import UBI rust-1.66.1-2.el9_2

2023-08-14 16:06:19 +00:00 · 2023-08-14 16:06:19 +00:00 · 3af2802ed6
parent 69013e98d0
commit 3af2802ed6
2 changed files with 1477 additions and 1 deletions
--- a/SOURCES/CVE-2023-38497-cargo-umask.patch
+++ b/SOURCES/CVE-2023-38497-cargo-umask.patch
--- a/SPECS/rust.spec
+++ b/SPECS/rust.spec
@ -84,7 +84,7 @@

 Name:           rust
 Version:        1.66.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Rust Programming Language
 License:        (ASL 2.0 or MIT) and (BSD and MIT)
 # ^ written as: (rust itself) and (bundled libraries)
@ -115,6 +115,9 @@ Patch4:         0001-Improve-generating-Custom-entry-function.patch
 # https://github.com/rust-lang/rust/pull/105468
 Patch5:         0001-Mangle-main-as-__main_void-on-wasm32-wasi.patch

+# CVE-2023-38497: cargo does not respect the umask when extracting dependencies
+Patch6:         CVE-2023-38497-cargo-umask.patch
+
 ### RHEL-specific patches below ###

 # Simple rpm macros for rust-toolset (as opposed to full rust-packaging)
@ -592,6 +595,7 @@ test -f '%{local_rust_root}/bin/rustc'
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1

 %if %with disabled_libssh2
 %patch100 -p1
@ -1056,6 +1060,10 @@ end}


 %changelog
+* Mon Aug 07 2023 Josh Stone <jistone@redhat.com> - 1.66.1-2
+- CVE-2023-38497: fix cargo to respect umask
+- Resolves: rhbz#2228140
+
 * Wed Jan 11 2023 Josh Stone <jistone@redhat.com> - 1.66.1-1
 - Update to 1.66.1.