From bcce1a1911fea04b4c19ad8f3d10cb3a3e423391 Mon Sep 17 00:00:00 2001 From: bin Date: Sat, 29 Jan 2022 09:20:30 +0800 Subject: [PATCH] versions: update Rust to 1.58.1 Update Rust to 1.58.1 to fix CVE-2022-21658. Fixes: #3570 Signed-off-by: bin --- src/agent/rustjail/src/container.rs | 4 ++-- src/agent/rustjail/src/mount.rs | 2 +- src/agent/src/namespace.rs | 7 +------ src/agent/src/sandbox.rs | 5 +---- src/agent/src/watcher.rs | 2 +- versions.yaml | 4 ++-- 6 files changed, 8 insertions(+), 16 deletions(-) diff --git a/src/agent/rustjail/src/container.rs b/src/agent/rustjail/src/container.rs index afee028408..5c3245c3f7 100644 --- a/src/agent/rustjail/src/container.rs +++ b/src/agent/rustjail/src/container.rs @@ -685,8 +685,8 @@ fn do_init_child(cwfd: RawFd) -> Result<()> { Mode::from_bits_truncate(0), )?; unistd::close(fifofd)?; - let mut buf: &mut [u8] = &mut [0]; - unistd::read(fd, &mut buf)?; + let buf: &mut [u8] = &mut [0]; + unistd::read(fd, buf)?; } // With NoNewPrivileges, we should set seccomp as close to diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs index 883ad6144b..e8ddb3a6b7 100644 --- a/src/agent/rustjail/src/mount.rs +++ b/src/agent/rustjail/src/mount.rs @@ -728,7 +728,7 @@ fn secure_join(rootfs: &str, unsafe_path: &str) -> String { path.push(it); if let Ok(v) = path.read_link() { if v.is_absolute() { - path = PathBuf::from(format!("{}{}", rootfs, v.to_str().unwrap().to_string())); + path = PathBuf::from(format!("{}{}", rootfs, v.to_str().unwrap())); } else { path.pop(); for it in v.iter() { diff --git a/src/agent/src/namespace.rs b/src/agent/src/namespace.rs index fd8bfbec28..dc6ebe63b3 100644 --- a/src/agent/src/namespace.rs +++ b/src/agent/src/namespace.rs @@ -23,12 +23,7 @@ pub const NSTYPEPID: &str = "pid"; #[instrument] pub fn get_current_thread_ns_path(ns_type: &str) -> String { - format!( - "/proc/{}/task/{}/ns/{}", - getpid().to_string(), - gettid().to_string(), - ns_type - ) + format!("/proc/{}/task/{}/ns/{}", getpid(), gettid(), ns_type) } #[derive(Debug)] diff --git a/src/agent/src/sandbox.rs b/src/agent/src/sandbox.rs index 8cede6a44d..4dfb2eda58 100644 --- a/src/agent/src/sandbox.rs +++ b/src/agent/src/sandbox.rs @@ -436,11 +436,8 @@ fn online_cpus(logger: &Logger, num: i32) -> Result { r"cpu[0-9]+", num - onlined_count, ); - if r.is_err() { - return r; - } - onlined_count += r.unwrap(); + onlined_count += r?; if onlined_count == num { info!(logger, "online {} CPU(s) after {} retries", num, i); return Ok(num); diff --git a/src/agent/src/watcher.rs b/src/agent/src/watcher.rs index 2476ac23c4..597c0a8341 100644 --- a/src/agent/src/watcher.rs +++ b/src/agent/src/watcher.rs @@ -284,7 +284,7 @@ impl Storage { .with_context(|| { format!( "Failed to strip prefix: {} - {}", - source_file_path.as_ref().display().to_string(), + source_file_path.as_ref().display(), &self.source_mount_point.display() ) })?; diff --git a/versions.yaml b/versions.yaml index 50b12a2d6d..ec0c070a5c 100644 --- a/versions.yaml +++ b/versions.yaml @@ -260,12 +260,12 @@ languages: rust: description: "Rust language" notes: "'version' is the default minimum version used by this project." - version: "1.45.0" + version: "1.58.1" meta: description: | 'newest-version' is the latest version known to work when building Kata - newest-version: "1.54.0" + newest-version: "1.58.1" specs: description: "Details of important specifications"