Update hmac, pbkdf2, serde, serde_json, sha-1

Cargo.lock

@@ -156,6 +156,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "block-buffer"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1d36a02058e76b040de25a4464ba1c80935655595b661505c8b39b664828b95"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "bumpalo"
 version = "3.8.0"
@@ -330,13 +339,12 @@ dependencies = [
 ]
 
 [[package]]
-name = "crypto-mac"
+name = "crypto-common"
-version = "0.11.1"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
+checksum = "683d6b536309245c849479fba3da410962a43ed8e51c26b729208ec0ac2798d0"
 dependencies = [
  "generic-array",
- "subtle",
 ]
 
 [[package]]
@@ -412,6 +420,18 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "digest"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b697d66081d42af4fba142d56918a3cb21dc8eb63372c6b85d14f44fb9c5979b"
+dependencies = [
+ "block-buffer 0.10.0",
+ "crypto-common",
+ "generic-array",
+ "subtle",
+]
+
 [[package]]
 name = "dns-sd"
 version = "0.1.3"
@@ -804,7 +824,7 @@ dependencies = [
  "http",
  "httpdate",
  "mime",
- "sha-1",
+ "sha-1 0.9.8",
 ]
 
 [[package]]
@@ -842,12 +862,11 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
 [[package]]
 name = "hmac"
-version = "0.11.0"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
+checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2"
 dependencies = [
- "crypto-mac",
+ "digest 0.10.1",
- "digest",
 ]
 
 [[package]]
@@ -869,7 +888,7 @@ checksum = "1323096b05d41827dadeaee54c9981958c0f94e670bc94ed80037d1a7b8b186b"
 dependencies = [
  "bytes",
  "fnv",
- "itoa",
+ "itoa 0.4.8",
 ]
 
 [[package]]
@@ -916,7 +935,7 @@ dependencies = [
  "http-body",
  "httparse",
  "httpdate",
- "itoa",
+ "itoa 0.4.8",
  "pin-project-lite",
  "socket2",
  "tokio",
@@ -1048,6 +1067,12 @@ version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
 
+[[package]]
+name = "itoa"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35"
+
 [[package]]
 name = "jack"
 version = "0.7.3"
@@ -1239,7 +1264,7 @@ dependencies = [
  "librespot-protocol",
  "log",
  "rpassword",
- "sha-1",
+ "sha-1 0.9.8",
  "thiserror",
  "tokio",
  "url",
@@ -1318,7 +1343,7 @@ dependencies = [
  "rand",
  "serde",
  "serde_json",
- "sha-1",
+ "sha-1 0.10.0",
  "shannon",
  "thiserror",
  "tokio",
@@ -1350,7 +1375,7 @@ dependencies = [
  "log",
  "rand",
  "serde_json",
- "sha-1",
+ "sha-1 0.10.0",
  "thiserror",
  "tokio",
 ]
@@ -1840,11 +1865,11 @@ checksum = "0744126afe1a6dd7f394cb50a716dbe086cb06e255e53d8d0185d82828358fb5"
 
 [[package]]
 name = "pbkdf2"
-version = "0.8.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d95f5254224e617595d2cc3cc73ff0a5eaf2637519e25f03388154e9378b6ffa"
+checksum = "a4628cc3cf953b82edcd3c1388c5715401420ce5524fedbab426bd5aba017434"
 dependencies = [
- "crypto-mac",
+ "digest 0.10.1",
  "hmac",
 ]
 
@@ -2330,18 +2355,18 @@ checksum = "568a8e6258aa33c13358f81fd834adb854c6f7c9468520910a9b1e8fac068012"
 
 [[package]]
 name = "serde"
-version = "1.0.130"
+version = "1.0.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913"
+checksum = "97565067517b60e2d1ea8b268e59ce036de907ac523ad83a0475da04e818989a"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.130"
+version = "1.0.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b"
+checksum = "ed201699328568d8d08208fdd080e3ff594e6c422e438b6705905da01005d537"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2350,11 +2375,11 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.72"
+version = "1.0.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527"
+checksum = "ee2bb9cd061c5865d345bb02ca49fcef1391741b672b54a0bf7b679badec3142"
 dependencies = [
- "itoa",
+ "itoa 1.0.1",
  "ryu",
  "serde",
 ]
@@ -2365,13 +2390,24 @@ version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6"
 dependencies = [
- "block-buffer",
+ "block-buffer 0.9.0",
  "cfg-if 1.0.0",
  "cpufeatures",
- "digest",
+ "digest 0.9.0",
  "opaque-debug",
 ]
 
+[[package]]
+name = "sha-1"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f"
+dependencies = [
+ "cfg-if 1.0.0",
+ "cpufeatures",
+ "digest 0.10.1",
+]
+
 [[package]]
 name = "shannon"
 version = "0.2.0"
@@ -2816,7 +2852,7 @@ dependencies = [
  "log",
  "rand",
  "rustls 0.20.2",
- "sha-1",
+ "sha-1 0.9.8",
  "thiserror",
  "url",
  "utf-8",

connect/Cargo.toml

@@ -11,7 +11,7 @@ edition = "2018"
 form_urlencoded = "1.0"
 futures-util = "0.3"
 log = "0.4"
-protobuf = "2.14.0"
+protobuf = "2"
 rand = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"

core/Cargo.toml

@@ -18,11 +18,11 @@ base64 = "0.13"
 byteorder = "1.4"
 bytes = "1"
 chrono = "0.4"
-dns-sd = { version = "0.1.3", optional = true }
+dns-sd = { version = "0.1", optional = true }
 form_urlencoded = "1.0"
 futures-core = "0.3"
 futures-util = { version = "0.3", features = ["alloc", "bilock", "sink", "unstable"] }
-hmac = "0.11"
+hmac = "0.12"
 httparse = "1.3"
 http = "0.2"
 hyper = { version = "0.14", features = ["client", "http1", "http2", "tcp"] }
@@ -36,15 +36,15 @@ num-integer = "0.1"
 num-traits = "0.2"
 once_cell = "1.5.2"
 parking_lot = { version = "0.11", features = ["deadlock_detection"] }
-pbkdf2 = { version = "0.8", default-features = false, features = ["hmac"] }
+pbkdf2 = { version = "0.10", default-features = false, features = ["hmac"] }
 priority-queue = "1.1"
-protobuf = "2.14.0"
+protobuf = "2"
 quick-xml = { version = "0.22", features = ["serialize"] }
 rand = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-sha-1 = "0.9"
+sha-1 = "0.10"
-shannon = "0.2.0"
+shannon = "0.2"
 thiserror = "1.0"
 tokio = { version = "1", features = ["io-util", "macros", "net", "parking_lot", "rt", "sync", "time"] }
 tokio-stream = "0.1"

core/src/connection/handshake.rs

@@ -1,7 +1,7 @@
 use std::{env::consts::ARCH, io};
 
 use byteorder::{BigEndian, ByteOrder, WriteBytesExt};
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 use protobuf::{self, Message};
 use rand::{thread_rng, RngCore};
 use sha1::Sha1;

discovery/Cargo.toml

@@ -15,13 +15,13 @@ dns-sd = { version = "0.1.3", optional = true }
 form_urlencoded = "1.0"
 futures-core = "0.3"
 futures-util = "0.3"
-hmac = "0.11"
+hmac = "0.12"
 hyper = { version = "0.14", features = ["http1", "server", "tcp"] }
 libmdns = "0.6"
 log = "0.4"
 rand = "0.8"
 serde_json = "1.0.25"
-sha-1 = "0.9"
+sha-1 = "0.10"
 thiserror = "1.0"
 tokio = { version = "1", features = ["parking_lot", "sync", "rt"] }
 

discovery/src/server.rs

@@ -15,7 +15,7 @@ use aes::{
 };
 use futures_core::Stream;
 use futures_util::{FutureExt, TryFutureExt};
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 use hyper::{
     service::{make_service_fn, service_fn},
     Body, Method, Request, Response, StatusCode,
@@ -137,7 +137,7 @@ impl RequestHandler {
         let mut h = Hmac::<Sha1>::new_from_slice(&checksum_key)
             .map_err(|_| DiscoveryError::HmacError(base_key.to_vec()))?;
         h.update(encrypted);
-        if h.verify(cksum).is_err() {
+        if h.verify_slice(cksum).is_err() {
             warn!("Login error for user {:?}: MAC mismatch", username);
             let result = json!({
                 "status": 102,

metadata/Cargo.toml

@@ -13,7 +13,7 @@ byteorder = "1.3"
 bytes = "1"
 chrono = "0.4"
 log = "0.4"
-protobuf = "2.14.0"
+protobuf = "2"
 thiserror = "1"
 uuid = { version = "0.8", default-features = false }
 

protocol/Cargo.toml

@@ -9,8 +9,8 @@ repository = "https://github.com/librespot-org/librespot"
 edition = "2018"
 
 [dependencies]
-protobuf = "2.25"
+protobuf = "2"
 
 [build-dependencies]
 glob = "0.3.0"
-protobuf-codegen-pure = "2.25"
+protobuf-codegen-pure = "2"