GitLab-Mirror/hagrid
1
0
Fork 0
mirror of https://gitlab.com/keys.openpgp.org/hagrid.git synced 2025-10-05 16:12:44 +02:00
Code Issues Projects Releases Wiki Activity

Upgrade to sequoia-openpgp 1.16.0, and buffered-reader 1.2.0.

Browse Source 
sequoia-openpgp and buffered-reader contains some vulnerabilities that
an attacker can use to crash sequoia-openpgp or buffered-reader and
consequently the application.  Upgrade to fixed versions.
This commit is contained in:
Neal H. Walfield
2023-05-19 20:03:45 +02:00
parent 37d42e96d7
commit 6e46a23a90
2 changed files with 35 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
Cargo.lock generated
View File

@@ -177,6 +177,12 @@ version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]]
name = "base64"
version = "0.21.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a"
[[package]]
name = "binascii"
version = "0.1.4"
@@ -185,9 +191,9 @@ checksum = "383d29d513d8764dcdc42ea295d979eb99c3c9f00607b3692cf68a431f7dca72"
[[package]]
name = "bindgen"
version = "0.57.0"
version = "0.63.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd4865004a46a0aafb2a0a5eb19d3c9fc46ee5f063a6cfc605c69ac9ecf5263d"
checksum = "36d860121800b2a9a94f9b5604b332d5cffb234ce17609ea479d723dbc9d3885"
dependencies = [
"bitflags",
"cexpr",
@@ -200,6 +206,7 @@ dependencies = [
"regex",
"rustc-hash",
"shlex",
"syn 1.0.105",
]
[[package]]
@@ -244,10 +251,11 @@ dependencies = [
[[package]]
name = "buffered-reader"
version = "1.1.3"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e9f82920285502602088677aeb65df0909b39c347b38565e553ba0363c242f65"
checksum = "66d3bea5bcc3ecc38fe5388e6bc35e6fe7bd665eb3ae9a44283e15b91ad3867d"
dependencies = [
"lazy_static",
"libc",
]
@@ -277,9 +285,9 @@ checksum = "e9f73505338f7d905b19d18738976aae232eb46b8efc15554ffc56deb5d9ebe4"
[[package]]
name = "cexpr"
version = "0.4.0"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4aedb84272dbe89af497cf81375129abda4fc0a9e7c5d317498c15cc30c0d27"
checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
dependencies = [
"nom",
]
@@ -1589,6 +1597,12 @@ dependencies = [
"unicase 2.6.0",
]
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "mio"
version = "0.6.23"
@@ -1715,21 +1729,22 @@ dependencies = [
[[package]]
name = "nettle"
version = "7.2.0"
version = "7.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f5d193a809310369c5d16e45bc0a88cb27935edd5d3375bcfc2371b167694035"
checksum = "b9fdccf3eae7b161910d2daa2f0155ca35041322e8fe5c5f1f2c9d0b12356336"
dependencies = [
"getrandom 0.2.8",
"libc",
"nettle-sys",
"thiserror",
"typenum",
]
[[package]]
name = "nettle-sys"
version = "2.1.0"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b13b685c7883e3a32196ccf3ce594947ec37ace43d74e157de7ca03d3fe62d17"
checksum = "b5e81c347b9002da0b6b0c4060993c280e99eb14b42ecf65a2fefcd6eb3d8a73"
dependencies = [
"bindgen",
"cc",
@@ -1768,12 +1783,12 @@ dependencies = [
[[package]]
name = "nom"
version = "5.1.2"
version = "7.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
dependencies = [
"memchr",
"version_check 0.9.4",
"minimal-lexical",
]
[[package]]
@@ -2622,12 +2637,12 @@ checksum = "e25dfac463d778e353db5be2449d1cce89bd6fd23c9f1ea21310ce6e5a1b29c4"
[[package]]
name = "sequoia-openpgp"
version = "1.11.0"
version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "50d9033c24b1d41fdfab2bbde66005d324625b4abee2af2aea6135bdd9543ff7"
checksum = "30efff3f9930e85b4284e76bbdad741f36412dfb1e370efd0de5866ae1a11dfc"
dependencies = [
"anyhow",
"base64 0.13.1",
"base64 0.21.0",
"buffered-reader",
"chrono",
"dyn-clone",
@@ -2639,6 +2654,7 @@ dependencies = [
"libc",
"memsec",
"nettle",
"once_cell",
"rand 0.7.3",
"regex",
"regex-syntax",
@@ -2721,9 +2737,9 @@ dependencies = [
[[package]]
name = "shlex"
version = "0.1.1"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2"
checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
[[package]]
name = "signal-hook-registry"

2
Cargo.toml
View File

@@ -19,7 +19,7 @@ anyhow = "1"
rocket = { version = "0.5.0-rc.2", features = [ "json" ] }
rocket_dyn_templates = { version = "0.1.0-rc.2", features = ["handlebars"] }
rocket_codegen = "0.5.0-rc.2"
sequoia-openpgp = { version = "1", default-features = false, features = ["crypto-nettle"] }
sequoia-openpgp = { version = "1.16.0", default-features = false, features = ["crypto-nettle"] }
multipart = "0"
serde = "1.0"
serde_derive = "1.0"