From 798131d17de68fca80a10ba3c8675214923070fd Mon Sep 17 00:00:00 2001
From: programmer12 <964969108@qq.com>
Date: Thu, 21 Oct 2021 18:53:31 +0800
Subject: [PATCH] CVE-2019-16760

---
 CVE-2019-16760-next.patch | 24 +++++++++++++++
 CVE-2019-16760-pre.patch  | 26 ++++++++++++++++
 CVE-2019-16760.patch      | 62 +++++++++++++++++++++++++++++++++++++++
 rust.spec                 |  8 ++++-
 4 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-16760-next.patch
 create mode 100644 CVE-2019-16760-pre.patch
 create mode 100644 CVE-2019-16760.patch

diff --git a/CVE-2019-16760-next.patch b/CVE-2019-16760-next.patch
new file mode 100644
index 0000000..1cfe281
--- /dev/null
+++ b/CVE-2019-16760-next.patch
@@ -0,0 +1,24 @@
+From 44641c6f2a6e1519a12408d8416e640cda05f86f Mon Sep 17 00:00:00 2001
+From: pietroalbini<pietroalbini@github.com>
+Date: Thu, 21 Oct 2021 16:48:12 +0800
+Subject: [PATCH] 2
+
+---
+ src/tools/cargo/src/cargo/util/toml/mod.rs | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
+index 32df6d07..73850cce 100644
+--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
+@@ -212,7 +212,6 @@ pub struct DetailedTomlDependency {
+     default_features: Option<bool>,
+     #[serde(rename = "default_features")]
+     default_features2: Option<bool>,
+-    package: Option<String>,
+ }
+ 
+ #[derive(Debug, Deserialize, Serialize)]
+-- 
+2.27.0
+
diff --git a/CVE-2019-16760-pre.patch b/CVE-2019-16760-pre.patch
new file mode 100644
index 0000000..313f9be
--- /dev/null
+++ b/CVE-2019-16760-pre.patch
@@ -0,0 +1,26 @@
+From e2ea71956710c20a6819b89ae25ae1c78fb37c20 Mon Sep 17 00:00:00 2001
+From: pietroalbini<pietroalbini@github.com>
+Date: Thu, 21 Oct 2021 15:17:27 +0800
+Subject: [PATCH] 2
+
+---
+ src/tools/cargo/src/cargo/util/toml/mod.rs | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
+index 32df6d07..c2f3aad3 100644
+--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
+@@ -184,8 +184,7 @@ impl<'de> de::Deserialize<'de> for TomlDependency {
+             }
+ 
+             fn visit_map<V>(self, map: V) -> Result<Self::Value, V::Error>
+-            where
+-                V: de::MapAccess<'de>,
++                where V: de::MapAccess<'de>
+             {
+                 let mvd = de::value::MapAccessDeserializer::new(map);
+                 DetailedTomlDependency::deserialize(mvd).map(TomlDependency::Detailed)
+-- 
+2.27.0
+
diff --git a/CVE-2019-16760.patch b/CVE-2019-16760.patch
new file mode 100644
index 0000000..d03f03a
--- /dev/null
+++ b/CVE-2019-16760.patch
@@ -0,0 +1,62 @@
+diff --git a/src/tools/cargo/src/cargo/util/toml/mod.rs b/src/tools/cargo/src/cargo/util/toml/mod.rs
+--- a/src/tools/cargo/src/cargo/util/toml/mod.rs
++++ b/src/tools/cargo/src/cargo/util/toml/mod.rs
+@@ -169,7 +169,15 @@ impl<'de> de::Deserialize<'de> for TomlDependency {
+                 where V: de::MapAccess<'de>
+             {
+                 let mvd = de::value::MapAccessDeserializer::new(map);
+-                DetailedTomlDependency::deserialize(mvd).map(TomlDependency::Detailed)
++                let dep = DetailedTomlDependency::deserialize(mvd).map(TomlDependency::Detailed);
++                if let Ok(&TomlDependency::Detailed(ref dep)) = dep.as_ref() {
++                    if dep.package.is_some() {
++                        return Err(<V::Error as de::Error>::custom(
++                            "the package subkey is not allowed due to CVE-2019-16760"
++                        ));
++                    }
++                }
++                dep
+             }
+         }
+ 
+@@ -187,6 +195,7 @@ pub struct DetailedTomlDependency {
+     git: Option<String>,
+     branch: Option<String>,
+     tag: Option<String>,
++    package: Option<String>,
+     rev: Option<String>,
+     features: Option<Vec<String>>,
+     optional: Option<bool>,
+diff --git a/src/tools/cargo/tests/cve_2019_16760.rs b/src/tools/cargo/tests/cve_2019_16760.rs
+new file mode 100644
+--- /dev/null
++++ b/src/tools/cargo/tests/cve_2019_16760.rs
+@@ -0,0 +1,28 @@
++extern crate cargotest;
++extern crate hamcrest;
++
++use cargotest::support::{project, execs};
++use hamcrest::assert_that;
++
++#[test]
++fn test_cve_2019_16760() {
++    let pb = project("foo")
++        .file("Cargo.toml", r#"
++            [package]
++            name = "foo"
++            version = "0.0.0"
++            authors = []
++
++            [dependencies]
++            lazy_static1 = { version = "1", package = "lazy_static" }
++        "#)
++        .file("src/lib.rs", "");
++    let p = pb.build();
++
++    assert_that(p.cargo("check"), execs().with_status(101).with_stderr("\
++error: failed to parse manifest at `[..]`
++
++Caused by:
++  the package subkey is not allowed due to CVE-2019-16760 for key `dependencies.lazy_static1`
++"));
++}
+ 
diff --git a/rust.spec b/rust.spec
index 06872a8..53c486e 100644
--- a/rust.spec
+++ b/rust.spec
@@ -11,7 +11,7 @@
 
 Name:           rust
 Version:        1.29.1
-Release:        6
+Release:        7
 Summary:        A systems programming language
 License:        (ASL 2.0 or MIT) and (BSD and MIT)
 URL:            https://www.rust-lang.org
@@ -20,6 +20,9 @@ Patch0000:      rust-52876-const-endianess.patch
 Patch0001:      0001-std-stop-backtracing-when-the-frames-are-full.patch
 Patch0002:      0001-Set-more-llvm-function-attributes-for-__rust_try.patch
 Patch0003:      Fix-unsoundness-in-VecDeque-Debug-impls.patch
+Patch0004:      CVE-2019-16760-pre.patch
+Patch0005:      CVE-2019-16760.patch
+Patch0006:      CVE-2019-16760-next.patch
 BuildRequires:  cargo >= 1.28.0 (%{name} >= 1.28.0 with %{name} <= 1.29.1) llvm-devel
 BuildRequires:  make gcc-c++ ncurses-devel curl python3 cmake3 >= 3.4.3 procps-ng
 BuildRequires:  pkgconfig(libcurl) pkgconfig(liblzma) pkgconfig(openssl) pkgconfig(zlib) gdb
@@ -287,6 +290,9 @@ python3 ./x.py test --no-fail-fast rustfmt || :
 %{_mandir}/man1/cargo*.1*
 
 %changelog
+* Thu Oct 20 2021 liwu<liwu13@huawei.com>- 1.29.1-7
+- Fix CVE-2019-16760
+
 * Thu Sep 30 2021 liwu<liwu13@huawei.com> - 1.29.1-6
 - Fix CVE-2019-1010299
 
-- 
Gitee