rand-core security update
Debian Bug report #985087
CVE-2021-27378
I still have not checked building the reverse dependencies, but should be OK.
$ dev/list-rdeps.sh rand_core
Versions of rust-rand-core in unstable:
librust-rand-core-dev 0.5.1-1
librust-rand-core+getrandom-dev 0.5.1-1
librust-rand-core+serde-dev 0.5.1-1
librust-rand-core+std-dev 0.5.1-1
Versions of rdeps of rust-rand-core in unstable, that also exist in testing:
librust-im-rc-dev 14.3.0-1 depends on librust-rand-core-0.5+default-dev (>= 0.5.1-~~),
librust-nitrokey-dev 0.3.4-2 depends on librust-rand-core-0.5+default-dev, librust-rand-core-0.5+getrandom-dev,
librust-quickcheck-dev 0.9.2-1 depends on librust-rand-core-0.5+default-dev,
librust-rand+alloc-dev 0.7.3-3 depends on librust-rand-core-0.5+alloc-dev (>= 0.5.1-~~),
librust-rand-chacha-dev 0.2.2-1 depends on librust-rand-core-0.5+default-dev,
librust-rand-core+std-dev 0.5.1-1 depends on librust-rand-core+alloc-dev (= 0.5.1-1),
librust-rand-dev 0.7.3-3 depends on librust-rand-core-0.5+default-dev (>= 0.5.1-~~),
librust-rand+getrandom-dev 0.7.3-3 depends on librust-rand-core-0.5+getrandom-dev (>= 0.5.1-~~),
librust-rand-hc-dev 0.2.0-1+b1 depends on librust-rand-core-0.5+default-dev,
librust-rand-isaac-dev 0.2.0-1 depends on librust-rand-core-0.5+default-dev,
librust-rand-isaac+serde1-dev 0.2.0-1 depends on librust-rand-core-0.5+serde1-dev,
librust-rand-os-dev 0.2.2-2 depends on librust-rand-core-0.5+default-dev, librust-rand-core-0.5+getrandom-dev,
librust-rand-pcg-dev 0.2.1-1 depends on librust-rand-core-0.5+default-dev,
librust-rand+std-dev 0.7.3-3 depends on librust-rand-core-0.5+std-dev (>= 0.5.1-~~),
librust-rand-xorshift-dev 0.2.0-1 depends on librust-rand-core-0.5+default-dev,
librust-rand-xoshiro-dev 0.4.0-1 depends on librust-rand-core-0.5+default-dev,
Source packages in unstable whose autopkgtests are triggered by rust-rand-core:
grep-dctrl: /var/lib/apt/lists/*_dists_unstable_*_source_Sources*: No such file or directory
grep-dctrl: /var/lib/apt/lists/*_dists_unstable_*_source_Sources*: No such file or directory
grep-dctrl: /var/lib/apt/lists/*_dists_unstable_*_source_Sources*: No such file or directory
grep-dctrl: /var/lib/apt/lists/*_dists_unstable_*_source_Sources*: No such file or directory
If any package is marked "X" (to the left of the package) it means it is not
installable even in unstable - you should check why this is so by attempting to
install it yourself, e.g. via aptitude, and see why it can't be installed. This
must be fixed before migration is attempted. For example, it may depend on a
package which is not yet in Debian. Make sure you give the `-t unstable` flag
so it chooses packages from the correct archive.
One common reason, for an rdep, is that its dependency is out of date - check
the "depends" column above to see if this is the case. If so, you must upgrade
it to the current version, by patching Cargo.toml to accept the new version of
the dependency. Of course, check that the build works - if it doesn't, then
you'll need to further patch the source code of the rdep to use the API of the
new version of the dependency.
Alternatively, if any rdep is obsolete (i.e. nothing else depends on it) then
you should file a RM request to remove it from the Debian archive. See the
section "Remove an obsolete package" in RELEASE.rst for instructions on that.