From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6GR5Oehn6WK7sAAAbAwnHQ (envelope-from ) for ; Tue, 02 Aug 2022 20:07:37 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id YO1fOehn6WJSOQEA9RJhRA (envelope-from ) for ; Tue, 02 Aug 2022 20:07:36 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7FACD2F569 for ; Tue, 2 Aug 2022 20:07:36 +0200 (CEST) Received: from localhost ([::1]:51062 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oIwIp-0006RG-KD for larch@yhetil.org; Tue, 02 Aug 2022 14:07:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60418) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIwIJ-0006Or-3Q for bug-guix@gnu.org; Tue, 02 Aug 2022 14:07:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55255) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIwII-0007b2-QI for bug-guix@gnu.org; Tue, 02 Aug 2022 14:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oIwII-0005Rh-KS for bug-guix@gnu.org; Tue, 02 Aug 2022 14:07:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56895: rust-brotli-sys bundles (insecure!) brotli Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 02 Aug 2022 18:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 56895 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 56895@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165946360320906 (code B ref -1); Tue, 02 Aug 2022 18:07:02 +0000 Received: (at submit) by debbugs.gnu.org; 2 Aug 2022 18:06:43 +0000 Received: from localhost ([127.0.0.1]:45004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwHz-0005R8-AT for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:06:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:37460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIwHv-0005Qy-FW for submit@debbugs.gnu.org; Tue, 02 Aug 2022 14:06:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60302) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIwHv-0005lY-1g for bug-guix@gnu.org; Tue, 02 Aug 2022 14:06:39 -0400 Received: from laurent.telenet-ops.be ([2a02:1800:110:4::f00:19]:50898) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIwHs-0007XU-O5 for bug-guix@gnu.org; Tue, 02 Aug 2022 14:06:38 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by laurent.telenet-ops.be with bizsmtp id 2i6X2800C20ykKC01i6Xm2; Tue, 02 Aug 2022 20:06:32 +0200 Message-ID: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Date: Tue, 2 Aug 2022 20:06:31 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US From: Maxime Devos Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------FdgYJyYuN1KS3gl4RdzwJjgR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659463592; bh=WjpfjY16KWzYc0BoaHdpbsv+USX+j8NEegZsSHonoic=; h=Date:To:From:Subject; b=AVGS3ZMR6kVJX462nRokby8YhtdlSP7C2UX78j+3O7m+rJXuKBSN1+YQ/Lyf519Z/ 7CjkRN7mAd2f2tdjQ1/DRyYacxCToM9fXyUCXjGDvsp65lUmC28YHY3Y+CkorbOIc8 AARrOTUfZ7xT/Vz/9CJ/cxYhHUZ9FQy1zCOQpmBWVDgNDI407+lDFJY2xlYLnl0tNP v6DnpcGYygSH+H/CsIqrUxcNwIvquApshSt58cQl1OxjAyo+iJROLeisD+oNfv2St0 VkwE2HB8RB1WJ8kGH3fIvfI31/fN6nkSAlkb3F21e0qsxvznICpzGB5b7fzUm11Sm8 i+Nw+Q7hNpeIg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:19; envelope-from=maximedevos@telenet.be; helo=laurent.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659463656; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=WjpfjY16KWzYc0BoaHdpbsv+USX+j8NEegZsSHonoic=; b=V8Sgav8RF908GvqZ1/Y3V1/WJCzALhW2Z+R4W/tY01GTKDX/uyjV4XF3ekdsjYsXk4gH/A QL/f9ibrf36eIqcoYLEkyQXorOl/YOKy5ZexcFPWMxgtYi1YDy2qInaJ/ZE2Doq5UEIM3w nRJ4SCAjIWMKpq8NQjpItJd9zFPf4/hA+CNgydv/suuLw3zDOlBALvCJnpiwBqLbD0bRyL AAsP9s2+4cOyH/r00qbPw/Iv5T4KYup1y1zCLgmSHOpKLHvV0alopAOwkzpH4NMjtTc0BI 9FiAGvRaK1EnPty4wwHU2cDFscKQ0lPgnmf0c3KVVwK/UDcGvD+AF0Y1ZHUI+w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659463656; a=rsa-sha256; cv=none; b=iKEFT5ytKtGn8CM13M1ppGXmPVPIGbCPixkeUcMvzJjVcpdwgFGBBF/7B/bIim1Enj4x30 tJ+kpgpn7WX4BdJKyZXDnHDyWds8b+zwMRhBb7JnuJ1I8W5Yi3D5K+wHss+dZbOlcqO54x ogHwh79iHKF1Ra0/Ineyhm3P7xxhrREZMb7EPTWTTySOoyf3ZWx+UY0s7XTMA/3+OdP1X6 r2XRizQA+fdGwPM3S6DNf2Zzo5ilwg7J7XDZzlxIBfPxm801b45zZSNKa3ksWXJ1KyLNVp rvyL1DqhFXaAuro48WeD6mN/mgGqFMSDxuu5rRKjXdcM4IWc9bIctThkhgzroA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=AVGS3ZMR; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.88 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=AVGS3ZMR; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7FACD2F569 X-Spam-Score: 4.88 X-Migadu-Scanner: scn0.migadu.com X-TUID: lDHfmeEd6OZh This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------FdgYJyYuN1KS3gl4RdzwJjgR Content-Type: multipart/mixed; boundary="------------1F5rJeMuK2OZ5pbNsY4929IP"; protected-headers="v1" From: Maxime Devos To: bug-guix@gnu.org Message-ID: <54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be> Subject: rust-brotli-sys bundles (insecure!) brotli --------------1F5rJeMuK2OZ5pbNsY4929IP Content-Type: multipart/mixed; boundary="------------QqDbmtWET80aggGm69qd0CZl" --------------QqDbmtWET80aggGm69qd0CZl Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SSBub3RpY2VkIHJ1c3QtYnJvdGxpLXN5cyBidW5kbGVzIGJyb3RsaTogDQo8aHR0cHM6Ly9n aXRodWIuY29tL2JpdGVteWFwcC9icm90bGkyLXJzL2Jsb2IvbWFzdGVyL2Jyb3RsaS1zeXMv YnVpbGQucnMjTDE2Pi4NCg0KVGhlIHZlcnNpb24gaXQgYnVuZGxlcyBpcyBhcHBhcmVudGx5 IGluc2VjdXJlOiANCjxodHRwczovL2dpdGh1Yi5jb20vYml0ZW15YXBwL2Jyb3RsaTItcnMv aXNzdWVzLzQ1Pg0KDQpBcyBtZW50aW9uZWQgYXQgPGh0dHBzOi8vZ2l0aHViLmNvbS9hY3Rp eC9hY3RpeC13ZWIvaXNzdWVzLzI1Mzc+LCB0aGVyZSANCmhhdmUgYmVlbiBtdWx0aXBsZSBQ UiB1cGRhdGluZyBpdCB0byBuZXcgUFIgYnV0IHRoZXkgd2VyZSBhYmFuZG9uZWQsIHNvIA0K aXQgYXBwZWFycyB3ZSBoYXZlIHRvIHJlbW92ZSBydXN0LWJyb3RsaS1zeXMgZW50aXJlbHkg KGluIGZhdm91ciBvZiANCnJ1c3QtYnJvdGxpPykgb3IgbWVyZ2Ugb25lIG9mIHRoZW0gKG9y IGJldHRlcjogdW5idW5kbGUpIHRoaW5ncyBvbiBvdXIgb3duLg0KDQpHcmVldGluZ3MsDQpN YXhpbWUuDQoNCg== --------------QqDbmtWET80aggGm69qd0CZl Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------QqDbmtWET80aggGm69qd0CZl-- --------------1F5rJeMuK2OZ5pbNsY4929IP-- --------------FdgYJyYuN1KS3gl4RdzwJjgR Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYulnpwUDAAAAAAAKCRBJ4+4iGRcl7maE AQCFW2xcjug2qdsY8yKv+Fhwqb+GTlXmjlwEsyDfeSin/wEAtbLskmuWSr53w+otxMiqtTxv4GCk Dvpx9MdX+j7+LQI= =YfaL -----END PGP SIGNATURE----- --------------FdgYJyYuN1KS3gl4RdzwJjgR--