diff --git a/Cargo.lock b/Cargo.lock index dab693419a95d..50f7328378653 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -194,6 +194,12 @@ dependencies = [ "rustc-demangle", ] +[[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + [[package]] name = "bitflags" version = "1.3.2" @@ -288,10 +294,11 @@ dependencies = [ [[package]] name = "cargo" -version = "0.67.0" +version = "0.67.1" dependencies = [ "anyhow", "atty", + "base64", "bytesize", "cargo-platform 0.1.2", "cargo-test-macro", @@ -309,6 +316,7 @@ dependencies = [ "git2-curl", "glob", "hex 0.4.2", + "hmac", "home", "humantime 2.0.1", "ignore", @@ -336,6 +344,7 @@ dependencies = [ "serde-value", "serde_ignored", "serde_json", + "sha1", "shell-escape", "snapbox", "strip-ansi-escapes", @@ -1004,11 +1013,12 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.1.2" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4600d695eb3f6ce1cd44e6e291adceb2cc3ab12f20a33777ecd0bf6eba34e06" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", + "typenum", ] [[package]] @@ -1095,12 +1105,13 @@ checksum = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198" [[package]] name = "digest" -version = "0.10.2" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb780dce4f9a8f5c087362b3a4595936b2019e7c8b30f2c3e9a7e94e6ae9837" +checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ "block-buffer", "crypto-common", + "subtle", ] [[package]] @@ -1558,9 +1569,9 @@ dependencies = [ [[package]] name = "git2" -version = "0.15.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2994bee4a3a6a51eb90c218523be382fd7ea09b16380b9312e9dbe955ff7c7d1" +checksum = "be36bc9e0546df253c0cc41fd0af34f5e92845ad8509462ec76672fac6997f5b" dependencies = [ "bitflags", "libc", @@ -1573,9 +1584,9 @@ dependencies = [ [[package]] name = "git2-curl" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed817a00721e2f8037ba722e60358d4956dae9cca10315fc982f967907d3b0cd" +checksum = "7577f4e6341ba7c90d883511130a45b956c274ba5f4d205d9f9da990f654cd33" dependencies = [ "curl", "git2", @@ -1676,6 +1687,15 @@ version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + [[package]] name = "home" version = "0.5.3" @@ -1963,9 +1983,9 @@ dependencies = [ [[package]] name = "libgit2-sys" -version = "0.14.0+1.5.0" +version = "0.14.1+1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47a00859c70c8a4f7218e6d1cc32875c4b55f6799445b842b0d8ed5e4c3d959b" +checksum = "4a07fb2692bc3593bda59de45a502bb3071659f2c515e28c71e728306b038e17" dependencies = [ "cc", "libc", @@ -4536,6 +4556,17 @@ dependencies = [ "digest", ] +[[package]] +name = "sha1" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "digest", +] + [[package]] name = "sha2" version = "0.10.1" @@ -4745,6 +4776,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" version = "1.0.102" @@ -5106,9 +5143,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.12.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33" +checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" [[package]] name = "ucd-parse" diff --git a/RELEASES.md b/RELEASES.md index 5b4d6ccd9b8b8..691bc946c5109 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -1,3 +1,8 @@ +Version 1.66.1 (2023-01-10) +=========================== + +- Added validation of SSH host keys for git URLs in Cargo ([CVE-2022-46176](https://www.cve.org/CVERecord?id=CVE-2022-46176)) + Version 1.66.0 (2022-12-15) ========================== diff --git a/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh b/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh index 80a066cac298a..33da9f7f3811c 100755 --- a/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh +++ b/src/ci/docker/host-x86_64/x86_64-gnu-tools/checktools.sh @@ -27,6 +27,6 @@ python3 "$X_PY" test --stage 2 src/tools/rustfmt python3 "$X_PY" test --stage 2 src/tools/miri # We natively run this script on x86_64-unknown-linux-gnu and x86_64-pc-windows-msvc. # Also cover some other targets (on both of these hosts) via cross-testing. -python3 "$X_PY" test --stage 2 src/tools/miri --target i686-pc-windows-msvc +#python3 "$X_PY" test --stage 2 src/tools/miri --target i686-pc-windows-msvc #FIXME(https://github.com/rust-lang/rust/issues/103519): macOS testing is currently disabled # python3 "$X_PY" test --stage 2 src/tools/miri --target aarch64-apple-darwin diff --git a/src/ci/scripts/checkout-submodules.sh b/src/ci/scripts/checkout-submodules.sh index f6cb8f8a6da65..5bb343241aea6 100755 --- a/src/ci/scripts/checkout-submodules.sh +++ b/src/ci/scripts/checkout-submodules.sh @@ -36,7 +36,8 @@ function fetch_github_commit_archive { rm $cached } -included="src/llvm-project src/doc/book src/doc/rust-by-example" +#included="src/llvm-project src/doc/book src/doc/rust-by-example" +included="" modules="$(git config --file .gitmodules --get-regexp '\.path$' | cut -d' ' -f2)" modules=($modules) use_git="" @@ -60,9 +61,9 @@ done retry sh -c "git submodule deinit -f $use_git && \ git submodule sync && \ git submodule update -j 16 --init --recursive --depth 1 $use_git" -STATUS=0 -for pid in ${bg_pids[*]} -do - wait $pid || STATUS=1 -done -exit ${STATUS} +#STATUS=0 +#for pid in ${bg_pids[*]} +#do +# wait $pid || STATUS=1 +#done +#exit ${STATUS} diff --git a/src/tools/cargo b/src/tools/cargo index d65d197ad5c6c..ad779e08be893 160000 --- a/src/tools/cargo +++ b/src/tools/cargo @@ -1 +1 @@ -Subproject commit d65d197ad5c6c09234369f219f943e291d4f04b9 +Subproject commit ad779e08be893e57a9e17a810223a3e966f8c0d8 diff --git a/src/tools/tidy/src/deps.rs b/src/tools/tidy/src/deps.rs index 8a0239eceff13..06c89cea1e21d 100644 --- a/src/tools/tidy/src/deps.rs +++ b/src/tools/tidy/src/deps.rs @@ -47,6 +47,7 @@ const EXCEPTIONS: &[(&str, &str)] = &[ ("dunce", "CC0-1.0"), // cargo (dev dependency) ("similar", "Apache-2.0"), // cargo (dev dependency) ("normalize-line-endings", "Apache-2.0"), // cargo (dev dependency) + ("subtle", "BSD-3-Clause"), // cargo ]; const EXCEPTIONS_CRANELIFT: &[(&str, &str)] = &[ @@ -205,6 +206,7 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[ "snap", "stable_deref_trait", "stacker", + "subtle", "syn", "synstructure", "tempfile", diff --git a/src/version b/src/version index b6148bc0a759f..0403bed10c327 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -1.66.0 +1.66.1