diff options
author | Nora Widdecke <nora@sequoia-pgp.org> | 2021-09-28 12:18:38 +0200 |
---|---|---|
committer | Nora Widdecke <nora@sequoia-pgp.org> | 2021-10-25 18:25:05 +0200 |
commit | 463b8702ab672e1f528968f46f81b8cfdf2005c8 (patch) | |
tree | 52be0e0741130c9507a26d6865ef34562baf6b85 | |
parent | 6257a2e0197190f5f2951693256d05d32437bd55 (diff) |
ffi, net, sq: Update to tokio 1.0.
- net: hyper has two vulnerabilities:
- RUSTSEC-2021-0079: "Integer overflow in `hyper`'s parsing of the
`Transfer-Encoding` header leads to data loss" (vulnerability)
- RUSTSEC-2021-0078: "Lenient `hyper` header parsing of
`Content-Length` could allow request smuggling" (vulnerability)
Both are fixed in hyper 0.14.10., which depends on tokio 1. tokio
0.2 is incompatible to tokio 1, so we need to update that too, also
in the dependents sq and ffi.
hyper-tls 0.4 is incompatible to hyper 0.14., update to hyper-tls
0.5.
-rw-r--r-- | Cargo.lock | 193 | ||||
-rw-r--r-- | ffi/Cargo.toml | 2 | ||||
-rw-r--r-- | ffi/src/net.rs | 7 | ||||
-rw-r--r-- | net/Cargo.toml | 8 | ||||
-rw-r--r-- | sq/Cargo.toml | 2 | ||||
-rw-r--r-- | sq/src/commands/net.rs | 6 |
6 files changed, 115 insertions, 103 deletions
@@ -1212,11 +1212,11 @@ dependencies = [ [[package]] name = "h2" -version = "0.2.7" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e4728fd124914ad25e99e3d15a9361a879f6620f63cb56bbb08f95abb97a535" +checksum = "6c06815895acec637cd6ed6e9662c935b866d20a106f8361892893a7d9234964" dependencies = [ - "bytes 0.5.6", + "bytes 1.0.1", "fnv", "futures-core", "futures-sink", @@ -1224,10 +1224,9 @@ dependencies = [ "http", "indexmap", "slab", - "tokio", - "tokio-util", + "tokio 1.12.0", + "tokio-util 0.6.8", "tracing", - "tracing-futures", ] [[package]] @@ -1286,33 +1285,34 @@ dependencies = [ [[package]] name = "http-body" -version = "0.3.1" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13d5ff830006f7646652e057693569bfe0d51760c0085a071769d142a205111b" +checksum = "399c583b2979440c60be0821a6199eca73bc3c8dcd9d070d75ac726e2c6186e5" dependencies = [ - "bytes 0.5.6", + "bytes 1.0.1", "http", + "pin-project-lite 0.2.6", ] [[package]] name = "httparse" -version = "1.3.5" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "615caabe2c3160b313d52ccc905335f4ed5f10881dd63dc5699d47e90be85691" +checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" [[package]] name = "httpdate" -version = "0.3.2" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "494b4d60369511e7dea41cf646832512a94e542f68bb9c49e54518e0f468eb47" +checksum = "6456b8a6c8f33fee7d958fcd1b60d55b11940a79e63ae87013e6d22e26034440" [[package]] name = "hyper" -version = "0.13.10" +version = "0.14.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a6f157065790a3ed2f88679250419b5cdd96e714a0d65f7797fd337186e96bb" +checksum = "15d1cfb9e4f68655fa04c01f59edb405b6074a0f7118ea881e5026e4a1cd8593" dependencies = [ - "bytes 0.5.6", + "bytes 1.0.1", "futures-channel", "futures-core", "futures-util", @@ -1322,9 +1322,9 @@ dependencies = [ "httparse", "httpdate", "itoa", - "pin-project", - "socket2", - "tokio", + "pin-project-lite 0.2.6", + "socket2 0.4.2", + "tokio 1.12.0", "tower-service", "tracing", "want", @@ -1332,15 +1332,15 @@ dependencies = [ [[package]] name = "hyper-tls" -version = "0.4.3" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d979acc56dcb5b8dddba3917601745e877576475aa046df3226eabdecef78eed" +checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ - "bytes 0.5.6", + "bytes 1.0.1", "hyper", "native-tls", - "tokio", - "tokio-tls", + "tokio 1.12.0", + "tokio-native-tls", ] [[package]] @@ -1583,14 +1583,15 @@ dependencies = [ ] [[package]] -name = "mio-named-pipes" -version = "0.1.7" +name = "mio" +version = "0.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0840c1c50fd55e521b247f949c241c9997709f23bd7f023b9762cd561e935656" +checksum = "8c2bdb6314ec10835cd3293dd268473a835c02b7b352e788be788b3c6ca6bb16" dependencies = [ + "libc", "log", - "mio", "miow 0.3.7", + "ntapi", "winapi 0.3.9", ] @@ -1602,7 +1603,7 @@ checksum = "afcb699eb26d4332647cc848492bbc15eafb26f08d0304550d5aa1f612e066f0" dependencies = [ "iovec", "libc", - "mio", + "mio 0.6.23", ] [[package]] @@ -1695,6 +1696,15 @@ dependencies = [ ] [[package]] +name = "ntapi" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" +dependencies = [ + "winapi 0.3.9", +] + +[[package]] name = "num-bigint" version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1887,26 +1897,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d70072c20945e1ab871c472a285fc772aefd4f5407723c206242f2c6f94595d6" [[package]] -name = "pin-project" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc174859768806e91ae575187ada95c91a29e96a98dc5d2cd9a1fed039501ba6" -dependencies = [ - "pin-project-internal", -] - -[[package]] -name = "pin-project-internal" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a490329918e856ed1b083f244e3bfe2d8c4f336407e4ea9e1a9f479ff09049e5" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] name = "pin-project-lite" version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2376,7 +2366,7 @@ dependencies = [ "sequoia-net", "sequoia-openpgp", "sequoia-store", - "tokio", + "tokio 1.12.0", ] [[package]] @@ -2418,11 +2408,11 @@ dependencies = [ "quickcheck", "rand 0.7.3", "sequoia-openpgp", - "socket2", + "socket2 0.3.19", "tempfile", "thiserror", - "tokio", - "tokio-util", + "tokio 0.2.25", + "tokio-util 0.3.1", "winapi 0.3.9", ] @@ -2442,7 +2432,7 @@ dependencies = [ "sequoia-openpgp", "tempfile", "thiserror", - "tokio", + "tokio 1.12.0", "url", "zbase32", ] @@ -2531,7 +2521,7 @@ dependencies = [ "sequoia-openpgp", "tempfile", "term_size", - "tokio", + "tokio 1.12.0", ] [[package]] @@ -2549,8 +2539,8 @@ dependencies = [ "sequoia-net", "sequoia-openpgp", "thiserror", - "tokio", - "tokio-util", + "tokio 0.2.25", + "tokio-util 0.3.1", ] [[package]] @@ -2647,15 +2637,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7fdf1b9db47230893d76faad238fd6097fd6d6a9245cd7a4d90dbd639536bbd2" [[package]] -name = "signal-hook-registry" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16f1d0fef1604ba8f7a073c7e701f213e056707210e9020af4528e0101ce11a6" -dependencies = [ - "libc", -] - -[[package]] name = "signature" version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2706,6 +2687,16 @@ dependencies = [ ] [[package]] +name = "socket2" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" +dependencies = [ + "libc", + "winapi 0.3.9", +] + +[[package]] name = "spin" version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2889,20 +2880,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6703a273949a90131b290be1fe7b039d0fc884aa1935860dfcbe056f28cd8092" dependencies = [ "bytes 0.5.6", - "fnv", - "futures-core", "iovec", "lazy_static", "libc", "memchr", - "mio", - "mio-named-pipes", + "mio 0.6.23", "mio-uds", - "num_cpus", "pin-project-lite 0.1.12", - "signal-hook-registry", "slab", - "tokio-macros", + "tokio-macros 0.2.6", +] + +[[package]] +name = "tokio" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2c2416fdedca8443ae44b4527de1ea633af61d8f7169ffa6e72c5b53d24efcc" +dependencies = [ + "autocfg 1.0.1", + "bytes 1.0.1", + "libc", + "memchr", + "mio 0.7.13", + "pin-project-lite 0.2.6", + "tokio-macros 1.4.1", "winapi 0.3.9", ] @@ -2918,13 +2919,24 @@ dependencies = [ ] [[package]] -name = "tokio-tls" -version = "0.3.1" +name = "tokio-macros" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "154794c8f499c2619acd19e839294703e9e32e7630ef5f46ea80d4ef0fbee5eb" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-native-tls" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a70f4fcd7b3b24fb194f837560168208f669ca8cb70d0c4b862944452396343" +checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b" dependencies = [ "native-tls", - "tokio", + "tokio 1.12.0", ] [[package]] @@ -2939,7 +2951,21 @@ dependencies = [ "futures-sink", "log", "pin-project-lite 0.1.12", - "tokio", + "tokio 0.2.25", +] + +[[package]] +name = "tokio-util" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d3725d3efa29485e87311c5b699de63cde14b00ed4d256b8318aa30ca452cd" +dependencies = [ + "bytes 1.0.1", + "futures-core", + "futures-sink", + "log", + "pin-project-lite 0.2.6", + "tokio 1.12.0", ] [[package]] @@ -2955,7 +2981,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "375a639232caf30edfc78e8d89b2d4c375515393e7af7e16f01cd96917fb2105" dependencies = [ "cfg-if 1.0.0", - "log", "pin-project-lite 0.2.6", "tracing-core", ] @@ -2970,16 +2995,6 @@ dependencies = [ ] [[package]] -name = "tracing-futures" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97d095ae15e245a057c8e8451bab9b3ee1e1f68e9ba2b4fbc18d0ac5237835f2" -dependencies = [ - "pin-project", - "tracing", -] - -[[package]] name = "try-lock" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index a2320c45..53ddaf68 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -32,7 +32,7 @@ lazy_static = "1.4.0" libc = "0.2.66" memsec = { version = ">=0.5", default-features = false } native-tls = "0.2.0" -tokio = { version = "0.2.19", features = ["rt-core", "io-driver", "io-util", "time"] } +tokio = { version = "1", features = ["rt", "time"] } [dev-dependencies] filetime = "0.2" diff --git a/ffi/src/net.rs b/ffi/src/net.rs index ce1888b8..c8f03289 100644 --- a/ffi/src/net.rs +++ b/ffi/src/net.rs @@ -127,7 +127,7 @@ fn sq_keyserver_get(ctx: *mut Context, let ks = ffi_param_ref_mut!(ks); let id = id.ref_raw().clone(); - let mut core = ffi_try_or!(basic_runtime(), None); + let core = ffi_try_or!(basic_runtime(), None); core.block_on(ks.get(id)).move_into_raw(Some(ctx.errp())) } @@ -146,13 +146,12 @@ fn sq_keyserver_send(ctx: *mut Context, ffi_try_status!(basic_runtime() .map_err(|e| e.into()) - .and_then(|mut rt| rt.block_on(ks.send(cert)))) + .and_then(|rt| rt.block_on(ks.send(cert)))) } /// Constructs a basic Tokio runtime. fn basic_runtime() -> tokio::io::Result<tokio::runtime::Runtime> { - tokio::runtime::Builder::new() - .basic_scheduler() + tokio::runtime::Builder::new_current_thread() .enable_io() .enable_time() .build() diff --git a/net/Cargo.toml b/net/Cargo.toml index dcdfd9a4..cd3ce1ed 100644 --- a/net/Cargo.toml +++ b/net/Cargo.toml @@ -26,8 +26,8 @@ sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false anyhow = "1.0.18" futures-util = "0.3.5" http = "0.2" -hyper = "0.13" -hyper-tls = "0.4" +hyper = { version = "0.14.10", features = [ "http1", "http2", "server" ] } +hyper-tls = "0.5" libc = "0.2.66" native-tls = "0.2.0" percent-encoding = "2.1" @@ -37,8 +37,8 @@ url = "2.1" zbase32 = "0.1.2" [dev-dependencies] -rand = { version = "0.7", default-features = false, features = ["getrandom"] } -tokio = { version = "0.2.19", features = ["full"] } +rand = { version = "0.7", default-features = false, features = [ "getrandom" ] } +tokio = { version = "1", features = [ "macros" ] } [lib] bench = false diff --git a/sq/Cargo.toml b/sq/Cargo.toml index 03cd657a..560e570e 100644 --- a/sq/Cargo.toml +++ b/sq/Cargo.toml @@ -36,7 +36,7 @@ clap = { version = "2.33", features = ["wrap_help"] } itertools = "0.9" tempfile = "3.1" term_size = "0.3" -tokio = { version = "0.2.19", features = ["rt-core", "io-util", "io-driver"], optional = true } +tokio = { version = "1", optional = true } rpassword = "5.0" [build-dependencies] diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs index 899c65fd..dc3f10ee 100644 --- a/sq/src/commands/net.rs +++ b/sq/src/commands/net.rs @@ -49,8 +49,7 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> { KeyServer::keys_openpgp_org(network_policy) }.context("Malformed keyserver URI")?; - let mut rt = tokio::runtime::Builder::new() - .basic_scheduler() + let rt = tokio::runtime::Builder::new_current_thread() .enable_io() .enable_time() .build()?; @@ -113,8 +112,7 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> { pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> { let network_policy = parse_network_policy(m); - let mut rt = tokio::runtime::Builder::new() - .basic_scheduler() + let rt = tokio::runtime::Builder::new_current_thread() .enable_io() .enable_time() .build()?; |