Skip to content
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.

chore(deps): update rust crate tokio to 1.33.0 [security] #6

Merged
merged 1 commit into from
Oct 17, 2023
Merged

chore(deps): update rust crate tokio to 1.33.0 [security] #6

merged 1 commit into from
Oct 17, 2023

Conversation

svc-secops
Copy link
Contributor

@svc-secops svc-secops commented Oct 7, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
tokio (source) dependencies minor 1.0.2 -> 1.33.0

Task dropped in wrong thread when aborting LocalSet task

CVE-2021-38191 / GHSA-2grh-hm3w-w7hv / RUSTSEC-2021-0072

More information

Details

When aborting a task with JoinHandle::abort, the future is dropped in the
thread calling abort if the task is not currently being executed. This is
incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell
in their Tokio tasks for better performance.

See tokio#3929 for more details.

Severity

Unknown

References

This data is provided by OSV and the Rust Advisory Database (CC0 1.0).

Race condition in tokio

CVE-2021-38191 / GHSA-2grh-hm3w-w7hv

More information

Details

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

Severity

  • CVSS Score: 5.9 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Data race when sending and receiving after closing a oneshot channel

CVE-2021-45710 / GHSA-fg7r-2g4j-5cgr / RUSTSEC-2021-0124

More information

Details

If a tokio::sync::oneshot channel is closed (via the
oneshot::Receiver::close method), a data race may occur if the
oneshot::Sender::send method is called while the corresponding
oneshot::Receiver is awaited or calling try_recv.

When these methods are called concurrently on a closed channel, the two halves
of the channel can concurrently access a shared memory location, resulting in a
data race. This has been observed to cause memory corruption.

Note that the race only occurs when both halves of the channel are used
after the Receiver half has called close. Code where close is not used, or where the
Receiver is not awaited and try_recv is not called after calling close,
is not affected.

See tokio#4225 for more details.

Severity

Unknown

References

This data is provided by OSV and the Rust Advisory Database (CC0 1.0).

Race Condition in tokio

CVE-2021-45710 / GHSA-fg7r-2g4j-5cgr

More information

Details

If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.

When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.

Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.

Severity

  • CVSS Score: 8.1 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

tokio::io::ReadHalf<T>::unsplit is Unsound

GHSA-4q83-7cq4-p6wg / RUSTSEC-2023-0005

More information

Details

tokio::io::ReadHalf<T>::unsplit can violate the Pin contract

The soundness issue is described in the tokio/issues#5372

Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf)
is unusual, combined with the difficulty of making any arbitrary use-after-free
exploitable in Rust without doing a lot of careful alignment of data types in
the surrounding code.

The tokio feature io-util is also required to be enabled to trigger this
soundness issue.

Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e
and carllerche appropriately responding and fixing the soundness bug.

Tokio before 0.2.0 used futures 0.1 that did not have Pin, so it is not
affected by this issue.

Severity

Unknown

References

This data is provided by OSV and the Rust Advisory Database (CC0 1.0).

tokio::io::ReadHalf<T>::unsplit is Unsound

GHSA-4q83-7cq4-p6wg

More information

Details

tokio::io::ReadHalf<T>::unsplit can violate the Pin contract

The soundness issue is described in the tokio/issues#5372

Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf)
is unusual, combined with the difficulty of making any arbitrary use-after-free
exploitable in Rust without doing a lot of careful alignment of data types in
the surrounding code.

The tokio feature io-util is also required to be enabled to trigger this
soundness issue.

Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e
and carllerche appropriately responding and fixing the soundness bug.

Tokio before 0.2.0 used futures 0.1 that did not have Pin, so it is not
affected by this issue.

Severity

Low

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

tokio-rs/tokio (tokio)

v1.33.0: Tokio v1.33.0

Compare Source

1.33.0 (October 9, 2023)
Fixed
  • io: mark Interest::add with #[must_use] (#​6037])
  • runtime: fix cache line size for RISC-V (#​5994])
  • sync: prevent lock poisoning in watch::Receiver::wait_for (#​6021])
  • task: fix spawn_local source location (#​5984])
Changed
  • sync: use Acquire/Release orderings instead of SeqCst in watch (#​6018])
Added
  • fs: add vectored writes to tokio::fs::File (#​5958])
  • io: add Interest::remove method (#​5906])
  • io: add vectored writes to DuplexStream (#​5985])
  • net: add Apple tvOS support (#​6045])
  • sync: add ?Sized bound to {MutexGuard,OwnedMutexGuard}::map (#​5997])
  • sync: add watch::Receiver::mark_unseen (#​5962], #​6014], #​6017])
  • sync: add watch::Sender::new (#​5998])
  • sync: add const fn OnceCell::from_value (#​5903])
Removed
  • remove unused stats feature (#​5952])
Documented
  • add missing backticks in code examples (#​5938], #​6056])
  • fix typos (#​5988], #​6030])
  • process: document that Child::wait is cancel safe (#​5977])
  • sync: add examples for Semaphore (#​5939], #​5956], #​5978], #​6031], #​6032], #​6050])
  • sync: document that broadcast capacity is a lower bound (#​6042])
  • sync: document that const_new is not instrumented (#​6002])
  • sync: improve cancel-safety documentation for mpsc::Sender::send (#​5947])
  • sync: improve docs for watch channel (#​5954])
  • taskdump: render taskdump documentation on docs.rs (#​5972])
Unstable
  • taskdump: fix potential deadlock (#​6036])

#​5https://github.com/tokio-rs/tokio/pull/5903l/5903

#​5https://github.com/tokio-rs/tokio/pull/5906l/5906

#​5https://github.com/tokio-rs/tokio/pull/5938l/5938

#​5https://github.com/tokio-rs/tokio/pull/5939l/5939

#​5https://github.com/tokio-rs/tokio/pull/5947l/5947

#​5https://github.com/tokio-rs/tokio/pull/5952l/5952

#​5https://github.com/tokio-rs/tokio/pull/5954l/5954

#​5https://github.com/tokio-rs/tokio/pull/5956l/5956

#​5https://github.com/tokio-rs/tokio/pull/5958l/5958

#​5https://github.com/tokio-rs/tokio/pull/5960l/5960

#​5https://github.com/tokio-rs/tokio/pull/5962l/5962

#​5https://github.com/tokio-rs/tokio/pull/5971l/5971

#​5https://github.com/tokio-rs/tokio/pull/5972l/5972

#​5https://github.com/tokio-rs/tokio/pull/5977l/5977

#​5https://github.com/tokio-rs/tokio/pull/5978l/5978

#​5https://github.com/tokio-rs/tokio/pull/5984l/5984

#​5https://github.com/tokio-rs/tokio/pull/5985l/5985

#​5https://github.com/tokio-rs/tokio/pull/5988l/5988

#​5https://github.com/tokio-rs/tokio/pull/5994l/5994

#​5https://github.com/tokio-rs/tokio/pull/5997l/5997

#​5https://github.com/tokio-rs/tokio/pull/5998l/5998

#​6https://github.com/tokio-rs/tokio/pull/6002l/6002

#​6https://github.com/tokio-rs/tokio/pull/6014l/6014

#​6https://github.com/tokio-rs/tokio/pull/6017l/6017

#​6https://github.com/tokio-rs/tokio/pull/6018l/6018

#​6https://github.com/tokio-rs/tokio/pull/6021l/6021

#​6https://github.com/tokio-rs/tokio/pull/6030l/6030

#​6https://github.com/tokio-rs/tokio/pull/6031l/6031

#​6https://github.com/tokio-rs/tokio/pull/6032l/6032

#​6https://github.com/tokio-rs/tokio/pull/6036l/6036

#​6https://github.com/tokio-rs/tokio/pull/6037l/6037

#​6https://github.com/tokio-rs/tokio/pull/6042l/6042

#​6https://github.com/tokio-rs/tokio/pull/6045l/6045

#​6https://github.com/tokio-rs/tokio/pull/6050l/6050

#​6https://github.com/tokio-rs/tokio/pull/6056l/6056

#​6https://github.com/tokio-rs/tokio/pull/6058l/6058

v1.32.0: Tokio v1.32.0

Compare Source

Fixed
  • sync: fix potential quadratic behavior in broadcast::Receiver (#​5925])
Added
  • process: stabilize Command::raw_arg (#​5930])
  • io: enable awaiting error readiness (#​5781])
Unstable
  • rt(alt): improve the scalability of alt runtime as the number of cores grows (#​5935])

#​5https://github.com/tokio-rs/tokio/pull/5925l/5925

#​5https://github.com/tokio-rs/tokio/pull/5930l/5930

#​5https://github.com/tokio-rs/tokio/pull/5781l/5781

#​5https://github.com/tokio-rs/tokio/pull/5935l/5935

v1.31.0: Tokio v1.31.0

Compare Source

Fixed
  • io: delegate WriteHalf::poll_write_vectored (#​5914])
Unstable
  • rt(unstable): fix memory leak in unstable next-gen scheduler prototype (#​5911])
  • rt: expose mean task poll time metric (#​5927])

#​5https://github.com/tokio-rs/tokio/pull/5914l/5914

#​5https://github.com/tokio-rs/tokio/pull/5911l/5911

#​5https://github.com/tokio-rs/tokio/pull/5927l/5927

v1.30.0: Tokio v1.30.0

Compare Source

1.30.0 (August 9, 2023)

This release bumps the MSRV of Tokio to 1.63. (#​5887])

Changed
  • tokio: reduce LLVM code generation (#​5859])
  • io: support --cfg mio_unsupported_force_poll_poll flag (#​5881])
  • sync: make const_new methods always available (#​5885])
  • sync: avoid false sharing in mpsc channel (#​5829])
  • rt: pop at least one task from inject queue (#​5908])
Added
  • sync: add broadcast::Sender::new (#​5824])
  • net: implement UCred for espidf (#​5868])
  • fs: add File::options() (#​5869])
  • time: implement extra reset variants for Interval (#​5878])
  • process: add {ChildStd*}::into_owned_{fd, handle} (#​5899])
Removed
  • tokio: removed unused tokio_* cfgs (#​5890])
  • remove build script to speed up compilation (#​5887])
Documented
  • sync: mention lagging in docs for broadcast::send (#​5820])
  • runtime: expand on sharing runtime docs (#​5858])
  • io: use vec in example for AsyncReadExt::read_exact (#​5863])
  • time: mark Sleep as !Unpin in docs (#​5916])
  • process: fix raw_arg not showing up in docs (#​5865])
Unstable
  • rt: add runtime ID (#​5864])
  • rt: initial implementation of new threaded runtime (#​5823])

#​5https://github.com/tokio-rs/tokio/pull/5820l/5820

#​5https://github.com/tokio-rs/tokio/pull/5823l/5823

#​5https://github.com/tokio-rs/tokio/pull/5824l/5824

#​5https://github.com/tokio-rs/tokio/pull/5829l/5829

#​5https://github.com/tokio-rs/tokio/pull/5858l/5858

#​5https://github.com/tokio-rs/tokio/pull/5859l/5859

#​5https://github.com/tokio-rs/tokio/pull/5863l/5863

#​5https://github.com/tokio-rs/tokio/pull/5864l/5864

#​5https://github.com/tokio-rs/tokio/pull/5865l/5865

#​5https://github.com/tokio-rs/tokio/pull/5868l/5868

#​5https://github.com/tokio-rs/tokio/pull/5869l/5869

#​5https://github.com/tokio-rs/tokio/pull/5878l/5878

#​5https://github.com/tokio-rs/tokio/pull/5881l/5881

#​5https://github.com/tokio-rs/tokio/pull/5885l/5885

#​5https://github.com/tokio-rs/tokio/pull/5887l/5887

#​5https://github.com/tokio-rs/tokio/pull/5890l/5890

#​5https://github.com/tokio-rs/tokio/pull/5899l/5899

#​5https://github.com/tokio-rs/tokio/pull/5908l/5908

#​5https://github.com/tokio-rs/tokio/pull/5916l/5916

v1.29.1: Tokio v1.29.1

Compare Source

Fixed
  • rt: fix nesting two block_in_place with a block_on between (#​5837])

#​5https://github.com/tokio-rs/tokio/pull/5837l/5837

v1.29.0: Tokio v1.29.0

Compare Source

Technically a breaking change, the Send implementation is removed from
runtime::EnterGuard. This change fixes a bug and should not impact most users.

Breaking
  • rt: EnterGuard should not be Send (#​5766])
Fixed
  • fs: reduce blocking ops in fs::read_dir (#​5653])
  • rt: fix possible starvation (#​5686], #​5712])
  • rt: fix stacked borrows issue in JoinSet (#​5693])
  • rt: panic if EnterGuard dropped incorrect order (#​5772])
  • time: do not overflow to signal value (#​5710])
  • fs: wait for in-flight ops before cloning File (#​5803])
Changed
  • rt: reduce time to poll tasks scheduled from outside the runtime (#​5705], #​5720])
Added
  • net: add uds doc alias for unix sockets (#​5659])
  • rt: add metric for number of tasks (#​5628])
  • sync: implement more traits for channel errors (#​5666])
  • net: add nodelay methods on TcpSocket (#​5672])
  • sync: add broadcast::Receiver::blocking_recv (#​5690])
  • process: add raw_arg method to Command (#​5704])
  • io: support PRIORITY epoll events (#​5566])
  • task: add JoinSet::poll_join_next (#​5721])
  • net: add support for Redox OS (#​5790])
Unstable
  • rt: add the ability to dump task backtraces (#​5608], #​5676], #​5708], #​5717])
  • rt: instrument task poll times with a histogram (#​5685])

#​5https://github.com/tokio-rs/tokio/pull/5766l/5766

#​5https://github.com/tokio-rs/tokio/pull/5653l/5653

#​5https://github.com/tokio-rs/tokio/pull/5686l/5686

#​5https://github.com/tokio-rs/tokio/pull/5712l/5712

#​5https://github.com/tokio-rs/tokio/pull/5693l/5693

#​5https://github.com/tokio-rs/tokio/pull/5772l/5772

#​5https://github.com/tokio-rs/tokio/pull/5710l/5710

#​5https://github.com/tokio-rs/tokio/pull/5803l/5803

#​5https://github.com/tokio-rs/tokio/pull/5705l/5705

#​5https://github.com/tokio-rs/tokio/pull/5720l/5720

#​5https://github.com/tokio-rs/tokio/pull/5659l/5659

#​5https://github.com/tokio-rs/tokio/pull/5628l/5628

#​5https://github.com/tokio-rs/tokio/pull/5666l/5666

#​5https://github.com/tokio-rs/tokio/pull/5672l/5672

#​5https://github.com/tokio-rs/tokio/pull/5690l/5690

#​5https://github.com/tokio-rs/tokio/pull/5704l/5704

#​5https://github.com/tokio-rs/tokio/pull/5566l/5566

#​5https://github.com/tokio-rs/tokio/pull/5721l/5721

#​5https://github.com/tokio-rs/tokio/pull/5790l/5790

#​5https://github.com/tokio-rs/tokio/pull/5608l/5608

#​5https://github.com/tokio-rs/tokio/pull/5676l/5676

#​5https://github.com/tokio-rs/tokio/pull/5708l/5708

#​5https://github.com/tokio-rs/tokio/pull/5717l/5717

#​5https://github.com/tokio-rs/tokio/pull/5685l/5685

v1.28.2: Tokio v1.28.2

Compare Source

1.28.2 (May 28, 2023)

Forward ports 1.18.6 changes.

Fixed
  • deps: disable default features for mio (#​5728])

#​5https://github.com/tokio-rs/tokio/pull/5728l/5728

v1.28.1: Tokio v1.28.1

Compare Source

1.28.1 (May 10th, 2023)

This release fixes a mistake in the build script that makes AsFd implementations unavailable on Rust 1.63. (#​5677])

#​5https://github.com/tokio-rs/tokio/pull/5677l/5677

v1.28.0: Tokio v1.28.0

Compare Source

1.28.0 (April 25th, 2023)

Added
  • io: add AsyncFd::async_io (#​5542])
  • io: impl BufMut for ReadBuf (#​5590])
  • net: add recv_buf for UdpSocket and UnixDatagram (#​5583])
  • sync: add OwnedSemaphorePermit::semaphore (#​5618])
  • sync: add same_channel to broadcast channel (#​5607])
  • sync: add watch::Receiver::wait_for (#​5611])
  • task: add JoinSet::spawn_blocking and JoinSet::spawn_blocking_on (#​5612])
Changed
  • deps: update windows-sys to 0.48 (#​5591])
  • io: make read_to_end not grow unnecessarily (#​5610])
  • macros: make entrypoints more efficient (#​5621])
  • sync: improve Debug impl for RwLock (#​5647])
  • sync: reduce contention in Notify (#​5503])
Fixed
  • net: support get_peer_cred on AIX (#​5065])
  • sync: avoid deadlocks in broadcast with custom wakers (#​5578])
Documented
  • sync: fix typo in Semaphore::MAX_PERMITS (#​5645])
  • sync: fix typo in tokio::sync::watch::Sender docs (#​5587])

#​5https://github.com/tokio-rs/tokio/pull/5065l/5065

#​5https://github.com/tokio-rs/tokio/pull/5503l/5503

#​5https://github.com/tokio-rs/tokio/pull/5542l/5542

#​5https://github.com/tokio-rs/tokio/pull/5578l/5578

#​5https://github.com/tokio-rs/tokio/pull/5583l/5583

#​5https://github.com/tokio-rs/tokio/pull/5587l/5587

#​5https://github.com/tokio-rs/tokio/pull/5590l/5590

#​5https://github.com/tokio-rs/tokio/pull/5591l/5591

#​5https://github.com/tokio-rs/tokio/pull/5607l/5607

#​5https://github.com/tokio-rs/tokio/pull/5610l/5610

#​5https://github.com/tokio-rs/tokio/pull/5611l/5611

#​5https://github.com/tokio-rs/tokio/pull/5612l/5612

#​5https://github.com/tokio-rs/tokio/pull/5618l/5618

#​5https://github.com/tokio-rs/tokio/pull/5621l/5621

#​5https://github.com/tokio-rs/tokio/pull/5645l/5645

#​5https://github.com/tokio-rs/tokio/pull/5647l/5647

v1.27.0: Tokio v1.27.0

Compare Source

1.27.0 (March 27th, 2023)

This release bumps the MSRV of Tokio to 1.56. (#​5559])

Added
  • io: add async_io helper method to sockets (#​5512])
  • io: add implementations of AsFd/AsHandle/AsSocket (#​5514], #​5540])
  • net: add UdpSocket::peek_sender() (#​5520])
  • sync: add RwLockWriteGuard::{downgrade_map, try_downgrade_map} (#​5527])
  • task: add JoinHandle::abort_handle (#​5543])
Changed
  • io: use memchr from libc (#​5558])
  • macros: accept path as crate rename in #[tokio::main] (#​5557])
  • macros: update to syn 2.0.0 (#​5572])
  • time: don't register for a wakeup when Interval returns Ready (#​5553])
Fixed
  • fs: fuse std iterator in ReadDir (#​5555])
  • tracing: fix spawn_blocking location fields (#​5573])
  • time: clean up redundant check in Wheel::poll() (#​5574])
Documented
  • macros: define cancellation safety (#​5525])
  • io: add details to docs of tokio::io::copy[_buf] (#​5575])
  • io: refer to ReaderStream and StreamReader in module docs (#​5576])

#​5https://github.com/tokio-rs/tokio/pull/5512l/5512

#​5https://github.com/tokio-rs/tokio/pull/5514l/5514

#​5https://github.com/tokio-rs/tokio/pull/5520l/5520

#​5https://github.com/tokio-rs/tokio/pull/5525l/5525

#​5https://github.com/tokio-rs/tokio/pull/5527l/5527

#​5https://github.com/tokio-rs/tokio/pull/5540l/5540

#​5https://github.com/tokio-rs/tokio/pull/5543l/5543

#​5https://github.com/tokio-rs/tokio/pull/5553l/5553

#​5https://github.com/tokio-rs/tokio/pull/5555l/5555

#​5https://github.com/tokio-rs/tokio/pull/5557l/5557

#​5https://github.com/tokio-rs/tokio/pull/5558l/5558

#​5https://github.com/tokio-rs/tokio/pull/5559l/5559

#​5https://github.com/tokio-rs/tokio/pull/5572l/5572

#​5https://github.com/tokio-rs/tokio/pull/5573l/5573

#​5https://github.com/tokio-rs/tokio/pull/5574l/5574

#​5https://github.com/tokio-rs/tokio/pull/5575l/5575

#​5https://github.com/tokio-rs/tokio/pull/5576l/5576

v1.26.0: Tokio v1.26.0

Compare Source

Fixed
Added
Changed
Internal Changes
Unstable
Documented

v1.25.2: Tokio v1.25.2

Compare Source

1.25.2 (September 22, 2023)

Forward ports 1.20.6 changes.

Changed
  • io: use memchr from libc (#​5960])

#​5https://github.com/tokio-rs/tokio/pull/5960l/5960

v1.25.1: Tokio v1.25.1

Compare Source

1.25.1 (May 28, 2023)

Forward ports 1.18.6 changes.

Fixed
  • deps: disable default features for mio (#​5728])

#​5https://github.com/tokio-rs/tokio/pull/5728l/5728

v1.25.0: Tokio v1.25.0

1.25.0 (January 28, 2023)

Fixed
  • rt: fix runtime metrics reporting (#​5330])
Added
  • sync: add broadcast::Sender::len (#​5343])
Changed
  • fs: increase maximum read buffer size to 2MiB (#​5397])

#​5https://github.com/tokio-rs/tokio/pull/5330l/5330

#​5https://github.com/tokio-rs/tokio/pull/5343l/5343

#​5https://github.com/tokio-rs/tokio/pull/5397l/5397

v1.24.1: Tokio v1.24.1

Compare Source

This release fixes a compilation failure on targets without AtomicU64 when using rustc older than 1.63. (#​5356])

#​5https://github.com/tokio-rs/tokio/pull/5356l/5356

v1.24.0: Tokio v1.24.0

Compare Source

The highlight of this release is the reduction of lock contention for all I/O operations (#​https://github.com/tokio-rs/tokio/issues/5300s/5300)). We have received reports of up to a 20% improvement in CPU utilization and increased throughput for real-world I/O heavy applications.

Fixed
  • rt: improve native AtomicU64 support detection (#​5284])
Added
  • rt: add configuration option for max number of I/O events polled from the OS
    per tick (#​5186])
  • rt: add an environment variable for configuring the default number of worker
    threads per runtime instance (#​4250])
Changed
  • sync: reduce MPSC channel stack usage (#​5294])
  • io: reduce lock contention in I/O operations (#​5300])
  • fs: speed up read_dir() by chunking operations (#​5309])
  • rt: use internal ThreadId implementation (#​5329])
  • test: don't auto-advance time when a spawn_blocking task is running (#​5115])

#​5https://github.com/tokio-rs/tokio/pull/5186l/5186

#​5https://github.com/tokio-rs/tokio/pull/5294l/5294

#​5https://github.com/tokio-rs/tokio/pull/5284l/5284

#​4https://github.com/tokio-rs/tokio/pull/4250l/4250

#​5https://github.com/tokio-rs/tokio/pull/5300l/5300

#​5https://github.com/tokio-rs/tokio/pull/5329l/5329

#​5https://github.com/tokio-rs/tokio/pull/5115l/5115

#​5https://github.com/tokio-rs/tokio/pull/5309l/5309

v1.23.1: Tokio v1.23.1

Compare Source

This release forward ports changes from 1.18.4.

Fixed
  • net: fix Windows named pipe server builder to maintain option when toggling
    pipe mode (#​5336]).

#​5https://github.com/tokio-rs/tokio/pull/5336l/5336

v1.23.0: Tokio v1.23.0

Compare Source

Fixed
  • net: fix Windows named pipe connect (#​5208])
  • io: support vectored writes for ChildStdin (#​5216])
  • io: fix async fn ready() false positive for OS-specific events (#​5231])
Changed
  • runtime: yield_now defers task until after driver poll (#​5223])
  • runtime: reduce amount of codegen needed per spawned task (#​5213])
  • windows: replace winapi dependency with windows-sys (#​5204])

#​5https://github.com/tokio-rs/tokio/pull/5208l/5208

#​5https://github.com/tokio-rs/tokio/pull/5216l/5216

#​5https://github.com/tokio-rs/tokio/pull/5213l/5213

#​5https://github.com/tokio-rs/tokio/pull/5204l/5204

#​5https://github.com/tokio-rs/tokio/pull/5223l/5223

#​5https://github.com/tokio-rs/tokio/pull/5231l/5231

v1.22.0: Tokio v1.22.0

Compare Source

Added
  • runtime: add Handle::runtime_flavor (#​5138])
  • sync: add Mutex::blocking_lock_owned (#​5130])
  • sync: add Semaphore::MAX_PERMITS (#​5144])
  • sync: add merge() to semaphore permits (#​4948])
  • sync: add mpsc::WeakUnboundedSender (#​5189])
Added (unstable)
  • process: add Command::process_group (#​5114])
  • runtime: export metrics about the blocking thread pool (#​5161])
  • task: add task::id() and task::try_id() (#​5171])
Fixed
  • macros: don't take ownership of futures in macros (#​5087])
  • runtime: fix Stacked Borrows violation in LocalOwnedTasks (#​5099])
  • runtime: mitigate ABA with 32-bit queue indices when possible (#​5042])
  • task: wake local tasks to the local queue when woken by the same thread (#​5095])
  • time: panic in release mode when mark_pending called illegally (#​5093])
  • runtime: fix typo in expect message (#​5169])
  • runtime: fix unsync_load on atomic types (#​5175])
  • task: elaborate safety comments in task deallocation (#​5172])
  • runtime: fix LocalSet drop in thread local (#​5179])
  • net: remove libc type leakage in a public API (#​5191])
  • runtime: update the alignment of CachePadded (#​5106])
Changed
  • io: make tokio::io::copy continue filling the buffer when writer stalls (#​5066])
  • runtime: remove coop::budget from LocalSet::run_until (#​5155])
  • sync: make Notify panic safe (#​5154])
Documented
  • io: fix doc for write_i8 to use signed integers (#​5040])
  • net: fix doc typos for TCP and UDP set_tos methods (#​5073])
  • net: fix function name in UdpSocket::recv documentation (#​5150])
  • sync: typo in TryLockError for RwLock::try_write (#​5160])
  • task: document that spawned tasks execute immediately (#​5117])
  • time: document return type of timeout (#​5118])
  • time: document that timeout checks only before poll (#​5126])
  • sync: specify return type of oneshot::Receiver in docs (#​5198])
Internal changes
  • runtime: use const Mutex::new for globals (#​5061])
  • runtime: remove Option around mio::Events in io driver (#​5078])
  • runtime: remove a conditional compilation clause (#​5104])
  • runtime: remove a reference to internal time handle (#​5107])
  • runtime: misc time driver cleanup (#​5120])
  • runtime: move signal driver to runtime module (#​5121])
  • runtime: signal driver now uses I/O driver directly (#​5125])
  • runtime: start decoupling I/O driver and I/O handle (#​5127])
  • runtime: switch io::handle refs with scheduler:Handle (#​5128])
  • runtime: remove Arc from I/O driver (#​5134])
  • runtime: use signal driver handle via scheduler::Handle (#​5135])
  • runtime: move internal clock fns out of context (#​5139])
  • runtime: remove runtime::context module (#​5140])
  • runtime: keep driver cfgs in driver.rs (#​5141])
  • runtime: add runtime::context to unify thread-locals (#​5143])
  • runtime: rename some confusing internal variables/fns (#​5151])
  • runtime: move coop mod into runtime (#​5152])
  • runtime: move budget state to context thread-local (#​5157])
  • runtime: move park logic into runtime module (#​5158])
  • runtime: move Runtime into its own file (#​5159])
  • runtime: unify entering a runtime with Handle::enter (#​5163])
  • runtime: remove handle reference from each scheduler (#​5166])
  • runtime: move enter into context (#​5167])
  • runtime: combine context and entered thread-locals (#​5168])
  • runtime: fix accidental unsetting of current handle (#​5178])
  • runtime: move CoreStage methods to Core (#​5182])
  • sync: name mpsc semaphore types (#​5146])

#​4https://github.com/tokio-rs/tokio/pull/4948l/4948

#​5https://github.com/tokio-rs/tokio/pull/5040l/5040

#​5https://github.com/tokio-rs/tokio/pull/5042l/5042

#​5https://github.com/tokio-rs/tokio/pull/5061l/5061

#​5https://github.com/tokio-rs/tokio/pull/5066l/5066

#​5https://github.com/tokio-rs/tokio/pull/5073l/5073

#​5https://github.com/tokio-rs/tokio/pull/5078l/5078

#​5https://github.com/tokio-rs/tokio/pull/5087l/5087

#​5https://github.com/tokio-rs/tokio/pull/5093l/5093

#​5https://github.com/tokio-rs/tokio/pull/5095l/5095

#​5https://github.com/tokio-rs/tokio/pull/5099l/5099

#​5https://github.com/tokio-rs/tokio/pull/5104l/5104

#​5https://github.com/tokio-rs/tokio/pull/5106l/5106

#​5https://github.com/tokio-rs/tokio/pull/5107l/5107

#​5https://github.com/tokio-rs/tokio/pull/5114l/5114

#​5https://github.com/tokio-rs/tokio/pull/5117l/5117

#​5https://github.com/tokio-rs/tokio/pull/5118l/5118

#​5https://github.com/tokio-rs/tokio/pull/5120l/5120

#​5https://github.com/tokio-rs/tokio/pull/5121l/5121

#​5https://github.com/tokio-rs/tokio/pull/5125l/5125

#​5https://github.com/tokio-rs/tokio/pull/5126l/5126

#​5https://github.com/tokio-rs/tokio/pull/5127l/5127

#​5https://github.com/tokio-rs/tokio/pull/5128l/5128

#​5https://github.com/tokio-rs/tokio/pull/5130l/5130

#​5https://github.com/tokio-rs/tokio/pull/5134l/5134

#​5https://github.com/tokio-rs/tokio/pull/5135l/5135

#​5https://github.com/tokio-rs/tokio/pull/5138l/5138

#​5https://github.com/tokio-rs/tokio/pull/5138l/5138

#​5https://github.com/tokio-rs/tokio/pull/5139l/5139

#​5https://github.com/tokio-rs/tokio/pull/5140l/5140

#​5https://github.com/tokio-rs/tokio/pull/5141l/5141

#​5https://github.com/tokio-rs/tokio/pull/5143l/5143

#​5https://github.com/tokio-rs/tokio/pull/5144l/5144

#​5https://github.com/tokio-rs/tokio/pull/5144l/5144

#​5https://github.com/tokio-rs/tokio/pull/5146l/5146

#​5https://github.com/tokio-rs/tokio/pull/5150l/5150

#​5https://github.com/tokio-rs/tokio/pull/5151l/5151

#​5https://github.com/tokio-rs/tokio/pull/5152l/5152

#​5https://github.com/tokio-rs/tokio/pull/5154l/5154

#​5https://github.com/tokio-rs/tokio/pull/5155l/5155

#​5https://github.com/tokio-rs/tokio/pull/5157l/5157

#​5https://github.com/tokio-rs/tokio/pull/5158l/5158

#​5https://github.com/tokio-rs/tokio/pull/5159l/5159

#​5https://github.com/tokio-rs/tokio/pull/5160l/5160

#​5https://github.com/tokio-rs/tokio/pull/5161l/5161

#​5https://github.com/tokio-rs/tokio/pull/5163l/5163

#​5https://github.com/tokio-rs/tokio/pull/5166l/5166

#​5https://github.com/tokio-rs/tokio/pull/5167l/5167

#​5https://github.com/tokio-rs/tokio/pull/5168l/5168

#​5https://github.com/tokio-rs/tokio/pull/5169l/5169

#​5https://github.com/tokio-rs/tokio/pull/5171l/5171

#​5https://github.com/tokio-rs/tokio/pull/5172l/5172

#​5https://github.com/tokio-rs/tokio/pull/5175l/5175

#​5https://github.com/tokio-rs/tokio/pull/5178l/5178

#​5https://github.com/tokio-rs/tokio/pull/5179l/5179

#​5https://github.com/tokio-rs/tokio/pull/5182l/5182

#​5https://github.com/tokio-rs/tokio/pull/5189l/5189

#​5https://github.com/tokio-rs/tokio/pull/5191l/5191

#​5https://github.com/tokio-rs/tokio/pull/5198l/5198

v1.21.2: Tokio v1.21.2

Compare Source

1.21.2 (September 27, 2022)

This release removes the dependency on the once_cell crate to restore the MSRV of 1.21.x, which is the latest minor version at the time of release. (#​5048])

#​5https://github.com/tokio-rs/tokio/pull/5048l/5048

v1.21.1: Tokio v1.21.1

Compare Source

1.21.1 (September 13, 2022)
Fixed
  • net: fix dependency resolution for socket2 (#​5000])
  • task: ignore failure to set TLS in LocalSet Drop (#​4976])

#​4https://github.com/tokio-rs/tokio/pull/4976l/4976

#​5https://github.com/tokio-rs/tokio/pull/5000l/5000

v1.21.0: Tokio v1.21.0

Compare Source

1.21.0 (September 2, 2022)

This release is the first release of Tokio to intentionally support WASM. The sync,macros,io-util,rt,time features are stabilized on WASM. Additionally the wasm32-wasi target is given unstable support for the net feature.

Added
  • net: add device and bind_device methods to TCP/UDP sockets (#​4882])
  • net: add tos and set_tos methods to TCP and UDP sockets (#​4877])
  • net: add security flags to named pipe ServerOptions (#​4845])
  • signal: add more windows signal handlers (#​4924])
  • sync: add mpsc::Sender::max_capacity method (#​4904])
  • sync: implement Weak version of mpsc::Sender (#​4595])
  • task

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - "after 8am and before 4pm on tuesday" in timezone Etc/UTC.

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@svc-secops svc-secops force-pushed the renovate/crate-tokio-vulnerability branch from 9dddb2d to f8edc0a Compare October 9, 2023 12:16
@svc-secops svc-secops changed the title chore(deps): update rust crate tokio to 1.32.0 [security] chore(deps): update rust crate tokio to 1.33.0 [security] Oct 9, 2023
@svc-secops svc-secops force-pushed the renovate/crate-tokio-vulnerability branch from f8edc0a to c7a3a7d Compare October 11, 2023 11:35
@svc-secops svc-secops merged commit 139611e into main Oct 17, 2023
1 check passed
@svc-secops svc-secops deleted the renovate/crate-tokio-vulnerability branch October 17, 2023 11:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@svc-secops