GNU bug report logs -
#57354
[PATCH 1/2] gnu: rust-regex-syntax: Update to 0.6.27.
Previous Next
Reported by: gyara <me <at> gyara.moe>
Date: Tue, 23 Aug 2022 14:33:02 UTC
Severity: normal
Tags: patch
Done: Marius Bakke <marius <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 57354 in the body.
You can then email your comments to 57354 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#57354; Package
guix-patches.
(Tue, 23 Aug 2022 14:33:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
gyara <me <at> gyara.moe>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 23 Aug 2022 14:33:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
---
This patch update rust-regex to 1.6.0 to fix CVE-2022-24713.
gnu/packages/crates-io.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index cfafce9aa3..9c44fec198 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -48811,14 +48811,14 @@ (define-public rust-regex-automata-0.1
(define-public rust-regex-syntax-0.6
(package
(name "rust-regex-syntax")
- (version "0.6.25")
+ (version "0.6.27")
(source
(origin
(method url-fetch)
(uri (crate-uri "regex-syntax" version))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
- (base32 "16y87hz1bxmmz6kk360cxwfm3jnbsxb3x4zw9x1gzz7khic2i5zl"))))
+ (base32 "0i32nnvyzzkvz1rqp2qyfxrp2170859z8ck37jd63c8irrrppy53"))))
(build-system cargo-build-system)
(home-page "https://github.com/rust-lang/regex")
(synopsis "Regular expression parser")
--
2.37.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#57354; Package
guix-patches.
(Mon, 29 Aug 2022 16:34:01 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi gyara,
Thanks a lot for this security fix.
Since this will rebuild 'librsvg', which has ~550 dependent packages, I
added these patches to the about-to-be-merged 'staging' branch.
(it's not ideal either, since it is supposed to be "frozen"; but we
cannot graft Rust packages and would instead have to add a graft for a
patched librsvg, which seemed a lot of work for 'just' 550 rebuilds)
PS: In the future, please mention the changed variable in the commit
message (see the commit log for examples). I did that on your behalf.
Pushed in:
1063d918b9 gnu: rust-regex-syntax: Update to 0.6.27.
1cf3737093 gnu: rust-regex: Update to 1.6.0 [fixes CVE-2022-24713].
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Marius Bakke <marius <at> gnu.org>:
You have taken responsibility.
(Mon, 29 Aug 2022 16:34:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
gyara <me <at> gyara.moe>:
bug acknowledged by developer.
(Mon, 29 Aug 2022 16:34:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 27 Sep 2022 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 204 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.