diff --git a/README.md b/README.md index 19f049cba78..5d0e4ab8328 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Make sure you activated the full features of the tokio crate on Cargo.toml: ```toml [dependencies] -tokio = { version = "1.14.0", features = ["full"] } +tokio = { version = "1.14.1", features = ["full"] } ``` Then, on your main.rs: diff --git a/tokio/CHANGELOG.md b/tokio/CHANGELOG.md index afa8bf0ce18..d3cd0af2df4 100644 --- a/tokio/CHANGELOG.md +++ b/tokio/CHANGELOG.md @@ -1,3 +1,32 @@ +# 1.14.1 (January 30, 2022) + +This release backports a bug fix from 1.16.1 + +Fixes a soundness bug in `io::Take` ([#4428]). The unsoundness is exposed when +leaking memory in the given `AsyncRead` implementation and then overwriting the +supplied buffer: + +```rust +impl AsyncRead for Buggy { + fn poll_read( + self: Pin<&mut Self>, + cx: &mut Context<'_>, + buf: &mut ReadBuf<'_> + ) -> Poll> { + let new_buf = vec![0; 5].leak(); + *buf = ReadBuf::new(new_buf); + buf.put_slice(b"hello"); + Poll::Ready(Ok(())) + } +} +``` + +### Fixed + +- io: **soundness** don't expose uninitialized memory when using `io::Take` in edge case ([#4428]) + +[#4428]: https://github.com/tokio-rs/tokio/pull/4428 + # 1.14.0 (November 15, 2021) ### Fixed diff --git a/tokio/Cargo.toml b/tokio/Cargo.toml index 18e9c1b97ae..c1e9ad80835 100644 --- a/tokio/Cargo.toml +++ b/tokio/Cargo.toml @@ -7,12 +7,12 @@ name = "tokio" # - README.md # - Update CHANGELOG.md. # - Create "v1.0.x" git tag. -version = "1.14.0" +version = "1.14.1" edition = "2018" authors = ["Tokio Contributors "] license = "MIT" readme = "README.md" -documentation = "https://docs.rs/tokio/1.14.0/tokio/" +documentation = "https://docs.rs/tokio/1.14.1/tokio/" repository = "https://github.com/tokio-rs/tokio" homepage = "https://tokio.rs" description = """ diff --git a/tokio/LICENSE b/tokio/LICENSE index ffa38bb61cc..8af5baf01ea 100644 --- a/tokio/LICENSE +++ b/tokio/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2021 Tokio Contributors +Copyright (c) 2022 Tokio Contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/tokio/README.md b/tokio/README.md index 19f049cba78..5d0e4ab8328 100644 --- a/tokio/README.md +++ b/tokio/README.md @@ -56,7 +56,7 @@ Make sure you activated the full features of the tokio crate on Cargo.toml: ```toml [dependencies] -tokio = { version = "1.14.0", features = ["full"] } +tokio = { version = "1.14.1", features = ["full"] } ``` Then, on your main.rs: