risq
risq copied to clipboard
Published
20 hours ago •
bodymindarts
bodymindarts
Update Rust crate openssl to v0.10.55 [SECURITY]
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| openssl | dependencies | patch | 0.10.25 -> 0.10.55 |
GitHub Vulnerability Alerts
GHSA-6hcf-g6gr-hhcr
These functions would crash when the context argument was None with certain extension types.
Thanks to David Benjamin (Google) for reporting this issue.
GHSA-3gxf-9r58-2ghg
OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.
Thanks to David Benjamin (Google) for reporting this issue.
GHSA-9qwg-crg9-m2vc
SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3_EXT_nconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.
Thanks to David Benjamin (Google) for reporting this issue.
GHSA-xcf7-rvmh-g6q4
When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.
Release Notes
sfackler/rust-openssl (openssl)
v0.10.55
What's Changed
- Fix warnings from BoringSSL on Rust 1.70 by @alex in https://github.com/sfackler/rust-openssl/pull/1948
- Honor OPENSSL_NO_OCB if OpenSSL was built this way by @davidben in https://github.com/sfackler/rust-openssl/pull/1952
- Fix some deprecated patterns when using BoringSSL by @davidben in https://github.com/sfackler/rust-openssl/pull/1945
- add get_asn1_flag to EcGroupRef by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1947
- Fixed type mutability on asn1_flag by @alex in https://github.com/sfackler/rust-openssl/pull/1954
- allow affine_coordinates on boring and libre by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1955
- add support for EVP_PKEY_derive_set_peer_ex in OpenSSL 3 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1956
- Use type-safe wrappers instead of EVP_PKEY_assign by @davidben in https://github.com/sfackler/rust-openssl/pull/1959
- add Nid::SM2 and pkey Id::SM2 by @zh-jq in https://github.com/sfackler/rust-openssl/pull/1962
- Fix handling of empty host strings by @sfackler in https://github.com/sfackler/rust-openssl/pull/1968
- Remove old codes that belows supported Rust version. by @tesuji in https://github.com/sfackler/rust-openssl/pull/1966
- Release openssl v0.10.55 and openssl-sys v0.9.89 by @alex in https://github.com/sfackler/rust-openssl/pull/1970
New Contributors
- @davidben made their first contribution in https://github.com/sfackler/rust-openssl/pull/1952
- @tesuji made their first contribution in https://github.com/sfackler/rust-openssl/pull/1966
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.54...openssl-v0.10.55
v0.10.54
What's Changed
- Remove converting PKCS#8 passphrase to CString by @alex in https://github.com/sfackler/rust-openssl/pull/1941
- Version bump for openssl v0.10.54 release by @alex in https://github.com/sfackler/rust-openssl/pull/1942
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.53...openssl-v0.10.54
v0.10.53
What's Changed
- Check for OPENSSL_NO_RC4 when using EVP_rc4 by @oskirby in https://github.com/sfackler/rust-openssl/pull/1910
- Fix link errors for X509_get0_authority_xxx methods on Ubuntu/bionic by @oskirby in https://github.com/sfackler/rust-openssl/pull/1909
- add X509::pathlen by @zh-jq-b in https://github.com/sfackler/rust-openssl/pull/1916
- Add bindings to SSL_bytes_to_cipher_list by @RoastVeg in https://github.com/sfackler/rust-openssl/pull/1921
- Add boringssl hkdf derivation by @AndrewScull in https://github.com/sfackler/rust-openssl/pull/1926
- add other name support by @huettner94 in https://github.com/sfackler/rust-openssl/pull/1915
- LibreSSL 3.8.0 by @vishwin in https://github.com/sfackler/rust-openssl/pull/1935
- add Dsa<Params> with some helper functions by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1937
- reimplement Dsa::generate in terms of generate_params/generate_key by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1938
- Added DER serialization for
DSAPrivateKeyby @alex in https://github.com/sfackler/rust-openssl/pull/1939 - version bump 0.9.88 and 0.10.53 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1940
New Contributors
- @oskirby made their first contribution in https://github.com/sfackler/rust-openssl/pull/1910
- @zh-jq-b made their first contribution in https://github.com/sfackler/rust-openssl/pull/1916
- @RoastVeg made their first contribution in https://github.com/sfackler/rust-openssl/pull/1921
- @huettner94 made their first contribution in https://github.com/sfackler/rust-openssl/pull/1915
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.52...openssl-v0.10.53
v0.10.52
What's Changed
- Expose BigNum::to_vec_padded on libressl and boringssl by @alex in https://github.com/sfackler/rust-openssl/pull/1895
- add support for DH check key by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1896
- add poly1305 EVP_PKEY type by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1897
- Don't restrict the Signer lifetime by @alex in https://github.com/sfackler/rust-openssl/pull/1898
- add low level cmac bindings by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1899
- Expose pbkdf2_hmac and scrypt on BoringSSL by @alex in https://github.com/sfackler/rust-openssl/pull/1900
- binding to get fips status for ossl300 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1901
- add more x509 extension helper functions by @zh-jq in https://github.com/sfackler/rust-openssl/pull/1887
- changelog and version bumps for openssl and openssl-sys by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1905
New Contributors
- @zh-jq made their first contribution in https://github.com/sfackler/rust-openssl/pull/1887
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.51...openssl-v0.10.52
v0.10.51
What's Changed
- update documentation to reflect libressl support by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1876
- Add issuer_name and reason_code to X509RevokedRef by @Skepfyr in https://github.com/sfackler/rust-openssl/pull/1847
- Preparing openssl-sys for PKCS7 and X509 extensions by @bkstein in https://github.com/sfackler/rust-openssl/pull/1789
- Fixes #1884 -- don't leave an error on the stack in public_eq by @alex in https://github.com/sfackler/rust-openssl/pull/1885
- Fixes #1882 -- added APIs for setting public keys on Dh by @alex in https://github.com/sfackler/rust-openssl/pull/1883
- DTLS1 and DTLS1_2 SslVersion for set_min_proto_version() by @algesten in https://github.com/sfackler/rust-openssl/pull/1886
- Remove size_t-is-usize argument to bindgen by @alex in https://github.com/sfackler/rust-openssl/pull/1888
- Documentation typo for X509Crl by @remigranotier in https://github.com/sfackler/rust-openssl/pull/1891
- [Documentation] fixed X509Crl and X509Revoked description in doc by @remigranotier in https://github.com/sfackler/rust-openssl/pull/1892
- add asn1octetstring creation support by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1893
- Introduce X509Extension::new_from_der and deprecate the bad APIs by @alex in https://github.com/sfackler/rust-openssl/pull/1880
- Release openssl v0.10.51 and openssl-sys v0.9.86 by @alex in https://github.com/sfackler/rust-openssl/pull/1894
New Contributors
- @algesten made their first contribution in https://github.com/sfackler/rust-openssl/pull/1886
- @remigranotier made their first contribution in https://github.com/sfackler/rust-openssl/pull/1891
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.50...openssl-v0.10.51
v0.10.50: openssl v0.10.50
v0.10.49: openssl v0.10.49
v0.10.48: openssl v0.10.48
What's Changed
- Fix LibreSSL version checking in openssl/ by @alex in https://github.com/sfackler/rust-openssl/pull/1851
- Skip a test that hangs on OpenSSL 3.1.0 by @alex in https://github.com/sfackler/rust-openssl/pull/1850
- Improve reliability of some tests by @smoelius in https://github.com/sfackler/rust-openssl/pull/1852
- Fix a series of security issues by @alex in https://github.com/sfackler/rust-openssl/pull/1854
- Release openssl v0.10.48 and openssl-sys v0.9.83 by @alex in https://github.com/sfackler/rust-openssl/pull/1855
New Contributors
- @smoelius made their first contribution in https://github.com/sfackler/rust-openssl/pull/1852
Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.47...openssl-v0.10.48
v0.10.47: openssl v0.10.47
v0.10.46: openssl v0.10.46
v0.10.45: openssl v0.10.45
v0.10.44: openssl v0.10.44
v0.10.43: openssl v0.10.43
v0.10.42: openssl v0.10.42
v0.10.41: openssl v0.10.41
v0.10.40: openssl v0.10.40
v0.10.39: openssl v0.10.39
v0.10.38: openssl v0.10.38
v0.10.37: openssl v0.10.37
v0.10.36: openssl v0.10.36
v0.10.35: openssl v0.10.35
v0.10.34: openssl v0.10.34
v0.10.33: openssl v0.10.33
v0.10.32: openssl v0.10.32
v0.10.31: openssl v0.10.31
v0.10.30: openssl v0.10.30
v0.10.29: openssl v0.10.29
v0.10.28: openssl v0.10.28
v0.10.27: openssl v0.10.27
v0.10.26: openssl v0.10.26
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}