Skip to content

Update Rust crate tokio to v1.18.5 [SECURITY] #1187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 11, 2024
Merged

Update Rust crate tokio to v1.18.5 [SECURITY] #1187

merged 1 commit into from
Jan 11, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 11, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
tokio (source) dependencies minor 1.16.1 -> 1.18.5

GitHub Vulnerability Alerts

CVE-2023-22466

Impact

When configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured reject_remote_clients to true, this effectively undoes the configuration. This also applies if reject_remote_clients is not explicitly set as this is the default configuration and is cleared by calling pipe_mode.

Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publically shared folder (SMB).

Patches

The following versions have been patched:

  • 1.23.1
  • 1.20.3
  • 1.18.4

The fix will also be present in all releases starting from version 1.24.0.

Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

References

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients

GHSA-4q83-7cq4-p6wg

tokio::io::ReadHalf<T>::unsplit can violate the Pin contract

The soundness issue is described in the tokio/issues#5372

Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf)
is unusual, combined with the difficulty of making any arbitrary use-after-free
exploitable in Rust without doing a lot of careful alignment of data types in
the surrounding code.

The tokio feature io-util is also required to be enabled to trigger this
soundness issue.

Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e
and carllerche appropriately responding and fixing the soundness bug.

Tokio before 0.2.0 used futures 0.1 that did not have Pin, so it is not
affected by this issue.

Release Notes

tokio-rs/tokio (tokio)

v1.18.5

Compare Source

v1.18.4

Compare Source

v1.18.3: Tokio v1.18.3

Compare Source

1.18.3 (September 27, 2022)

This release removes the dependency on the once_cell crate to restore the MSRV of the 1.18.x LTS release. (#​5048)

v1.18.2: Tokio v1.18.2

Compare Source

1.18.2 (May 5, 2022)

Add missing features for the winapi dependency. (#​4663)

v1.18.1: Tokio v1.18.1

Compare Source

1.18.1 (May 2, 2022)

The 1.18.0 release broke the build for targets without 64-bit atomics when building with tokio_unstable. This release fixes that. (#​4649)

v1.18.0: Tokio v1.18.0

Compare Source

1.18.0 (April 27, 2022)

This release adds a number of new APIs in tokio::net, tokio::signal, and
tokio::sync. In addition, it adds new unstable APIs to tokio::task (Ids
for uniquely identifying a task, and AbortHandle for remotely cancelling a
task), as well as a number of bugfixes.

Fixed
  • blocking: add missing #[track_caller] for spawn_blocking (#​4616)
  • macros: fix select macro to process 64 branches (#​4519)
  • net: fix try_io methods not calling Mio's try_io internally (#​4582)
  • runtime: recover when OS fails to spawn a new thread (#​4485)
Added
  • net: add UdpSocket::peer_addr (#​4611)
  • net: add try_read_buf method for named pipes (#​4626)
  • signal: add SignalKind Hash/Eq impls and c_int conversion (#​4540)
  • signal: add support for signals up to SIGRTMAX (#​4555)
  • sync: add watch::Sender::send_modify method (#​4310)
  • sync: add broadcast::Receiver::len method (#​4542)
  • sync: add watch::Receiver::same_channel method (#​4581)
  • sync: implement Clone for RecvError types (#​4560)
Changed
  • update mio to 0.8.1 (#​4582)
  • macros: rename tokio::select!'s internal util module (#​4543)
  • runtime: use Vec::with_capacity when building runtime (#​4553)
Documented
  • improve docs for tokio_unstable (#​4524)
  • runtime: include more documentation for thread_pool/worker (#​4511)
  • runtime: update Handle::current's docs to mention EnterGuard (#​4567)
  • time: clarify platform specific timer resolution (#​4474)
  • signal: document that Signal::recv is cancel-safe (#​4634)
  • sync: UnboundedReceiver close docs (#​4548)
Unstable

The following changes only apply when building with --cfg tokio_unstable:

  • task: add task::Id type (#​4630)
  • task: add AbortHandle type for cancelling tasks in a JoinSet (#​4530],
    [#​4640)
  • task: fix missing doc(cfg(...)) attributes for JoinSet (#​4531)
  • task: fix broken link in AbortHandle RustDoc (#​4545)
  • metrics: add initial IO driver metrics (#​4507)

v1.17.0: Tokio v1.17.0

Compare Source

1.17.0 (February 15, 2022)

This release updates the minimum supported Rust version (MSRV) to 1.49,
the mio dependency to v0.8, and the (optional) parking_lot
dependency to v0.12. Additionally, it contains several bug fixes, as
well as internal refactoring and performance improvements.

Fixed
  • time: prevent panicking in sleep with large durations (#​4495)
  • time: eliminate potential panics in Instant arithmetic on platforms
    where Instant::now is not monotonic (#​4461)
  • io: fix DuplexStream not participating in cooperative yielding
    (#​4478)
  • rt: fix potential double panic when dropping a JoinHandle (#​4430)
Changed
  • update minimum supported Rust version to 1.49 (#​4457)
  • update parking_lot dependency to v0.12.0 (#​4459)
  • update mio dependency to v0.8 (#​4449)
  • rt: remove an unnecessary lock in the blocking pool (#​4436)
  • rt: remove an unnecessary enum in the basic scheduler (#​4462)
  • time: use bit manipulation instead of modulo to improve performance
    (#​4480)
  • net: use std::future::Ready instead of our own Ready future
    (#​4271)
  • replace deprecated atomic::spin_loop_hint with hint::spin_loop
    (#​4491)
  • fix miri failures in intrusive linked lists (#​4397)
Documented
  • io: add an example for tokio::process::ChildStdin (#​4479)
Unstable

The following changes only apply when building with --cfg tokio_unstable:

  • task: fix missing location information in tracing spans generated by
    spawn_local (#​4483)
  • task: add JoinSet for managing sets of tasks (#​4335)
  • metrics: fix compilation error on MIPS (#​4475)
  • metrics: fix compilation error on arm32v7 (#​4453)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@Turbo87 Turbo87 merged commit d2dd902 into master Jan 11, 2024
@Turbo87 Turbo87 deleted the renovate/crate-tokio-vulnerability branch January 11, 2024 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Turbo87 Turbo87 Turbo87 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Turbo87