diff options
author | Nora Widdecke <nora@sequoia-pgp.org> | 2021-09-28 12:18:38 +0200 |
---|---|---|
committer | Nora Widdecke <nora@sequoia-pgp.org> | 2021-10-25 18:25:05 +0200 |
commit | 463b8702ab672e1f528968f46f81b8cfdf2005c8 (patch) | |
tree | 52be0e0741130c9507a26d6865ef34562baf6b85 /ffi/Cargo.toml | |
parent | 6257a2e0197190f5f2951693256d05d32437bd55 (diff) |
ffi, net, sq: Update to tokio 1.0.
- net: hyper has two vulnerabilities:
- RUSTSEC-2021-0079: "Integer overflow in `hyper`'s parsing of the
`Transfer-Encoding` header leads to data loss" (vulnerability)
- RUSTSEC-2021-0078: "Lenient `hyper` header parsing of
`Content-Length` could allow request smuggling" (vulnerability)
Both are fixed in hyper 0.14.10., which depends on tokio 1. tokio
0.2 is incompatible to tokio 1, so we need to update that too, also
in the dependents sq and ffi.
hyper-tls 0.4 is incompatible to hyper 0.14., update to hyper-tls
0.5.
Diffstat (limited to 'ffi/Cargo.toml')
-rw-r--r-- | ffi/Cargo.toml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index a2320c45..53ddaf68 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -32,7 +32,7 @@ lazy_static = "1.4.0" libc = "0.2.66" memsec = { version = ">=0.5", default-features = false } native-tls = "0.2.0" -tokio = { version = "0.2.19", features = ["rt-core", "io-driver", "io-util", "time"] } +tokio = { version = "1", features = ["rt", "time"] } [dev-dependencies] filetime = "0.2" |