-
Notifications
You must be signed in to change notification settings - Fork 47
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
"Could not determine the UTC offset on this system" and defaulting to UTC timestamps #52
Labels
CVE-2020-26235
Unsound behaviour with local timezone access
Comments
borntyping
changed the title
Safely change timezone defaults
"Could not determine the UTC offset on this system" and changing the defaults away from local timestamps
Jan 19, 2022
borntyping
changed the title
"Could not determine the UTC offset on this system" and changing the defaults away from local timestamps
"Could not determine the UTC offset on this system" and defaulting to UTC timestamps
Jan 19, 2022
This was
linked to
pull requests
Jan 20, 2022
Merged
Merged
kesyog
added a commit
to kesyog/crabby-merge
that referenced
this issue
Jan 28, 2022
Due to CVE-2020-26235, the `time` crate has issues determining the local time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>. Updated to simple_logger 2, which defaults to UTC timestamps to sidestep the issue.
kesyog
added a commit
to kesyog/crabby-merge
that referenced
this issue
Jan 28, 2022
Due to CVE-2020-26235, the `time` crate has issues determining the local time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>. Updated to simple_logger 2, which defaults to UTC timestamps to sidestep the issue.
kesyog
added a commit
to kesyog/crabby-merge
that referenced
this issue
Jan 28, 2022
Due to CVE-2020-26235, the `time` crate has issues determining the local time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>. Updated to simple_logger 2, which defaults to UTC timestamps to sidestep the issue.
tomtung
added a commit
to tomtung/omikuji
that referenced
this issue
Feb 1, 2022
According to borntyping/rust-simple_logger#52, this should fix #37
tomtung
added a commit
to tomtung/omikuji
that referenced
this issue
Feb 1, 2022
According to borntyping/rust-simple_logger#52, this should fix #37
tomtung
added a commit
to tomtung/omikuji
that referenced
this issue
Feb 1, 2022
According to borntyping/rust-simple_logger#52, this should fix #37
5 tasks
dimtion
added a commit
to dimtion/copiepate
that referenced
this issue
Mar 30, 2022
Fix a bug where simple_logger would not start due to time crate not providing a local timestamp. simple_logger 2.x.x now displays by default the timestamp in UTC which does not have this issue. Since we are not displaying timestamp in logs, this bump is harmless. Issue: borntyping/rust-simple_logger#51 Fix & recomendation: borntyping/rust-simple_logger#52
dimtion
added a commit
to dimtion/copiepate
that referenced
this issue
Mar 30, 2022
Fix a bug where simple_logger would not start due to time crate not providing a local timestamp. simple_logger 2.x.x now displays by default the timestamp in UTC which does not have this issue. Since we are not displaying timestamp in logs, this bump is harmless. Issue: borntyping/rust-simple_logger#51 Fix & recomendation: borntyping/rust-simple_logger#52
Repository owner
locked and limited conversation to collaborators
Aug 21, 2022
quite4work
added a commit
to quite4work/cargo-cacher
that referenced
this issue
Apr 23, 2023
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
The current defaults are to format timestamps using the local timezone. Since switching to the
time
crate to avoid unsafe code inchrono
(CVE-2020-26235), a lot of users usesimple_logger
in scenarios wheretime
refuses to fetch the local timezone to avoid running unsafe code (time-rs/time#293). This usually affects users running a multithreaded application, astime
assumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.Support for UTC timestamps has been added to
simple_logger
, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.If this issue is affecting you, there are a few approaches you can take:
simple_logger
2.0.0This breaking change switches to UTC timestamps in RFC 3339 format.
Use UTC via
.with_utc_timestamps()
like in examples/timestamps_utc.rs.Use a static UTC offset via
.with_utc_offset(...)
like in examples/timestamps_utc_offset.rs.Don't display timestamps at all via
.without_timestamps()
like in examples/timestamps_none.rs.time
crate's unsafe featuresExport
RUSTFLAGS="--cfg unsound_local_offset"
when compiling (docs).Issues related to this are all tagged CVE-2020-26235. Tagging #51, #48, #47, #44, #43, #35.
The text was updated successfully, but these errors were encountered: