-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Commit 99f6ac6
committed
Auto merge of #13068 - rust-lang:renovate/crate-openssl-vulnerability, r=weihanglo
chore(deps): update rust crate openssl to 0.10.60 [security]
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [openssl](https://togithub.com/sfackler/rust-openssl) | workspace.dependencies | patch | `0.10.57` -> `0.10.60` |
### GitHub Vulnerability Alerts
#### [GHSA-xphf-cx8h-7q9g](https://togithub.com/sfackler/rust-openssl/issues/2096)
This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.
Use of this function should be replaced with `X509StoreRef::all_certificates`.
---
### Release Notes
<details>
<summary>sfackler/rust-openssl (openssl)</summary>
### [`v0.10.60`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.60)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60)
#### What's Changed
- Correct off-by-one in minimum output buffer size computation by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2088](https://togithub.com/sfackler/rust-openssl/pull/2088)
- Expose a few more (bad) ciphers in cipher::Cipher by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2084](https://togithub.com/sfackler/rust-openssl/pull/2084)
- add temp key bindings by [`@​jmayclin](https://togithub.com/jmayclin)` in [https://github.com/sfackler/rust-openssl/pull/2076](https://togithub.com/sfackler/rust-openssl/pull/2076)
- Expose ChaCha20 on LibreSSL by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2093](https://togithub.com/sfackler/rust-openssl/pull/2093)
- Revert "Correct off-by-one in minimum output buffer size computation" by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2090](https://togithub.com/sfackler/rust-openssl/pull/2090)
- Added `update_unchecked` to `symm::Crypter` by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2100](https://togithub.com/sfackler/rust-openssl/pull/2100)
- fixes [#​2096](https://togithub.com/sfackler/rust-openssl/issues/2096) -- deprecate `X509StoreRef::objects`, it is unsound by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2099](https://togithub.com/sfackler/rust-openssl/pull/2099)
- Don't leak when overwriting ex data by [`@​sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2102](https://togithub.com/sfackler/rust-openssl/pull/2102)
- Release openssl v0.10.60 and openssl-sys v0.9.96 by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2104](https://togithub.com/sfackler/rust-openssl/pull/2104)
**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.59...openssl-v0.10.60
### [`v0.10.59`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.59)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59)
#### What's Changed
- Add binding to NID of Chacha20-Poly1305 cipher by [`@​Arnavion](https://togithub.com/Arnavion)` in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)
- Fixed cfg for RSA_PSS by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2079](https://togithub.com/sfackler/rust-openssl/pull/2079)
- fixes [#​2050](https://togithub.com/sfackler/rust-openssl/issues/2050) -- build and test on libressl 3.8.2 by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2082](https://togithub.com/sfackler/rust-openssl/pull/2082)
- Release openssl v0.10.59 and openssl-sys v0.9.95 by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2083](https://togithub.com/sfackler/rust-openssl/pull/2083)
#### New Contributors
- [`@​Arnavion](https://togithub.com/Arnavion)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)
**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.58...openssl-v0.10.59
### [`v0.10.58`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.58)
[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58)
#### What's Changed
- LibreSSL 3.8.1 support by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2035](https://togithub.com/sfackler/rust-openssl/pull/2035)
- Update vendored version to openssl 3 by [`@​amousset](https://togithub.com/amousset)` in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
- Test against 3.2.0-alpha1 by [`@​sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2037](https://togithub.com/sfackler/rust-openssl/pull/2037)
- Removed reference to non-existent method by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2039](https://togithub.com/sfackler/rust-openssl/pull/2039)
- Bump CI to 1.1.1w by [`@​sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2040](https://togithub.com/sfackler/rust-openssl/pull/2040)
- \[openssl-sys] Add X509\_check\_{host,email,ip,ip_asc} fns by [`@​jgallagher](https://togithub.com/jgallagher)` in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
- Expose CBC mode for several more (bad) ciphers by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2045](https://togithub.com/sfackler/rust-openssl/pull/2045)
- Expose two additional Pkey IDs by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2046](https://togithub.com/sfackler/rust-openssl/pull/2046)
- Add support for CRL extensions and the Authority Information Access e… by [`@​AdmiralGT](https://togithub.com/AdmiralGT)` in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
- Fix clippy warnings produced by newer Rust by [`@​wiktor-k](https://togithub.com/wiktor-k)` in [https://github.com/sfackler/rust-openssl/pull/2052](https://togithub.com/sfackler/rust-openssl/pull/2052)
- Use osslconf on BoringSSL by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2056](https://togithub.com/sfackler/rust-openssl/pull/2056)
- Make X509\_ALGOR opaque for LibreSSL by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
- Don't ignore ECDSA tests without GF2m support by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2061](https://togithub.com/sfackler/rust-openssl/pull/2061)
- Clarify 'possible LibreSSL bug' by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2062](https://togithub.com/sfackler/rust-openssl/pull/2062)
- Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2063](https://togithub.com/sfackler/rust-openssl/pull/2063)
- Enable SHA-3 for LibreSSL 3.8.0 by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2064](https://togithub.com/sfackler/rust-openssl/pull/2064)
- Remove DH_generate_parameters for LibreSSL 3.8.2 by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2065](https://togithub.com/sfackler/rust-openssl/pull/2065)
- Use EVP_MD_CTX\_{new,free}() in LibreSSL 3.8.2 by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2067](https://togithub.com/sfackler/rust-openssl/pull/2067)
- Enable HKDF support for LibreSSL >= 3.6.0 by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2066](https://togithub.com/sfackler/rust-openssl/pull/2066)
- Two build script fixes for LibreSSL by [`@​botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2068](https://togithub.com/sfackler/rust-openssl/pull/2068)
- Respect OPENSSL_NO_OCB on AES functions by [`@​GuyLewin](https://togithub.com/GuyLewin)` in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
- Support OPENSSL_NO_SCRYPT by [`@​GuyLewin](https://togithub.com/GuyLewin)` in [https://github.com/sfackler/rust-openssl/pull/2071](https://togithub.com/sfackler/rust-openssl/pull/2071)
- Bump 3.2.0 beta by [`@​sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2073](https://togithub.com/sfackler/rust-openssl/pull/2073)
- add security level bindings by [`@​jmayclin](https://togithub.com/jmayclin)` in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)
- Release openssl v0.10.58 and openssl-sys v0.9.94 by [`@​alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2078](https://togithub.com/sfackler/rust-openssl/pull/2078)
#### New Contributors
- [`@​amousset](https://togithub.com/amousset)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
- [`@​jgallagher](https://togithub.com/jgallagher)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
- [`@​AdmiralGT](https://togithub.com/AdmiralGT)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
- [`@​botovq](https://togithub.com/botovq)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
- [`@​GuyLewin](https://togithub.com/GuyLewin)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
- [`@​jmayclin](https://togithub.com/jmayclin)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)
**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.57...openssl-v0.10.58
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rust-lang/cargo).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->](https://renovatebot.com){kind=link}
File tree
Expand file treeCollapse file tree
2 files changed
+7
-7
lines changedFilter options
Expand file treeCollapse file tree
2 files changed
+7
-7
lines changed+6-6Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
+1-1Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
0 commit comments