From cfaab71cf1708b8aa87ed96b308728af97b34ea4 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 2 Oct 2024 17:57:14 +0000 Subject: [PATCH 1/3] Migrate to `sapling-crypto 0.3`, `orchard 0.10` --- Cargo.lock | 10 ++++++---- Cargo.toml | 6 ++---- supply-chain/imports.lock | 8 ++++---- zcash_client_backend/CHANGELOG.md | 1 + zcash_client_sqlite/CHANGELOG.md | 2 ++ zcash_keys/CHANGELOG.md | 3 +++ zcash_primitives/CHANGELOG.md | 3 ++- zcash_proofs/CHANGELOG.md | 3 +++ 8 files changed, 23 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6523091ab9..2f9e2ae197 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2639,8 +2639,9 @@ checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" [[package]] name = "orchard" -version = "0.9.1" -source = "git+https://github.com/zcash/orchard?rev=55fb089a335bbbc1cda186c706bc037073df8eb7#55fb089a335bbbc1cda186c706bc037073df8eb7" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f18e997fa121de5c73e95cdc7e8512ae43b7de38904aeea5e5713cc48f3c0ba" dependencies = [ "aes", "bitvec", @@ -3656,8 +3657,9 @@ dependencies = [ [[package]] name = "sapling-crypto" -version = "0.2.0" -source = "git+https://github.com/zcash/sapling-crypto?rev=b1ad3694ee13a2fc5d291ad04721a6252da0993c#b1ad3694ee13a2fc5d291ad04721a6252da0993c" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfff8cfce16aeb38da50b8e2ed33c9018f30552beff2210c266662a021b17f38" dependencies = [ "aes", "bellman", diff --git a/Cargo.toml b/Cargo.toml index cd9cb23962..0c0e6a73e4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,11 +57,11 @@ bitvec = "1" blake2s_simd = "1" bls12_381 = "0.8" jubjub = "0.10" -sapling = { package = "sapling-crypto", version = "0.2", default-features = false } +sapling = { package = "sapling-crypto", version = "0.3", default-features = false } # - Orchard nonempty = "0.7" -orchard = { version = "0.9", default-features = false } +orchard = { version = "0.10", default-features = false } pasta_curves = "0.5" # - Transparent @@ -163,8 +163,6 @@ codegen-units = 1 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(zcash_unstable, values("zfuture"))'] } [patch.crates-io] -sapling-crypto = { git = "https://github.com/zcash/sapling-crypto", rev = "b1ad3694ee13a2fc5d291ad04721a6252da0993c" } -orchard = { git = "https://github.com/zcash/orchard", rev = "55fb089a335bbbc1cda186c706bc037073df8eb7" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } incrementalmerkletree-testing = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } shardtree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index d9adfc27fe..750e4537a0 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -56,15 +56,15 @@ user-login = "nuttycom" user-name = "Kris Nuttycombe" [[publisher.orchard]] -version = "0.9.0" -when = "2024-08-12" +version = "0.10.0" +when = "2024-10-02" user-id = 169181 user-login = "nuttycom" user-name = "Kris Nuttycombe" [[publisher.sapling-crypto]] -version = "0.2.0" -when = "2024-08-12" +version = "0.3.0" +when = "2024-10-02" user-id = 169181 user-login = "nuttycom" user-name = "Kris Nuttycombe" diff --git a/zcash_client_backend/CHANGELOG.md b/zcash_client_backend/CHANGELOG.md index 79528c3a1e..817054d191 100644 --- a/zcash_client_backend/CHANGELOG.md +++ b/zcash_client_backend/CHANGELOG.md @@ -13,6 +13,7 @@ and this library adheres to Rust's notion of - `WalletSummary::recovery_progress` ### Changed +- Migrated to `orchard 0.10`, `sapling-crypto 0.3`. - The `Account` trait now uses an associated type for its `AccountId` type instead of a type parameter. This change allows for the simplification of some type signatures. diff --git a/zcash_client_sqlite/CHANGELOG.md b/zcash_client_sqlite/CHANGELOG.md index 6e13ef7654..0dc86e47df 100644 --- a/zcash_client_sqlite/CHANGELOG.md +++ b/zcash_client_sqlite/CHANGELOG.md @@ -7,6 +7,8 @@ and this library adheres to Rust's notion of ## [Unreleased] +### Changed +- Migrated to `orchard 0.10`, `sapling-crypto 0.3`. - `zcash_client_sqlite::error::SqliteClientError::RequestedRewindInvalid` is now a structured variant. diff --git a/zcash_keys/CHANGELOG.md b/zcash_keys/CHANGELOG.md index a0bb242d35..2dcc873fbe 100644 --- a/zcash_keys/CHANGELOG.md +++ b/zcash_keys/CHANGELOG.md @@ -12,6 +12,9 @@ and this library adheres to Rust's notion of - `impl std::error::Error for DecodingError` - `impl std::error::Error for DerivationError` +### Changed +- Migrated to `orchard 0.10`, `sapling-crypto 0.3`. + ## [0.3.0] - 2024-08-19 ### Notable changes - `zcash_keys`: diff --git a/zcash_primitives/CHANGELOG.md b/zcash_primitives/CHANGELOG.md index 0eff56ecb7..a4365f51e5 100644 --- a/zcash_primitives/CHANGELOG.md +++ b/zcash_primitives/CHANGELOG.md @@ -10,7 +10,8 @@ and this library adheres to Rust's notion of ## [0.17.0] - 2024-08-26 ### Changed -- Update dependencies to `zcash_protocol 0.3.0`, `zcash_address 0.5.0` +- Update dependencies to `incrementalmerkletree 0.7`, `orchard 0.10`, + `sapling-crypto 0.3`, `zcash_protocol 0.3.0`, `zcash_address 0.5.0`. ## [0.16.0] - 2024-08-19 diff --git a/zcash_proofs/CHANGELOG.md b/zcash_proofs/CHANGELOG.md index d659b0a025..22a22d21bb 100644 --- a/zcash_proofs/CHANGELOG.md +++ b/zcash_proofs/CHANGELOG.md @@ -7,6 +7,9 @@ and this library adheres to Rust's notion of ## [Unreleased] +### Changed +- Migrated to `sapling-crypto 0.3`. + ## [0.17.0] - 2024-08-26 ### Changed From aec144f307071b50e33491e71756e1e1d5a3f642 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 2 Oct 2024 18:52:35 +0000 Subject: [PATCH 2/3] cargo vet prune --- supply-chain/config.toml | 16 -------- supply-chain/imports.lock | 77 ++++++++++++++++++++++++--------------- 2 files changed, 47 insertions(+), 46 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 39d6b4d059..40f21f7503 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -87,10 +87,6 @@ criteria = "safe-to-deploy" version = "1.1.2" criteria = "safe-to-deploy" -[[exemptions.allocator-api2]] -version = "0.2.16" -criteria = "safe-to-deploy" - [[exemptions.amplify]] version = "4.6.0" criteria = "safe-to-deploy" @@ -223,10 +219,6 @@ criteria = "safe-to-deploy" version = "1.2.1" criteria = "safe-to-deploy" -[[exemptions.byteorder]] -version = "1.5.0" -criteria = "safe-to-deploy" - [[exemptions.bytes]] version = "1.5.0" criteria = "safe-to-deploy" @@ -1171,10 +1163,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" -[[exemptions.strsim]] -version = "0.11.1" -criteria = "safe-to-deploy" - [[exemptions.symbolic-common]] version = "12.9.2" criteria = "safe-to-run" @@ -1363,10 +1351,6 @@ criteria = "safe-to-deploy" version = "0.1.27" criteria = "safe-to-deploy" -[[exemptions.tracing-core]] -version = "0.1.32" -criteria = "safe-to-deploy" - [[exemptions.tracing-log]] version = "0.2.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 750e4537a0..fa87b37108 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -918,6 +918,13 @@ instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.byteorder]] +who = "danakj " +criteria = "safe-to-deploy" +version = "1.5.0" +notes = "Unsafe review in https://crrev.com/c/5838022" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.cast]] who = "George Burgess IV " criteria = "safe-to-run" @@ -1091,12 +1098,6 @@ criteria = "safe-to-run" delta = "0.4.2 -> 0.4.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.itertools]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.10.5" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.itoa]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1872,6 +1873,12 @@ criteria = "safe-to-deploy" delta = "0.8.7 -> 0.8.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.allocator-api2]] +who = "Nicolas Silva " +criteria = "safe-to-deploy" +version = "0.2.18" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -2324,6 +2331,12 @@ criteria = "safe-to-deploy" delta = "0.6.27 -> 0.6.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.strsim]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +delta = "0.10.0 -> 0.11.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" @@ -2433,6 +2446,17 @@ criteria = "safe-to-deploy" delta = "0.5.10 -> 0.5.11" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tracing-core]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +version = "0.1.30" +notes = """ +Most unsafe code is in implementing non-std sync primitives. Unsafe impls are +logically correct and justified in comments, and unsafe code is sound and +justified in comments. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.zerocopy]] who = "Alex Franchuk " criteria = "safe-to-deploy" @@ -2466,12 +2490,6 @@ criteria = "safe-to-deploy" delta = "1.1.2 -> 1.1.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.allocator-api2]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.18" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.anyhow]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2525,24 +2543,6 @@ delta = "0.3.69 -> 0.3.71" notes = "This crate inherently requires a lot of `unsafe` code, but the changes look plausible." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.base64]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.21.3 -> 0.21.4" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.base64]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.21.4 -> 0.21.5" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.base64]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "0.21.5 -> 0.21.7" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.blake2b_simd]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -3350,6 +3350,23 @@ criteria = "safe-to-deploy" delta = "0.6.2 -> 0.6.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.30 -> 0.1.31" +notes = """ +The only new `unsafe` block is to intentionally leak a scoped subscriber onto +the heap when setting it as the global default dispatcher. I checked that the +global default can only be set once and is never dropped. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.tracing-core]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.1.31 -> 0.1.32" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.tracing-subscriber]] who = "Jack Grigg " criteria = "safe-to-deploy" From 5d16a637c4caab4412cf1f3884326caa10e4787d Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 2 Oct 2024 19:07:05 +0000 Subject: [PATCH 3/3] Migrate to `shardtree` revision without `incrementalmerkletree` path pin --- Cargo.lock | 7 ++++--- Cargo.toml | 5 ++--- supply-chain/imports.lock | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2f9e2ae197..d9bed7b622 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2110,7 +2110,8 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "incrementalmerkletree" version = "0.7.0" -source = "git+https://github.com/zcash/incrementalmerkletree?rev=ffe4234788fd22662b937ba7c6ea01535fcc1293#ffe4234788fd22662b937ba7c6ea01535fcc1293" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d45063fbc4b0a37837f6bfe0445f269d13d730ad0aa3b5a7f74aa7bf27a0f4df" dependencies = [ "either", "proptest", @@ -2121,7 +2122,7 @@ dependencies = [ [[package]] name = "incrementalmerkletree-testing" version = "0.1.0" -source = "git+https://github.com/zcash/incrementalmerkletree?rev=ffe4234788fd22662b937ba7c6ea01535fcc1293#ffe4234788fd22662b937ba7c6ea01535fcc1293" +source = "git+https://github.com/zcash/incrementalmerkletree?rev=336452152536dde5831c9a4029fd26b4ec310608#336452152536dde5831c9a4029fd26b4ec310608" dependencies = [ "incrementalmerkletree", "proptest", @@ -3920,7 +3921,7 @@ dependencies = [ [[package]] name = "shardtree" version = "0.4.0" -source = "git+https://github.com/zcash/incrementalmerkletree?rev=ffe4234788fd22662b937ba7c6ea01535fcc1293#ffe4234788fd22662b937ba7c6ea01535fcc1293" +source = "git+https://github.com/zcash/incrementalmerkletree?rev=336452152536dde5831c9a4029fd26b4ec310608#336452152536dde5831c9a4029fd26b4ec310608" dependencies = [ "assert_matches", "bitflags 2.6.0", diff --git a/Cargo.toml b/Cargo.toml index 0c0e6a73e4..2fb0c99c0f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -163,6 +163,5 @@ codegen-units = 1 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(zcash_unstable, values("zfuture"))'] } [patch.crates-io] -incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } -incrementalmerkletree-testing = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } -shardtree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "ffe4234788fd22662b937ba7c6ea01535fcc1293" } +incrementalmerkletree-testing = { git = "https://github.com/zcash/incrementalmerkletree", rev = "336452152536dde5831c9a4029fd26b4ec310608" } +shardtree = { git = "https://github.com/zcash/incrementalmerkletree", rev = "336452152536dde5831c9a4029fd26b4ec310608" } diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index fa87b37108..3e348bf63d 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -49,8 +49,8 @@ user-id = 1244 user-login = "ebfull" [[publisher.incrementalmerkletree]] -version = "0.6.0" -when = "2024-08-12" +version = "0.7.0" +when = "2024-09-25" user-id = 169181 user-login = "nuttycom" user-name = "Kris Nuttycombe"