Re: List of deletion candidates

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: List of deletion candidates
From: pin <voidpin%protonmail.com@localhost>
Date: Fri, 02 Feb 2024 16:20:11 +0000

On Friday, February 2nd, 2024 at 4:27 PM, Greg Troxel <gdt%lexort.com@localhost> wrote:
Benny Siegert bsiegert%gmail.com@localhost writes:

> why do you want to remove them?Do they have vulnerabilities?
At least misc/deckster and misc/rustentia are fully abandoned.

> Do they fail to build?
Don't know, didn't check. I've imported all of these at some point and they worked.

> Do they have vulnerabilities?
You really need to run 'cargo-audit' on everyone of them to know.
But, here:

devel/ugdb,
Potential segfault in `localtime_r` invocations - RUSTSEC-2020-0159
Out-of-bounds write in nix::unistd::getgrouplist - RUSTSEC-2021-0119
Regexes with large repetitions on empty sub-expressions take a very long time to parse - RUSTSEC-2022-0013 (Severity: high)
Potential segfault in the time crate - RUSTSEC-2020-0071 (Severity: medium)
ansi_term is Unmaintained - RUSTSEC-2021-0139
json is unmaintained - RUSTSEC-2022-0081
Potential unaligned read - RUSTSEC-2021-0145
smallvec creates uninitialized value of any type - RUSTSEC-2018-0018

editors/cesium
Potential segfault in `localtime_r` invocations - RUSTSEC-2020-0159
Buffer overflow and format vulnerabilities in functions exposed without unsafe - RUSTSEC-2019-0006
Multiple soundness issues in `owning_ref` - RUSTSEC-2022-0040
Potential segfault in the time crate - RUSTSEC-2020-0071 (Severity: medium)
`term_size` is unmaintained; use `terminal_size` instead - RUSTSEC-2020-0163
Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64 - RUSTSEC-2022-0041

[...]

textproc/paperoni
bzip2 Denial of Service (DoS) - RUSTSEC-2023-0004
Potential segfault in `localtime_r` invocations - RUSTSEC-2020-0159
Regexes with large repetitions on empty sub-expressions take a very long time to parse - RUSTSEC-2022-0013 (Severity: high)
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) - RUSTSEC-2023-0018
Potential segfault in the time crate - RUSTSEC-2020-0071 (Severity: medium)
Uncontrolled recursion leads to abort in deserialization - RUSTSEC-2018-0006 (Severity: high)
`aes-soft` has been merged into the `aes` crate - RUSTSEC-2021-0060
`aesni` has been merged into the `aes` crate - RUSTSEC-2021-0059
ansi_term is Unmaintained - RUSTSEC-2021-0139
`cpuid-bool` has been renamed to `cpufeatures` - RUSTSEC-2021-0064
`kuchiki` is unmaintained - RUSTSEC-2023-0019
stdweb is unmaintained - RUSTSEC-2020-0056
`tempdir` crate has been deprecated; use `tempfile` instead - RUSTSEC-2018-0017
Potential unaligned read - RUSTSEC-2021-0145
Use-after-free due to a lifetime error in `Vec::into_iter()` -RUSTSEC-2022-0078
Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64 RUSTSEC-2022-0041

[...]

> I wonder if voidpin@ believes that it is highly likely that there are zero users.
Yes, this is one of the reasons. The other one being, this is Rust and two years is a long time.
They will start breaking at some point but, we can wait for that.

/Pedro

Follow-Ups:
- Re: List of deletion candidates
  - From: Greg Troxel

References:
- List of deletion candidates
  - From: pin
- Re: List of deletion candidates
  - From: Benny Siegert
- Re: List of deletion candidates
  - From: Greg Troxel

Prev by Date: Re: Switching default version of PHP/RUBY and retirement...
Next by Date: Re: Cannot make pkgsrc-2023Q4
Previous by Thread: Re: List of deletion candidates
Next by Thread: Re: List of deletion candidates
Indexes:

Home | Main Index | Thread Index | Old Index