Open landryb opened 4 months ago
mdecimus
commented
4 months ago Hi,
Stalwart already uses ring version 0.17 and a rustls that uses this same version. The problem seems to be other crates such as lldap which are still using ring 0.16.
This is also causing issues cross compiling the Windows version for aarch64. I will try contacting the crate's maintainers and ask them to upgrade.
landryb
commented
4 months ago thanks @mdecimus , from my reading of https://github.com/inejge/ldap3/issues/117 it seems to be mostly a matter of having a release of lldap ?
landryb
commented
4 months ago ah and sorry for the initial wrong first comment, we 'need' ring 0.17 because ring 0.16's assembly (from boringssl) isnt compatible with execute-only and missing landing pads for CFI which is a security feature
mdecimus
commented
4 months ago I just executed cargo tree and there three multiple dependencies still linking 0.16:
rust-s3, but this can be avoided if you don't need S3 support.ldap3hickory-protoHere is cargo tree's output:
│ │ │ ├── rust-s3 v0.33.0
│ │ │ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ │ │ ├── aws-creds v0.34.1
│ │ │ │ │ ├── attohttpc v0.22.0
│ │ │ │ │ │ ├── http v0.2.12 (*)
│ │ │ │ │ │ ├── log v0.4.21
│ │ │ │ │ │ ├── rustls v0.20.9
│ │ │ │ │ │ │ ├── log v0.4.21
│ │ │ │ │ │ │ ├── ring v0.16.20 (*)
...
│ ├── ldap3 v0.11.3
│ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ ├── bytes v1.6.0
│ │ ├── futures v0.3.30 (*)
│ │ ├── futures-util v0.3.30 (*)
│ │ ├── lazy_static v1.4.0 (*)
│ │ ├── lber v0.4.2
│ │ │ ├── bytes v1.6.0
│ │ │ └── nom v7.1.3 (*)
│ │ ├── log v0.4.21
│ │ ├── nom v7.1.3 (*)
│ │ ├── percent-encoding v2.3.1
│ │ ├── ring v0.16.20 (*)
...
│ │ │ │ │ │ │ ├── hickory-proto v0.24.1
│ │ │ │ │ │ │ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ │ │ │ │ │ │ ├── bytes v1.6.0
│ │ │ │ │ │ │ │ ├── cfg-if v1.0.0
│ │ │ │ │ │ │ │ ├── data-encoding v2.6.0
│ │ │ │ │ │ │ │ ├── enum-as-inner v0.6.0 (proc-macro)
│ │ │ │ │ │ │ │ │ ├── heck v0.4.1
│ │ │ │ │ │ │ │ │ ├── proc-macro2 v1.0.82 (*)
│ │ │ │ │ │ │ │ │ ├── quote v1.0.36 (*)
│ │ │ │ │ │ │ │ │ └── syn v2.0.63 (*)
│ │ │ │ │ │ │ │ ├── futures-channel v0.3.30 (*)
│ │ │ │ │ │ │ │ ├── futures-io v0.3.30
│ │ │ │ │ │ │ │ ├── futures-util v0.3.30 (*)
│ │ │ │ │ │ │ │ ├── h2 v0.3.26 (*)
│ │ │ │ │ │ │ │ ├── http v0.2.12 (*)
│ │ │ │ │ │ │ │ ├── idna v0.4.0
│ │ │ │ │ │ │ │ │ ├── unicode-bidi v0.3.15
│ │ │ │ │ │ │ │ │ └── unicode-normalization v0.1.23 (*)
│ │ │ │ │ │ │ │ ├── ipnet v2.9.0
│ │ │ │ │ │ │ │ ├── once_cell v1.19.0
│ │ │ │ │ │ │ │ ├── rand v0.8.5 (*)
│ │ │ │ │ │ │ │ ├── ring v0.16.20
Which feature or improvement would you like to request?
I'd like to see this feature: On OpenBSD, ring crate has proper support for libressl for various architectures only in version 0.17. For now, stalwart-mail requires several versions of ring via several versions of rustls, but support for ring 0.17 was added to rustls in https://github.com/rustls/rustls/releases/tag/v%2F0.21.8
im not fully grasping the dependency trees of cargo ecosystem, but is it possible to upgrade some dependencies so that we can only use/require ring 0.17 in the end ?
Is your feature request related to a problem?
I'm having a problem with...
Code of Conduct