rust: update time dependency
Crate: time Version: 0.1.44 Title: Potential segfault in the time crate Date: 2020-11-18 ID: RUSTSEC-2020-0071 URL: https://rustsec.org/advisories/RUSTSEC-2020-0071 Solution: Upgrade to >=0.2.23 Dependency tree: time 0.1.44 └── x509-parser 0.6.5 └── suricata 7.0.0-dev
Updated by Jason Ish over 1 year ago
Updating to x509-parser v0.13.0 which uses a fixed version of time brings our MSRV up to Rust 1.53 which is not acceptable for backports.
While its hard to quantify how this issue affects us, I believe it has to do with calls with `localtime_r` in one thread while another thread is fiddling with the TZ environment variable. The only calls we have to localtime_r come from Suricata itself, or the
time crate via
x509-parser, neither of which are fiddling with environment variables around their calls to