diff options
| author | Nora Widdecke <nora@sequoia-pgp.org> | 2021-09-28 12:18:38 +0200 |
|---|---|---|
| committer | Nora Widdecke <nora@sequoia-pgp.org> | 2021-10-25 18:25:05 +0200 |
| commit | 463b8702ab672e1f528968f46f81b8cfdf2005c8 (patch) | |
| tree | 52be0e0741130c9507a26d6865ef34562baf6b85 /net | |
| parent | 6257a2e0197190f5f2951693256d05d32437bd55 (diff) | |
ffi, net, sq: Update to tokio 1.0.
- net: hyper has two vulnerabilities:
- RUSTSEC-2021-0079: "Integer overflow in `hyper`'s parsing of the
`Transfer-Encoding` header leads to data loss" (vulnerability)
- RUSTSEC-2021-0078: "Lenient `hyper` header parsing of
`Content-Length` could allow request smuggling" (vulnerability)
Both are fixed in hyper 0.14.10., which depends on tokio 1. tokio
0.2 is incompatible to tokio 1, so we need to update that too, also
in the dependents sq and ffi.
hyper-tls 0.4 is incompatible to hyper 0.14., update to hyper-tls
0.5.
Diffstat (limited to 'net')
| -rw-r--r-- | net/Cargo.toml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/Cargo.toml b/net/Cargo.toml index dcdfd9a4..cd3ce1ed 100644 --- a/net/Cargo.toml +++ b/net/Cargo.toml @@ -26,8 +26,8 @@ sequoia-openpgp = { path = "../openpgp", version = "1", default-features = false anyhow = "1.0.18" futures-util = "0.3.5" http = "0.2" -hyper = "0.13" -hyper-tls = "0.4" +hyper = { version = "0.14.10", features = [ "http1", "http2", "server" ] } +hyper-tls = "0.5" libc = "0.2.66" native-tls = "0.2.0" percent-encoding = "2.1" @@ -37,8 +37,8 @@ url = "2.1" zbase32 = "0.1.2" [dev-dependencies] -rand = { version = "0.7", default-features = false, features = ["getrandom"] } -tokio = { version = "0.2.19", features = ["full"] } +rand = { version = "0.7", default-features = false, features = [ "getrandom" ] } +tokio = { version = "1", features = [ "macros" ] } [lib] bench = false |