This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
RUSTSEC-2021-0076 and libsecp256k1 version in sp-core #9356
Comments
This was referenced Jul 19, 2021
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Jul 20, 2021
Changes were made to conform to the version differences Closes paritytech#9356
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Jul 20, 2021
libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Jul 21, 2021
libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Jul 21, 2021
libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Aug 5, 2021
libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356
trevor-crypto
added a commit
to trevor-crypto/substrate
that referenced
this issue
Aug 16, 2021
libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356
ghost
closed this as
ghost
pushed a commit
that referenced
this issue
Aug 16, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
Neopallium
pushed a commit
to PolymeshAssociation/substrate
that referenced
this issue
Sep 2, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 * Add version2 for ecdsa pubkey recovery * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
gilescope
pushed a commit
that referenced
this issue
Sep 6, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
adamdossa
pushed a commit
to PolymeshAssociation/substrate
that referenced
this issue
Sep 6, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes paritytech#9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 * Add version2 for ecdsa pubkey recovery * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
bkchr
added a commit
that referenced
this issue
Sep 7, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 (#9391) * RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Use coherent prost crate versions (#9676) * Bump node-browser-testing deps on prost Co-authored-by: Trevor Arjeski <72849114+trevor-crypto@users.noreply.github.com> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> Co-authored-by: Andreas Doerr <adoerr@users.noreply.github.com>
cmichi
pushed a commit
that referenced
this issue
Sep 9, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 (#9391) * RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Use coherent prost crate versions (#9676) * Bump node-browser-testing deps on prost Co-authored-by: Trevor Arjeski <72849114+trevor-crypto@users.noreply.github.com> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> Co-authored-by: Andreas Doerr <adoerr@users.noreply.github.com>
apopiak
pushed a commit
that referenced
this issue
Sep 13, 2021
* RUSTSEC-2021-0076 bump libsecp256k1 libsecp256k1 allows overflowing signatures https://rustsec.org/advisories/RUSTSEC-2021-0076 Changes were made to conform to libsecp256k1 version differences. Closes #9356 * parse_standard_slice() -> parse_overflowing_slice() * Added v2 host function for ecdsa_verify * Add feature tag over helpers * Added ecdsa_verify v2 to test runner * PR feedback - Spaces -> tabs - renamed two helper functions * Fixed imports after rebasing * Bump rest of libsecp256k1 (and libp2p) libp2p also uses libsecp256k1 so it is required to be bumped too, along with all the version difference changes. * Add version2 for ecdsa pubkey recovery * libp2p rebase master fixes * Fix test panic when non Behaviour event is returned * Update bin/node/browser-testing/Cargo.toml * Update primitives/core/src/ecdsa.rs * Update primitives/core/src/ecdsa.rs * Update Cargo.lock Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There has been a new RUSTSEC issue that stems from
libsecp256k1: https://rustsec.org/advisories/RUSTSEC-2021-0076I would like to bump
libsecp256k1insp-core, but there are two blockers in the way:0.3.5->0.5.x: Removes redundant util::self libsecp256k1#63libsecp256k1no_std is broken. I submitted a PR already and tracking here: no-std support broken in 0.5.0 libsecp256k1#71Once these are resolved I will submit a PR to bump the dependency and make the required changes.
The text was updated successfully, but these errors were encountered: