Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable] Fix CVE 2022 21658 and prepare 1.58.1 #93110

Merged
merged 15 commits into from
Jan 20, 2022

Conversation

pietroalbini
Copy link
Member

Followup to #93071. Includes the fix for CVE-2022-21658.

r? @ghost
cc @rust-lang/release @rust-lang/security

calebcartwright and others added 11 commits January 19, 2022 10:25
Prior to PR rust-lang#91205, checking for errors in the overall obligation
would check checking the `ParamEnv`, due to an incorrect
`super_visit_with` impl. With this bug fixed, we will now
bail out of impl candidate assembly if the `ParamEnv` contains
any error types.

In practice, this appears to be overly conservative - when an error
occurs early in compilation, we end up giving up early for some
predicates that we could have successfully evaluated without overflow.
By only checking for errors in the predicate itself, we avoid causing
additional spurious 'type annotations needed' errors after a 'real'
error has already occurred.

With this PR, the diagnostic changes caused by PR rust-lang#91205 are reverted.
@rustbot rustbot added the T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. label Jan 20, 2022
@pietroalbini
Copy link
Member Author

@bors r+ p=1000 rollup=never

@bors
Copy link
Contributor

bors commented Jan 20, 2022

📌 Commit 1e17daf has been approved by pietroalbini

@bors bors added the S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. label Jan 20, 2022
@bors
Copy link
Contributor

bors commented Jan 20, 2022

⌛ Testing commit 1e17daf with merge 141c792fcb22e7b5e2e37ec143a68518b2e9c48a...

@rust-log-analyzer

This comment has been minimized.

@bors
Copy link
Contributor

bors commented Jan 20, 2022

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jan 20, 2022
@pietroalbini
Copy link
Member Author

cc @hkratz, something went wrong during the rebase :(

@pietroalbini
Copy link
Member Author

@bors r+ p=1000 rollup=never

@bors
Copy link
Contributor

bors commented Jan 20, 2022

📌 Commit cb88166 has been approved by pietroalbini

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jan 20, 2022
@bors
Copy link
Contributor

bors commented Jan 20, 2022

⌛ Testing commit cb88166 with merge 2486f951e3e7b4ec9048593c82664b7353d1814d...

@pietroalbini
Copy link
Member Author

@bors r+ p=1000 rollup=never

Improved the Fuchsia fix and fixed a compiler error in REDOX.

@bors
Copy link
Contributor

bors commented Jan 20, 2022

📌 Commit 1c63ec4 has been approved by pietroalbini

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jan 20, 2022
@bors
Copy link
Contributor

bors commented Jan 20, 2022

⌛ Testing commit 1c63ec4 with merge 08182e4...

@pietroalbini
Copy link
Member Author

@bors treeclosed-

@bors
Copy link
Contributor

bors commented Jan 20, 2022

☀️ Test successful - checks-actions
Approved by: pietroalbini
Pushing 08182e4 to stable...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Jan 20, 2022
@bors bors merged commit 08182e4 into rust-lang:stable Jan 20, 2022
@pietroalbini pietroalbini deleted the pa-cve-2022-21658-stable branch January 20, 2022 15:50
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 20, 2022
…roalbini

[stable] Prepare 1.58.1 artifacts

rust-lang#93110 added all the changes needed for the 1.58.1 release, but didn't bump the version number. This PR bumps the version number to produce the 1.58.1 stable artifacts.

r? `@ghost`
let child = child?;
match is_dir(&child) {
Some(true) => {
remove_dir_all_recursive(Some(fd), Path::new(&child.file_name()))?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a breaking change since it lacks loop detection? A sufficiently deep directory tree should return ELOOP or ENAMETOOLONG, but the kernel can't do that for us if we're using openat. Instead of returning an error it would result stack overflow panics.

I already had a PR open for openat-based remove_dir_all (#88731) that does loop detection.

Copy link
Contributor

@hkratz hkratz Jan 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be no loops. Bind mounts on Linux and directory hardlinks (available for Macos only) are not allowed to loop and we are not descending into symlinked dirs because we open them with openat(..., O_NOFOLLOW).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought I have managed to introduce loops with bind mounts or overlayfs in the past. But let me check again.

And FUSE might be another option.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anyway, I have filed #93129 let's continue discussion there.

matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Jan 20, 2022
…on-number, r=Mark-Simulacrum

Add script to prevent point releases with same number as existing ones

This will hopefully prevent what happened today with rust-lang#93110 and rust-lang#93121, where we built point release artifacts without changing version numbers, thus requiring another PR to change the version number.

r? `@Mark-Simulacrum`
ehuss pushed a commit to ehuss/rust that referenced this pull request Jan 25, 2022
…on-number, r=Mark-Simulacrum

Add script to prevent point releases with same number as existing ones

This will hopefully prevent what happened today with rust-lang#93110 and rust-lang#93121, where we built point release artifacts without changing version numbers, thus requiring another PR to change the version number.

r? `@Mark-Simulacrum`
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 27, 2022
…crum

[beta] Clippy: Handle implicit named arguments in `useless_format`

Closes rust-lang#92938

This backports a Clippy fix to beta, that was already backported for 1.58.1 in rust-lang#93110
@cuviper cuviper added this to the 1.58.1 milestone Nov 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.