search

CensoredUsername / dynasm-rs

A dynasm-like tool for rust.
https://censoredusername.github.io/dynasm-rs/language/index.html
Mozilla Public License 2.0
716 stars 52 forks source link

The memmap crate is no longer maintained. #52

Closed vext01 closed 3 years ago

vext01 commented 3 years ago

I know you are aware of this @CensoredUsername, however cargo audit has just recently started complaining about it:

Crate:         memmap
Version:       0.7.0
Warning:       unmaintained
Title:         memmap is unmaintained
Date:          2020-12-02
ID:            RUSTSEC-2020-0077
URL:           https://rustsec.org/advisories/RUSTSEC-2020-0077
Dependency tree: 
memmap 0.7.0
├── ykview 0.1.0
├── yktrace 0.1.0
│   ├── ykview 0.1.0
│   ├── ykrt 0.1.0
│   └── ykcompile 0.1.0
│       └── ykrt 0.1.0
└── dynasmrt 1.0.0
    └── ykcompile 0.1.0

I think you said you had another library in mind. Is it time to switch to it perhaps?

CensoredUsername commented 3 years ago

Linking the relevant issue here for posterity: danburkert/memmap-rs/issues/90

CensoredUsername commented 3 years ago

I don't have the time or resources to maintain that crate myself. In the thread there seems to be a consensus to wait a week on if this advisory triggers any action to try to move things. As the crate is relatively small and just does one thing properly there's not really a risk of security issues with it. It's just annoying right now as it blocks fixing a bug (make MAP_ANON maps non MAP_SHARED).

CensoredUsername commented 3 years ago

Current candidate for replacement is memmap2. I also already merged a fix for the MAP_SHARED | MAP_ANON issue there.

vext01 commented 3 years ago

Sounds good! Shall we go ahead with the switch?

vext01 commented 3 years ago

Any thoughts on this? Our weekly audit is still flagging this as a problem.

CensoredUsername commented 3 years ago

Whoops I completely forgot about this, life got a bit in the way. I need to do a bit of branching to get that in right now because there's some stuff on dev staged that needs a new major release but also some more evaluation first.

CensoredUsername commented 3 years ago

Fixed in 1.0.1, which was just released.

vext01 commented 3 years ago

Great! Thanks!

On Tue, 12 Jan 2021, 00:42 CensoredUsername, notifications@github.com wrote:

Closed #52 https://github.com/CensoredUsername/dynasm-rs/issues/52.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/CensoredUsername/dynasm-rs/issues/52#event-4193438938, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAETWG2TJXAWRLJGQ6QAXZ3SZOLHVANCNFSM4UQJIW4Q .