diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-09-15 11:12:39 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-09-15 11:12:39 +0100 |
commit | d9339ace1b5d6cf11ad869751abc1a474f46931d (patch) | |
tree | 9b5fe462706c49ff13aeb284891e45f28e1c0d0a /dev-lang/rust | |
parent | d49d63ee52f4026f7871f4ce062c172ba5e62b74 (diff) |
gentoo auto-resync : 15:09:2022 - 11:12:38
Diffstat (limited to 'dev-lang/rust')
-rw-r--r-- | dev-lang/rust/Manifest | 4 | ||||
-rw-r--r-- | dev-lang/rust/files/1.63.0-CVE-2022-36113.patch | 48 | ||||
-rw-r--r-- | dev-lang/rust/files/1.63.0-CVE-2022-36114.patch | 102 | ||||
-rw-r--r-- | dev-lang/rust/rust-1.63.0-r1.ebuild (renamed from dev-lang/rust/rust-1.63.0.ebuild) | 19 |
4 files changed, 168 insertions, 5 deletions
diff --git a/dev-lang/rust/Manifest b/dev-lang/rust/Manifest index a4e3fe518606..76070324a237 100644 --- a/dev-lang/rust/Manifest +++ b/dev-lang/rust/Manifest @@ -5,6 +5,8 @@ AUX 1.61.0-llvm_addrspacecast.patch 2677 BLAKE2B c766eb78a21cdb840a74814118e8ca3 AUX 1.61.0-llvm_selectInterleaveCount.patch 2915 BLAKE2B 65bc017d45bcdce2834d040da3e0aa86d9062458a9e1838604c9a8bc567c5cf2a6a61a72658c200c82af794e7f1f749a7b046d917df7879fbd3752be78f0342a SHA512 101ad16196b6c02ce8b7818b9188e2f43b870c4ca44294be533416f16e98c05c3426ed2249c43963a7aa32cf344e2d1c5da5d7a5d520c4d6c014ab2696f55302 AUX 1.61.0-miri-cow.patch 5183 BLAKE2B 090557b73e6aa4e078ce99ad8689c52ce755a4ea0b10963cf8a675ef1d893a537a7217ec2ec857c5d1e407b2653824c32cc55600a89a5ebcbe2aba8ea83966f3 SHA512 c3bee73084e5515304dba4fea4bdc36ef4ad44db6c3be5c3d5b2f3f22ab9f79f6d4cdf6b98c8b3cc362901caf6631f646337c061e43efcebd4341d5ab27f169a AUX 1.62.1-musl-dynamic-linking.patch 897 BLAKE2B cc9805c648754366a49270f12a1a6036bc7059ca09e2524c2836f7af2f221b448b971e43670c2cf0aa80cd930a51ea11e4e3c637f3d80ec46333388cd64c3b50 SHA512 71bd459a9f4daaeb215ba13005eee85502bc5a1d60794f01765990fd183819513c3c8d5c5efe27c9d7e1d15af765492fef8ba6b20ea7ebd1a2228104886928f8 +AUX 1.63.0-CVE-2022-36113.patch 2087 BLAKE2B 10afb960bf0624915f0047a364719cb7e593baa0da89cc929ba742ed178807518c2437eefc6f55a1d7cdccd31d63093e2c5ffc10ac3db3c8b63ab9e06d382536 SHA512 593ac73200def11f28fdbb146d67170340a500e3cc27c4c0263d01caee1405d0572ab4f4a192aa9d480b2b60d6460d0754f406bbc62e70615fb7d9952ec08e77 +AUX 1.63.0-CVE-2022-36114.patch 3877 BLAKE2B 3542b04ab488961a2928f1a2103845e786acbe46342265f5469ba32e4f0419d9ebf545a01d25b71f0ebc4ce82aadd038d28e270b8db1214d3e5134433239fa7e SHA512 bee9794c6caa5057a07109e5b37ff004893e8e5eae2cd8e01985d968e384599333ece619f48f24237d75dbb6a03363154319d72e08261baab398b32146f1efae DIST rust-1.58.1-aarch64-unknown-linux-gnu.tar.xz 229585460 BLAKE2B 301b201cb40249005a1a8adf34ffdb0bacd22e1d919a24dec9bb8331c2243de1b7cc312c91a87fc9e11091cd9ad517347ff09143000d9de051b3c9a6e0780f9d SHA512 04e2cf2116e16fa293c7f2d29816012520b41df44b54657e289e7affbb91af5a5001d140a49aab1286451b93e93b0171edea77f61f01085136d1be1a3baac4a2 DIST rust-1.58.1-aarch64-unknown-linux-gnu.tar.xz.asc 801 BLAKE2B 6da55597fddd643350c73f28a15dcfa935529c0878a199819b9bad6f3ea2542f9021e24bc1a6c8724ff14d36007c00f8906dd1aeaff33b0a99ef6982e8f711b3 SHA512 57debe0afe52c3af3eb53e4efe70ba194ddad449d9952174f8a775531b83f8ab0d66462e7bdd06712547e8f675d330a151d20d183daefe1dda2f0e3805695714 DIST rust-1.58.1-aarch64-unknown-linux-musl.tar.xz 226068748 BLAKE2B 7f9680b0ad3f9a8349f3032f63d23b6d96ab43245d3025d0e4307a29b4353fd2408e7de572a10a77b261634b8fd4e9e6054ba9955b2440b608fdad2c88c12bfa SHA512 6400221a8ae04aea91f9df0f8d82585bcd380f22e80fe813eaa1cadbf592c5207665ad008d938b399e34fc2cb0485b16f993f94d431c290a69a696a4faf89e05 @@ -182,5 +184,5 @@ EBUILD rust-1.60.0.ebuild 21452 BLAKE2B 82752fda269d87718a5c51f22b2dd6be41665152 EBUILD rust-1.61.0-r2.ebuild 22375 BLAKE2B 6662f32074219bff329268ce638d622bb982f9c04558180fd1fcaf97f6a9bf1bc526b64fbf3ed85c803fe10dc7e642b4a558c5f4f962b854bffd4018eba6f031 SHA512 510ffc53ad8d5d5fd41377cc0d66459a267537d9402d4a8747d80168a49550db66039170582f1f91a8a3b02a09b11d6cd6e814d21bc82dd139a13a78254378ab EBUILD rust-1.62.0.ebuild 22245 BLAKE2B 569dfa03db6a73f66162ced3171af6a49a36c56fbf3100fd1c42825a565275c69fba473f831daf293061bf9b7a10723d4f94e2b8a5800ff683154e37e221faa3 SHA512 7d9e9847594e8da16cac61a6129782c37e6362ecb0ee7886728ddb33318ce6afb32575fdd3c0ef201d90c577d46ed2ba3dd5ce1003cd20ff744e33a05167b826 EBUILD rust-1.62.1.ebuild 22239 BLAKE2B 71e56ea01ad7f97bb5121f3509e94fe02cea33f7d04cbe23d30efa21ce05d646409533e1f69f33b2c9867358a258155e646a01dd7b295d8c59767e8b51c2be67 SHA512 79eca27ca6013e128635a242c77a02ad5c8aa1664e6993dfee1857e56e384251a651a8254f04056e7e007987113112738c799c9052e81ca0a8906563cfd39fa9 -EBUILD rust-1.63.0.ebuild 22294 BLAKE2B 5653d54b0970a6014591a4793e79d68d25d30f3e039e99ff654a8fb60f31de75137d27af0f550cc10914896bb3aef9ac7849b4935e247c3a887d88bff38264fb SHA512 431676d9194f08d545b54fbd7aba193d58d3250e31092f93b36c3fbb1352574162cbde2113bfa3ec9d63e782b1c132b4a07774e907243b0395e255bcd382fcb3 +EBUILD rust-1.63.0-r1.ebuild 22637 BLAKE2B bfa25b5affb2737705f1f911b152bea934651bdad4bf41ba523907f1c748eee232d25a2be6f3bb2b1a6b75f3b94007b97e2648e5765a562bfa541c114c7067ed SHA512 eec99fdd41eda8c95e71bd2a0e0aec4e73caafdb358fb7509ddf623b06cf010aa26d1493685ce9030abace5e33c13ed8f3ae727ce085b8fdc7565dadd428a865 MISC metadata.xml 1665 BLAKE2B 190ef3c0b543d0d865c63c6c9776fa456c7a2d27a6f9072be9f3be7f127c955df6c7542e1d7a4c4504c582130f6001dc8cbe3e613769bf150fe30c706ea90a6c SHA512 2fc6289f8eb882e24bfeac71ec7a29d567c814703cc20366393791ab5123b6460be0855f7351b2c28738d3724e47137ec80597738a1a8e86a20a979cc46f1baf diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch new file mode 100644 index 000000000000..a87687dce387 --- /dev/null +++ b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch @@ -0,0 +1,48 @@ +From 97b80919e404b0768ea31ae329c3b4da54bed05a Mon Sep 17 00:00:00 2001 +From: Josh Triplett <josh@joshtriplett.org> +Date: Thu, 18 Aug 2022 17:17:19 +0200 +Subject: [PATCH] CVE-2022-36113: avoid unpacking .cargo-ok from the crate + +--- + src/cargo/sources/registry/mod.rs | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) +gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g' + +diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs +index c17b822fd0..a2863bf78a 100644 +--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs ++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs +@@ -639,6 +639,13 @@ impl<'cfg> RegistrySource<'cfg> { + prefix + ) + } ++ // Prevent unpacking the lockfile from the crate itself. ++ if entry_path ++ .file_name() ++ .map_or(false, |p| p == PACKAGE_SOURCE_LOCK) ++ { ++ continue; ++ } + // Unpacking failed + let mut result = entry.unpack_in(parent).map_err(anyhow::Error::from); + if cfg!(windows) && restricted_names::is_windows_reserved_path(&entry_path) { +@@ -654,16 +661,14 @@ impl<'cfg> RegistrySource<'cfg> { + .with_context(|| format!("failed to unpack entry at `{}`", entry_path.display()))?; + } + +- // The lock file is created after unpacking so we overwrite a lock file +- // which may have been extracted from the package. ++ // Now that we've finished unpacking, create and write to the lock file to indicate that ++ // unpacking was successful. + let mut ok = OpenOptions::new() +- .create(true) ++ .create_new(true) + .read(true) + .write(true) + .open(&path) + .with_context(|| format!("failed to open `{}`", path.display()))?; +- +- // Write to the lock file to indicate that unpacking was successful. + write!(ok, "ok")?; + + Ok(unpack_dir.to_path_buf()) diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch new file mode 100644 index 000000000000..1afbaa94138c --- /dev/null +++ b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch @@ -0,0 +1,102 @@ +From d1f9553c825f6d7481453be8d58d0e7f117988a7 Mon Sep 17 00:00:00 2001 +From: Josh Triplett <josh@joshtriplett.org> +Date: Thu, 18 Aug 2022 17:45:45 +0200 +Subject: [PATCH] CVE-2022-36114: limit the maximum unpacked size of a crate to + 512MB + +This gives users of custom registries the same protections, using the +same size limit that crates.io uses. + +`LimitErrorReader` code copied from crates.io. +--- + src/cargo/sources/registry/mod.rs | 6 +++++- + src/cargo/util/io.rs | 27 +++++++++++++++++++++++++++ + src/cargo/util/mod.rs | 2 ++ + 3 files changed, 34 insertions(+), 1 deletion(-) + create mode 100644 src/cargo/util/io.rs +gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g' + +diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs +index a2863bf78a..c9c414e500 100644 +--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs ++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs +@@ -182,7 +182,9 @@ use crate::util::hex; + use crate::util::interning::InternedString; + use crate::util::into_url::IntoUrl; + use crate::util::network::PollExt; +-use crate::util::{restricted_names, CargoResult, Config, Filesystem, OptVersionReq}; ++use crate::util::{ ++ restricted_names, CargoResult, Config, Filesystem, LimitErrorReader, OptVersionReq, ++}; + + const PACKAGE_SOURCE_LOCK: &str = ".cargo-ok"; + pub const CRATES_IO_INDEX: &str = "https://github.com/rust-lang/crates.io-index"; +@@ -194,6 +196,7 @@ const VERSION_TEMPLATE: &str = "{version}"; + const PREFIX_TEMPLATE: &str = "{prefix}"; + const LOWER_PREFIX_TEMPLATE: &str = "{lowerprefix}"; + const CHECKSUM_TEMPLATE: &str = "{sha256-checksum}"; ++const MAX_UNPACK_SIZE: u64 = 512 * 1024 * 1024; + + /// A "source" for a local (see `local::LocalRegistry`) or remote (see + /// `remote::RemoteRegistry`) registry. +@@ -615,6 +618,7 @@ impl<'cfg> RegistrySource<'cfg> { + } + } + let gz = GzDecoder::new(tarball); ++ let gz = LimitErrorReader::new(gz, MAX_UNPACK_SIZE); + let mut tar = Archive::new(gz); + let prefix = unpack_dir.file_name().unwrap(); + let parent = unpack_dir.parent().unwrap(); +diff --git a/src/tools/cargo/src/cargo/util/io.rs b/src/tools/cargo/src/cargo/util/io.rs +new file mode 100644 +index 0000000000..f62672db03 +--- /dev/null ++++ b/src/tools/cargo/src/cargo/util/io.rs +@@ -0,0 +1,27 @@ ++use std::io::{self, Read, Take}; ++ ++#[derive(Debug)] ++pub struct LimitErrorReader<R> { ++ inner: Take<R>, ++} ++ ++impl<R: Read> LimitErrorReader<R> { ++ pub fn new(r: R, limit: u64) -> LimitErrorReader<R> { ++ LimitErrorReader { ++ inner: r.take(limit), ++ } ++ } ++} ++ ++impl<R: Read> Read for LimitErrorReader<R> { ++ fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { ++ match self.inner.read(buf) { ++ Ok(0) if self.inner.limit() == 0 => Err(io::Error::new( ++ io::ErrorKind::Other, ++ "maximum limit reached when reading", ++ )), ++ e => e, ++ } ++ } ++} ++ +diff --git a/src/tools/cargo/src/cargo/util/mod.rs b/src/tools/cargo/src/cargo/util/mod.rs +index 28f685c209..47bbf37aad 100644 +--- a/src/tools/cargo/src/cargo/util/mod.rs ++++ b/src/tools/cargo/src/cargo/util/mod.rs +@@ -14,6 +14,7 @@ pub use self::hasher::StableHasher; + pub use self::hex::{hash_u64, short_hash, to_hex}; + pub use self::into_url::IntoUrl; + pub use self::into_url_with_base::IntoUrlWithBase; ++pub(crate) use self::io::LimitErrorReader; + pub use self::lev_distance::{closest, closest_msg, lev_distance}; + pub use self::lockserver::{LockServer, LockServerClient, LockServerStarted}; + pub use self::progress::{Progress, ProgressStyle}; +@@ -44,6 +45,7 @@ pub mod important_paths; + pub mod interning; + pub mod into_url; + mod into_url_with_base; ++mod io; + pub mod job; + pub mod lev_distance; + mod lockserver; diff --git a/dev-lang/rust/rust-1.63.0.ebuild b/dev-lang/rust/rust-1.63.0-r1.ebuild index 55f67445ef7e..6031ffd57528 100644 --- a/dev-lang/rust/rust-1.63.0.ebuild +++ b/dev-lang/rust/rust-1.63.0-r1.ebuild @@ -41,7 +41,7 @@ LLVM_TARGET_USEDEPS=${ALL_LLVM_TARGETS[@]/%/(-)?} LICENSE="|| ( MIT Apache-2.0 ) BSD-1 BSD-2 BSD-4 UoI-NCSA" -IUSE="clippy cpu_flags_x86_sse2 debug dist doc miri nightly parallel-compiler profiler rls rustfmt rust-src system-bootstrap system-llvm test wasm ${ALL_LLVM_TARGETS[*]}" +IUSE="clippy cpu_flags_x86_sse2 debug dist doc llvm-libunwind miri nightly parallel-compiler profiler rls rustfmt rust-src system-bootstrap system-llvm test wasm ${ALL_LLVM_TARGETS[*]}" # Please keep the LLVM dependency block separate. Since LLVM is slotted, # we need to *really* make sure we're not pulling more than one slot @@ -105,8 +105,15 @@ DEPEND=" net-misc/curl:=[http2,ssl] sys-libs/zlib:= dev-libs/openssl:0= - elibc_musl? ( sys-libs/libunwind:= ) - system-llvm? ( ${LLVM_DEPEND} ) + system-llvm? ( + ${LLVM_DEPEND} + llvm-libunwind? ( sys-libs/llvm-libunwind:= ) + ) + !system-llvm? ( + !llvm-libunwind? ( + elibc_musl? ( sys-libs/libunwind:= ) + ) + ) " RDEPEND="${DEPEND} @@ -157,6 +164,8 @@ PATCHES=( "${FILESDIR}"/1.55.0-ignore-broken-and-non-applicable-tests.patch "${FILESDIR}"/1.62.1-musl-dynamic-linking.patch "${FILESDIR}"/1.61.0-gentoo-musl-target-specs.patch + "${FILESDIR}"/1.63.0-CVE-2022-36113.patch + "${FILESDIR}"/1.63.0-CVE-2022-36114.patch ) S="${WORKDIR}/${MY_P}-src" @@ -430,8 +439,10 @@ src_configure() { cxx = "$(tc-getCXX)" linker = "$(tc-getCC)" ranlib = "$(tc-getRANLIB)" + llvm-libunwind = "$(usex llvm-libunwind $(usex system-llvm system in-tree) no)" _EOF_ - # librustc_target/spec/linux_musl_base.rs sets base.crt_static_default = true; + # by default librustc_target/spec/linux_musl_base.rs sets base.crt_static_default = true; + # but we patch it and set to false here as well if use elibc_musl; then cat <<- _EOF_ >> "${S}"/config.toml crt-static = false |