From 6bf1be67ba93c1b8e467e3c3127438d1eb43897e Mon Sep 17 00:00:00 2001
From: Sebastian Thiel <sebastian.thiel@icloud.com>
Date: Sat, 3 May 2025 14:12:19 +0200
Subject: [PATCH 1/2] reproduce fuzz-failure (#1979)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It's notable that this regression was introduced in `v0.2.11`.

```
❯ cargo update -p jiff
    Updating crates.io index
     Locking 2 packages to latest compatible versions
    Updating jiff v0.2.10 -> v0.2.11
    Updating jiff-static v0.2.10 -> v0.2.11
note: pass `--verbose` to see 10 unchanged dependencies behind latest
```

Thus, the issue didn't reproduce in v0.2.10.
---
 Cargo.lock                   | 22 +++++++++++-----------
 gix-date/tests/time/parse.rs |  4 ++++
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c9c3de2b29b..86fa8de2353 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1028,7 +1028,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "976dd42dc7e85965fe702eb8164f21f450704bdde31faefd6471dba214cb594e"
 dependencies = [
  "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -3474,7 +3474,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
  "hermit-abi 0.5.0",
  "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -3534,9 +3534,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jiff"
-version = "0.2.10"
+version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a064218214dc6a10fbae5ec5fa888d80c45d611aba169222fc272072bf7aef6"
+checksum = "27e77966151130221b079bcec80f1f34a9e414fa489d99152a201c07fd2182bc"
 dependencies = [
  "jiff-static",
  "jiff-tzdb-platform",
@@ -3544,14 +3544,14 @@ dependencies = [
  "portable-atomic",
  "portable-atomic-util",
  "serde",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
 name = "jiff-static"
-version = "0.2.10"
+version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "199b7932d97e325aff3a7030e141eafe7f2c6268e1d1b24859b753a627f45254"
+checksum = "97265751f8a9a4228476f2fc17874a9e7e70e96b893368e42619880fe143b48a"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4315,7 +4315,7 @@ dependencies = [
  "once_cell",
  "socket2",
  "tracing",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -4546,7 +4546,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -4559,7 +4559,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.9.3",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5104,7 +5104,7 @@ dependencies = [
  "getrandom 0.3.2",
  "once_cell",
  "rustix 1.0.7",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
diff --git a/gix-date/tests/time/parse.rs b/gix-date/tests/time/parse.rs
index c10db9f91aa..bac011ce5f3 100644
--- a/gix-date/tests/time/parse.rs
+++ b/gix-date/tests/time/parse.rs
@@ -326,6 +326,10 @@ mod relative {
 
 /// Various cases the fuzzer found
 mod fuzz {
+    #[test]
+    fn reproduce_1979() {
+        gix_date::parse("fRi ", None).ok();
+    }
     #[test]
     fn invalid_but_does_not_cause_panic() {
         for input in ["-9999-1-1", "7	-𬞋", "5 ڜ-09", "-4 week ago Z", "8960609 day ago"] {

From 0be4dd4e037e8a3080ef335913e06bc2584fd96d Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Sun, 4 May 2025 01:53:38 -0400
Subject: [PATCH 2/2] Further upgrade `jiff` to fix fuzz failures (#1984)

This upgrades `jiff` to 0.2.12 to fix fuzzing failures. The test
case introduced in the previous commit now passes.

Upgrading `jiff` past 0.2.11 gets the fix for BurntSushi/jiff#359,
fixed in BurntSushi/jiff#360. To avoid declaring compatibility with
a version that has the bug, this advances `jiff` from 0.2.10 to
0.2.12 in the `gix-archive` and `gix-date` manifests.

(The changes in `Cargo.lock` are those that occur automatically
when `cargo check --workspace` is run after those changes.)

Fixes #1979
Fixes #1982
---
 Cargo.lock                   | 26 +++++++++++++-------------
 gix-archive/Cargo.toml       |  2 +-
 gix-date/Cargo.toml          |  2 +-
 gix-date/tests/time/parse.rs |  1 +
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 86fa8de2353..d4883ed50fc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1028,7 +1028,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "976dd42dc7e85965fe702eb8164f21f450704bdde31faefd6471dba214cb594e"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -3474,7 +3474,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
  "hermit-abi 0.5.0",
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -3534,9 +3534,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jiff"
-version = "0.2.11"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "27e77966151130221b079bcec80f1f34a9e414fa489d99152a201c07fd2182bc"
+checksum = "d07d8d955d798e7a4d6f9c58cd1f1916e790b42b092758a9ef6e16fef9f1b3fd"
 dependencies = [
  "jiff-static",
  "jiff-tzdb-platform",
@@ -3544,14 +3544,14 @@ dependencies = [
  "portable-atomic",
  "portable-atomic-util",
  "serde",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
 name = "jiff-static"
-version = "0.2.11"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97265751f8a9a4228476f2fc17874a9e7e70e96b893368e42619880fe143b48a"
+checksum = "f244cfe006d98d26f859c7abd1318d85327e1882dc9cef80f62daeeb0adcf300"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3682,7 +3682,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
  "cfg-if",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -4315,7 +4315,7 @@ dependencies = [
  "once_cell",
  "socket2",
  "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4546,7 +4546,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4559,7 +4559,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.9.3",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -5104,7 +5104,7 @@ dependencies = [
  "getrandom 0.3.2",
  "once_cell",
  "rustix 1.0.7",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -5722,7 +5722,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
diff --git a/gix-archive/Cargo.toml b/gix-archive/Cargo.toml
index 3c9dc3824e8..dc4fd950712 100644
--- a/gix-archive/Cargo.toml
+++ b/gix-archive/Cargo.toml
@@ -35,7 +35,7 @@ gix-date = { version = "^0.10.1", path = "../gix-date" }
 
 flate2 = { version = "1.1.1", optional = true, default-features = false, features = ["zlib-rs"] }
 zip = { version = "2.6.1", optional = true, default-features = false, features = ["deflate"] }
-jiff = { version = "0.2.10", default-features = false, features = ["std"] }
+jiff = { version = "0.2.12", default-features = false, features = ["std"] }
 
 thiserror = "2.0.0"
 bstr = { version = "1.12.0", default-features = false }
diff --git a/gix-date/Cargo.toml b/gix-date/Cargo.toml
index b64187ef7dc..aa666795bc4 100644
--- a/gix-date/Cargo.toml
+++ b/gix-date/Cargo.toml
@@ -22,7 +22,7 @@ serde = ["dep:serde", "bstr/serde"]
 bstr = { version = "1.12.0", default-features = false, features = ["std"] }
 serde = { version = "1.0.114", optional = true, default-features = false, features = ["derive"] }
 itoa = "1.0.1"
-jiff = "0.2.10"
+jiff = "0.2.12"
 thiserror = "2.0.0"
 # TODO: used for quick and easy `TimeBacking: std::io::Write` implementation, but could make that `Copy`
 #       and remove this dep with custom impl
diff --git a/gix-date/tests/time/parse.rs b/gix-date/tests/time/parse.rs
index bac011ce5f3..0102762385c 100644
--- a/gix-date/tests/time/parse.rs
+++ b/gix-date/tests/time/parse.rs
@@ -330,6 +330,7 @@ mod fuzz {
     fn reproduce_1979() {
         gix_date::parse("fRi ", None).ok();
     }
+
     #[test]
     fn invalid_but_does_not_cause_panic() {
         for input in ["-9999-1-1", "7	-𬞋", "5 ڜ-09", "-4 week ago Z", "8960609 day ago"] {