gentoo auto-resync : 15:09:2022 - 11:12:38

7 files changed, 172 insertions, 8 deletions

diff --git a/dev-lang/Manifest.gz b/dev-lang/Manifest.gz
index 373751b24b81..00c2f1e448eb 100644
--- a/dev-lang/Manifest.gz
+++ b/dev-lang/Manifest.gz
diff --git a/dev-lang/nasm/Manifest b/dev-lang/nasm/Manifest
index d395daae5bc4..8b1282f04981 100644
--- a/dev-lang/nasm/Manifest
+++ b/dev-lang/nasm/Manifest
@@ -1,4 +1,4 @@
 AUX nasm-2.15-bsd-cp-doc.patch 278 BLAKE2B eb2d6fffb03da68a43df8db6cbadeb72753f0474f91011038b6ec0b3a449fbd0e3cde59abfb1b22fa0c991629960f456815b1c86ec55292f54a879d8a0a079f1 SHA512 ba691e4f0fd3b676280de5b79e6872f7efe034da28fc66e247c3f757761e2191c54f585ca724747812fa55afb4b9d76366f50659702561c7eb69483de265b3e5
 DIST nasm-2.15.05.tar.xz 995732 BLAKE2B a41434965c2125577b762d907a0a3c251c75d9f9beac230fba4099182c7f7beb08c6d2c05c2432b0dc8ba829f24077f44c3096faea9bd0a533250e6dbbfaef35 SHA512 512f90a2584f1c5811429274b97c64a2cedf37b9fdeffb1bcd0ea64afd9ecc19a2d7877ca8f1e05393aa324153fc9f39ea51dacbf8d25a7d5a2d7728c925dba7
-EBUILD nasm-2.15.05.ebuild 943 BLAKE2B cd138fb530af0a806943868b4affeedeb0ef6670b744e09a7560ba3e12f60052ae50a2e6dfffc96cdf0a80f6efef1c87e873841c68cfb5c34c5a6b18056bbeb9 SHA512 fe33ae366d9309f797af1996cf8b8ae75c0e7027ab093fd10889cf17394d80b0d62b5871e247f768cefe00809377383c56f41fb58e0798490eed68bcc038ca0e
+EBUILD nasm-2.15.05.ebuild 974 BLAKE2B 858e0ff959157f96c6dd64633104107cb163a713a7aa608ee5fc7bcfb35603de0ba12d120eba930429625d0160bc74ea2fed6ce5c22292da9eaf43e58e71c827 SHA512 959ac895bb917a4c0985b5c0dd8eb5576b629c5e6217b25762d3c8c7e8398500565352741a5145c141449ff82e545c564ca8b2cf966bc0c30ded2dae48220181
 MISC metadata.xml 879 BLAKE2B 17d2ca1a78ed46d24fe75188387da9c03dafcd6aacf0db7c82fdee39ad766dac23010b6c51c90c08a3e591e93589a29a151ac5bc52fd6b3911504f2f124da6b7 SHA512 d6e921fc48851be64d1dfc0be200a1a86842e5d4d00a9f4551e7ca76a91272dc5f1f01928d3656a5e340283c83f7283bb9e7094c0309406d9392d57048239563
diff --git a/dev-lang/nasm/nasm-2.15.05.ebuild b/dev-lang/nasm/nasm-2.15.05.ebuild
index 0e5a4eeeb377..1982975e49b1 100644
--- a/dev-lang/nasm/nasm-2.15.05.ebuild
+++ b/dev-lang/nasm/nasm-2.15.05.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -22,7 +22,8 @@ BDEPEND="
 		app-text/ghostscript-gpl
 		dev-perl/Font-TTF
 		dev-perl/Sort-Versions
-		media-fonts/source-pro
+		media-fonts/source-code-pro
+		media-fonts/source-sans
 		virtual/perl-File-Spec
 	)
 "
diff --git a/dev-lang/rust/Manifest b/dev-lang/rust/Manifest
index a4e3fe518606..76070324a237 100644
--- a/dev-lang/rust/Manifest
+++ b/dev-lang/rust/Manifest
@@ -5,6 +5,8 @@ AUX 1.61.0-llvm_addrspacecast.patch 2677 BLAKE2B c766eb78a21cdb840a74814118e8ca3
 AUX 1.61.0-llvm_selectInterleaveCount.patch 2915 BLAKE2B 65bc017d45bcdce2834d040da3e0aa86d9062458a9e1838604c9a8bc567c5cf2a6a61a72658c200c82af794e7f1f749a7b046d917df7879fbd3752be78f0342a SHA512 101ad16196b6c02ce8b7818b9188e2f43b870c4ca44294be533416f16e98c05c3426ed2249c43963a7aa32cf344e2d1c5da5d7a5d520c4d6c014ab2696f55302
 AUX 1.61.0-miri-cow.patch 5183 BLAKE2B 090557b73e6aa4e078ce99ad8689c52ce755a4ea0b10963cf8a675ef1d893a537a7217ec2ec857c5d1e407b2653824c32cc55600a89a5ebcbe2aba8ea83966f3 SHA512 c3bee73084e5515304dba4fea4bdc36ef4ad44db6c3be5c3d5b2f3f22ab9f79f6d4cdf6b98c8b3cc362901caf6631f646337c061e43efcebd4341d5ab27f169a
 AUX 1.62.1-musl-dynamic-linking.patch 897 BLAKE2B cc9805c648754366a49270f12a1a6036bc7059ca09e2524c2836f7af2f221b448b971e43670c2cf0aa80cd930a51ea11e4e3c637f3d80ec46333388cd64c3b50 SHA512 71bd459a9f4daaeb215ba13005eee85502bc5a1d60794f01765990fd183819513c3c8d5c5efe27c9d7e1d15af765492fef8ba6b20ea7ebd1a2228104886928f8
+AUX 1.63.0-CVE-2022-36113.patch 2087 BLAKE2B 10afb960bf0624915f0047a364719cb7e593baa0da89cc929ba742ed178807518c2437eefc6f55a1d7cdccd31d63093e2c5ffc10ac3db3c8b63ab9e06d382536 SHA512 593ac73200def11f28fdbb146d67170340a500e3cc27c4c0263d01caee1405d0572ab4f4a192aa9d480b2b60d6460d0754f406bbc62e70615fb7d9952ec08e77
+AUX 1.63.0-CVE-2022-36114.patch 3877 BLAKE2B 3542b04ab488961a2928f1a2103845e786acbe46342265f5469ba32e4f0419d9ebf545a01d25b71f0ebc4ce82aadd038d28e270b8db1214d3e5134433239fa7e SHA512 bee9794c6caa5057a07109e5b37ff004893e8e5eae2cd8e01985d968e384599333ece619f48f24237d75dbb6a03363154319d72e08261baab398b32146f1efae
 DIST rust-1.58.1-aarch64-unknown-linux-gnu.tar.xz 229585460 BLAKE2B 301b201cb40249005a1a8adf34ffdb0bacd22e1d919a24dec9bb8331c2243de1b7cc312c91a87fc9e11091cd9ad517347ff09143000d9de051b3c9a6e0780f9d SHA512 04e2cf2116e16fa293c7f2d29816012520b41df44b54657e289e7affbb91af5a5001d140a49aab1286451b93e93b0171edea77f61f01085136d1be1a3baac4a2
 DIST rust-1.58.1-aarch64-unknown-linux-gnu.tar.xz.asc 801 BLAKE2B 6da55597fddd643350c73f28a15dcfa935529c0878a199819b9bad6f3ea2542f9021e24bc1a6c8724ff14d36007c00f8906dd1aeaff33b0a99ef6982e8f711b3 SHA512 57debe0afe52c3af3eb53e4efe70ba194ddad449d9952174f8a775531b83f8ab0d66462e7bdd06712547e8f675d330a151d20d183daefe1dda2f0e3805695714
 DIST rust-1.58.1-aarch64-unknown-linux-musl.tar.xz 226068748 BLAKE2B 7f9680b0ad3f9a8349f3032f63d23b6d96ab43245d3025d0e4307a29b4353fd2408e7de572a10a77b261634b8fd4e9e6054ba9955b2440b608fdad2c88c12bfa SHA512 6400221a8ae04aea91f9df0f8d82585bcd380f22e80fe813eaa1cadbf592c5207665ad008d938b399e34fc2cb0485b16f993f94d431c290a69a696a4faf89e05
@@ -182,5 +184,5 @@ EBUILD rust-1.60.0.ebuild 21452 BLAKE2B 82752fda269d87718a5c51f22b2dd6be41665152
 EBUILD rust-1.61.0-r2.ebuild 22375 BLAKE2B 6662f32074219bff329268ce638d622bb982f9c04558180fd1fcaf97f6a9bf1bc526b64fbf3ed85c803fe10dc7e642b4a558c5f4f962b854bffd4018eba6f031 SHA512 510ffc53ad8d5d5fd41377cc0d66459a267537d9402d4a8747d80168a49550db66039170582f1f91a8a3b02a09b11d6cd6e814d21bc82dd139a13a78254378ab
 EBUILD rust-1.62.0.ebuild 22245 BLAKE2B 569dfa03db6a73f66162ced3171af6a49a36c56fbf3100fd1c42825a565275c69fba473f831daf293061bf9b7a10723d4f94e2b8a5800ff683154e37e221faa3 SHA512 7d9e9847594e8da16cac61a6129782c37e6362ecb0ee7886728ddb33318ce6afb32575fdd3c0ef201d90c577d46ed2ba3dd5ce1003cd20ff744e33a05167b826
 EBUILD rust-1.62.1.ebuild 22239 BLAKE2B 71e56ea01ad7f97bb5121f3509e94fe02cea33f7d04cbe23d30efa21ce05d646409533e1f69f33b2c9867358a258155e646a01dd7b295d8c59767e8b51c2be67 SHA512 79eca27ca6013e128635a242c77a02ad5c8aa1664e6993dfee1857e56e384251a651a8254f04056e7e007987113112738c799c9052e81ca0a8906563cfd39fa9
-EBUILD rust-1.63.0.ebuild 22294 BLAKE2B 5653d54b0970a6014591a4793e79d68d25d30f3e039e99ff654a8fb60f31de75137d27af0f550cc10914896bb3aef9ac7849b4935e247c3a887d88bff38264fb SHA512 431676d9194f08d545b54fbd7aba193d58d3250e31092f93b36c3fbb1352574162cbde2113bfa3ec9d63e782b1c132b4a07774e907243b0395e255bcd382fcb3
+EBUILD rust-1.63.0-r1.ebuild 22637 BLAKE2B bfa25b5affb2737705f1f911b152bea934651bdad4bf41ba523907f1c748eee232d25a2be6f3bb2b1a6b75f3b94007b97e2648e5765a562bfa541c114c7067ed SHA512 eec99fdd41eda8c95e71bd2a0e0aec4e73caafdb358fb7509ddf623b06cf010aa26d1493685ce9030abace5e33c13ed8f3ae727ce085b8fdc7565dadd428a865
 MISC metadata.xml 1665 BLAKE2B 190ef3c0b543d0d865c63c6c9776fa456c7a2d27a6f9072be9f3be7f127c955df6c7542e1d7a4c4504c582130f6001dc8cbe3e613769bf150fe30c706ea90a6c SHA512 2fc6289f8eb882e24bfeac71ec7a29d567c814703cc20366393791ab5123b6460be0855f7351b2c28738d3724e47137ec80597738a1a8e86a20a979cc46f1baf
diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
new file mode 100644
index 000000000000..a87687dce387
--- /dev/null
+++ b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
@@ -0,0 +1,48 @@
+From 97b80919e404b0768ea31ae329c3b4da54bed05a Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Thu, 18 Aug 2022 17:17:19 +0200
+Subject: [PATCH] CVE-2022-36113: avoid unpacking .cargo-ok from the crate
+
+---
+ src/cargo/sources/registry/mod.rs | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g'
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index c17b822fd0..a2863bf78a 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -639,6 +639,13 @@ impl<'cfg> RegistrySource<'cfg> {
+                     prefix
+                 )
+             }
++            // Prevent unpacking the lockfile from the crate itself.
++            if entry_path
++                .file_name()
++                .map_or(false, |p| p == PACKAGE_SOURCE_LOCK)
++            {
++                continue;
++            }
+             // Unpacking failed
+             let mut result = entry.unpack_in(parent).map_err(anyhow::Error::from);
+             if cfg!(windows) && restricted_names::is_windows_reserved_path(&entry_path) {
+@@ -654,16 +661,14 @@ impl<'cfg> RegistrySource<'cfg> {
+                 .with_context(|| format!("failed to unpack entry at `{}`", entry_path.display()))?;
+         }
+ 
+-        // The lock file is created after unpacking so we overwrite a lock file
+-        // which may have been extracted from the package.
++        // Now that we've finished unpacking, create and write to the lock file to indicate that
++        // unpacking was successful.
+         let mut ok = OpenOptions::new()
+-            .create(true)
++            .create_new(true)
+             .read(true)
+             .write(true)
+             .open(&path)
+             .with_context(|| format!("failed to open `{}`", path.display()))?;
+-
+-        // Write to the lock file to indicate that unpacking was successful.
+         write!(ok, "ok")?;
+ 
+         Ok(unpack_dir.to_path_buf())
diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch
new file mode 100644
index 000000000000..1afbaa94138c
--- /dev/null
+++ b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch
@@ -0,0 +1,102 @@
+From d1f9553c825f6d7481453be8d58d0e7f117988a7 Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Thu, 18 Aug 2022 17:45:45 +0200
+Subject: [PATCH] CVE-2022-36114: limit the maximum unpacked size of a crate to
+ 512MB
+
+This gives users of custom registries the same protections, using the
+same size limit that crates.io uses.
+
+`LimitErrorReader` code copied from crates.io.
+---
+ src/cargo/sources/registry/mod.rs |  6 +++++-
+ src/cargo/util/io.rs              | 27 +++++++++++++++++++++++++++
+ src/cargo/util/mod.rs             |  2 ++
+ 3 files changed, 34 insertions(+), 1 deletion(-)
+ create mode 100644 src/cargo/util/io.rs
+gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g'
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index a2863bf78a..c9c414e500 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -182,7 +182,9 @@ use crate::util::hex;
+ use crate::util::interning::InternedString;
+ use crate::util::into_url::IntoUrl;
+ use crate::util::network::PollExt;
+-use crate::util::{restricted_names, CargoResult, Config, Filesystem, OptVersionReq};
++use crate::util::{
++    restricted_names, CargoResult, Config, Filesystem, LimitErrorReader, OptVersionReq,
++};
+ 
+ const PACKAGE_SOURCE_LOCK: &str = ".cargo-ok";
+ pub const CRATES_IO_INDEX: &str = "https://github.com/rust-lang/crates.io-index";
+@@ -194,6 +196,7 @@ const VERSION_TEMPLATE: &str = "{version}";
+ const PREFIX_TEMPLATE: &str = "{prefix}";
+ const LOWER_PREFIX_TEMPLATE: &str = "{lowerprefix}";
+ const CHECKSUM_TEMPLATE: &str = "{sha256-checksum}";
++const MAX_UNPACK_SIZE: u64 = 512 * 1024 * 1024;
+ 
+ /// A "source" for a local (see `local::LocalRegistry`) or remote (see
+ /// `remote::RemoteRegistry`) registry.
+@@ -615,6 +618,7 @@ impl<'cfg> RegistrySource<'cfg> {
+             }
+         }
+         let gz = GzDecoder::new(tarball);
++        let gz = LimitErrorReader::new(gz, MAX_UNPACK_SIZE);
+         let mut tar = Archive::new(gz);
+         let prefix = unpack_dir.file_name().unwrap();
+         let parent = unpack_dir.parent().unwrap();
+diff --git a/src/tools/cargo/src/cargo/util/io.rs b/src/tools/cargo/src/cargo/util/io.rs
+new file mode 100644
+index 0000000000..f62672db03
+--- /dev/null
++++ b/src/tools/cargo/src/cargo/util/io.rs
+@@ -0,0 +1,27 @@
++use std::io::{self, Read, Take};
++
++#[derive(Debug)]
++pub struct LimitErrorReader<R> {
++    inner: Take<R>,
++}
++
++impl<R: Read> LimitErrorReader<R> {
++    pub fn new(r: R, limit: u64) -> LimitErrorReader<R> {
++        LimitErrorReader {
++            inner: r.take(limit),
++        }
++    }
++}
++
++impl<R: Read> Read for LimitErrorReader<R> {
++    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
++        match self.inner.read(buf) {
++            Ok(0) if self.inner.limit() == 0 => Err(io::Error::new(
++                io::ErrorKind::Other,
++                "maximum limit reached when reading",
++            )),
++            e => e,
++        }
++    }
++}
++
+diff --git a/src/tools/cargo/src/cargo/util/mod.rs b/src/tools/cargo/src/cargo/util/mod.rs
+index 28f685c209..47bbf37aad 100644
+--- a/src/tools/cargo/src/cargo/util/mod.rs
++++ b/src/tools/cargo/src/cargo/util/mod.rs
+@@ -14,6 +14,7 @@ pub use self::hasher::StableHasher;
+ pub use self::hex::{hash_u64, short_hash, to_hex};
+ pub use self::into_url::IntoUrl;
+ pub use self::into_url_with_base::IntoUrlWithBase;
++pub(crate) use self::io::LimitErrorReader;
+ pub use self::lev_distance::{closest, closest_msg, lev_distance};
+ pub use self::lockserver::{LockServer, LockServerClient, LockServerStarted};
+ pub use self::progress::{Progress, ProgressStyle};
+@@ -44,6 +45,7 @@ pub mod important_paths;
+ pub mod interning;
+ pub mod into_url;
+ mod into_url_with_base;
++mod io;
+ pub mod job;
+ pub mod lev_distance;
+ mod lockserver;
diff --git a/dev-lang/rust/rust-1.63.0.ebuild b/dev-lang/rust/rust-1.63.0-r1.ebuild
index 55f67445ef7e..6031ffd57528 100644
--- a/dev-lang/rust/rust-1.63.0.ebuild
+++ b/dev-lang/rust/rust-1.63.0-r1.ebuild
@@ -41,7 +41,7 @@ LLVM_TARGET_USEDEPS=${ALL_LLVM_TARGETS[@]/%/(-)?}
 
 LICENSE="|| ( MIT Apache-2.0 ) BSD-1 BSD-2 BSD-4 UoI-NCSA"
 
-IUSE="clippy cpu_flags_x86_sse2 debug dist doc miri nightly parallel-compiler profiler rls rustfmt rust-src system-bootstrap system-llvm test wasm ${ALL_LLVM_TARGETS[*]}"
+IUSE="clippy cpu_flags_x86_sse2 debug dist doc llvm-libunwind miri nightly parallel-compiler profiler rls rustfmt rust-src system-bootstrap system-llvm test wasm ${ALL_LLVM_TARGETS[*]}"
 
 # Please keep the LLVM dependency block separate. Since LLVM is slotted,
 # we need to *really* make sure we're not pulling more than one slot
@@ -105,8 +105,15 @@ DEPEND="
 	net-misc/curl:=[http2,ssl]
 	sys-libs/zlib:=
 	dev-libs/openssl:0=
-	elibc_musl? ( sys-libs/libunwind:= )
-	system-llvm? ( ${LLVM_DEPEND} )
+	system-llvm? (
+		${LLVM_DEPEND}
+		llvm-libunwind? ( sys-libs/llvm-libunwind:= )
+	)
+	!system-llvm? (
+		!llvm-libunwind? (
+			elibc_musl? ( sys-libs/libunwind:= )
+		)
+	)
 "
 
 RDEPEND="${DEPEND}
@@ -157,6 +164,8 @@ PATCHES=(
 	"${FILESDIR}"/1.55.0-ignore-broken-and-non-applicable-tests.patch
 	"${FILESDIR}"/1.62.1-musl-dynamic-linking.patch
 	"${FILESDIR}"/1.61.0-gentoo-musl-target-specs.patch
+	"${FILESDIR}"/1.63.0-CVE-2022-36113.patch
+	"${FILESDIR}"/1.63.0-CVE-2022-36114.patch
 )
 
 S="${WORKDIR}/${MY_P}-src"
@@ -430,8 +439,10 @@ src_configure() {
 			cxx = "$(tc-getCXX)"
 			linker = "$(tc-getCC)"
 			ranlib = "$(tc-getRANLIB)"
+			llvm-libunwind = "$(usex llvm-libunwind $(usex system-llvm system in-tree) no)"
 		_EOF_
-		# librustc_target/spec/linux_musl_base.rs sets base.crt_static_default = true;
+		# by default librustc_target/spec/linux_musl_base.rs sets base.crt_static_default = true;
+		# but we patch it and set to false here as well
 		if use elibc_musl; then
 			cat <<- _EOF_ >> "${S}"/config.toml
 				crt-static = false