Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Could not determine the UTC offset on this system" and defaulting to UTC timestamps #52

Closed
borntyping opened this issue Jan 19, 2022 · 0 comments · Fixed by #41, #42, #46 or #53
Closed

"Could not determine the UTC offset on this system" and defaulting to UTC timestamps #52

borntyping opened this issue Jan 19, 2022 · 0 comments · Fixed by #41, #42, #46 or #53
Assignees
@borntyping
Labels
CVE-2020-26235 Unsound behaviour with local timezone access

Comments

@borntyping
Copy link
Owner

borntyping commented Jan 19, 2022
edited

The current defaults are to format timestamps using the local timezone. Since switching to the time crate to avoid unsafe code in chrono (CVE-2020-26235), a lot of users use simple_logger in scenarios where time refuses to fetch the local timezone to avoid running unsafe code (time-rs/time#293). This usually affects users running a multithreaded application, as time assumes it's safe to get the local timezone when running in a single-threaded environment where there's no risk of an environment variable being set by a different thread.

Support for UTC timestamps has been added to simple_logger, but I'm currently trying to work out the best way to safely change the default away from local timestamps in a way that doesn't risk silently changing user's logs from one timezone to another with no way to tell the difference.

If this issue is affecting you, there are a few approaches you can take:

  1. Upgrade to simple_logger 2.0.0
    This breaking change switches to UTC timestamps in RFC 3339 format.
  2. Switch the timestamp display
    Use UTC via .with_utc_timestamps() like in examples/timestamps_utc.rs.
    Use a static UTC offset via .with_utc_offset(...) like in examples/timestamps_utc_offset.rs.
    Don't display timestamps at all via .without_timestamps() like in examples/timestamps_none.rs.
  3. Use the time crate's unsafe features
    Export RUSTFLAGS="--cfg unsound_local_offset" when compiling (docs).

Issues related to this are all tagged CVE-2020-26235. Tagging #51, #48, #47, #44, #43, #35.
@borntyping borntyping added the CVE-2020-26235 Unsound behaviour with local timezone access label Jan 19, 2022
@borntyping borntyping pinned this issue Jan 19, 2022
@borntyping borntyping changed the title Safely change timezone defaults "Could not determine the UTC offset on this system" and changing the defaults away from local timestamps Jan 19, 2022
@borntyping borntyping changed the title "Could not determine the UTC offset on this system" and changing the defaults away from local timestamps "Could not determine the UTC offset on this system" and defaulting to UTC timestamps Jan 19, 2022
@borntyping borntyping mentioned this issue Jan 19, 2022
Closed
This was linked to pull requests Jan 20, 2022
Exchanged chrono Dependency for Equal Implementation Using The Still-Maintained time Crate #41
Merged
Try to fix accidentally disabled default timestamps feature #42
Merged
Add a timestamps_utc configuration #45
Closed
Add options to use UTC timestamps #46
Merged
Version 2.0.0 #53
Merged
@borntyping borntyping self-assigned this Jan 20, 2022
kesyog added a commit to kesyog/crabby-merge that referenced this issue Jan 28, 2022
@kesyog
Update dependencies and use UTC timestamps
8f87f92 
Due to CVE-2020-26235, the `time` crate has issues determining the local
time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>.

Updated to simple_logger 2, which defaults to UTC timestamps to sidestep
the issue.
kesyog added a commit to kesyog/crabby-merge that referenced this issue Jan 28, 2022
@kesyog
Update dependencies and use UTC timestamps
af253fb 
Due to CVE-2020-26235, the `time` crate has issues determining the local
time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>.

Updated to simple_logger 2, which defaults to UTC timestamps to sidestep
the issue.
kesyog added a commit to kesyog/crabby-merge that referenced this issue Jan 28, 2022
@kesyog
Update dependencies and use UTC timestamps
24dfbdb 
Due to CVE-2020-26235, the `time` crate has issues determining the local
time zone offset, leading to a panic. See <borntyping/rust-simple_logger#52>.

Updated to simple_logger 2, which defaults to UTC timestamps to sidestep
the issue.
@tomtung tomtung mentioned this issue Feb 1, 2022
Closed
tomtung added a commit to tomtung/omikuji that referenced this issue Feb 1, 2022
@tomtung
Update simple_logger
238d906 
According to borntyping/rust-simple_logger#52, this should fix #37
@tomtung tomtung mentioned this issue Feb 1, 2022
Merged
tomtung added a commit to tomtung/omikuji that referenced this issue Feb 1, 2022
@tomtung
Update simple_logger
8f7420f 
According to borntyping/rust-simple_logger#52, this should fix #37
tomtung added a commit to tomtung/omikuji that referenced this issue Feb 1, 2022
@tomtung
Update simple_logger
d222fb8 
According to borntyping/rust-simple_logger#52, this should fix #37
@madsmtm madsmtm mentioned this issue Feb 4, 2022
Merged
5 tasks
dimtion added a commit to dimtion/copiepate that referenced this issue Mar 30, 2022
@dimtion
fix(logging): bump simple_logger to version 2.1.0
2789ab3 
Fix a bug where simple_logger would not start due to time crate not
providing a local timestamp. simple_logger 2.x.x now displays by default
the timestamp in UTC which does not have this issue.

Since we are not displaying timestamp in logs, this bump is harmless.

Issue: borntyping/rust-simple_logger#51
Fix & recomendation: borntyping/rust-simple_logger#52
dimtion added a commit to dimtion/copiepate that referenced this issue Mar 30, 2022
@dimtion
fix(logging): bump simple_logger to version 2.1.0
1319167 
Fix a bug where simple_logger would not start due to time crate not
providing a local timestamp. simple_logger 2.x.x now displays by default
the timestamp in UTC which does not have this issue.

Since we are not displaying timestamp in logs, this bump is harmless.

Issue: borntyping/rust-simple_logger#51
Fix & recomendation: borntyping/rust-simple_logger#52
Repository owner locked and limited conversation to collaborators Aug 21, 2022
@borntyping borntyping converted this issue into discussion #66 Aug 21, 2022
quite4work added a commit to quite4work/cargo-cacher that referenced this issue Apr 23, 2023
@quite4work
Upgrade simple_logger to 2.3.0 to fix borntyping/rust-simple_logger#52
52912b6

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees

@borntyping borntyping

Labels
CVE-2020-26235 Unsound behaviour with local timezone access
Projects
None yet
Milestone
No milestone
1 participant
@borntyping