search

balena-os / takeover

Migrate arbitrary devices to balena
12 stars 8 forks source link

Update Rust crate openssl to v0.10.66 [SECURITY] - autoclosed #87

Closed balena-renovate[bot] closed 2 months ago

balena-renovate[bot] commented 2 months ago

This PR contains the following updates:

Package Type Update Change
openssl dependencies patch 0.10.63 -> 0.10.66

GitHub Vulnerability Alerts

GHSA-q445-7m23-qrmw

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

Release Notes

sfackler/rust-openssl (openssl) ### [`v0.10.66`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66) ##### What's Changed - Fixed invariant violation in `MemBio::get_buf` with empty results by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2266](https://togithub.com/sfackler/rust-openssl/pull/2266) - Release openssl v0.10.66 by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2267](https://togithub.com/sfackler/rust-openssl/pull/2267) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66 ### [`v0.10.65`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.65) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65) ##### What's Changed - don't emit rerun-if-changed when vendoring by [@​reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2177](https://togithub.com/sfackler/rust-openssl/pull/2177) - Prepare for openssl-sys 0.9.101 release by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2182](https://togithub.com/sfackler/rust-openssl/pull/2182) - don't emit rerun-if-changed unless the path exists and is readable by [@​reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2187](https://togithub.com/sfackler/rust-openssl/pull/2187) - Added support for LibreSSL 3.9.0 by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2202](https://togithub.com/sfackler/rust-openssl/pull/2202) - Support stable LibreSSL 3.9.x by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2209](https://togithub.com/sfackler/rust-openssl/pull/2209) - openssl-sys 0.9.102 release by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2210](https://togithub.com/sfackler/rust-openssl/pull/2210) - Add repository field to openssl-macros crate by [@​paolobarbolini](https://togithub.com/paolobarbolini) in [https://github.com/sfackler/rust-openssl/pull/2211](https://togithub.com/sfackler/rust-openssl/pull/2211) - Add missing openssl-sys dependency by [@​pieterdd](https://togithub.com/pieterdd) in [https://github.com/sfackler/rust-openssl/pull/2212](https://togithub.com/sfackler/rust-openssl/pull/2212) - Test OpenSSL 3.3.0-beta1 by [@​sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2216](https://togithub.com/sfackler/rust-openssl/pull/2216) - test against 3.3.0 final by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2218](https://togithub.com/sfackler/rust-openssl/pull/2218) - fix min-versions in CI by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2228](https://togithub.com/sfackler/rust-openssl/pull/2228) - Make X509\_VAL opaque for LibreSSL 4.0.0 by [@​botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2227](https://togithub.com/sfackler/rust-openssl/pull/2227) - Use the newer names for STACK_OF(T) functions with BoringSSL by [@​davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/2231](https://togithub.com/sfackler/rust-openssl/pull/2231) - Only declare OpensslCallbacks in bindgen builds by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2234](https://togithub.com/sfackler/rust-openssl/pull/2234) - Fix building with latest BoringSSL by [@​davidben](https://togithub.com/davidben) in [https://github.com/sfackler/rust-openssl/pull/2230](https://togithub.com/sfackler/rust-openssl/pull/2230) - Emit rustc-check-cfg for nightly by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2235](https://togithub.com/sfackler/rust-openssl/pull/2235) - Configure OpenSSL data dir on vendored builds. by [@​DanielSidhion](https://togithub.com/DanielSidhion) in [https://github.com/sfackler/rust-openssl/pull/2122](https://togithub.com/sfackler/rust-openssl/pull/2122) - Add boringssl keylog callback support by [@​mspublic](https://togithub.com/mspublic) in [https://github.com/sfackler/rust-openssl/pull/2237](https://togithub.com/sfackler/rust-openssl/pull/2237) - Correct the name of the `pkgconf` package on some distros by [@​JonathanBrouwer](https://togithub.com/JonathanBrouwer) in [https://github.com/sfackler/rust-openssl/pull/2253](https://togithub.com/sfackler/rust-openssl/pull/2253) - Add some OpenSSL 3 QUIC raw bindings by [@​bdbai](https://togithub.com/bdbai) in [https://github.com/sfackler/rust-openssl/pull/2257](https://togithub.com/sfackler/rust-openssl/pull/2257) - Initialize OpenSSL in MD constructors by [@​sfackler](https://togithub.com/sfackler) in [https://github.com/sfackler/rust-openssl/pull/2258](https://togithub.com/sfackler/rust-openssl/pull/2258) - Switch Pkey::from\_ to use set1 functions by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2262](https://togithub.com/sfackler/rust-openssl/pull/2262) - Release openssl v0.10.65 and openssl-sys v0.9.103 by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2265](https://togithub.com/sfackler/rust-openssl/pull/2265) ##### New Contributors - [@​paolobarbolini](https://togithub.com/paolobarbolini) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2211](https://togithub.com/sfackler/rust-openssl/pull/2211) - [@​pieterdd](https://togithub.com/pieterdd) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2212](https://togithub.com/sfackler/rust-openssl/pull/2212) - [@​DanielSidhion](https://togithub.com/DanielSidhion) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2122](https://togithub.com/sfackler/rust-openssl/pull/2122) - [@​mspublic](https://togithub.com/mspublic) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2237](https://togithub.com/sfackler/rust-openssl/pull/2237) - [@​JonathanBrouwer](https://togithub.com/JonathanBrouwer) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2253](https://togithub.com/sfackler/rust-openssl/pull/2253) - [@​bdbai](https://togithub.com/bdbai) made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2257](https://togithub.com/sfackler/rust-openssl/pull/2257) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65 ### [`v0.10.64`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.64) [Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64) ##### What's Changed - Make \_STACK opaque for LibreSSL >= 3.9.0 by [@​botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2153](https://togithub.com/sfackler/rust-openssl/pull/2153) - enable x509 verify and groups list for boringssl by [@​zh-jq](https://togithub.com/zh-jq) in [https://github.com/sfackler/rust-openssl/pull/2155](https://togithub.com/sfackler/rust-openssl/pull/2155) - Cleanup some not-required Path::new invocations by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2158](https://togithub.com/sfackler/rust-openssl/pull/2158) - fixed a clippy (nightly) warning by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2161](https://togithub.com/sfackler/rust-openssl/pull/2161) - Bump actions versions by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2162](https://togithub.com/sfackler/rust-openssl/pull/2162) - Add support for setting the nonce type and digest on a PKEY_CTX by [@​facutuesca](https://togithub.com/facutuesca) in [https://github.com/sfackler/rust-openssl/pull/2144](https://togithub.com/sfackler/rust-openssl/pull/2144) - rebuild openssl-sys if the underlying openssl has changed by [@​reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2157](https://togithub.com/sfackler/rust-openssl/pull/2157) - Added binding for EVP_default_properties_enable_fips by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2168](https://togithub.com/sfackler/rust-openssl/pull/2168) - LibreSSL 3.9: fix CRYPTO_malloc/free signatures by [@​botovq](https://togithub.com/botovq) in [https://github.com/sfackler/rust-openssl/pull/2170](https://togithub.com/sfackler/rust-openssl/pull/2170) - Expose alias on X509 structs by [@​alex](https://togithub.com/alex) in [https://github.com/sfackler/rust-openssl/pull/2167](https://togithub.com/sfackler/rust-openssl/pull/2167) - bump openssl and openssl-sys + changelogs by [@​reaperhulk](https://togithub.com/reaperhulk) in [https://github.com/sfackler/rust-openssl/pull/2175](https://togithub.com/sfackler/rust-openssl/pull/2175) **Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.63...openssl-v0.10.64

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.