Merge pull request #7030 from daira/nicer-bip0039-language-handling

Make the handling of bip0039 languages nicer

.github/workflows/audits.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: dtolnay/rust-toolchain@stable
         id: toolchain
       - run: rustup override set ${{steps.toolchain.outputs.name}}
-      - run: cargo install cargo-vet --version ~0.9
+      - run: cargo install cargo-vet --version ~0.10
       - run: cargo vet --locked
 
   cargo-deny:

.github/workflows/ci-skip.yml

@@ -45,9 +45,9 @@ jobs:
           fetch-depth: 0
 
       - name: Fetch the commits for the PR branch
-        run: git fetch $HEAD_REPO $HEAD_SHA
+        run: git fetch "${HEAD_REPO}" "${HEAD_SHA}"
         env:
-          HEAD_REPO: ${{ github.event.pull_request.head.repo }}
+          HEAD_REPO: ${{ github.event.pull_request.head.repo.clone_url }}
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
 
       - name: Check whether the changes are only to the set of filtered paths
@@ -74,7 +74,11 @@ jobs:
           ]
           paths_regex = '(?:%s)' % '|'.join(paths)
 
-          changed_files = shlex.split(os.environ["CHANGED_FILES"])
+          lex = shlex.shlex(posix = True)
+          lex.whitespace = '\n\r'
+          lex.whitespace_split = True
+          lex.commenters = ''
+          changed_files = list(lex)
           if len(changed_files) == 0:
               sys.exit(1)
 
@@ -85,9 +89,8 @@ jobs:
 
           print('result=verified' if verified else 'result=skipped')
           EOF
-          CHANGED_FILES=$(git diff --name-only ${{ github.sha }}...$HEAD_SHA --)
-          echo $CHANGED_FILES
-          CHANGED_FILES=$CHANGED_FILES python3 ./subclass.py >> $GITHUB_OUTPUT
+
+          git diff --name-only ${{ github.sha }}...$HEAD_SHA -- | python3 ./subclass.py >> $GITHUB_OUTPUT
         env:
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
 

.github/workflows/ci.yml

@@ -51,33 +51,33 @@ jobs:
             - name: Debian-bookworm
               tier: 1
               platform: Debian Bookworm
-              build_os: ubuntu-20.04-8cores
-              test_os: ubuntu-20.04
+              build_os: ubuntu-22.04-8cores
+              test_os: ubuntu-22.04
               container: electriccoinco/debian-helper:bookworm
               host: x86_64-pc-linux-gnu
 
             - name: Debian-bullseye
               tier: 1
               platform: Debian bullseye
-              build_os: ubuntu-20.04-8cores
-              test_os: ubuntu-20.04
+              build_os: ubuntu-22.04-8cores
+              test_os: ubuntu-22.04
               container: electriccoinco/debian-helper:bullseye
               host: x86_64-pc-linux-gnu
 
-            - name: ubuntu-20.04
-              tier: 1
-              platform: Ubuntu 20.04
-              build_os: ubuntu-20.04-8cores
-              test_os: ubuntu-20.04
-              host: x86_64-pc-linux-gnu
-
             - name: ubuntu-22.04
-              tier: 3
+              tier: 1
               platform: Ubuntu 22.04
               build_os: ubuntu-22.04-8cores
               test_os: ubuntu-22.04
               host: x86_64-pc-linux-gnu
 
+            - name: ubuntu-24.04
+              tier: 3
+              platform: Ubuntu 24.04
+              build_os: ubuntu-24.04
+              test_os: ubuntu-24.04
+              host: x86_64-pc-linux-gnu
+
             # - name: macos-12
             #   tier: 3
             #   platform: macOS 12 Monterey

Cargo.toml

@@ -35,7 +35,7 @@ path = "src/rust/bin/wallet_tool.rs"
 
 [dependencies]
 bellman = "0.14"
-bip0039 = { version = "0.10.1", features = ["std", "all-languages"] }
+bip0039 = { version = "0.12", features = ["std", "all-languages"] }
 blake2b_simd = "1"
 blake2s_simd = "1"
 bls12_381 = "0.8"
@@ -51,7 +51,7 @@ jubjub = "0.10"
 memuse = "0.2"
 nonempty = "0.7"
 orchard = "0.10"
-sapling = { package = "sapling-crypto", version = "0.3", features = ["temporary-zcashd"] }
+sapling = { package = "sapling-crypto", version = "0.4", features = ["temporary-zcashd"] }
 secp256k1 = "0.27"
 subtle = "2.2"
 rand_core = "0.6"
@@ -59,12 +59,13 @@ redjubjub = "0.7"
 tracing = "0.1"
 tracing-core = "0.1"
 tracing-appender = "0.2"
+transparent = { package = "zcash_transparent", version = "0.1" }
 zcash_address = "0.6"
 zcash_encoding = "0.2.1"
 zcash_history = "0.4"
 zcash_note_encryption = "0.4"
-zcash_primitives = { version = "0.19", features = ["temporary-zcashd", "transparent-inputs"] }
-zcash_proofs = { version = "0.19", features = ["directories"] }
+zcash_primitives = { version = "0.21", features = ["temporary-zcashd", "transparent-inputs"] }
+zcash_proofs = { version = "0.21", features = ["directories"] }
 zcash_protocol = { version = "0.4", features = ["local-consensus"] }
 ed25519-zebra = "4"
 zeroize = "1.4.2"
@@ -72,7 +73,7 @@ wagyu-zcash-parameters = "0.2"
 
 # Rust/C++ interop
 # The version needs to match depends/packages/native_cxxbridge.mk
-cxx = { version = "=1.0.128", features = ["c++17"] }
+cxx = { version = "=1.0.158", features = ["c++17"] }
 
 # Rust threading
 rayon = "1.5"
@@ -91,16 +92,19 @@ gumdrop = "0.8"
 # (also depends on tracing, and tracing-subscriber with "env-filter" and "fmt" features)
 anyhow = "1.0"
 backtrace = "0.3"
-clearscreen = "3"
+clearscreen = "4"
 rand = "0.8"
 secrecy = "0.8"
-thiserror = "1"
+thiserror = "2"
 time = { version = "0.3", features = ["formatting", "macros"] }
 
+# Macros
+macro_find_and_replace = "1"
+
 [dev-dependencies]
 incrementalmerkletree = { version = "0.7", features = ["test-dependencies"] }
 proptest = "1.0.0"
-zcash_primitives = { version = "0.19", features = ["temporary-zcashd", "transparent-inputs", "test-dependencies"] }
+zcash_primitives = { version = "0.21", features = ["temporary-zcashd", "transparent-inputs", "test-dependencies"] }
 
 [dependencies.tracing-subscriber]
 version = "0.3"

README.md

@@ -1,4 +1,4 @@
-Zcash 6.0.0
+Zcash 6.2.0
 <img align="right" width="120" height="80" src="doc/imgs/logo.png">
 ===========
 
@@ -60,8 +60,8 @@ for instructions on joining the main Zcash network.
 
 * :blue_book: See the documentation at the [ReadTheDocs](https://zcash.readthedocs.io)
   for help and more information.
-* :incoming_envelope: Ask for help on the [Zcash](https://forum.z.cash/) forum.
-* :speech_balloon: Join our community on [Discord](https://discord.com/invite/zcash) 
+* :incoming_envelope: Ask for help on the [Zcash forum](https://forum.zcashcommunity.com/).
+* :speech_balloon: Join our community on the [Zcash Global Discord](https://discord.com/invite/zcash).
 * 🧑‍🎓: Learn at [ZecHub](https://zechub.wiki/)
 
 Participation in the Zcash project is subject to a
@@ -76,7 +76,7 @@ Build Zcash along with most dependencies from source by running the following co
 ```
 
 Currently, Zcash is only officially supported on Debian and Ubuntu. See the
-[Debian / Ubuntu build](https://zcash.readthedocs.io/en/latest/rtd_pages/Debian-Ubuntu-build.html)
+[Debian / Ubuntu build page](https://zcash.readthedocs.io/en/latest/rtd_pages/Debian-Ubuntu-build.html)
 for detailed instructions.
 
 License

configure.ac

@@ -1,7 +1,7 @@
 dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N)
 AC_PREREQ([2.60])
 define(_CLIENT_VERSION_MAJOR, 6)
-define(_CLIENT_VERSION_MINOR, 0)
+define(_CLIENT_VERSION_MINOR, 2)
 define(_CLIENT_VERSION_REVISION, 0)
 define(_CLIENT_VERSION_BUILD, 50)
 define(_ZC_BUILD_VAL, m4_if(m4_eval(_CLIENT_VERSION_BUILD < 25), 1, m4_incr(_CLIENT_VERSION_BUILD), m4_eval(_CLIENT_VERSION_BUILD < 50), 1, m4_eval(_CLIENT_VERSION_BUILD - 24), m4_eval(_CLIENT_VERSION_BUILD == 50), 1, , m4_eval(_CLIENT_VERSION_BUILD - 50)))

contrib/debian/changelog

@@ -1,3 +1,21 @@
+zcash (6.2.0) stable; urgency=medium
+
+  * 6.2.0 release.
+
+ -- Electric Coin Company <team@electriccoin.co>  Wed, 16 Apr 2025 23:59:38 +0100
+
+zcash (6.2.0~rc1) stable; urgency=medium
+
+  * 6.2.0-rc1 release.
+
+ -- Electric Coin Company <team@electriccoin.co>  Thu, 10 Apr 2025 18:44:12 +0100
+
+zcash (6.1.0) stable; urgency=medium
+
+  * 6.1.0 release.
+
+ -- Electric Coin Company <team@electriccoin.co>  Thu, 02 Jan 2025 19:21:42 +0000
+
 zcash (6.0.0) stable; urgency=high
 
   * 6.0.0 release.

contrib/debian/copyright

@@ -190,6 +190,10 @@ Copyright: 2016-2021 isis agora lovecruft
  2012 The Go Authors
 License: BSD-3-clause and BSD-3-clause-Google
 
+Files: depends/*/vendored-sources/foldhash/*
+Copyright: 2024 Orson Peters
+License: Zlib
+
 Files: depends/*/vendored-sources/instant/*
 Copyright: 2019 Sébastien Crozet
 License: BSD-3-clause
@@ -235,8 +239,8 @@ Copyright: 2016-2020 meh <meh@schizofreni.co>
 License: WTFPL
 
 Files: depends/*/vendored-sources/unicode-ident/src/tables.rs
-Copyright: 1991-2022 Unicode, Inc
-License: Unicode-DFS-2016
+Copyright: 1991-2023 Unicode, Inc.
+License: Unicode-3.0
 Comment: This entry is for code in the unicode-ident crate generated from Unicode data tables.
  The license of the unicode-ident crate itself is MIT/Expat or Apache-2.0.
 
@@ -2031,50 +2035,62 @@ License: Ring-BoringSSL
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  SOFTWARE.
 
-License: Unicode-DFS-2016
- UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE
- .
- See Terms of Use <https://www.unicode.org/copyright.html>
- for definitions of Unicode Inc.’s Data Files and Software.
- .
- NOTICE TO USER: Carefully read the following legal agreement.
- BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S
- DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),
- YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE
- TERMS AND CONDITIONS OF THIS AGREEMENT.
- IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE
- THE DATA FILES OR SOFTWARE.
+License: Unicode-3.0
+ UNICODE LICENSE V3
  .
  COPYRIGHT AND PERMISSION NOTICE
  .
- Copyright © 1991-2022 Unicode, Inc. All rights reserved.
- Distributed under the Terms of Use in https://www.unicode.org/copyright.html.
+ Copyright © 1991-2023 Unicode, Inc.
  .
- Permission is hereby granted, free of charge, to any person obtaining
- a copy of the Unicode data files and any associated documentation
- (the "Data Files") or Unicode software and any associated documentation
- (the "Software") to deal in the Data Files or Software
- without restriction, including without limitation the rights to use,
- copy, modify, merge, publish, distribute, and/or sell copies of
- the Data Files or Software, and to permit persons to whom the Data Files
- or Software are furnished to do so, provided that either
- (a) this copyright and permission notice appear with all copies
- of the Data Files or Software, or
- (b) this copyright and permission notice appear in associated
- Documentation.
+ NOTICE TO USER: Carefully read the following legal agreement. BY
+ DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING DATA FILES, AND/OR
+ SOFTWARE, YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE
+ TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE, DO NOT
+ DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE THE DATA FILES OR SOFTWARE.
  .
- THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF
- ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
- WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- NONINFRINGEMENT OF THIRD PARTY RIGHTS.
- IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS
- NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL
- DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
- DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THE DATA FILES OR SOFTWARE.
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of data files and any associated documentation (the "Data Files") or
+ software and any associated documentation (the "Software") to deal in the
+ Data Files or Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, and/or sell
+ copies of the Data Files or Software, and to permit persons to whom the
+ Data Files or Software are furnished to do so, provided that either (a)
+ this copyright and permission notice appear with all copies of the Data
+ Files or Software, or (b) this copyright and permission notice appear in
+ associated Documentation.
  .
- Except as contained in this notice, the name of a copyright holder
- shall not be used in advertising or otherwise to promote the sale,
- use or other dealings in these Data Files or Software without prior
- written authorization of the copyright holder.
+ THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY
+ KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF
+ THIRD PARTY RIGHTS.
+ .
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE
+ BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES,
+ OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE DATA
+ FILES OR SOFTWARE.
+ .
+ Except as contained in this notice, the name of a copyright holder shall
+ not be used in advertising or otherwise to promote the sale, use or other
+ dealings in these Data Files or Software without prior written
+ authorization of the copyright holder.
+
+License: Zlib
+ This software is provided 'as-is', without any express or implied warranty. In
+ no event will the authors be held liable for any damages arising from the use of
+ this software.
+ .
+ Permission is granted to anyone to use this software for any purpose, including
+ commercial applications, and to alter it and redistribute it freely, subject to
+ the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not claim
+     that you wrote the original software. If you use this software in a product,
+     an acknowledgment in the product documentation would be appreciated but is
+     not required.
+ .
+ 2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+ .
+ 3. This notice may not be removed or altered from any source distribution.

contrib/devtools/symbol-check.py

@@ -18,50 +18,50 @@ import re
 import sys
 import os
 
-# Ubuntu 20.04 LTS (Focal Fossa; End of Support April 2025) has:
+# Ubuntu 22.04 LTS (Jammy Jellyfish; End of Support April 2027) has:
 #
-# - g++ version 9.3.0 (https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=g%2B%2B)
-# - libc6 version 2.31 (https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=libc6)
+# - g++ version 11.2.0 (https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=g%2B%2B)
+# - libc6 version 2.35 (https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=libc6)
 #
-# Debian 10 (Buster; LTS EOL June 2024) has:
+# Debian 11 (Bullseye; LTS EOL August 2026) has:
 #
-# - g++ version 8.3.0 (https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=g%2B%2B)
-# - libc6 version 2.28 (https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=libc6)
+# - g++ version 10.2.1 (https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=g%2B%2B)
+# - libc6 version 2.31 (https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=libc6)
 #
-# RedHat Enterprise Linux 8 (EOL: long and complicated) is based on Fedora 28 (EOL 2019-05-28) and uses the same base packages:
+# RedHat Enterprise Linux 9 (EOL some time in 2032) is based on Fedora 34 (EOL 2022-06-07) and uses the same base packages:
 #
-# - g++ version 8.0.1 (https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/g/ search for gcc-)
-# - libc6 version 2.27 (https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/g/ search for glibc)
+# - g++ version 11.0.1 (https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/34/Everything/x86_64/os/Packages/g/ search for gcc-)
+# - libc6 version 2.33 (https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/34/Everything/x86_64/os/Packages/g/ search for glibc)
 #
-# Fedora 31 (EOL ~November 2020) has:
+# Fedora 40 (EOL ~May 2025) has:
 #
-# - g++ version 9.2.1 (https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/os/Packages/g/ search for gcc-)
-# - libc6 version 2.30 (https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/os/Packages/g/ search for glibc)
+# - g++ version 14.0.1 (https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Everything/x86_64/os/Packages/g/ search for gcc-)
+# - libc6 version 2.39 (https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Everything/x86_64/os/Packages/g/ search for glibc)
 #
-# Arch is a rolling release, and as of October 2020 has packages for:
+# Arch is a rolling release, and as of April 2025 has packages for:
 #
-# - g++ version 8.4.0 / 9.3.0 / 10.2.0 (https://www.archlinux.org/packages/?q=gcc)
-# - libc6 version 2.32 (https://www.archlinux.org/packages/?q=glibc)
+# - g++ version 13.3.1 / 14.2.1 (https://www.archlinux.org/packages/?q=gcc)
+# - libc6 version 2.41 (https://www.archlinux.org/packages/?q=glibc)
 #
-# We take the minimum of these as our target. In practice, if we build on Buster without
+# We take the minimum of these as our target. In practice, if we build on Bullseye without
 # upgrading GCC or libc, then we should get a binary that works for all these systems, and
 # later ones.
 #
-# According to the GNU ABI document (https://gcc.gnu.org/onlinedocs/libstdc++/manual/abi.html) this corresponds to:
-#   GCC 8.0.0: GCC_8.0.0, GLIBCXX_3.4.24, CXXABI_1.3.11
-#   libc6:     GLIBC_2_27
+# According to the GNU ABI document (https://gcc.gnu.org/onlinedocs/libstdc++/manual/abi.html) this corresponds to libstdc++.so.6.0.28:
+#   GCC 10.1.0: GCC_9.0.0, GLIBCXX_3.4.28, CXXABI_1.3.12
+#   libc6:      GLIBC_2_31
 
 # We statically link libc++ and libc++abi in our builds. Set this to allow dynamic linking to libstdc++.
 ALLOW_DYNAMIC_LIBSTDCXX = False
 
 MAX_VERSIONS = {
-    'GCC':   (8,0,0),
-    'GLIBC': (2,27),
+    'GCC':   (10,2,1),
+    'GLIBC': (2,31),
 }
 if ALLOW_DYNAMIC_LIBSTDCXX:
     MAX_VERSIONS.update({
-        'GLIBCXX': (3,4,14),
-        'CXXABI':  (1,3,4),
+        'GLIBCXX': (3,4,28),
+        'CXXABI':  (1,3,12),
     })
 
 # See here for a description of _IO_stdin_used:

contrib/gitian-descriptors/gitian-linux-parallel.yml

@@ -1,5 +1,5 @@
 ---
-name: "zcash-6.0.0"
+name: "zcash-6.2.0"
 enable_cache: true
 distro: "debian"
 suites:

contrib/gitian-descriptors/gitian-linux.yml

@@ -1,5 +1,5 @@
 ---
-name: "zcash-6.0.0"
+name: "zcash-6.2.0"
 enable_cache: true
 distro: "debian"
 suites:

contrib/gitian-downloader/daira-emma.asc

@@ -0,0 +1,78 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBF0AKGMBDAC7aZY600aU58klU+ot+i84rSPfhBvqXUlg8kfd5bG5jGGfVFY0
+a1iOzMKL4KKhIbmifCCrIRap+fQV7UXaFsGP6+cmhoxWFK6T49iXi1ZdNYBhVWLD
+ELdguZgeIDEJyukgN/99nAqMXIDcTLL7Cf+OQJM56JzzHIvCZqSNmp6zypL0BIUF
+3Xx/AUQjENx+1AAO1nOwKIzV3v7JZ9L2e4YKV/LJIctqi+GIjcIvLsLzZL30A6ru
+oSmaJNyDdcfMPSUosJ+32jWhFwLcHXCRLMVRKgr0TGqLcGYt3Es4BmteHpPSBhpq
+bOSXjc8Sx3vKmo5JDDXK1EoRwLN4pX7G6y17BLcdWbkH5rEFaB7Nw+H3rxNQ77ZY
+qWWZ8NrfORiwplYJG5FejpcsGyk8mL2J3qG2Dx0Sqvlc4Ve4tskBuUtPxhn2IGeT
+fnlbAMSpV6z/JTUmNfYCO2MlokbtqILVDwSJLtUYVDF7GJK70elbk4QoZZKOZjO2
+smRZVF4ZtlnL0b0AEQEAAbQ0RGFpcmEgSG9wd29vZCAoemNhc2ggZ2l0aWFuKSA8
+ZGFpcmFAZWxlY3RyaWNjb2luLmNvPokB1AQTAQgAPgIbAwULCQgHAgYVCAkKCwIE
+FgIDAQIeAQIXgBYhBF/DXfKZ2HH9KaGxC/RV6bkgI6GLBQJnBnAzBQkNyK7QAAoJ
+EPRV6bkgI6GLTkkL/0i9ulDoPJ0qfRwJw3odiRO4VI/b8Bj4+fabaojkHCcYiZL+
+lc5fSNJOmlT069kLo+v0gQF6JufqyFPrUvpXzLHMAfjJptanQJiD0q1YykxdqTFs
+WbjR6DB7HR3nounO4H9BpNLw6MSDnfGyY36URSsabWQWRDjgQNCw6ZwiYe0dFvhV
+Bmd756/jKH+n3rKlFimdkAgqPVg6oWvC27yuGusjpGD9MeF31O7p85FR/AdJzQJ5
+GaQ1K/UvjMWzdnF0ejij6XOfl4sHP5bG7ctLTHVUja7YjLhxsCjgM9SnhR4STSyP
+ATGApSANMB7YlByfbJCtvm3x8d+zg5sX8YaIAzaYTUFLMaNgEbCRU/SF6sv/uFpx
+eVJyrKdJyQrmhoCgynsqCW8Eg9pinLyumuJCwXOdEbJBwPpcEOJJv6lKicNnVBAe
+6SiizkwS0mlUnvBl/HVIlUaWUiHNktBucoAf9bXlZkCgPiT4Q+YWvlLLkYaBIGOc
+GrVPIuJXmvJ+EOAlELQyRGFpcmEgSG9wd29vZCAoemNhc2ggZ2l0aWFuKSA8ZGFp
+cmFAamFjYXJhbmRhLm9yZz6JAdQEEwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwEC
+HgECF4AWIQRfw13ymdhx/SmhsQv0Vem5ICOhiwUCZwZwMwUJDciu0AAKCRD0Vem5
+ICOhi1qwC/45inPXEI8nbzLg4Z5JPzIjw75e+2SiLFbEJ3u40vWP0WEqVWLqSy93
+VhRjgT8Sk99clvqhTGSvpbY8RMsExzPLgxRhqsk851lvb5KnRODIi7IyGPtwAanI
+3zadoQPvkjV/d4ly/b/Gsxt5uymbn6viJPQfCz5dDUVBvaQf6q9QZWiAZarR2x36
+sLesBymfRwZhWT2Rh4yPwkwhGJNcmCdWbe6j1BmVgWLQpbFkDbhv1iJN4M24AIoA
+cQlpiHgrjxIVEJca4WCpXJ3YbGgMv3SVoprkJW3dxEUdv77JA2DIuJTVJN4YRHfa
+voibA8B5sdayfMrKmi1YuLC35NCnsF4v5i6UdoW0PHvYiUQTlF9uFbTt32OA2HPv
+U+Jhok/s/o1chaU71GUUN2j9qz7dZHLbb/5oA+QaNl/Rppsn5SUqfBdM2FVe7XT7
+ajcIIzhGYkqjwnw3jQZqT+wxU3kQFDZn0pB7vp/6Igfvn0purEpxw4azGXiif6OF
+tUZWfc040dS5AY0EXQAoYwEMAPiAjOzLsTF8w4ifNAbDulp9yEJakLUyyewXSFeZ
+bnl5SADvDQuyXEAksrONtrxtm1rZ0KG938wGiV16NqPhAqcBJjH+MrvsoLf5itDm
+AMmQUFOXaJD+sBu9qMMGyLL08xHinCOklBEjmDsJXY3IhEZpV9PO+VmhMH7llMzo
+nyv4LReJ8sRRqQMbepphbaCtbHu3MYLSzo4EkJCKT1e7onjCEVmdc2amLvq4ozBK
+eEsGz0/vRB8/9OsAYiaeTKJ8TOt8xzG8d/Pacy8rSWAxd1TDxCuFjtwagJAOAi5n
+Nn0sKOopXF8cfCdfIRP2ySijjmgH9ooxNIpkS0byYM0sfUkq6fGQL7/V3AcMTMj9
+iEbv00wJE3gLOlFcePVh6qEdrHWclKZv0N6Nw33BoXwHO34bMmDmIHaa0nDkCXyt
+gyrAbxpQspjeJ4ttH/+JEcKmPRMNus6ptD3AV+ADsJNYjgqzgr1CrmI3W+WCHOHf
+Ynz5FinpP93UBCuWBeWmfs5h3QARAQABiQG8BBgBCAAmAhsMFiEEX8Nd8pnYcf0p
+obEL9FXpuSAjoYsFAmcGcGEFCQ3Irv4ACgkQ9FXpuSAjoYub+AwAlPk32l3lLyPz
+mBr9dNbQMrH06Dm024AdXXOFssTIDpKdvDaAMufagFX58LaMVm02XVpP4vAj7K45
+R5JxhbQrGj4oE1EZjtmW9TdqNU+iMSH2z+eFl86dURWDMa2Vzobq94QtJUOhRHpf
+IFRbNrrUdUweBqsByq4Vx4v8KeiWlpY0Gh9gJN9AehjLMCPLihRkHvxQp/HykO8G
+oGrUk8fpKcHoMj8Us0OViscQAVgOgzfSi+pmNKYTLX+rxDA3w4dncwTDEm1bNJhh
+xNJkQKDXbwYHKuiCSBceS0Dh1XWQYY6Dk9V+N6AzPE9lyJUwmSUD6fTz/iVPEcVh
+vDjvr5YKnb0hU7rCpyEqSl6voQev4rm6borncehDioNvtGuAtCVyRXFpY8qRsjXA
+wMr3cU9mftZC+oZNMBrL7vT1DHmWnQYQoN8YnFMNWl9uP0/d0Rzq06zE1yUWsKW0
+JbeQynvtX0i8bojj0F2ORHODZEB7o8iQitR/ehyMzxG61uo2xd73uQMNBGMgcfEQ
+DACaiZO6UKA1B9TAlS8JeaPlQgyLEmaWRCKbc8XK62fqYMfM8ateNV+0KHCpYCxo
+2De2HejZn16mDErYXqtLJL6HadfVWKwsJB2Ptgmo8pO8QjxNWJpO1RzRYekO+n/S
+77ivHlWIkgo6nWGTtYBgUjc7IEYi2cNoV65yS+znIxXOm8HA3llYV1zJjHhOl9Tg
+PxGj/qOXCFt+mf6AaoF68msqsdqm4inrjok4HOLhhI19LhlXQSUkZXcOD/TDwwG5
+idwK9dMUHjhsFgxlPZ5VubiNSNJ+O/5JBPQNKxXrDpF0WCRFH6gEXSzX09f18wsk
+Y+EKOVDa4Cf9pGv6VbRmxaykk7kibGfYhllPsTNlYmKdVn+A6nFyIcYQONKIN8/L
+pxtBn0Kyzv80YZPfz6TQocVmCKqdiekTvCVrBnjHgdeOLEhHhMcOFr9Mch3RqjkN
+I+7eeNC6taZ2XvPKJWaGeCn122RyY0VZ1MVhr69RuTHDHM/JDVvoj/AeocJJEsNd
+3hMAAwUL/3cjN7ns6V5hw32s+OXTt5ouP17Jid0tuJODyVJbfw6ToAgS8BK8xROD
+MvVQGR30PHslhKUecCXr5kRBO6q8vMAjjvPP8P6LyyluR/+xEXmOyqUOEQofYDkn
+yqPg1hrxfvzbehXB6D8oz8coZhy5CDhsWpFnudKzTc6d1RHfX8VRyA05HDbedTey
+hb6X+IuIbUWwvoqdnFyllvUeCwVDkJlP2hlCWbh+QNQAYdhiol0wSFxGSVvM/rFx
+d9GxHZ+8280QfbejScP7RN4SGIEA6d/oKkg8IbGE0BP/u9P+s8ZMaqUJc9IIlHyX
+zKZEMvKYafmWKA7GrSBM3TdwbWN8yN+JiGgi/M/0HOj3I2eoj1YSz+D4uzqLzAw2
+U1jJtvOFW9wGmgOsOuw2LGmSokDC7h/RFhuTtm0XBDtmlE8Act4z2javYXK6G+8f
+QUETOTJhuXPbkAaMGOMnrUqcAIftPzhb60gdwK+ksUCiWaUjoVo32XuMC3bGwDYO
+khpQZCx8ZIkBvAQYAQoAJgIbDBYhBF/DXfKZ2HH9KaGxC/RV6bkgI6GLBQJnBnBh
+BQkHqGVwAAoJEPRV6bkgI6GLJsIL/RPwrtgFnLg1+hX5f5huU8t8YwfsYmYgzHFl
+aLVIJC8Jov4//UEuLr8ff/Tig0RviyAE8Pw/mqISOsmcvoDH+7Pg4EA2c156I3Ea
+PUzZU3RolW8hRfy6wVBdfSl15Nj4ChB5Zk72VkGi4Gl9/utNGA0/GOuds0RNrLJs
+qpZuFY7VnOXfBxc5fO7DL/HOrLuUUF22lK6Q8To5SdJ8tpEzOH3MZS68QY1+1vQi
+UC3Wzb3t8bvOWJYiA832tO8ZZNuQqbWSk3YupdnamQ1/1NTtVPoIxY1dcw2mHnLR
+n3O7MYEJ/U2rFy10gUDgvxgwqqon2wYKnHmsdRB5Yoqp87f/Z+xZVfk9jGusioTm
+pr3/oIJnGMGlFmhB2nnzbtPF6zBlAXxSq90tSyVZtxhywie3WmN8MQ5vG7LyWbQq
+E+RbFqJuY0F0jY0feAl+q2iWTgsQ0JayLhRYJDjvhqgr28A1obQgTHiA0Ct8UxN1
+Y9xe1BwXNuPn29YN+3cLqZXeczInWg==
+=q07c
+-----END PGP PUBLIC KEY BLOCK-----

deny.toml

@@ -25,9 +25,10 @@ allow = [
 exceptions = [
     { name = "arrayref", allow = ["BSD-2-Clause"] },
     { name = "curve25519-dalek", allow = ["BSD-3-Clause"] },
+    { name = "foldhash", allow = ["Zlib"] },
     { name = "secp256k1", allow = ["CC0-1.0"] },
     { name = "secp256k1-sys", allow = ["CC0-1.0"] },
     { name = "subtle", allow = ["BSD-3-Clause"] },
     { name = "terminfo", allow = ["WTFPL"] },
-    { name = "unicode-ident", allow = ["Unicode-DFS-2016"] },
+    { name = "unicode-ident", allow = ["Unicode-3.0"] },
 ]

depends/packages/native_cmake.mk

@@ -1,8 +1,8 @@
 package=native_cmake
-$(package)_version=3.30.4
+$(package)_version=3.31.3
 $(package)_download_path=https://github.com/Kitware/CMake/releases/download/v$($(package)_version)
 $(package)_file_name=cmake-$($(package)_version).tar.gz
-$(package)_sha256_hash=c759c97274f1e7aaaafcb1f0d261f9de9bf3a5d6ecb7e2df616324a46fe704b2
+$(package)_sha256_hash=fac45bc6d410b49b3113ab866074888d6c9e9dc81a141874446eb239ac38cb87
 
 define $(package)_set_vars
 $(package)_config_opts += -DCMAKE_BUILD_TYPE:STRING=Release

depends/packages/native_cxxbridge.mk

@@ -1,14 +1,14 @@
 package=native_cxxbridge
 # The version needs to match cxx in Cargo.toml
-$(package)_version=1.0.128
+$(package)_version=1.0.158
 $(package)_download_path=https://github.com/dtolnay/cxx/archive/refs/tags
 $(package)_file_name=native_cxxbridge-$($(package)_version).tar.gz
 $(package)_download_file=$($(package)_version).tar.gz
-$(package)_sha256_hash=7aa61d128d75cbfb4713e0c0803efb4da6c88180327f9e2f095641b55a5d0e06
+$(package)_sha256_hash=58a3c7b28033caeeb8a5e1f74c5124d63b1bfc8a67a5740c475c6d12d1bc7f4b
 $(package)_build_subdir=gen/cmd
 $(package)_dependencies=native_rust
 # This file is somewhat annoying to update, but can be done like so from the repo base:
-# $ export VERSION=1.0.128
+# $ export VERSION=1.0.158
 # $ rm .cargo/config.toml .cargo/.configured-for-offline
 # $ mkdir tmp
 # $ cd tmp

depends/packages/native_fmt.mk

@@ -1,9 +1,9 @@
 package=native_fmt
-$(package)_version=11.0.2
+$(package)_version=11.1.1
 $(package)_download_path=https://github.com/fmtlib/fmt/archive/refs/tags
 $(package)_download_file=$($(package)_version).tar.gz
 $(package)_file_name=fmt-$($(package)_version).tar.gz
-$(package)_sha256_hash=6cb1e6d37bdcb756dbbe59be438790db409cdb4868c66e888d5df9f13f7c027f
+$(package)_sha256_hash=482eed9efbc98388dbaee5cb5f368be5eca4893456bb358c18b7ff71f835ae43
 $(package)_build_subdir=build
 $(package)_dependencies=native_cmake
 

depends/packages/native_xxhash.mk

@@ -1,9 +1,9 @@
 package=native_xxhash
-$(package)_version=0.8.2
+$(package)_version=0.8.3
 $(package)_download_path=https://github.com/Cyan4973/xxHash/archive/refs/tags
 $(package)_download_file=v$($(package)_version).tar.gz
 $(package)_file_name=xxhash-$($(package)_version).tar.gz
-$(package)_sha256_hash=baee0c6afd4f03165de7a4e67988d16f0f2b257b51d0e3cb91909302a26a79c4
+$(package)_sha256_hash=aae608dfe8213dfd05d909a57718ef82f30722c392344583d3f39050c7f29a80
 
 define $(package)_build_cmds
   $(MAKE) libxxhash.a

depends/packages/utfcpp.mk

@@ -1,9 +1,9 @@
 package=utfcpp
-$(package)_version=4.0.5
+$(package)_version=4.0.6
 $(package)_download_path=https://github.com/nemtrif/$(package)/archive/refs/tags
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
 $(package)_download_file=v$($(package)_version).tar.gz
-$(package)_sha256_hash=ffc668a310e77607d393f3c18b32715f223da1eac4c4d6e0579a11df8e6b59cf
+$(package)_sha256_hash=6920a6a5d6a04b9a89b2a89af7132f8acefd46e0c2a7b190350539e9213816c0
 
 define $(package)_stage_cmds
   mkdir -p $($(package)_staging_dir)$(host_prefix)/include && \

depends/patches/native_cxxbridge/Cargo.lock

@@ -10,15 +10,21 @@ checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
 
 [[package]]
 name = "anstyle"
-version = "1.0.8"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1"
+checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
+
+[[package]]
+name = "bitflags"
+version = "2.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
 
 [[package]]
 name = "cc"
-version = "1.1.21"
+version = "1.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07b1695e2c7e8fc85310cde85aeaab7e3097f593c91d209d3f9df76c928100f0"
+checksum = "8691782945451c1c383942c4874dbe63814f61cb57ef773cda2972682b7bb3c0"
 dependencies = [
  "jobserver",
  "libc",
@@ -33,28 +39,28 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "clang-ast"
-version = "0.1.26"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "577457f7ace079a595017e4307c6e480902664ede6e4a0760747c4f498b7c996"
+checksum = "0f215fa69fa4265fc39aef0b1a1e724e62392da3dcc8c08f892dd323107e9a8d"
 dependencies = [
- "rustc-hash",
+ "foldhash",
  "serde",
 ]
 
 [[package]]
 name = "clap"
-version = "4.5.18"
+version = "4.5.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3"
+checksum = "eccb054f56cbd38340b380d4a8e69ef1f02f1af43db2f0cc817a4774d80ae071"
 dependencies = [
  "clap_builder",
 ]
 
 [[package]]
 name = "clap_builder"
-version = "4.5.18"
+version = "4.5.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b"
+checksum = "efd9466fac8543255d3b1fcad4762c5e116ffe808c8a3043d4263cd4fd4862a2"
 dependencies = [
  "anstyle",
  "clap_lex",
@@ -63,16 +69,17 @@ dependencies = [
 
 [[package]]
 name = "clap_lex"
-version = "0.7.2"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
+checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
 [[package]]
 name = "codespan-reporting"
-version = "0.11.1"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+checksum = "fe6d2e5af09e8c8ad56c969f2157a3d4238cebc7c55f0a517728c38f7b200f81"
 dependencies = [
+ "serde",
  "termcolor",
  "unicode-width",
 ]
@@ -88,14 +95,16 @@ dependencies = [
 
 [[package]]
 name = "cxx"
-version = "1.0.128"
+version = "1.0.158"
 dependencies = [
  "cc",
  "cxx-build",
  "cxx-gen",
  "cxx-test-suite",
+ "cxxbridge-cmd",
  "cxxbridge-flags",
  "cxxbridge-macro",
+ "foldhash",
  "link-cplusplus",
  "rustversion",
  "trybuild",
@@ -103,13 +112,12 @@ dependencies = [
 
 [[package]]
 name = "cxx-build"
-version = "1.0.128"
+version = "1.0.158"
 dependencies = [
  "cc",
  "codespan-reporting",
  "cxx",
  "cxx-gen",
- "once_cell",
  "pkg-config",
  "proc-macro2",
  "quote",
@@ -119,7 +127,7 @@ dependencies = [
 
 [[package]]
 name = "cxx-gen"
-version = "0.7.128"
+version = "0.7.158"
 dependencies = [
  "codespan-reporting",
  "proc-macro2",
@@ -138,7 +146,7 @@ dependencies = [
 
 [[package]]
 name = "cxxbridge-cmd"
-version = "1.0.128"
+version = "1.0.158"
 dependencies = [
  "clap",
  "codespan-reporting",
@@ -149,11 +157,11 @@ dependencies = [
 
 [[package]]
 name = "cxxbridge-flags"
-version = "1.0.128"
+version = "1.0.158"
 
 [[package]]
 name = "cxxbridge-macro"
-version = "1.0.128"
+version = "1.0.158"
 dependencies = [
  "clang-ast",
  "cxx",
@@ -161,6 +169,7 @@ dependencies = [
  "memmap",
  "proc-macro2",
  "quote",
+ "rustversion",
  "serde",
  "serde_derive",
  "serde_json",
@@ -177,43 +186,61 @@ dependencies = [
 
 [[package]]
 name = "dissimilar"
-version = "1.0.9"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "59f8e79d1fbf76bdfbde321e902714bf6c49df88a7dda6fc682fc2979226962d"
+checksum = "8975ffdaa0ef3661bfe02dbdcc06c9f829dfafe6a3c474de366a8d5e44276921"
 
 [[package]]
 name = "equivalent"
-version = "1.0.1"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
+checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
 
 [[package]]
 name = "flate2"
-version = "1.0.33"
+version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "324a1be68054ef05ad64b861cc9eaf1d623d2d8cb25b4bf2cb9cdd902b4bf253"
+checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
 ]
 
 [[package]]
-name = "glob"
-version = "0.3.1"
+name = "foldhash"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
+checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
+
+[[package]]
+name = "getrandom"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasi",
+]
+
+[[package]]
+name = "glob"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
 
 [[package]]
 name = "hashbrown"
-version = "0.14.5"
+version = "0.15.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+checksum = "84b26c544d002229e640969970a2e74021aadf6e2f96372b9c58eff97de08eb3"
 
 [[package]]
 name = "indexmap"
-version = "2.5.0"
+version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68b900aa2f7301e21c36462b170ee99994de34dff39a4a6a528e80e7376d07e5"
+checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e"
 dependencies = [
  "equivalent",
  "hashbrown",
@@ -221,30 +248,31 @@ dependencies = [
 
 [[package]]
 name = "itoa"
-version = "1.0.11"
+version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
+checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
 [[package]]
 name = "jobserver"
-version = "0.1.32"
+version = "0.1.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0"
+checksum = "38f262f097c174adebe41eb73d66ae9c06b2844fb0da69969647bbddd9b0538a"
 dependencies = [
+ "getrandom",
  "libc",
 ]
 
 [[package]]
 name = "libc"
-version = "0.2.159"
+version = "0.2.172"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
+checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
 
 [[package]]
 name = "link-cplusplus"
-version = "1.0.9"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d240c6f7e1ba3a28b0249f774e6a9dd0175054b52dfbb61b16eb8505c3785c9"
+checksum = "4a6f6da007f968f9def0d65a05b187e2960183de70c160204ecfccf0ee330212"
 dependencies = [
  "cc",
 ]
@@ -267,81 +295,75 @@ dependencies = [
 
 [[package]]
 name = "miniz_oxide"
-version = "0.8.0"
+version = "0.8.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
+checksum = "3be647b768db090acb35d5ec5db2b0e1f1de11133ca123b9eacf5137868f892a"
 dependencies = [
  "adler2",
 ]
 
-[[package]]
-name = "once_cell"
-version = "1.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
-
 [[package]]
 name = "pkg-config"
-version = "0.3.31"
+version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
+checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.86"
+version = "1.0.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
+checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.37"
+version = "1.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
 dependencies = [
  "proc-macro2",
 ]
 
 [[package]]
-name = "rustc-hash"
-version = "2.0.0"
+name = "r-efi"
+version = "5.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152"
+checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
 
 [[package]]
 name = "rustversion"
-version = "1.0.17"
+version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
+checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
 
 [[package]]
 name = "ryu"
-version = "1.0.18"
+version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
+checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 
 [[package]]
 name = "scratch"
-version = "1.0.7"
+version = "1.0.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3cf7c11c38cb994f3d40e8a8cde3bbd1f72a435e4c49e85d6553d8312306152"
+checksum = "9f6280af86e5f559536da57a45ebc84948833b3bee313a7dd25232e09c878a52"
 
 [[package]]
 name = "serde"
-version = "1.0.210"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a"
+checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.210"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f"
+checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -350,9 +372,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.128"
+version = "1.0.140"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8"
+checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
 dependencies = [
  "itoa",
  "memchr",
@@ -383,15 +405,21 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
 
 [[package]]
 name = "syn"
-version = "2.0.77"
+version = "2.0.101"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed"
+checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf"
 dependencies = [
  "proc-macro2",
  "quote",
  "unicode-ident",
 ]
 
+[[package]]
+name = "target-triple"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ac9aa371f599d22256307c24a9d748c041e548cbf599f35d890f9d365361790"
+
 [[package]]
 name = "termcolor"
 version = "1.4.1"
@@ -403,9 +431,9 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.8.19"
+version = "0.8.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
+checksum = "05ae329d1f08c4d17a59bed7ff5b5a769d062e64a62d34a3261b219e62cd5aae"
 dependencies = [
  "serde",
  "serde_spanned",
@@ -415,52 +443,69 @@ dependencies = [
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.8"
+version = "0.6.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
+checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3"
 dependencies = [
  "serde",
 ]
 
 [[package]]
 name = "toml_edit"
-version = "0.22.22"
+version = "0.22.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
+checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e"
 dependencies = [
  "indexmap",
  "serde",
  "serde_spanned",
  "toml_datetime",
+ "toml_write",
  "winnow",
 ]
 
 [[package]]
-name = "trybuild"
-version = "1.0.99"
+name = "toml_write"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "207aa50d36c4be8d8c6ea829478be44a372c6a77669937bb39c698e52f1491e8"
+checksum = "bfb942dfe1d8e29a7ee7fcbde5bd2b9a25fb89aa70caea2eba3bee836ff41076"
+
+[[package]]
+name = "trybuild"
+version = "1.0.104"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ae08be68c056db96f0e6c6dd820727cca756ced9e1f4cc7fdd20e2a55e23898"
 dependencies = [
  "dissimilar",
  "glob",
  "serde",
  "serde_derive",
  "serde_json",
+ "target-triple",
  "termcolor",
  "toml",
 ]
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.13"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
 
 [[package]]
 name = "unicode-width"
-version = "0.1.14"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
+checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
+
+[[package]]
+name = "wasi"
+version = "0.14.2+wasi-0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
+dependencies = [
+ "wit-bindgen-rt",
+]
 
 [[package]]
 name = "winapi"
@@ -568,9 +613,18 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
 name = "winnow"
-version = "0.6.20"
+version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b"
+checksum = "c06928c8748d81b05c9be96aad92e1b6ff01833332f281e8cfca3be4b35fc9ec"
 dependencies = [
  "memchr",
 ]
+
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.39.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
+dependencies = [
+ "bitflags",
+]

doc/authors.md

@@ -1,9 +1,9 @@
 Zcash Contributors
 ==================
 
-* Jack Grigg (2181)
+* Jack Grigg (2194)
 * Kris Nuttycombe (751)
-* Daira-Emma Hopwood (492)
+* Daira-Emma Hopwood (526)
 * Simon Liu (464)
 * Sean Bowe (413)
 * Eirik Ogilvie-Wigley (273)
@@ -15,8 +15,8 @@ Zcash Contributors
 * Taylor Hornby (118)
 * Ying Tong Lai (99)
 * Marco Falke (91)
+* Larry Ruane (91)
 * Jonas Schnelli (90)
-* Larry Ruane (89)
 * Jay Graber (89)
 * sasha (80)
 * Cory Fields (78)
@@ -34,8 +34,8 @@ Zcash Contributors
 * Jorge Timón (25)
 * John Newbery (24)
 * Yasser Isa (21)
+* Marius Kjærstad (21)
 * Suhas Daftuar (20)
-* Marius Kjærstad (20)
 * Jonathan "Duke" Leto (19)
 * furszy (18)
 * syd (16)
@@ -210,6 +210,7 @@ Zcash Contributors
 * Maxwell Gubler (1)
 * Matt Quinn (1)
 * Marko Bencun (1)
+* Maciej S. Szmigiero (1)
 * Luv Khemani (1)
 * Louis Nyffenegger (1)
 * LongShao007 (1)

doc/book/src/dev/platform-tier-policy.md

@@ -3,7 +3,7 @@
 ## General
 
 ECC provides three tiers of platform support, modeled after the
-[Rust Target Tier Policy](https://doc.rust-lang.org/stable/rustc/platform-tier-policy.html):
+[Rust Target Tier Policy](https://doc.rust-lang.org/stable/rustc/target-tier-policy.html):
 
 - The Zcash developers provide no guarantees about tier 3 platforms; they exist in the
   codebase, but may or may not build.

doc/book/src/user/deprecation.md

@@ -37,10 +37,19 @@ the node, or if an `allowdeprecated=none` line is added to `zcash.conf`.
 
 | `feature`                           | Deprecated | Feature details
 |-------------------------------------|------------|----------------
-| `z_getbalance`                      | 5.0.0      | The `z_getbalance` RPC method.
 | `z_gettotalbalance`                 | 5.0.0      | The `z_gettotalbalance` RPC method.
-| `gbt_oldhashes`                     | 5.4.0      | The `finalsaplingroothash`, `lightclientroothash`, and `blockcommitmentshash` fields in the output of `getblocktemplate`, which are replaced by the `defaultroots` field.
-| `deprecationinfo_deprecationheight` | 5.5.0      | The `deprecationheight` field returned by the `getdeprecationinfo` RPC method has been replaced by the `end_of_service` object.
+| `createrawtransaction`              | 6.2.0      | The `createrawtransaction` RPC method.
+| `fundrawtransaction`                | 6.2.0      | The `fundrawtransaction` RPC method.
+| `signrawtransaction`                | 6.2.0      | The `signrawtransactions` RPC method.
+| `keypoolrefill`                     | 6.2.0      | The `keypoolrefill` RPC method.
+| `settxfee`                          | 6.2.0      | The `settxfee` RPC method.
+
+The `createrawtransaction`, `fundrawtransaction`, and `signrawtransaction` RPC methods are intended to be replaced
+by PCZT-based functionality implemented in Zallet [zcash/wallet#99](https://github.com/zcash/wallet/issues/99).
+
+The experimental RPC methods `z_getpaymentdisclosure` and `z_validatepaymentdisclosure` (which only supported
+Sprout) are also deprecated.
+
 
 Stage 2
 -------
@@ -49,12 +58,18 @@ Each feature in the table below may be enabled by adding `-allowdeprecated=<feat
 to the CLI arguments when starting the node, or by adding an `allowdeprecated=<feature>`
 line to `zcash.conf`.
 
-| `feature`             | Deprecated | Feature details
-|-----------------------|------------|----------------
-| `legacy_privacy`      | 5.0.0      | The default "legacy" privacy policy for `z_sendmany` has been replaced by the `FullPrivacy` directive.
-| `getnewaddress`       | 5.0.0      | The `getnewaddress` RPC method.
-| `getrawchangeaddress` | 5.0.0      | The `getrawchangeaddress` RPC method.
-| `z_getnewaddress`     | 5.0.0      | The `z_getnewaddress` RPC method.
-| `z_listaddresses`     | 5.0.0      | The `z_listaddresses` RPC method.
-| `addrtype`            | 5.0.0      | The `type` attribute is deprecated in the results of RPC methods that return address metadata. It is recommended that applications using this metadata be updated to use the `pool` or `address_type` attributes, which have replaced the `type` attribute, as appropriate.
-| `wallettxvjoinsplit`  | 5.1.0      | The `vjoinsplit` attribute returned by the `gettransaction` RPC method.
+| `feature`                           | Deprecated | Default-disabled | Feature details
+|-------------------------------------|------------|------------------|----------------
+| `legacy_privacy`                    | 5.0.0      | 5.4.0            | The default "legacy" privacy policy for `z_sendmany` has been replaced by the `FullPrivacy` directive.
+| `getnewaddress`                     | 5.0.0      | 5.4.0            | The `getnewaddress` RPC method.
+| `getrawchangeaddress`               | 5.0.0      | 5.4.0            | The `getrawchangeaddress` RPC method.
+| `z_getnewaddress`                   | 5.0.0      | 5.4.0            | The `z_getnewaddress` RPC method.
+| `z_listaddresses`                   | 5.0.0      | 5.4.0            | The `z_listaddresses` RPC method.
+| `addrtype`                          | 5.0.0      | 5.4.0 `*`        | The `type` attribute is deprecated in the results of RPC methods that return address metadata. It is recommended that applications using this metadata be updated to use the `pool` or `address_type` attributes, which have replaced the `type` attribute, as appropriate.
+| `wallettxvjoinsplit`                | 5.1.0      | 5.4.0            | The `vjoinsplit` attribute returned by the `gettransaction` RPC method.
+| `z_getbalance`                      | 5.0.0      | 6.2.0            | The `z_getbalance` RPC method.
+| `gbt_oldhashes`                     | 5.4.0      | 6.2.0            | The `finalsaplingroothash`, `lightclientroothash`, and `blockcommitmentshash` fields in the output of `getblocktemplate`, which are replaced by the `defaultroots` field.
+| `deprecationinfo_deprecationheight` | 5.5.0      | 6.2.0            | The `deprecationheight` field returned by the `getdeprecationinfo` RPC method has been replaced by the `end_of_service` object.
+| `getnetworkhashps`                  | 6.2.0      | 6.2.0            | The `getnetworkhashps` RPC method (use `getnetworksolps` instead).
+
+`*` As of version 6.2.0, `addrtype` is default-disabled even when zcashd is compiled without the `ENABLE_WALLET` flag.

doc/book/src/user/platform-support.md

@@ -17,7 +17,7 @@ be removed from tier 1. These dates are subject to change.
 | ----------------------- | ------------ | -------------- |
 | `x86_64-pc-linux-gnu`   | Debian 11    | June 2026      |
 |                         | Debian 12    | June 2028      |
-|                         | Ubuntu 20.04 | April 2025     |
+|                         | Ubuntu 22.04 | April 2027     |
 
 ## Tier 2
 
@@ -43,7 +43,7 @@ available.
 | target                  | OS           | notes |
 | ----------------------- | ------------ | ----- |
 | `x86_64-pc-linux-gnu`   | Arch         |
-|                         | Ubuntu 22.04 |
+|                         | Ubuntu 24.04 |
 | `x86_64-unknown-freebsd`| FreeBSD      |
 | `x86_64-w64-mingw32`    | Windows      | 64-bit MinGW |
 | `x86_64-apple-darwin16` | macOS 10.14+ |

doc/book/src/user/release-support.md

@@ -42,8 +42,7 @@ time, and may shift due to changes in network solution power.
 <!-- RELEASE_SCRIPT_START_MARKER - If you make changes here, check make-release.py -->
 | `zcashd` version | Release date | Halt height | End of Support |
 | ---------------- | ------------ | ----------- | -------------- |
-| 5.10.0-rc1 | 2024-08-22 | 2700600 | 2024-10-31 |
-| 5.10.0 | 2024-08-27 | 2706540 | 2024-11-05 |
-| 6.0.0-rc1 | 2024-09-27 | 2710272 | 2024-11-08 |
-| 6.0.0 | 2024-10-02 | 2796400 | 2025-01-22 |
+| 6.1.0 | 2025-01-02 | 2901800 | 2025-04-24 |
+| 6.2.0-rc1 | 2025-04-10 | 3013824 | 2025-07-31 |
+| 6.2.0 | 2025-04-16 | 3021100 | 2025-08-06 |
 <!-- RELEASE_SCRIPT_END_MARKER -->

doc/man/zcash-cli.1

@@ -1,9 +1,9 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASH-CLI "1" "October 2024" "zcash-cli v6.0.0" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
+.TH ZCASH-CLI "1" "April 2025" "zcash-cli v6.2.0" "User Commands"
 .SH NAME
-zcash-cli \- manual page for zcash-cli v6.0.0
+zcash-cli \- manual page for zcash-cli v6.2.0
 .SH DESCRIPTION
-Zcash RPC client version v6.0.0
+Zcash RPC client version v6.2.0
 .PP
 In order to ensure you are adequately protecting your privacy when using Zcash,
 please see <https://z.cash/support/security/>.

doc/man/zcash-tx.1

@@ -1,9 +1,9 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASH-TX "1" "October 2024" "zcash-tx v6.0.0" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
+.TH ZCASH-TX "1" "April 2025" "zcash-tx v6.2.0" "User Commands"
 .SH NAME
-zcash-tx \- manual page for zcash-tx v6.0.0
+zcash-tx \- manual page for zcash-tx v6.2.0
 .SH DESCRIPTION
-Zcash zcash\-tx utility version v6.0.0
+Zcash zcash\-tx utility version v6.2.0
 .SS "Usage:"
 .TP
 zcash\-tx [options] <hex\-tx> [commands]

doc/man/zcashd-wallet-tool.1

@@ -1,7 +1,7 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASHD-WALLET-TOOL "1" "October 2024" "zcashd-wallet-tool v6.0.0" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
+.TH ZCASHD-WALLET-TOOL "1" "April 2025" "zcashd-wallet-tool v6.2.0" "User Commands"
 .SH NAME
-zcashd-wallet-tool \- manual page for zcashd-wallet-tool v6.0.0
+zcashd-wallet-tool \- manual page for zcashd-wallet-tool v6.2.0
 .SH SYNOPSIS
 .B zcashd-wallet-tool
 [\fI\,OPTIONS\/\fR]

doc/man/zcashd.1

@@ -1,9 +1,9 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASHD "1" "October 2024" "zcashd v6.0.0" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
+.TH ZCASHD "1" "April 2025" "zcashd v6.2.0" "User Commands"
 .SH NAME
-zcashd \- manual page for zcashd v6.0.0
+zcashd \- manual page for zcashd v6.2.0
 .SH DESCRIPTION
-Zcash Daemon version v6.0.0
+Zcash Daemon version v6.2.0
 .PP
 In order to ensure you are adequately protecting your privacy when using Zcash,
 please see <https://z.cash/support/security/>.
@@ -34,10 +34,12 @@ long fork (%s in cmd is replaced by message)
 .IP
 Explicitly allow the use of the specified deprecated feature. Multiple
 instances of this parameter are permitted; values for <feature> must be
-selected from among {"none", "deprecationinfo_deprecationheight",
-"gbt_oldhashes", "z_getbalance", "z_gettotalbalance", "addrtype",
-"getnewaddress", "getrawchangeaddress", "legacy_privacy",
-"wallettxvjoinsplit", "z_getnewaddress", "z_listaddresses"}
+selected from among {"none", "createrawtransaction",
+"fundrawtransaction", "getnetworkhashps", "keypoolrefill", "settxfee",
+"signrawtransaction", "z_gettotalbalance", "addrtype",
+"deprecationinfo_deprecationheight", "gbt_oldhashes", "getnewaddress",
+"getrawchangeaddress", "legacy_privacy", "wallettxvjoinsplit",
+"z_getbalance", "z_getnewaddress", "z_listaddresses"}
 .HP
 \fB\-blocknotify=\fR<cmd>
 .IP
@@ -98,7 +100,7 @@ Keep at most <n> unconnectable transactions in memory (default: 100)
 .HP
 \fB\-par=\fR<n>
 .IP
-Set the number of script verification threads (\fB\-16\fR to 16, 0 = auto, <0 =
+Set the number of script verification threads (\fB\-6\fR to 16, 0 = auto, <0 =
 leave that many cores free, default: 0)
 .HP
 \fB\-pid=\fR<file>
@@ -429,8 +431,8 @@ optional). If <category> is not supplied or if <category> = 1, output
 all debugging information. <category> can be: addrman, alert, bench,
 coindb, db, http, libevent, lock, mempool, mempoolrej, net,
 partitioncheck, pow, proxy, prune, rand, receiveunsafe, reindex, rpc,
-selectcoins, tor, zmq, zrpc, zrpcunsafe (implies zrpc). For multiple
-specific categories use \fB\-debug=\fR<category> multiple times.
+selectcoins, tor, valuepool, zmq, zrpc, zrpcunsafe (implies zrpc). For
+multiple specific categories use \fB\-debug=\fR<category> multiple times.
 .HP
 \fB\-experimentalfeatures\fR
 .IP

doc/release-notes/release-notes-6.1.0.md

@@ -0,0 +1,23 @@
+This is a maintenance release that sets a new end-of-service height to help
+ensure continuity of services.
+
+Changelog
+=========
+
+Daira-Emma Hopwood (6):
+      Funding streams: Rename INSUFFICIENT_ADDRESSES to INSUFFICIENT_RECIPIENTS.
+      sapling::Builder: add funding stream outputs in a more predictable order. Previously it was deterministic, but depended on details of the `operator<` implementations of `FundingStreamRecipient`, `SaplingPaymentAddress`, and `CScript`. Now it is just the same order as in `vFundingStreams`.
+      Simplify `GetActiveFundingStreamElements`.
+      gtest/test_checkblock.cpp: fix a bug in MockCValidationState that was causing a test warning.
+      Miner tests: correct a comment, and add another similar comment where it applies. Doc-only.
+      Update Daira-Emma Hopwood's gpg keys.
+
+Jack Grigg (4):
+      qa: Fix line wrapping in `show_help`
+      qa: Postpone all dependency updates until after 6.1.0
+      make-release.py: Versioning changes for 6.1.0.
+      make-release.py: Updated manpages for 6.1.0.
+
+Larry Ruane (1):
+      move Lockbox value logging behind category valuepool
+

doc/release-notes/release-notes-6.2.0-rc1.md

@@ -0,0 +1,80 @@
+Notable changes
+===============
+
+zcashd is being deprecated in 2025. Full nodes are being migrated to zebrad,
+and the Zallet wallet is being built as a replacement for the zcashd wallet.
+
+For some of zcashd's JSON-RPC methods, zebrad or Zallet should be a drop-in
+replacement. Other JSON-RPC methods may require modified usage, and some
+JSON-RPC methods will not be supported.
+
+You can find all information about the zcashd deprecation process on this
+webpage, which you can monitor for future updates:
+<https://z.cash/support/zcashd-deprecation/>
+
+We are collecting information about how zcashd users are currently using the
+existing JSON-RPC methods. The above webpage has a link to a spreadsheet
+containing the information we have collected so far, and the planned status
+for each JSON-RPC method based on that information. If you have not provided
+feedback to us about how you are using the zcashd JSON-RPC interface, please
+do so as soon as possible.
+
+To confirm that you are aware that zcashd is being deprecated and that you
+will need to migrate to zebrad and/or Zallet in 2025, add the following
+option to your config file:
+
+i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025=1
+
+RPC Changes
+-----------
+
+* The RPC methods `keypoolrefill`, `settxfee`, `createrawtransaction`,
+  `fundrawtransaction`, and `signrawtransaction` have been deprecated, but
+  are still enabled by default.
+* The RPC methods `z_getbalance` (which was previously deprecated), and
+  `getnetworkhashps`, and the features `deprecationinfo_deprecationheight`
+  and `gbt_oldhashes`, have been disabled by default. The `addrtype` feature
+  is now disabled by default even when zcashd is compiled without the
+  `ENABLE_WALLET` flag.
+
+Changelog
+=========
+
+Daira-Emma Hopwood (16):
+      [doc] user/deprecation.md: add the version in which each feature was default-disabled.
+      Deprecate RPC methods { `getnetworkhashps`, `keypoolrefill`, `settxfee`, `createrawtransaction`, `fundrawtransaction`, `signrawtransaction` }.
+      Cosmetics in deprecation messages.
+      Document that `z_getpaymentdisclosure` and `z_validatepaymentdisclosure` are deprecated.
+      Default-disable the RPC methods { `z_getbalance`, `getnetworkhashps` }, and the features { `gbt_oldhashes`, `deprecationinfo_deprecationheight` }. Also make sure that the `addrtype` feature is default-disabled regardless of the `ENABLE_WALLET` flag.
+      Wording changes to address review comments.
+      Fix RPC tests broken by deprecations.
+      Allow the RPC help to be displayed for disabled methods.
+      Add `i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025` to release notes.
+      Postpone native updates (after thorough checking with @y4ssi).
+      Fix URL to the Rust Target Tier Policy.
+      Update links in the README.
+      Update crossbeam-channel and tokio in `Cargo.lock` to avoid vulnerable versions and pass `cargo audit`.
+      Correction to the 6.2.0-rc1 release notes.
+      make-release.py: Versioning changes for 6.2.0-rc1.
+      make-release.py: Updated manpages for 6.2.0-rc1.
+
+Jack Grigg (9):
+      depends: utfcpp 4.0.6
+      depends: native_fmt 11.1.1
+      depends: native_xxhash 0.8.3
+      depends: native_cmake 3.31.3
+      cargo vet prune
+      depends: cxx 1.0.136
+      cargo update
+      CI: Migrate to `cargo-vet 0.10`
+      Add a warning modal for zcashd deprecation
+
+Larry Ruane (1):
+      fix CI lint error
+
+Maciej S. Szmigiero (1):
+      dbwrapper: Bump max file size to 32 MiB
+
+Marius Kjærstad (1):
+      New checkpoint at block 2800000 for mainnet
+

doc/release-notes/release-notes-6.2.0.md

@@ -0,0 +1,100 @@
+Notable changes
+===============
+
+zcashd is being deprecated in 2025. Full nodes are being migrated to zebrad,
+and the Zallet wallet is being built as a replacement for the zcashd wallet.
+
+For some of zcashd's JSON-RPC methods, zebrad or Zallet should be a drop-in
+replacement. Other JSON-RPC methods may require modified usage, and some
+JSON-RPC methods will not be supported.
+
+You can find all information about the zcashd deprecation process on this
+webpage, which you can monitor for future updates:
+<https://z.cash/support/zcashd-deprecation/>
+
+We are collecting information about how zcashd users are currently using the
+existing JSON-RPC methods. The above webpage has a link to a spreadsheet
+containing the information we have collected so far, and the planned status
+for each JSON-RPC method based on that information. If you have not provided
+feedback to us about how you are using the zcashd JSON-RPC interface, please
+do so as soon as possible.
+
+To confirm that you are aware that zcashd is being deprecated and that you
+will need to migrate to zebrad and/or Zallet in 2025, add the following
+option to your config file:
+
+i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025=1
+
+Platform Support
+----------------
+
+- Ubuntu 20.04 LTS has been removed from the list of supported platforms. It
+  will reach End of Support on May 31st 2025, but it no longer satisfies our
+  Tier 2 policy requirements because GitHub no longer supports Ubuntu 20.04
+  runners.
+
+RPC Changes
+-----------
+
+* The RPC methods `keypoolrefill`, `settxfee`, `createrawtransaction`,
+  `fundrawtransaction`, and `signrawtransaction` have been deprecated, but
+  are still enabled by default.
+* The RPC methods `z_getbalance` (which was previously deprecated), and
+  `getnetworkhashps`, and the features `deprecationinfo_deprecationheight`
+  and `gbt_oldhashes`, have been disabled by default. The `addrtype` feature
+  is now disabled by default even when zcashd is compiled without the
+  `ENABLE_WALLET` flag.
+
+Changelog
+=========
+
+Daira-Emma Hopwood (28):
+      [doc] user/deprecation.md: add the version in which each feature was default-disabled.
+      Deprecate RPC methods { `getnetworkhashps`, `keypoolrefill`, `settxfee`, `createrawtransaction`, `fundrawtransaction`, `signrawtransaction` }.
+      Cosmetics in deprecation messages.
+      Document that `z_getpaymentdisclosure` and `z_validatepaymentdisclosure` are deprecated.
+      Default-disable the RPC methods { `z_getbalance`, `getnetworkhashps` }, and the features { `gbt_oldhashes`, `deprecationinfo_deprecationheight` }. Also make sure that the `addrtype` feature is default-disabled regardless of the `ENABLE_WALLET` flag.
+      Wording changes to address review comments.
+      Fix RPC tests broken by deprecations.
+      Allow the RPC help to be displayed for disabled methods.
+      Add `i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025` to release notes.
+      Postpone native updates (after thorough checking with @y4ssi).
+      Fix URL to the Rust Target Tier Policy.
+      Update links in the README.
+      Update crossbeam-channel and tokio in `Cargo.lock` to avoid vulnerable versions and pass `cargo audit`.
+      Correction to the 6.2.0-rc1 release notes.
+      make-release.py: Versioning changes for 6.2.0-rc1.
+      make-release.py: Updated manpages for 6.2.0-rc1.
+      make-release.py: Updated release notes and changelog for 6.2.0-rc1.
+      make-release.py: Updated book for 6.2.0-rc1.
+      Trivial doc update to poke CI.
+      Update audits.
+      Postpone C++ dependency updates for the v6.2.0 release.
+      Remove Ubuntu 20.04 from the list of supported platforms because GitHub no longer supports CI runners for it.
+      contrib/devtools/symbol-check.py: Update allowed library versions and documentation.
+      CI: Bump the Ubuntu runner version used for Debian.
+      Move Ubuntu 22.04 support to Tier 1.
+      CI: Test on Ubuntu 24.04 as Tier 3.
+      make-release.py: Versioning changes for 6.2.0.
+      make-release.py: Updated manpages for 6.2.0.
+
+Jack Grigg (9):
+      depends: utfcpp 4.0.6
+      depends: native_fmt 11.1.1
+      depends: native_xxhash 0.8.3
+      depends: native_cmake 3.31.3
+      cargo vet prune
+      depends: cxx 1.0.136
+      cargo update
+      CI: Migrate to `cargo-vet 0.10`
+      Add a warning modal for zcashd deprecation
+
+Larry Ruane (1):
+      fix CI lint error
+
+Maciej S. Szmigiero (1):
+      dbwrapper: Bump max file size to 32 MiB
+
+Marius Kjærstad (1):
+      New checkpoint at block 2800000 for mainnet
+

qa/rpc-tests/getblocktemplate.py

@@ -44,6 +44,7 @@ class GetBlockTemplateTest(BitcoinTestFramework):
             nuparams(NU5_BRANCH_ID, 230),
             "-allowdeprecated=getnewaddress",
             "-allowdeprecated=z_getbalance",
+            "-allowdeprecated=gbt_oldhashes",
         ]
         self.nodes = start_nodes(self.num_nodes, self.options.tmpdir, [args] * self.num_nodes)
         self.is_network_split = False

qa/rpc-tests/mempool_packages.py

@@ -32,6 +32,8 @@ class MempoolPackagesTest(BitcoinTestFramework):
             '-maxorphantx=%d' % (self.limitdescendantcount,),
             '-debug',
             '-allowdeprecated=getnewaddress',
+            '-allowdeprecated=createrawtransaction',
+            '-allowdeprecated=signrawtransaction',
         ]
         self.nodes = []
         self.nodes.append(start_node(0, self.options.tmpdir, base_args))
@@ -195,6 +197,7 @@ class MempoolPackagesTest(BitcoinTestFramework):
         value = utxo[0]['amount']
         vout = utxo[0]['vout']
 
+        fee = conventional_fee(8)
         send_value = satoshi_round((value - fee)/2)
         inputs = [ {'txid' : txid, 'vout' : vout} ]
         outputs = {}

qa/rpc-tests/show_help.py

@@ -40,10 +40,12 @@ Options:
   -allowdeprecated=<feature>
        Explicitly allow the use of the specified deprecated feature. Multiple
        instances of this parameter are permitted; values for <feature> must be
-       selected from among {"none", "deprecationinfo_deprecationheight",
-       "gbt_oldhashes", "z_getbalance", "z_gettotalbalance", "addrtype",
-       "getnewaddress", "getrawchangeaddress", "legacy_privacy",
-       "wallettxvjoinsplit", "z_getnewaddress", "z_listaddresses"}
+       selected from among {"none", "createrawtransaction",
+       "fundrawtransaction", "getnetworkhashps", "keypoolrefill", "settxfee",
+       "signrawtransaction", "z_gettotalbalance", "addrtype",
+       "deprecationinfo_deprecationheight", "gbt_oldhashes", "getnewaddress",
+       "getrawchangeaddress", "legacy_privacy", "wallettxvjoinsplit",
+       "z_getbalance", "z_getnewaddress", "z_listaddresses"}
 
   -blocknotify=<cmd>
        Execute command when the best block changes (%s in cmd is replaced by
@@ -430,8 +432,8 @@ Debugging/Testing options:
        all debugging information. <category> can be: addrman, alert, bench,
        coindb, db, http, libevent, lock, mempool, mempoolrej, net,
        partitioncheck, pow, proxy, prune, rand, receiveunsafe, reindex, rpc,
-       selectcoins, tor, zmq, zrpc, zrpcunsafe (implies zrpc). For multiple
-       specific categories use -debug=<category> multiple times.
+       selectcoins, tor, valuepool, zmq, zrpc, zrpcunsafe (implies zrpc). For
+       multiple specific categories use -debug=<category> multiple times.
 
   -experimentalfeatures
        Enable use of experimental features

qa/rpc-tests/test_framework/util.py

@@ -260,6 +260,7 @@ def initialize_chain(test_dir, num_nodes, cachedir, cache_behavior='current'):
             datadir = initialize_datadir(cachedir, i)
             args = [ zcashd_binary(), "-keypool=1", "-datadir="+datadir, "-discover=0" ]
             args.extend([
+                '-i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025',
                 '-nuparams=5ba81b19:1', # Overwinter
                 '-nuparams=76b809bb:1', # Sapling
                 '-mocktime=%d' % block_time
@@ -482,6 +483,7 @@ def start_node(i, dirname, extra_args=None, rpchost=None, timewait=None, binary=
         binary = zcashd_binary()
     args = [ binary, "-datadir="+datadir, "-keypool=1", "-discover=0", "-rest" ]
     args.extend([
+        '-i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025',
         '-nuparams=5ba81b19:1', # Overwinter
         '-nuparams=76b809bb:1', # Sapling
     ])

qa/rpc-tests/wallet_deprecation.py

@@ -74,7 +74,7 @@ class WalletDeprecationTest(BitcoinTestFramework):
         except JSONRPCException as e:
             errorString = e.error['message']
         assert_true(
-            "DEPRECATED" in errorString,
+            "DISABLED" in errorString,
             "'%s' not disabled (%s)" % (
                 function,
                 "failed with '%s'" % errorString if len(errorString) > 0 else "succeeded",

qa/supply-chain/audits.toml

@@ -579,6 +579,11 @@ via its methods (one of which is now usable with the new MSRV) instead of via
 casting.
 """
 
+[[audits.crossbeam-utils]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "0.8.20 -> 0.8.21"
+
 [[audits.crypto-common]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = ["crypto-reviewed", "safe-to-deploy"]
@@ -712,6 +717,18 @@ notes = """
 used as the ZST `SyncUnsafeCell<PhantomData<()>>` to fix an LLVM miscompilation.
 """
 
+[[audits.cxx]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.128 -> 1.0.136"
+notes = """
+- Change to build script is to raise MSRV.
+- Changes to `unsafe` blocks are a refactor to expose pointers from `UniquePtr`.
+  The existing usages are effectively unaltered.
+- The hasher is changed from SipHash-1-3 to foldhash-q. This means the hasher is
+  faster, but no longer resistant to HashDoS.
+"""
+
 [[audits.cxxbridge-flags]]
 who = "Daira Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
@@ -778,6 +795,16 @@ who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
 delta = "1.0.121 -> 1.0.122"
 
+[[audits.cxxbridge-flags]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.135 -> 1.0.136"
+
+[[audits.cxxbridge-flags]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.146 -> 1.0.158"
+
 [[audits.cxxbridge-macro]]
 who = "Daira Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
@@ -873,6 +900,15 @@ who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
 delta = "1.0.126 -> 1.0.128"
 
+[[audits.cxxbridge-macro]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.128 -> 1.0.136"
+notes = """
+Changes to generated `unsafe` code are to add the new `unsafe` annotations added
+in Rust 1.82 to the `extern` blocks.
+"""
+
 [[audits.der]]
 who = "Daira-Emma Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
@@ -1062,6 +1098,15 @@ criteria = "safe-to-deploy"
 delta = "0.3.29 -> 0.3.30"
 notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute."
 
+[[audits.futures-channel]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "0.3.30 -> 0.3.31"
+notes = """
+Changes to `unsafe` code are only to wrap the internals of some `unsafe fn`s int
+`unsafe` blocks for added clarity.
+"""
+
 [[audits.futures-core]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"
@@ -1369,6 +1414,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
 delta = "2.9.0 -> 2.10.0"
 
+[[audits.ipnet]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "2.10.0 -> 2.10.1"
+
 [[audits.itoa]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"
@@ -1519,6 +1569,12 @@ who = "Daira-Emma Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
 delta = "0.4.20 -> 0.4.21"
 
+[[audits.macro_find_and_replace]]
+who = "Daira-Emma Hopwood <daira@jacaranda.org>"
+criteria = "safe-to-deploy"
+version = "1.0.0"
+notes = "Fully reviewed. No problems found other than a few typos in documentation (filed https://github.com/lord-ne/rust-macro-find-and-replace/pull/1 )."
+
 [[audits.maybe-rayon]]
 who = "Sean Bowe <ewillbefull@gmail.com>"
 criteria = "safe-to-deploy"
@@ -1560,6 +1616,12 @@ criteria = "safe-to-deploy"
 delta = "0.2.0 -> 0.2.1"
 notes = "Exposes an existing macro. Note that I am the author of the crate."
 
+[[audits.memuse]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "0.2.1 -> 0.2.2"
+notes = "Adds no-std support; no other changes. Note that I am the author of the crate."
+
 [[audits.metrics]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"
@@ -2172,6 +2234,11 @@ criteria = "safe-to-deploy"
 delta = "0.38.28 -> 0.38.32"
 notes = "Cursory review."
 
+[[audits.rustversion]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.18 -> 1.0.19"
+
 [[audits.ryu]]
 who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
@@ -2265,6 +2332,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
 delta = "1.0.193 -> 1.0.194"
 
+[[audits.serde]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.216 -> 1.0.217"
+
 [[audits.serde_derive]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"
@@ -2306,6 +2378,11 @@ who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
 delta = "1.0.193 -> 1.0.194"
 
+[[audits.serde_derive]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.0.216 -> 1.0.217"
+
 [[audits.serde_json]]
 who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
@@ -2738,6 +2815,22 @@ criteria = "safe-to-deploy"
 delta = "1.35.1 -> 1.37.0"
 notes = "Cursory review, but new and changed uses of `unsafe` code look fine, as far as I can see."
 
+[[audits.tokio]]
+who = "Daira-Emma Hopwood <daira@jacaranda.org>"
+criteria = "safe-to-deploy"
+delta = "1.40.0 -> 1.42.0"
+notes = """
+Changes to unsafe code look reasonable. There are new unsafe APIs but their safety requirements are documented.
+This release has a vulnerability (https://rustsec.org/advisories/RUSTSEC-2025-0023) but it is not a regression relative
+to 1.40.0. Update to 1.42.1 to fix that.
+"""
+
+[[audits.tokio]]
+who = "Daira-Emma Hopwood <daira@jacaranda.org>"
+criteria = "safe-to-deploy"
+delta = "1.42.0 -> 1.42.1"
+notes = "Plausible fix to https://rustsec.org/advisories/RUSTSEC-2025-0023 ."
+
 [[audits.toml_datetime]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"
@@ -3056,7 +3149,7 @@ end = "2024-09-21"
 criteria = ["safe-to-deploy", "crypto-reviewed"]
 user-id = 6289 # Jack Grigg (str4d)
 start = "2021-09-22"
-end = "2024-09-21"
+end = "2026-01-02"
 
 [[trusted.halo2_gadgets]]
 criteria = ["safe-to-deploy", "crypto-reviewed"]
@@ -3064,12 +3157,24 @@ user-id = 1244 # ebfull
 start = "2022-05-10"
 end = "2024-09-21"
 
+[[trusted.halo2_gadgets]]
+criteria = ["safe-to-deploy", "crypto-reviewed"]
+user-id = 6289 # Jack Grigg (str4d)
+start = "2022-02-15"
+end = "2026-01-02"
+
 [[trusted.halo2_legacy_pdqsort]]
 criteria = ["safe-to-deploy", "crypto-reviewed"]
-user-id = 199950 # Daira Emma Hopwood (daira)
+user-id = 199950 # Daira-Emma Hopwood (daira)
 start = "2023-02-24"
 end = "2024-09-21"
 
+[[trusted.halo2_poseidon]]
+criteria = ["safe-to-deploy", "crypto-reviewed"]
+user-id = 6289 # Jack Grigg (str4d)
+start = "2024-12-13"
+end = "2026-01-02"
+
 [[trusted.halo2_proofs]]
 criteria = ["safe-to-deploy", "crypto-reviewed"]
 user-id = 1244 # ebfull
@@ -3078,14 +3183,14 @@ end = "2024-09-21"
 
 [[trusted.incrementalmerkletree]]
 criteria = "safe-to-deploy"
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-12-17"
+user-id = 1244 # ebfull
+start = "2021-06-24"
 end = "2024-09-21"
 
 [[trusted.incrementalmerkletree]]
 criteria = "safe-to-deploy"
-user-id = 1244 # ebfull
-start = "2021-06-24"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-12-17"
 end = "2024-09-21"
 
 [[trusted.incrementalmerkletree]]
@@ -3101,10 +3206,10 @@ start = "2024-09-25"
 end = "2025-10-02"
 
 [[trusted.orchard]]
-criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-01-07"
-end = "2024-09-21"
+criteria = "safe-to-deploy"
+user-id = 169181 # Kris Nuttycombe (nuttycom)
+start = "2024-08-12"
+end = "2025-10-02"
 
 [[trusted.orchard]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
@@ -3113,7 +3218,13 @@ start = "2022-10-19"
 end = "2024-09-21"
 
 [[trusted.orchard]]
-criteria = "safe-to-deploy"
+criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-01-07"
+end = "2024-09-21"
+
+[[trusted.sapling-crypto]]
+criteria = ["safe-to-deploy", "crypto-reviewed"]
 user-id = 169181 # Kris Nuttycombe (nuttycom)
 start = "2024-08-12"
 end = "2025-10-02"
@@ -3124,11 +3235,11 @@ user-id = 6289 # Jack Grigg (str4d)
 start = "2024-01-26"
 end = "2025-03-18"
 
-[[trusted.sapling-crypto]]
+[[trusted.sinsemilla]]
 criteria = ["safe-to-deploy", "crypto-reviewed"]
-user-id = 169181 # Kris Nuttycombe (nuttycom)
-start = "2024-08-12"
-end = "2025-10-02"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2024-12-13"
+end = "2026-01-02"
 
 [[trusted.windows-sys]]
 criteria = "safe-to-deploy"
@@ -3214,6 +3325,12 @@ user-id = 1244 # ebfull
 start = "2022-10-19"
 end = "2024-09-21"
 
+[[trusted.zcash_encoding]]
+criteria = "safe-to-deploy"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-08-31"
+end = "2026-01-02"
+
 [[trusted.zcash_history]]
 criteria = "safe-to-deploy"
 user-id = 1244 # ebfull
@@ -3233,10 +3350,16 @@ start = "2023-03-22"
 end = "2024-09-21"
 
 [[trusted.zcash_primitives]]
-criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
+criteria = "safe-to-deploy"
 user-id = 6289 # Jack Grigg (str4d)
 start = "2021-03-26"
-end = "2024-09-21"
+end = "2025-10-02"
+
+[[trusted.zcash_primitives]]
+criteria = "safe-to-deploy"
+user-id = 169181 # Kris Nuttycombe (nuttycom)
+start = "2024-08-20"
+end = "2025-08-26"
 
 [[trusted.zcash_primitives]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
@@ -3245,23 +3368,17 @@ start = "2019-10-08"
 end = "2024-09-21"
 
 [[trusted.zcash_primitives]]
-criteria = "safe-to-deploy"
-user-id = 169181 # Kris Nuttycombe (nuttycom)
-start = "2024-08-20"
-end = "2025-08-26"
-
-[[trusted.zcash_primitives]]
-criteria = "safe-to-deploy"
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-03-26"
-end = "2025-10-02"
-
-[[trusted.zcash_proofs]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
 user-id = 6289 # Jack Grigg (str4d)
 start = "2021-03-26"
 end = "2024-09-21"
 
+[[trusted.zcash_proofs]]
+criteria = "safe-to-deploy"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-03-26"
+end = "2025-10-02"
+
 [[trusted.zcash_proofs]]
 criteria = "safe-to-deploy"
 user-id = 169181 # Kris Nuttycombe (nuttycom)
@@ -3269,10 +3386,10 @@ start = "2024-08-20"
 end = "2025-08-26"
 
 [[trusted.zcash_proofs]]
-criteria = "safe-to-deploy"
+criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
 user-id = 6289 # Jack Grigg (str4d)
 start = "2021-03-26"
-end = "2025-10-02"
+end = "2024-09-21"
 
 [[trusted.zcash_protocol]]
 criteria = "safe-to-deploy"
@@ -3286,6 +3403,12 @@ user-id = 6289 # Jack Grigg (str4d)
 start = "2023-12-07"
 end = "2025-03-18"
 
+[[trusted.zcash_transparent]]
+criteria = "safe-to-deploy"
+user-id = 169181 # Kris Nuttycombe (nuttycom)
+start = "2024-12-17"
+end = "2026-05-08"
+
 [[trusted.zip32]]
 criteria = "safe-to-deploy"
 user-id = 6289 # Jack Grigg (str4d)

qa/supply-chain/config.toml

@@ -2,7 +2,7 @@
 # cargo-vet config file
 
 [cargo-vet]
-version = "0.9"
+version = "0.10"
 
 [imports.bytecode-alliance]
 url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
@@ -55,7 +55,7 @@ version = "1.0.1"
 criteria = "safe-to-deploy"
 
 [[exemptions.bech32]]
-version = "0.8.1"
+version = "0.11.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.bellman]]
@@ -63,7 +63,7 @@ version = "0.13.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.bip0039]]
-version = "0.9.0"
+version = "0.12.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.bip32]]
@@ -106,18 +106,18 @@ criteria = "safe-to-deploy"
 version = "0.9.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.cipher]]
-version = "0.3.0"
-criteria = "safe-to-deploy"
-
 [[exemptions.clearscreen]]
-version = "1.0.9"
+version = "4.0.1"
 criteria = "safe-to-deploy"
 
 [[exemptions.const-oid]]
 version = "0.9.6"
 criteria = "safe-to-deploy"
 
+[[exemptions.core2]]
+version = "0.3.3"
+criteria = "safe-to-deploy"
+
 [[exemptions.cpufeatures]]
 version = "0.2.13"
 criteria = "safe-to-deploy"
@@ -127,7 +127,7 @@ version = "0.5.6"
 criteria = "safe-to-deploy"
 
 [[exemptions.crossbeam-deque]]
-version = "0.8.2"
+version = "0.8.6"
 criteria = "safe-to-deploy"
 
 [[exemptions.crossbeam-epoch]]
@@ -147,11 +147,11 @@ version = "0.1.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.cxx]]
-version = "1.0.126"
+version = "1.0.158"
 criteria = "safe-to-deploy"
 
 [[exemptions.cxxbridge-macro]]
-version = "1.0.126"
+version = "1.0.158"
 criteria = "safe-to-deploy"
 
 [[exemptions.der]]
@@ -162,14 +162,6 @@ criteria = "safe-to-deploy"
 version = "0.9.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.dirs]]
-version = "2.0.2"
-criteria = "safe-to-deploy"
-
-[[exemptions.dirs-sys]]
-version = "0.3.7"
-criteria = "safe-to-deploy"
-
 [[exemptions.ed25519]]
 version = "2.2.1"
 criteria = "safe-to-deploy"
@@ -178,6 +170,10 @@ criteria = "safe-to-deploy"
 version = "3.0.0"
 criteria = "safe-to-deploy"
 
+[[exemptions.env_home]]
+version = "0.1.0"
+criteria = "safe-to-deploy"
+
 [[exemptions.ff]]
 version = "0.12.0"
 criteria = "safe-to-deploy"
@@ -210,8 +206,8 @@ criteria = "safe-to-deploy"
 version = "0.2.6"
 criteria = "safe-to-deploy"
 
-[[exemptions.gimli]]
-version = "0.29.0"
+[[exemptions.getset]]
+version = "0.1.4"
 criteria = "safe-to-deploy"
 
 [[exemptions.group]]
@@ -270,24 +266,20 @@ criteria = "safe-to-deploy"
 version = "0.9.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.known-folders]]
-version = "1.2.0"
-criteria = "safe-to-deploy"
-
 [[exemptions.libc]]
-version = "0.2.159"
+version = "0.2.172"
 criteria = "safe-to-deploy"
 
 [[exemptions.libm]]
 version = "0.2.2"
 criteria = "safe-to-deploy"
 
-[[exemptions.libredox]]
-version = "0.0.1"
+[[exemptions.linux-raw-sys]]
+version = "0.4.14"
 criteria = "safe-to-deploy"
 
 [[exemptions.linux-raw-sys]]
-version = "0.4.14"
+version = "0.9.4"
 criteria = "safe-to-deploy"
 
 [[exemptions.memchr]]
@@ -351,7 +343,7 @@ version = "0.22.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.password-hash]]
-version = "0.3.2"
+version = "0.5.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.pasta_curves]]
@@ -359,7 +351,7 @@ version = "0.4.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.pbkdf2]]
-version = "0.9.0"
+version = "0.12.2"
 criteria = "safe-to-deploy"
 
 [[exemptions.phf]]
@@ -398,8 +390,16 @@ criteria = "safe-to-deploy"
 version = "0.12.2"
 criteria = "safe-to-deploy"
 
+[[exemptions.proc-macro-error-attr2]]
+version = "2.0.0"
+criteria = "safe-to-deploy"
+
+[[exemptions.proc-macro-error2]]
+version = "2.0.1"
+criteria = "safe-to-deploy"
+
 [[exemptions.proptest]]
-version = "1.5.0"
+version = "1.6.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.quanta]]
@@ -414,10 +414,6 @@ criteria = "safe-to-deploy"
 version = "0.7.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.rand]]
-version = "0.8.5"
-criteria = "safe-to-deploy"
-
 [[exemptions.raw-cpuid]]
 version = "10.6.0"
 criteria = "safe-to-deploy"
@@ -426,10 +422,6 @@ criteria = "safe-to-deploy"
 version = "0.3.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.redox_users]]
-version = "0.4.6"
-criteria = "safe-to-deploy"
-
 [[exemptions.regex]]
 version = "1.10.6"
 criteria = "safe-to-deploy"
@@ -458,6 +450,10 @@ criteria = "safe-to-deploy"
 version = "0.38.34"
 criteria = "safe-to-deploy"
 
+[[exemptions.rustix]]
+version = "1.0.7"
+criteria = "safe-to-deploy"
+
 [[exemptions.rusty-fork]]
 version = "0.3.0"
 criteria = "safe-to-deploy"
@@ -474,14 +470,6 @@ criteria = "safe-to-deploy"
 version = "0.8.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.sha2]]
-version = "0.10.8"
-criteria = "safe-to-deploy"
-
-[[exemptions.shlex]]
-version = "1.3.0"
-criteria = "safe-to-deploy"
-
 [[exemptions.siphasher]]
 version = "0.3.10"
 criteria = "safe-to-deploy"
@@ -502,16 +490,12 @@ criteria = "safe-to-deploy"
 version = "0.7.3"
 criteria = "safe-to-deploy"
 
-[[exemptions.subtle]]
-version = "2.4.1"
-criteria = "safe-to-deploy"
-
 [[exemptions.syn]]
 version = "1.0.102"
 criteria = "safe-to-deploy"
 
 [[exemptions.syn]]
-version = "2.0.75"
+version = "2.0.94"
 criteria = "safe-to-deploy"
 
 [[exemptions.tempfile]]
@@ -519,7 +503,15 @@ version = "3.12.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.terminfo]]
-version = "0.8.0"
+version = "0.9.0"
+criteria = "safe-to-deploy"
+
+[[exemptions.thiserror]]
+version = "2.0.12"
+criteria = "safe-to-deploy"
+
+[[exemptions.thiserror-impl]]
+version = "2.0.12"
 criteria = "safe-to-deploy"
 
 [[exemptions.time]]
@@ -595,7 +587,7 @@ version = "0.3.70"
 criteria = "safe-to-deploy"
 
 [[exemptions.which]]
-version = "6.0.3"
+version = "7.0.3"
 criteria = "safe-to-deploy"
 
 [[exemptions.winapi]]
@@ -633,11 +625,3 @@ criteria = "safe-to-deploy"
 [[exemptions.zerocopy-derive]]
 version = "0.7.35"
 criteria = "safe-to-deploy"
-
-[[exemptions.zeroize]]
-version = "1.8.1"
-criteria = "safe-to-deploy"
-
-[[exemptions.zeroize_derive]]
-version = "1.3.2"
-criteria = "safe-to-deploy"

qa/supply-chain/imports.lock

@@ -23,24 +23,32 @@ user-login = "str4d"
 user-name = "Jack Grigg"
 
 [[publisher.f4jumble]]
-version = "0.1.0"
-when = "2022-05-10"
+version = "0.1.1"
+when = "2024-12-13"
 user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
 
 [[publisher.halo2_gadgets]]
-version = "0.3.0"
-when = "2023-03-22"
-user-id = 1244
-user-login = "ebfull"
+version = "0.3.1"
+when = "2024-12-16"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
 
 [[publisher.halo2_legacy_pdqsort]]
 version = "0.1.0"
 when = "2023-03-10"
 user-id = 199950
 user-login = "daira"
-user-name = "Daira Emma Hopwood"
+user-name = "Daira-Emma Hopwood"
+
+[[publisher.halo2_poseidon]]
+version = "0.1.0"
+when = "2024-12-16"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
 
 [[publisher.halo2_proofs]]
 version = "0.3.0"
@@ -49,33 +57,40 @@ user-id = 1244
 user-login = "ebfull"
 
 [[publisher.incrementalmerkletree]]
-version = "0.7.0"
-when = "2024-09-25"
+version = "0.7.1"
+when = "2024-12-16"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
 [[publisher.incrementalmerkletree-testing]]
-version = "0.1.0"
-when = "2024-09-25"
+version = "0.2.0"
+when = "2024-10-04"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
 [[publisher.orchard]]
-version = "0.10.0"
-when = "2024-10-02"
+version = "0.10.2"
+when = "2025-05-08"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
 [[publisher.sapling-crypto]]
-version = "0.3.0"
-when = "2024-10-02"
+version = "0.4.0"
+when = "2024-12-17"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
+[[publisher.sinsemilla]]
+version = "0.1.0"
+when = "2024-12-14"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
+
 [[publisher.unicode-normalization]]
 version = "0.1.23"
 when = "2024-02-20"
@@ -154,17 +169,18 @@ user-login = "kennykerr"
 user-name = "Kenny Kerr"
 
 [[publisher.zcash_address]]
-version = "0.6.0"
-when = "2024-10-02"
+version = "0.6.2"
+when = "2024-12-13"
 user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
 
 [[publisher.zcash_encoding]]
-version = "0.2.0"
-when = "2022-10-19"
-user-id = 1244
-user-login = "ebfull"
+version = "0.2.2"
+when = "2024-12-13"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
 
 [[publisher.zcash_history]]
 version = "0.4.0"
@@ -173,44 +189,44 @@ user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
 
-[[publisher.zcash_note_encryption]]
-version = "0.4.0"
-when = "2023-06-06"
+[[publisher.zcash_primitives]]
+version = "0.21.0"
+when = "2024-12-17"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
-[[publisher.zcash_primitives]]
-version = "0.19.0"
-when = "2024-10-02"
-user-id = 6289
-user-login = "str4d"
-user-name = "Jack Grigg"
-
 [[publisher.zcash_proofs]]
-version = "0.19.0"
-when = "2024-10-02"
-user-id = 6289
-user-login = "str4d"
-user-name = "Jack Grigg"
+version = "0.21.0"
+when = "2024-12-17"
+user-id = 169181
+user-login = "nuttycom"
+user-name = "Kris Nuttycombe"
 
 [[publisher.zcash_protocol]]
-version = "0.4.0"
-when = "2024-10-02"
+version = "0.4.3"
+when = "2024-12-17"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
 [[publisher.zcash_spec]]
-version = "0.1.1"
-when = "2024-09-20"
+version = "0.1.2"
+when = "2024-10-22"
 user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
 
+[[publisher.zcash_transparent]]
+version = "0.1.0"
+when = "2024-12-17"
+user-id = 169181
+user-login = "nuttycom"
+user-name = "Kris Nuttycombe"
+
 [[publisher.zip32]]
-version = "0.1.1"
-when = "2024-03-14"
+version = "0.1.3"
+when = "2024-12-13"
 user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
@@ -292,6 +308,12 @@ criteria = "safe-to-deploy"
 version = "1.0.0"
 notes = "I am the author of this crate."
 
+[[audits.bytecode-alliance.audits.cipher]]
+who = "Andrew Brown <andrew.brown@intel.com>"
+criteria = "safe-to-deploy"
+version = "0.4.4"
+notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads."
+
 [[audits.bytecode-alliance.audits.constant_time_eq]]
 who = "Nick Fitzgerald <fitzgen@gmail.com>"
 criteria = "safe-to-deploy"
@@ -320,6 +342,20 @@ criteria = "safe-to-deploy"
 delta = "0.3.0 -> 0.3.1"
 notes = "Just a dependency version bump and a bug fix for redox"
 
+[[audits.bytecode-alliance.audits.errno]]
+who = "Dan Gohman <dev@sunfishcode.online>"
+criteria = "safe-to-deploy"
+delta = "0.3.9 -> 0.3.10"
+
+[[audits.bytecode-alliance.audits.foldhash]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+version = "0.1.3"
+notes = """
+Only a minor amount of `unsafe` code in this crate related to global per-process
+initialization which looks correct to me.
+"""
+
 [[audits.bytecode-alliance.audits.futures-channel]]
 who = "Pat Hickey <phickey@fastly.com>"
 criteria = "safe-to-deploy"
@@ -332,6 +368,22 @@ criteria = "safe-to-deploy"
 version = "0.3.27"
 notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."
 
+[[audits.bytecode-alliance.audits.futures-core]]
+who = "Pat Hickey <pat@moreproductive.org>"
+criteria = "safe-to-deploy"
+delta = "0.3.28 -> 0.3.31"
+
+[[audits.bytecode-alliance.audits.futures-task]]
+who = "Pat Hickey <pat@moreproductive.org>"
+criteria = "safe-to-deploy"
+delta = "0.3.27 -> 0.3.31"
+
+[[audits.bytecode-alliance.audits.futures-util]]
+who = "Pat Hickey <pat@moreproductive.org>"
+criteria = "safe-to-deploy"
+delta = "0.3.27 -> 0.3.31"
+notes = "New waker_ref module contains \"FIXME: panics on Arc::clone / refcount changes could wreak havoc...\" comment, but this corner case feels low risk."
+
 [[audits.bytecode-alliance.audits.gimli]]
 who = "Alex Crichton <alex@alexcrichton.com>"
 criteria = "safe-to-deploy"
@@ -452,6 +504,12 @@ criteria = "safe-to-deploy"
 version = "0.1.4"
 notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe."
 
+[[audits.bytecode-alliance.audits.shlex]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+version = "1.1.0"
+notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."
+
 [[audits.bytecode-alliance.audits.static_assertions]]
 who = "Andrew Brown <andrew.brown@intel.com>"
 criteria = "safe-to-deploy"
@@ -649,6 +707,65 @@ criteria = "safe-to-deploy"
 delta = "1.0.126 -> 1.0.128"
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.cxxbridge-flags]]
+who = "Liza Burakova <liza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.128 -> 1.0.129"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.129 -> 1.0.130"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.130 -> 1.0.131"
+notes = "no grep hits for cipher, crypto, fs, net, or unsafe"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.131 -> 1.0.135"
+notes = "No code changes in the delta"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.136 -> 1.0.137"
+notes = "The delta just removes `#![allow(clippy::let_and_return)]` from `lib.rs`."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Dustin J. Mitchell <djmitche@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.137 -> 1.0.140"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Takuto Ikuta <tikuta@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.140 -> 1.0.141"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Daniel Cheng <dcheng@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.141 -> 1.0.143"
+notes = "Only changes for rustdoc generation."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.cxxbridge-flags]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.143 -> 1.0.146"
+notes = "No actual changes in this delta - just a version bump."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.fastrand]]
 who = "George Burgess IV <gbiv@google.com>"
 criteria = "safe-to-deploy"
@@ -659,6 +776,13 @@ that the RNG here is not cryptographically secure.
 """
 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
 
+[[audits.google.audits.foldhash]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.3 -> 0.1.4"
+notes = "No changes to safety-relevant code"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.httpdate]]
 who = "George Burgess IV <gbiv@google.com>"
 criteria = "safe-to-deploy"
@@ -694,6 +818,15 @@ Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits:
 """
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.itoa]]
+who = "Liza Burakova <liza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.11 -> 1.0.14"
+notes = """
+Unsafe review at https://crrev.com/c/6051067
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.lazy_static]]
 who = "Lukasz Anforowicz <lukasza@chromium.org>"
 criteria = "safe-to-deploy"
@@ -725,6 +858,12 @@ are made about the safety of either of those libraries. :)
 """
 aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"
 
+[[audits.google.audits.miniz_oxide]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "0.8.0 -> 0.8.2"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.nom]]
 who = "danakj@chromium.org"
 criteria = "safe-to-deploy"
@@ -811,6 +950,35 @@ Config-related changes in `test_size.rs`.
 """
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.proc-macro2]]
+who = "danakj <danakj@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.86 -> 1.0.87"
+notes = "No new unsafe interactions."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.proc-macro2]]
+who = "Liza Burakova <liza@chromium.org"
+criteria = "safe-to-deploy"
+delta = "1.0.87 -> 1.0.89"
+notes = """
+Biggest change is adding error handling in build.rs.
+Some config related changes in wrapper.rs.
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.proc-macro2]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.89 -> 1.0.92"
+notes = """
+I looked at the delta and the previous discussion at
+https://chromium-review.googlesource.com/c/chromium/src/+/5385745/3#message-a8e2813129fa3779dab15acede408ee26d67b7f3
+and the changes look okay to me (including the `unsafe fn from_str_unchecked`
+changes in `wrapper.rs`).
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.quote]]
 who = "Lukasz Anforowicz <lukasza@chromium.org>"
 criteria = "safe-to-deploy"
@@ -837,6 +1005,69 @@ The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
 """
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.rand]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+version = "0.8.5"
+notes = """
+For more detailed unsafe review notes please see https://crrev.com/c/6362797
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.rustversion]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+version = "1.0.14"
+notes = """
+Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
+and there were no hits except for:
+
+* Using trivially-safe `unsafe` in test code:
+
+    ```
+    tests/test_const.rs:unsafe fn _unsafe() {}
+    tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
+    ```
+
+* Using `unsafe` in a string:
+
+    ```
+    src/constfn.rs:            \"unsafe\" => Qualifiers::Unsafe,
+    ```
+
+* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
+  which is later read back via `include!` used in `src/lib.rs`.
+
+Version `1.0.6` of this crate has been added to Chromium in
+https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
+"""
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.rustversion]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.14 -> 1.0.15"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.rustversion]]
+who = "danakj <danakj@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.15 -> 1.0.16"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.rustversion]]
+who = "Dustin J. Mitchell <djmitche@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.16 -> 1.0.17"
+notes = "Just updates windows compat"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.rustversion]]
+who = "Liza Burakova <liza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.17 -> 1.0.18"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.serde]]
 who = "Lukasz Anforowicz <lukasza@chromium.org>"
 criteria = "safe-to-deploy"
@@ -918,6 +1149,32 @@ delta = "1.0.209 -> 1.0.210"
 notes = "Almost no new code - just feature rearrangement"
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.serde]]
+who = "Liza Burakova <liza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.210 -> 1.0.213"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde]]
+who = "Dustin J. Mitchell <djmitche@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.213 -> 1.0.214"
+notes = "No unsafe, no crypto"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.214 -> 1.0.215"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.215 -> 1.0.216"
+notes = "The delta makes minor changes in `build.rs` - switching to the `?` syntax sugar."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.serde_derive]]
 who = "Lukasz Anforowicz <lukasza@chromium.org>"
 criteria = "safe-to-deploy"
@@ -976,6 +1233,34 @@ delta = "1.0.209 -> 1.0.210"
 notes = "Almost no new code - just feature rearrangement"
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.serde_derive]]
+who = "Liza Burakova <liza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.210 -> 1.0.213"
+notes = "Grepped for 'unsafe', 'crypt', 'cipher', 'fs', 'net' - there were no hits"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde_derive]]
+who = "Dustin J. Mitchell <djmitche@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.213 -> 1.0.214"
+notes = "No changes to unsafe, no crypto"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde_derive]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.214 -> 1.0.215"
+notes = "Minor changes should not impact UB risk"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
+[[audits.google.audits.serde_derive]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.215 -> 1.0.216"
+notes = "The delta adds `#[automatically_derived]` in a few places.  Still no `unsafe`."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.tinyvec]]
 who = "Adrian Taylor <adetaylor@chromium.org>"
 criteria = "safe-to-deploy"
@@ -994,6 +1279,12 @@ criteria = "safe-to-deploy"
 delta = "1.7.0 -> 1.8.0"
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.tinyvec]]
+who = "Adrian Taylor <adetaylor@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.8.0 -> 1.8.1"
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.google.audits.unicode-ident]]
 who = "Lukasz Anforowicz <lukasza@chromium.org>"
 criteria = "safe-to-deploy"
@@ -1017,6 +1308,13 @@ delta = "1.0.12 -> 1.0.13"
 notes = "Lots of table updates, and tables are assumed correct with unsafe `.get_unchecked()`, so ub-risk-2 is appropriate"
 aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
 
+[[audits.google.audits.unicode-ident]]
+who = "Lukasz Anforowicz <lukasza@chromium.org>"
+criteria = "safe-to-deploy"
+delta = "1.0.13 -> 1.0.14"
+notes = "Minimal delta in `.rs` files: new test assertions + doc changes."
+aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"
+
 [[audits.isrg.audits.base64]]
 who = "Tim Geoghegan <timg@letsencrypt.org>"
 criteria = "safe-to-deploy"
@@ -1183,6 +1481,11 @@ who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"
 delta = "1.18.0 -> 1.19.0"
 
+[[audits.isrg.audits.once_cell]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "1.19.0 -> 1.20.1"
+
 [[audits.isrg.audits.opaque-debug]]
 who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"
@@ -1228,6 +1531,16 @@ who = "Ameer Ghani <inahga@divviup.org>"
 criteria = "safe-to-deploy"
 version = "1.12.1"
 
+[[audits.isrg.audits.sha2]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+version = "0.10.2"
+
+[[audits.isrg.audits.subtle]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "2.5.0 -> 2.6.1"
+
 [[audits.isrg.audits.thiserror]]
 who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"
@@ -1263,7 +1576,7 @@ who = "Manish Goregaokar <manishsmail@gmail.com>"
 criteria = "safe-to-deploy"
 user-id = 1139 # Manish Goregaokar (Manishearth)
 start = "2019-11-06"
-end = "2024-05-03"
+end = "2026-02-01"
 notes = "All code written or reviewed by Manish"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
@@ -1293,6 +1606,18 @@ criteria = "safe-to-deploy"
 delta = "0.5.2 -> 0.5.3"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.bit-set]]
+who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.5.3 -> 0.6.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.bit-set]]
+who = "Jim Blandy <jimb@red-bean.com>"
+criteria = "safe-to-deploy"
+delta = "0.6.0 -> 0.8.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.bit-vec]]
 who = "Aria Beingessner <a.beingessner@gmail.com>"
 criteria = "safe-to-deploy"
@@ -1300,6 +1625,18 @@ version = "0.6.3"
 notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.bit-vec]]
+who = "Teodor Tanasoaia <ttanasoaia@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.6.3 -> 0.7.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.bit-vec]]
+who = "Jim Blandy <jimb@red-bean.com>"
+criteria = "safe-to-deploy"
+delta = "0.7.0 -> 0.8.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.block-buffer]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
@@ -1318,6 +1655,13 @@ criteria = "safe-to-deploy"
 delta = "1.0.78 -> 1.0.83"
 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.cfg_aliases]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.1.1 -> 0.2.1"
+notes = "Very minor changes."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.crossbeam-channel]]
 who = "Jan-Erik Rediger <jrediger@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -1338,6 +1682,19 @@ delta = "0.5.11 -> 0.5.12"
 notes = "Minimal change fixing a memory leak."
 aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.crossbeam-channel]]
+who = "Jan-Erik Rediger <jrediger@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.5.13 -> 0.5.14"
+aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.crossbeam-channel]]
+who = "Jan-Erik Rediger <jrediger@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.5.14 -> 0.5.15"
+notes = "Fixes a regression from an earlier version which could lead to a double free"
+aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.crossbeam-epoch]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
@@ -1447,6 +1804,23 @@ criteria = "safe-to-deploy"
 delta = "0.2.7 -> 0.2.8"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.gimli]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.30.0"
+notes = """
+Unsafe code blocks are sound. Minimal dependencies used. No use of
+side-effectful std functions.
+"""
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.gimli]]
+who = "Chris Martin <cmartin@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.30.0 -> 0.29.0"
+notes = "No unsafe code, mostly algorithms and parsing. Very unlikely to cause security issues."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.hashbrown]]
 who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
@@ -1514,6 +1888,12 @@ libc, but the usage looks correct.
 """
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.nix]]
+who = "Alex Franchuk <afranchuk@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.28.0 -> 0.29.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.num-integer]]
 who = "Josh Stone <jistone@redhat.com>"
 criteria = "safe-to-deploy"
@@ -1527,6 +1907,13 @@ criteria = "safe-to-deploy"
 delta = "1.13.1 -> 1.14.0"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.once_cell]]
+who = "Erich Gubler <erichdongubler@gmail.com>"
+criteria = "safe-to-deploy"
+delta = "1.20.1 -> 1.20.2"
+notes = "This update works around a Cargo bug that forces the addition of `portable-atomic` into a lockfile, which we have never needed to use."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.powerfmt]]
 who = "Alex Franchuk <afranchuk@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -1562,12 +1949,42 @@ criteria = "safe-to-deploy"
 delta = "0.6.27 -> 0.6.28"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.sha2]]
+who = "Mike Hommey <mh+mozilla@glandium.org>"
+criteria = "safe-to-deploy"
+delta = "0.10.2 -> 0.10.6"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.sha2]]
+who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
+criteria = "safe-to-deploy"
+delta = "0.10.6 -> 0.10.8"
+notes = """
+The bulk of this is https://github.com/RustCrypto/hashes/pull/490 which adds aarch64 support along with another PR adding longson.
+I didn't check the implementation thoroughly but there wasn't anything obviously nefarious. 0.10.8 has been out for more than a year
+which suggests no one else has found anything either.
+"""
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.shlex]]
+who = "Max Inden <mail@max-inden.de>"
+criteria = "safe-to-deploy"
+delta = "1.1.0 -> 1.3.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.socket2]]
 who = "Kershaw Chang <kershaw@mozilla.com>"
 criteria = "safe-to-deploy"
 delta = "0.5.5 -> 0.5.7"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.subtle]]
+who = "Simon Friedberger <simon@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "2.5.0"
+notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation."
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.time-core]]
 who = "Kershaw Chang <kershaw@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -1609,6 +2026,22 @@ criteria = "safe-to-deploy"
 delta = "1.15.0 -> 1.16.0"
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.zeroize]]
+who = "Benjamin Beurdouche <beurdouche@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "1.8.1"
+notes = """
+This code DOES contain unsafe code required to internally call volatiles
+for deleting data. This is expected and documented behavior.
+"""
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.zeroize_derive]]
+who = "Benjamin Beurdouche <beurdouche@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "1.4.2"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.zcash.audits.autocfg]]
 who = "Daira-Emma Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
@@ -1621,6 +2054,19 @@ criteria = "safe-to-deploy"
 delta = "1.11.0 -> 1.13.0"
 aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
 
+[[audits.zcash.audits.errno]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "0.3.10 -> 0.3.11"
+notes = "The `__errno` location for vxworks and cygwin looks correct from a quick search."
+aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
+
+[[audits.zcash.audits.getset]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "0.1.4 -> 0.1.5"
+aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
+
 [[audits.zcash.audits.hashbrown]]
 who = "Daira-Emma Hopwood <daira@jacaranda.org>"
 criteria = "safe-to-deploy"
@@ -1628,6 +2074,13 @@ delta = "0.14.2 -> 0.14.5"
 notes = "I did not thoroughly check the safety argument for fold_impl, but it at least seems to be well documented."
 aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
 
+[[audits.zcash.audits.known-folders]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+delta = "1.1.0 -> 1.2.0"
+notes = "Change to `unsafe` block is adapting to the `windows-sys` crate's API change."
+aggregated-from = "https://raw.githubusercontent.com/zcash/wallet/main/supply-chain/audits.toml"
+
 [[audits.zcash.audits.memchr]]
 who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"
@@ -1709,9 +2162,9 @@ notes = """
 """
 aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
 
-[[audits.zcash.audits.zcash_encoding]]
+[[audits.zcash.audits.zcash_note_encryption]]
 who = "Kris Nuttycombe <kris@nutty.land>"
 criteria = "safe-to-deploy"
-delta = "0.2.0 -> 0.2.1"
-notes = "This release adds minor convenience methods and involves no unsafe code."
+version = "0.4.1"
+notes = "Additive-only change that exposes the ability to decrypt by pk_d and esk. No functional changes."
 aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"

qa/zcash/postponed-updates.txt

@@ -5,21 +5,67 @@
 #
 
 # Boost 1.84.0 causes gtests to fail on macOS.
-boost 1.84.0 2024-12-15
-boost 1.85.0 2024-12-15
-boost 1.86.0 2024-12-15
-native_b2 1.84.0 2024-12-15
-native_b2 1.85.0 2024-12-15
-native_b2 1.86.0 2024-12-15
+boost 1.84.0 2025-12-31
+boost 1.85.0 2025-12-31
+boost 1.86.0 2025-12-31
+boost 1.87.0 2025-12-31
+boost 1.88.0 2025-12-31
+native_b2 1.84.0 2025-12-31
+native_b2 1.85.0 2025-12-31
+native_b2 1.86.0 2025-12-31
+native_b2 1.87.0 2025-12-31
+native_b2 1.88.0 2025-12-31
 
 # Clang and Rust are currently pinned to LLVM 18
-libcxx 19.1.0 2024-12-15
-libcxx 19.1.1 2024-12-15
-native_clang 19.1.0 2024-12-15
-native_clang 19.1.1 2024-12-15
+libcxx 19.1.0 2025-12-31
+libcxx 19.1.1 2025-12-31
+libcxx 19.1.2 2025-12-31
+libcxx 19.1.3 2025-12-31
+libcxx 19.1.4 2025-12-31
+libcxx 19.1.5 2025-12-31
+libcxx 19.1.6 2025-12-31
+libcxx 19.1.7 2025-12-31
+libcxx 20.1.0 2025-12-31
+libcxx 20.1.1 2025-12-31
+libcxx 20.1.2 2025-12-31
+libcxx 20.1.3 2025-12-31
+native_clang 19.1.0 2025-12-31
+native_clang 19.1.1 2025-12-31
+native_clang 19.1.2 2025-12-31
+native_clang 19.1.3 2025-12-31
+native_clang 19.1.4 2025-12-31
+native_clang 19.1.5 2025-12-31
+native_clang 19.1.6 2025-12-31
+native_clang 19.1.7 2025-12-31
+native_clang 20.1.0 2025-12-31
+native_clang 20.1.1 2025-12-31
+native_clang 20.1.2 2025-12-31
+native_clang 20.1.3 2025-12-31
+native_rust 1.82.0 2025-12-31
+native_rust 1.83.0 2025-12-31
+native_rust 1.84.0 2025-12-31
+native_rust 1.84.1 2025-12-31
+native_rust 1.85.0 2025-12-31
+native_rust 1.85.1 2025-12-31
+native_rust 1.86.0 2025-12-31
 
 # We follow upstream Bitcoin Core's LevelDB updates
-leveldb 1.23 2024-12-15
+leveldb 1.23 2025-12-31
 
 # We're never updating to this version
-bdb 18.1.40 2025-03-01
+bdb 18.1.40 2026-03-01
+
+# These have no important security or critical stability issues.
+native_zstd 1.5.7 2025-12-31
+native_ccache 4.11 2025-12-31
+native_ccache 4.11.1 2025-12-31
+native_ccache 4.11.2 2025-12-31
+native_fmt 11.1.2 2025-12-31
+native_fmt 11.1.3 2025-12-31
+native_fmt 11.1.4 2025-12-31
+native_cmake 3.31.4 2025-12-31
+native_cmake 3.31.5 2025-12-31
+native_cmake 3.31.6 2025-12-31
+native_cmake 3.31.7 2025-12-31
+native_cmake 4.0.0 2025-12-31
+native_cmake 4.0.1 2025-12-31

src/bitcoind.cpp

@@ -127,6 +127,41 @@ bool AppInit(int argc, char* argv[])
             fprintf(stderr,"Error reading configuration file: %s\n", e.what());
             return false;
         }
+
+        // Check that the node operator is aware of `zcashd` deprecation.
+        if (!GetBoolArg("-i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025", false)) {
+            auto confFilename = GetArg("-conf", BITCOIN_CONF_FILENAME);
+            fprintf(stderr,
+                _("zcashd is being deprecated in 2025. Full nodes are being migrated to zebrad,\n"
+                  "and the Zallet wallet is being built as a replacement for the zcashd wallet.\n"
+                  "\n"
+                  "For some of zcashd's JSON-RPC methods, zebrad or Zallet should be a drop-in\n"
+                  "replacement. Other JSON-RPC methods may require modified usage, and some\n"
+                  "JSON-RPC methods will not be supported.\n"
+                  "\n"
+                  "You can find all information about the zcashd deprecation process on this\n"
+                  "webpage, which you can monitor for future updates:\n"
+                  "%s\n"
+                  "\n"
+                  "We are collecting information about how zcashd users are currently using the\n"
+                  "existing JSON-RPC methods. The above webpage has a link to a spreadsheet\n"
+                  "containing the information we have collected so far, and the planned status\n"
+                  "for each JSON-RPC method based on that information. If you have not provided\n"
+                  "feedback to us about how you are using the zcashd JSON-RPC interface, please\n"
+                  "do so as soon as possible.\n"
+                  "\n"
+                  "To confirm that you are aware that zcashd is being deprecated and that you\n"
+                  "will need to migrate to zebrad and/or Zallet in 2025, add the following\n"
+                  "option:\n"
+                  "%s\n"
+                  "to your config file:\n"
+                  "%s\n").c_str(),
+                "https://z.cash/support/zcashd-deprecation/",
+                "i-am-aware-zcashd-will-be-replaced-by-zebrad-and-zallet-in-2025=1",
+                GetConfigFile(confFilename).string().c_str());
+            return false;
+        }
+
         // Check for -testnet or -regtest parameter (Params() calls are only valid after this clause)
         try {
             SelectParams(ChainNameFromCommandLine());

src/chainparams.cpp

@@ -1,6 +1,6 @@
 // Copyright (c) 2010 Satoshi Nakamoto
 // Copyright (c) 2009-2014 The Bitcoin Core developers
-// Copyright (c) 2015-2023 The Zcash developers
+// Copyright (c) 2015-2025 The Zcash developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or https://www.opensource.org/licenses/mit-license.php .
 
@@ -268,7 +268,7 @@ public:
         }
 
         // The best chain should have at least this much work.
-        consensus.nMinimumChainWork = uint256S("0x00000000000000000000000000000000000000000000000011be8336c45e2dd4");
+        consensus.nMinimumChainWork = uint256S("0x00000000000000000000000000000000000000000000000013859078e5bbacd3");
 
         /**
          * The message start string should be awesome! ⓩ❤
@@ -330,10 +330,11 @@ public:
             (2000000, uint256S("0x00000000010accaf2f87934765dc2e0bf4823a2b1ae2c1395b334acfce52ad68"))
             (2200000, uint256S("0x0000000001a0139c4c4d0e8f68cc562227c6003f4b1b640a3d921aeb8c3d2e3d"))
             (2400000, uint256S("0x0000000000294d1c8d87a1b6566d302aa983691bc3cab0583a245389bbb9d285"))
-            (2600000, uint256S("0x0000000000b5ad92fcec0069d590f674d05ec7d96b1ff727863ea390950c4e49")),
-            1722834204,     // * UNIX timestamp of last checkpoint block
-            14608885,       // * total number of transactions between genesis and last checkpoint
-            6473            // * estimated number of transactions per day after checkpoint
+            (2600000, uint256S("0x0000000000b5ad92fcec0069d590f674d05ec7d96b1ff727863ea390950c4e49"))
+            (2800000, uint256S("0x00000000011a226fb25d778d65b055605a82da016989b7788e0ce83c4f8d64f7")),
+            1737908795,     // * UNIX timestamp of last checkpoint block
+            15140822,       // * total number of transactions between genesis and last checkpoint
+            6229            // * estimated number of transactions per day after checkpoint
                             //   (total number of tx * 48 * 24) / checkpoint block height
         };
 

src/clientversion.h

@@ -16,7 +16,7 @@
 
 //! These need to be macros, as clientversion.cpp's and bitcoin*-res.rc's voodoo requires it
 #define CLIENT_VERSION_MAJOR 6
-#define CLIENT_VERSION_MINOR 0
+#define CLIENT_VERSION_MINOR 2
 #define CLIENT_VERSION_REVISION 0
 #define CLIENT_VERSION_BUILD 50
 

src/consensus/params.cpp

@@ -194,7 +194,7 @@ namespace Consensus {
 
         const auto expectedRecipients = params.FundingPeriodIndex(startHeight, endHeight - 1) + 1;
         if (expectedRecipients > recipients.size()) {
-            return FundingStreamError::INSUFFICIENT_ADDRESSES;
+            return FundingStreamError::INSUFFICIENT_RECIPIENTS;
         }
 
         // Lockbox output periods must not start before NU6
@@ -221,8 +221,8 @@ namespace Consensus {
                     throw std::runtime_error("Canopy network upgrade not active at funding stream start height.");
                 case FundingStreamError::ILLEGAL_RANGE:
                     throw std::runtime_error("Illegal start/end height combination for funding stream.");
-                case FundingStreamError::INSUFFICIENT_ADDRESSES:
-                    throw std::runtime_error("Insufficient payment addresses to fully exhaust funding stream.");
+                case FundingStreamError::INSUFFICIENT_RECIPIENTS:
+                    throw std::runtime_error("Insufficient recipient identifiers to fully exhaust funding stream.");
                 case FundingStreamError::NU6_NOT_ACTIVE:
                     throw std::runtime_error("NU6 network upgrade not active at lockbox period start height.");
                 default:
@@ -349,7 +349,11 @@ namespace Consensus {
         // Funding streams are disabled if Canopy is not active.
         if (NetworkUpgradeActive(nHeight, Consensus::UPGRADE_CANOPY)) {
             for (uint32_t idx = Consensus::FIRST_FUNDING_STREAM; idx < Consensus::MAX_FUNDING_STREAMS; idx++) {
+                // The following indexed access is safe as Consensus::MAX_FUNDING_STREAMS is used
+                // in the definition of vFundingStreams.
                 auto fs = vFundingStreams[idx];
+
+                // Funding period is [startHeight, endHeight).
                 if (fs && nHeight >= fs.value().GetStartHeight() && nHeight < fs.value().GetEndHeight()) {
                     activeStreams.push_back(std::make_pair(FundingStreamInfo[idx], fs.value()));
                 }
@@ -372,16 +376,10 @@ namespace Consensus {
 
         // Funding streams are disabled if Canopy is not active.
         if (NetworkUpgradeActive(nHeight, Consensus::UPGRADE_CANOPY)) {
-            for (uint32_t idx = Consensus::FIRST_FUNDING_STREAM; idx < Consensus::MAX_FUNDING_STREAMS; idx++) {
-                // The following indexed access is safe as Consensus::MAX_FUNDING_STREAMS is used
-                // in the definition of vFundingStreams.
-                auto fs = vFundingStreams[idx];
-                // Funding period is [startHeight, endHeight)
-                if (fs && nHeight >= fs.value().GetStartHeight() && nHeight < fs.value().GetEndHeight()) {
-                    requiredElements.insert(std::make_pair(
-                        fs.value().Recipient(*this, nHeight),
-                        FundingStreamInfo[idx].Value(blockSubsidy)));
-                }
+            for (const auto& [fsinfo, fs] : GetActiveFundingStreams(nHeight)) {
+                requiredElements.insert(std::make_pair(
+                    fs.Recipient(*this, nHeight),
+                    fsinfo.Value(blockSubsidy)));
             }
         }
 

src/consensus/params.h

@@ -134,7 +134,7 @@ extern const struct FSInfo FundingStreamInfo[];
 enum FundingStreamError {
     CANOPY_NOT_ACTIVE,
     ILLEGAL_RANGE,
-    INSUFFICIENT_ADDRESSES,
+    INSUFFICIENT_RECIPIENTS,
     NU6_NOT_ACTIVE,
 };
 

src/dbwrapper.cpp

@@ -29,6 +29,7 @@ static leveldb::Options GetOptions(size_t nCacheSize)
         // on corruption in later versions.
         options.paranoid_checks = true;
     }
+    options.max_file_size = std::max(options.max_file_size, DBWRAPPER_MAX_FILE_SIZE);
     return options;
 }
 

src/dbwrapper.h

@@ -18,6 +18,7 @@
 
 static const size_t DBWRAPPER_PREALLOC_KEY_SIZE = 64;
 static const size_t DBWRAPPER_PREALLOC_VALUE_SIZE = 1024;
+static const size_t DBWRAPPER_MAX_FILE_SIZE = 32 << 20; // 32 MiB
 
 class dbwrapper_error : public std::runtime_error
 {

src/deprecation.cpp

@@ -14,6 +14,9 @@
 bool fEnableGbtOldHashes = true;
 bool fEnableDeprecationInfoDeprecationHeight = true;
 bool fEnableAddrTypeField = true;
+bool fEnableGetNetworkHashPS = true;
+bool fEnableCreateRawTransaction = true;
+bool fEnableSignRawTransaction = true;
 #ifdef ENABLE_WALLET
 bool fEnableGetNewAddress = true;
 bool fEnableGetRawChangeAddress = true;
@@ -23,6 +26,9 @@ bool fEnableZGetTotalBalance = true;
 bool fEnableZListAddresses = true;
 bool fEnableLegacyPrivacyStrategy = true;
 bool fEnableWalletTxVJoinSplit = true;
+bool fEnableFundRawTransaction = true;
+bool fEnableKeyPoolRefill = true;
+bool fEnableSetTxFee = true;
 #endif
 
 static const std::string CLIENT_VERSION_STR = FormatVersion(CLIENT_VERSION);
@@ -125,3 +131,16 @@ std::string GetAllowableDeprecatedFeatures() {
     return result;
 }
 
+std::string Deprecated(bool enabled, std::string method, std::string instead) {
+    auto status = enabled ? "DEPRECATED" : "DISABLED";
+    auto reenable = enabled
+            ? std::string("")
+            : (std::string("You can restart the node with `-allowdeprecated=") + method + "`\n"
+               "to re-enable this method during its deprecation period.\n");
+
+    return std::string("\n")
+           + method + " is " + status + " and will be removed in a future release.\n"
+           + instead + "\n"
+           + reenable
+           + "See https://zcash.github.io/zcash/user/deprecation.html for more information.\n";
+}

src/deprecation.h

@@ -14,7 +14,7 @@
 // Shut down nodes running this version of code, `RELEASE_TO_DEPRECATION_WEEKS` weeks' worth
 // of blocks after the estimated release block height. A warning is shown during the 14 days'
 // worth of blocks prior to shut down.
-static const int APPROX_RELEASE_HEIGHT = 2667376;
+static const int APPROX_RELEASE_HEIGHT = 2892076;
 static const int RELEASE_TO_DEPRECATION_WEEKS = 16;
 static const int EXPECTED_BLOCKS_PER_HOUR = 3600 / Consensus::POST_BLOSSOM_POW_TARGET_SPACING;
 static_assert(EXPECTED_BLOCKS_PER_HOUR == 48, "The value of Consensus::POST_BLOSSOM_POW_TARGET_SPACING was chosen such that this assertion holds.");
@@ -27,26 +27,32 @@ static const int DEPRECATION_WARN_LIMIT = 14 * 24 * EXPECTED_BLOCKS_PER_HOUR;
 //! Defaults for -allowdeprecated
 static const std::set<std::string> DEFAULT_ALLOW_DEPRECATED{{
     // Node-level features
-    "gbt_oldhashes",
-    "deprecationinfo_deprecationheight",
+    "createrawtransaction",
+    "signrawtransaction",
+    "getnetworkhashps",
 
     // Wallet-level features
 #ifdef ENABLE_WALLET
-    "z_getbalance",
     "z_gettotalbalance",
+    "fundrawtransaction",
+    "keypoolrefill",
+    "settxfee",
 #endif
 }};
 static const std::set<std::string> DEFAULT_DENY_DEPRECATED{{
     // Node-level features
+    "gbt_oldhashes",
+    "deprecationinfo_deprecationheight",
+    "addrtype",
 
     // Wallet-level features
 #ifdef ENABLE_WALLET
-    "legacy_privacy",
     "getnewaddress",
     "getrawchangeaddress",
     "z_getnewaddress",
+    "z_getbalance",
     "z_listaddresses",
-    "addrtype",
+    "legacy_privacy",
     "wallettxvjoinsplit",
 #endif
 }};
@@ -55,6 +61,9 @@ static const std::set<std::string> DEFAULT_DENY_DEPRECATED{{
 extern bool fEnableGbtOldHashes;
 extern bool fEnableDeprecationInfoDeprecationHeight;
 extern bool fEnableAddrTypeField;
+extern bool fEnableGetNetworkHashPS;
+extern bool fEnableCreateRawTransaction;
+extern bool fEnableSignRawTransaction;
 #ifdef ENABLE_WALLET
 extern bool fEnableGetNewAddress;
 extern bool fEnableGetRawChangeAddress;
@@ -64,6 +73,9 @@ extern bool fEnableZGetTotalBalance;
 extern bool fEnableZListAddresses;
 extern bool fEnableLegacyPrivacyStrategy;
 extern bool fEnableWalletTxVJoinSplit;
+extern bool fEnableFundRawTransaction;
+extern bool fEnableKeyPoolRefill;
+extern bool fEnableSetTxFee;
 #endif
 
 /**
@@ -97,4 +109,9 @@ std::optional<std::string> LoadAllowedDeprecatedFeatures();
  */
 std::string GetAllowableDeprecatedFeatures();
 
+/**
+ * Returns a string to be included in the help text of a deprecated RPC method.
+ */
+std::string Deprecated(bool enabled, std::string method, std::string instead);
+
 #endif // ZCASH_DEPRECATION_H

src/gtest/test_checkblock.cpp

@@ -10,7 +10,7 @@
 class MockCValidationState : public CValidationState {
 public:
     MOCK_METHOD6(DoS, bool(int level, bool ret,
-             unsigned int chRejectCodeIn, const std::string strRejectReasonIn,
+             unsigned int chRejectCodeIn, const std::string &strRejectReasonIn,
              bool corruptionIn,
              const std::string &strDebugMessageIn));
     MOCK_METHOD4(Invalid, bool(bool ret,

src/init.cpp

@@ -452,7 +452,7 @@ std::string HelpMessage(HelpMessageMode mode)
                 "Use given addresses for block subsidy share paid to the funding stream with id <streamId> (regtest-only)");
     }
     std::string debugCategories = "addrman, alert, bench, coindb, db, http, libevent, lock, mempool, mempoolrej, net, partitioncheck, pow, proxy, prune, "
-                             "rand, receiveunsafe, reindex, rpc, selectcoins, tor, zmq, zrpc, zrpcunsafe (implies zrpc)"; // Don't translate these
+                             "rand, receiveunsafe, reindex, rpc, selectcoins, tor, valuepool, zmq, zrpc, zrpcunsafe (implies zrpc)"; // Don't translate these
     strUsage += HelpMessageOpt("-debug=<category>", strprintf(_("Output debugging information (default: %u, supplying <category> is optional)"), 0) + ". " +
         _("If <category> is not supplied or if <category> = 1, output all debugging information.") + " " + _("<category> can be:") + " " + debugCategories + ". " +
         _("For multiple specific categories use -debug=<category> multiple times."));

src/main.cpp

@@ -4673,7 +4673,7 @@ void SetChainPoolValues(
             lockboxValue += elem.second;
         }
     }
-    LogPrintf("%s: Lockbox value is %d at height %d", __func__, lockboxValue, pindex->nHeight);
+    LogPrint("valuepool", "%s: Lockbox value is %d at height %d", __func__, lockboxValue, pindex->nHeight);
 
     for (auto tx : block.vtx) {
         // For the genesis block only, compute the chain supply delta and the transparent

src/miner.cpp

@@ -115,39 +115,38 @@ public:
     }
 
     CAmount SetFoundersRewardAndGetMinerValue(sapling::Builder& saplingBuilder) const {
-        auto block_subsidy = chainparams.GetConsensus().GetBlockSubsidy(nHeight);
+        const auto& consensus = chainparams.GetConsensus();
+        const auto block_subsidy = consensus.GetBlockSubsidy(nHeight);
         auto miner_reward = block_subsidy; // founders' reward or funding stream amounts will be subtracted below
 
         if (nHeight > 0) {
             if (chainparams.GetConsensus().NetworkUpgradeActive(nHeight, Consensus::UPGRADE_CANOPY)) {
-                auto fundingStreamElements = chainparams.GetConsensus().GetActiveFundingStreamElements(
-                    nHeight,
-                    block_subsidy);
-
                 LogPrint("pow", "%s: Constructing funding stream outputs for height %d", __func__, nHeight);
-                for (Consensus::FundingStreamElement fselem : fundingStreamElements) {
-                    miner_reward -= fselem.second;
-                    examine(fselem.first, match {
+                for (const auto& [fsinfo, fs] : consensus.GetActiveFundingStreams(nHeight)) {
+                    const auto amount = fsinfo.Value(block_subsidy);
+                    miner_reward -= amount;
+
+                    examine(fs.Recipient(consensus, nHeight), match {
                         [&](const libzcash::SaplingPaymentAddress& pa) {
-                            LogPrint("pow", "%s: Adding Sapling funding stream output of value %d", __func__, fselem.second);
+                            LogPrint("pow", "%s: Adding Sapling funding stream output of value %d", __func__, amount);
                             saplingBuilder.add_recipient(
                                 {},
                                 pa.GetRawBytes(),
-                                fselem.second,
+                                amount,
                                 libzcash::Memo::ToBytes(std::nullopt));
                         },
                         [&](const CScript& scriptPubKey) {
-                            LogPrint("pow", "%s: Adding transparent funding stream output of value %d", __func__, fselem.second);
-                            mtx.vout.emplace_back(fselem.second, scriptPubKey);
+                            LogPrint("pow", "%s: Adding transparent funding stream output of value %d", __func__, amount);
+                            mtx.vout.emplace_back(amount, scriptPubKey);
                         },
                         [&](const Consensus::Lockbox& lockbox) {
-                            LogPrint("pow", "%s: Noting lockbox output of value %d", __func__, fselem.second);
+                            LogPrint("pow", "%s: Noting lockbox output of value %d", __func__, amount);
                         }
                     });
                 }
             } else if (nHeight <= chainparams.GetConsensus().GetLastFoundersRewardBlockHeight(nHeight)) {
                 // Founders reward is 20% of the block subsidy
-                auto vFoundersReward = miner_reward / 5;
+                const auto vFoundersReward = miner_reward / 5;
                 // Take some reward away from us
                 miner_reward -= vFoundersReward;
                 // And give it to the founders

src/rpc/mining.cpp

@@ -125,10 +125,12 @@ UniValue getnetworksolps(const UniValue& params, bool fHelp)
 
 UniValue getnetworkhashps(const UniValue& params, bool fHelp)
 {
-    if (fHelp || params.size() > 2)
+    if (!fEnableGetNetworkHashPS || fHelp || params.size() > 2)
         throw runtime_error(
             "getnetworkhashps ( blocks height )\n"
-            "\nDEPRECATED - left for backwards-compatibility. Use getnetworksolps instead.\n"
+            + Deprecated(fEnableGetNetworkHashPS,
+                         "getnetworkhashps",
+                         "Please use getnetworksolps instead.") +
             "\nReturns the estimated network solutions per second based on the last n blocks.\n"
             "Pass in [blocks] to override # of blocks, -1 specifies over difficulty averaging window.\n"
             "Pass in [height] to estimate the network speed at the time when a certain block was found.\n"
@@ -140,7 +142,7 @@ UniValue getnetworkhashps(const UniValue& params, bool fHelp)
             "\nExamples:\n"
             + HelpExampleCli("getnetworkhashps", "")
             + HelpExampleRpc("getnetworkhashps", "")
-       );
+        );
 
     LOCK(cs_main);
     return GetNetworkHashPS(params.size() > 0 ? params[0].get_int() : 120, params.size() > 1 ? params[1].get_int() : -1);

src/rpc/rawtransaction.cpp

@@ -672,9 +672,13 @@ UniValue verifytxoutproof(const UniValue& params, bool fHelp)
 
 UniValue createrawtransaction(const UniValue& params, bool fHelp)
 {
-    if (fHelp || params.size() < 2 || params.size() > 4)
+    if (!fEnableCreateRawTransaction || fHelp || params.size() < 2 || params.size() > 4)
         throw runtime_error(
             "createrawtransaction [{\"txid\":\"id\",\"vout\":n},...] {\"address\":amount,...} ( locktime ) ( expiryheight )\n"
+            + Deprecated(fEnableCreateRawTransaction,
+                         "createrawtransaction",
+                         "Zallet will instead provide new RPC methods that operate on PCZTs:\n"
+                         "https://github.com/zcash/wallet/issues/99") +
             "\nCreate a transaction spending the given inputs and sending to the given addresses.\n"
             "Returns hex-encoded raw transaction.\n"
             "Note that the transaction's inputs are not signed, and\n"
@@ -948,9 +952,13 @@ static void TxInErrorToJSON(const CTxIn& txin, UniValue& vErrorsRet, const std::
 
 UniValue signrawtransaction(const UniValue& params, bool fHelp)
 {
-    if (fHelp || params.size() < 1 || params.size() > 5)
+    if (!fEnableSignRawTransaction || fHelp || params.size() < 1 || params.size() > 5)
         throw runtime_error(
             "signrawtransaction \"hexstring\" ( [{\"txid\":\"id\",\"vout\":n,\"scriptPubKey\":\"hex\",\"redeemScript\":\"hex\"},...] [\"privatekey1\",...] sighashtype )\n"
+            + Deprecated(fEnableSignRawTransaction,
+                         "signrawtransaction",
+                         "Zallet will instead provide new RPC methods that operate on PCZTs:\n"
+                         "https://github.com/zcash/wallet/issues/99") +
             "\nSign inputs for raw transaction (serialized, hex-encoded).\n"
             "The second optional argument (may be null) is an array of previous transaction outputs that\n"
             "this transaction depends on but may not yet be in the block chain.\n"

src/rust/src/sapling.rs

@@ -11,6 +11,7 @@ use bls12_381::Bls12;
 use group::GroupEncoding;
 use memuse::DynamicUsage;
 use rand_core::{OsRng, RngCore};
+use sapling::keys::EphemeralSecretKey;
 use sapling::{
     builder::BundleType,
     circuit::{self, OutputParameters, SpendParameters},
@@ -344,7 +345,7 @@ impl OutputProver for StaticTxProver {
     type Proof = Proof<Bls12>;
 
     fn prepare_circuit(
-        esk: jubjub::Fr,
+        esk: &EphemeralSecretKey,
         payment_address: PaymentAddress,
         rcm: jubjub::Fr,
         value: NoteValue,
@@ -366,7 +367,7 @@ impl OutputProver for StaticTxProver {
 
 pub(crate) struct SaplingBuilder {
     builder: sapling::builder::Builder,
-    signing_keys: Vec<SpendAuthorizingKey>,
+    extsks: Vec<ExtendedSpendingKey>,
 }
 
 pub(crate) fn new_sapling_builder(
@@ -390,7 +391,7 @@ pub(crate) fn new_sapling_builder(
             bundle_type,
             anchor,
         ),
-        signing_keys: vec![],
+        extsks: vec![],
     }))
 }
 
@@ -425,9 +426,13 @@ impl SaplingBuilder {
             .map_err(|e| format!("Invalid Sapling Merkle path: {}", e))?;
 
         self.builder
-            .add_spend(&extsk, note, merkle_path)
+            .add_spend(
+                extsk.to_diversifiable_full_viewing_key().fvk().clone(),
+                note,
+                merkle_path,
+            )
             .map_err(|e| format!("Failed to add Sapling spend: {}", e))?;
-        self.signing_keys.push(extsk.expsk.ask);
+        self.extsks.push(extsk);
 
         Ok(())
     }
@@ -450,19 +455,16 @@ impl SaplingBuilder {
     }
 
     fn build(self) -> Result<SaplingUnauthorizedBundle, String> {
-        let Self {
-            builder,
-            signing_keys,
-        } = self;
+        let Self { builder, extsks } = self;
         let prover = crate::sapling::StaticTxProver;
         let rng = OsRng;
         let bundle = builder
-            .build::<StaticTxProver, StaticTxProver, _, Amount>(rng)
+            .build::<StaticTxProver, StaticTxProver, _, Amount>(&extsks, rng)
             .map_err(|e| format!("Failed to build Sapling bundle: {}", e))?
             .map(|(bundle, _)| bundle.create_proofs(&prover, &prover, rng, ()));
         Ok(SaplingUnauthorizedBundle {
             bundle,
-            signing_keys,
+            signing_keys: extsks.into_iter().map(|extsk| extsk.expsk.ask).collect(),
         })
     }
 }

src/rust/src/tests/zip339.rs

@@ -1,21 +1,11 @@
 use libc::c_char;
-use std::{
-    convert::{TryFrom, TryInto},
-    ffi::CStr,
-    ptr,
-};
+use std::{ffi::CStr, ptr};
 
 use crate::zip339_ffi::{
     zip339_entropy_to_phrase, zip339_free_phrase, zip339_phrase_to_seed, zip339_validate_phrase,
     Language,
 };
 
-#[test]
-fn test_try_from_language() {
-    assert_eq!(Language(0).try_into(), Ok(bip0039::Language::English));
-    assert!(bip0039::Language::try_from(Language(1234)).is_err());
-}
-
 #[test]
 fn test_free_null_phrase_is_noop() {
     zip339_free_phrase(ptr::null_mut());

src/rust/src/transaction_ffi.rs

@@ -1,4 +1,4 @@
-use std::convert::TryInto;
+use std::convert::{TryFrom, TryInto};
 use std::io::Cursor;
 use std::{ptr, slice};
 
@@ -11,7 +11,6 @@ use zcash_primitives::{
     consensus::BranchId,
     legacy::Script,
     transaction::{
-        components::transparent,
         sighash::{SignableInput, TransparentAuthorizingContext},
         sighash_v5::v5_signature_hash,
         txid::TxIdDigester,
@@ -62,10 +61,10 @@ pub extern "C" fn zcash_transaction_digests(
 
 #[derive(Clone, Debug)]
 pub(crate) struct TransparentAuth {
-    all_prev_outputs: Vec<transparent::TxOut>,
+    all_prev_outputs: Vec<transparent::bundle::TxOut>,
 }
 
-impl transparent::Authorization for TransparentAuth {
+impl transparent::bundle::Authorization for TransparentAuth {
     type ScriptSig = Script;
 }
 
@@ -92,7 +91,7 @@ pub(crate) struct MapTransparent {
 impl MapTransparent {
     pub(crate) fn parse(all_prev_outputs: &[u8], tx: &Transaction) -> Result<Self, String> {
         let mut cursor = Cursor::new(all_prev_outputs);
-        match Vector::read(&mut cursor, transparent::TxOut::read) {
+        match Vector::read(&mut cursor, transparent::bundle::TxOut::read) {
             Err(e) => Err(format!("Invalid all_prev_outputs field: {}", e)),
             Ok(_) if (cursor.position() as usize) != all_prev_outputs.len() => {
                 Err("all_prev_outputs had trailing data".into())
@@ -131,15 +130,17 @@ impl MapTransparent {
     }
 }
 
-impl transparent::MapAuth<transparent::Authorized, TransparentAuth> for MapTransparent {
+impl transparent::bundle::MapAuth<transparent::bundle::Authorized, TransparentAuth>
+    for MapTransparent
+{
     fn map_script_sig(
         &self,
-        s: <transparent::Authorized as transparent::Authorization>::ScriptSig,
-    ) -> <TransparentAuth as transparent::Authorization>::ScriptSig {
+        s: <transparent::bundle::Authorized as transparent::bundle::Authorization>::ScriptSig,
+    ) -> <TransparentAuth as transparent::bundle::Authorization>::ScriptSig {
         s
     }
 
-    fn map_authorization(&self, _: transparent::Authorized) -> TransparentAuth {
+    fn map_authorization(&self, _: transparent::bundle::Authorized) -> TransparentAuth {
         // TODO: This map should consume self, so we can move self.auth
         self.auth.clone()
     }
@@ -261,6 +262,21 @@ pub extern "C" fn zcash_transaction_zip244_signature_digest(
     let signable_input = if index == NOT_AN_INPUT {
         SignableInput::Shielded
     } else {
+        // This conversion to `u8` is always fine:
+        // - We only call this FFI method once we already know we are using ZIP 244.
+        // - Even if we weren't, `hash_type` is one byte tacked onto the end of a
+        //   signature, so it always fits into a `u8` (and TBH I don't know why we
+        //   ever set it to `u32`).
+        let hash_type = u8::try_from(hash_type).unwrap();
+
+        let hash_type = match transparent::sighash::SighashType::parse(hash_type) {
+            Some(hash_type) => hash_type,
+            None => {
+                error!("hash_type violates the ZIP 244 rules");
+                return false;
+            }
+        };
+
         let prevout = match precomputed_tx.tx.transparent_bundle() {
             Some(bundle) => match bundle.authorization.all_prev_outputs.get(index) {
                 Some(prevout) => prevout,
@@ -275,22 +291,17 @@ pub extern "C" fn zcash_transaction_zip244_signature_digest(
             }
         };
 
-        SignableInput::Transparent {
-            // This conversion to `u8` is always fine:
-            // - We only call this FFI method once we already know we are using ZIP 244.
-            // - Even if we weren't, `hash_type` is one byte tacked onto the end of a
-            //   signature, so it always fits into a `u8` (and TBH I don't know why we
-            //   ever set it to `u32`).
-            hash_type: hash_type.try_into().unwrap(),
+        SignableInput::Transparent(transparent::sighash::SignableInput::from_parts(
+            hash_type,
             index,
             // `script_code` is unused by `v5_signature_hash`, so instead of passing the
             // real `script_code` across the FFI (and paying the serialization and parsing
             // cost for no benefit), we set it to the prevout's `script_pubkey`. This
             // happens to be correct anyway for every output script kind except P2SH.
-            script_code: &prevout.script_pubkey,
-            script_pubkey: &prevout.script_pubkey,
-            value: prevout.value,
-        }
+            &prevout.script_pubkey,
+            &prevout.script_pubkey,
+            prevout.value,
+        ))
     };
 
     let sighash = v5_signature_hash(

src/rust/src/zip339_ffi.rs

@@ -1,6 +1,7 @@
 use libc::{c_char, size_t};
+use macro_find_and_replace::replace_token_sequence;
 use std::{
-    convert::{TryFrom, TryInto},
+    borrow::Cow,
     ffi::{CStr, CString},
     ptr, slice,
 };
@@ -13,27 +14,90 @@ use zeroize::Zeroize;
 #[derive(Copy, Clone)]
 pub struct Language(pub u32);
 
-impl TryFrom<Language> for bip0039::Language {
-    type Error = ();
-
-    fn try_from(language: Language) -> Result<Self, ()> {
+impl Language {
+    #[allow(clippy::too_many_arguments)]
+    fn handle<Ctx, T>(
+        self,
+        ctx: Ctx,
+        en: impl FnOnce(Ctx) -> Option<T>,
+        zh_cn: impl FnOnce(Ctx) -> Option<T>,
+        zh_tw: impl FnOnce(Ctx) -> Option<T>,
+        cs: impl FnOnce(Ctx) -> Option<T>,
+        fr: impl FnOnce(Ctx) -> Option<T>,
+        it: impl FnOnce(Ctx) -> Option<T>,
+        ja: impl FnOnce(Ctx) -> Option<T>,
+        ko: impl FnOnce(Ctx) -> Option<T>,
+        pt: impl FnOnce(Ctx) -> Option<T>,
+        es: impl FnOnce(Ctx) -> Option<T>,
+    ) -> Option<T> {
         // These must match `src/rust/include/zip339.h`.
-        match language {
-            Language(0) => Ok(bip0039::Language::English),
-            Language(1) => Ok(bip0039::Language::SimplifiedChinese),
-            Language(2) => Ok(bip0039::Language::TraditionalChinese),
-            Language(3) => Ok(bip0039::Language::Czech),
-            Language(4) => Ok(bip0039::Language::French),
-            Language(5) => Ok(bip0039::Language::Italian),
-            Language(6) => Ok(bip0039::Language::Japanese),
-            Language(7) => Ok(bip0039::Language::Korean),
-            Language(8) => Ok(bip0039::Language::Portuguese),
-            Language(9) => Ok(bip0039::Language::Spanish),
-            Language(_) => Err(()),
+        match self {
+            Language(0) => en(ctx),
+            Language(1) => zh_cn(ctx),
+            Language(2) => zh_tw(ctx),
+            Language(3) => cs(ctx),
+            Language(4) => fr(ctx),
+            Language(5) => it(ctx),
+            Language(6) => ja(ctx),
+            Language(7) => ko(ctx),
+            Language(8) => pt(ctx),
+            Language(9) => es(ctx),
+            Language(_) => None,
         }
     }
 }
 
+macro_rules! all_languages {
+    ($self:expr, $ctx:expr, $e:expr) => {
+        $self.handle(
+            $ctx,
+            replace_token_sequence!{[LANGUAGE], [bip0039::English], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::ChineseSimplified], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::ChineseTraditional], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Czech], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::French], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Italian], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Japanese], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Korean], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Portuguese], $e},
+            replace_token_sequence!{[LANGUAGE], [bip0039::Spanish], $e},
+        )
+    };
+}
+
+impl Language {
+    fn with_mnemonic_phrase_from_entropy<E: Into<Vec<u8>>, T>(
+        self,
+        entropy: E,
+        f: impl FnOnce(&str) -> Option<T>,
+    ) -> Option<T> {
+        all_languages!(self, (entropy, f), |(entropy, f)| {
+            bip0039::Mnemonic::<LANGUAGE>::from_entropy(entropy)
+                .ok()
+                .and_then(|mnemonic| f(mnemonic.phrase()))
+        })
+    }
+
+    fn with_seed_from_mnemonic_phrase<'a, P: Into<Cow<'a, str>>, T>(
+        self,
+        phrase: P,
+        passphrase: &str,
+        f: impl FnOnce([u8; 64]) -> Option<T>,
+    ) -> Option<T> {
+        all_languages!(self, (phrase, passphrase, f), |(phrase, passphrase, f)| {
+            bip0039::Mnemonic::<LANGUAGE>::from_phrase(phrase)
+                .ok()
+                .and_then(|mnemonic| f(mnemonic.to_seed(passphrase)))
+        })
+    }
+
+    fn validate_mnemonic<'a, P: Into<Cow<'a, str>>>(self, phrase: P) -> Option<()> {
+        all_languages!(self, phrase, |phrase| {
+            bip0039::Mnemonic::<LANGUAGE>::validate(phrase).ok()
+        })
+    }
+}
+
 /// Creates a phrase with the given entropy, in the given `Language`. The phrase is represented as
 /// a pointer to a null-terminated C string that must not be written to, and must be freed by
 /// `zip339_free_phrase`.
@@ -45,15 +109,14 @@ pub extern "C" fn zip339_entropy_to_phrase(
 ) -> *const c_char {
     assert!(!entropy.is_null());
 
-    if let Ok(language) = language.try_into() {
-        let entropy = unsafe { slice::from_raw_parts(entropy, entropy_len) }.to_vec();
-        if let Ok(mnemonic) = bip0039::Mnemonic::from_entropy_in(language, entropy) {
-            if let Ok(phrase) = CString::new(mnemonic.phrase()) {
-                return phrase.into_raw() as *const c_char;
-            }
-        }
-    }
-    ptr::null()
+    let entropy = unsafe { slice::from_raw_parts(entropy, entropy_len) }.to_vec();
+    language
+        .with_mnemonic_phrase_from_entropy(entropy, |phrase| {
+            CString::new(phrase)
+                .ok()
+                .map(|phrase| phrase.into_raw() as *const c_char)
+        })
+        .unwrap_or(ptr::null())
 }
 
 /// Frees a phrase returned by `zip339_entropy_to_phrase`.
@@ -74,10 +137,8 @@ pub extern "C" fn zip339_free_phrase(phrase: *const c_char) {
 pub extern "C" fn zip339_validate_phrase(language: Language, phrase: *const c_char) -> bool {
     assert!(!phrase.is_null());
 
-    if let Ok(language) = language.try_into() {
-        if let Ok(phrase) = unsafe { CStr::from_ptr(phrase) }.to_str() {
-            return bip0039::Mnemonic::validate_in(language, phrase).is_ok();
-        }
+    if let Ok(phrase) = unsafe { CStr::from_ptr(phrase) }.to_str() {
+        return language.validate_mnemonic(phrase).is_some();
     }
     false
 }
@@ -93,20 +154,23 @@ pub extern "C" fn zip339_phrase_to_seed(
     assert!(!phrase.is_null());
     assert!(!buf.is_null());
 
-    if let Ok(language) = language.try_into() {
-        if let Ok(phrase) = unsafe { CStr::from_ptr(phrase) }.to_str() {
-            if let Ok(mnemonic) = bip0039::Mnemonic::from_phrase_in(language, phrase) {
-                // Use the empty passphrase.
-                let seed = mnemonic.to_seed("");
+    let phrase = unsafe { CStr::from_ptr(phrase) };
+    phrase
+        .to_str()
+        .ok()
+        .and_then(|phrase| {
+            // Use the empty passphrase.
+            language.with_seed_from_mnemonic_phrase(phrase, "", |seed| {
                 unsafe {
                     ptr::copy(seed.as_ptr(), buf, 64);
                 }
-                return true;
+                Some(true)
+            })
+        })
+        .unwrap_or_else(|| {
+            unsafe {
+                ptr::write_bytes(buf, 0, 64);
             }
-        }
-    }
-    unsafe {
-        ptr::write_bytes(buf, 0, 64);
-    }
-    false
+            false
+        })
 }

src/test/miner_tests.cpp

@@ -375,8 +375,9 @@ BOOST_AUTO_TEST_CASE(CreateNewBlock_validity)
     auto nTime = pblocktemplate->block.nTime;
     delete pblocktemplate;
 
-    // Set the clock to be just ahead of the last "mined" block, to ensure we satisfy the
-    // future timestamp soft fork rule.
+    // Set the clock to the timestamp of the last "mined" block, to ensure we satisfy the
+    // future timestamp soft fork rule. We use a fixed clock here because the time should
+    // not advance from `nTime` for the calls to `CreateNewBlock`.
     FixedClock::SetGlobal();
     FixedClock::Instance()->Set(std::chrono::seconds(nTime));
 
@@ -406,6 +407,9 @@ BOOST_AUTO_TEST_CASE(CreateNewBlock_validity)
     BOOST_CHECK_EQUAL(pblocktemplate->block.nTime, minTime);
     delete pblocktemplate;
 
+    // Set the clock back to the timestamp of the last "mined" block (and allow it to advance
+    // from that point), to ensure we satisfy both the rule that it is after the MTP, and the
+    // future timestamp soft fork rule.
     auto curTime = GetTime();
     OffsetClock::SetGlobal();
     OffsetClock::Instance()->Set(std::chrono::seconds(-curTime + nTime));

src/test/sighash_tests.cpp

@@ -31,7 +31,7 @@ uint256 static SignatureHashOld(CScript scriptCode, const CTransaction& txTo, un
     static const uint256 one(uint256S("0000000000000000000000000000000000000000000000000000000000000001"));
     if (nIn >= txTo.vin.size())
     {
-        printf("ERROR: SignatureHash(): nIn=%d out of range\n", nIn);
+        printf("ERROR: SignatureHash(): nIn=%u out of range\n", nIn);
         return one;
     }
     CMutableTransaction txTmp(txTo);
@@ -58,7 +58,7 @@ uint256 static SignatureHashOld(CScript scriptCode, const CTransaction& txTo, un
         unsigned int nOut = nIn;
         if (nOut >= txTmp.vout.size())
         {
-            printf("ERROR: SignatureHash(): nOut=%d out of range\n", nOut);
+            printf("ERROR: SignatureHash(): nOut=%u out of range\n", nOut);
             return one;
         }
         txTmp.vout.resize(nOut+1);

src/wallet/asyncrpcoperation_common.cpp

@@ -8,6 +8,7 @@
 
 extern UniValue signrawtransaction(const UniValue& params, bool fHelp);
 
+// This is only a helper for tests.
 std::pair<CTransaction, UniValue> SignSendRawTransaction(UniValue obj, std::optional<std::reference_wrapper<CReserveKey>> reservekey, bool testmode) {
     // Sign the raw transaction
     UniValue rawtxnValue = find_value(obj, "rawtxn");

src/wallet/rpcdisclosure.cpp

@@ -52,8 +52,8 @@ UniValue z_getpaymentdisclosure(const UniValue& params, bool fHelp)
     if (fHelp || params.size() < 3 || params.size() > 4 )
         throw runtime_error(
             "z_getpaymentdisclosure \"txid\" js_index output_index (\"message\") \n"
-            "\nGenerate a payment disclosure for a given joinsplit output.\n"
-            "\nEXPERIMENTAL FEATURE\n"
+            "\nGenerate a payment disclosure for a given joinsplit output. This only supports Sprout.\n"
+            "\nEXPERIMENTAL, DEPRECATED FEATURE\n"
             + disabledMsg +
             "\nArguments:\n"
             "1. \"txid\"            (string, required) \n"
@@ -157,8 +157,8 @@ UniValue z_validatepaymentdisclosure(const UniValue& params, bool fHelp)
     if (fHelp || params.size() != 1)
         throw runtime_error(
             "z_validatepaymentdisclosure \"paymentdisclosure\"\n"
-            "\nValidates a payment disclosure.\n"
-            "\nEXPERIMENTAL FEATURE\n"
+            "\nValidates a payment disclosure. This only supports Sprout.\n"
+            "\nEXPERIMENTAL, DEPRECATED FEATURE\n"
             + disabledMsg +
             "\nArguments:\n"
             "1. \"paymentdisclosure\"     (string, required) Hex data string, with \"zpd:\" prefix.\n"

src/wallet/rpcwallet.cpp

@@ -85,12 +85,19 @@ std::string HelpRequiringPassphrase()
 
 bool EnsureWalletIsAvailable(bool avoidException)
 {
-    if (!pwalletMain)
-    {
-        if (!avoidException)
-            throw JSONRPCError(RPC_METHOD_NOT_FOUND, "Method not found (disabled)");
-        else
+    if (!pwalletMain) {
+        if (!avoidException) {
+            throw JSONRPCError(
+                    RPC_METHOD_NOT_FOUND,
+#if ENABLE_WALLET
+                    "This wallet method is disabled because the `disablewallet` flag was used."
+#else
+                    "This wallet method is disabled because the node was not built with wallet support."
+#endif
+            );
+        } else {
             return false;
+        }
     }
     return true;
 }
@@ -165,17 +172,12 @@ UniValue getnewaddress(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableGetNewAddress)
-        throw runtime_error(
-            "getnewaddress is DEPRECATED and will be removed in a future release\n"
-            "\nUse z_getnewaccount and z_getaddressforaccount instead, or restart \n"
-            "with `-allowdeprecated=getnewaddress` if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
-    if (fHelp || params.size() > 1)
+    if (!fEnableGetNewAddress || fHelp || params.size() > 1)
         throw runtime_error(
             "getnewaddress ( \"\" )\n"
-            "\nDEPRECATED. Use z_getnewaccount and z_getaddressforaccount instead.\n"
+            + Deprecated(fEnableGetNewAddress,
+                         "getnewaddress",
+                         "Please use z_getnewaccount and z_getaddressforaccount instead.") +
             "\nReturns a new transparent Zcash address.\n"
             "Payments received by this API are visible on-chain and do not otherwise\n"
             "provide privacy protections; they should only be used in circumstances \n"
@@ -250,19 +252,13 @@ UniValue getrawchangeaddress(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableGetRawChangeAddress)
-        throw runtime_error(
-            "getrawchangeaddress is DEPRECATED and will be removed in a future release\n"
-            "\nChange addresses are a wallet-internal feature. Use a unified address for\n"
-            "a dedicated change account instead, or restart with `-allowdeprecated=getrawchangeaddress` \n"
-            "if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
-    if (fHelp || params.size() > 1)
+    if (!fEnableGetRawChangeAddress || fHelp || params.size() > 1)
         throw runtime_error(
             "getrawchangeaddress\n"
-            "\nDEPRECATED. Change addresses are a wallet-internal feature. Use a unified"
-            "\naddress for a dedicated change account instead.\n"
+            + Deprecated(fEnableGetRawChangeAddress,
+                         "getrawchangeaddress",
+                         "Change addresses are a wallet-internal feature. Use a unified address\n"
+                         "for a dedicated change account instead.") +
             "\nReturns a new transparent Zcash address for receiving change.\n"
             "This is for use with raw transactions, NOT normal use. Additionally,\n"
             "the resulting address does not correspond to the \"change\" HD derivation\n"
@@ -272,7 +268,7 @@ UniValue getrawchangeaddress(const UniValue& params, bool fHelp)
             "\nExamples:\n"
             + HelpExampleCli("getrawchangeaddress", "")
             + HelpExampleRpc("getrawchangeaddress", "")
-       );
+        );
 
     LOCK2(cs_main, pwalletMain->cs_wallet);
 
@@ -2057,9 +2053,12 @@ UniValue keypoolrefill(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (fHelp || params.size() > 1)
+    if (!fEnableKeyPoolRefill || fHelp || params.size() > 1)
         throw runtime_error(
             "keypoolrefill ( newsize )\n"
+            + Deprecated(fEnableKeyPoolRefill,
+                         "keypoolrefill",
+                         "It will not be needed for Zallet.") +
             "\nFills the keypool associated with the legacy transparent value pool. This should only be\n"
             "used when interoperability with legacy Bitcoin infrastructure is required.\n"
             + HelpRequiringPassphrase() + "\n"
@@ -2492,9 +2491,13 @@ UniValue settxfee(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (fHelp || params.size() < 1 || params.size() > 1)
+    if (!fEnableSetTxFee || fHelp || params.size() < 1 || params.size() > 1)
         throw runtime_error(
             "settxfee amount\n"
+            + Deprecated(fEnableSetTxFee,
+                         "settxfee",
+                         "It is strongly recommended to use the default ZIP 317 fee, which is not\n"
+                         "expressible using settxfee.") +
             "\nSet the preferred transaction fee rate per 1000 bytes. This is only used by legacy transaction creation APIs (sendtoaddress, sendmany, and fundrawtransaction). Overwrites the paytxfee parameter.\n"
             "\nArguments:\n"
             "1. amount         (numeric, required) The transaction fee rate in " + CURRENCY_UNIT + " per 1000 bytes rounded to the nearest 0.00000001\n"
@@ -2952,9 +2955,13 @@ UniValue fundrawtransaction(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (fHelp || params.size() < 1 || params.size() > 2)
+    if (!fEnableFundRawTransaction || fHelp || params.size() < 1 || params.size() > 2)
         throw runtime_error(
             "fundrawtransaction \"hexstring\" includeWatching\n"
+            + Deprecated(fEnableFundRawTransaction,
+                         "fundrawtransaction",
+                         "Zallet will instead provide new RPC methods that operate on PCZTs:\n"
+                         "https://github.com/zcash/wallet/issues/99") +
             "\nAdd transparent inputs to a transaction until it has enough in value to meet its out value.\n"
             "This will not modify existing inputs, and will add one change output to the outputs.\n"
             "Note that inputs which were signed may need to be resigned after completion since in/outputs have been added.\n"
@@ -3187,21 +3194,17 @@ UniValue z_getnewaddress(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableZGetNewAddress)
-        throw runtime_error(
-            "z_getnewaddress is DEPRECATED and will be removed in a future release\n"
-            "\nUse z_getnewaccount and z_getaddressforaccount instead, or restart \n"
-            "with `-allowdeprecated=z_getnewaddress` if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
     std::string defaultType = ADDR_TYPE_SAPLING;
 
-    if (fHelp || params.size() > 1)
+    if (!fEnableZGetNewAddress || fHelp || params.size() > 1)
         throw runtime_error(
             "z_getnewaddress ( type )\n"
-            "\nDEPRECATED. Use z_getnewaccount and z_getaddressforaccount instead.\n"
+            + Deprecated(fEnableZGetNewAddress,
+                         "z_getnewaddress",
+                         "Please use z_getnewaccount and z_getaddressforaccount instead.") +
             "\nReturns a new shielded address for receiving payments.\n"
-            "\nWith no arguments, returns a Sapling address.\n"
+            "\nWith no arguments, this currently returns a Sapling address (but that\n"
+            "should not be relied on).\n"
             "Generating a Sprout address is not allowed after Canopy has activated.\n"
             "\nArguments:\n"
             "1. \"type\"         (string, optional, default=\"" + defaultType + "\") The type of address. One of [\""
@@ -3509,17 +3512,12 @@ UniValue z_listaddresses(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableZListAddresses)
-        throw runtime_error(
-            "z_listaddresses is DEPRECATED and will be removed in a future release\n"
-            "\nUse listaddresses or restart with `-allowdeprecated=z_listaddresses`\n"
-            "if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
-    if (fHelp || params.size() > 1)
+    if (!fEnableZListAddresses || fHelp || params.size() > 1)
         throw runtime_error(
             "z_listaddresses ( includeWatchonly )\n"
-            "\nDEPRECATED. Use `listaddresses` instead.\n"
+            + Deprecated(fEnableZListAddresses,
+                         "z_listaddresses",
+                         "Please use `listaddresses` instead.") +
             "\nReturns the list of shielded addresses belonging to the wallet.\n"
             "\nThis never returns Unified Addresses; see 'listaddresses' for them.\n"
             "\nArguments:\n"
@@ -3951,19 +3949,13 @@ UniValue z_getbalance(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableZGetBalance)
-        throw runtime_error(
-            "z_getbalance is DEPRECATED and will be removed in a future release\n\n"
-            "Use z_getbalanceforaccount, z_getbalanceforviewingkey, or getbalance (for\n"
-            "legacy transparent balance) instead, or restart with `-allowdeprecated=z_getbalance`\n"
-            "if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
-    if (fHelp || params.size() == 0 || params.size() > 3)
+    if (!fEnableZGetBalance || fHelp || params.size() == 0 || params.size() > 3)
         throw runtime_error(
             "z_getbalance \"address\" ( minconf inZat )\n"
-            "\nDEPRECATED; please use z_getbalanceforaccount, z_getbalanceforviewingkey,\n"
-            "or getbalance (for legacy transparent balance) instead.\n"
+            + Deprecated(fEnableZGetBalance,
+                         "z_getbalance",
+                         "Please use z_getbalanceforaccount, z_getbalanceforviewingkey, or getbalance (for legacy\n"
+                         "transparent balance) instead.") +
             "\nReturns the balance of a taddr or zaddr belonging to the node's wallet.\n"
             "\nCAUTION: If the wallet has only an incoming viewing key for this address, then spends cannot be"
             "\ndetected, and so the returned balance may be larger than the actual balance."
@@ -4254,17 +4246,12 @@ UniValue z_gettotalbalance(const UniValue& params, bool fHelp)
     if (!EnsureWalletIsAvailable(fHelp))
         return NullUniValue;
 
-    if (!fEnableZGetTotalBalance)
-        throw runtime_error(
-            "z_gettotalbalance is DEPRECATED and will be removed in a future release\n\n"
-            "Use z_getbalanceforaccount, or getbalance (for legacy transparent balance) instead, or\n"
-            "restart with `-allowdeprecated=z_gettotalbalance if you require backward compatibility.\n"
-            "See https://zcash.github.io/zcash/user/deprecation.html for more information.");
-
-    if (fHelp || params.size() > 2)
+    if (!fEnableZGetTotalBalance || fHelp || params.size() > 2)
         throw runtime_error(
             "z_gettotalbalance ( minconf includeWatchonly )\n"
-            "\nDEPRECATED. Please use z_getbalanceforaccount or getbalance (for legacy transparent balance) instead.\n"
+            + Deprecated(fEnableZGetTotalBalance,
+                         "z_gettotalbalance",
+                         "Please use z_getbalanceforaccount, or getbalance (for legacy transparent balance) instead.") +
             "\nReturn the total value of funds stored in the node's wallet.\n"
             "\nCAUTION: If the wallet contains any addresses for which it only has incoming viewing keys,"
             "\nthe returned private balance may be larger than the actual balance, because spends cannot"

zcutil/libfuzzer/libfuzzer-build.sh

@@ -64,7 +64,6 @@ case $key in
     ;;
     -h|--help)
     usage
-    shift
     ;;
     *)
     POSITIONAL+=("$1")