Skip to content

build(deps): bump cryptography from 40.0.2 to 41.0.3 in /dts #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump cryptography from 40.0.2 to 41.0.3 in /dts #3

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 17, 2023

Bumps cryptography from 40.0.2 to 41.0.3.

Changelog

Sourced from cryptography's changelog.

41.0.3 - 2023-08-01


* Fixed performance regression loading DH public keys.
* Fixed a memory leak when using
  :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2.

.. _v41-0-2:


41.0.2 - 2023-07-10

  • Fixed bugs in creating and parsing SSH certificates where critical options with values were handled incorrectly. Certificates are now created correctly and parsing accepts correct values as well as the previously generated invalid forms with a warning. In the next release, support for parsing these invalid forms will be removed.

.. _v41-0-1:

41.0.1 - 2023-06-01


* Temporarily allow invalid ECDSA signature algorithm parameters in X.509
  certificates, which are generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private keys.

.. _v41-0-0:


41.0.0 - 2023-05-30

  • BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1d has been removed. Users on older version of OpenSSL will need to upgrade.
  • BACKWARDS INCOMPATIBLE: Support for Python 3.6 has been removed.
  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.6.
  • Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1.
  • Added support for the :class:~cryptography.x509.OCSPAcceptableResponses OCSP extension.
  • Added support for the :class:~cryptography.x509.MSCertificateTemplate proprietary Microsoft certificate extension.
  • Implemented support for equality checks on all asymmetric public key types.
  • Added support for aes256-gcm@openssh.com encrypted keys in :func:~cryptography.hazmat.primitives.serialization.load_ssh_private_key.
  • Added support for obtaining X.509 certificate signature algorithm parameters (including PSS) via :meth:~cryptography.x509.Certificate.signature_algorithm_parameters.
  • Support signing :class:~cryptography.hazmat.primitives.asymmetric.padding.PSS

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump cryptography from 40.0.2 to 41.0.3 in /dts
c1e9000 
Bumps [cryptography](https://github.com/pyca/cryptography) from 40.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@40.0.2...41.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 17, 2023
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 21, 2023

Superseded by #4.

@dependabot dependabot bot closed this Sep 21, 2023
@dependabot dependabot bot deleted the dependabot/pip/dts/cryptography-41.0.3 branch September 21, 2023 20:35
eroullit pushed a commit that referenced this pull request Oct 27, 2023
@david-marchand @raslandarawsheh
net/mlx5: fix leak in sysfs port name translation
1296e8d 
getline() may allocate a buffer even though it returns -1:
"""
If  *lineptr  is set to NULL before the call, then getline() will allocate
a buffer for storing the line.  This buffer should be freed by the user
program even if getline() failed.
"""

This leak has been observed on a RHEL8 system with two CX5 PF devices
(no VFs).

ASan reports:
==8899==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x7fe58576aba8 in __interceptor_malloc
	(/lib64/libasan.so.5+0xefba8)
    #1 0x7fe583e866b2 in __getdelim (/lib64/libc.so.6+0x886b2)
    #2 0x327bd23 in mlx5_sysfs_switch_info
	../drivers/net/mlx5/linux/mlx5_ethdev_os.c:1084
    #3 0x3271f86 in mlx5_os_pci_probe_pf
	../drivers/net/mlx5/linux/mlx5_os.c:2282
    #4 0x3273c83 in mlx5_os_pci_probe
	../drivers/net/mlx5/linux/mlx5_os.c:2497
    DPDK#5 0x327475f in mlx5_os_net_probe
	../drivers/net/mlx5/linux/mlx5_os.c:2578
    DPDK#6 0xc6eac7 in drivers_probe
	../drivers/common/mlx5/mlx5_common.c:937
    DPDK#7 0xc6f150 in mlx5_common_dev_probe
	../drivers/common/mlx5/mlx5_common.c:1027
    DPDK#8 0xc8ef80 in mlx5_common_pci_probe
	../drivers/common/mlx5/mlx5_common_pci.c:168
    DPDK#9 0xc21b67 in rte_pci_probe_one_driver
	../drivers/bus/pci/pci_common.c:312
    DPDK#10 0xc2224c in pci_probe_all_drivers
	../drivers/bus/pci/pci_common.c:396
    DPDK#11 0xc222f4 in pci_probe ../drivers/bus/pci/pci_common.c:423
    DPDK#12 0xb71fff in rte_bus_probe ../lib/eal/common/eal_common_bus.c:78
    DPDK#13 0xbe6888 in rte_eal_init ../lib/eal/linux/eal.c:1300
    DPDK#14 0x5ec717 in main ../app/test-pmd/testpmd.c:4515
    DPDK#15 0x7fe583e38d84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)

As far as why getline() errors, strace gives a hint:
8516  openat(AT_FDCWD, "/sys/class/net/enp130s0f0/phys_port_name",
	O_RDONLY) = 34
8516  fstat(34, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0
8516  read(34, 0x621000098900, 4096)    = -1 EOPNOTSUPP (Operation
	not supported)

Fixes: f8a226e ("net/mlx5: fix sysfs port name translation")
Cc: stable@dpdk.org

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
eroullit pushed a commit that referenced this pull request Mar 3, 2025
@tmonjalo
examples/l3fwd: fix read beyond boundaries
ebab0e8 
ASAN report:
ERROR: AddressSanitizer: unknown-crash on address 0x7ffffef92e32 at pc 0x00000053d1e9 bp 0x7ffffef92c00 sp 0x7ffffef92bf8
READ of size 16 at 0x7ffffef92e32 thread T0
    #0 0x53d1e8 in _mm_loadu_si128 /usr/lib64/gcc/x86_64-suse-linux/11/include/emmintrin.h:703
    #1 0x53d1e8 in send_packets_multi ../examples/l3fwd/l3fwd_sse.h:125
    #2 0x53d1e8 in acl_send_packets ../examples/l3fwd/l3fwd_acl.c:1048
    #3 0x53ec18 in acl_main_loop ../examples/l3fwd/l3fwd_acl.c:1127
    #4 0x12151eb in rte_eal_mp_remote_launch ../lib/eal/common/eal_common_launch.c:83
    DPDK#5 0x5bf2df in main ../examples/l3fwd/main.c:1647
    DPDK#6 0x7f6d42a0d2bc in __libc_start_main (/lib64/libc.so.6+0x352bc)
    DPDK#7 0x527499 in _start (/home/kananyev/dpdk-l3fwd-acl/x86_64-native-linuxapp-gcc-dbg-b1/examples/dpdk-l3fwd+0x527499)

Reason for that is that send_packets_multi() uses 16B loads to access
input dst_port[]and might read beyond array boundaries.
Right now, it doesn't cause any real issue - junk values are ignored, also
inside l3fwd we always allocate dst_port[] array on the stack, so
memory beyond it is always available.
Anyway, it probably need to be fixed.
The patch below simply allocates extra space for dst_port[], so
send_packets_multi() will never read beyond its boundaries.

Probably a better fix would be to change send_packets_multi()
itself to avoid access beyond 'nb_rx' entries.

Bugzilla ID: 1502
Fixes: 94c54b4 ("examples/l3fwd: rework exact-match")
Cc: stable@dpdk.org

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
eroullit pushed a commit that referenced this pull request Mar 3, 2025
@david-marchand
net/ixgbe: remove VLAs
948a4bb 
1) ../drivers/net/ixgbe/ixgbe_ethdev.c:3556:46: warning:
    variable length array used [-Wvla]
2) ../drivers/net/ixgbe/ixgbe_ethdev.c:3739:23: warning:
    variable length array used [-Wvla]
3) ../drivers/net/ixgbe/ixgbe_rxtx_vec_common.h:17:24: warning:
    variable length array used [-Wvla]

For first two cases: in fact ixgbe_xstats_calc_num() always returns
constant value, so it should be safe to replace that function invocation
just with a macro that performs same calculations.

For case #3: reassemble_packets() is invoked only by
ixgbe_recv_scattered_burst_vec().
And in turn, ixgbe_recv_scattered_burst_vec() operates only on fixed
max amount of packets per call: RTE_IXGBE_MAX_RX_BURST.
So, it should be safe to replace VLA with fixed size array.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants