Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump ring from 0.17.8 to 0.17.13 #652

Closed
wants to merge 3 commits into from
Closed

chore(deps): bump ring from 0.17.8 to 0.17.13 #652

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 7, 2025

Bumps ring from 0.17.8 to 0.17.13.

Changelog

Sourced from ring's changelog.

Version 0.17.13 (2025-03-06)

Increased MSRV to 1.66.0 to avoid bugs in earlier versions so that we can safely use core::arch::x86_64::__cpuid and core::arch::x86::__cpuid from Rust in future releases.

AVX2-based VAES-CLMUL implementation. This will be a notable performance improvement for most newish x86-64 systems. This will likely raise the minimum binutils version supported for very old Linux distros.

Version 0.17.12 (2025-03-05)

Bug fix: briansmith/ring#2447 for denial of service (DoS).

  • Fixes a panic in ring::aead::quic::HeaderProtectionKey::new_mask() when integer overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

  • Fixes a panic on 64-bit targets in ring::aead::{AES_128_GCM, AES_256_GCM} when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

woelper and others added 3 commits February 10, 2025 22:45
@woelper
feat: Double clicking image toggles fullscreen (closes #683)
21c9195
@woelper
Merge pull request #639 from woelper/double_click_to_fullscreen
5bbb3d4 
feat: Double clicking image toggles fullscreen (closes #683)
@dependabot
chore(deps): bump ring from 0.17.8 to 0.17.13
d87334c 
Bumps [ring](https://github.com/briansmith/ring) from 0.17.8 to 0.17.13.
- [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md)
- [Commits](https://github.com/briansmith/ring/commits)

---
updated-dependencies:
- dependency-name: ring
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 7, 2025
@Stoppedpuma Stoppedpuma changed the base branch from master to update_toml_cleanup March 9, 2025 03:31
@Stoppedpuma
Copy link
Collaborator

I'm actually going to just close this and put this into #651. I'll merge this as well with the basic changes which were requested so that we don't have split branches.

@Stoppedpuma Stoppedpuma closed this Mar 9, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 9, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/cargo/ring-0.17.13 branch March 9, 2025 03:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Stoppedpuma @woelper