Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2020-0146: arr! macro erases lifetimes #35

Closed
github-actions bot opened this issue Mar 2, 2021 · 0 comments · Fixed by #49
Closed

RUSTSEC-2020-0146: arr! macro erases lifetimes #35

github-actions bot opened this issue Mar 2, 2021 · 0 comments · Fixed by #49

Comments

@github-actions
Copy link

github-actions bot commented Mar 2, 2021

arr! macro erases lifetimes

Details
Package generic-array
Version 0.12.4
URL fizyk20/generic-array#98
Date 2020-04-09
Patched versions >=0.14.0
Unaffected versions <0.8.0

Affected versions of this crate allowed unsoundly extending
lifetimes using arr! macro. This may result in a variety of
memory corruption scenarios, most likely use-after-free.

See advisory page for additional details.
CjS77 added a commit that referenced this issue Jul 3, 2021
@CjS77
Migrate to digest 0.9
bdb17ba 
This PR moves all dependencies to use the digest 0.9 traits and APIs.
This is a breaking change, so the minor version is incremented.

Clients of this generally only need to update the `result` method to
`finalize`; and obviously make use of the v0.9 `digest::Digest` trait
where necessary.

As a result, the deprecated k12, sha3 and Blake3 objects can be removed.
Methods and functins that need a hasher are all generic over `Digest`.

We retain the convenience wrapper over `VarBlake2B` to produce 256 bit
hashes and implement the necessary sub-traits to support
`digest::Digest`.

This update also fixes
#35
@CjS77 CjS77 mentioned this issue Jul 3, 2021
Merged
@CjS77 CjS77 closed this as completed in #49 Jul 5, 2021
CjS77 added a commit that referenced this issue Jul 5, 2021
@CjS77 @sdbondi
Migrate to digest 0.9 (#49)
f9428bc 
* Migrate to digest 0.9

This PR moves all dependencies to use the digest 0.9 traits and APIs.
This is a breaking change, so the minor version is incremented.

Clients of this generally only need to update the `result` method to
`finalize`; and obviously make use of the v0.9 `digest::Digest` trait
where necessary.

As a result, the deprecated k12, sha3 and Blake3 objects can be removed.
Methods and functins that need a hasher are all generic over `Digest`.

We retain the convenience wrapper over `VarBlake2B` to produce 256 bit
hashes and implement the necessary sub-traits to support
`digest::Digest`.

This update also fixes
#35

* Update src/ristretto/ristretto_keys.rs

Co-authored-by: Stan Bondi <sdbondi@users.noreply.github.com>

Co-authored-by: Stan Bondi <sdbondi@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Migrate to digest 0.9 tari-project/tari-crypto
0 participants