mirror of
https://github.com/str4d/rage.git
synced 2025-04-03 19:07:42 +03:00
curve25519-dalek 4, x25519-dalek 2
This commit is contained in:
Jack Grigg
parent
69f755731a
commit
349fa9a7bb
8 changed files with 156 additions and 137 deletions
|
|
@ -286,10 +286,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.14.6"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.getrandom]]
|
||||
version = "0.1.16"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.getrandom]]
|
||||
version = "0.2.10"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
@ -538,26 +534,10 @@ criteria = "safe-to-run"
|
|||
version = "1.0.3"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.rand]]
|
||||
version = "0.7.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand]]
|
||||
version = "0.8.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_chacha]]
|
||||
version = "0.2.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_core]]
|
||||
version = "0.5.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_hc]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.redox_syscall]]
|
||||
version = "0.3.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
@ -762,10 +742,6 @@ criteria = "safe-to-deploy"
|
|||
version = "2.3.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wasi]]
|
||||
version = "0.9.0+wasi-snapshot-preview1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wasi]]
|
||||
version = "0.11.0+wasi-snapshot-preview1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
|||
|
|
@ -673,6 +673,65 @@ who = "David Cook <dcook@divviup.org>"
|
|||
criteria = "safe-to-deploy"
|
||||
version = "1.6.1"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.1.17"
|
||||
notes = """
|
||||
This crate does not contain any unsafe code, and does not use any items from
|
||||
the standard library or other crates, aside from operations backed by
|
||||
`std::ops`. All paths with array indexing use integer literals for indexes, so
|
||||
there are no panics due to indexes out of bounds (as rustc would catch an
|
||||
out-of-bounds literal index). I did not check whether arithmetic overflows
|
||||
could cause a panic, and I am relying on the Coq code having satisfied the
|
||||
necessary preconditions to ensure panics due to overflows are unreachable.
|
||||
"""
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.17 -> 0.1.18"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.18 -> 0.1.19"
|
||||
notes = """
|
||||
This release renames many items and adds a new module. The code in the new
|
||||
module is entirely composed of arithmetic and array accesses.
|
||||
"""
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.19 -> 0.1.20"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.1.20 -> 0.2.0"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.0 -> 0.2.1"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "Tim Geoghegan <timg@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.1 -> 0.2.2"
|
||||
notes = "No changes to `unsafe` code, or any functional changes that I can detect at all."
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.2 -> 0.2.4"
|
||||
|
||||
[[audits.isrg.audits.fiat-crypto]]
|
||||
who = "David Cook <dcook@divviup.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.2.4 -> 0.2.5"
|
||||
|
||||
[[audits.isrg.audits.getrandom]]
|
||||
who = "Brandon Pitman <bran@bran.land>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
@ -1604,6 +1663,21 @@ criteria = "safe-to-deploy"
|
|||
delta = "0.1.22 -> 0.1.23"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.rustc_version]]
|
||||
who = "Jack Grigg <jack@electriccoin.co>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.4.0"
|
||||
notes = """
|
||||
Most of the crate is code to parse and validate the output of `rustc -vV`. The caller can
|
||||
choose which `rustc` to use, or can use `rustc_version::{version, version_meta}` which will
|
||||
try `$RUSTC` followed by `rustc`.
|
||||
|
||||
If an adversary can arbitrarily set the `$RUSTC` environment variable then this crate will
|
||||
execute arbitrary code. But when this crate is used within a build script, `$RUSTC` should
|
||||
be set correctly by `cargo`.
|
||||
"""
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.sha2]]
|
||||
who = "Jack Grigg <jack@electriccoin.co>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue