Mirrored_Repos/veloren
1
0
Fork 0
mirror of https://gitlab.com/veloren/veloren.git synced 2024-08-30 18:12:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade rustls and quinn

Browse Source 
According to RUSTSEC-2023-0052 we need to upgrade rustls to 0.21
to get a fix for the issue which may or may not affect Veloren
since it's about client certificates but with the absence of a
PoC it seems like a good idea to upgrade anyway, just to be sure.

webpki has gone unmaintained (which rustls 0.20 depends on),
starting with rustls 0.21 it depends on rustls-webpki which
contains a fix for the issue. Since quinn also depends on
rustls 0.20 in 0.8 and 0.9 versions, we needed to upgrade it to
0.10 so that it depends on rustls 0.21 which we now use.
This commit is contained in:
Laura 2023-08-23 06:35:36 +02:00
parent 6fbca74e88
commit b03d0dcc7b
5 changed files with 51 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
Cargo.lock generated
View File

@ -2964,7 +2964,7 @@ dependencies = [
"rustls-native-certs 0.5.0",
"tokio",
"tokio-rustls",
"webpki 0.21.4",
"webpki",
]
[[package]]
@ -4856,55 +4856,50 @@ dependencies = [
[[package]]
name = "quinn"
version = "0.8.5"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b435e71d9bfa0d8889927231970c51fb89c58fa63bffcab117c9c7a41e5ef8f"
checksum = "8cc2c5017e4b43d5995dcea317bc46c1e09404c0a9664d2908f7f02dfe943d75"
dependencies = [
"bytes",
"futures-channel",
"futures-util",
"fxhash",
"pin-project-lite",
"quinn-proto",
"quinn-udp",
"rustls 0.20.8",
"rustc-hash",
"rustls 0.21.6",
"thiserror",
"tokio",
"tracing",
"webpki 0.22.0",
]
[[package]]
name = "quinn-proto"
version = "0.8.4"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3fce546b9688f767a57530652488420d419a8b1f44a478b451c3d1ab6d992a55"
checksum = "b83c2a964b8b68e6c9c616f09b735b436a78843704fa6979a076073e622f69dc"
dependencies = [
"bytes",
"fxhash",
"rand 0.8.5",
"ring",
"rustls 0.20.8",
"rustc-hash",
"rustls 0.21.6",
"rustls-native-certs 0.6.2",
"rustls-pemfile 0.2.1",
"slab",
"thiserror",
"tinyvec",
"tracing",
"webpki 0.22.0",
]
[[package]]
name = "quinn-udp"
version = "0.1.4"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b07946277141531aea269befd949ed16b2c85a780ba1043244eda0969e538e54"
checksum = "055b4e778e8feb9f93c4e439f71dc2156ef13360b432b799e179a8c4cdf0b1d7"
dependencies = [
"futures-util",
"bytes",
"libc",
"quinn-proto",
"socket2 0.4.9",
"tokio",
"socket2 0.5.2",
"tracing",
"windows-sys 0.48.0",
]
[[package]]
@ -5454,19 +5449,19 @@ dependencies = [
"log",
"ring",
"sct 0.6.1",
"webpki 0.21.4",
"webpki",
]
[[package]]
name = "rustls"
version = "0.20.8"
version = "0.21.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
checksum = "1d1feddffcfcc0b33f5c6ce9a29e341e4cd59c3f78e7ee45f4a40c038b1d6cbb"
dependencies = [
"log",
"ring",
"rustls-webpki",
"sct 0.7.0",
"webpki 0.22.0",
]
[[package]]
@ -5488,20 +5483,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50"
dependencies = [
"openssl-probe",
"rustls-pemfile 1.0.2",
"rustls-pemfile",
"schannel",
"security-framework",
]
[[package]]
name = "rustls-pemfile"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
dependencies = [
"base64 0.13.1",
]
[[package]]
name = "rustls-pemfile"
version = "1.0.2"
@ -5511,6 +5497,16 @@ dependencies = [
"base64 0.21.0",
]
[[package]]
name = "rustls-webpki"
version = "0.101.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "rusttype"
version = "0.7.9"
@ -6537,9 +6533,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
version = "1.28.0"
version = "1.28.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3c786bf8134e5a3a166db9b29ab8f48134739014a3eca7bc6bfa95d673b136f"
checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
dependencies = [
"autocfg",
"bytes",
@ -6572,7 +6568,7 @@ checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
dependencies = [
"rustls 0.19.1",
"tokio",
"webpki 0.21.4",
"webpki",
]
[[package]]
@ -6656,6 +6652,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
dependencies = [
"cfg-if 1.0.0",
"log",
"pin-project-lite",
"tracing-attributes",
"tracing-core",
@ -7233,7 +7230,7 @@ dependencies = [
"quinn",
"rand 0.8.5",
"rcgen",
"rustls 0.20.8",
"rustls 0.21.6",
"serde",
"shellexpand",
"socket2 0.5.2",
@ -7343,8 +7340,8 @@ dependencies = [
"refinery",
"ron 0.8.0",
"rusqlite",
"rustls 0.20.8",
"rustls-pemfile 1.0.2",
"rustls 0.21.6",
"rustls-pemfile",
"schnellru",
"serde",
"serde_json",
@ -8136,16 +8133,6 @@ dependencies = [
"untrusted",
]
[[package]]
name = "webpki"
version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
dependencies = [
"ring",
"untrusted",
]
[[package]]
name = "wfd"
version = "0.1.7"

2
client/Cargo.toml
View File

@ -23,7 +23,7 @@ network = { package = "veloren-network", path = "../network", features = ["compr
byteorder = "1.3.2"
tokio = { workspace = true, features = ["rt-multi-thread"] }
quinn = "0.8"
quinn = "0.10"
image = { workspace = true }
num = { workspace = true }
tracing = { workspace = true }

4
network/Cargo.toml
View File

@ -37,8 +37,8 @@ async-channel = "1.6" #use for .close() channels
lazy_static = { workspace = true }
rand = { workspace = true }
#quic support
quinn = { version = "0.8", optional = true }
rustls = "0.20.1"
quinn = { version = "0.10", optional = true }
rustls = "0.21"
#stream flags
bitflags = { workspace = true }
lz-fear = { version = "0.1.1", optional = true }

26
network/src/channel.rs
View File

@ -2,8 +2,6 @@ use crate::api::{ConnectAddr, NetworkConnectError};
use async_trait::async_trait;
use bytes::BytesMut;
use futures_util::FutureExt;
#[cfg(feature = "quic")]
use futures_util::StreamExt;
use hashbrown::HashMap;
use network_protocol::{
Bandwidth, Cid, InitProtocolError, MpscMsg, MpscRecvProtocol, MpscSendProtocol, Pid,
@ -313,15 +311,12 @@ impl Protocols {
s2s_stop_listening_r: oneshot::Receiver<()>,
c2s_protocol_s: mpsc::UnboundedSender<C2sProtocol>,
) -> io::Result<()> {
let (_endpoint, mut listener) = match quinn::Endpoint::server(server_config, addr) {
Ok(v) => v,
Err(e) => return Err(e),
};
let endpoint = quinn::Endpoint::server(server_config, addr)?;
trace!(?addr, "Quic Listener bound");
let mut end_receiver = s2s_stop_listening_r.fuse();
tokio::spawn(async move {
while let Some(Some(connecting)) = select! {
next = listener.next().fuse() => Some(next),
next = endpoint.accept().fuse() => Some(next),
_ = &mut end_receiver => None,
} {
let remote_addr = anonymize_addr(&connecting.remote_address());
@ -361,25 +356,24 @@ impl Protocols {
#[cfg(feature = "quic")]
pub(crate) async fn new_quic(
mut connection: quinn::NewConnection,
connection: quinn::Connection,
listen: bool,
metrics: ProtocolMetricCache,
) -> Result<Self, quinn::ConnectionError> {
let (sendstream, recvstream) = if listen {
connection.connection.open_bi().await?
connection.open_bi().await?
} else {
connection
.bi_streams
.next()
.accept_bi()
.await
.ok_or(quinn::ConnectionError::LocallyClosed)??
.or(Err(quinn::ConnectionError::LocallyClosed))?
};
let (recvstreams_s, recvstreams_r) = mpsc::unbounded_channel();
let streams_s_clone = recvstreams_s.clone();
let (sendstreams_s, sendstreams_r) = mpsc::unbounded_channel();
let sp = QuicSendProtocol::new(
QuicDrain {
con: connection.connection.clone(),
con: connection.clone(),
main: sendstream,
reliables: HashMap::new(),
recvstreams_s: streams_s_clone,
@ -390,8 +384,7 @@ impl Protocols {
spawn_new(recvstream, None, &recvstreams_s);
let rp = QuicRecvProtocol::new(
QuicSink {
con: connection.connection,
bi: connection.bi_streams,
con: connection,
recvstreams_r,
recvstreams_s,
sendstreams_s,
@ -615,7 +608,6 @@ pub struct QuicDrain {
pub struct QuicSink {
#[allow(dead_code)]
con: quinn::Connection,
bi: quinn::IncomingBiStreams,
recvstreams_r: mpsc::UnboundedReceiver<QuicStream>,
recvstreams_s: mpsc::UnboundedSender<QuicStream>,
sendstreams_s: mpsc::UnboundedSender<quinn::SendStream>,
@ -697,7 +689,7 @@ impl UnreliableSink for QuicSink {
// first handle all bi streams!
let (a, b) = select! {
biased;
Some(n) = self.bi.next().fuse() => (Some(n), None),
n = self.con.accept_bi().fuse() => (Some(n), None),
Some(n) = self.recvstreams_r.recv().fuse() => (None, Some(n)),
};

4
server/Cargo.toml
View File

@ -40,8 +40,8 @@ vek = { workspace = true }
futures-util = { workspace = true }
tokio = { workspace = true }
prometheus-hyper = { workspace = true }
quinn = "0.8"
rustls = { version = "0.20", default-features = false }
quinn = "0.10"
rustls = { version = "0.21", default-features = false }
rustls-pemfile = { version = "1", default-features = false }
atomicwrites = "0.4"
chrono = { workspace = true }