Update Rust crate rand to 0.10.0 [SECURITY]

[oxide-renovate]

This PR contains the following updates:

Package	Type	Update	Change
rand (source)	workspace.dependencies	minor	0.9.2 → 0.10.0

---

Rand is unsound with a custom logger using rand::rng()

GHSA-cq8v-f236-94qc

More information

Details

It has been reported (by @​lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Severity

Low

References

• https://github.com/rust-random/rand/pull/1763
• https://rustsec.org/advisories/RUSTSEC-2026-0097.html
• https://github.com/advisories/GHSA-cq8v-f236-94qc

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

rust-random/rand (rand)

v0.10.1

Compare Source

This release includes a fix for a soundness bug; see #​1763.

Changes

• Document panic behavior of make_rng and add #[track_caller] (#​1761)
• Deprecate feature log (#​1763)

v0.10.0

Compare Source

Changes

• The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#​1642).
• Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#​1632)
• Use Edition 2024 and MSRV 1.85 (#​1653)
• Let Fill be implemented for element types, not sliceable types (#​1652)
• Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#​1665)
• Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#​1669)
• Remove fns SeedableRng::from_os_rng, try_from_os_rng (#​1674)
• Remove Clone support for StdRng, ReseedingRng (#​1677)
• Use postcard instead of bincode to test the serde feature (#​1693)
• Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#​1695)
• Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#​1697)
• Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#​1717)

Additions

• Add fns IndexedRandom::choose_iter, choose_weighted_iter (#​1632)
• Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#​1649)
• Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#​1659)
• Fn rand::make_rng() -> R where R: SeedableRng (#​1734)

Removals

• Removed ReseedingRng (#​1722)
• Removed unused feature "nightly" (#​1732)
• Removed feature small_rng (#​1732)

v0.9.4

Compare Source

Fixes

• Fix doc build (#​1766)

Full Changelog: rust-random/rand@0.9.3...0.9.4

v0.9.3

Compare Source

This release back-ports a fix from v0.10. See also [#​1763].

Changes

• Deprecate feature log (#​1764)
• Replace usages of doc_auto_cfg (#​1764)

Full Changelog: rust-random/rand@0.9.2...0.9.3

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • ""
• Automerge
  • "after 8pm,before 6am"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[oxide-renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
    Updating git repository `https://github.com/oxidecomputer/pq-sys`
From https://github.com/oxidecomputer/pq-sys
 * [new ref]         b1194c190f4d4a103c2280908cd1e97628c5c1cb -> refs/commit/b1194c190f4d4a103c2280908cd1e97628c5c1cb
    Updating crates.io index
    Updating git repository `https://github.com/oxidecomputer/propolis`
From https://github.com/oxidecomputer/propolis
 * [new ref]         bc489ddf0f38f75e0c194b86cf6f0de377f68845 -> refs/commit/bc489ddf0f38f75e0c194b86cf6f0de377f68845
    Updating git repository `https://github.com/oxidecomputer/dice-util`
From https://github.com/oxidecomputer/dice-util
 * [new ref]         10952e8d9599b735b85d480af3560a11700e5b64 -> refs/commit/10952e8d9599b735b85d480af3560a11700e5b64
    Updating git repository `https://github.com/oxidecomputer/openapi-lint`
From https://github.com/oxidecomputer/openapi-lint
 * [new ref]         1b65d761eae2bdd69e9801538ec9ca8a1d55ea71 -> refs/commit/1b65d761eae2bdd69e9801538ec9ca8a1d55ea71
    Updating git repository `https://github.com/oxidecomputer/dendrite`
From https://github.com/oxidecomputer/dendrite
 * [new ref]         44a949c9bedf4fcd4d280337fa1965b4293c88d1 -> refs/commit/44a949c9bedf4fcd4d280337fa1965b4293c88d1
    Updating git repository `https://github.com/oxidecomputer/ipcc-rs`
From https://github.com/oxidecomputer/ipcc-rs
 * [new ref]         524eb8f125003dff50b9703900c6b323f00f9e1b -> refs/commit/524eb8f125003dff50b9703900c6b323f00f9e1b
    Updating git repository `https://github.com/oxidecomputer/hubtools.git`
From https://github.com/oxidecomputer/hubtools
 * [new ref]         2b1ef9b38d75563ea800baa3b17327eec17b1b7a -> refs/commit/2b1ef9b38d75563ea800baa3b17327eec17b1b7a
    Updating git repository `https://github.com/oxidecomputer/scim2-rs`
From https://github.com/oxidecomputer/scim2-rs
 * [new ref]         c78005db837a71f94c3b8efac9a64cfbdb2d527f -> refs/commit/c78005db837a71f94c3b8efac9a64cfbdb2d527f
    Updating git repository `https://github.com/oxidecomputer/libefi-illumos`
From https://github.com/oxidecomputer/libefi-illumos
 * [new ref]         54c398c139f0e65252c2c0f9565d2eec7116bf02 -> refs/commit/54c398c139f0e65252c2c0f9565d2eec7116bf02
    Updating git repository `https://github.com/oxidecomputer/libnvme`
From https://github.com/oxidecomputer/libnvme
 * [new ref]         dd5bb221d327a1bc9287961718c3c10d6bd37da0 -> refs/commit/dd5bb221d327a1bc9287961718c3c10d6bd37da0
    Updating git repository `https://github.com/oxidecomputer/dice-util`
From https://github.com/oxidecomputer/dice-util
 * [new ref]         ff9f27aa0d6ef6fb64c349890b6e3c242ea3d8fc -> refs/commit/ff9f27aa0d6ef6fb64c349890b6e3c242ea3d8fc
    Updating git repository `https://github.com/oxidecomputer/sprockets.git`
From https://github.com/oxidecomputer/sprockets
 * [new ref]         d2b68e4f47e3c22bce0455aeb4cfb2e61ad229ba -> refs/commit/d2b68e4f47e3c22bce0455aeb4cfb2e61ad229ba
    Updating git repository `https://github.com/oxidecomputer/rust-cpuid.git`
From https://github.com/oxidecomputer/rust-cpuid
 * [new ref]         a4cf01df76f35430ff5d39dc2fe470bcb953503b -> refs/commit/a4cf01df76f35430ff5d39dc2fe470bcb953503b
    Updating git repository `https://github.com/oxidecomputer/rats-corim.git`
From https://github.com/oxidecomputer/rats-corim
 * [new ref]         f0d5d5168d3d31487a56df32c676b0c6240bcc6b -> refs/commit/f0d5d5168d3d31487a56df32c676b0c6240bcc6b
    Updating git repository `https://github.com/bluecatengineering/dhcproto.git`
From https://github.com/bluecatengineering/dhcproto
 * [new ref]         120da6fcd8a7be84d417d372634ead84ce07e6da -> refs/commit/120da6fcd8a7be84d417d372634ead84ce07e6da
    Updating git repository `https://github.com/oxidecomputer/crucible`
From https://github.com/oxidecomputer/crucible
 * [new ref]         ae1da83e66c648574827298f4bc444632bf4d047 -> refs/commit/ae1da83e66c648574827298f4bc444632bf4d047
error: failed to select a version for `rand`.
    ... required by package `trust-quorum-types-versions v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/trust-quorum/types/versions)`
    ... which satisfies path dependency `trust-quorum-types-versions` (locked to 0.1.0) of package `sled-agent-types-versions v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/sled-agent/types/versions)`
    ... which satisfies path dependency `sled-agent-types-versions` (locked to 0.1.0) of package `nexus-types v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/nexus/types)`
    ... which satisfies path dependency `nexus-types` (locked to 0.1.0) of package `nexus-config v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/nexus-config)`
    ... which satisfies path dependency `nexus-config` (locked to 0.1.0) of package `omicron-test-utils v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/test-utils)`
    ... which satisfies path dependency `omicron-test-utils` (locked to 0.1.0) of package `omicron-certificates v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/certificates)`
versions that meet the requirements `^0.10.0` (locked to 0.10.0) are: 0.10.0

package `trust-quorum-types-versions` depends on `rand` with feature `os_rng` but `rand` does not have that feature.
 package `rand` does have feature `sys_rng`


failed to select a version for `rand` which could resolve this conflict

File name: Cargo.toml

Command failed: tools/renovate-post-upgrade.sh
+ set -o pipefail
+ set -o pipefail
+ case "${BINSTALL_VERSION:-}" in
++ mktemp -d
+ cd /tmp/tmp.LwF35RoGTE
+ '[' -z '' ']'
+ base_url=https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-
++ uname -s
+ os=Linux
+ '[' Linux = Darwin ']'
+ '[' Linux = Linux ']'
++ uname -m
+ machine=x86_64
+ '[' x86_64 = armv7l ']'
+ target=x86_64-unknown-linux-musl
+ '[' x86_64 = armv7 ']'
+ url=https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz
+ do_curl https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz
+ curl --retry 10 -A 'Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0' -L --proto =https --tlsv1.2 -sSf https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz
+ tar -xvzf -
+ ./cargo-binstall --self-install
+ CARGO_HOME=/home/ubuntu/.cargo
+ case ":$PATH:" in
+ needs_cargo_home=1
+ '[' -n 1 ']'
+ '[' -n '' ']'
+ echo
+ printf '\033[0;31mYour path is missing %s, you might want to add it.\033[0m\n' /home/ubuntu/.cargo/bin
+ echo
Error: 
   0: �[91mbuilding package graph failed�[0m
   1: �[91m`cargo metadata` execution failed�[0m
   2: �[91m`cargo metadata` exited with an error:     Updating crates.io index
      error: failed to select a version for `rand`.
          ... required by package `trust-quorum-types-versions v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/trust-quorum/types/versions)`
          ... which satisfies path dependency `trust-quorum-types-versions` (locked to 0.1.0) of package `sled-agent-types-versions v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/sled-agent/types/versions)`
          ... which satisfies path dependency `sled-agent-types-versions` (locked to 0.1.0) of package `nexus-types v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/nexus/types)`
          ... which satisfies path dependency `nexus-types` (locked to 0.1.0) of package `nexus-config v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/nexus-config)`
          ... which satisfies path dependency `nexus-config` (locked to 0.1.0) of package `omicron-test-utils v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/test-utils)`
          ... which satisfies path dependency `omicron-test-utils` (locked to 0.1.0) of package `omicron-certificates v0.1.0 (/tmp/renovate/repos/github/oxidecomputer/omicron/certificates)`
      versions that meet the requirements `^0.10.0` (locked to 0.10.0) are: 0.10.0

      package `trust-quorum-types-versions` depends on `rand` with feature `os_rng` but `rand` does not have that feature.
       package `rand` does have feature `sys_rng`


      failed to select a version for `rand` which could resolve this conflict
      �[0m

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.