Deps.rs

tomaka / os

[![dependency status](https://deps.rs/repo/github/tomaka/os/status.svg)](https://deps.rs/repo/github/tomaka/os)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate redshirt-core

Dependencies

(17 total, 7 outdated)

CrateRequiredLatestStatus
 atomic^0.5.00.6.1out of date
 blake3^1.6.11.8.4up to date
 bs58^0.4.00.5.1out of date
 crossbeam-queue^0.3.10.3.12up to date
 either^1.6.11.15.0up to date
 fnv^1.0.71.0.7up to date
 futures^0.3.130.3.32up to date
 hashbrown^0.9.10.17.0out of date
 itertools^0.14.00.14.0up to date
 nohash-hasher^0.2.00.2.0up to date
 rand^0.8.30.10.1out of date
 rand_chacha^0.3.00.10.0out of date
 rand_core^0.6.00.10.0out of date
 slab^0.4.90.4.12up to date
 smallvec^1.6.11.15.1up to date
 spinning_top^0.3.00.3.0up to date
 wasmi^0.42.11.0.9out of date

Dev dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.30.8.2out of date
 futures^0.3.130.3.32up to date
 tiny-keccak^2.0.22.0.2up to date

Crate redshirt-core-proc-macros

Dependencies

(5 total, 2 outdated)

CrateRequiredLatestStatus
 cargo_metadata^0.120.23.1out of date
 proc-macro2^1.01.0.106up to date
 serde_json^1.01.0.149up to date
 syn^1.02.0.117out of date
 wat^1.0.361.246.2up to date

Crate redshirt-standalone-kernel

Dependencies

(25 total, 9 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 atomic^0.5.00.6.1out of date
 blake3^1.6.11.8.4up to date
 crossbeam-queue^0.3.10.3.12up to date
 derive_more^2.0.02.1.1up to date
 either^1.6.11.15.0up to date
 fnv^1.0.71.0.7up to date
 futures^0.3.130.3.32up to date
 hashbrown^0.9.10.17.0out of date
 lazy_static^1.41.5.0up to date
 libm^0.2.10.2.16up to date
 linked_list_allocator ⚠️^0.9.00.10.5out of date
 nohash-hasher^0.2.00.2.0up to date
 pin-project^1.0.51.1.11up to date
 rand_chacha^0.2.00.10.0out of date
 rand_core^0.5.10.10.0out of date
 rand_jitter^0.3.00.6.0out of date
 rlibc^1.0.01.0.0up to date
 smallvec^1.6.11.15.1up to date
 spinning_top^0.3.00.3.0up to date
 acpi^4.1.06.1.1out of date
 aml^0.16.40.16.4up to date
 crossbeam-utils^0.8.30.8.21up to date
 multiboot2^0.23.10.24.1out of date
 rdrand^0.7.00.8.3out of date
 x86_64^0.15.20.15.4up to date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 rusttype^0.9.20.9.3up to date

Crate redshirt-disk-interface

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date
 rand^0.8.30.10.1out of date

Crate redshirt-ethernet-interface

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date
 rand^0.8.30.10.1out of date

Crate redshirt-framebuffer-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.30.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-hardware-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-interface-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-kernel-debug-interface

No external dependencies! 🙌

Crate redshirt-kernel-log-interface

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-loader-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-log-interface

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.4.140.4.29up to date

Crate redshirt-pci-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-random-interface

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 parity-scale-codec^1.3.63.7.5out of date

Crate redshirt-syscalls

Dependencies

(9 total, 4 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 generic-array^0.14.41.3.5out of date
 hashbrown^0.9.10.17.0out of date
 lazy_static^1.4.01.5.0up to date
 nohash-hasher^0.2.00.2.0up to date
 parity-scale-codec^1.3.63.7.5out of date
 pin-project^1.0.51.1.11up to date
 slab^0.4.90.4.12up to date
 spinning_top^0.2.20.3.0out of date

Crate redshirt-system-time-interface

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date
 pin-project^1.0.51.1.11up to date

Crate redshirt-tcp-interface

Dependencies

(4 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 derive_more^0.99.112.1.1out of date
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date
 tokio ⚠️^1.2.01.51.1maybe insecure

Crate redshirt-time-interface

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date
 pin-project^1.0.51.1.11up to date

Crate redshirt-video-output-interface

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 futures^0.3.130.3.32up to date
 parity-scale-codec^1.3.63.7.5out of date

Security Vulnerabilities

linked_list_allocator: Multiple vulnerabilities resulting in out-of-bounds writes

RUSTSEC-2022-0063

  • The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::<usize> because of metadata write operations.
  • When calling Heap::extend with a size smaller than two usizes (e.g., 16 on x86_64), the size was erroneously rounded up to the minimum size, which could result in an out-of-bounds write.
  • Calling Heap::extend on an empty heap tried to construct a heap starting at address 0, which is also an out-of-bounds write.
    • One specific way to trigger this accidentally is to call Heap::new (or a similar constructor) with a heap size that is smaller than two usizes. This was treated as an empty heap as well.
  • Calling Heap::extend on a heap whose size is not a multiple of the size of two usizes resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);