Merge branch 'lle-bout/upgrade-rustls-quinn' into 'master'

RUSTSEC-2023-0052 Upgrade rustls and quinn See merge request veloren/veloren!4087
2024-08-30 18:12:32 +00:00 · 2023-08-23 07:44:49 +00:00 · 2023-08-23 07:44:49 +00:00 · b4431b4dda
commit b4431b4dda
parent 6fbca74e88 b03d0dcc7b
5 changed files with 51 additions and 72 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2964,7 +2964,7 @@ dependencies = [
 "rustls-native-certs 0.5.0",
 "tokio",
 "tokio-rustls",
- "webpki 0.21.4",
+ "webpki",
 ]

 [[package]]
@ -4856,55 +4856,50 @@ dependencies = [

 [[package]]
 name = "quinn"
-version = "0.8.5"
+version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b435e71d9bfa0d8889927231970c51fb89c58fa63bffcab117c9c7a41e5ef8f"
+checksum = "8cc2c5017e4b43d5995dcea317bc46c1e09404c0a9664d2908f7f02dfe943d75"
 dependencies = [
 "bytes",
- "futures-channel",
- "futures-util",
- "fxhash",
+ "pin-project-lite",
 "quinn-proto",
 "quinn-udp",
- "rustls 0.20.8",
+ "rustc-hash",
+ "rustls 0.21.6",
 "thiserror",
 "tokio",
 "tracing",
- "webpki 0.22.0",
 ]

 [[package]]
 name = "quinn-proto"
-version = "0.8.4"
+version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fce546b9688f767a57530652488420d419a8b1f44a478b451c3d1ab6d992a55"
+checksum = "b83c2a964b8b68e6c9c616f09b735b436a78843704fa6979a076073e622f69dc"
 dependencies = [
 "bytes",
- "fxhash",
 "rand 0.8.5",
 "ring",
- "rustls 0.20.8",
+ "rustc-hash",
+ "rustls 0.21.6",
 "rustls-native-certs 0.6.2",
- "rustls-pemfile 0.2.1",
 "slab",
 "thiserror",
 "tinyvec",
 "tracing",
- "webpki 0.22.0",
 ]

 [[package]]
 name = "quinn-udp"
-version = "0.1.4"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b07946277141531aea269befd949ed16b2c85a780ba1043244eda0969e538e54"
+checksum = "055b4e778e8feb9f93c4e439f71dc2156ef13360b432b799e179a8c4cdf0b1d7"
 dependencies = [
- "futures-util",
+ "bytes",
 "libc",
- "quinn-proto",
- "socket2 0.4.9",
- "tokio",
+ "socket2 0.5.2",
 "tracing",
+ "windows-sys 0.48.0",
 ]

 [[package]]
@ -5454,19 +5449,19 @@ dependencies = [
 "log",
 "ring",
 "sct 0.6.1",
- "webpki 0.21.4",
+ "webpki",
 ]

 [[package]]
 name = "rustls"
-version = "0.20.8"
+version = "0.21.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
+checksum = "1d1feddffcfcc0b33f5c6ce9a29e341e4cd59c3f78e7ee45f4a40c038b1d6cbb"
 dependencies = [
 "log",
 "ring",
+ "rustls-webpki",
 "sct 0.7.0",
- "webpki 0.22.0",
 ]

 [[package]]
@ -5488,20 +5483,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50"
 dependencies = [
 "openssl-probe",
- "rustls-pemfile 1.0.2",
+ "rustls-pemfile",
 "schannel",
 "security-framework",
 ]

-[[package]]
-name = "rustls-pemfile"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
-dependencies = [
- "base64 0.13.1",
-]
-
 [[package]]
 name = "rustls-pemfile"
 version = "1.0.2"
@ -5511,6 +5497,16 @@ dependencies = [
 "base64 0.21.0",
 ]

+[[package]]
+name = "rustls-webpki"
+version = "0.101.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "rusttype"
 version = "0.7.9"
@ -6537,9 +6533,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.28.0"
+version = "1.28.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3c786bf8134e5a3a166db9b29ab8f48134739014a3eca7bc6bfa95d673b136f"
+checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
 dependencies = [
 "autocfg",
 "bytes",
@ -6572,7 +6568,7 @@ checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
 dependencies = [
 "rustls 0.19.1",
 "tokio",
- "webpki 0.21.4",
+ "webpki",
 ]

 [[package]]
@ -6656,6 +6652,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
 dependencies = [
 "cfg-if 1.0.0",
+ "log",
 "pin-project-lite",
 "tracing-attributes",
 "tracing-core",
@ -7233,7 +7230,7 @@ dependencies = [
 "quinn",
 "rand 0.8.5",
 "rcgen",
- "rustls 0.20.8",
+ "rustls 0.21.6",
 "serde",
 "shellexpand",
 "socket2 0.5.2",
@ -7343,8 +7340,8 @@ dependencies = [
 "refinery",
 "ron 0.8.0",
 "rusqlite",
- "rustls 0.20.8",
- "rustls-pemfile 1.0.2",
+ "rustls 0.21.6",
+ "rustls-pemfile",
 "schnellru",
 "serde",
 "serde_json",
@ -8136,16 +8133,6 @@ dependencies = [
 "untrusted",
 ]

-[[package]]
-name = "webpki"
-version = "0.22.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "wfd"
 version = "0.1.7"
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@ -23,7 +23,7 @@ network = { package = "veloren-network", path = "../network", features = ["compr

 byteorder = "1.3.2"
 tokio = { workspace = true, features = ["rt-multi-thread"] }
-quinn = "0.8"
+quinn = "0.10"
 image = { workspace = true }
 num = { workspace = true }
 tracing = { workspace = true }
--- a/network/Cargo.toml
+++ b/network/Cargo.toml
@ -37,8 +37,8 @@ async-channel = "1.6" #use for .close() channels
 lazy_static = { workspace = true }
 rand = { workspace = true }
 #quic support
-quinn = { version = "0.8", optional = true }
-rustls = "0.20.1"
+quinn = { version = "0.10", optional = true }
+rustls = "0.21"
 #stream flags
 bitflags = { workspace = true }
 lz-fear = { version = "0.1.1", optional = true }
--- a/network/src/channel.rs
+++ b/network/src/channel.rs
@ -2,8 +2,6 @@ use crate::api::{ConnectAddr, NetworkConnectError};
 use async_trait::async_trait;
 use bytes::BytesMut;
 use futures_util::FutureExt;
-#[cfg(feature = "quic")]
-use futures_util::StreamExt;
 use hashbrown::HashMap;
 use network_protocol::{
    Bandwidth, Cid, InitProtocolError, MpscMsg, MpscRecvProtocol, MpscSendProtocol, Pid,
@ -313,15 +311,12 @@ impl Protocols {
        s2s_stop_listening_r: oneshot::Receiver<()>,
        c2s_protocol_s: mpsc::UnboundedSender<C2sProtocol>,
    ) -> io::Result<()> {
-        let (_endpoint, mut listener) = match quinn::Endpoint::server(server_config, addr) {
-            Ok(v) => v,
-            Err(e) => return Err(e),
-        };
+        let endpoint = quinn::Endpoint::server(server_config, addr)?;
        trace!(?addr, "Quic Listener bound");
        let mut end_receiver = s2s_stop_listening_r.fuse();
        tokio::spawn(async move {
            while let Some(Some(connecting)) = select! {
-                next = listener.next().fuse() => Some(next),
+                next = endpoint.accept().fuse() => Some(next),
                _ = &mut end_receiver => None,
            } {
                let remote_addr = anonymize_addr(&connecting.remote_address());
@ -361,25 +356,24 @@ impl Protocols {

    #[cfg(feature = "quic")]
    pub(crate) async fn new_quic(
-        mut connection: quinn::NewConnection,
+        connection: quinn::Connection,
        listen: bool,
        metrics: ProtocolMetricCache,
    ) -> Result<Self, quinn::ConnectionError> {
        let (sendstream, recvstream) = if listen {
-            connection.connection.open_bi().await?
+            connection.open_bi().await?
        } else {
            connection
-                .bi_streams
-                .next()
+                .accept_bi()
                .await
-                .ok_or(quinn::ConnectionError::LocallyClosed)??
+                .or(Err(quinn::ConnectionError::LocallyClosed))?
        };
        let (recvstreams_s, recvstreams_r) = mpsc::unbounded_channel();
        let streams_s_clone = recvstreams_s.clone();
        let (sendstreams_s, sendstreams_r) = mpsc::unbounded_channel();
        let sp = QuicSendProtocol::new(
            QuicDrain {
-                con: connection.connection.clone(),
+                con: connection.clone(),
                main: sendstream,
                reliables: HashMap::new(),
                recvstreams_s: streams_s_clone,
@ -390,8 +384,7 @@ impl Protocols {
        spawn_new(recvstream, None, &recvstreams_s);
        let rp = QuicRecvProtocol::new(
            QuicSink {
-                con: connection.connection,
-                bi: connection.bi_streams,
+                con: connection,
                recvstreams_r,
                recvstreams_s,
                sendstreams_s,
@ -615,7 +608,6 @@ pub struct QuicDrain {
 pub struct QuicSink {
    #[allow(dead_code)]
    con: quinn::Connection,
-    bi: quinn::IncomingBiStreams,
    recvstreams_r: mpsc::UnboundedReceiver<QuicStream>,
    recvstreams_s: mpsc::UnboundedSender<QuicStream>,
    sendstreams_s: mpsc::UnboundedSender<quinn::SendStream>,
@ -697,7 +689,7 @@ impl UnreliableSink for QuicSink {
            // first handle all bi streams!
            let (a, b) = select! {
                biased;
-                Some(n) = self.bi.next().fuse() => (Some(n), None),
+                n = self.con.accept_bi().fuse() => (Some(n), None),
                Some(n) = self.recvstreams_r.recv().fuse() => (None, Some(n)),
            };

--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@ -40,8 +40,8 @@ vek = { workspace = true }
 futures-util = { workspace = true }
 tokio = { workspace = true }
 prometheus-hyper = { workspace = true }
-quinn = "0.8"
-rustls = { version = "0.20", default-features = false }
+quinn = "0.10"
+rustls = { version = "0.21", default-features = false }
 rustls-pemfile = { version = "1", default-features = false }
 atomicwrites = "0.4"
 chrono = { workspace = true }