This repository was archived by the owner on Feb 16, 2024. It is now read-only.

chore(deps): update rust crate openssl to v0.10.60 [security] #295

Open

stackable-bot wants to merge 1 commit into main from renovate/crate-openssl-vulnerability

Contributor

stackable-bot commented Dec 13, 2023

This PR contains the following updates:

Package	Type	Update	Change
openssl	dependencies	patch	`0.10.45` -> `0.10.60`

GitHub Vulnerability Alerts

GHSA-9qwg-crg9-m2vc

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3_EXT_nconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.

Thanks to David Benjamin (Google) for reporting this issue.

GHSA-6hcf-g6gr-hhcr

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

GHSA-3gxf-9r58-2ghg

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.

GHSA-xcf7-rvmh-g6q4

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

GHSA-xphf-cx8h-7q9g

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with X509StoreRef::all_certificates.

Release Notes

sfackler/rust-openssl (openssl)

`v0.10.60`

What's Changed

Correct off-by-one in minimum output buffer size computation by @alex in https://github.com/sfackler/rust-openssl/pull/2088
Expose a few more (bad) ciphers in cipher::Cipher by @alex in https://github.com/sfackler/rust-openssl/pull/2084
add temp key bindings by @jmayclin in https://github.com/sfackler/rust-openssl/pull/2076
Expose ChaCha20 on LibreSSL by @alex in https://github.com/sfackler/rust-openssl/pull/2093
Revert "Correct off-by-one in minimum output buffer size computation" by @alex in https://github.com/sfackler/rust-openssl/pull/2090
Added update_unchecked to symm::Crypter by @alex in https://github.com/sfackler/rust-openssl/pull/2100
fixes #2096 -- deprecate X509StoreRef::objects, it is unsound by @alex in https://github.com/sfackler/rust-openssl/pull/2099
Don't leak when overwriting ex data by @sfackler in https://github.com/sfackler/rust-openssl/pull/2102
Release openssl v0.10.60 and openssl-sys v0.9.96 by @alex in https://github.com/sfackler/rust-openssl/pull/2104

Full Changelog: sfackler/rust-openssl@openssl-v0.10.59...openssl-v0.10.60

`v0.10.59`

What's Changed

Add binding to NID of Chacha20-Poly1305 cipher by @Arnavion in https://github.com/sfackler/rust-openssl/pull/2081
Fixed cfg for RSA_PSS by @alex in https://github.com/sfackler/rust-openssl/pull/2079
fixes #2050 -- build and test on libressl 3.8.2 by @alex in https://github.com/sfackler/rust-openssl/pull/2082
Release openssl v0.10.59 and openssl-sys v0.9.95 by @alex in https://github.com/sfackler/rust-openssl/pull/2083

New Contributors

@Arnavion made their first contribution in https://github.com/sfackler/rust-openssl/pull/2081

Full Changelog: sfackler/rust-openssl@openssl-v0.10.58...openssl-v0.10.59

`v0.10.58`

What's Changed

LibreSSL 3.8.1 support by @alex in https://github.com/sfackler/rust-openssl/pull/2035
Update vendored version to openssl 3 by @amousset in https://github.com/sfackler/rust-openssl/pull/1925
Test against 3.2.0-alpha1 by @sfackler in https://github.com/sfackler/rust-openssl/pull/2037
Removed reference to non-existent method by @alex in https://github.com/sfackler/rust-openssl/pull/2039
Bump CI to 1.1.1w by @sfackler in https://github.com/sfackler/rust-openssl/pull/2040
[openssl-sys] Add X509_check_{host,email,ip,ip_asc} fns by @jgallagher in https://github.com/sfackler/rust-openssl/pull/2042
Expose CBC mode for several more (bad) ciphers by @alex in https://github.com/sfackler/rust-openssl/pull/2045
Expose two additional Pkey IDs by @alex in https://github.com/sfackler/rust-openssl/pull/2046
Add support for CRL extensions and the Authority Information Access e… by @AdmiralGT in https://github.com/sfackler/rust-openssl/pull/2003
Fix clippy warnings produced by newer Rust by @wiktor-k in https://github.com/sfackler/rust-openssl/pull/2052
Use osslconf on BoringSSL by @alex in https://github.com/sfackler/rust-openssl/pull/2056
Make X509_ALGOR opaque for LibreSSL by @botovq in https://github.com/sfackler/rust-openssl/pull/2060
Don't ignore ECDSA tests without GF2m support by @botovq in https://github.com/sfackler/rust-openssl/pull/2061
Clarify 'possible LibreSSL bug' by @botovq in https://github.com/sfackler/rust-openssl/pull/2062
Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by @botovq in https://github.com/sfackler/rust-openssl/pull/2063
Enable SHA-3 for LibreSSL 3.8.0 by @botovq in https://github.com/sfackler/rust-openssl/pull/2064
Remove DH_generate_parameters for LibreSSL 3.8.2 by @botovq in https://github.com/sfackler/rust-openssl/pull/2065
Use EVP_MD_CTX_{new,free}() in LibreSSL 3.8.2 by @botovq in https://github.com/sfackler/rust-openssl/pull/2067
Enable HKDF support for LibreSSL >= 3.6.0 by @botovq in https://github.com/sfackler/rust-openssl/pull/2066
Two build script fixes for LibreSSL by @botovq in https://github.com/sfackler/rust-openssl/pull/2068
Respect OPENSSL_NO_OCB on AES functions by @GuyLewin in https://github.com/sfackler/rust-openssl/pull/2070
Support OPENSSL_NO_SCRYPT by @GuyLewin in https://github.com/sfackler/rust-openssl/pull/2071
Bump 3.2.0 beta by @sfackler in https://github.com/sfackler/rust-openssl/pull/2073
add security level bindings by @jmayclin in https://github.com/sfackler/rust-openssl/pull/2074
Release openssl v0.10.58 and openssl-sys v0.9.94 by @alex in https://github.com/sfackler/rust-openssl/pull/2078

New Contributors

@amousset made their first contribution in https://github.com/sfackler/rust-openssl/pull/1925
@jgallagher made their first contribution in https://github.com/sfackler/rust-openssl/pull/2042
@AdmiralGT made their first contribution in https://github.com/sfackler/rust-openssl/pull/2003
@botovq made their first contribution in https://github.com/sfackler/rust-openssl/pull/2060
@GuyLewin made their first contribution in https://github.com/sfackler/rust-openssl/pull/2070
@jmayclin made their first contribution in https://github.com/sfackler/rust-openssl/pull/2074

Full Changelog: sfackler/rust-openssl@openssl-v0.10.57...openssl-v0.10.58

`v0.10.57`

What's Changed

Expose chacha20_poly1305 on LibreSSL by @alex in https://github.com/sfackler/rust-openssl/pull/2011
Add openssl::cipher_ctx::CipherCtx::clone by @johntyner in https://github.com/sfackler/rust-openssl/pull/2017
Add X509VerifyParam::set_email by @dhouck in https://github.com/sfackler/rust-openssl/pull/2018
Add perl-FindBin dep for fedora by @JadedBlueEyes in https://github.com/sfackler/rust-openssl/pull/2023
Update to bitflags 2.2.1. by @qwandor in https://github.com/sfackler/rust-openssl/pull/1906
Release openssl v0.10.57 and openssl-sys v0.9.92 by @alex in https://github.com/sfackler/rust-openssl/pull/2025

New Contributors

@johntyner made their first contribution in https://github.com/sfackler/rust-openssl/pull/2017
@dhouck made their first contribution in https://github.com/sfackler/rust-openssl/pull/2018
@JadedBlueEyes made their first contribution in https://github.com/sfackler/rust-openssl/pull/2023
@qwandor made their first contribution in https://github.com/sfackler/rust-openssl/pull/1906

Full Changelog: sfackler/rust-openssl@openssl-v0.10.56...openssl-v0.10.57

`v0.10.56`: openssl v0.10.56

`v0.10.55`

What's Changed

Fix warnings from BoringSSL on Rust 1.70 by @alex in https://github.com/sfackler/rust-openssl/pull/1948
Honor OPENSSL_NO_OCB if OpenSSL was built this way by @davidben in https://github.com/sfackler/rust-openssl/pull/1952
Fix some deprecated patterns when using BoringSSL by @davidben in https://github.com/sfackler/rust-openssl/pull/1945
add get_asn1_flag to EcGroupRef by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1947
Fixed type mutability on asn1_flag by @alex in https://github.com/sfackler/rust-openssl/pull/1954
allow affine_coordinates on boring and libre by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1955
add support for EVP_PKEY_derive_set_peer_ex in OpenSSL 3 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1956
Use type-safe wrappers instead of EVP_PKEY_assign by @davidben in https://github.com/sfackler/rust-openssl/pull/1959
add Nid::SM2 and pkey Id::SM2 by @zh-jq in https://github.com/sfackler/rust-openssl/pull/1962
Fix handling of empty host strings by @sfackler in https://github.com/sfackler/rust-openssl/pull/1968
Remove old codes that belows supported Rust version. by @tesuji in https://github.com/sfackler/rust-openssl/pull/1966
Release openssl v0.10.55 and openssl-sys v0.9.89 by @alex in https://github.com/sfackler/rust-openssl/pull/1970

New Contributors

@davidben made their first contribution in https://github.com/sfackler/rust-openssl/pull/1952
@tesuji made their first contribution in https://github.com/sfackler/rust-openssl/pull/1966

Full Changelog: sfackler/rust-openssl@openssl-v0.10.54...openssl-v0.10.55

`v0.10.54`

What's Changed

Remove converting PKCS#8 passphrase to CString by @alex in https://github.com/sfackler/rust-openssl/pull/1941
Version bump for openssl v0.10.54 release by @alex in https://github.com/sfackler/rust-openssl/pull/1942

Full Changelog: sfackler/rust-openssl@openssl-v0.10.53...openssl-v0.10.54

`v0.10.53`

What's Changed

Check for OPENSSL_NO_RC4 when using EVP_rc4 by @oskirby in https://github.com/sfackler/rust-openssl/pull/1910
Fix link errors for X509_get0_authority_xxx methods on Ubuntu/bionic by @oskirby in https://github.com/sfackler/rust-openssl/pull/1909
add X509::pathlen by @zh-jq-b in https://github.com/sfackler/rust-openssl/pull/1916
Add bindings to SSL_bytes_to_cipher_list by @RoastVeg in https://github.com/sfackler/rust-openssl/pull/1921
Add boringssl hkdf derivation by @AndrewScull in https://github.com/sfackler/rust-openssl/pull/1926
add other name support by @huettner94 in https://github.com/sfackler/rust-openssl/pull/1915
LibreSSL 3.8.0 by @vishwin in https://github.com/sfackler/rust-openssl/pull/1935
add Dsa with some helper functions by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1937
reimplement Dsa::generate in terms of generate_params/generate_key by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1938
Added DER serialization for DSAPrivateKey by @alex in https://github.com/sfackler/rust-openssl/pull/1939
version bump 0.9.88 and 0.10.53 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1940

New Contributors

@oskirby made their first contribution in https://github.com/sfackler/rust-openssl/pull/1910
@zh-jq-b made their first contribution in https://github.com/sfackler/rust-openssl/pull/1916
@RoastVeg made their first contribution in https://github.com/sfackler/rust-openssl/pull/1921
@huettner94 made their first contribution in https://github.com/sfackler/rust-openssl/pull/1915

Full Changelog: sfackler/rust-openssl@openssl-v0.10.52...openssl-v0.10.53

`v0.10.52`

What's Changed

Expose BigNum::to_vec_padded on libressl and boringssl by @alex in https://github.com/sfackler/rust-openssl/pull/1895
add support for DH check key by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1896
add poly1305 EVP_PKEY type by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1897
Don't restrict the Signer lifetime by @alex in https://github.com/sfackler/rust-openssl/pull/1898
add low level cmac bindings by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1899
Expose pbkdf2_hmac and scrypt on BoringSSL by @alex in https://github.com/sfackler/rust-openssl/pull/1900
binding to get fips status for ossl300 by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1901
add more x509 extension helper functions by @zh-jq in https://github.com/sfackler/rust-openssl/pull/1887
changelog and version bumps for openssl and openssl-sys by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1905

New Contributors

@zh-jq made their first contribution in https://github.com/sfackler/rust-openssl/pull/1887

Full Changelog: sfackler/rust-openssl@openssl-v0.10.51...openssl-v0.10.52

`v0.10.51`

What's Changed

update documentation to reflect libressl support by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1876
Add issuer_name and reason_code to X509RevokedRef by @Skepfyr in https://github.com/sfackler/rust-openssl/pull/1847
Preparing openssl-sys for PKCS7 and X509 extensions by @bkstein in https://github.com/sfackler/rust-openssl/pull/1789
Fixes #1884 -- don't leave an error on the stack in public_eq by @alex in https://github.com/sfackler/rust-openssl/pull/1885
Fixes #1882 -- added APIs for setting public keys on Dh by @alex in https://github.com/sfackler/rust-openssl/pull/1883
DTLS1 and DTLS1_2 SslVersion for set_min_proto_version() by @algesten in https://github.com/sfackler/rust-openssl/pull/1886
Remove size_t-is-usize argument to bindgen by @alex in https://github.com/sfackler/rust-openssl/pull/1888
Documentation typo for X509Crl by @remigranotier in https://github.com/sfackler/rust-openssl/pull/1891
[Documentation] fixed X509Crl and X509Revoked description in doc by @remigranotier in https://github.com/sfackler/rust-openssl/pull/1892
add asn1octetstring creation support by @reaperhulk in https://github.com/sfackler/rust-openssl/pull/1893
Introduce X509Extension::new_from_der and deprecate the bad APIs by @alex in https://github.com/sfackler/rust-openssl/pull/1880
Release openssl v0.10.51 and openssl-sys v0.9.86 by @alex in https://github.com/sfackler/rust-openssl/pull/1894

New Contributors

@algesten made their first contribution in https://github.com/sfackler/rust-openssl/pull/1886
@remigranotier made their first contribution in https://github.com/sfackler/rust-openssl/pull/1891

Full Changelog: sfackler/rust-openssl@openssl-v0.10.50...openssl-v0.10.51

`v0.10.50`: openssl v0.10.50

`v0.10.49`: openssl v0.10.49

`v0.10.48`: openssl v0.10.48

What's Changed

Fix LibreSSL version checking in openssl/ by @alex in https://github.com/sfackler/rust-openssl/pull/1851
Skip a test that hangs on OpenSSL 3.1.0 by @alex in https://github.com/sfackler/rust-openssl/pull/1850
Improve reliability of some tests by @smoelius in https://github.com/sfackler/rust-openssl/pull/1852
Fix a series of security issues by @alex in https://github.com/sfackler/rust-openssl/pull/1854
Release openssl v0.10.48 and openssl-sys v0.9.83 by @alex in https://github.com/sfackler/rust-openssl/pull/1855

New Contributors

@smoelius made their first contribution in https://github.com/sfackler/rust-openssl/pull/1852

Full Changelog: sfackler/rust-openssl@openssl-v0.10.47...openssl-v0.10.48

`v0.10.47`: openssl v0.10.47

`v0.10.46`: openssl v0.10.46

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.


          chore(deps): update rust crate openssl to v0.10.60 [security]

1ba64d7

stackable-bot added the dependencies label

stackable-bot requested a review from a team

December 13, 2023 20:51

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels