From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 22 19:30:10 2022 Received: (at submit) by debbugs.gnu.org; 23 Jan 2022 00:30:10 +0000 Received: from localhost ([127.0.0.1]:38215 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nBQli-0003Ph-Pk for submit@debbugs.gnu.org; Sat, 22 Jan 2022 19:30:10 -0500 Received: from lists.gnu.org ([209.51.188.17]:52858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nBQlf-0003PT-K7 for submit@debbugs.gnu.org; Sat, 22 Jan 2022 19:30:05 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34188) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nBQlf-0001cN-AV for guix-patches@gnu.org; Sat, 22 Jan 2022 19:30:03 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:32833) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nBQld-0001Z0-AV for guix-patches@gnu.org; Sat, 22 Jan 2022 19:30:03 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 754C85C00A6; Sat, 22 Jan 2022 19:29:59 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sat, 22 Jan 2022 19:29:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=mesmtp; bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHiBs=; b=V+SAGjxSEciz PR1frcY54g0vMlqUwTQXLZSav9I2JcZMimWxIm+ftkb0sOoi8Id1Kq+8UFa4z4ul GeTNnnyuPc/f4NmfxsLtlNav/4M7YvZ1L7ZNyNBrp1BjPjY0qsi5YbMXvPsal18L b3HyzTh943Bi/dKBq65Nl8HgWwT11qY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=YmmRb5Pcdyo9iEUsJ0unHSLoNN6bMalxUviXJqSHi Bs=; b=QouShFrsuNLosXc8pV29LhS0L2usxHCjmeJb1/QJnZdy56LA/a/KcRKB+ fQ1Qs51gQi1gvuM+wzH5qwSY3kdKiGEAqH5o22glBvT3c1XF/4OQRyGi+rLUL7rI JL13BRoUqZo8eMO9QPE17lljXCO26I/MATt0Z28GkH7+KJBzOVA0WxPNIfIdgQ15 XcVZbJyYScqBqUdCP7RJSUuyv2yIBDSrJhTBlDjsir3MvwCSeWYHABb5QmA86a61 nnMlwYf1Xdlx8TSlzwaCMk7NVs2wPAH7ioNvK1vYL+t6288fYfQqvpniyErDPO1E 3APGbibAtdsmPWZt0WY9v5kRqu9vQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrvdefgddvfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggusehttdertddttd dvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdr nhgrmhgvqeenucggtffrrghtthgvrhhnpeeguddugfejteffieeuvddvleetueegfffhve dtgfehudegueffteegtdehtdejteenucffohhmrghinheprhhushhtqdhlrghnghdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg hosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 22 Jan 2022 19:29:59 -0500 (EST) Date: Sat, 22 Jan 2022 19:29:57 -0500 From: Leo Famulari To: guix-patches@gnu.org Subject: [kiasoc5@tutanota.com: Rust CVE] Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Received-SPF: pass client-ip=66.111.4.25; envelope-from=leo@famulari.name; helo=out1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) ----- Forwarded message from kiasoc5@tutanota.com ----- Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET) From: kiasoc5@tutanota.com To: guix-security@gnu.org Subject: Rust CVE Hi, Rust has a new cve that is only mitigated by upgrading to Rust 1.58+. https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Attached is a patch that adds rust-1.58.1. It doesn't replace the default as I'm not sure whether this should be grafted or not. Thanks kiasoc5 From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001 From: kiasoc5 Date: Sat, 22 Jan 2022 19:10:50 -0500 Subject: [PATCH] gnu: Add rust-1.58. * gnu/packages/rust.scm (rust-1.58): New variable. --- gnu/packages/rust.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm index 5a6d4a5c30..c9b44da844 100644 --- a/gnu/packages/rust.scm +++ b/gnu/packages/rust.scm @@ -784,6 +784,10 @@ (define rust-1.57 `("procps" ,procps) (package-native-inputs base-rust)))))) +(define rust-1.58 + (rust-bootstrapped-package + rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8")) + ;;; Note: Only the latest versions of Rust are supported and tested. The ;;; intermediate rusts are built for bootstrapping purposes and should not ;;; be relied upon. This is to ease maintenance and reduce the time base-commit: dfc32d8d997da74a6e838b450649bd89905ffdc3 -- 2.34.1 ----- End forwarded message -----