From 2d28f3d2677c0371c363fe74122d6693eea69d15 Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 8 Sep 2025 13:23:03 +0100 Subject: [PATCH] agent-ctl: version: bump hypervisor Bump the version of runtime-rs' hypervisor crate to upgrade (indirectly) protobug and remediate vulnerability RUSTSEC-2024-0437 Signed-off-by: stevenhorsman --- src/tools/agent-ctl/Cargo.lock | 245 ++++++++++++++++++++------------- 1 file changed, 146 insertions(+), 99 deletions(-) diff --git a/src/tools/agent-ctl/Cargo.lock b/src/tools/agent-ctl/Cargo.lock index b07a43d5f7..cb2078927f 100644 --- a/src/tools/agent-ctl/Cargo.lock +++ b/src/tools/agent-ctl/Cargo.lock @@ -683,7 +683,16 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest", + "digest 0.10.7", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array", ] [[package]] @@ -1049,7 +1058,7 @@ checksum = "8543454e3c3f5126effff9cd44d562af4e31fb8ce1cc0d3dcd8f084515dbc1aa" dependencies = [ "cipher", "dbl", - "digest", + "digest 0.10.7", ] [[package]] @@ -1235,6 +1244,16 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-mac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "crypto_secretbox" version = "0.1.1" @@ -1268,7 +1287,7 @@ dependencies = [ "cfg-if 1.0.1", "cpufeatures", "curve25519-dalek-derive", - "digest", + "digest 0.10.7", "fiat-crypto", "rustc_version", "subtle", @@ -1474,13 +1493,22 @@ dependencies = [ "cipher", ] +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", + "block-buffer 0.10.4", "const-oid", "crypto-common", "subtle", @@ -1536,12 +1564,12 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48bc224a9084ad760195584ce5abb3c2c34a225fa312a128ad245a6b412b7689" dependencies = [ - "digest", + "digest 0.10.7", "num-bigint-dig", "num-traits", "pkcs8", "rfc6979", - "sha2", + "sha2 0.10.9", "signature", "zeroize", ] @@ -1587,7 +1615,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", - "digest", + "digest 0.10.7", "elliptic-curve", "rfc6979", "signature", @@ -1614,7 +1642,7 @@ dependencies = [ "ed25519", "rand_core", "serde", - "sha2", + "sha2 0.10.9", "subtle", "zeroize", ] @@ -1633,7 +1661,7 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", - "digest", + "digest 0.10.7", "ff", "generic-array", "group", @@ -2156,7 +2184,17 @@ version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ - "hmac", + "hmac 0.12.1", +] + +[[package]] +name = "hmac" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +dependencies = [ + "crypto-mac", + "digest 0.9.0", ] [[package]] @@ -2165,7 +2203,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -2393,7 +2431,7 @@ dependencies = [ "oci-spec", "path-clean", "persist", - "protobuf 3.7.2", + "protobuf", "protocols", "qapi", "qapi-qmp", @@ -2412,7 +2450,7 @@ dependencies = [ "tokio", "tracing", "ttrpc", - "ttrpc-codegen 0.4.2", + "ttrpc-codegen", "vmm-sys-util 0.11.2", ] @@ -2589,7 +2627,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "sha2", + "sha2 0.10.9", "sigstore", "strum", "strum_macros", @@ -2772,11 +2810,11 @@ checksum = "6204285f77fe7d9784db3fdc449ecce1a0114927a51d5a41c4c7a292011c015f" dependencies = [ "base64 0.13.1", "crypto-common", - "digest", - "hmac", + "digest 0.10.7", + "hmac 0.12.1", "serde", "serde_json", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -2797,7 +2835,7 @@ dependencies = [ "logging", "nix 0.24.3", "oci-spec", - "protobuf 3.7.2", + "protobuf", "protocols", "rand", "rustjail", @@ -2858,7 +2896,7 @@ dependencies = [ "serde", "serde-enum-str", "serde_json", - "sha2", + "sha2 0.10.9", "slog", "slog-scope", "sysinfo", @@ -2932,7 +2970,8 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ - "windows-targets 0.48.0", + "cfg-if 1.0.1", + "windows-targets 0.52.6", ] [[package]] @@ -2952,6 +2991,23 @@ dependencies = [ "redox_syscall 0.5.7", ] +[[package]] +name = "libsystemd" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f4f0b5b062ba67aa075e331de778082c09e66b5ef32970ea5a1e9c37c9555d1" +dependencies = [ + "hmac 0.11.0", + "libc", + "log", + "nix 0.23.2", + "once_cell", + "serde", + "sha2 0.9.9", + "thiserror 1.0.40", + "uuid 0.8.2", +] + [[package]] name = "libz-sys" version = "1.1.22" @@ -3012,6 +3068,7 @@ dependencies = [ "serde_json", "slog", "slog-async", + "slog-journald", "slog-json", "slog-scope", "slog-term", @@ -3040,7 +3097,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" dependencies = [ "cfg-if 1.0.1", - "digest", + "digest 0.10.7", ] [[package]] @@ -3331,7 +3388,7 @@ dependencies = [ "serde", "serde_json", "serde_path_to_error", - "sha2", + "sha2 0.10.9", "thiserror 1.0.40", "url", ] @@ -3385,7 +3442,7 @@ dependencies = [ "reqwest", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "thiserror 2.0.12", "tokio", "tracing", @@ -3463,7 +3520,7 @@ dependencies = [ "chrono", "dyn-clone", "ed25519-dalek", - "hmac", + "hmac 0.12.1", "http 1.1.0", "itertools 0.10.5", "log", @@ -3478,7 +3535,7 @@ dependencies = [ "serde_path_to_error", "serde_plain", "serde_with", - "sha2", + "sha2 0.10.9", "subtle", "thiserror 1.0.40", "url", @@ -3528,7 +3585,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3540,7 +3597,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3554,7 +3611,7 @@ dependencies = [ "elliptic-curve", "primeorder", "rand_core", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3628,8 +3685,8 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "digest", - "hmac", + "digest 0.10.7", + "hmac 0.12.1", ] [[package]] @@ -3814,7 +3871,7 @@ dependencies = [ "der", "pbkdf2", "scrypt", - "sha2", + "sha2 0.10.9", "spki", ] @@ -4121,12 +4178,6 @@ dependencies = [ "prost 0.13.5", ] -[[package]] -name = "protobuf" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" - [[package]] name = "protobuf" version = "3.7.2" @@ -4138,15 +4189,6 @@ dependencies = [ "thiserror 1.0.40", ] -[[package]] -name = "protobuf-codegen" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "033460afb75cf755fcfc16dfaed20b86468082a2ea24e05ac35ab4a099a017d6" -dependencies = [ - "protobuf 2.28.0", -] - [[package]] name = "protobuf-codegen" version = "3.7.2" @@ -4155,7 +4197,7 @@ checksum = "5d3976825c0014bbd2f3b34f0001876604fe87e0c86cd8fa54251530f1544ace" dependencies = [ "anyhow", "once_cell", - "protobuf 3.7.2", + "protobuf", "protobuf-parse", "regex", "tempfile", @@ -4171,7 +4213,7 @@ dependencies = [ "anyhow", "indexmap 2.6.0", "log", - "protobuf 3.7.2", + "protobuf", "protobuf-support", "tempfile", "thiserror 1.0.40", @@ -4193,11 +4235,11 @@ version = "0.1.0" dependencies = [ "async-trait", "oci-spec", - "protobuf 3.7.2", + "protobuf", "serde", "serde_json", "ttrpc", - "ttrpc-codegen 0.6.0", + "ttrpc-codegen", ] [[package]] @@ -4521,7 +4563,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "hmac", + "hmac 0.12.1", "subtle", ] @@ -4545,7 +4587,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -4563,7 +4605,7 @@ dependencies = [ "rkyv_derive", "seahash", "tinyvec", - "uuid", + "uuid 1.6.1", ] [[package]] @@ -4593,7 +4635,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" dependencies = [ "const-oid", - "digest", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-traits", @@ -4729,7 +4771,7 @@ dependencies = [ "nix 0.26.4", "oci-spec", "path-absolutize", - "protobuf 3.7.2", + "protobuf", "protocols", "regex", "rlimit", @@ -4894,7 +4936,7 @@ dependencies = [ "password-hash", "pbkdf2", "salsa20", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -4976,7 +5018,7 @@ dependencies = [ "chrono", "cipher", "des", - "digest", + "digest 0.10.7", "dsa", "dyn-clone", "eax", @@ -5006,7 +5048,7 @@ dependencies = [ "ripemd", "rsa", "sha1collisiondetection", - "sha2", + "sha2 0.10.9", "sha3", "thiserror 2.0.12", "twofish", @@ -5190,7 +5232,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if 1.0.1", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -5200,10 +5242,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f606421e4a6012877e893c399822a4ed4b089164c5969424e1b9d1e66e6964b" dependencies = [ "const-oid", - "digest", + "digest 0.10.7", "generic-array", ] +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.1", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "sha2" version = "0.10.9" @@ -5212,7 +5267,7 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if 1.0.1", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -5221,7 +5276,7 @@ version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" dependencies = [ - "digest", + "digest 0.10.7", "keccak", ] @@ -5259,7 +5314,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ - "digest", + "digest 0.10.7", "rand_core", ] @@ -5276,7 +5331,7 @@ dependencies = [ "chrono", "const-oid", "crypto_secretbox", - "digest", + "digest 0.10.7", "ecdsa", "ed25519", "ed25519-dalek", @@ -5298,7 +5353,7 @@ dependencies = [ "scrypt", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "signature", "thiserror 2.0.12", "tls_codec", @@ -5352,6 +5407,16 @@ dependencies = [ "thread_local", ] +[[package]] +name = "slog-journald" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83e14eb8c2f5d0c8fc9fbac40e6391095e4dc5cb334f7dce99c75cb1919eb39c" +dependencies = [ + "libsystemd", + "slog", +] + [[package]] name = "slog-json" version = "2.6.1" @@ -6044,51 +6109,24 @@ dependencies = [ "libc", "log", "nix 0.26.4", - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "thiserror 1.0.40", "tokio", "tokio-vsock 0.4.0", "windows-sys 0.48.0", ] -[[package]] -name = "ttrpc-codegen" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94d7f7631d7a9ebed715a47cd4cb6072cbc7ae1d4ec01598971bbec0024340c2" -dependencies = [ - "protobuf 2.28.0", - "protobuf-codegen 3.7.2", - "protobuf-support", - "ttrpc-compiler 0.6.2", -] - [[package]] name = "ttrpc-codegen" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e5c657ef5cea6f6c6073c1be0787ba4482f42a569d4821e467daec795271f86" dependencies = [ - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "protobuf-support", - "ttrpc-compiler 0.8.0", -] - -[[package]] -name = "ttrpc-compiler" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0672eb06e5663ad190c7b93b2973f5d730259859b62e4e3381301a12a7441107" -dependencies = [ - "derive-new", - "prost 0.8.0", - "prost-build 0.8.0", - "prost-types 0.8.0", - "protobuf 2.28.0", - "protobuf-codegen 2.28.0", - "tempfile", + "ttrpc-compiler", ] [[package]] @@ -6101,8 +6139,8 @@ dependencies = [ "prost 0.8.0", "prost-build 0.8.0", "prost-types 0.8.0", - "protobuf 3.7.2", - "protobuf-codegen 3.7.2", + "protobuf", + "protobuf-codegen", "tempfile", ] @@ -6226,6 +6264,15 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" +[[package]] +name = "uuid" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" +dependencies = [ + "serde", +] + [[package]] name = "uuid" version = "1.6.1"