subject:"commit rust1.62 for openSUSE\:Factory"

commit rust1.62 for openSUSE:Factory

2022-10-10 Thread Source-Sync

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rust1.62 for openSUSE:Factory 
checked in at 2022-10-10 18:45:29

Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old)
 and  /work/SRC/openSUSE:Factory/.rust1.62.new.2275 (New)


Package is "rust1.62"

Mon Oct 10 18:45:29 2022 rev:5 rq:1008244 version:1.62.1

Changes:

--- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-09-17 
20:09:20.436983894 +0200
+++ /work/SRC/openSUSE:Factory/.rust1.62.new.2275/rust1.62.changes  
2022-10-10 18:46:03.743062351 +0200
@@ -1,0 +2,5 @@
+Wed Sep 28 14:23:33 UTC 2022 - Guillaume GARDET 
+
+- Enable armv6 again - boo#1196328
+
+---



Other differences:
--
++ rust1.62.spec ++
--- /var/tmp/diff_new_pack.tWnrvp/_old  2022-10-10 18:46:15.759088214 +0200
+++ /var/tmp/diff_new_pack.tWnrvp/_new  2022-10-10 18:46:15.767088231 +0200
@@ -98,9 +98,6 @@
 # armv6/7, s390x, ppc[64[le]], riscv are all "guaranteed to build" only
 # but may not always work.
 
-# === Rust on armv6hl is broken ??? again ??? ===
-ExcludeArch:armv6hl
-
 # === broken distro llvm ===
 # In some situations the llvm provided on the platform may not work.
 # we add these conditions here.

commit rust1.62 for openSUSE:Factory

2022-09-17 Thread Source-Sync

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rust1.62 for openSUSE:Factory 
checked in at 2022-09-17 20:09:19

Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old)
 and  /work/SRC/openSUSE:Factory/.rust1.62.new.2083 (New)


Package is "rust1.62"

Sat Sep 17 20:09:19 2022 rev:4 rq:1003998 version:1.62.1

Changes:

--- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-29 
16:47:43.186622839 +0200
+++ /work/SRC/openSUSE:Factory/.rust1.62.new.2083/rust1.62.changes  
2022-09-17 20:09:20.436983894 +0200
@@ -1,0 +2,8 @@
+Fri Sep 16 04:56:02 UTC 2022 - William Brown 
+
+- bsc#1203433 - CVE-2022-36113 - resolve symlink hijack
+  * 0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch
+- bsc #1203431 - CVE-2022-36114 - resolve zip bomb attack
+  * 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch
+
+---

New:

  0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch
  0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch



Other differences:
--
++ rust1.62.spec ++
--- /var/tmp/diff_new_pack.3Uzg79/_old  2022-09-17 20:09:31.933017056 +0200
+++ /var/tmp/diff_new_pack.3Uzg79/_new  2022-09-17 20:09:31.937017068 +0200
@@ -237,7 +237,11 @@
 # PATCH-FIX-OPENSUSE: let wasm target use the system lld by default, rust-lld 
might not be available.
 Patch1: wasm-use-system-lld.patch
 %endif
-# Patch2: 0001-fix-tests.patch
+# IMPORTANT - To generate patches for submodules in git so they apply 
relatively you can use
+#  git format-patch --dst-prefix=b/src/tools/cargo/  HEAD~2
+Patch3: 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch
+Patch4: 0003-CVE-2022-36113-avoid-unpacking-.cargo-ok-from-the-cr.patch
+
 BuildRequires:  chrpath
 BuildRequires:  curl
 BuildRequires:  fdupes

++ 0002-CVE-2022-36114-limit-the-maximum-unpacked-size-of-a-.patch ++
>From 0c387900128caa96285486b1eda683b8a78268aa Mon Sep 17 00:00:00 2001
From: Josh Triplett 
Date: Thu, 18 Aug 2022 17:45:45 +0200
Subject: [PATCH 1/2] CVE-2022-36114: limit the maximum unpacked size of a
 crate to 512MB

This gives users of custom registries the same protections, using the
same size limit that crates.io uses.

`LimitErrorReader` code copied from crates.io.
---
 src/cargo/sources/registry/mod.rs |  6 +-
 src/cargo/util/io.rs  | 27 +++
 src/cargo/util/mod.rs |  2 ++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 src/cargo/util/io.rs

diff --git a/src/cargo/sources/registry/mod.rs 
b/src/tools/cargo/src/cargo/sources/registry/mod.rs
index fc9c29510..1df7738e3 100644
--- a/src/cargo/sources/registry/mod.rs
+++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
@@ -182,7 +182,9 @@ use crate::util::hex;
 use crate::util::interning::InternedString;
 use crate::util::into_url::IntoUrl;
 use crate::util::network::PollExt;
-use crate::util::{restricted_names, CargoResult, Config, Filesystem, 
OptVersionReq};
+use crate::util::{
+restricted_names, CargoResult, Config, Filesystem, LimitErrorReader, 
OptVersionReq,
+};
 
 const PACKAGE_SOURCE_LOCK: &str = ".cargo-ok";
 pub const CRATES_IO_INDEX: &str = 
"https://github.com/rust-lang/crates.io-index";;
@@ -193,6 +195,7 @@ const VERSION_TEMPLATE: &str = "{version}";
 const PREFIX_TEMPLATE: &str = "{prefix}";
 const LOWER_PREFIX_TEMPLATE: &str = "{lowerprefix}";
 const CHECKSUM_TEMPLATE: &str = "{sha256-checksum}";
+const MAX_UNPACK_SIZE: u64 = 512 * 1024 * 1024;
 
 /// A "source" for a local (see `local::LocalRegistry`) or remote (see
 /// `remote::RemoteRegistry`) registry.
@@ -617,6 +620,7 @@ impl<'cfg> RegistrySource<'cfg> {
 }
 }
 let gz = GzDecoder::new(tarball);
+let gz = LimitErrorReader::new(gz, MAX_UNPACK_SIZE);
 let mut tar = Archive::new(gz);
 let prefix = unpack_dir.file_name().unwrap();
 let parent = unpack_dir.parent().unwrap();
diff --git a/src/cargo/util/io.rs b/src/tools/cargo/src/cargo/util/io.rs
new file mode 100644
index 0..f62672db0
--- /dev/null
+++ b/src/tools/cargo/src/cargo/util/io.rs
@@ -0,0 +1,27 @@
+use std::io::{self, Read, Take};
+
+#[derive(Debug)]
+pub struct LimitErrorReader {
+inner: Take,
+}
+
+impl LimitErrorReader {
+pub fn new(r: R, limit: u64) -> LimitErrorReader {
+LimitErrorReader {
+inner: r.take(limit),
+}
+}
+}
+
+impl Read for LimitErrorReader {
+fn read(&mut self, buf: &mut [u8]) -> io::Result {
+match self.inner.read(buf) {
+Ok(0) if self.inner.limit() == 0 => Err(io::Error::new(
+

commit rust1.62 for openSUSE:Factory

2022-07-29 Thread Source-Sync

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rust1.62 for openSUSE:Factory 
checked in at 2022-07-29 16:47:26

Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old)
 and  /work/SRC/openSUSE:Factory/.rust1.62.new.1533 (New)


Package is "rust1.62"

Fri Jul 29 16:47:26 2022 rev:3 rq:991317 version:1.62.1

Changes:

--- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-21 
11:34:33.679016829 +0200
+++ /work/SRC/openSUSE:Factory/.rust1.62.new.1533/rust1.62.changes  
2022-07-29 16:47:43.186622839 +0200
@@ -1,0 +2,5 @@
+Wed Jul 27 00:50:39 UTC 2022 - William Brown 
+
+- Improve support for wasi targets
+
+---



Other differences:
--
++ rust1.62.spec ++
--- /var/tmp/diff_new_pack.J3XqUo/_old  2022-07-29 16:47:53.582651745 +0200
+++ /var/tmp/diff_new_pack.J3XqUo/_new  2022-07-29 16:47:53.590651767 +0200
@@ -141,7 +141,7 @@
 %if 0%{?is_opensuse} == 1 && 0%{?suse_version} >= 1550
 %ifarch x86_64 aarch64
 %bcond_without wasm32
-%bcond_with wasi
+%bcond_without wasi
 %else
 %bcond_with wasm32
 %bcond_with wasi
@@ -625,6 +625,10 @@
 rm -rf %{buildroot}/home
 
 # End without test
+
+# Ugly hack to get brp-15-strip-debug call llvm-strip, which is wasm-aware, as 
system-strip will break wasm-files (same for ar/ranlib)
+export CROSS_COMPILE=llvm-
+
 %endif
 
 %if %{with test}

commit rust1.62 for openSUSE:Factory

2022-07-21 Thread Source-Sync

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rust1.62 for openSUSE:Factory 
checked in at 2022-07-21 11:33:36

Comparing /work/SRC/openSUSE:Factory/rust1.62 (Old)
 and  /work/SRC/openSUSE:Factory/.rust1.62.new.1523 (New)


Package is "rust1.62"

Thu Jul 21 11:33:36 2022 rev:2 rq:990321 version:1.62.1

Changes:

--- /work/SRC/openSUSE:Factory/rust1.62/rust1.62.changes2022-07-19 
17:20:18.500442340 +0200
+++ /work/SRC/openSUSE:Factory/.rust1.62.new.1523/rust1.62.changes  
2022-07-21 11:34:33.679016829 +0200
@@ -1,0 +2,21 @@
+Wed Jul 20 01:46:57 UTC 2022 - William Brown 
+
+Version 1.62.1 (2022-07-19)
+==
+
+Rust 1.62.1 addresses a few recent regressions in the compiler and standard
+library, and also mitigates a CPU vulnerability on Intel SGX.
+
+* [The compiler fixed unsound function coercions involving `impl Trait` return 
types.][98608]
+* [The compiler fixed an incremental compilation bug with `async fn` 
lifetimes.][98890]
+* [Windows added a fallback for overlapped I/O in synchronous reads and 
writes.][98950]
+* [The `x86_64-fortanix-unknown-sgx` target added a mitigation for the
+  MMIO stale data vulnerability][98126], advisory [INTEL-SA-00615].
+
+[98608]: https://github.com/rust-lang/rust/issues/98608
+[98890]: https://github.com/rust-lang/rust/issues/98890
+[98950]: https://github.com/rust-lang/rust/pull/98950
+[98126]: https://github.com/rust-lang/rust/pull/98126
+[INTEL-SA-00615]: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
+
+---

Old:

  rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz
  rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-arm-unknown-linux-gnueabihf.tar.xz
  rust-1.62.0-arm-unknown-linux-gnueabihf.tar.xz.asc
  rust-1.62.0-armv7-unknown-linux-gnueabihf.tar.xz
  rust-1.62.0-armv7-unknown-linux-gnueabihf.tar.xz.asc
  rust-1.62.0-i686-unknown-linux-gnu.tar.xz
  rust-1.62.0-i686-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-powerpc-unknown-linux-gnu.tar.xz
  rust-1.62.0-powerpc-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-powerpc64-unknown-linux-gnu.tar.xz
  rust-1.62.0-powerpc64-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-powerpc64le-unknown-linux-gnu.tar.xz
  rust-1.62.0-powerpc64le-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-riscv64gc-unknown-linux-gnu.tar.xz
  rust-1.62.0-riscv64gc-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-s390x-unknown-linux-gnu.tar.xz
  rust-1.62.0-s390x-unknown-linux-gnu.tar.xz.asc
  rust-1.62.0-x86_64-unknown-linux-gnu.tar.xz
  rust-1.62.0-x86_64-unknown-linux-gnu.tar.xz.asc
  rustc-1.62.0-src.tar.xz

New:

  rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz
  rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-arm-unknown-linux-gnueabihf.tar.xz
  rust-1.62.1-arm-unknown-linux-gnueabihf.tar.xz.asc
  rust-1.62.1-armv7-unknown-linux-gnueabihf.tar.xz
  rust-1.62.1-armv7-unknown-linux-gnueabihf.tar.xz.asc
  rust-1.62.1-i686-unknown-linux-gnu.tar.xz
  rust-1.62.1-i686-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-powerpc-unknown-linux-gnu.tar.xz
  rust-1.62.1-powerpc-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-powerpc64-unknown-linux-gnu.tar.xz
  rust-1.62.1-powerpc64-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-powerpc64le-unknown-linux-gnu.tar.xz
  rust-1.62.1-powerpc64le-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-riscv64gc-unknown-linux-gnu.tar.xz
  rust-1.62.1-riscv64gc-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-s390x-unknown-linux-gnu.tar.xz
  rust-1.62.1-s390x-unknown-linux-gnu.tar.xz.asc
  rust-1.62.1-x86_64-unknown-linux-gnu.tar.xz
  rust-1.62.1-x86_64-unknown-linux-gnu.tar.xz.asc
  rustc-1.62.1-src.tar.xz



Other differences:
--
++ rust1.62.spec ++
--- /var/tmp/diff_new_pack.Q5Gx2H/_old  2022-07-21 11:34:46.919029881 +0200
+++ /var/tmp/diff_new_pack.Q5Gx2H/_new  2022-07-21 11:34:46.923029885 +0200
@@ -18,7 +18,7 @@
 
 
 %global version_suffix 1.62
-%global version_current 1.62.0
+%global version_current 1.62.1
 %global version_previous 1.61.0
 # This has to be kept lock step to the rust version.
 %global llvm_version 14
@@ -151,8 +151,6 @@
 %bcond_with wasi
 %endif
 
-
-
 # Test is done in a different multibuild package (rustXXX-test).  This
 # package will replace the local-rust-root and use the systems's one
 # from the rustXXX package itself.  This will exercise the compiler,

++ rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz -> 
rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz ++
/work/SRC/openSUSE:Factory/rust1.62/rust-1.62.0-aarch64-unknown-linux-gnu.tar.xz
 
/work/SRC/openSUSE:Factory/.rust1.62.new.1523/rust-1.62.1-aarch64-unknown-linux-gnu.tar.xz
 differ: char 15, line 1

++ rust-1.62.0-ar

commit rust1.62 for openSUSE:Factory

commit rust1.62 for openSUSE:Factory

commit rust1.62 for openSUSE:Factory

commit rust1.62 for openSUSE:Factory

4 matches

Site Navigation

Mail list logo

Footer information