Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=mBHJ/bvO; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=TAO4RJ5l Received: by mail.netbsd.org (Postfix, from userid 605) id 6757B84E7F; Thu, 11 Apr 2024 14:15:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712844914; bh=hzOpvfctO+JtgRwBq7E6ir5RhFcI65O4Fap79oIuFeM=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=mBHJ/bvO9yk1VtK3kVzhAQN1dc+0QTiHhMW7uDPz8TpFJEC10bHDqeqtbEEy/RJq0 aBGrfBvLrgxbARgbA4x3zLAFzxPmsR6K9ZHq8r6t57n63cMxoFHzLr7oCghWWVDObt Ep2Vg4WxfqqeQlmwzHkeznwD9XNE3ohqlXsnHyEc= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5608F84DBD for ; Thu, 11 Apr 2024 14:15:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id CrcRf7LskTd7 for ; Thu, 11 Apr 2024 14:15:12 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 609C884D8B for ; Thu, 11 Apr 2024 14:15:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712844912; bh=hzOpvfctO+JtgRwBq7E6ir5RhFcI65O4Fap79oIuFeM=; h=Date:From:Subject:To:Reply-To; b=TAO4RJ5lyyMLMnJgOErTn2/be//6JME8Mwh4yC65jofpUikjE+0h9aW5NSPnT18k9 /+N4F6MlvJU7KxdVnaV9hyeI/+5KkN/Xhi5xgiBQOs+7y3NxKEMEznb9NU56As2W8/ TG2j1bmnsQzwW4YTuq5hDtxm39VTx+5/0TlIr83E= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 4AF4CFA2C; Thu, 11 Apr 2024 14:15:12 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1712844912117780" MIME-Version: 1.0 Date: Thu, 11 Apr 2024 14:15:12 +0000 From: "pin" Subject: CVS commit: pkgsrc/shells/nushell To: pkgsrc-changes@NetBSD.org Reply-To: pin@netbsd.org X-Mailer: log_accum Message-Id: <20240411141512.4AF4CFA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1712844912117780 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: pin Date: Thu Apr 11 14:15:12 UTC 2024 Modified Files: pkgsrc/shells/nushell: Makefile cargo-depends.mk distinfo Added Files: pkgsrc/shells/nushell/patches: patch-Cargo.toml Log Message: shells/nushell: update to 0.92.2 This is the 0.92.2 patch release of Nushell. This hot-fix addresses a security concern with how arguments are passed to external commands on Windows. The underlying vulnerability was found in the interaction of the Rust standard library we use and the Windows command invocation logic and documented as CVE-2024-24576 To address this concern, we update the version of the Rust compiler and standard library used to build Nushell to the latest stable version (1.77.2). Note: Distributors of Nushell need to upgrade their Rust toolchain to provide a patched Nushell build. pkgsrc note: As CVE-2024-24576 only affects Windows, we are patching away the requirement for MSRV 1.72.2 back to 1.75.0 To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/shells/nushell/Makefile cvs rdiff -u -r1.35 -r1.36 pkgsrc/shells/nushell/cargo-depends.mk cvs rdiff -u -r1.42 -r1.43 pkgsrc/shells/nushell/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/shells/nushell/patches/patch-Cargo.toml Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1712844912117780 Content-Disposition: inline Content-Length: 4532 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/shells/nushell/Makefile diff -u pkgsrc/shells/nushell/Makefile:1.53 pkgsrc/shells/nushell/Makefile:1.54 --- pkgsrc/shells/nushell/Makefile:1.53 Thu Apr 11 09:06:33 2024 +++ pkgsrc/shells/nushell/Makefile Thu Apr 11 14:15:11 2024 @@ -1,10 +1,6 @@ -# $NetBSD: Makefile,v 1.53 2024/04/11 09:06:33 pin Exp $ +# $NetBSD: Makefile,v 1.54 2024/04/11 14:15:11 pin Exp $ -# Please don't update to 0.92.2 -# The latest version has Rust-1.77.2 as minimum required version. -# This is due to CVE-2024-24576 that only affects Windows. -# see, https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html -DISTNAME= nushell-0.92.1 +DISTNAME= nushell-0.92.2 CATEGORIES= shells MASTER_SITES= ${MASTER_SITE_GITHUB:=nushell/} Index: pkgsrc/shells/nushell/cargo-depends.mk diff -u pkgsrc/shells/nushell/cargo-depends.mk:1.35 pkgsrc/shells/nushell/cargo-depends.mk:1.36 --- pkgsrc/shells/nushell/cargo-depends.mk:1.35 Fri Apr 5 07:31:25 2024 +++ pkgsrc/shells/nushell/cargo-depends.mk Thu Apr 11 14:15:11 2024 @@ -1,4 +1,4 @@ -# $NetBSD: cargo-depends.mk,v 1.35 2024/04/05 07:31:25 pin Exp $ +# $NetBSD: cargo-depends.mk,v 1.36 2024/04/11 14:15:11 pin Exp $ CARGO_CRATE_DEPENDS+= addr2line-0.21.0 CARGO_CRATE_DEPENDS+= adler-1.0.2 Index: pkgsrc/shells/nushell/distinfo diff -u pkgsrc/shells/nushell/distinfo:1.42 pkgsrc/shells/nushell/distinfo:1.43 --- pkgsrc/shells/nushell/distinfo:1.42 Fri Apr 5 07:31:25 2024 +++ pkgsrc/shells/nushell/distinfo Thu Apr 11 14:15:11 2024 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42 2024/04/05 07:31:25 pin Exp $ +$NetBSD: distinfo,v 1.43 2024/04/11 14:15:11 pin Exp $ BLAKE2s (addr2line-0.21.0.crate) = aa7d8fa248d0454d92b962f5d741ba41c55564299d33e6814e70dfe0b71bbcc7 SHA512 (addr2line-0.21.0.crate) = afde7660dda30dee240e79df1fb5b92d4572520bf17a134ef3765e2a077af9e13713952d52e27fae420109b40f6e24dbce1056687dbcbead858ffc21cc7dc69b @@ -888,9 +888,9 @@ Size (num_threads-0.1.6.crate) = 7334 by BLAKE2s (number_prefix-0.4.0.crate) = e2e6caf7fd792ec56ec5665184ed1b66469de944c998ee8e0eee92eb0f7105b5 SHA512 (number_prefix-0.4.0.crate) = a43b668d7314218b86ca7451daa9dfef71f6c9f6616bc34c12d94ae6030f182bcca9da83905cb46f3d49d0aa81385a787e92e4f3ae239658067adc249f8174df Size (number_prefix-0.4.0.crate) = 6922 bytes -BLAKE2s (nushell-0.92.1.tar.gz) = 2a7c80dce2a8286ca60e70671bbf864f0539d1e8a744ff746e4c32ba8cc491d4 -SHA512 (nushell-0.92.1.tar.gz) = 05e3b5f2ab7d8a90352cfd2deb6ba45f80ea1d5fea9bccad32f1b32842d7151f8945a27d044ce428d400065629506051054abfb0256c9db47bd19ccb91e18fc4 -Size (nushell-0.92.1.tar.gz) = 2926995 bytes +BLAKE2s (nushell-0.92.2.tar.gz) = f16b0f8c413d8f2138b7d26728b3642fccfffc8d4027fce93fa2fc919c3e20a6 +SHA512 (nushell-0.92.2.tar.gz) = cedbec49b8bbddcec2f4c419c09655ce7566db0509ca1f44b7052f8c0eb8484717333838613b4e88d4ae71af9d2ed6a9bcdf13f4b0075f33582818e1ed9c1326 +Size (nushell-0.92.2.tar.gz) = 2927111 bytes BLAKE2s (objc-0.2.7.crate) = e34a570a877d402bef4a22098157a24171ada921812037222da0b82a1424f391 SHA512 (objc-0.2.7.crate) = 7178870c8e4e9154b4c7b4953b3164946b7ce72c956a02b9ba18889353c72be735824bd73e44a485e42ad5f97994820d9153ac684629342755a6a63711ab5988 Size (objc-0.2.7.crate) = 22036 bytes @@ -1899,4 +1899,4 @@ Size (zstd-safe-7.0.0.crate) = 20463 byt BLAKE2s (zstd-sys-2.0.9+zstd.1.5.5.crate) = ffa04e8df7b5d33c5be50d34ccf82d0f6a9568f2582f982abcd2419b21a3bf9e SHA512 (zstd-sys-2.0.9+zstd.1.5.5.crate) = 604c01eae4975745aca1dc1d351db98fec34f7036143e59dfeb4d36e6ee18ac9f3871a288557c8ebdc9e816967a008da43154dc9a0eb3cac85071ccb05bf58aa Size (zstd-sys-2.0.9+zstd.1.5.5.crate) = 728791 bytes -SHA1 (patch-crates_nu-command_src_filesystem_ucp.rs) = 8b96dbc6e05c6445b8e3e87df87b90eac6d657d9 +SHA1 (patch-Cargo.toml) = 97e652df1725ed14591a97a4bebb2f46f2bc0426 Added files: Index: pkgsrc/shells/nushell/patches/patch-Cargo.toml diff -u /dev/null pkgsrc/shells/nushell/patches/patch-Cargo.toml:1.1 --- /dev/null Thu Apr 11 14:15:12 2024 +++ pkgsrc/shells/nushell/patches/patch-Cargo.toml Thu Apr 11 14:15:12 2024 @@ -0,0 +1,15 @@ +$NetBSD: patch-Cargo.toml,v 1.1 2024/04/11 14:15:12 pin Exp $ + +Don't require latest to fix a bug that only affects Windows. + +--- Cargo.toml.orig 2024-04-11 09:59:36.434842357 +0000 ++++ Cargo.toml +@@ -10,7 +10,7 @@ homepage = "https://www.nushell.sh" + license = "MIT" + name = "nu" + repository = "https://github.com/nushell/nushell" +-rust-version = "1.77.2" ++rust-version = "1.75.0" + version = "0.92.2" + + # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html --_----------=_1712844912117780--