From bba25dd2a6855f4c4303634aae313821854e4eba Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Thu, 19 Oct 2023 13:12:26 -0700 Subject: [PATCH] build(deps): update `rustix` to v0.36.16 This commit updates the policy-cointroller's dependency on `rustix` in order to resolve a potential memory exhaustion issue when using the `rustix::fs::Dir` iterator with the `linux-raw` backend. This issue is described in GHSA-c827-hfw6-qwvm. --- Cargo.lock | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2b21a6cb280d7..f47343be93e32 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -534,6 +534,16 @@ dependencies = [ "winapi", ] +[[package]] +name = "errno" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" +dependencies = [ + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "errno-dragonfly" version = "0.1.2" @@ -1258,7 +1268,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b18cbf29f8ff3542ba22bdce9ac610fcb75d74bb4e2b306b2a2762242025b4f" dependencies = [ "bindgen", - "errno", + "errno 0.2.8", "libc", ] @@ -2043,12 +2053,12 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustix" -version = "0.36.11" +version = "0.36.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db4165c9963ab29e422d6c26fbc1d37f15bace6b2810221f9d925023480fcf0e" +checksum = "6da3636faa25820d8648e0e31c5d519bbb01f72fdf57131f0f5f7da5fed36eab" dependencies = [ "bitflags 1.3.2", - "errno", + "errno 0.3.5", "io-lifetimes", "libc", "linux-raw-sys",