Open landryb opened 4 months ago
Hi,
Stalwart already uses ring version 0.17
and a rustls
that uses this same version. The problem seems to be other crates such as lldap
which are still using ring 0.16
.
This is also causing issues cross compiling the Windows version for aarch64
. I will try contacting the crate's maintainers and ask them to upgrade.
thanks @mdecimus , from my reading of https://github.com/inejge/ldap3/issues/117 it seems to be mostly a matter of having a release of lldap
?
ah and sorry for the initial wrong first comment, we 'need' ring 0.17 because ring 0.16's assembly (from boringssl) isnt compatible with execute-only and missing landing pads for CFI which is a security feature
I just executed cargo tree and there three multiple dependencies still linking 0.16
:
rust-s3
, but this can be avoided if you don't need S3 support.ldap3
hickory-proto
Here is cargo tree's output:
│ │ │ ├── rust-s3 v0.33.0
│ │ │ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ │ │ ├── aws-creds v0.34.1
│ │ │ │ │ ├── attohttpc v0.22.0
│ │ │ │ │ │ ├── http v0.2.12 (*)
│ │ │ │ │ │ ├── log v0.4.21
│ │ │ │ │ │ ├── rustls v0.20.9
│ │ │ │ │ │ │ ├── log v0.4.21
│ │ │ │ │ │ │ ├── ring v0.16.20 (*)
...
│ ├── ldap3 v0.11.3
│ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ ├── bytes v1.6.0
│ │ ├── futures v0.3.30 (*)
│ │ ├── futures-util v0.3.30 (*)
│ │ ├── lazy_static v1.4.0 (*)
│ │ ├── lber v0.4.2
│ │ │ ├── bytes v1.6.0
│ │ │ └── nom v7.1.3 (*)
│ │ ├── log v0.4.21
│ │ ├── nom v7.1.3 (*)
│ │ ├── percent-encoding v2.3.1
│ │ ├── ring v0.16.20 (*)
...
│ │ │ │ │ │ │ ├── hickory-proto v0.24.1
│ │ │ │ │ │ │ │ ├── async-trait v0.1.80 (proc-macro) (*)
│ │ │ │ │ │ │ │ ├── bytes v1.6.0
│ │ │ │ │ │ │ │ ├── cfg-if v1.0.0
│ │ │ │ │ │ │ │ ├── data-encoding v2.6.0
│ │ │ │ │ │ │ │ ├── enum-as-inner v0.6.0 (proc-macro)
│ │ │ │ │ │ │ │ │ ├── heck v0.4.1
│ │ │ │ │ │ │ │ │ ├── proc-macro2 v1.0.82 (*)
│ │ │ │ │ │ │ │ │ ├── quote v1.0.36 (*)
│ │ │ │ │ │ │ │ │ └── syn v2.0.63 (*)
│ │ │ │ │ │ │ │ ├── futures-channel v0.3.30 (*)
│ │ │ │ │ │ │ │ ├── futures-io v0.3.30
│ │ │ │ │ │ │ │ ├── futures-util v0.3.30 (*)
│ │ │ │ │ │ │ │ ├── h2 v0.3.26 (*)
│ │ │ │ │ │ │ │ ├── http v0.2.12 (*)
│ │ │ │ │ │ │ │ ├── idna v0.4.0
│ │ │ │ │ │ │ │ │ ├── unicode-bidi v0.3.15
│ │ │ │ │ │ │ │ │ └── unicode-normalization v0.1.23 (*)
│ │ │ │ │ │ │ │ ├── ipnet v2.9.0
│ │ │ │ │ │ │ │ ├── once_cell v1.19.0
│ │ │ │ │ │ │ │ ├── rand v0.8.5 (*)
│ │ │ │ │ │ │ │ ├── ring v0.16.20
Which feature or improvement would you like to request?
I'd like to see this feature: On OpenBSD, ring crate has proper support for libressl for various architectures only in version 0.17. For now, stalwart-mail requires several versions of ring via several versions of rustls, but support for ring 0.17 was added to rustls in https://github.com/rustls/rustls/releases/tag/v%2F0.21.8
im not fully grasping the dependency trees of cargo ecosystem, but is it possible to upgrade some dependencies so that we can only use/require ring 0.17 in the end ?
Is your feature request related to a problem?
I'm having a problem with...
Code of Conduct