This is an automated email from the ASF dual-hosted git repository.
alamb pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-rs-object-store.git
The following commit(s) were added to refs/heads/main by this push:
new 0083f41 fix: cargo audit warning for rustls-pemfile (#565)
0083f41 is described below
commit 0083f41f376c6fac5b4689b16dfbb4f020f52830
Author: Michael Gattozzi <[email protected]>
AuthorDate: Mon Dec 8 16:43:15 2025 -0500
fix: cargo audit warning for rustls-pemfile (#565)
* fix: cargo audit warning for rustls-pemfile
rustls-pemfile is now unamintained:
https://rustsec.org/advisories/RUSTSEC-2025-0134.html
This commit updates the deps according to the advisory to use
rustls-pki-types directly rather than rustls-pemfile.
Closes #564
* fix: CI failures
---
Cargo.toml | 4 ++--
src/gcp/credential.rs | 25 +++++++++++--------------
2 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index e02d3b3..1bc8bd1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -56,7 +56,7 @@ quick-xml = { version = "0.38.0", features = ["serialize",
"overlapped-lists"],
rand = { version = "0.9", default-features = false, features = ["std",
"std_rng", "thread_rng"], optional = true }
reqwest = { version = "0.12", default-features = false, features =
["rustls-tls-native-roots", "http2"], optional = true }
ring = { version = "0.17", default-features = false, features = ["std"],
optional = true }
-rustls-pemfile = { version = "2.0", default-features = false, features =
["std"], optional = true }
+rustls-pki-types = { version = "1.9", default-features = false, features =
["std"], optional = true }
serde = { version = "1.0", default-features = false, features = ["derive"],
optional = true }
serde_json = { version = "1.0", default-features = false, features = ["std"],
optional = true }
serde_urlencoded = { version = "0.7", optional = true }
@@ -74,7 +74,7 @@ default = ["fs"]
cloud = ["serde", "serde_json", "quick-xml", "hyper", "reqwest",
"reqwest/stream", "chrono/serde", "base64", "rand", "ring", "http-body-util",
"form_urlencoded", "serde_urlencoded"]
azure = ["cloud", "httparse"]
fs = ["walkdir"]
-gcp = ["cloud", "rustls-pemfile"]
+gcp = ["cloud", "rustls-pki-types"]
aws = ["cloud", "md-5"]
http = ["cloud"]
tls-webpki-roots = ["reqwest?/rustls-tls-webpki-roots"]
diff --git a/src/gcp/credential.rs b/src/gcp/credential.rs
index 2245829..75de68c 100644
--- a/src/gcp/credential.rs
+++ b/src/gcp/credential.rs
@@ -91,7 +91,9 @@ pub enum Error {
TokenResponseBody { source: HttpError },
#[error("Error reading pem file: {}", source)]
- ReadPem { source: std::io::Error },
+ ReadPem {
+ source: rustls_pki_types::pem::Error,
+ },
}
impl From<Error> for crate::Error {
@@ -127,19 +129,14 @@ pub struct ServiceAccountKey(RsaKeyPair);
impl ServiceAccountKey {
/// Parses a pem-encoded RSA key
pub fn from_pem(encoded: &[u8]) -> Result<Self> {
- use rustls_pemfile::Item;
- use std::io::Cursor;
-
- let mut cursor = Cursor::new(encoded);
- let mut reader = BufReader::new(&mut cursor);
-
- match rustls_pemfile::read_one(&mut reader) {
- Ok(item) => match item {
- Some(Item::Pkcs8Key(key)) =>
Self::from_pkcs8(key.secret_pkcs8_der()),
- Some(Item::Pkcs1Key(key)) =>
Self::from_der(key.secret_pkcs1_der()),
- _ => Err(Error::MissingKey),
- },
- Err(e) => Err(Error::ReadPem { source: e }),
+ use rustls_pki_types::PrivateKeyDer;
+ use rustls_pki_types::pem::PemObject;
+
+ match PrivateKeyDer::from_pem_slice(encoded) {
+ Ok(PrivateKeyDer::Pkcs8(key)) =>
Self::from_pkcs8(key.secret_pkcs8_der()),
+ Ok(PrivateKeyDer::Pkcs1(key)) =>
Self::from_der(key.secret_pkcs1_der()),
+ Ok(_) => Err(Error::MissingKey),
+ Err(source) => Err(Error::ReadPem { source }),
}
}
