Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix high-risk vulnerabilities(CIRCL's Kyber: timing side-channel (kyberslash2) ) #186

Merged
merged 49 commits into from
Feb 20, 2024
Merged

Fix high-risk vulnerabilities(CIRCL's Kyber: timing side-channel (kyberslash2) ) #186

merged 49 commits into from
Feb 20, 2024

Conversation

Malus-risus
Copy link

Impact
On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.

Does not apply to ephemeral usage, such as when used in the regular way in TLS.

Patches
Patched in 1.3.7.

References

aylz10 bot and others added 30 commits January 17, 2024 05:59
@aylz10 @aylz10 @Larvan2
Update Dependencies (#1)
d7246f1 
Co-authored-by: aylz10 <aylz10@users.noreply.github.com>
@renovate
Add renovate.json
9cdfefb
@Malus-risus
Merge pull request #1 from Malus-risus/renovate/configure
f03b4be 
chore: Configure Renovate
@renovate
fix(deps): update dependency org.jetbrains.kotlinx:kotlinx-coroutines…
0f1343c 
…-android to v1.7.3
@Malus-risus
Merge pull request #4 from Malus-risus/renovate/coroutine
998fba8 
fix(deps): update dependency org.jetbrains.kotlinx:kotlinx-coroutines-android to v1.7.3
@renovate
chore(deps): update dependency gradle to v7.6.3
2f72e08
@Malus-risus
Merge pull request #6 from Malus-risus/renovate/gradle-7.x
0fe0c26 
chore(deps): update dependency gradle to v7.6.3
@renovate
chore(deps): update devofure/advance-android-version-actions action t…
1dac589 
…o v1.5
@renovate
chore(deps): update mikepenz/release-changelog-builder-action action …
c679711 
…to v3.7.3
@Malus-risus
Merge pull request #9 from Malus-risus/renovate/mikepenz-release-chan…
cf835f9 
…gelog-builder-action-3.x

chore(deps): update mikepenz/release-changelog-builder-action action to v3.7.3
@Malus-risus
Merge pull request #8 from Malus-risus/renovate/devofure-advance-andr…
f6816ed 
…oid-version-actions-1.x

chore(deps): update devofure/advance-android-version-actions action to v1.5
@renovate
chore(deps): update actions/upload-artifact action to v4
9f08430
@renovate
chore(deps): update mikepenz/release-changelog-builder-action action …
c0f47c6 
…to v4
@Malus-risus
Merge pull request #21 from Malus-risus/renovate/actions-upload-artif…
0f08d3c 
…act-4.x

chore(deps): update actions/upload-artifact action to v4
@Malus-risus
Merge pull request #22 from Malus-risus/renovate/mikepenz-release-cha…
34710ed 
…ngelog-builder-action-4.x

chore(deps): update mikepenz/release-changelog-builder-action action to v4
@renovate
chore(deps): update actions/setup-go action to v5
8cd7e67
@renovate
chore(deps): update actions/setup-java action to v4
6fb66a1
@Malus-risus
Merge pull request #23 from Malus-risus/renovate/actions-setup-go-5.x
338b4c1 
chore(deps): update actions/setup-go action to v5
@Malus-risus
Merge pull request #24 from Malus-risus/renovate/actions-setup-java-4.x
510a44d 
chore(deps): update actions/setup-java action to v4
@renovate
chore(deps): update actions/cache action to v4
1ff9dfc
@renovate
chore(deps): update actions/checkout action to v4
6d005fe
@Malus-risus
Merge pull request #25 from Malus-risus/renovate/actions-cache-4.x
b67b120 
chore(deps): update actions/cache action to v4
@Malus-risus
Merge pull request #26 from Malus-risus/renovate/actions-checkout-4.x
4de129b 
chore(deps): update actions/checkout action to v4
@renovate
chore(deps): update tibdex/github-app-token action to v2
e4c273d
@Malus-risus
Merge pull request #29 from Malus-risus/renovate/tibdex-github-app-to…
db7de7e 
…ken-2.x

chore(deps): update tibdex/github-app-token action to v2
@Larvan2
关于界面添加核心构建信息 (MetaCubeX#173)
0341cb3
@Larvan2
Update Dependencies (#1)Co-authored-by: aylz10 <aylz10@users.noreply.…
c462014 
…github.com>
@actions-user
Bump version to 2.10.0 (210000)
73c3858
@Malus-risus
Merge branch 'MetaCubeX:main' into main
7708576
@Malus-risus
Merge branch 'MetaCubeX:main' into main
3b9c4f8
Malus-risus and others added 19 commits January 21, 2024 22:57
@Malus-risus
Merge branch 'MetaCubeX:main' into main
678288a
@Malus-risus
Merge branch 'MetaCubeX:main' into main
ee8825e
@Malus-risus
Merge branch 'MetaCubeX:main' into main
036918a
@renovate
fix(deps): update module gopkg.in/yaml.v2 to v3
ae60886
@Malus-risus
Merge pull request #74 from Malus-risus/renovate/gopkg.in-yaml.v2-3.x
39be966 
fix(deps): update module gopkg.in/yaml.v2 to v3
@Malus-risus
Merge branch 'MetaCubeX:main' into main
a76cda3
@renovate
chore(deps): update dependency gradle to v7.6.4
f6911db
@renovate
chore(deps): update gradle/gradle-build-action action to v3
1aa34d0
@renovate
chore(deps): update peter-evans/create-pull-request action to v6
01441b1
@Malus-risus
Merge pull request #75 from Malus-risus/renovate/gradle-7.x
afab71a 
chore(deps): update dependency gradle to v7.6.4
@Malus-risus
Merge pull request #76 from Malus-risus/renovate/gradle-gradle-build-…
44d8f2f 
…action-3.x

chore(deps): update gradle/gradle-build-action action to v3
@Malus-risus
Merge pull request #77 from Malus-risus/renovate/peter-evans-create-p…
7390f10 
…ull-request-6.x

chore(deps): update peter-evans/create-pull-request action to v6
@Malus-risus
Merge branch 'MetaCubeX:main' into main
ecd7223
@Malus-risus
Merge branch 'MetaCubeX:main' into main
ff6af08
@Malus-risus
Merge branch 'MetaCubeX:main' into main
589cf4b
@dependabot
chore(deps): bump github.com/cloudflare/circl in /core/src/main/golang
d3e3783 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump github.com/cloudflare/circl in /core/src/foss/golang
909c31d 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.6...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Malus-risus
Merge pull request #96 from Malus-risus/dependabot/go_modules/core/sr…
c2ac7c5 
…c/foss/golang/github.com/cloudflare/circl-1.3.7

chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 in /core/src/foss/golang
@Malus-risus
Merge pull request #95 from Malus-risus/dependabot/go_modules/core/sr…
b2cbbed 
…c/main/golang/github.com/cloudflare/circl-1.3.7

chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 in /core/src/main/golang
@Larvan2 Larvan2 merged commit 2a2686f into MetaCubeX:main Feb 20, 2024
1 check passed
@Larvan2
Copy link
Member

Larvan2 commented Feb 20, 2024

Thanks for your pull request.

Paulgudring pushed a commit to Paulgudring/ClashMetaForAndroid that referenced this pull request Feb 24, 2024
@Malus-risus @Paulgudring
Fix high-risk vulnerabilities(CIRCL's Kyber: timing side-channel (kyb…
e7cb285 
…erslash2) ) (MetaCubeX#186)

* chore(deps): bump github.com/cloudflare/circl in /core/src/foss/golang

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.6 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.6...v1.3.7)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@Malus-risus @Larvan2 @actions-user