From 822acd094386260b3de9261e6458ec723218c0ee Mon Sep 17 00:00:00 2001 From: Minghe Ren Date: Tue, 10 Dec 2024 22:32:19 -0800 Subject: [PATCH 01/36] Cloud-init add module-setup.sh azure module for dracut to run (#11397) Co-authored-by: minghe --- SPECS/cloud-init/cloud-init.signatures.json | 3 ++- SPECS/cloud-init/cloud-init.spec | 13 ++++++++++++- SPECS/cloud-init/module-setup.sh | 15 +++++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 SPECS/cloud-init/module-setup.sh diff --git a/SPECS/cloud-init/cloud-init.signatures.json b/SPECS/cloud-init/cloud-init.signatures.json index 0a4179948c9..816bf9f2cab 100644 --- a/SPECS/cloud-init/cloud-init.signatures.json +++ b/SPECS/cloud-init/cloud-init.signatures.json @@ -1,6 +1,7 @@ { "Signatures": { "10-azure-kvp.cfg": "79e0370c010be5cd4717960e4b414570c9ec6e6d29aede77ccecc43d2b03bb9a", - "cloud-init-23.3.tar.gz": "1a5a54369f78891b79f43061c1ff0fb31e2bd74ff9527d7150ddd6517c3e2b07" + "cloud-init-23.3.tar.gz": "1a5a54369f78891b79f43061c1ff0fb31e2bd74ff9527d7150ddd6517c3e2b07", + "module-setup.sh": "aee825f849ce35a5a178cf095c2b9c46e586d50082f681d7f8d2c5d769c2f592" } } diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec index 04e50b4f6a8..7ffd74c0f7c 100644 --- a/SPECS/cloud-init/cloud-init.spec +++ b/SPECS/cloud-init/cloud-init.spec @@ -5,7 +5,7 @@ Summary: Cloud instance init scripts Name: cloud-init Epoch: 1 Version: %{package_version} -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,8 @@ Group: System Environment/Base URL: https://launchpad.net/cloud-init Source0: https://launchpad.net/cloud-init/trunk/%{upstream_version_group}/+download/%{name}-%{version}.tar.gz Source1: 10-azure-kvp.cfg +# This script is to prevent an intermittent issue where ephemeral disk not being formatted by cloud-init on Azure +Source2: module-setup.sh Patch0: overrideDatasourceDetection.patch Patch1: exec_cmd_error_handling.patch Patch2: Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch @@ -43,6 +45,7 @@ BuildRequires: python3-xml BuildRequires: systemd BuildRequires: systemd-devel Requires: dhcp-client +Requires: dracut Requires: e2fsprogs Requires: iproute Requires: net-tools @@ -106,6 +109,9 @@ mkdir -p %{buildroot}/%{_sysconfdir}/cloud/cloud.cfg.d install -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/cloud/cloud.cfg.d/ +mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/99azure-cloud/ +install -m 755 %{SOURCE2} %{buildroot}%{_prefix}/lib/dracut/modules.d/99azure-cloud/module-setup.sh + %check touch vd ud @@ -150,11 +156,16 @@ make check %{?_smp_mflags} %{_systemdgeneratordir}/cloud-init-generator /usr/lib/udev/rules.d/66-azure-ephemeral.rules %{_datadir}/bash-completion/completions/cloud-init +%dir %attr(0700, root, root) %{_prefix}/lib/dracut/modules.d/99azure-cloud +%{_prefix}/lib/dracut/modules.d/99azure-cloud/module-setup.sh %files azure-kvp %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg %changelog +* Tue Dec 10 2024 Minghe Ren - 1:23.3-6 +- Add module-setup.sh to prevent an intermittent issue where ephemeral disk not being formatted on Azure + * Fri Sep 13 2024 Minghe Ren - 1:23.3-5 - Add patche to have PPS support for azure-proxy-agent. diff --git a/SPECS/cloud-init/module-setup.sh b/SPECS/cloud-init/module-setup.sh new file mode 100644 index 00000000000..e1401a6ad15 --- /dev/null +++ b/SPECS/cloud-init/module-setup.sh @@ -0,0 +1,15 @@ +#!/usr/bin/bash +# called by dracut +check() { + return 0 +} +# called by dracut +depends() { + return 0 +} +# called by dracut to make sure 66-azure-ephemeral.rules is installed +install() { + inst_multiple cut readlink + inst_rules 66-azure-ephemeral.rules +} + From fe5d2fdb6acf513c7142d67f2ca69f72dcef7326 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:22:23 -0800 Subject: [PATCH 02/36] [AUTO-CHERRYPICK] moby-engine: fix CVE-2024-36621, CVE-2024-36623 for 2.0 - branch main (#11474) Co-authored-by: Adit Jha <111916775+aditjha-msft@users.noreply.github.com> --- SPECS/moby-engine/CVE-2024-36621.patch | 76 ++++++++++++++++++++++++++ SPECS/moby-engine/CVE-2024-36623.patch | 45 +++++++++++++++ SPECS/moby-engine/moby-engine.spec | 7 ++- 3 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-engine/CVE-2024-36621.patch create mode 100644 SPECS/moby-engine/CVE-2024-36623.patch diff --git a/SPECS/moby-engine/CVE-2024-36621.patch b/SPECS/moby-engine/CVE-2024-36621.patch new file mode 100644 index 00000000000..73ee0e1dbc5 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-36621.patch @@ -0,0 +1,76 @@ +From 37545cc644344dcb576cba67eb7b6f51a463d31e Mon Sep 17 00:00:00 2001 +From: Tonis Tiigi +Date: Wed, 6 Mar 2024 23:11:32 -0800 +Subject: [PATCH] builder-next: fix missing lock in ensurelayer + +When this was called concurrently from the moby image +exporter there could be a data race where a layer was +written to the refs map when it was already there. + +In that case the reference count got mixed up and on +release only one of these layers was actually released. + +Signed-off-by: Tonis Tiigi +--- + .../builder-next/adapters/snapshot/layer.go | 3 +++ + .../adapters/snapshot/snapshot.go | 19 +++++++++++-------- + 2 files changed, 14 insertions(+), 8 deletions(-) + +diff --git a/builder/builder-next/adapters/snapshot/layer.go b/builder/builder-next/adapters/snapshot/layer.go +index 73120ea70b2ee..fc83058339c7b 100644 +--- a/builder/builder-next/adapters/snapshot/layer.go ++++ b/builder/builder-next/adapters/snapshot/layer.go +@@ -22,6 +22,9 @@ func (s *snapshotter) GetDiffIDs(ctx context.Context, key string) ([]layer.DiffI + } + + func (s *snapshotter) EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) { ++ s.layerCreateLocker.Lock(key) ++ defer s.layerCreateLocker.Unlock(key) ++ + diffIDs, err := s.GetDiffIDs(ctx, key) + if err != nil { + return nil, err +diff --git a/builder/builder-next/adapters/snapshot/snapshot.go b/builder/builder-next/adapters/snapshot/snapshot.go +index a0d28ad984ba4..510ffefb49406 100644 +--- a/builder/builder-next/adapters/snapshot/snapshot.go ++++ b/builder/builder-next/adapters/snapshot/snapshot.go +@@ -17,6 +17,7 @@ import ( + "github.com/docker/docker/pkg/idtools" + "github.com/moby/buildkit/identity" + "github.com/moby/buildkit/snapshot" ++ "github.com/moby/locker" + "github.com/opencontainers/go-digest" + "github.com/pkg/errors" + bolt "go.etcd.io/bbolt" +@@ -51,10 +52,11 @@ type checksumCalculator interface { + type snapshotter struct { + opt Opt + +- refs map[string]layer.Layer +- db *bolt.DB +- mu sync.Mutex +- reg graphIDRegistrar ++ refs map[string]layer.Layer ++ db *bolt.DB ++ mu sync.Mutex ++ reg graphIDRegistrar ++ layerCreateLocker *locker.Locker + } + + // NewSnapshotter creates a new snapshotter +@@ -71,10 +73,11 @@ func NewSnapshotter(opt Opt, prevLM leases.Manager) (snapshot.Snapsho + } + + s := &snapshotter{ +- opt: opt, +- db: db, +- refs: map[string]layer.Layer{}, +- reg: reg, ++ opt: opt, ++ db: db, ++ refs: map[string]layer.Layer{}, ++ reg: reg, ++ layerCreateLocker: locker.New(), + } + + lm := newLeaseManager(s, prevLM) diff --git a/SPECS/moby-engine/CVE-2024-36623.patch b/SPECS/moby-engine/CVE-2024-36623.patch new file mode 100644 index 00000000000..6018f33abc2 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/pkg/streamformatter/streamformatter.go b/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/pkg/streamformatter/streamformatter.go ++++ b/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index d674cab505b..9d179563868 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 24.0.9 -Release: 10%{?dist} +Release: 11%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -24,6 +24,8 @@ Patch4: CVE-2023-44487.patch Patch5: enable-docker-proxy-libexec-search.patch Patch6: CVE-2024-41110.patch Patch7: CVE-2024-29018.patch +Patch8: CVE-2024-36621.patch +Patch9: CVE-2024-36623.patch %{?systemd_requires} @@ -124,6 +126,9 @@ fi %{_unitdir}/* %changelog +* Wed Dec 04 2024 Adit Jha - 24.0.9-11 +- Patch CVE-2024-36621 & CVE-2024-36623 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 24.0.9-10 - Bump release to rebuild with go 1.22.7 From 89624d3bf335b0f520f82d65c843177bb2d71005 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:22:56 -0800 Subject: [PATCH 03/36] [AUTO-CHERRYPICK] Fix CVE-2022-1941 for pytorch in 2.0 - branch main (#11473) Co-authored-by: bhagyapathak --- SPECS/pytorch/CVE-2022-1941.patch | 73 +++++++++++++++++++++++++++++++ SPECS/pytorch/pytorch.spec | 6 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 SPECS/pytorch/CVE-2022-1941.patch diff --git a/SPECS/pytorch/CVE-2022-1941.patch b/SPECS/pytorch/CVE-2022-1941.patch new file mode 100644 index 00000000000..94e60dc2406 --- /dev/null +++ b/SPECS/pytorch/CVE-2022-1941.patch @@ -0,0 +1,73 @@ +commit 55815e423bb82cc828836bbd60c79c1f9a195763 +Author: Deanna Garcia +Date: Tue Sep 13 17:20:00 2022 +0000 + + Apply patch + +diff --git a/third_party/protobuf/src/google/protobuf/wire_format.cc b/third_party/protobuf/src/google/protobuf/wire_format.cc +index c30b7abff..382d01ea0 100644 +--- a/third_party/protobuf/src/google/protobuf/wire_format.cc ++++ b/third_party/protobuf/src/google/protobuf/wire_format.cc +@@ -657,9 +657,11 @@ struct WireFormat::MessageSetParser { + const char* _InternalParse(const char* ptr, internal::ParseContext* ctx) { + // Parse a MessageSetItem + auto metadata = reflection->MutableInternalMetadata(msg); ++ enum class State { kNoTag, kHasType, kHasPayload, kDone }; ++ State state = State::kNoTag; ++ + std::string payload; + uint32 type_id = 0; +- bool payload_read = false; + while (!ctx->Done(&ptr)) { + // We use 64 bit tags in order to allow typeid's that span the whole + // range of 32 bit numbers. +@@ -668,8 +670,11 @@ struct WireFormat::MessageSetParser { + uint64 tmp; + ptr = ParseBigVarint(ptr, &tmp); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- type_id = tmp; +- if (payload_read) { ++ if (state == State::kNoTag) { ++ type_id = tmp; ++ state = State::kHasType; ++ } else if (state == State::kHasPayload) { ++ type_id = tmp; + const FieldDescriptor* field; + if (ctx->data().pool == nullptr) { + field = reflection->FindKnownExtensionByNumber(type_id); +@@ -696,17 +701,17 @@ struct WireFormat::MessageSetParser { + GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) && + tmp_ctx.EndedAtLimit()); + } +- type_id = 0; ++ state = State::kDone; + } + continue; + } else if (tag == WireFormatLite::kMessageSetMessageTag) { +- if (type_id == 0) { ++ if (state == State::kNoTag) { + int32 size = ReadSize(&ptr); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + ptr = ctx->ReadString(ptr, size, &payload); + GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); +- payload_read = true; +- } else { ++ state = State::kHasPayload; ++ } else if (state == State::kHasType) { + // We're now parsing the payload + const FieldDescriptor* field = nullptr; + if (descriptor->IsExtensionNumber(type_id)) { +@@ -720,7 +725,12 @@ struct WireFormat::MessageSetParser { + ptr = WireFormat::_InternalParseAndMergeField( + msg, ptr, ctx, static_cast(type_id) * 8 + 2, reflection, + field); +- type_id = 0; ++ state = State::kDone; ++ } else { ++ int32 size = ReadSize(&ptr); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); ++ ptr = ctx->Skip(ptr, size); ++ GOOGLE_PROTOBUF_PARSER_ASSERT(ptr); + } + } else { + // An unknown field in MessageSetItem. diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec index 45caf0a87f4..9b6d898755f 100644 --- a/SPECS/pytorch/pytorch.spec +++ b/SPECS/pytorch/pytorch.spec @@ -2,7 +2,7 @@ Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration. Name: pytorch Version: 2.0.0 -Release: 6%{?dist} +Release: 7%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,7 @@ Patch1: CVE-2024-31583.patch Patch2: CVE-2024-27319.patch Patch3: CVE-2024-31584.patch Patch4: CVE-2024-27318.patch +Patch5: CVE-2022-1941.patch BuildRequires: cmake BuildRequires: gcc @@ -88,6 +89,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir} %{_docdir}/* %changelog +* Tue Dec 10 2024 Bhagyashri Pathak - 2.0.0-7 +- patch CVE-2022-1941 + * Wed May 15 2024 Sumedh Sharma - 2.0.0-6 - patch CVE-2024-27318 From 2eefbda439b0a5ca9003321086075a4011f5c4dd Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:23:33 -0800 Subject: [PATCH 04/36] [AUTO-CHERRYPICK] Patch "tuned" package to fix CVE-2024-52336 and CVE-2024-52337 - branch main (#11472) Co-authored-by: Sandeep Karambelkar --- SPECS/tuned/CVE-2024-52336.patch | 249 +++++++++++++++++++++++++++++ SPECS/tuned/CVE-2024-52337.nopatch | 0 SPECS/tuned/tuned.spec | 6 +- 3 files changed, 254 insertions(+), 1 deletion(-) create mode 100644 SPECS/tuned/CVE-2024-52336.patch create mode 100644 SPECS/tuned/CVE-2024-52337.nopatch diff --git a/SPECS/tuned/CVE-2024-52336.patch b/SPECS/tuned/CVE-2024-52336.patch new file mode 100644 index 00000000000..ec93728dd10 --- /dev/null +++ b/SPECS/tuned/CVE-2024-52336.patch @@ -0,0 +1,249 @@ +From 391843d28461cf2904dd646bd845e2203132497f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= +Date: Tue, 26 Nov 2024 13:52:17 +0100 +Subject: [PATCH] new release (2.15.1) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jaroslav Škarvada + +Modified patch 90c24eea037c7a5e9414c93f8fb3e549ed4a7b06 to apply to CBL-Mariner +Modified-by: Sandeep Karambelkar +--- + com.redhat.tuned.policy | 14 +++++++------- + tuned.spec | 10 +++++++++- + tuned/consts.py | 4 ++++ + tuned/daemon/controller.py | 15 +++++++++------ + tuned/plugins/base.py | 12 ++++++++++++ + tuned/plugins/plugin_script.py | 4 ++++ + tuned/utils/commands.py | 4 ++++ + tuned/version.py | 2 +- + 8 files changed, 50 insertions(+), 15 deletions(-) + + +diff --git a/com.redhat.tuned.policy b/com.redhat.tuned.policy +index 0d0934f..01b0b72 100644 +--- a/com.redhat.tuned.policy ++++ b/com.redhat.tuned.policy +@@ -43,7 +43,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -103,7 +103,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -113,7 +113,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -123,7 +123,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -163,7 +163,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -193,7 +193,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +@@ -203,7 +203,7 @@ + + auth_admin + auth_admin +- yes ++ auth_admin + + + +diff --git a/tuned.spec b/tuned.spec +index 702c28c..a945150 100644 +--- a/tuned.spec ++++ b/tuned.spec +@@ -44,7 +44,7 @@ + + Summary: A dynamic adaptive system tuning daemon + Name: tuned +-Version: 2.15.0 ++Version: 2.15.1 + Release: 1%{?prerel1}%{?with_snapshot:.%{git_suffix}}%{?dist} + License: GPLv2+ + Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz +@@ -540,6 +540,14 @@ fi + %{_mandir}/man7/tuned-profiles-postgresql.7* + + %changelog ++* Tue Nov 26 2024 Jaroslav Škarvada - 2.15.1-1 ++- new release ++ - fixed privileged execution of arbitrary scripts by active local user ++ resolves: CVE-2024-52336 ++ - added sanity checks for API methods parameters ++ resolves: CVE-2024-52337 ++ - tuned-ppd: fixed controller init to correctly set _on_battery ++ + * Thu Dec 17 2020 Jaroslav Škarvada - 2.15.0-1 + - new release + - rebased tuned to latest upstream +diff --git a/tuned/consts.py b/tuned/consts.py +index f7a082e..c5d489d 100644 +--- a/tuned/consts.py ++++ b/tuned/consts.py +@@ -1,4 +1,8 @@ + import logging ++import string ++ ++NAMES_ALLOWED_CHARS = string.ascii_letters + string.digits + " !@'+-.,/:;_$&*()%<=>?#[]{|}^~" + '"' ++NAMES_MAX_LENGTH = 4096 + + GLOBAL_CONFIG_FILE = "/etc/tuned/tuned-main.conf" + ACTIVE_PROFILE_FILE = "/etc/tuned/active_profile" +diff --git a/tuned/daemon/controller.py b/tuned/daemon/controller.py +index 40db825..4e5e843 100644 +--- a/tuned/daemon/controller.py ++++ b/tuned/daemon/controller.py +@@ -173,6 +173,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + def switch_profile(self, profile_name, caller = None): + if caller == "": + return (False, "Unauthorized") ++ if not self._cmd.is_valid_name(profile_name): ++ return (False, "Invalid profile_name") + return self._switch_profile(profile_name, True) + + @exports.export("", "(bs)") +@@ -246,7 +248,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + + @exports.export("s", "(bsss)") + def profile_info(self, profile_name, caller = None): +- if caller == "": ++ if caller == "" or not self._cmd.is_valid_name(profile_name): + return tuple(False, "", "", "") + if profile_name is None or profile_name == "": + profile_name = self.active_profile() +@@ -278,7 +280,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + dictionary -- {plugin_name: {parameter_name: default_value}} + """ + if caller == "": +- return False ++ return {} + plugins = {} + for plugin_class in self._daemon.get_all_plugins(): + plugin_name = plugin_class.__module__.split(".")[-1].split("_", 1)[1] +@@ -291,8 +293,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + @exports.export("s","s") + def get_plugin_documentation(self, plugin_name, caller = None): + """Return docstring of plugin's class""" +- if caller == "": +- return False ++ if caller == "" or not self._cmd.is_valid_name(plugin_name): ++ return "" + return self._daemon.get_plugin_documentation(str(plugin_name)) + + @exports.export("s","a{ss}") +@@ -305,6 +307,6 @@ class Controller(tuned.exports.interfaces.ExportableInterface): + Return: + dictionary -- {parameter_name: hint} + """ +- if caller == "": +- return False ++ if caller == "" or not self._cmd.is_valid_name(plugin_name): ++ return {} + return self._daemon.get_plugin_hints(str(plugin_name)) +diff --git a/tuned/plugins/base.py b/tuned/plugins/base.py +index 784d44d..1b7ebd6 100644 +--- a/tuned/plugins/base.py ++++ b/tuned/plugins/base.py +@@ -212,6 +212,14 @@ class Plugin(object): + def _instance_post_static(self, instance, enabling): + pass + ++ def _safe_script_path(self, path): ++ path = os.path.realpath(path) ++ profile_paths = self._global_cfg.get_list(consts.CFG_PROFILE_DIRS, consts.CFG_DEF_PROFILE_DIRS) ++ for p in profile_paths: ++ if path.startswith(p): ++ return True ++ return False ++ + def _call_device_script(self, instance, script, op, devices, full_rollback = False): + if script is None: + return None +@@ -222,6 +230,10 @@ class Plugin(object): + log.error("Relative paths cannot be used in script_pre or script_post. " \ + + "Use ${i:PROFILE_DIR}.") + return False ++ if not self._safe_script_path(script): ++ log.error("Paths outside of the profile directories cannot be used in the " \ ++ + "script_pre or script_post, ignoring script: '%s'" % script) ++ return False + dir_name = os.path.dirname(script) + ret = True + for dev in devices: +diff --git a/tuned/plugins/plugin_script.py b/tuned/plugins/plugin_script.py +index 19b7fc6..6a5153f 100644 +--- a/tuned/plugins/plugin_script.py ++++ b/tuned/plugins/plugin_script.py +@@ -35,6 +35,10 @@ class ScriptPlugin(base.Plugin): + for script in scripts: + environ = os.environ + environ.update(self._variables.get_env()) ++ if not self._safe_script_path(script): ++ log.error("Paths outside of the profile directories cannot be used in the script, " \ ++ + "ignoring script: '%s'." % script) ++ continue + log.info("calling script '%s' with arguments '%s'" % (script, str(arguments))) + log.debug("using environment '%s'" % str(list(environ.items()))) + try: +diff --git a/tuned/utils/commands.py b/tuned/utils/commands.py +index df695a7..f612e70 100644 +--- a/tuned/utils/commands.py ++++ b/tuned/utils/commands.py +@@ -507,3 +507,7 @@ class commands: + f.write(profile_name + "\n") + except (OSError,IOError) as e: + raise TunedException("Failed to save the active post-loaded profile: %s" % e.strerror) ++ ++ # Checks if name contains only valid characters and has valid length or is empty string or None ++ def is_valid_name(self, name): ++ return not name or (all(c in consts.NAMES_ALLOWED_CHARS for c in name) and len(name) <= consts.NAMES_MAX_LENGTH) +diff --git a/tuned/version.py b/tuned/version.py +index 51cacf0..cb648c6 100644 +--- a/tuned/version.py ++++ b/tuned/version.py +@@ -1,3 +1,3 @@ + TUNED_VERSION_MAJOR = 2 + TUNED_VERSION_MINOR = 15 +-TUNED_VERSION_PATCH = 0 ++TUNED_VERSION_PATCH = 1 diff --git a/SPECS/tuned/CVE-2024-52337.nopatch b/SPECS/tuned/CVE-2024-52337.nopatch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/SPECS/tuned/tuned.spec b/SPECS/tuned/tuned.spec index cb3837aa5a9..37b235ee9e6 100644 --- a/SPECS/tuned/tuned.spec +++ b/SPECS/tuned/tuned.spec @@ -7,12 +7,13 @@ Summary: A dynamic adaptive system tuning daemon Name: tuned Version: 2.15.0 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz Patch0: skip-gui-files.patch +Patch1: CVE-2024-52336.patch URL: http://www.tuned-project.org/ BuildArch: noarch @@ -407,6 +408,9 @@ fi %{_mandir}/man7/tuned-profiles-postgresql.7* %changelog +* Wed Dec 11 2024 Sandeep Karambelkar 2.15.0-5 +- Fix CVEs - CVE-2024-52336 CVE-2024-52337 + * Thu Jan 20 2022 Cameron Baird 2.15.0-4 - Initial CBL-Mariner import from CentOS 8 (license: MIT). - License verified From 65135a1a8f05de7fe34a87c50128818ef3fb1ab3 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:24:01 -0800 Subject: [PATCH 05/36] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for packer - branch main (#11471) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/packer/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++++ SPECS/packer/packer.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/packer/CVE-2024-24786.patch diff --git a/SPECS/packer/CVE-2024-24786.patch b/SPECS/packer/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/packer/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec index e1a27346ee8..f360becd548 100644 --- a/SPECS/packer/packer.spec +++ b/SPECS/packer/packer.spec @@ -5,7 +5,7 @@ Summary: Tool for creating identical machine images for multiple platform Name: packer Epoch: 1 Version: 1.9.5 -Release: 3%{?dist} +Release: 4%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Patch0: CVE-2023-45288.patch Patch1: CVE-2022-3064.patch Patch2: CVE-2023-49569.patch Patch3: CVE-2024-6104.patch +Patch4: CVE-2024-24786.patch BuildRequires: golang BuildRequires: kernel-headers BuildRequires: glibc-devel @@ -69,6 +70,9 @@ go test -mod=vendor %{_bindir}/packer %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.9.5-4 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.9.5-3 - Bump release to rebuild with go 1.22.7 From e9c0ab21a8762b0321074b40a64d300342b14528 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:24:29 -0800 Subject: [PATCH 06/36] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-buildx, moby-containerd-cc, moby-containerd - branch main (#11470) Co-authored-by: suresh-thelkar --- SPECS/moby-buildx/CVE-2024-24786.patch | 40 +++++++++++++++++++ SPECS/moby-buildx/moby-buildx.spec | 6 ++- SPECS/moby-containerd-cc/CVE-2024-24786.patch | 40 +++++++++++++++++++ .../moby-containerd-cc.spec | 6 ++- SPECS/moby-containerd/CVE-2024-24786.patch | 40 +++++++++++++++++++ SPECS/moby-containerd/moby-containerd.spec | 6 ++- 6 files changed, 135 insertions(+), 3 deletions(-) create mode 100644 SPECS/moby-buildx/CVE-2024-24786.patch create mode 100644 SPECS/moby-containerd-cc/CVE-2024-24786.patch create mode 100644 SPECS/moby-containerd/CVE-2024-24786.patch diff --git a/SPECS/moby-buildx/CVE-2024-24786.patch b/SPECS/moby-buildx/CVE-2024-24786.patch new file mode 100644 index 00000000000..1072e2c7b2a --- /dev/null +++ b/SPECS/moby-buildx/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 4453a6c6c0c0073777b976982f11001188d3f021 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:08:33 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..2586bb3 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-buildx/moby-buildx.spec b/SPECS/moby-buildx/moby-buildx.spec index c0625052a2b..6e5d096cb42 100644 --- a/SPECS/moby-buildx/moby-buildx.spec +++ b/SPECS/moby-buildx/moby-buildx.spec @@ -5,7 +5,7 @@ Summary: A Docker CLI plugin for extended build capabilities with BuildKi Name: moby-%{upstream_name} # update "commit_hash" above when upgrading version Version: 0.7.1 -Release: 23%{?dist} +Release: 24%{?dist} License: ASL 2.0 Group: Tools/Container Vendor: Microsoft Corporation @@ -23,6 +23,7 @@ Patch6: CVE-2021-41092.patch Patch7: CVE-2022-41717.patch Patch8: CVE-2023-45288.patch Patch9: CVE-2023-48795.patch +Patch10: CVE-2024-24786.patch BuildRequires: bash BuildRequires: golang @@ -53,6 +54,9 @@ cp -aT buildx "%{buildroot}/%{_libexecdir}/docker/cli-plugins/docker-buildx" %{_libexecdir}/docker/cli-plugins/docker-buildx %changelog +* Thu Dec 05 2024 sthelkar - 0.7.1-24 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 0.7.1-23 - Bump release to rebuild with go 1.22.7 diff --git a/SPECS/moby-containerd-cc/CVE-2024-24786.patch b/SPECS/moby-containerd-cc/CVE-2024-24786.patch new file mode 100644 index 00000000000..64ca2cd877e --- /dev/null +++ b/SPECS/moby-containerd-cc/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From bca1cff9d87eae95d4a877fd53ce30c7d4ed2ac1 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:14:30 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-containerd-cc/moby-containerd-cc.spec b/SPECS/moby-containerd-cc/moby-containerd-cc.spec index e131c33b3e0..e1075be8d25 100644 --- a/SPECS/moby-containerd-cc/moby-containerd-cc.spec +++ b/SPECS/moby-containerd-cc/moby-containerd-cc.spec @@ -6,7 +6,7 @@ Summary: Industry-standard container runtime for confidential containers Name: moby-%{upstream_name} Version: 1.7.7 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -20,6 +20,7 @@ Patch0: CVE-2023-47108.patch Patch1: CVE-2023-44487.patch Patch2: fix_cc_tests_for_golang1.21.patch Patch4: CVE-2023-45288.patch +Patch5: CVE-2024-24786.patch %{?systemd_requires} @@ -80,6 +81,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Thu Dec 05 2024 sthelkar - 1.7.7-8 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.7.7-7 - Bump release to rebuild with go 1.22.7 diff --git a/SPECS/moby-containerd/CVE-2024-24786.patch b/SPECS/moby-containerd/CVE-2024-24786.patch new file mode 100644 index 00000000000..2243135854e --- /dev/null +++ b/SPECS/moby-containerd/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From d103995120582eec72b9ef7b67af49ba601c8767 Mon Sep 17 00:00:00 2001 +From: sthelkar +Date: Thu, 5 Dec 2024 10:11:27 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec index 3f9961e5159..68af26bbc9b 100644 --- a/SPECS/moby-containerd/moby-containerd.spec +++ b/SPECS/moby-containerd/moby-containerd.spec @@ -5,7 +5,7 @@ Summary: Industry-standard container runtime Name: moby-%{upstream_name} Version: 1.6.26 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -19,6 +19,7 @@ Patch0: Makefile.patch Patch1: add_ptrace_readby_tracedby_to_apparmor.patch Patch2: fix_tests_for_golang1.21.patch Patch3: CVE-2023-45288.patch +Patch4: CVE-2024-24786.patch %{?systemd_requires} @@ -92,6 +93,9 @@ fi %dir /opt/containerd/lib %changelog +* Thu Dec 05 2024 sthelkar - 1.6.26-8 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.6.26-7 - Bump release to rebuild with go 1.22.7 From 42322d42ca3e2ec44684c5f7d7b37949605ef3ea Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:25:29 -0800 Subject: [PATCH 07/36] [AUTO-CHERRYPICK] Fix CVE-2024-24786 in cf-cli and terraform for 2.0 - branch main (#11469) Co-authored-by: bhagyapathak --- SPECS/cf-cli/CVE-2024-24786.patch | 40 ++++++++++++++++++++++++++++ SPECS/cf-cli/cf-cli.spec | 6 ++++- SPECS/terraform/CVE-2024-24786.patch | 40 ++++++++++++++++++++++++++++ SPECS/terraform/terraform.spec | 6 ++++- 4 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 SPECS/cf-cli/CVE-2024-24786.patch create mode 100644 SPECS/terraform/CVE-2024-24786.patch diff --git a/SPECS/cf-cli/CVE-2024-24786.patch b/SPECS/cf-cli/CVE-2024-24786.patch new file mode 100644 index 00000000000..eac7c3190ba --- /dev/null +++ b/SPECS/cf-cli/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 896355cbb53b13351b15381f313835680d08e9ca Mon Sep 17 00:00:00 2001 +From: bhapathak +Date: Wed, 4 Dec 2024 07:15:55 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 3 +++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..15fb7c2 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,9 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ ++ case json.EOF: ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 + diff --git a/SPECS/cf-cli/cf-cli.spec b/SPECS/cf-cli/cf-cli.spec index 041c316033d..320965cc87e 100644 --- a/SPECS/cf-cli/cf-cli.spec +++ b/SPECS/cf-cli/cf-cli.spec @@ -1,7 +1,7 @@ Summary: The official command line client for Cloud Foundry. Name: cf-cli Version: 8.4.0 -Release: 21%{?dist} +Release: 22%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -33,6 +33,7 @@ Patch2: CVE-2021-43565.patch # Produced by git clone https://github.com/golang/text && cd text && # git checkout 434eadcdbc3b0256971992e8c70027278364c72c && git format-patch -1 HEAD Patch3: CVE-2022-32149.patch +Patch4: CVE-2024-24786.patch BuildRequires: golang %global debug_package %{nil} @@ -67,6 +68,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./out/cf %{_bindir}/cf %changelog +* Wed Dec 04 2024 bhapathak - 8.4.0-22 +- Patch CVE-2024-24786 + * Tue Sep 17 2024 Jiri Appl - 8.4.0-21 - Patch CVE-2022-32149 bringing upstream patch over the vendored golang.org/x/text module diff --git a/SPECS/terraform/CVE-2024-24786.patch b/SPECS/terraform/CVE-2024-24786.patch new file mode 100644 index 00000000000..79949213e79 --- /dev/null +++ b/SPECS/terraform/CVE-2024-24786.patch @@ -0,0 +1,40 @@ +From 3a797ade30fdd957b92774d28d51be254271b32d Mon Sep 17 00:00:00 2001 +From: bhapathak +Date: Wed, 4 Dec 2024 07:12:14 +0000 +Subject: [PATCH] Vendor patch applied + +--- + .../protobuf/encoding/protojson/well_known_types.go | 3 +++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 72924a9..15fb7c2 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,9 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ ++ case json.EOF: ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.39.4 + diff --git a/SPECS/terraform/terraform.spec b/SPECS/terraform/terraform.spec index b3e3f146d51..bb409a78f64 100644 --- a/SPECS/terraform/terraform.spec +++ b/SPECS/terraform/terraform.spec @@ -1,7 +1,7 @@ Summary: Infrastructure as code deployment management tool Name: terraform Version: 1.3.2 -Release: 19%{?dist} +Release: 20%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -33,6 +33,7 @@ Patch2: CVE-2024-6257.patch Patch3: CVE-2024-6104.patch Patch4: CVE-2022-32149.patch Patch5: CVE-2023-4782.patch +Patch6: CVE-2024-24786.patch %global debug_package %{nil} %define our_gopath %{_topdir}/.gopath @@ -66,6 +67,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./terraform %{_bindir}/terraform %changelog +* Wed Dec 04 2024 bhapathak - 1.3.2-20 +- Patch CVE-2024-24786 + * Thu Oct 10 2024 Sumedh Sharma - 1.3.2-19 - Add patch to resolve CVE-2023-4782 & CVE-2022-32149 From c8b5aeae00b480a67b1d328418537d4a59effbd3 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:52:57 -0800 Subject: [PATCH 08/36] [AUTO-CHERRYPICK] Fix CVE-2024-36623 for moby-compose - branch main (#11417) Co-authored-by: Sudipta Pandit --- SPECS/moby-compose/CVE-2024-36623.patch | 45 +++++++++++++++++++++++++ SPECS/moby-compose/moby-compose.spec | 6 +++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-compose/CVE-2024-36623.patch diff --git a/SPECS/moby-compose/CVE-2024-36623.patch b/SPECS/moby-compose/CVE-2024-36623.patch new file mode 100644 index 00000000000..a1722aa6a0e --- /dev/null +++ b/SPECS/moby-compose/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go ++++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-compose/moby-compose.spec b/SPECS/moby-compose/moby-compose.spec index 2189e51a0f3..79cff0a0f13 100644 --- a/SPECS/moby-compose/moby-compose.spec +++ b/SPECS/moby-compose/moby-compose.spec @@ -1,7 +1,7 @@ Summary: Define and run multi-container applications with Docker Name: moby-compose Version: 2.17.3 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -34,6 +34,7 @@ Patch7: CVE-2024-23650.patch # github.com/docker/distribution/configuration (for configuration.go) # github.com/docker/distribution/catalog (for catalog.go) Patch8: CVE-2023-2253.patch +Patch9: CVE-2024-36623.patch # Leverage the `generate_source_tarball.sh` to create the vendor sources @@ -72,6 +73,9 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl %{_libexecdir}/docker/cli-plugins/docker-compose %changelog +* Tue Dec 10 2024 Sudipta Pandit - 2.17.3-8 +- Fix CVE-2024-36623 with patch + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 2.17.3-7 - Bump release to rebuild with go 1.22.7 From 7b7ff793538cd955ea67b3872b17f16bcc2aa8ea Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:53:40 -0800 Subject: [PATCH 09/36] [AUTO-CHERRYPICK] Fix CVE-2024-36623 for moby-cli - branch main (#11418) Co-authored-by: Sudipta Pandit --- SPECS/moby-cli/CVE-2024-36623.patch | 45 +++++++++++++++++++++++++++++ SPECS/moby-cli/moby-cli.spec | 6 +++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-cli/CVE-2024-36623.patch diff --git a/SPECS/moby-cli/CVE-2024-36623.patch b/SPECS/moby-cli/CVE-2024-36623.patch new file mode 100644 index 00000000000..a1722aa6a0e --- /dev/null +++ b/SPECS/moby-cli/CVE-2024-36623.patch @@ -0,0 +1,45 @@ +From 5689dabfb357b673abdb4391eef426f297d7d1bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= +Date: Thu, 22 Feb 2024 18:01:40 +0100 +Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Sync access to the underlying `io.Writer` with a mutex. + +Signed-off-by: Paweł Gronowski +--- + vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +index b0456e580dc9d..098df6b5236b9 100644 +--- a/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go ++++ b/vendor/github.com/docker/docker/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index 907a6865021..ddaa1918815 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine client. Name: moby-cli Version: 24.0.9 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -13,6 +13,7 @@ Source0: https://github.com/docker/cli/archive/v%{version}.tar.gz#/%{name Source1: %{name}-%{version}-govendor-v1.tar.gz Patch0: disable_manpage_vendor.patch Patch1: CVE-2023-45288.patch +Patch2: CVE-2024-36623.patch BuildRequires: git BuildRequires: go-md2man BuildRequires: golang @@ -78,6 +79,9 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi %{_datadir}/fish/vendor_completions.d/docker.fish %changelog +* Tue Dec 10 2024 Sudipta Pandit - 24.0.9-5 +- Add patch for CVE-2024-36623 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 24.0.9-4 - Bump release to rebuild with go 1.22.7 From 3f1a0e9bdab07fdaaf9c963544e4f242ac3601f9 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:56:04 -0800 Subject: [PATCH 10/36] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in cri-tools - branch main (#11419) Co-authored-by: suresh-thelkar --- SPECS/cri-tools/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++++ SPECS/cri-tools/cri-tools.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/cri-tools/CVE-2024-24786.patch diff --git a/SPECS/cri-tools/CVE-2024-24786.patch b/SPECS/cri-tools/CVE-2024-24786.patch new file mode 100644 index 00000000000..4ac1fab883e --- /dev/null +++ b/SPECS/cri-tools/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From c86c40f1c4b2627bde2af7ca0f407a42feae79b8 Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Wed, 4 Dec 2024 16:48:18 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..a03e928 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec index d80306151ef..cdd1508e09a 100644 --- a/SPECS/cri-tools/cri-tools.spec +++ b/SPECS/cri-tools/cri-tools.spec @@ -7,7 +7,7 @@ Summary: CRI tools Name: cri-tools Version: 1.29.0 -Release: 4%{?dist} +Release: 5%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -16,6 +16,7 @@ URL: https://github.com/kubernetes-sigs/cri-tools Source0: https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2024-21626.patch Patch1: CVE-2023-45288.patch +Patch2: CVE-2024-24786.patch BuildRequires: glib-devel BuildRequires: glibc-devel BuildRequires: golang @@ -46,6 +47,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} "${BUILD_FOLDER}/critest" %{_bindir}/critest %changelog +* Wed Dec 04 2024 Suresh Thelkar - 1.29.0-5 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.29.0-4 - Bump release to rebuild with go 1.22.7 From 74f507a5a27ae2d1b25c4644ed254c9c7054e6a5 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:56:47 -0800 Subject: [PATCH 11/36] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in blobfuse2 - branch main (#11420) Co-authored-by: suresh-thelkar --- SPECS/blobfuse2/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++++ SPECS/blobfuse2/blobfuse2.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/blobfuse2/CVE-2024-24786.patch diff --git a/SPECS/blobfuse2/CVE-2024-24786.patch b/SPECS/blobfuse2/CVE-2024-24786.patch new file mode 100644 index 00000000000..0141e4eeca3 --- /dev/null +++ b/SPECS/blobfuse2/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From 78460dfd1cbe6887b60af68c19c782e089e5012e Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Wed, 4 Dec 2024 15:32:17 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index 6c37d41..70c2ba6 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index d043a6e..d2b3ac0 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/blobfuse2/blobfuse2.spec b/SPECS/blobfuse2/blobfuse2.spec index 57894415fac..5c67f537e1a 100644 --- a/SPECS/blobfuse2/blobfuse2.spec +++ b/SPECS/blobfuse2/blobfuse2.spec @@ -7,7 +7,7 @@ Summary: FUSE adapter - Azure Storage Name: blobfuse2 Version: %{blobfuse2_version} -Release: 6%{?dist} +Release: 7%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Source0: https://github.com/Azure/azure-storage-fuse/archive/%{name}-%{bl # - For the value of "--mtime" use the date "2021-04-26 00:00Z" to simplify future updates. Source1: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2023-45288.patch +Patch1: CVE-2024-24786.patch BuildRequires: cmake BuildRequires: fuse3-devel BuildRequires: gcc @@ -80,6 +81,9 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot %{_sysconfdir}/logrotate.d/blobfuse2 %changelog +* Wed Dec 04 2024 Suresh Thelkar - 2.1.2-7 +- Patch CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 2.1.2-6 - Bump release to rebuild with go 1.22.7 From 8dd8ed2163db4ec1b98f6cdaad2f66eb6e7e7079 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 06:57:23 -0800 Subject: [PATCH 12/36] [AUTO-CHERRYPICK] Fix CVE-2024-27532 for fluent-bit - branch main (#11421) Co-authored-by: Sudipta Pandit --- SPECS/fluent-bit/CVE-2024-27532.patch | 42 +++++++++++++++++++++++++++ SPECS/fluent-bit/fluent-bit.spec | 8 +++-- 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 SPECS/fluent-bit/CVE-2024-27532.patch diff --git a/SPECS/fluent-bit/CVE-2024-27532.patch b/SPECS/fluent-bit/CVE-2024-27532.patch new file mode 100644 index 00000000000..83b9b8f1ae9 --- /dev/null +++ b/SPECS/fluent-bit/CVE-2024-27532.patch @@ -0,0 +1,42 @@ +From bd866ae9686ea914f57e83bd5b2e9c7a5a2a7323 Mon Sep 17 00:00:00 2001 +From: Sudipta Pandit +Date: Thu, 14 Nov 2024 13:32:31 +0530 +Subject: [PATCH] Fix CVE-2024-27532 + +Reference: https://github.com/bytecodealliance/wasm-micro-runtime/pull/3133 + +--- + .../core/iwasm/interpreter/wasm_loader.c | 2 +- + .../core/iwasm/interpreter/wasm_mini_loader.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +index 87af8526f..2254ba577 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +@@ -6694,7 +6694,7 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + uint16 cell_num; + + bh_assert(loader_ctx->csp_num > 0); +- if (loader_ctx->csp_num < depth + 1) { ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +index 157a82cc3..ee01db71d 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_mini_loader.c +@@ -5199,7 +5199,8 @@ wasm_loader_check_br(WASMLoaderContext *loader_ctx, uint32 depth, + int32 i, available_stack_cell; + uint16 cell_num; + +- if (loader_ctx->csp_num < depth + 1) { ++ bh_assert(loader_ctx->csp_num > 0); ++ if (loader_ctx->csp_num - 1 < depth) { + set_error_buf(error_buf, error_buf_size, + "unknown label, " + "unexpected end of section or function"); +-- +2.34.1 + diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec index 1d008a3fadd..cb655377a7a 100644 --- a/SPECS/fluent-bit/fluent-bit.spec +++ b/SPECS/fluent-bit/fluent-bit.spec @@ -1,7 +1,7 @@ Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX Name: fluent-bit Version: 2.2.3 -Release: 5%{?dist} +Release: 6%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,7 @@ Patch2: fix_issue_8025.patch Patch3: CVE-2024-26455.patch Patch4: CVE-2024-25629.patch Patch5: CVE-2024-25431.patch +Patch6: CVE-2024-27532.patch BuildRequires: bison BuildRequires: cmake BuildRequires: cyrus-sasl-devel @@ -86,6 +87,9 @@ Development files for %{name} %{_libdir}/fluent-bit/*.so %changelog +* Tue Dec 10 2024 Sudipta Pandit - 2.2.3-6 +- Backport fix for CVE-2024-27532 + * Fri Nov 15 2024 Ankita Pareek - 2.2.3-5 - Address CVE-2024-25431 @@ -97,7 +101,7 @@ Development files for %{name} - Apply patch in_emitter_fix_issue_8198.patch to fix #8198 ( Potential log loss during high load at Multiline & Rewrite Tag Filter (in_emitter) ) - Fix issue #8025 with a patch ( in_tail: missing log for offset processing due to non-existent old inodes in sqlite ) -* Wed May 30 2024 Sindhu Karri - 2.2.3-2 +* Thu May 30 2024 Sindhu Karri - 2.2.3-2 - Fix CVE-2024-34250 with a patch * Tue May 28 2024 CBL-Mariner Servicing Account - 2.2.3-1 From 888e63e25bac947f9c7551cce15ed5784d0123fd Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 18 Dec 2024 07:02:57 -0800 Subject: [PATCH 13/36] [AUTO-CHERRYPICK] [2.0 Fast-track] Upgrade nvidia container toolkit and libnvidia-container to v1.17.3 - branch main (#11467) Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com> --- .../libnvidia-container.signatures.json | 2 +- SPECS/libnvidia-container/libnvidia-container.spec | 5 ++++- .../nvidia-container-toolkit.signatures.json | 4 ++-- .../nvidia-container-toolkit.spec | 13 +++++++++++-- cgmanifest.json | 8 ++++---- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/SPECS/libnvidia-container/libnvidia-container.signatures.json b/SPECS/libnvidia-container/libnvidia-container.signatures.json index cb0ee199644..98ae0ebc573 100644 --- a/SPECS/libnvidia-container/libnvidia-container.signatures.json +++ b/SPECS/libnvidia-container/libnvidia-container.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "libnvidia-container-1.17.1.tar.gz": "861ee77bbf1d19531f4c65e57989d5f1a41b0a0b28d6a2d0e2c8e2ede14c1e25", + "libnvidia-container-1.17.3.tar.gz": "9c28e729f1677b6ff9edb3f4dccff4f9827ffe13c04fbcffa41aabacbc0fdd54", "nvidia-modprobe-550.54.14.tar.gz": "5687b0dfa6087dd480ae91e91ff1dca975794e35a2edcf9ec08d8f9cb98ef905" } } \ No newline at end of file diff --git a/SPECS/libnvidia-container/libnvidia-container.spec b/SPECS/libnvidia-container/libnvidia-container.spec index b7d6910af59..d6203bae6fd 100644 --- a/SPECS/libnvidia-container/libnvidia-container.spec +++ b/SPECS/libnvidia-container/libnvidia-container.spec @@ -3,7 +3,7 @@ %define mod_probe_dir deps/src/nvidia-modprobe-%{modprobe_version} Summary: NVIDIA container runtime library Name: libnvidia-container -Version: 1.17.1 +Version: 1.17.3 Release: 1%{?dist} License: BSD AND ASL2.0 AND GPLv3+ AND LGPLv3+ AND MIT AND GPLv2 Vendor: Microsoft Corporation @@ -135,6 +135,9 @@ This package contains command-line tools that facilitate using the library. %{_bindir}/* %changelog +* Thu Dec 05 2024 Henry Li - 1.17.3-1 +- Upgrade to v1.17.3 + * Mon Nov 11 2024 Henry Li - 1.17.1-1 - Upgrade to v1.17.1 diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json index 0fa9f0cf7d0..092098cc515 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "nvidia-container-toolkit-1.17.1-vendor.tar.gz": "894d10f0504e7a8a8fe8748d736288e90f23e24f13aac058b6b83c4ca99dc40f", - "nvidia-container-toolkit-1.17.1.tar.gz": "bf1e3ede225bfa41a932e00430e3efbc2c788d8a4e93e5133ff24b5a3b2ae1eb" + "nvidia-container-toolkit-1.17.3-vendor.tar.gz": "894d10f0504e7a8a8fe8748d736288e90f23e24f13aac058b6b83c4ca99dc40f", + "nvidia-container-toolkit-1.17.3.tar.gz": "58eb450e52d45483a26d9269cf4f74a8b9d0b765751581f1123b18dc48609791" } } diff --git a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec index e54c736462c..57be51696d3 100644 --- a/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec +++ b/SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec @@ -1,7 +1,7 @@ %global debug_package %{nil} Summary: NVIDIA container runtime hook Name: nvidia-container-toolkit -Version: 1.17.1 +Version: 1.17.3 Release: 1%{?dist} License: ALS2.0 Vendor: Microsoft Corporation @@ -32,7 +32,8 @@ BuildRequires: golang Obsoletes: nvidia-container-runtime <= 3.5.0-1, nvidia-container-runtime-hook <= 1.4.0-2 Provides: nvidia-container-runtime Provides: nvidia-container-runtime-hook -Requires: libnvidia-container-tools >= 1.13.5, libnvidia-container-tools < 2.0.0 +Requires: libnvidia-container-tools >= %{version}, libnvidia-container-tools < 2.0.0 +Requires: nvidia-container-toolkit-base == %{version}-%{release} %description Provides a OCI hook to enable GPU support in containers. @@ -58,12 +59,14 @@ tar -xvf %{SOURCE1} go build -ldflags "-s -w " -o "nvidia-container-runtime-hook" ./cmd/nvidia-container-runtime-hook go build -ldflags "-s -w " -o "nvidia-container-runtime" ./cmd/nvidia-container-runtime go build -ldflags "-s -w " -o "nvidia-ctk" ./cmd/nvidia-ctk +go build -ldflags "-s -w " -o "nvidia-cdi-hook" ./cmd/nvidia-cdi-hook %install mkdir -p %{buildroot}%{_bindir} install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime-hook install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime install -m 755 -t %{buildroot}%{_bindir} nvidia-ctk +install -m 755 -t %{buildroot}%{_bindir} nvidia-cdi-hook %posttrans ln -sf %{_bindir}/nvidia-container-runtime-hook %{_bindir}/nvidia-container-toolkit @@ -82,8 +85,14 @@ rm -f %{_bindir}/nvidia-container-toolkit %license LICENSE %{_bindir}/nvidia-container-runtime %{_bindir}/nvidia-ctk +%{_bindir}/nvidia-cdi-hook %changelog +* Thu Dec 05 2024 Henry Li - 1.17.3-1 +- Upgrade to v1.17.3 +- Add nvidia-cdi-hook binary to nvidia-container-toolkit-base package +- Add nvidia-container-toolkit-base as runtime requirement for nvidia-container-toolkit + * Mon Nov 11 2024 Henry Li - 1.17.1-1 - Upgrade to v1.17.1 to resolve CVE-2024-0134 diff --git a/cgmanifest.json b/cgmanifest.json index 303e49f60d3..cc0d13737b1 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10351,8 +10351,8 @@ "type": "other", "other": { "name": "libnvidia-container", - "version": "1.17.1", - "downloadUrl": "https://github.com/NVIDIA/libnvidia-container/archive/v1.17.1.tar.gz" + "version": "1.17.3", + "downloadUrl": "https://github.com/NVIDIA/libnvidia-container/archive/v1.17.3.tar.gz" } } }, @@ -14603,8 +14603,8 @@ "type": "other", "other": { "name": "nvidia-container-toolkit", - "version": "1.17.1", - "downloadUrl": "https://github.com/NVIDIA/nvidia-container-toolkit/archive/v1.17.1.tar.gz" + "version": "1.17.3", + "downloadUrl": "https://github.com/NVIDIA/nvidia-container-toolkit/archive/v1.17.3.tar.gz" } } }, From 33b573b41a2febb92155ee641dbc6d22e4ea1076 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Wed, 18 Dec 2024 11:08:15 -0800 Subject: [PATCH 14/36] Added distrusted CAs to the cert bundles. (#11424) --- .../ca-certificates.signatures.json | 1 + SPECS/ca-certificates/ca-certificates.spec | 24 +- SPECS/ca-certificates/certdata.distrusted.txt | 302 ++++++++++++++++++ .../prebuilt-ca-certificates-base.spec | 5 +- .../prebuilt-ca-certificates.spec | 5 +- .../manifests/package/pkggen_core_aarch64.txt | 8 +- .../manifests/package/pkggen_core_x86_64.txt | 8 +- .../manifests/package/toolchain_aarch64.txt | 10 +- .../manifests/package/toolchain_x86_64.txt | 10 +- 9 files changed, 351 insertions(+), 22 deletions(-) create mode 100644 SPECS/ca-certificates/certdata.distrusted.txt diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json index 8348c78a905..1a2a357595b 100644 --- a/SPECS/ca-certificates/ca-certificates.signatures.json +++ b/SPECS/ca-certificates/ca-certificates.signatures.json @@ -11,6 +11,7 @@ "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8", "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a", "certdata.base.txt": "771a6c9995ea00bb4ce50fd842a252454fe9b26acad8b0568a1055207442db57", + "certdata.distrusted.txt": "93aebf0f1e5253ed91fe269f7128fdb8b20630ef19558f629c79a8b7eb0ba30d", "certdata.microsoft.txt": "1707ab328312f4ecce167a886e866136b46d7f979a01cc6f9e4afd042174babd", "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33", "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426", diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index 02a65aabfdc..84145a40567 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -6,6 +6,8 @@ %define p11_format_base_bundle ca-bundle.trust.base.p11-kit +%define p11_format_distrusted_bundle ca-bundle.trust.distrusted.p11-kit + %define p11_format_microsoft_bundle ca-bundle.trust.microsoft.p11-kit # List of packages triggering legacy certs generation if 'ca-certificates-legacy' @@ -45,7 +47,7 @@ Name: ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -69,6 +71,8 @@ Source21: certdata.base.txt Source22: bundle2pem.sh # The certdata.microsoft.txt is provided by Microsoft's Trusted Root Program. Source23: certdata.microsoft.txt +# The certdata.distrusted.txt is provided by Microsoft's Trusted Root Program. +Source24: certdata.distrusted.txt BuildRequires: /bin/ln BuildRequires: asciidoc @@ -91,7 +95,7 @@ Provides: ca-certificates-mozilla = %{version}-%{release} BuildArch: noarch %description -The Public Key Inrastructure is used for many security issues in +The Public Key Infrastructure is used for many security issues in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA). The certificates loaded by this section are from the list of CAs trusted @@ -146,6 +150,7 @@ cp -p %{SOURCE20} . %convert_certdata %{SOURCE21} %convert_certdata %{SOURCE23} +%convert_certdata %{SOURCE24} #manpage cp %{SOURCE10} %{name}/update-ca-trust.8.txt @@ -186,6 +191,9 @@ install -p -m 644 %{SOURCE18} %{buildroot}%{catrustdir}/source/README # Microsoft certs %install_bundles %{SOURCE23} %{p11_format_microsoft_bundle} +# Distrusted certs +%install_bundles %{SOURCE24} %{p11_format_distrusted_bundle} + # TODO: consider to dynamically create the update-ca-trust script from within # this .spec file, in order to have the output file+directory names at once place only. install -p -m 755 %{SOURCE2} %{buildroot}%{_bindir}/update-ca-trust @@ -257,13 +265,16 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %{pkidir}/tls/certs/%{classic_tls_bundle} %files +%defattr(-,root,root) # Microsoft certs bundle file with trust %{_datadir}/pki/ca-trust-source/%{p11_format_microsoft_bundle} %files base +%defattr(-,root,root) %{_datadir}/pki/ca-trust-source/%{p11_format_base_bundle} %files shared +%defattr(-,root,root) %license LICENSE # symlinks for old locations @@ -307,6 +318,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %dir %{pkidir}/tls %dir %{pkidir}/tls/certs +# Distrusted CAs +%{_datadir}/pki/ca-trust-source/%{p11_format_distrusted_bundle} + %ghost %{catrustdir}/extracted/pem/tls-ca-bundle.pem %ghost %{catrustdir}/extracted/pem/email-ca-bundle.pem %ghost %{catrustdir}/extracted/pem/objsign-ca-bundle.pem @@ -315,15 +329,21 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %ghost %{catrustdir}/extracted/edk2/cacerts.bin %files tools +%defattr(-,root,root) # update/extract tool %{_bindir}/update-ca-trust %{_mandir}/man8/update-ca-trust.8.gz %files legacy +%defattr(-,root,root) %{_bindir}/bundle2pem.sh %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. +- Explicitly set default file ownership to root:root. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Updating Microsoft trusted root CAs. diff --git a/SPECS/ca-certificates/certdata.distrusted.txt b/SPECS/ca-certificates/certdata.distrusted.txt new file mode 100644 index 00000000000..913d0e76496 --- /dev/null +++ b/SPECS/ca-certificates/certdata.distrusted.txt @@ -0,0 +1,302 @@ +# Release: December 2024 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# +# certdata.txt +# +# This file contains the object definitions for the certs and other +# information "built into" NSS. +# +# Object definitions: +# +# Certificates +# +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) +# +# Trust +# +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_CERT_HASH binary+base64 (varies) +# CKA_EXPIRES CK_DATE (not used here) +# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies) +# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies) +# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies) +# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies) +# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies) +# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies) +# CKA_TRUST_CRL_SIGN CK_TRUST (varies) +# CKA_TRUST_SERVER_AUTH CK_TRUST (varies) +# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies) +# CKA_TRUST_CODE_SIGNING CK_TRUST (varies) +# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies) +# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies) +# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies) +# CKA_TRUST_IPSEC_USER CK_TRUST (varies) +# CKA_TRUST_TIME_STAMPING CK_TRUST (varies) +# CKA_TRUST_STEP_UP_APPROVED CK_BBOOL (varies) +# (other trust attributes can be defined) +# + +# +# The object to tell NSS that this is a root list and we don't +# have to go looking for others. +# +BEGINDATA +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Microsoft Builtin Distrusted Certificates" + +# +# Certificate "google.com" +# +# Issuer: CN=AC Certisign ICP-Brasil SSL EV G4,OU=Autoridade Certificadora Raiz Brasileira v10,O=ICP-Brasil,C=BR +# Serial Number:28:85:34:47:39:1a:72:1e:76:94:85:49:4e:73:57:52 +# Subject: CN=google.com,UID=b27bb194-0258-47ac-acba-c6f06f39787c,OID.2.5.4.97=OFBBR-ef0d9576-f46c-4c95-b690-e882e0b49bc0,L=Sao Paulo,ST=SP,O=GOOGLE PAY BRASIL INSTITUICAO DE PAGAMENTO LTDA,C=BR,serialNumber=43394419000188,incorporationCountry=BR,businessCategory=Private Organization +# Not Valid Before: Thu Nov 28 21:19:48 2024 +# Not Valid After : Fri Nov 28 21:19:48 2025 +# Fingerprint (SHA-256): 42:13:29:F0:DC:2F:68:3D:6E:96:C1:B5:B3:10:97:4D:09:97:AD:98:4E:F6:91:20:F5:53:72:B4:F4:8E:10:37 +# Fingerprint (SHA1): 1C:68:E6:97:AB:50:91:FE:76:16:D5:2F:A0:36:02:5C:47:43:BB:73 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "google.com" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\202\001\065\061\035\060\033\006\003\125\004\017\014\024\120 +\162\151\166\141\164\145\040\117\162\147\141\156\151\172\141\164 +\151\157\156\061\023\060\021\006\013\053\006\001\004\001\202\067 +\074\002\001\003\023\002\102\122\061\027\060\025\006\003\125\004 +\005\023\016\064\063\063\071\064\064\061\071\060\060\060\061\070 +\070\061\013\060\011\006\003\125\004\006\023\002\102\122\061\070 +\060\066\006\003\125\004\012\014\057\107\117\117\107\114\105\040 +\120\101\131\040\102\122\101\123\111\114\040\111\116\123\124\111 +\124\125\111\103\101\117\040\104\105\040\120\101\107\101\115\105 +\116\124\117\040\114\124\104\101\061\013\060\011\006\003\125\004 +\010\014\002\123\120\061\022\060\020\006\003\125\004\007\014\011 +\123\141\157\040\120\141\165\154\157\061\063\060\061\006\003\125 +\004\141\014\052\117\106\102\102\122\055\145\146\060\144\071\065 +\067\066\055\146\064\066\143\055\064\143\071\065\055\142\066\071 +\060\055\145\070\070\062\145\060\142\064\071\142\143\060\061\064 +\060\062\006\012\011\222\046\211\223\362\054\144\001\001\014\044 +\142\062\067\142\142\061\071\064\055\060\062\065\070\055\064\067 +\141\143\055\141\143\142\141\055\143\066\146\060\066\146\063\071 +\067\070\067\143\061\023\060\021\006\003\125\004\003\014\012\147 +\157\157\147\154\145\056\143\157\155 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\102\122 +\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102 +\162\141\163\151\154\061\065\060\063\006\003\125\004\013\023\054 +\101\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151 +\146\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162 +\141\163\151\154\145\151\162\141\040\166\061\060\061\052\060\050 +\006\003\125\004\003\023\041\101\103\040\103\145\162\164\151\163 +\151\147\156\040\111\103\120\055\102\162\141\163\151\154\040\123 +\123\114\040\105\126\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\050\205\064\107\071\032\162\036\166\224\205\111\116\163 +\127\122 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\010\001\060\202\005\351\240\003\002\001\002\002\020\050 +\205\064\107\071\032\162\036\166\224\205\111\116\163\127\122\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 +\205\061\013\060\011\006\003\125\004\006\023\002\102\122\061\023 +\060\021\006\003\125\004\012\023\012\111\103\120\055\102\162\141 +\163\151\154\061\065\060\063\006\003\125\004\013\023\054\101\165 +\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146\151 +\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141\163 +\151\154\145\151\162\141\040\166\061\060\061\052\060\050\006\003 +\125\004\003\023\041\101\103\040\103\145\162\164\151\163\151\147 +\156\040\111\103\120\055\102\162\141\163\151\154\040\123\123\114 +\040\105\126\040\107\064\060\036\027\015\062\064\061\061\062\070 +\062\061\061\071\064\070\132\027\015\062\065\061\061\062\070\062 +\061\061\071\064\070\132\060\202\001\065\061\035\060\033\006\003 +\125\004\017\014\024\120\162\151\166\141\164\145\040\117\162\147 +\141\156\151\172\141\164\151\157\156\061\023\060\021\006\013\053 +\006\001\004\001\202\067\074\002\001\003\023\002\102\122\061\027 +\060\025\006\003\125\004\005\023\016\064\063\063\071\064\064\061 +\071\060\060\060\061\070\070\061\013\060\011\006\003\125\004\006 +\023\002\102\122\061\070\060\066\006\003\125\004\012\014\057\107 +\117\117\107\114\105\040\120\101\131\040\102\122\101\123\111\114 +\040\111\116\123\124\111\124\125\111\103\101\117\040\104\105\040 +\120\101\107\101\115\105\116\124\117\040\114\124\104\101\061\013 +\060\011\006\003\125\004\010\014\002\123\120\061\022\060\020\006 +\003\125\004\007\014\011\123\141\157\040\120\141\165\154\157\061 +\063\060\061\006\003\125\004\141\014\052\117\106\102\102\122\055 +\145\146\060\144\071\065\067\066\055\146\064\066\143\055\064\143 +\071\065\055\142\066\071\060\055\145\070\070\062\145\060\142\064 +\071\142\143\060\061\064\060\062\006\012\011\222\046\211\223\362 +\054\144\001\001\014\044\142\062\067\142\142\061\071\064\055\060 +\062\065\070\055\064\067\141\143\055\141\143\142\141\055\143\066 +\146\060\066\146\063\071\067\070\067\143\061\023\060\021\006\003 +\125\004\003\014\012\147\157\157\147\154\145\056\143\157\155\060 +\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 +\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 +\245\071\062\166\146\112\020\362\222\260\147\320\324\326\000\245 +\162\170\155\042\014\366\350\006\234\273\346\243\106\262\207\204 +\365\316\016\143\113\113\351\240\024\326\123\263\340\043\116\355 +\201\352\030\177\366\120\142\300\126\373\004\303\011\033\263\025 +\110\177\001\170\272\370\214\026\336\360\057\320\301\103\271\005 +\336\135\034\023\341\103\247\050\130\355\027\324\072\376\174\222 +\360\006\062\201\354\321\230\061\114\025\072\162\013\314\154\030 +\230\241\170\130\202\215\017\366\016\110\003\325\202\331\300\376 +\236\320\033\267\330\334\217\332\331\107\030\277\212\346\126\160 +\310\326\015\051\365\172\366\252\230\347\322\005\307\135\351\037 +\312\236\236\377\176\217\070\203\262\003\026\025\272\170\136\271 +\044\126\313\012\217\257\006\311\057\321\275\055\302\201\124\130 +\042\132\315\142\113\221\247\012\167\301\152\276\254\274\344\163 +\206\013\020\217\110\141\263\046\133\164\110\004\207\122\145\373 +\151\241\005\022\012\373\335\137\226\323\165\051\047\256\316\236 +\250\021\054\170\147\214\275\125\374\300\152\224\353\165\217\131 +\002\003\001\000\001\243\202\002\270\060\202\002\264\060\030\006 +\003\125\035\021\001\001\377\004\016\060\014\202\012\147\157\157 +\147\154\145\056\143\157\155\060\011\006\003\125\035\023\004\002 +\060\000\060\037\006\003\125\035\043\004\030\060\026\200\024\027 +\111\323\106\270\151\244\056\077\011\203\116\024\215\111\076\220 +\325\014\050\060\201\232\006\003\125\035\040\004\201\222\060\201 +\217\060\201\202\006\006\140\114\001\002\001\152\060\170\060\166 +\006\010\053\006\001\005\005\007\002\001\026\152\150\164\164\160 +\072\057\057\151\143\160\055\142\162\141\163\151\154\056\143\145 +\162\164\151\163\151\147\156\056\143\157\155\056\142\162\057\162 +\145\160\157\163\151\164\157\162\151\157\057\144\160\143\057\141 +\143\137\143\145\162\164\151\163\151\147\156\137\151\143\160\137 +\142\162\137\163\163\154\057\104\120\103\137\101\103\137\103\145 +\162\164\151\163\151\147\156\137\111\143\160\137\102\162\137\123 +\163\154\056\160\144\146\060\010\006\006\147\201\014\001\002\002 +\060\201\312\006\003\125\035\037\004\201\302\060\201\277\060\136 +\240\134\240\132\206\130\150\164\164\160\072\057\057\151\143\160 +\055\142\162\141\163\151\154\056\143\145\162\164\151\163\151\147 +\156\056\143\157\155\056\142\162\057\162\145\160\157\163\151\164 +\157\162\151\157\057\154\143\162\057\101\103\103\145\162\164\151 +\163\151\147\156\111\103\120\102\122\123\123\114\105\126\107\064 +\057\114\141\164\145\163\164\103\122\114\056\143\162\154\060\135 +\240\133\240\131\206\127\150\164\164\160\072\057\057\151\143\160 +\055\142\162\141\163\151\154\056\157\165\164\162\141\154\143\162 +\056\143\157\155\056\142\162\057\162\145\160\157\163\151\164\157 +\162\151\157\057\154\143\162\057\101\103\103\145\162\164\151\163 +\151\147\156\111\103\120\102\122\123\123\114\105\126\107\064\057 +\114\141\164\145\163\164\103\122\114\056\143\162\154\060\016\006 +\003\125\035\017\001\001\377\004\004\003\002\003\250\060\035\006 +\003\125\035\045\004\026\060\024\006\010\053\006\001\005\005\007 +\003\001\006\010\053\006\001\005\005\007\003\002\060\023\006\012 +\053\006\001\004\001\326\171\002\004\003\001\001\377\004\002\005 +\000\060\201\275\006\010\053\006\001\005\005\007\001\001\004\201 +\260\060\201\255\060\151\006\010\053\006\001\005\005\007\060\002 +\206\135\150\164\164\160\072\057\057\151\143\160\055\142\162\141 +\163\151\154\056\143\145\162\164\151\163\151\147\156\056\143\157 +\155\056\142\162\057\162\145\160\157\163\151\164\157\162\151\157 +\057\143\145\162\164\151\146\151\143\141\144\157\163\057\101\103 +\137\103\145\162\164\151\163\151\147\156\137\111\143\160\137\102 +\162\137\123\163\154\137\105\126\137\107\064\056\160\067\143\060 +\100\006\010\053\006\001\005\005\007\060\001\206\064\150\164\164 +\160\072\057\057\157\143\163\160\055\141\143\055\143\145\162\164 +\151\163\151\147\156\055\151\143\160\055\142\162\055\163\163\154 +\056\143\145\162\164\151\163\151\147\156\056\143\157\155\056\142 +\162\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 +\003\202\002\001\000\004\277\164\275\336\224\331\155\317\017\142 +\333\066\327\114\036\123\143\176\215\160\003\240\323\006\373\365 +\167\164\071\324\202\171\354\345\013\353\226\072\237\323\247\366 +\271\247\132\155\174\371\260\177\135\207\024\165\006\057\263\077 +\160\345\152\161\147\363\344\255\257\115\172\163\033\154\164\354 +\344\304\061\003\030\275\234\022\233\223\053\021\073\364\221\165 +\160\055\102\341\220\147\212\270\007\064\347\165\346\020\170\137 +\001\301\316\344\226\363\337\263\307\302\004\333\110\224\200\320 +\352\261\025\020\211\034\317\151\256\172\161\207\032\063\050\117 +\300\232\310\161\146\345\321\007\267\323\320\035\127\002\273\173 +\131\016\216\076\155\115\044\146\112\245\154\360\264\244\356\312 +\050\213\212\270\111\211\206\146\233\013\160\027\260\075\217\022 +\360\241\202\146\334\052\053\314\363\150\240\055\363\122\341\116 +\162\052\075\357\317\137\311\045\005\262\133\046\055\247\332\062 +\377\250\105\167\142\023\333\014\142\240\133\271\346\160\313\001 +\007\332\010\105\114\354\326\061\110\110\164\106\220\340\302\270 +\231\034\204\021\027\341\336\266\037\320\275\366\247\206\333\336 +\120\347\244\215\210\141\141\106\146\070\300\253\260\320\220\326 +\245\307\041\351\224\320\063\071\110\345\052\042\254\163\164\205 +\242\067\151\350\036\302\102\130\346\211\372\151\262\305\002\213 +\203\200\230\261\344\051\153\361\103\323\353\062\365\150\122\052 +\167\301\250\367\375\266\337\130\107\336\106\302\044\261\136\025 +\024\073\255\246\116\242\351\241\011\113\326\051\105\332\143\216 +\041\201\017\276\036\222\150\134\235\033\130\215\031\016\025\322 +\310\337\152\331\232\214\341\060\243\114\175\074\303\132\250\053 +\333\021\267\140\135\231\223\003\335\056\241\062\176\313\134\305 +\114\114\100\377\066\116\252\160\037\027\322\121\305\277\344\105 +\111\036\012\031\346\335\247\203\043\132\351\355\150\076\022\153 +\155\110\337\121\224\002\112\337\374\023\040\307\113\024\077\154 +\364\153\003\136\374\242\242\164\321\300\100\324\211\367\307\146 +\005\331\230\314\124\045\273\245\306\024\036\224\214\100\075\215 +\104\265\367\204\063\367\037\075\221\056\263\325\023\135\313\040 +\173\136\210\017\230 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "google.com" +# Issuer: CN=AC Certisign ICP-Brasil SSL EV G4,OU=Autoridade Certificadora Raiz Brasileira v10,O=ICP-Brasil,C=BR +# Serial Number:28:85:34:47:39:1a:72:1e:76:94:85:49:4e:73:57:52 +# Subject: CN=google.com,UID=b27bb194-0258-47ac-acba-c6f06f39787c,OID.2.5.4.97=OFBBR-ef0d9576-f46c-4c95-b690-e882e0b49bc0,L=Sao Paulo,ST=SP,O=GOOGLE PAY BRASIL INSTITUICAO DE PAGAMENTO LTDA,C=BR,serialNumber=43394419000188,incorporationCountry=BR,businessCategory=Private Organization +# Not Valid Before: Thu Nov 28 21:19:48 2024 +# Not Valid After : Fri Nov 28 21:19:48 2025 +# Fingerprint (SHA-256): 42:13:29:F0:DC:2F:68:3D:6E:96:C1:B5:B3:10:97:4D:09:97:AD:98:4E:F6:91:20:F5:53:72:B4:F4:8E:10:37 +# Fingerprint (SHA1): 1C:68:E6:97:AB:50:91:FE:76:16:D5:2F:A0:36:02:5C:47:43:BB:73 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "google.com" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\034\150\346\227\253\120\221\376\166\026\325\057\240\066\002\134 +\107\103\273\163 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\016\067\034\146\242\243\030\173\162\334\023\136\201\340\143\150 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\102\122 +\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102 +\162\141\163\151\154\061\065\060\063\006\003\125\004\013\023\054 +\101\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151 +\146\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162 +\141\163\151\154\145\151\162\141\040\166\061\060\061\052\060\050 +\006\003\125\004\003\023\041\101\103\040\103\145\162\164\151\163 +\151\147\156\040\111\103\120\055\102\162\141\163\151\154\040\123 +\123\114\040\105\126\040\107\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\050\205\064\107\071\032\162\036\166\224\205\111\116\163 +\127\122 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE \ No newline at end of file diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index 2568cedf98b..552db691b29 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates-base # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Making 'Release' match with 'ca-certificates' diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index 95902457b19..b004b5486fd 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -3,7 +3,7 @@ Name: prebuilt-ca-certificates # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. Epoch: 1 Version: 2.0.0 -Release: 18%{?dist} +Release: 19%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -49,6 +49,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 11 2024 Pawel Winogrodzki - 2.0.0-19 +- Update adding Microsoft distrusted CAs. + * Fri Aug 09 2024 CBL-Mariner Servicing Account - 2.0.0-18 - Making 'Release' match with 'ca-certificates' diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index ed3d7da0965..79f8bbc3d07 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.aarch64.rpm libtasn1-4.19.0-1.cm2.aarch64.rpm p11-kit-0.24.1-1.cm2.aarch64.rpm p11-kit-trust-0.24.1-1.cm2.aarch64.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.aarch64.rpm unzip-6.0-21.cm2.aarch64.rpm python3-3.9.19-7.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d034af1a99f..44da8087b55 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -231,10 +231,10 @@ libffi-devel-3.4.2-3.cm2.x86_64.rpm libtasn1-4.19.0-1.cm2.x86_64.rpm p11-kit-0.24.1-1.cm2.x86_64.rpm p11-kit-trust-0.24.1-1.cm2.x86_64.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.x86_64.rpm unzip-6.0-21.cm2.x86_64.rpm python3-3.9.19-7.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 51a272a009f..7a6111d181c 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -18,11 +18,11 @@ bzip2-1.0.8-1.cm2.aarch64.rpm bzip2-debuginfo-1.0.8-1.cm2.aarch64.rpm bzip2-devel-1.0.8-1.cm2.aarch64.rpm bzip2-libs-1.0.8-1.cm2.aarch64.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-18.cm2.noarch.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-19.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm ccache-4.8-1.cm2.aarch64.rpm ccache-debuginfo-4.8-1.cm2.aarch64.rpm check-0.15.2-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index d088745e913..628ae406dca 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -19,11 +19,11 @@ bzip2-1.0.8-1.cm2.x86_64.rpm bzip2-debuginfo-1.0.8-1.cm2.x86_64.rpm bzip2-devel-1.0.8-1.cm2.x86_64.rpm bzip2-libs-1.0.8-1.cm2.x86_64.rpm -ca-certificates-2.0.0-18.cm2.noarch.rpm -ca-certificates-base-2.0.0-18.cm2.noarch.rpm -ca-certificates-legacy-2.0.0-18.cm2.noarch.rpm -ca-certificates-shared-2.0.0-18.cm2.noarch.rpm -ca-certificates-tools-2.0.0-18.cm2.noarch.rpm +ca-certificates-2.0.0-19.cm2.noarch.rpm +ca-certificates-base-2.0.0-19.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-19.cm2.noarch.rpm +ca-certificates-shared-2.0.0-19.cm2.noarch.rpm +ca-certificates-tools-2.0.0-19.cm2.noarch.rpm ccache-4.8-1.cm2.x86_64.rpm ccache-debuginfo-4.8-1.cm2.x86_64.rpm check-0.15.2-1.cm2.x86_64.rpm From 9da5304e5a9064c788ea03fb3f7334e335aca753 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Fri, 20 Dec 2024 12:28:54 -0800 Subject: [PATCH 15/36] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-cli - branch main (#11468) Co-authored-by: suresh-thelkar Co-authored-by: jslobodzian --- SPECS/moby-cli/CVE-2024-24786.patch | 43 +++++++++++++++++++++++++++++ SPECS/moby-cli/moby-cli.spec | 6 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-cli/CVE-2024-24786.patch diff --git a/SPECS/moby-cli/CVE-2024-24786.patch b/SPECS/moby-cli/CVE-2024-24786.patch new file mode 100644 index 00000000000..4c7ed3d8cc5 --- /dev/null +++ b/SPECS/moby-cli/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From c15bfce5b2a8514ccc5dabde1fbe44d4f53e7abe Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Thu, 5 Dec 2024 10:10:19 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/moby-cli/moby-cli.spec b/SPECS/moby-cli/moby-cli.spec index ddaa1918815..13e8e5f09f2 100644 --- a/SPECS/moby-cli/moby-cli.spec +++ b/SPECS/moby-cli/moby-cli.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine client. Name: moby-cli Version: 24.0.9 -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -14,6 +14,7 @@ Source1: %{name}-%{version}-govendor-v1.tar.gz Patch0: disable_manpage_vendor.patch Patch1: CVE-2023-45288.patch Patch2: CVE-2024-36623.patch +Patch3: CVE-2024-24786.patch BuildRequires: git BuildRequires: go-md2man BuildRequires: golang @@ -79,6 +80,9 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi %{_datadir}/fish/vendor_completions.d/docker.fish %changelog +* Fri Dec 13 2024 Suresh Thelkar - 24.0.9-6 +- Patch CVE-2024-24786 + * Tue Dec 10 2024 Sudipta Pandit - 24.0.9-5 - Add patch for CVE-2024-36623 From fbb226eed6e12f7ebed9806caaad5ddfaee86e50 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:33:24 +0100 Subject: [PATCH 16/36] [AUTO-CHERRYPICK] iptraf-ng: upgrade to 1.2.2 - branch main (#11604) Co-authored-by: Andrew Phelps --- SPECS/iptraf-ng/iptraf-ng.signatures.json | 2 +- SPECS/iptraf-ng/iptraf-ng.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/iptraf-ng/iptraf-ng.signatures.json b/SPECS/iptraf-ng/iptraf-ng.signatures.json index 76d882f14e5..431ee9fafed 100644 --- a/SPECS/iptraf-ng/iptraf-ng.signatures.json +++ b/SPECS/iptraf-ng/iptraf-ng.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "iptraf-ng-1.2.1.tar.gz": "9f5cef584065420dea1ba32c86126aede1fa9bd25b0f8362b0f9fd9754f00870", + "iptraf-ng-1.2.2.tar.gz": "75fd653745ea0705995c25e6c07b34252ecc2563c6a91b007a3a8c26f29cc252", "iptraf-ng-logrotate.conf": "c9c1f849fb04dceeff50aa3e2bd2c40f5e8656e00d1dabcde36e1e9dcfa7a1bb", "iptraf-ng-tmpfiles.conf": "cd9e13572be9836f8efe6fcea198ccffad97b1db7f97bf0133b7d477f9d65ed0" } diff --git a/SPECS/iptraf-ng/iptraf-ng.spec b/SPECS/iptraf-ng/iptraf-ng.spec index 5b102f40dba..49154d183fa 100644 --- a/SPECS/iptraf-ng/iptraf-ng.spec +++ b/SPECS/iptraf-ng/iptraf-ng.spec @@ -2,7 +2,7 @@ Vendor: Microsoft Corporation Distribution: Mariner Summary: A console-based network monitoring utility Name: iptraf-ng -Version: 1.2.1 +Version: 1.2.2 Release: 1%{?dist} Source0: https://github.com/iptraf-ng/iptraf-ng/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: %{name}-logrotate.conf @@ -70,6 +70,9 @@ install -d -m 0755 %{buildroot}/run/%{name}/ %{_prefix}/lib/tmpfiles.d/%{name}.conf %changelog +* Thu Dec 19 2024 Andrew Phelps - 1.2.2-1 +- Upgrade to 1.2.2 to fix CVE-2024-52949 + * Tue Jun 21 2022 Jon Slobodzian - 1.2.1-1 - Upgrading to fix build break and align with latest ncurses update. - License verified. diff --git a/cgmanifest.json b/cgmanifest.json index cc0d13737b1..f87b8bfb06b 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -7441,8 +7441,8 @@ "type": "other", "other": { "name": "iptraf-ng", - "version": "1.2.1", - "downloadUrl": "https://github.com/iptraf-ng/iptraf-ng/archive/v1.2.1.tar.gz" + "version": "1.2.2", + "downloadUrl": "https://github.com/iptraf-ng/iptraf-ng/archive/v1.2.2.tar.gz" } } }, From 4703a430861f82eaac80063d25d12e9e50ccc5a8 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:35:34 +0100 Subject: [PATCH 17/36] [AUTO-CHERRYPICK] grpc: Address CVE-2023-32067 - branch main (#11605) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com> --- SPECS/grpc/CVE-2023-32067.patch | 79 +++++++++++++++++++++++++++++++++ SPECS/grpc/grpc.spec | 8 +++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 SPECS/grpc/CVE-2023-32067.patch diff --git a/SPECS/grpc/CVE-2023-32067.patch b/SPECS/grpc/CVE-2023-32067.patch new file mode 100644 index 00000000000..5807e92e1dc --- /dev/null +++ b/SPECS/grpc/CVE-2023-32067.patch @@ -0,0 +1,79 @@ +From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 +From: Brad House +Date: Mon, 22 May 2023 06:51:49 -0400 +Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc + +--- + third_party/cares/cares/ares_process.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/third_party/cares/cares/ares_process.c b/third_party/cares/cares/ares_process.c +index bf0cde4646..6cac0a99fd 100644 +--- a/third_party/cares/cares/ares_process.c ++++ b/third_party/cares/cares/ares_process.c +@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + { + struct server_state *server; + int i; +- ares_ssize_t count; ++ ares_ssize_t read_len; + unsigned char buf[MAXENDSSZ + 1]; + #ifdef HAVE_RECVFROM + ares_socklen_t fromlen; +@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + /* To reduce event loop overhead, read and process as many + * packets as we can. */ + do { +- if (server->udp_socket == ARES_SOCKET_BAD) +- count = 0; +- +- else { +- if (server->addr.family == AF_INET) ++ if (server->udp_socket == ARES_SOCKET_BAD) { ++ read_len = -1; ++ } else { ++ if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); +- else ++ } else { + fromlen = sizeof(from.sa6); +- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, +- sizeof(buf), 0, &from.sa, &fromlen); ++ } ++ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, ++ sizeof(buf), 0, &from.sa, &fromlen); + } + +- if (count == -1 && try_again(SOCKERRNO)) ++ if (read_len == 0) { ++ /* UDP is connectionless, so result code of 0 is a 0-length UDP ++ * packet, and not an indication the connection is closed like on ++ * tcp */ + continue; +- else if (count <= 0) ++ } else if (read_len < 0) { ++ if (try_again(SOCKERRNO)) ++ continue; ++ + handle_error(channel, i, now); ++ + #ifdef HAVE_RECVFROM +- else if (!same_address(&from.sa, &server->addr)) ++ } else if (!same_address(&from.sa, &server->addr)) { + /* The address the response comes from does not match the address we + * sent the request to. Someone may be attempting to perform a cache + * poisoning attack. */ +- break; ++ continue; + #endif +- else +- process_answer(channel, buf, (int)count, i, 0, now); +- } while (count > 0); ++ ++ } else { ++ process_answer(channel, buf, (int)read_len, i, 0, now); ++ } ++ } while (read_len >= 0); + } + } + diff --git a/SPECS/grpc/grpc.spec b/SPECS/grpc/grpc.spec index e0c016ad175..eee27cac331 100644 --- a/SPECS/grpc/grpc.spec +++ b/SPECS/grpc/grpc.spec @@ -1,7 +1,7 @@ Summary: Open source remote procedure call (RPC) framework Name: grpc Version: 1.42.0 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -9,6 +9,8 @@ Group: Applications/System URL: https://www.grpc.io Source0: https://github.com/grpc/grpc/archive/v%{version}/%{name}-%{version}.tar.gz Source1: %{name}-%{version}-submodules.tar.gz + +Patch0: CVE-2023-32067.patch BuildRequires: abseil-cpp-devel BuildRequires: c-ares-devel BuildRequires: cmake @@ -69,6 +71,7 @@ Python language bindings for gRPC. %prep %setup -q -n %{name}-%{version} %setup -T -D -a 1 +%autopatch -p1 %build # Updating used C++ version to be compatible with the build dependencies. @@ -148,6 +151,9 @@ export GRPC_PYTHON_BUILD_SYSTEM_ABSL=True %changelog +* Mon Dec 10 2024 Ankita Pareek - 1.42.0-8 +- Address CVE-2023-32067 in the grpc submodules package + * Thu Oct 19 2023 Dan Streetman - 1.42.0-7 - Bump release to rebuild with updated version of Go. From 177a1781d63718d5e51a814783f8c2e4346b9bd0 Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:39:47 +0100 Subject: [PATCH 18/36] [AUTO-CHERRYPICK] Patch avahi for multiple CVEs - branch main (#11606) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> --- SPECS/avahi/CVE-2023-38469.patch | 43 +++++++++++++ SPECS/avahi/CVE-2023-38470.patch | 51 ++++++++++++++++ SPECS/avahi/CVE-2023-38471.patch | 63 +++++++++++++++++++ SPECS/avahi/CVE-2023-38472.patch | 40 ++++++++++++ SPECS/avahi/CVE-2023-38473.patch | 101 +++++++++++++++++++++++++++++++ SPECS/avahi/avahi.spec | 14 ++++- 6 files changed, 311 insertions(+), 1 deletion(-) create mode 100644 SPECS/avahi/CVE-2023-38469.patch create mode 100644 SPECS/avahi/CVE-2023-38470.patch create mode 100644 SPECS/avahi/CVE-2023-38471.patch create mode 100644 SPECS/avahi/CVE-2023-38472.patch create mode 100644 SPECS/avahi/CVE-2023-38473.patch diff --git a/SPECS/avahi/CVE-2023-38469.patch b/SPECS/avahi/CVE-2023-38469.patch new file mode 100644 index 00000000000..58583f58428 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38469.patch @@ -0,0 +1,43 @@ +From c89fd5f2e85052f1f8b74ddeff38235932236889 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Wed, 27 Nov 2024 08:48:59 +0000 +Subject: [PATCH] Fix CVE patch + +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/rr.c b/avahi-core/rr.c +index 7fa0bee..b03a24c 100644 +--- a/avahi-core/rr.c ++++ b/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include + #include + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38470.patch b/SPECS/avahi/CVE-2023-38470.patch new file mode 100644 index 00000000000..e3ab0783944 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38470.patch @@ -0,0 +1,51 @@ +From cc5f44eb015384d8c764646c48b9da80f811446c Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 10:25:43 +0000 +Subject: [PATCH] Fix CVE-2023-38470 + +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763ec..3acc1c1 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab68..e66d241 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38471.patch b/SPECS/avahi/CVE-2023-38471.patch new file mode 100644 index 00000000000..00c414826e8 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38471.patch @@ -0,0 +1,63 @@ +From 48467feda7135e3fa2392294387601f88a06f001 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 10:49:17 +0000 +Subject: [PATCH] Fix CVE-2023-38471 patch + +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index e507750..40f1d68 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); ++ ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38472.patch b/SPECS/avahi/CVE-2023-38472.patch new file mode 100644 index 00000000000..741168dbab0 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38472.patch @@ -0,0 +1,40 @@ +From 2cc17a0febc2c1f70db147d9d56861f3520bacad Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 04:44:07 +0000 +Subject: [PATCH] Fix CVE patch + +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c +index 7d04a6a..57750a4 100644 +--- a/avahi-client/client-test.c ++++ b/avahi-client/client-test.c +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c +index 4e879a5..aa23d4b 100644 +--- a/avahi-daemon/dbus-entry-group.c ++++ b/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } +-- +2.45.2 + diff --git a/SPECS/avahi/CVE-2023-38473.patch b/SPECS/avahi/CVE-2023-38473.patch new file mode 100644 index 00000000000..a59479fb686 --- /dev/null +++ b/SPECS/avahi/CVE-2023-38473.patch @@ -0,0 +1,101 @@ +From e6348a0e1f1f42547dce80135afea806125654cc Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Mon, 2 Dec 2024 09:20:54 +0000 +Subject: [PATCH] Fix CVE-2023-38473 + +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c +index 9255435..681fc15 100644 +--- a/avahi-common/alternative-test.c ++++ b/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c +index b3d39f0..a094e6d 100644 +--- a/avahi-common/alternative.c ++++ b/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; +-- +2.45.2 + diff --git a/SPECS/avahi/avahi.spec b/SPECS/avahi/avahi.spec index efe2fb944ac..19600f07887 100644 --- a/SPECS/avahi/avahi.spec +++ b/SPECS/avahi/avahi.spec @@ -3,7 +3,7 @@ Summary: Local network service discovery Name: avahi Version: 0.8 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -13,6 +13,11 @@ Patch0: %{name}-libevent-pc-fix.patch Patch1: CVE-2021-3468.patch Patch2: CVE-2021-3502.patch Patch3: CVE-2023-1981.patch +Patch4: CVE-2023-38470.patch +Patch5: CVE-2023-38471.patch +Patch6: CVE-2023-38472.patch +Patch7: CVE-2023-38473.patch +Patch8: CVE-2023-38469.patch BuildRequires: automake BuildRequires: dbus-devel >= 0.90 BuildRequires: dbus-glib-devel >= 0.70 @@ -406,6 +411,13 @@ exit 0 %endif %changelog +* Mon Dec 02 2024 Kanishk Bansal - 0.8-3 +- Fix CVE-2023-38473 wih an upstream patch +- Fix CVE-2023-38472 wih an upstream patch +- Fix CVE-2023-38471 wih an upstream patch +- Fix CVE-2023-38470 wih an upstream patch +- Fix CVE-2023-38469.patch with an upstream patch + * Tue Oct 29 2024 Daniel McIlvaney - 0.8-2 - Fix CVE-2023-1981 with an upstream patch From 8ee3863336daf6202148a7465ee9ac2ac606446b Mon Sep 17 00:00:00 2001 From: nicolas guibourge Date: Fri, 20 Dec 2024 21:53:00 +0100 Subject: [PATCH 19/36] [AUTO-CHERRYPICK] Patch CVE-2024-24786 in moby-engine - branch main (#11607) Co-authored-by: suresh-thelkar Co-authored-by: jslobodzian --- SPECS/moby-engine/CVE-2024-24786.patch | 43 ++++++++++++++++++++++++++ SPECS/moby-engine/moby-engine.spec | 10 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 SPECS/moby-engine/CVE-2024-24786.patch diff --git a/SPECS/moby-engine/CVE-2024-24786.patch b/SPECS/moby-engine/CVE-2024-24786.patch new file mode 100644 index 00000000000..256657a5578 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-24786.patch @@ -0,0 +1,43 @@ +From a43fa39c1012862334a186e4c3a9c67e7d111461 Mon Sep 17 00:00:00 2001 +From: Suresh Thelkar +Date: Thu, 5 Dec 2024 10:28:31 +0530 +Subject: [PATCH] Patch for CVE-2024-24786 + +Upstream patch details are given below. +https://github.com/protocolbuffers/protobuf-go/commit/f01a588 +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec index 9d179563868..0e69c6b933e 100644 --- a/SPECS/moby-engine/moby-engine.spec +++ b/SPECS/moby-engine/moby-engine.spec @@ -3,7 +3,7 @@ Summary: The open-source application container engine Name: moby-engine Version: 24.0.9 -Release: 11%{?dist} +Release: 13%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://mobyproject.org @@ -26,6 +26,8 @@ Patch6: CVE-2024-41110.patch Patch7: CVE-2024-29018.patch Patch8: CVE-2024-36621.patch Patch9: CVE-2024-36623.patch +Patch10: CVE-2024-45337.patch +Patch11: CVE-2024-24786.patch %{?systemd_requires} @@ -126,6 +128,12 @@ fi %{_unitdir}/* %changelog +* Thu Dec 19 2024 Suresh Thelkar - 24.0.9-13 +- Patch CVE-2024-24786 + +* Tue Dec 17 2024 Andrew Phelps - 24.0.9-12 +- Add patch for CVE-2024-45337 + * Wed Dec 04 2024 Adit Jha - 24.0.9-11 - Patch CVE-2024-36621 & CVE-2024-36623 From bfaf2f82bf7798675e91c530bdbf0bcf29701bc5 Mon Sep 17 00:00:00 2001 From: jslobodzian Date: Sun, 22 Dec 2024 08:16:07 -0500 Subject: [PATCH 20/36] Bump Release for January 2025 Update (#11642) --- SPECS/mariner-release/mariner-release.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index 6d76665a49e..6550494897b 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 2.0 -Release: 69%{?dist} +Release: 70%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -62,6 +62,9 @@ EOF %config(noreplace) %{_sysconfdir}/issue.net %changelog +* Sat Dec 21 2024 Jon Slobodzian - 2.0-70 +- Bump release for January 2025 Update + * Fri Nov 22 2024 CBL-Mariner Servicing Account - 2.0-69 - Bump release for December 2024 Update From 0209604573dcf85f29481283b0ae395dcabf8dff Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:57:42 -0800 Subject: [PATCH 21/36] [AUTOPATCHER-CORE] Upgrade tzdata to 2024b (#10373) Co-authored-by: jslobodzian --- SPECS/tzdata/tzdata.signatures.json | 4 ++-- SPECS/tzdata/tzdata.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/tzdata/tzdata.signatures.json b/SPECS/tzdata/tzdata.signatures.json index e51cc8e0862..e34724d7988 100644 --- a/SPECS/tzdata/tzdata.signatures.json +++ b/SPECS/tzdata/tzdata.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "tzdata2024a.tar.gz": "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3" + "tzdata2024b.tar.gz": "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550" } -} \ No newline at end of file +} diff --git a/SPECS/tzdata/tzdata.spec b/SPECS/tzdata/tzdata.spec index 2b701feb5bc..6faf52da270 100644 --- a/SPECS/tzdata/tzdata.spec +++ b/SPECS/tzdata/tzdata.spec @@ -1,6 +1,6 @@ Summary: Time zone data Name: tzdata -Version: 2024a +Version: 2024b Release: 1%{?dist} License: Public Domain Vendor: Microsoft Corporation @@ -45,6 +45,9 @@ ln -svf %{_datarootdir}/zoneinfo/UTC %{buildroot}%{_sysconfdir}/localtime %{_datadir}/* %changelog +* Fri Sep 06 2024 CBL-Mariner Servicing Account - 2024b-1 +- Auto-upgrade to 2024b + * Fri Feb 02 2024 CBL-Mariner Servicing Account - 2024a-1 - Auto-upgrade to 2024a - upgrade to version 2024a diff --git a/cgmanifest.json b/cgmanifest.json index f87b8bfb06b..e78f5cdd7a8 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -29047,8 +29047,8 @@ "type": "other", "other": { "name": "tzdata", - "version": "2024a", - "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2024a.tar.gz" + "version": "2024b", + "downloadUrl": "https://data.iana.org/time-zones/releases/tzdata2024b.tar.gz" } } }, From cc9942b8e7955225d9a49a2e58c33a29b415fcc8 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:28:38 -0800 Subject: [PATCH 22/36] [AUTO-CHERRYPICK] packer: patch CVE-2024-45337 - branch main (#11650) Co-authored-by: Andrew Phelps --- SPECS/packer/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++++++++ SPECS/packer/packer.spec | 6 ++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 SPECS/packer/CVE-2024-45337.patch diff --git a/SPECS/packer/CVE-2024-45337.patch b/SPECS/packer/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/packer/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/packer/packer.spec b/SPECS/packer/packer.spec index f360becd548..b9fa7b8637a 100644 --- a/SPECS/packer/packer.spec +++ b/SPECS/packer/packer.spec @@ -5,7 +5,7 @@ Summary: Tool for creating identical machine images for multiple platform Name: packer Epoch: 1 Version: 1.9.5 -Release: 4%{?dist} +Release: 5%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,7 @@ Patch1: CVE-2022-3064.patch Patch2: CVE-2023-49569.patch Patch3: CVE-2024-6104.patch Patch4: CVE-2024-24786.patch +Patch5: CVE-2024-45337.patch BuildRequires: golang BuildRequires: kernel-headers BuildRequires: glibc-devel @@ -70,6 +71,9 @@ go test -mod=vendor %{_bindir}/packer %changelog +* Tue Dec 17 2024 Andrew Phelps - 1.9.5-5 +- Add patch for CVE-2024-45337 + * Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.9.5-4 - Patch for CVE-2024-24786 From 0f39b3ceb50a91a2b0ce2fa0b7c04096f2ff2594 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:32:35 -0800 Subject: [PATCH 23/36] [AUTO-CHERRYPICK] etcd: Fix CVE-2024-24786 - branch main (#11654) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/etcd/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++++++ SPECS/etcd/etcd.spec | 7 +++++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 SPECS/etcd/CVE-2024-24786.patch diff --git a/SPECS/etcd/CVE-2024-24786.patch b/SPECS/etcd/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/etcd/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/etcd/etcd.spec b/SPECS/etcd/etcd.spec index 90c04b683b5..4b0111edd79 100644 --- a/SPECS/etcd/etcd.spec +++ b/SPECS/etcd/etcd.spec @@ -1,7 +1,7 @@ Summary: A highly-available key value store for shared configuration Name: etcd Version: 3.5.12 -Release: 5%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -14,6 +14,8 @@ Source1: etcd.service # generate_source_tarball.sh --srcTarball --pkgVersion %%{version} --outFolder . Source2: %{name}-%{version}-vendor.tar.gz Patch0: CVE-2023-45288.patch +Patch1: CVE-2024-24786.patch + BuildRequires: golang %description @@ -117,6 +119,9 @@ install -vdm755 %{buildroot}%{_sharedstatedir}/etcd /%{_docdir}/%{name}-%{version}-tools/* %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 3.5.12-6 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 3.5.12-5 - Bump release to rebuild with go 1.22.7 From 1ffa8c222510d028cbab694f305521ae65494c69 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:33:57 -0800 Subject: [PATCH 24/36] [AUTO-CHERRYPICK] Patch gh to fix CVE-2024-54132 - branch main (#11655) Co-authored-by: Sandeep Karambelkar --- SPECS/gh/CVE-2024-54132.patch | 939 ++++++++++++++++++++++++++++++++++ SPECS/gh/gh.spec | 7 +- 2 files changed, 945 insertions(+), 1 deletion(-) create mode 100644 SPECS/gh/CVE-2024-54132.patch diff --git a/SPECS/gh/CVE-2024-54132.patch b/SPECS/gh/CVE-2024-54132.patch new file mode 100644 index 00000000000..9ebe429179a --- /dev/null +++ b/SPECS/gh/CVE-2024-54132.patch @@ -0,0 +1,939 @@ +From 8da27d2c8ac8b781cf34a5e04ed57cfe4b68fa55 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Tue, 19 Nov 2024 17:55:18 -0500 +Subject: [PATCH 1/5] Second attempt to address exploit + +This builds off suggestion to reuse logic used already within `gh run download` for detecting path traversals. + +This largely works but runs into an issue where detection logic doesn't handle non-separated traversal. + +From 83cf41155646380d3df4037d3f2ac683147f194a Mon Sep 17 00:00:00 2001 +From: Tyler McGoffin +Date: Tue, 19 Nov 2024 16:08:31 -0800 +Subject: [PATCH 2/5] Improve test names so there is no repetition + +From e7c5706336d851b39930c7315132f89b25e77d4d Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Thu, 21 Nov 2024 17:02:20 -0500 +Subject: [PATCH 3/5] Refactor download testing, simpler file descends + +This incorporates the work done by @williammartin to improve reasoning about `gh run download` behavior through testing while verifying a simpler solution to checking if a path is contained within a directory. + +From cdfc12caf52754ea4026d5338a56ad4e6f822105 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Fri, 22 Nov 2024 15:26:11 -0500 +Subject: [PATCH 4/5] Expand logic and tests to handle edge cases + +This commit expands filepathDescendsFrom(string, string) to handle edge cases such as mixing absolute and relative paths or artifact name edge cases. + +Additionally, tests for filepathDescendsFrom() and downloadrun() have been expanded to verify additional use cases. + +From 8720479b0bfc95450abb2ba88489f2893e4838a9 Mon Sep 17 00:00:00 2001 +From: Andy Feller +Date: Tue, 3 Dec 2024 13:33:00 -0500 +Subject: [PATCH 5/5] Consolidate logic for isolating artifacts + + +Modified patch 1136764c369aaf0cae4ec2ee09dc35d871076932 to apply to CBL-Mariner +Modified-by: Sandeep Karambelkar +--- + pkg/cmd/run/download/download.go | 37 +- + pkg/cmd/run/download/download_test.go | 613 ++++++++++++++++++++------ + pkg/cmd/run/download/zip.go | 24 +- + pkg/cmd/run/download/zip_test.go | 80 ++++ + 4 files changed, 622 insertions(+), 132 deletions(-) + mode change 100644 => 100755 pkg/cmd/run/download/download_test.go + + +diff --git a/pkg/cmd/run/download/download.go b/pkg/cmd/run/download/download.go +index 86e6127..454356e 100644 +--- a/pkg/cmd/run/download/download.go ++++ b/pkg/cmd/run/download/download.go +@@ -145,8 +145,10 @@ func runDownload(opts *DownloadOptions) error { + opts.IO.StartProgressIndicator() + defer opts.IO.StopProgressIndicator() + +- // track downloaded artifacts and avoid re-downloading any of the same name ++ // track downloaded artifacts and avoid re-downloading any of the same name, isolate if multiple artifacts + downloaded := set.NewStringSet() ++ isolateArtifacts := isolateArtifacts(wantNames, wantPatterns) ++ + for _, a := range artifacts { + if a.Expired { + continue +@@ -159,10 +161,16 @@ func runDownload(opts *DownloadOptions) error { + continue + } + } ++ + destDir := opts.DestinationDir +- if len(wantPatterns) != 0 || len(wantNames) != 1 { ++ if isolateArtifacts { + destDir = filepath.Join(destDir, a.Name) + } ++ ++ if !filepathDescendsFrom(destDir, opts.DestinationDir) { ++ return fmt.Errorf("error downloading %s: would result in path traversal", a.Name) ++ } ++ + err := opts.Platform.Download(a.DownloadURL, destDir) + if err != nil { + return fmt.Errorf("error downloading %s: %w", a.Name, err) +@@ -177,6 +185,25 @@ func runDownload(opts *DownloadOptions) error { + return nil + } + ++func isolateArtifacts(wantNames []string, wantPatterns []string) bool { ++ if len(wantPatterns) > 0 { ++ // Patterns can match multiple artifacts ++ return true ++ } ++ ++ if len(wantNames) == 0 { ++ // All artifacts wanted regardless what they are named ++ return true ++ } ++ ++ if len(wantNames) > 1 { ++ // Multiple, specific artifacts wanted ++ return true ++ } ++ ++ return false ++} ++ + func matchAnyName(names []string, name string) bool { + for _, n := range names { + if name == n { +diff --git a/pkg/cmd/run/download/download_test.go b/pkg/cmd/run/download/download_test.go +old mode 100644 +new mode 100755 +index 10c7bbe..0e21207 +--- a/pkg/cmd/run/download/download_test.go ++++ b/pkg/cmd/run/download/download_test.go +@@ -2,8 +2,10 @@ package download + + import ( + "bytes" ++ "errors" + "io" + "net/http" ++ "os" + "path/filepath" + "testing" + +@@ -142,146 +144,481 @@ func Test_NewCmdDownload(t *testing.T) { + } + } + ++type testArtifact struct { ++ artifact shared.Artifact ++ files []string ++} ++type fakePlatform struct { ++ runArtifacts map[string][]testArtifact ++} ++ ++func (f *fakePlatform) List(runID string) ([]shared.Artifact, error) { ++ var runIds []string ++ if runID != "" { ++ runIds = []string{runID} ++ } else { ++ for k := range f.runArtifacts { ++ runIds = append(runIds, k) ++ } ++ } ++ var artifacts []shared.Artifact ++ for _, id := range runIds { ++ for _, a := range f.runArtifacts[id] { ++ artifacts = append(artifacts, a.artifact) ++ } ++ } ++ return artifacts, nil ++} ++func (f *fakePlatform) Download(url string, dir string) error { ++ if err := os.MkdirAll(dir, 0755); err != nil { ++ return err ++ } ++ // Now to be consistent, we find the artifact with the provided URL. ++ // It's a bit janky to iterate the runs, to find the right artifact ++ // rather than keying directly to it, but it allows the setup of the ++ // fake platform to be declarative rather than imperative. ++ // Think fakePlatform { artifacts: ... } rather than fakePlatform.makeArtifactAvailable() ++ for _, testArtifacts := range f.runArtifacts { ++ for _, testArtifact := range testArtifacts { ++ if testArtifact.artifact.DownloadURL == url { ++ for _, file := range testArtifact.files { ++ path := filepath.Join(dir, file) ++ return os.WriteFile(path, []byte{}, 0600) ++ } ++ } ++ } ++ } ++ return errors.New("no artifact matches the provided URL") ++} ++ + func Test_runDownload(t *testing.T) { + tests := []struct { +- name string +- opts DownloadOptions +- mockAPI func(*mockPlatform) +- mockPrompt func(*mockPrompter) +- wantErr string ++ name string ++ opts DownloadOptions ++ platform *fakePlatform ++ promptStubs func(*mockPrompter) ++ expectedFiles []string ++ wantErr string + }{ + { +- name: "download non-expired", ++ name: "download non-expired to relative directory", + opts: DownloadOptions{ + RunID: "2345", + DestinationDir: "./tmp", +- Names: []string(nil), + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, +- }, +- { +- Name: "expired-artifact", +- DownloadURL: "http://download.com/expired.zip", +- Expired: true, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, +- }, +- }, nil) +- p.On("Download", "http://download.com/artifact1.zip", filepath.FromSlash("tmp/artifact-1")).Return(nil) +- p.On("Download", "http://download.com/artifact2.zip", filepath.FromSlash("tmp/artifact-2")).Return(nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-2", "artifact-2-file"), + }, + }, + { +- name: "no valid artifacts", ++ name: "download non-expired to absolute directory", + opts: DownloadOptions{ + RunID: "2345", +- DestinationDir: ".", +- Names: []string(nil), ++ DestinationDir: "/tmp", + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: true, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: true, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-2", "artifact-2-file"), ++ }, ++ }, ++ { ++ name: "all artifacts are expired", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- }, nil) ++ }, + }, +- wantErr: "no valid artifacts found to download", ++ expectedFiles: []string{}, ++ wantErr: "no valid artifacts found to download", + }, + { + name: "no name matches", + opts: DownloadOptions{ +- RunID: "2345", +- DestinationDir: ".", +- Names: []string{"artifact-3"}, +- }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ RunID: "2345", ++ Names: []string{"artifact-3"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "no artifact matches any of the names or patterns provided", ++ }, ++ { ++ name: "pattern matches", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ FilePatterns: []string{"artifact-*"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- }, nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-3", "artifact-3-file"), + }, +- wantErr: "no artifact matches any of the names or patterns provided", + }, + { + name: "no pattern matches", + opts: DownloadOptions{ +- RunID: "2345", +- DestinationDir: ".", +- FilePatterns: []string{"artifiction-*"}, +- }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "2345").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ RunID: "2345", ++ FilePatterns: []string{"artifiction-*"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "no artifact matches any of the names or patterns provided", ++ }, ++ { ++ name: "want specific single artifact", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ Names: []string{"non-artifact-2"}, ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- }, nil) ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("non-artifact-2-file"), + }, +- wantErr: "no artifact matches any of the names or patterns provided", + }, + { +- name: "prompt to select artifact", ++ name: "want specific multiple artifacts", + opts: DownloadOptions{ +- RunID: "", +- DoPrompt: true, +- DestinationDir: ".", +- Names: []string(nil), ++ RunID: "2345", ++ Names: []string{"artifact-1", "artifact-3"}, + }, +- mockAPI: func(p *mockPlatform) { +- p.On("List", "").Return([]shared.Artifact{ +- { +- Name: "artifact-1", +- DownloadURL: "http://download.com/artifact1.zip", +- Expired: false, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "non-artifact-2", ++ DownloadURL: "http://download.com/non-artifact-2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "non-artifact-2-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-3", ++ DownloadURL: "http://download.com/artifact3.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-3-file", ++ }, ++ }, + }, +- { +- Name: "expired-artifact", +- DownloadURL: "http://download.com/expired.zip", +- Expired: true, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ filepath.Join("artifact-3", "artifact-3-file"), ++ }, ++ }, ++ { ++ name: "avoid redownloading files of the same name", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.zip", +- Expired: false, ++ }, ++ }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-1", "artifact-1-file"), ++ }, ++ }, ++ { ++ name: "prompt to select artifact", ++ opts: DownloadOptions{ ++ RunID: "", ++ DoPrompt: true, ++ Names: []string(nil), ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-1", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-1-file", ++ }, ++ }, ++ { ++ artifact: shared.Artifact{ ++ Name: "expired-artifact", ++ DownloadURL: "http://download.com/expired.zip", ++ Expired: true, ++ }, ++ files: []string{ ++ "expired", ++ }, ++ }, + }, +- { +- Name: "artifact-2", +- DownloadURL: "http://download.com/artifact2.also.zip", +- Expired: false, ++ "6789": { ++ { ++ artifact: shared.Artifact{ ++ Name: "artifact-2", ++ DownloadURL: "http://download.com/artifact2.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "artifact-2-file", ++ }, ++ }, + }, +- }, nil) +- p.On("Download", "http://download.com/artifact2.zip", ".").Return(nil) ++ }, + }, +- mockPrompt: func(p *mockPrompter) { ++ promptStubs: func(p *mockPrompter) { + p.On("Prompt", "Select artifacts to download:", []string{"artifact-1", "artifact-2"}, mock.AnythingOfType("*[]string")). + Run(func(args mock.Arguments) { + result := args.Get(2).(*[]string) +@@ -289,15 +626,48 @@ func Test_runDownload(t *testing.T) { + }). + Return(nil) + }, ++ expectedFiles: []string{ ++ filepath.Join("artifact-2-file"), ++ }, ++ }, ++ { ++ name: "handling artifact name with path traversal exploit", ++ opts: DownloadOptions{ ++ RunID: "2345", ++ }, ++ platform: &fakePlatform{ ++ runArtifacts: map[string][]testArtifact{ ++ "2345": { ++ { ++ artifact: shared.Artifact{ ++ Name: "..", ++ DownloadURL: "http://download.com/artifact1.zip", ++ Expired: false, ++ }, ++ files: []string{ ++ "etc/passwd", ++ }, ++ }, ++ }, ++ }, ++ }, ++ expectedFiles: []string{}, ++ wantErr: "error downloading ..: would result in path traversal", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + opts := &tt.opts ++ if opts.DestinationDir == "" { ++ opts.DestinationDir = t.TempDir() ++ } else { ++ opts.DestinationDir = filepath.Join(t.TempDir(), opts.DestinationDir) ++ } ++ + ios, _, stdout, stderr := iostreams.Test() + opts.IO = ios +- opts.Platform = newMockPlatform(t, tt.mockAPI) +- opts.Prompter = newMockPrompter(t, tt.mockPrompt) ++ opts.Platform = tt.platform ++ opts.Prompter = newMockPrompter(t, tt.promptStubs) + + err := runDownload(opts) + if tt.wantErr != "" { +@@ -305,6 +675,13 @@ func Test_runDownload(t *testing.T) { + } else { + require.NoError(t, err) + } ++ // Check that the exact number of files exist ++ require.Equal(t, len(tt.expectedFiles), countFilesInDirRecursively(t, opts.DestinationDir)) ++ ++ // Then check that the exact files are correct ++ for _, name := range tt.expectedFiles { ++ require.FileExists(t, filepath.Join(opts.DestinationDir, name)) ++ } + + assert.Equal(t, "", stdout.String()) + assert.Equal(t, "", stderr.String()) +@@ -312,30 +689,18 @@ func Test_runDownload(t *testing.T) { + } + } + +-type mockPlatform struct { +- mock.Mock +-} +- +-func newMockPlatform(t *testing.T, config func(*mockPlatform)) *mockPlatform { +- m := &mockPlatform{} +- m.Test(t) +- t.Cleanup(func() { +- m.AssertExpectations(t) +- }) +- if config != nil { +- config(m) +- } +- return m +-} +- +-func (p *mockPlatform) List(runID string) ([]shared.Artifact, error) { +- args := p.Called(runID) +- return args.Get(0).([]shared.Artifact), args.Error(1) +-} ++func countFilesInDirRecursively(t *testing.T, dir string) int { ++ t.Helper() + +-func (p *mockPlatform) Download(url string, dir string) error { +- args := p.Called(url, dir) +- return args.Error(0) ++ count := 0 ++ require.NoError(t, filepath.Walk(dir, func(_ string, info os.FileInfo, err error) error { ++ require.NoError(t, err) ++ if !info.IsDir() { ++ count++ ++ } ++ return nil ++ })) ++ return count + } + + type mockPrompter struct { +diff --git a/pkg/cmd/run/download/zip.go b/pkg/cmd/run/download/zip.go +index bf56ea0..9f3f1eb 100644 +--- a/pkg/cmd/run/download/zip.go ++++ b/pkg/cmd/run/download/zip.go +@@ -64,13 +64,25 @@ func getPerm(m os.FileMode) os.FileMode { + } + + func filepathDescendsFrom(p, dir string) bool { ++ // Regardless of the logic below, `p` is never allowed to be current directory `.` or parent directory `..` ++ // however we check explicitly here before filepath.Rel() which doesn't cover all cases. + p = filepath.Clean(p) +- dir = filepath.Clean(dir) +- if dir == "." && !filepath.IsAbs(p) { +- return !strings.HasPrefix(p, ".."+string(filepath.Separator)) ++ ++ if p == "." || p == ".." { ++ return false + } +- if !strings.HasSuffix(dir, string(filepath.Separator)) { +- dir += string(filepath.Separator) ++ ++ // filepathDescendsFrom() takes advantage of filepath.Rel() to determine if `p` is descended from `dir`: ++ // ++ // 1. filepath.Rel() calculates a path to traversal from fictious `dir` to `p`. ++ // 2. filepath.Rel() errors in a handful of cases where absolute and relative paths are compared as well as certain traversal edge cases ++ // For more information, https://github.com/golang/go/blob/00709919d09904b17cfe3bfeb35521cbd3fb04f8/src/path/filepath/path_test.go#L1510-L1515 ++ // 3. If the path to traverse `dir` to `p` requires `..`, then we know it is not descend from / contained in `dir` ++ // ++ // As-is, this function requires the caller to ensure `p` and `dir` are either 1) both relative or 2) both absolute. ++ relativePath, err := filepath.Rel(dir, p) ++ if err != nil { ++ return false + } +- return strings.HasPrefix(p, dir) ++ return !strings.HasPrefix(relativePath, "..") + } +diff --git a/pkg/cmd/run/download/zip_test.go b/pkg/cmd/run/download/zip_test.go +index 97861b1..2497926 100644 +--- a/pkg/cmd/run/download/zip_test.go ++++ b/pkg/cmd/run/download/zip_test.go +@@ -137,6 +137,86 @@ func Test_filepathDescendsFrom(t *testing.T) { + }, + want: false, + }, ++ { ++ name: "deny parent directory filename (`..`) escaping absolute directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("/var/logs/"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping current directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping parent directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash(".."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny parent directory filename (`..`) escaping relative directory", ++ args: args{ ++ p: filepath.FromSlash(".."), ++ dir: filepath.FromSlash("relative-dir"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in absolute directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("/var/logs/"), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in current directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in parent directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash(".."), ++ }, ++ want: false, ++ }, ++ { ++ name: "deny current directory filename (`.`) in relative directory", ++ args: args{ ++ p: filepath.FromSlash("."), ++ dir: filepath.FromSlash("relative-dir"), ++ }, ++ want: false, ++ }, ++ { ++ name: "relative path, absolute dir", ++ args: args{ ++ p: filepath.FromSlash("whatever"), ++ dir: filepath.FromSlash("/a/b/c"), ++ }, ++ want: false, ++ }, ++ { ++ name: "absolute path, relative dir", ++ args: args{ ++ p: filepath.FromSlash("/a/b/c"), ++ dir: filepath.FromSlash("whatever"), ++ }, ++ want: false, ++ }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { diff --git a/SPECS/gh/gh.spec b/SPECS/gh/gh.spec index 33c33dacd02..b79934c272e 100644 --- a/SPECS/gh/gh.spec +++ b/SPECS/gh/gh.spec @@ -1,7 +1,7 @@ Summary: GitHub official command line tool Name: gh Version: 2.13.0 -Release: 22%{?dist} +Release: 23%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -31,6 +31,7 @@ Source1: %{name}-%{version}-vendor.tar.gz Patch0: fix-relative-time-search-tests.patch Patch1: CVE-2021-43565.patch Patch2: CVE-2022-32149.patch +Patch3: CVE-2024-54132.patch BuildRequires: golang BuildRequires: git @@ -47,6 +48,7 @@ GitHub official command line tool. tar --no-same-owner -xf %{SOURCE1} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build export GOPATH=%{our_gopath} @@ -77,6 +79,9 @@ make test %{_datadir}/zsh/site-functions/_gh %changelog +* Fri Dec 13 2024 Sandeep Karambelkar - 2.13.0-23 +- Patch CVE-2024-54132 + * Thu Sep 19 2024 Muhammad Falak R Wani - 2.13.0-22 - Patch CVE-2022-32149 From 14eade5e40b64c5eaeb5939d75c8a3ceff1e8b39 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:34:39 -0800 Subject: [PATCH 25/36] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for influxdb - branch main (#11656) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/influxdb/CVE-2024-24786.patch | 41 +++++++++++++++++++++++++++++ SPECS/influxdb/influxdb.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/influxdb/CVE-2024-24786.patch diff --git a/SPECS/influxdb/CVE-2024-24786.patch b/SPECS/influxdb/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/influxdb/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 695c0335d63..82a3858e772 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 17%{?dist} +Release: 18%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -57,6 +57,7 @@ Source5: config.yaml Source6: influxdb-user.conf Patch0: CVE-2024-6104.patch Patch1: CVE-2022-32149.patch +Patch2: CVE-2024-24786.patch BuildRequires: clang BuildRequires: golang <= 1.18.8 BuildRequires: kernel-headers @@ -146,6 +147,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 2.6.1-18 +- Patch for CVE-2024-24786 + * Tue Sep 17 2024 Sumedh Sharma - 2.6.1-17 - Add patch to resolve CVE-2022-32149 From e7894c7948797fd0e604a77a29764d82bd05b430 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:35:14 -0800 Subject: [PATCH 26/36] [AUTO-CHERRYPICK] Patch python3 for CVE-2024-6923 - branch main (#11657) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> --- SPECS/python3/CVE-2024-6923.patch | 325 ++++++++++++++++++ SPECS/python3/python3.spec | 7 +- .../manifests/package/pkggen_core_aarch64.txt | 8 +- .../manifests/package/pkggen_core_x86_64.txt | 8 +- .../manifests/package/toolchain_aarch64.txt | 18 +- .../manifests/package/toolchain_x86_64.txt | 18 +- 6 files changed, 357 insertions(+), 27 deletions(-) create mode 100644 SPECS/python3/CVE-2024-6923.patch diff --git a/SPECS/python3/CVE-2024-6923.patch b/SPECS/python3/CVE-2024-6923.patch new file mode 100644 index 00000000000..245dd3e6623 --- /dev/null +++ b/SPECS/python3/CVE-2024-6923.patch @@ -0,0 +1,325 @@ +From 181c44c7ff26b96a68afedb127eeb36adb745d50 Mon Sep 17 00:00:00 2001 +From: Kanishk-Bansal +Date: Thu, 28 Nov 2024 09:20:01 +0000 +Subject: [PATCH] Fix CVE patch for CVE-2024-6923 in fasttrack/2.0 + +--- + Doc/library/email.errors.rst | 6 +++ + Doc/library/email.policy.rst | 18 ++++++++ + Doc/whatsnew/3.9.rst | 12 ++++++ + Lib/email/_header_value_parser.py | 12 ++++-- + Lib/email/_policybase.py | 8 ++++ + Lib/email/errors.py | 4 ++ + Lib/email/generator.py | 13 +++++- + Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++++++++++ + Lib/test/test_email/test_policy.py | 26 +++++++++++ + 9 files changed, 157 insertions(+), 4 deletions(-) + +diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst +index f4b9f52..878c09b 100644 +--- a/Doc/library/email.errors.rst ++++ b/Doc/library/email.errors.rst +@@ -59,6 +59,12 @@ The following exception classes are defined in the :mod:`email.errors` module: + :class:`~email.mime.image.MIMEImage`). + + ++.. exception:: HeaderWriteError() ++ ++ Raised when an error occurs when the :mod:`~email.generator` outputs ++ headers. ++ ++ + Here is the list of the defects that the :class:`~email.parser.FeedParser` + can find while parsing messages. Note that the defects are added to the message + where the problem was found, so for example, if a message nested inside a +diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst +index bf53b95..57a75ce 100644 +--- a/Doc/library/email.policy.rst ++++ b/Doc/library/email.policy.rst +@@ -229,6 +229,24 @@ added matters. To illustrate:: + + .. versionadded:: 3.6 + ++ ++ .. attribute:: verify_generated_headers ++ ++ If ``True`` (the default), the generator will raise ++ :exc:`~email.errors.HeaderWriteError` instead of writing a header ++ that is improperly folded or delimited, such that it would ++ be parsed as multiple headers or joined with adjacent data. ++ Such headers can be generated by custom header classes or bugs ++ in the ``email`` module. ++ ++ As it's a security feature, this defaults to ``True`` even in the ++ :class:`~email.policy.Compat32` policy. ++ For backwards compatible, but unsafe, behavior, it must be set to ++ ``False`` explicitly. ++ ++ .. versionadded:: 3.9.20 ++ ++ + The following :class:`Policy` method is intended to be called by code using + the email library to create policy instances with custom settings: + +diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst +index 1756a37..eeda4e6 100644 +--- a/Doc/whatsnew/3.9.rst ++++ b/Doc/whatsnew/3.9.rst +@@ -1625,3 +1625,15 @@ ipaddress + + * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, + ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. ++ ++email ++----- ++ ++* Headers with embedded newlines are now quoted on output. ++ ++ The :mod:`~email.generator` will now refuse to serialize (write) headers ++ that are improperly folded or delimited, such that they would be parsed as ++ multiple headers or joined with adjacent data. ++ If you need to turn this safety feature off, ++ set :attr:`~email.policy.Policy.verify_generated_headers`. ++ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) +diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py +index 8a8fb8b..e394cfd 100644 +--- a/Lib/email/_header_value_parser.py ++++ b/Lib/email/_header_value_parser.py +@@ -92,6 +92,8 @@ TOKEN_ENDS = TSPECIALS | WSP + ASPECIALS = TSPECIALS | set("*'%") + ATTRIBUTE_ENDS = ASPECIALS | WSP + EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') ++NLSET = {'\n', '\r'} ++SPECIALSNL = SPECIALS | NLSET + + def quote_string(value): + return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' +@@ -2778,9 +2780,13 @@ def _refold_parse_tree(parse_tree, *, policy): + wrap_as_ew_blocked -= 1 + continue + tstr = str(part) +- if part.token_type == 'ptext' and set(tstr) & SPECIALS: +- # Encode if tstr contains special characters. +- want_encoding = True ++ if not want_encoding: ++ if part.token_type == 'ptext': ++ # Encode if tstr contains special characters. ++ want_encoding = not SPECIALSNL.isdisjoint(tstr) ++ else: ++ # Encode if tstr contains newlines. ++ want_encoding = not NLSET.isdisjoint(tstr) + try: + tstr.encode(encoding) + charset = encoding +diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py +index c9cbadd..d1f4821 100644 +--- a/Lib/email/_policybase.py ++++ b/Lib/email/_policybase.py +@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + message_factory -- the class to use to create new message objects. + If the value is None, the default is Message. + ++ verify_generated_headers ++ -- if true, the generator verifies that each header ++ they are properly folded, so that a parser won't ++ treat it as multiple headers, start-of-body, or ++ part of another header. ++ This is a check against custom Header & fold() ++ implementations. + """ + + raise_on_defect = False +@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + max_line_length = 78 + mangle_from_ = False + message_factory = None ++ verify_generated_headers = True + + def handle_defect(self, obj, defect): + """Based on policy, either raise defect or call register_defect. +diff --git a/Lib/email/errors.py b/Lib/email/errors.py +index d28a680..1a0d5c6 100644 +--- a/Lib/email/errors.py ++++ b/Lib/email/errors.py +@@ -29,6 +29,10 @@ class CharsetError(MessageError): + """An illegal charset was given.""" + + ++class HeaderWriteError(MessageError): ++ """Error while writing headers.""" ++ ++ + # These are parsing defects which the parser was able to work around. + class MessageDefect(ValueError): + """Base class for a message defect.""" +diff --git a/Lib/email/generator.py b/Lib/email/generator.py +index c9b1216..89224ae 100644 +--- a/Lib/email/generator.py ++++ b/Lib/email/generator.py +@@ -14,12 +14,14 @@ import random + from copy import deepcopy + from io import StringIO, BytesIO + from email.utils import _has_surrogates ++from email.errors import HeaderWriteError + + UNDERSCORE = '_' + NL = '\n' # XXX: no longer used by the code below. + + NLCRE = re.compile(r'\r\n|\r|\n') + fcre = re.compile(r'^From ', re.MULTILINE) ++NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') + + + +@@ -223,7 +225,16 @@ class Generator: + + def _write_headers(self, msg): + for h, v in msg.raw_items(): +- self.write(self.policy.fold(h, v)) ++ folded = self.policy.fold(h, v) ++ if self.policy.verify_generated_headers: ++ linesep = self.policy.linesep ++ if not folded.endswith(self.policy.linesep): ++ raise HeaderWriteError( ++ f'folded header does not end with {linesep!r}: {folded!r}') ++ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): ++ raise HeaderWriteError( ++ f'folded header contains newline: {folded!r}') ++ self.write(folded) + # A blank line always separates headers from body + self.write(self._NL) + +diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py +index 89e7ede..d29400f 100644 +--- a/Lib/test/test_email/test_generator.py ++++ b/Lib/test/test_email/test_generator.py +@@ -6,6 +6,7 @@ from email.message import EmailMessage + from email.generator import Generator, BytesGenerator + from email.headerregistry import Address + from email import policy ++import email.errors + from test.test_email import TestEmailBase, parameterize + + +@@ -216,6 +217,44 @@ class TestGeneratorBase: + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_keep_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ ++ def test_keep_long_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject ++ =?utf-8?q?=0A?=Bcc: ++ injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ + + class TestGenerator(TestGeneratorBase, TestEmailBase): + +@@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, TestEmailBase): + ioclass = io.StringIO + typ = str + ++ def test_verify_generated_headers(self): ++ """gh-121650: by default the generator prevents header injection""" ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ for text in ( ++ 'Value\r\nBad Injection\r\n', ++ 'NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=self.policy, ++ ) ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ with self.assertRaises(email.errors.HeaderWriteError): ++ message.as_string() ++ + + class TestBytesGenerator(TestGeneratorBase, TestEmailBase): + +diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py +index e87c275..ff1ddf7 100644 +--- a/Lib/test/test_email/test_policy.py ++++ b/Lib/test/test_email/test_policy.py +@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): + 'raise_on_defect': False, + 'mangle_from_': True, + 'message_factory': None, ++ 'verify_generated_headers': True, + } + # These default values are the ones set on email.policy.default. + # If any of these defaults change, the docs must be updated. +@@ -277,6 +278,31 @@ class PolicyAPITests(unittest.TestCase): + with self.assertRaises(email.errors.HeaderParseError): + policy.fold("Subject", subject) + ++ def test_verify_generated_headers(self): ++ """Turning protection off allows header injection""" ++ policy = email.policy.default.clone(verify_generated_headers=False) ++ for text in ( ++ 'Header: Value\r\nBad: Injection\r\n', ++ 'Header: NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = email.message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=policy, ++ ) ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ self.assertEqual( ++ message.as_string(), ++ f"{text}\nBody", ++ ) ++ + # XXX: Need subclassing tests. + # For adding subclassed objects, make sure the usual rules apply (subclass + # wins), but that the order still works (right overrides left). +-- +2.45.2 + diff --git a/SPECS/python3/python3.spec b/SPECS/python3/python3.spec index bb6a2d2c589..4f0652ee0ab 100644 --- a/SPECS/python3/python3.spec +++ b/SPECS/python3/python3.spec @@ -12,7 +12,7 @@ Summary: A high-level scripting language Name: python3 Version: 3.9.19 -Release: 7%{?dist} +Release: 8%{?dist} License: PSF Vendor: Microsoft Corporation Distribution: Mariner @@ -28,6 +28,7 @@ Patch4: CVE-2024-6232.patch Patch5: CVE-2024-8088.patch Patch6: CVE-2024-4032.patch Patch7: CVE-2024-11168.patch +Patch8: CVE-2024-6923.patch # Patch for setuptools, resolved in 65.5.1 Patch1000: CVE-2022-40897.patch Patch1001: CVE-2024-6345.patch @@ -173,6 +174,7 @@ The test package contains all regression tests for Python as well as the modules %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build # Remove GCC specs and build environment linker scripts @@ -328,6 +330,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__ %{_libdir}/python%{majmin}/test/* %changelog +* Thu Nov 28 2024 Kanishk Bansal - 3.9.19-8 +- Address CVE-2024-6923 + * Fri Nov 15 2024 Ankita Pareek - 3.9.19-7 - Address CVE-2024-11168 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 79f8bbc3d07..2f2790f20c0 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-19.cm2.noarch.rpm ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.aarch64.rpm unzip-6.0-21.cm2.aarch64.rpm -python3-3.9.19-7.cm2.aarch64.rpm -python3-devel-3.9.19-7.cm2.aarch64.rpm -python3-libs-3.9.19-7.cm2.aarch64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm +python3-3.9.19-8.cm2.aarch64.rpm +python3-devel-3.9.19-8.cm2.aarch64.rpm +python3-libs-3.9.19-8.cm2.aarch64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.aarch64.rpm libselinux-3.2-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 44da8087b55..dd9ea09d9a3 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -237,10 +237,10 @@ ca-certificates-base-2.0.0-19.cm2.noarch.rpm ca-certificates-2.0.0-19.cm2.noarch.rpm dwz-0.14-2.cm2.x86_64.rpm unzip-6.0-21.cm2.x86_64.rpm -python3-3.9.19-7.cm2.x86_64.rpm -python3-devel-3.9.19-7.cm2.x86_64.rpm -python3-libs-3.9.19-7.cm2.x86_64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm +python3-3.9.19-8.cm2.x86_64.rpm +python3-devel-3.9.19-8.cm2.x86_64.rpm +python3-libs-3.9.19-8.cm2.x86_64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.x86_64.rpm libselinux-3.2-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 7a6111d181c..bb8df4c1d3d 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -510,28 +510,28 @@ procps-ng-devel-3.3.17-2.cm2.aarch64.rpm procps-ng-lang-3.3.17-2.cm2.aarch64.rpm pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm python-markupsafe-debuginfo-2.1.0-1.cm2.aarch64.rpm -python3-3.9.19-7.cm2.aarch64.rpm +python3-3.9.19-8.cm2.aarch64.rpm python3-audit-3.0.6-8.cm2.aarch64.rpm python3-cracklib-2.9.7-5.cm2.aarch64.rpm -python3-curses-3.9.19-7.cm2.aarch64.rpm +python3-curses-3.9.19-8.cm2.aarch64.rpm python3-Cython-0.29.33-2.cm2.aarch64.rpm -python3-debuginfo-3.9.19-7.cm2.aarch64.rpm -python3-devel-3.9.19-7.cm2.aarch64.rpm +python3-debuginfo-3.9.19-8.cm2.aarch64.rpm +python3-devel-3.9.19-8.cm2.aarch64.rpm python3-gpg-1.16.0-2.cm2.aarch64.rpm python3-jinja2-3.0.3-4.cm2.noarch.rpm python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm -python3-libs-3.9.19-7.cm2.aarch64.rpm +python3-libs-3.9.19-8.cm2.aarch64.rpm python3-libxml2-2.10.4-4.cm2.aarch64.rpm python3-lxml-4.9.1-1.cm2.aarch64.rpm python3-magic-5.40-3.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.aarch64.rpm python3-newt-0.52.21-5.cm2.aarch64.rpm -python3-pip-3.9.19-7.cm2.noarch.rpm +python3-pip-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm python3-rpm-4.18.0-4.cm2.aarch64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm -python3-test-3.9.19-7.cm2.aarch64.rpm -python3-tools-3.9.19-7.cm2.aarch64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm +python3-test-3.9.19-8.cm2.aarch64.rpm +python3-tools-3.9.19-8.cm2.aarch64.rpm readline-8.1-1.cm2.aarch64.rpm readline-debuginfo-8.1-1.cm2.aarch64.rpm readline-devel-8.1-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 628ae406dca..33be00851be 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -516,28 +516,28 @@ procps-ng-devel-3.3.17-2.cm2.x86_64.rpm procps-ng-lang-3.3.17-2.cm2.x86_64.rpm pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm python-markupsafe-debuginfo-2.1.0-1.cm2.x86_64.rpm -python3-3.9.19-7.cm2.x86_64.rpm +python3-3.9.19-8.cm2.x86_64.rpm python3-audit-3.0.6-8.cm2.x86_64.rpm python3-cracklib-2.9.7-5.cm2.x86_64.rpm -python3-curses-3.9.19-7.cm2.x86_64.rpm +python3-curses-3.9.19-8.cm2.x86_64.rpm python3-Cython-0.29.33-2.cm2.x86_64.rpm -python3-debuginfo-3.9.19-7.cm2.x86_64.rpm -python3-devel-3.9.19-7.cm2.x86_64.rpm +python3-debuginfo-3.9.19-8.cm2.x86_64.rpm +python3-devel-3.9.19-8.cm2.x86_64.rpm python3-gpg-1.16.0-2.cm2.x86_64.rpm python3-jinja2-3.0.3-4.cm2.noarch.rpm python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm -python3-libs-3.9.19-7.cm2.x86_64.rpm +python3-libs-3.9.19-8.cm2.x86_64.rpm python3-libxml2-2.10.4-4.cm2.x86_64.rpm python3-lxml-4.9.1-1.cm2.x86_64.rpm python3-magic-5.40-3.cm2.noarch.rpm python3-markupsafe-2.1.0-1.cm2.x86_64.rpm python3-newt-0.52.21-5.cm2.x86_64.rpm -python3-pip-3.9.19-7.cm2.noarch.rpm +python3-pip-3.9.19-8.cm2.noarch.rpm python3-pygments-2.4.2-7.cm2.noarch.rpm python3-rpm-4.18.0-4.cm2.x86_64.rpm -python3-setuptools-3.9.19-7.cm2.noarch.rpm -python3-test-3.9.19-7.cm2.x86_64.rpm -python3-tools-3.9.19-7.cm2.x86_64.rpm +python3-setuptools-3.9.19-8.cm2.noarch.rpm +python3-test-3.9.19-8.cm2.x86_64.rpm +python3-tools-3.9.19-8.cm2.x86_64.rpm readline-8.1-1.cm2.x86_64.rpm readline-debuginfo-8.1-1.cm2.x86_64.rpm readline-devel-8.1-1.cm2.x86_64.rpm From 0fc49f2c05d3677a932559999c0367c0e7ea02df Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:37:00 -0800 Subject: [PATCH 27/36] [AUTOPATCHER-CORE] Upgrade iperf3 to 3.18 CVE-2024-53580 (#11653) --- SPECS/iperf3/iperf3.signatures.json | 8 ++++---- SPECS/iperf3/iperf3.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/SPECS/iperf3/iperf3.signatures.json b/SPECS/iperf3/iperf3.signatures.json index 41945ca1cf0..9b3d0c2df02 100644 --- a/SPECS/iperf3/iperf3.signatures.json +++ b/SPECS/iperf3/iperf3.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "iperf3-3.17.tar.gz": "0d88489d1730e1161b61ce9b4c5f0943eb31232a78c771566f03b38152aff4ba" - } -} \ No newline at end of file + "Signatures": { + "iperf3-3.18.tar.gz": "ef9ffabf16926701a11c9b7e95dccdf64ff304b7b20dcb6f28aed06b240b7e99" + } +} diff --git a/SPECS/iperf3/iperf3.spec b/SPECS/iperf3/iperf3.spec index c33dc2dd62b..51d31d29fd7 100644 --- a/SPECS/iperf3/iperf3.spec +++ b/SPECS/iperf3/iperf3.spec @@ -1,6 +1,6 @@ Summary: A network performance benchmark tool. Name: iperf3 -Version: 3.17 +Version: 3.18 Release: 1%{?dist} License: BSD and MIT and Public Domain Vendor: Microsoft Corporation @@ -66,6 +66,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/libiperf.3.gz %changelog +* Sun Dec 22 2024 CBL-Mariner Servicing Account - 3.18-1 +- Auto-upgrade to 3.18 - CVE-2024-53580 + * Thu May 16 2024 Muhammad Falak - 3.17-1 - Bump version to 3.17 to address CVE-2024-26306 diff --git a/cgmanifest.json b/cgmanifest.json index e78f5cdd7a8..422f809c609 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -7381,8 +7381,8 @@ "type": "other", "other": { "name": "iperf3", - "version": "3.17", - "downloadUrl": "https://github.com/esnet/iperf/archive/3.17.tar.gz" + "version": "3.18", + "downloadUrl": "https://github.com/esnet/iperf/archive/3.18.tar.gz" } } }, From 0fca031d7130e1c21e821895b7a6ea1408654073 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:37:27 -0800 Subject: [PATCH 28/36] [AUTO-CHERRYPICK] Fix CVE-2024-24786 for coredns - branch main (#11658) Co-authored-by: KavyaSree2610 <92566732+KavyaSree2610@users.noreply.github.com> --- SPECS/coredns/CVE-2024-24786.patch | 41 ++++++++++++++++++++++++++++++ SPECS/coredns/coredns.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 SPECS/coredns/CVE-2024-24786.patch diff --git a/SPECS/coredns/CVE-2024-24786.patch b/SPECS/coredns/CVE-2024-24786.patch new file mode 100644 index 00000000000..41a119b8f1d --- /dev/null +++ b/SPECS/coredns/CVE-2024-24786.patch @@ -0,0 +1,41 @@ +From 867d49d8c566b0f1284f8295ba1286d6c5e93edf Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Mon, 9 Dec 2024 17:03:26 +0530 +Subject: [PATCH] Modified patch + +--- + .../protobuf/encoding/protojson/well_known_types.go | 4 ++++ + .../protobuf/internal/encoding/json/decode.go | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +index c85f846..634ba41 100644 +--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go ++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go +@@ -348,6 +348,10 @@ func (d decoder) skipJSONValue() error { + } + } + } ++ case json.EOF: ++ // This can only happen if there's a bug in Decoder.Read. ++ // Avoid an infinite loop if this does happen. ++ return errors.New("unexpected EOF") + } + return nil + } +diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +index b13fd29..b2be4e8 100644 +--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go ++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go +@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) { + + case ObjectClose: + if len(d.openStack) == 0 || +- d.lastToken.kind == comma || ++ d.lastToken.kind&(Name|comma) != 0 || + d.openStack[len(d.openStack)-1] != ObjectOpen { + return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString()) + } +-- +2.34.1 + diff --git a/SPECS/coredns/coredns.spec b/SPECS/coredns/coredns.spec index 3108cb1d631..022cb6d4918 100644 --- a/SPECS/coredns/coredns.spec +++ b/SPECS/coredns/coredns.spec @@ -3,7 +3,7 @@ Summary: Fast and flexible DNS server Name: coredns Version: 1.11.1 -Release: 11%{?dist} +Release: 12%{?dist} License: Apache License 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,7 @@ Patch2: CVE-2023-49295.patch Patch3: CVE-2024-22189.patch Patch4: CVE-2023-45288.patch Patch5: CVE-2024-0874.patch +Patch6: CVE-2024-24786.patch BuildRequires: golang @@ -74,6 +75,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name} %{_bindir}/%{name} %changelog +* Mon Dec 09 2024 Kavya Sree Kaitepalli - 1.11.1-12 +- Patch for CVE-2024-24786 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.11.1-11 - Bump release to rebuild with go 1.22.7 From 4bd3983711c44f5add0d01c82f4a9d19a3995687 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:45:22 -0800 Subject: [PATCH 29/36] [AUTO-CHERRYPICK] moby-engine: patch CVE-2024-45337 - branch main (#11659) Co-authored-by: Andrew Phelps Co-authored-by: Pawel Winogrodzki --- SPECS/moby-engine/CVE-2024-45337.patch | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 SPECS/moby-engine/CVE-2024-45337.patch diff --git a/SPECS/moby-engine/CVE-2024-45337.patch b/SPECS/moby-engine/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/moby-engine/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the From 10486db194f99b38c0ccfcba252ed579d8e6cf62 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:46:26 -0800 Subject: [PATCH 30/36] [AUTO-CHERRYPICK] moby-compose: patch CVE-2024-45337 - branch main (#11660) Co-authored-by: Andrew Phelps --- SPECS/moby-compose/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++ SPECS/moby-compose/moby-compose.spec | 7 ++- 2 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 SPECS/moby-compose/CVE-2024-45337.patch diff --git a/SPECS/moby-compose/CVE-2024-45337.patch b/SPECS/moby-compose/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/moby-compose/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/moby-compose/moby-compose.spec b/SPECS/moby-compose/moby-compose.spec index 79cff0a0f13..56a7f71fa1a 100644 --- a/SPECS/moby-compose/moby-compose.spec +++ b/SPECS/moby-compose/moby-compose.spec @@ -1,7 +1,7 @@ Summary: Define and run multi-container applications with Docker Name: moby-compose Version: 2.17.3 -Release: 8%{?dist} +Release: 9%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -35,7 +35,7 @@ Patch7: CVE-2024-23650.patch # github.com/docker/distribution/catalog (for catalog.go) Patch8: CVE-2023-2253.patch Patch9: CVE-2024-36623.patch - +Patch10: CVE-2024-45337.patch # Leverage the `generate_source_tarball.sh` to create the vendor sources # NOTE: govendor-v1 format is for inplace CVE updates so that we do not have to overwrite in the blob-store. @@ -73,6 +73,9 @@ install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cl %{_libexecdir}/docker/cli-plugins/docker-compose %changelog +* Tue Dec 17 2024 Andrew Phelps - 2.17.3-9 +- Add patch for CVE-2024-45337 + * Tue Dec 10 2024 Sudipta Pandit - 2.17.3-8 - Fix CVE-2024-36623 with patch From 2241a97e4338a32247a1fd2ccd4838d1319fbed5 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:48:14 -0800 Subject: [PATCH 31/36] [AUTO-CHERRYPICK] patch rust to fix CVE-2024-43806 - branch main (#11662) Co-authored-by: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com> --- SPECS/rust/CVE-2024-43806.patch | 1596 +++++++++++++++++++++++++++++++ SPECS/rust/rust.spec | 6 +- 2 files changed, 1601 insertions(+), 1 deletion(-) create mode 100644 SPECS/rust/CVE-2024-43806.patch diff --git a/SPECS/rust/CVE-2024-43806.patch b/SPECS/rust/CVE-2024-43806.patch new file mode 100644 index 00000000000..2c49a83ca24 --- /dev/null +++ b/SPECS/rust/CVE-2024-43806.patch @@ -0,0 +1,1596 @@ +From c822bb4e0f93b377e53996f241aaa6cc9d1fb3e6 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 1/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.6 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.6/.cargo-checksum.json | 2 +- + .../rustix-0.37.6/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.6/.cargo-checksum.json b/vendor/rustix-0.37.6/.cargo-checksum.json +index 4145db8aa..28f295ddd 100644 +--- a/vendor/rustix-0.37.6/.cargo-checksum.json ++++ b/vendor/rustix-0.37.6/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"fa9a45195a5d4c17b332061c4d236dc6ab2799e19467612efb062ed21e94907e","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"9ea13f3871d03ae28f6abc9b1aa73667a3fd56063793a79545221cb2cbf1ad30","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"96482bacfeef73d7da7d370750e821ce2ed85d61ff47f8d98ac27dc8e54c0e0d","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"57e87b2d5ec31203b87137a787daee9bf8f133898d8eb5bb0716c81380d9ac7a","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"d54842a373968da54bdae73e10ccab7a8bc19c1bc75b6dca2bb70818c5b275ea","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"f0153ba1107267e58ee605fdbbeb80e5df56715d8e79c9d6536efe53608b729b","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"d396b665d23553f32d148331184df18dd84496979b9e257637881b31e2523a5d","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"a221853e71fca50cb6b0b066e3ee8f626cac1fce61fc297458e15bbc8fa1d835","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"d097081ed288dfe45699b72f5b5d648e5f15d64d900c7080273baa20c16a6849"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"fa9a45195a5d4c17b332061c4d236dc6ab2799e19467612efb062ed21e94907e","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"9ea13f3871d03ae28f6abc9b1aa73667a3fd56063793a79545221cb2cbf1ad30","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"4ff31e75f5df4890b668b21c1937ca5132828ecb92294d7b154c4683cc4ddc79","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"0d1ad473a6607eca1d92e3a35d10c9c672becb052857aa9fec5a8d3371e97a31","src/backend/libc/fs/types.rs":"8a79b8532009b23aaca78446a48322be092d1bf17e3868e8328853bad6ba2fb6","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"c85270ed0f7a6cb4258ff85611f86497c3e14ba1de1849b1203f8bcaa48202c7","src/backend/libc/io/types.rs":"fa3d65018b9feba2eef280f1ae739d85753742cdb602643d5920ff4c0f18bff7","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"55f0ce6df7aa93f359aec2131fb3f6946d1b086e7172c096501611d0662da907","src/backend/libc/net/syscalls.rs":"f40e55d8ef9acae7834ba1bc54ff02b08d3f57fe0694bb69b5124b24cbaf1a78","src/backend/libc/net/types.rs":"b7097d3c998eb0bcb31205f69ba1f73d4c2537e706eda6bd8548d564377070af","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"37056027c114fab9f4054803b95d2efbe3d1c663936def3498df0e671664697a","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"8d0a63f224cbbd5e8fe816350a6bc50553073b6b59e86a84f89a52112d5f8c70","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"026559db31e470a4409f45a0f2bab5a0941c39b458968c5f6fdf224b653e59a0","src/backend/libc/termios/types.rs":"57e87b2d5ec31203b87137a787daee9bf8f133898d8eb5bb0716c81380d9ac7a","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"1ed8de272c573cd9bf10d413be8b47029e3461fe39ee33168f4442cfbf2ae128","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"48e60ed847f1fe7bcf561d3dd04217589698b576649d17094da98bbfcb826e8a","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"d97b3657e828a40553677469887b1efab0544812ca592ef359a2d4230a0dd621","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cb66dbed604eefdafd8a8efd277ddad51bb5280c4e26ca0608176abcd6309a52","src/backend/linux_raw/conv.rs":"6731a2d06683575d7ce89eb83ef8a1993ce39125c30703ed8a4a69afc1e7559f","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"965ca4d97feeb0a4d4e90b62f820818c99bd5bb2acf1b85fd9f0b7ae30dd3439","src/backend/linux_raw/fs/inotify.rs":"11c058269bc96972ad7bdeaa3a938a8b51b4264d9f80d7dcf0518ac9314a261d","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"a244c59670d65442143b875cccc219bacd0739d35b7f2c1731b15d2c4bf2e900","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"ac32725b1686d42b02d18363c4c44a42ea8c6a20b2422c1fea8f8c39f633f7c4","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"42834cf8148abd02021115a61d57b23bb323dd8ad0d1b9a91d17fb8f7defab01","src/backend/linux_raw/net/syscalls.rs":"aedc536ac96d32bf6e15a9f02f3fe7a1bf48195e9af3afd0a0124636ece8f8b9","src/backend/linux_raw/net/types.rs":"c61b689d7f4b9b68d065935d70926d47b5ac7246b2fbe4f20d144a0c2f417fc2","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"a9c115ae09def33321f266ab3f85cf19fa72fc3b9f425aaa8c517b6da0bce04b","src/backend/linux_raw/process/types.rs":"fba10dc8ca9eaf4d481cb82bd1540cf5c05620533c44f917c09a22ea55ef408c","src/backend/linux_raw/process/wait.rs":"d6c37b9ebca16b447b0bc0d1be4b56486619618e8fc613d10ff9c0ccff13c7ac","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"e4476718035ff7520f9014aa0e99954ec741c0dd114ec50ff4900591ee067132","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"865d968a6d2903344982f94c69868031cd1fea582318659ca4c69a11d8a53e33","src/backend/linux_raw/vdso.rs":"3305a5f3c2846440161fa69dde3aafb9f36b361ae2ddae1d12cd54503b0657cf","src/backend/linux_raw/vdso_wrappers.rs":"b7e6b75bf25b0143ec471a7e0af3fd4f4125dcbc6d2c9c0957ec29c428d9d9c5","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"16798a8a24be20500bb56a01e05ca4eeccd6f3adb0b3a4bbf1a0369a8e546104","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"f0153ba1107267e58ee605fdbbeb80e5df56715d8e79c9d6536efe53608b729b","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"25296739f1063c0e2b4701ff9ce078949a58f62029f57a93cc415d2ded296100","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"3f1d809e81fe479a82a454a04ea1219a11969d75d0c8b9ddacb09c630a9af896","src/fs/mod.rs":"d396b665d23553f32d148331184df18dd84496979b9e257637881b31e2523a5d","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"d32627abded4cdafa083c579d6f4d9c42e41d2a82749a34e70225e55ff76d246","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"c7b56787aa0579cfcde230952d87b42256e8b6e85c2da68f78cf31f17ddf5514","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"c59bf90183625da1b1e87975739469440dcddc7b5b2b6ff3a6fd12b2d399a783","src/io/dup.rs":"92e2121d7fcef657a2bce546dafc9635f97c628c53bb971e8ee08255b77eea80","src/io/errno.rs":"733f8e9246a319db137740e8dca29d7b3c7474a715e066568b1dc82f0944f692","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"fe73d5593c011b6ac851e608e1776c4483924e19a9f82f5fc8759c498a4e483a","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"98f77d30ca4eebc16454c5307ca4afab2dfdb91b8e90e54d9300f79a2f1ac814","src/io/is_read_write.rs":"072b5ea6ddb2339fc6c7e90dfc5a0a5354d926d0f2ac4df06cadafe823425c47","src/io/kqueue.rs":"b92106e4b1cd2582f8fc37a1ec0dd0aa00b320c8f5b1b91cb487e3620485cbc3","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"8f8e3c3557edf13a1e4f05a8a9c2aa5e9ee97e393e02eacc8e8bf60e73e32047","src/io/poll.rs":"41dab55365df215739dcf71815bfc4c2344828d8056ab200564f75210dbc56bd","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"d7b21900416ca54b9bbe683257dd4da1857f56edc25dd78a954dbafed4914ab9","src/io/read_write.rs":"263818a606de191320524972f7c9c22b6f79ddc59c5b0a443b4b726853b00b9f","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"6462b94d1ccd8cff38c6fb6b04199fa9decca91aca63287b0136539d73107bd5","src/io_uring.rs":"26048678d3862cee58bb75e43ad2dc8cae0b9bc79adcd8913cda1fa42af77efd","src/lib.rs":"a221853e71fca50cb6b0b066e3ee8f626cac1fce61fc297458e15bbc8fa1d835","src/mm/madvise.rs":"cdc61b39d8abeea184575ca21e14483c335ce373a86007439fad6e72f58e4e24","src/mm/mmap.rs":"ac25cf39d215c93b539f20a60b107ea15dc8a0faa8d25e0de05d1415e698c742","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"a7f61abe4cb5e96f95ae8229c62b9ecc08382080ed99d76278be7001cfcf82f2","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"f1fb0b9be750b1949b54054b3195904123cfb96f2ee0ebcedef86fc7175c63e9","src/net/socket.rs":"c510a2b619b8c91c9ee15b1a9b29d6fe89a97e83143a38bea017af7522b7e8b9","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"b005b019f8ae0f022fd0e730dafb258606f1f537e4448078175fc192d002dc81","src/net/sockopt.rs":"dde47b9d5d6de9749bdddb1498920f2f592582b11b508389bf78d0d5f0c4af00","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"eb45cea7b5b21af36fef130cc02cbbf7fcceb965815b66c95c46979e0cbe2875","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"79f6c0dd45dca0a2bea919ac920c4a56cea23608a345961e4d027aee6624783c","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"7f4f2870eddcb19829b29ba139492d0f8b5006a42047f4e733e105b82afaef8b","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"4d48638f4d39a20aa073798778f431bbb944ed184777960ef1f80bebbc7fc72b","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"2f8716a58594df9c8cfd5a712d68f7dc9b3131fefdf80e868a4360336954e2e5","src/rand/getrandom.rs":"7ad1be6a5b0dc25030bb2434bdc00f3a0c410b7ebc24c136b9839410bf6c5a97","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"7c60353f240f1bda8b0fbfb7c570b7577cc5076a0d2f74083d8d878a2d69bf2d","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"708ee7701a0811586717de147365ed2f496e1aad3fd6208fe08edacc63a40c78","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"32d9b6c8854547ba5d509af39e3f690588d761f254875a8054827aa815750b3c","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"fcaa5a68d31d1cb1cee20c9ffc2c223f16036810b45234da97716d7f0e34f773","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"d097081ed288dfe45699b72f5b5d648e5f15d64d900c7080273baa20c16a6849"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs +index d1c901323..3339b7df3 100644 +--- a/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.6/src/backend/libc/fs/dir.rs +@@ -34,8 +34,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -47,20 +52,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -72,13 +92,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -86,6 +112,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -111,7 +138,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -124,21 +151,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -275,7 +302,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -291,7 +318,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -403,3 +430,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs +index cfa347d03..54157ade2 100644 +--- a/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.6/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -223,3 +262,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 72384f57ef96af040cf2bd972006ea72d5cffcd1 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 2/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.11 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.11/.cargo-checksum.json | 2 +- + .../rustix-0.37.11/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.11/.cargo-checksum.json b/vendor/rustix-0.37.11/.cargo-checksum.json +index afbb8d7e6..b365e8741 100644 +--- a/vendor/rustix-0.37.11/.cargo-checksum.json ++++ b/vendor/rustix-0.37.11/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"29b18a4f7352368f84504a2ef6cfab7f5bf65ab9644f33bd2944041aec2acc01","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"643cd9fb407cfd540d2837b9de15db6c27e1f465a33f8117bf66c27868843600","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"46a155f7f5564126e8323db67df9d10b864cb60c631ca6ed4ae2724e929e5955","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"1036d1bb293595c7cd5eb56154b475c2496b05facc0e203b9c9d44d44d1f4544","src/backend/libc/fs/types.rs":"5ecdd9586fbae8b3a450494f8e4ed8634efd6c00d98c987176c5b67e799c7744","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"51d213ce5020932bcdc73c5d9ef4d06f2cbf81fcc5b4d9675e22f6d2712b225d","src/backend/libc/io/types.rs":"51caa5760ffa083cae00c5075f8048c048735cf68dc9d02b3fa84689521f2f1a","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"0f3fcf42ebea8c97f7f4f2c7205f309c39fc12aef74d63e3b41a6faad9334398","src/backend/libc/net/types.rs":"53912a831c475805f9a4fb43801eacf2e97fd68e34b00c2499cd7af472732442","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"19ce9b0c25646b18817b9324b4e930915370d13fb14a5d950b59910dd8e41d59","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"d2ac693959d660231edaa3a062290fc98fe7b50b33d717fc631b164d647d74fb","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"bbc30adb93e82660b32d6cdba3c3e03109ab6d2aa9c270d96ec4c661f03ff29a","src/backend/libc/termios/types.rs":"6d174f580d76d75de15732c059ac0091b1e0025cc78c05dcada2490f84d79a2f","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"72b56e7fd3efc536b196cd8276f6ffb8eb7ff9cf9b9d77cb045f1a9abb8d564b","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cbd69a9ae3f09cebbc69c93d87f9feef58e54508df8f2a9bda3b5f839dc13329","src/backend/linux_raw/conv.rs":"e8377325ea585d07514f49806420be22783d3aa91b786dd413f530a695d4ccd0","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"d54842a373968da54bdae73e10ccab7a8bc19c1bc75b6dca2bb70818c5b275ea","src/backend/linux_raw/fs/inotify.rs":"ecb0810843db7b0a0e31212fc5bc233dda17c97118fa002bcd85bc3bf29235d8","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"794bcddf8dc4916a58c431a0249b1325ad9ad8eea3ea8029d61f7a4cbbdabe7c","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"7fbc67fae5d94619b71f82717f9befbb5487f04ed880a5d2eeca5d4d2eabd31b","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"86a9f95ac682d54b21b5a0046e121fee3d992fbccff59022ff6f11afaed5233e","src/backend/linux_raw/net/types.rs":"99a159842ba27d990f293d3d78cc4e395e3e28ab90466d210e5e8f98223d1ba8","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"76bcdb88d34b186688dc0bddf70d9b7edc79d7a3c53b0b45f31871b19f96c4bf","src/backend/linux_raw/process/types.rs":"2559117d77e9957cec6c49d9d859c4dfff84e09ed85bb182cd9844de5569078a","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"34bdeadafff8feda511d41ecf560ea78dfcf496bbce4712bf676969639bf76ae","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"393dabe7d49740487dc8b16d94f0e3b73f34075a0eec29aff3ab06963b77944c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"b8d5a29c3ebd7fc86daa72107a1b3268e3aa92aacf2d6e29d3c3c28910164594","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"775c6c52786be92047cf2f71de07e99d929bec4de5e1a02a19d8eebb8e2cdd72","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"397ae231c40ecee90e936bd9578152655bdd4852250830ac380798bd143760c0","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a960b0d359197eec7811428493f722c295ac7eb360a8d5cecb48849f0c365d22","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"9278cbb98645e68e97678b2bc73e69a80b594696584574dc83a11f3fa0a343ed","src/io/is_read_write.rs":"e8f7002ce5133af213b161546c67a8b52a9f1abbd22dd94c12bc20874769b15f","src/io/kqueue.rs":"286fd3c2d3d2879ba1a7a0fe357202abe71ac9c108ecdca7fae83009786107ab","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"fb8f5aad03b9899246f95b4220843ca7fe5551663034a64700ae5e40b493c888","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"0821281f09812960a17851a59981bf0ee4c62e33dd1572f795ad433bec992642","src/io/read_write.rs":"f81b54644cb52d59e34cefebd11c0c4fa5931fc86cca952cd52a396bd7a40973","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"0f761d5d103e95f3ca464c89079cd1a007761a23d21595b3090783fc9e655549","src/io_uring.rs":"5d1d74336a096e663b2b0b170427780b4b52d13afa5e95a0c4cb6cdbc4b4ea4a","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"35f9133f3d42c321bada86c2304c7ee0046d6dc740ff484b9f6609b7564b03fa","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"c65b268e5983ca7e356685f64a394e50d5f60815099185dab13980ec046d44ca","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"060a862fc0ad836cef2799b71977b62dbdeb8bee2d46d741cb676426e32bc541","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"68979fff96dd627f98de0baf3091413b83c0c83791e3a5a1153b83d6204248d7","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"e48791471ca608c1e2f8d7a1431246e9fd320d201e9d073b8ce5ab4228a74bd7","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"5316c9e486eee4331168d9640abef4a41e378408b24aa10d05f747e2d3538647","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"db191eb594596fca37a8779222d656c0dfd95f74e4c075be5df808c755aaea31","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"c2948b15c957b19279321e827c5971f7672f62bd8cf3709e41b58705f8f8f076","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"405dabb5376f97b08427e5c1a51b7b0863ad12e462e2590439c1bfef51b65473","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"29b18a4f7352368f84504a2ef6cfab7f5bf65ab9644f33bd2944041aec2acc01","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"158b3959b00e6c1536a767014c0e916a6a063a5b36d693e9e3c93aac901ccd55","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"643cd9fb407cfd540d2837b9de15db6c27e1f465a33f8117bf66c27868843600","src/backend/libc/c.rs":"e91631918772a752429b53fb7674f288e27af0d133a583bd9d50af7af7802328","src/backend/libc/conv.rs":"a94f5937ad41d7c13e4554481ea1d8ac10c2954b22e55ca0ccd93dedaeb6f1d6","src/backend/libc/fs/dir.rs":"152c43961cef07cc77dcd77a9fc69b6252702089b7e0ef07e664e370bec05da1","src/backend/libc/fs/inotify.rs":"4a1a3c0504982d2743a9c83e4cea3ec81ba0777d574ddf8ce76af67f29d0b9a4","src/backend/libc/fs/makedev.rs":"06513503ffdd35276eb7c3aed437c2362c32dd224d8c06df589bce28ad2e68b4","src/backend/libc/fs/mod.rs":"d8765bfbbd3c0f02c278a7bfef547607c7085ae14704824cc2fe7eaa64430e8c","src/backend/libc/fs/syscalls.rs":"1036d1bb293595c7cd5eb56154b475c2496b05facc0e203b9c9d44d44d1f4544","src/backend/libc/fs/types.rs":"5ecdd9586fbae8b3a450494f8e4ed8634efd6c00d98c987176c5b67e799c7744","src/backend/libc/io/epoll.rs":"0e95f0c887938ca2014492f26d282f756c9f2d4111e58b516830cb98bd8d3b1b","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"a76e0071a887a6bdb1a3edc4887f91889d4beab1426e73417958257467f3c602","src/backend/libc/io/poll_fd.rs":"5ce78059ec307ec6ffbe02f2beb15f889bf652f0258f4531931062d507a3389e","src/backend/libc/io/syscalls.rs":"51d213ce5020932bcdc73c5d9ef4d06f2cbf81fcc5b4d9675e22f6d2712b225d","src/backend/libc/io/types.rs":"51caa5760ffa083cae00c5075f8048c048735cf68dc9d02b3fa84689521f2f1a","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"5141375b2b678c66a165de74a54e01bdb5efae8a81a38891f00da7206e686927","src/backend/libc/mm/types.rs":"bdadba2113f2a88a2b856497d411aa18eb0c7086361f72c2853ea8b09b006841","src/backend/libc/mod.rs":"8aad42f4cc53bfe9952101a314cd89d8c8600c523d699a43de8f64f48f3e4caf","src/backend/libc/net/addr.rs":"93b3f86d737c1c643663acf9f335e822cad5574067f63bda3c58af918dd1e57b","src/backend/libc/net/ext.rs":"99e1b5023b152ab278b281e26006e4ed6916d303f5d9a24d94f02a2195a25243","src/backend/libc/net/mod.rs":"772c788c60141e41044b59c4812c4208f52838da1effe1d476ab1d99304d9f9d","src/backend/libc/net/read_sockaddr.rs":"d7a98c80d2e7b47663db596a7f65980b21983c514eff54b1a8323e14164fe40d","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"0f3fcf42ebea8c97f7f4f2c7205f309c39fc12aef74d63e3b41a6faad9334398","src/backend/libc/net/types.rs":"53912a831c475805f9a4fb43801eacf2e97fd68e34b00c2499cd7af472732442","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"19ce9b0c25646b18817b9324b4e930915370d13fb14a5d950b59910dd8e41d59","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"88ba2fc71dea5b8ae3b1bb3d8e64f7b7aa08882d198695e5f95d5478b6e73e75","src/backend/libc/process/mod.rs":"45a9979d6bc7c669ffe212c55ffbf6ea8f4bdb9a711c894b9e93b52a05e611d7","src/backend/libc/process/syscalls.rs":"d2ac693959d660231edaa3a062290fc98fe7b50b33d717fc631b164d647d74fb","src/backend/libc/process/types.rs":"58f8eb2d4cda05924e97145006ac16793307182f3c1ffb5484fd4546513e863a","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"21aa7aab15de5ff8e9c50c2c2a4d49cc309be3e97feeb17f875a0a9dc6b5cf44","src/backend/libc/rand/types.rs":"85f72babe82857d4e47067ddc11525ab290208050fb8f5e5190975c0fdda9b7c","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"bbc30adb93e82660b32d6cdba3c3e03109ab6d2aa9c270d96ec4c661f03ff29a","src/backend/libc/termios/types.rs":"6d174f580d76d75de15732c059ac0091b1e0025cc78c05dcada2490f84d79a2f","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"b016611a1e2fb6af073c485b0a9efa992067b4d2dd6d213d77a731d5108d574f","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"a6668a9005da2e15671d4c917973bc68ef611998c0a584a53343fd5aeadade63","src/backend/libc/time/types.rs":"72b56e7fd3efc536b196cd8276f6ffb8eb7ff9cf9b9d77cb045f1a9abb8d564b","src/backend/libc/weak.rs":"cb7dfb5c2ad37d7a5be6a2aa99a28969559493ca5b649753484e0b1fd978e410","src/backend/libc/winsock_c.rs":"addce03c242c70d10411fb9728c743bdc3b635107bd58aabbb360f2379127064","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"459cca47f3300418de9945858ba42009e66e4be3c8da268481f30ae4e815b3db","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"2f2e26f5742c302bb44f367ad265de573d89494eae0789fa44b5a39248e354e3","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"b14f87994e526c3f5976487223183b284ffa70e3b4322cece3917033635573a2","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"a9200542c6de647e31ba2cf3649490a50904ae66716c1b6c50ac123fac83f68e","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"e265e8fa0b9785a9f2779d6ba70ce982b954b802862b0026dc70fd79b12968bb","src/backend/linux_raw/arch/outline/mips64.s":"c79de202f0eb00e2d9cf1fce2b9a2cabfe4ff2f5cc1476bcfd6c3d139570d447","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"c9254760fa993e88662c5e1e8911d994f29e203b37a0fc9b550be193125f5031","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"224f9ac5196833491bee67fd287a53b7e88111731e2eaaa3ebefba31faea373b","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"cbd69a9ae3f09cebbc69c93d87f9feef58e54508df8f2a9bda3b5f839dc13329","src/backend/linux_raw/conv.rs":"e8377325ea585d07514f49806420be22783d3aa91b786dd413f530a695d4ccd0","src/backend/linux_raw/elf.rs":"a257fbc3f22e4970605cf72a3b301dc2eaee2f5f1b3b0ea434fa192db3c3164e","src/backend/linux_raw/fs/dir.rs":"965ca4d97feeb0a4d4e90b62f820818c99bd5bb2acf1b85fd9f0b7ae30dd3439","src/backend/linux_raw/fs/inotify.rs":"ecb0810843db7b0a0e31212fc5bc233dda17c97118fa002bcd85bc3bf29235d8","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"6900d438f535e586ae8e396aeb52426e1040e4397c942546edada6ff0c121b54","src/backend/linux_raw/fs/types.rs":"794bcddf8dc4916a58c431a0249b1325ad9ad8eea3ea8029d61f7a4cbbdabe7c","src/backend/linux_raw/io/epoll.rs":"75de5fe04ed8f85a345ae5b54dc6106268bc05817a4e4abe9cf0bca08e2b1fb3","src/backend/linux_raw/io/errno.rs":"7fbc67fae5d94619b71f82717f9befbb5487f04ed880a5d2eeca5d4d2eabd31b","src/backend/linux_raw/io/io_slice.rs":"5ba992f3fe701184841006588b35f2452156b73e3bef9e07460e4b1f61ac889f","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"31bc1a2d74d574923b50aaed3d0d10c2892e7bf6ebf0ccc9bebb42be96b460a0","src/backend/linux_raw/io/types.rs":"11a677499b6b0491f4088f9f87574fe40134bce8042eac0f207b7df905a1f47e","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"a5d0ea04a85df5e196d68a8524c4325963c7b2ded3d7d48713c8e855273b60d4","src/backend/linux_raw/mod.rs":"87423ad0e8280081a548e8182139d9e5960258d469951516ca4e8029953daeee","src/backend/linux_raw/net/addr.rs":"9c2b4bc0836618f4b7d997892e5b3980e454bba72fe4d82205d7553ba74ec228","src/backend/linux_raw/net/mod.rs":"4ffd3f6f9cad722e4c29b9bad4912a69f521d737b9e637599a1c60436651d4ae","src/backend/linux_raw/net/read_sockaddr.rs":"0357ae643c384b08578aa0b148ac9b236953da9b36b2e387a40d5b87ae9eccef","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"86a9f95ac682d54b21b5a0046e121fee3d992fbccff59022ff6f11afaed5233e","src/backend/linux_raw/net/types.rs":"99a159842ba27d990f293d3d78cc4e395e3e28ab90466d210e5e8f98223d1ba8","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"9ed73ebd83dd9001dfdecd19b813c6845dad142f79de286993eb520acc7016bc","src/backend/linux_raw/param/libc_auxv.rs":"79fd1b7452f87382fb3a9c8fa892c5adbcc24d3b505bd9ea73e17d37494e749a","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"76bcdb88d34b186688dc0bddf70d9b7edc79d7a3c53b0b45f31871b19f96c4bf","src/backend/linux_raw/process/types.rs":"2559117d77e9957cec6c49d9d859c4dfff84e09ed85bb182cd9844de5569078a","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"f9ab26b045150894b98c741f9e80ac2734bf7598f5cf166ab080938febe7af20","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"6488160051a991e6d385abbf8a08ccd6498acf525906d512b3f89bf3a33fca6a","src/backend/linux_raw/runtime/tls.rs":"2913858a8fe4696f9c3f9a4921f776258a6d1c54b471f813471d57db23fd22ee","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"e4ca5be060c52538b97df3781d84e2eb4d8241a7f647b2874412bc0fe6061efa","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"936e0a02027b8f252538781eea7fb9f35bfd23bdd50a1f099172dac2da7d3fde","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"777d22d6e3ab7c5fe1d5921a91644543173bb4f783fd308b5886fca68500f98c","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"34bdeadafff8feda511d41ecf560ea78dfcf496bbce4712bf676969639bf76ae","src/backend/linux_raw/weak.rs":"72ddca9849461a725e5ccd6e2190c12fb9e296c8b8a47533acb9c8cd4f9a2b07","src/const_assert.rs":"ff08ab91f11f2ad29883096f4468bd9a65060d5a9e6681e9282bb081f8bdac27","src/cstr.rs":"976027b6c5cf2c82e369ab7ad9e97fa79d7823ded929c1816f37f97134e51fec","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"035238b63a31aa32cfc7e9ff6bb577e7075dfbeb97d22e67430b7a2bf5432e22","src/fs/constants.rs":"9e2f596d004563c4811f43a082d91ac3a8703f281a00f0b263cecbaa68aa0f7e","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"43e191732d72a9513f4fbecfee8cbe45b0b1ed0d0097398681a03a8fe2596495","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"393dabe7d49740487dc8b16d94f0e3b73f34075a0eec29aff3ab06963b77944c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"a56b9fa872e5fbf0f358ca14625b050077f45e8e265ba0c8eaeea22c421e0f92","src/fs/memfd_create.rs":"b8d5a29c3ebd7fc86daa72107a1b3268e3aa92aacf2d6e29d3c3c28910164594","src/fs/mod.rs":"6b3d85bf61915b56328beeba35e720453f9825c4e40caa9ab46290e18e3dbf75","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"775c6c52786be92047cf2f71de07e99d929bec4de5e1a02a19d8eebb8e2cdd72","src/fs/sendfile.rs":"ac053f03608656bb675228ba61079b774498c0233d17e5816ac72538bb12b70e","src/fs/statx.rs":"397ae231c40ecee90e936bd9578152655bdd4852250830ac380798bd143760c0","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"a960b0d359197eec7811428493f722c295ac7eb360a8d5cecb48849f0c365d22","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"163aebe29b5a0e21dd9d121d39c71e82bc6569a4bb658026cfef8ee61809066b","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"9278cbb98645e68e97678b2bc73e69a80b594696584574dc83a11f3fa0a343ed","src/io/is_read_write.rs":"e8f7002ce5133af213b161546c67a8b52a9f1abbd22dd94c12bc20874769b15f","src/io/kqueue.rs":"286fd3c2d3d2879ba1a7a0fe357202abe71ac9c108ecdca7fae83009786107ab","src/io/mod.rs":"646b358718353d7380718a09e87312abfce4d1d48accf6b42c941617f60ca5eb","src/io/pipe.rs":"fb8f5aad03b9899246f95b4220843ca7fe5551663034a64700ae5e40b493c888","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"0821281f09812960a17851a59981bf0ee4c62e33dd1572f795ad433bec992642","src/io/read_write.rs":"f81b54644cb52d59e34cefebd11c0c4fa5931fc86cca952cd52a396bd7a40973","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"0f761d5d103e95f3ca464c89079cd1a007761a23d21595b3090783fc9e655549","src/io_uring.rs":"5d1d74336a096e663b2b0b170427780b4b52d13afa5e95a0c4cb6cdbc4b4ea4a","src/lib.rs":"9c86a382f02e2c67a54a82c1ed849aadcc4ac19cd70883b7343b9fb036e1602f","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"35f9133f3d42c321bada86c2304c7ee0046d6dc740ff484b9f6609b7564b03fa","src/mm/mod.rs":"1a46082151c2ef319667078923df74b01d4a94d25d3777083775179bda8bf3bf","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"03e600b3890f94e06f10120ca8dc9251920eec4aabe7d983d24e800faa079aa7","src/net/send_recv.rs":"c65b268e5983ca7e356685f64a394e50d5f60815099185dab13980ec046d44ca","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"060a862fc0ad836cef2799b71977b62dbdeb8bee2d46d741cb676426e32bc541","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"68979fff96dd627f98de0baf3091413b83c0c83791e3a5a1153b83d6204248d7","src/path/dec_int.rs":"a512618714fc3309253f65de605121c2aa056a780f9ab1de55f5a86469895295","src/path/mod.rs":"513fea21b1ba0226c3c5da769ded06a7cd7abe9f49cec9d165bc62a15da126a8","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"f04877bfd49fb8eda89e12ca44f271dfe92c1661f97b304c2dd234671cfbaabc","src/process/kill.rs":"e4b4dcc7e5b2a1e3e68ce03ce9a5dde43108dae4ddbc443488c464194738d06f","src/process/membarrier.rs":"19f42cb66f211e8b23f4586bf29fdfa29c29e4e9169a06f3cc7b54aad4ef94e6","src/process/mod.rs":"17abc24217e8b48d623d02b1a2955e6b62aab496362ba312122caf90500576a1","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"e48791471ca608c1e2f8d7a1431246e9fd320d201e9d073b8ce5ab4228a74bd7","src/process/priority.rs":"ddfdeda52acbca8566dd3517f167f7e29e3daa7e71c3ebae4183f8cf4f309b0a","src/process/procctl.rs":"5316c9e486eee4331168d9640abef4a41e378408b24aa10d05f747e2d3538647","src/process/rlimit.rs":"97c1e41533c74b5b71e471d1ed0a83a847b804da9e53be76c50f0187ac5d3eec","src/process/sched.rs":"ea8b20942ef09dbcd7a54d8218435129dfece427e4960055bcdf81c997e80f5f","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"f664e46dc6990a550d5ead5e394bfd90767bcb875c53722a5fb92823e15d8882","src/process/uname.rs":"3bcc278449d6b83aa8747bfde85d696293c50a3fa60d88c4a5570b38ef8af25b","src/process/wait.rs":"db191eb594596fca37a8779222d656c0dfd95f74e4c075be5df808c755aaea31","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"bd6839924ebfb7092f27f2ad42323768f39f76df157e7b8aa42f5bc17f700c9c","src/runtime.rs":"c2948b15c957b19279321e827c5971f7672f62bd8cf3709e41b58705f8f8f076","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"ae5d8799123747950c7f20ca3abaa3ec1918462ed95d1e78d07bcb491aedcccf","src/termios/tty.rs":"409ddcc795ed1e644d302cdcfdffff8713657bf8777548e628f0b1149acb18af","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"43a05e127ae57ecd8b93752571d1cac3359bebe265c964f1825eefe1cee25a42","src/thread/mod.rs":"a3839e32f920fa4be0812f6d40b677968cb3d9e99aa0af65c87ceb8ce015fdc9","src/thread/prctl.rs":"405dabb5376f97b08427e5c1a51b7b0863ad12e462e2590439c1bfef51b65473","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"b8b7c5d2bdba60a69e8a557ce7017e4251a41f5633aec928da059c49bc080cfa","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"6ed86e62ac05d6279b664a97fd62878a4c1811ab66a1a2920b169eb74c0c1fcd"},"package":"85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs +index b6eb32580..e206a97de 100644 +--- a/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.11/src/backend/libc/fs/dir.rs +@@ -30,8 +30,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -43,20 +48,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -68,13 +88,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -82,6 +108,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -115,7 +142,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -128,21 +155,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -155,7 +182,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -171,7 +198,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -283,3 +310,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs +index cfa347d03..54157ade2 100644 +--- a/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.11/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -223,3 +262,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 66b256ac494412d7972418ffa3f2dc3a50c28723 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 3/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix-0.37.20 + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix-0.37.20/.cargo-checksum.json | 2 +- + .../rustix-0.37.20/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + .../src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix-0.37.20/.cargo-checksum.json b/vendor/rustix-0.37.20/.cargo-checksum.json +index f1c5a6c0d..51276b08c 100644 +--- a/vendor/rustix-0.37.20/.cargo-checksum.json ++++ b/vendor/rustix-0.37.20/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"357f256f801f57bbe17b4f5cff7ce9b3c42cc1605bf7c088efb9b546033628e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"99c383b949ab63bae97fa0f4629d2205fdbaada50f5b648a70373ca5dcef22b2","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"a322dd310c2b30a966c410ab1557b560b302246d2f2734fcecdc653f4307edbe","src/backend/libc/c.rs":"7aec21aa56faad3b87674855ed6f54242aa5660905e6b2bcdaa0f8dc0f19df56","src/backend/libc/conv.rs":"77cc96b7242c4c9cc54083d57d27a926a20b159196d1db98fdf943c9b8c7d0c6","src/backend/libc/fs/dir.rs":"5411a2baa88b3d509e0f1b9e44aa6e20f4791510497a16acdf4cd32324b5dd48","src/backend/libc/fs/inotify.rs":"fbe35da10eec6c712ee752b868f04d1d1ef03188ef706b9c44b7f338152df744","src/backend/libc/fs/makedev.rs":"3a4ab3f6c7bd221a0bf7cdf7392c97cac7eba072c2a699c2dc68422ff48ab44f","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"98ce2a39b792f1358d1a5198a670feafb5620e2e3bf84e7003a13e9fd6432905","src/backend/libc/fs/types.rs":"fafa70493a2efcc18612296d4f1ca9303d1867be01bcabed14dffa9e8971e8d2","src/backend/libc/io/epoll.rs":"162329053d6fb0f3c9d671526fd120ec89d9347fb8aada8b8487095166d64710","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"afcf57d6bbb4bb0be97c9597a298eaaa58a8838f07212e3051612fa25993bd9c","src/backend/libc/io/poll_fd.rs":"d8092bca9cb0317b3a9bb418a55abf0e868f1c7267cacc97454a5053ff192a05","src/backend/libc/io/syscalls.rs":"1c448d64e74a3af881e5e67738b464682ee0769f8e90fb29d5fb1e7fbcc3d704","src/backend/libc/io/types.rs":"eba054b7e441febf289f7c656c0b465ad9982afd7e3e85c74de4992e1ee76d48","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"190165e683ffc9ee2085a19086d2f72bad954d50124eb0eed192faa512e67a1b","src/backend/libc/mm/types.rs":"22367f983585b2245621f7994a1585746ac446eb31669654d4de7195dffbfb3a","src/backend/libc/mod.rs":"49b9fe81918a05a066ecbcec4a72ed945c4129ae6f86007e94af653d3834f71d","src/backend/libc/net/addr.rs":"afd79fcc35b48bda21e2a210fa030387e9e3b8c741903ff75c459102eb6e5f36","src/backend/libc/net/ext.rs":"af0fb192e1055420937196af2e314869173d4f50e970af4cc85f6f261e78ff20","src/backend/libc/net/mod.rs":"e88d9ca079089857c9b794ed8ab5bb970e779cfe7bd0bdcb402edcd2f48efb5d","src/backend/libc/net/msghdr.rs":"bdce9e21a6e7dd60e5fab9795b73ab49d20358bb0a9b8da65ca4f762693b3709","src/backend/libc/net/read_sockaddr.rs":"21c0f0e3b295ad4183eed16f8794f1fa1ede5ac5f8a2565510be2262d3f42b0e","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"b1309c930a4cb557f7ab24cdcf060b3fc0c06cecf9d2030b79b782c1bff605f4","src/backend/libc/net/types.rs":"8acd35d92ef2afb148e2dc41dab184d7f302b770a214e09e58c065c476fe858f","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"73f01763fff883c42c014fe3f471585512777b431a77b6f8116fc20624ece085","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"a5041e8d96738f092989ae38bbdb09ba0d74f5956d340fef48044e24ee6fec81","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"f191f647d3b22e80f325a2bb384356176aa8e730d14620e8c4c8c89f81ac2a64","src/backend/libc/process/types.rs":"4e904c18127c202a70aaf275abf7984ad95e6420dd676f3a534f3969d9037d78","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"0335109c870a054eb07e309a0e750e71962697535125fe3c45556cd75eb20bfd","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"5cbb8ec93d68c04fbd1b22736905ed070de6a7b68c550948da3c672c1d049935","src/backend/libc/rand/types.rs":"c59e156eafcc97558a1bc5210e3438e9850512d1dfb4bb8e3d344409c12a9a54","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"17a5a559cda40707cc846e96c5b2c6fb284dac3a2b18c44dbcb5bc53787f42d3","src/backend/libc/termios/types.rs":"7c171edc9277466aa12518bd6f5ad9f38d4fa3202572523e384c138d3671d4d2","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"f58ed92790c7cef29c09635e79c664c7f2260449a55dfbf0930b92697c2e2f0d","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"6d3202d524510170618f727ce1c96e1cf55f2a775172215f5834cf2a06565466","src/backend/libc/time/types.rs":"0414e977004abe604333607ad42c27549b2d5fb2d56a37b431f87dac330d16df","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"7018e7d3bd2f3e6545baafcb75256505eb8297f025706ef662e4f3b12f1d8add","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"1f1d97557db783e6d6d0a027f7d699308b483159efe081468d86a883d4df641b","src/backend/linux_raw/conv.rs":"13610464e9bdedeb4c387bd34284bf972d1b60cb7214761c0e7223b4f8532914","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/fs/dir.rs":"b130249238fd989a2f04a13365092a0ead08e3552183c9297039875634577130","src/backend/linux_raw/fs/inotify.rs":"84753669fcadfcb66f9b363b6011ef1bf30be396f93299576640c2ed7486f8b3","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"d043a80c9253fab6de0f0e15f7d662e207dbb2e8e8bf31a5b50d0ac448ba89f0","src/backend/linux_raw/fs/types.rs":"bbabce075aa5d92780d09e80aae1aac10281575c93a3f365108c35fceb5241e0","src/backend/linux_raw/io/epoll.rs":"f30b0f2b12415d8972ca726d8c9a750eb4306fa9f57933e9dabfb495cde07264","src/backend/linux_raw/io/errno.rs":"6a5b70a3a8ff66c22dd9d08bee9594be163c75858291c91fae12ceb6f30b3777","src/backend/linux_raw/io/io_slice.rs":"5c6ae3376994e6b30a48c1939bce81c122d8581c5dced522cff886cf3b06384c","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"6bc1dde7db981372160ad416edf93d8af10c54478799267bef842c0514847d96","src/backend/linux_raw/io/types.rs":"b5be41bfae29bb27b7cb4db2584c5aac4ebe6f67e031e6c1ae5ff61649dd2955","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"6e6b97b3b161aa1f03d8cf0e94c5ff35d4911a5049770dbb203acba84ee65843","src/backend/linux_raw/mod.rs":"be1d31a71c5f7aa61681661a4e45999de001e473b8869f0f5e510e16e501fc45","src/backend/linux_raw/net/addr.rs":"af30232b1241291254fe9ce0fa0050e707adc73325308eb0501801e33cc07c73","src/backend/linux_raw/net/mod.rs":"c912274a40eab213f0afcaab8ae098ae7d56fa95592463c830b2361df57731fe","src/backend/linux_raw/net/msghdr.rs":"18facac973918b6a8a6b49b0fcf1058e88286d67e12801ce6dacb58ebf5a7d75","src/backend/linux_raw/net/read_sockaddr.rs":"71bdde53beb3aea60d51c664e3fc36e34371acd869f621faa3dabd8b0d91b0c5","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"1670344e0a725c4d097897c445bdfa67832830e7ceec418fbc734ddaacffa761","src/backend/linux_raw/net/types.rs":"87ed6b59a29aab219fd625393b1b9f4200eabacf1ee4ad8fe806a2b8b53169df","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"5565394c6943ecb85dafcc4eae1931417d912560ccb86496d79914d7a4087cb6","src/backend/linux_raw/param/libc_auxv.rs":"5d57b293700de025bc811ccafd29f05af2787c288ab5e653351c0bd96c488910","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0bce1df427c5be8d2fec48ba92e93c442b0adf1896a0af65c5d4780a4826741b","src/backend/linux_raw/process/types.rs":"c04c902fc7c489947272b3983aa5e8c4e53b4ef6cfafe5ce973bf694bd14cfaa","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"18614be9fde4e095b159682ec4b9d1e077716b710030ebd1681813812d74d8ce","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"5b6d741a9d954aa02177d3850a36375a391fa55cde91eec0c640845adb666691","src/backend/linux_raw/runtime/tls.rs":"9db0e08e47e69013b3fac0b4aa24e6ac6b07904797e0e04658dd44f3a7245e0f","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"232a24ccfbb2a03a107373249c5d3ebe3db70388ed39e6e6dd08e14630a48f2e","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"57f6d8d3a2526ca5066aa35ea74b35e465726b1bc079fafd22abe211f643c070","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"02710805710aeb65a169492e650b495dceea402ad212922a0589ab8c1605e585","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"c86e1b0d28e9148a5061b8dd967fe9f5c583001c8850f30f1f30ac75026df70f","src/const_assert.rs":"69aad0f4c33ca5b6a23f35644b7da71977e23d645a1279f915893ac8087da355","src/cstr.rs":"c515846378c45e7f04dded259b791a09ad304b3465fc64d1a0fe3d213c9d6a26","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"fa59a9cfbb74c5edab015b895b967d3e2197cde6867ba3b54f57c804bb73bd44","src/fs/constants.rs":"93601ba75eefcefcc3f8f936b786b7e70180aa3727c24bacfd326128b6bb52e0","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"e30d09b4700302c712b499311a86b905b5bb0c483ab2827b27add477056c284c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"2ded318e44b40cf8276b381444e6e418ad94206755283c215c2e487a32371c03","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"bc2b60c3d9e1f24a60cfe1c502ccbed682fae4c487e7da38b8e738dc08a71f8f","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"fcc16dab9927d7d6c8e4e4bf6752e65ff0c38d954cead8e6f6c2c26c11792929","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"913aaa2f5f9a5f0c381d053dd0e9560af55bc754dca23ff44dde4b0fa13ff172","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"6886b17aa4d298a116bd4de15b22469133acc94695a623d0341174a0dc649a18","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"1c9126e216d693692067d9b3514d0bad6cba3fc05c66f5c00792a8cb146902e6","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/kqueue.rs":"857f9016ebba60136e8944d7a1bd3de249d6d633211d744336c5f7f4b3dc2053","src/io/mod.rs":"f18f756c141f5c82cd511404a1ee4738a83dc589cb0a24f0db0990869540aafc","src/io/pipe.rs":"7fe8f04af16f5fcf164d8bd7e9a6bea584ef935760f4a4c7f9befd1ead2398cc","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"f767b695acf0756a3b7b367778d2090abc5a11586ab5d3b4fb4e0899e9d1f2c7","src/io/read_write.rs":"023230dec0f36f630ae8affde1a0abb0140dc28d5c5bc136f4dc6876828efe85","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"a0328775940ccdd3026e92b9dfd94584d0faf14c3d287360e157ed8903d6568f","src/io_uring.rs":"63c4bcd276e7110025e06ab77dbe506464c3efdfcb8a82493fc7fe72c716e7c8","src/lib.rs":"abcb813ff3d186657ac0b3a2c9801c5a0c1bc01fa533989410bc267b54998227","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"2961f20366463216037a7a1ab238d5e80133bf058a3f10e30f86c8f7ddb314b7","src/net/send_recv/mod.rs":"97ac913fe7baa36301e483b30271f4bbb51fb8fcb876fa3d2e49d90d40bbd030","src/net/send_recv/msg.rs":"c1b66b655065130a720eac02d17e48de7b44322f818533451782b72edbbb19b2","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"82b0aef8db493ca63a1914860b68972e02e58fd90106bd781569c20c95b6499f","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/chroot.rs":"aa83fd57d8f43c22b8f26bdb61109b74f2e2bebed34a16fed02660cbb37cd4d4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"1cbfeb3f1f793d2747eb3db981459902c98ec5fedf265a0faecf0b37a164c527","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"0269dc9a2c0684223c6d9256548dcb1dfeb66c10fe53f45fdcb173f398ada4cc","src/process/membarrier.rs":"4b1f2b062012c06cba3d3fc6f9b22d78812f5bc36ce579a0959f415952562ebd","src/process/mod.rs":"c04ed9d8cc4865c4a367e64fa4eab184253fead4b9259c4f6719f3f92c4bf9a9","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"302715256544595bf109e22a987e314b1468544b22cf63afa8d2d574085b50f0","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"c9ffddf8203077d2859d4eb204fe3da7d24efec3c492d0229750c794d3c9a996","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/system.rs":"5c701192b030236149b15e7934828aef9c9e3e2e4485728833b7146378157997","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5e0d3e46ba44f81cbf8664c68faadced7d80f56920d018591dbb8f088fff6bac","src/pty.rs":"e1d2d72f0c1cb2b8b37b9f06f87044c39d22a3e4b089a4ec25dd26de4a311c48","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"386bf280a54150b90c038173019a4e62cbc0e05656d13918f93315d70d51eb42","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"c892c62ee5ed638e4965dcf6bab403790ab6c9a2c47f66760c1cc4d89923c17e","src/termios/tty.rs":"de44a8e276070a844685fa3f3cae8ed9f2ae9ebf0333adbd42c05a350c40359f","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"60c959f60c6fcc6f57ed613f21d40fdd9f6cf9876b79f10fa951a6ee5bedb0e0","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"c4d4df3a32c65d7bd9e753c6983fd7ab12f26465f6627e33ae4d6335ae02f59e","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"20226da10a0380ef341fa1919c329cf522b46071bcc8d36fd7c93e2aabd63f83"},"package":"b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"357f256f801f57bbe17b4f5cff7ce9b3c42cc1605bf7c088efb9b546033628e0","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"99c383b949ab63bae97fa0f4629d2205fdbaada50f5b648a70373ca5dcef22b2","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"55b71073e5681b309bc4f439435ac05d1e052bba2ea6accf05bca9bf496d4bd0","build.rs":"a322dd310c2b30a966c410ab1557b560b302246d2f2734fcecdc653f4307edbe","src/backend/libc/c.rs":"7aec21aa56faad3b87674855ed6f54242aa5660905e6b2bcdaa0f8dc0f19df56","src/backend/libc/conv.rs":"77cc96b7242c4c9cc54083d57d27a926a20b159196d1db98fdf943c9b8c7d0c6","src/backend/libc/fs/dir.rs":"fc36a713466a705b0776131fcae0faa4bc5be6feed15f203b5a7aa3818a0fd6d","src/backend/libc/fs/inotify.rs":"fbe35da10eec6c712ee752b868f04d1d1ef03188ef706b9c44b7f338152df744","src/backend/libc/fs/makedev.rs":"3a4ab3f6c7bd221a0bf7cdf7392c97cac7eba072c2a699c2dc68422ff48ab44f","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"98ce2a39b792f1358d1a5198a670feafb5620e2e3bf84e7003a13e9fd6432905","src/backend/libc/fs/types.rs":"fafa70493a2efcc18612296d4f1ca9303d1867be01bcabed14dffa9e8971e8d2","src/backend/libc/io/epoll.rs":"162329053d6fb0f3c9d671526fd120ec89d9347fb8aada8b8487095166d64710","src/backend/libc/io/errno.rs":"8c6491590339a21c732b325904ece24ac39b1cd1a2b04728a9ff90ec904c01aa","src/backend/libc/io/io_slice.rs":"34da1bcc17993318fa93b7e71ff36116044ac12a031963710af84c3ed1bc443a","src/backend/libc/io/mod.rs":"afcf57d6bbb4bb0be97c9597a298eaaa58a8838f07212e3051612fa25993bd9c","src/backend/libc/io/poll_fd.rs":"d8092bca9cb0317b3a9bb418a55abf0e868f1c7267cacc97454a5053ff192a05","src/backend/libc/io/syscalls.rs":"1c448d64e74a3af881e5e67738b464682ee0769f8e90fb29d5fb1e7fbcc3d704","src/backend/libc/io/types.rs":"eba054b7e441febf289f7c656c0b465ad9982afd7e3e85c74de4992e1ee76d48","src/backend/libc/io/windows_syscalls.rs":"741f524b384d59e703b278739563ab04273dbb48c062349353dd9b7cf9ed2332","src/backend/libc/io_lifetimes.rs":"eebc6adc10593933e9ab14c59d29793f4ec6e4403a00bbcaaf3ee81373ae924d","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"0f7ffc079f511b200d536e348d6c6945eeb4908db721e5ca0db6cc5fe96eccc4","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"190165e683ffc9ee2085a19086d2f72bad954d50124eb0eed192faa512e67a1b","src/backend/libc/mm/types.rs":"22367f983585b2245621f7994a1585746ac446eb31669654d4de7195dffbfb3a","src/backend/libc/mod.rs":"49b9fe81918a05a066ecbcec4a72ed945c4129ae6f86007e94af653d3834f71d","src/backend/libc/net/addr.rs":"afd79fcc35b48bda21e2a210fa030387e9e3b8c741903ff75c459102eb6e5f36","src/backend/libc/net/ext.rs":"af0fb192e1055420937196af2e314869173d4f50e970af4cc85f6f261e78ff20","src/backend/libc/net/mod.rs":"e88d9ca079089857c9b794ed8ab5bb970e779cfe7bd0bdcb402edcd2f48efb5d","src/backend/libc/net/msghdr.rs":"bdce9e21a6e7dd60e5fab9795b73ab49d20358bb0a9b8da65ca4f762693b3709","src/backend/libc/net/read_sockaddr.rs":"21c0f0e3b295ad4183eed16f8794f1fa1ede5ac5f8a2565510be2262d3f42b0e","src/backend/libc/net/send_recv.rs":"d0ffe3aebccab498b7fdf6cfb0382fc10576ed0b8563d696a20878d2c01f0a28","src/backend/libc/net/syscalls.rs":"b1309c930a4cb557f7ab24cdcf060b3fc0c06cecf9d2030b79b782c1bff605f4","src/backend/libc/net/types.rs":"8acd35d92ef2afb148e2dc41dab184d7f302b770a214e09e58c065c476fe858f","src/backend/libc/net/write_sockaddr.rs":"33c3d7304713cb63f8fa398f5f7c084fc1d9fbb6907dd19902a90e8ec64ad41f","src/backend/libc/offset.rs":"73f01763fff883c42c014fe3f471585512777b431a77b6f8116fc20624ece085","src/backend/libc/param/auxv.rs":"7d71f224f7d9c547b6b5e1425cad03466328b7b8ad2a62f49d9e29e075061e43","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/process/cpu_set.rs":"a5041e8d96738f092989ae38bbdb09ba0d74f5956d340fef48044e24ee6fec81","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"f191f647d3b22e80f325a2bb384356176aa8e730d14620e8c4c8c89f81ac2a64","src/backend/libc/process/types.rs":"4e904c18127c202a70aaf275abf7984ad95e6420dd676f3a534f3969d9037d78","src/backend/libc/process/wait.rs":"36e84c05ae3a27b96da9521678b72ab004fe37a8b0d092a0b6f810015806c4d2","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"0335109c870a054eb07e309a0e750e71962697535125fe3c45556cd75eb20bfd","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"5cbb8ec93d68c04fbd1b22736905ed070de6a7b68c550948da3c672c1d049935","src/backend/libc/rand/types.rs":"c59e156eafcc97558a1bc5210e3438e9850512d1dfb4bb8e3d344409c12a9a54","src/backend/libc/termios/mod.rs":"63a1e559981848581bbacad2adb567e5eb62d17caa2d8f826e977dc053ce26bb","src/backend/libc/termios/syscalls.rs":"17a5a559cda40707cc846e96c5b2c6fb284dac3a2b18c44dbcb5bc53787f42d3","src/backend/libc/termios/types.rs":"7c171edc9277466aa12518bd6f5ad9f38d4fa3202572523e384c138d3671d4d2","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"f58ed92790c7cef29c09635e79c664c7f2260449a55dfbf0930b92697c2e2f0d","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"6d3202d524510170618f727ce1c96e1cf55f2a775172215f5834cf2a06565466","src/backend/libc/time/types.rs":"0414e977004abe604333607ad42c27549b2d5fb2d56a37b431f87dac330d16df","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"ed5c6c14d19556c1a2ca077608fa515ac85d760eb931dc8968b39137700159d8","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"7018e7d3bd2f3e6545baafcb75256505eb8297f025706ef662e4f3b12f1d8add","src/backend/linux_raw/arch/outline/aarch64.s":"84f066b6fe3cf25ed61c7aa420408c6d5a0b33a7c91b748ed81e47737567975f","src/backend/linux_raw/arch/outline/arm.s":"fa266bf9f4533da1e96c27c4ae5418c86f44074ac0c6afcff0404738e11365da","src/backend/linux_raw/arch/outline/debug/librustix_outline_aarch64.a":"aa3a37d9ad312881968d40c48bd3c960fb3ac0eba232a5f1979cb809d081c340","src/backend/linux_raw/arch/outline/debug/librustix_outline_arm.a":"9991ea0ccd16a175ef4b82916b6cd4b45cf67f4388eb58567b0a6e520bda3740","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_riscv64.a":"c4fd54d0fcab2e28b1b18df77a7814b145a4c2d13fc04b937a55bf0abf420227","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86_64.a":"039c928213bd0b67c899412084a30eb9a51526e64a01e1901cd4905ef8d7cf6d","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"3fcab403f297fd5160df6f4b7d8fd1d868267022c2f6e6448505bd363cb113ef","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_aarch64.a":"fa8d31702cafb24d9799c162d3319c522892e91c58fbbff2b09950a0fa81b46f","src/backend/linux_raw/arch/outline/release/librustix_outline_arm.a":"0f7c8c5c02d5329d884f800da70aaf6b5b67c14000b12afb708f3e4758aa1f7a","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_riscv64.a":"beb0eb046d36545a04ad7f264ed1173062f9f85ba7f4215bef64a98f30a74dce","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/release/librustix_outline_x86_64.a":"434a79197510876c5a49f594e7886c95cf4c15e876c3404ed136846c95d6ee30","src/backend/linux_raw/arch/outline/riscv64.s":"ca5303c0c8af6de1f246d658003e270d4e29d6c68dd90c6eee372d045bdf7305","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/arch/outline/x86_64.s":"a530084cd42ad8d4b2d36526f4e04f45a6e29ea49882e2c561ac2eeac16272bf","src/backend/linux_raw/c.rs":"1f1d97557db783e6d6d0a027f7d699308b483159efe081468d86a883d4df641b","src/backend/linux_raw/conv.rs":"13610464e9bdedeb4c387bd34284bf972d1b60cb7214761c0e7223b4f8532914","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/fs/dir.rs":"793f25a9a7f08e3923cada6eb9f7e1e5fa56cfe4dc1ad5adee72580805419b58","src/backend/linux_raw/fs/inotify.rs":"84753669fcadfcb66f9b363b6011ef1bf30be396f93299576640c2ed7486f8b3","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"d043a80c9253fab6de0f0e15f7d662e207dbb2e8e8bf31a5b50d0ac448ba89f0","src/backend/linux_raw/fs/types.rs":"bbabce075aa5d92780d09e80aae1aac10281575c93a3f365108c35fceb5241e0","src/backend/linux_raw/io/epoll.rs":"f30b0f2b12415d8972ca726d8c9a750eb4306fa9f57933e9dabfb495cde07264","src/backend/linux_raw/io/errno.rs":"6a5b70a3a8ff66c22dd9d08bee9594be163c75858291c91fae12ceb6f30b3777","src/backend/linux_raw/io/io_slice.rs":"5c6ae3376994e6b30a48c1939bce81c122d8581c5dced522cff886cf3b06384c","src/backend/linux_raw/io/mod.rs":"6ea805b91d571217c9649364121d0824bbdf4635b36c9150e5968fbeb75c0892","src/backend/linux_raw/io/poll_fd.rs":"9f5a15c80094cc3334acd171c0621d033b44d5d9a987a57acbdcd62cb17d871b","src/backend/linux_raw/io/syscalls.rs":"6bc1dde7db981372160ad416edf93d8af10c54478799267bef842c0514847d96","src/backend/linux_raw/io/types.rs":"b5be41bfae29bb27b7cb4db2584c5aac4ebe6f67e031e6c1ae5ff61649dd2955","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"2522327e229d85ce207546b802f63fcad49a0ce41b7b881e13a1c2637fdb6095","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"647c1846793c386f6babae898686604a4808344ec3e2d1e71071bbfd04079357","src/backend/linux_raw/mm/types.rs":"6e6b97b3b161aa1f03d8cf0e94c5ff35d4911a5049770dbb203acba84ee65843","src/backend/linux_raw/mod.rs":"be1d31a71c5f7aa61681661a4e45999de001e473b8869f0f5e510e16e501fc45","src/backend/linux_raw/net/addr.rs":"af30232b1241291254fe9ce0fa0050e707adc73325308eb0501801e33cc07c73","src/backend/linux_raw/net/mod.rs":"c912274a40eab213f0afcaab8ae098ae7d56fa95592463c830b2361df57731fe","src/backend/linux_raw/net/msghdr.rs":"18facac973918b6a8a6b49b0fcf1058e88286d67e12801ce6dacb58ebf5a7d75","src/backend/linux_raw/net/read_sockaddr.rs":"71bdde53beb3aea60d51c664e3fc36e34371acd869f621faa3dabd8b0d91b0c5","src/backend/linux_raw/net/send_recv.rs":"602852a0cf2775c0fce7afbd813248386823b73f3069231860b348432f59450c","src/backend/linux_raw/net/syscalls.rs":"1670344e0a725c4d097897c445bdfa67832830e7ceec418fbc734ddaacffa761","src/backend/linux_raw/net/types.rs":"87ed6b59a29aab219fd625393b1b9f4200eabacf1ee4ad8fe806a2b8b53169df","src/backend/linux_raw/net/write_sockaddr.rs":"ec0bf20a354cb86e2b5646bfc79297a378f11fcdf5641c16e4dd13e305011dc6","src/backend/linux_raw/param/auxv.rs":"5565394c6943ecb85dafcc4eae1931417d912560ccb86496d79914d7a4087cb6","src/backend/linux_raw/param/libc_auxv.rs":"5d57b293700de025bc811ccafd29f05af2787c288ab5e653351c0bd96c488910","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"016a691236064a9cc28688d4ff5dbd0e37dccfc07b25b943b47762ba1da33b83","src/backend/linux_raw/process/cpu_set.rs":"a333938a4356d117199bf4078688f0a9b876dc65da1bbff7649482f4f0180813","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0bce1df427c5be8d2fec48ba92e93c442b0adf1896a0af65c5d4780a4826741b","src/backend/linux_raw/process/types.rs":"c04c902fc7c489947272b3983aa5e8c4e53b4ef6cfafe5ce973bf694bd14cfaa","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"18614be9fde4e095b159682ec4b9d1e077716b710030ebd1681813812d74d8ce","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"b1d8b2fea0c792bd1e7c24ee59429d178dc0ad442ac817b12c7abcb38d71497b","src/backend/linux_raw/rand/types.rs":"271416d5241d70932b8a17f3b67eefd1b9c360f217f807de3d73192e9b620552","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"5b6d741a9d954aa02177d3850a36375a391fa55cde91eec0c640845adb666691","src/backend/linux_raw/runtime/tls.rs":"9db0e08e47e69013b3fac0b4aa24e6ac6b07904797e0e04658dd44f3a7245e0f","src/backend/linux_raw/termios/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/termios/syscalls.rs":"48eb753f1cd48139eae40ba72241fc2d5fd67355c33a3906f82965e0e0e518d3","src/backend/linux_raw/termios/types.rs":"5cee3735957db2fdaab341a0c58e438305d6402dc7d23622f4999934d4511b5f","src/backend/linux_raw/thread/futex.rs":"232a24ccfbb2a03a107373249c5d3ebe3db70388ed39e6e6dd08e14630a48f2e","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"57f6d8d3a2526ca5066aa35ea74b35e465726b1bc079fafd22abe211f643c070","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"02710805710aeb65a169492e650b495dceea402ad212922a0589ab8c1605e585","src/backend/linux_raw/time/types.rs":"8b5a464d0ef6752276416640dd3a341c07e3e901463231e8c66b2d2d661039af","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"c86e1b0d28e9148a5061b8dd967fe9f5c583001c8850f30f1f30ac75026df70f","src/const_assert.rs":"69aad0f4c33ca5b6a23f35644b7da71977e23d645a1279f915893ac8087da355","src/cstr.rs":"c515846378c45e7f04dded259b791a09ad304b3465fc64d1a0fe3d213c9d6a26","src/ffi/mod.rs":"1990dae8190991142bef24220f02b99c96c5bfa7dda2a7974d9dcac265d58945","src/fs/abs.rs":"3541ec38adff45be6464f52a786c0f4973e42fcae5efeeed737c83916b669d2f","src/fs/at.rs":"fa59a9cfbb74c5edab015b895b967d3e2197cde6867ba3b54f57c804bb73bd44","src/fs/constants.rs":"93601ba75eefcefcc3f8f936b786b7e70180aa3727c24bacfd326128b6bb52e0","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"b2d7fbb27e23704e3367ede9916cc233f76d912be21c2aee8a635eeca627977f","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"e30d09b4700302c712b499311a86b905b5bb0c483ab2827b27add477056c284c","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"2ded318e44b40cf8276b381444e6e418ad94206755283c215c2e487a32371c03","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"bc2b60c3d9e1f24a60cfe1c502ccbed682fae4c487e7da38b8e738dc08a71f8f","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"fcc16dab9927d7d6c8e4e4bf6752e65ff0c38d954cead8e6f6c2c26c11792929","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"913aaa2f5f9a5f0c381d053dd0e9560af55bc754dca23ff44dde4b0fa13ff172","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/eventfd.rs":"6886b17aa4d298a116bd4de15b22469133acc94695a623d0341174a0dc649a18","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/fd/mod.rs":"a1eab9ce9a2c4454053afdfd3f3705e4cb971e94cc453e4f13690f2f0d83dc2c","src/io/fd/owned.rs":"b3d1ac775461b9206f36df62495604a48820c0284276200101fd1847b0e9e756","src/io/fd/raw.rs":"9bcd00be7df3d9f4e6c49ca2d18ef25aee3d6f0ed5ee6b73df5a9beacefb6031","src/io/ioctl.rs":"1c9126e216d693692067d9b3514d0bad6cba3fc05c66f5c00792a8cb146902e6","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/kqueue.rs":"857f9016ebba60136e8944d7a1bd3de249d6d633211d744336c5f7f4b3dc2053","src/io/mod.rs":"f18f756c141f5c82cd511404a1ee4738a83dc589cb0a24f0db0990869540aafc","src/io/pipe.rs":"7fe8f04af16f5fcf164d8bd7e9a6bea584ef935760f4a4c7f9befd1ead2398cc","src/io/poll.rs":"3a1dc003042a0b8e21f894ebdc0e123938b78c6323d61deacbc09b44e1b986a1","src/io/port.rs":"8be17096cdfd2425bb2f800d129913e2ed2032c02049d45b7dcda8d4189b1af2","src/io/procfs.rs":"f767b695acf0756a3b7b367778d2090abc5a11586ab5d3b4fb4e0899e9d1f2c7","src/io/read_write.rs":"023230dec0f36f630ae8affde1a0abb0140dc28d5c5bc136f4dc6876828efe85","src/io/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/io/stdio.rs":"a0328775940ccdd3026e92b9dfd94584d0faf14c3d287360e157ed8903d6568f","src/io_uring.rs":"63c4bcd276e7110025e06ab77dbe506464c3efdfcb8a82493fc7fe72c716e7c8","src/lib.rs":"abcb813ff3d186657ac0b3a2c9801c5a0c1bc01fa533989410bc267b54998227","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/addr.rs":"6fce66cd0ccac3bcc2339f32faf2ed1bac94a6d8824acb55bffdfaa43090675a","src/net/ip.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/net/mod.rs":"2961f20366463216037a7a1ab238d5e80133bf058a3f10e30f86c8f7ddb314b7","src/net/send_recv/mod.rs":"97ac913fe7baa36301e483b30271f4bbb51fb8fcb876fa3d2e49d90d40bbd030","src/net/send_recv/msg.rs":"c1b66b655065130a720eac02d17e48de7b44322f818533451782b72edbbb19b2","src/net/socket.rs":"691f2c1b8c09c8d1d7f5e4ae3d3254925d7ca98b4c449a27e732f4c3c1612646","src/net/socket_addr_any.rs":"d95c7002972fa98d4133e10ad6c404399494374d568816217edcb9f4fd93aad8","src/net/socketpair.rs":"0818c1f34a5031dfd83bffe90ad1fad2c1e124665cb807485c908893ca9b3d9f","src/net/sockopt.rs":"82b0aef8db493ca63a1914860b68972e02e58fd90106bd781569c20c95b6499f","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"959d6bd6c7abb85e042f86047fb902891c5deb74c550ce21dac96fb9a9f16d36","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/process/chdir.rs":"4c63c351e207b1bbefdd7c001e85fed383d5ac2147894d5a09fbd8b302d7c728","src/process/chroot.rs":"aa83fd57d8f43c22b8f26bdb61109b74f2e2bebed34a16fed02660cbb37cd4d4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"1cbfeb3f1f793d2747eb3db981459902c98ec5fedf265a0faecf0b37a164c527","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"0269dc9a2c0684223c6d9256548dcb1dfeb66c10fe53f45fdcb173f398ada4cc","src/process/membarrier.rs":"4b1f2b062012c06cba3d3fc6f9b22d78812f5bc36ce579a0959f415952562ebd","src/process/mod.rs":"c04ed9d8cc4865c4a367e64fa4eab184253fead4b9259c4f6719f3f92c4bf9a9","src/process/pidfd.rs":"88517949097414b77540b1c0801bdd034c28667b9386c0676cdaa1b637129ffa","src/process/prctl.rs":"302715256544595bf109e22a987e314b1468544b22cf63afa8d2d574085b50f0","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"c9ffddf8203077d2859d4eb204fe3da7d24efec3c492d0229750c794d3c9a996","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/system.rs":"5c701192b030236149b15e7934828aef9c9e3e2e4485728833b7146378157997","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"5e0d3e46ba44f81cbf8664c68faadced7d80f56920d018591dbb8f088fff6bac","src/pty.rs":"e1d2d72f0c1cb2b8b37b9f06f87044c39d22a3e4b089a4ec25dd26de4a311c48","src/rand/getrandom.rs":"8e64128584178c02f04c9781527c23ac2e2423f73445d0b4d25ae99204d7cc04","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"386bf280a54150b90c038173019a4e62cbc0e05656d13918f93315d70d51eb42","src/termios/cf.rs":"cb13ee88cba541cbd683c7a5da034a126fd9e09dc6b5f25c9f32382f8318ffc0","src/termios/constants.rs":"7855cebd1e2169a2a760c6752138b3de1be00fd3b907b049d32ad5d6bdb0426e","src/termios/mod.rs":"b4d28ebeeae6782b4060d3e6f0156ed63bafa155d1bbdae9e28d06e574d69cb7","src/termios/tc.rs":"c892c62ee5ed638e4965dcf6bab403790ab6c9a2c47f66760c1cc4d89923c17e","src/termios/tty.rs":"de44a8e276070a844685fa3f3cae8ed9f2ae9ebf0333adbd42c05a350c40359f","src/thread/clock.rs":"4e3f54aa5b50443bf502a81ee4814b3522e928e3b06241d24f924a6f69953662","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"f905c1c672082215c6502f88e7123a33abadb25791d3ee967335567560dfced3","src/thread/libcap.rs":"60c959f60c6fcc6f57ed613f21d40fdd9f6cf9876b79f10fa951a6ee5bedb0e0","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"c4d4df3a32c65d7bd9e753c6983fd7ab12f26465f6627e33ae4d6335ae02f59e","src/thread/setns.rs":"5e08f98300e2ca8fc99272cf5408f0b27cb4c8ece54d76b92ede656982f11e69","src/time/clock.rs":"cbe15f6abe995476c815b31a9c3a931ad7292ec853342bc0fcb4417df1a558f1","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"20226da10a0380ef341fa1919c329cf522b46071bcc8d36fd7c93e2aabd63f83"},"package":"b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0"} +\ No newline at end of file +diff --git a/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs b/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs +index 720f7d01e..0f27f3fbc 100644 +--- a/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix-0.37.20/src/backend/libc/fs/dir.rs +@@ -29,8 +29,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -42,20 +47,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -67,13 +87,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -81,6 +107,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -114,7 +141,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -127,21 +154,21 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` + #[cfg(not(any(target_os = "fuchsia", target_os = "wasi")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -154,7 +181,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -170,7 +197,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -282,3 +309,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs b/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs +index 66b3101b1..512f887ab 100644 +--- a/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix-0.37.20/src/backend/linux_raw/fs/dir.rs +@@ -17,9 +17,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -37,25 +45,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -77,7 +99,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -135,14 +157,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -222,3 +261,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::cwd(), ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + + +From 2899dcf64b0e05610dafd818e98f4ef51809ec89 Mon Sep 17 00:00:00 2001 +From: Dan Gohman +Date: Thu, 12 Oct 2023 08:13:24 -0700 +Subject: [PATCH 4/4] Merge pull request from GHSA-c827-hfw6-qwvm in + vendor/rustix + +* Fix `rustix::fs::Dir` to avoid unbounded buffer growth. + +Fix `Dir`'s buffer size computation to avoid resizing past a fixed +upper limit. This prevents it from growing without bound, such as in +the case of `Dir::rewind` for repeated iterations with the same `Dir`. + +* Don't let `Dir` continue to try to iterate after a failure. + +* Handle `io::Errno::INTR` gracefully. + +* Write a more detailed comment on the buffer growth policy. + +* Also mention that no buffer can ever be big enough for everything. + +* Add tests against over-allocation & stuck iterator + +* Rm `dir_iterator_does_not_overallocate` unit test in favour of docs + +* Extend `test_dir` to cover `rewind`. + +* Consistently handle directory removal as ending the stream. + +libc implementations of directory iteration handle directory removal +by just ending the stream. In the linux_raw backend, this looks like +`ENOENT` from `getdents64`, so change the code to check for `ENOENT` +and end the stream. + +This requires changing the `dir_iterator_does_not_get_stuck_on_io_error` +test to no longer expect a failure, so it's now renamed to +`dir_iterator_handles_dir_removal`. + +To test the error case, add a new `dir_iterator_handles_io_errors` +test which uses `dup2` to induce an error, in both the linux_raw and +libc backends. + +This exposes the fact that the libc `Dir` implementation was also +assuming that users would stop iterating after hitting a failure, so +add a `any_errors` flag to the libc backend as well. + +* Add a test for removing the directory after doing `read_from`. + +* In the libc backend, handle `ENOENT` when opening ".". + +--------- + +Co-authored-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com> +--- + vendor/rustix/.cargo-checksum.json | 2 +- + vendor/rustix/src/backend/libc/fs/dir.rs | 86 ++++++++++++++--- + vendor/rustix/src/backend/linux_raw/fs/dir.rs | 95 ++++++++++++++++--- + 3 files changed, 157 insertions(+), 26 deletions(-) + +diff --git a/vendor/rustix/.cargo-checksum.json b/vendor/rustix/.cargo-checksum.json +index e749cc800..392a0bd89 100644 +--- a/vendor/rustix/.cargo-checksum.json ++++ b/vendor/rustix/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"b016dcc4465558f7bceb1eea94ae562acafa51c6d91f4bd6ace99a1a0075974c","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"62993d0e83773686d74488effddd72bd7256299e0ce913ae9bbf0704ee9f2120","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"5d470d6e1e65a33b6728a9d2135b7784ce725d3bd57a7ecbd552dfc80ddde0ac","src/backend/libc/c.rs":"6c73028cda171abe53917fe80ee1e627ff957bf29e5312b57be2a4d7050d1c92","src/backend/libc/conv.rs":"0b71622d51111c6be5d554e978d9ef6ba278e94241b53afe2fee390663b2425e","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"9b44a5b399cfa742b505f9f2d1400dac9f3d1afb1f253c23b250f08c0632e51b","src/backend/libc/event/syscalls.rs":"3755384de833dc10b381b8037efef3bd12aceaa41adb440cb7b1d5a81ef12066","src/backend/libc/event/types.rs":"5a520d60f67bf07be9229177ce872dc70bf366760a2b81fecba6d522b2179868","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"a00c4faf3a65523dce922ae4cb62dc275479d5e255b4fa5d4108864122378296","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"32d88e3e1955e533b2c110d05e6b22e31663d9a543afc8c0bf9b5901ad1d8fed","src/backend/libc/fs/types.rs":"eaabd8ea89654bcb297379fbae57a0434e3964073ca468f245c55f2f9e3a476a","src/backend/libc/io/errno.rs":"b9b591870ea1db3224cd8dc654735a052d0ee44f513069f5c9ae09183b846f69","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"db3056b3cad7313b9ec22a1b3d389ad91ef474566f091a2c644a8d8769eee055","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"de5695cef84a6859408fb09291edb93d853ed1498fe31286648778509b99ffbb","src/backend/libc/mod.rs":"eb0a047cf46a67058c68e7f3d481160cf13a35a2bf68e657110332efc2550c61","src/backend/libc/net/addr.rs":"cf0d76b0d7a0b25f7f36f36dcefcaa4e20bcba70122d8951f2696a02e8b60d09","src/backend/libc/net/ext.rs":"ed4bc298ed7dadd0f319e97ef7707ab22841ca04edc9adfe9c8a209c20360072","src/backend/libc/net/mod.rs":"6b0b674552234f08605f92770f55476e528ec39dc0c4b8baf41ceff06191f2f3","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"a44060a2cfd10586c5d52cee4ce92b5f27a2cdaa35c0c82f8db7eda59f4ef470","src/backend/libc/net/send_recv.rs":"ad545056de837597e62905fb49113055819de6952d7802edaa9c98853620ef7b","src/backend/libc/net/syscalls.rs":"025c6a1fb554345e0c16626d43ae226aa44fac813a57020fcc4337f0ea509a46","src/backend/libc/net/write_sockaddr.rs":"f8440b13a051829924959495f69053a7c67d165f8f8d979826c693100a15478a","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"18a461da1c97a8d4fe3679ce3eafb8c647179e8190528de86500d1e00c28e75c","src/backend/libc/pipe/types.rs":"12a5abf55142a46fe9951d9abe9ded7799b4fc882faa51e6c28fc06704af6451","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"83c34a773946d721c32d1f10e19b60bcec740d4a4a6b19a76ee817e8337dca8b","src/backend/libc/process/types.rs":"46367723120e8c737f7097ad85b43bb9200f2b8159904eb52c341c5ea6075aae","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"301b19e788c102c86fa408100ab4121347ebacc2340b27e97cc55ddb1794de11","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"94228b0a8ca775e09312c885eea4a5a6a47463e1377d7d97bb6b49e1c03bf9cd","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"42fdb11063237ef21e57fba2590aae223a071281f0417f17a22d7337a39db03d","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"df0be657068311fb3e3932509fb2be4c31e9e861d24096ad6071eae2e501260c","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"4b95ea3e053b7cbeb76f445978743cf2e4b7807590e366d00135c838c5e08359","src/backend/libc/time/types.rs":"c6e70d21888bbb9cc7d6561cc272d797933960bede7d93d54e09dee48e0f31ef","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"8408861cf501637b7f0bdad5234d28ebe8d042f6815554b8d2fd3a8ee5c84e20","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"1613f74cdf3ee7f99456530327a4d9d5846b95072cff32aff386241f4659ecf6","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"1e6ca71e98b6f3fca91cee16ab473a2cf710f1ea55ad24649a3b1262ed276ec8","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/c.rs":"c30491601405d42fabd5fdfe50abd539dc7693bf326be9e17a31bb6d6192e356","src/backend/linux_raw/conv.rs":"e6af1903c5b4a0ce8d80909b04e0f47849768218c9969aa6e1dcf85bdd505711","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"d871468c08ea22868f308ce53feb1dbab8740d577441a4f3aadd358baa843d27","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"76f0b4e6d46a5aa7907d783a794211124b6d2e7dd124cfb7170b24657e39d093","src/backend/linux_raw/fs/types.rs":"9410b0cb6e744820663660a8f2bacb8f477ebd5eb3b2c60e3519ba19b1c701d7","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"d82dfdef885e9b22bfbf605fce8ef2862604ef195dfdcdc0532c29426a188bd8","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"0d5815b725e51b5e16984e12852c125f14543c29bbd1a47b7e3b0ad95d711526","src/backend/linux_raw/mod.rs":"2abe0633534dc90a050595b8562bbc37a96559fdaf2e1491d1fa2cd52f0d4cb2","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"bbc7b021604feb515ba5fecb139f79935c94d3145d5115fee60f3055cf68ccb6","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"0a26b11f5ce794d85826a05b57187d333012246059f9d28a9cbbfbd2e93747c7","src/backend/linux_raw/param/libc_auxv.rs":"3b89394eb05d9f15ac23c16823666b12c5ce75ca29a6e4f3d66db2426d5e0d98","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"c499b47305ae7e25ed6fa3c760ce26cd64d985152615755706117f4d0a03d3d5","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0d7b3a3004ac84668296bfa8ad9c255f175e9fb380a59d5c8d248dc0f5b218aa","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"01c6d76b8ae36e8c936188011a13c31ca2ec61cb825b7da305d6e55356c260dd","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"55c38b348e19f049d7e65ef1fa7d9b50f9f0b6e87d32eda6f9bbc016274ef4c2","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"29deb1181e650885616928cf0b34207b644bb68bea99370e3e40d99cf6cd2f97","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"d50b761899f1d3cc4897d5cca868a8ad7e84a64d20aa46075cc0ae12f4bccdf3","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"4b35e46c58a8ac299c08250d5ceaaecec52a07be03f2d888bce2bc0581b498bc","src/clockid.rs":"598ebc50bdaf089e43fd1a0ad365c8ae1947c9a6cda0dea5273aafab32b33959","src/cstr.rs":"dc3e38fa056ce76df360c0e63482b02f60fb1d38c357481de38ef82584e80658","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"6010c924a0a079945eec796465a7108119d512db74709ea0105ed19051c0f55a","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"b8adbc6c96f7bab9d4776711774b5143bdfc3a3799beaceaab0a18abcb65548e","src/fs/at.rs":"4ea39291c632c0856b3057a606a38de1acbfb91d920662459f287be91ad3e39d","src/fs/constants.rs":"e3a5b8309d79d66f30ac15747912b9c9e376f8e525046625849c1b3b5caa1f6f","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"81f899ab1d38cf5a53ad91980482a93f11cec2894050820b4543dfbf05760629","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"a975d59ed0672bd0cf90bc18bc793a99096984ff06c3c78614285823cb3842ef","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"00249594de42fd81bdd61ead2905395e5d8ccf6d6b7400a6ba1c44b2a8271b74","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"6314094d92d6a51ab14d9d67e72427f3bb778543f2bb12632fd02cf439d52c2d","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"1f52e78a1e620544425b1ae6e00112fc154a8287e2f26bac5ddd15941e228179","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/ioctl.rs":"87772d59d72d34f1c3a1c00f818199b52c960f5860ea9a1f8023c0e2ce5f6d12","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"57c6ba3ccc9bdeae05e8ed70a2d9cabd2dd38c5f387e20d91bcd0d13d0f1d23e","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"5c0bb009b5ea0cd36ac4f503f128db61d875945b267b5e04cec5e3abec7e46b7","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"5ec5efbe84eeb0a2a3e412b79c742bb80152c1dc9c956d031e9a4ebebd492112","src/net/send_recv/msg.rs":"b8ce63eaa32cb5d7f7b7fc2215b60b60ec9d17bc89fd37f0f940610a5f4c7840","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"34e897c7e22c8a45cca4e23fec35ab26b40ef440f083367c350a57adb82b803d","src/net/types.rs":"f5a4016b00ccbc60feaaa15b6cb0cae1a994f8049fbe7ec32c4c88423389ec27","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"1e54bbf54b8fa7b260087fcae8d7e1bc35c66e9a36a26d69dddcc468e3d593ee","src/pipe.rs":"966521978ee7a57a11412ca5bee1246ca26dd67a07e53318066a38fe0787f2e9","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"cf5974f174968ea668f73a2294231784d1ab8304ae4e79a70175372c0bc34fd2","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"d34f9399a2ef6f2dfca929dca72a83d888ff80523c62083b50a2cd10dc875fe6","src/procfs.rs":"ebfbbe22e0ba7a2b914abd474d73065f0c5aa6bddaebc55dd286b3e013349485","src/pty.rs":"408e9144151d7cf5589ed37f1c1864fa5be0d1312fd8be1c74db07782dc09b6c","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"fb552490e378420375fa1f2a3eb7de16ac0f5ff72b7d0d3c88275314fdc57d1c","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"19e0b60315ddc7d8f2b7aafc4f4c6a30b91a7cd8ec4d128ba38931aa74b00175","src/termios/ioctl.rs":"7c185486116981e8aaa8db5fecb8484220f4d12e1a24de43fc394f17b4cdfdd4","src/termios/mod.rs":"b358538190ccb451a9d3dbc76c2418efb659fe48a54bc7069e7908589dbf07ce","src/termios/tc.rs":"90cf7f3026d46aec296f4e65ead6b8739a6967a74521e47b18f251b588948947","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"97b7bd2d00dfcd5410c99b2b36de3fb1b67a5beebb2938cc94ee908e4bc8183c","src/thread/clock.rs":"780d24ce30bef7e85b2634dc57a9ef2a261d6ac7c255a9e6167f923fae369843","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"fd9c8ab917c82a8e0d6e6af22d2f6e5aa0d81d57632a460fd711a52f8ed2f47c","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ac946df9eeb67a89436c57c1620855f66a57bded194ba2110a2656a25ba87bbd","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"2fee202dc27f4566d1af81007855e48932af2cc37db3cff30e1a657b37439183","src/ugid.rs":"cef024d081c7bbd60a60b079eb581fdbca036a462f8c232e48e2959e2b854335","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"fbc6396159432b5c8490d4e301d8c705f61860b8b6c863bf79942ce5401968f3"} +\ No newline at end of file ++{"files":{"CODE_OF_CONDUCT.md":"f210602311e3f74b32f46237fd55f4ce36d798e85e3db1432ec667f63a7ffc44","CONTRIBUTING.md":"fb570c76cf924cd75b77bed52b0dbe1e87ce224dc3428c48d98301710dcc331e","COPYRIGHT":"377c2e7c53250cc5905c0b0532d35973392af16ffb9596a41d99d202cf3617c9","Cargo.toml":"b016dcc4465558f7bceb1eea94ae562acafa51c6d91f4bd6ace99a1a0075974c","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-Apache-2.0_WITH_LLVM-exception":"268872b9816f90fd8e85db5a28d33f8150ebb8dd016653fb39ef1f94f2686bc5","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","ORG_CODE_OF_CONDUCT.md":"a62b69bf86e605ee1bcbb2f0a12ba79e4cebb6983a7b6491949750aecc4f2178","README.md":"62993d0e83773686d74488effddd72bd7256299e0ce913ae9bbf0704ee9f2120","SECURITY.md":"4d75afb09dd28eb5982e3a1f768ee398d90204669ceef3240a16b31dcf04148a","benches/mod.rs":"7abf49bced798168a4f57916654305a6c5d048d12e0ad43d30ab14f24b5e527a","build.rs":"5d470d6e1e65a33b6728a9d2135b7784ce725d3bd57a7ecbd552dfc80ddde0ac","src/backend/libc/c.rs":"6c73028cda171abe53917fe80ee1e627ff957bf29e5312b57be2a4d7050d1c92","src/backend/libc/conv.rs":"0b71622d51111c6be5d554e978d9ef6ba278e94241b53afe2fee390663b2425e","src/backend/libc/event/epoll.rs":"598e246866f46834f57d5385439d4c40654f899d3b9f252b6f72eeb18628d661","src/backend/libc/event/mod.rs":"7f8547c599b8263eb791890bbe4a0b22fe2676d007ffdcc3e07b2e48d1c994db","src/backend/libc/event/poll_fd.rs":"9b44a5b399cfa742b505f9f2d1400dac9f3d1afb1f253c23b250f08c0632e51b","src/backend/libc/event/syscalls.rs":"3755384de833dc10b381b8037efef3bd12aceaa41adb440cb7b1d5a81ef12066","src/backend/libc/event/types.rs":"5a520d60f67bf07be9229177ce872dc70bf366760a2b81fecba6d522b2179868","src/backend/libc/event/windows_syscalls.rs":"ebfac665c6676c4b803134ab8806be8aa2e96bdbc7799a19c544cd9069b35787","src/backend/libc/fs/dir.rs":"4f39ed719c0035e22153255f7529092bf604be0177a3d963311387a18555d967","src/backend/libc/fs/inotify.rs":"4e0e1f31ed6a53cbc56119bb974a464acd9c7797d2699a29cb399311ce49323d","src/backend/libc/fs/makedev.rs":"797e7e31dd363b8f649f370424e23a210be4536b580a78cb0f4c5d375da0aab0","src/backend/libc/fs/mod.rs":"ba3c79b8918eab2a4c962e353d2b27d3cd96b201f9e527ce0b70b7a558ac596b","src/backend/libc/fs/syscalls.rs":"32d88e3e1955e533b2c110d05e6b22e31663d9a543afc8c0bf9b5901ad1d8fed","src/backend/libc/fs/types.rs":"eaabd8ea89654bcb297379fbae57a0434e3964073ca468f245c55f2f9e3a476a","src/backend/libc/io/errno.rs":"b9b591870ea1db3224cd8dc654735a052d0ee44f513069f5c9ae09183b846f69","src/backend/libc/io/mod.rs":"746647bd864e4ec7717925b6d176cebdb392b7d015070244cc48d92780351dd6","src/backend/libc/io/syscalls.rs":"db3056b3cad7313b9ec22a1b3d389ad91ef474566f091a2c644a8d8769eee055","src/backend/libc/io/types.rs":"2248c2ba2c4b6ecbbb9f6c8dc2814734e8cd05e664c2aab409a243e034ff338b","src/backend/libc/io/windows_syscalls.rs":"73d3e609d30dfbb1a032f3ac667b3c65cb8a05a1d54c90bbb253021c85fd496a","src/backend/libc/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/io_uring/syscalls.rs":"5af8146d5971c833e6fd657f652c618b31f854e1b0811864fba9b658cb633e19","src/backend/libc/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/mm/syscalls.rs":"858e5bb3bc850b6a2d5ce69b3c8e40ab7cf75d392fe3a022119e5edd0c538db5","src/backend/libc/mm/types.rs":"de5695cef84a6859408fb09291edb93d853ed1498fe31286648778509b99ffbb","src/backend/libc/mod.rs":"eb0a047cf46a67058c68e7f3d481160cf13a35a2bf68e657110332efc2550c61","src/backend/libc/net/addr.rs":"cf0d76b0d7a0b25f7f36f36dcefcaa4e20bcba70122d8951f2696a02e8b60d09","src/backend/libc/net/ext.rs":"ed4bc298ed7dadd0f319e97ef7707ab22841ca04edc9adfe9c8a209c20360072","src/backend/libc/net/mod.rs":"6b0b674552234f08605f92770f55476e528ec39dc0c4b8baf41ceff06191f2f3","src/backend/libc/net/msghdr.rs":"67f7ed2c41e843bf2c00c9fef4280af24cf2e897c3b31e0a916415237c8f88e4","src/backend/libc/net/read_sockaddr.rs":"a44060a2cfd10586c5d52cee4ce92b5f27a2cdaa35c0c82f8db7eda59f4ef470","src/backend/libc/net/send_recv.rs":"ad545056de837597e62905fb49113055819de6952d7802edaa9c98853620ef7b","src/backend/libc/net/syscalls.rs":"025c6a1fb554345e0c16626d43ae226aa44fac813a57020fcc4337f0ea509a46","src/backend/libc/net/write_sockaddr.rs":"f8440b13a051829924959495f69053a7c67d165f8f8d979826c693100a15478a","src/backend/libc/param/auxv.rs":"fdc85b7c33bcd05a16471e42eb4228c48c98c642443635ba5fc3e9a45438d6d3","src/backend/libc/param/mod.rs":"5234b8f1bcb886cca6ea003d411d75eaeebe58deedd80e3441354bf46ed85d4d","src/backend/libc/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pid/syscalls.rs":"49ea679b96c0741d048e82964038f9a931bc3cf3a0b59c7db3df89629b9c49e6","src/backend/libc/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/pipe/syscalls.rs":"18a461da1c97a8d4fe3679ce3eafb8c647179e8190528de86500d1e00c28e75c","src/backend/libc/pipe/types.rs":"12a5abf55142a46fe9951d9abe9ded7799b4fc882faa51e6c28fc06704af6451","src/backend/libc/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/prctl/syscalls.rs":"8a2684f444a7555098dce2b92270d81cefdae902716c6e5d59bd7b0657e8a29d","src/backend/libc/process/cpu_set.rs":"b3d36b01b53b0b6c61a20ed8a69d48eccdd90cc17f82f2926ef1e844f002d0b7","src/backend/libc/process/mod.rs":"787018aba4adb2cc1f9176faf154a1a8d7943e4cad36be6e43fc03ce355572d6","src/backend/libc/process/syscalls.rs":"83c34a773946d721c32d1f10e19b60bcec740d4a4a6b19a76ee817e8337dca8b","src/backend/libc/process/types.rs":"46367723120e8c737f7097ad85b43bb9200f2b8159904eb52c341c5ea6075aae","src/backend/libc/process/wait.rs":"0cc556aed976b4bbb3965f74fd76b8216c755fce25043b7b21ce54afa07c9773","src/backend/libc/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/pty/syscalls.rs":"301b19e788c102c86fa408100ab4121347ebacc2340b27e97cc55ddb1794de11","src/backend/libc/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/libc/rand/syscalls.rs":"78c7201e6bcb75e9cab9486d1878861319f865de2b2c46437be68690bd17bf13","src/backend/libc/rand/types.rs":"7d473c7ee8f19fbcec31f61b28ba6a68e1233f64f37b3b496d396c0197af63e1","src/backend/libc/system/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/system/syscalls.rs":"94228b0a8ca775e09312c885eea4a5a6a47463e1377d7d97bb6b49e1c03bf9cd","src/backend/libc/system/types.rs":"6871e16aee14fe2ae03cea798c3e509ffe44778a9c0e5608fd73e2e015876d7e","src/backend/libc/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/termios/syscalls.rs":"42fdb11063237ef21e57fba2590aae223a071281f0417f17a22d7337a39db03d","src/backend/libc/thread/mod.rs":"0de5f67a684b9fd7628d3009d2ea5fd51b8770e8b387eed14f59152157844287","src/backend/libc/thread/syscalls.rs":"df0be657068311fb3e3932509fb2be4c31e9e861d24096ad6071eae2e501260c","src/backend/libc/time/mod.rs":"38563ea68829ca5a4b1b0695ac8a5c05718e85bdc88a36dc805efdfce45d3909","src/backend/libc/time/syscalls.rs":"4b95ea3e053b7cbeb76f445978743cf2e4b7807590e366d00135c838c5e08359","src/backend/libc/time/types.rs":"c6e70d21888bbb9cc7d6561cc272d797933960bede7d93d54e09dee48e0f31ef","src/backend/libc/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/libc/ugid/syscalls.rs":"8edf91b8790add23902c9f5418da6b0723a371677f29f490e0c8af852f0f1a0c","src/backend/libc/winsock_c.rs":"3bf3884fd250eca806ffdf96da68e29c133a697810b78b333ea449e523e58562","src/backend/linux_raw/arch/inline/aarch64.rs":"67011427b3cecd29ee716113d952e70d63574c96d1d3ea3c75d46250bde9ca44","src/backend/linux_raw/arch/inline/arm.rs":"7760d51aef17a69a797eb96fd61f7fade0d55bc87ec9a3e77fa6bb6aebaecdbb","src/backend/linux_raw/arch/inline/mips.rs":"d00c84cfdb4e37bdee9a2daa0a7b3298afbb4ebe288702203cb43d9c2617012d","src/backend/linux_raw/arch/inline/mips64.rs":"ab5455c9b2511ba6b67a66873cd8b53bf77471249fd2779d6437ebb4934087b5","src/backend/linux_raw/arch/inline/mod.rs":"8408861cf501637b7f0bdad5234d28ebe8d042f6815554b8d2fd3a8ee5c84e20","src/backend/linux_raw/arch/inline/powerpc64.rs":"dcd12314184441f5f7705bea6b829103c7abc9062db366ae5584023a38252a36","src/backend/linux_raw/arch/inline/riscv64.rs":"58a58203e9cac2ed21e4a7b26692c5d56d3c2bcddb3f60a648efd18a02129f3c","src/backend/linux_raw/arch/inline/thumb.rs":"82b88c9a3b6837f28a738cc760fc2403e7014abdb2c35d2bdbc8073235ae2863","src/backend/linux_raw/arch/inline/x86.rs":"de75f5179edf060461d949682002f4242140e5a01aa2361c4eab82da15375068","src/backend/linux_raw/arch/inline/x86_64.rs":"7c893ca306b3b8a5980c525dc5fa23187a0526bc9f7ac637204d88a1d596df5d","src/backend/linux_raw/arch/mod.rs":"1613f74cdf3ee7f99456530327a4d9d5846b95072cff32aff386241f4659ecf6","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips.a":"145be0e9638cb5541860ec97ce5270767c24b61f415f0ee3c2f86cc962ee44af","src/backend/linux_raw/arch/outline/debug/librustix_outline_mips64.a":"6c6d007368beb5e53bb1c402afacc1c139ee65dddb82ba3e2eada0493af94ef6","src/backend/linux_raw/arch/outline/debug/librustix_outline_powerpc64.a":"355db5c83dda1074636c40fa6fee6564c668c492a71e149bcb444ea896e8167e","src/backend/linux_raw/arch/outline/debug/librustix_outline_x86.a":"7ae3635dd3fbc2049e09d4218224e1eaaa4dd2ddd78d3901fb444d481abf2a33","src/backend/linux_raw/arch/outline/mips.s":"3612ba84500f033650cbb3860241768cc0760c5693aadc8af01dd2f61c7d59ff","src/backend/linux_raw/arch/outline/mips64.s":"deaf2218e0d2c5c97d1d5000c2c6678bbbf5a28faeefd0fb04b04e1984c94185","src/backend/linux_raw/arch/outline/mod.rs":"1e6ca71e98b6f3fca91cee16ab473a2cf710f1ea55ad24649a3b1262ed276ec8","src/backend/linux_raw/arch/outline/nr_last.rs":"82d92b9ca8307c19d74ced1ae2c0b31f2a7c5db70fa31fdedb55d38a90601455","src/backend/linux_raw/arch/outline/powerpc64.s":"0847fa3f160846ee02771550667913734ba9773e2221f2279c4f296d6f5b7bd4","src/backend/linux_raw/arch/outline/release/librustix_outline_mips.a":"d9a093ee2b2c94b70aa059e878a0211715fe6fdcc95a9098566c87d61be4e4b3","src/backend/linux_raw/arch/outline/release/librustix_outline_mips64.a":"ad19a967ade7067a12b08f61628cc56f72eaff1393544783647e1c4dde2629a3","src/backend/linux_raw/arch/outline/release/librustix_outline_powerpc64.a":"1f04e44c3d863bac066520c787444c314f2aa2f8d8d3cae38990ecc008b9b6e1","src/backend/linux_raw/arch/outline/release/librustix_outline_x86.a":"691d867358475c701c20b816b99bab2a4c90c3796a302ccaa56d5983be1ba8b2","src/backend/linux_raw/arch/outline/x86.rs":"f7e12a0f3fe8e97acb1ade2c9e61d82542f00ad4d8fe684a8dcd9f30fd9ab5d4","src/backend/linux_raw/arch/outline/x86.s":"4604e3b41161802343e2e4c890fd2042098a901d95893ebe4c436f97fd47cad3","src/backend/linux_raw/c.rs":"c30491601405d42fabd5fdfe50abd539dc7693bf326be9e17a31bb6d6192e356","src/backend/linux_raw/conv.rs":"e6af1903c5b4a0ce8d80909b04e0f47849768218c9969aa6e1dcf85bdd505711","src/backend/linux_raw/elf.rs":"4550edde9ca096ac3ad929ace226fd5ead954da7ad01d22da43fdb976655f771","src/backend/linux_raw/event/epoll.rs":"6c27660b015889140ad11657ad08dc32dd52fbc6b0d0a6571885792040e19156","src/backend/linux_raw/event/mod.rs":"72e46b04637e2d1d2a6b97af616144995399e489d1fe916faf835d72fc8c64cd","src/backend/linux_raw/event/poll_fd.rs":"8495da1687b15f7880a576ac8d197c941627a53874f0823467a3e4e3ad5640f2","src/backend/linux_raw/event/syscalls.rs":"f996db9f1f9f2b9bdaf33ef3a80a63ab9b1a65ae956700fd88d355e046ce2890","src/backend/linux_raw/event/types.rs":"4edf9c7c399c91f359bc2370a407fa5ab537a84eed26c593ce5bf6dd82c6c6a0","src/backend/linux_raw/fs/dir.rs":"c675dc5413428d2defd6752e99d210da83639779e853db209de6a1c08d35e0e7","src/backend/linux_raw/fs/inotify.rs":"c05e201e4f562256388c933cd3f24a3c3a578bd19513284856bb3eb1218906c0","src/backend/linux_raw/fs/makedev.rs":"c6b4505c4bcbbc2460e80f3097eb15e2c8ef38d6c6e7abd78e39c53c372139e2","src/backend/linux_raw/fs/mod.rs":"e22bf30f312f6a05f1e79f7834c33a3c9821514da05fa4786fc31867203a4c74","src/backend/linux_raw/fs/syscalls.rs":"76f0b4e6d46a5aa7907d783a794211124b6d2e7dd124cfb7170b24657e39d093","src/backend/linux_raw/fs/types.rs":"9410b0cb6e744820663660a8f2bacb8f477ebd5eb3b2c60e3519ba19b1c701d7","src/backend/linux_raw/io/errno.rs":"8d6a8d702ddec05c0ec5b518b9c4d6c9b54d390ea9b362e60f2032284c40b112","src/backend/linux_raw/io/mod.rs":"7ae2324427892cca6f5ab53858d847b165f790a72ec25f3d99fb15f0506c9f27","src/backend/linux_raw/io/syscalls.rs":"d82dfdef885e9b22bfbf605fce8ef2862604ef195dfdcdc0532c29426a188bd8","src/backend/linux_raw/io/types.rs":"59d031dd1e769ecbaedaaa3ffc513a7f7154fc48abbb46023166fa38a46f0c61","src/backend/linux_raw/io_uring/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/io_uring/syscalls.rs":"b87fa95c16b2d3ca8fd5d72368bda37b8b8ddbb19df3a884efc6eeec393c86d1","src/backend/linux_raw/mm/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/mm/syscalls.rs":"369abe984aa972d8083fee20d764a8d57df242c66f897066367416f2fcc832a3","src/backend/linux_raw/mm/types.rs":"0d5815b725e51b5e16984e12852c125f14543c29bbd1a47b7e3b0ad95d711526","src/backend/linux_raw/mod.rs":"2abe0633534dc90a050595b8562bbc37a96559fdaf2e1491d1fa2cd52f0d4cb2","src/backend/linux_raw/net/addr.rs":"fa6c4ea03ed465188bdb2113a9815549084b501c35654b46a00de226c7ea5463","src/backend/linux_raw/net/mod.rs":"bc9c9c4a8c06b1fb8c57555261176dfb1f3e858a1d89cd2f88e1f31fc126c001","src/backend/linux_raw/net/msghdr.rs":"6c0e1dfc0c9f79e69d3a645f0b4228bf6b29fed920af5f1efa6bbacd0a681c51","src/backend/linux_raw/net/read_sockaddr.rs":"24075ac4c05fab5fe44aae4445cdd12ec7e474f047150baa9b768741d6b9693d","src/backend/linux_raw/net/send_recv.rs":"aa5107094a1e5c6ce57bc2956d0ac63f24a7e61270f61ab2a353f9c832da0e4e","src/backend/linux_raw/net/syscalls.rs":"bbc7b021604feb515ba5fecb139f79935c94d3145d5115fee60f3055cf68ccb6","src/backend/linux_raw/net/write_sockaddr.rs":"69ee7d6f754126f9399250d51bcdb306ab6a9ae816bc8fe21d0a9cabd49052ef","src/backend/linux_raw/param/auxv.rs":"0a26b11f5ce794d85826a05b57187d333012246059f9d28a9cbbfbd2e93747c7","src/backend/linux_raw/param/libc_auxv.rs":"3b89394eb05d9f15ac23c16823666b12c5ce75ca29a6e4f3d66db2426d5e0d98","src/backend/linux_raw/param/mod.rs":"db21fc1b0ea5568b8649890fa38a878bfcdcf7398f6cf1640176b37bcc6ce990","src/backend/linux_raw/param/mustang_auxv.rs":"0adbb54a06b8c7b2df17462d98e1fe72bec02e4e577313add0cb7363262f0d6b","src/backend/linux_raw/pid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pid/syscalls.rs":"ce3ca4c72096479340364d16f09918e192ffd3a0436a26eb61aad7e7dac3cdcd","src/backend/linux_raw/pipe/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/pipe/syscalls.rs":"c499b47305ae7e25ed6fa3c760ce26cd64d985152615755706117f4d0a03d3d5","src/backend/linux_raw/pipe/types.rs":"73db762965df510bf3c908f906acf3a6df182d98d4ba1ebe45a52a4b51751e7e","src/backend/linux_raw/prctl/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/prctl/syscalls.rs":"01aa9cd77341dcd1efab9f3ac28447d0fbc41ed44d65e52301b347fdd1627e50","src/backend/linux_raw/process/cpu_set.rs":"dfdcbdf35aff6a3e08e7d38193bf18c12ca8aa64eb0dc417667be82dcc0f7c55","src/backend/linux_raw/process/mod.rs":"fb393c70a9c63ef9a6bf1fb5a2dc94f07d6b0b6987cc5231c15c607015dafd68","src/backend/linux_raw/process/syscalls.rs":"0d7b3a3004ac84668296bfa8ad9c255f175e9fb380a59d5c8d248dc0f5b218aa","src/backend/linux_raw/process/types.rs":"d66049cfbdb27e31586f0ff2e53b6adbe0ebb296a876372e9d0d805d10ac5f51","src/backend/linux_raw/process/wait.rs":"921aee4b0048746087f52615a98edc2aa0fb4b53d6df44be4533098df55d1b05","src/backend/linux_raw/pty/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/pty/syscalls.rs":"01c6d76b8ae36e8c936188011a13c31ca2ec61cb825b7da305d6e55356c260dd","src/backend/linux_raw/rand/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/rand/syscalls.rs":"fb401466368de62ec4ff76bc230f9246623b003fe7452912e1365f443d3eeeb3","src/backend/linux_raw/rand/types.rs":"787a59629343688cac0fdabd1b7552b400b9188073a1e0394eacc6e0997e1bfe","src/backend/linux_raw/reg.rs":"02653995cb934050ee2109e8d40e9083a4278abcba27b59d174a311aa8438e45","src/backend/linux_raw/runtime/mod.rs":"b2cae8cce3822c3c92942f06ea0b68464040dcac33c6f0f7ee392c6269993347","src/backend/linux_raw/runtime/syscalls.rs":"55c38b348e19f049d7e65ef1fa7d9b50f9f0b6e87d32eda6f9bbc016274ef4c2","src/backend/linux_raw/runtime/tls.rs":"2b8fc61a33ca9b47f854afbb8e3f8b20f9f9416b8884aefe46388c8173c8ae47","src/backend/linux_raw/system/mod.rs":"8aa966faf3853d1a93d0ed91f7e5f4a53539b0287b25a5bfe489fa1d07f7cfd7","src/backend/linux_raw/system/syscalls.rs":"a9bec6662f122b1ec310d417bd9ddc16df13b50de6526d2170aa4d72292c2b14","src/backend/linux_raw/system/types.rs":"1ceab8d738a71043473b26e97fa3fd79d588a86d4774cbc9b9e1d4f1447a016e","src/backend/linux_raw/termios/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/termios/syscalls.rs":"29deb1181e650885616928cf0b34207b644bb68bea99370e3e40d99cf6cd2f97","src/backend/linux_raw/thread/futex.rs":"3a130db9f6176dc95fdc14ce61a6bcdcc2c28e82a29ddae3e05f347a189fdd14","src/backend/linux_raw/thread/mod.rs":"f7132a68c9db1b4a796781b9e8d0ac268a1ddb713e510bfd43425564ec9b39c4","src/backend/linux_raw/thread/syscalls.rs":"5845d1c0a3548f87a114493c345e18dc32875bd7d35a6abcf1241ced9b024c09","src/backend/linux_raw/time/mod.rs":"672724f55b7b7be6a7452bb1cc2d28b5f0aaa840a2856fe363acce624e1beefc","src/backend/linux_raw/time/syscalls.rs":"a7870ef9daaf3fb2ac50f853df6dbcd935a3b2d70e720b80184208f602a918e6","src/backend/linux_raw/time/types.rs":"50d84ee6288f06bf4b526781c84e7252f3c09ecdb0626856d94a1a61c2e2c579","src/backend/linux_raw/ugid/mod.rs":"2c6478857a0751625edabd61acb841819bfba1093b1faeded15693c805d84952","src/backend/linux_raw/ugid/syscalls.rs":"844b2bed42b9a3c06845dbae1d020bbab5757d23ea3ad7a440e3cd87ff993f72","src/backend/linux_raw/vdso.rs":"a5abab80f023088162fd81dc306b6bd86bd61b2018a191b384f57facb1d48d0a","src/backend/linux_raw/vdso_wrappers.rs":"d50b761899f1d3cc4897d5cca868a8ad7e84a64d20aa46075cc0ae12f4bccdf3","src/bitcast.rs":"fe6bdc7fc31fa3b360c44a841c9a0f143629172729c6aaeae76841c74c122ff3","src/check_types.rs":"4b35e46c58a8ac299c08250d5ceaaecec52a07be03f2d888bce2bc0581b498bc","src/clockid.rs":"598ebc50bdaf089e43fd1a0ad365c8ae1947c9a6cda0dea5273aafab32b33959","src/cstr.rs":"dc3e38fa056ce76df360c0e63482b02f60fb1d38c357481de38ef82584e80658","src/event/eventfd.rs":"81cbd08f7bdf40a6ce1ca692b63da1dc8ba925282990668d9d68f1203e839fa1","src/event/kqueue.rs":"b267ca1badc43d977e2c5435092f161caab50ea04e258772dbebe1f02f3f5966","src/event/mod.rs":"6010c924a0a079945eec796465a7108119d512db74709ea0105ed19051c0f55a","src/event/poll.rs":"0ee583dbd457a573a82a06c04a2a24bd2c76e751d27a435507d55338e2871327","src/event/port.rs":"da588ff0f694bb1f99e288708bfc07353bd1274020c13dce30df5d7f3b42b0f3","src/ffi.rs":"0c6b9a6f20ffb31a827412c0381c6fff09e68265f29d94c5470940e22c5334a2","src/fs/abs.rs":"b8adbc6c96f7bab9d4776711774b5143bdfc3a3799beaceaab0a18abcb65548e","src/fs/at.rs":"4ea39291c632c0856b3057a606a38de1acbfb91d920662459f287be91ad3e39d","src/fs/constants.rs":"e3a5b8309d79d66f30ac15747912b9c9e376f8e525046625849c1b3b5caa1f6f","src/fs/copy_file_range.rs":"d3b644374390d482b2ff749a2459458872b57d0dcf9670368739b7833509a7c2","src/fs/cwd.rs":"81f899ab1d38cf5a53ad91980482a93f11cec2894050820b4543dfbf05760629","src/fs/dir.rs":"347a52f4ca9ac6321c52e802e97ec90d1b4c62ec955c8996fc17f8f5aed69966","src/fs/fadvise.rs":"beef66ebe1310fb92628240b2cde68f744c78e50f6ff61bb1404bd4868d9cae8","src/fs/fcntl.rs":"58c8f99e7193d11f0301d55e521e7bac16b1143f47eb7cf73cd9663841b4ebbe","src/fs/fcntl_apple.rs":"07f07b2ac75dc28bc9e08200f72eb95550a87ff3d69c1204f49ecb63a0c4fd20","src/fs/fcopyfile.rs":"ec95929cbbe02cf49233a785e5238931bb107b7903cc5bc95e4231de960995f2","src/fs/fd.rs":"a975d59ed0672bd0cf90bc18bc793a99096984ff06c3c78614285823cb3842ef","src/fs/file_type.rs":"fefd865f91011f66126213b0994773d99e373b468c31e866002228c98c64ad85","src/fs/getpath.rs":"28f6970fc1bbc37bb35c84724b59eac436ea7407a4522e18c2bdacb1fdd2edd9","src/fs/id.rs":"1b5c8a8baf9a9bb1f895f97189cea4e5982a0d35b192afeec6340a6c6222e0cb","src/fs/ioctl.rs":"1b222e725402d775813877b73f40f8ac2b513439485d326fbd49e3f4ebedce3b","src/fs/makedev.rs":"85520b484cb7c15ab71ea1c368578ea3b7e484d82f8510db92b6ce9f7ca341ae","src/fs/memfd_create.rs":"15a8f28e040cffd8c24c7903483440f88853b2e538ad48d80f3c00b4b2befdea","src/fs/mod.rs":"00249594de42fd81bdd61ead2905395e5d8ccf6d6b7400a6ba1c44b2a8271b74","src/fs/mount.rs":"8ab26dcb422825bbd2df2e1f68e6b4f7cf08ce11387c688442ee1b4683b33d4f","src/fs/openat2.rs":"4a95c15dab533a41201b5fa25c8a212956b7571d58cad696bdaf45af8aef96db","src/fs/raw_dir.rs":"6314094d92d6a51ab14d9d67e72427f3bb778543f2bb12632fd02cf439d52c2d","src/fs/seek_from.rs":"d7616a45e8a449df28b075ddded4d7c95d6c4575d6fe0cf0ca7b6625e9dc7eeb","src/fs/sendfile.rs":"e3b2058741cf4b1698f34d84bb37130cf2b72806d522a16fe541e832cde136cb","src/fs/statx.rs":"239d447477f8ac368c8ddf9975c71509c47881f647f59cd941ac07954d8a77f9","src/fs/sync.rs":"a3b23543834281f347b0f873bd38154d31d404871188ac08f2b20b9196234cfd","src/fs/xattr.rs":"1d4d7f144716ac8fcae6b728ea23d27db8d3d1d7d2ec3dc31a1dea8e9d6a7eff","src/io/close.rs":"0aa3cd05a8fed8e5244f97b8b6c2e7f65ed93a4e5435c6329852bb3da7514440","src/io/dup.rs":"1f52e78a1e620544425b1ae6e00112fc154a8287e2f26bac5ddd15941e228179","src/io/errno.rs":"da7dc2d25cdbbf610ec82c32124789d6572fbc67d8ff265000597ac1f5b39ebd","src/io/fcntl.rs":"08f42dc80832586afa6e0a7825571c84a97add1164926928960f0c4c5db76461","src/io/ioctl.rs":"87772d59d72d34f1c3a1c00f818199b52c960f5860ea9a1f8023c0e2ce5f6d12","src/io/is_read_write.rs":"1bfb9ee5d58e0b29b44af12fe2668c7bccc841358698dcde47f1519ff9bb73b4","src/io/mod.rs":"75f1d0646be1d4c7c08b5887d8119b0103be8c25c43ccd4e0e97015508c0bb8f","src/io/read_write.rs":"57c6ba3ccc9bdeae05e8ed70a2d9cabd2dd38c5f387e20d91bcd0d13d0f1d23e","src/io_uring.rs":"7093958a57bdaadd75f1800f07e359fd97c6f99c3fa01d263b4b1e57d44b2c4f","src/lib.rs":"5c0bb009b5ea0cd36ac4f503f128db61d875945b267b5e04cec5e3abec7e46b7","src/maybe_polyfill/no_std/io/mod.rs":"77889bb5c5a4f2e50e38379cdaa5d0fef4b0cafc3da056735df01f6deae75747","src/maybe_polyfill/no_std/mod.rs":"d4d98cf838b65dc3ceb0f6d4a950d9348695c3084448bd844e47b909960bbb47","src/maybe_polyfill/no_std/net/ip_addr.rs":"080dd17c44b395b46b0d9e70da76f376540f92ece65f79e3d242c0a272d3b451","src/maybe_polyfill/no_std/net/mod.rs":"b0ee611c454679226a15bf647e7779995f3fe9c8e0507930a0d0613eb414b7c2","src/maybe_polyfill/no_std/net/socket_addr.rs":"bfeb32d32c176cde76323abcffebfc47e9898fb8d7ce3668c602dc8451086a2d","src/maybe_polyfill/no_std/os/fd/mod.rs":"d9dfe2a2c25be727847bcdfe6f4898685af2521850298178ca8d46a8e2ceee88","src/maybe_polyfill/no_std/os/fd/owned.rs":"4ce3234f8ab2cc8a7b749531336f4f6b6297eff0e20a01190be2c10409a0c066","src/maybe_polyfill/no_std/os/fd/raw.rs":"9cedb353580b932879ddc4dee9936212fefb6d42530dc5cec519a0779d5dee33","src/maybe_polyfill/no_std/os/mod.rs":"27dab639a765827644005d5f2fcc7c825310606b889cc8dd83f54c9528350dc0","src/maybe_polyfill/no_std/os/windows/io/mod.rs":"5bbcc05c83fee5026dd744a994e0458469466d5be39081baa62df07753b92fd2","src/maybe_polyfill/no_std/os/windows/io/raw.rs":"4c32609a489dd938a49328b5637cb3bafb96437f2f9f269ab66d7d3cb90247f6","src/maybe_polyfill/no_std/os/windows/io/socket.rs":"c658f42f24eff44a661f2adfd24a11af80fe9897f3e2af4dc5d2c64808308d65","src/maybe_polyfill/no_std/os/windows/mod.rs":"fdb416f8f231a4e778b5f985b9ae712ece5e1a1402963ad1a5f6a8b9843795f4","src/maybe_polyfill/std/mod.rs":"dd6e219564e224fa7cc9fdab2e45935f13ad062da53d0b6d259a695c7aec1847","src/mm/madvise.rs":"3c262b3713a73fafcedf1b04bb12c048bb11d47ca43c959e5dfa48c27651f4f0","src/mm/mmap.rs":"bb103e6febd375de820985cc4b5aefa520b64ab1bcd903e3a818146abdfc60c7","src/mm/mod.rs":"b3a6cb838986d45825b912355cedead761211a494ca6f89b2367a2d2157e340e","src/mm/msync.rs":"9dcfe5f54235e9314a595edb8d548ac79d222bbcc58bb3263cf7e96d603b23ad","src/mm/userfaultfd.rs":"8073443bd181ff0b3ba4d0b1ae67370b4864035a0c8b4898cd709dc47c518ae7","src/net/mod.rs":"a6bc55f9e086caf46a7c00783498d73a328a66f2a991f1ec65d5f13931377b0f","src/net/send_recv/mod.rs":"5ec5efbe84eeb0a2a3e412b79c742bb80152c1dc9c956d031e9a4ebebd492112","src/net/send_recv/msg.rs":"b8ce63eaa32cb5d7f7b7fc2215b60b60ec9d17bc89fd37f0f940610a5f4c7840","src/net/socket.rs":"6bb087ab208a1e06d535fa11e2aa4a9f96da6e73b697fca93e2a3c89178c4434","src/net/socket_addr_any.rs":"d07f9e9ef8873aa5bfd85f669952299286ef6f2cc5b9fea383856432e61b850f","src/net/socketpair.rs":"56f4885c31d2664cd16e18a9a88792a4912fedd953cec36dba67e8581fd57921","src/net/sockopt.rs":"34e897c7e22c8a45cca4e23fec35ab26b40ef440f083367c350a57adb82b803d","src/net/types.rs":"f5a4016b00ccbc60feaaa15b6cb0cae1a994f8049fbe7ec32c4c88423389ec27","src/net/wsa.rs":"6e546b42f50a851fc833c57cda76cfb347203ed4b0dea574a3d325bf5a2ebf80","src/param/auxv.rs":"988872f9bec2e12f35765ae8963cbb9535d4acaedd4c9a4d07ced6feb70e0aaa","src/param/init.rs":"671d8974f0d9b82e79076d1f4deabe0273a874a329f74b8aad26e07b86791ba3","src/param/mod.rs":"53ee190cf5266a2e057af9412acc50359369470a04dbfe2e6e92a90de15aff57","src/path/arg.rs":"4a4bf9b59334900b51ac250365b2a1838670f83a6df9c9c3f6a35bd7d4784170","src/path/dec_int.rs":"fad9793b89eac526953b994cbed6b614f01c25108f9763e19fb98029feda93a4","src/path/mod.rs":"6b1b949c94bcc47e0f08a3f8e8db5b61ff497d0dfd3e0655f51c01d3e4b7dfd6","src/pid.rs":"1e54bbf54b8fa7b260087fcae8d7e1bc35c66e9a36a26d69dddcc468e3d593ee","src/pipe.rs":"966521978ee7a57a11412ca5bee1246ca26dd67a07e53318066a38fe0787f2e9","src/prctl.rs":"a1c85a401538d614f5539871f9a03f9a345b24cfbc845e953deb9f8b96986e2a","src/process/chdir.rs":"9d0397bc91bad5bf1c0afec5b3e6dd9cb7de6e54c3d0b760b33a4996a4cb1b25","src/process/chroot.rs":"2b5f6124eb19f26ad2705174f7ad50cdc0a5d15abd59ffcf55421228d82130b4","src/process/exit.rs":"47bc2fc1ec25eb5c7a21ba84a70c6d799df206f9920c34804a17acf27d5cd66d","src/process/id.rs":"402475cba98cc7e724943bfd218862f76c08b8d200a7b38bb5067bba2a837ef1","src/process/ioctl.rs":"6644c3b0948251b448a87cc8409750edf77dc31f08b2060fccf00dab0d516fca","src/process/kill.rs":"7b879e5cff8a064acd0e7488f4e21bd4e4a8506ce380688b72cc48d283ff9c89","src/process/membarrier.rs":"77b1080dc50cf0bf48959bd2388c519f0b73ac231cc329be43f04525217b7e94","src/process/mod.rs":"cf5974f174968ea668f73a2294231784d1ab8304ae4e79a70175372c0bc34fd2","src/process/pidfd.rs":"948b88cd986c17074fc895f277eec49066a52ab461fa341b7119ce648b28fcb6","src/process/pidfd_getfd.rs":"14aab7cc5578ca4753a7a42dcc8b4ea03748564b542675a50bae8e128348b23e","src/process/prctl.rs":"3f949bbc03c00cb68fab7db8c1bda71741f8d9439b9e25a8521d7cbb0693491d","src/process/priority.rs":"711ad9300407b205a549d2f896cdff080740f6cde8e710d3bb654ea720586b4c","src/process/procctl.rs":"7668f8302515316cc70addfe8da4af47ea8872d4acacd72d1c87c0ecb627e8e9","src/process/rlimit.rs":"10b79de3ced0e64059a94c879742d46a35a6176c776d8eed75031d5e6340283d","src/process/sched.rs":"7c3bfc5be624e7d7f5e043c3ee0b0566fcab3d684d61c272e7b4233410ab1c42","src/process/sched_yield.rs":"6565faa3928b66ddc74a65e893e15edfa4b9be4f7e5f5f68527501a7f6bc3350","src/process/umask.rs":"1a0f31a842303c978e3f05ec191e2b5e96104c09c6596473b42b1fac34898a50","src/process/wait.rs":"d34f9399a2ef6f2dfca929dca72a83d888ff80523c62083b50a2cd10dc875fe6","src/procfs.rs":"ebfbbe22e0ba7a2b914abd474d73065f0c5aa6bddaebc55dd286b3e013349485","src/pty.rs":"408e9144151d7cf5589ed37f1c1864fa5be0d1312fd8be1c74db07782dc09b6c","src/rand/getrandom.rs":"15255b5c5f76cf61ac4fac8b7ac6621049f2b5d2549ec319cdd69ab1ae4d07d2","src/rand/mod.rs":"cab59332aadd9b679f5b22cbb222d48ee028af5eb9fd4a4d43922da659b895d7","src/runtime.rs":"952cea05413e3ba1fa4fdc4755bf1d0fc0c21a5c8878f2cccc6a533119c193f8","src/signal.rs":"fb552490e378420375fa1f2a3eb7de16ac0f5ff72b7d0d3c88275314fdc57d1c","src/stdio.rs":"a5de2d7d9c3c5a901f88b6acf4754687c958a2f3a93c7945c2b8fcb948d468af","src/system.rs":"19e0b60315ddc7d8f2b7aafc4f4c6a30b91a7cd8ec4d128ba38931aa74b00175","src/termios/ioctl.rs":"7c185486116981e8aaa8db5fecb8484220f4d12e1a24de43fc394f17b4cdfdd4","src/termios/mod.rs":"b358538190ccb451a9d3dbc76c2418efb659fe48a54bc7069e7908589dbf07ce","src/termios/tc.rs":"90cf7f3026d46aec296f4e65ead6b8739a6967a74521e47b18f251b588948947","src/termios/tty.rs":"a3ebab3b73db76fb5594be1bb4ec888a28a63637f8cd0211fdb1b3b645cc2ca2","src/termios/types.rs":"97b7bd2d00dfcd5410c99b2b36de3fb1b67a5beebb2938cc94ee908e4bc8183c","src/thread/clock.rs":"780d24ce30bef7e85b2634dc57a9ef2a261d6ac7c255a9e6167f923fae369843","src/thread/futex.rs":"4e78c84589b535ca9ca633633696ef212393a98f2890b181acaa8f908fbc5ae2","src/thread/id.rs":"fd9c8ab917c82a8e0d6e6af22d2f6e5aa0d81d57632a460fd711a52f8ed2f47c","src/thread/libcap.rs":"ee1f320d860a3decbec8052897d9e9484591e4b0b64b3b5b419f4d43d144422e","src/thread/mod.rs":"6fc33eb022c4ab7f950dfb4fae6ab70b1acbcdbeacd909ae1848e7e54076c310","src/thread/prctl.rs":"f6da23203fc2087cd3b36b910901cd6cd86d5ac6f2fcb09feb1270d6c486a1a7","src/thread/setns.rs":"ac946df9eeb67a89436c57c1620855f66a57bded194ba2110a2656a25ba87bbd","src/time/clock.rs":"e59a29f1bed8c31c3d5b6fad60f2d4fa6cab8dd8e86148bb3693a5e3a1ce735f","src/time/mod.rs":"43afee938c80d124d04d4ba190c03f4d21d1e3bfc154fff309211e4f6eabe940","src/time/timerfd.rs":"f17092b84553741aa2d2b44c6992b5d2c8c96cc2c2007fc9a2c6b2064485e53f","src/timespec.rs":"2fee202dc27f4566d1af81007855e48932af2cc37db3cff30e1a657b37439183","src/ugid.rs":"cef024d081c7bbd60a60b079eb581fdbca036a462f8c232e48e2959e2b854335","src/utils.rs":"41765307b22b7cf8e21e83735308c598da8a83b52b5b7eafa175bf39f1528fbb","src/weak.rs":"22070a3fa6e526d851bac81c551aa5cb4f9e609687075999c6d50973eeec3a98"},"package":"fbc6396159432b5c8490d4e301d8c705f61860b8b6c863bf79942ce5401968f3"} +\ No newline at end of file +diff --git a/vendor/rustix/src/backend/libc/fs/dir.rs b/vendor/rustix/src/backend/libc/fs/dir.rs +index c8a4d77c9..fcc43e55d 100644 +--- a/vendor/rustix/src/backend/libc/fs/dir.rs ++++ b/vendor/rustix/src/backend/libc/fs/dir.rs +@@ -29,8 +29,13 @@ use core::ptr::NonNull; + use libc_errno::{errno, set_errno, Errno}; + + /// `DIR*` +-#[repr(transparent)] +-pub struct Dir(NonNull); ++pub struct Dir { ++ /// The `libc` `DIR` pointer. ++ libc_dir: NonNull, ++ ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++} + + impl Dir { + /// Construct a `Dir` that reads entries from the given directory +@@ -42,20 +47,35 @@ impl Dir { + + #[inline] + fn _read_from(fd: BorrowedFd<'_>) -> io::Result { ++ let mut any_errors = false; ++ + // Given an arbitrary `OwnedFd`, it's impossible to know whether the + // user holds a `dup`'d copy which could continue to modify the + // file description state, which would cause Undefined Behavior after + // our call to `fdopendir`. To prevent this, we obtain an independent + // `OwnedFd`. + let flags = fcntl_getfl(fd)?; +- let fd_for_dir = openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty())?; ++ let fd_for_dir = match openat(fd, cstr!("."), flags | OFlags::CLOEXEC, Mode::empty()) { ++ Ok(fd) => fd, ++ Err(io::Errno::NOENT) => { ++ // If "." doesn't exist, it means the directory was removed. ++ // We treat that as iterating through a directory with no ++ // entries. ++ any_errors = true; ++ crate::io::dup(fd)? ++ } ++ Err(err) => return Err(err), ++ }; + + let raw = owned_fd(fd_for_dir); + unsafe { + let libc_dir = c::fdopendir(raw); + + if let Some(libc_dir) = NonNull::new(libc_dir) { +- Ok(Self(libc_dir)) ++ Ok(Self { ++ libc_dir, ++ any_errors, ++ }) + } else { + let err = io::Errno::last_os_error(); + let _ = c::close(raw); +@@ -67,13 +87,19 @@ impl Dir { + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { +- unsafe { c::rewinddir(self.0.as_ptr()) } ++ self.any_errors = false; ++ unsafe { c::rewinddir(self.libc_dir.as_ptr()) } + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ + set_errno(Errno(0)); +- let dirent_ptr = unsafe { libc_readdir(self.0.as_ptr()) }; ++ let dirent_ptr = unsafe { libc_readdir(self.libc_dir.as_ptr()) }; + if dirent_ptr.is_null() { + let curr_errno = errno().0; + if curr_errno == 0 { +@@ -81,6 +107,7 @@ impl Dir { + None + } else { + // `errno` is unknown or non-zero, so an error occurred. ++ self.any_errors = true; + Some(Err(io::Errno(curr_errno))) + } + } else { +@@ -114,7 +141,7 @@ impl Dir { + /// `fstat(self)` + #[inline] + pub fn stat(&self) -> io::Result { +- fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstat(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatfs(self)` +@@ -127,14 +154,14 @@ impl Dir { + )))] + #[inline] + pub fn statfs(&self) -> io::Result { +- fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fstatvfs(self)` + #[cfg(not(any(solarish, target_os = "haiku", target_os = "redox", target_os = "wasi")))] + #[inline] + pub fn statvfs(&self) -> io::Result { +- fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fstatvfs(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + + /// `fchdir(self)` +@@ -143,7 +170,7 @@ impl Dir { + #[cfg_attr(doc_cfg, doc(cfg(feature = "process")))] + #[inline] + pub fn chdir(&self) -> io::Result<()> { +- fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.0.as_ptr())) }) ++ fchdir(unsafe { BorrowedFd::borrow_raw(c::dirfd(self.libc_dir.as_ptr())) }) + } + } + +@@ -156,7 +183,7 @@ unsafe impl Send for Dir {} + impl Drop for Dir { + #[inline] + fn drop(&mut self) { +- unsafe { c::closedir(self.0.as_ptr()) }; ++ unsafe { c::closedir(self.libc_dir.as_ptr()) }; + } + } + +@@ -172,7 +199,7 @@ impl Iterator for Dir { + impl fmt::Debug for Dir { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Dir") +- .field("fd", unsafe { &c::dirfd(self.0.as_ptr()) }) ++ .field("fd", unsafe { &c::dirfd(self.libc_dir.as_ptr()) }) + .finish() + } + } +@@ -284,3 +311,38 @@ fn check_dirent_layout(dirent: &c::dirent) { + } + ); + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::CWD, ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `readdir` to fail. ++ unsafe { ++ let raw_fd = c::dirfd(dir.libc_dir.as_ptr()); ++ let mut owned_fd: crate::fd::OwnedFd = crate::fd::FromRawFd::from_raw_fd(raw_fd); ++ crate::io::dup2(&file_fd, &mut owned_fd).unwrap(); ++ core::mem::forget(owned_fd); ++ } ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +diff --git a/vendor/rustix/src/backend/linux_raw/fs/dir.rs b/vendor/rustix/src/backend/linux_raw/fs/dir.rs +index 4df589af5..ea1017957 100644 +--- a/vendor/rustix/src/backend/linux_raw/fs/dir.rs ++++ b/vendor/rustix/src/backend/linux_raw/fs/dir.rs +@@ -18,9 +18,17 @@ pub struct Dir { + /// The `OwnedFd` that we read directory entries from. + fd: OwnedFd, + ++ /// Have we seen any errors in this iteration? ++ any_errors: bool, ++ ++ /// Should we rewind the stream on the next iteration? ++ rewind: bool, ++ ++ /// The buffer for `linux_dirent64` entries. + buf: Vec, ++ ++ /// Where we are in the buffer. + pos: usize, +- next: Option, + } + + impl Dir { +@@ -38,25 +46,39 @@ impl Dir { + + Ok(Self { + fd: fd_for_dir, ++ any_errors: false, ++ rewind: false, + buf: Vec::new(), + pos: 0, +- next: None, + }) + } + + /// `rewinddir(self)` + #[inline] + pub fn rewind(&mut self) { ++ self.any_errors = false; ++ self.rewind = true; + self.pos = self.buf.len(); +- self.next = Some(0); + } + + /// `readdir(self)`, where `None` means the end of the directory. + pub fn read(&mut self) -> Option> { +- if let Some(next) = self.next.take() { +- match crate::backend::fs::syscalls::_seek(self.fd.as_fd(), next as i64, SEEK_SET) { ++ // If we've seen errors, don't continue to try to read anyting further. ++ if self.any_errors { ++ return None; ++ } ++ ++ // If a rewind was requested, seek to the beginning. ++ if self.rewind { ++ self.rewind = false; ++ match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::_seek(self.fd.as_fd(), 0, SEEK_SET) ++ }) { + Ok(_) => (), +- Err(err) => return Some(Err(err)), ++ Err(err) => { ++ self.any_errors = true; ++ return Some(Err(err)); ++ } + } + } + +@@ -78,7 +100,7 @@ impl Dir { + if self.buf.len() - self.pos < size_of::() { + match self.read_more()? { + Ok(()) => (), +- Err(e) => return Some(Err(e)), ++ Err(err) => return Some(Err(err)), + } + } + +@@ -136,14 +158,31 @@ impl Dir { + } + + fn read_more(&mut self) -> Option> { +- let og_len = self.buf.len(); +- // Capacity increment currently chosen by wild guess. +- self.buf +- .resize(self.buf.capacity() + 32 * size_of::(), 0); +- let nread = match crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) { ++ // The first few times we're called, we allocate a relatively small ++ // buffer, because many directories are small. If we're called more, ++ // use progressively larger allocations, up to a fixed maximum. ++ // ++ // The specific sizes and policy here have not been tuned in detail yet ++ // and may need to be adjusted. In doing so, we should be careful to ++ // avoid unbounded buffer growth. This buffer only exists to share the ++ // cost of a `getdents` call over many entries, so if it gets too big, ++ // cache and heap usage will outweigh the benefit. And ultimately, ++ // directories can contain more entries than we can allocate contiguous ++ // memory for, so we'll always need to cap the size at some point. ++ if self.buf.len() < 1024 * size_of::() { ++ self.buf.reserve(32 * size_of::()); ++ } ++ self.buf.resize(self.buf.capacity(), 0); ++ let nread = match io::retry_on_intr(|| { ++ crate::backend::fs::syscalls::getdents(self.fd.as_fd(), &mut self.buf) ++ }) { + Ok(nread) => nread, ++ Err(io::Errno::NOENT) => { ++ self.any_errors = true; ++ return None; ++ } + Err(err) => { +- self.buf.resize(og_len, 0); ++ self.any_errors = true; + return Some(Err(err)); + } + }; +@@ -225,3 +264,33 @@ impl DirEntry { + self.d_ino + } + } ++ ++#[test] ++fn dir_iterator_handles_io_errors() { ++ // create a dir, keep the FD, then delete the dir ++ let tmp = tempfile::tempdir().unwrap(); ++ let fd = crate::fs::openat( ++ crate::fs::CWD, ++ tmp.path(), ++ crate::fs::OFlags::RDONLY | crate::fs::OFlags::CLOEXEC, ++ crate::fs::Mode::empty(), ++ ) ++ .unwrap(); ++ ++ let file_fd = crate::fs::openat( ++ &fd, ++ tmp.path().join("test.txt"), ++ crate::fs::OFlags::WRONLY | crate::fs::OFlags::CREATE, ++ crate::fs::Mode::RWXU, ++ ) ++ .unwrap(); ++ ++ let mut dir = Dir::read_from(&fd).unwrap(); ++ ++ // Reach inside the `Dir` and replace its directory with a file, which ++ // will cause the subsequent `getdents64` to fail. ++ crate::io::dup2(&file_fd, &mut dir.fd).unwrap(); ++ ++ assert!(matches!(dir.next(), Some(Err(_)))); ++ assert!(matches!(dir.next(), None)); ++} +-- +2.39.4 + diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index c44d8fa702d..920fd0443cc 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -9,7 +9,7 @@ Summary: Rust Programming Language Name: rust Version: 1.72.0 -Release: 8%{?dist} +Release: 9%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -44,6 +44,7 @@ Source7: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{sta Patch0: CVE-2023-45853.patch Patch1: CVE-2024-32884.patch Patch2: CVE-2024-31852.patch +Patch3: CVE-2024-43806.patch BuildRequires: binutils BuildRequires: cmake @@ -171,6 +172,9 @@ rm %{buildroot}%{_bindir}/*.old %{_mandir}/man1/* %changelog +* Fri Nov 22 2024 Tobias Brick - 1.72.0-9 +- Patch CVE-2024-43806 + * Thu Aug 08 2024 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 1.72.0-8 - Patch CVE-2024-32884 and CVE-2024-31852 From 7b804dd23c8f36e56f93db507c4959bd88388e4a Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:48:34 -0800 Subject: [PATCH 32/36] [AUTO-CHERRYPICK] cert-manager: patch CVE-2024-45337 - branch main (#11661) Co-authored-by: Andrew Phelps --- SPECS/cert-manager/CVE-2024-45337.patch | 77 +++++++++++++++++++++++++ SPECS/cert-manager/cert-manager.spec | 6 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 SPECS/cert-manager/CVE-2024-45337.patch diff --git a/SPECS/cert-manager/CVE-2024-45337.patch b/SPECS/cert-manager/CVE-2024-45337.patch new file mode 100644 index 00000000000..e10cac83d05 --- /dev/null +++ b/SPECS/cert-manager/CVE-2024-45337.patch @@ -0,0 +1,77 @@ +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch + +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c0d1c29e6f..5b5ccd96f4 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec index de7595a54f5..0dcc2d48ece 100644 --- a/SPECS/cert-manager/cert-manager.spec +++ b/SPECS/cert-manager/cert-manager.spec @@ -1,7 +1,7 @@ Summary: Automatically provision and manage TLS certificates in Kubernetes Name: cert-manager Version: 1.11.2 -Release: 15%{?dist} +Release: 16%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -28,6 +28,7 @@ Patch5: CVE-2023-3978.patch Patch6: CVE-2024-24786.patch Patch7: CVE-2024-28180.patch Patch8: CVE-2023-2253.patch +Patch9: CVE-2024-45337.patch BuildRequires: golang Requires: %{name}-acmesolver Requires: %{name}-cainjector @@ -120,6 +121,9 @@ install -D -m0755 bin/webhook %{buildroot}%{_bindir}/ %{_bindir}/webhook %changelog +* Tue Dec 17 2024 Andrew Phelps - 1.11.2-16 +- Add patch for CVE-2024-45337 + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.11.2-15 - Bump release to rebuild with go 1.22.7 From 5823c31d206cf7d9a4889c07c9e32793ebde3ca4 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 23 Dec 2024 15:09:12 +0100 Subject: [PATCH 33/36] Fixed `golang.org/x/crypto` and `golang.org/x/net` vulnerabilities. (#11679) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- toolkit/tools/go.mod | 8 ++++---- toolkit/tools/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod index 5f53072b218..f5860e9fe65 100644 --- a/toolkit/tools/go.mod +++ b/toolkit/tools/go.mod @@ -22,7 +22,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/ulikunitz/xz v0.5.10 - golang.org/x/sys v0.21.0 + golang.org/x/sys v0.28.0 gonum.org/v1/gonum v0.15.0 gopkg.in/alecthomas/kingpin.v2 v2.2.6 gopkg.in/ini.v1 v1.67.0 @@ -48,8 +48,8 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rivo/uniseg v0.1.0 // indirect github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 // indirect - golang.org/x/crypto v0.24.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/text v0.21.0 // indirect ) diff --git a/toolkit/tools/go.sum b/toolkit/tools/go.sum index 88fbb4c6f23..da0e2a5c9cd 100644 --- a/toolkit/tools/go.sum +++ b/toolkit/tools/go.sum @@ -90,12 +90,12 @@ github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 h1:w8V9v0qVympSF6GjdjIyeqR7+EVhAF9CBQmkmW7Zw0w= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191018095205-727590c5006e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -103,12 +103,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gonum.org/v1/gonum v0.15.0 h1:2lYxjRbTYyxkJxlhC+LvJIx3SsANPdRybu1tGj9/OrQ= gonum.org/v1/gonum v0.15.0/go.mod h1:xzZVBJBtS+Mz4q0Yl2LJTk+OxOg4jiXZ7qBoM0uISGo= From 842e4f4a71fe8854122d06b7710d8086d951b89b Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Fri, 27 Dec 2024 15:22:54 +0100 Subject: [PATCH 34/36] Added missing `Obsoletes: dbus-x11` in `dbus.spec` (#11719) --- SPECS/dbus/dbus.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SPECS/dbus/dbus.spec b/SPECS/dbus/dbus.spec index 546034cf550..2c419a09b2a 100644 --- a/SPECS/dbus/dbus.spec +++ b/SPECS/dbus/dbus.spec @@ -2,7 +2,7 @@ Summary: DBus for systemd Name: dbus Version: 1.15.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ OR AFL Vendor: Microsoft Corporation Distribution: Mariner @@ -23,7 +23,8 @@ Recommends: systemd Provides: dbus-libs = %{version}-%{release} # NOTE: We currently do not build with X11 support. # build with X11 support in the future. -Provides: %{name}-x11 +Provides: %{name}-x11 = %{version}-%{release} +Obsoletes: %{name}-x11 <= 1.14.0-1%{?dist} %description The dbus package contains dbus. @@ -86,6 +87,9 @@ make %{?_smp_mflags} check %{_libdir}/*.so %changelog +* Mon Dec 23 2024 Pawel Winogrodzki - 1.15.6-2 +- Obsolete older 'dbus-x11'. + * Thu Dec 28 2023 Neha Agarwal - 1.15.6-1 - Update to v1.15.6 to fix CVE-2023-34969 From cb0dc8dfa502a49a0ae43951eddcd4ef07d71c6d Mon Sep 17 00:00:00 2001 From: Riken Maharjan <106988478+rikenm1@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:37:24 -0800 Subject: [PATCH 35/36] Move Golang changes to fasttrack/2.0 (#11799) Co-authored-by: jslobodzian --- SPECS/msft-golang/msft-golang.signatures.json | 2 +- SPECS/msft-golang/msft-golang.spec | 8 ++++++-- cgmanifest.json | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/SPECS/msft-golang/msft-golang.signatures.json b/SPECS/msft-golang/msft-golang.signatures.json index d92ca320b25..5f7c3962023 100644 --- a/SPECS/msft-golang/msft-golang.signatures.json +++ b/SPECS/msft-golang/msft-golang.signatures.json @@ -2,7 +2,7 @@ "Signatures": { "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95", "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd", - "go1.22.8-20241001.6.src.tar.gz": "549a43643849c73ffd8579d63e2e3488428f0a4c436169abe02be01a3dbd41c8", + "go1.22.10-20241203.4.src.tar.gz": "3a6318a0ff28798a1b1797b8d22c4f9604cae2088000c39a6875b2598ec4ab22", "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52" } } \ No newline at end of file diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec index 6921a3af739..938d75c839a 100644 --- a/SPECS/msft-golang/msft-golang.spec +++ b/SPECS/msft-golang/msft-golang.spec @@ -1,7 +1,8 @@ %global goroot %{_libdir}/golang %global gopath %{_datadir}/gocode -%global ms_go_filename go1.22.8-20241001.6.src.tar.gz +%global ms_go_filename go1.22.10-20241203.4.src.tar.gz %global ms_go_revision 1 +%global go_priority %(echo %{version}.%{ms_go_revision} | tr -d .) %ifarch aarch64 %global gohostarch arm64 %else @@ -14,7 +15,7 @@ %define __find_requires %{nil} Summary: Go Name: msft-golang -Version: 1.22.8 +Version: 1.22.10 Release: 1%{?dist} License: BSD Vendor: Microsoft Corporation @@ -153,6 +154,9 @@ fi %{_bindir}/* %changelog +* Mon Jan 06 2025 Riken Maharjan - 1.22.10-1 +- Bump version to 1.22.10-1 + * Thu Oct 24 2024 CBL-Mariner Servicing Account - 1.22.8-1 - Auto-upgrade to 1.22.8 - To fix CVE-2022-41717 diff --git a/cgmanifest.json b/cgmanifest.json index 422f809c609..591396ed126 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -13673,8 +13673,8 @@ "type": "other", "other": { "name": "msft-golang", - "version": "1.22.8", - "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.8-1/go1.22.8-20241001.6.src.tar.gz" + "version": "1.22.10", + "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.10-1/go1.22.10-20241203.4.src.tar.gz" } } }, From b94dca48c58ae7a0f7175ef3becc9b0a6fe10a88 Mon Sep 17 00:00:00 2001 From: Sumedh Alok Sharma Date: Wed, 8 Jan 2025 01:09:20 +0530 Subject: [PATCH 36/36] Patch telegraf for CVE-2024-45337 & CVE-2024-45338 (#11781) Co-authored-by: jslobodzian --- SPECS/telegraf/CVE-2024-45337.patch | 79 ++++++++++++++++++++++++++++ SPECS/telegraf/CVE-2024-45338.patch | 80 +++++++++++++++++++++++++++++ SPECS/telegraf/telegraf.spec | 7 ++- 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 SPECS/telegraf/CVE-2024-45337.patch create mode 100644 SPECS/telegraf/CVE-2024-45338.patch diff --git a/SPECS/telegraf/CVE-2024-45337.patch b/SPECS/telegraf/CVE-2024-45337.patch new file mode 100644 index 00000000000..1c99f069547 --- /dev/null +++ b/SPECS/telegraf/CVE-2024-45337.patch @@ -0,0 +1,79 @@ +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 3 Dec 2024 09:03:03 -0800 +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache + +Users of the the ssh package seem to extremely commonly misuse the +PublicKeyCallback API, assuming that the key passed in the last call +before a connection is established is the key used for authentication. +Some users then make authorization decisions based on this key. This +property is not documented, and may not be correct, due to the caching +behavior of the package, resulting in users making incorrect +authorization decisions about the connection. + +This change makes the cache a one entry FIFO cache, making the assumed +property, that the last call to PublicKeyCallback represents the key +actually used for authentication, actually hold. + +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and +Jules Duvivier from the Platform.sh / Upsun engineering team +for reporting this issue. + +Fixes golang/go#70779 +Fixes CVE-2024-45337 + +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 +Reviewed-by: Roland Shoemaker +Auto-Submit: Gopher Robot +Reviewed-by: Damien Neil +Reviewed-by: Nicola Murino +LUCI-TryBot-Result: Go LUCI +--- + vendor/golang.org/x/crypto/ssh/server.go | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go +index c2dfe326..39dcc095 100644 +--- a/vendor/golang.org/x/crypto/ssh/server.go ++++ b/vendor/golang.org/x/crypto/ssh/server.go +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { + } + + // cachedPubKey contains the results of querying whether a public key is +-// acceptable for a user. ++// acceptable for a user. This is a FIFO cache. + type cachedPubKey struct { + user string + pubKeyData []byte +@@ -157,7 +157,13 @@ type cachedPubKey struct { + perms *Permissions + } + +-const maxCachedPubKeys = 16 ++// maxCachedPubKeys is the number of cache entries we store. ++// ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this ++// to 1, such that the only key in the cache is the most recently seen one. This ++// forces the behavior that the last call to PublicKeyCallback will always be ++// with the key that is used for authentication. ++const maxCachedPubKeys = 1 + + // pubKeyCache caches tests for public keys. Since SSH clients + // will query whether a public key is acceptable before attempting to +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { + + // add adds the given tuple to the cache. + func (c *pubKeyCache) add(candidate cachedPubKey) { +- if len(c.keys) < maxCachedPubKeys { +- c.keys = append(c.keys, candidate) ++ if len(c.keys) >= maxCachedPubKeys { ++ c.keys = c.keys[1:] + } ++ c.keys = append(c.keys, candidate) + } + + // ServerConn is an authenticated SSH connection, as seen from the +-- +2.25.1 + diff --git a/SPECS/telegraf/CVE-2024-45338.patch b/SPECS/telegraf/CVE-2024-45338.patch new file mode 100644 index 00000000000..f091755ef68 --- /dev/null +++ b/SPECS/telegraf/CVE-2024-45338.patch @@ -0,0 +1,80 @@ +From 8e66b04771e35c4e4125e8c60334b34e2423effb Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 04 Dec 2024 09:35:55 -0800 +Subject: [PATCH] html: use strings.EqualFold instead of lowering ourselves + +Instead of using strings.ToLower and == to check case insensitive +equality, just use strings.EqualFold, even when the strings are only +ASCII. This prevents us unnecessarily lowering extremely long strings, +which can be a somewhat expensive operation, even if we're only +attempting to compare equality with five characters. + +Thanks to Guido Vranken for reporting this issue. + +Fixes golang/go#70906 +Fixes CVE-2024-45338 + +Change-Id: I323b919f912d60dab6a87cadfdcac3e6b54cd128 +Reviewed-on: https://go-review.googlesource.com/c/net/+/637536 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Gopher Robot +Reviewed-by: Roland Shoemaker +Reviewed-by: Tatiana Bradley +--- + vendor/golang.org/x/net/html/doctype.go | 2 +- + vendor/golang.org/x/net/html/foreign.go | 3 +-- + vendor/golang.org/x/net/html/parse.go | 4 ++-- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go +index c484e5a9..bca3ae9a 100644 +--- a/vendor/golang.org/x/net/html/doctype.go ++++ b/vendor/golang.org/x/net/html/doctype.go +@@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { + } + } + if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && +- strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { ++ strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { + quirks = true + } + } +diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go +index 9da9e9dc..e8515d8e 100644 +--- a/vendor/golang.org/x/net/html/foreign.go ++++ b/vendor/golang.org/x/net/html/foreign.go +@@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { + if n.Data == "annotation-xml" { + for _, a := range n.Attr { + if a.Key == "encoding" { +- val := strings.ToLower(a.Val) +- if val == "text/html" || val == "application/xhtml+xml" { ++ if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { + return true + } + } +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 46a89eda..5b8374bf 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -1031,7 +1031,7 @@ func inBodyIM(p *parser) bool { + if p.tok.DataAtom == a.Input { + for _, t := range p.tok.Attr { + if t.Key == "type" { +- if strings.ToLower(t.Val) == "hidden" { ++ if strings.EqualFold(t.Val, "hidden") { + // Skip setting framesetOK = false + return true + } +@@ -1459,7 +1459,7 @@ func inTableIM(p *parser) bool { + return inHeadIM(p) + case a.Input: + for _, t := range p.tok.Attr { +- if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { ++ if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { + p.addElement() + p.oe.pop() + return true +-- +2.25.1 + diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec index 2a71676daa0..456d9d9e5a6 100644 --- a/SPECS/telegraf/telegraf.spec +++ b/SPECS/telegraf/telegraf.spec @@ -1,7 +1,7 @@ Summary: agent for collecting, processing, aggregating, and writing metrics. Name: telegraf Version: 1.29.4 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -17,6 +17,8 @@ Patch3: CVE-2024-35255.patch Patch4: CVE-2024-37298.patch Patch5: CVE-2024-24786.patch Patch6: CVE-2024-28180.patch +Patch7: CVE-2024-45337.patch +Patch8: CVE-2024-45338.patch BuildRequires: golang BuildRequires: iana-etc BuildRequires: systemd-devel @@ -87,6 +89,9 @@ fi %dir %{_sysconfdir}/%{name}/telegraf.d %changelog +* Mon Jan 06 2025 Sumedh Sharma - 1.29.4-10 +- Add patch for CVE-2024-45337 & CVE-2024-45338. + * Mon Sep 09 2024 CBL-Mariner Servicing Account - 1.29.4-9 - Bump release to rebuild with go 1.22.7