rust: Fix CVE-2023-40030

CVE:CVE-2023-40030 This converts the feature name validation check from a warning to an error Upstream-Status: Backport from https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-40030 (From OE-Core rev: c55e8f8b1971cc9f311b6a18a34c4c34f732177a) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> 2023-12-27 03:01:33 -0800
committer: Steve Sakoman <steve@sakoman.com> 2024-01-04 04:09:43 -1000
commit: 4f9e22bd67f3fc2f9d6e8b88581d00f67850ef60 (patch)
tree: 6109f253eb8462ee6e89ee87d1ab59b051bc6e5f /meta
parent: 086f6f55c91ea1c7f51050020725986e06288b14 (diff)
download: poky-4f9e22bd67f3fc2f9d6e8b88581d00f67850ef60.tar.gz
2 files changed, 413 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch b/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch
new file mode 100644
index 0000000000..bf9b251226
--- /dev/null
+++ b/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch
@@ -0,0 +1,412 @@
+Author: Eric Huss <eric@huss.org>
+Date:   Sun Jun 11 12:52:25 2023 -0700
+    Convert valid feature name warning to an error.
+Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33]
+CVE: CVE-2023-40030
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+diff --git a/src/tools/cargo/crates/resolver-tests/src/lib.rs b/src/tools/cargo/crates/resolver-tests/src/lib.rs
+index 01d9b5e6d..ab34e8663 100644
+--- a/src/tools/cargo/crates/resolver-tests/src/lib.rs
+++ b/src/tools/cargo/crates/resolver-tests/src/lib.rs
+@@ -179,7 +179,6 @@ pub fn resolve_with_config_raw(
+         used: HashSet::new(),
+     };
+     let summary = Summary::new(
+-        config,
+         pkg_id("root"),
+         deps,
+         &BTreeMap::new(),
+@@ -581,7 +580,6 @@ pub fn pkg_dep<T: ToPkgId>(name: T, dep: Vec<Dependency>) -> Summary {
+         None
+     };
+     Summary::new(
+-        &Config::default().unwrap(),
+         name.to_pkgid(),
+         dep,
+         &BTreeMap::new(),
+@@ -610,7 +608,6 @@ pub fn pkg_loc(name: &str, loc: &str) -> Summary {
+         None
+     };
+     Summary::new(
+-        &Config::default().unwrap(),
+         pkg_id_loc(name, loc),
+         Vec::new(),
+         &BTreeMap::new(),
+@@ -625,7 +622,6 @@ pub fn remove_dep(sum: &Summary, ind: usize) -> Summary {
+     deps.remove(ind);
+     // note: more things will need to be copied over in the future, but it works for now.
+     Summary::new(
+-        &Config::default().unwrap(),
+         sum.package_id(),
+         deps,
+         &BTreeMap::new(),
+diff --git a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
+index 002f11ff8..bf26d0498 100644
+--- a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
+++ b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
+@@ -73,7 +73,6 @@ impl VersionPreferences {
+ mod test {
+     use super::*;
+     use crate::core::SourceId;
+-    use crate::util::Config;
+     use std::collections::BTreeMap;
+     fn pkgid(name: &str, version: &str) -> PackageId {
+@@ -90,9 +89,8 @@ mod test {
+     fn summ(name: &str, version: &str) -> Summary {
+         let pkg_id = pkgid(name, version);
+-        let config = Config::default().unwrap();
+         let features = BTreeMap::new();
+-        Summary::new(&config, pkg_id, Vec::new(), &features, None::<&String>).unwrap()
+        Summary::new(pkg_id, Vec::new(), &features, None::<&String>).unwrap()
+     }
+     fn describe(summaries: &Vec<Summary>) -> String {
+diff --git a/src/tools/cargo/src/cargo/core/summary.rs b/src/tools/cargo/src/cargo/core/summary.rs
+index 2535c4482..1883df33b 100644
+--- a/src/tools/cargo/src/cargo/core/summary.rs
+++ b/src/tools/cargo/src/cargo/core/summary.rs
+@@ -1,6 +1,6 @@
+ use crate::core::{Dependency, PackageId, SourceId};
+ use crate::util::interning::InternedString;
+-use crate::util::{CargoResult, Config};
+use crate::util::CargoResult;
+ use anyhow::bail;
+ use semver::Version;
+ use std::collections::{BTreeMap, HashMap, HashSet};
+@@ -30,7 +30,6 @@ struct Inner {
+ 
+ impl Summary {
+     pub fn new(
+-        config: &Config,
+         pkg_id: PackageId,
+         dependencies: Vec<Dependency>,
+         features: &BTreeMap<InternedString, Vec<InternedString>>,
+@@ -49,7 +48,7 @@ impl Summary {
+                 )
+             }
+         }
+-        let feature_map = build_feature_map(config, pkg_id, features, &dependencies)?;
+        let feature_map = build_feature_map(pkg_id, features, &dependencies)?;
+         Ok(Summary {
+             inner: Rc::new(Inner {
+                 package_id: pkg_id,
+@@ -140,7 +139,6 @@ impl Hash for Summary {
+ /// Checks features for errors, bailing out a CargoResult:Err if invalid,
+ /// and creates FeatureValues for each feature.
+ fn build_feature_map(
+-    config: &Config,
+     pkg_id: PackageId,
+     features: &BTreeMap<InternedString, Vec<InternedString>>,
+     dependencies: &[Dependency],
+@@ -204,7 +202,7 @@ fn build_feature_map(
+                 feature
+             );
+         }
+-        validate_feature_name(config, pkg_id, feature)?;
+        validate_feature_name(pkg_id, feature)?;
+         for fv in fvs {
+             // Find data for the referenced dependency...
+             let dep_data = {
+@@ -431,33 +429,63 @@ impl fmt::Display for FeatureValue {
+ 
+ pub type FeatureMap = BTreeMap<InternedString, Vec<FeatureValue>>;
+ 
+-fn validate_feature_name(config: &Config, pkg_id: PackageId, name: &str) -> CargoResult<()> {
+fn validate_feature_name(pkg_id: PackageId, name: &str) -> CargoResult<()> {
+     let mut chars = name.chars();
+-    const FUTURE: &str = "This was previously accepted but is being phased out; \
+-        it will become a hard error in a future release.\n\
+-        For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, \
+-        and please leave a comment if this will be a problem for your project.";
+     if let Some(ch) = chars.next() {
+         if !(unicode_xid::UnicodeXID::is_xid_start(ch) || ch == '_' || ch.is_digit(10)) {
+-            config.shell().warn(&format!(
+            bail!(
+                 "invalid character `{}` in feature `{}` in package {}, \
+                 the first character must be a Unicode XID start character or digit \
+-                (most letters or `_` or `0` to `9`)\n\
+-                {}",
+-                ch, name, pkg_id, FUTURE
+-            ))?;
+                (most letters or `_` or `0` to `9`)",
+                ch,
+                name,
+                pkg_id
+            );
+         }
+     }
+     for ch in chars {
+         if !(unicode_xid::UnicodeXID::is_xid_continue(ch) || ch == '-' || ch == '+' || ch == '.') {
+-            config.shell().warn(&format!(
+            bail!(
+                 "invalid character `{}` in feature `{}` in package {}, \
+                 characters must be Unicode XID characters, `+`, or `.` \
+-                (numbers, `+`, `-`, `_`, `.`, or most letters)\n\
+-                {}",
+-                ch, name, pkg_id, FUTURE
+-            ))?;
+                (numbers, `+`, `-`, `_`, `.`, or most letters)",
+                ch,
+                name,
+                pkg_id
+            );
+         }
+     }
+     Ok(())
+ }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::sources::CRATES_IO_INDEX;
+    use crate::util::into_url::IntoUrl;
+
+    use crate::core::SourceId;
+
+    #[test]
+    fn valid_feature_names() {
+        let loc = CRATES_IO_INDEX.into_url().unwrap();
+        let source_id = SourceId::for_registry(&loc).unwrap();
+        let pkg_id = PackageId::new("foo", "1.0.0", source_id).unwrap();
+
+        assert!(validate_feature_name(pkg_id, "c++17").is_ok());
+        assert!(validate_feature_name(pkg_id, "128bit").is_ok());
+        assert!(validate_feature_name(pkg_id, "_foo").is_ok());
+        assert!(validate_feature_name(pkg_id, "feat-name").is_ok());
+        assert!(validate_feature_name(pkg_id, "feat_name").is_ok());
+        assert!(validate_feature_name(pkg_id, "foo.bar").is_ok());
+
+        assert!(validate_feature_name(pkg_id, "+foo").is_err());
+        assert!(validate_feature_name(pkg_id, "-foo").is_err());
+        assert!(validate_feature_name(pkg_id, ".foo").is_err());
+        assert!(validate_feature_name(pkg_id, "foo:bar").is_err());
+        assert!(validate_feature_name(pkg_id, "foo?").is_err());
+        assert!(validate_feature_name(pkg_id, "?foo").is_err());
+        assert!(validate_feature_name(pkg_id, "ⒶⒷⒸ").is_err());
+        assert!(validate_feature_name(pkg_id, "a¼").is_err());
+    }
+}
+diff --git a/src/tools/cargo/src/cargo/sources/registry/index.rs b/src/tools/cargo/src/cargo/sources/registry/index.rs
+index aa5c2a78c..6d565da8f 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/index.rs
+++ b/src/tools/cargo/src/cargo/sources/registry/index.rs
+@@ -293,7 +293,6 @@ impl<'cfg> RegistryIndex<'cfg>
+         'a: 'b,
+     {
+         let source_id = self.source_id;
+-        let config = self.config;
+         // First up actually parse what summaries we have available. If Cargo
+         // has run previously this will parse a Cargo-specific cache file rather
+@@ -312,15 +311,13 @@ impl<'cfg> RegistryIndex<'cfg> {
+             .versions
+             .iter_mut()
+             .filter_map(move |(k, v)| if req.matches(k) { Some(v) } else { None })
+-            .filter_map(
+-                move |maybe| match maybe.parse(config, raw_data, source_id) {
+            .filter_map(move |maybe| match maybe.parse(raw_data, source_id) {
+                     Ok(summary) => Some(summary),
+                     Err(e) => {
+                         info!("failed to parse `{}` registry package: {}", name, e);
+                         None
+                     }
+-                },
+-            )
+                })
+             .filter(move |is| {
+                 if is.v > INDEX_V_MAX {
+                     debug!(
+@@ -605,7 +602,7 @@ impl Summaries {
+                     // allow future cargo implementations to break the
+                     // interpretation of each line here and older cargo will simply
+                     // ignore the new lines.
+-                    let summary = match IndexSummary::parse(config, line, source_id) {
+                    let summary = match IndexSummary::parse(line, source_id) {
+                         Ok(summary) => summary,
+                         Err(e) => {
+                             // This should only happen when there is an index
+@@ -793,17 +790,12 @@ impl MaybeIndexSummary {
+     /// Does nothing if this is already `Parsed`, and otherwise the `raw_data`
+     /// passed in is sliced with the bounds in `Unparsed` and then actually
+     /// parsed.
+-    fn parse(
+-        &mut self,
+-        config: &Config,
+-        raw_data: &[u8],
+-        source_id: SourceId,
+-    ) -> CargoResult<&IndexSummary> {
+    fn parse(&mut self, raw_data: &[u8], source_id: SourceId,) -> CargoResult<&IndexSummary> {
+         let (start, end) = match self {
+             MaybeIndexSummary::Unparsed { start, end } => (*start, *end),
+             MaybeIndexSummary::Parsed(summary) => return Ok(summary),
+         };
+-        let summary = IndexSummary::parse(config, &raw_data[start..end], source_id)?;
+        let summary = IndexSummary::parse(&raw_data[start..end], source_id)?;
+         *self = MaybeIndexSummary::Parsed(summary);
+         match self {
+             MaybeIndexSummary::Unparsed { .. } => unreachable!(),
+@@ -823,7 +815,7 @@ impl IndexSummary {
+     /// a package.
+     ///
+     /// The `line` provided is expected to be valid JSON.
+-    fn parse(config: &Config, line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
+    fn parse(line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
+         // ****CAUTION**** Please be extremely careful with returning errors
+         // from this function. Entries that error are not included in the
+         // index cache, and can cause cargo to get confused when switching
+@@ -853,7 +845,7 @@ impl IndexSummary {
+                 features.entry(name).or_default().extend(values);
+             }
+         }
+-        let mut summary = Summary::new(config, pkgid, deps, &features, links)?;
+        let mut summary = Summary::new(pkgid, deps, &features, links)?;
+         summary.set_checksum(cksum);
+         Ok(IndexSummary {
+             summary,
+diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
+index 1cc32dee8..a32f0384b 100644
+--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
+++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
+@@ -2432,7 +2432,6 @@ impl TomlManifest {
+         let empty_features = BTreeMap::new();
+ 
+         let summary = Summary::new(
+-            config,
+             pkgid,
+             deps,
+             me.features.as_ref().unwrap_or(&empty_features),
+diff --git a/src/tools/cargo/tests/testsuite/features.rs b/src/tools/cargo/tests/testsuite/features.rs
+index 848e05677..557fab14a 100644
+--- a/src/tools/cargo/tests/testsuite/features.rs
+++ b/src/tools/cargo/tests/testsuite/features.rs
+@@ -1937,8 +1937,8 @@ fn nonexistent_required_features() {
+ }
+ 
+ #[cargo_test]
+-fn invalid_feature_names_warning() {
+-    // Warnings for more restricted feature syntax.
+fn invalid_feature_names_error() {
+    // Errors for more restricted feature syntax.
+     let p = project()
+         .file(
+             "Cargo.toml",
+@@ -1948,72 +1948,57 @@ fn invalid_feature_names_warning() {
+                 version = "0.1.0"
+ 
+                 [features]
+-                # Some valid, but unusual names, shouldn't warn.
+-                "c++17" = []
+-                "128bit" = []
+-                "_foo" = []
+-                "feat-name" = []
+-                "feat_name" = []
+-                "foo.bar" = []
+-
+-                # Invalid names.
+                # Invalid start character.
+                 "+foo" = []
+-                "-foo" = []
+-                ".foo" = []
+-                "foo:bar" = []
+-                "foo?" = []
+-                "?foo" = []
+-                "ⒶⒷⒸ" = []
+-                "a¼" = []
+             "#,
+         )
+         .file("src/lib.rs", "")
+         .build();
+ 
+-    // Unfortunately the warnings are duplicated due to the Summary being
+-    // loaded twice (once in the Workspace, and once in PackageRegistry) and
+-    // Cargo does not have a de-duplication system. This should probably be
+-    // OK, since I'm not expecting this to affect anyone.
+     p.cargo("check")
+-        .with_stderr("\
+-[WARNING] invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `-` in feature `-foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `.` in feature `.foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `?` in feature `?foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `¼` in feature `a¼` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `:` in feature `foo:bar` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `?` in feature `foo?` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓐ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓑ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[WARNING] invalid character `Ⓒ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
+-This was previously accepted but is being phased out; it will become a hard error in a future release.
+-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
+-[CHECKING] foo v0.1.0 [..]
+-[FINISHED] [..]
+-")
+        .with_status(101)
+        .with_stderr(
+            "\
+error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
+
+Caused by:
+  invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), \
+  the first character must be a Unicode XID start character or digit \
+  (most letters or `_` or `0` to `9`)
+",
+        )
+        .run();
+
+    p.change_file(
+        "Cargo.toml",
+        r#"
+            [package]
+            name = "foo"
+            version = "0.1.0"
+
+            [features]
+            # Invalid continue character.
+            "a&b" = []
+        "#,
+    );
+
+    p.cargo("check")
+        .with_status(101)
+        .with_stderr(
+            "\
+error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
+
+Caused by:
+  invalid character `&` in feature `a&b` in package foo v0.1.0 ([ROOT]/foo), \
+  characters must be Unicode XID characters, `+`, or `.` \
+  (numbers, `+`, `-`, `_`, `.`, or most letters)
+",
+        )
+         .run();
+ }
+ 
+ #[cargo_test]
+-fn invalid_feature_names_error() {
+fn invalid_feature_name_slash_error() {
+     // Errors for more restricted feature syntax.
+     let p = project()
+         .file(
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index 4a720e645b..086375a3c6 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -7,6 +7,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
            file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
            file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
            file://bootstrap_fail.patch;patchdir=${RUSTSRC} \
+            file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \
 "
 SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"
author	Deepthi Hemraj <Deepthi.Hemraj@windriver.com>	2023-12-27 03:01:33 -0800
committer	Steve Sakoman <steve@sakoman.com>	2024-01-04 04:09:43 -1000
commit	4f9e22bd67f3fc2f9d6e8b88581d00f67850ef60 (patch)
tree	6109f253eb8462ee6e89ee87d1ab59b051bc6e5f /meta
parent	086f6f55c91ea1c7f51050020725986e06288b14 (diff)
download	poky-4f9e22bd67f3fc2f9d6e8b88581d00f67850ef60.tar.gz

diff --git a/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch b/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch new file mode 100644 index 0000000000..bf9b251226 --- /dev/null +++ b/meta/recipes-devtools/rust/files/0002-CVE-2023-40030.patch
@@ -0,0 +1,412 @@
		1	Author: Eric Huss <eric@huss.org>
		2	Date: Sun Jun 11 12:52:25 2023 -0700
		3
		4	Convert valid feature name warning to an error.
		5
		6	Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33]
		7	CVE: CVE-2023-40030
		8	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
		9
		10	diff --git a/src/tools/cargo/crates/resolver-tests/src/lib.rs b/src/tools/cargo/crates/resolver-tests/src/lib.rs
		11	index 01d9b5e6d..ab34e8663 100644
		12	--- a/src/tools/cargo/crates/resolver-tests/src/lib.rs
		13	+++ b/src/tools/cargo/crates/resolver-tests/src/lib.rs
		14	@@ -179,7 +179,6 @@ pub fn resolve_with_config_raw(
		15	used: HashSet::new(),
		16	};
		17	let summary = Summary::new(
		18	- config,
		19	pkg_id("root"),
		20	deps,
		21	&BTreeMap::new(),
		22	@@ -581,7 +580,6 @@ pub fn pkg_dep<T: ToPkgId>(name: T, dep: Vec<Dependency>) -> Summary {
		23	None
		24	};
		25	Summary::new(
		26	- &Config::default().unwrap(),
		27	name.to_pkgid(),
		28	dep,
		29	&BTreeMap::new(),
		30	@@ -610,7 +608,6 @@ pub fn pkg_loc(name: &str, loc: &str) -> Summary {
		31	None
		32	};
		33	Summary::new(
		34	- &Config::default().unwrap(),
		35	pkg_id_loc(name, loc),
		36	Vec::new(),
		37	&BTreeMap::new(),
		38	@@ -625,7 +622,6 @@ pub fn remove_dep(sum: &Summary, ind: usize) -> Summary {
		39	deps.remove(ind);
		40	// note: more things will need to be copied over in the future, but it works for now.
		41	Summary::new(
		42	- &Config::default().unwrap(),
		43	sum.package_id(),
		44	deps,
		45	&BTreeMap::new(),
		46	diff --git a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
		47	index 002f11ff8..bf26d0498 100644
		48	--- a/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
		49	+++ b/src/tools/cargo/src/cargo/core/resolver/version_prefs.rs
		50	@@ -73,7 +73,6 @@ impl VersionPreferences {
		51	mod test {
		52	use super::*;
		53	use crate::core::SourceId;
		54	- use crate::util::Config;
		55	use std::collections::BTreeMap;
		56
		57	fn pkgid(name: &str, version: &str) -> PackageId {
		58	@@ -90,9 +89,8 @@ mod test {
		59
		60	fn summ(name: &str, version: &str) -> Summary {
		61	let pkg_id = pkgid(name, version);
		62	- let config = Config::default().unwrap();
		63	let features = BTreeMap::new();
		64	- Summary::new(&config, pkg_id, Vec::new(), &features, None::<&String>).unwrap()
		65	+ Summary::new(pkg_id, Vec::new(), &features, None::<&String>).unwrap()
		66	}
		67
		68	fn describe(summaries: &Vec<Summary>) -> String {
		69
		70	diff --git a/src/tools/cargo/src/cargo/core/summary.rs b/src/tools/cargo/src/cargo/core/summary.rs
		71	index 2535c4482..1883df33b 100644
		72	--- a/src/tools/cargo/src/cargo/core/summary.rs
		73	+++ b/src/tools/cargo/src/cargo/core/summary.rs
		74	@@ -1,6 +1,6 @@
		75	use crate::core::{Dependency, PackageId, SourceId};
		76	use crate::util::interning::InternedString;
		77	-use crate::util::{CargoResult, Config};
		78	+use crate::util::CargoResult;
		79	use anyhow::bail;
		80	use semver::Version;
		81	use std::collections::{BTreeMap, HashMap, HashSet};
		82	@@ -30,7 +30,6 @@ struct Inner {
		83
		84	impl Summary {
		85	pub fn new(
		86	- config: &Config,
		87	pkg_id: PackageId,
		88	dependencies: Vec<Dependency>,
		89	features: &BTreeMap<InternedString, Vec<InternedString>>,
		90	@@ -49,7 +48,7 @@ impl Summary {
		91	)
		92	}
		93	}
		94	- let feature_map = build_feature_map(config, pkg_id, features, &dependencies)?;
		95	+ let feature_map = build_feature_map(pkg_id, features, &dependencies)?;
		96	Ok(Summary {
		97	inner: Rc::new(Inner {
		98	package_id: pkg_id,
		99	@@ -140,7 +139,6 @@ impl Hash for Summary {
		100	/// Checks features for errors, bailing out a CargoResult:Err if invalid,
		101	/// and creates FeatureValues for each feature.
		102	fn build_feature_map(
		103	- config: &Config,
		104	pkg_id: PackageId,
		105	features: &BTreeMap<InternedString, Vec<InternedString>>,
		106	dependencies: &[Dependency],
		107	@@ -204,7 +202,7 @@ fn build_feature_map(
		108	feature
		109	);
		110	}
		111	- validate_feature_name(config, pkg_id, feature)?;
		112	+ validate_feature_name(pkg_id, feature)?;
		113	for fv in fvs {
		114	// Find data for the referenced dependency...
		115	let dep_data = {
		116	@@ -431,33 +429,63 @@ impl fmt::Display for FeatureValue {
		117
		118	pub type FeatureMap = BTreeMap<InternedString, Vec<FeatureValue>>;
		119
		120	-fn validate_feature_name(config: &Config, pkg_id: PackageId, name: &str) -> CargoResult<()> {
		121	+fn validate_feature_name(pkg_id: PackageId, name: &str) -> CargoResult<()> {
		122	let mut chars = name.chars();
		123	- const FUTURE: &str = "This was previously accepted but is being phased out; \
		124	- it will become a hard error in a future release.\n\
		125	- For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, \
		126	- and please leave a comment if this will be a problem for your project.";
		127	if let Some(ch) = chars.next() {
		128	if !(unicode_xid::UnicodeXID::is_xid_start(ch) \|\| ch == '_' \|\| ch.is_digit(10)) {
		129	- config.shell().warn(&format!(
		130	+ bail!(
		131	"invalid character `{}` in feature `{}` in package {}, \
		132	the first character must be a Unicode XID start character or digit \
		133	- (most letters or `_` or `0` to `9`)\n\
		134	- {}",
		135	- ch, name, pkg_id, FUTURE
		136	- ))?;
		137	+ (most letters or `_` or `0` to `9`)",
		138	+ ch,
		139	+ name,
		140	+ pkg_id
		141	+ );
		142	}
		143	}
		144	for ch in chars {
		145	if !(unicode_xid::UnicodeXID::is_xid_continue(ch) \|\| ch == '-' \|\| ch == '+' \|\| ch == '.') {
		146	- config.shell().warn(&format!(
		147	+ bail!(
		148	"invalid character `{}` in feature `{}` in package {}, \
		149	characters must be Unicode XID characters, `+`, or `.` \
		150	- (numbers, `+`, `-`, `_`, `.`, or most letters)\n\
		151	- {}",
		152	- ch, name, pkg_id, FUTURE
		153	- ))?;
		154	+ (numbers, `+`, `-`, `_`, `.`, or most letters)",
		155	+ ch,
		156	+ name,
		157	+ pkg_id
		158	+ );
		159	}
		160	}
		161	Ok(())
		162	}
		163	+
		164	+#[cfg(test)]
		165	+mod tests {
		166	+ use super::*;
		167	+ use crate::sources::CRATES_IO_INDEX;
		168	+ use crate::util::into_url::IntoUrl;
		169	+
		170	+ use crate::core::SourceId;
		171	+
		172	+ #[test]
		173	+ fn valid_feature_names() {
		174	+ let loc = CRATES_IO_INDEX.into_url().unwrap();
		175	+ let source_id = SourceId::for_registry(&loc).unwrap();
		176	+ let pkg_id = PackageId::new("foo", "1.0.0", source_id).unwrap();
		177	+
		178	+ assert!(validate_feature_name(pkg_id, "c++17").is_ok());
		179	+ assert!(validate_feature_name(pkg_id, "128bit").is_ok());
		180	+ assert!(validate_feature_name(pkg_id, "_foo").is_ok());
		181	+ assert!(validate_feature_name(pkg_id, "feat-name").is_ok());
		182	+ assert!(validate_feature_name(pkg_id, "feat_name").is_ok());
		183	+ assert!(validate_feature_name(pkg_id, "foo.bar").is_ok());
		184	+
		185	+ assert!(validate_feature_name(pkg_id, "+foo").is_err());
		186	+ assert!(validate_feature_name(pkg_id, "-foo").is_err());
		187	+ assert!(validate_feature_name(pkg_id, ".foo").is_err());
		188	+ assert!(validate_feature_name(pkg_id, "foo:bar").is_err());
		189	+ assert!(validate_feature_name(pkg_id, "foo?").is_err());
		190	+ assert!(validate_feature_name(pkg_id, "?foo").is_err());
		191	+ assert!(validate_feature_name(pkg_id, "ⒶⒷⒸ").is_err());
		192	+ assert!(validate_feature_name(pkg_id, "a¼").is_err());
		193	+ }
		194	+}
		195	diff --git a/src/tools/cargo/src/cargo/sources/registry/index.rs b/src/tools/cargo/src/cargo/sources/registry/index.rs
		196	index aa5c2a78c..6d565da8f 100644
		197	--- a/src/tools/cargo/src/cargo/sources/registry/index.rs
		198	+++ b/src/tools/cargo/src/cargo/sources/registry/index.rs
		199	@@ -293,7 +293,6 @@ impl<'cfg> RegistryIndex<'cfg>
		200	'a: 'b,
		201	{
		202	let source_id = self.source_id;
		203	- let config = self.config;
		204
		205	// First up actually parse what summaries we have available. If Cargo
		206	// has run previously this will parse a Cargo-specific cache file rather
		207	@@ -312,15 +311,13 @@ impl<'cfg> RegistryIndex<'cfg> {
		208	.versions
		209	.iter_mut()
		210	.filter_map(move \|(k, v)\| if req.matches(k) { Some(v) } else { None })
		211	- .filter_map(
		212	- move \|maybe\| match maybe.parse(config, raw_data, source_id) {
		213	+ .filter_map(move \|maybe\| match maybe.parse(raw_data, source_id) {
		214	Ok(summary) => Some(summary),
		215	Err(e) => {
		216	info!("failed to parse `{}` registry package: {}", name, e);
		217	None
		218	}
		219	- },
		220	- )
		221	+ })
		222	.filter(move \|is\| {
		223	if is.v > INDEX_V_MAX {
		224	debug!(
		225	@@ -605,7 +602,7 @@ impl Summaries {
		226	// allow future cargo implementations to break the
		227	// interpretation of each line here and older cargo will simply
		228	// ignore the new lines.
		229	- let summary = match IndexSummary::parse(config, line, source_id) {
		230	+ let summary = match IndexSummary::parse(line, source_id) {
		231	Ok(summary) => summary,
		232	Err(e) => {
		233	// This should only happen when there is an index
		234	@@ -793,17 +790,12 @@ impl MaybeIndexSummary {
		235	/// Does nothing if this is already `Parsed`, and otherwise the `raw_data`
		236	/// passed in is sliced with the bounds in `Unparsed` and then actually
		237	/// parsed.
		238	- fn parse(
		239	- &mut self,
		240	- config: &Config,
		241	- raw_data: &[u8],
		242	- source_id: SourceId,
		243	- ) -> CargoResult<&IndexSummary> {
		244	+ fn parse(&mut self, raw_data: &[u8], source_id: SourceId,) -> CargoResult<&IndexSummary> {
		245	let (start, end) = match self {
		246	MaybeIndexSummary::Unparsed { start, end } => (start, end),
		247	MaybeIndexSummary::Parsed(summary) => return Ok(summary),
		248	};
		249	- let summary = IndexSummary::parse(config, &raw_data[start..end], source_id)?;
		250	+ let summary = IndexSummary::parse(&raw_data[start..end], source_id)?;
		251	*self = MaybeIndexSummary::Parsed(summary);
		252	match self {
		253	MaybeIndexSummary::Unparsed { .. } => unreachable!(),
		254	@@ -823,7 +815,7 @@ impl IndexSummary {
		255	/// a package.
		256	///
		257	/// The `line` provided is expected to be valid JSON.
		258	- fn parse(config: &Config, line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
		259	+ fn parse(line: &[u8], source_id: SourceId) -> CargoResult<IndexSummary> {
		260	// **CAUTION** Please be extremely careful with returning errors
		261	// from this function. Entries that error are not included in the
		262	// index cache, and can cause cargo to get confused when switching
		263	@@ -853,7 +845,7 @@ impl IndexSummary {
		264	features.entry(name).or_default().extend(values);
		265	}
		266	}
		267	- let mut summary = Summary::new(config, pkgid, deps, &features, links)?;
		268	+ let mut summary = Summary::new(pkgid, deps, &features, links)?;
		269	summary.set_checksum(cksum);
		270	Ok(IndexSummary {
		271	summary,
		272
		273	diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
		274	index 1cc32dee8..a32f0384b 100644
		275	--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
		276	+++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
		277	@@ -2432,7 +2432,6 @@ impl TomlManifest {
		278	let empty_features = BTreeMap::new();
		279
		280	let summary = Summary::new(
		281	- config,
		282	pkgid,
		283	deps,
		284	me.features.as_ref().unwrap_or(&empty_features),
		285	diff --git a/src/tools/cargo/tests/testsuite/features.rs b/src/tools/cargo/tests/testsuite/features.rs
		286	index 848e05677..557fab14a 100644
		287	--- a/src/tools/cargo/tests/testsuite/features.rs
		288	+++ b/src/tools/cargo/tests/testsuite/features.rs
		289	@@ -1937,8 +1937,8 @@ fn nonexistent_required_features() {
		290	}
		291
		292	#[cargo_test]
		293	-fn invalid_feature_names_warning() {
		294	- // Warnings for more restricted feature syntax.
		295	+fn invalid_feature_names_error() {
		296	+ // Errors for more restricted feature syntax.
		297	let p = project()
		298	.file(
		299	"Cargo.toml",
		300	@@ -1948,72 +1948,57 @@ fn invalid_feature_names_warning() {
		301	version = "0.1.0"
		302
		303	[features]
		304	- # Some valid, but unusual names, shouldn't warn.
		305	- "c++17" = []
		306	- "128bit" = []
		307	- "_foo" = []
		308	- "feat-name" = []
		309	- "feat_name" = []
		310	- "foo.bar" = []
		311	-
		312	- # Invalid names.
		313	+ # Invalid start character.
		314	"+foo" = []
		315	- "-foo" = []
		316	- ".foo" = []
		317	- "foo:bar" = []
		318	- "foo?" = []
		319	- "?foo" = []
		320	- "ⒶⒷⒸ" = []
		321	- "a¼" = []
		322	"#,
		323	)
		324	.file("src/lib.rs", "")
		325	.build();
		326
		327	- // Unfortunately the warnings are duplicated due to the Summary being
		328	- // loaded twice (once in the Workspace, and once in PackageRegistry) and
		329	- // Cargo does not have a de-duplication system. This should probably be
		330	- // OK, since I'm not expecting this to affect anyone.
		331	p.cargo("check")
		332	- .with_stderr("\
		333	-[WARNING] invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
		334	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		335	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		336	-[WARNING] invalid character `-` in feature `-foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
		337	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		338	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		339	-[WARNING] invalid character `.` in feature `.foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
		340	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		341	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		342	-[WARNING] invalid character `?` in feature `?foo` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
		343	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		344	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		345	-[WARNING] invalid character `¼` in feature `a¼` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
		346	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		347	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		348	-[WARNING] invalid character `:` in feature `foo:bar` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
		349	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		350	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		351	-[WARNING] invalid character `?` in feature `foo?` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
		352	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		353	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		354	-[WARNING] invalid character `Ⓐ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), the first character must be a Unicode XID start character or digit (most letters or `_` or `0` to `9`)
		355	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		356	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		357	-[WARNING] invalid character `Ⓑ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
		358	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		359	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		360	-[WARNING] invalid character `Ⓒ` in feature `ⒶⒷⒸ` in package foo v0.1.0 ([ROOT]/foo), characters must be Unicode XID characters, `+`, or `.` (numbers, `+`, `-`, `_`, `.`, or most letters)
		361	-This was previously accepted but is being phased out; it will become a hard error in a future release.
		362	-For more information, see issue #8813 <https://github.com/rust-lang/cargo/issues/8813>, and please leave a comment if this will be a problem for your project.
		363	-[CHECKING] foo v0.1.0 [..]
		364	-[FINISHED] [..]
		365	-")
		366	+ .with_status(101)
		367	+ .with_stderr(
		368	+ "\
		369	+error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
		370	+
		371	+Caused by:
		372	+ invalid character `+` in feature `+foo` in package foo v0.1.0 ([ROOT]/foo), \
		373	+ the first character must be a Unicode XID start character or digit \
		374	+ (most letters or `_` or `0` to `9`)
		375	+",
		376	+ )
		377	+ .run();
		378	+
		379	+ p.change_file(
		380	+ "Cargo.toml",
		381	+ r#"
		382	+ [package]
		383	+ name = "foo"
		384	+ version = "0.1.0"
		385	+
		386	+ [features]
		387	+ # Invalid continue character.
		388	+ "a&b" = []
		389	+ "#,
		390	+ );
		391	+
		392	+ p.cargo("check")
		393	+ .with_status(101)
		394	+ .with_stderr(
		395	+ "\
		396	+error: failed to parse manifest at `[ROOT]/foo/Cargo.toml`
		397	+
		398	+Caused by:
		399	+ invalid character `&` in feature `a&b` in package foo v0.1.0 ([ROOT]/foo), \
		400	+ characters must be Unicode XID characters, `+`, or `.` \
		401	+ (numbers, `+`, `-`, `_`, `.`, or most letters)
		402	+",
		403	+ )
		404	.run();
		405	}
		406
		407	#[cargo_test]
		408	-fn invalid_feature_names_error() {
		409	+fn invalid_feature_name_slash_error() {
		410	// Errors for more restricted feature syntax.
		411	let p = project()
		412	.file(


diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc index 4a720e645b..086375a3c6 100644 --- a/meta/recipes-devtools/rust/rust-source.inc +++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -7,6 +7,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
7	file://zlib-off64_t.patch;patchdir=${RUSTSRC} \	7	file://zlib-off64_t.patch;patchdir=${RUSTSRC} \
8	file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \	8	file://0001-musl-Define-SOCK_SEQPACKET-in-common-place.patch;patchdir=${RUSTSRC} \
9	file://bootstrap_fail.patch;patchdir=${RUSTSRC} \	9	file://bootstrap_fail.patch;patchdir=${RUSTSRC} \
		10	file://0002-CVE-2023-40030.patch;patchdir=${RUSTSRC} \
10	"	11	"
11	SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"	12	SRC_URI[rust.sha256sum] = "bb8e9c564566b2d3228d95de9063a9254182446a161353f1d843bfbaf5c34639"
12		13