Merge e84e25d8fa into b152be7951

Update rustls (#4690 )
* Update rustls * Format code
2024-05-05 12:13:27 +05:30 · 2024-05-03 16:06:14 -04:00 · 2024-05-03 10:42:48 +00:00 · 2024-03-26 16:36:21 +01:00 · 2024-03-15 12:40:30 +01:00 · 2024-03-15 12:39:48 +01:00
10 changed files with 598 additions and 401 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -157,10 +157,10 @@ ts-rs = { version = "7.1.1", features = [
  "chrono-impl",
  "no-serde-warnings",
 ] }
-rustls = { version = "0.21.11", features = ["dangerous_configuration"] }
+rustls = { version = "0.23.5", features = ["ring"] }
 futures-util = "0.3.30"
 tokio-postgres = "0.7.10"
-tokio-postgres-rustls = "0.10.0"
+tokio-postgres-rustls = "0.12.0"
 urlencoding = "2.1.3"
 enum-map = "2.7"
 moka = { version = "0.12.7", features = ["future"] }
--- a/crates/api_common/Cargo.toml
+++ b/crates/api_common/Cargo.toml
@ -25,7 +25,7 @@ full = [
  "lemmy_db_views_moderator/full",
  "lemmy_utils/full",
  "activitypub_federation",
-  "encoding",
+  "encoding_rs",
  "reqwest-middleware",
  "webpage",
  "ts-rs",
@ -69,7 +69,7 @@ mime = { version = "0.3.17", optional = true }
 webpage = { version = "1.6", default-features = false, features = [
  "serde",
 ], optional = true }
-encoding = { version = "0.2.33", optional = true }
+encoding_rs = { version = "0.8.34", optional = true }
 jsonwebtoken = { version = "8.3.0", optional = true }
 # necessary for wasmt compilation
 getrandom = { version = "0.2.14", features = ["js"] }
--- a/crates/api_common/src/request.rs
+++ b/crates/api_common/src/request.rs
@ -6,7 +6,7 @@ use crate::{
  utils::{local_site_opt_to_sensitive, proxy_image_link, proxy_image_link_opt_apub},
 };
 use activitypub_federation::config::Data;
-use encoding::{all::encodings, DecoderTrap};
+use encoding_rs::{Encoding, UTF_8};
 use lemmy_db_schema::{
  newtypes::DbUrl,
  source::{
@ -160,11 +160,9 @@ fn extract_opengraph_data(html_bytes: &[u8], url: &Url) -> LemmyResult<OpenGraph
  // proper encoding. If the specified encoding cannot be found, fall back to the original UTF-8
  // version.
  if let Some(charset) = page.meta.get("charset") {
-    if charset.to_lowercase() != "utf-8" {
-      if let Some(encoding_ref) = encodings().iter().find(|e| e.name() == charset) {
-        if let Ok(html_with_encoding) = encoding_ref.decode(html_bytes, DecoderTrap::Replace) {
-          page = HTML::from_string(html_with_encoding, None)?;
-        }
+    if charset != UTF_8.name() {
+      if let Some(encoding) = Encoding::for_label(charset.as_bytes()) {
+        page = HTML::from_string(encoding.decode(html_bytes).0.into(), None)?;
      }
    }
  }
--- a/crates/apub/assets/lemmy/activities/block/block_user.json
+++ b/crates/apub/assets/lemmy/activities/block/block_user.json
@ -8,6 +8,6 @@
  "type": "Block",
  "removeData": true,
  "summary": "spam post",
-  "expires": "2021-11-01T12:23:50.151874Z",
+  "endTime": "2021-11-01T12:23:50.151874Z",
  "id": "http://enterprise.lemmy.ml/activities/block/5d42fffb-0903-4625-86d4-0b39bb344fc2"
 }
--- a/crates/apub/assets/lemmy/activities/block/undo_block_user.json
+++ b/crates/apub/assets/lemmy/activities/block/undo_block_user.json
@ -11,7 +11,7 @@
    "type": "Block",
    "removeData": true,
    "summary": "spam post",
-    "expires": "2021-11-01T12:23:50.151874Z",
+    "endTime": "2021-11-01T12:23:50.151874Z",
    "id": "http://enterprise.lemmy.ml/activities/block/726f43ab-bd0e-4ab3-89c8-627e976f553c"
  },
  "cc": ["http://enterprise.lemmy.ml/c/main"],
--- a/crates/apub/src/activities/block/block_user.rs
+++ b/crates/apub/src/activities/block/block_user.rs
@ -74,7 +74,6 @@ impl BlockUser {
        &context.settings().get_protocol_and_hostname(),
      )?,
      audience,
-      expires,
      end_time: expires,
    })
  }
@ -157,7 +156,7 @@ impl ActivityHandler for BlockUser {
  #[tracing::instrument(skip_all)]
  async fn receive(self, context: &Data<LemmyContext>) -> LemmyResult<()> {
    insert_received_activity(&self.id, context).await?;
-    let expires = self.expires.or(self.end_time).map(Into::into);
+    let expires = self.end_time.map(Into::into);
    let mod_person = self.actor.dereference(context).await?;
    let blocked_person = self.object.dereference(context).await?;
    let target = self.target.dereference(context).await?;
--- a/crates/apub/src/activities/block/undo_block_user.rs
+++ b/crates/apub/src/activities/block/undo_block_user.rs
@ -98,7 +98,7 @@ impl ActivityHandler for UndoBlockUser {
  #[tracing::instrument(skip_all)]
  async fn receive(self, context: &Data<LemmyContext>) -> LemmyResult<()> {
    insert_received_activity(&self.id, context).await?;
-    let expires = self.object.expires.or(self.object.end_time).map(Into::into);
+    let expires = self.object.end_time.map(Into::into);
    let mod_person = self.actor.dereference(context).await?;
    let blocked_person = self.object.object.dereference(context).await?;
    match self.object.target.dereference(context).await? {
--- a/crates/apub/src/protocol/activities/block/block_user.rs
+++ b/crates/apub/src/protocol/activities/block/block_user.rs
@ -38,8 +38,6 @@ pub struct BlockUser {
  pub(crate) remove_data: Option<bool>,
  /// block reason, written to mod log
  pub(crate) summary: Option<String>,
-  /// TODO: deprecated
-  pub(crate) expires: Option<DateTime<Utc>>,
  pub(crate) end_time: Option<DateTime<Utc>>,
 }

--- a/crates/db_schema/src/utils.rs
+++ b/crates/db_schema/src/utils.rs
@ -33,13 +33,22 @@ use lemmy_utils::{
 use once_cell::sync::Lazy;
 use regex::Regex;
 use rustls::{
-  client::{ServerCertVerified, ServerCertVerifier},
-  ServerName,
+  client::danger::{
+    DangerousClientConfigBuilder,
+    HandshakeSignatureValid,
+    ServerCertVerified,
+    ServerCertVerifier,
+  },
+  crypto::{self, verify_tls12_signature, verify_tls13_signature},
+  pki_types::{CertificateDer, ServerName, UnixTime},
+  ClientConfig,
+  DigitallySignedStruct,
+  SignatureScheme,
 };
 use std::{
  ops::{Deref, DerefMut},
  sync::Arc,
-  time::{Duration, SystemTime},
+  time::Duration,
 };
 use tracing::error;
 use url::Url;
@ -312,10 +321,11 @@ pub fn diesel_option_overwrite_to_url_create(opt: &Option<String>) -> LemmyResul

 fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
  let fut = async {
-    let rustls_config = rustls::ClientConfig::builder()
-      .with_safe_defaults()
-      .with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
-      .with_no_client_auth();
+    let rustls_config = DangerousClientConfigBuilder {
+      cfg: ClientConfig::builder(),
+    }
+    .with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
+    .with_no_client_auth();

    let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
    let (client, conn) = tokio_postgres::connect(config, tls)
@ -338,21 +348,55 @@ fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConne
  fut.boxed()
 }

+#[derive(Debug)]
 struct NoCertVerifier {}

 impl ServerCertVerifier for NoCertVerifier {
  fn verify_server_cert(
    &self,
-    _end_entity: &rustls::Certificate,
-    _intermediates: &[rustls::Certificate],
+    _end_entity: &CertificateDer,
+    _intermediates: &[CertificateDer],
    _server_name: &ServerName,
-    _scts: &mut dyn Iterator<Item = &[u8]>,
-    _ocsp_response: &[u8],
-    _now: SystemTime,
+    _ocsp: &[u8],
+    _now: UnixTime,
  ) -> Result<ServerCertVerified, rustls::Error> {
    // Will verify all (even invalid) certs without any checks (sslmode=require)
    Ok(ServerCertVerified::assertion())
  }
+
+  fn verify_tls12_signature(
+    &self,
+    message: &[u8],
+    cert: &CertificateDer,
+    dss: &DigitallySignedStruct,
+  ) -> Result<HandshakeSignatureValid, rustls::Error> {
+    verify_tls12_signature(
+      message,
+      cert,
+      dss,
+      &crypto::ring::default_provider().signature_verification_algorithms,
+    )
+  }
+
+  fn verify_tls13_signature(
+    &self,
+    message: &[u8],
+    cert: &CertificateDer,
+    dss: &DigitallySignedStruct,
+  ) -> Result<HandshakeSignatureValid, rustls::Error> {
+    verify_tls13_signature(
+      message,
+      cert,
+      dss,
+      &crypto::ring::default_provider().signature_verification_algorithms,
+    )
+  }
+
+  fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
+    crypto::ring::default_provider()
+      .signature_verification_algorithms
+      .supported_schemes()
+  }
 }

 pub async fn build_db_pool() -> LemmyResult<ActualDbPool> {
Author	SHA1	Message	Date
Nutomic	a54cf02e05	Merge `e84e25d8fa` into `b152be7951`	2024-05-05 12:13:27 +05:30
SleeplessOne1917	b152be7951	Update rustls (#4690 ) * Update rustls * Format code	2024-05-03 16:06:14 -04:00
SleeplessOne1917	485b0f1a54	Replace unmaintained encoding dep with maintained encoding_rs dep (#4694 ) * Replace dependency on unmaintained encoding crate with dep on maintained encoding_rs crate * Update lockfile * Taplo format Cargo.toml * Use better variable name * Replace into_owned with into	2024-05-03 10:42:48 +00:00
Felix Ableitner	e84e25d8fa	Merge branch 'main' into apub-remove-expires	2024-03-26 16:36:21 +01:00
Felix Ableitner	d12cb68c19	Remove nonstandard apub field `expires` (ref #2316 )	2024-03-15 12:40:30 +01:00
Felix Ableitner	83a8bb1630	Migrate apub block activity to standard `endTime` property (fixes #2316 )	2024-03-15 12:39:48 +01:00