codecov[bot]
commented
1 year ago Codecov Report
Patch and project coverage have no change.
Comparison is base (
e25856d) 95.94% compared to head (83f3306) 95.94%.
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #154 +/- ## ======================================= Coverage 95.94% 95.94% ======================================= Files 19 19 Lines 1725 1725 ======================================= Hits 1655 1655 Misses 62 62 Partials 8 8 ``` | Flag | Coverage Δ | | |---|---|---| | go | `95.94% <ø> (ø)` | | | wasm | `61.79% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pion#carryforward-flags-in-the-pull-request-comment) to find out more.:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
This PR contains the following updates:
v2.1.5->v2.2.4GitHub Vulnerability Alerts
GHSA-hxp2-xqf3-v83h
Impact
When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None
GHSA-4xgv-j62q-h3rj
Impact
During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None, upgrade to 2.2.4
Release Notes
pion/dtls
### [`v2.2.4`](https://togithub.com/pion/dtls/releases/tag/v2.2.4) [Compare Source](https://togithub.com/pion/dtls/compare/v2.2.3...v2.2.4) #### Security This release contains 2 patches by [@nerd2](https://togithub.com/nerd2) from Motorola Solutions that could lead to panics at runtime. We'd like to thank Sam for finding and responsibly disclosing the vulnerabilities to [@pion/security](https://togithub.com/pion/security). - https://github.com/pion/dtls/security/advisories/GHSA-4xgv-j62q-h3rj - https://github.com/pion/dtls/security/advisories/GHSA-hxp2-xqf3-v83h #### Changelog - [`9e922d5`](https://togithub.com/pion/dtls/commit/9e922d5) Add fuzz tests for handshake - [`a50d26c`](https://togithub.com/pion/dtls/commit/a50d26c) Fix panic unmarshalling hello verify request - [`7a14903`](https://togithub.com/pion/dtls/commit/7a14903) Fix OOB read in server hello ### [`v2.2.3`](https://togithub.com/pion/dtls/releases/tag/v2.2.3) [Compare Source](https://togithub.com/pion/dtls/compare/v2.2.2...v2.2.3) #### Changelog - [`8b8bc87`](https://togithub.com/pion/dtls/commit/8b8bc87) Update module github.com/pion/udp to v0.1.4 ### [`v2.2.2`](https://togithub.com/pion/dtls/releases/tag/v2.2.2) [Compare Source](https://togithub.com/pion/dtls/compare/v2.2.1...v2.2.2) #### Changelog - [`0473adf`](https://togithub.com/pion/dtls/commit/0473adf) Add SkipHelloVerify option to dTLS - [`11ea8c2`](https://togithub.com/pion/dtls/commit/11ea8c2) Update module golang.org/x/crypto to v0.5.0 - [`f3c7b2d`](https://togithub.com/pion/dtls/commit/f3c7b2d) Update module golang.org/x/net to v0.5.0 - [`3dca8e4`](https://togithub.com/pion/dtls/commit/3dca8e4) Update github.com/pion/transport to v2 - [`3606b0d`](https://togithub.com/pion/dtls/commit/3606b0d) Use Go's built-in fuzzing tool instead of go-fuzz - [`b122250`](https://togithub.com/pion/dtls/commit/b122250) Update CI configs to v0.10.3 - [`6aaf97c`](https://togithub.com/pion/dtls/commit/6aaf97c) Fix fuzzing of recordLayer - [`3a6f531`](https://togithub.com/pion/dtls/commit/3a6f531) Update CI configs to v0.10.1 - [`d0f27fe`](https://togithub.com/pion/dtls/commit/d0f27fe) Update module github.com/pion/udp to v0.1.2 - [`205e480`](https://togithub.com/pion/dtls/commit/205e480) Update CI configs to v0.9.0 - [`f40c61d`](https://togithub.com/pion/dtls/commit/f40c61d) Update hash name check to be case insensitive - [`3026357`](https://togithub.com/pion/dtls/commit/3026357) Update module golang.org/x/crypto to v0.4.0 - [`08c3602`](https://togithub.com/pion/dtls/commit/08c3602) Update module golang.org/x/net to v0.4.0 - [`5e7f90f`](https://togithub.com/pion/dtls/commit/5e7f90f) Update CI configs to v0.8.1 - [`c21afb8`](https://togithub.com/pion/dtls/commit/c21afb8) Ignore lint error on Subjects() deprecation - [`0b11454`](https://togithub.com/pion/dtls/commit/0b11454) Update module golang.org/x/crypto to v0.3.0 - [`265bf7a`](https://togithub.com/pion/dtls/commit/265bf7a) Update module golang.org/x/net to v0.2.0 - [`f4896b5`](https://togithub.com/pion/dtls/commit/f4896b5) Update module github.com/pion/transport to v0.14.1 - [`1209570`](https://togithub.com/pion/dtls/commit/1209570) Update module github.com/pion/transport to v0.14.0 - [`8eed8ed`](https://togithub.com/pion/dtls/commit/8eed8ed) Update module golang.org/x/crypto to v0.1.0 - [`4ae7e13`](https://togithub.com/pion/dtls/commit/4ae7e13) Update CI configs to v0.8.0 - [`984d41b`](https://togithub.com/pion/dtls/commit/984d41b) Update golang.org/x/net digest to [`107f3e3`](https://togithub.com/pion/dtls/commit/107f3e3) - [`aabc687`](https://togithub.com/pion/dtls/commit/aabc687) Update golang.org/x/crypto digest to [`eccd636`](https://togithub.com/pion/dtls/commit/eccd636) - [`4f8fa1e`](https://togithub.com/pion/dtls/commit/4f8fa1e) Update golang.org/x/crypto digest to [`c86fa9a`](https://togithub.com/pion/dtls/commit/c86fa9a) - [`980895f`](https://togithub.com/pion/dtls/commit/980895f) Update golang.org/x/net digest to [`83b083e`](https://togithub.com/pion/dtls/commit/83b083e) - [`a04cfcc`](https://togithub.com/pion/dtls/commit/a04cfcc) Implement GetCertificate and GetClientCertificate - [`43968a2`](https://togithub.com/pion/dtls/commit/43968a2) Close connection when handshake timeout occurs - [`b8ebc62`](https://togithub.com/pion/dtls/commit/b8ebc62) Set e2e/Dockerfile to golang:1.18-bullseye - [`82c1271`](https://togithub.com/pion/dtls/commit/82c1271) Implement VerifyConnection as is in tls.Config - [`de299f5`](https://togithub.com/pion/dtls/commit/de299f5) Make the Elliptic curves and order configurable - [`66ec820`](https://togithub.com/pion/dtls/commit/66ec820) Update golang.org/x/net digest to [`69896b7`](https://togithub.com/pion/dtls/commit/69896b7) - [`194c03a`](https://togithub.com/pion/dtls/commit/194c03a) Update golang.org/x/crypto digest to [`0559593`](https://togithub.com/pion/dtls/commit/0559593) - [`0dd0f95`](https://togithub.com/pion/dtls/commit/0dd0f95) Update module github.com/pion/transport to v0.13.1 - [`0d729a7`](https://togithub.com/pion/dtls/commit/0d729a7) Update golang.org/x/net digest to [`c960675`](https://togithub.com/pion/dtls/commit/c960675) - [`4589ddf`](https://togithub.com/pion/dtls/commit/4589ddf) Update golang.org/x/crypto digest to [`793ad66`](https://togithub.com/pion/dtls/commit/793ad66) - [`fa5afe3`](https://togithub.com/pion/dtls/commit/fa5afe3) Update CI configs to v0.7.10 - [`2d27879`](https://togithub.com/pion/dtls/commit/2d27879) Fix KeyUsage on x509 template - [`74571b5`](https://togithub.com/pion/dtls/commit/74571b5) Fix CertificateVerify for [`ed25519`](https://togithub.com/pion/dtls/commit/ed25519) - [`89cd8ae`](https://togithub.com/pion/dtls/commit/89cd8ae) Update CI configs to v0.7.9 - [`84b65ad`](https://togithub.com/pion/dtls/commit/84b65ad) Update CI configs to v0.7.8 - [`10d3c06`](https://togithub.com/pion/dtls/commit/10d3c06) Consolidate signaturehash tests - [`189d384`](https://togithub.com/pion/dtls/commit/189d384) Enable [`ED25519`](https://togithub.com/pion/dtls/commit/ED25519) E2E tests - [`ba33f3d`](https://togithub.com/pion/dtls/commit/ba33f3d) Use full image reference ### [`v2.2.1`](https://togithub.com/pion/dtls/releases/tag/v2.2.1) [Compare Source](https://togithub.com/pion/dtls/compare/v2.2.0...v2.2.1) #### Changelog - [`0473adf`](https://togithub.com/pion/dtls/commit/0473adf) Add SkipHelloVerify option to dTLS - [`11ea8c2`](https://togithub.com/pion/dtls/commit/11ea8c2) Update module golang.org/x/crypto to v0.5.0 - [`f3c7b2d`](https://togithub.com/pion/dtls/commit/f3c7b2d) Update module golang.org/x/net to v0.5.0 - [`3dca8e4`](https://togithub.com/pion/dtls/commit/3dca8e4) Update github.com/pion/transport to v2 - [`3606b0d`](https://togithub.com/pion/dtls/commit/3606b0d) Use Go's built-in fuzzing tool instead of go-fuzz - [`b122250`](https://togithub.com/pion/dtls/commit/b122250) Update CI configs to v0.10.3 - [`6aaf97c`](https://togithub.com/pion/dtls/commit/6aaf97c) Fix fuzzing of recordLayer - [`3a6f531`](https://togithub.com/pion/dtls/commit/3a6f531) Update CI configs to v0.10.1 - [`d0f27fe`](https://togithub.com/pion/dtls/commit/d0f27fe) Update module github.com/pion/udp to v0.1.2 - [`205e480`](https://togithub.com/pion/dtls/commit/205e480) Update CI configs to v0.9.0 - [`f40c61d`](https://togithub.com/pion/dtls/commit/f40c61d) Update hash name check to be case insensitive - [`3026357`](https://togithub.com/pion/dtls/commit/3026357) Update module golang.org/x/crypto to v0.4.0 - [`08c3602`](https://togithub.com/pion/dtls/commit/08c3602) Update module golang.org/x/net to v0.4.0 - [`5e7f90f`](https://togithub.com/pion/dtls/commit/5e7f90f) Update CI configs to v0.8.1 - [`c21afb8`](https://togithub.com/pion/dtls/commit/c21afb8) Ignore lint error on Subjects() deprecation - [`0b11454`](https://togithub.com/pion/dtls/commit/0b11454) Update module golang.org/x/crypto to v0.3.0 - [`265bf7a`](https://togithub.com/pion/dtls/commit/265bf7a) Update module golang.org/x/net to v0.2.0 - [`f4896b5`](https://togithub.com/pion/dtls/commit/f4896b5) Update module github.com/pion/transport to v0.14.1 - [`1209570`](https://togithub.com/pion/dtls/commit/1209570) Update module github.com/pion/transport to v0.14.0 - [`8eed8ed`](https://togithub.com/pion/dtls/commit/8eed8ed) Update module golang.org/x/crypto to v0.1.0 - [`4ae7e13`](https://togithub.com/pion/dtls/commit/4ae7e13) Update CI configs to v0.8.0 - [`984d41b`](https://togithub.com/pion/dtls/commit/984d41b) Update golang.org/x/net digest to [`107f3e3`](https://togithub.com/pion/dtls/commit/107f3e3) - [`aabc687`](https://togithub.com/pion/dtls/commit/aabc687) Update golang.org/x/crypto digest to [`eccd636`](https://togithub.com/pion/dtls/commit/eccd636) - [`4f8fa1e`](https://togithub.com/pion/dtls/commit/4f8fa1e) Update golang.org/x/crypto digest to [`c86fa9a`](https://togithub.com/pion/dtls/commit/c86fa9a) - [`980895f`](https://togithub.com/pion/dtls/commit/980895f) Update golang.org/x/net digest to [`83b083e`](https://togithub.com/pion/dtls/commit/83b083e) - [`a04cfcc`](https://togithub.com/pion/dtls/commit/a04cfcc) Implement GetCertificate and GetClientCertificate - [`43968a2`](https://togithub.com/pion/dtls/commit/43968a2) Close connection when handshake timeout occurs - [`b8ebc62`](https://togithub.com/pion/dtls/commit/b8ebc62) Set e2e/Dockerfile to golang:1.18-bullseye - [`82c1271`](https://togithub.com/pion/dtls/commit/82c1271) Implement VerifyConnection as is in tls.Config - [`de299f5`](https://togithub.com/pion/dtls/commit/de299f5) Make the Elliptic curves and order configurable - [`66ec820`](https://togithub.com/pion/dtls/commit/66ec820) Update golang.org/x/net digest to [`69896b7`](https://togithub.com/pion/dtls/commit/69896b7) - [`194c03a`](https://togithub.com/pion/dtls/commit/194c03a) Update golang.org/x/crypto digest to [`0559593`](https://togithub.com/pion/dtls/commit/0559593) - [`0dd0f95`](https://togithub.com/pion/dtls/commit/0dd0f95) Update module github.com/pion/transport to v0.13.1 - [`0d729a7`](https://togithub.com/pion/dtls/commit/0d729a7) Update golang.org/x/net digest to [`c960675`](https://togithub.com/pion/dtls/commit/c960675) - [`4589ddf`](https://togithub.com/pion/dtls/commit/4589ddf) Update golang.org/x/crypto digest to [`793ad66`](https://togithub.com/pion/dtls/commit/793ad66) - [`fa5afe3`](https://togithub.com/pion/dtls/commit/fa5afe3) Update CI configs to v0.7.10 - [`2d27879`](https://togithub.com/pion/dtls/commit/2d27879) Fix KeyUsage on x509 template - [`74571b5`](https://togithub.com/pion/dtls/commit/74571b5) Fix CertificateVerify for [`ed25519`](https://togithub.com/pion/dtls/commit/ed25519) - [`89cd8ae`](https://togithub.com/pion/dtls/commit/89cd8ae) Update CI configs to v0.7.9 - [`84b65ad`](https://togithub.com/pion/dtls/commit/84b65ad) Update CI configs to v0.7.8 - [`10d3c06`](https://togithub.com/pion/dtls/commit/10d3c06) Consolidate signaturehash tests - [`189d384`](https://togithub.com/pion/dtls/commit/189d384) Enable [`ED25519`](https://togithub.com/pion/dtls/commit/ED25519) E2E tests - [`ba33f3d`](https://togithub.com/pion/dtls/commit/ba33f3d) Use full image reference ### [`v2.2.0`](https://togithub.com/pion/dtls/releases/tag/v2.2.0) [Compare Source](https://togithub.com/pion/dtls/compare/v2.1.5...v2.2.0) #### Changelog - [`5f48042`](https://togithub.com/pion/dtls/commit/5f48042) Use Go's built-in fuzzing tool instead of go-fuzz - [`b122250`](https://togithub.com/pion/dtls/commit/b122250) Update CI configs to v0.10.3 - [`6aaf97c`](https://togithub.com/pion/dtls/commit/6aaf97c) Fix fuzzing of recordLayer - [`3a6f531`](https://togithub.com/pion/dtls/commit/3a6f531) Update CI configs to v0.10.1 - [`d0f27fe`](https://togithub.com/pion/dtls/commit/d0f27fe) Update module github.com/pion/udp to v0.1.2 - [`205e480`](https://togithub.com/pion/dtls/commit/205e480) Update CI configs to v0.9.0 - [`f40c61d`](https://togithub.com/pion/dtls/commit/f40c61d) Update hash name check to be case insensitive - [`3026357`](https://togithub.com/pion/dtls/commit/3026357) Update module golang.org/x/crypto to v0.4.0 - [`08c3602`](https://togithub.com/pion/dtls/commit/08c3602) Update module golang.org/x/net to v0.4.0 - [`5e7f90f`](https://togithub.com/pion/dtls/commit/5e7f90f) Update CI configs to v0.8.1 - [`c21afb8`](https://togithub.com/pion/dtls/commit/c21afb8) Ignore lint error on Subjects() deprecation - [`0b11454`](https://togithub.com/pion/dtls/commit/0b11454) Update module golang.org/x/crypto to v0.3.0 - [`265bf7a`](https://togithub.com/pion/dtls/commit/265bf7a) Update module golang.org/x/net to v0.2.0 - [`f4896b5`](https://togithub.com/pion/dtls/commit/f4896b5) Update module github.com/pion/transport to v0.14.1 - [`1209570`](https://togithub.com/pion/dtls/commit/1209570) Update module github.com/pion/transport to v0.14.0 - [`8eed8ed`](https://togithub.com/pion/dtls/commit/8eed8ed) Update module golang.org/x/crypto to v0.1.0 - [`4ae7e13`](https://togithub.com/pion/dtls/commit/4ae7e13) Update CI configs to v0.8.0 - [`984d41b`](https://togithub.com/pion/dtls/commit/984d41b) Update golang.org/x/net digest to [`107f3e3`](https://togithub.com/pion/dtls/commit/107f3e3) - [`aabc687`](https://togithub.com/pion/dtls/commit/aabc687) Update golang.org/x/crypto digest to [`eccd636`](https://togithub.com/pion/dtls/commit/eccd636) - [`4f8fa1e`](https://togithub.com/pion/dtls/commit/4f8fa1e) Update golang.org/x/crypto digest to [`c86fa9a`](https://togithub.com/pion/dtls/commit/c86fa9a) - [`980895f`](https://togithub.com/pion/dtls/commit/980895f) Update golang.org/x/net digest to [`83b083e`](https://togithub.com/pion/dtls/commit/83b083e) - [`a04cfcc`](https://togithub.com/pion/dtls/commit/a04cfcc) Implement GetCertificate and GetClientCertificate - [`43968a2`](https://togithub.com/pion/dtls/commit/43968a2) Close connection when handshake timeout occurs - [`b8ebc62`](https://togithub.com/pion/dtls/commit/b8ebc62) Set e2e/Dockerfile to golang:1.18-bullseye - [`82c1271`](https://togithub.com/pion/dtls/commit/82c1271) Implement VerifyConnection as is in tls.Config - [`de299f5`](https://togithub.com/pion/dtls/commit/de299f5) Make the Elliptic curves and order configurable - [`66ec820`](https://togithub.com/pion/dtls/commit/66ec820) Update golang.org/x/net digest to [`69896b7`](https://togithub.com/pion/dtls/commit/69896b7) - [`194c03a`](https://togithub.com/pion/dtls/commit/194c03a) Update golang.org/x/crypto digest to [`0559593`](https://togithub.com/pion/dtls/commit/0559593) - [`0dd0f95`](https://togithub.com/pion/dtls/commit/0dd0f95) Update module github.com/pion/transport to v0.13.1 - [`0d729a7`](https://togithub.com/pion/dtls/commit/0d729a7) Update golang.org/x/net digest to [`c960675`](https://togithub.com/pion/dtls/commit/c960675) - [`4589ddf`](https://togithub.com/pion/dtls/commit/4589ddf) Update golang.org/x/crypto digest to [`793ad66`](https://togithub.com/pion/dtls/commit/793ad66) - [`fa5afe3`](https://togithub.com/pion/dtls/commit/fa5afe3) Update CI configs to v0.7.10 - [`2d27879`](https://togithub.com/pion/dtls/commit/2d27879) Fix KeyUsage on x509 template - [`74571b5`](https://togithub.com/pion/dtls/commit/74571b5) Fix CertificateVerify for [`ed25519`](https://togithub.com/pion/dtls/commit/ed25519) - [`89cd8ae`](https://togithub.com/pion/dtls/commit/89cd8ae) Update CI configs to v0.7.9 - [`84b65ad`](https://togithub.com/pion/dtls/commit/84b65ad) Update CI configs to v0.7.8 - [`10d3c06`](https://togithub.com/pion/dtls/commit/10d3c06) Consolidate signaturehash tests - [`189d384`](https://togithub.com/pion/dtls/commit/189d384) Enable [`ED25519`](https://togithub.com/pion/dtls/commit/ED25519) E2E tests - [`ba33f3d`](https://togithub.com/pion/dtls/commit/ba33f3d) Use full image referenceConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.