guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#53461] [address@hidden: Rust CVE]

From: Leo Famulari
Subject: [bug#53461] [address@hidden: Rust CVE]
Date: Sat, 22 Jan 2022 19:29:57 -0500 
----- Forwarded message from kiasoc5@tutanota.com -----

Date: Sun, 23 Jan 2022 01:20:10 +0100 (CET)
From: kiasoc5@tutanota.com
To: guix-security@gnu.org
Subject: Rust CVE

Hi,

Rust has a new cve that is only mitigated by upgrading to Rust 1.58+.

https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html

Attached is a patch that adds rust-1.58.1. It doesn't replace the default as 
I'm not sure whether this should be grafted or not.

Thanks
kiasoc5

>From 753f4e9c68a7b12267989d1721e97841d9f499d0 Mon Sep 17 00:00:00 2001
From: kiasoc5 <kiasoc5@tutanota.com>
Date: Sat, 22 Jan 2022 19:10:50 -0500
Subject: [PATCH] gnu: Add rust-1.58.

* gnu/packages/rust.scm (rust-1.58): New variable.
---
 gnu/packages/rust.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 5a6d4a5c30..c9b44da844 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -784,6 +784,10 @@ (define rust-1.57
                             `("procps" ,procps)
                             (package-native-inputs base-rust))))))
 
+(define rust-1.58
+  (rust-bootstrapped-package
+   rust-1.57 "1.58.1" "1iq7kj16qfpkx8gvw50d8rf7glbm6s0pj2y1qkrz7mi56vfsyfd8"))
+
 ;;; Note: Only the latest versions of Rust are supported and tested.  The
 ;;; intermediate rusts are built for bootstrapping purposes and should not
 ;;; be relied upon.  This is to ease maintenance and reduce the time

base-commit: dfc32d8d997da74a6e838b450649bd89905ffdc3
-- 
2.34.1



----- End forwarded message -----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]