From 988dc5fe726438c984c46e1f7d1859710105bae8 Mon Sep 17 00:00:00 2001 From: Alexis Mousset Date: Thu, 9 Feb 2023 04:11:29 +0100 Subject: [PATCH] Fix some typos (#1593) --- HOWTO_UNMAINTAINED.md | 2 +- crates/ammonia/RUSTSEC-2021-0074.md | 2 +- crates/ansi_term/RUSTSEC-2021-0139.md | 2 +- crates/arrow/RUSTSEC-2021-0117.md | 2 +- crates/badge/RUSTSEC-2022-0057.md | 2 +- crates/flatbuffers/RUSTSEC-2021-0122.md | 2 +- crates/git2/RUSTSEC-2023-0002.md | 2 +- crates/mapr/RUSTSEC-2022-0053.md | 2 +- crates/mozwire/RUSTSEC-2020-0030.md | 2 +- crates/nix/RUSTSEC-2021-0119.md | 2 +- crates/rusttype/RUSTSEC-2021-0140.md | 2 +- crates/sass-rs/RUSTSEC-2021-0136.md | 2 +- crates/secp256k1/RUSTSEC-2022-0070.md | 2 +- crates/tokio/RUSTSEC-2023-0001.md | 2 +- crates/twoway/RUSTSEC-2021-0146.md | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) diff --git a/HOWTO_UNMAINTAINED.md b/HOWTO_UNMAINTAINED.md index 0e8f2a306..87472d329 100644 --- a/HOWTO_UNMAINTAINED.md +++ b/HOWTO_UNMAINTAINED.md @@ -47,7 +47,7 @@ unreachable, the following criteria must be met: - Stale repository: no recent maintenance activity, including any of the following: recent commits, responses from the author on open issues, - crate releases, or other publically visible activity by the author. + crate releases, or other publicly visible activity by the author. Inactivity over a period of 1 year or more is the preferred threshold. - Contact attempts with the author made with no response. Ideally these attempts are made via a public GitHub issue, so that issue can be diff --git a/crates/ammonia/RUSTSEC-2021-0074.md b/crates/ammonia/RUSTSEC-2021-0074.md index ee0ad21e2..8d95106f6 100644 --- a/crates/ammonia/RUSTSEC-2021-0074.md +++ b/crates/ammonia/RUSTSEC-2021-0074.md @@ -19,7 +19,7 @@ differences between HTML, SVG, and MathML. Even if the `svg` and `math` elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces resulted in an "impossible" DOM, which appeared "safe" when examining the DOM tree, but when serialized and deserialized, -could be exploited to inject abitrary markup. +could be exploited to inject arbitrary markup. To exploit this, the application using this library must allow a tag that is parsed as raw text in HTML. These [elements] are: diff --git a/crates/ansi_term/RUSTSEC-2021-0139.md b/crates/ansi_term/RUSTSEC-2021-0139.md index d79fd55dc..93b1e132c 100644 --- a/crates/ansi_term/RUSTSEC-2021-0139.md +++ b/crates/ansi_term/RUSTSEC-2021-0139.md @@ -11,7 +11,7 @@ patched = [] ``` # ansi_term is Unmaintained -The maintainer has adviced that this crate is deprecated and will not receive any maintenance. +The maintainer has advised that this crate is deprecated and will not receive any maintenance. The crate does not seem to have much dependencies and may or may not be ok to use as-is. diff --git a/crates/arrow/RUSTSEC-2021-0117.md b/crates/arrow/RUSTSEC-2021-0117.md index 7e6d07a67..87c0f23c2 100644 --- a/crates/arrow/RUSTSEC-2021-0117.md +++ b/crates/arrow/RUSTSEC-2021-0117.md @@ -15,4 +15,4 @@ patched = [">= 6.4.0"] `DecimalArray` performs insufficient bounds checks, which allows out-of-bounds reads in safe code -if the lenght of the backing buffer is not a multiple of 16. +if the length of the backing buffer is not a multiple of 16. diff --git a/crates/badge/RUSTSEC-2022-0057.md b/crates/badge/RUSTSEC-2022-0057.md index fe5ede819..e192415ff 100644 --- a/crates/badge/RUSTSEC-2022-0057.md +++ b/crates/badge/RUSTSEC-2022-0057.md @@ -11,7 +11,7 @@ patched = [] ``` # badge is Unmaintained -The maintainer has adviced this crate is deprecated and will not receive any maintenance. +The maintainer has advised this crate is deprecated and will not receive any maintenance. The crate depends on the deprecated `rusttype` crate and won't receive updates anymore. diff --git a/crates/flatbuffers/RUSTSEC-2021-0122.md b/crates/flatbuffers/RUSTSEC-2021-0122.md index 2725e26e3..43ae59e91 100644 --- a/crates/flatbuffers/RUSTSEC-2021-0122.md +++ b/crates/flatbuffers/RUSTSEC-2021-0122.md @@ -23,5 +23,5 @@ All users that use generated code by `flatbuffers` compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit their code and look for any usage of `follow`, `push`, or any method that uses them (e.g. `self_follow`). -3. Carefuly go through the crates' documentation to understand which "safe" APIs are not +3. Carefully go through the crates' documentation to understand which "safe" APIs are not intended to be used. diff --git a/crates/git2/RUSTSEC-2023-0002.md b/crates/git2/RUSTSEC-2023-0002.md index 77ba82080..df39d21f9 100644 --- a/crates/git2/RUSTSEC-2023-0002.md +++ b/crates/git2/RUSTSEC-2023-0002.md @@ -41,7 +41,7 @@ an affected application might: If the information is not supposed to be public, this would constitute an information leak. Also, since the data doesn't arrive where intended, - it consitutes a denial of service. + it constitutes a denial of service. ## Technical details diff --git a/crates/mapr/RUSTSEC-2022-0053.md b/crates/mapr/RUSTSEC-2022-0053.md index 2fb4e0d3b..21042e039 100644 --- a/crates/mapr/RUSTSEC-2022-0053.md +++ b/crates/mapr/RUSTSEC-2022-0053.md @@ -13,7 +13,7 @@ patched = [] The `mapr` fork has been merged back into upstream fork `memmap2`. -The maintainer(s) have adviced `mapr` is deprecated and will not +The maintainer(s) have advised `mapr` is deprecated and will not receive any maintenance in favor of using `memmap2`. ## Possible Alternative(s) diff --git a/crates/mozwire/RUSTSEC-2020-0030.md b/crates/mozwire/RUSTSEC-2020-0030.md index 7a272f4d0..1eab00d48 100644 --- a/crates/mozwire/RUSTSEC-2020-0030.md +++ b/crates/mozwire/RUSTSEC-2020-0030.md @@ -13,7 +13,7 @@ url = "https://github.com/NilsIrl/MozWire/issues/14" patched = ["> 0.4.1"] ``` -# Missing sanitazion in mozwire allows local file overwrite of files ending in .conf +# Missing sanitization in mozwire allows local file overwrite of files ending in .conf The client software downloaded a list of servers from mozilla's servers and created local files named after the hostname field in the json document. diff --git a/crates/nix/RUSTSEC-2021-0119.md b/crates/nix/RUSTSEC-2021-0119.md index dbfbb94cb..8f4f76a0b 100644 --- a/crates/nix/RUSTSEC-2021-0119.md +++ b/crates/nix/RUSTSEC-2021-0119.md @@ -25,7 +25,7 @@ provides, resulting in an out-of-bounds write and memory corruption. The libc `getgrouplist` function takes an in/out parameter `ngroups` specifying the size of the group buffer. When the buffer is too small to -hold all of the reqested user's group memberships, some libc +hold all of the requested user's group memberships, some libc implementations, including glibc and Solaris libc, will modify `ngroups` to indicate the actual number of groups for the user, in addition to returning an error. The version of `nix::unistd::getgrouplist` in nix diff --git a/crates/rusttype/RUSTSEC-2021-0140.md b/crates/rusttype/RUSTSEC-2021-0140.md index d995879ce..ed729417e 100644 --- a/crates/rusttype/RUSTSEC-2021-0140.md +++ b/crates/rusttype/RUSTSEC-2021-0140.md @@ -11,7 +11,7 @@ patched = [] ``` # rusttype is Unmaintained -The maintainer has adviced this crate is deprecated and will not +The maintainer has advised this crate is deprecated and will not receive any maintenance. The maintainer has further advised to migrate over to `ab_glyph`. diff --git a/crates/sass-rs/RUSTSEC-2021-0136.md b/crates/sass-rs/RUSTSEC-2021-0136.md index 3d4b374fe..bf09188d4 100644 --- a/crates/sass-rs/RUSTSEC-2021-0136.md +++ b/crates/sass-rs/RUSTSEC-2021-0136.md @@ -14,4 +14,4 @@ patched = [] The `sass-rs` crate is not maintained anymore as libsass is deprecated. Consider using https://github.com/connorskees/grass or https://github.com/kaj/rsass instead. -(Author's recomendation.) +(Author's recommendation.) diff --git a/crates/secp256k1/RUSTSEC-2022-0070.md b/crates/secp256k1/RUSTSEC-2022-0070.md index 8987d036f..024da315a 100644 --- a/crates/secp256k1/RUSTSEC-2022-0070.md +++ b/crates/secp256k1/RUSTSEC-2022-0070.md @@ -31,6 +31,6 @@ You are unaffected if you either * manually checked that your usage of the method is sound * upgraded to the patched version of `secp256k1` (recommended) -The patched version uses correct bounds which means it is API-breaking. This effectively means adopting the policy of Rust lang itself allowing API-breaking changes to fix soundness bugs. Note however that valid straigthforward usage of the code will continue to compile. Only unsound code or code that propagates the bound in custom generics will fail to compile. If the code is sound fixing the bounds should be sufficient to make the code compile. +The patched version uses correct bounds which means it is API-breaking. This effectively means adopting the policy of Rust lang itself allowing API-breaking changes to fix soundness bugs. Note however that valid straightforward usage of the code will continue to compile. Only unsound code or code that propagates the bound in custom generics will fail to compile. If the code is sound fixing the bounds should be sufficient to make the code compile. See the [GitHub issue](https://github.com/rust-bitcoin/rust-secp256k1/issues/543) for example "exploit" code and further discussion. diff --git a/crates/tokio/RUSTSEC-2023-0001.md b/crates/tokio/RUSTSEC-2023-0001.md index c79cba445..8342c873a 100644 --- a/crates/tokio/RUSTSEC-2023-0001.md +++ b/crates/tokio/RUSTSEC-2023-0001.md @@ -22,7 +22,7 @@ On Windows, configuring a named pipe server with [pipe_mode] will force [ServerO This drops any intended explicit configuration for the [reject_remote_clients] that may have been set as `true` previously. -The default setting of [reject_remote_clients] is normally `true` meaning the default is also overriden as `false`. +The default setting of [reject_remote_clients] is normally `true` meaning the default is also overridden as `false`. ## Workarounds diff --git a/crates/twoway/RUSTSEC-2021-0146.md b/crates/twoway/RUSTSEC-2021-0146.md index 9c428b3f6..10f42985c 100644 --- a/crates/twoway/RUSTSEC-2021-0146.md +++ b/crates/twoway/RUSTSEC-2021-0146.md @@ -13,4 +13,4 @@ patched = [] # Crate `twoway` deprecated by the author -The commit [`e99b3c7`](https://github.com/bluss/twoway/commit/e99b3c718df1117ad7f54c33f6540c8f46cc17dd) releasing version 0.2.2 explicitely deprecates `twoway` in favour of [`memchr`](https://crates.io/crates/memchr) crate. +The commit [`e99b3c7`](https://github.com/bluss/twoway/commit/e99b3c718df1117ad7f54c33f6540c8f46cc17dd) releasing version 0.2.2 explicitly deprecates `twoway` in favour of [`memchr`](https://crates.io/crates/memchr) crate.