From b402911a28c3b697ca8437cd79a864db36ca8e10 Mon Sep 17 00:00:00 2001
From: Angel Pons <th3fanbus@gmail.com>
Date: Sun, 1 May 2022 23:01:07 +0200
Subject: util/flashrom_tester: Update sys-info crate to version 0.9

An issue was discovered in the sys-info crate before 0.8.0 for Rust.
sys_info::disk_info calls can trigger a double free. To prevent any
potential problems, update this crate to version 0.9 (as of writing,
sys-info version 0.9.1 is the latest).

Refer to CVE-2020-36434 for more details about the sys-info crate bug.

TEST=Run `cargo build` in `util/flashrom_tester`, it still works fine.

Change-Id: I3b6b21e830ff3107860f7bcbfe2d58b29efe0c12
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/63975
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 util/flashrom_tester/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'util/flashrom_tester')

diff --git a/util/flashrom_tester/Cargo.toml b/util/flashrom_tester/Cargo.toml
index e7a58202..8956b923 100644
--- a/util/flashrom_tester/Cargo.toml
+++ b/util/flashrom_tester/Cargo.toml
@@ -22,7 +22,7 @@ libc = "0.2"
 log = { version = "0.4", features = ["std"] }
 rand = "0.6.4"
 serde_json = "1"
-sys-info = "0.5.7"
+sys-info = "0.9"
 
 [build-dependencies]
 built = { version = "0.3", default-features = false, features = ["serialized_time", "serialized_version"] }
-- 
cgit v1.2.3