Skip to content

Update der-parser requirement from 3 to 5#21

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/der-parser-5
Open

Update der-parser requirement from 3 to 5#21
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/cargo/der-parser-5

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Nov 30, 2020
edited
Loading

Updates the requirements on der-parser to permit the latest version.

Changelog

Sourced from der-parser's changelog.

5.0.0

See changelog entries for 5.0.0-beta1 and -beta2 for changes since 4.1

Changed/Fixed

The following changes applies since 5.0.0-beta1, and do not affect 4.x

  • Fix potential integer underflow in bytes_to_u64
  • Fix potential stack recursion overflow for indefinite length objects (Add maximum depth).
  • Fix potential UB in bitstring_to_u64 with large input and many ignored bits
  • Fix constructed objects parsing with indefinite length (do not include EOC)
  • Constructed objects: use InvalidTag everywhere if tag is not expected
  • Integer parsing functions now all return IntegerTooLarge instead of MapRes
  • Ensure Indefinite length form is only used in BER constructed objects

Added

  • Add new error StringInvalidCharset and update string parsing methods
  • Add methods parse_ber_slice and parse_der_slice to parse an expected Tag and get content as slice

5.0.0-beta2

Changed/Fixed

  • Consistency: reorder arguments or function callbacks, always set input slice as first argument (parse_ber_sequence_defined_g, parse_ber_container, parse_ber_tagged_explicit_g, ...)
  • Make functions parse_ber_sequence_of_v and parse_ber_set_of_v accept generic error types

Added

  • Add parse_ber_content2, owned version of parse_ber_content, which can directly be combined with parse_ber_tagged_implicit_g
  • Add methods to parse DER tagged values and containers (with constraints)

5.0.0-beta1

Changed/Fixed

  • Upgrade to nom 6
  • Switch all parsers to function-based parsers
  • Change representation of size (new type BerSize) to support BER indefinite lengths
  • Rewrite BER/DER parsing macros to use functional parsing combinators
  • The constructed bit is now tested for explicit tagged structures
  • Some checks (for ex. tags in constructed objects) now return specific errors (InvalidTag) instead of generic errors (Verify)
  • Refactor BerObject for parsing of tagged and optional values
  • Add method as_bitslice() to BerObject
  • Remove Copy trait from BerObjectHeader, copy is non-trivial and should be explicit

... (truncated)

Commits
  • b864514 Prepare release 5.0.0
  • 93f119a Improve modules documentation
  • c62e116 Ensure Indefinite length form is only used in BER constructed objects
  • 7c884e6 Add methods parse_[bd]er_slice to parse an expected Tag and get content as slice
  • 90a69ba Rename fuzzers to have similar names
  • 8e12776 DER: factorize code and forbid indefinite length for all types
  • 1f7ea65 Integer parsing functions now all return IntegerTooLarge instead of MapRes
  • e4bf6a0 Add more tests (strings and character sets)
  • 68fb269 Add new error StringInvalidCharset and update string parsing methods
  • 460b90e Tests: use test-case and add many more tests (improve coverage)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Nov 30, 2020
@dependabot dependabot Bot force-pushed the dependabot/cargo/der-parser-5 branch from a5bdcd3 to dceefdc Compare January 11, 2021 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants