Debian Patches

Status for rust-cargo/0.66.0-1

Patch Description Author Forwarded Bugs Origin Last update
CVE-2022-46176-07-support-hashed-hostnames.patch This patch is based on the upstream commit described below, adapted for use
in the Debian package by Peter Michael Green.

commit 67ae2dcafea5955824b1f390568a5fa109424987

ssh known_hosts: support hashed hostnames

===================================================================
Eric Huss <eric@huss.org> no 2022-12-28
disable-vendor.patch no
CVE-2022-46176-01-validate-ssh-host.keys.patch This patch is based on the upstream commit described below, adapted for use
in the Debian package by Peter Michael Green.

commit 1387fd4105b242fa2d24ad99d10a5b1af23f293e

Validate SSH host keys

===================================================================
Eric Huss <eric@huss.org> no 2022-12-07
CVE-2022-46176-02-add-support-for-deserializing-vec-value-string.patch commit 9f62f8440e9e542f27d60c75be38ac51186c6c32

Add support for deserializing Vec<Value<String>> in config.

This adds the ability to track the definition location of a string
in a TOML array.

diff --git a/src/cargo/util/config/de.rs b/src/cargo/util/config/de.rs
index 6fddc7e71f..1408f15b57 100644
Eric Huss <eric@huss.org> no 2022-12-09
CVE-2022-46176-03-support-configuring-ssh-known-hosts.patch commit 026bda3fb5eddac0df111ee150706f756558a7b3

Support configuring ssh known-hosts via cargo config.

diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs
index 875dcf63f3..7efea43c3b 100644
Eric Huss <eric@huss.org> no 2022-12-09
CVE-2022-46176-04-add-some-known-hosts-tests-and-fix-comma-bug.patch commit 302a543ddf3b7621c2f10623862029d35fae7e3c

Add some known_hosts tests.

This also fixes a bug with the host matching when there are comma-separated hosts.

diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs
index 7efea43c3b..58e64e7913 100644
Eric Huss <eric@huss.org> no 2022-12-12
CVE-2022-46176-05-remove-let-else.patch commit cf716fc3c2b0785013b321f08d6cf9e277f89c84

Remove let-else, just use ? propagation.

Co-authored-by: Weihang Lo <weihanglo@users.noreply.github.com>

diff --git a/src/cargo/sources/git/known_hosts.rs b/src/cargo/sources/git/known_hosts.rs
index 58e64e7913..f272195306 100644
Eric Huss <eric@huss.org> no 2022-12-13
CVE-2022-46176-06-add-test-for-config-value-in-toml-array.patch commit 018403ceaf71e205dbec64698bb864f5e094aec8

Add test for config Value in TOML array.

diff --git a/tests/testsuite/config.rs b/tests/testsuite/config.rs
index b1d07bb405..d1487833f7 100644
Eric Huss <eric@huss.org> no 2022-12-14
CVE-2022-46176-08-eliminate-let-else.patch This patch eliminates let-else usage in the code introduced
to fix CVE-2022-46176 as that construct is not stabalised in
the version of rustc currently in Debian.

It was written specifical for Debian by Peter Michael Green.

===================================================================
no

All known versions for source package 'rust-cargo'

Links