Update Rust crate rand to 0.9.3 [SECURITY] - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
rand (source)	dev-dependencies	minor	0.8 → 0.9.3

---

Rand is unsound with a custom logger using rand::rng()

GHSA-cq8v-f236-94qc

More information

Details

It has been reported (by @​lopopolo) that the rand library is unsound (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:

• The log and thread_rng features are enabled
• A custom logger is defined
• The custom logger accesses rand::rng() (previously rand::thread_rng()) and calls any TryRng (previously RngCore) methods on ThreadRng
• The ThreadRng (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
• Trace-level logging is enabled or warn-level logging is enabled and the random source (the getrandom crate) is unable to provide a new seed

TryRng (previously RngCore) methods for ThreadRng use unsafe code to cast *mut BlockRng<ReseedingCore> to &mut BlockRng<ReseedingCore>. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of aliased mutable references is Undefined Behaviour, the behaviour of optimized builds is hard to predict.

Affected versions of rand are >= 0.7, < 0.9.3 and 0.10.0.

Severity

Low

References

• https://github.com/rust-random/rand/pull/1763
• https://rustsec.org/advisories/RUSTSEC-2026-0097.html
• https://github.com/advisories/GHSA-cq8v-f236-94qc

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

rust-random/rand (rand)

v0.9.3

Compare Source

v0.9.2

Compare Source

Deprecated

• Deprecate rand::rngs::mock module and StepRng generator (#​1634)

Additions

• Enable WeightedIndex<usize> (de)serialization (#​1646)

v0.9.1

Compare Source

Security and unsafe

• Revise "not a crypto library" policy again (#​1565)
• Remove zerocopy dependency from rand (#​1579)

Fixes

• Fix feature simd_support for recent nightly rust (#​1586)

Changes

• Allow fn rand::seq::index::sample_weighted and fn IndexedRandom::choose_multiple_weighted to return fewer than amount results (#​1623), reverting an undocumented change (#​1382) to the previous release.

Additions

• Add rand::distr::Alphabetic distribution. (#​1587)
• Re-export rand_core (#​1604)

v0.9.0

Compare Source

Security and unsafe

• Policy: "rand is not a crypto library" (#​1514)
• Remove fork-protection from ReseedingRng and ThreadRng. Instead, it is recommended to call ThreadRng::reseed on fork. (#​1379)
• Use zerocopy to replace some unsafe code (#​1349, #​1393, #​1446, #​1502)

Dependencies

• Bump the MSRV to 1.63.0 (#​1207, #​1246, #​1269, #​1341, #​1416, #​1536); note that 1.60.0 may work for dependents when using --ignore-rust-version
• Update to rand_core v0.9.0 (#​1558)

Features

• Support std feature without getrandom or rand_chacha (#​1354)
• Enable feature small_rng by default (#​1455)
• Remove implicit feature rand_chacha; use std_rng instead. (#​1473)
• Rename feature serde1 to serde (#​1477)
• Rename feature getrandom to os_rng (#​1537)
• Add feature thread_rng (#​1547)

API changes: rand_core traits

• Add fn RngCore::read_adapter implementing std::io::Read (#​1267)
• Add trait CryptoBlockRng: BlockRngCore; make trait CryptoRng: RngCore (#​1273)
• Add traits TryRngCore, TryCryptoRng (#​1424, #​1499)
• Rename fn SeedableRng::from_rng -> try_from_rng and add infallible variant fn from_rng (#​1424)
• Rename fn SeedableRng::from_entropy -> from_os_rng and add fallible variant fn try_from_os_rng (#​1424)
• Add bounds Clone and AsRef to associated type SeedableRng::Seed (#​1491)

API changes: Rng trait and top-level fns

• Rename fn rand::thread_rng() to rand::rng() and remove from the prelude (#​1506)
• Remove fn rand::random() from the prelude (#​1506)
• Add top-level fns random_iter, random_range, random_bool, random_ratio, fill (#​1488)
• Re-introduce fn Rng::gen_iter as random_iter (#​1305, #​1500)
• Rename fn Rng::gen to random to avoid conflict with the new gen keyword in Rust 2024 (#​1438)
• Rename fns Rng::gen_range to random_range, gen_bool to random_bool, gen_ratio to random_ratio (#​1505)
• Annotate panicking methods with #[track_caller] (#​1442, #​1447)

API changes: RNGs

• Fix <SmallRng as SeedableRng>::Seed size to 256 bits (#​1455)
• Remove first parameter (rng) of ReseedingRng::new (#​1533)

API changes: Sequences

• Split trait SliceRandom into IndexedRandom, IndexedMutRandom, SliceRandom (#​1382)
• Add IndexedRandom::choose_multiple_array, index::sample_array (#​1453, #​1469)

API changes: Distributions: renames

• Rename module rand::distributions to rand::distr (#​1470)
• Rename distribution Standard to StandardUniform (#​1526)
• Move distr::Slice -> distr::slice::Choose, distr::EmptySlice -> distr::slice::Empty (#​1548)
• Rename trait distr::DistString -> distr::SampleString (#​1548)
• Rename distr::DistIter -> distr::Iter, distr::DistMap -> distr::Map (#​1548)

API changes: Distributions

• Relax Sized bound on Distribution<T> for &D (#​1278)
• Remove impl of Distribution<Option<T>> for StandardUniform (#​1526)
• Let distribution StandardUniform support all NonZero* types (#​1332)
• Fns {Uniform, UniformSampler}::{new, new_inclusive} return a Result (instead of potentially panicking) (#​1229)
• Distribution Uniform implements TryFrom instead of From for ranges (#​1229)
• Add UniformUsize (#​1487)
• Remove support for generating isize and usize values with StandardUniform, Uniform (except via UniformUsize) and Fill and usage as a WeightedAliasIndex weight (#​1487)
• Add impl DistString for distributions Slice<char> and Uniform<char> (#​1315)
• Add fn Slice::num_choices (#​1402)
• Add fn p() for distribution Bernoulli to access probability (#​1481)

API changes: Weighted distributions

• Add pub module rand::distr::weighted, moving WeightedIndex there (#​1548)
• Add trait weighted::Weight, allowing WeightedIndex to trap overflow (#​1353)
• Add fns weight, weights, total_weight to distribution WeightedIndex (#​1420)
• Rename enum WeightedError to weighted::Error, revising variants (#​1382) and mark as #[non_exhaustive] (#​1480)

API changes: SIMD

• Switch to std::simd, expand SIMD & docs (#​1239)

Reproducibility-breaking changes

• Make ReseedingRng::reseed discard remaining data from the last block generated (#​1379)
• Change fn SmallRng::seed_from_u64 implementation (#​1203)
• Allow UniformFloat::new samples and UniformFloat::sample_single to yield high (#​1462)
• Fix portability of distribution Slice (#​1469)
• Make Uniform for usize portable via UniformUsize (#​1487)
• Fix IndexdRandom::choose_multiple_weighted for very small seeds and optimize for large input length / low memory (#​1530)

Reproducibility-breaking optimisations

• Optimize fn sample_floyd, affecting output of rand::seq::index::sample and rand::seq::SliceRandom::choose_multiple (#​1277)
• New, faster algorithms for IteratorRandom::choose and choose_stable (#​1268)
• New, faster algorithms for SliceRandom::shuffle and partial_shuffle (#​1272)
• Optimize distribution Uniform: use Canon's method (single sampling) / Lemire's method (distribution sampling) for faster sampling (breaks value stability; #​1287)
• Optimize fn sample_single_inclusive for floats (+~20% perf) (#​1289)

Other optimisations

• Improve SmallRng initialization performance (#​1482)
• Optimise SIMD widening multiply (#​1247)

Other

• Add Cargo.lock.msrv file (#​1275)
• Reformat with rustfmt and enforce (#​1448)
• Apply Clippy suggestions and enforce (#​1448, #​1474)
• Move all benchmarks to new benches crate (#​1329, #​1439) and migrate to Criterion (#​1490)

Documentation

• Improve ThreadRng related docs (#​1257)
• Docs: enable experimental --generate-link-to-definition feature (#​1327)
• Better doc of crate features, use doc_auto_cfg (#​1411, #​1450)

v0.8.6

Compare Source

What's Changed

This release back-ports a fix from v0.10. See also #​1763.

Changes

• Deprecate feature log (#​1772)

• Drop the experimental simd_support feature.

New Contributors

• @​nwalfield made their first contribution in #​1772

Full Changelog: rust-random/rand@0.8.5...0.8.6

v0.8.5

Compare Source

Fixes

• Fix build on non-32/64-bit architectures (#​1144)
• Fix "min_const_gen" feature for no_std (#​1173)
• Check libc::pthread_atfork return value with panic on error (#​1178)
• More robust reseeding in case ReseedingRng is used from a fork handler (#​1178)
• Fix nightly: remove unused slice_partition_at_index feature (#​1215)
• Fix nightly + simd_support: update packed_simd (#​1216)

Rngs

• StdRng: Switch from HC128 to ChaCha12 on emscripten (#​1142).
  We now use ChaCha12 on all platforms.

Documentation

• Added docs about rand's use of const generics (#​1150)
• Better random chars example (#​1157)

v0.8.4

Compare Source

Additions

• Use const-generics to support arrays of all sizes (#​1104)
• Implement Clone and Copy for Alphanumeric (#​1126)
• Add Distribution::map to derive a distribution using a closure (#​1129)
• Add Slice distribution (#​1107)
• Add DistString trait with impls for Standard and Alphanumeric (#​1133)

Other

• Reorder asserts in Uniform float distributions for easier debugging of non-finite arguments
  (#​1094, #​1108)
• Add range overflow check in Uniform float distributions (#​1108)
• Deprecate rngs::adapter::ReadRng (#​1130)

v0.8.3

Compare Source

Fixes

• Fix no-std + alloc build by gating choose_multiple_weighted on std (#​1088)

v0.8.2

Compare Source

Fixes

• Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when
  providing a full integer range (eg 0..=MAX) (#​1087)

v0.8.1

Compare Source

Other

• Enable all stable features in the playground (#​1081)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.