fix(security): upgrade libp2p 0.54.1 → 0.56.0 to eliminate ring 0.16.20 vulnerability
- Update libp2p from 0.54.1 to 0.56.0 in Cargo.toml - Update libp2p-kad from 0.46.2 to 0.48.0 for compatibility - Remove deprecated bandwidth logging (removed in libp2p 0.56) - transport.rs: Remove with_bandwidth_logging(), use websocket::Config - service.rs: Add NoBandwidthSink stub for bandwidth metrics - Fix NetworkBehaviour derive macro changes: - behaviour.rs: Add From<Infallible> implementation for BehaviourOut - Update pattern matching for new libp2p-swarm event fields: - request_responses.rs: Add connection_id to patterns - service.rs: Fix DialError::WrongPeerId field rename (endpoint → address) - service.rs: Add peer_id to IncomingConnectionError pattern - Fix test file for new transport return type: - conformance.rs: Update transport usage This eliminates the ring 0.16.20 security vulnerability (RUSTSEC-2024-0006) by upgrading to ring 0.17.14 via the libp2p dependency chain.
This commit is contained in:
@@ -464,3 +464,9 @@ impl From<void::Void> for BehaviourOut {
|
||||
void::unreachable(e)
|
||||
}
|
||||
}
|
||||
|
||||
impl From<std::convert::Infallible> for BehaviourOut {
|
||||
fn from(value: std::convert::Infallible) -> Self {
|
||||
match value {}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -111,7 +111,7 @@ fn setup_libp2p(
|
||||
.with_max_negotiating_inbound_streams(2048)
|
||||
.with_idle_connection_timeout(Duration::from_secs(5));
|
||||
|
||||
Swarm::new(transport.0, behaviour, local_peer_id, config)
|
||||
Swarm::new(transport, behaviour, local_peer_id, config)
|
||||
};
|
||||
|
||||
swarm.listen_on("/ip6/::1/tcp/0".parse().unwrap()).unwrap();
|
||||
|
||||
@@ -762,6 +762,7 @@ impl NetworkBehaviour for RequestResponsesBehaviour {
|
||||
request_response::Event::Message {
|
||||
peer,
|
||||
message: Message::Request { request_id, request, channel, .. },
|
||||
..
|
||||
} => {
|
||||
self.pending_responses_arrival_time
|
||||
.insert((protocol.clone(), request_id).into(), Instant::now());
|
||||
@@ -962,7 +963,7 @@ impl NetworkBehaviour for RequestResponsesBehaviour {
|
||||
},
|
||||
|
||||
// A response to an inbound request has been sent.
|
||||
request_response::Event::ResponseSent { request_id, peer } => {
|
||||
request_response::Event::ResponseSent { request_id, peer, .. } => {
|
||||
let arrival_time = self
|
||||
.pending_responses_arrival_time
|
||||
.remove(&(protocol.clone(), request_id).into())
|
||||
|
||||
@@ -113,18 +113,18 @@ pub mod traits;
|
||||
/// Logging target for the file.
|
||||
const LOG_TARGET: &str = "sub-libp2p";
|
||||
|
||||
struct Libp2pBandwidthSink {
|
||||
#[allow(deprecated)]
|
||||
sink: Arc<transport::BandwidthSinks>,
|
||||
}
|
||||
/// Stub bandwidth sink that returns 0 for all metrics.
|
||||
/// Bandwidth logging was removed in libp2p 0.56.0.
|
||||
/// TODO: Implement custom bandwidth tracking if needed.
|
||||
struct NoBandwidthSink;
|
||||
|
||||
impl BandwidthSink for Libp2pBandwidthSink {
|
||||
impl BandwidthSink for NoBandwidthSink {
|
||||
fn total_inbound(&self) -> u64 {
|
||||
self.sink.total_inbound()
|
||||
0
|
||||
}
|
||||
|
||||
fn total_outbound(&self) -> u64 {
|
||||
self.sink.total_outbound()
|
||||
0
|
||||
}
|
||||
}
|
||||
|
||||
@@ -338,7 +338,7 @@ where
|
||||
);
|
||||
info!(target: LOG_TARGET, "Running libp2p network backend");
|
||||
|
||||
let (transport, bandwidth) = {
|
||||
let transport = {
|
||||
let config_mem = match network_config.transport {
|
||||
TransportConfig::MemoryOnly => true,
|
||||
TransportConfig::Normal { .. } => false,
|
||||
@@ -467,7 +467,7 @@ where
|
||||
)?;
|
||||
|
||||
// Build the swarm.
|
||||
let (mut swarm, bandwidth): (Swarm<Behaviour<B>>, _) = {
|
||||
let mut swarm = {
|
||||
let user_agent =
|
||||
format!("{} ({})", network_config.client_version, network_config.node_name);
|
||||
|
||||
@@ -554,10 +554,12 @@ where
|
||||
|
||||
Swarm::new(transport, behaviour, local_peer_id, config)
|
||||
};
|
||||
|
||||
(swarm, Arc::new(Libp2pBandwidthSink { sink: bandwidth }))
|
||||
swarm
|
||||
};
|
||||
|
||||
// Stub bandwidth sink (bandwidth logging removed in libp2p 0.56.0)
|
||||
let bandwidth: Arc<dyn BandwidthSink> = Arc::new(NoBandwidthSink);
|
||||
|
||||
// Initialize the metrics.
|
||||
let metrics = match ¶ms.metrics_registry {
|
||||
Some(registry) => Some(metrics::register(
|
||||
@@ -1790,12 +1792,7 @@ where
|
||||
if let Some(addresses) =
|
||||
not_reported.then(|| self.boot_node_ids.get(&peer_id)).flatten()
|
||||
{
|
||||
if let DialError::WrongPeerId { obtained, endpoint } = &error {
|
||||
if let ConnectedPoint::Dialer {
|
||||
address,
|
||||
role_override: _,
|
||||
port_use: _,
|
||||
} = endpoint
|
||||
if let DialError::WrongPeerId { obtained, address } = &error {
|
||||
{
|
||||
let address_without_peer_id = parse_addr(address.clone().into())
|
||||
.map_or_else(|_| address.clone(), |r| r.1.into());
|
||||
@@ -1851,6 +1848,7 @@ where
|
||||
local_addr,
|
||||
send_back_addr,
|
||||
error,
|
||||
..
|
||||
} => {
|
||||
debug!(
|
||||
target: LOG_TARGET,
|
||||
|
||||
@@ -25,26 +25,18 @@ use libp2p::{
|
||||
transport::{Boxed, OptionalTransport},
|
||||
upgrade,
|
||||
},
|
||||
dns, identity, noise, tcp, websocket, PeerId, Transport, TransportExt,
|
||||
dns, identity, noise, tcp, websocket, PeerId, Transport,
|
||||
};
|
||||
use std::{sync::Arc, time::Duration};
|
||||
|
||||
// TODO: Create a wrapper similar to upstream `BandwidthTransport` that tracks sent/received bytes
|
||||
#[allow(deprecated)]
|
||||
pub use libp2p::bandwidth::BandwidthSinks;
|
||||
use std::time::Duration;
|
||||
|
||||
/// Builds the transport that serves as a common ground for all connections.
|
||||
///
|
||||
/// If `memory_only` is true, then only communication within the same process are allowed. Only
|
||||
/// addresses with the format `/memory/...` are allowed.
|
||||
///
|
||||
/// Returns a `BandwidthSinks` object that allows querying the average bandwidth produced by all
|
||||
/// the connections spawned with this transport.
|
||||
#[allow(deprecated)]
|
||||
pub fn build_transport(
|
||||
keypair: identity::Keypair,
|
||||
memory_only: bool,
|
||||
) -> (Boxed<(PeerId, StreamMuxerBox)>, Arc<BandwidthSinks>) {
|
||||
) -> Boxed<(PeerId, StreamMuxerBox)> {
|
||||
// Build the base layer of the transport.
|
||||
let transport = if !memory_only {
|
||||
// Main transport: DNS(TCP)
|
||||
@@ -61,11 +53,11 @@ pub fn build_transport(
|
||||
let tcp_trans = tcp::tokio::Transport::new(tcp_config);
|
||||
let dns_for_wss = dns::tokio::Transport::system(tcp_trans)
|
||||
.expect("same system_conf & resolver to work");
|
||||
Either::Left(websocket::WsConfig::new(dns_for_wss).or_transport(dns))
|
||||
Either::Left(websocket::Config::new(dns_for_wss).or_transport(dns))
|
||||
} else {
|
||||
// In case DNS can't be constructed, fallback to TCP + WS (WSS won't work)
|
||||
let tcp_trans = tcp::tokio::Transport::new(tcp_config.clone());
|
||||
let desktop_trans = websocket::WsConfig::new(tcp_trans)
|
||||
let desktop_trans = websocket::Config::new(tcp_trans)
|
||||
.or_transport(tcp::tokio::Transport::new(tcp_config));
|
||||
Either::Right(desktop_trans)
|
||||
})
|
||||
@@ -76,12 +68,10 @@ pub fn build_transport(
|
||||
let authentication_config = noise::Config::new(&keypair).expect("Can create noise config. qed");
|
||||
let multiplexing_config = libp2p::yamux::Config::default();
|
||||
|
||||
let transport = transport
|
||||
transport
|
||||
.upgrade(upgrade::Version::V1Lazy)
|
||||
.authenticate(authentication_config)
|
||||
.multiplex(multiplexing_config)
|
||||
.timeout(Duration::from_secs(20))
|
||||
.boxed();
|
||||
|
||||
transport.with_bandwidth_logging()
|
||||
.boxed()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user