From 27bd85fade06578508eb68eae5ea3bd21c72f7b6 Mon Sep 17 00:00:00 2001 From: Ivan Enderlin Date: Tue, 16 Feb 2021 14:29:32 +0100 Subject: [PATCH 1/3] chore(cargo) Fix RUSTSEC-2021-0023. This patch updates `radn_core` from 0.6.1 to 0.6.2 as a vulnerability has been discovered. See https://rustsec.org/advisories/RUSTSEC-2021-0023. --- Cargo.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 66c41a83d53..9bb7953a873 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -769,7 +769,7 @@ checksum = "1d34cfa13a63ae058bfa601fe9e313bbdb3746427c1459185464ce0fcf62e1e8" dependencies = [ "cfg-if 1.0.0", "libc", - "redox_syscall 0.2.4", + "redox_syscall 0.2.5", "winapi", ] @@ -1277,9 +1277,9 @@ dependencies = [ [[package]] name = "nom" -version = "6.1.0" +version = "6.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab6f70b46d6325aa300f1c7bb3d470127dfc27806d8ea6bf294ee0ce643ce2b1" +checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" dependencies = [ "memchr", "version_check", @@ -1340,7 +1340,7 @@ checksum = "ee68c3c79e81d82127e0870f94479675774d34c7ad5b55eecb9c320ef9701187" dependencies = [ "libc", "raw-window-handle", - "redox_syscall 0.2.4", + "redox_syscall 0.2.5", "sdl2", "sdl2-sys", ] @@ -1358,14 +1358,14 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ccb628cad4f84851442432c60ad8e1f607e29752d0bf072cbd0baf28aa34272" +checksum = "fa7a782938e745763fe6907fc6ba86946d72f49fe7e21de074e08128a99fb018" dependencies = [ "cfg-if 1.0.0", "instant", "libc", - "redox_syscall 0.1.57", + "redox_syscall 0.2.5", "smallvec", "winapi", ] @@ -1538,9 +1538,9 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c026d7df8b298d90ccbbc5190bd04d85e159eaf5576caeacf8741da93ccbd2e5" +checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7" dependencies = [ "getrandom 0.2.2", ] @@ -1596,9 +1596,9 @@ checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce" [[package]] name = "redox_syscall" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ec8ca9416c5ea37062b502703cd7fcb207736bc294f6e0cf367ac6fc234570" +checksum = "94341e4e44e24f6b591b59e47a8a027df12e008d73fd5672dbea9cc22f4507d9" dependencies = [ "bitflags", ] @@ -1993,7 +1993,7 @@ dependencies = [ "cfg-if 1.0.0", "libc", "rand", - "redox_syscall 0.2.4", + "redox_syscall 0.2.5", "remove_dir_all", "winapi", ] @@ -2921,7 +2921,7 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3a9a231574ae78801646617cefd13bfe94be907c0e4fa979cfd8b770aa3c5d08" dependencies = [ - "nom 6.1.0", + "nom 6.1.2", ] [[package]] From 89345a234ca62c1bf24353b2ea7c7b5eb04b80bb Mon Sep 17 00:00:00 2001 From: Ivan Enderlin Date: Tue, 16 Feb 2021 14:32:55 +0100 Subject: [PATCH 2/3] doc(changelog) Add #2125. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d5d983f7c3..b45e56c7edb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ - [#2113](https://github.com/wasmerio/wasmer/pull/2113) Bump minimum supported Rust version to 1.49 ### Fixed +- [#2125](https://github.com/wasmerio/wasmer/pull/2125) Fix RUSTSEC-2021-0023; `rand_core`: incorrect check on buffer length when seeding RNGs. - [#2097](https://github.com/wasmerio/wasmer/pull/2097) Fix how string's length is computed in `wasm_cpu_features_add` in the C API. - [#2101](https://github.com/wasmerio/wasmer/pull/2101) cflags emitted by `wasmer config --pkg-config` are now correct. From 25d8db5d619514562d23f11a88bf8aae80c405ae Mon Sep 17 00:00:00 2001 From: Ivan Enderlin Date: Tue, 16 Feb 2021 16:09:44 +0100 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b45e56c7edb..3d5d983f7c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,6 @@ - [#2113](https://github.com/wasmerio/wasmer/pull/2113) Bump minimum supported Rust version to 1.49 ### Fixed -- [#2125](https://github.com/wasmerio/wasmer/pull/2125) Fix RUSTSEC-2021-0023; `rand_core`: incorrect check on buffer length when seeding RNGs. - [#2097](https://github.com/wasmerio/wasmer/pull/2097) Fix how string's length is computed in `wasm_cpu_features_add` in the C API. - [#2101](https://github.com/wasmerio/wasmer/pull/2101) cflags emitted by `wasmer config --pkg-config` are now correct.