Rust playground and learning repository
License: MIT License
This repo is intended as a drop in environment for testing out Rust features.
Minimum Rust version is 1.39 because of async/await
The rustup component history page will tell you which nightly version fits your needs.
Introduction
Learn by example
Dark arts
IDE for everything. Settings
Font with ligatures
The workflow rust.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
The workflow rust.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
The workflow rustsec.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
dirs is unmaintained, use dirs-next instead
| Details | |
|---|---|
| Status | unmaintained |
| Package | dirs |
| Version | 1.0.5 |
| URL | https://github.com/dirs-dev/dirs-rs |
| Date | 2020-10-16 |
The dirs crate is not maintained any more;
use dirs-next instead.
See advisory page for additional details.
Out-of-bounds write in nix::unistd::getgrouplist
| Details | |
|---|---|
| Package | nix |
| Version | 0.18.0 |
| URL | nix-rust/nix#1541 |
| Date | 2021-09-27 |
| Patched versions | ^0.20.2,^0.21.2,^0.22.2,>=0.23.0 |
| Unaffected versions | <0.16.0 |
On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.
The libc getgrouplist function takes an in/out parameter ngroups
specifying the size of the group buffer. When the buffer is too small to
hold all of the reqested user's group memberships, some libc
implementations, including glibc and Solaris libc, will modify ngroups
to indicate the actual number of groups for the user, in addition to
returning an error. The version of nix::unistd::getgrouplist in nix
0.16.0 and up will resize the buffer to twice its size, but will not
read or modify the ngroups variable. Thus, if the user has more than
twice as many groups as the initial buffer size of 8, the next call to
getgrouplist will then write past the end of the buffer.
The issue would require editing /etc/groups to exploit, which is usually
only editable by the root user.
See advisory page for additional details.
Out-of-bounds write in nix::unistd::getgrouplist
| Details | |
|---|---|
| Package | nix |
| Version | 0.20.0 |
| URL | nix-rust/nix#1541 |
| Date | 2021-09-27 |
| Patched versions | ^0.20.2,^0.21.2,^0.22.2,>=0.23.0 |
| Unaffected versions | <0.16.0 |
On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.
The libc getgrouplist function takes an in/out parameter ngroups
specifying the size of the group buffer. When the buffer is too small to
hold all of the reqested user's group memberships, some libc
implementations, including glibc and Solaris libc, will modify ngroups
to indicate the actual number of groups for the user, in addition to
returning an error. The version of nix::unistd::getgrouplist in nix
0.16.0 and up will resize the buffer to twice its size, but will not
read or modify the ngroups variable. Thus, if the user has more than
twice as many groups as the initial buffer size of 8, the next call to
getgrouplist will then write past the end of the buffer.
The issue would require editing /etc/groups to exploit, which is usually
only editable by the root user.
See advisory page for additional details.
term is looking for a new maintainer
| Details | |
|---|---|
| Status | unmaintained |
| Package | term |
| Version | 0.5.2 |
| URL | Stebalien/term#93 |
| Date | 2018-11-19 |
| Unaffected versions | > 0.6.1 |
The author of the term crate does not have time to maintain it and is looking
for a new maintainer.
Some maintained alternatives you can potentially switch to instead, depending
on your needs:
See advisory page for additional details.
net2crate has been deprecated; usesocket2instead
| Details | |
|---|---|
| Status | unmaintained |
| Package | net2 |
| Version | 0.2.34 |
| URL | deprecrated/net2-rs@3350e38 |
| Date | 2020-05-01 |
The net2 crate has been deprecated
and users are encouraged to considered socket2 instead.
See advisory page for additional details.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
