Abathuthukisi bolimi lwe-Rust baxwayise ngokuthi iphakheji ye-rustdecimal equkethe ikhodi enobungozi ikhonjwe endaweni yokugcina i-crates.io. Iphakheji yayisekelwe kuphakheji esemthethweni ye-rust_decimal futhi yasatshalaliswa kusetshenziswa ukufana kwegama (i-typesquatting) ngokulindela ukuthi umsebenzisi angeke abone ukungabi khona kwe-underscore lapho esesha noma ekhetha imojuli ohlwini.
Kuyaphawuleka ukuthi leli su liphumelele futhi ngokwenombolo yokulandwa, iphakheji engelona iqiniso yayingemuva kancane nje kokwangempela (~ukulandwa ayizinkulungwane eziyi-111 kwe-rustdecimal 1.23.1 kanye nezinkulungwane eziyi-113 ze-rust_decimal 1.23.1) . Ngesikhathi esifanayo, okulandiwe okuningi bekungokwesibonelo esingenangozi ebesingenayo ikhodi enonya. Izinguquko ezinonya zengezwa ngoMashi 25 enguqulweni ye-rustdecimal 1.23.5, eyalandwa izikhathi ezingaba ngu-500 ngaphambi kokuthi inkinga ikhonjwe futhi iphakheji ivinjwe (kucatshangwa ukuthi ukulandwa okuningi kwenguqulo enonya kwenziwa ama-bots) futhi ayizange isetshenziswe njengokuncika kwamanye amaphakheji akhona endaweni yokugcina (kungenzeka ukuthi iphakheji enobungozi bekuwukuncika ekugcineni kwezinhlelo zokusebenza).
Izinguquko ezinonya zibandakanya ukwengeza umsebenzi omusha, Idesimali::omusha, okusetshenziswa kwawo kuqukethe ikhodi efiphaziwe yokulandwa kuseva yangaphandle kanye nokwethulwa kwefayela elisebenzisekayo. Lapho kubizwa umsebenzi, okuguquguqukayo kwemvelo GITLAB_CI kuye kwahlolwa, futhi uma kusethiwe, ifayela /tmp/git-updater.bin lalayishwa kuseva yangaphandle. Isibambi esinonya esilandekayo sisekela umsebenzi ku-Linux naku-macOS (inkundla yeWindows ibingasekelwe).
Kucatshangwe ukuthi umsebenzi onobungozi uzokwenziwa ngesikhathi sokuhlolwa kumasistimu wokuhlanganisa aqhubekayo. Ngemva kokuvimbela i-rustdecimal, abaphathi be-crates.io bahlaziye okuqukethwe kwendawo yokugcina izinto ezifanayo ezinonya, kodwa abazange babone izinkinga kwamanye amaphakheji. Abanikazi bezinhlelo zokuhlanganisa eziqhubekayo ezisekelwe kuplathifomu ye-GitLab bayelulekwa ukuthi baqinisekise ukuthi amaphrojekthi ahlolwe kumaseva abo awasebenzisi iphakheji ye-rustdecimal ekuncikeni kwabo.
Source: opennet.ru