commit rust1.62 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust1.62 for openSUSE:Factory checked in at 2022-10-10 18:45:29 Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old) and /work/SRC/openSUSE:Factory/.rust1.62.new.2275 (New) Package is "rust1.62" Mon Oct 10 18:45:29 2022 rev:5 rq:1008244 version:1.62.1 Changes: --- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-09-17 20:09:20.436983894 +0200 +++ /work/SRC/openSUSE:Factory/.rust1.62.new.2275/rust1.62.changes 2022-10-10 18:46:03.743062351 +0200 @@ -1,0 +2,5 @@ +Wed Sep 28 14:23:33 UTC 2022 - Guillaume GARDET + +- Enable armv6 again - boo#1196328 + +--- Other differences: -- ++ rust1.62.spec ++ --- /var/tmp/diff_new_pack.tWnrvp/_old 2022-10-10 18:46:15.759088214 +0200 +++ /var/tmp/diff_new_pack.tWnrvp/_new 2022-10-10 18:46:15.767088231 +0200 @@ -98,9 +98,6 @@ # armv6/7, s390x, ppc[64[le]], riscv are all "guaranteed to build" only # but may not always work. -# === Rust on armv6hl is broken ??? again ??? === -ExcludeArch:armv6hl - # === broken distro llvm === # In some situations the llvm provided on the platform may not work. # we add these conditions here.
commit rust1.62 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust1.62 for openSUSE:Factory checked in at 2022-09-17 20:09:19 Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old) and /work/SRC/openSUSE:Factory/.rust1.62.new.2083 (New) Package is "rust1.62" Sat Sep 17 20:09:19 2022 rev:4 rq:1003998 version:1.62.1 Changes: --- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-29 16:47:43.186622839 +0200 +++ /work/SRC/openSUSE:Factory/.rust1.62.new.2083/rust1.62.changes 2022-09-17 20:09:20.436983894 +0200 @@ -1,0 +2,8 @@ +Fri Sep 16 04:56:02 UTC 2022 - William Brown + +- bsc#1203433 - CVE-2022-36113 - resolve symlink hijack + * 0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch +- bsc #1203431 - CVE-2022-36114 - resolve zip bomb attack + * 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch + +--- New: 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch 0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch Other differences: -- ++ rust1.62.spec ++ --- /var/tmp/diff_new_pack.3Uzg79/_old 2022-09-17 20:09:31.933017056 +0200 +++ /var/tmp/diff_new_pack.3Uzg79/_new 2022-09-17 20:09:31.937017068 +0200 @@ -237,7 +237,11 @@ # PATCH-FIX-OPENSUSE: let wasm target use the system lld by default, rust-lld might not be available. Patch1: wasm-use-system-lld.patch %endif -# Patch2: 0001-fix-tests.patch +# IMPORTANT - To generate patches for submodules in git so they apply relatively you can use +# git format-patch --dst-prefix=b/src/tools/cargo/ HEAD~2 +Patch3: 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch +Patch4: 0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch + BuildRequires: chrpath BuildRequires: curl BuildRequires: fdupes ++ 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch ++ >From 0c387900128caa96285486b1eda683b8a78268aa Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Thu, 18 Aug 2022 17:45:45 +0200 Subject: [PATCH 1/2] CVE-2022-36114: limit the maximum unpacked size of a crate to 512MB This gives users of custom registries the same protections, using the same size limit that crates.io uses. `LimitErrorReader` code copied from crates.io. --- src/cargo/sources/registry/mod.rs | 6 +- src/cargo/util/io.rs | 27 +++ src/cargo/util/mod.rs | 2 ++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 src/cargo/util/io.rs diff --git a/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs index fc9c29510..1df7738e3 100644 --- a/src/cargo/sources/registry/mod.rs +++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs @@ -182,7 +182,9 @@ use crate::util::hex; use crate::util::interning::InternedString; use crate::util::into_url::IntoUrl; use crate::util::network::PollExt; -use crate::util::{restricted_names, CargoResult, Config, Filesystem, OptVersionReq}; +use crate::util::{ +restricted_names, CargoResult, Config, Filesystem, LimitErrorReader, OptVersionReq, +}; const PACKAGE_SOURCE_LOCK: &str = ".cargo-ok"; pub const CRATES_IO_INDEX: &str = "https://github.com/rust-lang/crates.io-index";; @@ -193,6 +195,7 @@ const VERSION_TEMPLATE: &str = "{version}"; const PREFIX_TEMPLATE: &str = "{prefix}"; const LOWER_PREFIX_TEMPLATE: &str = "{lowerprefix}"; const CHECKSUM_TEMPLATE: &str = "{sha256-checksum}"; +const MAX_UNPACK_SIZE: u64 = 512 * 1024 * 1024; /// A "source" for a local (see `local::LocalRegistry`) or remote (see /// `remote::RemoteRegistry`) registry. @@ -617,6 +620,7 @@ impl<'cfg> RegistrySource<'cfg> { } } let gz = GzDecoder::new(tarball); +let gz = LimitErrorReader::new(gz, MAX_UNPACK_SIZE); let mut tar = Archive::new(gz); let prefix = unpack_dir.file_name().unwrap(); let parent = unpack_dir.parent().unwrap(); diff --git a/src/cargo/util/io.rs b/src/tools/cargo/src/cargo/util/io.rs new file mode 100644 index 0..f62672db0 --- /dev/null +++ b/src/tools/cargo/src/cargo/util/io.rs @@ -0,0 +1,27 @@ +use std::io::{self, Read, Take}; + +#[derive(Debug)] +pub struct LimitErrorReader { +inner: Take, +} + +impl LimitErrorReader { +pub fn new(r: R, limit: u64) -> LimitErrorReader { +LimitErrorReader { +inner: r.take(limit), +} +} +} + +impl Read for LimitErrorReader { +fn read(&mut self, buf: &mut [u8]) -> io::Result { +match self.inner.read(buf) { +Ok(0) if self.inner.limit() == 0 => Err(io::Error::new( +
commit rust1.62 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust1.62 for openSUSE:Factory checked in at 2022-07-29 16:47:26 Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old) and /work/SRC/openSUSE:Factory/.rust1.62.new.1533 (New) Package is "rust1.62" Fri Jul 29 16:47:26 2022 rev:3 rq:991317 version:1.62.1 Changes: --- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-21 11:34:33.679016829 +0200 +++ /work/SRC/openSUSE:Factory/.rust1.62.new.1533/rust1.62.changes 2022-07-29 16:47:43.186622839 +0200 @@ -1,0 +2,5 @@ +Wed Jul 27 00:50:39 UTC 2022 - William Brown + +- Improve support for wasi targets + +--- Other differences: -- ++ rust1.62.spec ++ --- /var/tmp/diff_new_pack.J3XqUo/_old 2022-07-29 16:47:53.582651745 +0200 +++ /var/tmp/diff_new_pack.J3XqUo/_new 2022-07-29 16:47:53.590651767 +0200 @@ -141,7 +141,7 @@ %if 0%{?is_opensuse} == 1 && 0%{?suse_version} >= 1550 %ifarch x86_64 aarch64 %bcond_without wasm32 -%bcond_with wasi +%bcond_without wasi %else %bcond_with wasm32 %bcond_with wasi @@ -625,6 +625,10 @@ rm -rf %{buildroot}/home # End without test + +# Ugly hack to get brp-15-strip-debug call llvm-strip, which is wasm-aware, as system-strip will break wasm-files (same for ar/ranlib) +export CROSS_COMPILE=llvm- + %endif %if %{with test}
commit rust1.62 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust1.62 for openSUSE:Factory checked in at 2022-07-21 11:33:36 Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old) and /work/SRC/openSUSE:Factory/.rust1.62.new.1523 (New) Package is "rust1.62" Thu Jul 21 11:33:36 2022 rev:2 rq:990321 version:1.62.1 Changes: --- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-19 17:20:18.500442340 +0200 +++ /work/SRC/openSUSE:Factory/.rust1.62.new.1523/rust1.62.changes 2022-07-21 11:34:33.679016829 +0200 @@ -1,0 +2,21 @@ +Wed Jul 20 01:46:57 UTC 2022 - William Brown + +Version 1.62.1 (2022-07-19) +== + +Rust 1.62.1 addresses a few recent regressions in the compiler and standard +library, and also mitigates a CPU vulnerability on Intel SGX. + +* [The compiler fixed unsound function coercions involving `impl Trait` return types.][98608] +* [The compiler fixed an incremental compilation bug with `async fn` lifetimes.][98890] +* [Windows added a fallback for overlapped I/O in synchronous reads and writes.][98950] +* [The `x86_64-fortanix-unknown-sgx` target added a mitigation for the + MMIO stale data vulnerability][98126], advisory [INTEL-SA-00615]. + +[98608]: https://github.com/rust-lang/rust/issues/98608 +[98890]: https://github.com/rust-lang/rust/issues/98890 +[98950]: https://github.com/rust-lang/rust/pull/98950 +[98126]: https://github.com/rust-lang/rust/pull/98126 +[INTEL-SA-00615]: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html + +--- Old: rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz.asc rust-1.62.0-arm-unknown-linux-gnueabihf.tar.xz rust-1.62.0-arm-unknown-linux-gnueabihf.tar.xz.asc rust-1.62.0-armv7-unknown-linux-gnueabihf.tar.xz rust-1.62.0-armv7-unknown-linux-gnueabihf.tar.xz.asc rust-1.62.0-i686-unknown-linux-gnu.tar.xz rust-1.62.0-i686-unknown-linux-gnu.tar.xz.asc rust-1.62.0-powerpc-unknown-linux-gnu.tar.xz rust-1.62.0-powerpc-unknown-linux-gnu.tar.xz.asc rust-1.62.0-powerpc64-unknown-linux-gnu.tar.xz rust-1.62.0-powerpc64-unknown-linux-gnu.tar.xz.asc rust-1.62.0-powerpc64le-unknown-linux-gnu.tar.xz rust-1.62.0-powerpc64le-unknown-linux-gnu.tar.xz.asc rust-1.62.0-riscv64gc-unknown-linux-gnu.tar.xz rust-1.62.0-riscv64gc-unknown-linux-gnu.tar.xz.asc rust-1.62.0-s390x-unknown-linux-gnu.tar.xz rust-1.62.0-s390x-unknown-linux-gnu.tar.xz.asc rust-1.62.0-x86_64-unknown-linux-gnu.tar.xz rust-1.62.0-x86_64-unknown-linux-gnu.tar.xz.asc rustc-1.62.0-src.tar.xz New: rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz.asc rust-1.62.1-arm-unknown-linux-gnueabihf.tar.xz rust-1.62.1-arm-unknown-linux-gnueabihf.tar.xz.asc rust-1.62.1-armv7-unknown-linux-gnueabihf.tar.xz rust-1.62.1-armv7-unknown-linux-gnueabihf.tar.xz.asc rust-1.62.1-i686-unknown-linux-gnu.tar.xz rust-1.62.1-i686-unknown-linux-gnu.tar.xz.asc rust-1.62.1-powerpc-unknown-linux-gnu.tar.xz rust-1.62.1-powerpc-unknown-linux-gnu.tar.xz.asc rust-1.62.1-powerpc64-unknown-linux-gnu.tar.xz rust-1.62.1-powerpc64-unknown-linux-gnu.tar.xz.asc rust-1.62.1-powerpc64le-unknown-linux-gnu.tar.xz rust-1.62.1-powerpc64le-unknown-linux-gnu.tar.xz.asc rust-1.62.1-riscv64gc-unknown-linux-gnu.tar.xz rust-1.62.1-riscv64gc-unknown-linux-gnu.tar.xz.asc rust-1.62.1-s390x-unknown-linux-gnu.tar.xz rust-1.62.1-s390x-unknown-linux-gnu.tar.xz.asc rust-1.62.1-x86_64-unknown-linux-gnu.tar.xz rust-1.62.1-x86_64-unknown-linux-gnu.tar.xz.asc rustc-1.62.1-src.tar.xz Other differences: -- ++ rust1.62.spec ++ --- /var/tmp/diff_new_pack.Q5Gx2H/_old 2022-07-21 11:34:46.919029881 +0200 +++ /var/tmp/diff_new_pack.Q5Gx2H/_new 2022-07-21 11:34:46.923029885 +0200 @@ -18,7 +18,7 @@ %global version_suffix 1.62 -%global version_current 1.62.0 +%global version_current 1.62.1 %global version_previous 1.61.0 # This has to be kept lock step to the rust version. %global llvm_version 14 @@ -151,8 +151,6 @@ %bcond_with wasi %endif - - # Test is done in a different multibuild package (rustXXX-test). This # package will replace the local-rust-root and use the systems's one # from the rustXXX package itself. This will exercise the compiler, ++ rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz -> rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz ++ /work/SRC/openSUSE:Factory/rust1.62/rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz /work/SRC/openSUSE:Factory/.rust1.62.new.1523/rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz differ: char 15, line 1 ++ rust-1.62.0-ar