ffi, net, sq: Update to tokio 1.0.

- net: hyper has two vulnerabilities: - RUSTSEC-2021-0079: "Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss" (vulnerability) - RUSTSEC-2021-0078: "Lenient `hyper` header parsing of `Content-Length` could allow request smuggling" (vulnerability) Both are fixed in hyper 0.14.10., which depends on tokio 1. tokio 0.2 is incompatible to tokio 1, so we need to update that too, also in the dependents sq and ffi. hyper-tls 0.4 is incompatible to hyper 0.14., update to hyper-tls 0.5.
author: Nora Widdecke <nora@sequoia-pgp.org> 2021-09-28 12:18:38 +0200
committer: Nora Widdecke <nora@sequoia-pgp.org> 2021-10-25 18:25:05 +0200
commit: 463b8702ab672e1f528968f46f81b8cfdf2005c8 (patch)
tree: 52be0e0741130c9507a26d6865ef34562baf6b85
parent: 6257a2e0197190f5f2951693256d05d32437bd55 (diff)
6 files changed, 115 insertions, 103 deletions
diff --git a/Cargo.lock b/Cargo.lock
index a4bf927b..f95b61f1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1212,11 +1212,11 @@ dependencies = [
 
 [[package]]
 name = "h2"
-version = "0.2.7"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e4728fd124914ad25e99e3d15a9361a879f6620f63cb56bbb08f95abb97a535"
+checksum = "6c06815895acec637cd6ed6e9662c935b866d20a106f8361892893a7d9234964"
 dependencies = [
- "bytes 0.5.6",
+ "bytes 1.0.1",
  "fnv",
  "futures-core",
  "futures-sink",
@@ -1224,10 +1224,9 @@ dependencies = [
  "http",
  "indexmap",
  "slab",
- "tokio",
- "tokio-util",
+ "tokio 1.12.0",
+ "tokio-util 0.6.8",
  "tracing",
- "tracing-futures",
 ]
 
 [[package]]
@@ -1286,33 +1285,34 @@ dependencies = [
 
 [[package]]
 name = "http-body"
-version = "0.3.1"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13d5ff830006f7646652e057693569bfe0d51760c0085a071769d142a205111b"
+checksum = "399c583b2979440c60be0821a6199eca73bc3c8dcd9d070d75ac726e2c6186e5"
 dependencies = [
- "bytes 0.5.6",
+ "bytes 1.0.1",
  "http",
+ "pin-project-lite 0.2.6",
 ]
 
 [[package]]
 name = "httparse"
-version = "1.3.5"
+version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "615caabe2c3160b313d52ccc905335f4ed5f10881dd63dc5699d47e90be85691"
+checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503"
 
 [[package]]
 name = "httpdate"
-version = "0.3.2"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "494b4d60369511e7dea41cf646832512a94e542f68bb9c49e54518e0f468eb47"
+checksum = "6456b8a6c8f33fee7d958fcd1b60d55b11940a79e63ae87013e6d22e26034440"
 
 [[package]]
 name = "hyper"
-version = "0.13.10"
+version = "0.14.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a6f157065790a3ed2f88679250419b5cdd96e714a0d65f7797fd337186e96bb"
+checksum = "15d1cfb9e4f68655fa04c01f59edb405b6074a0f7118ea881e5026e4a1cd8593"
 dependencies = [
- "bytes 0.5.6",
+ "bytes 1.0.1",
  "futures-channel",
  "futures-core",
  "futures-util",
@@ -1322,9 +1322,9 @@ dependencies = [
  "httparse",
  "httpdate",
  "itoa",
- "pin-project",
- "socket2",
- "tokio",
+ "pin-project-lite 0.2.6",
+ "socket2 0.4.2",
+ "tokio 1.12.0",
  "tower-service",
  "tracing",
  "want",
@@ -1332,15 +1332,15 @@ dependencies = [
 
 [[package]]
 name = "hyper-tls"
-version = "0.4.3"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d979acc56dcb5b8dddba3917601745e877576475aa046df3226eabdecef78eed"
+checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
 dependencies = [
- "bytes 0.5.6",
+ "bytes 1.0.1",
  "hyper",
  "native-tls",
- "tokio",
- "tokio-tls",
+ "tokio 1.12.0",
+ "tokio-native-tls",
 ]
 
 [[package]]
@@ -1583,14 +1583,15 @@ dependencies = [
 ]
 
 [[package]]
-name = "mio-named-pipes"
-version = "0.1.7"
+name = "mio"
+version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0840c1c50fd55e521b247f949c241c9997709f23bd7f023b9762cd561e935656"
+checksum = "8c2bdb6314ec10835cd3293dd268473a835c02b7b352e788be788b3c6ca6bb16"
 dependencies = [
+ "libc",
  "log",
- "mio",
  "miow 0.3.7",
+ "ntapi",
  "winapi 0.3.9",
 ]
 
@@ -1602,7 +1603,7 @@ checksum = "afcb699eb26d4332647cc848492bbc15eafb26f08d0304550d5aa1f612e066f0"
 dependencies = [
  "iovec",
  "libc",
- "mio",
+ "mio 0.6.23",
 ]
 
 [[package]]
@@ -1695,6 +1696,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "ntapi"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44"
+dependencies = [
+ "winapi 0.3.9",
+]
+
+[[package]]
 name = "num-bigint"
 version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1887,26 +1897,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d70072c20945e1ab871c472a285fc772aefd4f5407723c206242f2c6f94595d6"
 
 [[package]]
-name = "pin-project"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc174859768806e91ae575187ada95c91a29e96a98dc5d2cd9a1fed039501ba6"
-dependencies = [
- "pin-project-internal",
-]
-
-[[package]]
-name = "pin-project-internal"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a490329918e856ed1b083f244e3bfe2d8c4f336407e4ea9e1a9f479ff09049e5"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
 name = "pin-project-lite"
 version = "0.1.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2376,7 +2366,7 @@ dependencies = [
  "sequoia-net",
  "sequoia-openpgp",
  "sequoia-store",
- "tokio",
+ "tokio 1.12.0",
 ]
 
 [[package]]
@@ -2418,11 +2408,11 @@ dependencies = [
  "quickcheck",
  "rand 0.7.3",
  "sequoia-openpgp",
- "socket2",
+ "socket2 0.3.19",
  "tempfile",
  "thiserror",
- "tokio",
- "tokio-util",
+ "tokio 0.2.25",
+ "tokio-util 0.3.1",
  "winapi 0.3.9",
 ]
 
@@ -2442,7 +2432,7 @@ dependencies = [
  "sequoia-openpgp",
  "tempfile",
  "thiserror",
- "tokio",
+ "tokio 1.12.0",
  "url",
  "zbase32",
 ]
@@ -2531,7 +2521,7 @@ dependencies = [
  "sequoia-openpgp",
  "tempfile",
  "term_size",
- "tokio",
+ "tokio 1.12.0",
 ]
 
 [[package]]
@@ -2549,8 +2539,8 @@ dependencies = [
  "sequoia-net",
  "sequoia-openpgp",
  "thiserror",
- "tokio",
- "tokio-util",
+ "tokio 0.2.25",
+ "tokio-util 0.3.1",
 ]
 
 [[package]]
@@ -2647,15 +2637,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2"
 
 [[package]]
-name = "signal-hook-registry"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16f1d0fef1604ba8f7a073c7e701f213e056707210e9020af4528e0101ce11a6"
-dependencies = [
- "libc",
-]
-
-[[package]]
 name = "signature"
 version = "1.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2706,6 +2687,16 @@ dependencies = [
 ]
 
 [[package]]
+name = "socket2"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516"
+dependencies = [
+ "libc",
+ "winapi 0.3.9",
+]
+
+[[package]]
 name = "spin"
 version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2889,20 +2880,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6703a273949a90131b290be1fe7b039d0fc884aa1935860dfcbe056f28cd8092"
 dependencies = [
  "bytes 0.5.6",
- "fnv",
- "futures-core",
  "iovec",
  "lazy_static",
  "libc",
  "memchr",
- "mio",
- "mio-named-pipes",
+ "mio 0.6.23",
  "mio-uds",
- "num_cpus",
  "pin-project-lite 0.1.12",
- "signal-hook-registry",
  "slab",
- "tokio-macros",
+ "tokio-macros 0.2.6",
+]
+
+[[package]]
+name = "tokio"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2c2416fdedca8443ae44b4527de1ea633af61d8f7169ffa6e72c5b53d24efcc"
+dependencies = [
+ "autocfg 1.0.1",
+ "bytes 1.0.1",
+ "libc",
+ "memchr",
+ "mio 0.7.13",
+ "pin-project-lite 0.2.6",
+ "tokio-macros 1.4.1",
  "winapi 0.3.9",
 ]
 
@@ -2918,13 +2919,24 @@ dependencies = [
 ]
 
 [[package]]
-name = "tokio-tls"
-version = "0.3.1"
+name = "tokio-macros"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "154794c8f499c2619acd19e839294703e9e32e7630ef5f46ea80d4ef0fbee5eb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a70f4fcd7b3b24fb194f837560168208f669ca8cb70d0c4b862944452396343"
+checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b"
 dependencies = [
  "native-tls",
- "tokio",
+ "tokio 1.12.0",
 ]
 
 [[package]]
@@ -2939,7 +2951,21 @@ dependencies = [
  "futures-sink",
  "log",
  "pin-project-lite 0.1.12",
- "tokio",
+ "tokio 0.2.25",
+]
+
+[[package]]
+name = "tokio-util"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d3725d3efa29485e87311c5b699de63cde14b00ed4d256b8318aa30ca452cd"
+dependencies = [
+ "bytes 1.0.1",
+ "futures-core",
+ "futures-sink",
+ "log",
+ "pin-project-lite 0.2.6",
+ "tokio 1.12.0",
 ]
 
 [[package]]
@@ -2955,7 +2981,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "375a639232caf30edfc78e8d89b2d4c375515393e7af7e16f01cd96917fb2105"
 dependencies = [
  "cfg-if 1.0.0",
- "log",
  "pin-project-lite 0.2.6",
  "tracing-core",
 ]
@@ -2970,16 +2995,6 @@ dependencies = [
 ]
 
 [[package]]
-name = "tracing-futures"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97d095ae15e245a057c8e8451bab9b3ee1e1f68e9ba2b4fbc18d0ac5237835f2"
-dependencies = [
- "pin-project",
- "tracing",
-]
-
-[[package]]
 name = "try-lock"
 version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml
index a2320c45..53ddaf68 100644
--- a/ffi/Cargo.toml
+++ b/ffi/Cargo.toml
@@ -32,7 +32,7 @@ lazy_static = "1.4.0"
 libc = "0.2.66"
 memsec = { version = ">=0.5", default-features = false }
 native-tls = "0.2.0"
-tokio = { version = "0.2.19", features = ["rt-core", "io-driver", "io-util", "time"] }
+tokio = { version = "1", features = ["rt", "time"] }
 
 [dev-dependencies]
 filetime = "0.2"
diff --git a/ffi/src/net.rs b/ffi/src/net.rs
index ce1888b8..c8f03289 100644
--- a/ffi/src/net.rs
+++ b/ffi/src/net.rs
@@ -127,7 +127,7 @@ fn sq_keyserver_get(ctx: *mut Context,
     let ks = ffi_param_ref_mut!(ks);
     let id = id.ref_raw().clone();
 
-    let mut core = ffi_try_or!(basic_runtime(), None);
+    let core = ffi_try_or!(basic_runtime(), None);
     core.block_on(ks.get(id)).move_into_raw(Some(ctx.errp()))
 }
 
@@ -146,13 +146,12 @@ fn sq_keyserver_send(ctx: *mut Context,
 
     ffi_try_status!(basic_runtime()
                     .map_err(|e| e.into())
-                    .and_then(|mut rt| rt.block_on(ks.send(cert))))
+                    .and_then(|rt| rt.block_on(ks.send(cert))))
 }
 
 /// Constructs a basic Tokio runtime.
 fn basic_runtime() -> tokio::io::Result<tokio::runtime::Runtime> {
-    tokio::runtime::Builder::new()
-        .basic_scheduler()
+    tokio::runtime::Builder::new_current_thread()
         .enable_io()
         .enable_time()
         .build()
diff --git a/net/Cargo.toml b/net/Cargo.toml
index dcdfd9a4..cd3ce1ed 100644
--- a/net/Cargo.toml
+++ b/net/Cargo.toml
@@ -26,8 +26,8 @@ sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false
 anyhow = "1.0.18"
 futures-util = "0.3.5"
 http = "0.2"
-hyper = "0.13"
-hyper-tls = "0.4"
+hyper = { version = "0.14.10", features = [ "http1", "http2", "server" ] }
+hyper-tls = "0.5"
 libc = "0.2.66"
 native-tls = "0.2.0"
 percent-encoding = "2.1"
@@ -37,8 +37,8 @@ url = "2.1"
 zbase32 = "0.1.2"
 
 [dev-dependencies]
-rand = { version = "0.7", default-features = false, features = ["getrandom"] }
-tokio = { version = "0.2.19", features = ["full"] }
+rand = { version = "0.7", default-features = false, features = [ "getrandom" ] }
+tokio = { version = "1", features = [ "macros" ] }
 
 [lib]
 bench = false
diff --git a/sq/Cargo.toml b/sq/Cargo.toml
index 03cd657a..560e570e 100644
--- a/sq/Cargo.toml
+++ b/sq/Cargo.toml
@@ -36,7 +36,7 @@ clap = { version = "2.33", features = ["wrap_help"] }
 itertools = "0.9"
 tempfile = "3.1"
 term_size = "0.3"
-tokio = { version = "0.2.19", features = ["rt-core", "io-util", "io-driver"], optional = true }
+tokio = { version = "1", optional = true }
 rpassword = "5.0"
 
 [build-dependencies]
diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs
index 899c65fd..dc3f10ee 100644
--- a/sq/src/commands/net.rs
+++ b/sq/src/commands/net.rs
@@ -49,8 +49,7 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> {
         KeyServer::keys_openpgp_org(network_policy)
     }.context("Malformed keyserver URI")?;
 
-    let mut rt = tokio::runtime::Builder::new()
-        .basic_scheduler()
+    let rt = tokio::runtime::Builder::new_current_thread()
         .enable_io()
         .enable_time()
         .build()?;
@@ -113,8 +112,7 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> {
 pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> {
     let network_policy = parse_network_policy(m);
 
-    let mut rt = tokio::runtime::Builder::new()
-        .basic_scheduler()
+    let rt = tokio::runtime::Builder::new_current_thread()
         .enable_io()
         .enable_time()
         .build()?;
author	Nora Widdecke <nora@sequoia-pgp.org>	2021-09-28 12:18:38 +0200
committer	Nora Widdecke <nora@sequoia-pgp.org>	2021-10-25 18:25:05 +0200
commit	463b8702ab672e1f528968f46f81b8cfdf2005c8 (patch)
tree	52be0e0741130c9507a26d6865ef34562baf6b85
parent	6257a2e0197190f5f2951693256d05d32437bd55 (diff)