From 43a0fe237e0d7bcb149d63a04e9f7c90e7ddbf63 Mon Sep 17 00:00:00 2001 From: Kris Nuttycombe Date: Mon, 20 Mar 2023 17:13:37 -0600 Subject: [PATCH 1/4] Update to use the `ff 0.13` dependency stack. --- .cargo/config.offline | 10 ++ Cargo.lock | 237 +++++++++++++++++++++--------------------- Cargo.toml | 20 +++- 3 files changed, 144 insertions(+), 123 deletions(-) diff --git a/.cargo/config.offline b/.cargo/config.offline index 8b7762d20..f937b314b 100644 --- a/.cargo/config.offline +++ b/.cargo/config.offline @@ -4,5 +4,15 @@ linker = "aarch64-linux-gnu-gcc" [source.crates-io] replace-with = "vendored-sources" +[source."https://github.com/zcash/librustzcash.git"] +git = "https://github.com/zcash/librustzcash.git" +rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" +replace-with = "vendored-sources" + +[source."https://github.com/zcash/orchard.git"] +git = "https://github.com/zcash/orchard.git" +rev = "bdcf15ba2141f94f031c195140219a99335d96d5" +replace-with = "vendored-sources" + [source.vendored-sources] # The directory for this source is set to RUST_VENDORED_SOURCES by src/Makefile.am diff --git a/Cargo.lock b/Cargo.lock index 478251d90..7671a49bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -61,15 +61,15 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.69" +version = "1.0.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800" +checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4" [[package]] name = "arrayref" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" +checksum = "6b4930d2cb77ce62f89ee5d5289b4ac049559b1c45539271f5ed4fdc7db34545" [[package]] name = "arrayvec" @@ -112,9 +112,9 @@ checksum = "cf9ff0bbfd639f15c74af777d81383cf53efb7c93613f6cab67c6c11e05bbf8b" [[package]] name = "bellman" -version = "0.13.1" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4dd656ef4fdf7debb6d87d4dd92642fcbcdb78cbf6600c13e25c87e4d1a3807" +checksum = "9afceed28bac7f9f5a508bca8aeeff51cdfa4770c0b967ac55c621e2ddfd6171" dependencies = [ "bitvec", "blake2s_simd", @@ -221,9 +221,9 @@ checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" [[package]] name = "bls12_381" -version = "0.7.1" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3c196a77437e7cc2fb515ce413a6401291578b5afc8ecb29a3c7ab957f05941" +checksum = "d7bc6d6292be3a19e6379786dac800f551e5865a5bb51ebbe3064ab80433f403" dependencies = [ "ff", "group", @@ -342,9 +342,9 @@ checksum = "13418e745008f7349ec7e449155f419a61b92b58a99cc3616942b926825ec76b" [[package]] name = "cpufeatures" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" +checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181" dependencies = [ "libc", ] @@ -457,7 +457,7 @@ checksum = "0b75aed41bb2e6367cae39e6326ef817a851db13c13e4f3263714ca3cfb8de56" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -532,8 +532,7 @@ checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" [[package]] name = "equihash" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab579d7cf78477773b03e80bc2f89702ef02d7112c711d54ca93dcdce68533d5" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "blake2b_simd", "byteorder", @@ -542,17 +541,16 @@ dependencies = [ [[package]] name = "f4jumble" version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a83e8d7fd0c526af4aad893b7c9fe41e2699ed8a776a6c74aecdeafe05afc75" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "blake2b_simd", ] [[package]] name = "ff" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ "bitvec", "rand_core 0.6.4", @@ -599,30 +597,30 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" [[package]] name = "futures-channel" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "164713a5a0dcc3e7b4b1ed7d3b433cabc18025386f9339346e8daf15963cf7ac" +checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" dependencies = [ "futures-core", ] [[package]] name = "futures-core" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd" +checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" [[package]] name = "futures-task" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879" +checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" [[package]] name = "futures-util" -version = "0.3.27" +version = "0.3.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab" +checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" dependencies = [ "futures-core", "futures-task", @@ -632,9 +630,9 @@ dependencies = [ [[package]] name = "generic-array" -version = "0.14.6" +version = "0.14.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", @@ -659,9 +657,9 @@ checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4" [[package]] name = "group" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", "memuse", @@ -686,14 +684,14 @@ checksum = "729f9bd3449d77e7831a18abfb7ba2f99ee813dfd15b8c2167c9a54ba20aa99d" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] name = "halo2_gadgets" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85e10bf9924da1754e443641c9e7f9f00483749f8fb837fde696ef6ed6e2f079" +checksum = "126a150072b0c38c7b573fe3eaf0af944a7fed09e154071bf2436d3f016f7230" dependencies = [ "arrayvec", "bitvec", @@ -708,17 +706,24 @@ dependencies = [ ] [[package]] -name = "halo2_proofs" -version = "0.2.0" +name = "halo2_legacy_pdqsort" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cff771b9a2445cd2545c9ef26d863c290fbb44ae440c825a20eb7156f67a949a" +checksum = "47716fe1ae67969c5e0b2ef826f32db8c3be72be325e1aa3c1951d06b5575ec5" + +[[package]] +name = "halo2_proofs" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b867a8d9bbb85fca76fff60652b5cd19b853a1c4d0665cb89bee68b18d2caf0" dependencies = [ "blake2b_simd", "ff", "group", + "halo2_legacy_pdqsort", + "maybe-rayon", "pasta_curves", "rand_core 0.6.4", - "rayon", "tracing", ] @@ -842,7 +847,7 @@ checksum = "11d7a9f6330b71fea57921c9b61c47ee6e84f72d394754eff6163ae67e7395eb" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -856,9 +861,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "1.9.2" +version = "1.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" dependencies = [ "autocfg", "hashbrown", @@ -875,9 +880,9 @@ dependencies = [ [[package]] name = "ipnet" -version = "2.7.1" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30e22bd8629359895450b59ea7a776c850561b96a3b1d31321c1949d9e6c9146" +checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f" [[package]] name = "itoa" @@ -896,9 +901,9 @@ dependencies = [ [[package]] name = "jubjub" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a575df5f985fe1cd5b2b05664ff6accfc46559032b954529fd225a2168d27b0f" +checksum = "8499f7a74008aafbecb2a2e608a3e13e4dd3e84df198b604451efe93f2de6e61" dependencies = [ "bitvec", "bls12_381", @@ -913,6 +918,9 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin", +] [[package]] name = "libc" @@ -1029,6 +1037,16 @@ dependencies = [ "regex-automata", ] +[[package]] +name = "maybe-rayon" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ea1f30cedd69f0a2954655f7188c6a834246d2bcf1e315e2ac40c4b24dc9519" +dependencies = [ + "cfg-if", + "rayon", +] + [[package]] name = "memchr" version = "2.5.0" @@ -1091,7 +1109,7 @@ checksum = "731f8ecebd9f3a4aa847dfe75455e4757a45da40a7793d2f0b1f9b6ed18b23f3" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -1235,8 +1253,7 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "orchard" version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f06b263206a75a7d96ca75d46a3e9ca8eaf7ab7feea209749bb8b818d22f427" +source = "git+https://github.com/zcash/orchard.git?rev=bdcf15ba2141f94f031c195140219a99335d96d5#bdcf15ba2141f94f031c195140219a99335d96d5" dependencies = [ "aes", "bitvec", @@ -1268,9 +1285,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "pairing" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "135590d8bdba2b31346f9cd1fb2a912329f5135e832a4f422942eb6ead8b6b3b" +checksum = "81fec4625e73cf41ef4bb6846cafa6d44736525f442ba45e407c4a000a13996f" dependencies = [ "group", ] @@ -1298,7 +1315,7 @@ dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -1337,9 +1354,9 @@ dependencies = [ [[package]] name = "pasta_curves" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cc65faf8e7313b4b1fbaa9f7ca917a0eed499a9663be71477f87993604341d8" +checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095" dependencies = [ "blake2b_simd", "ff", @@ -1456,9 +1473,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.52" +version = "1.0.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224" +checksum = "e472a104799c74b514a57226160104aa483546de37e839ec50e3c2e41dd87534" dependencies = [ "unicode-ident", ] @@ -1563,13 +1580,14 @@ dependencies = [ [[package]] name = "reddsa" -version = "0.3.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cc8038c8b7e481bdf688d0585d4897ed0e9e0cee10aa365dde51238c20e4182" +checksum = "54b34d2c0df43159d2ff79d3cf929c9f11415529127344edb8160ad2be499fcd" dependencies = [ "blake2b_simd", "byteorder", "group", + "hex", "jubjub", "pasta_curves", "rand_core 0.6.4", @@ -1580,15 +1598,12 @@ dependencies = [ [[package]] name = "redjubjub" -version = "0.5.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6039ff156887caf92df308cbaccdc058c9d3155a913da046add6e48c4cdbd91d" +checksum = "7a60db2c3bc9c6fd1e8631fee75abc008841d27144be744951d6b9b75f9b569c" dependencies = [ - "blake2b_simd", - "byteorder", - "digest 0.9.0", - "jubjub", "rand_core 0.6.4", + "reddsa", "serde", "thiserror", "zeroize", @@ -1616,9 +1631,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.7.1" +version = "1.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733" +checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d" dependencies = [ "regex-syntax", ] @@ -1634,9 +1649,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.28" +version = "0.6.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" +checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "ring" @@ -1664,9 +1679,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.21" +version = "0.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" +checksum = "d4a36c42d1873f9a77c53bde094f9664d9891bc604a45b4798fd2c389ed12e5b" [[package]] name = "rustc-hex" @@ -1715,29 +1730,29 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.156" +version = "1.0.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4" +checksum = "3c04e8343c3daeec41f58990b9d77068df31209f2af111e059e9fe9646693065" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.156" +version = "1.0.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7e29c4601e36bcec74a223228dce795f4cd3616341a4af93520ca1a837c087d" +checksum = "4c614d17805b093df4b147b51339e7e44bf05ef59fba1e45d83500bcfb4d8585" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.12", ] [[package]] name = "serde_json" -version = "1.0.94" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c533a59c9d8a93a09c6ab31f0fd5e5f4dd1b8fc9434804029839884765d04ea" +checksum = "d721eca97ac802aa7777b701877c8004d950fc142651367300d21c1cc0194744" dependencies = [ "itoa", "ryu", @@ -1824,15 +1839,14 @@ dependencies = [ ] [[package]] -name = "synstructure" -version = "0.12.6" +name = "syn" +version = "2.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "79d9531f94112cfc3e4c8f5f02cb2b58f72c97b7efd85f70203cc6d8efda5927" dependencies = [ "proc-macro2", "quote", - "syn", - "unicode-xid", + "unicode-ident", ] [[package]] @@ -1856,22 +1870,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.39" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c" +checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.39" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e" +checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.12", ] [[package]] @@ -1928,9 +1942,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.26.0" +version = "1.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03201d01c3c27a29c8a5cee5b55a93ddae1ccf6f08f65365c2c918f8c1b76f64" +checksum = "d0de47a4eecbe11f498978a9b29d792f0d2692d1dd003650c24c76510e3bc001" dependencies = [ "autocfg", "libc", @@ -1948,9 +1962,9 @@ checksum = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622" [[package]] name = "toml_edit" -version = "0.19.7" +version = "0.19.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274" +checksum = "239410c8609e8125456927e6707163a3b1fdb40561e4b803bc041f466ccfdc13" dependencies = [ "indexmap", "toml_datetime", @@ -1994,7 +2008,7 @@ checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", ] [[package]] @@ -2063,12 +2077,6 @@ dependencies = [ "tinyvec", ] -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - [[package]] name = "universal-hash" version = "0.5.0" @@ -2140,7 +2148,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn", + "syn 1.0.109", "wasm-bindgen-shared", ] @@ -2162,7 +2170,7 @@ checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.109", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2284,9 +2292,9 @@ checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" [[package]] name = "winnow" -version = "0.3.6" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966" +checksum = "ae8970b36c66498d8ff1d66685dc86b91b29db0c7739899012f63a63814b4b28" dependencies = [ "memchr", ] @@ -2303,8 +2311,7 @@ dependencies = [ [[package]] name = "zcash_address" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "804268e702b664fc09d3e2ce82786d0addf4ae57ba6976469be63e09066bf9f7" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "bech32", "bs58", @@ -2315,8 +2322,7 @@ dependencies = [ [[package]] name = "zcash_encoding" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f03391b81727875efa6ac0661a20883022b6fba92365dc121c48fa9b00c5aac0" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "byteorder", "nonempty", @@ -2325,8 +2331,7 @@ dependencies = [ [[package]] name = "zcash_history" version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb611a28a4e13ac715ee712f4344d6b279b767daf6345dafefb2c4bf582b6679" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "blake2b_simd", "byteorder", @@ -2335,9 +2340,8 @@ dependencies = [ [[package]] name = "zcash_note_encryption" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2be9c12532389fd03786b7068fb7936c17fade23b48f584707bdc5f79f3ec867" +version = "0.3.0" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "chacha20", "chacha20poly1305", @@ -2349,8 +2353,7 @@ dependencies = [ [[package]] name = "zcash_primitives" version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec8aed1d098e9f1b2bcd957ceab4188bf343cea30e7d0327fa49cea6ec44b167" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "aes", "bip0039", @@ -2385,8 +2388,7 @@ dependencies = [ [[package]] name = "zcash_proofs" version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28ca180a8138ae6e2de2b88573ed19dd57798f42a79a00d992b4d727132c7081" +source = "git+https://github.com/zcash/librustzcash.git?rev=4fea57dcac77870a142f15b1f1dfa6d34a0de7b8#4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" dependencies = [ "bellman", "blake2b_simd", @@ -2403,21 +2405,20 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.5.7" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" dependencies = [ "zeroize_derive", ] [[package]] name = "zeroize_derive" -version = "1.3.3" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44bf07cb3e50ea2003396695d58bf46bc9887a1f362260446fad6bc4e79bd36c" +checksum = "25588073e5216b50bca71d61cb8595cdb9745e87032a58c199730def2862c934" dependencies = [ "proc-macro2", "quote", - "syn", - "synstructure", + "syn 2.0.12", ] diff --git a/Cargo.toml b/Cargo.toml index 4aca44a56..dc3e71da8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,16 +38,16 @@ name = "zcashd-wallet-tool" path = "src/rust/bin/wallet_tool.rs" [dependencies] -bellman = "0.13" +bellman = "0.14" blake2b_simd = "1" blake2s_simd = "1" -bls12_381 = "0.7" +bls12_381 = "0.8" byteorder = "1" crossbeam-channel = "0.5" -group = "0.12" +group = "0.13" incrementalmerkletree = "0.3" libc = "0.2" -jubjub = "0.9" +jubjub = "0.10" memuse = "0.2" nonempty = "0.7" orchard = "0.3" @@ -60,7 +60,7 @@ tracing-appender = "0.2" zcash_address = "0.2" zcash_encoding = "0.2" zcash_history = "0.3" -zcash_note_encryption = "0.2" +zcash_note_encryption = "0.3" zcash_primitives = { version = "0.10.2", features = ["temporary-zcashd", "transparent-inputs"] } zcash_proofs = { version = "0.10", features = ["directories"] } ed25519-zebra = "3" @@ -112,3 +112,13 @@ features = ["ansi", "env-filter", "fmt", "time"] lto = 'thin' panic = 'abort' codegen-units = 1 + +[patch.crates-io] +equihash = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +orchard = { git = "https://github.com/zcash/orchard.git", rev = "bdcf15ba2141f94f031c195140219a99335d96d5" } +zcash_address = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +zcash_encoding = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +zcash_history = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } +zcash_proofs = { git = "https://github.com/zcash/librustzcash.git", rev = "4fea57dcac77870a142f15b1f1dfa6d34a0de7b8" } From fccdb03c53d6bec5b6236d69e1241104272a556c Mon Sep 17 00:00:00 2001 From: Sean Bowe Date: Thu, 30 Mar 2023 14:41:23 -0600 Subject: [PATCH 2/4] Add additional audits. --- .github/workflows/audits.yml | 2 +- qa/supply-chain/audits.toml | 118 +++++++++++++++++++++++++++++++++++ qa/supply-chain/config.toml | 2 +- qa/supply-chain/imports.lock | 37 ++++++++++- 4 files changed, 156 insertions(+), 3 deletions(-) diff --git a/.github/workflows/audits.yml b/.github/workflows/audits.yml index 374d70ae5..ab19a3dc4 100644 --- a/.github/workflows/audits.yml +++ b/.github/workflows/audits.yml @@ -14,5 +14,5 @@ jobs: - uses: dtolnay/rust-toolchain@stable id: toolchain - run: rustup override set ${{steps.toolchain.outputs.name}} - - run: cargo install cargo-vet + - run: cargo install cargo-vet --version ~0.6 - run: cargo vet --locked diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index 7dbd48eba..f66bf9762 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -36,12 +36,27 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.68 -> 1.0.69" +[[audits.anyhow]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.0.69 -> 1.0.70" + +[[audits.arrayref]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.3.6 -> 0.3.7" + [[audits.bellman]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.13.0 -> 0.13.1" notes = "Adds multi-threaded batch validation, which I checked against the existing single-threaded batch validation." +[[audits.bellman]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.13.1 -> 0.14.0" + [[audits.blake2b_simd]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -65,6 +80,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.7.0 -> 0.7.1" +[[audits.bls12_381]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.8.0" +notes = "I previously reviewed the crypto-sensitive portions of these changes as well." + [[audits.bumpalo]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -149,6 +170,11 @@ criteria = "safe-to-deploy" delta = "0.2.2 -> 0.2.5" notes = "Unsafe changes just introduce `#[inline(never)]` wrappers." +[[audits.cpufeatures]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + [[audits.crossbeam-channel]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -343,6 +369,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.12.1" +[[audits.ff]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.13.0" + [[audits.futures-channel]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -385,6 +416,11 @@ Changes to `unsafe` usage are to split `Either::project` into `Either::as_pin_re documentation. """ +[[audits.generic-array]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.14.6 -> 0.14.7" + [[audits.getrandom]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -404,6 +440,11 @@ who = "Kris Nuttycombe " criteria = "safe-to-deploy" delta = "0.12.0 -> 0.12.1" +[[audits.group]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.12.1 -> 0.13.0" + [[audits.halo2_gadgets]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -416,6 +457,12 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.1.0 -> 0.2.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.halo2_legacy_pdqsort]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.1.0" +notes = "The ECC core team maintains this crate, and we have reviewed every line." + [[audits.halo2_proofs]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -454,6 +501,11 @@ criteria = "safe-to-deploy" delta = "1.8.1 -> 1.9.1" notes = "I'm satisfied that the assertion guarding the new unsafe block is correct." +[[audits.indexmap]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.9.2 -> 1.9.3" + [[audits.inout]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -465,6 +517,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "2.5.0 -> 2.7.1" +[[audits.ipnet]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.7.2" + [[audits.itoa]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -486,6 +543,12 @@ notes = """ MDN documentation. """ +[[audits.jubjub]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.9.0 -> 0.10.0" +notes = "I previously reviewed the crypto-sensitive portions of these changes as well." + [[audits.libm]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -518,6 +581,11 @@ criteria = "safe-to-deploy" delta = "0.4.16 -> 0.4.17" notes = "I confirmed that the unsafe transmutes are fine; NonZeroU128 and NonZeroI128 are `#[repr(transparent)]` wrappers around u128 and i128 respectively." +[[audits.maybe-rayon]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +version = "0.1.1" + [[audits.memuse]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -633,6 +701,11 @@ who = "Kris Nuttycombe " criteria = "safe-to-deploy" delta = "0.2.0 -> 0.3.0" +[[audits.pairing]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.22.0 -> 0.23.0" + [[audits.parity-scale-codec]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -674,6 +747,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.4.0 -> 0.4.1" +[[audits.pasta_curves]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.4.1 -> 0.5.1" + [[audits.phf]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -762,11 +840,31 @@ Appears to be a move-only change in display code to expose an internal API. I did not verify that the change was move-only, but there is no unsafe code affected. """ +[[audits.reddsa]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.5.0" + [[audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.7.1" +[[audits.regex]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.7.1 -> 1.7.3" + +[[audits.regex-syntax]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.6.28 -> 0.6.29" + +[[audits.rustc-demangle]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.1.21 -> 0.1.22" + [[audits.ryu]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -815,6 +913,11 @@ who = "Daira Hopwood " criteria = "safe-to-deploy" delta = "1.0.91 -> 1.0.98" +[[audits.syn]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.0.102 -> 1.0.104" + [[audits.syn]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -899,6 +1002,11 @@ criteria = "safe-to-deploy" delta = "0.5.1 -> 0.6.1" notes = "Fixes a bug in parsing negative minutes in datetime string offsets." +[[audits.toml_edit]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "0.19.7 -> 0.19.8" + [[audits.try-lock]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1235,8 +1343,18 @@ criteria = "safe-to-deploy" delta = "1.4.3 -> 1.5.7" notes = "The zeroize_c_string unit test has UB, but that's very unlikely to cause a problem in practice." +[[audits.zeroize]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.5.7 -> 1.6.0" + [[audits.zeroize_derive]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.3.2 -> 1.3.3" notes = "Removes `T: Drop` bound from `impl Drop for SomeType`. I agree it was unnecessary." + +[[audits.zeroize_derive]] +who = "Sean Bowe " +criteria = "safe-to-deploy" +delta = "1.3.3 -> 1.4.1" diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index 569f404b9..c5e34a0da 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -2,7 +2,7 @@ # cargo-vet config file [cargo-vet] -version = "0.5" +version = "0.6" [imports.bytecode-alliance] url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 57b0bdb1a..82e3e6daf 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -186,6 +186,11 @@ who = "David Cook " criteria = "safe-to-deploy" version = "0.3.0" +[[audits.isrg.audits.proc-macro2]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.52 -> 1.0.54" + [[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -211,6 +216,11 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.154 -> 1.0.155" +[[audits.isrg.audits.serde]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.156 -> 1.0.159" + [[audits.isrg.audits.serde_derive]] who = "David Cook " criteria = "safe-to-deploy" @@ -226,20 +236,45 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.0.154 -> 1.0.155" +[[audits.isrg.audits.serde_derive]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.156 -> 1.0.159" + [[audits.isrg.audits.serde_json]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.93 -> 1.0.94" +[[audits.isrg.audits.serde_json]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.94 -> 1.0.95" + +[[audits.isrg.audits.syn]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.104 -> 2.0.11" + [[audits.isrg.audits.thiserror]] who = "Brandon Pitman " criteria = "safe-to-deploy" delta = "1.0.38 -> 1.0.39" +[[audits.isrg.audits.thiserror]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.39 -> 1.0.40" + +[[audits.isrg.audits.thiserror-impl]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.0.38 -> 1.0.39" + [[audits.isrg.audits.thiserror-impl]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.0.38 -> 1.0.39" +delta = "1.0.39 -> 1.0.40" [[audits.isrg.audits.unicode-ident]] who = "David Cook " From ff49b812dacd5a3794966a40eab0b28f555be072 Mon Sep 17 00:00:00 2001 From: Daira Emma Hopwood Date: Tue, 4 Apr 2023 00:21:39 +0100 Subject: [PATCH 3/4] `cargo update` Signed-off-by: Daira Emma Hopwood --- Cargo.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7671a49bd..bc7199a89 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,9 +19,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aead" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c192eb8f11fc081b0fe4259ba5af04217d4e0faddd02417310a927911abd7c8" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" dependencies = [ "crypto-common", "generic-array", @@ -279,9 +279,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chacha20" -version = "0.9.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7fc89c7c5b9e7a02dfe45cd2367bae382f9ed31c61ca8debe5f827c420a2f08" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" dependencies = [ "cfg-if", "cipher 0.4.4", @@ -1473,9 +1473,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.54" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e472a104799c74b514a57226160104aa483546de37e839ec50e3c2e41dd87534" +checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435" dependencies = [ "unicode-ident", ] @@ -1745,7 +1745,7 @@ checksum = "4c614d17805b093df4b147b51339e7e44bf05ef59fba1e45d83500bcfb4d8585" dependencies = [ "proc-macro2", "quote", - "syn 2.0.12", + "syn 2.0.13", ] [[package]] @@ -1840,9 +1840,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.12" +version = "2.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79d9531f94112cfc3e4c8f5f02cb2b58f72c97b7efd85f70203cc6d8efda5927" +checksum = "4c9da457c5285ac1f936ebd076af6dac17a61cfe7826f2076b4d015cf47bc8ec" dependencies = [ "proc-macro2", "quote", @@ -1885,7 +1885,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.12", + "syn 2.0.13", ] [[package]] @@ -2414,11 +2414,11 @@ dependencies = [ [[package]] name = "zeroize_derive" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25588073e5216b50bca71d61cb8595cdb9745e87032a58c199730def2862c934" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.12", + "syn 2.0.13", ] From d55d12d6e2962f6300335224568f011a882410c6 Mon Sep 17 00:00:00 2001 From: Daira Emma Hopwood Date: Tue, 4 Apr 2023 02:03:40 +0100 Subject: [PATCH 4/4] Add audits for updates to futures-* 0.3.28 and redjubjub 0.7.0. Signed-off-by: Daira Emma Hopwood --- qa/supply-chain/audits.toml | 44 ++++++++++++++++++++++++++++++++++++ qa/supply-chain/config.toml | 12 ---------- qa/supply-chain/imports.lock | 12 ++++++++++ 3 files changed, 56 insertions(+), 12 deletions(-) diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index f66bf9762..5ba559e03 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -385,6 +385,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-channel]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + [[audits.futures-core]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -396,6 +402,15 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-core]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = """ +Adds an optimization in unsafe code (https://github.com/rust-lang/futures-rs/pull/2723). +The new code in AtomicWaker calls self.waker.get() twice assuming the same resulting pointer, but this appears to be correct because the AtomicWaker is in the required locked state. +""" + [[audits.futures-task]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -406,6 +421,18 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-task]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + +[[audits.futures-task]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + [[audits.futures-util]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -845,6 +872,23 @@ who = "Sean Bowe " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.5.0" +[[audits.redjubjub]] +who = "Daira Emma Hopwood " +criteria = ["safe-to-deploy", "crypto-reviewed"] +version = "0.7.0" +notes = """ +This crate is a thin wrapper around the `reddsa` crate, which I did not review. I also +did not review tests or verify test vectors. + +The comment on `batch::Verifier::verify` has an error in the batch verification equation, +filed as https://github.com/ZcashFoundation/redjubjub/issues/163 . It does not affect the +implementation which just delegates to `reddsa`. `reddsa` has the same comment bug filed as +https://github.com/ZcashFoundation/reddsa/issues/52 , but its batch verification implementation +is correct. (I checked the latter against https://zips.z.cash/protocol/protocol.pdf#reddsabatchvalidate +which has had previous cryptographic review by NCC group; see finding NCC-Zcash2018-009 in +https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Zcash2018_Public_Report_2019-01-30_v1.3.pdf ). +""" + [[audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index c5e34a0da..ece7c4909 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -203,14 +203,6 @@ criteria = "safe-to-deploy" version = "2.0.0" criteria = "safe-to-deploy" -[[exemptions.futures-channel]] -version = "0.3.21" -criteria = "safe-to-deploy" - -[[exemptions.futures-core]] -version = "0.3.21" -criteria = "safe-to-deploy" - [[exemptions.futures-task]] version = "0.3.21" criteria = "safe-to-deploy" @@ -507,10 +499,6 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.redjubjub]] -version = "0.5.0" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.2.16" criteria = "safe-to-deploy" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 82e3e6daf..70de6dab3 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -52,6 +52,18 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.3" +[[audits.bytecode-alliance.audits.futures-channel]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)" + +[[audits.bytecode-alliance.audits.futures-core]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." + [[audits.bytecode-alliance.audits.memoffset]] who = "Alex Crichton " criteria = "safe-to-deploy"