3 files changed, 316 insertions, 0 deletions

diff --git a/dev-lang/rust/files/1.61.0-gentoo-musl-target-specs.patch b/dev-lang/rust/files/1.61.0-gentoo-musl-target-specs.patch
new file mode 100644
index 000000000000..970148124365
--- /dev/null
+++ b/dev-lang/rust/files/1.61.0-gentoo-musl-target-specs.patch
@@ -0,0 +1,166 @@
+From 331c3839ebb0099101e1d2f88205ea42f4e3b319 Mon Sep 17 00:00:00 2001
+From: Georgy Yakovlev <gyakovlev@gentoo.org>
+Date: Tue, 24 May 2022 12:03:20 -0700
+Subject: [PATCH] add gentoo musl target specs
+
+---
+ .../src/spec/aarch64_gentoo_linux_musl.rs     |   11 +
+ .../src/spec/armv7_gentoo_linux_musleabihf.rs |   11 +
+ .../src/spec/i686_gentoo_linux_musl.rs        |   11 +
+ compiler/rustc_target/src/spec/mod.rs         |    8 +
+ compiler/rustc_target/src/spec/mod.rs.orig    | 2465 +++++++++++++++++
+ .../src/spec/powerpc64_gentoo_linux_musl.rs   |   11 +
+ .../src/spec/powerpc64le_gentoo_linux_musl.rs |   11 +
+ .../src/spec/powerpc_gentoo_linux_musl.rs     |   11 +
+ .../src/spec/x86_64_gentoo_linux_musl.rs      |   11 +
+ 9 files changed, 2550 insertions(+)
+ create mode 100644 compiler/rustc_target/src/spec/aarch64_gentoo_linux_musl.rs
+ create mode 100644 compiler/rustc_target/src/spec/armv7_gentoo_linux_musleabihf.rs
+ create mode 100644 compiler/rustc_target/src/spec/i686_gentoo_linux_musl.rs
+ create mode 100644 compiler/rustc_target/src/spec/mod.rs.orig
+ create mode 100644 compiler/rustc_target/src/spec/powerpc64_gentoo_linux_musl.rs
+ create mode 100644 compiler/rustc_target/src/spec/powerpc64le_gentoo_linux_musl.rs
+ create mode 100644 compiler/rustc_target/src/spec/powerpc_gentoo_linux_musl.rs
+ create mode 100644 compiler/rustc_target/src/spec/x86_64_gentoo_linux_musl.rs
+
+diff --git a/compiler/rustc_target/src/spec/aarch64_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/aarch64_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..ca5f28f
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/aarch64_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::aarch64_unknown_linux_musl::target();
++
++    base.llvm_target = "aarch64-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/armv7_gentoo_linux_musleabihf.rs b/compiler/rustc_target/src/spec/armv7_gentoo_linux_musleabihf.rs
+new file mode 100644
+index 0000000..24b3b30
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/armv7_gentoo_linux_musleabihf.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::armv7_unknown_linux_musleabihf::target();
++
++    base.llvm_target = "armv7-gentoo-linux-musleabihf".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/i686_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/i686_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..cab0923
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/i686_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::i686_unknown_linux_musl::target();
++
++    base.llvm_target = "i686-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/mod.rs b/compiler/rustc_target/src/spec/mod.rs
+index bd5b712..34b923b 100644
+--- a/compiler/rustc_target/src/spec/mod.rs
++++ b/compiler/rustc_target/src/spec/mod.rs
+@@ -808,6 +808,14 @@ macro_rules! supported_targets {
+ }
+ 
+ supported_targets! {
++    ("aarch64-gentoo-linux-musl", aarch64_gentoo_linux_musl),
++    ("armv7-gentoo-linux-musleabihf", armv7_gentoo_linux_musleabihf),
++    ("i686-gentoo-linux-musl", i686_gentoo_linux_musl),
++    ("powerpc-gentoo-linux-musl", powerpc_gentoo_linux_musl),
++    ("powerpc64-gentoo-linux-musl", powerpc64_gentoo_linux_musl),
++    ("powerpc64le-gentoo-linux-musl", powerpc64le_gentoo_linux_musl),
++    ("x86_64-gentoo-linux-musl", x86_64_gentoo_linux_musl),
++
+     ("x86_64-unknown-linux-gnu", x86_64_unknown_linux_gnu),
+     ("x86_64-unknown-linux-gnux32", x86_64_unknown_linux_gnux32),
+     ("i686-unknown-linux-gnu", i686_unknown_linux_gnu),
+diff --git a/compiler/rustc_target/src/spec/powerpc64_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/powerpc64_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..b188a7c
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/powerpc64_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::powerpc64_unknown_linux_musl::target();
++
++    base.llvm_target = "powerpc64-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/powerpc64le_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/powerpc64le_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..395f603
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/powerpc64le_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::powerpc64le_unknown_linux_musl::target();
++
++    base.llvm_target = "powerpc64le-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/powerpc_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/powerpc_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..cb3121d
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/powerpc_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::powerpc_unknown_linux_musl::target();
++
++    base.llvm_target = "powerpc-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+diff --git a/compiler/rustc_target/src/spec/x86_64_gentoo_linux_musl.rs b/compiler/rustc_target/src/spec/x86_64_gentoo_linux_musl.rs
+new file mode 100644
+index 0000000..2fcdb66
+--- /dev/null
++++ b/compiler/rustc_target/src/spec/x86_64_gentoo_linux_musl.rs
+@@ -0,0 +1,11 @@
++use crate::spec::Target;
++
++pub fn target() -> Target {
++    let mut base = super::x86_64_unknown_linux_musl::target();
++
++    base.llvm_target = "x86_64-gentoo-linux-musl".into();
++    base.options.vendor = "gentoo".into();
++    base.options.crt_static_default = false;
++
++    base
++}
+-- 
+2.35.1
+
diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
new file mode 100644
index 000000000000..a87687dce387
--- /dev/null
+++ b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
@@ -0,0 +1,48 @@
+From 97b80919e404b0768ea31ae329c3b4da54bed05a Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Thu, 18 Aug 2022 17:17:19 +0200
+Subject: [PATCH] CVE-2022-36113: avoid unpacking .cargo-ok from the crate
+
+---
+ src/cargo/sources/registry/mod.rs | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g'
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index c17b822fd0..a2863bf78a 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -639,6 +639,13 @@ impl<'cfg> RegistrySource<'cfg> {
+                     prefix
+                 )
+             }
++            // Prevent unpacking the lockfile from the crate itself.
++            if entry_path
++                .file_name()
++                .map_or(false, |p| p == PACKAGE_SOURCE_LOCK)
++            {
++                continue;
++            }
+             // Unpacking failed
+             let mut result = entry.unpack_in(parent).map_err(anyhow::Error::from);
+             if cfg!(windows) && restricted_names::is_windows_reserved_path(&entry_path) {
+@@ -654,16 +661,14 @@ impl<'cfg> RegistrySource<'cfg> {
+                 .with_context(|| format!("failed to unpack entry at `{}`", entry_path.display()))?;
+         }
+ 
+-        // The lock file is created after unpacking so we overwrite a lock file
+-        // which may have been extracted from the package.
++        // Now that we've finished unpacking, create and write to the lock file to indicate that
++        // unpacking was successful.
+         let mut ok = OpenOptions::new()
+-            .create(true)
++            .create_new(true)
+             .read(true)
+             .write(true)
+             .open(&path)
+             .with_context(|| format!("failed to open `{}`", path.display()))?;
+-
+-        // Write to the lock file to indicate that unpacking was successful.
+         write!(ok, "ok")?;
+ 
+         Ok(unpack_dir.to_path_buf())
diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch
new file mode 100644
index 000000000000..1afbaa94138c
--- /dev/null
+++ b/dev-lang/rust/files/1.63.0-CVE-2022-36114.patch
@@ -0,0 +1,102 @@
+From d1f9553c825f6d7481453be8d58d0e7f117988a7 Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Thu, 18 Aug 2022 17:45:45 +0200
+Subject: [PATCH] CVE-2022-36114: limit the maximum unpacked size of a crate to
+ 512MB
+
+This gives users of custom registries the same protections, using the
+same size limit that crates.io uses.
+
+`LimitErrorReader` code copied from crates.io.
+---
+ src/cargo/sources/registry/mod.rs |  6 +++++-
+ src/cargo/util/io.rs              | 27 +++++++++++++++++++++++++++
+ src/cargo/util/mod.rs             |  2 ++
+ 3 files changed, 34 insertions(+), 1 deletion(-)
+ create mode 100644 src/cargo/util/io.rs
+gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g'
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index a2863bf78a..c9c414e500 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -182,7 +182,9 @@ use crate::util::hex;
+ use crate::util::interning::InternedString;
+ use crate::util::into_url::IntoUrl;
+ use crate::util::network::PollExt;
+-use crate::util::{restricted_names, CargoResult, Config, Filesystem, OptVersionReq};
++use crate::util::{
++    restricted_names, CargoResult, Config, Filesystem, LimitErrorReader, OptVersionReq,
++};
+ 
+ const PACKAGE_SOURCE_LOCK: &str = ".cargo-ok";
+ pub const CRATES_IO_INDEX: &str = "https://github.com/rust-lang/crates.io-index";
+@@ -194,6 +196,7 @@ const VERSION_TEMPLATE: &str = "{version}";
+ const PREFIX_TEMPLATE: &str = "{prefix}";
+ const LOWER_PREFIX_TEMPLATE: &str = "{lowerprefix}";
+ const CHECKSUM_TEMPLATE: &str = "{sha256-checksum}";
++const MAX_UNPACK_SIZE: u64 = 512 * 1024 * 1024;
+ 
+ /// A "source" for a local (see `local::LocalRegistry`) or remote (see
+ /// `remote::RemoteRegistry`) registry.
+@@ -615,6 +618,7 @@ impl<'cfg> RegistrySource<'cfg> {
+             }
+         }
+         let gz = GzDecoder::new(tarball);
++        let gz = LimitErrorReader::new(gz, MAX_UNPACK_SIZE);
+         let mut tar = Archive::new(gz);
+         let prefix = unpack_dir.file_name().unwrap();
+         let parent = unpack_dir.parent().unwrap();
+diff --git a/src/tools/cargo/src/cargo/util/io.rs b/src/tools/cargo/src/cargo/util/io.rs
+new file mode 100644
+index 0000000000..f62672db03
+--- /dev/null
++++ b/src/tools/cargo/src/cargo/util/io.rs
+@@ -0,0 +1,27 @@
++use std::io::{self, Read, Take};
++
++#[derive(Debug)]
++pub struct LimitErrorReader<R> {
++    inner: Take<R>,
++}
++
++impl<R: Read> LimitErrorReader<R> {
++    pub fn new(r: R, limit: u64) -> LimitErrorReader<R> {
++        LimitErrorReader {
++            inner: r.take(limit),
++        }
++    }
++}
++
++impl<R: Read> Read for LimitErrorReader<R> {
++    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
++        match self.inner.read(buf) {
++            Ok(0) if self.inner.limit() == 0 => Err(io::Error::new(
++                io::ErrorKind::Other,
++                "maximum limit reached when reading",
++            )),
++            e => e,
++        }
++    }
++}
++
+diff --git a/src/tools/cargo/src/cargo/util/mod.rs b/src/tools/cargo/src/cargo/util/mod.rs
+index 28f685c209..47bbf37aad 100644
+--- a/src/tools/cargo/src/cargo/util/mod.rs
++++ b/src/tools/cargo/src/cargo/util/mod.rs
+@@ -14,6 +14,7 @@ pub use self::hasher::StableHasher;
+ pub use self::hex::{hash_u64, short_hash, to_hex};
+ pub use self::into_url::IntoUrl;
+ pub use self::into_url_with_base::IntoUrlWithBase;
++pub(crate) use self::io::LimitErrorReader;
+ pub use self::lev_distance::{closest, closest_msg, lev_distance};
+ pub use self::lockserver::{LockServer, LockServerClient, LockServerStarted};
+ pub use self::progress::{Progress, ProgressStyle};
+@@ -44,6 +45,7 @@ pub mod important_paths;
+ pub mod interning;
+ pub mod into_url;
+ mod into_url_with_base;
++mod io;
+ pub mod job;
+ pub mod lev_distance;
+ mod lockserver;