 om 07:07
[+0100]:
> +(define rust-1.59
> +=C2=A0 (rust-bootstrapped-package
> +=C2=A0=C2=A0 rust-1.58 "1.59.0"
> "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57"))
Is building rust@HIDDEN with rust@HIDDEN necessary? Can it be built
with an earlier rust instead? I.e., would
(define rust-1.59 (rust-bootstrapped-package rust-1.57 "1.59.0" [...]))
or even
(define rust-1.59=C2=A0
(package
(inherit rust-1.56)
(source
(origin
(inherit (package-source rust-1.56))
(uri (rust-uri version))
(sha256 (base32 [...]))))))
work?
Greetings,
Maxime.
--=-cIMNRuQ6IDqdRzY2xmYs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYhoCfhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7sUeAPwPLjc4OmkfdjHdYe5WMKQZ7WG2
47mr066g70NielY/+gEAyaSKn5L2vCNE9DNlEtkTJWOOLcaewYP2dtNAUDGyOQo=
=vpCK
-----END PGP SIGNATURE-----
--=-cIMNRuQ6IDqdRzY2xmYs--
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.
Received: (at 53461) by debbugs.gnu.org; 26 Feb 2022 06:07:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 26 01:07:41 2022
Received: from localhost ([127.0.0.1]:54140 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nNqF2-0008KA-W7
for submit <at> debbugs.gnu.org; Sat, 26 Feb 2022 01:07:41 -0500
Received: from w1.tutanota.de ([81.3.6.162]:44820)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <kiasoc5@HIDDEN>) id 1nNqF0-0008Jt-9B
for 53461 <at> debbugs.gnu.org; Sat, 26 Feb 2022 01:07:39 -0500
Received: from w3.tutanota.de (unknown [192.168.1.164])
by w1.tutanota.de (Postfix) with ESMTP id 3ECB3FBF821
for <53461 <at> debbugs.gnu.org>; Sat, 26 Feb 2022 06:07:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1645855652;
s=s1; d=tutanota.com;
h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender;
bh=tGWogJTNEewglWzvPN0nE27ySMxwrSFdX86zZ6V4y3I=;
b=Jg1UKzPp8zqjc5pQxEqctc5rQujVZOmmC47CXHceEo4hpVwFRJekOGDYPGlSVgPM
JwwKL1w8aJcXPtlZUNgpdU7NKjaVOpysEEfIZeP/xOZTtnzVdGX8ieHBNLj1E/eDBPk
DTfWzEHOMnPySBfNSd6F5dWMMTpWpl8Eou3x3a33cMZCIgUzH7p0+ISafm7Lpn6caWG
eU+HCz6vbQ/z3Bk21+ADDg/nqThtJgsKhsCnBVmJZwgdcD3Ym2TCiUThLxYKILAxXVV
jDK+iWI+9sDcioosBQq4ISjkgQYz1YZwJoBojGRg0E+zHnYb5S2/9PLUTHk2MvrEQZE
a9IXptw8MQ==
Date: Sat, 26 Feb 2022 07:07:32 +0100 (CET)
From: kiasoc5@HIDDEN
To: 53461 <at> debbugs.gnu.org
Message-ID: <MwocHBM--3-2@HIDDEN>
Subject: RE: [kiasoc5@HIDDEN: Rust CVE]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_319767_170130096.1645855652248"
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 53461
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
------=_Part_319767_170130096.1645855652248
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Rust 1.59.0 was released, I've updated this patch. Rust 1.59.0 builds fine but I haven't had a chance to rebuild the world yet. Not sure how to do the commit message here.
------=_Part_319767_170130096.1645855652248
Content-Type: text/x-patch; charset=us-ascii;
name=0001-gnu-Add-rust-1.58.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=0001-gnu-Add-rust-1.58.patch
From 9a2a3c79a43f6ebf8d9381cf8aed73ac366e10c9 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Sat, 22 Jan 2022 19:10:50 -0500
Subject: [PATCH 1/2] gnu: Add rust-1.58.
* gnu/packages/rust.scm (rust-1.58): New variable.
---
gnu/packages/rust.scm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 26d6df7a94..9652f331cf 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -784,6 +784,10 @@ (define rust-1.57
`("procps" ,procps)
(package-native-inputs base-rust))))))
+(define rust-1.58
+ (rust-bootstrapped-package
+ rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+
;;; Note: Only the latest versions of Rust are supported and tested. The
;;; intermediate rusts are built for bootstrapping purposes and should not
;;; be relied upon. This is to ease maintenance and reduce the time
base-commit: e725b24d119b47fcfceb9e9ba79ee832318c289e
--
2.35.1
------=_Part_319767_170130096.1645855652248
Content-Type: text/x-patch; charset=us-ascii;
name=0002-gnu-Add-rust-1.59.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=0002-gnu-Add-rust-1.59.patch
From 8e03a6a0a100c751338c1ddfa8d58fd49316e427 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Fri, 25 Feb 2022 09:35:56 -0500
Subject: [PATCH 2/2] gnu: Add rust 1.59.
* gnu/packages/rust.scm (rust-1.59): New variable.
---
gnu/packages/rust.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 9652f331cf..589c8a1b21 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -788,11 +788,14 @@ (define rust-1.58
(rust-bootstrapped-package
rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+(define rust-1.59
+ (rust-bootstrapped-package
+ rust-1.58 "1.59.0" "1yc5bwcbmbwyvpfq7zvra78l0r8y3lbv60kbr62fzz2vx2pfxj57"))
;;; Note: Only the latest versions of Rust are supported and tested. The
;;; intermediate rusts are built for bootstrapping purposes and should not
;;; be relied upon. This is to ease maintenance and reduce the time
;;; required to build the full Rust bootstrap chain.
-(define-public rust rust-1.57)
+(define-public rust rust-1.59)
(define-public rust-src
(hidden-package
--
2.35.1
------=_Part_319767_170130096.1645855652248--
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 27 Jan 2022 21:59:52 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 27 16:59:52 2022 Received: from localhost ([127.0.0.1]:56749 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nDCo4-0005Je-04 for submit <at> debbugs.gnu.org; Thu, 27 Jan 2022 16:59:52 -0500 Received: from mail-qv1-f52.google.com ([209.85.219.52]:47016) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1nDCo0-0005JP-0G for 53461 <at> debbugs.gnu.org; Thu, 27 Jan 2022 16:59:50 -0500 Received: by mail-qv1-f52.google.com with SMTP id o9so4067246qvy.13 for <53461 <at> debbugs.gnu.org>; Thu, 27 Jan 2022 13:59:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=QoFNxrR396QuUtD6p31IPsr/gGVXhLBq5BFCMmy8Ajc=; b=XJKyUEbWxA1I7NRnHsZxlbXV2Xb5vQGteT4pkYoLDvvJGMifJ4UcRgpiByrZg4uR7+ AtKJ5yT7ccRph/HRl0OAexMrRJfIbgYSGs7+OaIXrVsgEeuQbRag6lugpGLgQufP9ayu PAiiw1ZRuERQiRfP3VnyVy0Mp1Uv/vuPMUxGdAR8sZXiSXrHJJbAOB1SzGB1Che08O05 vRomxvvfab5kJj3zz91TnXG/ZLEvYZwq99HfekXjCBGVVzYxrGcHM9y5Gqtrj1yb8mby aqldIpngZSGEvYMe903eZ8+P5en4p69FhH5OEqCrM5EJ0yDDBtA+s+aY0pOqNpSh+bK5 2DvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=QoFNxrR396QuUtD6p31IPsr/gGVXhLBq5BFCMmy8Ajc=; b=BD3PkDGFOhoM8IZ2jKQY39lQDXsOaHd1U66DRTHzqf4qEyYMGP7HO5BvREPg8lCcFE alB8nwANv1nI8+2wDu4g0cCIZSOlNVCqEe1VjzZJdrsF7pYjHJW1bAnPMV6P5LasJ6D7 pN6Crof7Z6JMYqE19xXhNCvTali7WSSkvHsh1QcT0Zj6kntu+7tkyNV25ZqLps79ObQt gSZ88xaPJfkc1o51JMdv2Lkr8JU26Ff44IJdPrmMdBSotOGaEPR8qdtOwKM5VM+ORS1M 1NpWjXjXzKEs0OZTOZ/TLK/ursn0LfdKfsOV8H/wO6tjWn27xXFMy0UOc83wErweqjr3 HTlA== X-Gm-Message-State: AOAM532pzsAMhbVpQP25Fj/0F15/Y72Huwk3IIV3K/C208GtkSUgzoYE B1T7E5TEvfZwRjYdymfckbtFgpYUOVw= X-Google-Smtp-Source: ABdhPJzi0d1EtjI1N+OJg9X1BpQPNOlyUcfUGpwU39GIwK/kp82YZ8Wvt+23VlZTHezm/nLHoST8dQ== X-Received: by 2002:a05:6214:2589:: with SMTP id fq9mr4927759qvb.31.1643320782182; Thu, 27 Jan 2022 13:59:42 -0800 (PST) Received: from hurd (dsl-152-51.b2b2c.ca. [66.158.152.51]) by smtp.gmail.com with ESMTPSA id t123sm1997454qkh.31.2022.01.27.13.59.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Jan 2022 13:59:41 -0800 (PST) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN> <Ye99A70hzK4zXHgO@HIDDEN> <87ee4v4dps.fsf@HIDDEN> <YfC4km4gTGOaevY+@jasmine.lan> Date: Thu, 27 Jan 2022 16:59:40 -0500 In-Reply-To: <YfC4km4gTGOaevY+@jasmine.lan> (Leo Famulari's message of "Tue, 25 Jan 2022 21:57:22 -0500") Message-ID: <87mtjgzvoz.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello, Leo Famulari <leo@HIDDEN> writes: > On Tue, Jan 25, 2022 at 06:06:55PM -0500, Maxim Cournoyer wrote: >> > I suppose we could do it quickly on a branch. >> >> Note that Rust is now needed to build all of GTK, at least on x86_64. >> That's a rather large rebuild. > > Oh, right. > > Well, I wonder what we should do? Perhaps a rebuild branch for it... but let's finish migrating to the new SSD storage first (we're still just copying part of /var/cache into it). This should give us some time to update the Rust chain to 1.58.1. Would you or anyone else like to try? It's nothing to difficult; it consists of moving the tests bits to 1.58.1 (the leaf package), and hide the previous versions (Rust only support the latest release). Then rebuild the world with it. We could use this opportunity to ungraft too. Thanks, Maxim
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 26 Jan 2022 02:57:31 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 25 21:57:31 2022 Received: from localhost ([127.0.0.1]:50629 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nCYV1-00034u-EU for submit <at> debbugs.gnu.org; Tue, 25 Jan 2022 21:57:31 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:50725) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1nCYUz-00034h-Oi for 53461 <at> debbugs.gnu.org; Tue, 25 Jan 2022 21:57:30 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 962335C0040; Tue, 25 Jan 2022 21:57:24 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Tue, 25 Jan 2022 21:57:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=mesmtp; bh=UgdiBfH2Z6uHpZf6HcBBsdlcGVu HMm9+J1yABUD95pk=; b=dSaYoxBB+wumzezD/omQ7Xok1WM+wGVpjr1M6iNPcDw fjgAJyspT+uxGhQMK8SapV9dw9Oc5cNYkwxfn8fQszGj16uzsRQb3Y2+fEmDs2Vr Ln80kMkrEKJevOOEQcLDqg+sfh9inbYadJOTq0H6a2VTSiG0hF06UUA37uo+FiVE = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UgdiBfH2Z6uHpZf6H cBBsdlcGVuHMm9+J1yABUD95pk=; b=OnFw97JmegI03gBp1uAcAqTeramPEj6cB 99Yrz0LMh4k1sJkTQfpFX3GYEZomkggddomPv7HqH6NEUgSQ3DUrD9TUYo+qrrgD NJmjw7BsSEO+4j8VUCxYiW4Mvf2OSFoL/0OUSBE0SR6w8JgVCyVDtSUCNj/6Rr+U rdlKl8l8hv1Ye+Fb9j3puJh7W+CbroB+yGATkaP1hUG9jg4N0rFRXOf7NOoxrT+Z nKRdFAOLy2AvP8WL1rymzLwr21pZSOANRESAasIN8qJk8lde1RHf4LstjVbhF1Wp 5YS76nHjEFiJlvwBnbPnk8+i6T4XCFB5SAauxWJVFBeUuVBQlkErw== X-ME-Sender: <xms:lLjwYb6q0a7adM-oZxULbloXvzuGTEryhE6oleHIGO8tihuEc110PQ> <xme:lLjwYQ6DykFff3ui00P5Cx77pCezbE0mkVfmMf0lC2M1Q-4U6PsjWWl4z5QTVlx0U rmXhK27XZdzVu3VXw> X-ME-Received: <xmr:lLjwYSe5QOFP7DemNbC_i1u-ByjQzWxLaSkBd3evdLbqnm56HrDVkbU540qOa_mVobEhn1OvZPUvsi5nN3JhEicvHg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrfedtgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg hrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheffvefg necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh esfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:lLjwYcJLv9WWdTYAvZO67eMzRwHCy5zXiH3oW8a1wsYl5xqTt3itrA> <xmx:lLjwYfJRny9z4ySxPXfmj2FrFxCLQ8cD5GPRnAD-jZzqL47rA-prVw> <xmx:lLjwYVzsc1LONm4vvUSzxusKD3HJbYoEQkh-pKs9yseCDK3nKaTmzw> <xmx:lLjwYRw0R2AXI7t79NbBjV6MuoJbNCXNshaV5SZM71RI6D3j4TsxYA> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 25 Jan 2022 21:57:24 -0500 (EST) Date: Tue, 25 Jan 2022 21:57:22 -0500 From: Leo Famulari <leo@HIDDEN> To: Maxim Cournoyer <maxim.cournoyer@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] Message-ID: <YfC4km4gTGOaevY+@jasmine.lan> References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN> <Ye99A70hzK4zXHgO@HIDDEN> <87ee4v4dps.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ee4v4dps.fsf@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Tue, Jan 25, 2022 at 06:06:55PM -0500, Maxim Cournoyer wrote: > > I suppose we could do it quickly on a branch. > > Note that Rust is now needed to build all of GTK, at least on x86_64. > That's a rather large rebuild. Oh, right. Well, I wonder what we should do?
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 25 Jan 2022 23:07:07 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 25 18:07:07 2022 Received: from localhost ([127.0.0.1]:50476 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nCUu3-0005Yk-9j for submit <at> debbugs.gnu.org; Tue, 25 Jan 2022 18:07:07 -0500 Received: from mail-qt1-f169.google.com ([209.85.160.169]:34375) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1nCUtz-0005Y6-IC for 53461 <at> debbugs.gnu.org; Tue, 25 Jan 2022 18:07:06 -0500 Received: by mail-qt1-f169.google.com with SMTP id c15so12865819qtv.1 for <53461 <at> debbugs.gnu.org>; Tue, 25 Jan 2022 15:07:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=xcxSUcd9AwHZTnEyUR0eQD61MAvk4/kEoy87qWcQLwQ=; b=FPi6kU41XoPrwf49QukHMM1PHqdqApVlxdYWXsUpoB3qIR4lAuxxG4vpgbkrqiCGBk +E2np5+fX3sMiPYWPVe3jrqh0bwWDCc1uoShJC9p1bb8PVok1VEF2bLr0RVY90NeQhTL NdgDv7b6cxLDGWcyXEetgB2buW9q12fUZKYDnnKVN7nBgte+8pyk3dPHpal7fmt+RM4K ED9HV6Z7Ew7T3zSFJaI5LseOt6Y38Qa11P23DjtnkX/FZUqZHGZpMF1abBy09qDHTrOJ YDURyu0XjEunrfaveEvjhWEzOnuJn+OmQVajtIOG8tSZTXC7gpSoEE5/bjEwwY5IJej9 3v4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=xcxSUcd9AwHZTnEyUR0eQD61MAvk4/kEoy87qWcQLwQ=; b=GC1rtQK7+O/Y62wW4CspBRtk5nxOkmehbF68NLssc3G33ap0OpPBqAFzEiw/z6gekA VYicFDGfdn78biTyCDlXtjslSnwRumdqZwqXQ/pi/aUgErxWy0Cx5AVmSP+wdVcOBFjD aS74EPj9KSp0F5InlDgzDzSXGZtDkh7jb5Nwm+w/uDVxCt6bd4fI/BtvJ7OH8FLVAnov SnakQKPYQ9j4YK9eSl335PzUv2vbxa0FVQksQKkcCN94VKsCMtgtX5U3launAQJZ5nJK EwdSaxltFRTS4xIdukKuRulT+iCC8cTPLs+nVf8I6kcO0Ks5Z0fXRrttph5DqxUe5XMR zN3Q== X-Gm-Message-State: AOAM533ciWMUaSE9CJW5J6vMO1WlzaFDEL7V40VC7KJpL3TzFBvvlOqK 0bLOSQvs0Qsf1JV5QpEZEY6ZecTy4hU= X-Google-Smtp-Source: ABdhPJwRdabi7FSxU1FYtkH1X+jGC8d7XzPUOPJ4LmdRs2yEbCgaodV4mXzjqrBYpb6AzK67kZB7YQ== X-Received: by 2002:a05:622a:1a9e:: with SMTP id s30mr18905969qtc.119.1643152016337; Tue, 25 Jan 2022 15:06:56 -0800 (PST) Received: from hurd (dsl-10-136-58.b2b2c.ca. [72.10.136.58]) by smtp.gmail.com with ESMTPSA id bp35sm9882719qkb.72.2022.01.25.15.06.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jan 2022 15:06:55 -0800 (PST) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN> <Ye99A70hzK4zXHgO@HIDDEN> Date: Tue, 25 Jan 2022 18:06:55 -0500 In-Reply-To: <Ye99A70hzK4zXHgO@HIDDEN> (Leo Famulari's message of "Mon, 24 Jan 2022 23:30:59 -0500") Message-ID: <87ee4v4dps.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello, Leo Famulari <leo@HIDDEN> writes: > On Mon, Jan 24, 2022 at 04:31:25PM -0500, Maxim Cournoyer wrote: >> OK! I just asked in #rust and they confirmed what I thought (all crates >> -- well the ones using 'std::fs::remove_dir_all' but we can't easily >> know) needs to be rebuilt if we are to patch that CVE. > > Okay. Let's see... > > ------ > $ git grep cargo-build-system gnu/packages | wc -l > 2152 > ------ > > I suppose we could do it quickly on a branch. Note that Rust is now needed to build all of GTK, at least on x86_64. That's a rather large rebuild. Maxim
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 25 Jan 2022 04:31:12 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 24 23:31:12 2022 Received: from localhost ([127.0.0.1]:46544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nCDU8-0006Mv-3c for submit <at> debbugs.gnu.org; Mon, 24 Jan 2022 23:31:12 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:51405) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1nCDU3-0006Md-PE for 53461 <at> debbugs.gnu.org; Mon, 24 Jan 2022 23:31:10 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 3A1205C008D; Mon, 24 Jan 2022 23:31:02 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 24 Jan 2022 23:31:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=mesmtp; bh=TNwMlGZO89e3o3fig5nSrbLfFFN W3Fvl+fBaw8S0Tzs=; b=1LoJfnqVGexc0zaFZzzIU4N7OnQwdjqTQUSt0pyg1rg G3O9QOwCNLDnNQnnZfzNJpPzRmuAzo4kD+R5/dG51+W11pm+MnZVi4aNZPQ6rDwm bwkBq9OyYhAoWcBXaCJCFPCvzFfxgBddyV+Y+I5g/EFhftQeJg9XaGf44S2iPTaI = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=TNwMlGZO89e3o3fig 5nSrbLfFFNW3Fvl+fBaw8S0Tzs=; b=SNLcBtyj4Mu8lSZ/gwwjYQSjfJii7e1JK AicbHr2LIGd8egKfAAwPAG9tM23/cdoREB0X/5B/lfAa+v4QxcxIeE9JJWejtPsJ YlAM1AGkNvNzKD3p68fUtJEXS9ekwuVp8QWpHb0+7++KE9rKZzosF8ub+B1XJK44 2QgWuh/fgC23xLar0KQJLf8+SAIzY/rqDvCbzAHwomuOMVyZZwnSe/Dok1vU0WA8 Tgg2UUfvBsXqhV0Y/HIU8asyDyuZln3ek3LTv/ShaY23wAgeuhRtUhmV3Z61isdO HOqHXO/+QAz2kvf5DcmdroGqw0MHVlh9VJfb5y2NYSS/hzzIFBlUA== X-ME-Sender: <xms:Bn3vYSaUzVSSavvpnKJXAAkgYgTzMPX7wJcrMHsOfL28d0LwqGqGLQ> <xme:Bn3vYVZUoJ1IAuClqzLsFqSG_YvKelrXiSjxIkD_3GHPNjgdowPk6ACy60GucqOdj BxuxbJEOvI1opBKsA> X-ME-Received: <xmr:Bn3vYc-EsXOPKCAd-Qs0R7fYf015vj1D5WXvSoIMDWEaikgGoDvfdg1TC5UTM_TIFnlXUbQLGmDV8Uc4rqIgwFAQHw> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdekgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg hrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheffvefg necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh esfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:Bn3vYUrynvUTTe75dqnvbKFLQXDHlG-kUsNIaDfLlqm3uGfAhJQ-2w> <xmx:Bn3vYdpp1yYuo5JJgpwLqayBD4TR5Pc_zf18AdRNcBKDOg3dh7_E6w> <xmx:Bn3vYSSKsDSVUH9KjjGjZsbvpbDiyRxcS6Se2xzF_Wa17RkCsHMF9w> <xmx:Bn3vYcTMlhbZBNSvvQ6j5x1odozrTAsEgDuyp7xHyYTgYDbiMkwa3Q> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 24 Jan 2022 23:31:01 -0500 (EST) Date: Mon, 24 Jan 2022 23:30:59 -0500 From: Leo Famulari <leo@HIDDEN> To: Maxim Cournoyer <maxim.cournoyer@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] Message-ID: <Ye99A70hzK4zXHgO@HIDDEN> References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> <Ye2sclMdhTU/E5xE@HIDDEN> <87ee4w6csy.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ee4w6csy.fsf@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Mon, Jan 24, 2022 at 04:31:25PM -0500, Maxim Cournoyer wrote: > OK! I just asked in #rust and they confirmed what I thought (all crates > -- well the ones using 'std::fs::remove_dir_all' but we can't easily > know) needs to be rebuilt if we are to patch that CVE. Okay. Let's see... ------ $ git grep cargo-build-system gnu/packages | wc -l 2152 ------ I suppose we could do it quickly on a branch.
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 24 Jan 2022 21:31:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 24 16:31:36 2022 Received: from localhost ([127.0.0.1]:46079 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nC6w4-0007gC-0X for submit <at> debbugs.gnu.org; Mon, 24 Jan 2022 16:31:36 -0500 Received: from mail-qk1-f182.google.com ([209.85.222.182]:45604) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1nC6w1-0007fu-55 for 53461 <at> debbugs.gnu.org; Mon, 24 Jan 2022 16:31:34 -0500 Received: by mail-qk1-f182.google.com with SMTP id d11so21954223qkj.12 for <53461 <at> debbugs.gnu.org>; Mon, 24 Jan 2022 13:31:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=xF9dAgci/kXItCNeEikbfnLRyABmBVuWKa7G6/6OJ9s=; b=BKWvX0AtVgy+riEztDg+QPgxsWEm1ggWAEMGD39F7jubD13dh6lmzemwz3tf1Nesk0 Dgog+R4igNzLVeQrA3INHKu6KEvK8rclw38PMO3lccX7AYdJNnGwLhi+U+jNBFnYIHli PjbLLFFOnrlOE1c/FNuwWaUia7kbTRQv2s+7UxbLa6jX+I3KywXIZF2lM1q+Osnv9aPV 3lcDCNzqApfNM5GfT/Z5iDChuuA4J7YfB8KdQ26a6RFSeqOFQDyssOdE1oeWnzxjp3vi Z8+1xtddDsdvvKJ2mAQ0PV46C8XSRPlR1D9T/pBVh66xUlrTPW82llOohTTm0BL2Vc6A GIdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=xF9dAgci/kXItCNeEikbfnLRyABmBVuWKa7G6/6OJ9s=; b=Mclh9Mis7E+WcxuHsswF3FPPcJ5mzEvb06OzrvU1/y5eepFJO5GGfKpYCk3FdEEuCF ot/6SZGnVuA+xE3RUp3lp/KeqzPPpzZQSbtrfpQQI4EUfQ0oR5YG6B6V106LFkP8Y/b9 D5V+rvQIL01q4VBdQ/zUyZGRwqmaSH/yq34bPj5XIcvfuWP22y6/HY0IaBZ4b/V2Joyu nwFXZrr/6pqhwC4SACvyr02lzGQe5VODiOMFpktUerlXUEBv41hdHRsQoY0TEE8HAEiX 6Asfm1fbSVCFOPD4o0dRdDowazXgVC4J1Ukj955Iyu7pH/IpOS8IiBVFaUS/ymO5ypp4 HD+Q== X-Gm-Message-State: AOAM5328+jvDMuFiekfLrZYPuEvN9eCPl52DvPj9bhEchGriTGZFaxAM gmvmldJ0eWHqY0G1CEaXSqydd+cyGj4= X-Google-Smtp-Source: ABdhPJwuFMR+d60b0MBWPOtQl+REx8EKnNRPIiRwbyHaUoK2MSdNT6ytM1MzZtpP3t6kcW/946s/uw== X-Received: by 2002:a05:620a:71a:: with SMTP id 26mr5528933qkc.421.1643059887350; Mon, 24 Jan 2022 13:31:27 -0800 (PST) Received: from hurd (dsl-205-233-125-146.b2b2c.ca. [205.233.125.146]) by smtp.gmail.com with ESMTPSA id g11sm8484131qko.86.2022.01.24.13.31.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Jan 2022 13:31:26 -0800 (PST) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> <Ye2sclMdhTU/E5xE@HIDDEN> Date: Mon, 24 Jan 2022 16:31:25 -0500 In-Reply-To: <Ye2sclMdhTU/E5xE@HIDDEN> (Leo Famulari's message of "Sun, 23 Jan 2022 14:28:50 -0500") Message-ID: <87ee4w6csy.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, Leo Famulari <leo@HIDDEN> writes: > On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote: >> The rust-1.57 variable should probably be made private or hidden now. >> >> Also, unless we rebuild all crates with rust-1.58, it seems to me like >> we won't be addressing the problem, as the CVE touches the >> 'remove_dir_all' procedure part of the standard library of Rust (and we >> all know Rust likes to build things statically). >> >> Am I missing something? > > I don't know about Rust things! I just forwarded this message from the > private list to the public list. OK! I just asked in #rust and they confirmed what I thought (all crates -- well the ones using 'std::fs::remove_dir_all' but we can't easily know) needs to be rebuilt if we are to patch that CVE. Maxim
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.Received: (at 53461) by debbugs.gnu.org; 23 Jan 2022 19:29:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 23 14:29:00 2022 Received: from localhost ([127.0.0.1]:41316 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nBiXs-0005dn-M0 for submit <at> debbugs.gnu.org; Sun, 23 Jan 2022 14:29:00 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:34581) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1nBiXq-0005dZ-Mu for 53461 <at> debbugs.gnu.org; Sun, 23 Jan 2022 14:28:59 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4D26B5C003B; Sun, 23 Jan 2022 14:28:52 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 23 Jan 2022 14:28:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=mesmtp; bh=65Cd/j4WkC07ilX4OoZQsddN2Un l3h69y28G3+ycBbs=; b=Rs/Ag/FD5nWNB9GvADBHXZumyRArUd7Thfwg+UBYezV g/PPmMEpXIz3YhTMl8xnk0/2jJ2/5sQW/b/XL1H/dUMeoz1Czm8ukq07+FfrqU9u U1Z5QVTBOrpzrCwgW7+VStuA/aT4KmXgy+dQBCVaIbLCy8mc3AWy/kkTl/Lh8Qk0 = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=65Cd/j4WkC07ilX4O oZQsddN2Unl3h69y28G3+ycBbs=; b=CWpET67ubbPi/eiOFyV+4fUNuOFW701kE 3kk9g2Wx3E1xeGIl/RO6YlcsGObcviNe1YT8gMNxrNzuKMcl6GEp3+F/bmjuqc6+ ROoQ9HnzLQ7lxLblmfZIHO6iTCXovnWi5a5LlcLQ5a3qm0SM5qTZPR58lqJRvvXL xHmQrpptQlXQXrooGrUsSqy8+HKfvLxRIJAT8mSvDgTkMnB6DIZbEmNsH2Why0Y5 EZt4UIMjMF8IFyFU28EnoU75sJ/Wq/KyLyNt11o1tk8V5t3SzDpQM/v6azGAs9F1 BtS5Qt+Q8yaSaljZZTJl+V959vMBegMU/dFuNH5j5gQLEEYW0MBLg== X-ME-Sender: <xms:dKztYZjVqzxPFvTXVLutscOiMOMVPI7fqXQDg1O8UVYTyfwAJlJLIg> <xme:dKztYeCdJjeg6rF6MT-ZHq3IWpNSNuCUXvKzMQ7mAMPArvpTA3xDk0wHWpAzpoQyw QdBKqumPT0JIKSIyg> X-ME-Received: <xmr:dKztYZHQKO8JJAN0-wFdqPJrjARbl24HIxvscKRYiPE3VFsIZQbBo75GSy25-H0betQ9y7z3e9hUMzvcGcox_DATpg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdeggdduvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpeeukeektdffvddtudegjeegtdevhfeufeeivdejiedtieegtdevjedvjeehffev gfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg hosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: <xmx:dKztYeR_UsipVcZCpGoqtlpIJSpw9ZcPSpx78zGanE8RnU7B9SdyKw> <xmx:dKztYWwQe0QGf1u8M5zii88OvIywrJNEGfA3MzGuwI6iK7zPxTR-KQ> <xmx:dKztYU6inQU-JONc-4Ez_-ZCt2RuGe7XWVQ-dTlvkdmKx-3UavfQkw> <xmx:dKztYcYOD4rVsjAldGYpd4TwLvQrMhQtKbftE3ALquPE9GuexU4UAg> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 23 Jan 2022 14:28:52 -0500 (EST) Date: Sun, 23 Jan 2022 14:28:50 -0500 From: Leo Famulari <leo@HIDDEN> To: Maxim Cournoyer <maxim.cournoyer@HIDDEN> Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE] Message-ID: <Ye2sclMdhTU/E5xE@HIDDEN> References: <YeyhhR4Mxc+GzETW@HIDDEN> <87ilub6s7z.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ilub6s7z.fsf@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 53461 Cc: 53461 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Sat, Jan 22, 2022 at 10:33:52PM -0500, Maxim Cournoyer wrote: > The rust-1.57 variable should probably be made private or hidden now. > > Also, unless we rebuild all crates with rust-1.58, it seems to me like > we won't be addressing the problem, as the CVE touches the > 'remove_dir_all' procedure part of the standard library of Rust (and we > all know Rust likes to build things statically). > > Am I missing something? I don't know about Rust things! I just forwarded this message from the private list to the public list.
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.
Received: (at 53461) by debbugs.gnu.org; 23 Jan 2022 03:34:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 22 22:34:01 2022
Received: from localhost ([127.0.0.1]:38356 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nBTdh-00083H-CV
for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 22:34:01 -0500
Received: from mail-qv1-f45.google.com ([209.85.219.45]:38716)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maxim.cournoyer@HIDDEN>) id 1nBTdf-000830-La
for 53461 <at> debbugs.gnu.org; Sat, 22 Jan 2022 22:34:00 -0500
Received: by mail-qv1-f45.google.com with SMTP id kl12so15859350qvb.5
for <53461 <at> debbugs.gnu.org>; Sat, 22 Jan 2022 19:33:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version;
bh=/Jz03IEnVkePh8Qt/mQNEmsyFRj3GZvsK9VG+9faB0k=;
b=iBbmJCKj+biJs3H3f36OPskN7mOuZS0d41+SKeDnzDiLePL0lwGDhfAjP5DNauNKBo
OWmtxfcjo43f2WpW2nSTbWNPsjgfLpcGwEfluIzz434JQw64DPuHUQt15I0TaVlN66Gc
Uj7FUnWEtjhUo1BRsnf5cc+q5RkWXGuUNRbZi9XT/6gbSvXuxgvbwo3mtlNQN/oyL8WO
d7Be9wEZhd1xRyGVmwesdgof7Aa2TDcqfwcUaiRJKkbB1WGS+uDsw09wyDtrfrTNo0Xo
OdiJz+KVRN1qLur/dJ4J3UUzscaVlGuqjl6Nx0BuQDnYBBM1//YBaujZDPOv+WuL2aDL
SsXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version;
bh=/Jz03IEnVkePh8Qt/mQNEmsyFRj3GZvsK9VG+9faB0k=;
b=bgHp6tWLXU4n2odRJV9X+H5lWqIIZU3shA/yHhpZ4pe3wPlg1Hsnf5/tMuUHjnc42x
ngkfM5cQ04hOLFJiZ6QPDwRxWzq6xsXiFBR+TazMs68znYO3wFRdQoWsCDYRnCg/EVeT
0yW0ouxEt+qL6y8HQPUnPeiMOMrQWGqc33RL3QPy53Cr8k8QiIs8yCrM56x5nK+LeeIs
uVMmzd/jeH/7UQSpZQWXKE4/LxdtZJHQR3V4ZBPNpvQnSfS9XhduyY5gvSFSlZ63jgY9
8PGps0pPqkC+zGcEQrvKcQ/zTWBxX0OeDYtgg1i+R44uLkEDC63AgyIQ9buEX/QEI3zs
PNvw==
X-Gm-Message-State: AOAM53387eS09rtKlkwiTlMvS4skxB4QTb5AQsxm2FB3TYRzz/COQ1+u
czjjdFVIL0KBBPHCk9ghGADhxDWhn+k=
X-Google-Smtp-Source: ABdhPJyCc3IhFHBF9rrJGJuOkPhLnPOU22VnvfkpU5RM4yq4buA6dxW7S5WAiarEIk4d1Xxlz2oWUQ==
X-Received: by 2002:a05:6214:2389:: with SMTP id
fw9mr9784466qvb.19.1642908833505;
Sat, 22 Jan 2022 19:33:53 -0800 (PST)
Received: from hurd (dsl-205-236-230-254.b2b2c.ca. [205.236.230.254])
by smtp.gmail.com with ESMTPSA id b4sm5372882qkf.61.2022.01.22.19.33.52
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 22 Jan 2022 19:33:53 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#53461: [kiasoc5@HIDDEN: Rust CVE]
References: <YeyhhR4Mxc+GzETW@HIDDEN>
Date: Sat, 22 Jan 2022 22:33:52 -0500
In-Reply-To: <YeyhhR4Mxc+GzETW@HIDDEN> (Leo Famulari's message of "Sat,
22 Jan 2022 19:29:57 -0500")
Message-ID: <87ilub6s7z.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 53461
Cc: 53461 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Leo,
Leo Famulari <leo@HIDDEN> writes:
> From: kiasoc5@HIDDEN
> Subject: Rust CVE
> To: guix-security@HIDDEN
> Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET) (3 hours, 7 minutes ago)
>
> Hi,
>
> Rust has a new cve that is only mitigated by upgrading to Rust 1.58+.
>
> https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
>
> Attached is a patch that adds rust-1.58.1. It doesn't replace the
> default as I'm not sure whether this should be grafted or not.
>
> Thanks
> kiasoc5
>
>>From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001
> From: kiasoc5 <kiasoc5@HIDDEN>
> Date: Sat, 22 Jan 2022 19:10:50 -0500
> Subject: [PATCH] gnu: Add rust-1.58.
>
> * gnu/packages/rust.scm (rust-1.58): New variable.
> ---
> gnu/packages/rust.scm | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
> index 5a6d4a5c30..c9b44da844 100644
> --- a/gnu/packages/rust.scm
> +++ b/gnu/packages/rust.scm
> @@ -784,6 +784,10 @@ (define rust-1.57
> `("procps" ,procps)
> (package-native-inputs base-rust))))))
>
> +(define rust-1.58
> + (rust-bootstrapped-package
> + rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
> +
The rust-1.57 variable should probably be made private or hidden now.
Also, unless we rebuild all crates with rust-1.58, it seems to me like
we won't be addressing the problem, as the CVE touches the
'remove_dir_all' procedure part of the standard library of Rust (and we
all know Rust likes to build things statically).
Am I missing something?
Thanks,
Maxim
guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 23 Jan 2022 00:30:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 22 19:30:10 2022
Received: from localhost ([127.0.0.1]:38215 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nBQli-0003Ph-Pk
for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 19:30:10 -0500
Received: from lists.gnu.org ([209.51.188.17]:52858)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1nBQlf-0003PT-K7
for submit <at> debbugs.gnu.org; Sat, 22 Jan 2022 19:30:05 -0500
Received: from eggs.gnu.org ([209.51.188.92]:34188)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1nBQlf-0001cN-AV
for guix-patches@HIDDEN; Sat, 22 Jan 2022 19:30:03 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:32833)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <leo@HIDDEN>) id 1nBQld-0001Z0-AV
for guix-patches@HIDDEN; Sat, 22 Jan 2022 19:30:03 -0500
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
by mailout.nyi.internal (Postfix) with ESMTP id 754C85C00A6;
Sat, 22 Jan 2022 19:29:59 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
by compute2.internal (MEProxy); Sat, 22 Jan 2022 19:29:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=cc:content-type:date:date:from:from:in-reply-to:message-id
:mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp;
bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHiBs=; b=V+SAGjxSEciz
PR1frcY54g0vMlqUwTQXLZSav9I2JcZMimWxIm+ftkb0sOoi8Id1Kq+8UFa4z4ul
GeTNnnyuPc/f4NmfxsLtlNav/4M7YvZ1L7ZNyNBrp1BjPjY0qsi5YbMXvPsal18L
b3HyzTh943Bi/dKBq65Nl8HgWwT11qY=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:date:date:from:from
:in-reply-to:message-id:mime-version:reply-to:sender:subject
:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm1; bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHi
Bs=; b=QouShFrsuNLosXc8pV29LhS0L2usxHCjmeJb1/QJnZdy56LA/a/KcRKB+
fQ1Qs51gQi1gvuM+wzH5qwSY3kdKiGEAqH5o22glBvT3c1XF/4OQRyGi+rLUL7rI
JL13BRoUqZo8eMO9QPE17lljXCO26I/MATt0Z28GkH7+KJBzOVA0WxPNIfIdgQ15
XcVZbJyYScqBqUdCP7RJSUuyv2yIBDSrJhTBlDjsir3MvwCSeWYHABb5QmA86a61
nnMlwYf1Xdlx8TSlzwaCMk7NVs2wPAH7ioNvK1vYL+t6288fYfQqvpniyErDPO1E
3APGbibAtdsmPWZt0WY9v5kRqu9vQ==
X-ME-Sender: <xms:h6HsYbsq-v9z2c4vrFDSqsV3y9ouHfmnglmZvycVHyEI_MnkbdeXEA>
<xme:h6HsYcdPQpZb2gO9qQT8uH5Xc49Jkc2QvJolSrKOGhoxPw_YxHkGvjhyUqNhywklR
RuX4LA7QezGGuWv4Q>
X-ME-Received: <xmr:h6HsYewZvaLOHxOkYhMBDmU1rLe8sBSLWFZDpDqf4aIzeMVKvrS8bVlZa2k9Wsxmk3lDglaWqHuPkZPh1vCwH-NxUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdefgddvfecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertddttd
dvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr
nhgrmhgvqeenucggtffrrghtthgvrhhnpeeguddugfejteffieeuvddvleetueegfffhve
dtgfehudegueffteegtdehtdejteenucffohhmrghinheprhhushhtqdhlrghnghdrohhr
ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg
hosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:h6HsYaN9QQJKE_8rOaPSYHFxdv7ABtETtEAOkSoiL-cHmWorg4RIbA>
<xmx:h6HsYb-0SjWGmoTFhICWeuqnivjGYk2ICrb3bZYPGZU8G0V0uCOZwA>
<xmx:h6HsYaUrLZK2WVAzasJ8AtU6Oy37GxWumcZf5K-F-cDzeA3Q_Ztm3g>
<xmx:h6HsYYIUoB414r7Vn1SjKofHbN5CGFO0sxeZVVl6b2dQMgMwNgLzpA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
<guix-patches@HIDDEN>; Sat, 22 Jan 2022 19:29:59 -0500 (EST)
Date: Sat, 22 Jan 2022 19:29:57 -0500
From: Leo Famulari <leo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [kiasoc5@HIDDEN: Rust CVE]
Message-ID: <YeyhhR4Mxc+GzETW@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=66.111.4.25; envelope-from=leo@HIDDEN;
helo=out1-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)
----- Forwarded message from kiasoc5@HIDDEN -----
Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET)
From: kiasoc5@HIDDEN
To: guix-security@HIDDEN
Subject: Rust CVE
Hi,
Rust has a new cve that is only mitigated by upgrading to Rust 1.58+.
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
Attached is a patch that adds rust-1.58.1. It doesn't replace the default as I'm not sure whether this should be grafted or not.
Thanks
kiasoc5
From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@HIDDEN>
Date: Sat, 22 Jan 2022 19:10:50 -0500
Subject: [PATCH] gnu: Add rust-1.58.
* gnu/packages/rust.scm (rust-1.58): New variable.
---
gnu/packages/rust.scm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 5a6d4a5c30..c9b44da844 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -784,6 +784,10 @@ (define rust-1.57
`("procps" ,procps)
(package-native-inputs base-rust))))))
+(define rust-1.58
+ (rust-bootstrapped-package
+ rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+
;;; Note: Only the latest versions of Rust are supported and tested. The
;;; intermediate rusts are built for bootstrapping purposes and should not
;;; be relied upon. This is to ease maintenance and reduce the time
base-commit: dfc32d8d997da74a6e838b450649bd89905ffdc3
--
2.34.1
----- End forwarded message -----
Leo Famulari <leo@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#53461; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.