diff options
| author | bors <bors@rust-lang.org> | 2023-01-10 18:47:05 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2023-01-10 18:47:05 +0000 |
| commit | 90743e7298aca107ddaa0c202a4d3604e29bfeb6 (patch) | |
| tree | b9d89dc0174f00106b9da239fc97a1d06dd28498 | |
| parent | 69f9c33d71c871fc16ac445211281c6e7a340943 (diff) | |
| parent | 7a7064963ee41885be88f558736ca73dd8b02d70 (diff) | |
Auto merge of #106685 - pietroalbini:pa-cve-stable, r=pietroalbini1.66.1
[stable] Prepare Rust 1.66.1 and fix CVE-2022-46176
See https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html
r? `@ghost`
| -rw-r--r-- | Cargo.lock | 63 | ||||
| -rw-r--r-- | RELEASES.md | 5 | ||||
| -rwxr-xr-x | src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh | 2 | ||||
| -rwxr-xr-x | src/ci/scripts/checkout-submodules.sh | 15 | ||||
| m--------- | src/tools/cargo | 0 | ||||
| -rw-r--r-- | src/tools/tidy/src/deps.rs | 2 | ||||
| -rw-r--r-- | src/version | 2 |
7 files changed, 67 insertions, 22 deletions
diff --git a/Cargo.lock b/Cargo.lock index dab693419a9..50f73283786 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -195,6 +195,12 @@ dependencies = [ ] [[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + +[[package]] name = "bitflags" version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -288,10 +294,11 @@ dependencies = [ [[package]] name = "cargo" -version = "0.67.0" +version = "0.67.1" dependencies = [ "anyhow", "atty", + "base64", "bytesize", "cargo-platform 0.1.2", "cargo-test-macro", @@ -309,6 +316,7 @@ dependencies = [ "git2-curl", "glob", "hex 0.4.2", + "hmac", "home", "humantime 2.0.1", "ignore", @@ -336,6 +344,7 @@ dependencies = [ "serde-value", "serde_ignored", "serde_json", + "sha1", "shell-escape", "snapbox", "strip-ansi-escapes", @@ -1004,11 +1013,12 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.1.2" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4600d695eb3f6ce1cd44e6e291adceb2cc3ab12f20a33777ecd0bf6eba34e06" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", + "typenum", ] [[package]] @@ -1095,12 +1105,13 @@ checksum = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198" [[package]] name = "digest" -version = "0.10.2" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb780dce4f9a8f5c087362b3a4595936b2019e7c8b30f2c3e9a7e94e6ae9837" +checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ "block-buffer", "crypto-common", + "subtle", ] [[package]] @@ -1558,9 +1569,9 @@ dependencies = [ [[package]] name = "git2" -version = "0.15.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2994bee4a3a6a51eb90c218523be382fd7ea09b16380b9312e9dbe955ff7c7d1" +checksum = "be36bc9e0546df253c0cc41fd0af34f5e92845ad8509462ec76672fac6997f5b" dependencies = [ "bitflags", "libc", @@ -1573,9 +1584,9 @@ dependencies = [ [[package]] name = "git2-curl" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed817a00721e2f8037ba722e60358d4956dae9cca10315fc982f967907d3b0cd" +checksum = "7577f4e6341ba7c90d883511130a45b956c274ba5f4d205d9f9da990f654cd33" dependencies = [ "curl", "git2", @@ -1677,6 +1688,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" [[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] name = "home" version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1963,9 +1983,9 @@ dependencies = [ [[package]] name = "libgit2-sys" -version = "0.14.0+1.5.0" +version = "0.14.1+1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47a00859c70c8a4f7218e6d1cc32875c4b55f6799445b842b0d8ed5e4c3d959b" +checksum = "4a07fb2692bc3593bda59de45a502bb3071659f2c515e28c71e728306b038e17" dependencies = [ "cc", "libc", @@ -4537,6 +4557,17 @@ dependencies = [ ] [[package]] +name = "sha1" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "digest", +] + +[[package]] name = "sha2" version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -4746,6 +4777,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + +[[package]] name = "syn" version = "1.0.102" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -5106,9 +5143,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.12.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" +checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" [[package]] name = "ucd-parse" diff --git a/RELEASES.md b/RELEASES.md index 5b4d6ccd9b8..691bc946c51 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,3 +1,8 @@ +Version 1.66.1 (2023-01-10) +=========================== + +- Added validation of SSH host keys for git URLs in Cargo ([CVE-2022-46176](https://www.cve.org/CVERecord?id=CVE-2022-46176)) + Version 1.66.0 (2022-12-15) ========================== diff --git a/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh b/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh index 80a066cac29..33da9f7f381 100755 --- a/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh +++ b/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh @@ -27,6 +27,6 @@ python3 "$X_PY" test --stage 2 src/tools/rustfmt python3 "$X_PY" test --stage 2 src/tools/miri # We natively run this script on x86_64-unknown-linux-gnu and x86_64-pc-windows-msvc. # Also cover some other targets (on both of these hosts) via cross-testing. -python3 "$X_PY" test --stage 2 src/tools/miri --target i686-pc-windows-msvc +#python3 "$X_PY" test --stage 2 src/tools/miri --target i686-pc-windows-msvc #FIXME(https://github.com/rust-lang/rust/issues/103519): macOS testing is currently disabled # python3 "$X_PY" test --stage 2 src/tools/miri --target aarch64-apple-darwin diff --git a/src/ci/scripts/checkout-submodules.sh b/src/ci/scripts/checkout-submodules.sh index f6cb8f8a6da..5bb343241ae 100755 --- a/src/ci/scripts/checkout-submodules.sh +++ b/src/ci/scripts/checkout-submodules.sh @@ -36,7 +36,8 @@ function fetch_github_commit_archive { rm $cached } -included="src/llvm-project src/doc/book src/doc/rust-by-example" +#included="src/llvm-project src/doc/book src/doc/rust-by-example" +included="" modules="$(git config --file .gitmodules --get-regexp '\.path$' | cut -d' ' -f2)" modules=($modules) use_git="" @@ -60,9 +61,9 @@ done retry sh -c "git submodule deinit -f $use_git && \ git submodule sync && \ git submodule update -j 16 --init --recursive --depth 1 $use_git" -STATUS=0 -for pid in ${bg_pids[*]} -do - wait $pid || STATUS=1 -done -exit ${STATUS} +#STATUS=0 +#for pid in ${bg_pids[*]} +#do +# wait $pid || STATUS=1 +#done +#exit ${STATUS} diff --git a/src/tools/cargo b/src/tools/cargo -Subproject d65d197ad5c6c09234369f219f943e291d4f04b +Subproject ad779e08be893e57a9e17a810223a3e966f8c0d diff --git a/src/tools/tidy/src/deps.rs b/src/tools/tidy/src/deps.rs index 8a0239eceff..06c89cea1e2 100644 --- a/src/tools/tidy/src/deps.rs +++ b/src/tools/tidy/src/deps.rs @@ -47,6 +47,7 @@ const EXCEPTIONS: &[(&str, &str)] = &[ ("dunce", "CC0-1.0"), // cargo (dev dependency) ("similar", "Apache-2.0"), // cargo (dev dependency) ("normalize-line-endings", "Apache-2.0"), // cargo (dev dependency) + ("subtle", "BSD-3-Clause"), // cargo ]; const EXCEPTIONS_CRANELIFT: &[(&str, &str)] = &[ @@ -205,6 +206,7 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[ "snap", "stable_deref_trait", "stacker", + "subtle", "syn", "synstructure", "tempfile", diff --git a/src/version b/src/version index b6148bc0a75..0403bed10c3 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -1.66.0 +1.66.1 |