From 822acd094386260b3de9261e6458ec723218c0ee Mon Sep 17 00:00:00 2001 From: Minghe Ren Date: Tue, 10 Dec 2024 22:32:19 -0800 Subject: [PATCH 01/43] Cloud-init add module-setup.sh azure module for dracut to run (#11397) Co-authored-by: minghe --- SPECS/cloud-init/cloud-init.signatures.json | 3 ++- SPECS/cloud-init/cloud-init.spec | 13 ++++++++++++- SPECS/cloud-init/module-setup.sh | 15 +++++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 SPECS/cloud-init/module-setup.sh diff --git a/SPECS/cloud-init/cloud-init.signatures.json b/SPECS/cloud-init/cloud-init.signatures.json index 0a4179948c9..816bf9f2cab 100644 --- a/SPECS/cloud-init/cloud-init.signatures.json +++ b/SPECS/cloud-init/cloud-init.signatures.json @@ -1,6 +1,7 @@ { "Signatures": { "10-azure-kvp.cfg": "79e0370c010be5cd4717960e4b414570c9ec6e6d29aede77ccecc43d2b03bb9a", - "cloud-init-23.3.tar.gz": "1a5a54369f78891b79f43061c1ff0fb31e2bd74ff9527d7150ddd6517c3e2b07" + "cloud-init-23.3.tar.gz": "1a5a54369f78891b79f43061c1ff0fb31e2bd74ff9527d7150ddd6517c3e2b07", + "module-setup.sh": "aee825f849ce35a5a178cf095c2b9c46e586d50082f681d7f8d2c5d769c2f592" } } diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec index 04e50b4f6a8..7ffd74c0f7c 100644 --- a/SPECS/cloud-init/cloud-init.spec +++ b/SPECS/cloud-init/cloud-init.spec @@ -5,7 +5,7 @@ Summary: Cloud instance init scripts Name: cloud-init Epoch: 1 Version: %{package_version} -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,8 @@ Group: System Environment/Base URL: https://launchpad.net/cloud-init Source0: https://launchpad.net/cloud-init/trunk/%{upstream_version_group}/+download/%{name}-%{version}.tar.gz Source1: 10-azure-kvp.cfg +# This script is to prevent an intermittent issue where ephemeral disk not being formatted by cloud-init on Azure +Source2: module-setup.sh Patch0: overrideDatasourceDetection.patch Patch1: exec_cmd_error_handling.patch Patch2: Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch @@ -43,6 +45,7 @@ BuildRequires: python3-xml BuildRequires: systemd BuildRequires: systemd-devel Requires: dhcp-client +Requires: dracut Requires: e2fsprogs Requires: iproute Requires: net-tools @@ -106,6 +109,9 @@ mkdir -p %{buildroot}/%{_sysconfdir}/cloud/cloud.cfg.d install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/cloud/cloud.cfg.d/ +mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/99azure-cloud/ +install -m 755 %{SOURCE2} %{buildroot}%{_prefix}/lib/dracut/modules.d/99azure-cloud/module-setup.sh + %check touch vd ud @@ -150,11 +156,16 @@ make check %{?_smp_mflags} %{_systemdgeneratordir}/cloud-init-generator /usr/lib/udev/rules.d/66-azure-ephemeral.rules %{_datadir}/bash-completion/completions/cloud-init +%dir %attr(0700, root, root) %{_prefix}/lib/dracut/modules.d/99azure-cloud +%{_prefix}/lib/dracut/modules.d/99azure-cloud/module-setup.sh %files azure-kvp %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg %changelog +* Tue Dec 10 2024 Minghe Ren - 1:23.3-6 +- Add module-setup.sh to prevent an intermittent issue where ephemeral disk not being formatted on Azure + * Fri Sep 13 2024 Minghe Ren - 1:23.3-5 - Add patche to have PPS support for azure-proxy-agent. diff --git a/SPECS/cloud-init/module-setup.sh b/SPECS/cloud-init/module-setup.sh new file mode 100644 index 00000000000..e1401a6ad15 --- /dev/null +++ b/SPECS/cloud-init/module-setup.sh @@ -0,0 +1,15 @@ +#!/usr/bin/bash +# called by dracut +check() { + return 0 +} +# called by dracut +depends() { + return 0 +} +# called by dracut to make sure 66-azure-ephemeral.rules is installed +install() { + inst_multiple cut readlink + inst_rules 66-azure-ephemeral.rules +} + From fe5d2fdb6acf513c7142d67f2ca69f72dcef7326 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:22:23 -0800 Subject: [PATCH 02/43] [AUTO-CHERRYPICK] moby-engine: fix CVE-2024-36621, CVE-2024-36623 for 2.0 - branch main (#11474) Co-authored-by: Adit Jha <111916775+aditjha-msft@users.noreply.github.com> --- SPECS/moby-engine/CVE-2024-36621.patch | 76 ++++++++++++++++++++++++++ SPECS/moby-engine/CVE-2024-36623.patch | 45 +++++++++++++++ SPECS/moby-engine/moby-engine.spec | 7 ++- 3 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-engine/CVE-2024-36621.patch create mode 100644 SPECS/moby-engine/CVE-2024-36623.patch diff --git a/SPECS/moby-engine/CVE-2024-36621.patch b/SPECS/moby-engine/CVE-2024-36621.patch new file mode 100644 index 00000000000..73ee0e1dbc5 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-36621.patch @@ -0,0 +1,76 @@ +From 37545cc644344dcb576cba67eb7b6f51a463d31e Mon Sep 17 00:00:00 2001 +From: Tonis Tiigi +Date: Wed, 6 Mar 2024 23:11:32 -0800 +Subject: [PATCH] builder-next: fix missing lock in ensurelayer + +When this was called concurrently from the moby image +exporter there could be a data race where a layer was +written to the refs map when it was already there. + +In that case the reference count got mixed up and on +release only one of these layers was actually released. + +Signed-off-by: Tonis Tiigi +--- + .../builder-next/adapters/snapshot/layer.go | 3 +++ + .../adapters/snapshot/snapshot.go | 19 +++++++++++-------- + 2 files changed, 14 insertions(+), 8 deletions(-) + +diff --git a/builder/builder-next/adapters/snapshot/layer.go b/builder/builder-next/adapters/snapshot/layer.go +index 73120ea70b2ee..fc83058339c7b 100644 +--- a/builder/builder-next/adapters/snapshot/layer.go ++++ b/builder/builder-next/adapters/snapshot/layer.go +@@ -22,6 +22,9 @@ func (s *snapshotter) GetDiffIDs(ctx context.Context, key string) ([]layer.DiffI + } + + func (s *snapshotter) EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) { ++ s.layerCreateLocker.Lock(key) ++ defer s.layerCreateLocker.Unlock(key) ++ + diffIDs, err := s.GetDiffIDs(ctx, key) + if err != nil { + return nil, err +diff --git a/builder/builder-next/adapters/snapshot/snapshot.go b/builder/builder-next/adapters/snapshot/snapshot.go +index a0d28ad984ba4..510ffefb49406 100644 +--- a/builder/builder-next/adapters/snapshot/snapshot.go ++++ b/builder/builder-next/adapters/snapshot/snapshot.go +@@ -17,6 +17,7 @@ import ( + "github.com/docker/docker/pkg/idtools" + "github.com/moby/buildkit/identity" + "github.com/moby/buildkit/snapshot" ++ "github.com/moby/locker" + "github.com/opencontainers/go-digest" + "github.com/pkg/errors" + bolt "go.etcd.io/bbolt" +@@ -51,10 +52,11 @@ type checksumCalculator interface { + type snapshotter struct { + opt Opt + +- refs map[string]layer.Layer +- db *bolt.DB +- mu sync.Mutex +- reg graphIDRegistrar ++ refs map[string]layer.Layer ++ db *bolt.DB ++ mu sync.Mutex ++ reg graphIDRegistrar ++ layerCreateLocker *locker.Locker + } + + // NewSnapshotter creates a new snapshotter +@@ -71,10 +73,11 @@ func NewSnapshotter(opt Opt, prevLM leases.Manager) (snapshot.Snapsho + } + + s := &snapshotter{ +- opt: opt, +- db: db, +- refs: map[string]layer.Layer{}, +- reg: reg, ++ opt: opt, ++ db: db, ++ refs: map[string]layer.Layer{}, ++ reg: reg, ++ layerCreateLocker: locker.New(), + } + + lm := newLeaseManager(s, prevLM) diff --git a/SPECS/moby-engine/CVE-2024-36623.patch b/SPECS/moby-engine/CVE-2024-36623.patch new file mode 100644 index 00000000000..6018f33abc2 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/pkg/streamformatter/streamformatter.go b/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/pkg/streamformatter/streamformatter.go ++++ b/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index d674cab505b..9d179563868 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 24.0.9 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -24,6 +24,8 @@ Patch4: CVE-2023-44487.patch Patch5: enable-docker-proxy-libexec-search.patch Patch6: CVE-2024-41110.patch Patch7: CVE-2024-29018.patch +Patch8: CVE-2024-36621.patch +Patch9: CVE-2024-36623.patch %{?systemd_requires} @@ -124,6 +126,9 @@ fi %{_unitdir}/* %changelog +* Wed Dec 04 2024 Adit Jha - 24.0.9-11 +- Patch CVE-2024-36621 & CVE-2024-36623 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 24.0.9-10 - Bump release to rebuild with go 1.22.7 From 89624d3bf335b0f520f82d65c843177bb2d71005 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:22:56 -0800 Subject: [PATCH 03/43] [AUTO-CHERRYPICK] Fix CVE-2022-1941 for pytorch in 2.0 - branch main (#11473) Co-authored-by: bhagyapathak --- SPECS/pytorch/CVE-2022-1941.patch | 73 +++++++++++++++++++++++++++++++ SPECS/pytorch/pytorch.spec | 6 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 SPECS/pytorch/CVE-2022-1941.patch diff --git a/SPECS/pytorch/CVE-2022-1941.patch b/SPECS/pytorch/CVE-2022-1941.patch new file mode 100644 index 00000000000..94e60dc2406 --- /dev/null +++ b/SPECS/pytorch/CVE-2022-1941.patch @@ -0,0 +1,73 @@ +commit 55815e423bb82cc828836bbd60c79c1f9a195763 +Author: Deanna Garcia +Date: Tue Sep 13 17:20:00 2022 +0000 + + Apply patch + +diff --git a/third_party/protobuf/src/google/protobuf/wire_format.cc b/third_party/protobuf/src/google/protobuf/wire_format.cc +index c30b7abff..382d01ea0 100644 +--- a/third_party/protobuf/src/google/protobuf/wire_format.cc ++++ b/third_party/protobuf/src/google/protobuf/wire_format.cc +@@ -657,9 +657,11 @@ struct WireFormat::MessageSetParser { + const char* _InternalParse(const char* ptr, internal::ParseContext* ctx) { + // Parse a MessageSetItem + auto metadata = reflection->MutableInternalMetadata(msg); ++ enum class State { kNoTag, kHasType, kHasPayload, kDone }; ++ State state = State::kNoTag; ++ + std::string payload; + uint32 type_id = 0; +- bool payload_read = false; + while (!ctx->Done(&ptr)) { + // We use 64 bit tags in order to allow typeid's that span the whole + // range of 32 bit numbers. +@@ -668,8 +670,11 @@ struct WireFormat::MessageSetParser { + uint64 tmp; + ptr = ParseBigVarint(ptr, &tmp); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- type_id = tmp; +- if (payload_read) { ++ if (state == State::kNoTag) { ++ type_id = tmp; ++ state = State::kHasType; ++ } else if (state == State::kHasPayload) { ++ type_id = tmp; + const FieldDescriptor* field; + if (ctx->data().pool == nullptr) { + field = reflection->FindKnownExtensionByNumber(type_id); +@@ -696,17 +701,17 @@ struct WireFormat::MessageSetParser { + GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) && + tmp_ctx.EndedAtLimit()); + } +- type_id = 0; ++ state = State::kDone; + } + continue; + } else if (tag == WireFormatLite::kMessageSetMessageTag) { +- if (type_id == 0) { ++ if (state == State::kNoTag) { + int32 size = ReadSize(&ptr); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + ptr = ctx->ReadString(ptr, size, &payload); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- payload_read = true; +- } else { ++ state = State::kHasPayload; ++ } else if (state == State::kHasType) { + // We're now parsing the payload + const FieldDescriptor* field = nullptr; + if (descriptor->IsExtensionNumber(type_id)) { +@@ -720,7 +725,12 @@ struct WireFormat::MessageSetParser { + ptr = WireFormat::_InternalParseAndMergeField( + msg, ptr, ctx, static_cast(type_id) * 8 + 2, reflection, + field); +- type_id = 0; ++ state = State::kDone; ++ } else { ++ int32 size = ReadSize(&ptr); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); ++ ptr = ctx->Skip(ptr, size); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + } + } else { + // An unknown field in MessageSetItem. diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec index 45caf0a87f4..9b6d898755f 100644 --- a/SPECS/pytorch/pytorch.spec +++ b/SPECS/pytorch/pytorch.spec @@ -2,7 +2,7 @@ Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration. Name: pytorch Version: 2.0.0 -Release: 6%{?dist} +Release: 7%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,7 @@ Patch1: CVE-2024-31583.patch Patch2: CVE-2024-27319.patch Patch3: CVE-2024-31584.patch Patch4: CVE-2024-27318.patch +Patch5: CVE-2022-1941.patch BuildRequires: cmake BuildRequires: gcc @@ -88,6 +89,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir} %{_docdir}/* %changelog +* Tue Dec 10 2024 Bhagyashri Pathak - 2.0.0-7 +- patch CVE-2022-1941 + * Wed May 15 2024 Sumedh Sharma - 2.0.0-6 - patch CVE-2024-27318 From 2eefbda439b0a5ca9003321086075a4011f5c4dd Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:23:33 -0800 Subject: [PATCH 04/43] [AUTO-CHERRYPICK] Patch "tuned" package to fix CVE-2024-52336 and CVE-2024-52337 - branch main (#11472) Co-authored-by: Sandeep Karambelkar --- SPECS/tuned/CVE-2024-52336.patch | 249 +++++++++++++++++++++++++++++ SPECS/tuned/CVE-2024-52337.nopatch | 0 SPECS/tuned/tuned.spec | 6 +- 3 files changed, 254 insertions(+), 1 deletion(-) create mode 100644 SPECS/tuned/CVE-2024-52336.patch create mode 100644 SPECS/tuned/CVE-2024-52337.nopatch diff --git a/SPECS/tuned/CVE-2024-52336.patch b/SPECS/tuned/CVE-2024-52336.patch new file mode 100644 index 00000000000..ec93728dd10 --- /dev/null +++ b/SPECS/tuned/CVE-2024-52336.patch @@ -0,0 +1,249 @@ +From 391843d28461cf2904dd646bd845e2203132497f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= +Date: Tue, 26 Nov 2024 13:52:17 +0100 +Subject: [PATCH] new release (2.15.1) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jaroslav Škarvada + +Modified patch 90c24eea037c7a5e9414c93f8fb3e549ed4a7b06 to apply to CBL-Mariner +Modified-by: Sandeep Karambelkar +--- + com.redhat.tuned.policy | 14 +++++++------- + tuned.spec | 10 +++++++++- + tuned/consts.py | 4 ++++ + tuned/daemon/controller.py | 15 +++++++++------ + tuned/plugins/base.py | 12 ++++++++++++ + tuned/plugins/plugin_script.py | 4 ++++ + tuned/utils/commands.py | 4 ++++ + tuned/version.py | 2 +- + 8 files changed, 50 insertions(+), 15 deletions(-) + + +diff --git a/com.redhat.tuned.policy b/com.redhat.tuned.policy +index 0d0934f..01b0b72 100644 +--- a/com.redhat.tuned.policy ++++ b/com.redhat.tuned.policy +@@ -43,7 +43,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -103,7 +103,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -113,7 +113,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -123,7 +123,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -163,7 +163,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -193,7 +193,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -203,7 +203,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +diff --git a/tuned.spec b/tuned.spec +index 702c28c..a945150 100644 +--- a/tuned.spec ++++ b/tuned.spec +@@ -44,7 +44,7 @@ + + Summary: A dynamic adaptive system tuning daemon + Name: tuned +-Version: 2.15.0 ++Version: 2.15.1 + Release: 1%{?prerel1}%{?with_snapshot:.%{git_suffix}}%{?dist} + License: GPLv2+ + Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz +@@ -540,6 +540,14 @@ fi + %{_mandir}/man7/tuned-profiles-postgresql.7* + + %changelog ++* Tue Nov 26 2024 Jaroslav Škarvada - 2.15.1-1 ++- new release ++ - fixed privileged execution of arbitrary scripts by active local user ++ resolves: CVE-2024-52336 ++ - added sanity checks for API methods parameters ++ resolves: CVE-2024-52337 ++ - tuned-ppd: fixed controller init to correctly set _on_battery ++ + * Thu Dec 17 2020 Jaroslav Škarvada - 2.15.0-1 + - new release + - rebased tuned to latest upstream +diff --git a/tuned/consts.py b/tuned/consts.py +index f7a082e..c5d489d 100644 +--- a/tuned/consts.py ++++ b/tuned/consts.py +@@ -1,4 +1,8 @@ + import logging ++import string ++ ++NAMES_ALLOWED_CHARS = string.ascii_letters + string.digits + " !@'+-.,/:;_$&*()%<=>?#[]{|}^~" + '"' ++NAMES_MAX_LENGTH = 4096 + + GLOBAL_CONFIG_FILE = "/etc/tuned/tuned-main.conf" + ACTIVE_PROFILE_FILE = "/etc/tuned/active_profile" +diff --git a/tuned/daemon/controller.py b/tuned/daemon/controller.py +index 40db825..4e5e843 100644 +--- a/tuned/daemon/controller.py ++++ b/tuned/daemon/controller.py +@@ -173,6 +173,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + def switch_profile(self, profile_name, caller = None): + if caller == "": + return (False, "Unauthorized") ++ if not self._cmd.is_valid_name(profile_name): ++ return (False, "Invalid profile_name") + return self._switch_profile(profile_name, True) + + @exports.export("", "(bs)") +@@ -246,7 +248,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + + @exports.export("s", "(bsss)") + def profile_info(self, profile_name, caller = None): +- if caller == "": ++ if caller == "" or not self._cmd.is_valid_name(profile_name): + return tuple(False, "", "", "") + if profile_name is None or profile_name == "": + profile_name = self.active_profile() +@@ -278,7 +280,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + dictionary -- {plugin_name: {parameter_name: default_value}} + """ + if caller == "": +- return False ++ return {} + plugins = {} + for plugin_class in self._daemon.get_all_plugins(): + plugin_name = plugin_class.__module__.split(".")[-1].split("_", 1)[1] +@@ -291,8 +293,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + @exports.export("s","s") + def get_plugin_documentation(self, plugin_name, caller = None): + """Return docstring of plugin's class""" +- if caller == "": +- return False ++ if caller == "" or not self._cmd.is_valid_name(plugin_name): ++ return "" + return self._daemon.get_plugin_documentation(str(plugin_name)) + + @exports.export("s","a{ss}") +@@ -305,6 +307,6 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + Return: + dictionary -- {parameter_name: hint} + """ +- if caller == "": +- return False ++ if caller == "" or not self._cmd.is_valid_name(plugin_name): ++ return {} + return self._daemon.get_plugin_hints(str(plugin_name)) +diff --git a/tuned/plugins/base.py b/tuned/plugins/base.py +index 784d44d..1b7ebd6 100644 +--- a/tuned/plugins/base.py ++++ b/tuned/plugins/base.py +@@ -212,6 +212,14 @@ class Plugin(object): + def _instance_post_static(self, instance, enabling): + pass + ++ def _safe_script_path(self, path): ++ path = os.path.realpath(path) ++ profile_paths = self._global_cfg.get_list(consts.CFG_PROFILE_DIRS, consts.CFG_DEF_PROFILE_DIRS) ++ for p in profile_paths: ++ if path.startswith(p): ++ return True ++ return False ++ + def _call_device_script(self, instance, script, op, devices, full_rollback = False): + if script is None: + return None +@@ -222,6 +230,10 @@ class Plugin(object): + log.error("Relative paths cannot be used in script_pre or script_post. " \ + + "Use ${i:PROFILE_DIR}.") + return False ++ if not self._safe_script_path(script): ++ log.error("Paths outside of the profile directories cannot be used in the " \ ++ + "script_pre or script_post, ignoring script: '%s'" % script) ++ return False + dir_name = os.path.dirname(script) + ret = True + for dev in devices: +diff --git a/tuned/plugins/plugin_script.py b/tuned/plugins/plugin_script.py +index 19b7fc6..6a5153f 100644 +--- a/tuned/plugins/plugin_script.py ++++ b/tuned/plugins/plugin_script.py +@@ -35,6 +35,10 @@ class ScriptPlugin(base.Plugin): + for script in scripts: + environ = os.environ + environ.update(self._variables.get_env()) ++ if not self._safe_script_path(script): ++ log.error("Paths outside of the profile directories cannot be used in the script, " \ ++ + "ignoring script: '%s'." % script) ++ continue + log.info("calling script '%s' with arguments '%s'" % (script, str(arguments))) + log.debug("using environment '%s'" % str(list(environ.items()))) + try: +diff --git a/tuned/utils/commands.py b/tuned/utils/commands.py +index df695a7..f612e70 100644 +--- a/tuned/utils/commands.py ++++ b/tuned/utils/commands.py +@@ -507,3 +507,7 @@ class commands: + f.write(profile_name + "\n") + except (OSError,IOError) as e: + raise TunedException("Failed to save the active post-loaded profile: %s" % e.strerror) ++ ++ # Checks if name contains only valid characters and has valid length or is empty string or None ++ def is_valid_name(self, name): ++ return not name or (all(c in consts.NAMES_ALLOWED_CHARS for c in name) and len(name) <= consts.NAMES_MAX_LENGTH) +diff --git a/tuned/version.py b/tuned/version.py +index 51cacf0..cb648c6 100644 +--- a/tuned/version.py ++++ b/tuned/version.py +@@ -1,3 +1,3 @@ + TUNED_VERSION_MAJOR = 2 + TUNED_VERSION_MINOR = 15 +-TUNED_VERSION_PATCH = 0 ++TUNED_VERSION_PATCH = 1 diff --git a/SPECS/tuned/CVE-2024-52337.nopatch b/SPECS/tuned/CVE-2024-52337.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/tuned/tuned.spec b/SPECS/tuned/tuned.spec index cb3837aa5a9..37b235ee9e6 100644 --- a/SPECS/tuned/tuned.spec +++ b/SPECS/tuned/tuned.spec @@ -7,12 +7,13 @@ Summary: A dynamic adaptive system tuning daemon Name: tuned Version: 2.15.0 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz Patch0: skip-gui-files.patch +Patch1: CVE-2024-52336.patch URL: http://www.tuned-project.org/ BuildArch: noarch @@ -407,6 +408,9 @@ fi %{_mandir}/man7/tuned-profiles-postgresql.7* %changelog +* Wed Dec 11 2024 Sandeep Karambelkar 2.15.0-5 +- Fix CVEs - CVE-2024-52336 CVE-2024-52337 + * Thu Jan 20 2022 Cameron Baird 2.15.0-4 - Initial CBL-Mariner import from CentOS 8 (license: MIT). - License verified From 65135a1a8f05de7fe34a87c50128818ef3fb1ab3 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:24:01 -0800 Subject: [PATCH 05/43] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for packer - branch main (#11471) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/packer/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++++ SPECS/packer/packer.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/packer/CVE-2024-24786.patch diff --git a/SPECS/packer/CVE-2024-24786.patch b/SPECS/packer/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/packer/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec index e1a27346ee8..f360becd548 100644 --- a/SPECS/packer/packer.spec +++ b/SPECS/packer/packer.spec @@ -5,7 +5,7 @@ Summary: Tool for creating identical machine images for multiple platform Name: packer Epoch: 1 Version: 1.9.5 -Release: 3%{?dist} +Release: 4%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Patch0: CVE-2023-45288.patch Patch1: CVE-2022-3064.patch Patch2: CVE-2023-49569.patch Patch3: CVE-2024-6104.patch +Patch4: CVE-2024-24786.patch BuildRequires: golang BuildRequires: kernel-headers BuildRequires: glibc-devel @@ -69,6 +70,9 @@ go test -mod=vendor %{_bindir}/packer %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.9.5-4 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.9.5-3 - Bump release to rebuild with go 1.22.7 From e9c0ab21a8762b0321074b40a64d300342b14528 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:24:29 -0800 Subject: [PATCH 06/43] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-buildx, moby-containerd-cc, moby-containerd - branch main (#11470) Co-authored-by: suresh-thelkar --- SPECS/moby-buildx/CVE-2024-24786.patch | 40 +++++++++++++++++++ SPECS/moby-buildx/moby-buildx.spec | 6 ++- SPECS/moby-containerd-cc/CVE-2024-24786.patch | 40 +++++++++++++++++++ .../moby-containerd-cc.spec | 6 ++- SPECS/moby-containerd/CVE-2024-24786.patch | 40 +++++++++++++++++++ SPECS/moby-containerd/moby-containerd.spec | 6 ++- 6 files changed, 135 insertions(+), 3 deletions(-) create mode 100644 SPECS/moby-buildx/CVE-2024-24786.patch create mode 100644 SPECS/moby-containerd-cc/CVE-2024-24786.patch create mode 100644 SPECS/moby-containerd/CVE-2024-24786.patch diff --git a/SPECS/moby-buildx/CVE-2024-24786.patch b/SPECS/moby-buildx/CVE-2024-24786.patch new file mode 100644 index 00000000000..1072e2c7b2a --- /dev/null +++ b/SPECS/moby-buildx/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 4453a6c6c0c0073777b976982f11001188d3f021 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:08:33 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..2586bb3 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-buildx/moby-buildx.spec b/SPECS/moby-buildx/moby-buildx.spec index c0625052a2b..6e5d096cb42 100644 --- a/SPECS/moby-buildx/moby-buildx.spec +++ b/SPECS/moby-buildx/moby-buildx.spec @@ -5,7 +5,7 @@ Summary: A Docker CLI plugin for extended build capabilities with BuildKi Name: moby-%{upstream_name} # update "commit_hash" above when upgrading version Version: 0.7.1 -Release: 23%{?dist} +Release: 24%{?dist} License: ASL 2.0 Group: Tools/Container Vendor: Microsoft Corporation @@ -23,6 +23,7 @@ Patch6: CVE-2021-41092.patch Patch7: CVE-2022-41717.patch Patch8: CVE-2023-45288.patch Patch9: CVE-2023-48795.patch +Patch10: CVE-2024-24786.patch BuildRequires: bash BuildRequires: golang @@ -53,6 +54,9 @@ cp -aT buildx "%{buildroot}/%{_libexecdir}/docker/cli-plugins/docker-buildx" %{_libexecdir}/docker/cli-plugins/docker-buildx %changelog +* Thu Dec 05 2024 sthelkar - 0.7.1-24 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 0.7.1-23 - Bump release to rebuild with go 1.22.7 diff --git a/SPECS/moby-containerd-cc/CVE-2024-24786.patch b/SPECS/moby-containerd-cc/CVE-2024-24786.patch new file mode 100644 index 00000000000..64ca2cd877e --- /dev/null +++ b/SPECS/moby-containerd-cc/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From bca1cff9d87eae95d4a877fd53ce30c7d4ed2ac1 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:14:30 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-containerd-cc/moby-containerd-cc.spec b/SPECS/moby-containerd-cc/moby-containerd-cc.spec index e131c33b3e0..e1075be8d25 100644 --- a/SPECS/moby-containerd-cc/moby-containerd-cc.spec +++ b/SPECS/moby-containerd-cc/moby-containerd-cc.spec @@ -6,7 +6,7 @@ Summary: Industry-standard container runtime for confidential containers Name: moby-%{upstream_name} Version: 1.7.7 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -20,6 +20,7 @@ Patch0: CVE-2023-47108.patch Patch1: CVE-2023-44487.patch Patch2: fix_cc_tests_for_golang1.21.patch Patch4: CVE-2023-45288.patch +Patch5: CVE-2024-24786.patch %{?systemd_requires} @@ -80,6 +81,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Thu Dec 05 2024 sthelkar - 1.7.7-8 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.7.7-7 - Bump release to rebuild with go 1.22.7 diff --git a/SPECS/moby-containerd/CVE-2024-24786.patch b/SPECS/moby-containerd/CVE-2024-24786.patch new file mode 100644 index 00000000000..2243135854e --- /dev/null +++ b/SPECS/moby-containerd/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From d103995120582eec72b9ef7b67af49ba601c8767 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:11:27 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec index 3f9961e5159..68af26bbc9b 100644 --- a/SPECS/moby-containerd/moby-containerd.spec +++ b/SPECS/moby-containerd/moby-containerd.spec @@ -5,7 +5,7 @@ Summary: Industry-standard container runtime Name: moby-%{upstream_name} Version: 1.6.26 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -19,6 +19,7 @@ Patch0: Makefile.patch Patch1: add_ptrace_readby_tracedby_to_apparmor.patch Patch2: fix_tests_for_golang1.21.patch Patch3: CVE-2023-45288.patch +Patch4: CVE-2024-24786.patch %{?systemd_requires} @@ -92,6 +93,9 @@ fi %dir /opt/containerd/lib %changelog +* Thu Dec 05 2024 sthelkar - 1.6.26-8 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.6.26-7 - Bump release to rebuild with go 1.22.7 From 42322d42ca3e2ec44684c5f7d7b37949605ef3ea Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:25:29 -0800 Subject: [PATCH 07/43] [AUTO-CHERRYPICK] Fix CVE-2024-24786 in cf-cli and terraform for 2.0 - branch main (#11469) Co-authored-by: bhagyapathak --- SPECS/cf-cli/CVE-2024-24786.patch | 40 ++++++++++++++++++++++++++++ SPECS/cf-cli/cf-cli.spec | 6 ++++- SPECS/terraform/CVE-2024-24786.patch | 40 ++++++++++++++++++++++++++++ SPECS/terraform/terraform.spec | 6 ++++- 4 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 SPECS/cf-cli/CVE-2024-24786.patch create mode 100644 SPECS/terraform/CVE-2024-24786.patch diff --git a/SPECS/cf-cli/CVE-2024-24786.patch b/SPECS/cf-cli/CVE-2024-24786.patch new file mode 100644 index 00000000000..eac7c3190ba --- /dev/null +++ b/SPECS/cf-cli/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 896355cbb53b13351b15381f313835680d08e9ca Mon Sep 17 00:00:00 2001 +From: bhapathak +Date: Wed, 4 Dec 2024 07:15:55 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 3 +++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..15fb7c2 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,9 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ ++ case json.EOF: ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 + diff --git a/SPECS/cf-cli/cf-cli.spec b/SPECS/cf-cli/cf-cli.spec index 041c316033d..320965cc87e 100644 --- a/SPECS/cf-cli/cf-cli.spec +++ b/SPECS/cf-cli/cf-cli.spec @@ -1,7 +1,7 @@ Summary: The official command line client for Cloud Foundry. Name: cf-cli Version: 8.4.0 -Release: 21%{?dist} +Release: 22%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -33,6 +33,7 @@ Patch2: CVE-2021-43565.patch # Produced by git clone https://github.com/golang/text && cd text && # git checkout 434eadcdbc3b0256971992e8c70027278364c72c && git format-patch -1 HEAD Patch3: CVE-2022-32149.patch +Patch4: CVE-2024-24786.patch BuildRequires: golang %global debug_package %{nil} @@ -67,6 +68,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./out/cf %{_bindir}/cf %changelog +* Wed Dec 04 2024 bhapathak - 8.4.0-22 +- Patch CVE-2024-24786 + * Tue Sep 17 2024 Jiri Appl - 8.4.0-21 - Patch CVE-2022-32149 bringing upstream patch over the vendored golang.org/x/text module diff --git a/SPECS/terraform/CVE-2024-24786.patch b/SPECS/terraform/CVE-2024-24786.patch new file mode 100644 index 00000000000..79949213e79 --- /dev/null +++ b/SPECS/terraform/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 3a797ade30fdd957b92774d28d51be254271b32d Mon Sep 17 00:00:00 2001 +From: bhapathak +Date: Wed, 4 Dec 2024 07:12:14 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 3 +++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..15fb7c2 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,9 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ ++ case json.EOF: ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 + diff --git a/SPECS/terraform/terraform.spec b/SPECS/terraform/terraform.spec index b3e3f146d51..bb409a78f64 100644 --- a/SPECS/terraform/terraform.spec +++ b/SPECS/terraform/terraform.spec @@ -1,7 +1,7 @@ Summary: Infrastructure as code deployment management tool Name: terraform Version: 1.3.2 -Release: 19%{?dist} +Release: 20%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -33,6 +33,7 @@ Patch2: CVE-2024-6257.patch Patch3: CVE-2024-6104.patch Patch4: CVE-2022-32149.patch Patch5: CVE-2023-4782.patch +Patch6: CVE-2024-24786.patch %global debug_package %{nil} %define our_gopath %{_topdir}/.gopath @@ -66,6 +67,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./terraform %{_bindir}/terraform %changelog +* Wed Dec 04 2024 bhapathak - 1.3.2-20 +- Patch CVE-2024-24786 + * Thu Oct 10 2024 Sumedh Sharma - 1.3.2-19 - Add patch to resolve CVE-2023-4782 & CVE-2022-32149 From c8b5aeae00b480a67b1d328418537d4a59effbd3 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:52:57 -0800 Subject: [PATCH 08/43] [AUTO-CHERRYPICK] Fix CVE-2024-36623 for moby-compose - branch main (#11417) Co-authored-by: Sudipta Pandit --- SPECS/moby-compose/CVE-2024-36623.patch | 45 +++++++++++++++++++++++++ SPECS/moby-compose/moby-compose.spec | 6 +++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-compose/CVE-2024-36623.patch diff --git a/SPECS/moby-compose/CVE-2024-36623.patch b/SPECS/moby-compose/CVE-2024-36623.patch new file mode 100644 index 00000000000..a1722aa6a0e --- /dev/null +++ b/SPECS/moby-compose/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go ++++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-compose/moby-compose.spec b/SPECS/moby-compose/moby-compose.spec index 2189e51a0f3..79cff0a0f13 100644 --- a/SPECS/moby-compose/moby-compose.spec +++ b/SPECS/moby-compose/moby-compose.spec @@ -1,7 +1,7 @@ Summary: Define and run multi-container applications with Docker Name: moby-compose Version: 2.17.3 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -34,6 +34,7 @@ Patch7: CVE-2024-23650.patch # github.com/docker/distribution/configuration (for configuration.go) # github.com/docker/distribution/catalog (for catalog.go) Patch8: CVE-2023-2253.patch +Patch9: CVE-2024-36623.patch # Leverage the `generate_source_tarball.sh` to create the vendor sources @@ -72,6 +73,9 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl %{_libexecdir}/docker/cli-plugins/docker-compose %changelog +* Tue Dec 10 2024 Sudipta Pandit - 2.17.3-8 +- Fix CVE-2024-36623 with patch + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 2.17.3-7 - Bump release to rebuild with go 1.22.7 From 7b7ff793538cd955ea67b3872b17f16bcc2aa8ea Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:53:40 -0800 Subject: [PATCH 09/43] [AUTO-CHERRYPICK] Fix CVE-2024-36623 for moby-cli - branch main (#11418) Co-authored-by: Sudipta Pandit --- SPECS/moby-cli/CVE-2024-36623.patch | 45 +++++++++++++++++++++++++++++ SPECS/moby-cli/moby-cli.spec | 6 +++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-cli/CVE-2024-36623.patch diff --git a/SPECS/moby-cli/CVE-2024-36623.patch b/SPECS/moby-cli/CVE-2024-36623.patch new file mode 100644 index 00000000000..a1722aa6a0e --- /dev/null +++ b/SPECS/moby-cli/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go ++++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index 907a6865021..ddaa1918815 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine client. Name: moby-cli Version: 24.0.9 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -13,6 +13,7 @@ Source0: https://github.com/docker/cli/archive/v%{version}.tar.gz#/%{name Source1: %{name}-%{version}-govendor-v1.tar.gz Patch0: disable_manpage_vendor.patch Patch1: CVE-2023-45288.patch +Patch2: CVE-2024-36623.patch BuildRequires: git BuildRequires: go-md2man BuildRequires: golang @@ -78,6 +79,9 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi %{_datadir}/fish/vendor_completions.d/docker.fish %changelog +* Tue Dec 10 2024 Sudipta Pandit - 24.0.9-5 +- Add patch for CVE-2024-36623 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 24.0.9-4 - Bump release to rebuild with go 1.22.7 From 3f1a0e9bdab07fdaaf9c963544e4f242ac3601f9 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:56:04 -0800 Subject: [PATCH 10/43] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in cri-tools - branch main (#11419) Co-authored-by: suresh-thelkar --- SPECS/cri-tools/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++++ SPECS/cri-tools/cri-tools.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/cri-tools/CVE-2024-24786.patch diff --git a/SPECS/cri-tools/CVE-2024-24786.patch b/SPECS/cri-tools/CVE-2024-24786.patch new file mode 100644 index 00000000000..4ac1fab883e --- /dev/null +++ b/SPECS/cri-tools/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From c86c40f1c4b2627bde2af7ca0f407a42feae79b8 Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Wed, 4 Dec 2024 16:48:18 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..a03e928 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec index d80306151ef..cdd1508e09a 100644 --- a/SPECS/cri-tools/cri-tools.spec +++ b/SPECS/cri-tools/cri-tools.spec @@ -7,7 +7,7 @@ Summary: CRI tools Name: cri-tools Version: 1.29.0 -Release: 4%{?dist} +Release: 5%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,7 @@ URL: https://github.com/kubernetes-sigs/cri-tools Source0: https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2024-21626.patch Patch1: CVE-2023-45288.patch +Patch2: CVE-2024-24786.patch BuildRequires: glib-devel BuildRequires: glibc-devel BuildRequires: golang @@ -46,6 +47,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} "${BUILD_FOLDER}/critest" %{_bindir}/critest %changelog +* Wed Dec 04 2024 Suresh Thelkar - 1.29.0-5 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.29.0-4 - Bump release to rebuild with go 1.22.7 From 74f507a5a27ae2d1b25c4644ed254c9c7054e6a5 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:56:47 -0800 Subject: [PATCH 11/43] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in blobfuse2 - branch main (#11420) Co-authored-by: suresh-thelkar --- SPECS/blobfuse2/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++++ SPECS/blobfuse2/blobfuse2.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/blobfuse2/CVE-2024-24786.patch diff --git a/SPECS/blobfuse2/CVE-2024-24786.patch b/SPECS/blobfuse2/CVE-2024-24786.patch new file mode 100644 index 00000000000..0141e4eeca3 --- /dev/null +++ b/SPECS/blobfuse2/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From 78460dfd1cbe6887b60af68c19c782e089e5012e Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Wed, 4 Dec 2024 15:32:17 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/blobfuse2/blobfuse2.spec b/SPECS/blobfuse2/blobfuse2.spec index 57894415fac..5c67f537e1a 100644 --- a/SPECS/blobfuse2/blobfuse2.spec +++ b/SPECS/blobfuse2/blobfuse2.spec @@ -7,7 +7,7 @@ Summary: FUSE adapter - Azure Storage Name: blobfuse2 Version: %{blobfuse2_version} -Release: 6%{?dist} +Release: 7%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Source0: https://github.com/Azure/azure-storage-fuse/archive/%{name}-%{bl # - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates. Source1: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2023-45288.patch +Patch1: CVE-2024-24786.patch BuildRequires: cmake BuildRequires: fuse3-devel BuildRequires: gcc @@ -80,6 +81,9 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot %{_sysconfdir}/logrotate.d/blobfuse2 %changelog +* Wed Dec 04 2024 Suresh Thelkar - 2.1.2-7 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 2.1.2-6 - Bump release to rebuild with go 1.22.7 From 8dd8ed2163db4ec1b98f6cdaad2f66eb6e7e7079 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:57:23 -0800 Subject: [PATCH 12/43] [AUTO-CHERRYPICK] Fix CVE-2024-27532 for fluent-bit - branch main (#11421) Co-authored-by: Sudipta Pandit --- SPECS/fluent-bit/CVE-2024-27532.patch | 42 +++++++++++++++++++++++++++ SPECS/fluent-bit/fluent-bit.spec | 8 +++-- 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 SPECS/fluent-bit/CVE-2024-27532.patch diff --git a/SPECS/fluent-bit/CVE-2024-27532.patch b/SPECS/fluent-bit/CVE-2024-27532.patch new file mode 100644 index 00000000000..83b9b8f1ae9 --- /dev/null +++ b/SPECS/fluent-bit/CVE-2024-27532.patch @@ -0,0 +1,42 @@ +From bd866ae9686ea914f57e83bd5b2e9c7a5a2a7323 Mon Sep 17 00:00:00 2001 +From: Sudipta Pandit +Date: Thu, 14 Nov 2024 13:32:31 +0530 +Subject: [PATCH] Fix CVE-2024-27532 + +Reference: https://github.com/bytecodealliance/wasm-micro-runtime/pull/3133 + +--- + .../core/iwasm/interpreter/wasm_loader.c | 2 +- + .../core/iwasm/interpreter/wasm_mini_loader.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +index 87af8526f..2254ba577 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +@@ -6694,7 +6694,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + uint16 cell_num; + + bh_assert(loader_ctx->csp_num > 0); +- if (loader_ctx->csp_num < depth + 1) { ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +index 157a82cc3..ee01db71d 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +@@ -5199,7 +5199,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + int32 i, available_stack_cell; + uint16 cell_num; + +- if (loader_ctx->csp_num < depth + 1) { ++ bh_assert(loader_ctx->csp_num > 0); ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +-- +2.34.1 + diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec index 1d008a3fadd..cb655377a7a 100644 --- a/SPECS/fluent-bit/fluent-bit.spec +++ b/SPECS/fluent-bit/fluent-bit.spec @@ -1,7 +1,7 @@ Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX Name: fluent-bit Version: 2.2.3 -Release: 5%{?dist} +Release: 6%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,7 @@ Patch2: fix_issue_8025.patch Patch3: CVE-2024-26455.patch Patch4: CVE-2024-25629.patch Patch5: CVE-2024-25431.patch +Patch6: CVE-2024-27532.patch BuildRequires: bison BuildRequires: cmake BuildRequires: cyrus-sasl-devel @@ -86,6 +87,9 @@ Development files for %{name} %{_libdir}/fluent-bit/*.so %changelog +* Tue Dec 10 2024 Sudipta Pandit - 2.2.3-6 +- Backport fix for CVE-2024-27532 + * Fri Nov 15 2024 Ankita Pareek - 2.2.3-5 - Address CVE-2024-25431 @@ -97,7 +101,7 @@ Development files for %{name} - Apply patch in_emitter_fix_issue_8198.patch to fix #8198 ( Potential log loss during high load at Multiline & Rewrite Tag Filter (in_emitter) ) - Fix issue #8025 with a patch ( in_tail: missing log for offset processing due to non-existent old inodes in sqlite ) -* Wed May 30 2024 Sindhu Karri - 2.2.3-2 +* Thu May 30 2024 Sindhu Karri - 2.2.3-2 - Fix CVE-2024-34250 with a patch * Tue May 28 2024 CBL-Mariner Servicing Account - 2.2.3-1 From 888e63e25bac947f9c7551cce15ed5784d0123fd Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 07:02:57 -0800 Subject: [PATCH 13/43] [AUTO-CHERRYPICK] [2.0 Fast-track] Upgrade nvidia container toolkit and libnvidia-container to v1.17.3 - branch main (#11467) Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com> --- .../libnvidia-container.signatures.json | 2 +- SPECS/libnvidia-container/libnvidia-container.spec | 5 ++++- .../nvidia-container-toolkit.signatures.json | 4 ++-- .../nvidia-container-toolkit.spec | 13 +++++++++++-- cgmanifest.json | 8 ++++---- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/SPECS/libnvidia-container/libnvidia-container.signatures.json b/SPECS/libnvidia-container/libnvidia-container.signatures.json index cb0ee199644..98ae0ebc573 100644 --- a/SPECS/libnvidia-container/libnvidia-container.signatures.json +++ b/SPECS/libnvidia-container/libnvidia-container.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "libnvidia-container-1.17.1.tar.gz": "861ee77bbf1d19531f4c65e57989d5f1a41b0a0b28d6a2d0e2c8e2ede14c1e25", + "libnvidia-container-1.17.3.tar.gz": "9c28e729f1677b6ff9edb3f4dccff4f9827ffe13c04fbcffa41aabacbc0fdd54", "nvidia-modprobe-550.54.14.tar.gz": "5687b0dfa6087dd480ae91e91ff1dca975794e35a2edcf9ec08d8f9cb98ef905" } } \ No newline at end of file diff --git a/SPECS/libnvidia-container/libnvidia-container.spec b/SPECS/libnvidia-container/libnvidia-container.spec index b7d6910af59..d6203bae6fd 100644 --- a/SPECS/libnvidia-container/libnvidia-container.spec +++ b/SPECS/libnvidia-container/libnvidia-container.spec @@ -3,7 +3,7 @@ %define mod_probe_dir deps/src/nvidia-modprobe-%{modprobe_version} Summary: NVIDIA container runtime library Name: libnvidia-container -Version: 1.17.1 +Version: 1.17.3 Release: 1%{?dist} License: BSD AND ASL2.0 AND GPLv3+ AND LGPLv3+ AND MIT AND GPLv2 Vendor: Microsoft Corporation @@ -135,6 +135,9 @@ This package contains command-line tools that facilitate using the library. %{_bindir}/* %changelog +* Thu Dec 05 2024 Henry Li - 1.17.3-1 +- Upgrade to v1.17.3 + * Mon Nov 11 2024 Henry Li - 1.17.1-1 - Upgrade to v1.17.1 diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json index 0fa9f0cf7d0..092098cc515 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "nvidia-container-toolkit-1.17.1-vendor.tar.gz": "894d10f0504e7a8a8fe8748d736288e90f23e24f13aac058b6b83c4ca99dc40f", - "nvidia-container-toolkit-1.17.1.tar.gz": "bf1e3ede225bfa41a932e00430e3efbc2c788d8a4e93e5133ff24b5a3b2ae1eb" + "nvidia-container-toolkit-1.17.3-vendor.tar.gz": "894d10f0504e7a8a8fe8748d736288e90f23e24f13aac058b6b83c4ca99dc40f", + "nvidia-container-toolkit-1.17.3.tar.gz": "58eb450e52d45483a26d9269cf4f74a8b9d0b765751581f1123b18dc48609791" } } diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec index e54c736462c..57be51696d3 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec @@ -1,7 +1,7 @@ %global debug_package %{nil} Summary: NVIDIA container runtime hook Name: nvidia-container-toolkit -Version: 1.17.1 +Version: 1.17.3 Release: 1%{?dist} License: ALS2.0 Vendor: Microsoft Corporation @@ -32,7 +32,8 @@ BuildRequires: golang Obsoletes: nvidia-container-runtime <= 3.5.0-1, nvidia-container-runtime-hook <= 1.4.0-2 Provides: nvidia-container-runtime Provides: nvidia-container-runtime-hook -Requires: libnvidia-container-tools >= 1.13.5, libnvidia-container-tools < 2.0.0 +Requires: libnvidia-container-tools >= %{version}, libnvidia-container-tools < 2.0.0 +Requires: nvidia-container-toolkit-base == %{version}-%{release} %description Provides a OCI hook to enable GPU support in containers. @@ -58,12 +59,14 @@ tar -xvf %{SOURCE1} go build -ldflags "-s -w " -o "nvidia-container-runtime-hook" ./cmd/nvidia-container-runtime-hook go build -ldflags "-s -w " -o "nvidia-container-runtime" ./cmd/nvidia-container-runtime go build -ldflags "-s -w " -o "nvidia-ctk" ./cmd/nvidia-ctk +go build -ldflags "-s -w " -o "nvidia-cdi-hook" ./cmd/nvidia-cdi-hook %install mkdir -p %{buildroot}%{_bindir} install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime-hook install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime install -m 755 -t %{buildroot}%{_bindir} nvidia-ctk +install -m 755 -t %{buildroot}%{_bindir} nvidia-cdi-hook %posttrans ln -sf %{_bindir}/nvidia-container-runtime-hook %{_bindir}/nvidia-container-toolkit @@ -82,8 +85,14 @@ rm -f %{_bindir}/nvidia-container-toolkit %license LICENSE %{_bindir}/nvidia-container-runtime %{_bindir}/nvidia-ctk +%{_bindir}/nvidia-cdi-hook %changelog +* Thu Dec 05 2024 Henry Li - 1.17.3-1 +- Upgrade to v1.17.3 +- Add nvidia-cdi-hook binary to nvidia-container-toolkit-base package +- Add nvidia-container-toolkit-base as runtime requirement for nvidia-container-toolkit + * Mon Nov 11 2024 Henry Li - 1.17.1-1 - Upgrade to v1.17.1 to resolve CVE-2024-0134 diff --git a/cgmanifest.json b/cgmanifest.json index 303e49f60d3..cc0d13737b1 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10351,8 +10351,8 @@ "type": "other", "other": { "name": "libnvidia-container", - "version": "1.17.1", - "downloadUrl": "https://github.com/NVIDIA/libnvidia-container/archive/v1.17.1.tar.gz" + "version": "1.17.3", + "downloadUrl": "https://github.com/NVIDIA/libnvidia-container/archive/v1.17.3.tar.gz" } } }, @@ -14603,8 +14603,8 @@ "type": "other", "other": { "name": "nvidia-container-toolkit", - "version": "1.17.1", - "downloadUrl": "https://github.com/NVIDIA/nvidia-container-toolkit/archive/v1.17.1.tar.gz" + "version": "1.17.3", + "downloadUrl": "https://github.com/NVIDIA/nvidia-container-toolkit/archive/v1.17.3.tar.gz" } } }, From 33b573b41a2febb92155ee641dbc6d22e4ea1076 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 18 Dec 2024 11:08:15 -0800 Subject: [PATCH 14/43] Added distrusted CAs to the cert bundles. (#11424) --- .../ca-certificates.signatures.json | 1 + SPECS/ca-certificates/ca-certificates.spec | 24 +- SPECS/ca-certificates/certdata.distrusted.txt | 302 ++++++++++++++++++ .../prebuilt-ca-certificates-base.spec | 5 +- .../prebuilt-ca-certificates.spec | 5 +- .../manifests/package/pkggen_core_aarch64.txt | 8 +- .../manifests/package/pkggen_core_x86_64.txt | 8 +- .../manifests/package/toolchain_aarch64.txt | 10 +- .../manifests/package/toolchain_x86_64.txt | 10 +- 9 files changed, 351 insertions(+), 22 deletions(-) create mode 100644 SPECS/ca-certificates/certdata.distrusted.txt diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json index 8348c78a905..1a2a357595b 100644 --- a/SPECS/ca-certificates/ca-certificates.signatures.json +++ b/SPECS/ca-certificates/ca-certificates.signatures.json @@ -11,6 +11,7 @@ "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8", "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a", "certdata.base.txt": "771a6c9995ea00bb4ce50fd842a252454fe9b26acad8b0568a1055207442db57", + "certdata.distrusted.txt": "93aebf0f1e5253ed91fe269f7128fdb8b20630ef19558f629c79a8b7eb0ba30d", "certdata.microsoft.txt": "1707ab328312f4ecce167a886e866136b46d7f979a01cc6f9e4afd042174babd", "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33", "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426", diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index 02a65aabfdc..84145a40567 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -6,6 +6,8 @@ %define p11_format_base_bundle ca-bundle.trust.base.p11-kit +%define p11_format_distrusted_bundle ca-bundle.trust.distrusted.p11-kit + %define p11_format_microsoft_bundle ca-bundle.trust.microsoft.p11-kit # List of packages triggering legacy certs generation if 'ca-certificates-legacy' @@ -45,7 +47,7 @@ Name: ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -69,6 +71,8 @@ Source21: certdata.base.txt Source22: bundle2pem.sh # The certdata.microsoft.txt is provided by Microsoft's Trusted Root Program. Source23: certdata.microsoft.txt +# The certdata.distrusted.txt is provided by Microsoft's Trusted Root Program. +Source24: certdata.distrusted.txt BuildRequires: /bin/ln BuildRequires: asciidoc @@ -91,7 +95,7 @@ Provides: ca-certificates-mozilla = %{version}-%{release} BuildArch: noarch %description -The Public Key Inrastructure is used for many security issues in +The Public Key Infrastructure is used for many security issues in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA). The certificates loaded by this section are from the list of CAs trusted @@ -146,6 +150,7 @@ cp -p %{SOURCE20} . %convert_certdata %{SOURCE21} %convert_certdata %{SOURCE23} +%convert_certdata %{SOURCE24} #manpage cp %{SOURCE10} %{name}/update-ca-trust.8.txt @@ -186,6 +191,9 @@ install -p -m 644 %{SOURCE18} %{buildroot}%{catrustdir}/source/README # Microsoft certs %install_bundles %{SOURCE23} %{p11_format_microsoft_bundle} +# Distrusted certs +%install_bundles %{SOURCE24} %{p11_format_distrusted_bundle} + # TODO: consider to dynamically create the update-ca-trust script from within # this .spec file, in order to have the output file+directory names at once place only. install -p -m 755 %{SOURCE2} %{buildroot}%{_bindir}/update-ca-trust @@ -257,13 +265,16 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %{pkidir}/tls/certs/%{classic_tls_bundle} %files +%defattr(-,root,root) # Microsoft certs bundle file with trust %{_datadir}/pki/ca-trust-source/%{p11_format_microsoft_bundle} %files base +%defattr(-,root,root) %{_datadir}/pki/ca-trust-source/%{p11_format_base_bundle} %files shared +%defattr(-,root,root) %license LICENSE # symlinks for old locations @@ -307,6 +318,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %dir %{pkidir}/tls %dir %{pkidir}/tls/certs +# Distrusted CAs +%{_datadir}/pki/ca-trust-source/%{p11_format_distrusted_bundle} + %ghost %{catrustdir}/extracted/pem/tls-ca-bundle.pem %ghost %{catrustdir}/extracted/pem/email-ca-bundle.pem %ghost %{catrustdir}/extracted/pem/objsign-ca-bundle.pem @@ -315,15 +329,21 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %ghost %{catrustdir}/extracted/edk2/cacerts.bin %files tools +%defattr(-,root,root) # update/extract tool %{_bindir}/update-ca-trust %{_mandir}/man8/update-ca-trust.8.gz %files legacy +%defattr(-,root,root) %{_bindir}/bundle2pem.sh %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. +- Explicitly set default file ownership to root:root. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Updating Microsoft trusted root CAs. diff --git a/SPECS/ca-certificates/certdata.distrusted.txt b/SPECS/ca-certificates/certdata.distrusted.txt new file mode 100644 index 00000000000..913d0e76496 --- /dev/null +++ b/SPECS/ca-certificates/certdata.distrusted.txt @@ -0,0 +1,302 @@ +# Release: December 2024 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# +# certdata.txt +# +# This file contains the object definitions for the certs and other +# information "built into" NSS. +# +# Object definitions: +# +# Certificates +# +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) +# +# Trust +# +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_CERT_HASH binary+base64 (varies) +# CKA_EXPIRES CK_DATE (not used here) +# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies) +# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies) +# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies) +# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies) +# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies) +# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies) +# CKA_TRUST_CRL_SIGN CK_TRUST (varies) +# CKA_TRUST_SERVER_AUTH CK_TRUST (varies) +# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies) +# CKA_TRUST_CODE_SIGNING CK_TRUST (varies) +# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies) +# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies) +# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies) +# CKA_TRUST_IPSEC_USER CK_TRUST (varies) +# CKA_TRUST_TIME_STAMPING CK_TRUST (varies) +# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies) +# (other trust attributes can be defined) +# + +# +# The object to tell NSS that this is a root list and we don't +# have to go looking for others. +# +BEGINDATA +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft Builtin Distrusted Certificates" + +# +# Certificate "google.com" +# +# Issuer: CN=AC Certisign ICP-Brasil SSL EV G4,OU=Autoridade Certificadora Raiz Brasileira v10,O=ICP-Brasil,C=BR +# Serial Number:28:85:34:47:39:1a:72:1e:76:94:85:49:4e:73:57:52 +# Subject: CN=google.com,UID=b27bb194-0258-47ac-acba-c6f06f39787c,OID.2.5.4.97=OFBBR-ef0d9576-f46c-4c95-b690-e882e0b49bc0,L=Sao Paulo,ST=SP,O=GOOGLE PAY BRASIL INSTITUICAO DE PAGAMENTO LTDA,C=BR,serialNumber=43394419000188,incorporationCountry=BR,businessCategory=Private Organization +# Not Valid Before: Thu Nov 28 21:19:48 2024 +# Not Valid After : Fri Nov 28 21:19:48 2025 +# Fingerprint (SHA-256): 42:13:29:F0:DC:2F:68:3D:6E:96:C1:B5:B3:10:97:4D:09:97:AD:98:4E:F6:91:20:F5:53:72:B4:F4:8E:10:37 +# Fingerprint (SHA1): 1C:68:E6:97:AB:50:91:FE:76:16:D5:2F:A0:36:02:5C:47:43:BB:73 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "google.com" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\202\001\065\061\035\060\033\006\003\125\004\017\014\024\120 +\162\151\166\141\164\145\040\117\162\147\141\156\151\172\141\164 +\151\157\156\061\023\060\021\006\013\053\006\001\004\001\202\067 +\074\002\001\003\023\002\102\122\061\027\060\025\006\003\125\004 +\005\023\016\064\063\063\071\064\064\061\071\060\060\060\061\070 +\070\061\013\060\011\006\003\125\004\006\023\002\102\122\061\070 +\060\066\006\003\125\004\012\014\057\107\117\117\107\114\105\040 +\120\101\131\040\102\122\101\123\111\114\040\111\116\123\124\111 +\124\125\111\103\101\117\040\104\105\040\120\101\107\101\115\105 +\116\124\117\040\114\124\104\101\061\013\060\011\006\003\125\004 +\010\014\002\123\120\061\022\060\020\006\003\125\004\007\014\011 +\123\141\157\040\120\141\165\154\157\061\063\060\061\006\003\125 +\004\141\014\052\117\106\102\102\122\055\145\146\060\144\071\065 +\067\066\055\146\064\066\143\055\064\143\071\065\055\142\066\071 +\060\055\145\070\070\062\145\060\142\064\071\142\143\060\061\064 +\060\062\006\012\011\222\046\211\223\362\054\144\001\001\014\044 +\142\062\067\142\142\061\071\064\055\060\062\065\070\055\064\067 +\141\143\055\141\143\142\141\055\143\066\146\060\066\146\063\071 +\067\070\067\143\061\023\060\021\006\003\125\004\003\014\012\147 +\157\157\147\154\145\056\143\157\155 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\102\122 +\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102 +\162\141\163\151\154\061\065\060\063\006\003\125\004\013\023\054 +\101\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151 +\146\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162 +\141\163\151\154\145\151\162\141\040\166\061\060\061\052\060\050 +\006\003\125\004\003\023\041\101\103\040\103\145\162\164\151\163 +\151\147\156\040\111\103\120\055\102\162\141\163\151\154\040\123 +\123\114\040\105\126\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\050\205\064\107\071\032\162\036\166\224\205\111\116\163 +\127\122 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\010\001\060\202\005\351\240\003\002\001\002\002\020\050 +\205\064\107\071\032\162\036\166\224\205\111\116\163\127\122\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\205\061\013\060\011\006\003\125\004\006\023\002\102\122\061\023 +\060\021\006\003\125\004\012\023\012\111\103\120\055\102\162\141 +\163\151\154\061\065\060\063\006\003\125\004\013\023\054\101\165 +\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146\151 +\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141\163 +\151\154\145\151\162\141\040\166\061\060\061\052\060\050\006\003 +\125\004\003\023\041\101\103\040\103\145\162\164\151\163\151\147 +\156\040\111\103\120\055\102\162\141\163\151\154\040\123\123\114 +\040\105\126\040\107\064\060\036\027\015\062\064\061\061\062\070 +\062\061\061\071\064\070\132\027\015\062\065\061\061\062\070\062 +\061\061\071\064\070\132\060\202\001\065\061\035\060\033\006\003 +\125\004\017\014\024\120\162\151\166\141\164\145\040\117\162\147 +\141\156\151\172\141\164\151\157\156\061\023\060\021\006\013\053 +\006\001\004\001\202\067\074\002\001\003\023\002\102\122\061\027 +\060\025\006\003\125\004\005\023\016\064\063\063\071\064\064\061 +\071\060\060\060\061\070\070\061\013\060\011\006\003\125\004\006 +\023\002\102\122\061\070\060\066\006\003\125\004\012\014\057\107 +\117\117\107\114\105\040\120\101\131\040\102\122\101\123\111\114 +\040\111\116\123\124\111\124\125\111\103\101\117\040\104\105\040 +\120\101\107\101\115\105\116\124\117\040\114\124\104\101\061\013 +\060\011\006\003\125\004\010\014\002\123\120\061\022\060\020\006 +\003\125\004\007\014\011\123\141\157\040\120\141\165\154\157\061 +\063\060\061\006\003\125\004\141\014\052\117\106\102\102\122\055 +\145\146\060\144\071\065\067\066\055\146\064\066\143\055\064\143 +\071\065\055\142\066\071\060\055\145\070\070\062\145\060\142\064 +\071\142\143\060\061\064\060\062\006\012\011\222\046\211\223\362 +\054\144\001\001\014\044\142\062\067\142\142\061\071\064\055\060 +\062\065\070\055\064\067\141\143\055\141\143\142\141\055\143\066 +\146\060\066\146\063\071\067\070\067\143\061\023\060\021\006\003 +\125\004\003\014\012\147\157\157\147\154\145\056\143\157\155\060 +\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 +\245\071\062\166\146\112\020\362\222\260\147\320\324\326\000\245 +\162\170\155\042\014\366\350\006\234\273\346\243\106\262\207\204 +\365\316\016\143\113\113\351\240\024\326\123\263\340\043\116\355 +\201\352\030\177\366\120\142\300\126\373\004\303\011\033\263\025 +\110\177\001\170\272\370\214\026\336\360\057\320\301\103\271\005 +\336\135\034\023\341\103\247\050\130\355\027\324\072\376\174\222 +\360\006\062\201\354\321\230\061\114\025\072\162\013\314\154\030 +\230\241\170\130\202\215\017\366\016\110\003\325\202\331\300\376 +\236\320\033\267\330\334\217\332\331\107\030\277\212\346\126\160 +\310\326\015\051\365\172\366\252\230\347\322\005\307\135\351\037 +\312\236\236\377\176\217\070\203\262\003\026\025\272\170\136\271 +\044\126\313\012\217\257\006\311\057\321\275\055\302\201\124\130 +\042\132\315\142\113\221\247\012\167\301\152\276\254\274\344\163 +\206\013\020\217\110\141\263\046\133\164\110\004\207\122\145\373 +\151\241\005\022\012\373\335\137\226\323\165\051\047\256\316\236 +\250\021\054\170\147\214\275\125\374\300\152\224\353\165\217\131 +\002\003\001\000\001\243\202\002\270\060\202\002\264\060\030\006 +\003\125\035\021\001\001\377\004\016\060\014\202\012\147\157\157 +\147\154\145\056\143\157\155\060\011\006\003\125\035\023\004\002 +\060\000\060\037\006\003\125\035\043\004\030\060\026\200\024\027 +\111\323\106\270\151\244\056\077\011\203\116\024\215\111\076\220 +\325\014\050\060\201\232\006\003\125\035\040\004\201\222\060\201 +\217\060\201\202\006\006\140\114\001\002\001\152\060\170\060\166 +\006\010\053\006\001\005\005\007\002\001\026\152\150\164\164\160 +\072\057\057\151\143\160\055\142\162\141\163\151\154\056\143\145 +\162\164\151\163\151\147\156\056\143\157\155\056\142\162\057\162 +\145\160\157\163\151\164\157\162\151\157\057\144\160\143\057\141 +\143\137\143\145\162\164\151\163\151\147\156\137\151\143\160\137 +\142\162\137\163\163\154\057\104\120\103\137\101\103\137\103\145 +\162\164\151\163\151\147\156\137\111\143\160\137\102\162\137\123 +\163\154\056\160\144\146\060\010\006\006\147\201\014\001\002\002 +\060\201\312\006\003\125\035\037\004\201\302\060\201\277\060\136 +\240\134\240\132\206\130\150\164\164\160\072\057\057\151\143\160 +\055\142\162\141\163\151\154\056\143\145\162\164\151\163\151\147 +\156\056\143\157\155\056\142\162\057\162\145\160\157\163\151\164 +\157\162\151\157\057\154\143\162\057\101\103\103\145\162\164\151 +\163\151\147\156\111\103\120\102\122\123\123\114\105\126\107\064 +\057\114\141\164\145\163\164\103\122\114\056\143\162\154\060\135 +\240\133\240\131\206\127\150\164\164\160\072\057\057\151\143\160 +\055\142\162\141\163\151\154\056\157\165\164\162\141\154\143\162 +\056\143\157\155\056\142\162\057\162\145\160\157\163\151\164\157 +\162\151\157\057\154\143\162\057\101\103\103\145\162\164\151\163 +\151\147\156\111\103\120\102\122\123\123\114\105\126\107\064\057 +\114\141\164\145\163\164\103\122\114\056\143\162\154\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\003\250\060\035\006 +\003\125\035\045\004\026\060\024\006\010\053\006\001\005\005\007 +\003\001\006\010\053\006\001\005\005\007\003\002\060\023\006\012 +\053\006\001\004\001\326\171\002\004\003\001\001\377\004\002\005 +\000\060\201\275\006\010\053\006\001\005\005\007\001\001\004\201 +\260\060\201\255\060\151\006\010\053\006\001\005\005\007\060\002 +\206\135\150\164\164\160\072\057\057\151\143\160\055\142\162\141 +\163\151\154\056\143\145\162\164\151\163\151\147\156\056\143\157 +\155\056\142\162\057\162\145\160\157\163\151\164\157\162\151\157 +\057\143\145\162\164\151\146\151\143\141\144\157\163\057\101\103 +\137\103\145\162\164\151\163\151\147\156\137\111\143\160\137\102 +\162\137\123\163\154\137\105\126\137\107\064\056\160\067\143\060 +\100\006\010\053\006\001\005\005\007\060\001\206\064\150\164\164 +\160\072\057\057\157\143\163\160\055\141\143\055\143\145\162\164 +\151\163\151\147\156\055\151\143\160\055\142\162\055\163\163\154 +\056\143\145\162\164\151\163\151\147\156\056\143\157\155\056\142 +\162\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\002\001\000\004\277\164\275\336\224\331\155\317\017\142 +\333\066\327\114\036\123\143\176\215\160\003\240\323\006\373\365 +\167\164\071\324\202\171\354\345\013\353\226\072\237\323\247\366 +\271\247\132\155\174\371\260\177\135\207\024\165\006\057\263\077 +\160\345\152\161\147\363\344\255\257\115\172\163\033\154\164\354 +\344\304\061\003\030\275\234\022\233\223\053\021\073\364\221\165 +\160\055\102\341\220\147\212\270\007\064\347\165\346\020\170\137 +\001\301\316\344\226\363\337\263\307\302\004\333\110\224\200\320 +\352\261\025\020\211\034\317\151\256\172\161\207\032\063\050\117 +\300\232\310\161\146\345\321\007\267\323\320\035\127\002\273\173 +\131\016\216\076\155\115\044\146\112\245\154\360\264\244\356\312 +\050\213\212\270\111\211\206\146\233\013\160\027\260\075\217\022 +\360\241\202\146\334\052\053\314\363\150\240\055\363\122\341\116 +\162\052\075\357\317\137\311\045\005\262\133\046\055\247\332\062 +\377\250\105\167\142\023\333\014\142\240\133\271\346\160\313\001 +\007\332\010\105\114\354\326\061\110\110\164\106\220\340\302\270 +\231\034\204\021\027\341\336\266\037\320\275\366\247\206\333\336 +\120\347\244\215\210\141\141\106\146\070\300\253\260\320\220\326 +\245\307\041\351\224\320\063\071\110\345\052\042\254\163\164\205 +\242\067\151\350\036\302\102\130\346\211\372\151\262\305\002\213 +\203\200\230\261\344\051\153\361\103\323\353\062\365\150\122\052 +\167\301\250\367\375\266\337\130\107\336\106\302\044\261\136\025 +\024\073\255\246\116\242\351\241\011\113\326\051\105\332\143\216 +\041\201\017\276\036\222\150\134\235\033\130\215\031\016\025\322 +\310\337\152\331\232\214\341\060\243\114\175\074\303\132\250\053 +\333\021\267\140\135\231\223\003\335\056\241\062\176\313\134\305 +\114\114\100\377\066\116\252\160\037\027\322\121\305\277\344\105 +\111\036\012\031\346\335\247\203\043\132\351\355\150\076\022\153 +\155\110\337\121\224\002\112\337\374\023\040\307\113\024\077\154 +\364\153\003\136\374\242\242\164\321\300\100\324\211\367\307\146 +\005\331\230\314\124\045\273\245\306\024\036\224\214\100\075\215 +\104\265\367\204\063\367\037\075\221\056\263\325\023\135\313\040 +\173\136\210\017\230 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "google.com" +# Issuer: CN=AC Certisign ICP-Brasil SSL EV G4,OU=Autoridade Certificadora Raiz Brasileira v10,O=ICP-Brasil,C=BR +# Serial Number:28:85:34:47:39:1a:72:1e:76:94:85:49:4e:73:57:52 +# Subject: CN=google.com,UID=b27bb194-0258-47ac-acba-c6f06f39787c,OID.2.5.4.97=OFBBR-ef0d9576-f46c-4c95-b690-e882e0b49bc0,L=Sao Paulo,ST=SP,O=GOOGLE PAY BRASIL INSTITUICAO DE PAGAMENTO LTDA,C=BR,serialNumber=43394419000188,incorporationCountry=BR,businessCategory=Private Organization +# Not Valid Before: Thu Nov 28 21:19:48 2024 +# Not Valid After : Fri Nov 28 21:19:48 2025 +# Fingerprint (SHA-256): 42:13:29:F0:DC:2F:68:3D:6E:96:C1:B5:B3:10:97:4D:09:97:AD:98:4E:F6:91:20:F5:53:72:B4:F4:8E:10:37 +# Fingerprint (SHA1): 1C:68:E6:97:AB:50:91:FE:76:16:D5:2F:A0:36:02:5C:47:43:BB:73 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "google.com" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\034\150\346\227\253\120\221\376\166\026\325\057\240\066\002\134 +\107\103\273\163 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\016\067\034\146\242\243\030\173\162\334\023\136\201\340\143\150 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\102\122 +\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102 +\162\141\163\151\154\061\065\060\063\006\003\125\004\013\023\054 +\101\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151 +\146\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162 +\141\163\151\154\145\151\162\141\040\166\061\060\061\052\060\050 +\006\003\125\004\003\023\041\101\103\040\103\145\162\164\151\163 +\151\147\156\040\111\103\120\055\102\162\141\163\151\154\040\123 +\123\114\040\105\126\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\050\205\064\107\071\032\162\036\166\224\205\111\116\163 +\127\122 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE \ No newline at end of file diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index 2568cedf98b..552db691b29 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates-base # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Making 'Release' match with 'ca-certificates' diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index 95902457b19..b004b5486fd 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -49,6 +49,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Making 'Release' match with 'ca-certificates' diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index ed3d7da0965..79f8bbc3d07 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.aarch64.rpm libtasn1-4.19.0-1.cm2.aarch64.rpm p11-kit-0.24.1-1.cm2.aarch64.rpm p11-kit-trust-0.24.1-1.cm2.aarch64.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.aarch64.rpm unzip-6.0-21.cm2.aarch64.rpm python3-3.9.19-7.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d034af1a99f..44da8087b55 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.x86_64.rpm libtasn1-4.19.0-1.cm2.x86_64.rpm p11-kit-0.24.1-1.cm2.x86_64.rpm p11-kit-trust-0.24.1-1.cm2.x86_64.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.x86_64.rpm unzip-6.0-21.cm2.x86_64.rpm python3-3.9.19-7.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 51a272a009f..7a6111d181c 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -18,11 +18,11 @@ bzip2-1.0.8-1.cm2.aarch64.rpm bzip2-debuginfo-1.0.8-1.cm2.aarch64.rpm bzip2-devel-1.0.8-1.cm2.aarch64.rpm bzip2-libs-1.0.8-1.cm2.aarch64.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-18.cm2.noarch.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-19.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm ccache-4.8-1.cm2.aarch64.rpm ccache-debuginfo-4.8-1.cm2.aarch64.rpm check-0.15.2-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index d088745e913..628ae406dca 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -19,11 +19,11 @@ bzip2-1.0.8-1.cm2.x86_64.rpm bzip2-debuginfo-1.0.8-1.cm2.x86_64.rpm bzip2-devel-1.0.8-1.cm2.x86_64.rpm bzip2-libs-1.0.8-1.cm2.x86_64.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-18.cm2.noarch.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-19.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm ccache-4.8-1.cm2.x86_64.rpm ccache-debuginfo-4.8-1.cm2.x86_64.rpm check-0.15.2-1.cm2.x86_64.rpm From 9da5304e5a9064c788ea03fb3f7334e335aca753 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Fri, 20 Dec 2024 12:28:54 -0800 Subject: [PATCH 15/43] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-cli - branch main (#11468) Co-authored-by: suresh-thelkar Co-authored-by: jslobodzian --- SPECS/moby-cli/CVE-2024-24786.patch | 43 +++++++++++++++++++++++++++++ SPECS/moby-cli/moby-cli.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-cli/CVE-2024-24786.patch diff --git a/SPECS/moby-cli/CVE-2024-24786.patch b/SPECS/moby-cli/CVE-2024-24786.patch new file mode 100644 index 00000000000..4c7ed3d8cc5 --- /dev/null +++ b/SPECS/moby-cli/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From c15bfce5b2a8514ccc5dabde1fbe44d4f53e7abe Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Thu, 5 Dec 2024 10:10:19 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index ddaa1918815..13e8e5f09f2 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine client. Name: moby-cli Version: 24.0.9 -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -14,6 +14,7 @@ Source1: %{name}-%{version}-govendor-v1.tar.gz Patch0: disable_manpage_vendor.patch Patch1: CVE-2023-45288.patch Patch2: CVE-2024-36623.patch +Patch3: CVE-2024-24786.patch BuildRequires: git BuildRequires: go-md2man BuildRequires: golang @@ -79,6 +80,9 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi %{_datadir}/fish/vendor_completions.d/docker.fish %changelog +* Fri Dec 13 2024 Suresh Thelkar - 24.0.9-6 +- Patch CVE-2024-24786 + * Tue Dec 10 2024 Sudipta Pandit - 24.0.9-5 - Add patch for CVE-2024-36623 From fbb226eed6e12f7ebed9806caaad5ddfaee86e50 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:33:24 +0100 Subject: [PATCH 16/43] [AUTO-CHERRYPICK] iptraf-ng: upgrade to 1.2.2 - branch main (#11604) Co-authored-by: Andrew Phelps --- SPECS/iptraf-ng/iptraf-ng.signatures.json | 2 +- SPECS/iptraf-ng/iptraf-ng.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/iptraf-ng/iptraf-ng.signatures.json b/SPECS/iptraf-ng/iptraf-ng.signatures.json index 76d882f14e5..431ee9fafed 100644 --- a/SPECS/iptraf-ng/iptraf-ng.signatures.json +++ b/SPECS/iptraf-ng/iptraf-ng.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "iptraf-ng-1.2.1.tar.gz": "9f5cef584065420dea1ba32c86126aede1fa9bd25b0f8362b0f9fd9754f00870", + "iptraf-ng-1.2.2.tar.gz": "75fd653745ea0705995c25e6c07b34252ecc2563c6a91b007a3a8c26f29cc252", "iptraf-ng-logrotate.conf": "c9c1f849fb04dceeff50aa3e2bd2c40f5e8656e00d1dabcde36e1e9dcfa7a1bb", "iptraf-ng-tmpfiles.conf": "cd9e13572be9836f8efe6fcea198ccffad97b1db7f97bf0133b7d477f9d65ed0" } diff --git a/SPECS/iptraf-ng/iptraf-ng.spec b/SPECS/iptraf-ng/iptraf-ng.spec index 5b102f40dba..49154d183fa 100644 --- a/SPECS/iptraf-ng/iptraf-ng.spec +++ b/SPECS/iptraf-ng/iptraf-ng.spec @@ -2,7 +2,7 @@ Vendor: Microsoft Corporation Distribution: Mariner Summary: A console-based network monitoring utility Name: iptraf-ng -Version: 1.2.1 +Version: 1.2.2 Release: 1%{?dist} Source0: https://github.com/iptraf-ng/iptraf-ng/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: %{name}-logrotate.conf @@ -70,6 +70,9 @@ install -d -m 0755 %{buildroot}/run/%{name}/ %{_prefix}/lib/tmpfiles.d/%{name}.conf %changelog +* Thu Dec 19 2024 Andrew Phelps - 1.2.2-1 +- Upgrade to 1.2.2 to fix CVE-2024-52949 + * Tue Jun 21 2022 Jon Slobodzian - 1.2.1-1 - Upgrading to fix build break and align with latest ncurses update. - License verified. diff --git a/cgmanifest.json b/cgmanifest.json index cc0d13737b1..f87b8bfb06b 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -7441,8 +7441,8 @@ "type": "other", "other": { "name": "iptraf-ng", - "version": "1.2.1", - "downloadUrl": "https://github.com/iptraf-ng/iptraf-ng/archive/v1.2.1.tar.gz" + "version": "1.2.2", + "downloadUrl": "https://github.com/iptraf-ng/iptraf-ng/archive/v1.2.2.tar.gz" } } }, From 4703a430861f82eaac80063d25d12e9e50ccc5a8 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:35:34 +0100 Subject: [PATCH 17/43] [AUTO-CHERRYPICK] grpc: Address CVE-2023-32067 - branch main (#11605) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com> --- SPECS/grpc/CVE-2023-32067.patch | 79 +++++++++++++++++++++++++++++++++ SPECS/grpc/grpc.spec | 8 +++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 SPECS/grpc/CVE-2023-32067.patch diff --git a/SPECS/grpc/CVE-2023-32067.patch b/SPECS/grpc/CVE-2023-32067.patch new file mode 100644 index 00000000000..5807e92e1dc --- /dev/null +++ b/SPECS/grpc/CVE-2023-32067.patch @@ -0,0 +1,79 @@ +From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 +From: Brad House +Date: Mon, 22 May 2023 06:51:49 -0400 +Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc + +--- + third_party/cares/cares/ares_process.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/third_party/cares/cares/ares_process.c b/third_party/cares/cares/ares_process.c +index bf0cde4646..6cac0a99fd 100644 +--- a/third_party/cares/cares/ares_process.c ++++ b/third_party/cares/cares/ares_process.c +@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + { + struct server_state *server; + int i; +- ares_ssize_t count; ++ ares_ssize_t read_len; + unsigned char buf[MAXENDSSZ + 1]; + #ifdef HAVE_RECVFROM + ares_socklen_t fromlen; +@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + /* To reduce event loop overhead, read and process as many + * packets as we can. */ + do { +- if (server->udp_socket == ARES_SOCKET_BAD) +- count = 0; +- +- else { +- if (server->addr.family == AF_INET) ++ if (server->udp_socket == ARES_SOCKET_BAD) { ++ read_len = -1; ++ } else { ++ if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); +- else ++ } else { + fromlen = sizeof(from.sa6); +- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, +- sizeof(buf), 0, &from.sa, &fromlen); ++ } ++ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, ++ sizeof(buf), 0, &from.sa, &fromlen); + } + +- if (count == -1 && try_again(SOCKERRNO)) ++ if (read_len == 0) { ++ /* UDP is connectionless, so result code of 0 is a 0-length UDP ++ * packet, and not an indication the connection is closed like on ++ * tcp */ + continue; +- else if (count <= 0) ++ } else if (read_len < 0) { ++ if (try_again(SOCKERRNO)) ++ continue; ++ + handle_error(channel, i, now); ++ + #ifdef HAVE_RECVFROM +- else if (!same_address(&from.sa, &server->addr)) ++ } else if (!same_address(&from.sa, &server->addr)) { + /* The address the response comes from does not match the address we + * sent the request to. Someone may be attempting to perform a cache + * poisoning attack. */ +- break; ++ continue; + #endif +- else +- process_answer(channel, buf, (int)count, i, 0, now); +- } while (count > 0); ++ ++ } else { ++ process_answer(channel, buf, (int)read_len, i, 0, now); ++ } ++ } while (read_len >= 0); + } + } + diff --git a/SPECS/grpc/grpc.spec b/SPECS/grpc/grpc.spec index e0c016ad175..eee27cac331 100644 --- a/SPECS/grpc/grpc.spec +++ b/SPECS/grpc/grpc.spec @@ -1,7 +1,7 @@ Summary: Open source remote procedure call (RPC) framework Name: grpc Version: 1.42.0 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -9,6 +9,8 @@ Group: Applications/System URL: https://www.grpc.io Source0: https://github.com/grpc/grpc/archive/v%{version}/%{name}-%{version}.tar.gz Source1: %{name}-%{version}-submodules.tar.gz + +Patch0: CVE-2023-32067.patch BuildRequires: abseil-cpp-devel BuildRequires: c-ares-devel BuildRequires: cmake @@ -69,6 +71,7 @@ Python language bindings for gRPC. %prep %setup -q -n %{name}-%{version} %setup -T -D -a 1 +%autopatch -p1 %build # Updating used C++ version to be compatible with the build dependencies. @@ -148,6 +151,9 @@ export GRPC_PYTHON_BUILD_SYSTEM_ABSL=True %changelog +* Mon Dec 10 2024 Ankita Pareek - 1.42.0-8 +- Address CVE-2023-32067 in the grpc submodules package + * Thu Oct 19 2023 Dan Streetman - 1.42.0-7 - Bump release to rebuild with updated version of Go. From 177a1781d63718d5e51a814783f8c2e4346b9bd0 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:39:47 +0100 Subject: [PATCH 18/43] [AUTO-CHERRYPICK] Patch avahi for multiple CVEs - branch main (#11606) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> --- SPECS/avahi/CVE-2023-38469.patch | 43 +++++++++++++ SPECS/avahi/CVE-2023-38470.patch | 51 ++++++++++++++++ SPECS/avahi/CVE-2023-38471.patch | 63 +++++++++++++++++++ SPECS/avahi/CVE-2023-38472.patch | 40 ++++++++++++ SPECS/avahi/CVE-2023-38473.patch | 101 +++++++++++++++++++++++++++++++ SPECS/avahi/avahi.spec | 14 ++++- 6 files changed, 311 insertions(+), 1 deletion(-) create mode 100644 SPECS/avahi/CVE-2023-38469.patch create mode 100644 SPECS/avahi/CVE-2023-38470.patch create mode 100644 SPECS/avahi/CVE-2023-38471.patch create mode 100644 SPECS/avahi/CVE-2023-38472.patch create mode 100644 SPECS/avahi/CVE-2023-38473.patch diff --git a/SPECS/avahi/CVE-2023-38469.patch b/SPECS/avahi/CVE-2023-38469.patch new file mode 100644 index 00000000000..58583f58428 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38469.patch @@ -0,0 +1,43 @@ +From c89fd5f2e85052f1f8b74ddeff38235932236889 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Wed, 27 Nov 2024 08:48:59 +0000 +Subject: [PATCH] Fix CVE patch + +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/rr.c b/avahi-core/rr.c +index 7fa0bee..b03a24c 100644 +--- a/avahi-core/rr.c ++++ b/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include + #include + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38470.patch b/SPECS/avahi/CVE-2023-38470.patch new file mode 100644 index 00000000000..e3ab0783944 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38470.patch @@ -0,0 +1,51 @@ +From cc5f44eb015384d8c764646c48b9da80f811446c Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 10:25:43 +0000 +Subject: [PATCH] Fix CVE-2023-38470 + +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763ec..3acc1c1 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab68..e66d241 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38471.patch b/SPECS/avahi/CVE-2023-38471.patch new file mode 100644 index 00000000000..00c414826e8 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38471.patch @@ -0,0 +1,63 @@ +From 48467feda7135e3fa2392294387601f88a06f001 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 10:49:17 +0000 +Subject: [PATCH] Fix CVE-2023-38471 patch + +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index e507750..40f1d68 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); ++ ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38472.patch b/SPECS/avahi/CVE-2023-38472.patch new file mode 100644 index 00000000000..741168dbab0 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38472.patch @@ -0,0 +1,40 @@ +From 2cc17a0febc2c1f70db147d9d56861f3520bacad Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 04:44:07 +0000 +Subject: [PATCH] Fix CVE patch + +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c +index 7d04a6a..57750a4 100644 +--- a/avahi-client/client-test.c ++++ b/avahi-client/client-test.c +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c +index 4e879a5..aa23d4b 100644 +--- a/avahi-daemon/dbus-entry-group.c ++++ b/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38473.patch b/SPECS/avahi/CVE-2023-38473.patch new file mode 100644 index 00000000000..a59479fb686 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38473.patch @@ -0,0 +1,101 @@ +From e6348a0e1f1f42547dce80135afea806125654cc Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 09:20:54 +0000 +Subject: [PATCH] Fix CVE-2023-38473 + +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c +index 9255435..681fc15 100644 +--- a/avahi-common/alternative-test.c ++++ b/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c +index b3d39f0..a094e6d 100644 +--- a/avahi-common/alternative.c ++++ b/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; +-- +2.45.2 + diff --git a/SPECS/avahi/avahi.spec b/SPECS/avahi/avahi.spec index efe2fb944ac..19600f07887 100644 --- a/SPECS/avahi/avahi.spec +++ b/SPECS/avahi/avahi.spec @@ -3,7 +3,7 @@ Summary: Local network service discovery Name: avahi Version: 0.8 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,11 @@ Patch0: %{name}-libevent-pc-fix.patch Patch1: CVE-2021-3468.patch Patch2: CVE-2021-3502.patch Patch3: CVE-2023-1981.patch +Patch4: CVE-2023-38470.patch +Patch5: CVE-2023-38471.patch +Patch6: CVE-2023-38472.patch +Patch7: CVE-2023-38473.patch +Patch8: CVE-2023-38469.patch BuildRequires: automake BuildRequires: dbus-devel >= 0.90 BuildRequires: dbus-glib-devel >= 0.70 @@ -406,6 +411,13 @@ exit 0 %endif %changelog +* Mon Dec 02 2024 Kanishk Bansal - 0.8-3 +- Fix CVE-2023-38473 wih an upstream patch +- Fix CVE-2023-38472 wih an upstream patch +- Fix CVE-2023-38471 wih an upstream patch +- Fix CVE-2023-38470 wih an upstream patch +- Fix CVE-2023-38469.patch with an upstream patch + * Tue Oct 29 2024 Daniel McIlvaney - 0.8-2 - Fix CVE-2023-1981 with an upstream patch From 8ee3863336daf6202148a7465ee9ac2ac606446b Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:53:00 +0100 Subject: [PATCH 19/43] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-engine - branch main (#11607) Co-authored-by: suresh-thelkar Co-authored-by: jslobodzian --- SPECS/moby-engine/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++ SPECS/moby-engine/moby-engine.spec | 10 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-engine/CVE-2024-24786.patch diff --git a/SPECS/moby-engine/CVE-2024-24786.patch b/SPECS/moby-engine/CVE-2024-24786.patch new file mode 100644 index 00000000000..256657a5578 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From a43fa39c1012862334a186e4c3a9c67e7d111461 Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Thu, 5 Dec 2024 10:28:31 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index 9d179563868..0e69c6b933e 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 24.0.9 -Release: 11%{?dist} +Release: 13%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -26,6 +26,8 @@ Patch6: CVE-2024-41110.patch Patch7: CVE-2024-29018.patch Patch8: CVE-2024-36621.patch Patch9: CVE-2024-36623.patch +Patch10: CVE-2024-45337.patch +Patch11: CVE-2024-24786.patch %{?systemd_requires} @@ -126,6 +128,12 @@ fi %{_unitdir}/* %changelog +* Thu Dec 19 2024 Suresh Thelkar - 24.0.9-13 +- Patch CVE-2024-24786 + +* Tue Dec 17 2024 Andrew Phelps - 24.0.9-12 +- Add patch for CVE-2024-45337 + * Wed Dec 04 2024 Adit Jha - 24.0.9-11 - Patch CVE-2024-36621 & CVE-2024-36623 From bfaf2f82bf7798675e91c530bdbf0bcf29701bc5 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 22 Dec 2024 08:16:07 -0500 Subject: [PATCH 20/43] Bump Release for January 2025 Update (#11642) --- SPECS/mariner-release/mariner-release.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index 6d76665a49e..6550494897b 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 2.0 -Release: 69%{?dist} +Release: 70%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -62,6 +62,9 @@ EOF %config(noreplace) %{_sysconfdir}/issue.net %changelog +* Sat Dec 21 2024 Jon Slobodzian - 2.0-70 +- Bump release for January 2025 Update + * Fri Nov 22 2024 CBL-Mariner Servicing Account - 2.0-69 - Bump release for December 2024 Update From 0209604573dcf85f29481283b0ae395dcabf8dff Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:57:42 -0800 Subject: [PATCH 21/43] [AUTOPATCHER-CORE] Upgrade tzdata to 2024b (#10373) Co-authored-by: jslobodzian --- SPECS/tzdata/tzdata.signatures.json | 4 ++-- SPECS/tzdata/tzdata.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/tzdata/tzdata.signatures.json b/SPECS/tzdata/tzdata.signatures.json index e51cc8e0862..e34724d7988 100644 --- a/SPECS/tzdata/tzdata.signatures.json +++ b/SPECS/tzdata/tzdata.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "tzdata2024a.tar.gz": "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" + "tzdata2024b.tar.gz": "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550" } -} \ No newline at end of file +} diff --git a/SPECS/tzdata/tzdata.spec b/SPECS/tzdata/tzdata.spec index 2b701feb5bc..6faf52da270 100644 --- a/SPECS/tzdata/tzdata.spec +++ b/SPECS/tzdata/tzdata.spec @@ -1,6 +1,6 @@ Summary: Time zone data Name: tzdata -Version: 2024a +Version: 2024b Release: 1%{?dist} License: Public Domain Vendor: Microsoft Corporation @@ -45,6 +45,9 @@ ln -svf %{_datarootdir}/zoneinfo/UTC %{buildroot}%{_sysconfdir}/localtime %{_datadir}/* %changelog +* Fri Sep 06 2024 CBL-Mariner Servicing Account - 2024b-1 +- Auto-upgrade to 2024b + * Fri Feb 02 2024 CBL-Mariner Servicing Account - 2024a-1 - Auto-upgrade to 2024a - upgrade to version 2024a diff --git a/cgmanifest.json b/cgmanifest.json index f87b8bfb06b..e78f5cdd7a8 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -29047,8 +29047,8 @@ "type": "other", "other": { "name": "tzdata", - "version": "2024a", - "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2024a.tar.gz" + "version": "2024b", + "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2024b.tar.gz" } } }, From cc9942b8e7955225d9a49a2e58c33a29b415fcc8 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:28:38 -0800 Subject: [PATCH 22/43] [AUTO-CHERRYPICK] packer: patch CVE-2024-45337 - branch main (#11650) Co-authored-by: Andrew Phelps --- SPECS/packer/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++++++++ SPECS/packer/packer.spec | 6 ++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 SPECS/packer/CVE-2024-45337.patch diff --git a/SPECS/packer/CVE-2024-45337.patch b/SPECS/packer/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/packer/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec index f360becd548..b9fa7b8637a 100644 --- a/SPECS/packer/packer.spec +++ b/SPECS/packer/packer.spec @@ -5,7 +5,7 @@ Summary: Tool for creating identical machine images for multiple platform Name: packer Epoch: 1 Version: 1.9.5 -Release: 4%{?dist} +Release: 5%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,7 @@ Patch1: CVE-2022-3064.patch Patch2: CVE-2023-49569.patch Patch3: CVE-2024-6104.patch Patch4: CVE-2024-24786.patch +Patch5: CVE-2024-45337.patch BuildRequires: golang BuildRequires: kernel-headers BuildRequires: glibc-devel @@ -70,6 +71,9 @@ go test -mod=vendor %{_bindir}/packer %changelog +* Tue Dec 17 2024 Andrew Phelps - 1.9.5-5 +- Add patch for CVE-2024-45337 + * Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.9.5-4 - Patch for CVE-2024-24786 From 0f39b3ceb50a91a2b0ce2fa0b7c04096f2ff2594 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:32:35 -0800 Subject: [PATCH 23/43] [AUTO-CHERRYPICK] etcd: Fix CVE-2024-24786 - branch main (#11654) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/etcd/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++++++ SPECS/etcd/etcd.spec | 7 +++++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 SPECS/etcd/CVE-2024-24786.patch diff --git a/SPECS/etcd/CVE-2024-24786.patch b/SPECS/etcd/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/etcd/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/etcd/etcd.spec b/SPECS/etcd/etcd.spec index 90c04b683b5..4b0111edd79 100644 --- a/SPECS/etcd/etcd.spec +++ b/SPECS/etcd/etcd.spec @@ -1,7 +1,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.12 -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -14,6 +14,8 @@ Source1: etcd.service # generate_source_tarball.sh --srcTarball --pkgVersion %%{version} --outFolder . Source2: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2023-45288.patch +Patch1: CVE-2024-24786.patch + BuildRequires: golang %description @@ -117,6 +119,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 3.5.12-6 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 3.5.12-5 - Bump release to rebuild with go 1.22.7 From 1ffa8c222510d028cbab694f305521ae65494c69 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:33:57 -0800 Subject: [PATCH 24/43] [AUTO-CHERRYPICK] Patch gh to fix CVE-2024-54132 - branch main (#11655) Co-authored-by: Sandeep Karambelkar --- SPECS/gh/CVE-2024-54132.patch | 939 ++++++++++++++++++++++++++++++++++ SPECS/gh/gh.spec | 7 +- 2 files changed, 945 insertions(+), 1 deletion(-) create mode 100644 SPECS/gh/CVE-2024-54132.patch diff --git a/SPECS/gh/CVE-2024-54132.patch b/SPECS/gh/CVE-2024-54132.patch new file mode 100644 index 00000000000..9ebe429179a --- /dev/null +++ b/SPECS/gh/CVE-2024-54132.patch @@ -0,0 +1,939 @@ +From 8da27d2c8ac8b781cf34a5e04ed57cfe4b68fa55 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Tue, 19 Nov 2024 17:55:18 -0500 +Subject: [PATCH 1/5] Second attempt to address exploit + +This builds off suggestion to reuse logic used already within `gh run download` for detecting path traversals. + +This largely works but runs into an issue where detection logic doesn't handle non-separated traversal. + +From 83cf41155646380d3df4037d3f2ac683147f194a Mon Sep 17 00:00:00 2001 +From: Tyler McGoffin +Date: Tue, 19 Nov 2024 16:08:31 -0800 +Subject: [PATCH 2/5] Improve test names so there is no repetition + +From e7c5706336d851b39930c7315132f89b25e77d4d Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Thu, 21 Nov 2024 17:02:20 -0500 +Subject: [PATCH 3/5] Refactor download testing, simpler file descends + +This incorporates the work done by @williammartin to improve reasoning about `gh run download` behavior through testing while verifying a simpler solution to checking if a path is contained within a directory. + +From cdfc12caf52754ea4026d5338a56ad4e6f822105 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Fri, 22 Nov 2024 15:26:11 -0500 +Subject: [PATCH 4/5] Expand logic and tests to handle edge cases + +This commit expands filepathDescendsFrom(string, string) to handle edge cases such as mixing absolute and relative paths or artifact name edge cases. + +Additionally, tests for filepathDescendsFrom() and downloadrun() have been expanded to verify additional use cases. + +From 8720479b0bfc95450abb2ba88489f2893e4838a9 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Tue, 3 Dec 2024 13:33:00 -0500 +Subject: [PATCH 5/5] Consolidate logic for isolating artifacts + + +Modified patch 1136764c369aaf0cae4ec2ee09dc35d871076932 to apply to CBL-Mariner +Modified-by: Sandeep Karambelkar +--- + pkg/cmd/run/download/download.go | 37 +- + pkg/cmd/run/download/download_test.go | 613 ++++++++++++++++++++------ + pkg/cmd/run/download/zip.go | 24 +- + pkg/cmd/run/download/zip_test.go | 80 ++++ + 4 files changed, 622 insertions(+), 132 deletions(-) + mode change 100644 => 100755 pkg/cmd/run/download/download_test.go + + +diff --git a/pkg/cmd/run/download/download.go b/pkg/cmd/run/download/download.go +index 86e6127..454356e 100644 +--- a/pkg/cmd/run/download/download.go ++++ b/pkg/cmd/run/download/download.go +@@ -145,8 +145,10 @@ func runDownload(opts *DownloadOptions) error { + opts.IO.StartProgressIndicator() + defer opts.IO.StopProgressIndicator() + +- // track downloaded artifacts and avoid re-downloading any of the same name ++ // track downloaded artifacts and avoid re-downloading any of the same name, isolate if multiple artifacts + downloaded := set.NewStringSet() ++ isolateArtifacts := isolateArtifacts(wantNames, wantPatterns) ++ + for _, a := range artifacts { + if a.Expired { + continue +@@ -159,10 +161,16 @@ func runDownload(opts *DownloadOptions) error { + continue + } + } ++ + destDir := opts.DestinationDir +- if len(wantPatterns) != 0 || len(wantNames) != 1 { ++ if isolateArtifacts { + destDir = filepath.Join(destDir, a.Name) + } ++ ++ if !filepathDescendsFrom(destDir, opts.DestinationDir) { ++ return fmt.Errorf("error downloading %s: would result in path traversal", a.Name) ++ } ++ + err := opts.Platform.Download(a.DownloadURL, destDir) + if err != nil { + return fmt.Errorf("error downloading %s: %w", a.Name, err) +@@ -177,6 +185,25 @@ func runDownload(opts *DownloadOptions) error { + return nil + } + ++func isolateArtifacts(wantNames []string, wantPatterns []string) bool { ++ if len(wantPatterns) > 0 { ++ // Patterns can match multiple artifacts ++ return true ++ } ++ ++ if len(wantNames) == 0 { ++ // All artifacts wanted regardless what they are named ++ return true ++ } ++ ++ if len(wantNames) > 1 { ++ // Multiple, specific artifacts wanted ++ return true ++ } ++ ++ return false ++} ++ + func matchAnyName(names []string, name string) bool { + for _, n := range names { + if name == n { +diff --git a/pkg/cmd/run/download/download_test.go b/pkg/cmd/run/download/download_test.go +old mode 100644 +new mode 100755 +index 10c7bbe..0e21207 +--- a/pkg/cmd/run/download/download_test.go ++++ b/pkg/cmd/run/download/download_test.go +@@ -2,8 +2,10 @@ package download + + import ( + "bytes" ++ "errors" + "io" + "net/http" ++ "os" + "path/filepath" + "testing" + +@@ -142,146 +144,481 @@ func Test_NewCmdDownload(t *testing.T) { + } + } + ++type testArtifact struct { ++ artifact shared.Artifact ++ files []string ++} ++type fakePlatform struct { ++ runArtifacts map[string][]testArtifact ++} ++ ++func (f *fakePlatform) List(runID string) ([]shared.Artifact, error) { ++ var runIds []string ++ if runID != "" { ++ runIds = []string{runID} ++ } else { ++ for k := range f.runArtifacts { ++ runIds = append(runIds, k) ++ } ++ } ++ var artifacts []shared.Artifact ++ for _, id := range runIds { ++ for _, a := range f.runArtifacts[id] { ++ artifacts = append(artifacts, a.artifact) ++ } ++ } ++ return artifacts, nil ++} ++func (f *fakePlatform) Download(url string, dir string) error { ++ if err := os.MkdirAll(dir, 0755); err != nil { ++ return err ++ } ++ // Now to be consistent, we find the artifact with the provided URL. ++ // It's a bit janky to iterate the runs, to find the right artifact ++ // rather than keying directly to it, but it allows the setup of the ++ // fake platform to be declarative rather than imperative. ++ // Think fakePlatform { artifacts: ... } rather than fakePlatform.makeArtifactAvailable() ++ for _, testArtifacts := range f.runArtifacts { ++ for _, testArtifact := range testArtifacts { ++ if testArtifact.artifact.DownloadURL == url { ++ for _, file := range testArtifact.files { ++ path := filepath.Join(dir, file) ++ return os.WriteFile(path, []byte{}, 0600) ++ } ++ } ++ } ++ } ++ return errors.New("no artifact matches the provided URL") ++} ++ + func Test_runDownload(t *testing.T) { + tests := []struct { +- name string +- opts DownloadOptions +- mockAPI func(*mockPlatform) +- mockPrompt func(*mockPrompter) +- wantErr string ++ name string ++ opts DownloadOptions ++ platform *fakePlatform ++ promptStubs func(*mockPrompter) ++ expectedFiles []string ++ wantErr string + }{ + { +- name: "download non-expired", ++ name: "download non-expired to relative directory", + opts: DownloadOptions{ + RunID: "2345", + DestinationDir: "./tmp", +- Names: []string(nil), + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, +- }, +- { +- Name: "expired-artifact", +- DownloadURL: "http://download.com/expired.zip", +- Expired: true, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, +- }, +- }, nil) +- p.On("Download", "http://download.com/artifact1.zip", filepath.FromSlash("tmp/artifact-1")).Return(nil) +- p.On("Download", "http://download.com/artifact2.zip", filepath.FromSlash("tmp/artifact-2")).Return(nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-2", "artifact-2-file"), + }, + }, + { +- name: "no valid artifacts", ++ name: "download non-expired to absolute directory", + opts: DownloadOptions{ + RunID: "2345", +- DestinationDir: ".", +- Names: []string(nil), ++ DestinationDir: "/tmp", + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: true, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: true, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-2", "artifact-2-file"), ++ }, ++ }, ++ { ++ name: "all artifacts are expired", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- }, nil) ++ }, + }, +- wantErr: "no valid artifacts found to download", ++ expectedFiles: []string{}, ++ wantErr: "no valid artifacts found to download", + }, + { + name: "no name matches", + opts: DownloadOptions{ +- RunID: "2345", +- DestinationDir: ".", +- Names: []string{"artifact-3"}, +- }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ RunID: "2345", ++ Names: []string{"artifact-3"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "no artifact matches any of the names or patterns provided", ++ }, ++ { ++ name: "pattern matches", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ FilePatterns: []string{"artifact-*"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- }, nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-3", "artifact-3-file"), + }, +- wantErr: "no artifact matches any of the names or patterns provided", + }, + { + name: "no pattern matches", + opts: DownloadOptions{ +- RunID: "2345", +- DestinationDir: ".", +- FilePatterns: []string{"artifiction-*"}, +- }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ RunID: "2345", ++ FilePatterns: []string{"artifiction-*"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "no artifact matches any of the names or patterns provided", ++ }, ++ { ++ name: "want specific single artifact", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ Names: []string{"non-artifact-2"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- }, nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("non-artifact-2-file"), + }, +- wantErr: "no artifact matches any of the names or patterns provided", + }, + { +- name: "prompt to select artifact", ++ name: "want specific multiple artifacts", + opts: DownloadOptions{ +- RunID: "", +- DoPrompt: true, +- DestinationDir: ".", +- Names: []string(nil), ++ RunID: "2345", ++ Names: []string{"artifact-1", "artifact-3"}, + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- { +- Name: "expired-artifact", +- DownloadURL: "http://download.com/expired.zip", +- Expired: true, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-3", "artifact-3-file"), ++ }, ++ }, ++ { ++ name: "avoid redownloading files of the same name", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ }, ++ }, ++ { ++ name: "prompt to select artifact", ++ opts: DownloadOptions{ ++ RunID: "", ++ DoPrompt: true, ++ Names: []string(nil), ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.also.zip", +- Expired: false, ++ "6789": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- }, nil) +- p.On("Download", "http://download.com/artifact2.zip", ".").Return(nil) ++ }, + }, +- mockPrompt: func(p *mockPrompter) { ++ promptStubs: func(p *mockPrompter) { + p.On("Prompt", "Select artifacts to download:", []string{"artifact-1", "artifact-2"}, mock.AnythingOfType("*[]string")). + Run(func(args mock.Arguments) { + result := args.Get(2).(*[]string) +@@ -289,15 +626,48 @@ func Test_runDownload(t *testing.T) { + }). + Return(nil) + }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-2-file"), ++ }, ++ }, ++ { ++ name: "handling artifact name with path traversal exploit", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "..", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "etc/passwd", ++ }, ++ }, ++ }, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "error downloading ..: would result in path traversal", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + opts := &tt.opts ++ if opts.DestinationDir == "" { ++ opts.DestinationDir = t.TempDir() ++ } else { ++ opts.DestinationDir = filepath.Join(t.TempDir(), opts.DestinationDir) ++ } ++ + ios, _, stdout, stderr := iostreams.Test() + opts.IO = ios +- opts.Platform = newMockPlatform(t, tt.mockAPI) +- opts.Prompter = newMockPrompter(t, tt.mockPrompt) ++ opts.Platform = tt.platform ++ opts.Prompter = newMockPrompter(t, tt.promptStubs) + + err := runDownload(opts) + if tt.wantErr != "" { +@@ -305,6 +675,13 @@ func Test_runDownload(t *testing.T) { + } else { + require.NoError(t, err) + } ++ // Check that the exact number of files exist ++ require.Equal(t, len(tt.expectedFiles), countFilesInDirRecursively(t, opts.DestinationDir)) ++ ++ // Then check that the exact files are correct ++ for _, name := range tt.expectedFiles { ++ require.FileExists(t, filepath.Join(opts.DestinationDir, name)) ++ } + + assert.Equal(t, "", stdout.String()) + assert.Equal(t, "", stderr.String()) +@@ -312,30 +689,18 @@ func Test_runDownload(t *testing.T) { + } + } + +-type mockPlatform struct { +- mock.Mock +-} +- +-func newMockPlatform(t *testing.T, config func(*mockPlatform)) *mockPlatform { +- m := &mockPlatform{} +- m.Test(t) +- t.Cleanup(func() { +- m.AssertExpectations(t) +- }) +- if config != nil { +- config(m) +- } +- return m +-} +- +-func (p *mockPlatform) List(runID string) ([]shared.Artifact, error) { +- args := p.Called(runID) +- return args.Get(0).([]shared.Artifact), args.Error(1) +-} ++func countFilesInDirRecursively(t *testing.T, dir string) int { ++ t.Helper() + +-func (p *mockPlatform) Download(url string, dir string) error { +- args := p.Called(url, dir) +- return args.Error(0) ++ count := 0 ++ require.NoError(t, filepath.Walk(dir, func(_ string, info os.FileInfo, err error) error { ++ require.NoError(t, err) ++ if !info.IsDir() { ++ count++ ++ } ++ return nil ++ })) ++ return count + } + + type mockPrompter struct { +diff --git a/pkg/cmd/run/download/zip.go b/pkg/cmd/run/download/zip.go +index bf56ea0..9f3f1eb 100644 +--- a/pkg/cmd/run/download/zip.go ++++ b/pkg/cmd/run/download/zip.go +@@ -64,13 +64,25 @@ func getPerm(m os.FileMode) os.FileMode { + } + + func filepathDescendsFrom(p, dir string) bool { ++ // Regardless of the logic below, `p` is never allowed to be current directory `.` or parent directory `..` ++ // however we check explicitly here before filepath.Rel() which doesn't cover all cases. + p = filepath.Clean(p) +- dir = filepath.Clean(dir) +- if dir == "." && !filepath.IsAbs(p) { +- return !strings.HasPrefix(p, ".."+string(filepath.Separator)) ++ ++ if p == "." || p == ".." { ++ return false + } +- if !strings.HasSuffix(dir, string(filepath.Separator)) { +- dir += string(filepath.Separator) ++ ++ // filepathDescendsFrom() takes advantage of filepath.Rel() to determine if `p` is descended from `dir`: ++ // ++ // 1. filepath.Rel() calculates a path to traversal from fictious `dir` to `p`. ++ // 2. filepath.Rel() errors in a handful of cases where absolute and relative paths are compared as well as certain traversal edge cases ++ // For more information, https://github.com/golang/go/blob/00709919d09904b17cfe3bfeb35521cbd3fb04f8/src/path/filepath/path_test.go#L1510-L1515 ++ // 3. If the path to traverse `dir` to `p` requires `..`, then we know it is not descend from / contained in `dir` ++ // ++ // As-is, this function requires the caller to ensure `p` and `dir` are either 1) both relative or 2) both absolute. ++ relativePath, err := filepath.Rel(dir, p) ++ if err != nil { ++ return false + } +- return strings.HasPrefix(p, dir) ++ return !strings.HasPrefix(relativePath, "..") + } +diff --git a/pkg/cmd/run/download/zip_test.go b/pkg/cmd/run/download/zip_test.go +index 97861b1..2497926 100644 +--- a/pkg/cmd/run/download/zip_test.go ++++ b/pkg/cmd/run/download/zip_test.go +@@ -137,6 +137,86 @@ func Test_filepathDescendsFrom(t *testing.T) { + }, + want: false, + }, ++ { ++ name: "deny parent directory filename (`..`) escaping absolute directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("/var/logs/"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping current directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping parent directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash(".."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping relative directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("relative-dir"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in absolute directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("/var/logs/"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in current directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in parent directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash(".."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in relative directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("relative-dir"), ++ }, ++ want: false, ++ }, ++ { ++ name: "relative path, absolute dir", ++ args: args{ ++ p: filepath.FromSlash("whatever"), ++ dir: filepath.FromSlash("/a/b/c"), ++ }, ++ want: false, ++ }, ++ { ++ name: "absolute path, relative dir", ++ args: args{ ++ p: filepath.FromSlash("/a/b/c"), ++ dir: filepath.FromSlash("whatever"), ++ }, ++ want: false, ++ }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { diff --git a/SPECS/gh/gh.spec b/SPECS/gh/gh.spec index 33c33dacd02..b79934c272e 100644 --- a/SPECS/gh/gh.spec +++ b/SPECS/gh/gh.spec @@ -1,7 +1,7 @@ Summary: GitHub official command line tool Name: gh Version: 2.13.0 -Release: 22%{?dist} +Release: 23%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -31,6 +31,7 @@ Source1: %{name}-%{version}-vendor.tar.gz Patch0: fix-relative-time-search-tests.patch Patch1: CVE-2021-43565.patch Patch2: CVE-2022-32149.patch +Patch3: CVE-2024-54132.patch BuildRequires: golang BuildRequires: git @@ -47,6 +48,7 @@ GitHub official command line tool. tar --no-same-owner -xf %{SOURCE1} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build export GOPATH=%{our_gopath} @@ -77,6 +79,9 @@ make test %{_datadir}/zsh/site-functions/_gh %changelog +* Fri Dec 13 2024 Sandeep Karambelkar - 2.13.0-23 +- Patch CVE-2024-54132 + * Thu Sep 19 2024 Muhammad Falak R Wani - 2.13.0-22 - Patch CVE-2022-32149 From 14eade5e40b64c5eaeb5939d75c8a3ceff1e8b39 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:34:39 -0800 Subject: [PATCH 25/43] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for influxdb - branch main (#11656) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/influxdb/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++ SPECS/influxdb/influxdb.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/influxdb/CVE-2024-24786.patch diff --git a/SPECS/influxdb/CVE-2024-24786.patch b/SPECS/influxdb/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/influxdb/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 695c0335d63..82a3858e772 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 17%{?dist} +Release: 18%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -57,6 +57,7 @@ Source5: config.yaml Source6: influxdb-user.conf Patch0: CVE-2024-6104.patch Patch1: CVE-2022-32149.patch +Patch2: CVE-2024-24786.patch BuildRequires: clang BuildRequires: golang <= 1.18.8 BuildRequires: kernel-headers @@ -146,6 +147,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 2.6.1-18 +- Patch for CVE-2024-24786 + * Tue Sep 17 2024 Sumedh Sharma - 2.6.1-17 - Add patch to resolve CVE-2022-32149 From e7894c7948797fd0e604a77a29764d82bd05b430 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:35:14 -0800 Subject: [PATCH 26/43] [AUTO-CHERRYPICK] Patch python3 for CVE-2024-6923 - branch main (#11657) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> --- SPECS/python3/CVE-2024-6923.patch | 325 ++++++++++++++++++ SPECS/python3/python3.spec | 7 +- .../manifests/package/pkggen_core_aarch64.txt | 8 +- .../manifests/package/pkggen_core_x86_64.txt | 8 +- .../manifests/package/toolchain_aarch64.txt | 18 +- .../manifests/package/toolchain_x86_64.txt | 18 +- 6 files changed, 357 insertions(+), 27 deletions(-) create mode 100644 SPECS/python3/CVE-2024-6923.patch diff --git a/SPECS/python3/CVE-2024-6923.patch b/SPECS/python3/CVE-2024-6923.patch new file mode 100644 index 00000000000..245dd3e6623 --- /dev/null +++ b/SPECS/python3/CVE-2024-6923.patch @@ -0,0 +1,325 @@ +From 181c44c7ff26b96a68afedb127eeb36adb745d50 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Thu, 28 Nov 2024 09:20:01 +0000 +Subject: [PATCH] Fix CVE patch for CVE-2024-6923 in fasttrack/2.0 + +--- + Doc/library/email.errors.rst | 6 +++ + Doc/library/email.policy.rst | 18 ++++++++ + Doc/whatsnew/3.9.rst | 12 ++++++ + Lib/email/_header_value_parser.py | 12 ++++-- + Lib/email/_policybase.py | 8 ++++ + Lib/email/errors.py | 4 ++ + Lib/email/generator.py | 13 +++++- + Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++++++++++ + Lib/test/test_email/test_policy.py | 26 +++++++++++ + 9 files changed, 157 insertions(+), 4 deletions(-) + +diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst +index f4b9f52..878c09b 100644 +--- a/Doc/library/email.errors.rst ++++ b/Doc/library/email.errors.rst +@@ -59,6 +59,12 @@ The following exception classes are defined in the :mod:`email.errors` module: + :class:`~email.mime.image.MIMEImage`). + + ++.. exception:: HeaderWriteError() ++ ++ Raised when an error occurs when the :mod:`~email.generator` outputs ++ headers. ++ ++ + Here is the list of the defects that the :class:`~email.parser.FeedParser` + can find while parsing messages. Note that the defects are added to the message + where the problem was found, so for example, if a message nested inside a +diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst +index bf53b95..57a75ce 100644 +--- a/Doc/library/email.policy.rst ++++ b/Doc/library/email.policy.rst +@@ -229,6 +229,24 @@ added matters. To illustrate:: + + .. versionadded:: 3.6 + ++ ++ .. attribute:: verify_generated_headers ++ ++ If ``True`` (the default), the generator will raise ++ :exc:`~email.errors.HeaderWriteError` instead of writing a header ++ that is improperly folded or delimited, such that it would ++ be parsed as multiple headers or joined with adjacent data. ++ Such headers can be generated by custom header classes or bugs ++ in the ``email`` module. ++ ++ As it's a security feature, this defaults to ``True`` even in the ++ :class:`~email.policy.Compat32` policy. ++ For backwards compatible, but unsafe, behavior, it must be set to ++ ``False`` explicitly. ++ ++ .. versionadded:: 3.9.20 ++ ++ + The following :class:`Policy` method is intended to be called by code using + the email library to create policy instances with custom settings: + +diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst +index 1756a37..eeda4e6 100644 +--- a/Doc/whatsnew/3.9.rst ++++ b/Doc/whatsnew/3.9.rst +@@ -1625,3 +1625,15 @@ ipaddress + + * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, + ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. ++ ++email ++----- ++ ++* Headers with embedded newlines are now quoted on output. ++ ++ The :mod:`~email.generator` will now refuse to serialize (write) headers ++ that are improperly folded or delimited, such that they would be parsed as ++ multiple headers or joined with adjacent data. ++ If you need to turn this safety feature off, ++ set :attr:`~email.policy.Policy.verify_generated_headers`. ++ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) +diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py +index 8a8fb8b..e394cfd 100644 +--- a/Lib/email/_header_value_parser.py ++++ b/Lib/email/_header_value_parser.py +@@ -92,6 +92,8 @@ TOKEN_ENDS = TSPECIALS | WSP + ASPECIALS = TSPECIALS | set("*'%") + ATTRIBUTE_ENDS = ASPECIALS | WSP + EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') ++NLSET = {'\n', '\r'} ++SPECIALSNL = SPECIALS | NLSET + + def quote_string(value): + return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' +@@ -2778,9 +2780,13 @@ def _refold_parse_tree(parse_tree, *, policy): + wrap_as_ew_blocked -= 1 + continue + tstr = str(part) +- if part.token_type == 'ptext' and set(tstr) & SPECIALS: +- # Encode if tstr contains special characters. +- want_encoding = True ++ if not want_encoding: ++ if part.token_type == 'ptext': ++ # Encode if tstr contains special characters. ++ want_encoding = not SPECIALSNL.isdisjoint(tstr) ++ else: ++ # Encode if tstr contains newlines. ++ want_encoding = not NLSET.isdisjoint(tstr) + try: + tstr.encode(encoding) + charset = encoding +diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py +index c9cbadd..d1f4821 100644 +--- a/Lib/email/_policybase.py ++++ b/Lib/email/_policybase.py +@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + message_factory -- the class to use to create new message objects. + If the value is None, the default is Message. + ++ verify_generated_headers ++ -- if true, the generator verifies that each header ++ they are properly folded, so that a parser won't ++ treat it as multiple headers, start-of-body, or ++ part of another header. ++ This is a check against custom Header & fold() ++ implementations. + """ + + raise_on_defect = False +@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + max_line_length = 78 + mangle_from_ = False + message_factory = None ++ verify_generated_headers = True + + def handle_defect(self, obj, defect): + """Based on policy, either raise defect or call register_defect. +diff --git a/Lib/email/errors.py b/Lib/email/errors.py +index d28a680..1a0d5c6 100644 +--- a/Lib/email/errors.py ++++ b/Lib/email/errors.py +@@ -29,6 +29,10 @@ class CharsetError(MessageError): + """An illegal charset was given.""" + + ++class HeaderWriteError(MessageError): ++ """Error while writing headers.""" ++ ++ + # These are parsing defects which the parser was able to work around. + class MessageDefect(ValueError): + """Base class for a message defect.""" +diff --git a/Lib/email/generator.py b/Lib/email/generator.py +index c9b1216..89224ae 100644 +--- a/Lib/email/generator.py ++++ b/Lib/email/generator.py +@@ -14,12 +14,14 @@ import random + from copy import deepcopy + from io import StringIO, BytesIO + from email.utils import _has_surrogates ++from email.errors import HeaderWriteError + + UNDERSCORE = '_' + NL = '\n' # XXX: no longer used by the code below. + + NLCRE = re.compile(r'\r\n|\r|\n') + fcre = re.compile(r'^From ', re.MULTILINE) ++NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') + + + +@@ -223,7 +225,16 @@ class Generator: + + def _write_headers(self, msg): + for h, v in msg.raw_items(): +- self.write(self.policy.fold(h, v)) ++ folded = self.policy.fold(h, v) ++ if self.policy.verify_generated_headers: ++ linesep = self.policy.linesep ++ if not folded.endswith(self.policy.linesep): ++ raise HeaderWriteError( ++ f'folded header does not end with {linesep!r}: {folded!r}') ++ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): ++ raise HeaderWriteError( ++ f'folded header contains newline: {folded!r}') ++ self.write(folded) + # A blank line always separates headers from body + self.write(self._NL) + +diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py +index 89e7ede..d29400f 100644 +--- a/Lib/test/test_email/test_generator.py ++++ b/Lib/test/test_email/test_generator.py +@@ -6,6 +6,7 @@ from email.message import EmailMessage + from email.generator import Generator, BytesGenerator + from email.headerregistry import Address + from email import policy ++import email.errors + from test.test_email import TestEmailBase, parameterize + + +@@ -216,6 +217,44 @@ class TestGeneratorBase: + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_keep_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ ++ def test_keep_long_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject ++ =?utf-8?q?=0A?=Bcc: ++ injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ + + class TestGenerator(TestGeneratorBase, TestEmailBase): + +@@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, TestEmailBase): + ioclass = io.StringIO + typ = str + ++ def test_verify_generated_headers(self): ++ """gh-121650: by default the generator prevents header injection""" ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ for text in ( ++ 'Value\r\nBad Injection\r\n', ++ 'NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=self.policy, ++ ) ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ with self.assertRaises(email.errors.HeaderWriteError): ++ message.as_string() ++ + + class TestBytesGenerator(TestGeneratorBase, TestEmailBase): + +diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py +index e87c275..ff1ddf7 100644 +--- a/Lib/test/test_email/test_policy.py ++++ b/Lib/test/test_email/test_policy.py +@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): + 'raise_on_defect': False, + 'mangle_from_': True, + 'message_factory': None, ++ 'verify_generated_headers': True, + } + # These default values are the ones set on email.policy.default. + # If any of these defaults change, the docs must be updated. +@@ -277,6 +278,31 @@ class PolicyAPITests(unittest.TestCase): + with self.assertRaises(email.errors.HeaderParseError): + policy.fold("Subject", subject) + ++ def test_verify_generated_headers(self): ++ """Turning protection off allows header injection""" ++ policy = email.policy.default.clone(verify_generated_headers=False) ++ for text in ( ++ 'Header: Value\r\nBad: Injection\r\n', ++ 'Header: NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = email.message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=policy, ++ ) ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ self.assertEqual( ++ message.as_string(), ++ f"{text}\nBody", ++ ) ++ + # XXX: Need subclassing tests. + # For adding subclassed objects, make sure the usual rules apply (subclass + # wins), but that the order still works (right overrides left). +-- +2.45.2 + diff --git a/SPECS/python3/python3.spec b/SPECS/python3/python3.spec index bb6a2d2c589..4f0652ee0ab 100644 --- a/SPECS/python3/python3.spec +++ b/SPECS/python3/python3.spec @@ -12,7 +12,7 @@ Summary: A high-level scripting language Name: python3 Version: 3.9.19 -Release: 7%{?dist} +Release: 8%{?dist} License: PSF Vendor: Microsoft Corporation Distribution: Mariner @@ -28,6 +28,7 @@ Patch4: CVE-2024-6232.patch Patch5: CVE-2024-8088.patch Patch6: CVE-2024-4032.patch Patch7: CVE-2024-11168.patch +Patch8: CVE-2024-6923.patch # Patch for setuptools, resolved in 65.5.1 Patch1000: CVE-2022-40897.patch Patch1001: CVE-2024-6345.patch @@ -173,6 +174,7 @@ The test package contains all regression tests for Python as well as the modules %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build # Remove GCC specs and build environment linker scripts @@ -328,6 +330,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__ %{_libdir}/python%{majmin}/test/* %changelog +* Thu Nov 28 2024 Kanishk Bansal - 3.9.19-8 +- Address CVE-2024-6923 + * Fri Nov 15 2024 Ankita Pareek - 3.9.19-7 - Address CVE-2024-11168 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 79f8bbc3d07..2f2790f20c0 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-19.cm2.noarch.rpm ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.aarch64.rpm unzip-6.0-21.cm2.aarch64.rpm -python3-3.9.19-7.cm2.aarch64.rpm -python3-devel-3.9.19-7.cm2.aarch64.rpm -python3-libs-3.9.19-7.cm2.aarch64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm +python3-3.9.19-8.cm2.aarch64.rpm +python3-devel-3.9.19-8.cm2.aarch64.rpm +python3-libs-3.9.19-8.cm2.aarch64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.aarch64.rpm libselinux-3.2-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 44da8087b55..dd9ea09d9a3 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-19.cm2.noarch.rpm ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.x86_64.rpm unzip-6.0-21.cm2.x86_64.rpm -python3-3.9.19-7.cm2.x86_64.rpm -python3-devel-3.9.19-7.cm2.x86_64.rpm -python3-libs-3.9.19-7.cm2.x86_64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm +python3-3.9.19-8.cm2.x86_64.rpm +python3-devel-3.9.19-8.cm2.x86_64.rpm +python3-libs-3.9.19-8.cm2.x86_64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.x86_64.rpm libselinux-3.2-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7a6111d181c..bb8df4c1d3d 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -510,28 +510,28 @@ procps-ng-devel-3.3.17-2.cm2.aarch64.rpm procps-ng-lang-3.3.17-2.cm2.aarch64.rpm pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm python-markupsafe-debuginfo-2.1.0-1.cm2.aarch64.rpm -python3-3.9.19-7.cm2.aarch64.rpm +python3-3.9.19-8.cm2.aarch64.rpm python3-audit-3.0.6-8.cm2.aarch64.rpm python3-cracklib-2.9.7-5.cm2.aarch64.rpm -python3-curses-3.9.19-7.cm2.aarch64.rpm +python3-curses-3.9.19-8.cm2.aarch64.rpm python3-Cython-0.29.33-2.cm2.aarch64.rpm -python3-debuginfo-3.9.19-7.cm2.aarch64.rpm -python3-devel-3.9.19-7.cm2.aarch64.rpm +python3-debuginfo-3.9.19-8.cm2.aarch64.rpm +python3-devel-3.9.19-8.cm2.aarch64.rpm python3-gpg-1.16.0-2.cm2.aarch64.rpm python3-jinja2-3.0.3-4.cm2.noarch.rpm python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm -python3-libs-3.9.19-7.cm2.aarch64.rpm +python3-libs-3.9.19-8.cm2.aarch64.rpm python3-libxml2-2.10.4-4.cm2.aarch64.rpm python3-lxml-4.9.1-1.cm2.aarch64.rpm python3-magic-5.40-3.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.aarch64.rpm python3-newt-0.52.21-5.cm2.aarch64.rpm -python3-pip-3.9.19-7.cm2.noarch.rpm +python3-pip-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm python3-rpm-4.18.0-4.cm2.aarch64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm -python3-test-3.9.19-7.cm2.aarch64.rpm -python3-tools-3.9.19-7.cm2.aarch64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm +python3-test-3.9.19-8.cm2.aarch64.rpm +python3-tools-3.9.19-8.cm2.aarch64.rpm readline-8.1-1.cm2.aarch64.rpm readline-debuginfo-8.1-1.cm2.aarch64.rpm readline-devel-8.1-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 628ae406dca..33be00851be 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -516,28 +516,28 @@ procps-ng-devel-3.3.17-2.cm2.x86_64.rpm procps-ng-lang-3.3.17-2.cm2.x86_64.rpm pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm python-markupsafe-debuginfo-2.1.0-1.cm2.x86_64.rpm -python3-3.9.19-7.cm2.x86_64.rpm +python3-3.9.19-8.cm2.x86_64.rpm python3-audit-3.0.6-8.cm2.x86_64.rpm python3-cracklib-2.9.7-5.cm2.x86_64.rpm -python3-curses-3.9.19-7.cm2.x86_64.rpm +python3-curses-3.9.19-8.cm2.x86_64.rpm python3-Cython-0.29.33-2.cm2.x86_64.rpm -python3-debuginfo-3.9.19-7.cm2.x86_64.rpm -python3-devel-3.9.19-7.cm2.x86_64.rpm +python3-debuginfo-3.9.19-8.cm2.x86_64.rpm +python3-devel-3.9.19-8.cm2.x86_64.rpm python3-gpg-1.16.0-2.cm2.x86_64.rpm python3-jinja2-3.0.3-4.cm2.noarch.rpm python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm -python3-libs-3.9.19-7.cm2.x86_64.rpm +python3-libs-3.9.19-8.cm2.x86_64.rpm python3-libxml2-2.10.4-4.cm2.x86_64.rpm python3-lxml-4.9.1-1.cm2.x86_64.rpm python3-magic-5.40-3.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.x86_64.rpm python3-newt-0.52.21-5.cm2.x86_64.rpm -python3-pip-3.9.19-7.cm2.noarch.rpm +python3-pip-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm python3-rpm-4.18.0-4.cm2.x86_64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm -python3-test-3.9.19-7.cm2.x86_64.rpm -python3-tools-3.9.19-7.cm2.x86_64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm +python3-test-3.9.19-8.cm2.x86_64.rpm +python3-tools-3.9.19-8.cm2.x86_64.rpm readline-8.1-1.cm2.x86_64.rpm readline-debuginfo-8.1-1.cm2.x86_64.rpm readline-devel-8.1-1.cm2.x86_64.rpm From 0fc49f2c05d3677a932559999c0367c0e7ea02df Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:37:00 -0800 Subject: [PATCH 27/43] [AUTOPATCHER-CORE] Upgrade iperf3 to 3.18 CVE-2024-53580 (#11653) --- SPECS/iperf3/iperf3.signatures.json | 8 ++++---- SPECS/iperf3/iperf3.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/SPECS/iperf3/iperf3.signatures.json b/SPECS/iperf3/iperf3.signatures.json index 41945ca1cf0..9b3d0c2df02 100644 --- a/SPECS/iperf3/iperf3.signatures.json +++ b/SPECS/iperf3/iperf3.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "iperf3-3.17.tar.gz": "0d88489d1730e1161b61ce9b4c5f0943eb31232a78c771566f03b38152aff4ba" - } -} \ No newline at end of file + "Signatures": { + "iperf3-3.18.tar.gz": "ef9ffabf16926701a11c9b7e95dccdf64ff304b7b20dcb6f28aed06b240b7e99" + } +} diff --git a/SPECS/iperf3/iperf3.spec b/SPECS/iperf3/iperf3.spec index c33dc2dd62b..51d31d29fd7 100644 --- a/SPECS/iperf3/iperf3.spec +++ b/SPECS/iperf3/iperf3.spec @@ -1,6 +1,6 @@ Summary: A network performance benchmark tool. Name: iperf3 -Version: 3.17 +Version: 3.18 Release: 1%{?dist} License: BSD and MIT and Public Domain Vendor: Microsoft Corporation @@ -66,6 +66,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/libiperf.3.gz %changelog +* Sun Dec 22 2024 CBL-Mariner Servicing Account - 3.18-1 +- Auto-upgrade to 3.18 - CVE-2024-53580 + * Thu May 16 2024 Muhammad Falak - 3.17-1 - Bump version to 3.17 to address CVE-2024-26306 diff --git a/cgmanifest.json b/cgmanifest.json index e78f5cdd7a8..422f809c609 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -7381,8 +7381,8 @@ "type": "other", "other": { "name": "iperf3", - "version": "3.17", - "downloadUrl": "https://github.com/esnet/iperf/archive/3.17.tar.gz" + "version": "3.18", + "downloadUrl": "https://github.com/esnet/iperf/archive/3.18.tar.gz" } } }, From 0fca031d7130e1c21e821895b7a6ea1408654073 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:37:27 -0800 Subject: [PATCH 28/43] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for coredns - branch main (#11658) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/coredns/CVE-2024-24786.patch | 41 ++++++++++++++++++++++++++++++ SPECS/coredns/coredns.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/coredns/CVE-2024-24786.patch diff --git a/SPECS/coredns/CVE-2024-24786.patch b/SPECS/coredns/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/coredns/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/coredns/coredns.spec b/SPECS/coredns/coredns.spec index 3108cb1d631..022cb6d4918 100644 --- a/SPECS/coredns/coredns.spec +++ b/SPECS/coredns/coredns.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.11.1 -Release: 11%{?dist} +Release: 12%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Patch2: CVE-2023-49295.patch Patch3: CVE-2024-22189.patch Patch4: CVE-2023-45288.patch Patch5: CVE-2024-0874.patch +Patch6: CVE-2024-24786.patch BuildRequires: golang @@ -74,6 +75,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.11.1-12 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.11.1-11 - Bump release to rebuild with go 1.22.7 From 4bd3983711c44f5add0d01c82f4a9d19a3995687 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:45:22 -0800 Subject: [PATCH 29/43] [AUTO-CHERRYPICK] moby-engine: patch CVE-2024-45337 - branch main (#11659) Co-authored-by: Andrew Phelps Co-authored-by: Pawel Winogrodzki --- SPECS/moby-engine/CVE-2024-45337.patch | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 SPECS/moby-engine/CVE-2024-45337.patch diff --git a/SPECS/moby-engine/CVE-2024-45337.patch b/SPECS/moby-engine/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the From 10486db194f99b38c0ccfcba252ed579d8e6cf62 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:46:26 -0800 Subject: [PATCH 30/43] [AUTO-CHERRYPICK] moby-compose: patch CVE-2024-45337 - branch main (#11660) Co-authored-by: Andrew Phelps --- SPECS/moby-compose/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++ SPECS/moby-compose/moby-compose.spec | 7 ++- 2 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 SPECS/moby-compose/CVE-2024-45337.patch diff --git a/SPECS/moby-compose/CVE-2024-45337.patch b/SPECS/moby-compose/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/moby-compose/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/moby-compose/moby-compose.spec b/SPECS/moby-compose/moby-compose.spec index 79cff0a0f13..56a7f71fa1a 100644 --- a/SPECS/moby-compose/moby-compose.spec +++ b/SPECS/moby-compose/moby-compose.spec @@ -1,7 +1,7 @@ Summary: Define and run multi-container applications with Docker Name: moby-compose Version: 2.17.3 -Release: 8%{?dist} +Release: 9%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -35,7 +35,7 @@ Patch7: CVE-2024-23650.patch # github.com/docker/distribution/catalog (for catalog.go) Patch8: CVE-2023-2253.patch Patch9: CVE-2024-36623.patch - +Patch10: CVE-2024-45337.patch # Leverage the `generate_source_tarball.sh` to create the vendor sources # NOTE: govendor-v1 format is for inplace CVE updates so that we do not have to overwrite in the blob-store. @@ -73,6 +73,9 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl %{_libexecdir}/docker/cli-plugins/docker-compose %changelog +* Tue Dec 17 2024 Andrew Phelps - 2.17.3-9 +- Add patch for CVE-2024-45337 + * Tue Dec 10 2024 Sudipta Pandit - 2.17.3-8 - Fix CVE-2024-36623 with patch From 2241a97e4338a32247a1fd2ccd4838d1319fbed5 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:48:14 -0800 Subject: [PATCH 31/43] [AUTO-CHERRYPICK] patch rust to fix CVE-2024-43806 - branch main (#11662) Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com> --- SPECS/rust/CVE-2024-43806.patch | 1596 +++++++++++++++++++++++++++++++ SPECS/rust/rust.spec | 6 +- 2 files changed, 1601 insertions(+), 1 deletion(-) create mode 100644 SPECS/rust/CVE-2024-43806.patch diff --git a/SPECS/rust/CVE-2024-43806.patch b/SPECS/rust/CVE-2024-43806.patch new file mode 100644 index 00000000000..2c49a83ca24 --- /dev/null +++ b/SPECS/rust/CVE-2024-43806.patch @@ -0,0 +1,1596 @@ +From c822bb4e0f93b377e53996f241aaa6cc9d1fb3e6 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 1/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.6 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.6/.cargo-checksum.json | 2 +- + .../rustix-0.37.6/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.6/.cargo-checksum.json b/vendor/rustix-0.37.6/.cargo-checksum.json +index 4145db8aa..28f295ddd 100644 +--- a/vendor/rustix-0.37.6/.cargo-checksum.json ++++ b/vendor/rustix-0.37.6/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"fa9a45195a5d4c17b332061c4d236dc6ab2799e19467612efb062ed21e94907e","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"9ea13f3871d03ae28f6abc9b1aa73667a3fd56063793a79545221cb2cbf1ad30","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"96482bacfeef73d7da7d370750e821ce2ed85d61ff47f8d98ac27dc8e54c0e0d","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"57e87b2d5ec31203b87137a787daee9bf8f133898d8eb5bb0716c81380d9ac7a","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"d54842a373968da54bdae73e10ccab7a8bc19c1bc75b6dca2bb70818c5b275ea","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"f0153ba1107267e58ee605fdbbeb80e5df56715d8e79c9d6536efe53608b729b","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"d396b665d23553f32d148331184df18dd84496979b9e257637881b31e2523a5d","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"a221853e71fca50cb6b0b066e3ee8f626cac1fce61fc297458e15bbc8fa1d835","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"d097081ed288dfe45699b72f5b5d648e5f15d64d900c7080273baa20c16a6849"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"fa9a45195a5d4c17b332061c4d236dc6ab2799e19467612efb062ed21e94907e","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"9ea13f3871d03ae28f6abc9b1aa73667a3fd56063793a79545221cb2cbf1ad30","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"4ff31e75f5df4890b668b21c1937ca5132828ecb92294d7b154c4683cc4ddc79","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"57e87b2d5ec31203b87137a787daee9bf8f133898d8eb5bb0716c81380d9ac7a","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"965ca4d97feeb0a4d4e90b62f820818c99bd5bb2acf1b85fd9f0b7ae30dd3439","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"f0153ba1107267e58ee605fdbbeb80e5df56715d8e79c9d6536efe53608b729b","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"d396b665d23553f32d148331184df18dd84496979b9e257637881b31e2523a5d","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"a221853e71fca50cb6b0b066e3ee8f626cac1fce61fc297458e15bbc8fa1d835","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"d097081ed288dfe45699b72f5b5d648e5f15d64d900c7080273baa20c16a6849"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs +index d1c901323..3339b7df3 100644 +--- a/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs +@@ -34,8 +34,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -47,20 +52,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -72,13 +92,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -86,6 +112,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -111,7 +138,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -124,21 +151,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -275,7 +302,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -291,7 +318,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -403,3 +430,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs +index cfa347d03..54157ade2 100644 +--- a/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -223,3 +262,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 72384f57ef96af040cf2bd972006ea72d5cffcd1 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 2/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.11 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.11/.cargo-checksum.json | 2 +- + .../rustix-0.37.11/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.11/.cargo-checksum.json b/vendor/rustix-0.37.11/.cargo-checksum.json +index afbb8d7e6..b365e8741 100644 +--- a/vendor/rustix-0.37.11/.cargo-checksum.json ++++ b/vendor/rustix-0.37.11/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"29b18a4f7352368f84504a2ef6cfab7f5bf65ab9644f33bd2944041aec2acc01","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"643cd9fb407cfd540d2837b9de15db6c27e1f465a33f8117bf66c27868843600","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"46a155f7f5564126e8323db67df9d10b864cb60c631ca6ed4ae2724e929e5955","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"1036d1bb293595c7cd5eb56154b475c2496b05facc0e203b9c9d44d44d1f4544","src/backend/libc/fs/types.rs":"5ecdd9586fbae8b3a450494f8e4ed8634efd6c00d98c987176c5b67e799c7744","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"51d213ce5020932bcdc73c5d9ef4d06f2cbf81fcc5b4d9675e22f6d2712b225d","src/backend/libc/io/types.rs":"51caa5760ffa083cae00c5075f8048c048735cf68dc9d02b3fa84689521f2f1a","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"0f3fcf42ebea8c97f7f4f2c7205f309c39fc12aef74d63e3b41a6faad9334398","src/backend/libc/net/types.rs":"53912a831c475805f9a4fb43801eacf2e97fd68e34b00c2499cd7af472732442","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"19ce9b0c25646b18817b9324b4e930915370d13fb14a5d950b59910dd8e41d59","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"d2ac693959d660231edaa3a062290fc98fe7b50b33d717fc631b164d647d74fb","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"bbc30adb93e82660b32d6cdba3c3e03109ab6d2aa9c270d96ec4c661f03ff29a","src/backend/libc/termios/types.rs":"6d174f580d76d75de15732c059ac0091b1e0025cc78c05dcada2490f84d79a2f","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"72b56e7fd3efc536b196cd8276f6ffb8eb7ff9cf9b9d77cb045f1a9abb8d564b","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cbd69a9ae3f09cebbc69c93d87f9feef58e54508df8f2a9bda3b5f839dc13329","src/backend/linux_raw/conv.rs":"e8377325ea585d07514f49806420be22783d3aa91b786dd413f530a695d4ccd0","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"d54842a373968da54bdae73e10ccab7a8bc19c1bc75b6dca2bb70818c5b275ea","src/backend/linux_raw/fs/inotify.rs":"ecb0810843db7b0a0e31212fc5bc233dda17c97118fa002bcd85bc3bf29235d8","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"794bcddf8dc4916a58c431a0249b1325ad9ad8eea3ea8029d61f7a4cbbdabe7c","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"7fbc67fae5d94619b71f82717f9befbb5487f04ed880a5d2eeca5d4d2eabd31b","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"86a9f95ac682d54b21b5a0046e121fee3d992fbccff59022ff6f11afaed5233e","src/backend/linux_raw/net/types.rs":"99a159842ba27d990f293d3d78cc4e395e3e28ab90466d210e5e8f98223d1ba8","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"76bcdb88d34b186688dc0bddf70d9b7edc79d7a3c53b0b45f31871b19f96c4bf","src/backend/linux_raw/process/types.rs":"2559117d77e9957cec6c49d9d859c4dfff84e09ed85bb182cd9844de5569078a","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"34bdeadafff8feda511d41ecf560ea78dfcf496bbce4712bf676969639bf76ae","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"393dabe7d49740487dc8b16d94f0e3b73f34075a0eec29aff3ab06963b77944c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"b8d5a29c3ebd7fc86daa72107a1b3268e3aa92aacf2d6e29d3c3c28910164594","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"775c6c52786be92047cf2f71de07e99d929bec4de5e1a02a19d8eebb8e2cdd72","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"397ae231c40ecee90e936bd9578152655bdd4852250830ac380798bd143760c0","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a960b0d359197eec7811428493f722c295ac7eb360a8d5cecb48849f0c365d22","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"9278cbb98645e68e97678b2bc73e69a80b594696584574dc83a11f3fa0a343ed","src/io/is_read_write.rs":"e8f7002ce5133af213b161546c67a8b52a9f1abbd22dd94c12bc20874769b15f","src/io/kqueue.rs":"286fd3c2d3d2879ba1a7a0fe357202abe71ac9c108ecdca7fae83009786107ab","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"fb8f5aad03b9899246f95b4220843ca7fe5551663034a64700ae5e40b493c888","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"0821281f09812960a17851a59981bf0ee4c62e33dd1572f795ad433bec992642","src/io/read_write.rs":"f81b54644cb52d59e34cefebd11c0c4fa5931fc86cca952cd52a396bd7a40973","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"0f761d5d103e95f3ca464c89079cd1a007761a23d21595b3090783fc9e655549","src/io_uring.rs":"5d1d74336a096e663b2b0b170427780b4b52d13afa5e95a0c4cb6cdbc4b4ea4a","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"35f9133f3d42c321bada86c2304c7ee0046d6dc740ff484b9f6609b7564b03fa","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"c65b268e5983ca7e356685f64a394e50d5f60815099185dab13980ec046d44ca","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"060a862fc0ad836cef2799b71977b62dbdeb8bee2d46d741cb676426e32bc541","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"68979fff96dd627f98de0baf3091413b83c0c83791e3a5a1153b83d6204248d7","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"e48791471ca608c1e2f8d7a1431246e9fd320d201e9d073b8ce5ab4228a74bd7","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"5316c9e486eee4331168d9640abef4a41e378408b24aa10d05f747e2d3538647","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"db191eb594596fca37a8779222d656c0dfd95f74e4c075be5df808c755aaea31","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"c2948b15c957b19279321e827c5971f7672f62bd8cf3709e41b58705f8f8f076","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"405dabb5376f97b08427e5c1a51b7b0863ad12e462e2590439c1bfef51b65473","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"29b18a4f7352368f84504a2ef6cfab7f5bf65ab9644f33bd2944041aec2acc01","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"643cd9fb407cfd540d2837b9de15db6c27e1f465a33f8117bf66c27868843600","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"152c43961cef07cc77dcd77a9fc69b6252702089b7e0ef07e664e370bec05da1","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"1036d1bb293595c7cd5eb56154b475c2496b05facc0e203b9c9d44d44d1f4544","src/backend/libc/fs/types.rs":"5ecdd9586fbae8b3a450494f8e4ed8634efd6c00d98c987176c5b67e799c7744","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"51d213ce5020932bcdc73c5d9ef4d06f2cbf81fcc5b4d9675e22f6d2712b225d","src/backend/libc/io/types.rs":"51caa5760ffa083cae00c5075f8048c048735cf68dc9d02b3fa84689521f2f1a","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"0f3fcf42ebea8c97f7f4f2c7205f309c39fc12aef74d63e3b41a6faad9334398","src/backend/libc/net/types.rs":"53912a831c475805f9a4fb43801eacf2e97fd68e34b00c2499cd7af472732442","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"19ce9b0c25646b18817b9324b4e930915370d13fb14a5d950b59910dd8e41d59","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"d2ac693959d660231edaa3a062290fc98fe7b50b33d717fc631b164d647d74fb","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"bbc30adb93e82660b32d6cdba3c3e03109ab6d2aa9c270d96ec4c661f03ff29a","src/backend/libc/termios/types.rs":"6d174f580d76d75de15732c059ac0091b1e0025cc78c05dcada2490f84d79a2f","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"72b56e7fd3efc536b196cd8276f6ffb8eb7ff9cf9b9d77cb045f1a9abb8d564b","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cbd69a9ae3f09cebbc69c93d87f9feef58e54508df8f2a9bda3b5f839dc13329","src/backend/linux_raw/conv.rs":"e8377325ea585d07514f49806420be22783d3aa91b786dd413f530a695d4ccd0","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"965ca4d97feeb0a4d4e90b62f820818c99bd5bb2acf1b85fd9f0b7ae30dd3439","src/backend/linux_raw/fs/inotify.rs":"ecb0810843db7b0a0e31212fc5bc233dda17c97118fa002bcd85bc3bf29235d8","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"794bcddf8dc4916a58c431a0249b1325ad9ad8eea3ea8029d61f7a4cbbdabe7c","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"7fbc67fae5d94619b71f82717f9befbb5487f04ed880a5d2eeca5d4d2eabd31b","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"86a9f95ac682d54b21b5a0046e121fee3d992fbccff59022ff6f11afaed5233e","src/backend/linux_raw/net/types.rs":"99a159842ba27d990f293d3d78cc4e395e3e28ab90466d210e5e8f98223d1ba8","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"76bcdb88d34b186688dc0bddf70d9b7edc79d7a3c53b0b45f31871b19f96c4bf","src/backend/linux_raw/process/types.rs":"2559117d77e9957cec6c49d9d859c4dfff84e09ed85bb182cd9844de5569078a","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"34bdeadafff8feda511d41ecf560ea78dfcf496bbce4712bf676969639bf76ae","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"393dabe7d49740487dc8b16d94f0e3b73f34075a0eec29aff3ab06963b77944c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"b8d5a29c3ebd7fc86daa72107a1b3268e3aa92aacf2d6e29d3c3c28910164594","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"775c6c52786be92047cf2f71de07e99d929bec4de5e1a02a19d8eebb8e2cdd72","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"397ae231c40ecee90e936bd9578152655bdd4852250830ac380798bd143760c0","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a960b0d359197eec7811428493f722c295ac7eb360a8d5cecb48849f0c365d22","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"9278cbb98645e68e97678b2bc73e69a80b594696584574dc83a11f3fa0a343ed","src/io/is_read_write.rs":"e8f7002ce5133af213b161546c67a8b52a9f1abbd22dd94c12bc20874769b15f","src/io/kqueue.rs":"286fd3c2d3d2879ba1a7a0fe357202abe71ac9c108ecdca7fae83009786107ab","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"fb8f5aad03b9899246f95b4220843ca7fe5551663034a64700ae5e40b493c888","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"0821281f09812960a17851a59981bf0ee4c62e33dd1572f795ad433bec992642","src/io/read_write.rs":"f81b54644cb52d59e34cefebd11c0c4fa5931fc86cca952cd52a396bd7a40973","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"0f761d5d103e95f3ca464c89079cd1a007761a23d21595b3090783fc9e655549","src/io_uring.rs":"5d1d74336a096e663b2b0b170427780b4b52d13afa5e95a0c4cb6cdbc4b4ea4a","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"35f9133f3d42c321bada86c2304c7ee0046d6dc740ff484b9f6609b7564b03fa","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"c65b268e5983ca7e356685f64a394e50d5f60815099185dab13980ec046d44ca","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"060a862fc0ad836cef2799b71977b62dbdeb8bee2d46d741cb676426e32bc541","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"68979fff96dd627f98de0baf3091413b83c0c83791e3a5a1153b83d6204248d7","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"e48791471ca608c1e2f8d7a1431246e9fd320d201e9d073b8ce5ab4228a74bd7","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"5316c9e486eee4331168d9640abef4a41e378408b24aa10d05f747e2d3538647","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"db191eb594596fca37a8779222d656c0dfd95f74e4c075be5df808c755aaea31","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"c2948b15c957b19279321e827c5971f7672f62bd8cf3709e41b58705f8f8f076","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"405dabb5376f97b08427e5c1a51b7b0863ad12e462e2590439c1bfef51b65473","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs +index b6eb32580..e206a97de 100644 +--- a/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs +@@ -30,8 +30,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -43,20 +48,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -68,13 +88,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -82,6 +108,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -115,7 +142,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -128,21 +155,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -155,7 +182,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -171,7 +198,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -283,3 +310,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs +index cfa347d03..54157ade2 100644 +--- a/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -223,3 +262,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 66b256ac494412d7972418ffa3f2dc3a50c28723 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 3/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.20 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.20/.cargo-checksum.json | 2 +- + .../rustix-0.37.20/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.20/.cargo-checksum.json b/vendor/rustix-0.37.20/.cargo-checksum.json +index f1c5a6c0d..51276b08c 100644 +--- a/vendor/rustix-0.37.20/.cargo-checksum.json ++++ b/vendor/rustix-0.37.20/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"357f256f801f57bbe17b4f5cff7ce9b3c42cc1605bf7c088efb9b546033628e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"99c383b949ab63bae97fa0f4629d2205fdbaada50f5b648a70373ca5dcef22b2","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"a322dd310c2b30a966c410ab1557b560b302246d2f2734fcecdc653f4307edbe","src/backend/libc/c.rs":"7aec21aa56faad3b87674855ed6f54242aa5660905e6b2bcdaa0f8dc0f19df56","src/backend/libc/conv.rs":"77cc96b7242c4c9cc54083d57d27a926a20b159196d1db98fdf943c9b8c7d0c6","src/backend/libc/fs/dir.rs":"5411a2baa88b3d509e0f1b9e44aa6e20f4791510497a16acdf4cd32324b5dd48","src/backend/libc/fs/inotify.rs":"fbe35da10eec6c712ee752b868f04d1d1ef03188ef706b9c44b7f338152df744","src/backend/libc/fs/makedev.rs":"3a4ab3f6c7bd221a0bf7cdf7392c97cac7eba072c2a699c2dc68422ff48ab44f","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"98ce2a39b792f1358d1a5198a670feafb5620e2e3bf84e7003a13e9fd6432905","src/backend/libc/fs/types.rs":"fafa70493a2efcc18612296d4f1ca9303d1867be01bcabed14dffa9e8971e8d2","src/backend/libc/io/epoll.rs":"162329053d6fb0f3c9d671526fd120ec89d9347fb8aada8b8487095166d64710","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"afcf57d6bbb4bb0be97c9597a298eaaa58a8838f07212e3051612fa25993bd9c","src/backend/libc/io/poll_fd.rs":"d8092bca9cb0317b3a9bb418a55abf0e868f1c7267cacc97454a5053ff192a05","src/backend/libc/io/syscalls.rs":"1c448d64e74a3af881e5e67738b464682ee0769f8e90fb29d5fb1e7fbcc3d704","src/backend/libc/io/types.rs":"eba054b7e441febf289f7c656c0b465ad9982afd7e3e85c74de4992e1ee76d48","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"190165e683ffc9ee2085a19086d2f72bad954d50124eb0eed192faa512e67a1b","src/backend/libc/mm/types.rs":"22367f983585b2245621f7994a1585746ac446eb31669654d4de7195dffbfb3a","src/backend/libc/mod.rs":"49b9fe81918a05a066ecbcec4a72ed945c4129ae6f86007e94af653d3834f71d","src/backend/libc/net/addr.rs":"afd79fcc35b48bda21e2a210fa030387e9e3b8c741903ff75c459102eb6e5f36","src/backend/libc/net/ext.rs":"af0fb192e1055420937196af2e314869173d4f50e970af4cc85f6f261e78ff20","src/backend/libc/net/mod.rs":"e88d9ca079089857c9b794ed8ab5bb970e779cfe7bd0bdcb402edcd2f48efb5d","src/backend/libc/net/msghdr.rs":"bdce9e21a6e7dd60e5fab9795b73ab49d20358bb0a9b8da65ca4f762693b3709","src/backend/libc/net/read_sockaddr.rs":"21c0f0e3b295ad4183eed16f8794f1fa1ede5ac5f8a2565510be2262d3f42b0e","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"b1309c930a4cb557f7ab24cdcf060b3fc0c06cecf9d2030b79b782c1bff605f4","src/backend/libc/net/types.rs":"8acd35d92ef2afb148e2dc41dab184d7f302b770a214e09e58c065c476fe858f","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"73f01763fff883c42c014fe3f471585512777b431a77b6f8116fc20624ece085","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"a5041e8d96738f092989ae38bbdb09ba0d74f5956d340fef48044e24ee6fec81","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"f191f647d3b22e80f325a2bb384356176aa8e730d14620e8c4c8c89f81ac2a64","src/backend/libc/process/types.rs":"4e904c18127c202a70aaf275abf7984ad95e6420dd676f3a534f3969d9037d78","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"0335109c870a054eb07e309a0e750e71962697535125fe3c45556cd75eb20bfd","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"5cbb8ec93d68c04fbd1b22736905ed070de6a7b68c550948da3c672c1d049935","src/backend/libc/rand/types.rs":"c59e156eafcc97558a1bc5210e3438e9850512d1dfb4bb8e3d344409c12a9a54","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"17a5a559cda40707cc846e96c5b2c6fb284dac3a2b18c44dbcb5bc53787f42d3","src/backend/libc/termios/types.rs":"7c171edc9277466aa12518bd6f5ad9f38d4fa3202572523e384c138d3671d4d2","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"f58ed92790c7cef29c09635e79c664c7f2260449a55dfbf0930b92697c2e2f0d","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"6d3202d524510170618f727ce1c96e1cf55f2a775172215f5834cf2a06565466","src/backend/libc/time/types.rs":"0414e977004abe604333607ad42c27549b2d5fb2d56a37b431f87dac330d16df","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"7018e7d3bd2f3e6545baafcb75256505eb8297f025706ef662e4f3b12f1d8add","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"1f1d97557db783e6d6d0a027f7d699308b483159efe081468d86a883d4df641b","src/backend/linux_raw/conv.rs":"13610464e9bdedeb4c387bd34284bf972d1b60cb7214761c0e7223b4f8532914","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/fs/dir.rs":"b130249238fd989a2f04a13365092a0ead08e3552183c9297039875634577130","src/backend/linux_raw/fs/inotify.rs":"84753669fcadfcb66f9b363b6011ef1bf30be396f93299576640c2ed7486f8b3","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"d043a80c9253fab6de0f0e15f7d662e207dbb2e8e8bf31a5b50d0ac448ba89f0","src/backend/linux_raw/fs/types.rs":"bbabce075aa5d92780d09e80aae1aac10281575c93a3f365108c35fceb5241e0","src/backend/linux_raw/io/epoll.rs":"f30b0f2b12415d8972ca726d8c9a750eb4306fa9f57933e9dabfb495cde07264","src/backend/linux_raw/io/errno.rs":"6a5b70a3a8ff66c22dd9d08bee9594be163c75858291c91fae12ceb6f30b3777","src/backend/linux_raw/io/io_slice.rs":"5c6ae3376994e6b30a48c1939bce81c122d8581c5dced522cff886cf3b06384c","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"6bc1dde7db981372160ad416edf93d8af10c54478799267bef842c0514847d96","src/backend/linux_raw/io/types.rs":"b5be41bfae29bb27b7cb4db2584c5aac4ebe6f67e031e6c1ae5ff61649dd2955","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"6e6b97b3b161aa1f03d8cf0e94c5ff35d4911a5049770dbb203acba84ee65843","src/backend/linux_raw/mod.rs":"be1d31a71c5f7aa61681661a4e45999de001e473b8869f0f5e510e16e501fc45","src/backend/linux_raw/net/addr.rs":"af30232b1241291254fe9ce0fa0050e707adc73325308eb0501801e33cc07c73","src/backend/linux_raw/net/mod.rs":"c912274a40eab213f0afcaab8ae098ae7d56fa95592463c830b2361df57731fe","src/backend/linux_raw/net/msghdr.rs":"18facac973918b6a8a6b49b0fcf1058e88286d67e12801ce6dacb58ebf5a7d75","src/backend/linux_raw/net/read_sockaddr.rs":"71bdde53beb3aea60d51c664e3fc36e34371acd869f621faa3dabd8b0d91b0c5","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"1670344e0a725c4d097897c445bdfa67832830e7ceec418fbc734ddaacffa761","src/backend/linux_raw/net/types.rs":"87ed6b59a29aab219fd625393b1b9f4200eabacf1ee4ad8fe806a2b8b53169df","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"5565394c6943ecb85dafcc4eae1931417d912560ccb86496d79914d7a4087cb6","src/backend/linux_raw/param/libc_auxv.rs":"5d57b293700de025bc811ccafd29f05af2787c288ab5e653351c0bd96c488910","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0bce1df427c5be8d2fec48ba92e93c442b0adf1896a0af65c5d4780a4826741b","src/backend/linux_raw/process/types.rs":"c04c902fc7c489947272b3983aa5e8c4e53b4ef6cfafe5ce973bf694bd14cfaa","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"18614be9fde4e095b159682ec4b9d1e077716b710030ebd1681813812d74d8ce","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"5b6d741a9d954aa02177d3850a36375a391fa55cde91eec0c640845adb666691","src/backend/linux_raw/runtime/tls.rs":"9db0e08e47e69013b3fac0b4aa24e6ac6b07904797e0e04658dd44f3a7245e0f","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"232a24ccfbb2a03a107373249c5d3ebe3db70388ed39e6e6dd08e14630a48f2e","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"57f6d8d3a2526ca5066aa35ea74b35e465726b1bc079fafd22abe211f643c070","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"02710805710aeb65a169492e650b495dceea402ad212922a0589ab8c1605e585","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"c86e1b0d28e9148a5061b8dd967fe9f5c583001c8850f30f1f30ac75026df70f","src/const_assert.rs":"69aad0f4c33ca5b6a23f35644b7da71977e23d645a1279f915893ac8087da355","src/cstr.rs":"c515846378c45e7f04dded259b791a09ad304b3465fc64d1a0fe3d213c9d6a26","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"fa59a9cfbb74c5edab015b895b967d3e2197cde6867ba3b54f57c804bb73bd44","src/fs/constants.rs":"93601ba75eefcefcc3f8f936b786b7e70180aa3727c24bacfd326128b6bb52e0","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"e30d09b4700302c712b499311a86b905b5bb0c483ab2827b27add477056c284c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"2ded318e44b40cf8276b381444e6e418ad94206755283c215c2e487a32371c03","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"bc2b60c3d9e1f24a60cfe1c502ccbed682fae4c487e7da38b8e738dc08a71f8f","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"fcc16dab9927d7d6c8e4e4bf6752e65ff0c38d954cead8e6f6c2c26c11792929","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"913aaa2f5f9a5f0c381d053dd0e9560af55bc754dca23ff44dde4b0fa13ff172","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"6886b17aa4d298a116bd4de15b22469133acc94695a623d0341174a0dc649a18","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"1c9126e216d693692067d9b3514d0bad6cba3fc05c66f5c00792a8cb146902e6","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/kqueue.rs":"857f9016ebba60136e8944d7a1bd3de249d6d633211d744336c5f7f4b3dc2053","src/io/mod.rs":"f18f756c141f5c82cd511404a1ee4738a83dc589cb0a24f0db0990869540aafc","src/io/pipe.rs":"7fe8f04af16f5fcf164d8bd7e9a6bea584ef935760f4a4c7f9befd1ead2398cc","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"f767b695acf0756a3b7b367778d2090abc5a11586ab5d3b4fb4e0899e9d1f2c7","src/io/read_write.rs":"023230dec0f36f630ae8affde1a0abb0140dc28d5c5bc136f4dc6876828efe85","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"a0328775940ccdd3026e92b9dfd94584d0faf14c3d287360e157ed8903d6568f","src/io_uring.rs":"63c4bcd276e7110025e06ab77dbe506464c3efdfcb8a82493fc7fe72c716e7c8","src/lib.rs":"abcb813ff3d186657ac0b3a2c9801c5a0c1bc01fa533989410bc267b54998227","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"2961f20366463216037a7a1ab238d5e80133bf058a3f10e30f86c8f7ddb314b7","src/net/send_recv/mod.rs":"97ac913fe7baa36301e483b30271f4bbb51fb8fcb876fa3d2e49d90d40bbd030","src/net/send_recv/msg.rs":"c1b66b655065130a720eac02d17e48de7b44322f818533451782b72edbbb19b2","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"82b0aef8db493ca63a1914860b68972e02e58fd90106bd781569c20c95b6499f","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/chroot.rs":"aa83fd57d8f43c22b8f26bdb61109b74f2e2bebed34a16fed02660cbb37cd4d4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"1cbfeb3f1f793d2747eb3db981459902c98ec5fedf265a0faecf0b37a164c527","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"0269dc9a2c0684223c6d9256548dcb1dfeb66c10fe53f45fdcb173f398ada4cc","src/process/membarrier.rs":"4b1f2b062012c06cba3d3fc6f9b22d78812f5bc36ce579a0959f415952562ebd","src/process/mod.rs":"c04ed9d8cc4865c4a367e64fa4eab184253fead4b9259c4f6719f3f92c4bf9a9","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"302715256544595bf109e22a987e314b1468544b22cf63afa8d2d574085b50f0","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"c9ffddf8203077d2859d4eb204fe3da7d24efec3c492d0229750c794d3c9a996","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/system.rs":"5c701192b030236149b15e7934828aef9c9e3e2e4485728833b7146378157997","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5e0d3e46ba44f81cbf8664c68faadced7d80f56920d018591dbb8f088fff6bac","src/pty.rs":"e1d2d72f0c1cb2b8b37b9f06f87044c39d22a3e4b089a4ec25dd26de4a311c48","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"386bf280a54150b90c038173019a4e62cbc0e05656d13918f93315d70d51eb42","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"c892c62ee5ed638e4965dcf6bab403790ab6c9a2c47f66760c1cc4d89923c17e","src/termios/tty.rs":"de44a8e276070a844685fa3f3cae8ed9f2ae9ebf0333adbd42c05a350c40359f","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"60c959f60c6fcc6f57ed613f21d40fdd9f6cf9876b79f10fa951a6ee5bedb0e0","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"c4d4df3a32c65d7bd9e753c6983fd7ab12f26465f6627e33ae4d6335ae02f59e","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"20226da10a0380ef341fa1919c329cf522b46071bcc8d36fd7c93e2aabd63f83"},"package":"b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"357f256f801f57bbe17b4f5cff7ce9b3c42cc1605bf7c088efb9b546033628e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"99c383b949ab63bae97fa0f4629d2205fdbaada50f5b648a70373ca5dcef22b2","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"a322dd310c2b30a966c410ab1557b560b302246d2f2734fcecdc653f4307edbe","src/backend/libc/c.rs":"7aec21aa56faad3b87674855ed6f54242aa5660905e6b2bcdaa0f8dc0f19df56","src/backend/libc/conv.rs":"77cc96b7242c4c9cc54083d57d27a926a20b159196d1db98fdf943c9b8c7d0c6","src/backend/libc/fs/dir.rs":"fc36a713466a705b0776131fcae0faa4bc5be6feed15f203b5a7aa3818a0fd6d","src/backend/libc/fs/inotify.rs":"fbe35da10eec6c712ee752b868f04d1d1ef03188ef706b9c44b7f338152df744","src/backend/libc/fs/makedev.rs":"3a4ab3f6c7bd221a0bf7cdf7392c97cac7eba072c2a699c2dc68422ff48ab44f","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"98ce2a39b792f1358d1a5198a670feafb5620e2e3bf84e7003a13e9fd6432905","src/backend/libc/fs/types.rs":"fafa70493a2efcc18612296d4f1ca9303d1867be01bcabed14dffa9e8971e8d2","src/backend/libc/io/epoll.rs":"162329053d6fb0f3c9d671526fd120ec89d9347fb8aada8b8487095166d64710","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"afcf57d6bbb4bb0be97c9597a298eaaa58a8838f07212e3051612fa25993bd9c","src/backend/libc/io/poll_fd.rs":"d8092bca9cb0317b3a9bb418a55abf0e868f1c7267cacc97454a5053ff192a05","src/backend/libc/io/syscalls.rs":"1c448d64e74a3af881e5e67738b464682ee0769f8e90fb29d5fb1e7fbcc3d704","src/backend/libc/io/types.rs":"eba054b7e441febf289f7c656c0b465ad9982afd7e3e85c74de4992e1ee76d48","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"190165e683ffc9ee2085a19086d2f72bad954d50124eb0eed192faa512e67a1b","src/backend/libc/mm/types.rs":"22367f983585b2245621f7994a1585746ac446eb31669654d4de7195dffbfb3a","src/backend/libc/mod.rs":"49b9fe81918a05a066ecbcec4a72ed945c4129ae6f86007e94af653d3834f71d","src/backend/libc/net/addr.rs":"afd79fcc35b48bda21e2a210fa030387e9e3b8c741903ff75c459102eb6e5f36","src/backend/libc/net/ext.rs":"af0fb192e1055420937196af2e314869173d4f50e970af4cc85f6f261e78ff20","src/backend/libc/net/mod.rs":"e88d9ca079089857c9b794ed8ab5bb970e779cfe7bd0bdcb402edcd2f48efb5d","src/backend/libc/net/msghdr.rs":"bdce9e21a6e7dd60e5fab9795b73ab49d20358bb0a9b8da65ca4f762693b3709","src/backend/libc/net/read_sockaddr.rs":"21c0f0e3b295ad4183eed16f8794f1fa1ede5ac5f8a2565510be2262d3f42b0e","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"b1309c930a4cb557f7ab24cdcf060b3fc0c06cecf9d2030b79b782c1bff605f4","src/backend/libc/net/types.rs":"8acd35d92ef2afb148e2dc41dab184d7f302b770a214e09e58c065c476fe858f","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"73f01763fff883c42c014fe3f471585512777b431a77b6f8116fc20624ece085","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"a5041e8d96738f092989ae38bbdb09ba0d74f5956d340fef48044e24ee6fec81","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"f191f647d3b22e80f325a2bb384356176aa8e730d14620e8c4c8c89f81ac2a64","src/backend/libc/process/types.rs":"4e904c18127c202a70aaf275abf7984ad95e6420dd676f3a534f3969d9037d78","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"0335109c870a054eb07e309a0e750e71962697535125fe3c45556cd75eb20bfd","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"5cbb8ec93d68c04fbd1b22736905ed070de6a7b68c550948da3c672c1d049935","src/backend/libc/rand/types.rs":"c59e156eafcc97558a1bc5210e3438e9850512d1dfb4bb8e3d344409c12a9a54","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"17a5a559cda40707cc846e96c5b2c6fb284dac3a2b18c44dbcb5bc53787f42d3","src/backend/libc/termios/types.rs":"7c171edc9277466aa12518bd6f5ad9f38d4fa3202572523e384c138d3671d4d2","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"f58ed92790c7cef29c09635e79c664c7f2260449a55dfbf0930b92697c2e2f0d","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"6d3202d524510170618f727ce1c96e1cf55f2a775172215f5834cf2a06565466","src/backend/libc/time/types.rs":"0414e977004abe604333607ad42c27549b2d5fb2d56a37b431f87dac330d16df","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"7018e7d3bd2f3e6545baafcb75256505eb8297f025706ef662e4f3b12f1d8add","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"1f1d97557db783e6d6d0a027f7d699308b483159efe081468d86a883d4df641b","src/backend/linux_raw/conv.rs":"13610464e9bdedeb4c387bd34284bf972d1b60cb7214761c0e7223b4f8532914","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/fs/dir.rs":"793f25a9a7f08e3923cada6eb9f7e1e5fa56cfe4dc1ad5adee72580805419b58","src/backend/linux_raw/fs/inotify.rs":"84753669fcadfcb66f9b363b6011ef1bf30be396f93299576640c2ed7486f8b3","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"d043a80c9253fab6de0f0e15f7d662e207dbb2e8e8bf31a5b50d0ac448ba89f0","src/backend/linux_raw/fs/types.rs":"bbabce075aa5d92780d09e80aae1aac10281575c93a3f365108c35fceb5241e0","src/backend/linux_raw/io/epoll.rs":"f30b0f2b12415d8972ca726d8c9a750eb4306fa9f57933e9dabfb495cde07264","src/backend/linux_raw/io/errno.rs":"6a5b70a3a8ff66c22dd9d08bee9594be163c75858291c91fae12ceb6f30b3777","src/backend/linux_raw/io/io_slice.rs":"5c6ae3376994e6b30a48c1939bce81c122d8581c5dced522cff886cf3b06384c","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"6bc1dde7db981372160ad416edf93d8af10c54478799267bef842c0514847d96","src/backend/linux_raw/io/types.rs":"b5be41bfae29bb27b7cb4db2584c5aac4ebe6f67e031e6c1ae5ff61649dd2955","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"6e6b97b3b161aa1f03d8cf0e94c5ff35d4911a5049770dbb203acba84ee65843","src/backend/linux_raw/mod.rs":"be1d31a71c5f7aa61681661a4e45999de001e473b8869f0f5e510e16e501fc45","src/backend/linux_raw/net/addr.rs":"af30232b1241291254fe9ce0fa0050e707adc73325308eb0501801e33cc07c73","src/backend/linux_raw/net/mod.rs":"c912274a40eab213f0afcaab8ae098ae7d56fa95592463c830b2361df57731fe","src/backend/linux_raw/net/msghdr.rs":"18facac973918b6a8a6b49b0fcf1058e88286d67e12801ce6dacb58ebf5a7d75","src/backend/linux_raw/net/read_sockaddr.rs":"71bdde53beb3aea60d51c664e3fc36e34371acd869f621faa3dabd8b0d91b0c5","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"1670344e0a725c4d097897c445bdfa67832830e7ceec418fbc734ddaacffa761","src/backend/linux_raw/net/types.rs":"87ed6b59a29aab219fd625393b1b9f4200eabacf1ee4ad8fe806a2b8b53169df","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"5565394c6943ecb85dafcc4eae1931417d912560ccb86496d79914d7a4087cb6","src/backend/linux_raw/param/libc_auxv.rs":"5d57b293700de025bc811ccafd29f05af2787c288ab5e653351c0bd96c488910","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0bce1df427c5be8d2fec48ba92e93c442b0adf1896a0af65c5d4780a4826741b","src/backend/linux_raw/process/types.rs":"c04c902fc7c489947272b3983aa5e8c4e53b4ef6cfafe5ce973bf694bd14cfaa","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"18614be9fde4e095b159682ec4b9d1e077716b710030ebd1681813812d74d8ce","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"5b6d741a9d954aa02177d3850a36375a391fa55cde91eec0c640845adb666691","src/backend/linux_raw/runtime/tls.rs":"9db0e08e47e69013b3fac0b4aa24e6ac6b07904797e0e04658dd44f3a7245e0f","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"232a24ccfbb2a03a107373249c5d3ebe3db70388ed39e6e6dd08e14630a48f2e","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"57f6d8d3a2526ca5066aa35ea74b35e465726b1bc079fafd22abe211f643c070","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"02710805710aeb65a169492e650b495dceea402ad212922a0589ab8c1605e585","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"c86e1b0d28e9148a5061b8dd967fe9f5c583001c8850f30f1f30ac75026df70f","src/const_assert.rs":"69aad0f4c33ca5b6a23f35644b7da71977e23d645a1279f915893ac8087da355","src/cstr.rs":"c515846378c45e7f04dded259b791a09ad304b3465fc64d1a0fe3d213c9d6a26","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"fa59a9cfbb74c5edab015b895b967d3e2197cde6867ba3b54f57c804bb73bd44","src/fs/constants.rs":"93601ba75eefcefcc3f8f936b786b7e70180aa3727c24bacfd326128b6bb52e0","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"e30d09b4700302c712b499311a86b905b5bb0c483ab2827b27add477056c284c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"2ded318e44b40cf8276b381444e6e418ad94206755283c215c2e487a32371c03","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"bc2b60c3d9e1f24a60cfe1c502ccbed682fae4c487e7da38b8e738dc08a71f8f","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"fcc16dab9927d7d6c8e4e4bf6752e65ff0c38d954cead8e6f6c2c26c11792929","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"913aaa2f5f9a5f0c381d053dd0e9560af55bc754dca23ff44dde4b0fa13ff172","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"6886b17aa4d298a116bd4de15b22469133acc94695a623d0341174a0dc649a18","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"1c9126e216d693692067d9b3514d0bad6cba3fc05c66f5c00792a8cb146902e6","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/kqueue.rs":"857f9016ebba60136e8944d7a1bd3de249d6d633211d744336c5f7f4b3dc2053","src/io/mod.rs":"f18f756c141f5c82cd511404a1ee4738a83dc589cb0a24f0db0990869540aafc","src/io/pipe.rs":"7fe8f04af16f5fcf164d8bd7e9a6bea584ef935760f4a4c7f9befd1ead2398cc","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"f767b695acf0756a3b7b367778d2090abc5a11586ab5d3b4fb4e0899e9d1f2c7","src/io/read_write.rs":"023230dec0f36f630ae8affde1a0abb0140dc28d5c5bc136f4dc6876828efe85","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"a0328775940ccdd3026e92b9dfd94584d0faf14c3d287360e157ed8903d6568f","src/io_uring.rs":"63c4bcd276e7110025e06ab77dbe506464c3efdfcb8a82493fc7fe72c716e7c8","src/lib.rs":"abcb813ff3d186657ac0b3a2c9801c5a0c1bc01fa533989410bc267b54998227","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"2961f20366463216037a7a1ab238d5e80133bf058a3f10e30f86c8f7ddb314b7","src/net/send_recv/mod.rs":"97ac913fe7baa36301e483b30271f4bbb51fb8fcb876fa3d2e49d90d40bbd030","src/net/send_recv/msg.rs":"c1b66b655065130a720eac02d17e48de7b44322f818533451782b72edbbb19b2","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"82b0aef8db493ca63a1914860b68972e02e58fd90106bd781569c20c95b6499f","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/chroot.rs":"aa83fd57d8f43c22b8f26bdb61109b74f2e2bebed34a16fed02660cbb37cd4d4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"1cbfeb3f1f793d2747eb3db981459902c98ec5fedf265a0faecf0b37a164c527","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"0269dc9a2c0684223c6d9256548dcb1dfeb66c10fe53f45fdcb173f398ada4cc","src/process/membarrier.rs":"4b1f2b062012c06cba3d3fc6f9b22d78812f5bc36ce579a0959f415952562ebd","src/process/mod.rs":"c04ed9d8cc4865c4a367e64fa4eab184253fead4b9259c4f6719f3f92c4bf9a9","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"302715256544595bf109e22a987e314b1468544b22cf63afa8d2d574085b50f0","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"c9ffddf8203077d2859d4eb204fe3da7d24efec3c492d0229750c794d3c9a996","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/system.rs":"5c701192b030236149b15e7934828aef9c9e3e2e4485728833b7146378157997","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5e0d3e46ba44f81cbf8664c68faadced7d80f56920d018591dbb8f088fff6bac","src/pty.rs":"e1d2d72f0c1cb2b8b37b9f06f87044c39d22a3e4b089a4ec25dd26de4a311c48","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"386bf280a54150b90c038173019a4e62cbc0e05656d13918f93315d70d51eb42","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"c892c62ee5ed638e4965dcf6bab403790ab6c9a2c47f66760c1cc4d89923c17e","src/termios/tty.rs":"de44a8e276070a844685fa3f3cae8ed9f2ae9ebf0333adbd42c05a350c40359f","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"60c959f60c6fcc6f57ed613f21d40fdd9f6cf9876b79f10fa951a6ee5bedb0e0","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"c4d4df3a32c65d7bd9e753c6983fd7ab12f26465f6627e33ae4d6335ae02f59e","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"20226da10a0380ef341fa1919c329cf522b46071bcc8d36fd7c93e2aabd63f83"},"package":"b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs +index 720f7d01e..0f27f3fbc 100644 +--- a/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs +@@ -29,8 +29,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -42,20 +47,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -67,13 +87,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -81,6 +107,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -114,7 +141,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -127,21 +154,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -154,7 +181,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -170,7 +197,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -282,3 +309,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs +index 66b3101b1..512f887ab 100644 +--- a/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -135,14 +157,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -222,3 +261,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 2899dcf64b0e05610dafd818e98f4ef51809ec89 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 4/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix/.cargo-checksum.json | 2 +- + vendor/rustix/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + vendor/rustix/src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix/.cargo-checksum.json b/vendor/rustix/.cargo-checksum.json +index e749cc800..392a0bd89 100644 +--- a/vendor/rustix/.cargo-checksum.json ++++ b/vendor/rustix/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"b016dcc4465558f7bceb1eea94ae562acafa51c6d91f4bd6ace99a1a0075974c","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"62993d0e83773686d74488effddd72bd7256299e0ce913ae9bbf0704ee9f2120","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"5d470d6e1e65a33b6728a9d2135b7784ce725d3bd57a7ecbd552dfc80ddde0ac","src/backend/libc/c.rs":"6c73028cda171abe53917fe80ee1e627ff957bf29e5312b57be2a4d7050d1c92","src/backend/libc/conv.rs":"0b71622d51111c6be5d554e978d9ef6ba278e94241b53afe2fee390663b2425e","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"9b44a5b399cfa742b505f9f2d1400dac9f3d1afb1f253c23b250f08c0632e51b","src/backend/libc/event/syscalls.rs":"3755384de833dc10b381b8037efef3bd12aceaa41adb440cb7b1d5a81ef12066","src/backend/libc/event/types.rs":"5a520d60f67bf07be9229177ce872dc70bf366760a2b81fecba6d522b2179868","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"a00c4faf3a65523dce922ae4cb62dc275479d5e255b4fa5d4108864122378296","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"32d88e3e1955e533b2c110d05e6b22e31663d9a543afc8c0bf9b5901ad1d8fed","src/backend/libc/fs/types.rs":"eaabd8ea89654bcb297379fbae57a0434e3964073ca468f245c55f2f9e3a476a","src/backend/libc/io/errno.rs":"b9b591870ea1db3224cd8dc654735a052d0ee44f513069f5c9ae09183b846f69","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"db3056b3cad7313b9ec22a1b3d389ad91ef474566f091a2c644a8d8769eee055","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"de5695cef84a6859408fb09291edb93d853ed1498fe31286648778509b99ffbb","src/backend/libc/mod.rs":"eb0a047cf46a67058c68e7f3d481160cf13a35a2bf68e657110332efc2550c61","src/backend/libc/net/addr.rs":"cf0d76b0d7a0b25f7f36f36dcefcaa4e20bcba70122d8951f2696a02e8b60d09","src/backend/libc/net/ext.rs":"ed4bc298ed7dadd0f319e97ef7707ab22841ca04edc9adfe9c8a209c20360072","src/backend/libc/net/mod.rs":"6b0b674552234f08605f92770f55476e528ec39dc0c4b8baf41ceff06191f2f3","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"a44060a2cfd10586c5d52cee4ce92b5f27a2cdaa35c0c82f8db7eda59f4ef470","src/backend/libc/net/send_recv.rs":"ad545056de837597e62905fb49113055819de6952d7802edaa9c98853620ef7b","src/backend/libc/net/syscalls.rs":"025c6a1fb554345e0c16626d43ae226aa44fac813a57020fcc4337f0ea509a46","src/backend/libc/net/write_sockaddr.rs":"f8440b13a051829924959495f69053a7c67d165f8f8d979826c693100a15478a","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"18a461da1c97a8d4fe3679ce3eafb8c647179e8190528de86500d1e00c28e75c","src/backend/libc/pipe/types.rs":"12a5abf55142a46fe9951d9abe9ded7799b4fc882faa51e6c28fc06704af6451","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"83c34a773946d721c32d1f10e19b60bcec740d4a4a6b19a76ee817e8337dca8b","src/backend/libc/process/types.rs":"46367723120e8c737f7097ad85b43bb9200f2b8159904eb52c341c5ea6075aae","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"301b19e788c102c86fa408100ab4121347ebacc2340b27e97cc55ddb1794de11","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"94228b0a8ca775e09312c885eea4a5a6a47463e1377d7d97bb6b49e1c03bf9cd","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"42fdb11063237ef21e57fba2590aae223a071281f0417f17a22d7337a39db03d","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"df0be657068311fb3e3932509fb2be4c31e9e861d24096ad6071eae2e501260c","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"4b95ea3e053b7cbeb76f445978743cf2e4b7807590e366d00135c838c5e08359","src/backend/libc/time/types.rs":"c6e70d21888bbb9cc7d6561cc272d797933960bede7d93d54e09dee48e0f31ef","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"8408861cf501637b7f0bdad5234d28ebe8d042f6815554b8d2fd3a8ee5c84e20","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"1613f74cdf3ee7f99456530327a4d9d5846b95072cff32aff386241f4659ecf6","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"1e6ca71e98b6f3fca91cee16ab473a2cf710f1ea55ad24649a3b1262ed276ec8","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/c.rs":"c30491601405d42fabd5fdfe50abd539dc7693bf326be9e17a31bb6d6192e356","src/backend/linux_raw/conv.rs":"e6af1903c5b4a0ce8d80909b04e0f47849768218c9969aa6e1dcf85bdd505711","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"d871468c08ea22868f308ce53feb1dbab8740d577441a4f3aadd358baa843d27","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"76f0b4e6d46a5aa7907d783a794211124b6d2e7dd124cfb7170b24657e39d093","src/backend/linux_raw/fs/types.rs":"9410b0cb6e744820663660a8f2bacb8f477ebd5eb3b2c60e3519ba19b1c701d7","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"d82dfdef885e9b22bfbf605fce8ef2862604ef195dfdcdc0532c29426a188bd8","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"0d5815b725e51b5e16984e12852c125f14543c29bbd1a47b7e3b0ad95d711526","src/backend/linux_raw/mod.rs":"2abe0633534dc90a050595b8562bbc37a96559fdaf2e1491d1fa2cd52f0d4cb2","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"bbc7b021604feb515ba5fecb139f79935c94d3145d5115fee60f3055cf68ccb6","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"0a26b11f5ce794d85826a05b57187d333012246059f9d28a9cbbfbd2e93747c7","src/backend/linux_raw/param/libc_auxv.rs":"3b89394eb05d9f15ac23c16823666b12c5ce75ca29a6e4f3d66db2426d5e0d98","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"c499b47305ae7e25ed6fa3c760ce26cd64d985152615755706117f4d0a03d3d5","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0d7b3a3004ac84668296bfa8ad9c255f175e9fb380a59d5c8d248dc0f5b218aa","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"01c6d76b8ae36e8c936188011a13c31ca2ec61cb825b7da305d6e55356c260dd","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"55c38b348e19f049d7e65ef1fa7d9b50f9f0b6e87d32eda6f9bbc016274ef4c2","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"29deb1181e650885616928cf0b34207b644bb68bea99370e3e40d99cf6cd2f97","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"d50b761899f1d3cc4897d5cca868a8ad7e84a64d20aa46075cc0ae12f4bccdf3","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"4b35e46c58a8ac299c08250d5ceaaecec52a07be03f2d888bce2bc0581b498bc","src/clockid.rs":"598ebc50bdaf089e43fd1a0ad365c8ae1947c9a6cda0dea5273aafab32b33959","src/cstr.rs":"dc3e38fa056ce76df360c0e63482b02f60fb1d38c357481de38ef82584e80658","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"6010c924a0a079945eec796465a7108119d512db74709ea0105ed19051c0f55a","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"b8adbc6c96f7bab9d4776711774b5143bdfc3a3799beaceaab0a18abcb65548e","src/fs/at.rs":"4ea39291c632c0856b3057a606a38de1acbfb91d920662459f287be91ad3e39d","src/fs/constants.rs":"e3a5b8309d79d66f30ac15747912b9c9e376f8e525046625849c1b3b5caa1f6f","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"81f899ab1d38cf5a53ad91980482a93f11cec2894050820b4543dfbf05760629","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"a975d59ed0672bd0cf90bc18bc793a99096984ff06c3c78614285823cb3842ef","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"00249594de42fd81bdd61ead2905395e5d8ccf6d6b7400a6ba1c44b2a8271b74","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"6314094d92d6a51ab14d9d67e72427f3bb778543f2bb12632fd02cf439d52c2d","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"1f52e78a1e620544425b1ae6e00112fc154a8287e2f26bac5ddd15941e228179","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/ioctl.rs":"87772d59d72d34f1c3a1c00f818199b52c960f5860ea9a1f8023c0e2ce5f6d12","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"57c6ba3ccc9bdeae05e8ed70a2d9cabd2dd38c5f387e20d91bcd0d13d0f1d23e","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"5c0bb009b5ea0cd36ac4f503f128db61d875945b267b5e04cec5e3abec7e46b7","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"5ec5efbe84eeb0a2a3e412b79c742bb80152c1dc9c956d031e9a4ebebd492112","src/net/send_recv/msg.rs":"b8ce63eaa32cb5d7f7b7fc2215b60b60ec9d17bc89fd37f0f940610a5f4c7840","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"34e897c7e22c8a45cca4e23fec35ab26b40ef440f083367c350a57adb82b803d","src/net/types.rs":"f5a4016b00ccbc60feaaa15b6cb0cae1a994f8049fbe7ec32c4c88423389ec27","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"1e54bbf54b8fa7b260087fcae8d7e1bc35c66e9a36a26d69dddcc468e3d593ee","src/pipe.rs":"966521978ee7a57a11412ca5bee1246ca26dd67a07e53318066a38fe0787f2e9","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"cf5974f174968ea668f73a2294231784d1ab8304ae4e79a70175372c0bc34fd2","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"d34f9399a2ef6f2dfca929dca72a83d888ff80523c62083b50a2cd10dc875fe6","src/procfs.rs":"ebfbbe22e0ba7a2b914abd474d73065f0c5aa6bddaebc55dd286b3e013349485","src/pty.rs":"408e9144151d7cf5589ed37f1c1864fa5be0d1312fd8be1c74db07782dc09b6c","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"fb552490e378420375fa1f2a3eb7de16ac0f5ff72b7d0d3c88275314fdc57d1c","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"19e0b60315ddc7d8f2b7aafc4f4c6a30b91a7cd8ec4d128ba38931aa74b00175","src/termios/ioctl.rs":"7c185486116981e8aaa8db5fecb8484220f4d12e1a24de43fc394f17b4cdfdd4","src/termios/mod.rs":"b358538190ccb451a9d3dbc76c2418efb659fe48a54bc7069e7908589dbf07ce","src/termios/tc.rs":"90cf7f3026d46aec296f4e65ead6b8739a6967a74521e47b18f251b588948947","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"97b7bd2d00dfcd5410c99b2b36de3fb1b67a5beebb2938cc94ee908e4bc8183c","src/thread/clock.rs":"780d24ce30bef7e85b2634dc57a9ef2a261d6ac7c255a9e6167f923fae369843","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"fd9c8ab917c82a8e0d6e6af22d2f6e5aa0d81d57632a460fd711a52f8ed2f47c","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ac946df9eeb67a89436c57c1620855f66a57bded194ba2110a2656a25ba87bbd","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"2fee202dc27f4566d1af81007855e48932af2cc37db3cff30e1a657b37439183","src/ugid.rs":"cef024d081c7bbd60a60b079eb581fdbca036a462f8c232e48e2959e2b854335","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"fbc6396159432b5c8490d4e301d8c705f61860b8b6c863bf79942ce5401968f3"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"b016dcc4465558f7bceb1eea94ae562acafa51c6d91f4bd6ace99a1a0075974c","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"62993d0e83773686d74488effddd72bd7256299e0ce913ae9bbf0704ee9f2120","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"5d470d6e1e65a33b6728a9d2135b7784ce725d3bd57a7ecbd552dfc80ddde0ac","src/backend/libc/c.rs":"6c73028cda171abe53917fe80ee1e627ff957bf29e5312b57be2a4d7050d1c92","src/backend/libc/conv.rs":"0b71622d51111c6be5d554e978d9ef6ba278e94241b53afe2fee390663b2425e","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"9b44a5b399cfa742b505f9f2d1400dac9f3d1afb1f253c23b250f08c0632e51b","src/backend/libc/event/syscalls.rs":"3755384de833dc10b381b8037efef3bd12aceaa41adb440cb7b1d5a81ef12066","src/backend/libc/event/types.rs":"5a520d60f67bf07be9229177ce872dc70bf366760a2b81fecba6d522b2179868","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"4f39ed719c0035e22153255f7529092bf604be0177a3d963311387a18555d967","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"32d88e3e1955e533b2c110d05e6b22e31663d9a543afc8c0bf9b5901ad1d8fed","src/backend/libc/fs/types.rs":"eaabd8ea89654bcb297379fbae57a0434e3964073ca468f245c55f2f9e3a476a","src/backend/libc/io/errno.rs":"b9b591870ea1db3224cd8dc654735a052d0ee44f513069f5c9ae09183b846f69","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"db3056b3cad7313b9ec22a1b3d389ad91ef474566f091a2c644a8d8769eee055","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"de5695cef84a6859408fb09291edb93d853ed1498fe31286648778509b99ffbb","src/backend/libc/mod.rs":"eb0a047cf46a67058c68e7f3d481160cf13a35a2bf68e657110332efc2550c61","src/backend/libc/net/addr.rs":"cf0d76b0d7a0b25f7f36f36dcefcaa4e20bcba70122d8951f2696a02e8b60d09","src/backend/libc/net/ext.rs":"ed4bc298ed7dadd0f319e97ef7707ab22841ca04edc9adfe9c8a209c20360072","src/backend/libc/net/mod.rs":"6b0b674552234f08605f92770f55476e528ec39dc0c4b8baf41ceff06191f2f3","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"a44060a2cfd10586c5d52cee4ce92b5f27a2cdaa35c0c82f8db7eda59f4ef470","src/backend/libc/net/send_recv.rs":"ad545056de837597e62905fb49113055819de6952d7802edaa9c98853620ef7b","src/backend/libc/net/syscalls.rs":"025c6a1fb554345e0c16626d43ae226aa44fac813a57020fcc4337f0ea509a46","src/backend/libc/net/write_sockaddr.rs":"f8440b13a051829924959495f69053a7c67d165f8f8d979826c693100a15478a","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"18a461da1c97a8d4fe3679ce3eafb8c647179e8190528de86500d1e00c28e75c","src/backend/libc/pipe/types.rs":"12a5abf55142a46fe9951d9abe9ded7799b4fc882faa51e6c28fc06704af6451","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"83c34a773946d721c32d1f10e19b60bcec740d4a4a6b19a76ee817e8337dca8b","src/backend/libc/process/types.rs":"46367723120e8c737f7097ad85b43bb9200f2b8159904eb52c341c5ea6075aae","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"301b19e788c102c86fa408100ab4121347ebacc2340b27e97cc55ddb1794de11","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"94228b0a8ca775e09312c885eea4a5a6a47463e1377d7d97bb6b49e1c03bf9cd","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"42fdb11063237ef21e57fba2590aae223a071281f0417f17a22d7337a39db03d","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"df0be657068311fb3e3932509fb2be4c31e9e861d24096ad6071eae2e501260c","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"4b95ea3e053b7cbeb76f445978743cf2e4b7807590e366d00135c838c5e08359","src/backend/libc/time/types.rs":"c6e70d21888bbb9cc7d6561cc272d797933960bede7d93d54e09dee48e0f31ef","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"8408861cf501637b7f0bdad5234d28ebe8d042f6815554b8d2fd3a8ee5c84e20","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"1613f74cdf3ee7f99456530327a4d9d5846b95072cff32aff386241f4659ecf6","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"1e6ca71e98b6f3fca91cee16ab473a2cf710f1ea55ad24649a3b1262ed276ec8","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/c.rs":"c30491601405d42fabd5fdfe50abd539dc7693bf326be9e17a31bb6d6192e356","src/backend/linux_raw/conv.rs":"e6af1903c5b4a0ce8d80909b04e0f47849768218c9969aa6e1dcf85bdd505711","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"c675dc5413428d2defd6752e99d210da83639779e853db209de6a1c08d35e0e7","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"76f0b4e6d46a5aa7907d783a794211124b6d2e7dd124cfb7170b24657e39d093","src/backend/linux_raw/fs/types.rs":"9410b0cb6e744820663660a8f2bacb8f477ebd5eb3b2c60e3519ba19b1c701d7","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"d82dfdef885e9b22bfbf605fce8ef2862604ef195dfdcdc0532c29426a188bd8","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"0d5815b725e51b5e16984e12852c125f14543c29bbd1a47b7e3b0ad95d711526","src/backend/linux_raw/mod.rs":"2abe0633534dc90a050595b8562bbc37a96559fdaf2e1491d1fa2cd52f0d4cb2","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"bbc7b021604feb515ba5fecb139f79935c94d3145d5115fee60f3055cf68ccb6","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"0a26b11f5ce794d85826a05b57187d333012246059f9d28a9cbbfbd2e93747c7","src/backend/linux_raw/param/libc_auxv.rs":"3b89394eb05d9f15ac23c16823666b12c5ce75ca29a6e4f3d66db2426d5e0d98","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"c499b47305ae7e25ed6fa3c760ce26cd64d985152615755706117f4d0a03d3d5","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0d7b3a3004ac84668296bfa8ad9c255f175e9fb380a59d5c8d248dc0f5b218aa","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"01c6d76b8ae36e8c936188011a13c31ca2ec61cb825b7da305d6e55356c260dd","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"55c38b348e19f049d7e65ef1fa7d9b50f9f0b6e87d32eda6f9bbc016274ef4c2","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"29deb1181e650885616928cf0b34207b644bb68bea99370e3e40d99cf6cd2f97","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"d50b761899f1d3cc4897d5cca868a8ad7e84a64d20aa46075cc0ae12f4bccdf3","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"4b35e46c58a8ac299c08250d5ceaaecec52a07be03f2d888bce2bc0581b498bc","src/clockid.rs":"598ebc50bdaf089e43fd1a0ad365c8ae1947c9a6cda0dea5273aafab32b33959","src/cstr.rs":"dc3e38fa056ce76df360c0e63482b02f60fb1d38c357481de38ef82584e80658","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"6010c924a0a079945eec796465a7108119d512db74709ea0105ed19051c0f55a","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"b8adbc6c96f7bab9d4776711774b5143bdfc3a3799beaceaab0a18abcb65548e","src/fs/at.rs":"4ea39291c632c0856b3057a606a38de1acbfb91d920662459f287be91ad3e39d","src/fs/constants.rs":"e3a5b8309d79d66f30ac15747912b9c9e376f8e525046625849c1b3b5caa1f6f","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"81f899ab1d38cf5a53ad91980482a93f11cec2894050820b4543dfbf05760629","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"a975d59ed0672bd0cf90bc18bc793a99096984ff06c3c78614285823cb3842ef","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"00249594de42fd81bdd61ead2905395e5d8ccf6d6b7400a6ba1c44b2a8271b74","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"6314094d92d6a51ab14d9d67e72427f3bb778543f2bb12632fd02cf439d52c2d","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"1f52e78a1e620544425b1ae6e00112fc154a8287e2f26bac5ddd15941e228179","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/ioctl.rs":"87772d59d72d34f1c3a1c00f818199b52c960f5860ea9a1f8023c0e2ce5f6d12","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"57c6ba3ccc9bdeae05e8ed70a2d9cabd2dd38c5f387e20d91bcd0d13d0f1d23e","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"5c0bb009b5ea0cd36ac4f503f128db61d875945b267b5e04cec5e3abec7e46b7","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"5ec5efbe84eeb0a2a3e412b79c742bb80152c1dc9c956d031e9a4ebebd492112","src/net/send_recv/msg.rs":"b8ce63eaa32cb5d7f7b7fc2215b60b60ec9d17bc89fd37f0f940610a5f4c7840","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"34e897c7e22c8a45cca4e23fec35ab26b40ef440f083367c350a57adb82b803d","src/net/types.rs":"f5a4016b00ccbc60feaaa15b6cb0cae1a994f8049fbe7ec32c4c88423389ec27","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"1e54bbf54b8fa7b260087fcae8d7e1bc35c66e9a36a26d69dddcc468e3d593ee","src/pipe.rs":"966521978ee7a57a11412ca5bee1246ca26dd67a07e53318066a38fe0787f2e9","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"cf5974f174968ea668f73a2294231784d1ab8304ae4e79a70175372c0bc34fd2","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"d34f9399a2ef6f2dfca929dca72a83d888ff80523c62083b50a2cd10dc875fe6","src/procfs.rs":"ebfbbe22e0ba7a2b914abd474d73065f0c5aa6bddaebc55dd286b3e013349485","src/pty.rs":"408e9144151d7cf5589ed37f1c1864fa5be0d1312fd8be1c74db07782dc09b6c","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"fb552490e378420375fa1f2a3eb7de16ac0f5ff72b7d0d3c88275314fdc57d1c","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"19e0b60315ddc7d8f2b7aafc4f4c6a30b91a7cd8ec4d128ba38931aa74b00175","src/termios/ioctl.rs":"7c185486116981e8aaa8db5fecb8484220f4d12e1a24de43fc394f17b4cdfdd4","src/termios/mod.rs":"b358538190ccb451a9d3dbc76c2418efb659fe48a54bc7069e7908589dbf07ce","src/termios/tc.rs":"90cf7f3026d46aec296f4e65ead6b8739a6967a74521e47b18f251b588948947","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"97b7bd2d00dfcd5410c99b2b36de3fb1b67a5beebb2938cc94ee908e4bc8183c","src/thread/clock.rs":"780d24ce30bef7e85b2634dc57a9ef2a261d6ac7c255a9e6167f923fae369843","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"fd9c8ab917c82a8e0d6e6af22d2f6e5aa0d81d57632a460fd711a52f8ed2f47c","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ac946df9eeb67a89436c57c1620855f66a57bded194ba2110a2656a25ba87bbd","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"2fee202dc27f4566d1af81007855e48932af2cc37db3cff30e1a657b37439183","src/ugid.rs":"cef024d081c7bbd60a60b079eb581fdbca036a462f8c232e48e2959e2b854335","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"fbc6396159432b5c8490d4e301d8c705f61860b8b6c863bf79942ce5401968f3"} +\ No newline at end of file +diff --git a/vendor/rustix/src/backend/libc/fs/dir.rs b/vendor/rustix/src/backend/libc/fs/dir.rs +index c8a4d77c9..fcc43e55d 100644 +--- a/vendor/rustix/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix/src/backend/libc/fs/dir.rs +@@ -29,8 +29,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -42,20 +47,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -67,13 +87,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -81,6 +107,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -114,7 +141,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -127,14 +154,14 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` +@@ -143,7 +170,7 @@ impl Dir { + #[cfg_attr(doc_cfg, doc(cfg(feature = "process")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -156,7 +183,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -172,7 +199,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -284,3 +311,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::CWD, ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix/src/backend/linux_raw/fs/dir.rs b/vendor/rustix/src/backend/linux_raw/fs/dir.rs +index 4df589af5..ea1017957 100644 +--- a/vendor/rustix/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix/src/backend/linux_raw/fs/dir.rs +@@ -18,9 +18,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -38,25 +46,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -78,7 +100,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -225,3 +264,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::CWD, ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index c44d8fa702d..920fd0443cc 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -9,7 +9,7 @@ Summary: Rust Programming Language Name: rust Version: 1.72.0 -Release: 8%{?dist} +Release: 9%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -44,6 +44,7 @@ Source7: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{sta Patch0: CVE-2023-45853.patch Patch1: CVE-2024-32884.patch Patch2: CVE-2024-31852.patch +Patch3: CVE-2024-43806.patch BuildRequires: binutils BuildRequires: cmake @@ -171,6 +172,9 @@ rm %{buildroot}%{_bindir}/*.old %{_mandir}/man1/* %changelog +* Fri Nov 22 2024 Tobias Brick - 1.72.0-9 +- Patch CVE-2024-43806 + * Thu Aug 08 2024 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 1.72.0-8 - Patch CVE-2024-32884 and CVE-2024-31852 From 7b804dd23c8f36e56f93db507c4959bd88388e4a Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:48:34 -0800 Subject: [PATCH 32/43] [AUTO-CHERRYPICK] cert-manager: patch CVE-2024-45337 - branch main (#11661) Co-authored-by: Andrew Phelps --- SPECS/cert-manager/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++ SPECS/cert-manager/cert-manager.spec | 6 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 SPECS/cert-manager/CVE-2024-45337.patch diff --git a/SPECS/cert-manager/CVE-2024-45337.patch b/SPECS/cert-manager/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/cert-manager/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec index de7595a54f5..0dcc2d48ece 100644 --- a/SPECS/cert-manager/cert-manager.spec +++ b/SPECS/cert-manager/cert-manager.spec @@ -1,7 +1,7 @@ Summary: Automatically provision and manage TLS certificates in Kubernetes Name: cert-manager Version: 1.11.2 -Release: 15%{?dist} +Release: 16%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -28,6 +28,7 @@ Patch5: CVE-2023-3978.patch Patch6: CVE-2024-24786.patch Patch7: CVE-2024-28180.patch Patch8: CVE-2023-2253.patch +Patch9: CVE-2024-45337.patch BuildRequires: golang Requires: %{name}-acmesolver Requires: %{name}-cainjector @@ -120,6 +121,9 @@ install -D -m0755 bin/webhook %{buildroot}%{_bindir}/ %{_bindir}/webhook %changelog +* Tue Dec 17 2024 Andrew Phelps - 1.11.2-16 +- Add patch for CVE-2024-45337 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.11.2-15 - Bump release to rebuild with go 1.22.7 From 5823c31d206cf7d9a4889c07c9e32793ebde3ca4 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 23 Dec 2024 15:09:12 +0100 Subject: [PATCH 33/43] Fixed `golang.org/x/crypto` and `golang.org/x/net` vulnerabilities. (#11679) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- toolkit/tools/go.mod | 8 ++++---- toolkit/tools/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod index 5f53072b218..f5860e9fe65 100644 --- a/toolkit/tools/go.mod +++ b/toolkit/tools/go.mod @@ -22,7 +22,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/ulikunitz/xz v0.5.10 - golang.org/x/sys v0.21.0 + golang.org/x/sys v0.28.0 gonum.org/v1/gonum v0.15.0 gopkg.in/alecthomas/kingpin.v2 v2.2.6 gopkg.in/ini.v1 v1.67.0 @@ -48,8 +48,8 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rivo/uniseg v0.1.0 // indirect github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 // indirect - golang.org/x/crypto v0.24.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/text v0.21.0 // indirect ) diff --git a/toolkit/tools/go.sum b/toolkit/tools/go.sum index 88fbb4c6f23..da0e2a5c9cd 100644 --- a/toolkit/tools/go.sum +++ b/toolkit/tools/go.sum @@ -90,12 +90,12 @@ github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 h1:w8V9v0qVympSF6GjdjIyeqR7+EVhAF9CBQmkmW7Zw0w= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191018095205-727590c5006e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -103,12 +103,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gonum.org/v1/gonum v0.15.0 h1:2lYxjRbTYyxkJxlhC+LvJIx3SsANPdRybu1tGj9/OrQ= gonum.org/v1/gonum v0.15.0/go.mod h1:xzZVBJBtS+Mz4q0Yl2LJTk+OxOg4jiXZ7qBoM0uISGo= From 842e4f4a71fe8854122d06b7710d8086d951b89b Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Fri, 27 Dec 2024 15:22:54 +0100 Subject: [PATCH 34/43] Added missing `Obsoletes: dbus-x11` in `dbus.spec` (#11719) --- SPECS/dbus/dbus.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SPECS/dbus/dbus.spec b/SPECS/dbus/dbus.spec index 546034cf550..2c419a09b2a 100644 --- a/SPECS/dbus/dbus.spec +++ b/SPECS/dbus/dbus.spec @@ -2,7 +2,7 @@ Summary: DBus for systemd Name: dbus Version: 1.15.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ OR AFL Vendor: Microsoft Corporation Distribution: Mariner @@ -23,7 +23,8 @@ Recommends: systemd Provides: dbus-libs = %{version}-%{release} # NOTE: We currently do not build with X11 support. # build with X11 support in the future. -Provides: %{name}-x11 +Provides: %{name}-x11 = %{version}-%{release} +Obsoletes: %{name}-x11 <= 1.14.0-1%{?dist} %description The dbus package contains dbus. @@ -86,6 +87,9 @@ make %{?_smp_mflags} check %{_libdir}/*.so %changelog +* Mon Dec 23 2024 Pawel Winogrodzki - 1.15.6-2 +- Obsolete older 'dbus-x11'. + * Thu Dec 28 2023 Neha Agarwal - 1.15.6-1 - Update to v1.15.6 to fix CVE-2023-34969 From de75a332f483841afa4016932cb98749314a0df8 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 6 Jan 2025 20:44:18 +0100 Subject: [PATCH 35/43] Updated PR checks to use Python 3.9. (#11793) --- .github/workflows/check-entangled-specs.yml | 4 ++-- .github/workflows/lint-specs.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-entangled-specs.yml b/.github/workflows/check-entangled-specs.yml index fc0962302ad..dfb8529fec3 100644 --- a/.github/workflows/check-entangled-specs.yml +++ b/.github/workflows/check-entangled-specs.yml @@ -25,10 +25,10 @@ jobs: uses: actions/checkout@v4 # For consistency, we use the same major/minor version of Python that CBL-Mariner ships - - name: Setup Python 3.7 + - name: Setup Python 3.9 uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.9 - name: Get Python dependencies run: python3 -m pip install -r toolkit/scripts/requirements.txt diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index 887bb0812ce..a415a239109 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -62,10 +62,10 @@ jobs: path: 'spec-cleaner' # For consistency, we use the same major/minor version of Python that CBL-Mariner ships - - name: Setup Python 3.7 + - name: Setup Python 3.9 uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.9 # We take our version of the linting tool from the master branch to ensure rules # are consistent across all branches From cb0dc8dfa502a49a0ae43951eddcd4ef07d71c6d Mon Sep 17 00:00:00 2001 From: Riken Maharjan <106988478+rikenm1@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:37:24 -0800 Subject: [PATCH 36/43] Move Golang changes to fasttrack/2.0 (#11799) Co-authored-by: jslobodzian --- SPECS/msft-golang/msft-golang.signatures.json | 2 +- SPECS/msft-golang/msft-golang.spec | 8 ++++++-- cgmanifest.json | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/SPECS/msft-golang/msft-golang.signatures.json b/SPECS/msft-golang/msft-golang.signatures.json index d92ca320b25..5f7c3962023 100644 --- a/SPECS/msft-golang/msft-golang.signatures.json +++ b/SPECS/msft-golang/msft-golang.signatures.json @@ -2,7 +2,7 @@ "Signatures": { "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95", "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd", - "go1.22.8-20241001.6.src.tar.gz": "549a43643849c73ffd8579d63e2e3488428f0a4c436169abe02be01a3dbd41c8", + "go1.22.10-20241203.4.src.tar.gz": "3a6318a0ff28798a1b1797b8d22c4f9604cae2088000c39a6875b2598ec4ab22", "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" } } \ No newline at end of file diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec index 6921a3af739..938d75c839a 100644 --- a/SPECS/msft-golang/msft-golang.spec +++ b/SPECS/msft-golang/msft-golang.spec @@ -1,7 +1,8 @@ %global goroot %{_libdir}/golang %global gopath %{_datadir}/gocode -%global ms_go_filename go1.22.8-20241001.6.src.tar.gz +%global ms_go_filename go1.22.10-20241203.4.src.tar.gz %global ms_go_revision 1 +%global go_priority %(echo %{version}.%{ms_go_revision} | tr -d .) %ifarch aarch64 %global gohostarch arm64 %else @@ -14,7 +15,7 @@ %define __find_requires %{nil} Summary: Go Name: msft-golang -Version: 1.22.8 +Version: 1.22.10 Release: 1%{?dist} License: BSD Vendor: Microsoft Corporation @@ -153,6 +154,9 @@ fi %{_bindir}/* %changelog +* Mon Jan 06 2025 Riken Maharjan - 1.22.10-1 +- Bump version to 1.22.10-1 + * Thu Oct 24 2024 CBL-Mariner Servicing Account - 1.22.8-1 - Auto-upgrade to 1.22.8 - To fix CVE-2022-41717 diff --git a/cgmanifest.json b/cgmanifest.json index 422f809c609..591396ed126 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -13673,8 +13673,8 @@ "type": "other", "other": { "name": "msft-golang", - "version": "1.22.8", - "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.8-1/go1.22.8-20241001.6.src.tar.gz" + "version": "1.22.10", + "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.10-1/go1.22.10-20241203.4.src.tar.gz" } } }, From b94dca48c58ae7a0f7175ef3becc9b0a6fe10a88 Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Wed, 8 Jan 2025 01:09:20 +0530 Subject: [PATCH 37/43] Patch telegraf for CVE-2024-45337 & CVE-2024-45338 (#11781) Co-authored-by: jslobodzian --- SPECS/telegraf/CVE-2024-45337.patch | 79 ++++++++++++++++++++++++++++ SPECS/telegraf/CVE-2024-45338.patch | 80 +++++++++++++++++++++++++++++ SPECS/telegraf/telegraf.spec | 7 ++- 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 SPECS/telegraf/CVE-2024-45337.patch create mode 100644 SPECS/telegraf/CVE-2024-45338.patch diff --git a/SPECS/telegraf/CVE-2024-45337.patch b/SPECS/telegraf/CVE-2024-45337.patch new file mode 100644 index 00000000000..1c99f069547 --- /dev/null +++ b/SPECS/telegraf/CVE-2024-45337.patch @@ -0,0 +1,79 @@ +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c2dfe326..39dcc095 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the +-- +2.25.1 + diff --git a/SPECS/telegraf/CVE-2024-45338.patch b/SPECS/telegraf/CVE-2024-45338.patch new file mode 100644 index 00000000000..f091755ef68 --- /dev/null +++ b/SPECS/telegraf/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a9..bca3ae9a 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9dc..e8515d8e 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 46a89eda..5b8374bf 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec index 2a71676daa0..456d9d9e5a6 100644 --- a/SPECS/telegraf/telegraf.spec +++ b/SPECS/telegraf/telegraf.spec @@ -1,7 +1,7 @@ Summary: agent for collecting, processing, aggregating, and writing metrics. Name: telegraf Version: 1.29.4 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -17,6 +17,8 @@ Patch3: CVE-2024-35255.patch Patch4: CVE-2024-37298.patch Patch5: CVE-2024-24786.patch Patch6: CVE-2024-28180.patch +Patch7: CVE-2024-45337.patch +Patch8: CVE-2024-45338.patch BuildRequires: golang BuildRequires: iana-etc BuildRequires: systemd-devel @@ -87,6 +89,9 @@ fi %dir %{_sysconfdir}/%{name}/telegraf.d %changelog +* Mon Jan 06 2025 Sumedh Sharma - 1.29.4-10 +- Add patch for CVE-2024-45337 & CVE-2024-45338. + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.29.4-9 - Bump release to rebuild with go 1.22.7 From 9fee92b75650c2df1247d2730ac3309afb4a0f29 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 8 Jan 2025 02:45:42 +0100 Subject: [PATCH 38/43] Made `PackageBuild.yml` accept arbitrary input sources. (#11794) --- .pipelines/prchecks/PackageBuildPRCheck.yml | 48 ++++++++++++++++--- .pipelines/templates/PackageBuild.yml | 40 ++++++---------- .../templatesWithCheckout/SodiffCheck.yml | 13 ++--- 3 files changed, 59 insertions(+), 42 deletions(-) diff --git a/.pipelines/prchecks/PackageBuildPRCheck.yml b/.pipelines/prchecks/PackageBuildPRCheck.yml index ea1426f5c3a..c3d412d897f 100644 --- a/.pipelines/prchecks/PackageBuildPRCheck.yml +++ b/.pipelines/prchecks/PackageBuildPRCheck.yml @@ -80,9 +80,11 @@ extends: # GCC fails to build as a regular package. ignoredSpecs: ["gcc"] - - script: echo "##vso[task.setvariable variable=toolchainArtifactName;isOutput=true]$(ob_artifactBaseName)" + - script: | + echo "##vso[task.setvariable variable=toolchainArtifactName;isOutput=true]$(ob_artifactBaseName)" + echo "##vso[task.setvariable variable=toolchainTarballName;isOutput=true]toolchain_built_rpms_all.tar.gz" name: "ToolchainArtifactName" - displayName: "Set variable for published artifact name" + displayName: "Set variables for published toolchain tarball" # 1. Automatic publishing won't work if 'isCustom: true' is set on the pool. We cannot do 'isCustom: false' because # then OneBranch attempts to perform additional actions (adding build tags for instance), which require additional permissions @@ -104,24 +106,38 @@ extends: isCustom: true name: ${{ configuration.agentPool }} variables: + inputArtifactsLocation: $(Agent.TempDirectory) ob_artifactBaseName: $(rpmsArtifactNameBase)_${{ configuration.name }}_$(System.JobAttempt) ob_outputDirectory: $(Build.ArtifactStagingDirectory) + outputRPMsTarballName: "rpms.tar.gz" toolchainArtifactName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainArtifactName'] ] + toolchainTarballName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainTarballName'] ] steps: + - task: DownloadPipelineArtifact@2 + displayName: "Download toolchain" + inputs: + artifact: $(toolchainArtifactName) + patterns: "**/$(toolchainTarballName)" + targetPath: $(inputArtifactsLocation) + - template: .pipelines/templates/PackageBuild.yml@self parameters: checkBuildRetries: "1" - customToolchainArtifactName: $(toolchainArtifactName) + customToolchainTarballName: $(toolchainTarballName) + inputArtifactsFolder: $(inputArtifactsLocation) isCheckBuild: true isQuickRebuildPackages: true isUseCCache: true maxCPU: "${{ configuration.maxCPUs }}" outputArtifactsFolder: $(ob_outputDirectory) + outputRPMsTarballName: $(outputRPMsTarballName) pipArtifactFeeds: "mariner/Mariner-Pypi-Feed" selfRepoName: self testSuiteName: "[${{ configuration.name }}] Package test" - - script: echo "##vso[task.setvariable variable=rpmsArtifactName;isOutput=true]$(ob_artifactBaseName)" + - script: | + echo "##vso[task.setvariable variable=rpmsArtifactName;isOutput=true]$(ob_artifactBaseName)" + echo "##vso[task.setvariable variable=rpmsTarballName;isOutput=true]$(outputRPMsTarballName)" name: "RPMsArtifactName" displayName: "Set variable for published artifact name" @@ -142,15 +158,25 @@ extends: isCustom: true name: ${{ configuration.agentPool }} variables: + inputArtifactsLocation: $(Agent.TempDirectory) ob_artifactBaseName: $(toolchainTestsArtifactNameBase)_${{ configuration.name }}_$(System.JobAttempt) ob_outputDirectory: $(Build.ArtifactStagingDirectory) testListFromToolchain: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['CalculateToolchainPackageRetestList.toolchainPackageRetestList'] ] toolchainArtifactName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainArtifactName'] ] + toolchainTarballName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainTarballName'] ] steps: + - task: DownloadPipelineArtifact@2 + displayName: "Download toolchain" + inputs: + artifact: $(toolchainArtifactName) + patterns: "**/$(toolchainTarballName)" + targetPath: $(inputArtifactsLocation) + - template: .pipelines/templates/PackageBuild.yml@self parameters: checkBuildRetries: "1" - customToolchainArtifactName: $(toolchainArtifactName) + customToolchainTarballName: $(toolchainTarballName) + inputArtifactsFolder: $(inputArtifactsLocation) isAllowToolchainRebuilds: true isCheckBuild: true isQuickRebuildPackages: true @@ -179,8 +205,18 @@ extends: isCustom: true name: ${{ configuration.agentPool }} variables: + inputArtifactsLocation: $(Agent.TempDirectory) rpmsArtifactName: $[ stageDependencies.RPMs_${{ configuration.name }}.BuildAndTest.outputs['RPMsArtifactName.rpmsArtifactName'] ] + rpmsTarballName: $[ stageDependencies.RPMs_${{ configuration.name }}.BuildAndTest.outputs['RPMsArtifactName.rpmsTarballName'] ] steps: + - task: DownloadPipelineArtifact@2 + displayName: "Download RPMs tarball" + inputs: + artifact: $(rpmsArtifactName) + patterns: "**/$(rpmsTarballName)" + targetPath: $(inputArtifactsLocation) + - template: .pipelines/templatesWithCheckout/SodiffCheck.yml@self parameters: - inputArtifactName: $(rpmsArtifactName) + inputArtifactsFolder: $(inputArtifactsLocation) + inputRPMsTarballName: $(rpmsTarballName) diff --git a/.pipelines/templates/PackageBuild.yml b/.pipelines/templates/PackageBuild.yml index 4ce30b7e65f..abb9ac1d9ca 100644 --- a/.pipelines/templates/PackageBuild.yml +++ b/.pipelines/templates/PackageBuild.yml @@ -14,13 +14,9 @@ parameters: type: number default: 12 - - name: customToolchainArtifactName - type: string - default: "" - - name: customToolchainTarballName type: string - default: "toolchain_built_rpms_all.tar.gz" + default: "" - name: extraPackageRepos type: string @@ -30,12 +26,16 @@ parameters: type: boolean default: true - - name: inputCacheArtifacts + - name: inputArtifactsFolder + type: string + default: "$(Agent.TempDirectory)" + + - name: inputCacheRPMsTarballs type: object default: [] # Sample: - # - name: build-artifacts - # rpmsTarball: cache.tar.gz + # - cache.tar.gz + # - cache2.tar.gz - name: isAllowToolchainRebuilds type: string @@ -160,15 +160,9 @@ steps: artifactFeeds: "${{ parameters.pipArtifactFeeds }}" displayName: "Authenticate to custom pip artifact feeds" - - ${{ if parameters.customToolchainArtifactName }}: - - task: DownloadPipelineArtifact@2 - displayName: "Download toolchain" - inputs: - artifact: "${{ parameters.customToolchainArtifactName }}" - patterns: "**/${{ parameters.customToolchainTarballName }}" - + - ${{ if parameters.customToolchainTarballName }}: - script: | - toolchain_archive="$(find "$(Pipeline.Workspace)" -name "${{ parameters.customToolchainTarballName }}" -print -quit)" + toolchain_archive="$(find "${{ parameters.inputArtifactsFolder }}" -name "${{ parameters.customToolchainTarballName }}" -print -quit)" if [[ ! -f "$toolchain_archive" ]]; then echo "ERROR: toolchain archive not found!" >&2 exit 1 @@ -178,17 +172,11 @@ steps: sudo make -C "${{ parameters.buildRepoRoot }}/toolkit" toolchain TOOLCHAIN_ARCHIVE="$toolchain_archive" displayName: "Populate toolchain" - - ${{ each inputCacheArtifact in parameters.inputCacheArtifacts }}: - - task: DownloadPipelineArtifact@2 - displayName: "Download input cache RPM from ${{ inputCacheArtifact.name }}" - inputs: - artifact: "${{ inputCacheArtifact.name }}" - patterns: "**/${{ inputCacheArtifact.rpmsTarball }}" - + - ${{ each inputCacheRPMsTarball in parameters.inputCacheRPMsTarballs }}: - script: | - rpms_archive="$(find "$(Pipeline.Workspace)" -name "${{ inputCacheArtifact.rpmsTarball }}" -print -quit)" + rpms_archive="$(find "${{ parameters.inputArtifactsFolder }}" -name "${{ inputCacheRPMsTarball }}" -print -quit)" if [[ ! -f "$rpms_archive" ]]; then - echo "ERROR: cache RPMs archive '${{ inputCacheArtifact.rpmsTarball }}' not found!" >&2 + echo "ERROR: cache RPMs archive '${{ inputCacheRPMsTarball }}' not found!" >&2 exit 1 fi @@ -200,7 +188,7 @@ steps: check_build_retries_arg="CHECK_BUILD_RETRIES=${{ parameters.checkBuildRetries }}" fi - if [[ -n "${{ parameters.customToolchainArtifactName }}" ]]; then + if [[ -n "${{ parameters.customToolchainTarballName }}" ]]; then toolchain_archive_arg="TOOLCHAIN_ARCHIVE=$(toolchainArchive)" fi diff --git a/.pipelines/templatesWithCheckout/SodiffCheck.yml b/.pipelines/templatesWithCheckout/SodiffCheck.yml index 76971d60407..58ed7295167 100644 --- a/.pipelines/templatesWithCheckout/SodiffCheck.yml +++ b/.pipelines/templatesWithCheckout/SodiffCheck.yml @@ -6,8 +6,9 @@ parameters: type: string default: "$(Build.SourcesDirectory)" - - name: inputArtifactName + - name: inputArtifactsFolder type: string + default: "$(Agent.TempDirectory)" - name: inputRPMsTarballName type: string @@ -26,19 +27,11 @@ parameters: default: "$(Agent.TempDirectory)/SourcesWorkspace" steps: - - task: DownloadPipelineArtifact@2 - displayName: "Download sources for signing" - inputs: - artifact: ${{ parameters.inputArtifactName }} - patterns: | - **/${{ parameters.inputRPMsTarballName }} - targetPath: "$(Agent.TempDirectory)" - - script: | set -e mkdir -p "${{ parameters.sourcesWorkspace }}" - find "$(Agent.TempDirectory)" -name "${{ parameters.inputRPMsTarballName }}" -print0 | xargs -0 -n 1 tar -C "${{ parameters.sourcesWorkspace }}" -xkf + find "${{ parameters.inputArtifactsFolder }}" -name "${{ parameters.inputRPMsTarballName }}" -print0 | xargs -0 -n 1 tar -C "${{ parameters.sourcesWorkspace }}" -xkf displayName: "Extract sources tarball" - script: | From 98b7fda4cf0b8e1377711063d9f34c1a8e727c50 Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Thu, 9 Jan 2025 01:26:32 +0530 Subject: [PATCH 39/43] socat: address CVE-2024-54661 (#11730) Signed-off-by: Muhammad Falak R Wani Co-authored-by: jslobodzian --- SPECS/socat/CVE-2024-54661.patch | 37 ++++++++++++++++++++++++++++++++ SPECS/socat/socat.spec | 8 +++++-- 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 SPECS/socat/CVE-2024-54661.patch diff --git a/SPECS/socat/CVE-2024-54661.patch b/SPECS/socat/CVE-2024-54661.patch new file mode 100644 index 00000000000..33c0f20e99e --- /dev/null +++ b/SPECS/socat/CVE-2024-54661.patch @@ -0,0 +1,37 @@ +From be474a81dc2d9010ac16f9690f97cf7ff68b36d7 Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Sun, 29 Dec 2024 17:47:45 +0530 +Subject: [PATCH] CVE-2024-54661: Arbitrary file overwrite in readline.sh + +Link: https://repo.or.cz/socat.git/commit/4ee1f31cf80019c5907876576d6dfd49368d660f +Author: Gerhard Rieger +Signed-off-by: Muhammad Falak R Wani +--- + readline.sh | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/readline.sh b/readline.sh +index b6f8438..1045303 100755 +--- a/readline.sh ++++ b/readline.sh +@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then + else + HISTOPT= + fi +-mkdir -p /tmp/$USER || exit 1 + # + # + +-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2 ++if test -w .; then ++ STDERR=./socat-readline.${1##*/}.log ++ rm -f $STDERR ++else ++ STDERR=/dev/null ++fi ++ ++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR + +-- +2.40.1 + diff --git a/SPECS/socat/socat.spec b/SPECS/socat/socat.spec index f6902ed92ab..2c1e8e6d5c7 100644 --- a/SPECS/socat/socat.spec +++ b/SPECS/socat/socat.spec @@ -1,19 +1,20 @@ Summary: Multipurpose relay (SOcket CAT) Name: socat Version: 1.7.4.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL2 Vendor: Microsoft Corporation Distribution: Mariner Group: Applications/Internet URL: http://www.dest-unreach.org/socat Source0: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz +Patch0: CVE-2024-54661.patch %description Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes. %prep -%setup -q +%autosetup -p1 %build ./configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir} @@ -36,6 +37,9 @@ make %{?_smp_mflags} test %{_mandir}/man1/* %changelog +* Sun Dec 29 2024 Muhammad Falak - 1.7.4.3-2 +- Patch CVE-2024-54661 + * Mon Jan 24 2022 Neha Agarwal - 1.7.4.3-1 - Update to version 1.7.4.3. From 07463a4aa268d24bccaa526f6b5e27dfe4fcb52c Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Thu, 9 Jan 2025 01:28:02 +0530 Subject: [PATCH 40/43] Patch terraform for CVE-2024-45338 (#11780) Co-authored-by: jslobodzian --- SPECS/terraform/CVE-2024-45338.patch | 80 ++++++++++++++++++++++++++++ SPECS/terraform/terraform.spec | 6 ++- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 SPECS/terraform/CVE-2024-45338.patch diff --git a/SPECS/terraform/CVE-2024-45338.patch b/SPECS/terraform/CVE-2024-45338.patch new file mode 100644 index 00000000000..c2fb46031c5 --- /dev/null +++ b/SPECS/terraform/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a..bca3ae9 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9d..e8515d8 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 038941d..cb012d8 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/terraform/terraform.spec b/SPECS/terraform/terraform.spec index bb409a78f64..71921630f92 100644 --- a/SPECS/terraform/terraform.spec +++ b/SPECS/terraform/terraform.spec @@ -1,7 +1,7 @@ Summary: Infrastructure as code deployment management tool Name: terraform Version: 1.3.2 -Release: 20%{?dist} +Release: 21%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -34,6 +34,7 @@ Patch3: CVE-2024-6104.patch Patch4: CVE-2022-32149.patch Patch5: CVE-2023-4782.patch Patch6: CVE-2024-24786.patch +Patch7: CVE-2024-45338.patch %global debug_package %{nil} %define our_gopath %{_topdir}/.gopath @@ -67,6 +68,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./terraform %{_bindir}/terraform %changelog +* Mon Jan 06 2025 Sumedh Sharma - 1.3.2-21 +- Add patch for CVE-2024-45338 + * Wed Dec 04 2024 bhapathak - 1.3.2-20 - Patch CVE-2024-24786 From bd7017f898c82c4460adcd99d14dd38118f6850d Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Thu, 9 Jan 2025 01:30:31 +0530 Subject: [PATCH 41/43] Patch influxdb for CVE-2024-45338 (#11766) Co-authored-by: jslobodzian --- SPECS/influxdb/CVE-2024-45338.patch | 80 +++++++++++++++++++++++++++++ SPECS/influxdb/influxdb.spec | 6 ++- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 SPECS/influxdb/CVE-2024-45338.patch diff --git a/SPECS/influxdb/CVE-2024-45338.patch b/SPECS/influxdb/CVE-2024-45338.patch new file mode 100644 index 00000000000..c2fb46031c5 --- /dev/null +++ b/SPECS/influxdb/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a..bca3ae9 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9d..e8515d8 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 038941d..cb012d8 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 82a3858e772..1d0574464f2 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -58,6 +58,7 @@ Source6: influxdb-user.conf Patch0: CVE-2024-6104.patch Patch1: CVE-2022-32149.patch Patch2: CVE-2024-24786.patch +Patch3: CVE-2024-45338.patch BuildRequires: clang BuildRequires: golang <= 1.18.8 BuildRequires: kernel-headers @@ -147,6 +148,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Fri Jan 03 2025 Sumedh Sharma - 2.6.1-19 +- Add patch for CVE-2024-45338 + * Mon Dec 09 2024 Kavya Sree Kaitepalli - 2.6.1-18 - Patch for CVE-2024-24786 From ee194d9ed7b0d839685e61840c784eba4dfd0a7b Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Thu, 9 Jan 2025 01:31:07 +0530 Subject: [PATCH 42/43] Patch containerized-data-importer for CVE-2024-45338 (#11778) Co-authored-by: jslobodzian --- .../CVE-2024-45338.patch | 80 +++++++++++++++++++ .../containerized-data-importer.spec | 6 +- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 SPECS/containerized-data-importer/CVE-2024-45338.patch diff --git a/SPECS/containerized-data-importer/CVE-2024-45338.patch b/SPECS/containerized-data-importer/CVE-2024-45338.patch new file mode 100644 index 00000000000..c2fb46031c5 --- /dev/null +++ b/SPECS/containerized-data-importer/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a..bca3ae9 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9d..e8515d8 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 038941d..cb012d8 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index fc6de401ba8..9a5c8999578 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -18,7 +18,7 @@ Summary: Container native virtualization Name: containerized-data-importer Version: 1.55.0 -Release: 21%{?dist} +Release: 22%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -38,6 +38,7 @@ Patch1: CVE-2024-3727.patch Patch2: CVE-2022-41717.patch Patch3: CVE-2022-32149.patch Patch4: CVE-2024-28180.patch +Patch5: CVE-2024-45338.patch %description Containerized-Data-Importer (CDI) is a persistent storage management add-on for Kubernetes @@ -205,6 +206,9 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_datadir}/cdi/manifests %changelog +* Mon Jan 06 2025 Sumedh Sharma - 1.55.0-22 +- Add patch for CVE-2024-45338 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.55.0-21 - Bump release to rebuild with go 1.22.7 From 7b739b6039357b4b6b37547570afb64272571865 Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Thu, 9 Jan 2025 01:31:32 +0530 Subject: [PATCH 43/43] Patch kubernetes for CVE-2024-45338 (#11765) Co-authored-by: jslobodzian --- SPECS/kubernetes/CVE-2024-45338.patch | 80 +++++++++++++++++++++++++++ SPECS/kubernetes/kubernetes.spec | 6 +- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 SPECS/kubernetes/CVE-2024-45338.patch diff --git a/SPECS/kubernetes/CVE-2024-45338.patch b/SPECS/kubernetes/CVE-2024-45338.patch new file mode 100644 index 00000000000..f091755ef68 --- /dev/null +++ b/SPECS/kubernetes/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a9..bca3ae9a 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9dc..e8515d8e 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 46a89eda..5b8374bf 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/kubernetes/kubernetes.spec b/SPECS/kubernetes/kubernetes.spec index 3b018cc3b52..b40fd5fd053 100644 --- a/SPECS/kubernetes/kubernetes.spec +++ b/SPECS/kubernetes/kubernetes.spec @@ -10,7 +10,7 @@ Summary: Microsoft Kubernetes Name: kubernetes Version: 1.28.4 -Release: 12%{?dist} +Release: 13%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -24,6 +24,7 @@ Patch2: CVE-2023-5408.patch Patch3: CVE-2023-45288.patch Patch4: CVE-2024-28180.patch Patch5: CVE-2024-24786.patch +Patch6: CVE-2024-45338.patch BuildRequires: flex-devel BuildRequires: glibc-static >= 2.35-7%{?dist} BuildRequires: golang @@ -270,6 +271,9 @@ fi %{_exec_prefix}/local/bin/pause %changelog +* Fri Jan 03 2025 Sumedh Sharma - 1.28.4-13 +- Add patch for CVE-2024-45338 + * Mon Oct 14 2024 Henry Li - 1.28.4-12 - Add patch to resolve CVE-2024-24786