diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index f66bf9762..5ba559e03 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -385,6 +385,12 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-channel]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + [[audits.futures-core]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -396,6 +402,15 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-core]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = """ +Adds an optimization in unsafe code (https://github.com/rust-lang/futures-rs/pull/2723). +The new code in AtomicWaker calls self.waker.get() twice assuming the same resulting pointer, but this appears to be correct because the AtomicWaker is in the required locked state. +""" + [[audits.futures-task]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -406,6 +421,18 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.27" +[[audits.futures-task]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + +[[audits.futures-task]] +who = "Daira Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +notes = "Dependency updates, and an MSRV update to Rust 1.56." + [[audits.futures-util]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -845,6 +872,23 @@ who = "Sean Bowe " criteria = "safe-to-deploy" delta = "0.3.0 -> 0.5.0" +[[audits.redjubjub]] +who = "Daira Emma Hopwood " +criteria = ["safe-to-deploy", "crypto-reviewed"] +version = "0.7.0" +notes = """ +This crate is a thin wrapper around the `reddsa` crate, which I did not review. I also +did not review tests or verify test vectors. + +The comment on `batch::Verifier::verify` has an error in the batch verification equation, +filed as https://github.com/ZcashFoundation/redjubjub/issues/163 . It does not affect the +implementation which just delegates to `reddsa`. `reddsa` has the same comment bug filed as +https://github.com/ZcashFoundation/reddsa/issues/52 , but its batch verification implementation +is correct. (I checked the latter against https://zips.z.cash/protocol/protocol.pdf#reddsabatchvalidate +which has had previous cryptographic review by NCC group; see finding NCC-Zcash2018-009 in +https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Zcash2018_Public_Report_2019-01-30_v1.3.pdf ). +""" + [[audits.regex]] who = "Jack Grigg " criteria = "safe-to-deploy" diff --git a/qa/supply-chain/config.toml b/qa/supply-chain/config.toml index c5e34a0da..ece7c4909 100644 --- a/qa/supply-chain/config.toml +++ b/qa/supply-chain/config.toml @@ -203,14 +203,6 @@ criteria = "safe-to-deploy" version = "2.0.0" criteria = "safe-to-deploy" -[[exemptions.futures-channel]] -version = "0.3.21" -criteria = "safe-to-deploy" - -[[exemptions.futures-core]] -version = "0.3.21" -criteria = "safe-to-deploy" - [[exemptions.futures-task]] version = "0.3.21" criteria = "safe-to-deploy" @@ -507,10 +499,6 @@ criteria = "safe-to-deploy" version = "0.3.0" criteria = "safe-to-deploy" -[[exemptions.redjubjub]] -version = "0.5.0" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.2.16" criteria = "safe-to-deploy" diff --git a/qa/supply-chain/imports.lock b/qa/supply-chain/imports.lock index 82e3e6daf..70de6dab3 100644 --- a/qa/supply-chain/imports.lock +++ b/qa/supply-chain/imports.lock @@ -52,6 +52,18 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.3" +[[audits.bytecode-alliance.audits.futures-channel]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "build.rs is just detecting the target and setting cfg. unsafety is for implementing a concurrency primitives using atomics and unsafecell, and is not obviously incorrect (this is the sort of thing I wouldn't certify as correct without formal methods)" + +[[audits.bytecode-alliance.audits.futures-core]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." + [[audits.bytecode-alliance.audits.memoffset]] who = "Alex Crichton " criteria = "safe-to-deploy"