From 143aaca4e67392cac994790043dbd5c19afd6918 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex@edgebit.io>
Date: Mon, 13 May 2024 13:11:58 -0700
Subject: [PATCH] Bump dependencies to address GHSA-q6cp-qfwq-4gcv

This aligns the dependencies to use a single version of
rustls (v0.21.12) and tokio-rustls (v0.24.1).
---
 enclaver/Cargo.lock | 51 +++++++++++++--------------------------------
 enclaver/Cargo.toml |  6 +++---
 2 files changed, 17 insertions(+), 40 deletions(-)

diff --git a/enclaver/Cargo.lock b/enclaver/Cargo.lock
index 495689a3..9f37db4f 100644
--- a/enclaver/Cargo.lock
+++ b/enclaver/Cargo.lock
@@ -365,7 +365,7 @@ dependencies = [
  "hyper-rustls",
  "lazy_static",
  "pin-project-lite",
- "rustls 0.21.10",
+ "rustls",
  "tokio",
  "tower",
  "tracing",
@@ -1001,7 +1001,7 @@ dependencies = [
  "reqwest",
  "rsa",
  "rtnetlink",
- "rustls 0.20.9",
+ "rustls",
  "rustls-pemfile",
  "serde",
  "serde_bytes",
@@ -1012,7 +1012,7 @@ dependencies = [
  "tls-listener",
  "tokio",
  "tokio-pipe",
- "tokio-rustls 0.23.4",
+ "tokio-rustls",
  "tokio-tar",
  "tokio-util",
  "tokio-vsock",
@@ -1394,7 +1394,7 @@ dependencies = [
  "hyper",
  "hyper-rustls",
  "tokio",
- "tokio-rustls 0.24.1",
+ "tokio-rustls",
  "tower-service",
  "webpki",
  "webpki-roots 0.24.0",
@@ -1410,10 +1410,10 @@ dependencies = [
  "http",
  "hyper",
  "log",
- "rustls 0.21.10",
+ "rustls",
  "rustls-native-certs",
  "tokio",
- "tokio-rustls 0.24.1",
+ "tokio-rustls",
  "webpki-roots 0.25.3",
 ]
 
@@ -2126,14 +2126,14 @@ dependencies = [
  "once_cell",
  "percent-encoding",
  "pin-project-lite",
- "rustls 0.21.10",
+ "rustls",
  "rustls-pemfile",
  "serde",
  "serde_json",
  "serde_urlencoded",
  "system-configuration",
  "tokio",
- "tokio-rustls 0.24.1",
+ "tokio-rustls",
  "tower-service",
  "url",
  "wasm-bindgen",
@@ -2247,21 +2247,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.20.9"
+version = "0.21.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b80e3dec595989ea8510028f30c408a4630db12c9cbb8de34203b89d6577e99"
-dependencies = [
- "log",
- "ring 0.16.20",
- "sct",
- "webpki",
-]
-
-[[package]]
-name = "rustls"
-version = "0.21.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
+checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
 dependencies = [
  "log",
  "ring 0.17.7",
@@ -2730,16 +2718,16 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tls-listener"
-version = "0.5.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9d4ff21187d434ac7709bfc7441ca88f63681247e5ad99f0f08c8c91ddc103d"
+checksum = "81294c017957a1a69794f506723519255879e15a870507faf45dfed288b763dd"
 dependencies = [
  "futures-util",
  "hyper",
  "pin-project-lite",
  "thiserror",
  "tokio",
- "tokio-rustls 0.23.4",
+ "tokio-rustls",
 ]
 
 [[package]]
@@ -2793,24 +2781,13 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-rustls"
-version = "0.23.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
-dependencies = [
- "rustls 0.20.9",
- "tokio",
- "webpki",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.24.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
 dependencies = [
- "rustls 0.21.10",
+ "rustls",
  "tokio",
 ]
 
diff --git a/enclaver/Cargo.toml b/enclaver/Cargo.toml
index 91d5d52f..f6cab2ce 100644
--- a/enclaver/Cargo.toml
+++ b/enclaver/Cargo.toml
@@ -25,10 +25,10 @@ regex = "1.6"
 tokio = { version = "1.24.1", features = ["full"] }
 tokio-pipe = "0.2"
 tokio-vsock = { version = "0.4", optional = true }
-tokio-rustls = { version = "0.23", features = ["dangerous_configuration"] }
+tokio-rustls = { version = "0.24", features = ["dangerous_configuration"] }
 tokio-util = { version = "0.7", features = ["codec"] }
 tokio-tar = "0.3"
-rustls = "0.20"
+rustls = "0.21"
 rustls-pemfile = "1.0"
 log = "0.4"
 pretty_env_logger = "0.5"
@@ -75,7 +75,7 @@ console-subscriber = { version = "0.1.10", optional = true }
 
 [dev-dependencies]
 assert2 = "0.3"
-tls-listener = { version = "0.5", features = ["rustls", "hyper-h1"] }
+tls-listener = { version = "0.7", features = ["rustls", "hyper-h1"] }
 reqwest = { version = "0.11.8", default-features = false, features = ["rustls-tls-webpki-roots"] }
 aws-credential-types = { version = "0.56.1", features = ["hardcoded-credentials"] }