--- Begin Message ---
Subject: |
[PATCH 1/2] gnu: rust-regex-syntax: Update to 0.6.27. |
Date: |
Tue, 23 Aug 2022 23:30:21 +0900 |
---
This patch update rust-regex to 1.6.0 to fix CVE-2022-24713.
gnu/packages/crates-io.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index cfafce9aa3..9c44fec198 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -48811,14 +48811,14 @@ (define-public rust-regex-automata-0.1
(define-public rust-regex-syntax-0.6
(package
(name "rust-regex-syntax")
- (version "0.6.25")
+ (version "0.6.27")
(source
(origin
(method url-fetch)
(uri (crate-uri "regex-syntax" version))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
- (base32 "16y87hz1bxmmz6kk360cxwfm3jnbsxb3x4zw9x1gzz7khic2i5zl"))))
+ (base32 "0i32nnvyzzkvz1rqp2qyfxrp2170859z8ck37jd63c8irrrppy53"))))
(build-system cargo-build-system)
(home-page "https://github.com/rust-lang/regex")
(synopsis "Regular expression parser")
--
2.37.2
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#57354] [PATCH 1/2] gnu: rust-regex-syntax: Update to 0.6.27. |
Date: |
Mon, 29 Aug 2022 18:33:43 +0200 |
Hi gyara,
Thanks a lot for this security fix.
Since this will rebuild 'librsvg', which has ~550 dependent packages, I
added these patches to the about-to-be-merged 'staging' branch.
(it's not ideal either, since it is supposed to be "frozen"; but we
cannot graft Rust packages and would instead have to add a graft for a
patched librsvg, which seemed a lot of work for 'just' 550 rebuilds)
PS: In the future, please mention the changed variable in the commit
message (see the commit log for examples). I did that on your behalf.
Pushed in:
1063d918b9 gnu: rust-regex-syntax: Update to 0.6.27.
1cf3737093 gnu: rust-regex: Update to 1.6.0 [fixes CVE-2022-24713].
signature.asc
Description: PGP signature
--- End Message ---