| Message ID | 20220823143020.471916-1-me@gyara.moe | 
|---|---|
| State | New | 
| Headers | Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8B22B27BBEA; Tue, 23 Aug 2022 15:34:03 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 43EB327BBE9 for <patchwork@mira.cbaines.net>; Tue, 23 Aug 2022 15:34:03 +0100 (BST) Received: from localhost ([::1]:54640 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>) id 1oQUyg-0002tx-A7 for patchwork@mira.cbaines.net; Tue, 23 Aug 2022 10:34:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53270) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oQUxj-0002NZ-9z for guix-patches@gnu.org; Tue, 23 Aug 2022 10:33:18 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55017) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oQUxi-0000Ue-Se for guix-patches@gnu.org; Tue, 23 Aug 2022 10:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oQUxi-0000hg-G2 for guix-patches@gnu.org; Tue, 23 Aug 2022 10:33:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#57354] [PATCH 1/2] gnu: rust-regex-syntax: Update to 0.6.27. Resent-From: gyara <me@gyara.moe> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 23 Aug 2022 14:33:02 +0000 Resent-Message-ID: <handler.57354.B.16612651242607@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 57354 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 57354@debbugs.gnu.org Cc: gyara <me@gyara.moe> X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16612651242607 (code B ref -1); Tue, 23 Aug 2022 14:33:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 Aug 2022 14:32:04 +0000 Received: from localhost ([127.0.0.1]:44760 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1oQUwl-0000fz-Ng for submit@debbugs.gnu.org; Tue, 23 Aug 2022 10:32:03 -0400 Received: from lists.gnu.org ([209.51.188.17]:33192) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <me@gyara.moe>) id 1oQUwj-0000fa-TE for submit@debbugs.gnu.org; Tue, 23 Aug 2022 10:32:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43242) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <me@gyara.moe>) id 1oQUwi-0001Jp-3c for guix-patches@gnu.org; Tue, 23 Aug 2022 10:32:00 -0400 Received: from mail-ej1-x632.google.com ([2a00:1450:4864:20::632]:35724) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <me@gyara.moe>) id 1oQUwc-0000J9-EN for guix-patches@gnu.org; Tue, 23 Aug 2022 10:31:59 -0400 Received: by mail-ej1-x632.google.com with SMTP id n7so9667293ejh.2 for <guix-patches@gnu.org>; Tue, 23 Aug 2022 07:31:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gyara.moe; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc; bh=b2KiBN+nrkG4B5cIU9pwwnP4t0FjPo4BP9z3mvZeBvk=; b=SzqIZk10Ro82CJnNrT+KIXjoyzN9mb7xKvQsLuQSGTFOzUV3OmAD5NfycV+HekPmUB FwirQQus7BLPh9884WvSgnrM27LEZIkENeSy2LN1PDa26po4tjtSGQkRG2bg+SEEkQjW Iyq85hH8nHa3cW/4k0WDevCzEmp8qr5GSn544KzcbEpbGKfJGnIeD5Is/p/yoOb1BXDY ou0OCS8+HAqr1iOW2/MWksQDZM8TlQDcFbUll45aPdO+QtSoOO2wdQphbq9OhTGGxJ0s JESXgeO3JYk4qCWQFRhhIYERWpFlK8MUQpnNj9losTdTQ2mjV/JZEnCahpr/yqh5yT+i /Y/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc; bh=b2KiBN+nrkG4B5cIU9pwwnP4t0FjPo4BP9z3mvZeBvk=; b=6sXnI23+LwdfEK7kwddPVkhF21eVyh0phJTO7c+rdmSirI7JWfckq7eILOZhf+t+9G IClHT0WDfCebzviHtFVy5pbg9ZyEJnOdXq75EnC65EXUuaf6gse7oUBvE+e84QV3TF5R xCG44TRmiqY5ERduuBL28bR/lZWGOpFRtMplU6BxBRMbxGWr52gTceTSlDNh5EjZ2PrU qZy0LbN0racDYCXm3qGavB6WrbFtkoUq56ScNVh//0CXD1HJjcZ4nfZtxHPvrVzacgOY 3tSHlcLWGTGqOiiqDLVayUQ9+KfCsyw+gB0Vgwo6Vz6nosMBcIvuAGRGAMPGwZrenJxG EmzQ== X-Gm-Message-State: ACgBeo0cehRt+jNGCY3x/RLMig1WqTfZ8f1yqPwyW+1JlIQpoUWL6U3X ObnXVKJT/aUkDn/UaTlcOfSuZduaJY+XmLwHzy8= X-Google-Smtp-Source: AA6agR5J2wJ2oaQBn2337yChOsnYmYR/lJOMFsp8d4FQMgG9Nr6J4Ym92QAseKj81dTQopF0bv4iwQ== X-Received: by 2002:a17:907:d08:b0:72f:b107:c07a with SMTP id gn8-20020a1709070d0800b0072fb107c07amr16603832ejc.340.1661265110464; Tue, 23 Aug 2022 07:31:50 -0700 (PDT) Received: from localhost ([103.251.167.10]) by smtp.gmail.com with ESMTPSA id f7-20020a1709062c4700b0073d64fcd8aesm4721332ejh.219.2022.08.23.07.31.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Aug 2022 07:31:48 -0700 (PDT) Date: Tue, 23 Aug 2022 23:30:21 +0900 Message-Id: <20220823143020.471916-1-me@gyara.moe> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::632; envelope-from=me@gyara.moe; helo=mail-ej1-x632.google.com X-Spam_score_int: -7 X-Spam_score: -0.8 X-Spam_bar: / X-Spam_report: (-0.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Reply-to: gyara <me@gyara.moe> X-ACL-Warn: , gyara via Guix-patches <guix-patches@gnu.org> From: gyara via Guix-patches via <guix-patches@gnu.org> X-getmail-retrieved-from-mailbox: Patches | 
| Series | [bug#57354,1/2] gnu: rust-regex-syntax: Update to 0.6.27.
       | 
 | 
Commit Message
    ギャラ
    Aug. 23, 2022, 2:30 p.m. UTC
  
  --- This patch update rust-regex to 1.6.0 to fix CVE-2022-24713. gnu/packages/crates-io.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Hi gyara, Thanks a lot for this security fix. Since this will rebuild 'librsvg', which has ~550 dependent packages, I added these patches to the about-to-be-merged 'staging' branch. (it's not ideal either, since it is supposed to be "frozen"; but we cannot graft Rust packages and would instead have to add a graft for a patched librsvg, which seemed a lot of work for 'just' 550 rebuilds) PS: In the future, please mention the changed variable in the commit message (see the commit log for examples). I did that on your behalf. Pushed in: 1063d918b9 gnu: rust-regex-syntax: Update to 0.6.27. 1cf3737093 gnu: rust-regex: Update to 1.6.0 [fixes CVE-2022-24713].
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm index cfafce9aa3..9c44fec198 100644 --- a/gnu/packages/crates-io.scm +++ b/gnu/packages/crates-io.scm @@ -48811,14 +48811,14 @@ (define-public rust-regex-automata-0.1 (define-public rust-regex-syntax-0.6 (package (name "rust-regex-syntax") - (version "0.6.25") + (version "0.6.27") (source (origin (method url-fetch) (uri (crate-uri "regex-syntax" version)) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "16y87hz1bxmmz6kk360cxwfm3jnbsxb3x4zw9x1gzz7khic2i5zl")))) + (base32 "0i32nnvyzzkvz1rqp2qyfxrp2170859z8ck37jd63c8irrrppy53")))) (build-system cargo-build-system) (home-page "https://github.com/rust-lang/regex") (synopsis "Regular expression parser")