1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 03:47:03 +00:00
Files
Deepthi Hemraj 4f9e22bd67 rust: Fix CVE-2023-40030
CVE:CVE-2023-40030

This converts the feature name validation check from a warning to an error

Upstream-Status: Backport from https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33

Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-40030

(From OE-Core rev: c55e8f8b1971cc9f311b6a18a34c4c34f732177a)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-01-04 04:09:43 -10:00

21 lines
980 B
PHP

RUST_VERSION ?= "${@d.getVar('PV').split('-')[0]}"
SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;name=rust \
file://hardcodepaths.patch;patchdir=${RUSTSRC} \
file://getrandom-open64.patch;patchdir=${RUSTSRC} \
file://0001-Do-not-use-LFS64-on-linux-with-musl.patch;patchdir=${RUSTSRC} \
file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
file://bootstrap_fail.patch;patchdir=${RUSTSRC} \
file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \
"
SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"
RUSTSRC = "${WORKDIR}/rustc-${RUST_VERSION}-src"
# Used by crossbeam_atomic.patch
export TARGET_VENDOR
UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html"
UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"