mirrors/zed
1
0
Fork 0
mirror of https://github.com/zed-industries/zed.git synced 2025-01-12 21:32:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Update Rust crate wasmtime to v24.0.2 [SECURITY] (#20262)

Browse source 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [wasmtime](https://redirect.github.com/bytecodealliance/wasmtime) |
workspace.dependencies | patch | `24.0.1` -> `24.0.2` |

### GitHub Vulnerability Alerts

####
[CVE-2024-51745](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8)

### Impact

Wasmtime's filesystem sandbox implementation on Windows blocks access to
special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so
on, however it did not block access to the special device filenames
which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹",
and so on. Untrusted Wasm programs that are given access to any
filesystem directory could bypass the sandbox and access devices through
those special device filenames with superscript digits, and through them
gain access peripheral devices connected to the computer, or network
resources mapped to those devices. This can include modems, printers,
network printers, and any other device connected to a serial or parallel
port, including emulated USB serial ports.

### Patches

Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and
26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to
one of these patched versions.

### Workarounds

There are no known workarounds for this issue. Affected Windows users
are recommended to upgrade.

### References

- [Microsoft's
documentation](https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions)
of the special device filenames
 - [ISO-8859-1](https://en.wikipedia.org/wiki/ISO/IEC_8859-1)
- [The original PR reporting the
issue](https://redirect.github.com/bytecodealliance/cap-std/pull/371)

---

### Release Notes

<details>
<summary>bytecodealliance/wasmtime (wasmtime)</summary>

###
[`v24.0.2`](https://redirect.github.com/bytecodealliance/wasmtime/releases/tag/v24.0.2)

[Compare
Source](https://redirect.github.com/bytecodealliance/wasmtime/compare/v24.0.1...v24.0.2)

#### 24.0.2

Released 2024-11-05.

##### Fixed

- Update to cap-std 3.4.1, for
[#&#8203;9559](https://redirect.github.com/bytecodealliance/wasmtime/issues/9559),
which fixes a wasi-filesystem sandbox
    escape on Windows.

[CVE-2024-51745](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNyIsInVwZGF0ZWRJblZlciI6IjM4LjE0Mi43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot] 2024-11-06 09:21:50 -07:00 committed by GitHub
parent 1aac35cc1c
commit 449e20de3d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 53 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
Cargo.lock generated
View file

@ -1587,7 +1587,7 @@ dependencies = [
"bitflags 2.6.0",
"cexpr",
"clang-sys",
"itertools 0.12.1",
"itertools 0.10.5",
"lazy_static",
"lazycell",
"proc-macro2",
@ -3051,18 +3051,18 @@ dependencies = [
[[package]]
name = "cranelift-bforest"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32d69b774780246008783a75edfb943eccc2487b6a43808503a07cd563f2ffde"
checksum = "f823c6662ea77699089ec8b6b4b8a23c1e1a9c6526a6420ede7ac957274a7ab4"
dependencies = [
"cranelift-entity",
]
[[package]]
name = "cranelift-bitset"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7d8d71c6b32c1a7cff254c5e5d7359872c1e5e610fbe963472afcddbd9cf303"
checksum = "2fcbb4187005097204458a8e4309bb9e737933477e47b4609f81b07a5b4cdd25"
dependencies = [
"serde",
"serde_derive",
@ -3070,9 +3070,9 @@ dependencies = [
[[package]]
name = "cranelift-codegen"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3ad3a906f2a3f3590ad9798d59a46959a8593258eb985af722f634723c063a2c"
checksum = "8cd1aaf8e88339f4f95afffd60d22033546ec7da4d79e805b85260a16668f78f"
dependencies = [
"bumpalo",
"cranelift-bforest",
@ -3093,33 +3093,33 @@ dependencies = [
[[package]]
name = "cranelift-codegen-meta"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd5e4ee12262a135efbef3ced4ab2153adafe4adc55f36af94f9d73be0f7505d"
checksum = "8e541b0418bbba3ce82040a445bd9a83bf3e0da604a95178d9e949dc8a7840af"
dependencies = [
"cranelift-codegen-shared",
]
[[package]]
name = "cranelift-codegen-shared"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b9374a2a5f060f72e3080fe1c87c9ff4bef2cbe798faae60daf276fb1a13968"
checksum = "91fc96a709a30be39d53ecf89dbfe4edcc5adba528d4b65f7e58dc867ba70fab"
[[package]]
name = "cranelift-control"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fba3ca2f344bb22d265a928e7c3f5f46e1a2eb41f1393bd53538d07b6ffb5293"
checksum = "4c3bfcb035e0a501323896bb7ea3d7a5dd1fac3e92dda458ccd23960fde12c88"
dependencies = [
"arbitrary",
]
[[package]]
name = "cranelift-entity"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a6aef77dfb018eed09d92d4244abe3c1c060cbbd900c24f75ddde7d75d0e781e"
checksum = "b2f00b4eba51d73a8c343c45cfdeeffa1f74f423bba0e6b8e290e646777c2b81"
dependencies = [
"cranelift-bitset",
"serde",
@ -3128,9 +3128,9 @@ dependencies = [
[[package]]
name = "cranelift-frontend"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7b1d6954f03d63df1cb95d66153c97df0201862220861349bbd5f583754b1917"
checksum = "52d5e18bf04660bb716dacf45809e2d4c85e7111701e27dbdb75b4634504ad8f"
dependencies = [
"cranelift-codegen",
"log",
@ -3140,15 +3140,15 @@ dependencies = [
[[package]]
name = "cranelift-isle"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8b9b7e088b784796ea8aa5947c1cc12034c1b076a077ec2a5a287da717fa746"
checksum = "31f9901807b6d0fde1205f0e4db9d96dcf7ddfc1894c69eb2ff93c47ebf2439f"
[[package]]
name = "cranelift-native"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cab7424083d070669ff3fdeea7c5b4b5013a055aa1ee0532703f17a5f62af64"
checksum = "967d65a4077726a9afc3f4694e037f34b992cbe2b6c48ce519b714a0b0558f97"
dependencies = [
"cranelift-codegen",
"libc",
@ -3157,9 +3157,9 @@ dependencies = [
[[package]]
name = "cranelift-wasm"
version = "0.111.1"
version = "0.111.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81a9f6d0495984eef1d753ec8748de0b216b37ade16d219f1c0f27d8188d7f77"
checksum = "4899fd1ef6b1fe1df30f26ef864bd6e45040b8cf9f3cb3905d3e973c25698579"
dependencies = [
"cranelift-codegen",
"cranelift-entity",
@ -6513,7 +6513,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
dependencies = [
"cfg-if",
"windows-targets 0.52.6",
"windows-targets 0.48.5",
]
[[package]]
@ -13669,9 +13669,9 @@ dependencies = [
[[package]]
name = "wasmtime"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e4a5b05e9f1797e557e79f0cf04348eaa7a232596939ef4762838ddf7a6127a"
checksum = "e763074ccd6b251c78095fcd27707253b69cef961ea0a2ff76a8d246ddfadd1b"
dependencies = [
"anyhow",
"async-trait",
@ -13715,9 +13715,9 @@ dependencies = [
[[package]]
name = "wasmtime-asm-macros"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64414227e19556d4372f9688458c5673606de83473eb66cd0514d36ea8808cab"
checksum = "f45004b6fa5d12dd95b427474e69bde05a6d31d33b39bd56054f9cd68e824283"
dependencies = [
"cfg-if",
]
@ -13748,9 +13748,9 @@ dependencies = [
[[package]]
name = "wasmtime-component-macro"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3ead31b73689602225742920adbcd881f5656702c1a3b4830862c0c66731727"
checksum = "74b72572d389586e429a9830ab68a5b3e2a567962b8a82f4249652ccc68ddab2"
dependencies = [
"anyhow",
"proc-macro2",
@ -13763,15 +13763,15 @@ dependencies = [
[[package]]
name = "wasmtime-component-util"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab2c778661800e1dcd8ba3e15ff042299709e0a4c512525d9cbb604a04c0421b"
checksum = "eb3081af782040e8016373e603ee854496c82cdc0f32b13a6bc9700e15f582db"
[[package]]
name = "wasmtime-cranelift"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f7ee1f436bcf7d213ef7c2e9d44caffcd57e540ccf997d013384c2ae9b82db7"
checksum = "42c18ca178eee0947cd53b27d3a101dd2f79afec86fc3ce657545519c6bf011a"
dependencies = [
"anyhow",
"cfg-if",
@ -13793,9 +13793,9 @@ dependencies = [
[[package]]
name = "wasmtime-environ"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa8c33adfb3b9f8d6ef716bc55aea5e6b2275cd5a6721ec8c837d1cb0c471516"
checksum = "e80da0784d4dd0788479ce390cd4a54a893d24f2937d4046145704777aa7a131"
dependencies = [
"anyhow",
"cpp_demangle",
@ -13820,9 +13820,9 @@ dependencies = [
[[package]]
name = "wasmtime-fiber"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f3227ed807c2dda9dd770c241023fcd6e48e6722c1c26ff79fc3604d412e884"
checksum = "57c3d366194ff87b8aeeb7348bb789d5dd9a9aca18b340b19dcf4ab96966e663"
dependencies = [
"anyhow",
"cc",
@ -13835,9 +13835,9 @@ dependencies = [
[[package]]
name = "wasmtime-jit-icache-coherence"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa89fc440f0edca882ba6d1890608898e6f0193afdc504c0a64478ec53622bd6"
checksum = "c543f7ee7b1ec8f2215f88197a40f9fa3452dc98c5902c5c700d8ec9e9ea7021"
dependencies = [
"anyhow",
"cfg-if",
@ -13847,15 +13847,15 @@ dependencies = [
[[package]]
name = "wasmtime-slab"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "682b7a5b6772c4e4de8c696fc619ec97930b5e89098db9bee22c1136e002438b"
checksum = "bcf7ded4156c76cc1cb348e5728096087e2c432714d1b285044c6da6a1e3d01a"
[[package]]
name = "wasmtime-types"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4a95ea5572f8c3ffe777af21aa00a92097ded291a342fecad9f2c6a972ecea99"
checksum = "c92a6f3c2a8704a60ae0278ea2635c986539539ce1b80080b0fe8ea7bc83da81"
dependencies = [
"anyhow",
"cranelift-entity",
@ -13867,9 +13867,9 @@ dependencies = [
[[package]]
name = "wasmtime-versioned-export-macros"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3621bfccd4e4336ae141d62b96e96316c0f23c47d64e9700594ebe3c4d9a10"
checksum = "7a6e2f847c118d5b26f0cc01d12a6d72fa450e32c42a4a3ce5d33afb4729ed6a"
dependencies = [
"proc-macro2",
"quote",
@ -13909,9 +13909,9 @@ dependencies = [
[[package]]
name = "wasmtime-winch"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d1d3e99f6bba37864487c9356398667699935b9cfa3655ed2b153b9428b3dd21"
checksum = "ee3640cd34c67f505e88cef0da11368806204a24c68c35d671a48a59bb37f908"
dependencies = [
"anyhow",
"cranelift-codegen",
@ -13926,9 +13926,9 @@ dependencies = [
[[package]]
name = "wasmtime-wit-bindgen"
version = "24.0.1"
version = "24.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee0f4524da226d2cb503d794c8928de6bc24878758cebd4e383c946e9fdb8b3a"
checksum = "c58b085b2d330e5057dddd31f3ca527569b90fcdd35f6d373420c304927a5190"
dependencies = [
"anyhow",
"heck 0.4.1",
@ -14195,7 +14195,7 @@ version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [
"windows-sys 0.59.0",
"windows-sys 0.48.0",
]
[[package]]
@ -14206,9 +14206,9 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "winch-codegen"
version = "0.22.1"
version = "0.22.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c139fb9298d9651b6869afd544e567ca2448cd5f5ddcb24e4bb86a1ee187c8b3"
checksum = "46d7fecc199486f048bb2d649dce68bf28712ae1183dd54fd4a0534989517b24"
dependencies = [
"anyhow",
"cranelift-codegen",