0da2742abb
Fixes CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html Link to Rust 1.66.1 announcement: https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html Newest version of the source archives have been retrieved with their hash values, and the signature of the .asc files have been verified as follows: $ curl -fsSL https://static.rust-lang.org/rust-key.gpg.ascii | gpg --import $ gpg --verify <filename.asc> <filename> There is no typographical error in the packages according to the check-pakage utility: $ ./utils/check-package package/rust-bin/* $ ./utils/check-package package/rust/* The testsuite tool were successfully run for rust and rust-bin packages to test the Rust toolchain under 1.66.1: $ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRustBin $ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRust In order to verify the compatibility of packages depending on Rust 1.66.1, tests using `./utils/test-pkg` were run. You may want to execute the test-pkg command after creating a `.config` file enabling the corresponding BR2_PACKAGE, for example: Create a file `buildroot/ripgrep.config` containing "BR2_PACKAGE_RIPGREP=y" Then execute: $ ./utils/test-pkg -d test-pkg -c ripgrep.config -p ripgrep Results: librsvg OK ripgrep OK suricata OK bat OK Signed-off-by: James Hilliard <james.hilliard1@gmail.com> [Peter: mark as security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| rust.hash | ||
| rust.mk | ||