Bump Sequoia to 0.9.

  - Sequoia now ignores any unhashed subpackets when comparing
    signatures, closing a DoS vector.  Previously, one could create
    any number of valid signatures from a single valid signature that
    were considered distinct by mutating the unhashed subpacket area.

  - Sequoia now handles malformed UserIDs of the form "$addr <$addr>".
    Adjust database::test::test_bad_uids accordingly.

  - Update src/dump.rs from Sequoia.

  - Sequoia now ignores any Unicode codepoint considered whitespace
    when parsing Fingerprints and KeyIDs.  Fixes #122.
parent 71d38ae8
Pipeline #70037438 passed with stage
in 14 minutes and 26 seconds
......@@ -181,7 +181,7 @@ dependencies = [
[[package]]
name = "buffered-reader"
version = "0.8.0"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"libc 0.2.58 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -623,7 +623,7 @@ dependencies = [
"rocket 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"rocket_codegen 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"rocket_contrib 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.40 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -648,7 +648,7 @@ dependencies = [
"multipart 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)",
"pathdiff 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.40 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -674,7 +674,7 @@ dependencies = [
"multipart 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)",
"pathdiff 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-openpgp 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.40 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -1766,11 +1766,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "sequoia-openpgp"
version = "0.8.0"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"base64 0.9.3 (registry+https://github.com/rust-lang/crates.io-index)",
"buffered-reader 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"buffered-reader 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
"idna 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
"lalrpop 0.17.1 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -1780,13 +1780,13 @@ dependencies = [
"nettle 5.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
"quickcheck 0.8.5 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-rfc2822 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"sequoia-rfc2822 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "sequoia-rfc2822"
version = "0.8.0"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
......@@ -2310,7 +2310,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
"checksum block-buffer 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)" = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b"
"checksum block-padding 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "6d4dc3af3ee2e12f3e5d224e5e1e3d73668abbeb69e566d361f7d5563a4fdf09"
"checksum buf_redux 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "72f25c67abbf523ff8457771622fb731ac4a2391439de33bc60febcdee1749c9"
"checksum buffered-reader 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b8dfde2ced54994f147d1e970f18aebedd6b33b82320197a66f957b19e797402"
"checksum buffered-reader 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "237cf351e1e6666907f4e2b59ee4a00083280445a0c6eb2261640615a3a33317"
"checksum byte-tools 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
"checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
"checksum c2-chacha 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7d64d04786e0f528460fc884753cf8dddcc466be308f6026f8e355c41a0e4101"
......@@ -2482,8 +2482,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
"checksum scopeguard 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b42e15e59b18a828bbf5c58ea01debb36b9b096346de35d941dcb89009f24a0d"
"checksum semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
"checksum semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
"checksum sequoia-openpgp 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bfb5b4f16d3772c94775d89a98b70492889d16beba20c6e635858f033d254f06"
"checksum sequoia-rfc2822 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "36fbb2baa4147c0d9e88db2a9db73a23c30c9860ec3131394570ef6bbb0e1e5e"
"checksum sequoia-openpgp 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "dc4ddaa91071dad9d960b199e9c7884a72094f6d5ef6559c2cf0327ae215f000"
"checksum sequoia-rfc2822 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac5c04d61bc70a72173c9a1b3d0ce06dd7e992d90e67614245e108834c2443aa"
"checksum serde 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)" = "076a696fdea89c19d3baed462576b8f6d663064414b5c793642da8dfeb99475b"
"checksum serde_derive 1.0.94 (registry+https://github.com/rust-lang/crates.io-index)" = "ef45eb79d6463b22f5f9e16d283798b7c0175ba6050bc25c1a946c122727fe7b"
"checksum serde_json 1.0.40 (registry+https://github.com/rust-lang/crates.io-index)" = "051c49229f282f7c6f3813f8286cc1e3323e8051823fce42c7ea80fe13521704"
......
......@@ -16,7 +16,7 @@ hagrid-database = { path = "database" }
failure = "0.1.5"
rocket = "0"
rocket_codegen = "0"
sequoia-openpgp = { version = "0.8", default-features = false }
sequoia-openpgp = { version = "0.9", default-features = false }
multipart = "0"
log = "0"
serde = "1.0"
......
......@@ -5,7 +5,7 @@ authors = ["Kai Michaelis <kai@sequoia-pgp.org>"]
[dependencies]
failure = "0.1.5"
sequoia-openpgp = { version = "0.8", default-features = false }
sequoia-openpgp = { version = "0.9", default-features = false }
multipart = "0"
log = "0"
rand = "0.6"
......
......@@ -911,26 +911,30 @@ pub fn test_bad_uids<D: Database>(db: &mut D) {
.unwrap()
.0;
let fpr = Fingerprint::try_from(tpk.fingerprint()).unwrap();
let email1 = Email::from_str(str_uid1).unwrap();
let email2 = Email::from_str(str_uid2).unwrap();
let tpk_status = db.merge(tpk).unwrap().into_tpk_status();
assert_eq!(TpkStatus {
is_revoked: false,
email_status: vec!(
(email1.clone(), EmailAddressStatus::NotPublished),
(email2.clone(), EmailAddressStatus::NotPublished),
),
unparsed_uids: 2,
unparsed_uids: 1,
}, tpk_status);
db.set_email_published(&fpr, &email2).unwrap();
let tpk_status = db.get_tpk_status(&fpr, &vec!(email2.clone())).unwrap();
let tpk_status = db.get_tpk_status(&fpr, &vec!(email1.clone(),
email2.clone())).unwrap();
assert_eq!(TpkStatus {
is_revoked: false,
email_status: vec!(
(email1.clone(), EmailAddressStatus::NotPublished),
(email2.clone(), EmailAddressStatus::Published),
),
unparsed_uids: 2,
unparsed_uids: 1,
}, tpk_status);
}
......
......@@ -6,7 +6,7 @@ authors = ["Vincent Breitmose <look@my.amazin.horse>"]
[dependencies]
hagrid-database = { path = "../database" }
failure = "0.1.5"
sequoia-openpgp = { version = "0.8", default-features = false }
sequoia-openpgp = { version = "0.9", default-features = false }
multipart = "0"
log = "0"
rand = "0.6"
......
This diff is collapsed.
......@@ -30,7 +30,9 @@ pub fn debug_info(
&mut result,
false,
false,
None);
None,
32 * 4 + 80,
);
match dump_result {
Ok(Kind::TPK) => {
match String::from_utf8(result) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment