Update to 1.77.0

(cherry picked from commit b34a8df02be7d7609b73027b0c3790cb5b3fe3a2)
2024-04-02 15:22:43 +08:00 · 2024-04-02 15:22:43 +08:00 · 57bcf485aa
commit 57bcf485aa
parent 6677775be9
8 changed files with 71 additions and 173 deletions
--- a/CVE-2024-24575.patch
+++ b/CVE-2024-24575.patch
@ -1,50 +0,0 @@
-From c9d31b711e8906cf248566f43142f20b03e20cbf Mon Sep 17 00:00:00 2001
-From: Edward Thomson <ethomson@edwardthomson.com>
-Date: Fri, 17 Nov 2023 16:54:47 +0000
-Subject: [PATCH] revparse: fix parsing bug for trailing `@`
-
-Origin: https://github.com/libgit2/libgit2/commit/c9d31b711e8906cf248566f43142f20b03e20cbf
-
-When parsing a revspec that ends with a trailing `@`, explicitly stop
-parsing. Introduce a sentinel variable to explicitly stop parsing.
-
-Prior to this, we would set `spec` to `HEAD`, but were looping on the
-value of `spec[pos]`, so we would continue walking the (new) `spec`
-at offset `pos`, looking for a NUL. This is obviously an out-of-bounds
-read.
-
-Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
---
- vendor/libgit2-sys/libgit2/src/libgit2/revparse.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c b/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-index 964afe378da..06d92f82bf2 100644
--- a/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-+++ b/vendor/libgit2-sys/libgit2/src/libgit2/revparse.c
-@@ -701,6 +701,7 @@ static int revparse(
- 	git_object *base_rev = NULL;
- 
- 	bool should_return_reference = true;
-+	bool parsed = false;
- 
- 	GIT_ASSERT_ARG(object_out);
- 	GIT_ASSERT_ARG(reference_out);
-@@ -710,7 +711,7 @@ static int revparse(
- 	*object_out = NULL;
- 	*reference_out = NULL;
- 
-	while (spec[pos]) {
-+	while (!parsed && spec[pos]) {
- 		switch (spec[pos]) {
- 		case '^':
- 			should_return_reference = false;
-@@ -817,6 +818,8 @@ static int revparse(
- 				break;
- 			} else if (spec[pos+1] == '\0') {
- 				spec = "HEAD";
-+				identifier_len = 4;
-+				parsed = true;
- 				break;
- 			}
- 			/* fall through */
--- a/CVE-2024-24577.patch
+++ b/CVE-2024-24577.patch
@ -1,51 +0,0 @@
-From eb4c1716cd92bf56f2770653a915d5fc01eab8f3 Mon Sep 17 00:00:00 2001
-From: Edward Thomson <ethomson@edwardthomson.com>
-Date: Sat, 16 Dec 2023 11:19:07 +0000
-Subject: [PATCH] index: correct index has_dir_name check
-
-Origin: https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
-
-`has_dir_name` is used to check for directory/file collisions,
-and attempts to determine whether the index contains a file with
-a directory name that is a proper subset of the new index entry
-that we're trying to add.
-
-To determine directory name, the function would walk the path string
-backwards to identify a `/`, stopping at the end of the string. However,
-the function assumed that the strings did not start with a `/`. If the
-paths contain only a single `/` at the beginning of the string, then the
-function would continue the loop, erroneously, when they should have
-stopped at the first character.
-
-Correct the order of the tests to terminate properly.
-
-Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
-
---
- vendor/libgit2-sys/libgit2/src/libgit2/index.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/vendor/libgit2-sys/libgit2/src/libgit2/index.c b/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-index 7ebe075..7862273 100644
--- a/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-+++ b/vendor/libgit2-sys/libgit2/src/libgit2/index.c
-@@ -1155,10 +1155,14 @@ static int has_dir_name(git_index *index,
- 		size_t len, pos;
- 
- 		for (;;) {
-			if (*--slash == '/')
-				break;
-+			slash--;
-+
- 			if (slash <= entry->path)
- 				return 0;
-+
-+
-+			if (*slash == '/')
-+				break;
- 		}
- 		len = slash - name;
- 
-- 
-2.23.0
-
--- a/rust.spec
+++ b/rust.spec
@ -1,7 +1,7 @@
-%global bootstrap_rust 1.75.0
-%global bootstrap_cargo 1.75.0
-%global bootstrap_channel 1.75.0
-%global bootstrap_date 2023-12-28
+%global bootstrap_rust 1.76.0
+%global bootstrap_cargo 1.76.0
+%global bootstrap_channel 1.76.0
+%global bootstrap_date 2024-02-08
 %bcond_with llvm_static
 %bcond_with bundled_llvm
 %bcond_without bundled_libgit2
@ -10,7 +10,7 @@
 %bcond_without analyzer

 Name:                rust
-Version:             1.76.0
+Version:             1.77.0
 Release:             1
 Summary:             The Rust Programming Language
 License:             Apache-2.0 OR MIT
@ -23,13 +23,11 @@ Source3:             cargo-config
 Source4:             cargo-config.sh
 Source5:             cargo-config.csh

-Patch0000:           rustc-1.76.0-disable-libssh2.patch
+Patch0000:           rustc-1.77.0-disable-libssh2.patch
 # By default, rust tries to use "rust-lld" as a linker for some targets.
 Patch0001:           0001-Use-lld-provided-by-system.patch
 # Set a substitute-path in rust-gdb for standard library sources.
 Patch0002:           rustc-1.70.0-rust-gdb-substitute-path.patch
-Patch0003:           CVE-2024-24575.patch
-Patch0004:           CVE-2024-24577.patch

 %{lua: function rust_triple(arch)
  local abi = "gnu"
@ -236,12 +234,10 @@ Man pages and other related help documents for rust.

 %prep
 # download source0 and gpg check
-cd %{_sourcedir}
-rm -f %{SOURCE0}
-wget https://user-repo.openeuler.openatom.cn/lfs-tar/rust/rustc-%{version}-src.tar.xz
+wget -qO %{SOURCE0} https://user-repo.openeuler.openatom.cn/lfs-tar/rust/rustc-%{version}-src.tar.xz
 gpg --import %{SOURCE2}
 gpg --verify %{SOURCE1} %{SOURCE0}
-cd -
+
 %ifarch %{bootstrap_arches}
 %setup -q -n %{bootstrap_root} -T -b %{bootstrap_source}
 ./install.sh --components=cargo,rustc,rust-std-%{rust_triple} \
@ -258,8 +254,6 @@ sed -i.try-python -e '/^try python3 /i try "%{python}" "$@"' ./configure
 %endif
 %patch -P 0001 -p1
 %patch -P 0002 -p1
-%patch -P 0003 -p1
-%patch -P 0004 -p1
 rm -rf vendor/curl-sys*/curl/
 rm -rf vendor/jemalloc-sys/jemalloc/
 rm -rf vendor/libffi-sys*/libffi/
@ -490,6 +484,9 @@ export %{rust_env}
 %{_mandir}/man1/cargo*.1*

 %changelog
+* Wed Apr 03 2024 wangkai <13474090681@163.com> - 1.77.0-1
+- Update to 1.77.0
+
 * Tue Feb 20 2024 wangkai <13474090681@163.com> - 1.76.0-1
 - Update to 1.76.0

--- a/rustc-1.76.0-disable-libssh2.patch
+++ b/rustc-1.76.0-disable-libssh2.patch
@ -1,42 +0,0 @@
--- rustc-beta-src/src/tools/cargo/Cargo.lock.orig	2024-01-07 18:12:08.000000000 -0800
-+++ rustc-beta-src/src/tools/cargo/Cargo.lock	2024-01-09 15:25:51.519781381 -0800
-@@ -2071,7 +2071,6 @@
- dependencies = [
-  "cc",
-  "libc",
- "libssh2-sys",
-  "libz-sys",
-  "openssl-sys",
-  "pkg-config",
-@@ -2113,20 +2112,6 @@
-  "pkg-config",
-  "vcpkg",
- ]
-
-[[package]]
-name = "libssh2-sys"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dc8a030b787e2119a731f1951d6a773e2280c660f8ec4b0f5e1505a386e71ee"
-dependencies = [
- "cc",
- "libc",
- "libz-sys",
- "openssl-sys",
- "pkg-config",
- "vcpkg",
-]
- 
- [[package]]
- name = "libz-sys"
--- rustc-beta-src/src/tools/cargo/Cargo.toml.orig	2024-01-09 15:23:02.369032291 -0800
-+++ rustc-beta-src/src/tools/cargo/Cargo.toml	2024-01-09 15:24:44.015679666 -0800
-@@ -40,7 +40,7 @@
- curl-sys = "0.4.70"
- filetime = "0.2.22"
- flate2 = { version = "1.0.28", default-features = false, features = ["zlib"] }
-git2 = "0.18.1"
-+git2 = { version = "0.18.1", default-features = false, features = ["https"] }
- git2-curl = "0.19.0"
- gix = { version = "0.56.0", default-features = false, features = ["blocking-http-transport-curl", "progress-tree", "revision"] }
- gix-features-for-configuration-only = { version = "0.35.0", package = "gix-features", features = [ "parallel" ] }
--- a/rustc-1.76.0-src.tar.xz.asc
+++ b/rustc-1.76.0-src.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-wsFcBAABCgAQBQJlxNqSCRCFq5bm+hvl/gAA8kIP/ib21y3Rg18POvESXFDPmXAT
-blvZsJwR4GsPcUeT2cUYEsWqrtEjoEjMPDumhaSJY4nt6wuAdpCSDf9RQxFSn5vW
-Um68Q4dMqmIA2BOIbgDYIBwMUm+Q/ft+1eaKvitJSldqJCTFVXCee1MxeHpE9HSb
-2sBC1sGD0aPecMJ9gnSYo57O9rAtItfWroek8KJ+NOxWABHkbRxhx4wSTK4mPy1i
-DAtL4VYXomN3OvU1JiunAKhyuIttnrkH92x+YeUlNwOeLTECfLp8sq9yD0hgAkdW
-b12ARrQCnBV3HwrgQNIw78ypPOSDYj4B++NB5F2j3wMCyIs6j/891F14ugzLEHuO
-b1sjw/xW12kgUbRoyoW/5o60qE18QxgKaxNfgRme/XEF7hBxwFhOcc3BrBTvcA70
-enFXpiqswpdvAMpW/YNEwT+Zm0UnWmsU9NXSB4cc8otL9Hj4oYyfX1q6XgmuyupL
-jNXSd5evfTEjqcnpHFe0pnNJEExET7EQsEWFgn9J4K7hymSu/bliHMBIx+DAA4Ry
-IMBP51oj+o+I8E84z9LDlBshGvcJvYsAXMrbpHonng7u9smitSA+oAy54qevS8+9
-kK+UYY95Pl++BxdAFemsldoC0KkKJXGxK0FR2o1ttAA1I+uXrJLJXg8/K7binCeW
-A7AXRJdE/spq/O9snPcA
-=lnbm
-----END PGP SIGNATURE-----
--- a/rustc-1.77.0-disable-libssh2.patch
+++ b/rustc-1.77.0-disable-libssh2.patch
@ -0,0 +1,44 @@
+diff -up rustc-beta-src/src/tools/cargo/Cargo.lock.orig rustc-beta-src/src/tools/cargo/Cargo.lock
+--- rustc-beta-src/src/tools/cargo/Cargo.lock.orig	2024-02-14 14:06:05.881165093 +0100
+++ rustc-beta-src/src/tools/cargo/Cargo.lock	2024-02-14 14:06:27.169456166 +0100
+@@ -2072,7 +2072,6 @@ checksum = "ee4126d8b4ee5c9d9ea891dd875c
+ dependencies = [
+  "cc",
+  "libc",
+- "libssh2-sys",
+  "libz-sys",
+  "openssl-sys",
+  "pkg-config",
+@@ -2113,20 +2112,6 @@ dependencies = [
+  "pkg-config",
+  "vcpkg",
+ ]
+-
+-[[package]]
+-name = "libssh2-sys"
+-version = "0.3.0"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "2dc8a030b787e2119a731f1951d6a773e2280c660f8ec4b0f5e1505a386e71ee"
+-dependencies = [
+- "cc",
+- "libc",
+- "libz-sys",
+- "openssl-sys",
+- "pkg-config",
+- "vcpkg",
+-]
+ 
+ [[package]]
+ name = "libz-sys"
+diff -up rustc-beta-src/src/tools/cargo/Cargo.toml.orig rustc-beta-src/src/tools/cargo/Cargo.toml
+--- rustc-beta-src/src/tools/cargo/Cargo.toml.orig	2024-02-14 14:06:10.400226884 +0100
+++ rustc-beta-src/src/tools/cargo/Cargo.toml	2024-02-14 14:06:51.225785086 +0100
+@@ -44,7 +44,7 @@ curl = "0.4.44"
+ curl-sys = "0.4.70"
+ filetime = "0.2.23"
+ flate2 = { version = "1.0.28", default-features = false, features = ["zlib"] }
+-git2 = "0.18.2"
+git2 = { version = "0.18.2", default-features = false, features = ["https"] }
+ git2-curl = "0.19.0"
+ gix = { version = "0.57.1", default-features = false, features = ["blocking-http-transport-curl", "progress-tree", "revision"] }
+ gix-features-for-configuration-only = { version = "0.37.1", package = "gix-features", features = [ "parallel" ] }
--- a/rustc-1.77.0-src.tar.xz
+++ b/rustc-1.77.0-src.tar.xz
--- a/rustc-1.77.0-src.tar.xz.asc
+++ b/rustc-1.77.0-src.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+wsFcBAABCgAQBQJl/CkOCRCFq5bm+hvl/gAAuN4P/AxpjflIRg2vOkzczcrTlQYU
+fe9c75ru0IH5RpKZ4sTVaG+qoJqsTD/08Dzv06KzNqiShXFBGsSaZ3f46n7jZW8f
+bYQFNeCU8jz2DxxvoAty38Zlk5ib/38Cu95ckSoXBDuycXrFTY9ojc6NWSu2vNE4
+JXv2yRkW6hiNdO87/KV5H8eshklOGudWVkcoRRZw91X2DopsdqTMiCHzPOWGK3J1
+mdz9DjkVj6DKDetrbuX/7N1zosI49Zmg5Eb15JE30pG43l7pyCfKtB2IKpLmugNn
+hSi9QqpL0/qKHWVNJ2E2ZkVrCtdX8crxlN8iE/U+VNVa7ZpzsIv7w7SYI4e15HEd
+pPWfurYy0gKNpOABiROebqfAfPgDUyU9sufvDnQJD5jv0LWqrBibm2fekIc4xC1B
+hvXU46xfXiVqwIgR5FjmwVEwphZoGmju4WrMLQ/bVjfMC8MInISQv4MiFw/0JY/B
+f0ePnVQ2kRU/ls1VxidXnKalTNSoR1ORGVDNR3wJV0Ju9xROzWWO0b9p4m5ciyO+
+uwMTQcyxyCtNfnxpXTB3XY2YD1ZjqIzop9D3+aRMajxa/PmlxhgXveUjDUc6tc+v
+9rQODuxbKHKbg4BlVrtMWIVDV0zArASTuTI3u74+aPCht7Dq3AsnWHhAydeGKwoT
+hM+dv4sh161mi7G6WMgN
+=eWLu
+-----END PGP SIGNATURE-----