From b17c81008b393367a452b2b6feebede372ceebbf Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 4 Feb 2024 23:03:45 +0000 Subject: [PATCH 01/77] Update Homebrew formula to v0.10.0 --- HomebrewFormula/rage.rb | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/HomebrewFormula/rage.rb b/HomebrewFormula/rage.rb index bf7f0dd..abb171e 100644 --- a/HomebrewFormula/rage.rb +++ b/HomebrewFormula/rage.rb @@ -1,14 +1,32 @@ class Rage < Formula desc "[BETA] A simple, secure, and modern encryption tool." homepage "https://str4d.xyz/rage" - url "https://github.com/str4d/rage/archive/refs/tags/v0.9.2.tar.gz" - sha256 "3bd287372eb6226b246459c1b5c39ecdb36b3495d7af4d2bee93bb3aad9ccf65" - version "0.9.2" + url "https://github.com/str4d/rage/archive/refs/tags/v0.10.0.tar.gz" + sha256 "34c39c28f8032c144a43aea96e58159fe69526f5ff91cb813083530adcaa6ea4" + license any_of: ["MIT", "Apache-2.0"] + version "0.10.0" depends_on "rust" => :build def install system "cargo", "install", *std_cargo_args(path: './rage') + + install_completions("rage") + install_completions("rage-keygen") + + man.install Dir["target/release/manpages/*"] + end + + def install_completions(base_name) + src_dir = "target/release/completions" + + bash_completion.install { "#{src_dir}/#{base_name}.bash" => base_name} + fish_completion.install "#{src_dir}/#{base_name}.fish" + zsh_completion.install "#{src_dir}/_#{base_name}" + end + + def caveats + "rage bash completion depends on the bash-completion package" end test do From 948adca150a6347fb1adb6a75acbe4b7e917411a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Feb 2024 03:23:39 +0000 Subject: [PATCH 02/77] build(deps): bump svenstaro/upload-release-action from 2.7.0 to 2.9.0 Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.7.0 to 2.9.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/2.7.0...2.9.0) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3a5ec77..b53e75f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -109,7 +109,7 @@ jobs: if: github.event.inputs.test == 'true' - name: Upload archive to release - uses: svenstaro/upload-release-action@2.7.0 + uses: svenstaro/upload-release-action@2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ${{ matrix.archive_name }} @@ -289,7 +289,7 @@ jobs: if: github.event.inputs.test == 'true' - name: Upload Debian package to release - uses: svenstaro/upload-release-action@2.7.0 + uses: svenstaro/upload-release-action@2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: target/${{ matrix.target }}/debian/*.deb From daac4c9a9a29a0588590d81e5737e9219caffc2a Mon Sep 17 00:00:00 2001 From: Pavel Zwerschke Date: Sun, 7 Apr 2024 15:23:17 +0200 Subject: [PATCH 03/77] Use homebrew formula from homebrew/core --- HomebrewFormula/rage.rb | 47 ----------------------------------------- README.md | 2 +- tap_migrations.json | 3 +++ 3 files changed, 4 insertions(+), 48 deletions(-) delete mode 100644 HomebrewFormula/rage.rb create mode 100644 tap_migrations.json diff --git a/HomebrewFormula/rage.rb b/HomebrewFormula/rage.rb deleted file mode 100644 index abb171e..0000000 --- a/HomebrewFormula/rage.rb +++ /dev/null @@ -1,47 +0,0 @@ -class Rage < Formula - desc "[BETA] A simple, secure, and modern encryption tool." - homepage "https://str4d.xyz/rage" - url "https://github.com/str4d/rage/archive/refs/tags/v0.10.0.tar.gz" - sha256 "34c39c28f8032c144a43aea96e58159fe69526f5ff91cb813083530adcaa6ea4" - license any_of: ["MIT", "Apache-2.0"] - version "0.10.0" - - depends_on "rust" => :build - - def install - system "cargo", "install", *std_cargo_args(path: './rage') - - install_completions("rage") - install_completions("rage-keygen") - - man.install Dir["target/release/manpages/*"] - end - - def install_completions(base_name) - src_dir = "target/release/completions" - - bash_completion.install { "#{src_dir}/#{base_name}.bash" => base_name} - fish_completion.install "#{src_dir}/#{base_name}.fish" - zsh_completion.install "#{src_dir}/_#{base_name}" - end - - def caveats - "rage bash completion depends on the bash-completion package" - end - - test do - # Test key generation - system "#{bin}/rage-keygen -o #{testpath}/output.txt" - assert_predicate testpath/"output.txt", :exist? - - # Test encryption - (testpath/"test.txt").write("Hello World!\n") - system "#{bin}/rage -r age1y8m84r6pwd4da5d45zzk03rlgv2xr7fn9px80suw3psrahul44ashl0usm -o #{testpath}/test.txt.age #{testpath}/test.txt" - assert_predicate testpath/"test.txt.age", :exist? - assert File.read(testpath/"test.txt.age").start_with?("age-encryption.org") - - # Test decryption - (testpath/"test.key").write("AGE-SECRET-KEY-1TRYTV7PQS5XPUYSTAQZCD7DQCWC7Q77YJD7UVFJRMW4J82Q6930QS70MRX") - assert_equal "Hello World!", shell_output("#{bin}/rage -d -i #{testpath}/test.key #{testpath}/test.txt.age").strip - end -end diff --git a/README.md b/README.md index 59547a8..757603e 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ For more plugins, implementations, tools, and integrations, check out the | Environment | CLI command | |-------------|-------------| | Cargo (Rust 1.65+) | `cargo install rage` | -| Homebrew (macOS or Linux) | `brew tap str4d.xyz/rage https://str4d.xyz/rage`
`brew install rage` | +| Homebrew (macOS or Linux) | `brew install rage` | | Alpine Linux (edge) | `apk add rage` | | Arch Linux | `pacman -S rage-encryption` | | Debian | [Debian packages](https://github.com/str4d/rage/releases) | diff --git a/tap_migrations.json b/tap_migrations.json new file mode 100644 index 0000000..0e35e56 --- /dev/null +++ b/tap_migrations.json @@ -0,0 +1,3 @@ +{ + "rage": "homebrew/core" +} \ No newline at end of file From 058c56d6b217a0e135ade7b1d073776a8084057c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 03:03:07 +0000 Subject: [PATCH 04/77] --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b4cc467..29dc13c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -84,7 +84,7 @@ jobs: version: '0.19.1' args: --workspace --release --all-features --timeout 180 --out Xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4.0.1 + uses: codecov/codecov-action@v4.4.1 with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} From 96f89b3400aed236f1182339245f542d1577bcf2 Mon Sep 17 00:00:00 2001 From: AnomalRoil Date: Fri, 19 Jul 2024 01:26:09 +0200 Subject: [PATCH 05/77] [i18n] Partial French translation (#499) --- age/i18n/fr/age.ftl | 171 ++++++++++++++ rage/i18n/fr/rage.ftl | 514 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 685 insertions(+) create mode 100644 age/i18n/fr/age.ftl create mode 100644 rage/i18n/fr/rage.ftl diff --git a/age/i18n/fr/age.ftl b/age/i18n/fr/age.ftl new file mode 100644 index 0000000..bcaf072 --- /dev/null +++ b/age/i18n/fr/age.ftl @@ -0,0 +1,171 @@ +# Copyright 2020 Jack Grigg +# +# Licensed under the Apache License, Version 2.0 or the MIT license +# , at your +# option. This file may not be copied, modified, or distributed +# except according to those terms. + +### Localization for strings in the age library crate + +## Terms (not to be localized) + +-age = age +-rage = rage + +-openssh = OpenSSH +-ssh-keygen = ssh-keygen +-ssh-rsa = ssh-rsa +-ssh-ed25519 = ssh-ed25519 +-fido-u2f = FIDO/U2F +-yubikeys = YubiKeys +-piv = PIV + +## CLI helpers + +cli-secret-input-required = Entrée requise +cli-secret-input-mismatch = Les entrées ne correspondent pas + +cli-passphrase-desc = Tapez votre phrase secrète (laissez vide pour en générer une très sure automatiquement) +cli-passphrase-prompt = Phrase secrète +cli-passphrase-confirm = Confirmez votre phrase secrète + +-flag-armor = -a/--armor +-flag-output = -o/--output +-output-stdout = -o - + +cli-truncated-tty = tronqué; utilisez un pipe, une redirection ou {-flag-output} pour déchiffrer l'entièreté du fichier + +err-detected-binary = données non impressibles détectées; par précaution, pas d'impression dans le terminal. +rec-detected-binary = Forcez l'impression avec '{-output-stdout}'. + +err-deny-binary-output = refus d'impression de valeurs binaires dans le terminal. +rec-deny-binary-output = Est-ce que vous vouliez utiliser {-flag-armor}? {rec-detected-binary} + +err-deny-overwrite-file = refus d'écraser le fichier existant '{$filename}'. + +## Errors + +err-decryption-failed = Echec du déchiffrement + +err-excessive-work = Facteur d'effort trop grand pour la phrase secrète. +rec-excessive-work = Le déchiffrement prendrait environ {$duration} seconds. + +err-header-invalid = En-tête non valable + +err-header-mac-invalid = Le MAC de l'en-tête est invalide + +err-key-decryption = Echec du déchiffrement d'une clef chiffrée + +err-no-matching-keys = Aucune clef correspondante n'a été trouvée + +err-unknown-format = Format {-age} inconnu. +rec-unknown-format = Avez-vous tenté de mettre jour vers la dernière version ? + +err-missing-plugin = Impossible de trouver '{$plugin_name}' dans le PATH. +rec-missing-plugin = Avez-vous installé le plugin ? + +err-plugin-identity = '{$plugin_name}' n'a pas pu utiliser une identité: {$message} +err-plugin-recipient = '{$plugin_name}' n'a pas pu utiliser le destinataire {$recipient}: {$message} + +err-plugin-died = '{$plugin_name}' est mort de manière inopinée. +rec-plugin-died-1 = Si vous développez un plugin, utilisez {$env_var} pour plus d'informations. +rec-plugin-died-2 = Attention: ceci imprime des informations de clef privées sur la sortie d'erreur standard. + +err-plugin-multiple = Le plugin a retourné de multiples erreurs: + +err-read-identity-encrypted-without-passphrase = + Le fichier d'identité '{$filename}' est chiffré avec {-age} mais pas avec une phrase secrète. +err-read-identity-not-found = Fichier d'identité introuvable: {$filename} + +err-read-invalid-recipient = Destinataire invalide: '{$recipient}'. + +err-read-invalid-recipients-file = + Le fichier de destinataires '{$filename}' contient des données autres que des destinataires à la ligne {$line_number}. + +err-read-missing-recipients-file = Fichier de destinataires introuvable: {$filename} + +err-read-multiple-stdin = L'entrée standard (stdin) ne peut pas être utilisée pour plus d'une chose. + +err-read-rsa-modulus-too-large = + Module RSA Trop Grand + --------------------- + {-openssh} supporte de nombreuses tailles de modules RSA, mais {-rage} ne supporte que des clefs + publiques d'au plus {$max_size} bits, pour éviter les risques de déni de service (DoS) lors du + chiffrement vers des clefs publiques inconnues. + +err-read-rsa-modulus-too-small = Taille de clef RSA trop petite. + +err-stream-last-chunk-empty = Le dernier morceau du STREAM est vide. chunk is empty. S'il vous plait, faites un bug report, et/ou essayez avec une version plus ancienne de {-rage}. + +## Encrypted identities + +encrypted-passphrase-prompt = Type passphrase for encrypted identity '{$filename}' + +encrypted-warn-no-match = Warning: encrypted identity file '{$filename}' didn't match file's recipients + +## Plugin identities + +plugin-waiting-on-binary = Waiting for {$binary_name}... + +## SSH identities + +ssh-passphrase-prompt = Type passphrase for {-openssh} key '{$filename}' + +ssh-unsupported-key = Unsupported SSH key: {$name} + +ssh-insecure-key-format = + Insecure Encrypted Key Format + ----------------------------- + Prior to {-openssh} version 7.8, if a password was set when generating a new + DSA, ECDSA, or RSA key, {-ssh-keygen} would encrypt the key using the encrypted + PEM format. This encryption format is insecure and should no longer be used. + + You can migrate your key to the encrypted SSH private key format (which has + been supported by {-openssh} since version 6.5, released in January 2014) by + changing its passphrase with the following command: + + {" "}{$change_passphrase} + + If you are using an {-openssh} version between 6.5 and 7.7 (such as the default + {-openssh} provided on Ubuntu 18.04 LTS), you can use the following command to + force keys to be generated using the new format: + + {" "}{$gen_new} + +ssh-unsupported-cipher = + Unsupported Cipher for Encrypted SSH Key + ---------------------------------------- + {-openssh} internally supports several different ciphers for encrypted keys, + but it has only ever directly generated a few of them. {-rage} supports all + ciphers that {-ssh-keygen} might generate, and is being updated on a + case-by-case basis with support for non-standard ciphers. Your key uses a + currently-unsupported cipher ({$cipher}). + + If you would like support for this key type, please open an issue here: + + {$new_issue} + +ssh-unsupported-key-type = + Unsupported SSH Key Type + ------------------------ + {-openssh} supports various different key types, but {-rage} only supports a + subset of these for backwards compatibility, specifically the '{-ssh-rsa}' + and '{-ssh-ed25519}' key types. This SSH key uses the unsupported key type + '{$key_type}'. + +ssh-unsupported-security-key = + Authenficateur physique SSH non supporté + -------------------------------------- + {-openssh} version 8.2p1 a ajouté le support pour les authentificateurs physique {-fido-u2f} + y compris les clefs de sécurité physiques telles que {-yubikeys}. {-rage} ne fonctionne pas + avec ce type de clef SSH, parcque leur protocole ne supporte pas le chiffrement. + Cette clef SSH est du type '{$key_type}' qui n'est pas compatible. + + Si vous avez une clef de sécurité physique, vous devriez utiliser ce plugin: + + {$age_plugin_yubikey_url} + + Une clef de sécurité utilisée avec à la fois {-openssh} et ce plugin aura + une clef SSH publique différente de sa clef destinataire {-age}, car ce plugin + implémente le protocol {-piv}. diff --git a/rage/i18n/fr/rage.ftl b/rage/i18n/fr/rage.ftl new file mode 100644 index 0000000..bb1989f --- /dev/null +++ b/rage/i18n/fr/rage.ftl @@ -0,0 +1,514 @@ +# Copyright 2020 Jack Grigg +# +# Licensed under the Apache License, Version 2.0 or the MIT license +# , at your +# option. This file may not be copied, modified, or distributed +# except according to those terms. + +### Localization for strings in the rage CLI tools + +## Terms (not to be localized) + +-age = age +-age-plugin- = age-plugin- +-rage = rage +-rage-keygen = rage-keygen +-stdin = "-" +-recipient-prefix = age1 +-identity-prefix = AGE-SECRET-KEY-1 +-armor-pem-type = AGE ENCRYPTED FILE + +-rage-mount = rage-mount + +-ssh-rsa = ssh-rsa +-ssh-ed25519 = ssh-ed25519 +-ssh-authorized-keys = authorized_keys +-dot-keys = .keys +-ssh = ssh(1) +-authorized-keys-file-format = AUTHORIZED_KEYS FILE FORMAT +-sshd = sshd(8) +-ssh-agent = ssh-agent(1) + +-example = example +-example-r = age1example1 +-example-i = AGE-PLUGIN-EXAMPLE-1 + +-yubikey = yubikey + +## CLI flags (not to be localized) + +-flag-armor = -a/--armor +-flag-decrypt = -d/--decrypt +-flag-encrypt = -e/--encrypt +-flag-identity = -i/--identity +-flag-output = -o/--output +-flag-recipient = -r/--recipient +-flag-recipients-file = -R/--recipients-file +-flag-passphrase = -p/--passphrase +-flag-plugin-name = -j +-flag-max-work-factor = --max-work-factor +-flag-unstable = --features unstable + +-flag-convert = -y + +-flag-mnt-types = -t/--types + +## Helper variables, to be localized + +# Used throughout to indicate that a flag X cannot be used with another flag Y +-cantuse = ne peut pas être utilisé avec + +## Usage + +usage-header = Utilisation + +recipient = RECIPIENT +recipients-file = PATH +identity = IDENTITY +plugin-name = PLUGIN-NAME +input = INPUT +output = OUTPUT + +args-header = Arguments + +help-arg-input = Chemin vers un fichier à lire. + +flags-header = Options + +help-flag-help = Affiche ce message d'aide et quitte. +help-flag-version = Affiche les informations de version et quitte. +help-flag-encrypt = Chiffre l'input (l'option par défaut). +help-flag-decrypt = Déchiffre l'input. +help-flag-passphrase = Chiffre avec une phrase secrète au lieu de destinataires. +help-flag-max-work-factor = Facteur d'effort maximum à autoriser pour déchiffrer avec une phrase secrète. +help-flag-armor = Chiffre au format d'encodage PEM. +help-flag-recipient = Chiffre pour le {destinataire} spécifié. Peut être répété. +help-flag-recipients-file = Chiffre pour les destinataires listés dans le fichier {recipients-file}. Peut être répété. +help-flag-identity = Utilise le fichier d'identité {identity}. Peut être répété. +help-flag-plugin-name = Utilise {-age-plugin-}{plugin-name} dans son mode par défaut en tant qu'identité. +help-flag-output = Ecrit le résultat dans le fichier situé au chemin {output}. + +rage-after-help-content = + {input} est par défaut l'entrée standard (stdin), tandis que {output} est par défaut la sortie standard (stdout). + Si {output} existe, il sera écrasé. + + {recipient} peut être: + - Une clef publique {-age}, telle que générée par {$keygen_name} ({$example_age_pubkey}). + - Une clef publique SSH ({$example_ssh_pubkey}). + + {recipients-file} est le chemin vers un fichier contenant des destinataires {-age}, un par ligne + (en ignorant les lignes vides et les commentaires préfixés par "#"). {-stdin} peut être utilisé + pour lire des destinataires depuis l'entrée standard. + + {identity} est un chemin vers un fichier avec des identités {-age}, une par ligne + (en ignorant les lignes vides et les commentaires préfixés par "#"), ou vers un ficher de clef SSH. + Les fichiers d'identité {-age} protégé par phrase secrète peuvent être utilisé comme fichier d'identité. + Plusieurs identités peuvent être fournis, et les inutilisées seront ignorées. + {-stdin} peut être utilisé pour lire des identités depuis l'entrée standard. + +rage-after-help-example = + Exemple: + {" "}{$example_a} + {" "}{tty-pubkey}: {$example_a_output} + {" "}{$example_b} + {" "}{$example_c} + +keygen-help-flag-output = {help-flag-output} Par défaut, la sortie standard. +keygen-help-flag-convert = Convertit un fichier d'identité en un fichier de destinataires. + +## Formatting + +warning-msg = Attention: {$warning} + +## Keygen messages + +tty-pubkey = Clef publique +identity-file-created = créée +identity-file-pubkey = clef publique + +## Encryption messages + +autogenerated-passphrase = Utilisé une phrase secrète auto-générée: +type-passphrase = Ecrivez la phrase secrète +prompt-passphrase = Phrase secrète + +warn-double-encrypting = Chiffrement d'un fichier déjà chiffré + +## General errors + +err-failed-to-open-input = Echec d'ouverture de l'entrée: {$err} +err-failed-to-open-output = Echec d'ouverture de la sortie: {$err} +err-failed-to-read-input = Echec de lecture de l'entrée: {$err} +err-failed-to-write-output = Echec d'écriture vers la sortie: {$err} +err-identity-ambiguous = {-flag-identity} nécessite {-flag-encrypt} ou {-flag-decrypt}. +err-mixed-encrypt-decrypt = {-flag-encrypt} {-cantuse} {-flag-decrypt}. +err-passphrase-timed-out = Délai dépassé lors de l'attente d'entrée de la phrase secrète. +err-same-input-and-output = L'entrée et la sortie sont le même fichier {$filename}'. + +err-ux-A = Est-ce que {-rage} n'a pas fait ce que vous escomptiez ? Est-ce qu'une erreur serait plus utile ? +err-ux-B = Dites-le nous +# Put (len(A) - len(B) - 32) spaces here. +err-ux-C = {" "} + +## Keygen errors + +err-identity-file-contains-plugin = Le ficher d'identité '{$filename}' contient des identités pour '{-age-plugin-}{$plugin_name}'. +rec-identity-file-contains-plugin = Essayez d'utiliser {-age-plugin-}{$plugin_name}' pour convertir cette identité en un destinataire. + +err-no-identities-in-file = Aucune identité trouvée dans le fichier '{$filename}'. +err-no-identities-in-stdin = Aucune identité trouvée dans l'entrée standard (stdin). + +## Encryption errors + +err-enc-broken-stdout = N'a pas pu écrire sur stdout: {$err} +rec-enc-broken-stdout = Etes-vous en train de piper vers programme qui ne lit pas depuis stdin ? + +err-enc-broken-file = N'a pas pu écrire dans le fichier: {$err} + +err-enc-missing-recipients = Destinataires manquants. +rec-enc-missing-recipients = Avez-vous oublié de spécifier {-flag-recipient} ? + +err-enc-mixed-identity-passphrase = {-flag-identity} {-cantuse} {-flag-passphrase}. +err-enc-mixed-recipient-passphrase = {-flag-recipient} {-cantuse} {-flag-passphrase}. +err-enc-mixed-recipients-file-passphrase = {-flag-recipients-file} {-cantuse} {-flag-passphrase}. +err-enc-passphrase-without-file = Un fichier à chiffrer doit être passé en argument lors de l'utilisation de {-flag-passphrase}. + +err-enc-plugin-name-flag = {-flag-plugin-name} {-cantuse} {-flag-encrypt}. + +## Decryption errors + +err-detected-powershell-corruption = Il semblerait que ce fichier ait été corrompu par une redirection PowerShell. +rec-detected-powershell-corruption = Essayez d'utiliser {-flag-output} ou {-flag-armor} pour chiffrer des fichiers dans PowerShell. + +rec-dec-excessive-work = Pour déchiffrer, réessayez avec {-flag-max-work-factor} {$wf} + +err-dec-armor-flag = {-flag-armor} {-cantuse} {-flag-decrypt}. +rec-dec-armor-flag = Note that armored files are detected automatically. + +err-dec-missing-identities = Identités manquantes. +rec-dec-missing-identities = Avez-vous oublié de spécifier {-flag-identity} ? +rec-dec-missing-identities-stdin = Avez-vous oublié de fournir une identité via l'entrée standard ? + +err-dec-mixed-identity-passphrase = {-flag-identity} {-cantuse} des fichiers chiffrés avec une phrase secrète. + +err-mixed-identity-and-plugin-name = {-flag-identity} {-cantuse} {-flag-plugin-name}. + +err-dec-passphrase-flag = {-flag-passphrase} {-cantuse} {-flag-decrypt}. +rec-dec-passphrase-flag = Notez que les fichiers chiffrés avec une phrase secrète sont détectés automatiquement. + +err-dec-passphrase-without-file-win = + Ce fichier requière une phrase secrète, et, sur Windows, + le fichier à déchiffrer doit être passé en tant qu'argument + positionnel pour déchiffrer avec une phrase secrète. + +err-dec-recipient-flag = {-flag-recipient} {-cantuse} {-flag-decrypt}. +err-dec-recipients-file-flag = {-flag-recipients-file} {-cantuse} {-flag-decrypt}. +rec-dec-recipient-flag = Vouliez-vous peut-être utiliser {-flag-identity} pour spécifier une clef privée ? + +## rage-mount strings + +mnt-filename = FILENAME +mnt-mountpoint = MOUNTPOINT +mnt-types = TYPES + +help-arg-mnt-filename = Le système de fichier chiffré à monter. +help-arg-mnt-mountpoint = Le dossier vers lequel monter le système de fichier. +help-arg-mnt-types = Indique le type de système de fichier (parmis {$types}). + +info-decrypting = Déchiffrement de {$filename} +info-mounting-as-fuse = Montage en tant que système de fichier FUSE + +err-mnt-missing-filename = Il manque un nom de fichier. +err-mnt-missing-mountpoint = Il manque un point de montage. +err-mnt-missing-types = Il manque le fanion {-flag-mnt-types}. +err-mnt-unknown-type = Type de système de fichier inconnu "{$fs_type}" + +## Unstable features + +test-unstable = Pour tester cela, il faut compiler {-rage} avec {-flag-unstable}. + +## rage manpage + +recipients = RECIPIENTS +identities = IDENTITIES + +man-rage-about = Un outil de chiffrement simple, sécurisé et moderne. + +man-rage-description = + {-rage} encrypts or decrypts {input} to {output}. The {input} argument is + optional and defaults to standard input. Only a single {input} file may be + specified. If {-flag-output} is not specified, {output} defaults to standard + output. + + If {-flag-passphrase} is specified, the file is encrypted with a passphrase + requested interactively. Otherwise, it's encrypted to one or more + {recipients} specified with {-flag-recipient} or + {-flag-recipients-file}. Every recipient can decrypt the file. + + In {-flag-decrypt} mode, passphrase-encrypted files are detected automatically + and the passphrase is requested interactively. Otherwise, one or more + {identities} specified with {-flag-identity} are used to decrypt the file. + + {-age} encrypted files are binary and not malleable, with around 200 bytes of + overhead per recipient, plus 16 bytes every 64KiB of plaintext. + +man-rage-flag-output = + Write encrypted or decrypted file to {output} instead of standard output. + If {output} already exists it will be overwritten. + + If encrypting without {-flag-armor}, {-rage} will refuse to output binary to a + TTY. This can be forced by specifying {-stdin} as {output}. + +man-rage-encryption-options = Encryption options + +man-rage-flag-encrypt = + Encrypt {input} to {output}. This is the default. + +man-rage-flag-recipient = + Encrypt to the explicitly specified {recipient}. See the + {man-rage-recipients-and-identities-heading} section for possible recipient + formats. + + This option can be repeated and combined with other recipient flags, + and the file can be decrypted by all provided recipients independently. + +man-rage-flag-recipients-file = + Encrypt to the {recipients} listed in the file at {recipients-file}, one per + line. Empty lines and lines starting with "#" are ignored as comments. + + If {recipients-file} is {-stdin}, the recipients are read from standard + input. In this case, the {input} argument must be specified. + + This option can be repeated and combined with other recipient flags, + and the file can be decrypted by all provided recipients independently. + +man-rage-flag-passphrase = + Encrypt with a passphrase, requested interactively from the terminal. + {-rage} will offer to auto-generate a secure passphrase. + + Cette option ne peut pas être utilisée avec d'autre fanion (flag). + +man-rage-flag-armor = + Encrypt to an ASCII-only "armored" encoding. + + {-age} armor is a strict version of PEM with type "{-armor-pem-type}", + canonical "strict" Base64, no headers, and no support for leading and + trailing extra data. + + Decryption transparently detects and decodes ASCII armoring. + +man-rage-flag-identity-encrypt = + Encrypt to the {recipients} corresponding to the {identities} listed in the + file at {identity}. This is equivalent to converting the file at {identity} + to a recipients file with '{-rage-keygen} {-flag-convert}' and then passing that to + {-flag-recipients-file}. + + For the format of {identity}, see the definition of {-flag-identity} in the + {man-rage-decryption-options} section. + + {-flag-encrypt} must be explicitly specified when using {-flag-identity} + in encryption mode to avoid confusion. + +man-rage-flag-plugin-encrypt = + Encrypt using the data-less plugin {plugin-name}. + + This is equivalent to using {-flag-identity} with a file that contains a + single plugin {identity} that encodes no plugin-specific data. + + {-flag-encrypt} must be explicitly specified when using {-flag-plugin-name} + in encryption mode to avoid confusion. + +man-rage-decryption-options = Decryption options + +man-rage-flag-decrypt = + Decrypt {input} to {output}. + + If {input} is passphrase encrypted, it will be automatically detected + and the passphrase will be requested interactively. Otherwise, the + {identities} specified with {-flag-identity} are used. + + ASCII armoring is transparently detected and decoded. + +man-rage-flag-identity-decrypt = + Decrypt using the {identities} at {identity}. + + {identity} may be one of the following: + + a. A file listing {identities} one per line. Empty lines and lines starting + with "#" are ignored as comments. + + b. A passphrase encrypted age file, containing {identities} one per + line like above. The passphrase is requested interactively. Note that + passphrase-protected identity files are not necessary for most use cases, + where access to the encrypted identity file implies access to the whole + system. + + c. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format. + If the private key is password-protected, the password is requested + interactively only if the SSH identity matches the file. See the + {man-rage-ssh-keys-heading} section for more information, including + supported key types. + + d. {-stdin}, causing one of the options above to be read from standard input. + In this case, the {input} argument must be specified. + + This option can be repeated. Identities are tried in the order in which are + provided, and the first one matching one of the file's recipients is used. + Unused identities are ignored, but it is an error if the {input} file is + passphrase-encrypted and {-flag-identity} is specified. + +man-rage-flag-plugin-decrypt = + Decrypt using the data-less plugin {plugin-name}. + + This is equivalent to using {-flag-identity} with a file that contains a + single plugin {identity} that encodes no plugin-specific data. + +man-rage-recipients-and-identities-heading = RECIPIENTS AND IDENTITIES +man-rage-recipients-and-identities = + {recipients} are public values, like a public key, that a file can be encrypted + to. {identities} are private values, like a private key, that allow decrypting + a file encrypted to the corresponding {recipient}. + +man-rage-native-x25519-keys-heading = Native X25519 keys +man-rage-native-x25519-keys = + Native {-age} key pairs are generated with {-rage-keygen}(1), and provide small + encodings and strong encryption based on X25519. They are the recommended + recipient type for most applications. + + A {recipient} encoding begins with "{-recipient-prefix}" and looks like the + following: + + {" "}{$example_age_recipient} + + An {identity} encoding begins with "{-identity-prefix}" and looks like the + following: + + {" "}{$example_age_identity} + + An encrypted file can't be linked to the native recipient it's encrypted to + without access to the corresponding identity. + +man-rage-ssh-keys-heading = SSH keys +man-rage-ssh-keys = + As a convenience feature, {-rage} also supports encrypting to RSA or Ed25519 + {-ssh} keys. RSA keys must be at least 2048 bits. This feature employs more + complex cryptography, and should only be used when a native key is not available + for the recipient. Note that SSH keys might not be protected long-term by the + recipient, since they are revokable when used only for authentication. + + A {recipient} encoding is an SSH public key in "{-ssh-authorized-keys}" format + (see the "{-authorized-keys-file-format}" section of {-sshd}), starting with + "{-ssh-rsa}" or "{-ssh-ed25519}", like the following: + + {" "}{$example_ssh_rsa} + {" "}{$example_ssh_ed25519} + + The comment at the end of the line, if present, is ignored. + + In recipient files passed to {-flag-recipients-file}, unsupported but valid + SSH public keys are ignored with a warning, to facilitate using + "{-ssh-authorized-keys}" or GitHub "{-dot-keys}" files. (See {man-examples-heading}.) + + An {identity} is an SSH private key _file_ passed individually to + {-flag-identity}. Note that keys held on hardware tokens such as YubiKeys + or accessed via {-ssh-agent} are not supported. + + An encrypted file _can_ be linked to the SSH public key it was encrypted to. + This is so that {-rage} can identify the correct SSH private key before + requesting its password, if any. + +man-rage-plugins-heading = Plugins +man-rage-plugins = + {-rage} can be extended through plugins. A plugin is only loaded if a corresponding + {recipient} or {identity} is specified. (Simply decrypting a file encrypted with + a plugin will not cause it to load, for security reasons among others.) + + A {recipient} for a plugin named "{-example}" starts with "{-example-r}", while an + {identity} starts with "{-example-i}". They both encode arbitrary plugin-specific + data, and are generated by the plugin. + + When either is specified, {-rage} searches for {-age-plugin-}{-example} in the PATH + and executes it to perform the file header encryption or decryption. The plugin + may request input from the user through {-rage} to complete the operation. + + Plugins can be freely mixed with other plugins or natively supported keys. + + A plugin is not bound to only encrypt or decrypt files meant for or generated by + the plugin. For example, a plugin can be used to decrypt files encrypted to a + native X25519 {recipient} or even with a passphrase. Similarly, a plugin can + encrypt a file such that it can be decrypted without the use of any plugin. + + Plugins for which the {identity}/{recipient} distinction doesn't make sense + (such as a symmetric encryption plugin) may generate only an {identity} and + instruct the user to perform encryption with the {-flag-encrypt} and + {-flag-identity} flags. Plugins for which the concept of separate identities + doesn't make sense (such as a password-encryption plugin) may instruct the user + to use the {-flag-plugin-name} flag. + +man-examples-heading = EXAMPLES + +man-rage-example-single = Generate a new identity, encrypt data, and decrypt +man-rage-example-enc-multiple = Encrypt {$input} to multiple recipients and output to {$output} +man-rage-example-enc-list = Encrypt to a list of recipients +man-rage-example-password = Encrypt and decrypt a file using a passphrase +man-rage-example-identity-passphrase = Encrypt and decrypt with a passphrase-protected identity file +man-rage-example-ssh = Encrypt and decrypt with an SSH public key +man-rage-example-yubikey = Encrypt and decrypt with {-age-plugin-}{-yubikey} +man-rage-example-yubikey-setup = Run interactive setup, generate identity file and obtain recipient. +man-rage-example-enc-github = Encrypt to the SSH keys of a GitHub user + +man-see-also-heading = SEE ALSO + +## rage-keygen manpage + +man-keygen-about = Generate age-compatible encryption key pairs + +man-keygen-description = + {-rage-keygen} generates a new native {-age} key pair, and outputs the identity to + standard output or to the {output} file. The output includes the public key and + the current time as comments. + + If the output is not going to a terminal, {-rage-keygen} prints the public key to + standard error. + +man-keygen-flag-output = + Write the identity to {output} instead of standard output. + + If {output} already exists, it is not overwritten. + +man-keygen-flag-convert = + Read an identity file from {input} or from standard input and output the + corresponding recipient(s), one per line, with no comments. + +man-keygen-example-stdout = Generate a new identity +man-keygen-example-file = Write a new identity to "{$filename}" +man-keygen-example-convert = Convert an identity to a recipient + +## rage-mount manpage + +man-mount-about = Mount an {-age} encrypted filesystem + +man-mount-description = + {-rage-mount} decrypts the {-age} encrypted filesystem at {mnt-filename} on the + fly, and mounts it as a directory on the local filesystem at {mnt-mountpoint}. + + Passphrase-encrypted files are detected automatically and the passphrase is + requested interactively. Otherwise, one or more {identities} specified with + {-flag-identity} are used to decrypt the file. + + The previous contents (if any) and owner and mode of {mnt-mountpoint} become + invisible, and as long as this filesystem remains mounted, the pathname + {mnt-mountpoint} refers to the root of the filesystem on {mnt-filename}. + +man-mount-flag-types = + Set the filesystem type. The following types are currently supported: {$types}. + + This option is required. {-rage-mount} does not attempt to guess the filesystem + format. + + In theory, any efficiently-seekable filesystem format can be supported. At + present, {-rage-mount} only supports seekable archive formats. + +man-mount-example-identity = Mounting an archive encrypted to a recipient +man-mount-example-passphrase = Mounting an archive encrypted with a passphrase From ce3aa6dc9f161209b6f40995cdd501d2f2779d8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jul 2024 23:28:00 +0000 Subject: [PATCH 06/77] build(deps): bump curve25519-dalek from 4.1.1 to 4.1.3 Bumps [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) from 4.1.1 to 4.1.3. - [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases) - [Commits](https://github.com/dalek-cryptography/curve25519-dalek/compare/curve25519-4.1.1...curve25519-4.1.3) --- updated-dependencies: - dependency-name: curve25519-dalek dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Cargo.lock | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a773cbe..1732283 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -742,15 +742,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -1838,12 +1837,6 @@ version = "0.3.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb" -[[package]] -name = "platforms" -version = "3.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" - [[package]] name = "plotters" version = "0.3.5" From 67ee02b47e602d10882f9d0d087663b5157165d7 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:22:54 +0000 Subject: [PATCH 07/77] Update changelogs for partial French translations --- age/CHANGELOG.md | 2 ++ rage/CHANGELOG.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 072dc72..39c0d4b 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- Partial French translation! ## [0.10.0] - 2024-02-04 ### Added diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index 95e71ac..e49f64f 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- Partial French translation! ## [0.10.0] - 2024-02-04 ### Added From b9de00a29adea47941363bbee7ce4362227a664e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:23:42 +0000 Subject: [PATCH 08/77] cargo vet prune --- supply-chain/config.toml | 52 --------- supply-chain/imports.lock | 234 ++++++++++++++++++++++++++++++++------ 2 files changed, 199 insertions(+), 87 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 2f7ebea..a050c23 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -133,10 +133,6 @@ criteria = "safe-to-deploy" version = "0.1.11+1.0.8" criteria = "safe-to-deploy" -[[exemptions.cast]] -version = "0.3.0" -criteria = "safe-to-run" - [[exemptions.cbc]] version = "0.1.2" criteria = "safe-to-deploy" @@ -213,10 +209,6 @@ criteria = "safe-to-run" version = "0.3.2" criteria = "safe-to-deploy" -[[exemptions.cpp_demangle]] -version = "0.4.3" -criteria = "safe-to-run" - [[exemptions.cpufeatures]] version = "0.2.2" criteria = "safe-to-deploy" @@ -305,18 +297,6 @@ criteria = "safe-to-deploy" version = "0.13.0" criteria = "safe-to-deploy" -[[exemptions.futures]] -version = "0.3.30" -criteria = "safe-to-deploy" - -[[exemptions.futures-executor]] -version = "0.3.30" -criteria = "safe-to-deploy" - -[[exemptions.futures-io]] -version = "0.3.30" -criteria = "safe-to-deploy" - [[exemptions.futures-macro]] version = "0.3.30" criteria = "safe-to-deploy" @@ -349,10 +329,6 @@ criteria = "safe-to-deploy" version = "0.28.1" criteria = "safe-to-run" -[[exemptions.half]] -version = "2.2.1" -criteria = "safe-to-run" - [[exemptions.hashbrown]] version = "0.14.3" criteria = "safe-to-deploy" @@ -441,10 +417,6 @@ criteria = "safe-to-deploy" version = "2.6.3" criteria = "safe-to-deploy" -[[exemptions.memmap2]] -version = "0.9.4" -criteria = "safe-to-run" - [[exemptions.minimal-lexical]] version = "0.2.1" criteria = "safe-to-deploy" @@ -453,10 +425,6 @@ criteria = "safe-to-deploy" version = "0.26.1" criteria = "safe-to-deploy" -[[exemptions.nom]] -version = "7.1.1" -criteria = "safe-to-deploy" - [[exemptions.num-bigint-dig]] version = "0.8.4" criteria = "safe-to-deploy" @@ -481,10 +449,6 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" -[[exemptions.object]] -version = "0.32.2" -criteria = "safe-to-run" - [[exemptions.once_cell]] version = "1.15.0" criteria = "safe-to-deploy" @@ -537,10 +501,6 @@ criteria = "safe-to-deploy" version = "0.10.2" criteria = "safe-to-deploy" -[[exemptions.pkg-config]] -version = "0.3.29" -criteria = "safe-to-deploy" - [[exemptions.plotters]] version = "0.3.5" criteria = "safe-to-run" @@ -733,10 +693,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" -[[exemptions.strsim]] -version = "0.10.0" -criteria = "safe-to-deploy" - [[exemptions.symbolic-common]] version = "12.8.0" criteria = "safe-to-run" @@ -781,10 +737,6 @@ criteria = "safe-to-deploy" version = "0.1.44" criteria = "safe-to-deploy" -[[exemptions.tinytemplate]] -version = "1.2.1" -criteria = "safe-to-run" - [[exemptions.tokio]] version = "1.35.0" criteria = "safe-to-run" @@ -833,10 +785,6 @@ criteria = "safe-to-deploy" version = "1.7.0" criteria = "safe-to-run" -[[exemptions.wait-timeout]] -version = "0.2.0" -criteria = "safe-to-run" - [[exemptions.walkdir]] version = "2.4.0" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b2b5b05..14069cb 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -353,6 +353,17 @@ criteria = "safe-to-deploy" version = "0.3.27" notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting." +[[audits.bytecode-alliance.audits.futures-executor]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" +notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods." + +[[audits.bytecode-alliance.audits.futures-io]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.27" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -406,6 +417,12 @@ its own longevity should be relatively hardened against some of the more common compression-related issues. """ +[[audits.bytecode-alliance.audits.object]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.30.3 -> 0.31.1" +notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." + [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -421,6 +438,21 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.0" +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "0.3.25" +notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably." + +[[audits.bytecode-alliance.audits.pkg-config]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.3.26 -> 0.3.29" +notes = """ +No `unsafe` additions or anything outside of the purview of the crate in this +change. +""" + [[audits.bytecode-alliance.audits.proc-macro2]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -515,6 +547,18 @@ criteria = "safe-to-run" version = "0.3.67" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.cast]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.3.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.cpp_demangle]] +who = "Hidenori Kobayashi " +criteria = "safe-to-run" +version = "0.4.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.crossbeam-deque]] who = "George Burgess IV " criteria = "safe-to-run" @@ -549,6 +593,16 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.futures]] +who = "George Burgess IV " +criteria = "safe-to-deploy" +version = "0.3.28" +notes = """ +`futures` has no logic other than tests - it simply `pub use`s things from +other crates. +""" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -579,6 +633,12 @@ criteria = "safe-to-run" delta = "1.0.6 -> 1.0.9" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.memmap2]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "0.8.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.nix]] who = "David Koloski " criteria = "safe-to-run" @@ -599,12 +659,34 @@ Issues: """ aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.nom]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "7.1.3" +notes = """ +Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.normalize-line-endings]] who = "Max Lee " criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.object]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.30.3" +notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review." +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.object]] +who = "George Burgess IV " +criteria = "safe-to-run" +delta = "0.31.1 -> 0.32.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.pin-project-lite]] who = "David Koloski " criteria = "safe-to-deploy" @@ -642,12 +724,35 @@ criteria = "safe-to-run" version = "1.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.strsim]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +version = "0.10.0" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.tinytemplate]] +who = "Ying Hsu " +criteria = "safe-to-run" +version = "1.2.1" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.version_check]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "0.9.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.wait-timeout]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.2.0" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.zerocopy]] who = "ChromeOS" criteria = "safe-to-run" @@ -1202,6 +1307,18 @@ criteria = "safe-to-deploy" delta = "0.3.27 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.futures-executor]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.futures-io]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.27 -> 0.3.28" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.futures-task]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1238,6 +1355,17 @@ criteria = "safe-to-deploy" delta = "0.3.26 -> 0.3.28" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.half]] +who = "John M. Schanck " +criteria = "safe-to-deploy" +version = "1.8.2" +notes = """ +This crate contains unsafe code for bitwise casts to/from binary16 floating-point +format. I've reviewed these and found no issues. There are no uses of ambient +capabilities. +""" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.heck]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1300,18 +1428,18 @@ it's not exploitable. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.memmap2]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.8.0 -> 0.9.3" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.nix]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.26.2 -> 0.27.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.nom]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "7.1.1 -> 7.1.3" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.num-integer]] who = "Josh Stone " criteria = "safe-to-deploy" @@ -1351,6 +1479,12 @@ criteria = "safe-to-deploy" delta = "2.3.0 -> 2.3.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.pkg-config]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.3.25 -> 0.3.26" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.ppv-lite86]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1810,6 +1944,24 @@ criteria = "safe-to-deploy" delta = "4.1.0 -> 4.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.curve25519-dalek]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "4.1.1 -> 4.1.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.curve25519-dalek]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "4.1.2 -> 4.1.3" +notes = """ +- New unsafe is adding `core::ptr::read_volatile` calls for black box + optimization barriers. +- `build.rs` changes are to use `CARGO_CFG_TARGET_POINTER_WIDTH` instead of + `TARGET` and the `platforms` crate for deciding on the target pointer width. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.curve25519-dalek-derive]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1828,6 +1980,13 @@ criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +notes = "Only sub-crate updates and corresponding changes to tests." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures-channel]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1854,6 +2013,18 @@ delta = "0.3.29 -> 0.3.30" notes = "Removes `build.rs` now that it can rely on the `target_has_atomic` attribute." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.futures-executor]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.futures-io]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.3.28 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures-task]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1898,6 +2069,16 @@ criteria = "safe-to-deploy" delta = "0.14.6 -> 0.14.7" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.half]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "1.8.2 -> 2.2.1" +notes = """ +All new uses of unsafe are either just accessing bit representations, or plausibly reasonable uses of intrinsics. I have not checked safety +requirements on the latter. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.indexmap]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1983,6 +2164,12 @@ code (but adapted to `u16` and `u8` reads, instead of `u32`). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.memmap2]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.9.3 -> 0.9.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.nix]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2004,41 +2191,18 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.object]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.32.1 -> 0.32.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.pin-project-lite]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.9 -> 0.2.13" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.platforms]] -who = "Daira Emma Hopwood " -criteria = "safe-to-deploy" -version = "3.0.2" -notes = """ -This crate uses `#![forbid(unsafe_code)]` and its build script is safe. It only \"provides programmatic access to -information about valid Rust platforms, sourced from the Rust compiler\"; it does not attempt any detection that -would require unsafety. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "3.0.2 -> 3.1.2" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "3.1.2 -> 3.2.0" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.platforms]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "3.2.0 -> 3.3.0" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.proc-macro2]] who = "Jack Grigg " criteria = "safe-to-deploy" From b22b60ff7fcfb1ef380186ae5e58477ba47b3ec3 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:41:15 +0000 Subject: [PATCH 09/77] cargo update --- Cargo.lock | 611 +++++++------- supply-chain/config.toml | 192 +++-- supply-chain/imports.lock | 1655 ++++++++++++++++++------------------- 3 files changed, 1246 insertions(+), 1212 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1732283..7e519cf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -29,9 +29,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -131,22 +131,22 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.7" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77c3a9648d43b9cd48db467b3f87fdd6e146bcc88ab0180006cef2179fe11d01" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "getrandom", "once_cell", "version_check", - "zerocopy 0.7.32", + "zerocopy 0.7.35", ] [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -223,9 +223,9 @@ dependencies = [ [[package]] name = "arc-swap" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "arrayvec" @@ -235,15 +235,15 @@ checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line", "cc", @@ -256,9 +256,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -306,9 +306,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block" @@ -352,9 +352,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.14.1" +version = "1.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed2490600f404f2b94c167e31d3ed1d5f3c225a0f3b80230053b3e0b7b962bd9" +checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" [[package]] name = "byteorder" @@ -400,9 +400,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" dependencies = [ "jobserver", "libc", @@ -440,16 +440,16 @@ dependencies = [ [[package]] name = "chrono" -version = "0.4.33" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f13690e35a5e4ace198e7beea2895d29f3a9cc55015fcebe6336bd2010af9eb" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", "js-sys", "num-traits", "wasm-bindgen", - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -531,7 +531,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -552,9 +552,9 @@ dependencies = [ [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" [[package]] name = "console" @@ -591,9 +591,12 @@ dependencies = [ [[package]] name = "cookie-factory" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b" +checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2" +dependencies = [ + "futures", +] [[package]] name = "core-foundation-sys" @@ -612,18 +615,18 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] [[package]] name = "crc32fast" -version = "1.3.2" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" dependencies = [ "cfg-if", ] @@ -675,34 +678,28 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.17" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.18" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" -dependencies = [ - "cfg-if", -] +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] name = "crunchy" @@ -763,7 +760,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -790,9 +787,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "zeroize", @@ -812,13 +809,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -829,9 +826,9 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "either" -version = "1.9.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "encode_unicode" @@ -860,9 +857,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -870,15 +867,15 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" @@ -888,7 +885,7 @@ checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "windows-sys 0.52.0", ] @@ -915,9 +912,9 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.28" +version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" dependencies = [ "crc32fast", "miniz_oxide", @@ -925,9 +922,9 @@ dependencies = [ [[package]] name = "fluent" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61f69378194459db76abd2ce3952b790db103ceb003008d3d50d97c41ff847a7" +checksum = "bb74634707bebd0ce645a981148e8fb8c7bccd4c33c652aeffd28bf2f96d555a" dependencies = [ "fluent-bundle", "unic-langid", @@ -935,9 +932,9 @@ dependencies = [ [[package]] name = "fluent-bundle" -version = "0.15.2" +version = "0.15.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e242c601dec9711505f6d5bbff5bedd4b61b2469f2e8bb8e57ee7c9747a87ffd" +checksum = "7fe0a21ee80050c678013f82edf4b705fe2f26f1f9877593d13198612503f493" dependencies = [ "fluent-langneg", "fluent-syntax", @@ -960,9 +957,9 @@ dependencies = [ [[package]] name = "fluent-syntax" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0abed97648395c902868fee9026de96483933faa54ea3b40d652f7dfe61ca78" +checksum = "2a530c4694a6a8d528794ee9bbd8ba0122e779629ac908d15ad5a7ae7763a33d" dependencies = [ "thiserror", ] @@ -1056,7 +1053,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -1118,9 +1115,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -1129,9 +1126,9 @@ dependencies = [ [[package]] name = "ghash" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" dependencies = [ "opaque-debug", "polyval", @@ -1139,9 +1136,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "glob" @@ -1160,9 +1157,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heck" @@ -1172,9 +1169,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.4" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hex" @@ -1278,7 +1275,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.46", + "syn 2.0.72", "unic-langid", ] @@ -1292,14 +1289,14 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "iana-time-zone" -version = "0.1.59" +version = "0.1.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539" +checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -1320,9 +1317,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", "hashbrown", @@ -1358,9 +1355,9 @@ dependencies = [ [[package]] name = "intl-memoizer" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c310433e4a310918d6ed9243542a6b83ec1183df95dff8f23f87bb88a264a66f" +checksum = "fe22e020fce238ae18a6d5d8c502ee76a52a6e880d99477657e6acc30ec57bda" dependencies = [ "type-map", "unic-langid", @@ -1383,12 +1380,12 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "is-terminal" -version = "0.4.10" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ "hermit-abi", - "rustix", + "libc", "windows-sys 0.52.0", ] @@ -1403,42 +1400,42 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "jobserver" -version = "0.1.26" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" dependencies = [ "libc", ] [[package]] name = "js-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ "spin", ] [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libm" @@ -1448,9 +1445,9 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "locale_config" @@ -1467,9 +1464,9 @@ dependencies = [ [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -1477,9 +1474,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "malloc_buf" @@ -1492,9 +1489,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memmap2" @@ -1513,9 +1510,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] @@ -1537,7 +1534,7 @@ version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "cfg-if", "libc", ] @@ -1587,19 +1584,18 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -1608,9 +1604,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -1657,9 +1653,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.2" +version = "0.36.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" dependencies = [ "memchr", ] @@ -1672,21 +1668,21 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "oorandom" -version = "11.1.3" +version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "os_pipe" -version = "1.1.5" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57119c3b893986491ec9aa85056780d3a0f3cf4da7cc09dd3650dbd6c6738fb9" +checksum = "29d73ba8daf8fac13b0501d1abeddcfe21ba7401ada61a819144b6c2a4f32209" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1704,9 +1700,9 @@ dependencies = [ [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -1714,15 +1710,15 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.5.3", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -1766,29 +1762,29 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pin-project" -version = "1.1.4" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0302c4a0442c456bd56f841aee5c3bfd17967563f6fadc9ceb9f9c23cf3807e0" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.4" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266c042b60c9c76b8d53061e52b2e0d1116abc57cefc8c5cd671619a56ac3690" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1833,15 +1829,15 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2c224ba00d7cadd4d5c660deaf2098e5e80e07846537c51f9cfa4be50c1fd45" +checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" dependencies = [ "num-traits", "plotters-backend", @@ -1852,15 +1848,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e76628b4d3a7581389a35d5b6e2139607ad7c75b17aed325f210aa91f4a9609" +checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" [[package]] name = "plotters-svg" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38f6d39893cca0701371e3c27294f09797214b86f1fb951b89ade8ec04e2abab" +checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" dependencies = [ "plotters-backend", ] @@ -1878,9 +1874,9 @@ dependencies = [ [[package]] name = "polyval" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" dependencies = [ "cfg-if", "cpufeatures", @@ -1942,22 +1938,22 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "proptest" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" +checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.4.1", + "bitflags 2.6.0", "lazy_static", "num-traits", "rand", @@ -1986,9 +1982,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -2062,9 +2058,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.8.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" dependencies = [ "either", "rayon-core", @@ -2072,9 +2068,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -2090,10 +2086,19 @@ dependencies = [ ] [[package]] -name = "regex" -version = "1.10.2" +name = "redox_syscall" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +dependencies = [ + "bitflags 2.6.0", +] + +[[package]] +name = "regex" +version = "1.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -2103,9 +2108,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -2114,15 +2119,15 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.37" +version = "0.8.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05aaa8004b64fd573fc9d002f4e632d51ad4f026c2b5ba95fcb6c2f32c2c47d8" +checksum = "ade4539f42266ded9e755c605bdddf546242b2c961b03b06a7375260788a0523" dependencies = [ "bytemuck", ] @@ -2176,9 +2181,9 @@ dependencies = [ [[package]] name = "rust-embed" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f" +checksum = "fb78f46d0066053d16d4ca7b898e9343bc3530f71c61d5ad84cd404ada068745" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -2187,22 +2192,22 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16" +checksum = "b91ac2a3c6c0520a3fb3dd89321177c3c692937c4eb21893378219da10c44fc8" dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.46", + "syn 2.0.72", "walkdir", ] [[package]] name = "rust-embed-utils" -version = "8.2.0" +version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665" +checksum = "86f69089032567ffff4eada41c573fc43ff466c7db7c5688b2e7969584345581" dependencies = [ "sha2", "walkdir", @@ -2210,9 +2215,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -2231,11 +2236,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -2256,9 +2261,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.16" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "salsa20" @@ -2310,46 +2315,46 @@ version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e14e4d63b804dc0c7ec4a1e52bcb63f02c7ac94476755aa579edac21e01f915d" dependencies = [ - "self_cell 1.0.3", + "self_cell 1.0.4", ] [[package]] name = "self_cell" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba" +checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" [[package]] name = "semver" -version = "1.0.21" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "serde_json" -version = "1.0.110" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa", "ryu", @@ -2405,9 +2410,9 @@ dependencies = [ [[package]] name = "similar" -version = "2.4.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32fea41aca09ee824cc9724996433064c89f7777e60762749a4170a14abbfa21" +checksum = "1de1d4f81173b03af4c0cbed3c898f6bff5b870e4a7f5d6f4057d62a7a4b686e" [[package]] name = "slab" @@ -2420,9 +2425,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.13.1" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "snapbox" @@ -2457,9 +2462,9 @@ dependencies = [ [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" @@ -2491,15 +2496,15 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "symbolic-common" -version = "12.8.0" +version = "12.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cccfffbc6bb3bb2d3a26cd2077f4d055f6808d266f9d4d158797a4c60510dfe" +checksum = "16629323a4ec5268ad23a575110a724ad4544aae623451de600c747bf87b36cf" dependencies = [ "debugid", "memmap2", @@ -2509,9 +2514,9 @@ dependencies = [ [[package]] name = "symbolic-demangle" -version = "12.8.0" +version = "12.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a99812da4020a67e76c4eb41f08c87364c14170495ff780f30dd519c221a68" +checksum = "48c043a45f08f41187414592b3ceb53fb0687da57209cc77401767fb69d5b596" dependencies = [ "cpp_demangle", "rustc-demangle", @@ -2530,9 +2535,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -2541,9 +2546,9 @@ dependencies = [ [[package]] name = "tar" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" +checksum = "cb797dad5fb5b76fcf519e702f4a589483b5ef06567f160c392832c1f5e44909" dependencies = [ "filetime", "libc", @@ -2552,13 +2557,12 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.9.0" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "redox_syscall", "rustix", "windows-sys 0.52.0", ] @@ -2590,7 +2594,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2601,28 +2605,28 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "test-case-core", ] [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2671,9 +2675,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.35.1" +version = "1.38.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +checksum = "eb2caba9f80616f438e09748d5acda951967e1ea58508ef53d9c6402485a46df" dependencies = [ "backtrace", "num_cpus", @@ -2683,13 +2687,13 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -2753,9 +2757,9 @@ dependencies = [ [[package]] name = "type-map" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6d3364c5e96cb2ad1603037ab253ddd34d7fb72a58bdddf4b7350760fc69a46" +checksum = "deb68604048ff8fa93347f02441e4487594adc20bb8a084f9e564d2b827a0a9f" dependencies = [ "rustc-hash", ] @@ -2774,18 +2778,18 @@ checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" [[package]] name = "unic-langid" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "238722e6d794ed130f91f4ea33e01fcff4f188d92337a21297892521c72df516" +checksum = "23dd9d1e72a73b25e07123a80776aae3e7b0ec461ef94f9151eed6ec88005a44" dependencies = [ "unic-langid-impl", ] [[package]] name = "unic-langid-impl" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd55a2063fdea4ef1f8633243a7b0524cbeef1905ae04c31a1c9b9775c55bc6" +checksum = "0a5422c1f65949306c99240b81de9f3f15929f5a8bfe05bb44b034cc8bf593e5" dependencies = [ "serde", "tinystr", @@ -2809,21 +2813,21 @@ dependencies = [ [[package]] name = "utf8parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.7.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a" +checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wait-timeout" @@ -2836,9 +2840,9 @@ dependencies = [ [[package]] name = "walkdir" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", @@ -2852,9 +2856,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2862,24 +2866,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2887,28 +2891,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.89" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "web-sys" -version = "0.3.66" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2944,11 +2948,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -2963,7 +2967,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -2990,7 +2994,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.6", ] [[package]] @@ -3025,17 +3029,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -3052,9 +3057,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -3070,9 +3075,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -3088,9 +3093,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -3106,9 +3117,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -3124,9 +3135,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -3142,9 +3153,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -3160,15 +3171,15 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.5.37" +version = "0.5.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7cad8365489051ae9f054164e459304af2e7e9bb407c958076c8bf4aef52da5" +checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" dependencies = [ "memchr", ] @@ -3181,9 +3192,9 @@ checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4" [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", @@ -3214,11 +3225,11 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ - "zerocopy-derive 0.7.32", + "zerocopy-derive 0.7.35", ] [[package]] @@ -3229,25 +3240,25 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -3260,7 +3271,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -3304,9 +3315,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.9+zstd.1.5.5" +version = "2.0.12+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e16efa8a874a0481a574084d34cc26fdb3b99627480f785888deb6386506656" +checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" dependencies = [ "cc", "pkg-config", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index a050c23..01dc295 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -86,9 +86,13 @@ version = "1.0.2" criteria = "safe-to-deploy" [[exemptions.arc-swap]] -version = "1.6.0" +version = "1.7.1" criteria = "safe-to-deploy" +[[exemptions.backtrace]] +version = "0.3.73" +criteria = "safe-to-run" + [[exemptions.base64ct]] version = "1.6.0" criteria = "safe-to-deploy" @@ -117,10 +121,6 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.bytemuck]] -version = "1.14.1" -criteria = "safe-to-run" - [[exemptions.byteorder]] version = "1.4.3" criteria = "safe-to-deploy" @@ -146,7 +146,7 @@ version = "0.10.1" criteria = "safe-to-deploy" [[exemptions.chrono]] -version = "0.4.33" +version = "0.4.38" criteria = "safe-to-deploy" [[exemptions.ciborium]] @@ -189,6 +189,10 @@ criteria = "safe-to-deploy" version = "0.2.12" criteria = "safe-to-deploy" +[[exemptions.colorchoice]] +version = "1.0.2" +criteria = "safe-to-deploy" + [[exemptions.console]] version = "0.15.8" criteria = "safe-to-deploy" @@ -206,7 +210,7 @@ version = "0.2.4" criteria = "safe-to-run" [[exemptions.cookie-factory]] -version = "0.3.2" +version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.cpufeatures]] @@ -261,6 +265,10 @@ criteria = "safe-to-deploy" version = "0.9.0" criteria = "safe-to-deploy" +[[exemptions.displaydoc]] +version = "0.2.5" +criteria = "safe-to-deploy" + [[exemptions.dunce]] version = "1.0.4" criteria = "safe-to-run" @@ -289,6 +297,18 @@ criteria = "safe-to-run" version = "1.0.28" criteria = "safe-to-deploy" +[[exemptions.fluent]] +version = "0.16.1" +criteria = "safe-to-deploy" + +[[exemptions.fluent-bundle]] +version = "0.15.3" +criteria = "safe-to-deploy" + +[[exemptions.fluent-syntax]] +version = "0.11.1" +criteria = "safe-to-deploy" + [[exemptions.fuse_mt]] version = "0.6.1" criteria = "safe-to-deploy" @@ -325,16 +345,16 @@ criteria = "safe-to-deploy" version = "0.2.10" criteria = "safe-to-deploy" -[[exemptions.gimli]] -version = "0.28.1" -criteria = "safe-to-run" +[[exemptions.ghash]] +version = "0.5.1" +criteria = "safe-to-deploy" [[exemptions.hashbrown]] -version = "0.14.3" +version = "0.14.2" criteria = "safe-to-deploy" [[exemptions.hermit-abi]] -version = "0.3.4" +version = "0.3.3" criteria = "safe-to-deploy" [[exemptions.hkdf]] @@ -369,24 +389,32 @@ criteria = "safe-to-deploy" version = "0.8.3" criteria = "safe-to-deploy" +[[exemptions.iana-time-zone]] +version = "0.1.60" +criteria = "safe-to-deploy" + [[exemptions.indexmap]] -version = "2.0.0" +version = "2.2.6" criteria = "safe-to-deploy" [[exemptions.inferno]] -version = "0.11.19" +version = "0.11.17" criteria = "safe-to-run" +[[exemptions.intl-memoizer]] +version = "0.5.2" +criteria = "safe-to-deploy" + [[exemptions.io_tee]] version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.is-terminal]] -version = "0.4.10" +version = "0.4.12" criteria = "safe-to-deploy" [[exemptions.jobserver]] -version = "0.1.26" +version = "0.1.24" criteria = "safe-to-deploy" [[exemptions.js-sys]] @@ -394,7 +422,7 @@ version = "0.3.60" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.153" +version = "0.2.155" criteria = "safe-to-deploy" [[exemptions.libm]] @@ -402,7 +430,7 @@ version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.linux-raw-sys]] -version = "0.4.13" +version = "0.4.14" criteria = "safe-to-deploy" [[exemptions.locale_config]] @@ -410,7 +438,11 @@ version = "0.3.0" criteria = "safe-to-deploy" [[exemptions.lock_api]] -version = "0.4.11" +version = "0.4.12" +criteria = "safe-to-deploy" + +[[exemptions.log]] +version = "0.4.22" criteria = "safe-to-deploy" [[exemptions.memchr]] @@ -421,6 +453,10 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" +[[exemptions.miniz_oxide]] +version = "0.7.4" +criteria = "safe-to-deploy" + [[exemptions.nix]] version = "0.26.1" criteria = "safe-to-deploy" @@ -449,12 +485,16 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" +[[exemptions.object]] +version = "0.36.2" +criteria = "safe-to-run" + [[exemptions.once_cell]] version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.os_pipe]] -version = "1.1.5" +version = "1.2.0" criteria = "safe-to-run" [[exemptions.page_size]] @@ -462,11 +502,11 @@ version = "0.5.0" criteria = "safe-to-deploy" [[exemptions.parking_lot]] -version = "0.12.1" +version = "0.12.2" criteria = "safe-to-deploy" [[exemptions.parking_lot_core]] -version = "0.9.9" +version = "0.9.10" criteria = "safe-to-deploy" [[exemptions.password-hash]] @@ -482,11 +522,11 @@ version = "0.12.2" criteria = "safe-to-deploy" [[exemptions.pin-project]] -version = "1.1.4" +version = "1.1.5" criteria = "safe-to-deploy" [[exemptions.pin-project-internal]] -version = "1.1.4" +version = "1.1.3" criteria = "safe-to-deploy" [[exemptions.pinentry]] @@ -502,15 +542,15 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.plotters]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.plotters-backend]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.plotters-svg]] -version = "0.3.5" +version = "0.3.6" criteria = "safe-to-run" [[exemptions.poly1305]] @@ -518,7 +558,7 @@ version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.polyval]] -version = "0.6.1" +version = "0.6.2" criteria = "safe-to-deploy" [[exemptions.pprof]] @@ -534,7 +574,7 @@ version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.proptest]] -version = "1.2.0" +version = "1.5.0" criteria = "safe-to-run" [[exemptions.quick-error]] @@ -553,6 +593,10 @@ criteria = "safe-to-deploy" version = "0.4.1" criteria = "safe-to-deploy" +[[exemptions.redox_syscall]] +version = "0.5.3" +criteria = "safe-to-deploy" + [[exemptions.regex]] version = "1.9.5" criteria = "safe-to-deploy" @@ -566,7 +610,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.37" +version = "0.8.45" criteria = "safe-to-run" [[exemptions.roff]] @@ -586,19 +630,19 @@ version = "0.0.2" criteria = "safe-to-deploy" [[exemptions.rust-embed]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rust-embed-impl]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rust-embed-utils]] -version = "8.2.0" +version = "8.3.0" criteria = "safe-to-deploy" [[exemptions.rustix]] -version = "0.38.31" +version = "0.38.34" criteria = "safe-to-deploy" [[exemptions.rusty-fork]] @@ -634,19 +678,7 @@ version = "0.10.3" criteria = "safe-to-deploy" [[exemptions.self_cell]] -version = "1.0.3" -criteria = "safe-to-deploy" - -[[exemptions.semver]] -version = "1.0.21" -criteria = "safe-to-deploy" - -[[exemptions.serde]] -version = "1.0.136" -criteria = "safe-to-deploy" - -[[exemptions.serde_derive]] -version = "1.0.136" +version = "1.0.4" criteria = "safe-to-deploy" [[exemptions.serde_spanned]] @@ -662,7 +694,7 @@ version = "0.10.8" criteria = "safe-to-deploy" [[exemptions.similar]] -version = "2.4.0" +version = "2.6.0" criteria = "safe-to-run" [[exemptions.slab]] @@ -670,7 +702,7 @@ version = "0.4.9" criteria = "safe-to-deploy" [[exemptions.smallvec]] -version = "1.13.1" +version = "1.11.1" criteria = "safe-to-deploy" [[exemptions.snapbox]] @@ -682,7 +714,7 @@ version = "0.3.4" criteria = "safe-to-run" [[exemptions.spin]] -version = "0.5.2" +version = "0.9.8" criteria = "safe-to-deploy" [[exemptions.spki]] @@ -694,19 +726,23 @@ version = "0.1.0" criteria = "safe-to-run" [[exemptions.symbolic-common]] -version = "12.8.0" +version = "12.10.0" criteria = "safe-to-run" [[exemptions.symbolic-demangle]] -version = "12.8.0" +version = "12.10.0" criteria = "safe-to-run" [[exemptions.syn]] version = "1.0.102" criteria = "safe-to-deploy" +[[exemptions.syn]] +version = "2.0.72" +criteria = "safe-to-deploy" + [[exemptions.tar]] -version = "0.4.40" +version = "0.4.41" criteria = "safe-to-deploy" [[exemptions.tempfile]] @@ -738,11 +774,11 @@ version = "0.1.44" criteria = "safe-to-deploy" [[exemptions.tokio]] -version = "1.35.0" +version = "1.38.1" criteria = "safe-to-run" [[exemptions.tokio-macros]] -version = "2.2.0" +version = "2.3.0" criteria = "safe-to-run" [[exemptions.toml]] @@ -762,7 +798,7 @@ version = "0.14.16" criteria = "safe-to-run" [[exemptions.type-map]] -version = "0.4.0" +version = "0.5.0" criteria = "safe-to-deploy" [[exemptions.typenum]] @@ -773,20 +809,20 @@ criteria = "safe-to-deploy" version = "0.1.4" criteria = "safe-to-run" -[[exemptions.unic-langid]] -version = "0.9.4" -criteria = "safe-to-deploy" - -[[exemptions.unic-langid-impl]] -version = "0.9.4" +[[exemptions.utf8parse]] +version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.uuid]] -version = "1.7.0" +version = "1.10.0" criteria = "safe-to-run" +[[exemptions.version_check]] +version = "0.9.5" +criteria = "safe-to-deploy" + [[exemptions.walkdir]] -version = "2.4.0" +version = "2.5.0" criteria = "safe-to-deploy" [[exemptions.wasi]] @@ -794,7 +830,7 @@ version = "0.11.0+wasi-snapshot-preview1" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen]] -version = "0.2.89" +version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] @@ -805,10 +841,6 @@ criteria = "safe-to-deploy" version = "0.2.87" criteria = "safe-to-deploy" -[[exemptions.wasm-bindgen-macro-support]] -version = "0.2.87" -criteria = "safe-to-deploy" - [[exemptions.web-sys]] version = "0.3.66" criteria = "safe-to-deploy" @@ -826,7 +858,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.6" +version = "0.1.8" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -837,8 +869,12 @@ criteria = "safe-to-deploy" version = "0.52.0" criteria = "safe-to-deploy" +[[exemptions.windows_i686_gnullvm]] +version = "0.52.6" +criteria = "safe-to-deploy" + [[exemptions.winnow]] -version = "0.5.37" +version = "0.5.40" criteria = "safe-to-deploy" [[exemptions.wsl]] @@ -846,7 +882,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.x25519-dalek]] -version = "2.0.0" +version = "2.0.1" criteria = "safe-to-deploy" [[exemptions.xattr]] @@ -857,12 +893,20 @@ criteria = "safe-to-deploy" version = "0.6.6" criteria = "safe-to-deploy" +[[exemptions.zerocopy]] +version = "0.7.35" +criteria = "safe-to-run" + [[exemptions.zerocopy-derive]] version = "0.6.6" criteria = "safe-to-deploy" +[[exemptions.zerocopy-derive]] +version = "0.7.35" +criteria = "safe-to-run" + [[exemptions.zeroize]] -version = "1.7.0" +version = "1.8.1" criteria = "safe-to-deploy" [[exemptions.zeroize_derive]] @@ -882,5 +926,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.9+zstd.1.5.5" +version = "2.0.12+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 14069cb..e84f19a 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -51,8 +51,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -72,8 +72,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -93,8 +93,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -114,8 +114,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -135,8 +135,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -156,8 +156,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -177,8 +177,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -198,8 +198,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.0" -when = "2023-11-15" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -223,6 +223,11 @@ criteria = "safe-to-deploy" delta = "0.20.0 -> 0.21.0" notes = "This version bump updated some dependencies and optimized some internals. All looks good." +[[audits.bytecode-alliance.audits.addr2line]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.21.0 -> 0.22.0" + [[audits.bytecode-alliance.audits.adler]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -241,25 +246,6 @@ criteria = "safe-to-deploy" version = "0.21.0" notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." -[[audits.bytecode-alliance.audits.bitflags]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" -notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. -""" - -[[audits.bytecode-alliance.audits.bitflags]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" -notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. -""" - [[audits.bytecode-alliance.audits.block-buffer]] who = "Benjamin Bouvier " criteria = "safe-to-deploy" @@ -271,6 +257,11 @@ criteria = "safe-to-deploy" version = "1.0.73" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.cc]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.1.6" + [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -364,26 +355,36 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" +[[audits.bytecode-alliance.audits.gimli]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.27.3 -> 0.28.0" +notes = """ +Still looks like a good DWARF-parsing crate, nothing major was added or deleted +and no `unsafe` code to review here. +""" + +[[audits.bytecode-alliance.audits.gimli]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.28.0 -> 0.29.0" + [[audits.bytecode-alliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.4.0" notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." -[[audits.bytecode-alliance.audits.iana-time-zone]] -who = "Dan Gohman " -criteria = "safe-to-deploy" -version = "0.1.59" -notes = """ -I also manually ran windows-bindgen and confirmed that the output matches -the bindings checked into the repo. -""" - [[audits.bytecode-alliance.audits.iana-time-zone-haiku]] who = "Dan Gohman " criteria = "safe-to-deploy" version = "0.1.2" +[[audits.bytecode-alliance.audits.jobserver]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.1.25 -> 0.1.32" + [[audits.bytecode-alliance.audits.libm]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -403,25 +404,11 @@ This is a minor update which has some testing affordances as well as some updated math algorithms. """ -[[audits.bytecode-alliance.audits.miniz_oxide]] -who = "Alex Crichton " +[[audits.bytecode-alliance.audits.num-traits]] +who = "Andrew Brown " criteria = "safe-to-deploy" -version = "0.7.1" -notes = """ -This crate is a Rust implementation of zlib compression/decompression and has -been used by default by the Rust standard library for quite some time. It's also -a default dependency of the popular `backtrace` crate for decompressing debug -information. This crate forbids unsafe code and does not otherwise access system -resources. It's originally a port of the `miniz.c` library as well, and given -its own longevity should be relatively hardened against some of the more common -compression-related issues. -""" - -[[audits.bytecode-alliance.audits.object]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "0.30.3 -> 0.31.1" -notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary." +version = "0.2.19" +notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected." [[audits.bytecode-alliance.audits.percent-encoding]] who = "Alex Crichton " @@ -453,31 +440,23 @@ No `unsafe` additions or anything outside of the purview of the crate in this change. """ -[[audits.bytecode-alliance.audits.proc-macro2]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.57" - -[[audits.bytecode-alliance.audits.proc-macro2]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.59 -> 1.0.63" -notes = """ -This is a routine update for new nightly features and new syntax popping up on -nightly, nothing out of the ordinary. -""" - -[[audits.bytecode-alliance.audits.quote]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.23 -> 1.0.27" - [[audits.bytecode-alliance.audits.rustc-demangle]] who = "Alex Crichton " criteria = "safe-to-deploy" version = "0.1.21" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.rustc-demangle]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.1.21 -> 0.1.24" + +[[audits.bytecode-alliance.audits.semver]] +who = "Pat Hickey " +criteria = "safe-to-deploy" +version = "1.0.17" +notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct" + [[audits.bytecode-alliance.audits.tempfile]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -494,12 +473,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.8" -[[audits.embark-studios.audits.colorchoice]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "1.0.0" -notes = "No unsafe usage or ambient capabilities" - [[audits.embark-studios.audits.thiserror]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -518,12 +491,6 @@ criteria = "safe-to-deploy" delta = "0.6.1 -> 0.6.2" notes = "No notable changes" -[[audits.embark-studios.audits.utf8parse]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -version = "0.2.1" -notes = "Single unsafe usage that looks sound, no ambient capabilities" - [[audits.fermyon.audits.oorandom]] who = "Radu Matei " criteria = "safe-to-run" @@ -535,17 +502,103 @@ criteria = "safe-to-run" version = "0.19.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.aes]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.8.2 -> 0.8.4" +notes = "Audited at https://fxrev.dev/987054" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.arrayvec]] who = "Nicholas Bishop " criteria = "safe-to-run" version = "0.7.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.backtrace]] -who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.3.67" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.1.0" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and there were no hits except for reasonable, client-controlled usage of +`std::fs` in `AutoCfg::with_dir`. + +This crate has been added to Chromium in +https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb +The CL description contains a link to a Google-internal document with audit details. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.autocfg]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.1.0 -> 1.2.0" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` +and nothing changed from the baseline audit of 1.1.0. Skimmed through the +1.1.0 => 1.2.0 delta and everything seemed okay. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "2.4.2" +notes = """ +Audit notes: + +* I've checked for any discussion in Google-internal cl/546819168 (where audit + of version 2.3.3 happened) +* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` +* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be + correct in a straightforward way - they just propagate the marker trait's + impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type +* Additional discussion and/or notes may be found in https://crrev.com/c/5238056 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.4.2 -> 2.5.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bitflags]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "2.5.0 -> 2.6.0" +notes = "The changes from the previous version are negligible and thus it retains the same properties." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.14.3" +notes = "Additional review notes may be found in https://crrev.com/c/5362675." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.14.3 -> 1.15.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.15.0 -> 1.16.0" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.0 -> 1.16.1" +notes = """ +The delta only adds `f16` and `f128` support (with some other minor changes) +and has no impact on the audit criteria. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.cast]] who = "George Burgess IV " @@ -603,6 +656,12 @@ other crates. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.gimli]] +who = "George Burgess IV " +criteria = "safe-to-run" +version = "0.27.3" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.glob]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -616,22 +675,54 @@ version = "0.10.5" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.itoa]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "1.0.5" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.10" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are a few places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5350697. + +Version 1.0.1 of this crate has been added to Chromium in +https://crrev.com/c/3321896. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.itoa]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "1.0.5 -> 1.0.6" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.10 -> 1.0.11" +notes = """ +Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: -[[audits.google.audits.itoa]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "1.0.6 -> 1.0.9" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +* Bumping up the version +* A touch up of comments +* And my own PR to make `unsafe` blocks more granular: + https://github.com/dtolnay/itoa/pull/42 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.0" +notes = ''' +I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. + +There are two places where `unsafe` is used. Unsafe review notes can be found +in https://crrev.com/c/5347418. + +This crate has been added to Chromium in https://crrev.com/c/3321895. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.lazy_static]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.4.0 -> 1.5.0" +notes = "Unsafe review notes: https://crrev.com/c/5650836" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.memmap2]] who = "Ying Hsu " @@ -674,17 +765,10 @@ criteria = "safe-to-run" version = "0.3.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.object]] +[[audits.google.audits.num-iter]] who = "George Burgess IV " -criteria = "safe-to-run" -version = "0.30.3" -notes = "I'm not counting the code related to the GNU Hash section as crypto for the sake of this review." -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.object]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.31.1 -> 0.32.1" +criteria = "safe-to-deploy" +version = "0.1.43" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" [[audits.google.audits.pin-project-lite]] @@ -694,17 +778,214 @@ version = "0.2.9" notes = "Reviewed on https://fxrev.dev/824504" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.pin-project-lite]] +who = "David Koloski " +criteria = "safe-to-deploy" +delta = "0.2.9 -> 0.2.13" +notes = "Audited at https://fxrev.dev/946396" +aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" version = "1.0.4" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.78" +notes = """ +Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for a benign \"fs\" hit in a doc comment) + +Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.78 -> 1.0.79" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.79 -> 1.0.80" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.80 -> 1.0.81" +notes = "Comment changes only" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.81 -> 1.0.82" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.82 -> 1.0.83" +notes = "Substantive change is replacing String with Box, saving memory." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.83 -> 1.0.84" +notes = "Only doc comment changes in `src/lib.rs`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "danakj@chromium.org" +criteria = "safe-to-deploy" +delta = "1.0.84 -> 1.0.85" +notes = "Test-only changes." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.85 -> 1.0.86" +notes = """ +Comment-only changes in `build.rs`. +Reordering of `Cargo.toml` entries. +Just bumping up the version number in `lib.rs`. +Config-related changes in `test_size.rs`. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.35" +notes = """ +Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits +(except for benign \"net\" hit in tests and \"fs\" hit in README.md) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.quote]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.35 -> 1.0.36" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = """ +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +There were some hits for `net`, but they were related to serialization and +not actually opening any connections or anything like that. + +There were 2 hits of `unsafe` when grepping: +* In `fn as_str` in `impl Buf` +* In `fn serialize` in `impl Serialize for net::Ipv4Addr` + +Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this +review also covered `serde_json_lenient`). + +Version 1.0.130 of the crate has been added to Chromium in +https://crrev.com/c/3265545. The CL description contains a link to a +(Google-internal, sorry) document with a mini security review. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.198" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.198 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.201 -> 1.0.202" +notes = "Trivial changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.197" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.197 -> 1.0.201" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Dustin J. Mitchell " +criteria = "safe-to-deploy" +delta = "1.0.201 -> 1.0.202" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.202 -> 1.0.203" +notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_derive]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.0.203 -> 1.0.204" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_json]] -who = "Harshad Phule " +who = "danakj@chromium.org" criteria = "safe-to-run" -version = "1.0.96" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +version = "1.0.108" +notes = """ +Reviewed in https://crrev.com/c/5171063 + +Previously reviewed during security review and the audit is grandparented in. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_json]] +who = "danakj " +criteria = "safe-to-run" +delta = "1.0.116 -> 1.0.117" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.serde_json]] +who = "Adrian Taylor " +criteria = "safe-to-run" +delta = "1.0.117 -> 1.0.120" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.shlex]] who = "George Burgess IV " @@ -741,59 +1022,12 @@ criteria = "safe-to-run" version = "1.2.1" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.version_check]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "0.9.4" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.wait-timeout]] who = "George Burgess IV " criteria = "safe-to-run" version = "0.2.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.zerocopy]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.7.0-alpha.1" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.zerocopy]] -who = "Daniel Verkamp " -criteria = "safe-to-run" -delta = "0.7.0-alpha.1 -> 0.7.8" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.zerocopy]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.7.8 -> 0.7.32" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.zerocopy-derive]] -who = "ChromeOS" -criteria = "safe-to-run" -version = "0.3.2" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.zerocopy-derive]] -who = "Daniel Verkamp " -criteria = "safe-to-run" -delta = "0.3.2 -> 0.7.8" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.google.audits.zerocopy-derive]] -who = "George Burgess IV " -criteria = "safe-to-run" -delta = "0.7.8 -> 0.7.32" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.isrg.audits.aes]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "0.8.2 -> 0.8.3" - [[audits.isrg.audits.base64]] who = "Tim Geoghegan " criteria = "safe-to-deploy" @@ -893,6 +1127,27 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.4 -> 0.2.5" +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.5 -> 0.2.6" + +[[audits.isrg.audits.fiat-crypto]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "0.2.6 -> 0.2.7" + +[[audits.isrg.audits.fiat-crypto]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.7 -> 0.2.8" + +[[audits.isrg.audits.fiat-crypto]] +who = "Tim Geoghegan " +criteria = "safe-to-deploy" +delta = "0.2.8 -> 0.2.9" +notes = "No changes to Rust code between 0.2.8 and 0.2.9" + [[audits.isrg.audits.getrandom]] who = "Brandon Pitman " criteria = "safe-to-deploy" @@ -903,25 +1158,35 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "0.2.11 -> 0.2.12" -[[audits.isrg.audits.ghash]] +[[audits.isrg.audits.getrandom]] who = "David Cook " criteria = "safe-to-deploy" -version = "0.5.0" +delta = "0.2.12 -> 0.2.14" + +[[audits.isrg.audits.getrandom]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.2.14 -> 0.2.15" [[audits.isrg.audits.hmac]] who = "David Cook " criteria = "safe-to-deploy" version = "0.12.1" -[[audits.isrg.audits.num-traits]] +[[audits.isrg.audits.num-integer]] who = "David Cook " criteria = "safe-to-deploy" -delta = "0.2.15 -> 0.2.16" +delta = "0.1.45 -> 0.1.46" -[[audits.isrg.audits.num-traits]] -who = "Ameer Ghani " +[[audits.isrg.audits.num-iter]] +who = "David Cook " criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.17" +delta = "0.1.43 -> 0.1.44" + +[[audits.isrg.audits.num-iter]] +who = "David Cook " +criteria = "safe-to-deploy" +delta = "0.1.44 -> 0.1.45" [[audits.isrg.audits.once_cell]] who = "David Cook " @@ -973,80 +1238,30 @@ who = "David Cook " criteria = "safe-to-deploy" delta = "1.7.0 -> 1.8.0" -[[audits.isrg.audits.rayon-core]] +[[audits.isrg.audits.rayon]] +who = "Ameer Ghani " +criteria = "safe-to-deploy" +delta = "1.8.0 -> 1.8.1" + +[[audits.isrg.audits.rayon]] who = "Brandon Pitman " criteria = "safe-to-deploy" -delta = "1.10.2 -> 1.11.0" +delta = "1.8.1 -> 1.9.0" + +[[audits.isrg.audits.rayon]] +who = "Brandon Pitman " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 1.10.0" [[audits.isrg.audits.rayon-core]] +who = "Ameer Ghani " +criteria = "safe-to-deploy" +version = "1.12.1" + +[[audits.isrg.audits.subtle]] who = "David Cook " criteria = "safe-to-deploy" -delta = "1.11.0 -> 1.12.0" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" - -[[audits.isrg.audits.serde]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" - -[[audits.isrg.audits.serde]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" - -[[audits.isrg.audits.serde]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.152 -> 1.0.153" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.153 -> 1.0.154" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.154 -> 1.0.155" - -[[audits.isrg.audits.serde_derive]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.156 -> 1.0.159" - -[[audits.isrg.audits.serde_derive]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.160 -> 1.0.162" - -[[audits.isrg.audits.serde_derive]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.0.162 -> 1.0.163" - -[[audits.isrg.audits.syn]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.0.104 -> 2.0.11" +delta = "2.5.0 -> 2.6.1" [[audits.isrg.audits.thiserror]] who = "Brandon Pitman " @@ -1083,6 +1298,12 @@ renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.ahash]] +who = "Erich Gubler " +criteria = "safe-to-deploy" +delta = "0.8.7 -> 0.8.11" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -1102,13 +1323,6 @@ criteria = "safe-to-deploy" delta = "0.1.4 -> 0.1.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.autocfg]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" @@ -1129,38 +1343,6 @@ version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.bitflags]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 2.0.2" -notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Teodor Tanasoaia " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "2.3.3 -> 2.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "2.4.0 -> 2.4.1" -notes = "Only allowing new clippy lints" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.block-buffer]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1186,6 +1368,13 @@ delta = "0.2.7 -> 0.2.8" notes = "This release contains a single fix for an issue that affected Firefox" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crc32fast]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "1.3.2 -> 1.4.2" +notes = "Minor, safe changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1198,6 +1387,19 @@ criteria = "safe-to-deploy" delta = "0.8.11 -> 0.8.14" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.crossbeam-utils]] +who = "Jan-Erik Rediger " +criteria = "safe-to-deploy" +delta = "0.8.14 -> 0.8.19" +aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" + +[[audits.mozilla.audits.crossbeam-utils]] +who = "Alex Franchuk " +criteria = "safe-to-deploy" +delta = "0.8.19 -> 0.8.20" +notes = "Minor changes." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1217,23 +1419,6 @@ criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.displaydoc]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "0.2.3" -notes = """ -This crate is convenient macros to implement core::fmt::Display trait. -Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access. -It meets the criteria for safe-to-deploy. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.displaydoc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.3 -> 0.2.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.either]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1264,16 +1449,11 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.fluent]] -who = "Zibi Braniecki " +[[audits.mozilla.audits.flate2]] +who = "Alex Franchuk " criteria = "safe-to-deploy" -version = "0.16.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.fluent-bundle]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.15.2" +delta = "1.0.28 -> 1.0.30" +notes = "Some new unsafe code, however it has been verified and there are unit tests as well." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fluent-langneg]] @@ -1282,12 +1462,6 @@ criteria = "safe-to-deploy" version = "0.13.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.fluent-syntax]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.11.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1378,12 +1552,6 @@ criteria = "safe-to-deploy" version = "0.4.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.intl-memoizer]] -who = "Zibi Braniecki " -criteria = "safe-to-deploy" -version = "0.5.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.intl_pluralrules]] who = "Zibi Braniecki " criteria = "safe-to-deploy" @@ -1396,26 +1564,12 @@ criteria = "safe-to-deploy" delta = "7.0.1 -> 7.0.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.lazy_static]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "I have read over the macros, and audited the unsafe code." -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.log]] +[[audits.mozilla.audits.jobserver]] who = "Mike Hommey " criteria = "safe-to-deploy" -version = "0.4.17" +delta = "0.1.24 -> 0.1.25" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.log]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "0.4.17 -> 0.4.18" -notes = "One dependency removed, others updated (which we don't rely on), some APIs (which we don't use) changed." -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.malloc_buf]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1447,20 +1601,6 @@ version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.num-iter]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.1.43" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.num-traits]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "0.2.15" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1491,110 +1631,6 @@ criteria = "safe-to-deploy" delta = "0.2.16 -> 0.2.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.proc-macro2]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.39" -notes = """ -`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided -`proc_macro` crate, or as a fallback implementation of the crate, depending on -where it is used. - -If using this crate on older versions of rustc (1.56 and earlier), it will -temporarily replace the panic handler while initializing in order to detect if -it is running within a `proc_macro`, which could lead to surprising behaviour. -This should not be an issue for more recent compiler versions, which support -`proc_macro::is_available()`. - -The `proc-macro2` crate's fallback behaviour is not identical to the complex -behaviour of the rustc compiler (e.g. it does not perform unicode normalization -for identifiers), however it behaves well enough for its intended use-case -(tests and scripts processing rust code). - -`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to -allow bypassing checks in the fallback implementation when constructing -`Literal` using `from_str_unchecked`. This was intended to only be used by the -`quote!` macro, however it has been removed -(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), -and is likely completely unused. Even when used, this API shouldn't be able to -cause unsoundness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.39 -> 1.0.43" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.49" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.49 -> 1.0.51" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.57 -> 1.0.59" -notes = "Enabled on Wasm" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.63 -> 1.0.66" -notes = "Removed special support for some really old Rust versions" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.18" -notes = """ -`quote` is a utility crate used by proc-macros to generate TokenStreams -conveniently from source code. The bulk of the logic is some complex -interlocking `macro_rules!` macros which are used to parse and build the -`TokenStream` within the proc-macro. - -This crate contains no unsafe code, and the internal logic, while difficult to -read, is generally straightforward. I have audited the the quote macros, ident -formatter, and runtime logic. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.18 -> 1.0.21" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.21 -> 1.0.23" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.27 -> 1.0.28" -notes = "Enabled on wasm targets" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.quote]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.31" -notes = "Minimal changes and removal of the build.rs" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1614,25 +1650,6 @@ criteria = "safe-to-deploy" delta = "1.5.3 -> 1.6.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.rayon-core]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.9.3" -notes = "All code written or reviewed by Josh Stone or Niko Matsakis." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.9.3 -> 1.10.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.rayon-core]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.10.1 -> 1.10.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.rustc-hash]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -1640,56 +1657,6 @@ version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and some new trait implementations" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.143 -> 1.0.144" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.144 -> 1.0.151" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.151 -> 1.0.152" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.serde_derive]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.163 -> 1.0.179" -notes = "Internal refactorings and dependency updates" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" @@ -1697,19 +1664,18 @@ version = "2.5.0" notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.syn]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "2.0.18 -> 2.0.26" -notes = "Dependency update & internal refactorings" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.tempfile]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "3.6.0 -> 3.8.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tempfile]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "3.8.0 -> 3.9.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.time]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1765,6 +1731,42 @@ criteria = "safe-to-deploy" delta = "1.15.0 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.unic-langid]] +who = "Zibi Braniecki " +criteria = "safe-to-deploy" +version = "0.9.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "0.9.0 -> 0.9.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid]] +who = "Eemeli Aro " +criteria = "safe-to-deploy" +delta = "0.9.1 -> 0.9.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Zibi Braniecki " +criteria = "safe-to-deploy" +version = "0.9.0" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.9.0 -> 0.9.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.unic-langid-impl]] +who = "Eemeli Aro " +criteria = "safe-to-deploy" +delta = "0.9.1 -> 0.9.5" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.unicode-ident]] who = "Jan-Erik Rediger " criteria = "safe-to-deploy" @@ -1791,24 +1793,18 @@ criteria = "safe-to-deploy" delta = "1.1.1 -> 1.1.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.backtrace]] -who = "Jack Grigg " +[[audits.zcash.audits.aho-corasick]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.3.67 -> 0.3.69" -notes = """ -Changes to `unsafe` blocks: -- New call to `GetCurrentProcessId` on Windows, to help generate a process-unique name to - use inside an existing `CreateMutexA` call. -- Uses `libc::mmap64` on Linux instead of `libc::mmap`. -- Alters `Stash` to allow caching more than one `Mmap`; the existing `unsafe` safety - condition continues to be applicable. - -There are also several more places where DWARF data is mmapped from a filesystem path and -then loaded. These appear to all derive from existing paths that themselves were already -being mmapped and loaded. -""" +delta = "1.1.2 -> 1.1.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.autocfg]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.3.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.base64]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1821,6 +1817,12 @@ criteria = "safe-to-deploy" delta = "0.21.4 -> 0.21.5" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.base64]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.21.5 -> 0.21.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.block-buffer]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1870,12 +1872,25 @@ the same as the existing Linux code for AArch64. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.cpufeatures]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.11 -> 0.2.12" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.crossbeam-deque]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.8.3 -> 0.8.4" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.crossbeam-deque]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.8.4 -> 0.8.5" +notes = "Changes to `unsafe` code look okay." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.crossbeam-epoch]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1893,49 +1908,10 @@ Changes to `unsafe` code are to replace manual pointer logic with equivalent """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " +[[audits.zcash.audits.crossbeam-epoch]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.8.14 -> 0.8.15" -notes = """ -- Fixes a wrapping overflow for large timeouts. -- Marks some BPF and Sony Vita targets as not having atomics. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.15 -> 0.8.16" -notes = """ -- Fixes cache line alignment for some targets. -- Replaces `mem::replace` with `Option::take` inside `unsafe` blocks. -- Unmarks some ARMv7r and Sony Vita targets as not having 64-bit atomics. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.16 -> 0.8.17" -notes = """ -- Build script change removes some now-unused config flags, and checks for thread - sanitization to enable this on `crossbeam`. -- Changes to `unsafe` blocks are to move them, or to introduce a couple of new - blocks identical to equivalent earlier blocks (now that MSRV is new enough to - access newer `Atomic*` methods). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.crossbeam-utils]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.17 -> 0.8.18" -notes = """ -Changes to `unsafe` code are to construct and drop `MaybeUninit` directly -via its methods (one of which is now usable with the new MSRV) instead of via -casting. -""" +delta = "0.9.17 -> 0.9.18" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.curve25519-dalek]] @@ -1968,18 +1944,64 @@ criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.der]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.7.8 -> 0.7.9" +notes = "The change to ignore RUSTSEC-2023-0071 is correct for this crate." +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.either]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.8.1 -> 1.9.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.either]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.9.0 -> 1.11.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.either]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.11.0 -> 1.13.0" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.errno]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.3.3 -> 0.3.8" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.errno]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.8 -> 0.3.9" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.1 -> 2.0.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.fastrand]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.0.2 -> 2.1.0" +notes = """ +As noted in the changelog, this version produces different output for a given seed. +The documentation did not mention stability. It is possible that some uses relying on +determinism across the update would be broken. + +The new constants do appear to match WyRand v4.2 (modulo ordering issues that I have not checked): +https://github.com/wangyi-fudan/wyhash/blob/408620b6d12b7d667b3dd6ae39b7929a39e8fa05/wyhash.h#L145 +I have no way to check whether these constants are an improvement or not. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.futures]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2079,13 +2101,25 @@ requirements on the latter. """ aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" -[[audits.zcash.audits.indexmap]] -who = "Jack Grigg " +[[audits.zcash.audits.hashbrown]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "2.0.0 -> 2.1.0" -notes = "- Replaces an `unsafe` block with a safe alternative." +delta = "0.14.2 -> 0.14.5" +notes = "I did not thoroughly check the safety argument for fold_impl, but it at least seems to be well documented." +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.hermit-abi]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.3 -> 0.3.9" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.inferno]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "0.11.17 -> 0.11.19" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.inout]] who = "Daira Hopwood " criteria = "safe-to-deploy" @@ -2093,12 +2127,6 @@ version = "0.1.3" notes = "Reviewed in full." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.itoa]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.9 -> 1.0.10" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.js-sys]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2128,6 +2156,12 @@ notes = """ """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.js-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.66 -> 0.3.69" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.libm]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2135,18 +2169,6 @@ delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.log]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.4.18 -> 0.4.19" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.log]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.4.19 -> 0.4.20" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.memchr]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2164,6 +2186,18 @@ code (but adapted to `u16` and `u8` reads, instead of `u32`). """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.memchr]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "2.7.1 -> 2.7.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.memchr]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "2.7.2 -> 2.7.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.memmap2]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2191,74 +2225,41 @@ A new unsafe trait method `SockaddrLike::set_length` is added; it's impls look f """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.object]] +[[audits.zcash.audits.oorandom]] +who = "Jack Grigg " +criteria = "safe-to-run" +delta = "11.1.3 -> 11.1.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.opaque-debug]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.32.1 -> 0.32.2" +delta = "0.3.0 -> 0.3.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.parking_lot]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.12.2 -> 0.12.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.pin-project-internal]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.1.3 -> 1.1.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.pin-project-lite]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.2.9 -> 0.2.13" +delta = "0.2.13 -> 0.2.14" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " +[[audits.zcash.audits.pkg-config]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.66 -> 1.0.67" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.67 -> 1.0.70" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.70 -> 1.0.71" -notes = """ -New `unsafe` blocks are all inside `unsafe fn`s, and are added to make the -safety contracts in the code clearer (instead of using the `unsafe fn`'s -implicit `unsafe` block). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.proc-macro2]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.71 -> 1.0.74" -notes = """ -Build script changes are to replace `RUSTFLAGS` string parsing with a probe file -that is compiled with whatever `RUSTC` is set to (but the build script already -relies on the `RUSTC` environment variable for inspecting the compiler version). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.proptest]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -notes = """ -Adds support for generating arbitrary `PathBuf`s, but as this crate is intended -for fuzzing in test environments this is within its expected scope (and the new -API would be used intentionally by downstream tests). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.quote]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.31 -> 1.0.33" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.quote]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.33 -> 1.0.35" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "0.3.29 -> 0.3.30" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.rand_xorshift]] who = "Sean Bowe " @@ -2272,6 +2273,18 @@ criteria = "safe-to-deploy" delta = "1.9.5 -> 1.10.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.regex]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.10.2 -> 1.10.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.regex]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.10.4 -> 1.10.5" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.regex-automata]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2282,6 +2295,18 @@ any `unsafe` functions. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.regex-automata]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.4.3 -> 0.4.6" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.regex-automata]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "0.4.6 -> 0.4.7" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.regex-syntax]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2294,17 +2319,17 @@ criteria = "safe-to-deploy" delta = "0.7.5 -> 0.8.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.rustc-demangle]] -who = "Sean Bowe " +[[audits.zcash.audits.regex-syntax]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.1.21 -> 0.1.22" +delta = "0.8.2 -> 0.8.3" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.rustc-demangle]] +[[audits.zcash.audits.regex-syntax]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "0.1.22 -> 0.1.23" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "0.8.3 -> 0.8.4" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.rustc_version]] who = "Jack Grigg " @@ -2327,110 +2352,51 @@ criteria = "safe-to-deploy" delta = "1.0.15 -> 1.0.16" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] -who = "Jack Grigg " +[[audits.zcash.audits.ryu]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.136 -> 1.0.143" -notes = "Bumps serde-derive and adds some constructors." +delta = "1.0.16 -> 1.0.17" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] +[[audits.zcash.audits.ryu]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-run" +delta = "1.0.17 -> 1.0.18" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.155 -> 1.0.156" +delta = "1.0.17 -> 1.0.18" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.159 -> 1.0.160" +delta = "1.0.18 -> 1.0.19" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.179 -> 1.0.188" -notes = "Mostly a bunch of cleanups after bumping MSRV." +delta = "1.0.19 -> 1.0.20" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.serde]] +[[audits.zcash.audits.semver]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.20 -> 1.0.22" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.semver]] who = "Jack Grigg " criteria = "safe-to-deploy" -delta = "1.0.188 -> 1.0.193" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.193 -> 1.0.194" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.136 -> 1.0.143" -notes = "Bumps syn, inverts some build flags." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.155 -> 1.0.156" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.159 -> 1.0.160" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.179 -> 1.0.188" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.188 -> 1.0.193" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_derive]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.193 -> 1.0.194" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.96 -> 1.0.97" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.97 -> 1.0.99" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.99 -> 1.0.106" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.106 -> 1.0.107" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.serde_json]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.0.107 -> 1.0.108" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.0.22 -> 1.0.23" +notes = """ +`build.rs` change is to enable checking for expected `#[cfg]` names if compiling +with Rust 1.80 or later. +""" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.serde_json]] who = "Jack Grigg " @@ -2438,6 +2404,12 @@ criteria = "safe-to-deploy" delta = "1.0.108 -> 1.0.110" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.serde_json]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.110 -> 1.0.116" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.signature]] who = "Daira Emma Hopwood " criteria = "safe-to-deploy" @@ -2454,11 +2426,11 @@ criteria = "safe-to-deploy" delta = "2.1.0 -> 2.2.0" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] -who = "Sean Bowe " +[[audits.zcash.audits.smallvec]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "1.0.102 -> 1.0.104" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +delta = "1.11.1 -> 1.13.2" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" [[audits.zcash.audits.syn]] who = "Jack Grigg " @@ -2473,69 +2445,10 @@ delta = "1.0.107 -> 1.0.109" notes = "Fixes string literal parsing to only skip specified whitespace characters." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.11 -> 2.0.13" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.13 -> 2.0.15" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.15 -> 2.0.18" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.26 -> 2.0.33" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.33 -> 2.0.37" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.37 -> 2.0.41" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.41 -> 2.0.43" -notes = """ -New `unsafe` blocks are all inside `unsafe fn`s, and are added to make the -safety contracts in the code clearer (instead of using the `unsafe fn`'s -implicit `unsafe` block). -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.syn]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "2.0.43 -> 2.0.46" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.tempfile]] -who = "Jack Grigg " +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "3.8.0 -> 3.8.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - -[[audits.zcash.audits.tempfile]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "3.8.1 -> 3.9.0" +delta = "3.9.0 -> 3.10.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.thiserror]] @@ -2568,6 +2481,30 @@ changes in the build environment. """ aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.thiserror]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.56 -> 1.0.58" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.58 -> 1.0.60" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.60 -> 1.0.61" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.61 -> 1.0.63" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.thiserror-impl]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2592,18 +2529,36 @@ criteria = "safe-to-deploy" delta = "1.0.52 -> 1.0.56" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.thiserror-impl]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.56 -> 1.0.58" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror-impl]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "1.0.58 -> 1.0.60" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror-impl]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.60 -> 1.0.61" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + +[[audits.zcash.audits.thiserror-impl]] +who = "Jack Grigg " +criteria = "safe-to-deploy" +delta = "1.0.61 -> 1.0.63" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.time-core]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.1.0 -> 0.1.1" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tokio]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.35.0 -> 1.35.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.toml_datetime]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2643,16 +2598,28 @@ delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-macro]] who = "Jack Grigg " criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.wasm-bindgen-macro-support]] -who = "Jack Grigg " +[[audits.zcash.audits.wasm-bindgen-macro]] +who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" -delta = "0.2.87 -> 0.2.89" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.wasm-bindgen-macro-support]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +version = "0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" [[audits.zcash.audits.wasm-bindgen-shared]] @@ -2674,6 +2641,18 @@ criteria = "safe-to-deploy" delta = "0.2.87 -> 0.2.89" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-shared]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.89 -> 0.2.92" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + +[[audits.zcash.audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.66 -> 0.3.69" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.which]] who = "Jack Grigg " criteria = "safe-to-deploy" From 6d8d1515fc0d607dbda67db8b7b96b35568d0de0 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 17:53:59 +0000 Subject: [PATCH 10/77] `i18n-embed-fl 0.8` --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- supply-chain/config.toml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7e519cf..a984dd0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1260,9 +1260,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2" +checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" dependencies = [ "dashmap", "find-crate", diff --git a/Cargo.toml b/Cargo.toml index dafdd9b..86cb889 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,7 +55,7 @@ zeroize = "1" # Localization i18n-embed = { version = "0.14", features = ["fluent-system"] } -i18n-embed-fl = "0.7" +i18n-embed-fl = "0.8" lazy_static = "1" rust-embed = "8" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 01dc295..a04aab5 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -382,7 +382,7 @@ version = "0.14.1" criteria = "safe-to-deploy" [[exemptions.i18n-embed-fl]] -version = "0.7.0" +version = "0.8.0" criteria = "safe-to-deploy" [[exemptions.i18n-embed-impl]] From e47cf49b3ecccc588903388ed3ceed281431d1f7 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 20:44:09 +0000 Subject: [PATCH 11/77] CI: Migrate to `cargo-tarpaulin` container for code coverage --- .github/workflows/ci.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29dc13c..1217a04 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,6 +70,9 @@ jobs: codecov: name: Code coverage runs-on: ubuntu-latest + container: + image: xd009642/tarpaulin:develop-nightly + options: --security-opt seccomp=unconfined steps: - uses: actions/checkout@v4 @@ -77,12 +80,16 @@ jobs: id: toolchain - run: rustup override set ${{steps.toolchain.outputs.name}} - name: Install linux build dependencies - run: sudo apt update && sudo apt install libfuse-dev + run: apt update && apt -y install libfuse-dev - name: Generate coverage report - uses: actions-rs/tarpaulin@v0.1 - with: - version: '0.19.1' - args: --workspace --release --all-features --timeout 180 --out Xml + run: > + cargo tarpaulin + --engine llvm + --workspace + --release + --all-features + --timeout 180 + --out xml - name: Upload coverage to Codecov uses: codecov/codecov-action@v4.4.1 with: From ef5112fedde34949d5304e719e1a03c5dcfa86c6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 01:53:23 +0000 Subject: [PATCH 12/77] rage: Fix intra-doc link lint --- rage/src/bin/rage/i18n.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rage/src/bin/rage/i18n.rs b/rage/src/bin/rage/i18n.rs index 42cc77c..acd305a 100644 --- a/rage/src/bin/rage/i18n.rs +++ b/rage/src/bin/rage/i18n.rs @@ -14,7 +14,7 @@ lazy_static! { } /// Selects the most suitable available language in order of preference by -/// `requested_languages`, and loads it using the `rage` [`LANGUAGE_LOADER`] from the +/// `requested_languages`, and loads it using the `rage` [`static@LANGUAGE_LOADER`] from the /// languages available in `rage/i18n/`. /// /// Returns the available languages that were negotiated as being the most suitable to be From d4eb811ef9e05f02417036ea048268ce7a44b67c Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 02:02:44 +0000 Subject: [PATCH 13/77] fuzz: Update lockfiles for fuzzers --- fuzz-afl/Cargo.lock | 437 +++++++++++++++++++++++++++---------------- fuzz/Cargo.lock | 439 +++++++++++++++++++++++++++----------------- 2 files changed, 549 insertions(+), 327 deletions(-) diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index 20c55bc..a9fe9fd 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -83,9 +83,9 @@ dependencies = [ [[package]] name = "arc-swap" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "atty" @@ -100,15 +100,15 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "bech32" @@ -122,6 +122,12 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "bitflags" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" + [[package]] name = "block-buffer" version = "0.10.4" @@ -133,12 +139,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" [[package]] name = "cfg-if" @@ -189,7 +192,7 @@ checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ "ansi_term", "atty", - "bitflags", + "bitflags 1.3.2", "strsim 0.8.0", "textwrap", "unicode-width", @@ -198,15 +201,18 @@ dependencies = [ [[package]] name = "cookie-factory" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b" +checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2" +dependencies = [ + "futures", +] [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -223,15 +229,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "fiat-crypto", - "platforms", "rustc_version 0.4.0", "subtle", "zeroize", @@ -245,7 +250,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -274,13 +279,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -291,9 +296,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "find-crate" @@ -306,9 +311,9 @@ dependencies = [ [[package]] name = "fluent" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61f69378194459db76abd2ce3952b790db103ceb003008d3d50d97c41ff847a7" +checksum = "bb74634707bebd0ce645a981148e8fb8c7bccd4c33c652aeffd28bf2f96d555a" dependencies = [ "fluent-bundle", "unic-langid", @@ -316,9 +321,9 @@ dependencies = [ [[package]] name = "fluent-bundle" -version = "0.15.2" +version = "0.15.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e242c601dec9711505f6d5bbff5bedd4b61b2469f2e8bb8e57ee7c9747a87ffd" +checksum = "7fe0a21ee80050c678013f82edf4b705fe2f26f1f9877593d13198612503f493" dependencies = [ "fluent-langneg", "fluent-syntax", @@ -341,13 +346,102 @@ dependencies = [ [[package]] name = "fluent-syntax" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0abed97648395c902868fee9026de96483933faa54ea3b40d652f7dfe61ca78" +checksum = "2a530c4694a6a8d528794ee9bbd8ba0122e779629ac908d15ad5a7ae7763a33d" dependencies = [ "thiserror", ] +[[package]] +name = "futures" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" + +[[package]] +name = "futures-executor" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" + +[[package]] +name = "futures-macro" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.72", +] + +[[package]] +name = "futures-sink" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" + +[[package]] +name = "futures-task" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" + +[[package]] +name = "futures-util" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "pin-utils", + "slab", +] + [[package]] name = "generic-array" version = "0.14.7" @@ -360,9 +454,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -371,9 +465,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "hermit-abi" @@ -404,15 +498,15 @@ dependencies = [ [[package]] name = "i18n-config" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6691f16c6a35c1bb99a0f01aa39dd2b884d342b646689e9b8e4d51faf2cfdbd9" +checksum = "0c9ce3c48cbc21fd5b22b9331f32b5b51f6ad85d969b99e793427332e76e7640" dependencies = [ "log", "serde", "serde_derive", "thiserror", - "toml 0.7.6", + "toml 0.8.16", "unic-langid", ] @@ -439,9 +533,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2" +checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" dependencies = [ "dashmap", "find-crate", @@ -454,7 +548,7 @@ dependencies = [ "proc-macro2", "quote", "strsim 0.10.0", - "syn 2.0.46", + "syn 2.0.72", "unic-langid", ] @@ -468,14 +562,14 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", "hashbrown", @@ -492,9 +586,9 @@ dependencies = [ [[package]] name = "intl-memoizer" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c310433e4a310918d6ed9243542a6b83ec1183df95dff8f23f87bb88a264a66f" +checksum = "fe22e020fce238ae18a6d5d8c502ee76a52a6e880d99477657e6acc30ec57bda" dependencies = [ "type-map", "unic-langid", @@ -517,21 +611,21 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.151" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -539,15 +633,15 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "minimal-lexical" @@ -573,15 +667,15 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -589,9 +683,9 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", @@ -612,29 +706,35 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.3" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fda4ed1c6c173e3fc7a83629421152e01d7b1f9b7f65fb301e490e8cfc656422" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.3" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] -name = "platforms" -version = "3.3.0" +name = "pin-project-lite" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "poly1305" @@ -679,18 +779,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -727,18 +827,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.4.1" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" dependencies = [ - "bitflags", + "bitflags 2.6.0", ] [[package]] name = "rust-embed" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f" +checksum = "fa66af4a4fdd5e7ebc276f115e895611a34739a9c1c01028383d612d550953c0" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -747,22 +847,22 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16" +checksum = "6125dbc8867951125eec87294137f4e9c2c96566e61bf72c45095a7c77761478" dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.46", + "syn 2.0.72", "walkdir", ] [[package]] name = "rust-embed-utils" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665" +checksum = "2e5347777e9aacb56039b0e1f28785929a8a3b709e87482e7442c72e7c12529d" dependencies = [ "sha2", "walkdir", @@ -789,7 +889,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.21", + "semver 1.0.23", ] [[package]] @@ -842,14 +942,14 @@ version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e14e4d63b804dc0c7ec4a1e52bcb63f02c7ac94476755aa579edac21e01f915d" dependencies = [ - "self_cell 1.0.3", + "self_cell 1.0.4", ] [[package]] name = "self_cell" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba" +checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" [[package]] name = "semver" @@ -862,9 +962,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.21" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "semver-parser" @@ -874,29 +974,29 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "serde_spanned" -version = "0.6.3" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96426c9936fd7a0124915f9185ea1d20aa9445cc9821142f0a73bc9207a2e186" +checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" dependencies = [ "serde", ] @@ -913,10 +1013,19 @@ dependencies = [ ] [[package]] -name = "smallvec" -version = "1.11.2" +name = "slab" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + +[[package]] +name = "smallvec" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "strsim" @@ -932,9 +1041,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -948,9 +1057,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -968,29 +1077,29 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "tinystr" -version = "0.7.1" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ac3f5b6856e931e15e07b478e98c8045239829a65f9156d4fa7e7788197a5ef" +checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" dependencies = [ "displaydoc", ] @@ -1006,9 +1115,9 @@ dependencies = [ [[package]] name = "toml" -version = "0.7.6" +version = "0.8.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" +checksum = "81967dd0dd2c1ab0bc3468bd7caecc32b8a4aa47d0c8c695d8c2b2108168d62c" dependencies = [ "serde", "serde_spanned", @@ -1018,18 +1127,18 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.6.3" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cda73e2f1397b1262d6dfdcef8aafae14d1de7748d66822d3bfeeb6d03e5e4b" +checksum = "f8fb9f64314842840f1d940ac544da178732128f1c78c21772e876579e0da1db" dependencies = [ "serde", ] [[package]] name = "toml_edit" -version = "0.19.14" +version = "0.22.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" +checksum = "8d9f8729f5aea9562aac1cc0441f5d6de3cff1ee0c5d67293eeca5eb36ee7c16" dependencies = [ "indexmap", "serde", @@ -1040,9 +1149,9 @@ dependencies = [ [[package]] name = "type-map" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6d3364c5e96cb2ad1603037ab253ddd34d7fb72a58bdddf4b7350760fc69a46" +checksum = "deb68604048ff8fa93347f02441e4487594adc20bb8a084f9e564d2b827a0a9f" dependencies = [ "rustc-hash", ] @@ -1055,18 +1164,18 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unic-langid" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "238722e6d794ed130f91f4ea33e01fcff4f188d92337a21297892521c72df516" +checksum = "23dd9d1e72a73b25e07123a80776aae3e7b0ec461ef94f9151eed6ec88005a44" dependencies = [ "unic-langid-impl", ] [[package]] name = "unic-langid-impl" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd55a2063fdea4ef1f8633243a7b0524cbeef1905ae04c31a1c9b9775c55bc6" +checksum = "0a5422c1f65949306c99240b81de9f3f15929f5a8bfe05bb44b034cc8bf593e5" dependencies = [ "serde", "tinystr", @@ -1080,9 +1189,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-width" -version = "0.1.11" +version = "0.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" +checksum = "0336d538f7abc86d282a4189614dfaa90810dfc2c6f6427eaf88e16311dd225d" [[package]] name = "universal-hash" @@ -1102,15 +1211,15 @@ checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "walkdir" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", @@ -1140,11 +1249,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys", ] [[package]] @@ -1154,14 +1263,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] -name = "windows-targets" -version = "0.48.5" +name = "windows-sys" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -1170,60 +1289,66 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.5.31" +version = "0.6.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a4882e6b134d6c28953a387571f1acdd3496830d5e36c5e3a1075580ea641c" +checksum = "b480ae9340fc261e6be3e95a1ba86d54ae3f9171132a73ce8d4bbaf68339507c" dependencies = [ "memchr", ] [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", @@ -1239,9 +1364,9 @@ checksum = "213b7324336b53d2414b2db8537e56544d981803139155afa84f76eeebb7a546" [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -1254,5 +1379,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 67f7e06..5113e6f 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -69,21 +69,21 @@ checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" [[package]] name = "arc-swap" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" +checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "bech32" @@ -93,9 +93,9 @@ checksum = "d86b93f97252c47b41663388e6d155714a9d0c398b99f1005cbc5f978b29f445" [[package]] name = "bitflags" -version = "1.3.2" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block-buffer" @@ -108,12 +108,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.83" +version = "1.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" [[package]] name = "cfg-if" @@ -158,15 +155,18 @@ dependencies = [ [[package]] name = "cookie-factory" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b" +checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2" +dependencies = [ + "futures", +] [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -183,15 +183,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -205,7 +204,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -234,13 +233,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] @@ -251,9 +250,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "find-crate" @@ -266,9 +265,9 @@ dependencies = [ [[package]] name = "fluent" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61f69378194459db76abd2ce3952b790db103ceb003008d3d50d97c41ff847a7" +checksum = "bb74634707bebd0ce645a981148e8fb8c7bccd4c33c652aeffd28bf2f96d555a" dependencies = [ "fluent-bundle", "unic-langid", @@ -276,9 +275,9 @@ dependencies = [ [[package]] name = "fluent-bundle" -version = "0.15.2" +version = "0.15.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e242c601dec9711505f6d5bbff5bedd4b61b2469f2e8bb8e57ee7c9747a87ffd" +checksum = "7fe0a21ee80050c678013f82edf4b705fe2f26f1f9877593d13198612503f493" dependencies = [ "fluent-langneg", "fluent-syntax", @@ -301,13 +300,102 @@ dependencies = [ [[package]] name = "fluent-syntax" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0abed97648395c902868fee9026de96483933faa54ea3b40d652f7dfe61ca78" +checksum = "2a530c4694a6a8d528794ee9bbd8ba0122e779629ac908d15ad5a7ae7763a33d" dependencies = [ "thiserror", ] +[[package]] +name = "futures" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" + +[[package]] +name = "futures-executor" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" + +[[package]] +name = "futures-macro" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.72", +] + +[[package]] +name = "futures-sink" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" + +[[package]] +name = "futures-task" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" + +[[package]] +name = "futures-util" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "pin-utils", + "slab", +] + [[package]] name = "generic-array" version = "0.14.7" @@ -320,9 +408,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -331,9 +419,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "hkdf" @@ -355,15 +443,15 @@ dependencies = [ [[package]] name = "i18n-config" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6691f16c6a35c1bb99a0f01aa39dd2b884d342b646689e9b8e4d51faf2cfdbd9" +checksum = "0c9ce3c48cbc21fd5b22b9331f32b5b51f6ad85d969b99e793427332e76e7640" dependencies = [ "log", "serde", "serde_derive", "thiserror", - "toml 0.7.6", + "toml 0.8.16", "unic-langid", ] @@ -390,9 +478,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2" +checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" dependencies = [ "dashmap", "find-crate", @@ -405,7 +493,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.46", + "syn 2.0.72", "unic-langid", ] @@ -419,14 +507,14 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", "hashbrown", @@ -443,9 +531,9 @@ dependencies = [ [[package]] name = "intl-memoizer" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c310433e4a310918d6ed9243542a6b83ec1183df95dff8f23f87bb88a264a66f" +checksum = "fe22e020fce238ae18a6d5d8c502ee76a52a6e880d99477657e6acc30ec57bda" dependencies = [ "type-map", "unic-langid", @@ -468,15 +556,15 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.151" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libfuzzer-sys" @@ -489,9 +577,9 @@ dependencies = [ [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -499,15 +587,15 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "minimal-lexical" @@ -533,15 +621,15 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -549,9 +637,9 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", @@ -572,29 +660,35 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.3" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fda4ed1c6c173e3fc7a83629421152e01d7b1f9b7f65fb301e490e8cfc656422" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.3" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] -name = "platforms" -version = "3.3.0" +name = "pin-project-lite" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "poly1305" @@ -639,18 +733,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -687,18 +781,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.4.1" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" dependencies = [ "bitflags", ] [[package]] name = "rust-embed" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f" +checksum = "fa66af4a4fdd5e7ebc276f115e895611a34739a9c1c01028383d612d550953c0" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -707,22 +801,22 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16" +checksum = "6125dbc8867951125eec87294137f4e9c2c96566e61bf72c45095a7c77761478" dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.46", + "syn 2.0.72", "walkdir", ] [[package]] name = "rust-embed-utils" -version = "8.2.0" +version = "8.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665" +checksum = "2e5347777e9aacb56039b0e1f28785929a8a3b709e87482e7442c72e7c12529d" dependencies = [ "sha2", "walkdir", @@ -793,46 +887,46 @@ version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e14e4d63b804dc0c7ec4a1e52bcb63f02c7ac94476755aa579edac21e01f915d" dependencies = [ - "self_cell 1.0.3", + "self_cell 1.0.4", ] [[package]] name = "self_cell" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba" +checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" [[package]] name = "semver" -version = "1.0.21" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "serde_spanned" -version = "0.6.3" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96426c9936fd7a0124915f9185ea1d20aa9445cc9821142f0a73bc9207a2e186" +checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" dependencies = [ "serde", ] @@ -849,10 +943,19 @@ dependencies = [ ] [[package]] -name = "smallvec" -version = "1.11.2" +name = "slab" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + +[[package]] +name = "smallvec" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "strsim" @@ -862,9 +965,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -878,9 +981,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -889,29 +992,29 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] [[package]] name = "tinystr" -version = "0.7.1" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ac3f5b6856e931e15e07b478e98c8045239829a65f9156d4fa7e7788197a5ef" +checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" dependencies = [ "displaydoc", ] @@ -927,9 +1030,9 @@ dependencies = [ [[package]] name = "toml" -version = "0.7.6" +version = "0.8.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" +checksum = "81967dd0dd2c1ab0bc3468bd7caecc32b8a4aa47d0c8c695d8c2b2108168d62c" dependencies = [ "serde", "serde_spanned", @@ -939,18 +1042,18 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.6.3" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cda73e2f1397b1262d6dfdcef8aafae14d1de7748d66822d3bfeeb6d03e5e4b" +checksum = "f8fb9f64314842840f1d940ac544da178732128f1c78c21772e876579e0da1db" dependencies = [ "serde", ] [[package]] name = "toml_edit" -version = "0.19.14" +version = "0.22.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" +checksum = "8d9f8729f5aea9562aac1cc0441f5d6de3cff1ee0c5d67293eeca5eb36ee7c16" dependencies = [ "indexmap", "serde", @@ -961,9 +1064,9 @@ dependencies = [ [[package]] name = "type-map" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6d3364c5e96cb2ad1603037ab253ddd34d7fb72a58bdddf4b7350760fc69a46" +checksum = "deb68604048ff8fa93347f02441e4487594adc20bb8a084f9e564d2b827a0a9f" dependencies = [ "rustc-hash", ] @@ -976,18 +1079,18 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unic-langid" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "238722e6d794ed130f91f4ea33e01fcff4f188d92337a21297892521c72df516" +checksum = "23dd9d1e72a73b25e07123a80776aae3e7b0ec461ef94f9151eed6ec88005a44" dependencies = [ "unic-langid-impl", ] [[package]] name = "unic-langid-impl" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bd55a2063fdea4ef1f8633243a7b0524cbeef1905ae04c31a1c9b9775c55bc6" +checksum = "0a5422c1f65949306c99240b81de9f3f15929f5a8bfe05bb44b034cc8bf593e5" dependencies = [ "serde", "tinystr", @@ -1011,15 +1114,15 @@ dependencies = [ [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "walkdir" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", @@ -1031,46 +1134,34 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys", ] [[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" +name = "windows-sys" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] [[package]] name = "windows-targets" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", "windows_i686_gnu", + "windows_i686_gnullvm", "windows_i686_msvc", "windows_x86_64_gnu", "windows_x86_64_gnullvm", @@ -1079,60 +1170,66 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "0.5.31" +version = "0.6.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a4882e6b134d6c28953a387571f1acdd3496830d5e36c5e3a1075580ea641c" +checksum = "b480ae9340fc261e6be3e95a1ba86d54ae3f9171132a73ce8d4bbaf68339507c" dependencies = [ "memchr", ] [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", @@ -1142,9 +1239,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -1157,5 +1254,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.72", ] From 6b46ada5e8bba48ae49752498c3ae2965ac0773a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 02:18:03 +0000 Subject: [PATCH 14/77] fuzz: `afl 0.15` --- fuzz-afl/Cargo.lock | 155 +++++--------------------------------------- fuzz-afl/Cargo.toml | 2 +- 2 files changed, 18 insertions(+), 139 deletions(-) diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index a9fe9fd..6fe8ce2 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -14,14 +14,13 @@ dependencies = [ [[package]] name = "afl" -version = "0.8.0" +version = "0.15.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2797f92fb146a37560af914b5d5328f8330d6a39b6eaf00f5b184ac73c0c81e7" +checksum = "c21e10b6947189c5ff61343b5354e9ad1c1722bd47b69cd0a6b49e5fa7f7ecf6" dependencies = [ - "cc", - "clap", + "home", "libc", - "rustc_version 0.2.3", + "rustc_version", "xdg", ] @@ -72,32 +71,12 @@ dependencies = [ "age", ] -[[package]] -name = "ansi_term" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" -dependencies = [ - "winapi", -] - [[package]] name = "arc-swap" version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi", - "libc", - "winapi", -] - [[package]] name = "autocfg" version = "1.3.0" @@ -116,12 +95,6 @@ version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d86b93f97252c47b41663388e6d155714a9d0c398b99f1005cbc5f978b29f445" -[[package]] -name = "bitflags" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - [[package]] name = "bitflags" version = "2.6.0" @@ -137,12 +110,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "cc" -version = "1.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" - [[package]] name = "cfg-if" version = "1.0.0" @@ -184,21 +151,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "clap" -version = "2.34.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" -dependencies = [ - "ansi_term", - "atty", - "bitflags 1.3.2", - "strsim 0.8.0", - "textwrap", - "unicode-width", - "vec_map", -] - [[package]] name = "cookie-factory" version = "0.3.3" @@ -237,7 +189,7 @@ dependencies = [ "cpufeatures", "curve25519-dalek-derive", "fiat-crypto", - "rustc_version 0.4.0", + "rustc_version", "subtle", "zeroize", ] @@ -469,15 +421,6 @@ version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - [[package]] name = "hkdf" version = "0.12.4" @@ -496,6 +439,15 @@ dependencies = [ "digest", ] +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys", +] + [[package]] name = "i18n-config" version = "0.4.6" @@ -547,7 +499,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "strsim 0.10.0", + "strsim", "syn 2.0.72", "unic-langid", ] @@ -831,7 +783,7 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" dependencies = [ - "bitflags 2.6.0", + "bitflags", ] [[package]] @@ -874,22 +826,13 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" -[[package]] -name = "rustc_version" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a" -dependencies = [ - "semver 0.9.0", -] - [[package]] name = "rustc_version" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.23", + "semver", ] [[package]] @@ -951,27 +894,12 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d369a96f978623eb3dc28807c4852d6cc617fed53da5d3c400feff1ef34a714a" -[[package]] -name = "semver" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" -dependencies = [ - "semver-parser", -] - [[package]] name = "semver" version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" -[[package]] -name = "semver-parser" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" - [[package]] name = "serde" version = "1.0.204" @@ -1027,12 +955,6 @@ version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" -[[package]] -name = "strsim" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" - [[package]] name = "strsim" version = "0.10.0" @@ -1066,15 +988,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "textwrap" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", -] - [[package]] name = "thiserror" version = "1.0.63" @@ -1187,12 +1100,6 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "unicode-width" -version = "0.1.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0336d538f7abc86d282a4189614dfaa90810dfc2c6f6427eaf88e16311dd225d" - [[package]] name = "universal-hash" version = "0.5.1" @@ -1203,12 +1110,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "vec_map" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" - [[package]] name = "version_check" version = "0.9.5" @@ -1231,22 +1132,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - [[package]] name = "winapi-util" version = "0.1.8" @@ -1256,12 +1141,6 @@ dependencies = [ "windows-sys", ] -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - [[package]] name = "windows-sys" version = "0.52.0" diff --git a/fuzz-afl/Cargo.toml b/fuzz-afl/Cargo.toml index 8b8299a..edda503 100644 --- a/fuzz-afl/Cargo.toml +++ b/fuzz-afl/Cargo.toml @@ -6,7 +6,7 @@ publish = false edition = "2018" [dependencies] -afl = "0.8" +afl = "0.15" age = { path = "../age" } # Prevent this from interfering with workspaces From 0c2acd53068ddaf59eb5f5c9444808591c760939 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 22:57:07 +0000 Subject: [PATCH 15/77] age: Move `scrypt` structural requirement checks to `HeaderV1` --- age/src/format.rs | 23 +++++++++++++++++++++++ age/src/protocol.rs | 9 ++------- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/age/src/format.rs b/age/src/format.rs index 43064f3..cee975a 100644 --- a/age/src/format.rs +++ b/age/src/format.rs @@ -6,6 +6,7 @@ use std::io::{self, BufRead, Read, Write}; use crate::{ error::DecryptError, primitives::{HmacKey, HmacWriter}, + scrypt, }; #[cfg(feature = "async")] @@ -61,6 +62,28 @@ impl HeaderV1 { } mac.verify(&self.mac) } + + fn any_scrypt(&self) -> bool { + self.recipients + .iter() + .any(|r| r.tag == scrypt::SCRYPT_RECIPIENT_TAG) + } + + /// Checks whether the header contains a single recipient of type `scrypt`. + /// + /// This can be used along with [`Self::no_scrypt`] to enforce the structural + /// requirements on the v1 header. + pub(crate) fn valid_scrypt(&self) -> bool { + self.any_scrypt() && self.recipients.len() == 1 + } + + /// Checks whether the header contains no `scrypt` recipients. + /// + /// This can be used along with [`Self::valid_scrypt`] to enforce the structural + /// requirements on the v1 header. + pub(crate) fn no_scrypt(&self) -> bool { + !self.any_scrypt() + } } impl Header { diff --git a/age/src/protocol.rs b/age/src/protocol.rs index fe0ff46..1ebf0c3 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -162,14 +162,9 @@ impl From> for Decryptor { impl Decryptor { fn from_v1_header(input: R, header: HeaderV1, nonce: Nonce) -> Result { // Enforce structural requirements on the v1 header. - let any_scrypt = header - .recipients - .iter() - .any(|r| r.tag == scrypt::SCRYPT_RECIPIENT_TAG); - - if any_scrypt && header.recipients.len() == 1 { + if header.valid_scrypt() { Ok(decryptor::PassphraseDecryptor::new(input, Header::V1(header), nonce).into()) - } else if !any_scrypt { + } else if header.no_scrypt() { Ok(decryptor::RecipientsDecryptor::new(input, Header::V1(header), nonce).into()) } else { Err(DecryptError::InvalidHeader) From 4ba982254c50fb014fc1d00bc8d80281064b2f35 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 23:29:17 +0000 Subject: [PATCH 16/77] age: Make `scrypt::Identity` an owning type --- age/src/protocol/decryptor.rs | 2 +- age/src/scrypt.rs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/age/src/protocol/decryptor.rs b/age/src/protocol/decryptor.rs index 46622b8..7854527 100644 --- a/age/src/protocol/decryptor.rs +++ b/age/src/protocol/decryptor.rs @@ -108,7 +108,7 @@ impl PassphraseDecryptor { max_work_factor: Option, ) -> Result { let identity = scrypt::Identity { - passphrase, + passphrase: passphrase.clone(), max_work_factor, }; diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index 6f254f3..41ba834 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -112,12 +112,12 @@ impl crate::Recipient for Recipient { } } -pub(crate) struct Identity<'a> { - pub(crate) passphrase: &'a SecretString, +pub(crate) struct Identity { + pub(crate) passphrase: SecretString, pub(crate) max_work_factor: Option, } -impl<'a> crate::Identity for Identity<'a> { +impl crate::Identity for Identity { fn unwrap_stanza(&self, stanza: &Stanza) -> Option> { if stanza.tag != SCRYPT_RECIPIENT_TAG { return None; From f253ff2ff123f5bcf38bb02cc92b24bd2f3a5788 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 28 Jul 2024 23:44:42 +0000 Subject: [PATCH 17/77] age: Expose `scrypt::{Recipient, Identity}` --- age/CHANGELOG.md | 2 + age/src/lib.rs | 2 +- age/src/protocol.rs | 2 +- age/src/protocol/decryptor.rs | 8 ++-- age/src/scrypt.rs | 71 ++++++++++++++++++++++++++++++----- 5 files changed, 69 insertions(+), 16 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 39c0d4b..c876246 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -10,6 +10,8 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added +- `age::scrypt`, providing recipient and identity types for passphrase-based + encryption. - Partial French translation! ## [0.10.0] - 2024-02-04 diff --git a/age/src/lib.rs b/age/src/lib.rs index fd9d410..f844974 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -170,7 +170,7 @@ pub use i18n::localizer; // pub mod encrypted; -mod scrypt; +pub mod scrypt; pub mod x25519; #[cfg(feature = "plugin")] diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 1ebf0c3..a3b3854 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -94,7 +94,7 @@ impl Encryptor { stanzas } EncryptorType::Passphrase(passphrase) => { - scrypt::Recipient { passphrase }.wrap_file_key(&file_key)? + scrypt::Recipient::new(passphrase).wrap_file_key(&file_key)? } }; diff --git a/age/src/protocol/decryptor.rs b/age/src/protocol/decryptor.rs index 7854527..e077458 100644 --- a/age/src/protocol/decryptor.rs +++ b/age/src/protocol/decryptor.rs @@ -107,10 +107,10 @@ impl PassphraseDecryptor { passphrase: &SecretString, max_work_factor: Option, ) -> Result { - let identity = scrypt::Identity { - passphrase: passphrase.clone(), - max_work_factor, - }; + let mut identity = scrypt::Identity::new(passphrase.clone()); + if let Some(max_work_factor) = max_work_factor { + identity.set_max_work_factor(max_work_factor); + } self.0.obtain_payload_key(|r| identity.unwrap_stanzas(r)) } diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index 41ba834..b70f04c 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -1,3 +1,5 @@ +//! The "scrypt" passphrase-based recipient type, native to age. + use age_core::{ format::{FileKey, Stanza, FILE_KEY_BYTES}, primitives::{aead_decrypt, aead_encrypt}, @@ -83,8 +85,25 @@ fn target_scrypt_work_factor() -> u8 { }) } -pub(crate) struct Recipient { - pub(crate) passphrase: SecretString, +/// A passphrase-based recipient. Anyone with the passphrase can decrypt the file. +/// +/// If an `scrypt::Recipient` is used, it must be the only recipient for the file: it +/// can't be mixed with other recipient types and can't be used multiple times for the +/// same file. +/// +/// This API should only be used with a passphrase that was provided by (or generated +/// for) a human. For programmatic use cases, instead generate an [`x25519::Identity`]. +/// +/// [`x25519::Identity`]: crate::x25519::Identity +pub struct Recipient { + passphrase: SecretString, +} + +impl Recipient { + /// Constructs a new `Recipient` with the given passphrase. + pub fn new(passphrase: SecretString) -> Self { + Self { passphrase } + } } impl crate::Recipient for Recipient { @@ -112,9 +131,43 @@ impl crate::Recipient for Recipient { } } -pub(crate) struct Identity { - pub(crate) passphrase: SecretString, - pub(crate) max_work_factor: Option, +/// A passphrase-based identity. Anyone with the passphrase can decrypt the file. +/// +/// The identity caps the amount of work that the [`Decryptor`] might have to do to +/// process received files. A fairly high default is used (targeting roughly 16 seconds of +/// work per stanza on the current machine), which might not be suitable for systems +/// processing untrusted files. +/// +/// [`Decryptor`]: crate::Decryptor +pub struct Identity { + passphrase: SecretString, + target_work_factor: u8, + max_work_factor: u8, +} + +impl Identity { + /// Constructs a new `Identity` with the given passphrase. + pub fn new(passphrase: SecretString) -> Self { + let target_work_factor = target_scrypt_work_factor(); + + // Place bounds on the work factor we will accept (roughly 16 seconds). + let max_work_factor = target_work_factor + 4; + + Self { + passphrase, + target_work_factor, + max_work_factor, + } + } + + /// Sets the maximum accepted scrypt work factor to `2^max_work_factor`. + /// + /// This method must be called before [`Self::unwrap_stanza`] to have an effect. + /// + /// [`Self::unwrap_stanza`]: crate::Identity::unwrap_stanza + pub fn set_max_work_factor(&mut self, max_work_factor: u8) { + self.max_work_factor = max_work_factor; + } } impl crate::Identity for Identity { @@ -139,12 +192,10 @@ impl crate::Identity for Identity { return Some(Err(DecryptError::InvalidHeader)); } - // Place bounds on the work factor we will accept (roughly 16 seconds). - let target = target_scrypt_work_factor(); - if log_n > self.max_work_factor.unwrap_or(target + 4) { + if log_n > self.max_work_factor { return Some(Err(DecryptError::ExcessiveWork { required: log_n, - target, + target: self.target_work_factor, })); } @@ -157,7 +208,7 @@ impl crate::Identity for Identity { Err(_) => { return Some(Err(DecryptError::ExcessiveWork { required: log_n, - target, + target: self.target_work_factor, })); } }; From a1f16094b84eb4f6595969aa85731c6c863e2319 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 01:06:59 +0000 Subject: [PATCH 18/77] age: Remove `PassphraseDecryptor` --- age/CHANGELOG.md | 8 ++++ age/src/encrypted.rs | 15 ++++--- age/src/format.rs | 5 +++ age/src/lib.rs | 7 +-- age/src/protocol.rs | 22 +++------- age/src/protocol/decryptor.rs | 77 +++++---------------------------- age/tests/test_vectors.rs | 11 +++-- age/tests/testkit.rs | 33 +++++++++----- rage/src/bin/rage-mount/main.rs | 18 +++++--- rage/src/bin/rage/main.rs | 19 +++++--- 10 files changed, 98 insertions(+), 117 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index c876246..36847dc 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -10,10 +10,18 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added +- `age::decryptor::RecipientsDecryptor::is_scrypt` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. - Partial French translation! +### Changed +- `age::Decryptor` no longer has a `Passphrase` variant. + +### Removed +- `age::decryptor::PassphraseDecryptor` (use `RecipientsDecryptor` with + `age::scrypt::Identity` instead). + ## [0.10.0] - 2024-02-04 ### Added - Russian translation! diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index ec405b0..a996a4a 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -3,14 +3,14 @@ use std::{cell::Cell, io}; use crate::{ - decryptor::PassphraseDecryptor, fl, Callbacks, DecryptError, Decryptor, EncryptError, + decryptor::RecipientsDecryptor, fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile, IdentityFileEntry, }; /// The state of the encrypted age identity. enum IdentityState { Encrypted { - decryptor: PassphraseDecryptor, + decryptor: RecipientsDecryptor, max_work_factor: Option, }, Decrypted(Vec), @@ -51,8 +51,13 @@ impl IdentityState { None => todo!(), }; + let mut identity = scrypt::Identity::new(passphrase); + if let Some(max_work_factor) = max_work_factor { + identity.set_max_work_factor(max_work_factor); + } + decryptor - .decrypt(&passphrase, max_work_factor) + .decrypt(Some(&identity as _).into_iter()) .map_err(|e| { if matches!(e, DecryptError::DecryptionFailed) { DecryptError::KeyDecryptionFailed @@ -93,8 +98,8 @@ impl Identity { max_work_factor: Option, ) -> Result, DecryptError> { match Decryptor::new(data)? { - Decryptor::Recipients(_) => Ok(None), - Decryptor::Passphrase(decryptor) => Ok(Some(Identity { + Decryptor::Recipients(decryptor) if !decryptor.is_scrypt() => Ok(None), + Decryptor::Recipients(decryptor) => Ok(Some(Identity { state: Cell::new(IdentityState::Encrypted { decryptor, max_work_factor, diff --git a/age/src/format.rs b/age/src/format.rs index cee975a..10027bc 100644 --- a/age/src/format.rs +++ b/age/src/format.rs @@ -84,6 +84,11 @@ impl HeaderV1 { pub(crate) fn no_scrypt(&self) -> bool { !self.any_scrypt() } + + /// Enforces structural requirements on the v1 header. + pub(crate) fn is_valid(&self) -> bool { + self.valid_scrypt() || self.no_scrypt() + } } impl Header { diff --git a/age/src/lib.rs b/age/src/lib.rs index f844974..02588c8 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -110,12 +110,13 @@ //! # fn decrypt(passphrase: &str, encrypted: Vec) -> Result, age::DecryptError> { //! let decrypted = { //! let decryptor = match age::Decryptor::new(&encrypted[..])? { -//! age::Decryptor::Passphrase(d) => d, -//! _ => unreachable!(), +//! age::Decryptor::Recipients(d) => d, //! }; //! //! let mut decrypted = vec![]; -//! let mut reader = decryptor.decrypt(&Secret::new(passphrase.to_owned()), None)?; +//! let mut reader = decryptor.decrypt( +//! Some(&age::scrypt::Identity::new(Secret::new(passphrase.to_owned())) as _).into_iter(), +//! )?; //! reader.read_to_end(&mut decrypted); //! //! decrypted diff --git a/age/src/protocol.rs b/age/src/protocol.rs index a3b3854..4238ed0 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -143,8 +143,6 @@ impl Encryptor { pub enum Decryptor { /// Decryption with a list of identities. Recipients(decryptor::RecipientsDecryptor), - /// Decryption with a passphrase. - Passphrase(decryptor::PassphraseDecryptor), } impl From> for Decryptor { @@ -153,18 +151,10 @@ impl From> for Decryptor { } } -impl From> for Decryptor { - fn from(decryptor: decryptor::PassphraseDecryptor) -> Self { - Decryptor::Passphrase(decryptor) - } -} - impl Decryptor { fn from_v1_header(input: R, header: HeaderV1, nonce: Nonce) -> Result { // Enforce structural requirements on the v1 header. - if header.valid_scrypt() { - Ok(decryptor::PassphraseDecryptor::new(input, Header::V1(header), nonce).into()) - } else if header.no_scrypt() { + if header.is_valid() { Ok(decryptor::RecipientsDecryptor::new(input, Header::V1(header), nonce).into()) } else { Err(DecryptError::InvalidHeader) @@ -279,7 +269,7 @@ mod tests { use super::{Decryptor, Encryptor}; use crate::{ identity::{IdentityFile, IdentityFileEntry}, - x25519, Identity, Recipient, + scrypt, x25519, Identity, Recipient, }; #[cfg(feature = "async")] @@ -373,7 +363,6 @@ mod tests { } } { Decryptor::Recipients(d) => d, - _ => panic!(), }; let decrypted = { @@ -439,11 +428,14 @@ mod tests { } let d = match Decryptor::new(&encrypted[..]) { - Ok(Decryptor::Passphrase(d)) => d, + Ok(Decryptor::Recipients(d)) => d, _ => panic!(), }; let mut r = d - .decrypt(&SecretString::new("passphrase".to_string()), None) + .decrypt( + Some(&scrypt::Identity::new(SecretString::new("passphrase".to_string())) as _) + .into_iter(), + ) .unwrap(); let mut decrypted = vec![]; r.read_to_end(&mut decrypted).unwrap(); diff --git a/age/src/protocol/decryptor.rs b/age/src/protocol/decryptor.rs index e077458..4814159 100644 --- a/age/src/protocol/decryptor.rs +++ b/age/src/protocol/decryptor.rs @@ -1,9 +1,6 @@ //! Decryptors for age. -use age_core::{ - format::{FileKey, Stanza}, - secrecy::SecretString, -}; +use age_core::format::{FileKey, Stanza}; use std::io::Read; use super::Nonce; @@ -12,7 +9,7 @@ use crate::{ format::Header, keys::v1_payload_key, primitives::stream::{PayloadKey, Stream, StreamReader}, - scrypt, Identity, + Identity, }; #[cfg(feature = "async")] @@ -53,6 +50,14 @@ impl RecipientsDecryptor { }) } + /// Returns `true` if the age file is encrypted to a passphrase. + pub fn is_scrypt(&self) -> bool { + match &self.0.header { + Header::V1(header) => header.valid_scrypt(), + Header::Unknown(_) => false, + } + } + fn obtain_payload_key<'a>( &self, mut identities: impl Iterator, @@ -89,65 +94,3 @@ impl RecipientsDecryptor { .map(|payload_key| Stream::decrypt_async(payload_key, self.0.input)) } } - -/// Decryptor for an age file encrypted with a passphrase. -pub struct PassphraseDecryptor(BaseDecryptor); - -impl PassphraseDecryptor { - pub(super) fn new(input: R, header: Header, nonce: Nonce) -> Self { - PassphraseDecryptor(BaseDecryptor { - input, - header, - nonce, - }) - } - - fn obtain_payload_key( - &self, - passphrase: &SecretString, - max_work_factor: Option, - ) -> Result { - let mut identity = scrypt::Identity::new(passphrase.clone()); - if let Some(max_work_factor) = max_work_factor { - identity.set_max_work_factor(max_work_factor); - } - - self.0.obtain_payload_key(|r| identity.unwrap_stanzas(r)) - } -} - -impl PassphraseDecryptor { - /// Attempts to decrypt the age file. - /// - /// `max_work_factor` is the maximum accepted work factor. If `None`, the default - /// maximum is adjusted to around 16 seconds of work. - /// - /// If successful, returns a reader that will provide the plaintext. - pub fn decrypt( - self, - passphrase: &SecretString, - max_work_factor: Option, - ) -> Result, DecryptError> { - self.obtain_payload_key(passphrase, max_work_factor) - .map(|payload_key| Stream::decrypt(payload_key, self.0.input)) - } -} - -#[cfg(feature = "async")] -#[cfg_attr(docsrs, doc(cfg(feature = "async")))] -impl PassphraseDecryptor { - /// Attempts to decrypt the age file. - /// - /// `max_work_factor` is the maximum accepted work factor. If `None`, the default - /// maximum is adjusted to around 16 seconds of work. - /// - /// If successful, returns a reader that will provide the plaintext. - pub fn decrypt_async( - self, - passphrase: &SecretString, - max_work_factor: Option, - ) -> Result, DecryptError> { - self.obtain_payload_key(passphrase, max_work_factor) - .map(|payload_key| Stream::decrypt_async(payload_key, self.0.input)) - } -} diff --git a/age/tests/test_vectors.rs b/age/tests/test_vectors.rs index aeecba8..026fe59 100644 --- a/age/tests/test_vectors.rs +++ b/age/tests/test_vectors.rs @@ -1,7 +1,9 @@ -use age_core::secrecy::SecretString; use std::fs; use std::io::Read; +use age::scrypt; +use age_core::secrecy::SecretString; + #[test] #[cfg(feature = "cli-common")] fn age_test_vectors() -> Result<(), Box> { @@ -23,7 +25,7 @@ fn age_test_vectors() -> Result<(), Box> { let expect_failure = name.starts_with("fail_"); let res = match age::Decryptor::new(fs::File::open(&path)?)? { - age::Decryptor::Recipients(d) => { + age::Decryptor::Recipients(d) if !d.is_scrypt() => { let identities = age::cli_common::read_identities( vec![format!( "{}/{}_key.txt", @@ -35,7 +37,7 @@ fn age_test_vectors() -> Result<(), Box> { )?; d.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity)) } - age::Decryptor::Passphrase(d) => { + age::Decryptor::Recipients(d) => { let mut passphrase = String::new(); fs::File::open(format!( "{}/{}_password.txt", @@ -44,7 +46,8 @@ fn age_test_vectors() -> Result<(), Box> { ))? .read_to_string(&mut passphrase)?; let passphrase = SecretString::new(passphrase); - d.decrypt(&passphrase, None) + let identity = scrypt::Identity::new(passphrase); + d.decrypt(Some(&identity as _).into_iter()) } }; diff --git a/age/tests/testkit.rs b/age/tests/testkit.rs index 8d8762e..d7f1c89 100644 --- a/age/tests/testkit.rs +++ b/age/tests/testkit.rs @@ -6,6 +6,7 @@ use std::{ use age::{ armor::{ArmoredReadError, ArmoredReader}, + scrypt, secrecy::SecretString, x25519, DecryptError, Decryptor, Identity, }; @@ -132,13 +133,15 @@ fn testkit(filename: &str) { let comment = format_testkit_comment(&testfile); match Decryptor::new(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| match d { - Decryptor::Recipients(d) => { + Decryptor::Recipients(d) if !d.is_scrypt() => { let identities = get_testkit_identities(filename, &testfile); d.decrypt(identities.iter().map(|i| i as &dyn Identity)) } - Decryptor::Passphrase(d) => { + Decryptor::Recipients(d) => { let passphrase = get_testkit_passphrase(&testfile, &comment); - d.decrypt(&passphrase, Some(16)) + let mut identity = scrypt::Identity::new(passphrase); + identity.set_max_work_factor(16); + d.decrypt(Some(&identity as _).into_iter()) } }) { Ok(mut r) => { @@ -270,13 +273,15 @@ fn testkit_buffered(filename: &str) { match Decryptor::new_buffered(ArmoredReader::new(&testfile.age_file[..])).and_then( |d| match d { - Decryptor::Recipients(d) => { + Decryptor::Recipients(d) if !d.is_scrypt() => { let identities = get_testkit_identities(filename, &testfile); d.decrypt(identities.iter().map(|i| i as &dyn Identity)) } - Decryptor::Passphrase(d) => { + Decryptor::Recipients(d) => { let passphrase = get_testkit_passphrase(&testfile, &comment); - d.decrypt(&passphrase, Some(16)) + let mut identity = scrypt::Identity::new(passphrase); + identity.set_max_work_factor(16); + d.decrypt(Some(&identity as _).into_iter()) } }, ) { @@ -411,13 +416,15 @@ async fn testkit_async(filename: &str) { match Decryptor::new_async(ArmoredReader::from_async_reader(&testfile.age_file[..])) .await .and_then(|d| match d { - Decryptor::Recipients(d) => { + Decryptor::Recipients(d) if !d.is_scrypt() => { let identities = get_testkit_identities(filename, &testfile); d.decrypt_async(identities.iter().map(|i| i as &dyn Identity)) } - Decryptor::Passphrase(d) => { + Decryptor::Recipients(d) => { let passphrase = get_testkit_passphrase(&testfile, &comment); - d.decrypt_async(&passphrase, Some(16)) + let mut identity = scrypt::Identity::new(passphrase); + identity.set_max_work_factor(16); + d.decrypt_async(Some(&identity as _).into_iter()) } }) { Ok(mut r) => { @@ -551,13 +558,15 @@ async fn testkit_async_buffered(filename: &str) { match Decryptor::new_async_buffered(ArmoredReader::from_async_reader(&testfile.age_file[..])) .await .and_then(|d| match d { - Decryptor::Recipients(d) => { + Decryptor::Recipients(d) if !d.is_scrypt() => { let identities = get_testkit_identities(filename, &testfile); d.decrypt_async(identities.iter().map(|i| i as &dyn Identity)) } - Decryptor::Passphrase(d) => { + Decryptor::Recipients(d) => { let passphrase = get_testkit_passphrase(&testfile, &comment); - d.decrypt_async(&passphrase, Some(16)) + let mut identity = scrypt::Identity::new(passphrase); + identity.set_max_work_factor(16); + d.decrypt_async(Some(&identity as _).into_iter()) } }) { Ok(mut r) => { diff --git a/rage/src/bin/rage-mount/main.rs b/rage/src/bin/rage-mount/main.rs index 208ebea..5d36559 100644 --- a/rage/src/bin/rage-mount/main.rs +++ b/rage/src/bin/rage-mount/main.rs @@ -3,6 +3,7 @@ use age::{ armor::ArmoredReader, cli_common::{read_identities, read_secret, StdinGuard}, + scrypt, stream::StreamReader, }; use clap::{CommandFactory, Parser}; @@ -210,12 +211,19 @@ fn main() -> Result<(), Error> { let mut stdin_guard = StdinGuard::new(false); match age::Decryptor::new_buffered(ArmoredReader::new(file))? { - age::Decryptor::Passphrase(decryptor) => { + age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => { match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { - Ok(passphrase) => decryptor - .decrypt(&passphrase, opts.max_work_factor) - .map_err(|e| e.into()) - .and_then(|stream| mount_stream(stream, types, mountpoint)), + Ok(passphrase) => { + let mut identity = scrypt::Identity::new(passphrase); + if let Some(max_work_factor) = opts.max_work_factor { + identity.set_max_work_factor(max_work_factor); + } + + decryptor + .decrypt(Some(&identity as _).into_iter()) + .map_err(|e| e.into()) + .and_then(|stream| mount_stream(stream, types, mountpoint)) + } Err(_) => Ok(()), } } diff --git a/rage/src/bin/rage/main.rs b/rage/src/bin/rage/main.rs index 38bbfc5..6bd3304 100644 --- a/rage/src/bin/rage/main.rs +++ b/rage/src/bin/rage/main.rs @@ -6,7 +6,7 @@ use age::{ file_io, read_identities, read_or_generate_passphrase, read_recipients, read_secret, Passphrase, StdinGuard, UiCallbacks, }, - plugin, + plugin, scrypt, secrecy::ExposeSecret, Identity, }; @@ -293,7 +293,7 @@ fn decrypt(opts: AgeOptions) -> Result<(), error::DecryptError> { ); match age::Decryptor::new_buffered(ArmoredReader::new(input))? { - age::Decryptor::Passphrase(decryptor) => { + age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => { if identities_were_provided { return Err(error::DecryptError::MixedIdentityAndPassphrase); } @@ -308,10 +308,17 @@ fn decrypt(opts: AgeOptions) -> Result<(), error::DecryptError> { } match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { - Ok(passphrase) => decryptor - .decrypt(&passphrase, opts.max_work_factor) - .map_err(|e| e.into()) - .and_then(|input| write_output(input, output)), + Ok(passphrase) => { + let mut identity = scrypt::Identity::new(passphrase); + if let Some(max_work_factor) = opts.max_work_factor { + identity.set_max_work_factor(max_work_factor); + } + + decryptor + .decrypt(Some(&identity as _).into_iter()) + .map_err(|e| e.into()) + .and_then(|input| write_output(input, output)) + } Err(pinentry::Error::Cancelled) => Ok(()), Err(pinentry::Error::Timeout) => Err(error::DecryptError::PassphraseTimedOut), Err(pinentry::Error::Encoding(e)) => { From 219ac41b60edbb63652839f8a1415b44a64fcdcc Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 01:38:45 +0000 Subject: [PATCH 19/77] age: Merge `RecipientsDecryptor` into `Decryptor` --- age/CHANGELOG.md | 8 ++- age/benches/throughput.rs | 5 +- age/src/encrypted.rs | 25 ++++----- age/src/lib.rs | 17 ++---- age/src/primitives/armor.rs | 14 +---- age/src/protocol.rs | 85 +++++++++++++++++++--------- age/src/protocol/decryptor.rs | 96 -------------------------------- age/tests/test_vectors.rs | 44 +++++++-------- age/tests/testkit.rs | 46 +++++++-------- rage/src/bin/rage-mount/main.rs | 48 ++++++++-------- rage/src/bin/rage/main.rs | 99 ++++++++++++++++----------------- 11 files changed, 197 insertions(+), 290 deletions(-) delete mode 100644 age/src/protocol/decryptor.rs diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 36847dc..3ddde8c 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -10,17 +10,19 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added -- `age::decryptor::RecipientsDecryptor::is_scrypt` +- `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. - Partial French translation! ### Changed -- `age::Decryptor` no longer has a `Passphrase` variant. +- `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` + and `Passphrase` variants. ### Removed -- `age::decryptor::PassphraseDecryptor` (use `RecipientsDecryptor` with +- `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with `age::scrypt::Identity` instead). +- `age::decryptor::RecipientsDecryptor` (use `age::Decryptor` instead). ## [0.10.0] - 2024-02-04 ### Added diff --git a/age/benches/throughput.rs b/age/benches/throughput.rs index 7a3c8e5..a259218 100644 --- a/age/benches/throughput.rs +++ b/age/benches/throughput.rs @@ -70,10 +70,7 @@ fn bench(c: &mut Criterion_) { output.finish().unwrap(); b.iter(|| { - let decryptor = match Decryptor::new_buffered(&ct_buf[..]).unwrap() { - Decryptor::Recipients(decryptor) => decryptor, - _ => panic!(), - }; + let decryptor = Decryptor::new_buffered(&ct_buf[..]).unwrap(); let mut input = decryptor .decrypt(iter::once(&identity as &dyn age::Identity)) .unwrap(); diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index a996a4a..c573723 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -3,14 +3,13 @@ use std::{cell::Cell, io}; use crate::{ - decryptor::RecipientsDecryptor, fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, - IdentityFile, IdentityFileEntry, + fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile, IdentityFileEntry, }; /// The state of the encrypted age identity. enum IdentityState { Encrypted { - decryptor: RecipientsDecryptor, + decryptor: Decryptor, max_work_factor: Option, }, Decrypted(Vec), @@ -97,17 +96,15 @@ impl Identity { callbacks: C, max_work_factor: Option, ) -> Result, DecryptError> { - match Decryptor::new(data)? { - Decryptor::Recipients(decryptor) if !decryptor.is_scrypt() => Ok(None), - Decryptor::Recipients(decryptor) => Ok(Some(Identity { - state: Cell::new(IdentityState::Encrypted { - decryptor, - max_work_factor, - }), - filename, - callbacks, - })), - } + let decryptor = Decryptor::new(data)?; + Ok(decryptor.is_scrypt().then_some(Identity { + state: Cell::new(IdentityState::Encrypted { + decryptor, + max_work_factor, + }), + filename, + callbacks, + })) } /// Returns the recipients contained within this encrypted identity. diff --git a/age/src/lib.rs b/age/src/lib.rs index 02588c8..ccc39fb 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -56,10 +56,7 @@ //! // ... and decrypt the obtained ciphertext to the plaintext again. //! # fn decrypt(key: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> { //! let decrypted = { -//! let decryptor = match age::Decryptor::new(&encrypted[..])? { -//! age::Decryptor::Recipients(d) => d, -//! _ => unreachable!(), -//! }; +//! let decryptor = age::Decryptor::new(&encrypted[..])?; //! //! let mut decrypted = vec![]; //! let mut reader = decryptor.decrypt(iter::once(&key as &dyn age::Identity))?; @@ -109,9 +106,7 @@ //! // ... and decrypt the ciphertext to the plaintext again using the same passphrase. //! # fn decrypt(passphrase: &str, encrypted: Vec) -> Result, age::DecryptError> { //! let decrypted = { -//! let decryptor = match age::Decryptor::new(&encrypted[..])? { -//! age::Decryptor::Recipients(d) => d, -//! }; +//! let decryptor = age::Decryptor::new(&encrypted[..])?; //! //! let mut decrypted = vec![]; //! let mut reader = decryptor.decrypt( @@ -154,7 +149,7 @@ mod util; pub use error::{DecryptError, EncryptError}; pub use identity::{IdentityFile, IdentityFileEntry}; pub use primitives::stream; -pub use protocol::{decryptor, Decryptor, Encryptor}; +pub use protocol::{Decryptor, Encryptor}; #[cfg(feature = "armor")] pub use primitives::armor; @@ -194,7 +189,7 @@ pub trait Identity { /// /// This method is part of the `Identity` trait to expose age's [one joint] for /// external implementations. You should not need to call this directly; instead, pass - /// identities to [`RecipientsDecryptor::decrypt`]. + /// identities to [`Decryptor::decrypt`]. /// /// Returns: /// - `Some(Ok(file_key))` on success. @@ -202,7 +197,6 @@ pub trait Identity { /// - `None` if the recipient stanza does not match this key. /// /// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html - /// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt fn unwrap_stanza(&self, stanza: &Stanza) -> Option>; /// Attempts to unwrap any of the given stanzas, which are assumed to come from the @@ -210,7 +204,7 @@ pub trait Identity { /// /// This method is part of the `Identity` trait to expose age's [one joint] for /// external implementations. You should not need to call this directly; instead, pass - /// identities to [`RecipientsDecryptor::decrypt`]. + /// identities to [`Decryptor::decrypt`]. /// /// Returns: /// - `Some(Ok(file_key))` on success. @@ -218,7 +212,6 @@ pub trait Identity { /// - `None` if none of the recipient stanzas match this identity. /// /// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html - /// [`RecipientsDecryptor::decrypt`]: protocol::decryptor::RecipientsDecryptor::decrypt fn unwrap_stanzas(&self, stanzas: &[Stanza]) -> Option> { stanzas.iter().find_map(|stanza| self.unwrap_stanza(stanza)) } diff --git a/age/src/primitives/armor.rs b/age/src/primitives/armor.rs index ee7dead..85033ca 100644 --- a/age/src/primitives/armor.rs +++ b/age/src/primitives/armor.rs @@ -321,12 +321,7 @@ enum ArmorIs { /// # } /// # fn decrypt(identity: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> { /// # let decrypted = { -/// # let decryptor = match age::Decryptor::new( -/// # age::armor::ArmoredReader::new(&encrypted[..]) -/// # )? { -/// # age::Decryptor::Recipients(d) => d, -/// # _ => unreachable!(), -/// # }; +/// # let decryptor = age::Decryptor::new(age::armor::ArmoredReader::new(&encrypted[..]))?; /// # let mut decrypted = vec![]; /// # let mut reader = decryptor.decrypt(iter::once(&identity as &dyn age::Identity))?; /// # reader.read_to_end(&mut decrypted); @@ -693,12 +688,7 @@ enum StartPos { /// /// # fn decrypt(identity: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> { /// let decrypted = { -/// let decryptor = match age::Decryptor::new( -/// age::armor::ArmoredReader::new(&encrypted[..]) -/// )? { -/// age::Decryptor::Recipients(d) => d, -/// _ => unreachable!(), -/// }; +/// let decryptor = age::Decryptor::new(age::armor::ArmoredReader::new(&encrypted[..]))?; /// /// let mut decrypted = vec![]; /// let mut reader = decryptor.decrypt(iter::once(&identity as &dyn age::Identity))?; diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 4238ed0..f25128a 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -8,15 +8,13 @@ use crate::{ error::{DecryptError, EncryptError}, format::{Header, HeaderV1}, keys::{mac_key, new_file_key, v1_payload_key}, - primitives::stream::{PayloadKey, Stream, StreamWriter}, - scrypt, Recipient, + primitives::stream::{PayloadKey, Stream, StreamReader, StreamWriter}, + scrypt, Identity, Recipient, }; #[cfg(feature = "async")] use futures::io::{AsyncBufRead, AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt}; -pub mod decryptor; - pub(crate) struct Nonce([u8; 16]); impl AsRef<[u8]> for Nonce { @@ -140,26 +138,49 @@ impl Encryptor { } /// Decryptor for an age file. -pub enum Decryptor { - /// Decryption with a list of identities. - Recipients(decryptor::RecipientsDecryptor), -} - -impl From> for Decryptor { - fn from(decryptor: decryptor::RecipientsDecryptor) -> Self { - Decryptor::Recipients(decryptor) - } +pub struct Decryptor { + /// The age file. + input: R, + /// The age file's header. + header: Header, + /// The age file's AEAD nonce + nonce: Nonce, } impl Decryptor { fn from_v1_header(input: R, header: HeaderV1, nonce: Nonce) -> Result { // Enforce structural requirements on the v1 header. if header.is_valid() { - Ok(decryptor::RecipientsDecryptor::new(input, Header::V1(header), nonce).into()) + Ok(Self { + input, + header: Header::V1(header), + nonce, + }) } else { Err(DecryptError::InvalidHeader) } } + + /// Returns `true` if the age file is encrypted to a passphrase. + pub fn is_scrypt(&self) -> bool { + match &self.header { + Header::V1(header) => header.valid_scrypt(), + Header::Unknown(_) => false, + } + } + + fn obtain_payload_key<'a>( + &self, + mut identities: impl Iterator, + ) -> Result { + match &self.header { + Header::V1(header) => identities + .find_map(|key| key.unwrap_stanzas(&header.recipients)) + .unwrap_or(Err(DecryptError::NoMatchingKeys)) + .and_then(|file_key| v1_payload_key(&file_key, header, &self.nonce)), + Header::Unknown(_) => unreachable!(), + } + } } impl Decryptor { @@ -184,6 +205,17 @@ impl Decryptor { Header::Unknown(_) => Err(DecryptError::UnknownFormat), } } + + /// Attempts to decrypt the age file. + /// + /// If successful, returns a reader that will provide the plaintext. + pub fn decrypt<'a>( + self, + identities: impl Iterator, + ) -> Result, DecryptError> { + self.obtain_payload_key(identities) + .map(|payload_key| Stream::decrypt(payload_key, self.input)) + } } impl Decryptor { @@ -232,6 +264,17 @@ impl Decryptor { Header::Unknown(_) => Err(DecryptError::UnknownFormat), } } + + /// Attempts to decrypt the age file. + /// + /// If successful, returns a reader that will provide the plaintext. + pub fn decrypt_async<'a>( + self, + identities: impl Iterator, + ) -> Result, DecryptError> { + self.obtain_payload_key(identities) + .map(|payload_key| Stream::decrypt_async(payload_key, self.input)) + } } #[cfg(feature = "async")] @@ -296,10 +339,7 @@ mod tests { w.finish().unwrap(); } - let d = match Decryptor::new(&encrypted[..]) { - Ok(Decryptor::Recipients(d)) => d, - _ => panic!(), - }; + let d = Decryptor::new(&encrypted[..]).unwrap(); let mut r = d.decrypt(identities).unwrap(); let mut decrypted = vec![]; r.read_to_end(&mut decrypted).unwrap(); @@ -350,7 +390,7 @@ mod tests { } } - let d = match { + let d = { let f = Decryptor::new_async(&encrypted[..]); pin_mut!(f); @@ -361,8 +401,6 @@ mod tests { Poll::Pending => panic!("Unexpected Pending"), } } - } { - Decryptor::Recipients(d) => d, }; let decrypted = { @@ -427,10 +465,7 @@ mod tests { w.finish().unwrap(); } - let d = match Decryptor::new(&encrypted[..]) { - Ok(Decryptor::Recipients(d)) => d, - _ => panic!(), - }; + let d = Decryptor::new(&encrypted[..]).unwrap(); let mut r = d .decrypt( Some(&scrypt::Identity::new(SecretString::new("passphrase".to_string())) as _) diff --git a/age/src/protocol/decryptor.rs b/age/src/protocol/decryptor.rs deleted file mode 100644 index 4814159..0000000 --- a/age/src/protocol/decryptor.rs +++ /dev/null @@ -1,96 +0,0 @@ -//! Decryptors for age. - -use age_core::format::{FileKey, Stanza}; -use std::io::Read; - -use super::Nonce; -use crate::{ - error::DecryptError, - format::Header, - keys::v1_payload_key, - primitives::stream::{PayloadKey, Stream, StreamReader}, - Identity, -}; - -#[cfg(feature = "async")] -use futures::io::AsyncRead; - -struct BaseDecryptor { - /// The age file. - input: R, - /// The age file's header. - header: Header, - /// The age file's AEAD nonce - nonce: Nonce, -} - -impl BaseDecryptor { - fn obtain_payload_key(&self, mut filter: F) -> Result - where - F: FnMut(&[Stanza]) -> Option>, - { - match &self.header { - Header::V1(header) => filter(&header.recipients) - .unwrap_or(Err(DecryptError::NoMatchingKeys)) - .and_then(|file_key| v1_payload_key(&file_key, header, &self.nonce)), - Header::Unknown(_) => unreachable!(), - } - } -} - -/// Decryptor for an age file encrypted to a list of recipients. -pub struct RecipientsDecryptor(BaseDecryptor); - -impl RecipientsDecryptor { - pub(super) fn new(input: R, header: Header, nonce: Nonce) -> Self { - RecipientsDecryptor(BaseDecryptor { - input, - header, - nonce, - }) - } - - /// Returns `true` if the age file is encrypted to a passphrase. - pub fn is_scrypt(&self) -> bool { - match &self.0.header { - Header::V1(header) => header.valid_scrypt(), - Header::Unknown(_) => false, - } - } - - fn obtain_payload_key<'a>( - &self, - mut identities: impl Iterator, - ) -> Result { - self.0 - .obtain_payload_key(|r| identities.find_map(|key| key.unwrap_stanzas(r))) - } -} - -impl RecipientsDecryptor { - /// Attempts to decrypt the age file. - /// - /// If successful, returns a reader that will provide the plaintext. - pub fn decrypt<'a>( - self, - identities: impl Iterator, - ) -> Result, DecryptError> { - self.obtain_payload_key(identities) - .map(|payload_key| Stream::decrypt(payload_key, self.0.input)) - } -} - -#[cfg(feature = "async")] -#[cfg_attr(docsrs, doc(cfg(feature = "async")))] -impl RecipientsDecryptor { - /// Attempts to decrypt the age file. - /// - /// If successful, returns a reader that will provide the plaintext. - pub fn decrypt_async<'a>( - self, - identities: impl Iterator, - ) -> Result, DecryptError> { - self.obtain_payload_key(identities) - .map(|payload_key| Stream::decrypt_async(payload_key, self.0.input)) - } -} diff --git a/age/tests/test_vectors.rs b/age/tests/test_vectors.rs index 026fe59..765e1bb 100644 --- a/age/tests/test_vectors.rs +++ b/age/tests/test_vectors.rs @@ -24,31 +24,29 @@ fn age_test_vectors() -> Result<(), Box> { let name = path.file_stem().unwrap().to_str().unwrap(); let expect_failure = name.starts_with("fail_"); - let res = match age::Decryptor::new(fs::File::open(&path)?)? { - age::Decryptor::Recipients(d) if !d.is_scrypt() => { - let identities = age::cli_common::read_identities( - vec![format!( - "{}/{}_key.txt", - path.parent().unwrap().to_str().unwrap(), - name - )], - None, - &mut StdinGuard::new(false), - )?; - d.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity)) - } - age::Decryptor::Recipients(d) => { - let mut passphrase = String::new(); - fs::File::open(format!( - "{}/{}_password.txt", + let d = age::Decryptor::new(fs::File::open(&path)?)?; + let res = if !d.is_scrypt() { + let identities = age::cli_common::read_identities( + vec![format!( + "{}/{}_key.txt", path.parent().unwrap().to_str().unwrap(), name - ))? - .read_to_string(&mut passphrase)?; - let passphrase = SecretString::new(passphrase); - let identity = scrypt::Identity::new(passphrase); - d.decrypt(Some(&identity as _).into_iter()) - } + )], + None, + &mut StdinGuard::new(false), + )?; + d.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity)) + } else { + let mut passphrase = String::new(); + fs::File::open(format!( + "{}/{}_password.txt", + path.parent().unwrap().to_str().unwrap(), + name + ))? + .read_to_string(&mut passphrase)?; + let passphrase = SecretString::new(passphrase); + let identity = scrypt::Identity::new(passphrase); + d.decrypt(Some(&identity as _).into_iter()) }; match (res, expect_failure) { diff --git a/age/tests/testkit.rs b/age/tests/testkit.rs index d7f1c89..d169087 100644 --- a/age/tests/testkit.rs +++ b/age/tests/testkit.rs @@ -132,12 +132,11 @@ fn testkit(filename: &str) { let testfile = TestFile::parse(filename); let comment = format_testkit_comment(&testfile); - match Decryptor::new(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| match d { - Decryptor::Recipients(d) if !d.is_scrypt() => { + match Decryptor::new(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| { + if !d.is_scrypt() { let identities = get_testkit_identities(filename, &testfile); d.decrypt(identities.iter().map(|i| i as &dyn Identity)) - } - Decryptor::Recipients(d) => { + } else { let passphrase = get_testkit_passphrase(&testfile, &comment); let mut identity = scrypt::Identity::new(passphrase); identity.set_max_work_factor(16); @@ -271,20 +270,17 @@ fn testkit_buffered(filename: &str) { let testfile = TestFile::parse(filename); let comment = format_testkit_comment(&testfile); - match Decryptor::new_buffered(ArmoredReader::new(&testfile.age_file[..])).and_then( - |d| match d { - Decryptor::Recipients(d) if !d.is_scrypt() => { - let identities = get_testkit_identities(filename, &testfile); - d.decrypt(identities.iter().map(|i| i as &dyn Identity)) - } - Decryptor::Recipients(d) => { - let passphrase = get_testkit_passphrase(&testfile, &comment); - let mut identity = scrypt::Identity::new(passphrase); - identity.set_max_work_factor(16); - d.decrypt(Some(&identity as _).into_iter()) - } - }, - ) { + match Decryptor::new_buffered(ArmoredReader::new(&testfile.age_file[..])).and_then(|d| { + if !d.is_scrypt() { + let identities = get_testkit_identities(filename, &testfile); + d.decrypt(identities.iter().map(|i| i as &dyn Identity)) + } else { + let passphrase = get_testkit_passphrase(&testfile, &comment); + let mut identity = scrypt::Identity::new(passphrase); + identity.set_max_work_factor(16); + d.decrypt(Some(&identity as _).into_iter()) + } + }) { Ok(mut r) => { let mut payload = vec![]; let res = io::Read::read_to_end(&mut r, &mut payload); @@ -415,12 +411,11 @@ async fn testkit_async(filename: &str) { match Decryptor::new_async(ArmoredReader::from_async_reader(&testfile.age_file[..])) .await - .and_then(|d| match d { - Decryptor::Recipients(d) if !d.is_scrypt() => { + .and_then(|d| { + if !d.is_scrypt() { let identities = get_testkit_identities(filename, &testfile); d.decrypt_async(identities.iter().map(|i| i as &dyn Identity)) - } - Decryptor::Recipients(d) => { + } else { let passphrase = get_testkit_passphrase(&testfile, &comment); let mut identity = scrypt::Identity::new(passphrase); identity.set_max_work_factor(16); @@ -557,12 +552,11 @@ async fn testkit_async_buffered(filename: &str) { match Decryptor::new_async_buffered(ArmoredReader::from_async_reader(&testfile.age_file[..])) .await - .and_then(|d| match d { - Decryptor::Recipients(d) if !d.is_scrypt() => { + .and_then(|d| { + if !d.is_scrypt() { let identities = get_testkit_identities(filename, &testfile); d.decrypt_async(identities.iter().map(|i| i as &dyn Identity)) - } - Decryptor::Recipients(d) => { + } else { let passphrase = get_testkit_passphrase(&testfile, &comment); let mut identity = scrypt::Identity::new(passphrase); identity.set_max_work_factor(16); diff --git a/rage/src/bin/rage-mount/main.rs b/rage/src/bin/rage-mount/main.rs index 5d36559..4f58113 100644 --- a/rage/src/bin/rage-mount/main.rs +++ b/rage/src/bin/rage-mount/main.rs @@ -210,35 +210,33 @@ fn main() -> Result<(), Error> { let mut stdin_guard = StdinGuard::new(false); - match age::Decryptor::new_buffered(ArmoredReader::new(file))? { - age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => { - match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { - Ok(passphrase) => { - let mut identity = scrypt::Identity::new(passphrase); - if let Some(max_work_factor) = opts.max_work_factor { - identity.set_max_work_factor(max_work_factor); - } + let decryptor = age::Decryptor::new_buffered(ArmoredReader::new(file))?; - decryptor - .decrypt(Some(&identity as _).into_iter()) - .map_err(|e| e.into()) - .and_then(|stream| mount_stream(stream, types, mountpoint)) + if decryptor.is_scrypt() { + match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { + Ok(passphrase) => { + let mut identity = scrypt::Identity::new(passphrase); + if let Some(max_work_factor) = opts.max_work_factor { + identity.set_max_work_factor(max_work_factor); } - Err(_) => Ok(()), - } - } - age::Decryptor::Recipients(decryptor) => { - let identities = - read_identities(opts.identity, opts.max_work_factor, &mut stdin_guard)?; - if identities.is_empty() { - return Err(Error::MissingIdentities); + decryptor + .decrypt(Some(&identity as _).into_iter()) + .map_err(|e| e.into()) + .and_then(|stream| mount_stream(stream, types, mountpoint)) } - - decryptor - .decrypt(identities.iter().map(|i| &**i)) - .map_err(|e| e.into()) - .and_then(|stream| mount_stream(stream, types, mountpoint)) + Err(_) => Ok(()), } + } else { + let identities = read_identities(opts.identity, opts.max_work_factor, &mut stdin_guard)?; + + if identities.is_empty() { + return Err(Error::MissingIdentities); + } + + decryptor + .decrypt(identities.iter().map(|i| &**i)) + .map_err(|e| e.into()) + .and_then(|stream| mount_stream(stream, types, mountpoint)) } } diff --git a/rage/src/bin/rage/main.rs b/rage/src/bin/rage/main.rs index 6bd3304..a75a397 100644 --- a/rage/src/bin/rage/main.rs +++ b/rage/src/bin/rage/main.rs @@ -292,62 +292,61 @@ fn decrypt(opts: AgeOptions) -> Result<(), error::DecryptError> { ], ); - match age::Decryptor::new_buffered(ArmoredReader::new(input))? { - age::Decryptor::Recipients(decryptor) if decryptor.is_scrypt() => { - if identities_were_provided { - return Err(error::DecryptError::MixedIdentityAndPassphrase); - } + let decryptor = age::Decryptor::new_buffered(ArmoredReader::new(input))?; - // The `rpassword` crate opens `/dev/tty` directly on Unix, so we don't have - // any conflict with stdin. - #[cfg(not(unix))] - { - if !has_file_argument { - return Err(error::DecryptError::PassphraseWithoutFileArgument); - } - } + if decryptor.is_scrypt() { + if identities_were_provided { + return Err(error::DecryptError::MixedIdentityAndPassphrase); + } - match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { - Ok(passphrase) => { - let mut identity = scrypt::Identity::new(passphrase); - if let Some(max_work_factor) = opts.max_work_factor { - identity.set_max_work_factor(max_work_factor); - } - - decryptor - .decrypt(Some(&identity as _).into_iter()) - .map_err(|e| e.into()) - .and_then(|input| write_output(input, output)) - } - Err(pinentry::Error::Cancelled) => Ok(()), - Err(pinentry::Error::Timeout) => Err(error::DecryptError::PassphraseTimedOut), - Err(pinentry::Error::Encoding(e)) => { - // Pretend it is an I/O error - Err(error::DecryptError::Io(io::Error::new( - io::ErrorKind::InvalidData, - e, - ))) - } - Err(pinentry::Error::Gpg(e)) => { - // Pretend it is an I/O error - Err(error::DecryptError::Io(io::Error::new( - io::ErrorKind::Other, - format!("{}", e), - ))) - } - Err(pinentry::Error::Io(e)) => Err(error::DecryptError::Io(e)), + // The `rpassword` crate opens `/dev/tty` directly on Unix, so we don't have + // any conflict with stdin. + #[cfg(not(unix))] + { + if !has_file_argument { + return Err(error::DecryptError::PassphraseWithoutFileArgument); } } - age::Decryptor::Recipients(decryptor) => { - if identities.is_empty() { - return Err(error::DecryptError::MissingIdentities { stdin_identity }); - } - decryptor - .decrypt(identities.iter().map(|i| i.as_ref() as &dyn Identity)) - .map_err(|e| e.into()) - .and_then(|input| write_output(input, output)) + match read_secret(&fl!("type-passphrase"), &fl!("prompt-passphrase"), None) { + Ok(passphrase) => { + let mut identity = scrypt::Identity::new(passphrase); + if let Some(max_work_factor) = opts.max_work_factor { + identity.set_max_work_factor(max_work_factor); + } + + decryptor + .decrypt(Some(&identity as _).into_iter()) + .map_err(|e| e.into()) + .and_then(|input| write_output(input, output)) + } + Err(pinentry::Error::Cancelled) => Ok(()), + Err(pinentry::Error::Timeout) => Err(error::DecryptError::PassphraseTimedOut), + Err(pinentry::Error::Encoding(e)) => { + // Pretend it is an I/O error + Err(error::DecryptError::Io(io::Error::new( + io::ErrorKind::InvalidData, + e, + ))) + } + Err(pinentry::Error::Gpg(e)) => { + // Pretend it is an I/O error + Err(error::DecryptError::Io(io::Error::new( + io::ErrorKind::Other, + format!("{}", e), + ))) + } + Err(pinentry::Error::Io(e)) => Err(error::DecryptError::Io(e)), } + } else { + if identities.is_empty() { + return Err(error::DecryptError::MissingIdentities { stdin_identity }); + } + + decryptor + .decrypt(identities.iter().map(|i| i.as_ref() as &dyn Identity)) + .map_err(|e| e.into()) + .and_then(|input| write_output(input, output)) } } From 944f56a4a9de62ebc855f0a87e17f006530fbb83 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 01:45:58 +0000 Subject: [PATCH 20/77] age: Remove `EncryptorType` --- age/i18n/en-US/age.ftl | 4 ++++ age/i18n/es-AR/age.ftl | 2 ++ age/i18n/fr/age.ftl | 2 ++ age/i18n/it/age.ftl | 2 ++ age/i18n/ru/age.ftl | 2 ++ age/i18n/zh-CN/age.ftl | 2 ++ age/i18n/zh-TW/age.ftl | 2 ++ age/src/error.rs | 9 ++++++++- age/src/format.rs | 18 ++++++++++++++---- age/src/protocol.rs | 39 ++++++++++++++------------------------- 10 files changed, 52 insertions(+), 30 deletions(-) diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl index 4f6af14..830ed4a 100644 --- a/age/i18n/en-US/age.ftl +++ b/age/i18n/en-US/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa @@ -57,6 +59,8 @@ err-header-mac-invalid = Header MAC is invalid err-key-decryption = Failed to decrypt an encrypted key +err-mixed-recipient-passphrase = {-scrypt-recipient} can't be used with other recipients. + err-no-matching-keys = No matching keys found err-unknown-format = Unknown {-age} format. diff --git a/age/i18n/es-AR/age.ftl b/age/i18n/es-AR/age.ftl index 657760a..7e39bd6 100644 --- a/age/i18n/es-AR/age.ftl +++ b/age/i18n/es-AR/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/i18n/fr/age.ftl b/age/i18n/fr/age.ftl index bcaf072..0c3a9ea 100644 --- a/age/i18n/fr/age.ftl +++ b/age/i18n/fr/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/i18n/it/age.ftl b/age/i18n/it/age.ftl index 64a1ff2..1f65f7a 100644 --- a/age/i18n/it/age.ftl +++ b/age/i18n/it/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/i18n/ru/age.ftl b/age/i18n/ru/age.ftl index 410a67a..d8e7f25 100644 --- a/age/i18n/ru/age.ftl +++ b/age/i18n/ru/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/i18n/zh-CN/age.ftl b/age/i18n/zh-CN/age.ftl index f38cf1d..5767ee5 100644 --- a/age/i18n/zh-CN/age.ftl +++ b/age/i18n/zh-CN/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/i18n/zh-TW/age.ftl b/age/i18n/zh-TW/age.ftl index 871ba93..8180861 100644 --- a/age/i18n/zh-TW/age.ftl +++ b/age/i18n/zh-TW/age.ftl @@ -13,6 +13,8 @@ -age = age -rage = rage +-scrypt-recipient = scrypt::Recipient + -openssh = OpenSSH -ssh-keygen = ssh-keygen -ssh-rsa = ssh-rsa diff --git a/age/src/error.rs b/age/src/error.rs index 0416998..4a8ce96 100644 --- a/age/src/error.rs +++ b/age/src/error.rs @@ -110,6 +110,10 @@ pub enum EncryptError { /// The plugin's binary name. binary_name: String, }, + /// [`scrypt::Recipient`] was mixed with other recipient types. + /// + /// [`scrypt::Recipient`]: crate::scrypt::Recipient + MixedRecipientAndPassphrase, /// Errors from a plugin. #[cfg(feature = "plugin")] #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))] @@ -131,6 +135,7 @@ impl Clone for EncryptError { Self::MissingPlugin { binary_name } => Self::MissingPlugin { binary_name: binary_name.clone(), }, + Self::MixedRecipientAndPassphrase => Self::MixedRecipientAndPassphrase, #[cfg(feature = "plugin")] Self::Plugin(e) => Self::Plugin(e.clone()), } @@ -147,6 +152,9 @@ impl fmt::Display for EncryptError { wlnfl!(f, "err-missing-plugin", plugin_name = binary_name.as_str())?; wfl!(f, "rec-missing-plugin") } + EncryptError::MixedRecipientAndPassphrase => { + wfl!(f, "err-mixed-recipient-passphrase") + } #[cfg(feature = "plugin")] EncryptError::Plugin(errors) => match &errors[..] { [] => unreachable!(), @@ -168,7 +176,6 @@ impl std::error::Error for EncryptError { match self { EncryptError::EncryptedIdentities(inner) => Some(inner), EncryptError::Io(inner) => Some(inner), - #[cfg(feature = "plugin")] _ => None, } } diff --git a/age/src/format.rs b/age/src/format.rs index 10027bc..23d86ac 100644 --- a/age/src/format.rs +++ b/age/src/format.rs @@ -1,12 +1,13 @@ //! The age file format. -use age_core::format::Stanza; use std::io::{self, BufRead, Read, Write}; +use age_core::format::{grease_the_joint, Stanza}; + use crate::{ error::DecryptError, primitives::{HmacKey, HmacWriter}, - scrypt, + scrypt, EncryptError, }; #[cfg(feature = "async")] @@ -33,13 +34,22 @@ pub(crate) struct HeaderV1 { } impl HeaderV1 { - pub(crate) fn new(recipients: Vec, mac_key: HmacKey) -> Self { + pub(crate) fn new(recipients: Vec, mac_key: HmacKey) -> Result { let mut header = HeaderV1 { recipients, mac: [0; 32], encoded_bytes: None, }; + if header.no_scrypt() { + // Keep the joint well oiled! + header.recipients.push(grease_the_joint()); + } + + if !header.is_valid() { + return Err(EncryptError::MixedRecipientAndPassphrase); + } + let mut mac = HmacWriter::new(mac_key); cookie_factory::gen(write::header_v1_minus_mac(&header), &mut mac) .expect("can serialize Header into HmacWriter"); @@ -47,7 +57,7 @@ impl HeaderV1 { .mac .copy_from_slice(mac.finalize().into_bytes().as_slice()); - header + Ok(header) } pub(crate) fn verify_mac(&self, mac_key: HmacKey) -> Result<(), hmac::digest::MacError> { diff --git a/age/src/protocol.rs b/age/src/protocol.rs index f25128a..98b90e7 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -1,6 +1,6 @@ //! Encryption and decryption routines for age. -use age_core::{format::grease_the_joint, secrecy::SecretString}; +use age_core::secrecy::SecretString; use rand::{rngs::OsRng, RngCore}; use std::io::{self, BufRead, Read, Write}; @@ -45,16 +45,10 @@ impl Nonce { } } -/// Handles the various types of age encryption. -enum EncryptorType { - /// Encryption to a list of recipients identified by keys. - Keys(Vec>), - /// Encryption to a passphrase. - Passphrase(SecretString), -} - /// Encryptor for creating an age file. -pub struct Encryptor(EncryptorType); +pub struct Encryptor { + recipients: Vec>, +} impl Encryptor { /// Constructs an `Encryptor` that will create an age file encrypted to a list of @@ -62,7 +56,7 @@ impl Encryptor { /// /// Returns `None` if no recipients were provided. pub fn with_recipients(recipients: Vec>) -> Option { - (!recipients.is_empty()).then_some(Encryptor(EncryptorType::Keys(recipients))) + (!recipients.is_empty()).then_some(Encryptor { recipients }) } /// Returns an `Encryptor` that will create an age file encrypted with a passphrase. @@ -74,29 +68,24 @@ impl Encryptor { /// /// [`x25519::Identity`]: crate::x25519::Identity pub fn with_user_passphrase(passphrase: SecretString) -> Self { - Encryptor(EncryptorType::Passphrase(passphrase)) + Encryptor { + recipients: vec![Box::new(scrypt::Recipient::new(passphrase))], + } } /// Creates the header for this age file. fn prepare_header(self) -> Result<(Header, Nonce, PayloadKey), EncryptError> { let file_key = new_file_key(); - let recipients = match self.0 { - EncryptorType::Keys(recipients) => { - let mut stanzas = Vec::with_capacity(recipients.len() + 1); - for recipient in recipients { - stanzas.append(&mut recipient.wrap_file_key(&file_key)?); - } - // Keep the joint well oiled! - stanzas.push(grease_the_joint()); - stanzas - } - EncryptorType::Passphrase(passphrase) => { - scrypt::Recipient::new(passphrase).wrap_file_key(&file_key)? + let recipients = { + let mut stanzas = Vec::with_capacity(self.recipients.len() + 1); + for recipient in self.recipients { + stanzas.append(&mut recipient.wrap_file_key(&file_key)?); } + stanzas }; - let header = HeaderV1::new(recipients, mac_key(&file_key)); + let header = HeaderV1::new(recipients, mac_key(&file_key))?; let nonce = Nonce::random(); let payload_key = v1_payload_key(&file_key, &header, &nonce).expect("MAC is correct"); From f69c29bf6fbfb5f089d16bf360a141da7cbd303d Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 29 Jul 2024 02:41:06 +0000 Subject: [PATCH 21/77] age: Clean up crate documentation --- age/src/lib.rs | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/age/src/lib.rs b/age/src/lib.rs index ccc39fb..03d602e 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -8,8 +8,10 @@ //! There are several ways to use these: //! - For most cases (including programmatic usage), use [`Encryptor::with_recipients`] //! with [`x25519::Recipient`], and [`Decryptor`] with [`x25519::Identity`]. -//! - APIs are available for passphrase-based encryption and decryption. These should -//! only be used with passphrases that were provided by (or generated for) a human. +//! - For passphrase-based encryption and decryption, use [`scrypt::Recipient`] and +//! [`scrypt::Identity`], or the helper method [`Encryptor::with_user_passphrase`]. +//! These should only be used with passphrases that were provided by (or generated for) +//! a human. //! - For compatibility with existing SSH keys, enable the `ssh` feature flag, and use //! [`ssh::Recipient`] and [`ssh::Identity`]. //! @@ -83,15 +85,16 @@ //! ``` //! use age::secrecy::Secret; //! use std::io::{Read, Write}; +//! use std::iter; //! //! # fn run_main() -> Result<(), ()> { //! let plaintext = b"Hello world!"; -//! let passphrase = "this is not a good passphrase"; +//! let passphrase = Secret::new("this is not a good passphrase".to_owned()); //! //! // Encrypt the plaintext to a ciphertext using the passphrase... -//! # fn encrypt(passphrase: &str, plaintext: &[u8]) -> Result, age::EncryptError> { +//! # fn encrypt(passphrase: Secret, plaintext: &[u8]) -> Result, age::EncryptError> { //! let encrypted = { -//! let encryptor = age::Encryptor::with_user_passphrase(Secret::new(passphrase.to_owned())); +//! let encryptor = age::Encryptor::with_user_passphrase(passphrase.clone()); //! //! let mut encrypted = vec![]; //! let mut writer = encryptor.wrap_output(&mut encrypted)?; @@ -104,14 +107,12 @@ //! # } //! //! // ... and decrypt the ciphertext to the plaintext again using the same passphrase. -//! # fn decrypt(passphrase: &str, encrypted: Vec) -> Result, age::DecryptError> { +//! # fn decrypt(passphrase: Secret, encrypted: Vec) -> Result, age::DecryptError> { //! let decrypted = { //! let decryptor = age::Decryptor::new(&encrypted[..])?; //! //! let mut decrypted = vec![]; -//! let mut reader = decryptor.decrypt( -//! Some(&age::scrypt::Identity::new(Secret::new(passphrase.to_owned())) as _).into_iter(), -//! )?; +//! let mut reader = decryptor.decrypt(iter::once(&age::scrypt::Identity::new(passphrase) as _))?; //! reader.read_to_end(&mut decrypted); //! //! decrypted @@ -119,7 +120,7 @@ //! # Ok(decrypted) //! # } //! # let decrypted = decrypt( -//! # passphrase, +//! # passphrase.clone(), //! # encrypt(passphrase, &plaintext[..]).map_err(|_| ())? //! # ).map_err(|_| ())?; //! From 0689e95927fbd6a68f297db7c569d04051fbecd4 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 4 Aug 2024 21:49:47 +0000 Subject: [PATCH 22/77] Revert "age-plugin: Make arguments to `run_state_machine` optional" This reverts commit 480c621a40199ccaf2b6bc3e82ea63558452a8b9. --- age-plugin/CHANGELOG.md | 4 +++ age-plugin/examples/age-plugin-unencrypted.rs | 6 +--- age-plugin/src/lib.rs | 30 ++++--------------- 3 files changed, 11 insertions(+), 29 deletions(-) diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md index b5afbe4..f6964cb 100644 --- a/age-plugin/CHANGELOG.md +++ b/age-plugin/CHANGELOG.md @@ -9,6 +9,10 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Fixed +- `age_plugin::run_state_machine` reverts to non-optional arguments, undoing the + change from the previous release. The type arguments were impossible to set + correctly when attempting to pass `None`. ## [0.5.0] - 2024-02-04 ### Changed diff --git a/age-plugin/examples/age-plugin-unencrypted.rs b/age-plugin/examples/age-plugin-unencrypted.rs index e287f28..038a26f 100644 --- a/age-plugin/examples/age-plugin-unencrypted.rs +++ b/age-plugin/examples/age-plugin-unencrypted.rs @@ -149,11 +149,7 @@ fn main() -> io::Result<()> { let opts = PluginOptions::parse(); if let Some(state_machine) = opts.age_plugin { - run_state_machine( - &state_machine, - Some(|| RecipientPlugin), - Some(|| IdentityPlugin), - ) + run_state_machine(&state_machine, || RecipientPlugin, || IdentityPlugin) } else { // A real plugin would generate a new identity here. print_new_identity(PLUGIN_NAME, &[], &[]); diff --git a/age-plugin/src/lib.rs b/age-plugin/src/lib.rs index fedd725..66627e5 100644 --- a/age-plugin/src/lib.rs +++ b/age-plugin/src/lib.rs @@ -145,8 +145,8 @@ //! // The plugin was started by an age client; run the state machine. //! run_state_machine( //! &state_machine, -//! Some(|| RecipientPlugin), -//! Some(|| IdentityPlugin), +//! || RecipientPlugin, +//! || IdentityPlugin, //! )?; //! return Ok(()); //! } @@ -211,32 +211,14 @@ pub fn print_new_identity(plugin_name: &str, identity: &[u8], recipient: &[u8]) /// argument when starting the plugin. pub fn run_state_machine( state_machine: &str, - recipient_v1: Option R>, - identity_v1: Option I>, + recipient_v1: impl FnOnce() -> R, + identity_v1: impl FnOnce() -> I, ) -> io::Result<()> { use age_core::plugin::{IDENTITY_V1, RECIPIENT_V1}; match state_machine { - RECIPIENT_V1 => { - if let Some(plugin) = recipient_v1 { - recipient::run_v1(plugin()) - } else { - Err(io::Error::new( - io::ErrorKind::InvalidInput, - "plugin doesn't support recipient-v1 state machine", - )) - } - } - IDENTITY_V1 => { - if let Some(plugin) = identity_v1 { - identity::run_v1(plugin()) - } else { - Err(io::Error::new( - io::ErrorKind::InvalidInput, - "plugin doesn't support identity-v1 state machine", - )) - } - } + RECIPIENT_V1 => recipient::run_v1(recipient_v1()), + IDENTITY_V1 => identity::run_v1(identity_v1()), _ => Err(io::Error::new( io::ErrorKind::InvalidInput, "unknown plugin state machine", From 18b27b377db52ea630496a5db09c2eb0326f0d2e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 4 Aug 2024 23:49:10 +0000 Subject: [PATCH 23/77] age-plugin: Add impls of state machine traits for `Infallible` This enables representing a plugin without a recipient or identity handler in the type system. --- age-plugin/CHANGELOG.md | 4 ++++ age-plugin/src/identity.rs | 18 ++++++++++++++++++ age-plugin/src/recipient.rs | 23 +++++++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md index f6964cb..940a6dc 100644 --- a/age-plugin/CHANGELOG.md +++ b/age-plugin/CHANGELOG.md @@ -9,6 +9,10 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- `impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible` +- `impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible` + ### Fixed - `age_plugin::run_state_machine` reverts to non-optional arguments, undoing the change from the previous release. The type arguments were impossible to set diff --git a/age-plugin/src/identity.rs b/age-plugin/src/identity.rs index 314e8a2..8ff31c6 100644 --- a/age-plugin/src/identity.rs +++ b/age-plugin/src/identity.rs @@ -7,7 +7,9 @@ use age_core::{ }; use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; use bech32::FromBase32; + use std::collections::HashMap; +use std::convert::Infallible; use std::io; use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX}; @@ -49,6 +51,22 @@ pub trait IdentityPluginV1 { ) -> io::Result>>>; } +impl IdentityPluginV1 for Infallible { + fn add_identity(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> { + // This is never executed. + Ok(()) + } + + fn unwrap_file_keys( + &mut self, + _: Vec>, + _: impl Callbacks, + ) -> io::Result>>> { + // This is never executed. + Ok(HashMap::new()) + } +} + /// The interface that age plugins can use to interact with an age implementation. struct BidirCallbacks<'a, 'b, R: io::Read, W: io::Write>(&'b mut BidirSend<'a, R, W>); diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index 6f55704..8cb9d81 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -7,6 +7,8 @@ use age_core::{ }; use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; use bech32::FromBase32; + +use std::convert::Infallible; use std::io; use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX, PLUGIN_RECIPIENT_PREFIX}; @@ -48,6 +50,27 @@ pub trait RecipientPluginV1 { ) -> io::Result>, Vec>>; } +impl RecipientPluginV1 for Infallible { + fn add_recipient(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> { + // This is never executed. + Ok(()) + } + + fn add_identity(&mut self, _: usize, _: &str, _: &[u8]) -> Result<(), Error> { + // This is never executed. + Ok(()) + } + + fn wrap_file_keys( + &mut self, + _: Vec, + _: impl Callbacks, + ) -> io::Result>, Vec>> { + // This is never executed. + Ok(Ok(vec![])) + } +} + /// The interface that age plugins can use to interact with an age implementation. struct BidirCallbacks<'a, 'b, R: io::Read, W: io::Write>(&'b mut BidirSend<'a, R, W>); From 2f79c8201bf026c88db5884924b84c4417af89dc Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 5 Aug 2024 00:05:35 +0000 Subject: [PATCH 24/77] age-plugin: Replace `run_state_machine` arguments with a trait --- age-plugin/CHANGELOG.md | 8 +- age-plugin/examples/age-plugin-unencrypted.rs | 50 ++++++++++- age-plugin/src/lib.rs | 90 ++++++++++++++++--- 3 files changed, 130 insertions(+), 18 deletions(-) diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md index 940a6dc..6d179a0 100644 --- a/age-plugin/CHANGELOG.md +++ b/age-plugin/CHANGELOG.md @@ -10,13 +10,15 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added +- `age_plugin::PluginHandler` - `impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible` - `impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible` ### Fixed -- `age_plugin::run_state_machine` reverts to non-optional arguments, undoing the - change from the previous release. The type arguments were impossible to set - correctly when attempting to pass `None`. +- `age_plugin::run_state_machine` now takes an `impl age_plugin::PluginHandler` + argument, instead of its previous arguments. + - This fixes the change from the previous release, because the type parameters + were basically impossible to set correctly when attempting to pass `None`. ## [0.5.0] - 2024-02-04 ### Changed diff --git a/age-plugin/examples/age-plugin-unencrypted.rs b/age-plugin/examples/age-plugin-unencrypted.rs index 038a26f..d084bfd 100644 --- a/age-plugin/examples/age-plugin-unencrypted.rs +++ b/age-plugin/examples/age-plugin-unencrypted.rs @@ -6,11 +6,12 @@ use age_plugin::{ identity::{self, IdentityPluginV1}, print_new_identity, recipient::{self, RecipientPluginV1}, - run_state_machine, Callbacks, + run_state_machine, Callbacks, PluginHandler, }; use clap::Parser; use std::collections::HashMap; +use std::convert::Infallible; use std::env; use std::io; @@ -25,6 +26,43 @@ fn explode(location: &str) { } } +struct FullHandler; + +impl PluginHandler for FullHandler { + type RecipientV1 = RecipientPlugin; + type IdentityV1 = IdentityPlugin; + + fn recipient_v1(self) -> io::Result { + Ok(RecipientPlugin) + } + + fn identity_v1(self) -> io::Result { + Ok(IdentityPlugin) + } +} + +struct RecipientHandler; + +impl PluginHandler for RecipientHandler { + type RecipientV1 = RecipientPlugin; + type IdentityV1 = Infallible; + + fn recipient_v1(self) -> io::Result { + Ok(RecipientPlugin) + } +} + +struct IdentityHandler; + +impl PluginHandler for IdentityHandler { + type RecipientV1 = Infallible; + type IdentityV1 = IdentityPlugin; + + fn identity_v1(self) -> io::Result { + Ok(IdentityPlugin) + } +} + struct RecipientPlugin; impl RecipientPluginV1 for RecipientPlugin { @@ -149,7 +187,15 @@ fn main() -> io::Result<()> { let opts = PluginOptions::parse(); if let Some(state_machine) = opts.age_plugin { - run_state_machine(&state_machine, || RecipientPlugin, || IdentityPlugin) + if let Ok(s) = env::var("AGE_HALF_PLUGIN") { + match s.as_str() { + "recipient" => run_state_machine(&state_machine, RecipientHandler), + "identity" => run_state_machine(&state_machine, IdentityHandler), + _ => panic!("Env variable AGE_HALF_PLUGIN={s} has unknown value. Boom! 💥"), + } + } else { + run_state_machine(&state_machine, FullHandler) + } } else { // A real plugin would generate a new identity here. print_new_identity(PLUGIN_NAME, &[], &[]); diff --git a/age-plugin/src/lib.rs b/age-plugin/src/lib.rs index 66627e5..57b75a4 100644 --- a/age-plugin/src/lib.rs +++ b/age-plugin/src/lib.rs @@ -74,13 +74,28 @@ //! identity::{self, IdentityPluginV1}, //! print_new_identity, //! recipient::{self, RecipientPluginV1}, -//! Callbacks, run_state_machine, +//! Callbacks, PluginHandler, run_state_machine, //! }; //! use clap::Parser; //! //! use std::collections::HashMap; //! use std::io; //! +//! struct Handler; +//! +//! impl PluginHandler for Handler { +//! type RecipientV1 = RecipientPlugin; +//! type IdentityV1 = IdentityPlugin; +//! +//! fn recipient_v1(self) -> io::Result { +//! Ok(RecipientPlugin) +//! } +//! +//! fn identity_v1(self) -> io::Result { +//! Ok(IdentityPlugin) +//! } +//! } +//! //! struct RecipientPlugin; //! //! impl RecipientPluginV1 for RecipientPlugin { @@ -143,11 +158,7 @@ //! //! if let Some(state_machine) = opts.age_plugin { //! // The plugin was started by an age client; run the state machine. -//! run_state_machine( -//! &state_machine, -//! || RecipientPlugin, -//! || IdentityPlugin, -//! )?; +//! run_state_machine(&state_machine, Handler)?; //! return Ok(()); //! } //! @@ -209,16 +220,12 @@ pub fn print_new_identity(plugin_name: &str, identity: &[u8], recipient: &[u8]) /// /// This should be triggered if the `--age-plugin=state_machine` flag is provided as an /// argument when starting the plugin. -pub fn run_state_machine( - state_machine: &str, - recipient_v1: impl FnOnce() -> R, - identity_v1: impl FnOnce() -> I, -) -> io::Result<()> { +pub fn run_state_machine(state_machine: &str, handler: impl PluginHandler) -> io::Result<()> { use age_core::plugin::{IDENTITY_V1, RECIPIENT_V1}; match state_machine { - RECIPIENT_V1 => recipient::run_v1(recipient_v1()), - IDENTITY_V1 => identity::run_v1(identity_v1()), + RECIPIENT_V1 => recipient::run_v1(handler.recipient_v1()?), + IDENTITY_V1 => identity::run_v1(handler.identity_v1()?), _ => Err(io::Error::new( io::ErrorKind::InvalidInput, "unknown plugin state machine", @@ -226,6 +233,63 @@ pub fn run_state_machine io::Result { + Err(io::Error::new( + io::ErrorKind::InvalidInput, + "plugin doesn't support recipient-v1 state machine", + )) + } + + /// Returns an instance of the plugin's [`identity-v1`] implementation. + /// + /// [`identity-v1`]: https://c2sp.org/age-plugin#unwrapping-with-identity-v1 + fn identity_v1(self) -> io::Result { + Err(io::Error::new( + io::ErrorKind::InvalidInput, + "plugin doesn't support identity-v1 state machine", + )) + } +} + /// The interface that age plugins can use to interact with an age implementation. pub trait Callbacks { /// Shows a message to the user. From 2eec45718cb5d2a11d25694c27482440b8fd6652 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 5 Aug 2024 00:42:04 +0000 Subject: [PATCH 25/77] age-plugin: Slightly improve trait documentation --- age-plugin/src/identity.rs | 4 ++++ age-plugin/src/recipient.rs | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/age-plugin/src/identity.rs b/age-plugin/src/identity.rs index 8ff31c6..004c3b4 100644 --- a/age-plugin/src/identity.rs +++ b/age-plugin/src/identity.rs @@ -18,6 +18,10 @@ const ADD_IDENTITY: &str = "add-identity"; const RECIPIENT_STANZA: &str = "recipient-stanza"; /// The interface that age implementations will use to interact with an age plugin. +/// +/// Implementations of this trait will be used within the [`identity-v1`] state machine. +/// +/// [`identity-v1`]: https://c2sp.org/age-plugin#unwrapping-with-identity-v1 pub trait IdentityPluginV1 { /// Stores an identity that the user would like to use for decrypting age files. /// diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index 8cb9d81..8359b9b 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -19,6 +19,10 @@ const WRAP_FILE_KEY: &str = "wrap-file-key"; const RECIPIENT_STANZA: &str = "recipient-stanza"; /// The interface that age implementations will use to interact with an age plugin. +/// +/// Implementations of this trait will be used within the [`recipient-v1`] state machine. +/// +/// [`recipient-v1`]: https://c2sp.org/age-plugin#wrapping-with-recipient-v1 pub trait RecipientPluginV1 { /// Stores a recipient that the user would like to encrypt age files to. /// From 4ff5e01ae932649910d645d947cc94ca006ca09e Mon Sep 17 00:00:00 2001 From: Stefan Gehr Date: Fri, 9 Aug 2024 11:03:56 +0200 Subject: [PATCH 26/77] add value hints to rage completions --- rage/src/bin/rage/cli.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rage/src/bin/rage/cli.rs b/rage/src/bin/rage/cli.rs index d01c7f4..25a7a4f 100644 --- a/rage/src/bin/rage/cli.rs +++ b/rage/src/bin/rage/cli.rs @@ -1,6 +1,6 @@ use std::path::Path; -use clap::{builder::Styles, ArgAction, Parser}; +use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; use crate::fl; @@ -99,6 +99,7 @@ pub(crate) struct AgeOptions { #[arg(help_heading = fl!("args-header"))] #[arg(value_name = fl!("input"))] #[arg(help = fl!("help-arg-input"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) input: Option, #[arg(action = ArgAction::Help, short, long)] @@ -137,11 +138,13 @@ pub(crate) struct AgeOptions { #[arg(short = 'R', long)] #[arg(value_name = fl!("recipients-file"))] #[arg(help = fl!("help-flag-recipients-file"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) recipients_file: Vec, #[arg(short, long)] #[arg(value_name = fl!("identity"))] #[arg(help = fl!("help-flag-identity"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) identity: Vec, #[arg(short = 'j')] @@ -152,5 +155,6 @@ pub(crate) struct AgeOptions { #[arg(short, long)] #[arg(value_name = fl!("output"))] #[arg(help = fl!("help-flag-output"))] + #[arg(value_hint = ValueHint::AnyPath)] pub(crate) output: Option, } From daf0829142b4200f1dc9c376c8d24a6392ad858a Mon Sep 17 00:00:00 2001 From: Stefan Gehr Date: Fri, 9 Aug 2024 11:13:21 +0200 Subject: [PATCH 27/77] add value hints to rage-keygen completions --- rage/src/bin/rage-keygen/cli.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rage/src/bin/rage-keygen/cli.rs b/rage/src/bin/rage-keygen/cli.rs index fe07d08..66837c4 100644 --- a/rage/src/bin/rage-keygen/cli.rs +++ b/rage/src/bin/rage-keygen/cli.rs @@ -1,4 +1,4 @@ -use clap::{builder::Styles, ArgAction, Parser}; +use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; use crate::fl; @@ -22,6 +22,7 @@ pub(crate) struct AgeOptions { #[arg(help_heading = fl!("args-header"))] #[arg(value_name = fl!("input"))] #[arg(help = fl!("help-arg-input"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) input: Option, #[arg(action = ArgAction::Help, short, long)] @@ -35,6 +36,7 @@ pub(crate) struct AgeOptions { #[arg(short, long)] #[arg(value_name = fl!("output"))] #[arg(help = fl!("keygen-help-flag-output"))] + #[arg(value_hint = ValueHint::AnyPath)] pub(crate) output: Option, #[arg(short = 'y')] From 26ebfbfc880fbf205315a56cfadcda00b4c5db70 Mon Sep 17 00:00:00 2001 From: Stefan Gehr Date: Fri, 9 Aug 2024 11:13:30 +0200 Subject: [PATCH 28/77] add value hints to rage-mount completions --- rage/src/bin/rage-mount/cli.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rage/src/bin/rage-mount/cli.rs b/rage/src/bin/rage-mount/cli.rs index 0cb65db..9f82d56 100644 --- a/rage/src/bin/rage-mount/cli.rs +++ b/rage/src/bin/rage-mount/cli.rs @@ -1,4 +1,4 @@ -use clap::{builder::Styles, ArgAction, Parser}; +use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; use crate::fl; @@ -24,11 +24,13 @@ pub(crate) struct AgeMountOptions { #[arg(help_heading = fl!("args-header"))] #[arg(value_name = fl!("mnt-filename"))] #[arg(help = fl!("help-arg-mnt-filename"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) filename: String, #[arg(help_heading = fl!("args-header"))] #[arg(value_name = fl!("mnt-mountpoint"))] #[arg(help = fl!("help-arg-mnt-mountpoint"))] + #[arg(value_hint = ValueHint::DirPath)] pub(crate) mountpoint: String, #[arg(action = ArgAction::Help, short, long)] @@ -51,5 +53,6 @@ pub(crate) struct AgeMountOptions { #[arg(short, long)] #[arg(value_name = fl!("identity"))] #[arg(help = fl!("help-flag-identity"))] + #[arg(value_hint = ValueHint::FilePath)] pub(crate) identity: Vec, } From 8091015514b1deb57061030ef5604730b965cb2b Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 10 Aug 2024 06:45:20 +0000 Subject: [PATCH 29/77] age: Add test that X25519 and scrypt recipients are incompatible --- age/src/protocol.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 98b90e7..ad0e955 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -301,7 +301,7 @@ mod tests { use super::{Decryptor, Encryptor}; use crate::{ identity::{IdentityFile, IdentityFileEntry}, - scrypt, x25519, Identity, Recipient, + scrypt, x25519, EncryptError, Identity, Recipient, }; #[cfg(feature = "async")] @@ -510,4 +510,19 @@ mod tests { .unwrap(); recipient_async_round_trip(vec![Box::new(pk)], iter::once(&sk as &dyn Identity)); } + + #[test] + fn mixed_recipient_and_passphrase() { + let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); + let passphrase = crate::scrypt::Recipient::new(SecretString::new("passphrase".to_string())); + + let recipients = vec![Box::new(pk) as _, Box::new(passphrase) as _]; + + let mut encrypted = vec![]; + let e = Encryptor::with_recipients(recipients).unwrap(); + assert!(matches!( + e.wrap_output(&mut encrypted), + Err(EncryptError::MixedRecipientAndPassphrase), + )); + } } From 8f1d6af14992f6e45ba2bc8f4f228f509b7f41f2 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 10 Aug 2024 06:58:47 +0000 Subject: [PATCH 30/77] age: Return label set from `Recipient::wrap_file_key` --- age-core/CHANGELOG.md | 2 ++ age-core/src/format.rs | 10 +++++++ age/CHANGELOG.md | 3 ++ age/i18n/en-US/age.ftl | 5 ++++ age/src/encrypted.rs | 3 +- age/src/error.rs | 59 ++++++++++++++++++++++++++++++++++++ age/src/lib.rs | 39 ++++++++++++++++++++++-- age/src/plugin.rs | 9 ++++-- age/src/protocol.rs | 64 ++++++++++++++++++++++++++++++++++++++-- age/src/scrypt.rs | 35 ++++++++++++++++------ age/src/ssh/identity.rs | 6 ++-- age/src/ssh/recipient.rs | 23 ++++++++++----- age/src/x25519.rs | 30 ++++++++++++------- 13 files changed, 251 insertions(+), 37 deletions(-) diff --git a/age-core/CHANGELOG.md b/age-core/CHANGELOG.md index b0147f2..203e572 100644 --- a/age-core/CHANGELOG.md +++ b/age-core/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] +### Added +- `age_core::format::is_arbitrary_string` ## [0.10.0] - 2024-02-04 ### Added diff --git a/age-core/src/format.rs b/age-core/src/format.rs index b374dfe..263b908 100644 --- a/age-core/src/format.rs +++ b/age-core/src/format.rs @@ -90,6 +90,16 @@ impl From> for Stanza { } } +/// Checks whether the string is a valid age "arbitrary string" (`1*VCHAR` in ABNF). +pub fn is_arbitrary_string>(s: &S) -> bool { + let s = s.as_ref(); + !s.is_empty() + && s.chars().all(|c| match u8::try_from(c) { + Ok(u) => (33..=126).contains(&u), + Err(_) => false, + }) +} + /// Creates a random recipient stanza that exercises the joint in the age v1 format. /// /// This function is guaranteed to return a valid stanza, but makes no other guarantees diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 3ddde8c..e699e76 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -18,6 +18,9 @@ to 1.0.0 are beta releases. ### Changed - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. +- `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: + a tuple of the stanzas to be placed in an age file header, and labels that + constrain how the stanzas may be combined with those from other recipients. ### Removed - `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl index 830ed4a..5da126b 100644 --- a/age/i18n/en-US/age.ftl +++ b/age/i18n/en-US/age.ftl @@ -57,6 +57,11 @@ err-header-invalid = Header is invalid err-header-mac-invalid = Header MAC is invalid +err-incompatible-recipients-oneway = Cannot encrypt to a recipient with labels '{$labels}' alongside a recipient with no labels +err-incompatible-recipients-twoway = Cannot encrypt to a recipient with labels '{$left}' alongside a recipient with labels '{$right}' + +err-invalid-recipient-labels = The first recipient requires one or more invalid labels: '{$labels}' + err-key-decryption = Failed to decrypt an encrypted key err-mixed-recipient-passphrase = {-scrypt-recipient} can't be used with other recipients. diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index c573723..d32cf97 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -269,7 +269,8 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo= fn round_trip() { let pk: x25519::Recipient = TEST_RECIPIENT.parse().unwrap(); let file_key = [12; 16].into(); - let wrapped = pk.wrap_file_key(&file_key).unwrap(); + let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); + assert!(labels.is_empty()); // Unwrapping with the wrong passphrase fails. { diff --git a/age/src/error.rs b/age/src/error.rs index 4a8ce96..393b4bf 100644 --- a/age/src/error.rs +++ b/age/src/error.rs @@ -1,5 +1,6 @@ //! Error type. +use std::collections::HashSet; use std::fmt; use std::io; @@ -101,6 +102,18 @@ impl fmt::Display for PluginError { pub enum EncryptError { /// An error occured while decrypting passphrase-encrypted identities. EncryptedIdentities(DecryptError), + /// The encryptor was given recipients that declare themselves incompatible. + IncompatibleRecipients { + /// The set of labels from the first recipient provided to the encryptor. + l_labels: HashSet, + /// The set of labels from the first non-matching recipient. + r_labels: HashSet, + }, + /// One or more of the labels from the first recipient provided to the encryptor are + /// invalid. + /// + /// Labels must be valid age "arbitrary string"s (`1*VCHAR` in ABNF). + InvalidRecipientLabels(HashSet), /// An I/O error occurred during encryption. Io(io::Error), /// A required plugin could not be found. @@ -130,6 +143,11 @@ impl Clone for EncryptError { fn clone(&self) -> Self { match self { Self::EncryptedIdentities(e) => Self::EncryptedIdentities(e.clone()), + Self::IncompatibleRecipients { l_labels, r_labels } => Self::IncompatibleRecipients { + l_labels: l_labels.clone(), + r_labels: r_labels.clone(), + }, + Self::InvalidRecipientLabels(labels) => Self::InvalidRecipientLabels(labels.clone()), Self::Io(e) => Self::Io(io::Error::new(e.kind(), e.to_string())), #[cfg(feature = "plugin")] Self::MissingPlugin { binary_name } => Self::MissingPlugin { @@ -142,10 +160,51 @@ impl Clone for EncryptError { } } +fn print_labels(labels: &HashSet) -> String { + let mut s = String::new(); + for (i, label) in labels.iter().enumerate() { + s.push_str(label); + if i != 0 { + s.push_str(", "); + } + } + s +} + impl fmt::Display for EncryptError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { EncryptError::EncryptedIdentities(e) => e.fmt(f), + EncryptError::IncompatibleRecipients { l_labels, r_labels } => { + match (l_labels.is_empty(), r_labels.is_empty()) { + (true, true) => unreachable!("labels are compatible"), + (false, true) => { + wfl!( + f, + "err-incompatible-recipients-oneway", + labels = print_labels(l_labels), + ) + } + (true, false) => { + wfl!( + f, + "err-incompatible-recipients-oneway", + labels = print_labels(r_labels), + ) + } + (false, false) => wfl!( + f, + "err-incompatible-recipients-twoway", + left = print_labels(l_labels), + right = print_labels(r_labels), + ), + } + } + EncryptError::InvalidRecipientLabels(labels) => wfl!( + f, + "err-invalid-recipient-labels", + labels = print_labels(labels), + ), EncryptError::Io(e) => e.fmt(f), #[cfg(feature = "plugin")] EncryptError::MissingPlugin { binary_name } => { diff --git a/age/src/lib.rs b/age/src/lib.rs index 03d602e..f53d05b 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -136,6 +136,8 @@ #![deny(rustdoc::broken_intra_doc_links)] #![deny(missing_docs)] +use std::collections::HashSet; + // Re-export crates that are used in our public API. pub use age_core::secrecy; @@ -222,7 +224,9 @@ pub trait Identity { /// /// Implementations of this trait might represent more than one recipient. pub trait Recipient { - /// Wraps the given file key, returning stanzas to be placed in an age file header. + /// Wraps the given file key, returning stanzas to be placed in an age file header, + /// and labels that constrain how the stanzas may be combined with those from other + /// recipients. /// /// Implementations MUST NOT return more than one stanza per "actual recipient". /// @@ -231,7 +235,38 @@ pub trait Recipient { /// recipients to [`Encryptor::with_recipients`]. /// /// [one joint]: https://www.imperialviolet.org/2016/05/16/agility.html - fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError>; + /// + /// # Labels + /// + /// [`Encryptor`] will succeed at encrypting only if every recipient returns the same + /// set of labels. Subsets or partial overlapping sets are not allowed; all sets must + /// be identical. Labels are compared exactly, and are case-sensitive. + /// + /// Label sets can be used to ensure a recipient is only encrypted to alongside other + /// recipients with equivalent properties, or to ensure a recipient is always used + /// alone. A recipient with no particular properties to enforce should return an empty + /// label set. + /// + /// Labels can have any value that is a valid arbitrary string (`1*VCHAR` in ABNF), + /// but usually take one of several forms: + /// - *Common public label* - used by multiple recipients to permit their stanzas to + /// be used only together. Examples include: + /// - `postquantum` - indicates that the recipient stanzas being generated are + /// postquantum-secure, and that they can only be combined with other stanzas + /// that are also postquantum-secure. + /// - *Common private label* - used by recipients created by the same private entity + /// to permit their recipient stanzas to be used only together. For example, + /// private recipients used in a corporate environment could all send the same + /// private label in order to prevent compliant age clients from simultaneously + /// wrapping file keys with other recipients. + /// - *Random label* - used by recipients that want to ensure their stanzas are not + /// used with any other recipient stanzas. This can be used to produce a file key + /// that is only encrypted to a single recipient stanza, for example to preserve + /// its authentication properties. + fn wrap_file_key( + &self, + file_key: &FileKey, + ) -> Result<(Vec, HashSet), EncryptError>; } /// Callbacks that might be triggered during encryption or decryption. diff --git a/age/src/plugin.rs b/age/src/plugin.rs index 2c00203..4551574 100644 --- a/age/src/plugin.rs +++ b/age/src/plugin.rs @@ -10,6 +10,7 @@ use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; use bech32::Variant; use std::borrow::Borrow; +use std::collections::HashSet; use std::fmt; use std::io; use std::iter; @@ -377,7 +378,10 @@ impl RecipientPluginV1 { } impl crate::Recipient for RecipientPluginV1 { - fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError> { + fn wrap_file_key( + &self, + file_key: &FileKey, + ) -> Result<(Vec, HashSet), EncryptError> { // Open connection let mut conn = self.plugin.connect(RECIPIENT_V1)?; @@ -396,6 +400,7 @@ impl crate::Recipient for RecipientPluginV1 { // Phase 2: collect either stanzas or errors let mut stanzas = vec![]; + let labels = HashSet::new(); let mut errors = vec![]; if let Err(e) = conn.bidir_receive( &[ @@ -484,7 +489,7 @@ impl crate::Recipient for RecipientPluginV1 { return Err(e.into()); }; match (stanzas.is_empty(), errors.is_empty()) { - (false, true) => Ok(stanzas), + (false, true) => Ok((stanzas, labels)), (a, b) => { if a & b { errors.push(PluginError::Other { diff --git a/age/src/protocol.rs b/age/src/protocol.rs index ad0e955..bc24f71 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -1,6 +1,6 @@ //! Encryption and decryption routines for age. -use age_core::secrecy::SecretString; +use age_core::{format::is_arbitrary_string, secrecy::SecretString}; use rand::{rngs::OsRng, RngCore}; use std::io::{self, BufRead, Read, Write}; @@ -78,9 +78,34 @@ impl Encryptor { let file_key = new_file_key(); let recipients = { + let mut control = None; + let mut stanzas = Vec::with_capacity(self.recipients.len() + 1); for recipient in self.recipients { - stanzas.append(&mut recipient.wrap_file_key(&file_key)?); + let (mut r_stanzas, r_labels) = recipient.wrap_file_key(&file_key)?; + + if let Some(l_labels) = control.take() { + if l_labels != r_labels { + // Improve error message. + let err = if stanzas + .iter() + .chain(&r_stanzas) + .any(|stanza| stanza.tag == crate::scrypt::SCRYPT_RECIPIENT_TAG) + { + EncryptError::MixedRecipientAndPassphrase + } else { + EncryptError::IncompatibleRecipients { l_labels, r_labels } + }; + return Err(err); + } + control = Some(l_labels); + } else if r_labels.iter().all(is_arbitrary_string) { + control = Some(r_labels); + } else { + return Err(EncryptError::InvalidRecipientLabels(r_labels)); + } + + stanzas.append(&mut r_stanzas); } stanzas }; @@ -292,9 +317,11 @@ impl Decryptor { #[cfg(test)] mod tests { - use age_core::secrecy::SecretString; + use std::collections::HashSet; use std::io::{BufReader, Read, Write}; + use age_core::secrecy::SecretString; + #[cfg(feature = "ssh")] use std::iter; @@ -525,4 +552,35 @@ mod tests { Err(EncryptError::MixedRecipientAndPassphrase), )); } + + struct IncompatibleRecipient(crate::x25519::Recipient); + + impl Recipient for IncompatibleRecipient { + fn wrap_file_key( + &self, + file_key: &age_core::format::FileKey, + ) -> Result<(Vec, HashSet), EncryptError> { + self.0.wrap_file_key(file_key).map(|(stanzas, mut labels)| { + labels.insert("incompatible".into()); + (stanzas, labels) + }) + } + } + + #[test] + fn incompatible_recipients() { + let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); + + let recipients = vec![ + Box::new(pk.clone()) as _, + Box::new(IncompatibleRecipient(pk)) as _, + ]; + + let mut encrypted = vec![]; + let e = Encryptor::with_recipients(recipients).unwrap(); + assert!(matches!( + e.wrap_output(&mut encrypted), + Err(EncryptError::IncompatibleRecipients { .. }), + )); + } } diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index b70f04c..3046718 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -1,13 +1,20 @@ //! The "scrypt" passphrase-based recipient type, native to age. +use std::collections::HashSet; +use std::iter; +use std::time::Duration; + use age_core::{ format::{FileKey, Stanza, FILE_KEY_BYTES}, primitives::{aead_decrypt, aead_encrypt}, secrecy::{ExposeSecret, SecretString}, }; use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; -use rand::{rngs::OsRng, RngCore}; -use std::time::Duration; +use rand::{ + distributions::{Alphanumeric, DistString}, + rngs::OsRng, + RngCore, +}; use zeroize::Zeroize; use crate::{ @@ -107,9 +114,14 @@ impl Recipient { } impl crate::Recipient for Recipient { - fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError> { + fn wrap_file_key( + &self, + file_key: &FileKey, + ) -> Result<(Vec, HashSet), EncryptError> { + let mut rng = OsRng; + let mut salt = [0; SALT_LEN]; - OsRng.fill_bytes(&mut salt); + rng.fill_bytes(&mut salt); let mut inner_salt = [0; SCRYPT_SALT_LABEL.len() + SALT_LEN]; inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL); @@ -123,11 +135,16 @@ impl crate::Recipient for Recipient { let encoded_salt = BASE64_STANDARD_NO_PAD.encode(salt); - Ok(vec![Stanza { - tag: SCRYPT_RECIPIENT_TAG.to_owned(), - args: vec![encoded_salt, format!("{}", log_n)], - body: encrypted_file_key, - }]) + let label = Alphanumeric.sample_string(&mut rng, 32); + + Ok(( + vec![Stanza { + tag: SCRYPT_RECIPIENT_TAG.to_owned(), + args: vec![encoded_salt, format!("{}", log_n)], + body: encrypted_file_key, + }], + iter::once(label).collect(), + )) } } diff --git a/age/src/ssh/identity.rs b/age/src/ssh/identity.rs index 83cd084..e32941a 100644 --- a/age/src/ssh/identity.rs +++ b/age/src/ssh/identity.rs @@ -507,7 +507,8 @@ AwQFBg== let file_key = [12; 16].into(); - let wrapped = pk.wrap_file_key(&file_key).unwrap(); + let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); + assert!(labels.is_empty()); let unwrapped = identity.unwrap_stanzas(&wrapped); assert_eq!( unwrapped.unwrap().unwrap().expose_secret(), @@ -533,7 +534,8 @@ AwQFBg== let file_key = [12; 16].into(); - let wrapped = pk.wrap_file_key(&file_key).unwrap(); + let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); + assert!(labels.is_empty()); let unwrapped = identity.unwrap_stanzas(&wrapped); assert_eq!( unwrapped.unwrap().unwrap().expose_secret(), diff --git a/age/src/ssh/recipient.rs b/age/src/ssh/recipient.rs index 261de78..7dfda4e 100644 --- a/age/src/ssh/recipient.rs +++ b/age/src/ssh/recipient.rs @@ -1,3 +1,6 @@ +use std::collections::HashSet; +use std::fmt; + use age_core::{ format::{FileKey, Stanza}, primitives::{aead_encrypt, hkdf}, @@ -18,7 +21,6 @@ use nom::{ use rand::rngs::OsRng; use rsa::{traits::PublicKeyParts, Oaep}; use sha2::Sha256; -use std::fmt; use x25519_dalek::{EphemeralSecret, PublicKey as X25519PublicKey, StaticSecret}; use super::{ @@ -144,10 +146,13 @@ impl TryFrom for Recipient { } impl crate::Recipient for Recipient { - fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError> { + fn wrap_file_key( + &self, + file_key: &FileKey, + ) -> Result<(Vec, HashSet), EncryptError> { let mut rng = OsRng; - match self { + let stanzas = match self { Recipient::SshRsa(ssh_key, pk) => { let encrypted_file_key = pk .encrypt( @@ -159,11 +164,11 @@ impl crate::Recipient for Recipient { let encoded_tag = BASE64_STANDARD_NO_PAD.encode(ssh_tag(ssh_key)); - Ok(vec![Stanza { + vec![Stanza { tag: SSH_RSA_RECIPIENT_TAG.to_owned(), args: vec![encoded_tag], body: encrypted_file_key, - }]) + }] } Recipient::SshEd25519(ssh_key, ed25519_pk) => { let pk: X25519PublicKey = ed25519_pk.to_montgomery().to_bytes().into(); @@ -190,13 +195,15 @@ impl crate::Recipient for Recipient { let encoded_tag = BASE64_STANDARD_NO_PAD.encode(ssh_tag(ssh_key)); let encoded_epk = BASE64_STANDARD_NO_PAD.encode(epk.as_bytes()); - Ok(vec![Stanza { + vec![Stanza { tag: SSH_ED25519_RECIPIENT_TAG.to_owned(), args: vec![encoded_tag, encoded_epk], body: encrypted_file_key, - }]) + }] } - } + }; + + Ok((stanzas, HashSet::new())) } } diff --git a/age/src/x25519.rs b/age/src/x25519.rs index 3cd84d0..9d23ee5 100644 --- a/age/src/x25519.rs +++ b/age/src/x25519.rs @@ -1,5 +1,8 @@ //! The "x25519" recipient type, native to age. +use std::collections::HashSet; +use std::fmt; + use age_core::{ format::{FileKey, Stanza, FILE_KEY_BYTES}, primitives::{aead_decrypt, aead_encrypt, hkdf}, @@ -8,7 +11,6 @@ use age_core::{ use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; use bech32::{ToBase32, Variant}; use rand::rngs::OsRng; -use std::fmt; use subtle::ConstantTimeEq; use x25519_dalek::{EphemeralSecret, PublicKey, StaticSecret}; use zeroize::Zeroize; @@ -191,7 +193,10 @@ impl fmt::Debug for Recipient { } impl crate::Recipient for Recipient { - fn wrap_file_key(&self, file_key: &FileKey) -> Result, EncryptError> { + fn wrap_file_key( + &self, + file_key: &FileKey, + ) -> Result<(Vec, HashSet), EncryptError> { let rng = OsRng; let esk = EphemeralSecret::random_from_rng(rng); let epk: PublicKey = (&esk).into(); @@ -220,11 +225,14 @@ impl crate::Recipient for Recipient { let encoded_epk = BASE64_STANDARD_NO_PAD.encode(epk.as_bytes()); - Ok(vec![Stanza { - tag: X25519_RECIPIENT_TAG.to_owned(), - args: vec![encoded_epk], - body: encrypted_file_key, - }]) + Ok(( + vec![Stanza { + tag: X25519_RECIPIENT_TAG.to_owned(), + args: vec![encoded_epk], + body: encrypted_file_key, + }], + HashSet::new(), + )) } } @@ -264,11 +272,13 @@ pub(crate) mod tests { StaticSecret::from(tmp) }; - let stanzas = Recipient(PublicKey::from(&sk)) + let res = Recipient(PublicKey::from(&sk)) .wrap_file_key(&file_key); - prop_assert!(stanzas.is_ok()); + prop_assert!(res.is_ok()); + let (stanzas, labels) = res.unwrap(); + prop_assert!(labels.is_empty()); - let res = Identity(sk).unwrap_stanzas(&stanzas.unwrap()); + let res = Identity(sk).unwrap_stanzas(&stanzas); prop_assert!(res.is_some()); let res = res.unwrap(); prop_assert!(res.is_ok()); From 2d2966871275b4b9eca8bee3300f0762d63f1039 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 11 Aug 2024 22:12:26 +0000 Subject: [PATCH 31/77] age: Add labels extension to client side of `recipient-v1` --- age/CHANGELOG.md | 1 + age/src/plugin.rs | 35 +++++++++++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index e699e76..ab7b138 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -21,6 +21,7 @@ to 1.0.0 are beta releases. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients. +- `age::plugin::RecipientPluginV1` now supports the labels extension. ### Removed - `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with diff --git a/age/src/plugin.rs b/age/src/plugin.rs index 4551574..933a67a 100644 --- a/age/src/plugin.rs +++ b/age/src/plugin.rs @@ -33,6 +33,7 @@ const PLUGIN_IDENTITY_PREFIX: &str = "age-plugin-"; const CMD_ERROR: &str = "error"; const CMD_RECIPIENT_STANZA: &str = "recipient-stanza"; +const CMD_LABELS: &str = "labels"; const CMD_MSG: &str = "msg"; const CMD_CONFIRM: &str = "confirm"; const CMD_REQUEST_PUBLIC: &str = "request-public"; @@ -395,12 +396,13 @@ impl crate::Recipient for RecipientPluginV1 { for identity in &self.identities { phase.send("add-identity", &[&identity.identity], &[])?; } + phase.send("extension-labels", &[], &[])?; phase.send("wrap-file-key", &[], file_key.expose_secret()) })?; // Phase 2: collect either stanzas or errors let mut stanzas = vec![]; - let labels = HashSet::new(); + let mut labels = None; let mut errors = vec![]; if let Err(e) = conn.bidir_receive( &[ @@ -409,6 +411,7 @@ impl crate::Recipient for RecipientPluginV1 { CMD_REQUEST_PUBLIC, CMD_REQUEST_SECRET, CMD_RECIPIENT_STANZA, + CMD_LABELS, CMD_ERROR, ], |mut command, reply| match command.tag.as_str() { @@ -464,6 +467,34 @@ impl crate::Recipient for RecipientPluginV1 { } reply.ok(None) } + CMD_LABELS => { + if labels.is_none() { + let labels_count = command.args.len(); + let label_set = command.args.into_iter().collect::>(); + if label_set.len() == labels_count { + labels = Some(label_set); + } else { + errors.push(PluginError::Other { + kind: "internal".to_owned(), + metadata: vec![], + message: format!( + "{} command must not contain duplicate labels", + CMD_LABELS + ), + }); + } + } else { + errors.push(PluginError::Other { + kind: "internal".to_owned(), + metadata: vec![], + message: format!( + "{} command must not be sent more than once", + CMD_LABELS + ), + }); + } + reply.ok(None) + } CMD_ERROR => { if command.args.len() == 2 && command.args[0] == "recipient" { let index: usize = command.args[1].parse().unwrap(); @@ -489,7 +520,7 @@ impl crate::Recipient for RecipientPluginV1 { return Err(e.into()); }; match (stanzas.is_empty(), errors.is_empty()) { - (false, true) => Ok((stanzas, labels)), + (false, true) => Ok((stanzas, labels.unwrap_or_default())), (a, b) => { if a & b { errors.push(PluginError::Other { From 9476af8e1fd4e49ab1a49a07cc40b5d848806e0e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 11 Aug 2024 22:31:22 +0000 Subject: [PATCH 32/77] age-plugin: Add labels extension to `recipient-v1` --- age-core/CHANGELOG.md | 4 + age-core/src/plugin.rs | 44 +++++-- age-plugin/CHANGELOG.md | 7 ++ age-plugin/examples/age-plugin-unencrypted.rs | 12 +- age-plugin/src/identity.rs | 3 +- age-plugin/src/lib.rs | 6 +- age-plugin/src/recipient.rs | 115 +++++++++++++++--- 7 files changed, 159 insertions(+), 32 deletions(-) diff --git a/age-core/CHANGELOG.md b/age-core/CHANGELOG.md index 203e572..d458d20 100644 --- a/age-core/CHANGELOG.md +++ b/age-core/CHANGELOG.md @@ -10,6 +10,10 @@ to 1.0.0 are beta releases. ### Added - `age_core::format::is_arbitrary_string` +### Changed +- `age::plugin::Connection::unidir_receive` now takes an additional argument to + enable handling an optional fourth command. + ## [0.10.0] - 2024-02-04 ### Added - `impl Eq for age_core::format::Stanza` diff --git a/age-core/src/plugin.rs b/age-core/src/plugin.rs index 0c68c31..027cde0 100644 --- a/age-core/src/plugin.rs +++ b/age-core/src/plugin.rs @@ -51,10 +51,11 @@ impl std::error::Error for Error {} /// should explicitly handle. pub type Result = io::Result>; -type UnidirResult = io::Result<( +type UnidirResult = io::Result<( std::result::Result, Vec>, std::result::Result, Vec>, Option, Vec>>, + Option, Vec>>, )>; /// A connection to a plugin binary. @@ -205,23 +206,26 @@ impl Connection { /// /// # Arguments /// - /// `command_a`, `command_b`, and (optionally) `command_c` are the known commands that - /// are expected to be received. All other received commands (including grease) will - /// be ignored. - pub fn unidir_receive( + /// `command_a`, `command_b`, and (optionally) `command_c` and `command_d` are the + /// known commands that are expected to be received. All other received commands + /// (including grease) will be ignored. + pub fn unidir_receive( &mut self, command_a: (&str, F), command_b: (&str, G), command_c: (Option<&str>, H), - ) -> UnidirResult + command_d: (Option<&str>, I), + ) -> UnidirResult where F: Fn(Stanza) -> std::result::Result, G: Fn(Stanza) -> std::result::Result, H: Fn(Stanza) -> std::result::Result, + I: Fn(Stanza) -> std::result::Result, { let mut res_a = Ok(vec![]); let mut res_b = Ok(vec![]); let mut res_c = Ok(vec![]); + let mut res_d = Ok(vec![]); for stanza in iter::repeat_with(|| self.receive()).take_while(|res| match res { Ok(stanza) => stanza.tag != COMMAND_DONE, @@ -251,14 +255,28 @@ impl Connection { validate(command_a.1(stanza), &mut res_a) } else if stanza.tag.as_str() == command_b.0 { validate(command_b.1(stanza), &mut res_b) - } else if let Some(tag) = command_c.0 { - if stanza.tag.as_str() == tag { - validate(command_c.1(stanza), &mut res_c) + } else { + if let Some(tag) = command_c.0 { + if stanza.tag.as_str() == tag { + validate(command_c.1(stanza), &mut res_c); + continue; + } + } + if let Some(tag) = command_d.0 { + if stanza.tag.as_str() == tag { + validate(command_d.1(stanza), &mut res_d); + continue; + } } } } - Ok((res_a, res_b, command_c.0.map(|_| res_c))) + Ok(( + res_a, + res_b, + command_c.0.map(|_| res_c), + command_d.0.map(|_| res_d), + )) } /// Runs a bidirectional phase as the controller. @@ -481,10 +499,11 @@ mod tests { .unidir_send(|mut phase| phase.send("test", &["foo"], b"bar")) .unwrap(); let stanza = plugin_conn - .unidir_receive::<_, (), (), _, _, _, _>( + .unidir_receive::<_, (), (), (), _, _, _, _, _>( ("test", Ok), ("other", |_| Err(())), (None, |_| Ok(())), + (None, |_| Ok(())), ) .unwrap(); assert_eq!( @@ -496,7 +515,8 @@ mod tests { body: b"bar"[..].to_owned() }]), Ok(vec![]), - None + None, + None, ) ); } diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md index 6d179a0..b37396e 100644 --- a/age-plugin/CHANGELOG.md +++ b/age-plugin/CHANGELOG.md @@ -14,6 +14,13 @@ to 1.0.0 are beta releases. - `impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible` - `impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible` +### Changed +- `age_plugin::recipient::RecipientPluginV1` has a new `labels` method. Existing + implementations of the trait should either return `HashSet::new()` to maintain + existing compatibility, or return labels that apply the desired constraints. +- `age_plugin::run_state_machine` now supports the `recipient-v1` labels + extension. + ### Fixed - `age_plugin::run_state_machine` now takes an `impl age_plugin::PluginHandler` argument, instead of its previous arguments. diff --git a/age-plugin/examples/age-plugin-unencrypted.rs b/age-plugin/examples/age-plugin-unencrypted.rs index d084bfd..efa908d 100644 --- a/age-plugin/examples/age-plugin-unencrypted.rs +++ b/age-plugin/examples/age-plugin-unencrypted.rs @@ -10,7 +10,7 @@ use age_plugin::{ }; use clap::Parser; -use std::collections::HashMap; +use std::collections::{HashMap, HashSet}; use std::convert::Infallible; use std::env; use std::io; @@ -104,6 +104,16 @@ impl RecipientPluginV1 for RecipientPlugin { } } + fn labels(&mut self) -> HashSet { + let mut labels = HashSet::new(); + if let Ok(s) = env::var("AGE_PLUGIN_LABELS") { + for label in s.split(',') { + labels.insert(label.into()); + } + } + labels + } + fn wrap_file_keys( &mut self, file_keys: Vec, diff --git a/age-plugin/src/identity.rs b/age-plugin/src/identity.rs index 004c3b4..1d2536a 100644 --- a/age-plugin/src/identity.rs +++ b/age-plugin/src/identity.rs @@ -222,7 +222,7 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { // Phase 1: receive identities and stanzas let (identities, recipient_stanzas) = { - let (identities, stanzas, _) = conn.unidir_receive( + let (identities, stanzas, _, _) = conn.unidir_receive( (ADD_IDENTITY, |s| match (&s.args[..], &s.body[..]) { ([identity], []) => Ok(identity.clone()), _ => Err(Error::Internal { @@ -255,6 +255,7 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { } }), (None, |_| Ok(())), + (None, |_| Ok(())), )?; // Now that we have the full list of identities, parse them as Bech32 and add them diff --git a/age-plugin/src/lib.rs b/age-plugin/src/lib.rs index 57b75a4..93b8c61 100644 --- a/age-plugin/src/lib.rs +++ b/age-plugin/src/lib.rs @@ -78,7 +78,7 @@ //! }; //! use clap::Parser; //! -//! use std::collections::HashMap; +//! use std::collections::{HashMap, HashSet}; //! use std::io; //! //! struct Handler; @@ -117,6 +117,10 @@ //! todo!() //! } //! +//! fn labels(&mut self) -> HashSet { +//! todo!() +//! } +//! //! fn wrap_file_keys( //! &mut self, //! file_keys: Vec, diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index 8359b9b..ba4bbfa 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -1,13 +1,14 @@ //! Recipient plugin helpers. use age_core::{ - format::{FileKey, Stanza, FILE_KEY_BYTES}, + format::{is_arbitrary_string, FileKey, Stanza, FILE_KEY_BYTES}, plugin::{self, BidirSend, Connection}, secrecy::SecretString, }; use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine}; use bech32::FromBase32; +use std::collections::HashSet; use std::convert::Infallible; use std::io; @@ -16,7 +17,9 @@ use crate::{Callbacks, PLUGIN_IDENTITY_PREFIX, PLUGIN_RECIPIENT_PREFIX}; const ADD_RECIPIENT: &str = "add-recipient"; const ADD_IDENTITY: &str = "add-identity"; const WRAP_FILE_KEY: &str = "wrap-file-key"; +const EXTENSION_LABELS: &str = "extension-labels"; const RECIPIENT_STANZA: &str = "recipient-stanza"; +const LABELS: &str = "labels"; /// The interface that age implementations will use to interact with an age plugin. /// @@ -39,6 +42,36 @@ pub trait RecipientPluginV1 { /// Returns an error if the identity is unknown or invalid. fn add_identity(&mut self, index: usize, plugin_name: &str, bytes: &[u8]) -> Result<(), Error>; + /// Returns labels that constrain how the stanzas produced by [`Self::wrap_file_keys`] + /// may be combined with those from other recipients. + /// + /// Encryption will succeed only if every recipient returns the same set of labels. + /// Subsets or partial overlapping sets are not allowed; all sets must be identical. + /// Labels are compared exactly, and are case-sensitive. + /// + /// Label sets can be used to ensure a recipient is only encrypted to alongside other + /// recipients with equivalent properties, or to ensure a recipient is always used + /// alone. A recipient with no particular properties to enforce should return an empty + /// label set. + /// + /// Labels can have any value that is a valid arbitrary string (`1*VCHAR` in ABNF), + /// but usually take one of several forms: + /// - *Common public label* - used by multiple recipients to permit their stanzas to + /// be used only together. Examples include: + /// - `postquantum` - indicates that the recipient stanzas being generated are + /// postquantum-secure, and that they can only be combined with other stanzas + /// that are also postquantum-secure. + /// - *Common private label* - used by recipients created by the same private entity + /// to permit their recipient stanzas to be used only together. For example, + /// private recipients used in a corporate environment could all send the same + /// private label in order to prevent compliant age clients from simultaneously + /// wrapping file keys with other recipients. + /// - *Random label* - used by recipients that want to ensure their stanzas are not + /// used with any other recipient stanzas. This can be used to produce a file key + /// that is only encrypted to a single recipient stanza, for example to preserve + /// its authentication properties. + fn labels(&mut self) -> HashSet; + /// Wraps each `file_key` to all recipients and identities previously added via /// `add_recipient` and `add_identity`. /// @@ -65,6 +98,11 @@ impl RecipientPluginV1 for Infallible { Ok(()) } + fn labels(&mut self) -> HashSet { + // This is never executed. + HashSet::new() + } + fn wrap_file_keys( &mut self, _: Vec, @@ -215,8 +253,8 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { let mut conn = Connection::accept(); // Phase 1: collect recipients, and file keys to be wrapped - let ((recipients, identities), file_keys) = { - let (recipients, identities, file_keys) = conn.unidir_receive( + let ((recipients, identities), file_keys, labels_supported) = { + let (recipients, identities, file_keys, labels_supported) = conn.unidir_receive( (ADD_RECIPIENT, |s| match (&s.args[..], &s.body[..]) { ([recipient], []) => Ok(recipient.clone()), _ => Err(Error::Internal { @@ -243,6 +281,7 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { }) .map(FileKey::from) }), + (Some(EXTENSION_LABELS), |_| Ok(())), )?; ( match (recipients, identities) { @@ -263,6 +302,13 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { }]), r => r, }, + match &labels_supported.unwrap() { + Ok(v) if v.is_empty() => Ok(false), + Ok(v) if v.len() == 1 => Ok(true), + _ => Err(vec![Error::Internal { + message: format!("Received more than one {} command", EXTENSION_LABELS), + }]), + }, ) }; @@ -327,23 +373,58 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { |index, plugin_name, bytes| plugin.add_identity(index, plugin_name, &bytes), ); + let required_labels = plugin.labels(); + + let labels = match (labels_supported, required_labels.is_empty()) { + (Ok(true), _) | (Ok(false), true) => { + if required_labels.contains("") { + Err(vec![Error::Internal { + message: "Plugin tried to use the empty string as a label".into(), + }]) + } else if required_labels.iter().all(is_arbitrary_string) { + Ok(required_labels) + } else { + Err(vec![Error::Internal { + message: "Plugin tried to use a label containing an invalid character".into(), + }]) + } + } + (Ok(false), false) => Err(vec![Error::Internal { + message: "Plugin requires labels but client does not support them".into(), + }]), + (Err(errors), true) => Err(errors), + (Err(mut errors), false) => { + errors.push(Error::Internal { + message: "Plugin requires labels but client does not support them".into(), + }); + Err(errors) + } + }; + // Phase 2: wrap the file keys or return errors conn.bidir_send(|mut phase| { - let (expected_stanzas, file_keys) = match (recipients, identities, file_keys) { - (Ok(recipients), Ok(identities), Ok(file_keys)) => (recipients + identities, file_keys), - (recipients, identities, file_keys) => { - for error in recipients - .err() - .into_iter() - .chain(identities.err()) - .chain(file_keys.err()) - .flatten() - { - error.send(&mut phase)?; + let (expected_stanzas, file_keys, labels) = + match (recipients, identities, file_keys, labels) { + (Ok(recipients), Ok(identities), Ok(file_keys), Ok(labels)) => { + (recipients + identities, file_keys, labels) } - return Ok(()); - } - }; + (recipients, identities, file_keys, labels) => { + for error in recipients + .err() + .into_iter() + .chain(identities.err()) + .chain(file_keys.err()) + .chain(labels.err()) + .flatten() + { + error.send(&mut phase)?; + } + return Ok(()); + } + }; + + let labels = labels.iter().map(|s| s.as_str()).collect::>(); + phase.send(LABELS, &labels, &[])?.unwrap(); match plugin.wrap_file_keys(file_keys, BidirCallbacks(&mut phase))? { Ok(files) => { From 3c9483f78f9776b886ade38528f0170f46317bb6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 11:48:39 +0000 Subject: [PATCH 33/77] age-plugin: Commit to order in which `RecipientPluginV1` methods are called --- age-plugin/src/recipient.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index ba4bbfa..a7c54b9 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -25,6 +25,12 @@ const LABELS: &str = "labels"; /// /// Implementations of this trait will be used within the [`recipient-v1`] state machine. /// +/// The trait methods are always called in this order: +/// - [`Self::add_recipient`] / [`Self::add_identity`] (in any order, including +/// potentially interleaved). +/// - [`Self::labels`] (once all recipients and identities have been added). +/// - [`Self::wrap_file_keys`] +/// /// [`recipient-v1`]: https://c2sp.org/age-plugin#wrapping-with-recipient-v1 pub trait RecipientPluginV1 { /// Stores a recipient that the user would like to encrypt age files to. From 7e3c62b98b32d536dd5456043bcd86ff937188f8 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 12:37:24 +0000 Subject: [PATCH 34/77] age: Fix feature flag combination bugs in `cli_common` module --- age/src/cli_common/error.rs | 5 +- age/src/cli_common/identities.rs | 14 +-- age/src/cli_common/recipients.rs | 141 +++++++++++++++++++++---------- 3 files changed, 110 insertions(+), 50 deletions(-) diff --git a/age/src/cli_common/error.rs b/age/src/cli_common/error.rs index 0ae80f2..2769ad1 100644 --- a/age/src/cli_common/error.rs +++ b/age/src/cli_common/error.rs @@ -1,7 +1,10 @@ use std::fmt; use std::io; -use crate::{wfl, wlnfl, DecryptError}; +use crate::{wfl, DecryptError}; + +#[cfg(feature = "plugin")] +use crate::wlnfl; /// Errors that can occur while reading recipients or identities. #[derive(Debug)] diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index df46936..59ceeae 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -1,10 +1,10 @@ use std::io::{self, BufReader}; -use super::{file_io::InputReader, ReadError, StdinGuard, UiCallbacks}; +use super::{ReadError, StdinGuard, UiCallbacks}; use crate::{identity::IdentityFile, Identity}; #[cfg(feature = "armor")] -use crate::armor::ArmoredReader; +use crate::{armor::ArmoredReader, cli_common::file_io::InputReader}; /// Reads identities from the provided files. /// @@ -23,10 +23,12 @@ pub fn read_identities( max_work_factor, stdin_guard, &mut identities, + #[cfg(feature = "armor")] |identities, identity| { identities.push(Box::new(identity)); Ok(()) }, + #[cfg(feature = "ssh")] |identities, _, identity| { identities.push(Box::new(identity.with_callbacks(UiCallbacks))); Ok(()) @@ -62,7 +64,7 @@ pub fn read_identities( /// Parses the provided identity files. pub(super) fn parse_identity_files + From>( filenames: Vec, - max_work_factor: Option, + _max_work_factor: Option, stdin_guard: &mut StdinGuard, ctx: &mut Ctx, #[cfg(feature = "armor")] encrypted_identity: impl Fn( @@ -73,6 +75,7 @@ pub(super) fn parse_identity_files + From>( identity_file_entry: impl Fn(&mut Ctx, crate::IdentityFileEntry) -> Result<(), E>, ) -> Result<(), E> { for filename in filenames { + #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))] let mut reader = PeekableReader::new(BufReader::new( stdin_guard.open(filename.clone()).map_err(|e| match e { ReadError::Io(e) if matches!(e.kind(), io::ErrorKind::NotFound) => { @@ -88,7 +91,7 @@ pub(super) fn parse_identity_files + From>( ArmoredReader::new_buffered(&mut reader), Some(filename.clone()), UiCallbacks, - max_work_factor, + _max_work_factor, ) .is_ok() { @@ -101,7 +104,7 @@ pub(super) fn parse_identity_files + From>( ArmoredReader::new_buffered(reader.inner), Some(filename.clone()), UiCallbacks, - max_work_factor, + _max_work_factor, ) .expect("already parsed the age ciphertext header"); @@ -160,6 +163,7 @@ impl PeekableReader { } } + #[cfg(any(feature = "armor", feature = "ssh"))] fn reset(&mut self) -> io::Result<()> { match &mut self.state { PeekState::Peeking { consumed } => { diff --git a/age/src/cli_common/recipients.rs b/age/src/cli_common/recipients.rs index 1573b69..dc40a33 100644 --- a/age/src/cli_common/recipients.rs +++ b/age/src/cli_common/recipients.rs @@ -1,15 +1,21 @@ use std::io::{self, BufReader}; use super::StdinGuard; -use super::{identities::parse_identity_files, ReadError, UiCallbacks}; -use crate::{x25519, EncryptError, IdentityFileEntry, Recipient}; +use super::{identities::parse_identity_files, ReadError}; +use crate::{x25519, IdentityFileEntry, Recipient}; #[cfg(feature = "plugin")] -use crate::plugin; +use crate::{cli_common::UiCallbacks, plugin}; + +#[cfg(not(feature = "plugin"))] +use std::convert::Infallible; #[cfg(feature = "ssh")] use crate::ssh; +#[cfg(any(feature = "armor", feature = "plugin"))] +use crate::EncryptError; + /// Handles error mapping for the given SSH recipient parser. /// /// Returns `Ok(None)` if the parser finds a parseable value that should be ignored. This @@ -44,25 +50,35 @@ where /// Parses a recipient from a string. fn parse_recipient( - filename: &str, + _filename: &str, s: String, recipients: &mut Vec>, - plugin_recipients: &mut Vec, + #[cfg(feature = "plugin")] plugin_recipients: &mut Vec, ) -> Result<(), ReadError> { if let Ok(pk) = s.parse::() { recipients.push(Box::new(pk)); } else if let Some(pk) = { #[cfg(feature = "ssh")] { - parse_ssh_recipient(|| s.parse::(), || Ok(None), filename)? + parse_ssh_recipient(|| s.parse::(), || Ok(None), _filename)? } #[cfg(not(feature = "ssh"))] None } { recipients.push(pk); - } else if let Ok(recipient) = s.parse::() { - plugin_recipients.push(recipient); + } else if let Some(_recipient) = { + #[cfg(feature = "plugin")] + { + // TODO Do something with the error? + s.parse::().ok() + } + + #[cfg(not(feature = "plugin"))] + None:: + } { + #[cfg(feature = "plugin")] + plugin_recipients.push(_recipient); } else { return Err(ReadError::InvalidRecipient(s)); } @@ -75,7 +91,7 @@ fn read_recipients_list( filename: &str, buf: R, recipients: &mut Vec>, - plugin_recipients: &mut Vec, + #[cfg(feature = "plugin")] plugin_recipients: &mut Vec, ) -> Result<(), ReadError> { for (line_number, line) in buf.lines().enumerate() { let line = line?; @@ -83,13 +99,19 @@ fn read_recipients_list( // Skip empty lines and comments if line.is_empty() || line.find('#') == Some(0) { continue; - } else if let Err(e) = parse_recipient(filename, line, recipients, plugin_recipients) { + } else if let Err(_e) = parse_recipient( + filename, + line, + recipients, + #[cfg(feature = "plugin")] + plugin_recipients, + ) { #[cfg(feature = "ssh")] - match e { + match _e { ReadError::RsaModulusTooLarge | ReadError::RsaModulusTooSmall | ReadError::UnsupportedKey(_, _) => { - return Err(io::Error::new(io::ErrorKind::InvalidData, e.to_string()).into()); + return Err(io::Error::new(io::ErrorKind::InvalidData, _e.to_string()).into()); } _ => (), } @@ -119,11 +141,19 @@ pub fn read_recipients( stdin_guard: &mut StdinGuard, ) -> Result>, ReadError> { let mut recipients: Vec> = vec![]; + #[cfg(feature = "plugin")] let mut plugin_recipients: Vec = vec![]; + #[cfg(feature = "plugin")] let mut plugin_identities: Vec = vec![]; for arg in recipient_strings { - parse_recipient("", arg, &mut recipients, &mut plugin_recipients)?; + parse_recipient( + "", + arg, + &mut recipients, + #[cfg(feature = "plugin")] + &mut plugin_recipients, + )?; } for arg in recipients_file_strings { @@ -134,15 +164,29 @@ pub fn read_recipients( _ => e, })?; let buf = BufReader::new(f); - read_recipients_list(&arg, buf, &mut recipients, &mut plugin_recipients)?; + read_recipients_list( + &arg, + buf, + &mut recipients, + #[cfg(feature = "plugin")] + &mut plugin_recipients, + )?; } + #[cfg(feature = "plugin")] + let ctx = &mut (&mut recipients, &mut plugin_identities); + #[cfg(not(feature = "plugin"))] + let ctx = &mut recipients; + parse_identity_files::<_, ReadError>( identity_strings, max_work_factor, stdin_guard, - &mut (&mut recipients, &mut plugin_identities), - |(recipients, _), identity| { + ctx, + #[cfg(feature = "armor")] + |recipients, identity| { + #[cfg(feature = "plugin")] + let (recipients, _) = recipients; recipients.extend(identity.recipients().map_err(|e| { // Only one error can occur here. if let EncryptError::EncryptedIdentities(e) = e { @@ -153,7 +197,10 @@ pub fn read_recipients( })?); Ok(()) }, - |(recipients, _), filename, identity| { + #[cfg(feature = "ssh")] + |recipients, filename, identity| { + #[cfg(feature = "plugin")] + let (recipients, _) = recipients; let recipient = parse_ssh_recipient( || ssh::Recipient::try_from(identity), || Err(ReadError::InvalidRecipient(filename.to_owned())), @@ -163,42 +210,48 @@ pub fn read_recipients( recipients.push(recipient); Ok(()) }, - |(recipients, plugin_identities), entry| { + |recipients, entry| { + #[cfg(feature = "plugin")] + let (recipients, plugin_identities) = recipients; match entry { IdentityFileEntry::Native(i) => recipients.push(Box::new(i.to_public())), + #[cfg(feature = "plugin")] IdentityFileEntry::Plugin(i) => plugin_identities.push(i), } Ok(()) }, )?; - // Collect the names of the required plugins. - let mut plugin_names = plugin_recipients - .iter() - .map(|r| r.plugin()) - .chain(plugin_identities.iter().map(|i| i.plugin())) - .collect::>(); - plugin_names.sort_unstable(); - plugin_names.dedup(); + #[cfg(feature = "plugin")] + { + // Collect the names of the required plugins. + let mut plugin_names = plugin_recipients + .iter() + .map(|r| r.plugin()) + .chain(plugin_identities.iter().map(|i| i.plugin())) + .collect::>(); + plugin_names.sort_unstable(); + plugin_names.dedup(); - // Find the required plugins. - for plugin_name in plugin_names { - recipients.push(Box::new( - plugin::RecipientPluginV1::new( - plugin_name, - &plugin_recipients, - &plugin_identities, - UiCallbacks, - ) - .map_err(|e| { - // Only one error can occur here. - if let EncryptError::MissingPlugin { binary_name } = e { - ReadError::MissingPlugin { binary_name } - } else { - unreachable!() - } - })?, - )) + // Find the required plugins. + for plugin_name in plugin_names { + recipients.push(Box::new( + plugin::RecipientPluginV1::new( + plugin_name, + &plugin_recipients, + &plugin_identities, + UiCallbacks, + ) + .map_err(|e| { + // Only one error can occur here. + if let EncryptError::MissingPlugin { binary_name } = e { + ReadError::MissingPlugin { binary_name } + } else { + unreachable!() + } + })?, + )) + } } Ok(recipients) From dc885d86a1ca3ea8d54d736dce8970e585c6ee10 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 14:06:16 +0000 Subject: [PATCH 35/77] cargo vet regenerate imports --- supply-chain/config.toml | 20 ------- supply-chain/imports.lock | 114 ++++++++++++++++++++++++++++++-------- 2 files changed, 92 insertions(+), 42 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index a04aab5..e514e9b 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -105,10 +105,6 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.block]] version = "0.1.6" criteria = "safe-to-deploy" @@ -217,10 +213,6 @@ criteria = "safe-to-deploy" version = "0.2.2" criteria = "safe-to-deploy" -[[exemptions.crc32fast]] -version = "1.3.2" -criteria = "safe-to-deploy" - [[exemptions.criterion]] version = "0.3.6" criteria = "safe-to-run" @@ -293,10 +285,6 @@ criteria = "safe-to-deploy" version = "0.10.2" criteria = "safe-to-run" -[[exemptions.flate2]] -version = "1.0.28" -criteria = "safe-to-deploy" - [[exemptions.fluent]] version = "0.16.1" criteria = "safe-to-deploy" @@ -453,10 +441,6 @@ criteria = "safe-to-deploy" version = "0.2.1" criteria = "safe-to-deploy" -[[exemptions.miniz_oxide]] -version = "0.7.4" -criteria = "safe-to-deploy" - [[exemptions.nix]] version = "0.26.1" criteria = "safe-to-deploy" @@ -885,10 +869,6 @@ criteria = "safe-to-deploy" version = "2.0.1" criteria = "safe-to-deploy" -[[exemptions.xattr]] -version = "1.3.1" -criteria = "safe-to-deploy" - [[exemptions.zerocopy]] version = "0.6.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index e84f19a..ab1cc89 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -209,7 +209,7 @@ who = "Nick Fitzgerald " criteria = "safe-to-deploy" user-id = 696 # Nick Fitzgerald (fitzgen) start = "2019-03-16" -end = "2024-03-10" +end = "2025-07-30" [[audits.bytecode-alliance.audits.addr2line]] who = "Alex Crichton " @@ -473,6 +473,18 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.8" +[[audits.bytecode-alliance.audits.xattr]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "1.2.0" +notes = "This crate contains `unsafe` calls to libc `extattr_*` functions as one would expect from the crate's purpose." + +[[audits.bytecode-alliance.audits.xattr]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +delta = "1.2.0 -> 1.3.1" +notes = "Minor changes to MacOS-specific code." + [[audits.embark-studios.audits.thiserror]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -541,6 +553,22 @@ and nothing changed from the baseline audit of 1.1.0. Skimmed through the ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bitflags]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.3.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +The crate exposes a function marked as `unsafe`, but doesn't use any +`unsafe` blocks (except for tests of the single `unsafe` function). I +think this justifies marking this crate as `ub-risk-1`. + +Additional review comments can be found at https://crrev.com/c/4723145/31 +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.bitflags]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -571,13 +599,6 @@ delta = "2.5.0 -> 2.6.0" notes = "The changes from the previous version are negligible and thus it retains the same properties." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bytemuck]] -who = "Lukasz Anforowicz " -criteria = "safe-to-deploy" -version = "1.14.3" -notes = "Additional review notes may be found in https://crrev.com/c/5362675." -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.bytemuck]] who = "Adrian Taylor " criteria = "safe-to-deploy" @@ -612,6 +633,18 @@ criteria = "safe-to-run" version = "0.4.3" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.crc32fast]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.4.2" +notes = """ +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.crossbeam-deque]] who = "George Burgess IV " criteria = "safe-to-run" @@ -646,6 +679,41 @@ that the RNG here is not cryptographically secure. """ aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "1.0.30" +notes = ''' +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. Ability to track partial +audits is tracked in https://github.com/mozilla/cargo-vet/issues/380 +Chromium does use the `any_zlib` feature(s). Accidentally depending on +this feature in the future is prevented using the `ban_features` feature +of `gnrt` - see: +https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml + +Security review of earlier versions of the crate can be found at +(Google-internal, sorry): go/image-crate-chromium-security-review + +I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. + +All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`: + +* The code under `src/ffi/...` will not be used because the `mod c` + declaration in `src/ffi/mod.rs` depends on the `any_zlib` config +* 7 uses of `unsafe` in `src/mem.rs` also all depend on the + `any_zlib` config: + - 2 in `fn set_dictionary` (under `impl Compress`) + - 2 in `fn set_level` (under `impl Compress`) + - 3 in `fn set_dictionary` (under `impl Decompress`) + +All hits of `'\bfs\b'` are in comments, or example code, or test code +(but not in product code). + +There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.futures]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -730,6 +798,22 @@ criteria = "safe-to-run" version = "0.8.0" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +[[audits.google.audits.miniz_oxide]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +version = "0.7.4" +notes = ''' +Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` +and there were no hits, except for some mentions of "unsafe" in the `README.md` +and in a comment in `src/deflate/core.rs`. The comment discusses whether a +function should be treated as unsafe, but there is no actual `unsafe` code, so +the crate meets the `ub-risk-0` criteria. + +Note that some additional, internal notes about an older version of this crate +can be found at go/image-crate-chromium-security-review. +''' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.nix]] who = "David Koloski " criteria = "safe-to-run" @@ -1368,13 +1452,6 @@ delta = "0.2.7 -> 0.2.8" notes = "This release contains a single fix for an issue that affected Firefox" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.crc32fast]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 1.4.2" -notes = "Minor, safe changes." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.crossbeam-utils]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1449,13 +1526,6 @@ criteria = "safe-to-deploy" delta = "1.9.0 -> 2.0.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.flate2]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.0.28 -> 1.0.30" -notes = "Some new unsafe code, however it has been verified and there are unit tests as well." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.fluent-langneg]] who = "Zibi Braniecki " criteria = "safe-to-deploy" From f64f110f3e1bf080fdad8f3334957cf77fc38aab Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 14:07:34 +0000 Subject: [PATCH 36/77] cargo update --- Cargo.lock | 164 ++++++++++++++++++++++---------------- supply-chain/config.toml | 54 ++++++++----- supply-chain/imports.lock | 117 +++++++++++++-------------- 3 files changed, 186 insertions(+), 149 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a984dd0..9ab62a5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -352,9 +352,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.16.1" +version = "1.16.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" +checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83" [[package]] name = "byteorder" @@ -400,12 +400,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -531,7 +532,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -659,10 +660,11 @@ dependencies = [ [[package]] name = "criterion-cycles-per-byte" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5281161544b8f2397e14942c2045efa3446470348121a65c37263f8e76c1e2ff" +checksum = "1029452fa751c93f8834962dd74807d69f0a6c7624d5b06625b393aeb6a14fc2" dependencies = [ + "cfg-if", "criterion", ] @@ -760,7 +762,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -815,14 +817,14 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "either" @@ -879,14 +881,14 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" -version = "0.2.23" +version = "0.2.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" +checksum = "bf401df4a4e3872c4fe8151134cf483738e74b67fc934d6532c882b3d24a4550" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.4.1", - "windows-sys 0.52.0", + "libredox", + "windows-sys 0.59.0", ] [[package]] @@ -1053,7 +1055,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1173,6 +1175,12 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +[[package]] +name = "hermit-abi" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" + [[package]] name = "hex" version = "0.4.3" @@ -1275,7 +1283,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.72", + "syn 2.0.75", "unic-langid", ] @@ -1289,7 +1297,7 @@ dependencies = [ "i18n-config", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1317,9 +1325,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.6" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c" dependencies = [ "equivalent", "hashbrown", @@ -1380,11 +1388,11 @@ checksum = "4b3f7cef34251886990511df1c61443aa928499d598a9473929ab5a90a527304" [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ - "hermit-abi", + "hermit-abi 0.4.0", "libc", "windows-sys 0.52.0", ] @@ -1433,9 +1441,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libm" @@ -1443,6 +1451,17 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +[[package]] +name = "libredox" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +dependencies = [ + "bitflags 2.6.0", + "libc", + "redox_syscall", +] + [[package]] name = "linux-raw-sys" version = "0.4.14" @@ -1618,7 +1637,7 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", ] @@ -1653,9 +1672,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.2" +version = "0.36.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" +checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" dependencies = [ "memchr", ] @@ -1680,12 +1699,12 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "os_pipe" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29d73ba8daf8fac13b0501d1abeddcfe21ba7401ada61a819144b6c2a4f32209" +checksum = "5ffd2b0a5634335b135d5728d84c5e0fd726954b87111f7506a61c502280d982" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -1716,7 +1735,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.3", + "redox_syscall", "smallvec", "windows-targets 0.52.6", ] @@ -1777,7 +1796,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -1908,9 +1927,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy 0.7.35", +] [[package]] name = "proc-macro-error" @@ -2076,15 +2098,6 @@ dependencies = [ "crossbeam-utils", ] -[[package]] -name = "redox_syscall" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" -dependencies = [ - "bitflags 1.3.2", -] - [[package]] name = "redox_syscall" version = "0.5.3" @@ -2125,9 +2138,9 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.45" +version = "0.8.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ade4539f42266ded9e755c605bdddf546242b2c961b03b06a7375260788a0523" +checksum = "0f86ae463694029097b846d8f99fd5536740602ae00022c0c50c5600720b2f71" dependencies = [ "bytemuck", ] @@ -2199,7 +2212,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.72", + "syn 2.0.75", "walkdir", ] @@ -2332,31 +2345,32 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] name = "serde_json" -version = "1.0.120" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -2535,9 +2549,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" dependencies = [ "proc-macro2", "quote", @@ -2594,7 +2608,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2605,7 +2619,7 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "test-case-core", ] @@ -2626,7 +2640,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2693,7 +2707,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -2875,7 +2889,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-shared", ] @@ -2897,7 +2911,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2948,11 +2962,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.48.0", ] [[package]] @@ -2997,6 +3011,15 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", +] + [[package]] name = "windows-targets" version = "0.42.2" @@ -3229,6 +3252,7 @@ version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ + "byteorder", "zerocopy-derive 0.7.35", ] @@ -3240,7 +3264,7 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3251,7 +3275,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3271,7 +3295,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.75", ] [[package]] @@ -3315,9 +3339,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" +checksum = "38ff0f21cfee8f97d94cef41359e0c89aa6113028ab0291aa8ca0038995a95aa" dependencies = [ "cc", "pkg-config", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index e514e9b..4397ebc 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -133,6 +133,10 @@ criteria = "safe-to-deploy" version = "0.1.2" criteria = "safe-to-deploy" +[[exemptions.cc]] +version = "1.1.14" +criteria = "safe-to-deploy" + [[exemptions.chacha20]] version = "0.9.1" criteria = "safe-to-deploy" @@ -218,7 +222,7 @@ version = "0.3.6" criteria = "safe-to-run" [[exemptions.criterion-cycles-per-byte]] -version = "0.6.0" +version = "0.6.1" criteria = "safe-to-run" [[exemptions.criterion-plot]] @@ -262,7 +266,7 @@ version = "0.2.5" criteria = "safe-to-deploy" [[exemptions.dunce]] -version = "1.0.4" +version = "1.0.5" criteria = "safe-to-run" [[exemptions.encode_unicode]] @@ -274,7 +278,7 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.filetime]] -version = "0.2.23" +version = "0.2.24" criteria = "safe-to-deploy" [[exemptions.find-crate]] @@ -345,6 +349,10 @@ criteria = "safe-to-deploy" version = "0.3.3" criteria = "safe-to-deploy" +[[exemptions.hermit-abi]] +version = "0.4.0" +criteria = "safe-to-deploy" + [[exemptions.hkdf]] version = "0.12.4" criteria = "safe-to-deploy" @@ -382,7 +390,7 @@ version = "0.1.60" criteria = "safe-to-deploy" [[exemptions.indexmap]] -version = "2.2.6" +version = "2.4.0" criteria = "safe-to-deploy" [[exemptions.inferno]] @@ -398,7 +406,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.is-terminal]] -version = "0.4.12" +version = "0.4.13" criteria = "safe-to-deploy" [[exemptions.jobserver]] @@ -410,13 +418,17 @@ version = "0.3.60" criteria = "safe-to-deploy" [[exemptions.libc]] -version = "0.2.155" +version = "0.2.158" criteria = "safe-to-deploy" [[exemptions.libm]] version = "0.2.2" criteria = "safe-to-deploy" +[[exemptions.libredox]] +version = "0.0.1" +criteria = "safe-to-deploy" + [[exemptions.linux-raw-sys]] version = "0.4.14" criteria = "safe-to-deploy" @@ -470,7 +482,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.36.2" +version = "0.36.3" criteria = "safe-to-run" [[exemptions.once_cell]] @@ -478,7 +490,7 @@ version = "1.15.0" criteria = "safe-to-deploy" [[exemptions.os_pipe]] -version = "1.2.0" +version = "1.2.1" criteria = "safe-to-run" [[exemptions.page_size]] @@ -550,7 +562,7 @@ version = "0.13.0" criteria = "safe-to-run" [[exemptions.ppv-lite86]] -version = "0.2.16" +version = "0.2.20" criteria = "safe-to-deploy" [[exemptions.proc-macro-error]] @@ -573,10 +585,6 @@ criteria = "safe-to-run" version = "0.8.5" criteria = "safe-to-deploy" -[[exemptions.redox_syscall]] -version = "0.4.1" -criteria = "safe-to-deploy" - [[exemptions.redox_syscall]] version = "0.5.3" criteria = "safe-to-deploy" @@ -594,7 +602,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.45" +version = "0.8.48" criteria = "safe-to-run" [[exemptions.roff]] @@ -677,6 +685,10 @@ criteria = "safe-to-deploy" version = "0.10.8" criteria = "safe-to-deploy" +[[exemptions.shlex]] +version = "1.3.0" +criteria = "safe-to-deploy" + [[exemptions.similar]] version = "2.6.0" criteria = "safe-to-run" @@ -722,7 +734,7 @@ version = "1.0.102" criteria = "safe-to-deploy" [[exemptions.syn]] -version = "2.0.72" +version = "2.0.75" criteria = "safe-to-deploy" [[exemptions.tar]] @@ -818,7 +830,7 @@ version = "0.2.92" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-backend]] -version = "0.2.89" +version = "0.2.88" criteria = "safe-to-deploy" [[exemptions.wasm-bindgen-macro]] @@ -826,7 +838,7 @@ version = "0.2.87" criteria = "safe-to-deploy" [[exemptions.web-sys]] -version = "0.3.66" +version = "0.3.65" criteria = "safe-to-deploy" [[exemptions.which]] @@ -842,7 +854,7 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.winapi-util]] -version = "0.1.8" +version = "0.1.9" criteria = "safe-to-deploy" [[exemptions.winapi-x86_64-pc-windows-gnu]] @@ -875,7 +887,7 @@ criteria = "safe-to-deploy" [[exemptions.zerocopy]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.6.6" @@ -883,7 +895,7 @@ criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] version = "0.7.35" -criteria = "safe-to-run" +criteria = "safe-to-deploy" [[exemptions.zeroize]] version = "1.8.1" @@ -906,5 +918,5 @@ version = "5.0.2+zstd.1.5.2" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.12+zstd.1.5.6" +version = "2.0.13+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index ab1cc89..294cef0 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -36,6 +36,13 @@ user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" +[[publisher.windows-sys]] +version = "0.59.0" +when = "2024-07-30" +user-id = 64539 +user-login = "kennykerr" +user-name = "Kenny Kerr" + [[publisher.windows-targets]] version = "0.42.2" when = "2023-03-13" @@ -251,17 +258,6 @@ who = "Benjamin Bouvier " criteria = "safe-to-deploy" delta = "0.9.0 -> 0.10.2" -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.73" -notes = "I am the author of this crate." - -[[audits.bytecode-alliance.audits.cc]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.83 -> 1.1.6" - [[audits.bytecode-alliance.audits.cfg-if]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -599,25 +595,16 @@ delta = "2.5.0 -> 2.6.0" notes = "The changes from the previous version are negligible and thus it retains the same properties." aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.bytemuck]] -who = "Adrian Taylor " -criteria = "safe-to-deploy" -delta = "1.14.3 -> 1.15.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - -[[audits.google.audits.bytemuck]] -who = "danakj " -criteria = "safe-to-deploy" -delta = "1.15.0 -> 1.16.0" -aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" - [[audits.google.audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.16.1" +version = "1.16.3" notes = """ -The delta only adds `f16` and `f128` support (with some other minor changes) -and has no impact on the audit criteria. +Review notes from the original audit (of 1.14.3) may be found in +https://crrev.com/c/5362675. Note that this audit has initially missed UB risk +that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258. +Because of this, the original audit has been edited to certify version `1.16.3` +instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" @@ -1016,6 +1003,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = "The small change in `src/private/ser.rs` should have no impact on `ub-risk-2`." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -1048,6 +1042,13 @@ criteria = "safe-to-deploy" delta = "1.0.203 -> 1.0.204" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.serde_derive]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.204 -> 1.0.207" +notes = 'Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits' +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.serde_json]] who = "danakj@chromium.org" criteria = "safe-to-run" @@ -1071,17 +1072,17 @@ criteria = "safe-to-run" delta = "1.0.117 -> 1.0.120" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "George Burgess IV " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -version = "1.1.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.120 -> 1.0.122" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.shlex]] -who = "Daniel Verkamp " +[[audits.google.audits.serde_json]] +who = "Lukasz Anforowicz " criteria = "safe-to-run" -delta = "1.1.0 -> 1.3.0" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" +delta = "1.0.122 -> 1.0.124" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" [[audits.google.audits.stable_deref_trait]] who = "George Burgess IV " @@ -1433,18 +1434,6 @@ criteria = "safe-to-deploy" delta = "0.10.2 -> 0.10.3" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.cc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.73 -> 1.0.78" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.cc]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.78 -> 1.0.83" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - [[audits.mozilla.audits.cpufeatures]] who = "Gabriele Svelto " criteria = "safe-to-deploy" @@ -1695,12 +1684,6 @@ criteria = "safe-to-deploy" delta = "0.3.25 -> 0.3.26" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.ppv-lite86]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.16 -> 0.2.17" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.rand_core]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -1746,6 +1729,12 @@ criteria = "safe-to-deploy" delta = "3.8.0 -> 3.9.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.tempfile]] +who = "Mike Hommey " +criteria = "safe-to-deploy" +delta = "3.9.0 -> 3.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.time]] who = "Mike Hommey " criteria = "safe-to-deploy" @@ -2239,6 +2228,12 @@ delta = "0.2.7 -> 0.2.8" notes = "Forces some intermediate values to not have too much precision on the x87 FPU." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.libredox]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.0.1 -> 0.1.3" +aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" + [[audits.zcash.audits.memchr]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2515,12 +2510,6 @@ delta = "1.0.107 -> 1.0.109" notes = "Fixes string literal parsing to only skip specified whitespace characters." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.tempfile]] -who = "Daira-Emma Hopwood " -criteria = "safe-to-deploy" -delta = "3.9.0 -> 3.10.1" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.thiserror]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -2668,6 +2657,12 @@ delta = "0.4.1 -> 0.5.0" notes = "I checked correctness of to_blocks which uses unsafe code in a safe function." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.wasm-bindgen-backend]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.2.88 -> 0.2.89" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.wasm-bindgen-backend]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" @@ -2717,6 +2712,12 @@ criteria = "safe-to-deploy" delta = "0.2.89 -> 0.2.92" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" +[[audits.zcash.audits.web-sys]] +who = "Daira-Emma Hopwood " +criteria = "safe-to-deploy" +delta = "0.3.65 -> 0.3.66" +aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml" + [[audits.zcash.audits.web-sys]] who = "Daira-Emma Hopwood " criteria = "safe-to-deploy" From cb36c4cd53ee493177c94270e8f32458cb1e1efd Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 15:01:28 +0000 Subject: [PATCH 37/77] `i18n-embed 0.15` --- Cargo.lock | 54 +++++++++++++++++++++------------------- Cargo.toml | 4 +-- age/CHANGELOG.md | 1 + age/src/i18n.rs | 2 +- supply-chain/config.toml | 28 ++++++++++++--------- 5 files changed, 49 insertions(+), 40 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9ab62a5..8758b64 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -266,6 +266,15 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "basic-toml" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8" +dependencies = [ + "serde", +] + [[package]] name = "bcrypt-pbkdf" version = "0.10.0" @@ -511,7 +520,7 @@ dependencies = [ "anstream", "anstyle", "clap_lex", - "strsim", + "strsim 0.10.0", ] [[package]] @@ -767,11 +776,12 @@ dependencies = [ [[package]] name = "dashmap" -version = "5.5.3" +version = "6.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" +checksum = "804c8821570c3f8b70230c2ba75ffa5c0f9a4189b9a432b6656c536712acae28" dependencies = [ "cfg-if", + "crossbeam-utils", "hashbrown", "lock_api", "once_cell", @@ -897,7 +907,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59a98bbaacea1c0eb6a0876280051b892eb73594fd90cf3b20e9c817029c57d2" dependencies = [ - "toml 0.5.11", + "toml", ] [[package]] @@ -1232,23 +1242,23 @@ dependencies = [ [[package]] name = "i18n-config" -version = "0.4.5" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6691f16c6a35c1bb99a0f01aa39dd2b884d342b646689e9b8e4d51faf2cfdbd9" +checksum = "8e88074831c0be5b89181b05e6748c4915f77769ecc9a4c372f88b169a8509c9" dependencies = [ + "basic-toml", "log", "serde", "serde_derive", "thiserror", - "toml 0.7.6", "unic-langid", ] [[package]] name = "i18n-embed" -version = "0.14.1" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c" +checksum = "e901c87176ac0b615033c81dbe927c230f74700abfd60ed953a6f547c87bbe6d" dependencies = [ "arc-swap", "fluent", @@ -1268,9 +1278,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.8.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" +checksum = "d73fe51b9655599147183495551696628b335f75b2dbfa225196b16d69d7288e" dependencies = [ "dashmap", "find-crate", @@ -1282,7 +1292,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "strsim", + "strsim 0.11.1", "syn 2.0.75", "unic-langid", ] @@ -2508,6 +2518,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "subtle" version = "2.6.1" @@ -2719,18 +2735,6 @@ dependencies = [ "serde", ] -[[package]] -name = "toml" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" -dependencies = [ - "serde", - "serde_spanned", - "toml_datetime", - "toml_edit", -] - [[package]] name = "toml_datetime" version = "0.6.3" @@ -2966,7 +2970,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 86cb889..1e24c15 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -54,8 +54,8 @@ subtle = "2" zeroize = "1" # Localization -i18n-embed = { version = "0.14", features = ["fluent-system"] } -i18n-embed-fl = "0.8" +i18n-embed = { version = "0.15", features = ["fluent-system"] } +i18n-embed-fl = "0.9" lazy_static = "1" rust-embed = "8" diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index ab7b138..9186e0f 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -16,6 +16,7 @@ to 1.0.0 are beta releases. - Partial French translation! ### Changed +- Migrated to `i18n-embed 0.15`. - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: diff --git a/age/src/i18n.rs b/age/src/i18n.rs index ebe5439..fb1c9f1 100644 --- a/age/src/i18n.rs +++ b/age/src/i18n.rs @@ -16,7 +16,7 @@ lazy_static! { // Ensure that the fallback language is always loaded, even if the library user // doesn't call `localizer().select(languages)`. let fallback: LanguageIdentifier = "en-US".parse().unwrap(); - language_loader.load_languages(&Localizations, &[&fallback]).unwrap(); + language_loader.load_languages(&Localizations, &[fallback]).unwrap(); language_loader }; } diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 4397ebc..86bb2aa 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -97,6 +97,10 @@ criteria = "safe-to-run" version = "1.6.0" criteria = "safe-to-deploy" +[[exemptions.basic-toml]] +version = "0.1.9" +criteria = "safe-to-deploy" + [[exemptions.bcrypt-pbkdf]] version = "0.10.0" criteria = "safe-to-deploy" @@ -250,7 +254,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.dashmap]] -version = "5.5.3" +version = "6.0.1" criteria = "safe-to-deploy" [[exemptions.der]] @@ -370,15 +374,15 @@ version = "1.1.1" criteria = "safe-to-run" [[exemptions.i18n-config]] -version = "0.4.5" +version = "0.4.7" criteria = "safe-to-deploy" [[exemptions.i18n-embed]] -version = "0.14.1" +version = "0.15.0" criteria = "safe-to-deploy" [[exemptions.i18n-embed-fl]] -version = "0.8.0" +version = "0.9.1" criteria = "safe-to-deploy" [[exemptions.i18n-embed-impl]] @@ -391,7 +395,7 @@ criteria = "safe-to-deploy" [[exemptions.indexmap]] version = "2.4.0" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.inferno]] version = "0.11.17" @@ -675,7 +679,7 @@ criteria = "safe-to-deploy" [[exemptions.serde_spanned]] version = "0.6.3" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.sha1]] version = "0.10.6" @@ -721,6 +725,10 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" +[[exemptions.strsim]] +version = "0.11.1" +criteria = "safe-to-deploy" + [[exemptions.symbolic-common]] version = "12.10.0" criteria = "safe-to-run" @@ -781,13 +789,9 @@ criteria = "safe-to-run" version = "0.5.9" criteria = "safe-to-deploy" -[[exemptions.toml]] -version = "0.7.6" -criteria = "safe-to-deploy" - [[exemptions.toml_edit]] version = "0.19.14" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.trycmd]] version = "0.14.16" @@ -871,7 +875,7 @@ criteria = "safe-to-deploy" [[exemptions.winnow]] version = "0.5.40" -criteria = "safe-to-deploy" +criteria = "safe-to-run" [[exemptions.wsl]] version = "0.1.0" From 8688929723566d94e88f4410a840f4ea3c007cb8 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 15:02:43 +0000 Subject: [PATCH 38/77] Use stable toolchain for rust-analyzer in VS Code --- .vscode/settings.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..58dfc30 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "rust-analyzer.server.extraEnv": { "RUSTUP_TOOLCHAIN": "stable" } +} \ No newline at end of file From 5086bd65d9735d26b68f521ff158ade9f8071826 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 20:32:28 +0000 Subject: [PATCH 39/77] age: Remove two unnecessary clones from `IdentityFileEntry` decryption --- age/src/identity.rs | 12 +++++++----- age/src/plugin.rs | 21 ++++++++++++++------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/age/src/identity.rs b/age/src/identity.rs index 7f05710..da25e02 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -29,11 +29,13 @@ impl IdentityFileEntry { match self { IdentityFileEntry::Native(i) => Ok(Box::new(i)), #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(i) => Ok(Box::new(crate::plugin::IdentityPluginV1::new( - i.plugin(), - &[i.clone()], - callbacks, - )?)), + IdentityFileEntry::Plugin(i) => Ok(Box::new( + crate::plugin::Plugin::new(i.plugin()) + .map_err(|binary_name| DecryptError::MissingPlugin { binary_name }) + .map(|plugin| { + crate::plugin::IdentityPluginV1::from_parts(plugin, vec![i], callbacks) + })?, + )), } } diff --git a/age/src/plugin.rs b/age/src/plugin.rs index 933a67a..2b5cf75 100644 --- a/age/src/plugin.rs +++ b/age/src/plugin.rs @@ -190,7 +190,7 @@ impl Identity { } /// An age plugin. -struct Plugin { +pub(crate) struct Plugin { binary_name: String, path: PathBuf, } @@ -199,7 +199,7 @@ impl Plugin { /// Finds the age plugin with the given name in `$PATH`. /// /// On error, returns the binary name that could not be located. - fn new(name: &str) -> Result { + pub(crate) fn new(name: &str) -> Result { let binary_name = binary_name(name); match which::which(&binary_name).or_else(|e| { // If we are running in WSL, try appending `.exe`; plugins installed in @@ -565,17 +565,24 @@ impl IdentityPluginV1 { ) -> Result { Plugin::new(plugin_name) .map_err(|binary_name| DecryptError::MissingPlugin { binary_name }) - .map(|plugin| IdentityPluginV1 { - plugin, - identities: identities + .map(|plugin| { + let identities = identities .iter() .filter(|r| r.name == plugin_name) .cloned() - .collect(), - callbacks, + .collect(); + Self::from_parts(plugin, identities, callbacks) }) } + pub(crate) fn from_parts(plugin: Plugin, identities: Vec, callbacks: C) -> Self { + IdentityPluginV1 { + plugin, + identities, + callbacks, + } + } + fn unwrap_stanzas<'a>( &self, stanzas: impl Iterator, From d31fb568b7715daf9129fd566e14e2545fb13e9b Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 23 Aug 2024 22:49:47 +0000 Subject: [PATCH 40/77] age: Pass entire `IdentityFile` to `parse_identity_files` closure --- age/src/cli_common/identities.rs | 42 +++++++++++++++----------------- age/src/cli_common/recipients.rs | 14 ++++++----- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index 59ceeae..4beeb54 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -33,26 +33,28 @@ pub fn read_identities( identities.push(Box::new(identity.with_callbacks(UiCallbacks))); Ok(()) }, - |identities, entry| { - let entry = entry.into_identity(UiCallbacks); + |identities, identity_file| { + for entry in identity_file.into_identities() { + let entry = entry.into_identity(UiCallbacks); - #[cfg(feature = "plugin")] - let entry = entry.map_err(|e| match e { #[cfg(feature = "plugin")] - crate::DecryptError::MissingPlugin { binary_name } => { - ReadError::MissingPlugin { binary_name } - } - // DecryptError::MissingPlugin is the only possible error kind returned by - // IdentityFileEntry::into_identity. - _ => unreachable!(), - })?; + let entry = entry.map_err(|e| match e { + #[cfg(feature = "plugin")] + crate::DecryptError::MissingPlugin { binary_name } => { + ReadError::MissingPlugin { binary_name } + } + // DecryptError::MissingPlugin is the only possible error kind returned by + // IdentityFileEntry::into_identity. + _ => unreachable!(), + })?; - // IdentityFileEntry::into_identity will never return a MissingPlugin error - // when plugin feature is not enabled. - #[cfg(not(feature = "plugin"))] - let entry = entry.unwrap(); + // IdentityFileEntry::into_identity will never return a MissingPlugin error + // when plugin feature is not enabled. + #[cfg(not(feature = "plugin"))] + let entry = entry.unwrap(); - identities.push(entry); + identities.push(entry); + } Ok(()) }, @@ -72,7 +74,7 @@ pub(super) fn parse_identity_files + From>( crate::encrypted::Identity>, UiCallbacks>, ) -> Result<(), E>, #[cfg(feature = "ssh")] ssh_identity: impl Fn(&mut Ctx, &str, crate::ssh::Identity) -> Result<(), E>, - identity_file_entry: impl Fn(&mut Ctx, crate::IdentityFileEntry) -> Result<(), E>, + identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>, ) -> Result<(), E> { for filename in filenames { #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))] @@ -135,11 +137,7 @@ pub(super) fn parse_identity_files + From>( reader.reset()?; // Try parsing as multiple single-line age identities. - let identity_file = IdentityFile::from_buffer(reader)?; - - for entry in identity_file.into_identities() { - identity_file_entry(ctx, entry)?; - } + identity_file(ctx, IdentityFile::from_buffer(reader)?)?; } Ok(()) diff --git a/age/src/cli_common/recipients.rs b/age/src/cli_common/recipients.rs index dc40a33..a8c563a 100644 --- a/age/src/cli_common/recipients.rs +++ b/age/src/cli_common/recipients.rs @@ -210,13 +210,15 @@ pub fn read_recipients( recipients.push(recipient); Ok(()) }, - |recipients, entry| { - #[cfg(feature = "plugin")] - let (recipients, plugin_identities) = recipients; - match entry { - IdentityFileEntry::Native(i) => recipients.push(Box::new(i.to_public())), + |recipients, identity_file| { + for entry in identity_file.into_identities() { #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(i) => plugin_identities.push(i), + let (recipients, plugin_identities) = recipients; + match entry { + IdentityFileEntry::Native(i) => recipients.push(Box::new(i.to_public())), + #[cfg(feature = "plugin")] + IdentityFileEntry::Plugin(i) => plugin_identities.push(i), + } } Ok(()) }, From 2f9cf3f86f1de87f9312bc6de28ee0bd3c84c1a1 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 24 Aug 2024 01:39:14 +0000 Subject: [PATCH 41/77] age: Extract `RecipientsAccumulator` from `cli_common::read_recipients` --- age/src/cli_common/recipients.rs | 112 ++++++++----------------------- age/src/identity.rs | 81 ++++++++++++++++++++++ 2 files changed, 110 insertions(+), 83 deletions(-) diff --git a/age/src/cli_common/recipients.rs b/age/src/cli_common/recipients.rs index a8c563a..913a832 100644 --- a/age/src/cli_common/recipients.rs +++ b/age/src/cli_common/recipients.rs @@ -2,7 +2,8 @@ use std::io::{self, BufReader}; use super::StdinGuard; use super::{identities::parse_identity_files, ReadError}; -use crate::{x25519, IdentityFileEntry, Recipient}; +use crate::identity::RecipientsAccumulator; +use crate::{x25519, Recipient}; #[cfg(feature = "plugin")] use crate::{cli_common::UiCallbacks, plugin}; @@ -52,8 +53,7 @@ where fn parse_recipient( _filename: &str, s: String, - recipients: &mut Vec>, - #[cfg(feature = "plugin")] plugin_recipients: &mut Vec, + recipients: &mut RecipientsAccumulator, ) -> Result<(), ReadError> { if let Ok(pk) = s.parse::() { recipients.push(Box::new(pk)); @@ -78,7 +78,7 @@ fn parse_recipient( None:: } { #[cfg(feature = "plugin")] - plugin_recipients.push(_recipient); + recipients.push_plugin(_recipient); } else { return Err(ReadError::InvalidRecipient(s)); } @@ -90,8 +90,7 @@ fn parse_recipient( fn read_recipients_list( filename: &str, buf: R, - recipients: &mut Vec>, - #[cfg(feature = "plugin")] plugin_recipients: &mut Vec, + recipients: &mut RecipientsAccumulator, ) -> Result<(), ReadError> { for (line_number, line) in buf.lines().enumerate() { let line = line?; @@ -99,13 +98,7 @@ fn read_recipients_list( // Skip empty lines and comments if line.is_empty() || line.find('#') == Some(0) { continue; - } else if let Err(_e) = parse_recipient( - filename, - line, - recipients, - #[cfg(feature = "plugin")] - plugin_recipients, - ) { + } else if let Err(_e) = parse_recipient(filename, line, recipients) { #[cfg(feature = "ssh")] match _e { ReadError::RsaModulusTooLarge @@ -140,20 +133,10 @@ pub fn read_recipients( max_work_factor: Option, stdin_guard: &mut StdinGuard, ) -> Result>, ReadError> { - let mut recipients: Vec> = vec![]; - #[cfg(feature = "plugin")] - let mut plugin_recipients: Vec = vec![]; - #[cfg(feature = "plugin")] - let mut plugin_identities: Vec = vec![]; + let mut recipients = RecipientsAccumulator::new(); for arg in recipient_strings { - parse_recipient( - "", - arg, - &mut recipients, - #[cfg(feature = "plugin")] - &mut plugin_recipients, - )?; + parse_recipient("", arg, &mut recipients)?; } for arg in recipients_file_strings { @@ -164,29 +147,16 @@ pub fn read_recipients( _ => e, })?; let buf = BufReader::new(f); - read_recipients_list( - &arg, - buf, - &mut recipients, - #[cfg(feature = "plugin")] - &mut plugin_recipients, - )?; + read_recipients_list(&arg, buf, &mut recipients)?; } - #[cfg(feature = "plugin")] - let ctx = &mut (&mut recipients, &mut plugin_identities); - #[cfg(not(feature = "plugin"))] - let ctx = &mut recipients; - parse_identity_files::<_, ReadError>( identity_strings, max_work_factor, stdin_guard, - ctx, + &mut recipients, #[cfg(feature = "armor")] |recipients, identity| { - #[cfg(feature = "plugin")] - let (recipients, _) = recipients; recipients.extend(identity.recipients().map_err(|e| { // Only one error can occur here. if let EncryptError::EncryptedIdentities(e) = e { @@ -199,8 +169,6 @@ pub fn read_recipients( }, #[cfg(feature = "ssh")] |recipients, filename, identity| { - #[cfg(feature = "plugin")] - let (recipients, _) = recipients; let recipient = parse_ssh_recipient( || ssh::Recipient::try_from(identity), || Err(ReadError::InvalidRecipient(filename.to_owned())), @@ -211,50 +179,28 @@ pub fn read_recipients( Ok(()) }, |recipients, identity_file| { - for entry in identity_file.into_identities() { - #[cfg(feature = "plugin")] - let (recipients, plugin_identities) = recipients; - match entry { - IdentityFileEntry::Native(i) => recipients.push(Box::new(i.to_public())), - #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(i) => plugin_identities.push(i), - } - } + recipients.with_identities(identity_file); Ok(()) }, )?; - #[cfg(feature = "plugin")] - { - // Collect the names of the required plugins. - let mut plugin_names = plugin_recipients - .iter() - .map(|r| r.plugin()) - .chain(plugin_identities.iter().map(|i| i.plugin())) - .collect::>(); - plugin_names.sort_unstable(); - plugin_names.dedup(); + recipients + .build( + #[cfg(feature = "plugin")] + UiCallbacks, + ) + .map_err(|_e| { + // Only one error can occur here. + #[cfg(feature = "plugin")] + { + if let EncryptError::MissingPlugin { binary_name } = _e { + ReadError::MissingPlugin { binary_name } + } else { + unreachable!() + } + } - // Find the required plugins. - for plugin_name in plugin_names { - recipients.push(Box::new( - plugin::RecipientPluginV1::new( - plugin_name, - &plugin_recipients, - &plugin_identities, - UiCallbacks, - ) - .map_err(|e| { - // Only one error can occur here. - if let EncryptError::MissingPlugin { binary_name } = e { - ReadError::MissingPlugin { binary_name } - } else { - unreachable!() - } - })?, - )) - } - } - - Ok(recipients) + #[cfg(not(feature = "plugin"))] + unreachable!() + }) } diff --git a/age/src/identity.rs b/age/src/identity.rs index da25e02..300a29f 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -140,6 +140,87 @@ impl IdentityFile { } } +pub(crate) struct RecipientsAccumulator { + recipients: Vec>, + #[cfg(feature = "plugin")] + plugin_recipients: Vec, + #[cfg(feature = "plugin")] + plugin_identities: Vec, +} + +impl RecipientsAccumulator { + pub(crate) fn new() -> Self { + Self { + recipients: vec![], + #[cfg(feature = "plugin")] + plugin_recipients: vec![], + #[cfg(feature = "plugin")] + plugin_identities: vec![], + } + } + + #[cfg(feature = "cli-common")] + pub(crate) fn push(&mut self, recipient: Box) { + self.recipients.push(recipient); + } + + #[cfg(feature = "plugin")] + pub(crate) fn push_plugin(&mut self, recipient: plugin::Recipient) { + self.plugin_recipients.push(recipient); + } + + #[cfg(feature = "armor")] + pub(crate) fn extend( + &mut self, + iter: impl IntoIterator>, + ) { + self.recipients.extend(iter); + } + + #[cfg(feature = "cli-common")] + pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) { + for entry in identity_file.identities { + match entry { + IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), + #[cfg(feature = "plugin")] + IdentityFileEntry::Plugin(i) => self.plugin_identities.push(i), + } + } + } + + #[cfg_attr(not(feature = "plugin"), allow(unused_mut))] + pub(crate) fn build( + mut self, + #[cfg(feature = "plugin")] callbacks: impl Callbacks, + ) -> Result>, EncryptError> { + #[cfg(feature = "plugin")] + { + // Collect the names of the required plugins. + let mut plugin_names = self + .plugin_recipients + .iter() + .map(|r| r.plugin()) + .chain(self.plugin_identities.iter().map(|i| i.plugin())) + .collect::>(); + plugin_names.sort_unstable(); + plugin_names.dedup(); + + // Find the required plugins. + for plugin_name in plugin_names { + self.recipients + .push(Box::new(plugin::RecipientPluginV1::new( + plugin_name, + &self.plugin_recipients, + &self.plugin_identities, + callbacks.clone(), + )?)) + } + } + + Ok(self.recipients) + } +} + #[cfg(test)] pub(crate) mod tests { use age_core::secrecy::ExposeSecret; From 52fd675bbd7d9ce70df80ef38da4ee3fa05dd84d Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 24 Aug 2024 02:12:31 +0000 Subject: [PATCH 42/77] age: Add `IdentityFile::to_recipients` --- age/CHANGELOG.md | 1 + age/src/identity.rs | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 9186e0f..42ea7c7 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -11,6 +11,7 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added - `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` +- `age::IdentityFile::to_recipients` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. - Partial French translation! diff --git a/age/src/identity.rs b/age/src/identity.rs index 300a29f..ce166d2 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -134,6 +134,23 @@ impl IdentityFile { Ok(IdentityFile { identities }) } + /// Returns recipients for the identities in this file. + /// + /// Plugin identities will be merged into one [`Recipient`] per unique plugin. + /// + /// [`Recipient`]: crate::Recipient + pub fn to_recipients( + &self, + callbacks: impl Callbacks, + ) -> Result>, EncryptError> { + let mut recipients = RecipientsAccumulator::new(); + recipients.with_identities_ref(self); + recipients.build( + #[cfg(feature = "plugin")] + callbacks, + ) + } + /// Returns the identities in this file. pub fn into_identities(self) -> Vec { self.identities @@ -188,6 +205,16 @@ impl RecipientsAccumulator { } } + pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) { + for entry in &identity_file.identities { + match entry { + IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), + #[cfg(feature = "plugin")] + IdentityFileEntry::Plugin(i) => self.plugin_identities.push(i.clone()), + } + } + } + #[cfg_attr(not(feature = "plugin"), allow(unused_mut))] pub(crate) fn build( mut self, From 8dcdacc1ac8aaf687161dac1297ca67ceddc9971 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 25 Aug 2024 21:53:22 +0000 Subject: [PATCH 43/77] age: Make recipients from encrypted identities more efficient We now merge plugin recipients together, so we only run each plugin once during encryption. --- age/src/encrypted.rs | 31 ++++++++++++------------------- age/src/identity.rs | 27 ++++++++++----------------- 2 files changed, 22 insertions(+), 36 deletions(-) diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index d32cf97..22ed945 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -2,9 +2,7 @@ use std::{cell::Cell, io}; -use crate::{ - fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile, IdentityFileEntry, -}; +use crate::{fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile}; /// The state of the encrypted age identity. enum IdentityState { @@ -12,7 +10,7 @@ enum IdentityState { decryptor: Decryptor, max_work_factor: Option, }, - Decrypted(Vec), + Decrypted(IdentityFile), /// The file was not correctly encrypted, or did not contain age identities. We cache /// this error in case the caller tries to use this identity again. The `Option` is to @@ -36,7 +34,7 @@ impl IdentityState { self, filename: Option<&str>, callbacks: C, - ) -> Result<(Vec, bool), DecryptError> { + ) -> Result<(IdentityFile, bool), DecryptError> { match self { Self::Encrypted { decryptor, @@ -66,10 +64,10 @@ impl IdentityState { }) .and_then(|stream| { let file = IdentityFile::from_buffer(io::BufReader::new(stream))?; - Ok((file.into_identities(), true)) + Ok((file, true)) }) } - Self::Decrypted(identities) => Ok((identities, false)), + Self::Decrypted(identity_file) => Ok((identity_file, false)), // `IdentityState::decrypt` is only ever called with `Some`. Self::Poisoned(e) => Err(e.unwrap()), } @@ -117,13 +115,9 @@ impl Identity { .take() .decrypt(self.filename.as_deref(), self.callbacks.clone()) { - Ok((identities, _)) => { - let recipients = identities - .iter() - .map(|entry| entry.to_recipient(self.callbacks.clone())) - .collect::, _>>(); - - self.state.set(IdentityState::Decrypted(identities)); + Ok((identity_file, _)) => { + let recipients = identity_file.to_recipients(self.callbacks.clone()); + self.state.set(IdentityState::Decrypted(identity_file)); recipients } Err(e) => { @@ -158,10 +152,9 @@ impl Identity { .take() .decrypt(self.filename.as_deref(), self.callbacks.clone()) { - Ok((identities, requested_passphrase)) => { - let result = identities - .iter() - .map(|entry| entry.clone().into_identity(self.callbacks.clone())) + Ok((identity_file, requested_passphrase)) => { + let result = identity_file + .to_identities(self.callbacks.clone()) .find_map(filter); // If we requested a passphrase to decrypt, and none of the identities @@ -173,7 +166,7 @@ impl Identity { )); } - self.state.set(IdentityState::Decrypted(identities)); + self.state.set(IdentityState::Decrypted(identity_file)); result } Err(e) => { diff --git a/age/src/identity.rs b/age/src/identity.rs index ce166d2..10c2f8b 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -38,23 +38,6 @@ impl IdentityFileEntry { )), } } - - #[allow(unused_variables)] - pub(crate) fn to_recipient( - &self, - callbacks: impl Callbacks, - ) -> Result, EncryptError> { - match self { - IdentityFileEntry::Native(i) => Ok(Box::new(i.to_public())), - #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(i) => Ok(Box::new(crate::plugin::RecipientPluginV1::new( - i.plugin(), - &[], - &[i.clone()], - callbacks, - )?)), - } - } } /// A list of identities that has been parsed from some input file. @@ -151,6 +134,16 @@ impl IdentityFile { ) } + /// Returns the identities in this file. + pub(crate) fn to_identities( + &self, + callbacks: impl Callbacks, + ) -> impl Iterator, DecryptError>> + '_ { + self.identities + .iter() + .map(|entry| entry.clone().into_identity(callbacks.clone())) + } + /// Returns the identities in this file. pub fn into_identities(self) -> Vec { self.identities From ae2434216d96d3aa53e704491851cde857d9eb17 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 27 Aug 2024 02:28:05 +0000 Subject: [PATCH 44/77] age: Store `C: Callbacks` inside `IdentityFile` This removes the need for explicit `callbacks` arguments in methods that may act on plugin identities, and instead enables the caller to choose whether or not to provide callbacks independently of plugin support being compiled in. Enabling plugin support without providing callbacks now has well-defined fallback behaviour via the default `NoCallbacks` struct. --- age/CHANGELOG.md | 4 +++ age/src/cli_common/identities.rs | 7 +++-- age/src/encrypted.rs | 44 ++++++++++++-------------------- age/src/identity.rs | 37 +++++++++++++++++---------- age/src/lib.rs | 23 +++++++++++++++++ 5 files changed, 72 insertions(+), 43 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 42ea7c7..2e6e98e 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -12,6 +12,8 @@ to 1.0.0 are beta releases. ### Added - `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` - `age::IdentityFile::to_recipients` +- `age::IdentityFile::with_callbacks` +- `age::NoCallbacks` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. - Partial French translation! @@ -20,6 +22,8 @@ to 1.0.0 are beta releases. - Migrated to `i18n-embed 0.15`. - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. +- `age::IdentityFile` now has a `C: Callbacks` generic parameter, which defaults + to `NoCallbacks`. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients. diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index 4beeb54..6c5f3ac 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -74,7 +74,7 @@ pub(super) fn parse_identity_files + From>( crate::encrypted::Identity>, UiCallbacks>, ) -> Result<(), E>, #[cfg(feature = "ssh")] ssh_identity: impl Fn(&mut Ctx, &str, crate::ssh::Identity) -> Result<(), E>, - identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>, + identity_file: impl Fn(&mut Ctx, crate::IdentityFile) -> Result<(), E>, ) -> Result<(), E> { for filename in filenames { #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))] @@ -137,7 +137,10 @@ pub(super) fn parse_identity_files + From>( reader.reset()?; // Try parsing as multiple single-line age identities. - identity_file(ctx, IdentityFile::from_buffer(reader)?)?; + identity_file( + ctx, + IdentityFile::from_buffer(reader)?.with_callbacks(UiCallbacks), + )?; } Ok(()) diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index 22ed945..95b59f5 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -5,12 +5,13 @@ use std::{cell::Cell, io}; use crate::{fl, scrypt, Callbacks, DecryptError, Decryptor, EncryptError, IdentityFile}; /// The state of the encrypted age identity. -enum IdentityState { +enum IdentityState { Encrypted { decryptor: Decryptor, max_work_factor: Option, + callbacks: C, }, - Decrypted(IdentityFile), + Decrypted(IdentityFile), /// The file was not correctly encrypted, or did not contain age identities. We cache /// this error in case the caller tries to use this identity again. The `Option` is to @@ -19,26 +20,23 @@ enum IdentityState { Poisoned(Option), } -impl Default for IdentityState { +impl Default for IdentityState { fn default() -> Self { Self::Poisoned(None) } } -impl IdentityState { +impl IdentityState { /// Decrypts this encrypted identity if necessary. /// /// Returns the (possibly cached) identities, and a boolean marking if the identities /// were not cached (and we just asked the user for a passphrase). - fn decrypt( - self, - filename: Option<&str>, - callbacks: C, - ) -> Result<(IdentityFile, bool), DecryptError> { + fn decrypt(self, filename: Option<&str>) -> Result<(IdentityFile, bool), DecryptError> { match self { Self::Encrypted { decryptor, max_work_factor, + callbacks, } => { let passphrase = match callbacks.request_passphrase(&fl!( "encrypted-passphrase-prompt", @@ -63,7 +61,8 @@ impl IdentityState { } }) .and_then(|stream| { - let file = IdentityFile::from_buffer(io::BufReader::new(stream))?; + let file = IdentityFile::from_buffer(io::BufReader::new(stream))? + .with_callbacks(callbacks); Ok((file, true)) }) } @@ -76,9 +75,8 @@ impl IdentityState { /// An encrypted age identity file. pub struct Identity { - state: Cell>, + state: Cell>, filename: Option, - callbacks: C, } impl Identity { @@ -99,9 +97,9 @@ impl Identity { state: Cell::new(IdentityState::Encrypted { decryptor, max_work_factor, + callbacks, }), filename, - callbacks, })) } @@ -110,13 +108,9 @@ impl Identity { /// If this encrypted identity has not been decrypted yet, calling this method will /// trigger a passphrase request. pub fn recipients(&self) -> Result>, EncryptError> { - match self - .state - .take() - .decrypt(self.filename.as_deref(), self.callbacks.clone()) - { + match self.state.take().decrypt(self.filename.as_deref()) { Ok((identity_file, _)) => { - let recipients = identity_file.to_recipients(self.callbacks.clone()); + let recipients = identity_file.to_recipients(); self.state.set(IdentityState::Decrypted(identity_file)); recipients } @@ -147,20 +141,14 @@ impl Identity { Result, DecryptError>, ) -> Option>, { - match self - .state - .take() - .decrypt(self.filename.as_deref(), self.callbacks.clone()) - { + match self.state.take().decrypt(self.filename.as_deref()) { Ok((identity_file, requested_passphrase)) => { - let result = identity_file - .to_identities(self.callbacks.clone()) - .find_map(filter); + let result = identity_file.to_identities().find_map(filter); // If we requested a passphrase to decrypt, and none of the identities // matched, warn the user. if requested_passphrase && result.is_none() { - self.callbacks.display_message(&fl!( + identity_file.callbacks.display_message(&fl!( "encrypted-warn-no-match", filename = self.filename.as_deref().unwrap_or_default() )); diff --git a/age/src/identity.rs b/age/src/identity.rs index 10c2f8b..8253893 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -1,7 +1,7 @@ use std::fs::File; use std::io; -use crate::{x25519, Callbacks, DecryptError, EncryptError}; +use crate::{x25519, Callbacks, DecryptError, EncryptError, NoCallbacks}; #[cfg(feature = "cli-common")] use crate::cli_common::file_io::InputReader; @@ -41,11 +41,12 @@ impl IdentityFileEntry { } /// A list of identities that has been parsed from some input file. -pub struct IdentityFile { +pub struct IdentityFile { identities: Vec, + pub(crate) callbacks: C, } -impl IdentityFile { +impl IdentityFile { /// Parses one or more identities from a file containing valid UTF-8. pub fn from_file(filename: String) -> io::Result { File::open(&filename) @@ -114,7 +115,21 @@ impl IdentityFile { } } - Ok(IdentityFile { identities }) + Ok(IdentityFile { + identities, + callbacks: NoCallbacks, + }) + } +} + +impl IdentityFile { + /// Sets the provided callbacks on this identity file, so that if this is an encrypted + /// identity, it can potentially be decrypted. + pub fn with_callbacks(self, callbacks: D) -> IdentityFile { + IdentityFile { + identities: self.identities, + callbacks, + } } /// Returns recipients for the identities in this file. @@ -122,26 +137,22 @@ impl IdentityFile { /// Plugin identities will be merged into one [`Recipient`] per unique plugin. /// /// [`Recipient`]: crate::Recipient - pub fn to_recipients( - &self, - callbacks: impl Callbacks, - ) -> Result>, EncryptError> { + pub fn to_recipients(&self) -> Result>, EncryptError> { let mut recipients = RecipientsAccumulator::new(); recipients.with_identities_ref(self); recipients.build( #[cfg(feature = "plugin")] - callbacks, + self.callbacks.clone(), ) } /// Returns the identities in this file. pub(crate) fn to_identities( &self, - callbacks: impl Callbacks, ) -> impl Iterator, DecryptError>> + '_ { self.identities .iter() - .map(|entry| entry.clone().into_identity(callbacks.clone())) + .map(|entry| entry.clone().into_identity(self.callbacks.clone())) } /// Returns the identities in this file. @@ -188,7 +199,7 @@ impl RecipientsAccumulator { } #[cfg(feature = "cli-common")] - pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) { + pub(crate) fn with_identities(&mut self, identity_file: IdentityFile) { for entry in identity_file.identities { match entry { IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), @@ -198,7 +209,7 @@ impl RecipientsAccumulator { } } - pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) { + pub(crate) fn with_identities_ref(&mut self, identity_file: &IdentityFile) { for entry in &identity_file.identities { match entry { IdentityFileEntry::Native(i) => self.recipients.push(Box::new(i.to_public())), diff --git a/age/src/lib.rs b/age/src/lib.rs index f53d05b..11b5360 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -306,6 +306,29 @@ pub trait Callbacks: Clone + Send + Sync + 'static { fn request_passphrase(&self, description: &str) -> Option; } +/// An implementation of [`Callbacks`] that does not allow callbacks. +/// +/// No user interaction will occur; [`Recipient`] or [`Identity`] implementations will +/// receive `None` from the callbacks that return responses, and will act accordingly. +#[derive(Clone, Copy, Debug)] +pub struct NoCallbacks; + +impl Callbacks for NoCallbacks { + fn display_message(&self, _: &str) {} + + fn confirm(&self, _: &str, _: &str, _: Option<&str>) -> Option { + None + } + + fn request_public_string(&self, _: &str) -> Option { + None + } + + fn request_passphrase(&self, _: &str) -> Option { + None + } +} + /// Helper for fuzzing the Header parser and serializer. #[cfg(fuzzing)] pub fn fuzz_header(data: &[u8]) { From f243d63c316df9bff7461015850ef387634a0fe9 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 27 Aug 2024 02:43:14 +0000 Subject: [PATCH 45/77] age: Improve documentation of `Callbacks` --- age/src/lib.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/age/src/lib.rs b/age/src/lib.rs index 11b5360..9075342 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -278,6 +278,9 @@ pub trait Callbacks: Clone + Send + Sync + 'static { /// /// This can be used to prompt the user to take some physical action, such as /// inserting a hardware key. + /// + /// No guarantee is provided that the user sees this message (for example, if there is + /// no UI for displaying messages). fn display_message(&self, message: &str); /// Requests that the user provides confirmation for some action. @@ -300,9 +303,19 @@ pub trait Callbacks: Clone + Send + Sync + 'static { /// Requests non-private input from the user. /// /// To request private inputs, use [`Callbacks::request_passphrase`]. + /// + /// Returns: + /// - `Some(input)` with the user-provided input. + /// - `None` if no input could be requested from the user (for example, if there is no + /// UI for displaying messages or typing inputs). fn request_public_string(&self, description: &str) -> Option; /// Requests a passphrase to decrypt a key. + /// + /// Returns: + /// - `Some(passphrase)` with the user-provided passphrase. + /// - `None` if no passphrase could be requested from the user (for example, if there + /// is no UI for displaying messages or typing inputs). fn request_passphrase(&self, description: &str) -> Option; } From 5e57ef07ca039c65fb7b19b1f54d291f548a3858 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 27 Aug 2024 02:58:41 +0000 Subject: [PATCH 46/77] age: Return `Box` from `IdentityFile::into_identities` This is doable now that `IdentityFile` stores callbacks, and is more useful to crate users than `IdentityFileEntry`. The one place we were relying on the latter was in `rage-keygen` to distinguish plugin identities (which cannot be re-encoded as recipients); we now move that functionality into the `age` crate. --- age/CHANGELOG.md | 6 +++ age/i18n/en-US/age.ftl | 10 +++++ age/i18n/fr/age.ftl | 10 +++++ age/i18n/it/age.ftl | 10 +++++ age/i18n/ru/age.ftl | 10 +++++ age/src/cli_common/identities.rs | 32 +++++++-------- age/src/error.rs | 66 +++++++++++++++++++++++++++++++ age/src/identity.rs | 44 +++++++++++++++++++-- age/src/lib.rs | 4 +- age/src/protocol.rs | 17 ++------ rage/i18n/en-US/rage.ftl | 8 ---- rage/i18n/fr/rage.ftl | 8 ---- rage/i18n/it/rage.ftl | 8 ---- rage/i18n/ru/rage.ftl | 8 ---- rage/src/bin/rage-keygen/error.rs | 33 ++-------------- rage/src/bin/rage-keygen/main.rs | 27 ++----------- 16 files changed, 181 insertions(+), 120 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 2e6e98e..57d5c51 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -13,6 +13,8 @@ to 1.0.0 are beta releases. - `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` - `age::IdentityFile::to_recipients` - `age::IdentityFile::with_callbacks` +- `age::IdentityFile::write_recipients_file` +- `age::IdentityFileConvertError` - `age::NoCallbacks` - `age::scrypt`, providing recipient and identity types for passphrase-based encryption. @@ -24,6 +26,9 @@ to 1.0.0 are beta releases. and `Passphrase` variants. - `age::IdentityFile` now has a `C: Callbacks` generic parameter, which defaults to `NoCallbacks`. +- `age::IdentityFile::into_identities` now returns + `Result>, DecryptError>` instead of + `Vec`. - `age::Recipient::wrap_file_key` now returns `(Vec, HashSet)`: a tuple of the stanzas to be placed in an age file header, and labels that constrain how the stanzas may be combined with those from other recipients. @@ -33,6 +38,7 @@ to 1.0.0 are beta releases. - `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with `age::scrypt::Identity` instead). - `age::decryptor::RecipientsDecryptor` (use `age::Decryptor` instead). +- `age::IdentityFileEntry` ## [0.10.0] - 2024-02-04 ### Added diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl index 5da126b..be8e916 100644 --- a/age/i18n/en-US/age.ftl +++ b/age/i18n/en-US/age.ftl @@ -46,6 +46,16 @@ rec-deny-binary-output = Did you mean to use {-flag-armor}? {rec-detected-binary err-deny-overwrite-file = refusing to overwrite existing file '{$filename}'. +## Identity file errors + +err-failed-to-write-output = Failed to write to output: {$err} + +err-identity-file-contains-plugin = Identity file '{$filename}' contains identities for '{-age-plugin-}{$plugin_name}'. +rec-identity-file-contains-plugin = Try using '{-age-plugin-}{$plugin_name}' to convert this identity to a recipient. + +err-no-identities-in-file = No identities found in file '{$filename}'. +err-no-identities-in-stdin = No identities found in standard input. + ## Errors err-decryption-failed = Decryption failed diff --git a/age/i18n/fr/age.ftl b/age/i18n/fr/age.ftl index 0c3a9ea..803fef2 100644 --- a/age/i18n/fr/age.ftl +++ b/age/i18n/fr/age.ftl @@ -46,6 +46,16 @@ rec-deny-binary-output = Est-ce que vous vouliez utiliser {-flag-armor}? {rec-de err-deny-overwrite-file = refus d'écraser le fichier existant '{$filename}'. +## Identity file errors + +err-failed-to-write-output = Echec d'écriture vers la sortie: {$err} + +err-identity-file-contains-plugin = Le ficher d'identité '{$filename}' contient des identités pour '{-age-plugin-}{$plugin_name}'. +rec-identity-file-contains-plugin = Essayez d'utiliser {-age-plugin-}{$plugin_name}' pour convertir cette identité en un destinataire. + +err-no-identities-in-file = Aucune identité trouvée dans le fichier '{$filename}'. +err-no-identities-in-stdin = Aucune identité trouvée dans l'entrée standard (stdin). + ## Errors err-decryption-failed = Echec du déchiffrement diff --git a/age/i18n/it/age.ftl b/age/i18n/it/age.ftl index 1f65f7a..3749a0d 100644 --- a/age/i18n/it/age.ftl +++ b/age/i18n/it/age.ftl @@ -46,6 +46,16 @@ rec-deny-binary-output = Intendevi usare {-flag-armor}? {rec-detected-binary} err-deny-overwrite-file = rifiuto di sovrascrivere il file esistente '{$filename}'. +## Identity file errors + +err-failed-to-write-output = Impossibile scrivere sull'output: {$err} + +err-identity-file-contains-plugin = Il file '{$filename}' contiene identità per '{-age-plugin-}{$plugin_name}'. +rec-identity-file-contains-plugin = Prova a usare '{-age-plugin-}{$plugin_name}' per convertire questa identità in destinatario. + +err-no-identities-in-file = Nessuna identità trovata nel file '{$filename}'. +err-no-identities-in-stdin = Nessuna identità trovata tramite standard input. + ## Errors err-decryption-failed = Decifrazione fallita diff --git a/age/i18n/ru/age.ftl b/age/i18n/ru/age.ftl index d8e7f25..ede9cb5 100644 --- a/age/i18n/ru/age.ftl +++ b/age/i18n/ru/age.ftl @@ -46,6 +46,16 @@ rec-deny-binary-output = Возможно, вы хотели использов err-deny-overwrite-file = отказ от перезаписи существующего файла '{$filename}'. +## Identity file errors + +err-failed-to-write-output = Не удалось записать в выходной файл: {$err} + +err-identity-file-contains-plugin = Файл идентификации '{$filename}' содержит идентификаторы для '{-age-plugin-}{$plugin_name}'. +rec-identity-file-contains-plugin = Попробуйте использовать '{-age-plugin-}{$plugin_name}' для преобразования этого идентификатора в получателя. + +err-no-identities-in-file = Идентификаторы в файле '{$filename}' не найдены. +err-no-identities-in-stdin = Идентификаторы в стандартном вводе не найдены. + ## Errors err-decryption-failed = Ошибка дешифрования diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index 6c5f3ac..22637fd 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -34,27 +34,25 @@ pub fn read_identities( Ok(()) }, |identities, identity_file| { - for entry in identity_file.into_identities() { - let entry = entry.into_identity(UiCallbacks); + let new_identities = identity_file.into_identities(); + #[cfg(feature = "plugin")] + let new_identities = new_identities.map_err(|e| match e { #[cfg(feature = "plugin")] - let entry = entry.map_err(|e| match e { - #[cfg(feature = "plugin")] - crate::DecryptError::MissingPlugin { binary_name } => { - ReadError::MissingPlugin { binary_name } - } - // DecryptError::MissingPlugin is the only possible error kind returned by - // IdentityFileEntry::into_identity. - _ => unreachable!(), - })?; + crate::DecryptError::MissingPlugin { binary_name } => { + ReadError::MissingPlugin { binary_name } + } + // DecryptError::MissingPlugin is the only possible error kind returned by + // IdentityFileEntry::into_identity. + _ => unreachable!(), + })?; - // IdentityFileEntry::into_identity will never return a MissingPlugin error - // when plugin feature is not enabled. - #[cfg(not(feature = "plugin"))] - let entry = entry.unwrap(); + // IdentityFileEntry::into_identity will never return a MissingPlugin error + // when plugin feature is not enabled. + #[cfg(not(feature = "plugin"))] + let new_identities = new_identities.unwrap(); - identities.push(entry); - } + identities.extend(new_identities); Ok(()) }, diff --git a/age/src/error.rs b/age/src/error.rs index 393b4bf..174fba8 100644 --- a/age/src/error.rs +++ b/age/src/error.rs @@ -9,6 +9,72 @@ use crate::{wfl, wlnfl}; #[cfg(feature = "plugin")] use age_core::format::Stanza; +/// Errors returned when converting an identity file to a recipients file. +#[derive(Debug)] +pub enum IdentityFileConvertError { + /// An I/O error occurred while writing out a recipient corresponding to an identity + /// in this file. + FailedToWriteOutput(io::Error), + /// The identity file contains a plugin identity, which can be converted to a + /// recipient for encryption purposes, but not for writing a recipients file. + #[cfg(feature = "plugin")] + #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))] + IdentityFileContainsPlugin { + /// The given identity file. + filename: Option, + /// The name of the plugin. + plugin_name: String, + }, + /// The identity file contains no identities, and thus cannot be used to produce a + /// recipients file. + NoIdentities { + /// The given identity file. + filename: Option, + }, +} + +impl fmt::Display for IdentityFileConvertError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + IdentityFileConvertError::FailedToWriteOutput(e) => { + wfl!(f, "err-failed-to-write-output", err = e.to_string()) + } + #[cfg(feature = "plugin")] + IdentityFileConvertError::IdentityFileContainsPlugin { + filename, + plugin_name, + } => { + wlnfl!( + f, + "err-identity-file-contains-plugin", + filename = filename.as_deref().unwrap_or_default(), + plugin_name = plugin_name.as_str(), + )?; + wfl!( + f, + "rec-identity-file-contains-plugin", + plugin_name = plugin_name.as_str(), + ) + } + IdentityFileConvertError::NoIdentities { filename } => match filename { + Some(filename) => { + wfl!(f, "err-no-identities-in-file", filename = filename.as_str()) + } + None => wfl!(f, "err-no-identities-in-stdin"), + }, + } + } +} + +impl std::error::Error for IdentityFileConvertError { + fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { + match self { + IdentityFileConvertError::FailedToWriteOutput(e) => Some(e), + _ => None, + } + } +} + /// Errors returned by a plugin. #[cfg(feature = "plugin")] #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))] diff --git a/age/src/identity.rs b/age/src/identity.rs index 8253893..6bd19d6 100644 --- a/age/src/identity.rs +++ b/age/src/identity.rs @@ -1,7 +1,7 @@ use std::fs::File; use std::io; -use crate::{x25519, Callbacks, DecryptError, EncryptError, NoCallbacks}; +use crate::{x25519, Callbacks, DecryptError, EncryptError, IdentityFileConvertError, NoCallbacks}; #[cfg(feature = "cli-common")] use crate::cli_common::file_io::InputReader; @@ -11,7 +11,7 @@ use crate::plugin; /// The supported kinds of identities within an [`IdentityFile`]. #[derive(Clone)] -pub enum IdentityFileEntry { +enum IdentityFileEntry { /// The standard age identity type. Native(x25519::Identity), /// A plugin-compatible identity. @@ -42,6 +42,7 @@ impl IdentityFileEntry { /// A list of identities that has been parsed from some input file. pub struct IdentityFile { + filename: Option, identities: Vec, pub(crate) callbacks: C, } @@ -116,6 +117,7 @@ impl IdentityFile { } Ok(IdentityFile { + filename, identities, callbacks: NoCallbacks, }) @@ -127,11 +129,44 @@ impl IdentityFile { /// identity, it can potentially be decrypted. pub fn with_callbacks(self, callbacks: D) -> IdentityFile { IdentityFile { + filename: self.filename, identities: self.identities, callbacks, } } + /// Writes a recipients file containing the recipients corresponding to the identities + /// in this file. + /// + /// Returns an error if this file is empty, or if it contains plugin identities (which + /// can only be converted by the plugin binary itself). + pub fn write_recipients_file( + &self, + mut output: W, + ) -> Result<(), IdentityFileConvertError> { + if self.identities.is_empty() { + return Err(IdentityFileConvertError::NoIdentities { + filename: self.filename.clone(), + }); + } + + for identity in &self.identities { + match identity { + IdentityFileEntry::Native(sk) => writeln!(output, "{}", sk.to_public()) + .map_err(IdentityFileConvertError::FailedToWriteOutput)?, + #[cfg(feature = "plugin")] + IdentityFileEntry::Plugin(id) => { + return Err(IdentityFileConvertError::IdentityFileContainsPlugin { + filename: self.filename.clone(), + plugin_name: id.plugin().to_string(), + }); + } + } + } + + Ok(()) + } + /// Returns recipients for the identities in this file. /// /// Plugin identities will be merged into one [`Recipient`] per unique plugin. @@ -156,8 +191,11 @@ impl IdentityFile { } /// Returns the identities in this file. - pub fn into_identities(self) -> Vec { + pub fn into_identities(self) -> Result>, DecryptError> { self.identities + .into_iter() + .map(|entry| entry.into_identity(self.callbacks.clone())) + .collect() } } diff --git a/age/src/lib.rs b/age/src/lib.rs index 9075342..38486ac 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -149,8 +149,8 @@ mod primitives; mod protocol; mod util; -pub use error::{DecryptError, EncryptError}; -pub use identity::{IdentityFile, IdentityFileEntry}; +pub use error::{DecryptError, EncryptError, IdentityFileConvertError}; +pub use identity::IdentityFile; pub use primitives::stream; pub use protocol::{Decryptor, Encryptor}; diff --git a/age/src/protocol.rs b/age/src/protocol.rs index bc24f71..0c97115 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -326,10 +326,7 @@ mod tests { use std::iter; use super::{Decryptor, Encryptor}; - use crate::{ - identity::{IdentityFile, IdentityFileEntry}, - scrypt, x25519, EncryptError, Identity, Recipient, - }; + use crate::{identity::IdentityFile, scrypt, x25519, EncryptError, Identity, Recipient}; #[cfg(feature = "async")] use futures::{ @@ -445,11 +442,7 @@ mod tests { let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); recipient_round_trip( vec![Box::new(pk)], - f.into_identities().iter().map(|sk| match sk { - IdentityFileEntry::Native(sk) => sk as &dyn Identity, - #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(_) => unreachable!(), - }), + f.into_identities().unwrap().iter().map(|i| i.as_ref()), ); } @@ -461,11 +454,7 @@ mod tests { let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); recipient_async_round_trip( vec![Box::new(pk)], - f.into_identities().iter().map(|sk| match sk { - IdentityFileEntry::Native(sk) => sk as &dyn Identity, - #[cfg(feature = "plugin")] - IdentityFileEntry::Plugin(_) => unreachable!(), - }), + f.into_identities().unwrap().iter().map(|i| i.as_ref()), ); } diff --git a/rage/i18n/en-US/rage.ftl b/rage/i18n/en-US/rage.ftl index 308cf34..a27f797 100644 --- a/rage/i18n/en-US/rage.ftl +++ b/rage/i18n/en-US/rage.ftl @@ -146,14 +146,6 @@ err-ux-B = Tell us # Put (len(A) - len(B) - 32) spaces here. err-ux-C = {" "} -## Keygen errors - -err-identity-file-contains-plugin = Identity file '{$filename}' contains identities for '{-age-plugin-}{$plugin_name}'. -rec-identity-file-contains-plugin = Try using '{-age-plugin-}{$plugin_name}' to convert this identity to a recipient. - -err-no-identities-in-file = No identities found in file '{$filename}'. -err-no-identities-in-stdin = No identities found in standard input. - ## Encryption errors err-enc-broken-stdout = Could not write to stdout: {$err} diff --git a/rage/i18n/fr/rage.ftl b/rage/i18n/fr/rage.ftl index bb1989f..802301a 100644 --- a/rage/i18n/fr/rage.ftl +++ b/rage/i18n/fr/rage.ftl @@ -151,14 +151,6 @@ err-ux-B = Dites-le nous # Put (len(A) - len(B) - 32) spaces here. err-ux-C = {" "} -## Keygen errors - -err-identity-file-contains-plugin = Le ficher d'identité '{$filename}' contient des identités pour '{-age-plugin-}{$plugin_name}'. -rec-identity-file-contains-plugin = Essayez d'utiliser {-age-plugin-}{$plugin_name}' pour convertir cette identité en un destinataire. - -err-no-identities-in-file = Aucune identité trouvée dans le fichier '{$filename}'. -err-no-identities-in-stdin = Aucune identité trouvée dans l'entrée standard (stdin). - ## Encryption errors err-enc-broken-stdout = N'a pas pu écrire sur stdout: {$err} diff --git a/rage/i18n/it/rage.ftl b/rage/i18n/it/rage.ftl index 625c89d..a1442b8 100644 --- a/rage/i18n/it/rage.ftl +++ b/rage/i18n/it/rage.ftl @@ -145,14 +145,6 @@ err-ux-B = Faccelo sapere # Put (len(A) - len(B) - 32) spaces here. err-ux-C = {" "} -## Keygen errors - -err-identity-file-contains-plugin = Il file '{$filename}' contiene identità per '{-age-plugin-}{$plugin_name}'. -rec-identity-file-contains-plugin = Prova a usare '{-age-plugin-}{$plugin_name}' per convertire questa identità in destinatario. - -err-no-identities-in-file = Nessuna identità trovata nel file '{$filename}'. -err-no-identities-in-stdin = Nessuna identità trovata tramite standard input. - ## Encryption errors err-enc-broken-stdout = Impossibile scrivere sullo standard output: {$err} diff --git a/rage/i18n/ru/rage.ftl b/rage/i18n/ru/rage.ftl index cb9794e..0d46dd3 100644 --- a/rage/i18n/ru/rage.ftl +++ b/rage/i18n/ru/rage.ftl @@ -147,14 +147,6 @@ err-ux-B = Сообщите нам # Поставьте здесь пробелы (len(A) - len(B) - 32). err-ux-C = {" "} -## Keygen errors - -err-identity-file-contains-plugin = Файл идентификации '{$filename}' содержит идентификаторы для '{-age-plugin-}{$plugin_name}'. -rec-identity-file-contains-plugin = Попробуйте использовать '{-age-plugin-}{$plugin_name}' для преобразования этого идентификатора в получателя. - -err-no-identities-in-file = Идентификаторы в файле '{$filename}' не найдены. -err-no-identities-in-stdin = Идентификаторы в стандартном вводе не найдены. - ## Encryption errors err-enc-broken-stdout = Не удалось записать в stdout: {$err} diff --git a/rage/src/bin/rage-keygen/error.rs b/rage/src/bin/rage-keygen/error.rs index 43176b4..75ee3e8 100644 --- a/rage/src/bin/rage-keygen/error.rs +++ b/rage/src/bin/rage-keygen/error.rs @@ -1,6 +1,8 @@ use std::fmt; use std::io; +use age::IdentityFileConvertError; + macro_rules! wlnfl { ($f:ident, $message_id:literal) => { writeln!($f, "{}", $crate::fl!($message_id)) @@ -16,13 +18,7 @@ pub(crate) enum Error { FailedToOpenOutput(io::Error), FailedToReadInput(io::Error), FailedToWriteOutput(io::Error), - IdentityFileContainsPlugin { - filename: Option, - plugin_name: String, - }, - NoIdentities { - filename: Option, - }, + IdentityFileConvert(IdentityFileConvertError), } // Rust only supports `fn main() -> Result<(), E: Debug>`, so we implement `Debug` @@ -42,28 +38,7 @@ impl fmt::Debug for Error { Error::FailedToWriteOutput(e) => { wlnfl!(f, "err-failed-to-write-output", err = e.to_string())? } - Error::IdentityFileContainsPlugin { - filename, - plugin_name, - } => { - wlnfl!( - f, - "err-identity-file-contains-plugin", - filename = filename.as_deref().unwrap_or_default(), - plugin_name = plugin_name.as_str(), - )?; - wlnfl!( - f, - "rec-identity-file-contains-plugin", - plugin_name = plugin_name.as_str(), - )? - } - Error::NoIdentities { filename } => match filename { - Some(filename) => { - wlnfl!(f, "err-no-identities-in-file", filename = filename.as_str())? - } - None => wlnfl!(f, "err-no-identities-in-stdin")?, - }, + Error::IdentityFileConvert(e) => writeln!(f, "{e}")?, } writeln!(f)?; writeln!(f, "[ {} ]", crate::fl!("err-ux-A"))?; diff --git a/rage/src/bin/rage-keygen/main.rs b/rage/src/bin/rage-keygen/main.rs index d4d8c4d..a9ea54e 100644 --- a/rage/src/bin/rage-keygen/main.rs +++ b/rage/src/bin/rage-keygen/main.rs @@ -73,33 +73,14 @@ fn generate(mut output: file_io::OutputWriter) -> io::Result<()> { Ok(()) } -fn convert( - filename: Option, - mut output: file_io::OutputWriter, -) -> Result<(), error::Error> { +fn convert(filename: Option, output: file_io::OutputWriter) -> Result<(), error::Error> { let file = age::IdentityFile::from_input_reader( - file_io::InputReader::new(filename.clone()).map_err(error::Error::FailedToOpenInput)?, + file_io::InputReader::new(filename).map_err(error::Error::FailedToOpenInput)?, ) .map_err(error::Error::FailedToReadInput)?; - let identities = file.into_identities(); - if identities.is_empty() { - return Err(error::Error::NoIdentities { filename }); - } - - for identity in identities { - match identity { - age::IdentityFileEntry::Native(sk) => { - writeln!(output, "{}", sk.to_public()).map_err(error::Error::FailedToWriteOutput)? - } - age::IdentityFileEntry::Plugin(id) => { - return Err(error::Error::IdentityFileContainsPlugin { - filename, - plugin_name: id.plugin().to_string(), - }); - } - } - } + file.write_recipients_file(output) + .map_err(error::Error::IdentityFileConvert)?; Ok(()) } From 303fa6ebe13863701ead73c2d9496ffc83978df6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 02:41:36 +0000 Subject: [PATCH 47/77] rage: Add CLI test exposing bug with single-line identity files Specifically, a single line and no trailing newline. --- .../file.age.txt | 8 ++++++++ .../cmd/rage/decrypt-identity-no-comment-or-newline.toml | 7 +++++++ 2 files changed, 15 insertions(+) create mode 100644 rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.in/file.age.txt create mode 100644 rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.toml diff --git a/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.in/file.age.txt b/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.in/file.age.txt new file mode 100644 index 0000000..6f9dc67 --- /dev/null +++ b/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.in/file.age.txt @@ -0,0 +1,8 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUGc3Zlhpekp0K012aXdu +T1VZN0lmWlRmNjdLYVB4RldkTFVLTkNDUXlBCmJjRUcrM3E0a0U0N3IyK1JsTitG +dHVTd0N6TVFRTWgzdG5uSzJmNm9YMTgKLT4gQXQ1WWAtZ3JlYXNlIDxodGFSVHJg +IFg0cWYsO0ogZ2Fzc1EKZGtPSTB3Ci0tLSBKazRIaHJxdnNJcHpyclRkQjg3QW5r +SVE2MHdtWkErYTNrNWJibWd1bmNBCkK9FoOkiLB93gD79vNed8L3LM9rhKm5qma2 +lSiwRx/aM1DKaZO0CMmYQkoM2tPReA== +-----END AGE ENCRYPTED FILE----- diff --git a/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.toml b/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.toml new file mode 100644 index 0000000..b135308 --- /dev/null +++ b/rage/tests/cmd/rage/decrypt-identity-no-comment-or-newline.toml @@ -0,0 +1,7 @@ +bin.name = "rage" +args = "-d -i - file.age.txt" +stdin = "AGE-SECRET-KEY-1SRQGS50G584HFA5JG9D6D9S6639VVHJUE5XHHKJET9DRU76HK4RQP0X5Q3" +stdout = """ +Test plaintext. +""" +stderr = "" From 5a57e120a2a6e46c2cb01862a97f5568e2b7d731 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 02:43:08 +0000 Subject: [PATCH 48/77] age: Don't exit peeking state if entire identity file fits in the buffer This ensures we can call `PeekableReader::reset` when the file is a single line without a trailing newline character, which rage-keygen does not generate but users can. Closes str4d/rage#484. --- age/CHANGELOG.md | 5 +++ age/src/cli_common/identities.rs | 53 ++++++++++++++++++++++++++------ 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 57d5c51..383c480 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -34,6 +34,11 @@ to 1.0.0 are beta releases. constrain how the stanzas may be combined with those from other recipients. - `age::plugin::RecipientPluginV1` now supports the labels extension. +### Fixed +- `age::cli_common::read_identities` once again correctly parses identity files + that are a single line without a trailing newline. This broke in 0.10.0 due to + an unrelated refactor. + ### Removed - `age::decryptor::PassphraseDecryptor` (use `age::Decryptor` with `age::scrypt::Identity` instead). diff --git a/age/src/cli_common/identities.rs b/age/src/cli_common/identities.rs index 22637fd..e9625a3 100644 --- a/age/src/cli_common/identities.rs +++ b/age/src/cli_common/identities.rs @@ -76,14 +76,17 @@ pub(super) fn parse_identity_files + From>( ) -> Result<(), E> { for filename in filenames { #[cfg_attr(not(any(feature = "armor", feature = "ssh")), allow(unused_mut))] - let mut reader = PeekableReader::new(BufReader::new( - stdin_guard.open(filename.clone()).map_err(|e| match e { + let mut reader = + PeekableReader::new(stdin_guard.open(filename.clone()).map_err(|e| match e { ReadError::Io(e) if matches!(e.kind(), io::ErrorKind::NotFound) => { ReadError::IdentityNotFound(filename.clone()) } _ => e, - })?, - )); + })?); + + // Note to future self: the order in which we try parsing formats here is critical + // to the correct behaviour of `PeekableReader::fill_buf`. See the comments in + // that method. #[cfg(feature = "armor")] // Try parsing as an encrypted age identity. @@ -144,20 +147,28 @@ pub(super) fn parse_identity_files + From>( Ok(()) } +/// Same as default buffer size for `BufReader`, but hard-coded so we know exactly what +/// the buffer size is, and therefore can detect if the entire file fits into a single +/// buffer. +/// +/// This must be at least 71 bytes to ensure the correct behaviour of +/// `PeekableReader::fill_buf`. See the comments in that method. +const PEEKABLE_SIZE: usize = 8 * 1024; + enum PeekState { Peeking { consumed: usize }, Reading, } -struct PeekableReader { - inner: R, +struct PeekableReader { + inner: BufReader, state: PeekState, } -impl PeekableReader { +impl PeekableReader { fn new(inner: R) -> Self { Self { - inner, + inner: BufReader::with_capacity(PEEKABLE_SIZE, inner), state: PeekState::Peeking { consumed: 0 }, } } @@ -177,7 +188,7 @@ impl PeekableReader { } } -impl io::Read for PeekableReader { +impl io::Read for PeekableReader { fn read(&mut self, buf: &mut [u8]) -> io::Result { match self.state { PeekState::Peeking { .. } => { @@ -195,7 +206,7 @@ impl io::Read for PeekableReader { } } -impl io::BufRead for PeekableReader { +impl io::BufRead for PeekableReader { fn fill_buf(&mut self) -> io::Result<&[u8]> { match self.state { PeekState::Peeking { consumed } => { @@ -211,6 +222,28 @@ impl io::BufRead for PeekableReader { // on `self.inner` to outside the conditional, which would prevent us // from performing other mutable operations on the other side. Ok(&self.inner.fill_buf()?[consumed..]) + } else if inner_len < PEEKABLE_SIZE { + // We have read the entire file into a single buffer and consumed all + // of it. Don't fall through to change the state to `Reading`, because + // we can always reset a single-buffer stream. + // + // Note that we cannot distinguish between the file being the exact + // same size as our buffer, and the file being larger than it. But + // this only becomes relevant if we cannot distinguish between the + // kinds of identity files we support parsing, within a single buffer. + // We should always be able to distinguish before then, because we + // parse in the following order: + // + // - Encrypted identities, which are parsed incrementally as age + // ciphertexts with optional armor, and can be detected in at most + // 70 bytes. + // - SSH identities, which are parsed as a PEM encoding and can be + // detected in at most 36 bytes. + // - Identity files, which have one identity per line and therefore + // can have arbitrarily long lines. We intentionally try this format + // last. + assert_eq!(consumed, inner_len); + Ok(&[]) } else { // We're done peeking. self.inner.consume(consumed); From e84159365d61a768f6dbea3bbadf202f07a02764 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 04:59:58 +0000 Subject: [PATCH 49/77] age: Add `scrypt::Recipient::set_work_factor` for overriding default This can only be configured by using `scrypt::Recipient` directly in a library context. The helper method `Encryptor::with_user_passphrase` does not expose this, and `rage` continues to use the default. Closes str4d/rage#383. --- age/src/protocol.rs | 6 +++++- age/src/scrypt.rs | 29 ++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 0c97115..37c6ca3 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -462,8 +462,12 @@ mod tests { fn scrypt_round_trip() { let test_msg = b"This is a test message. For testing."; + let mut recipient = scrypt::Recipient::new(SecretString::new("passphrase".to_string())); + // Override to something very fast for testing. + recipient.set_work_factor(2); + let mut encrypted = vec![]; - let e = Encryptor::with_user_passphrase(SecretString::new("passphrase".to_string())); + let e = Encryptor::with_recipients(vec![Box::new(recipient)]).unwrap(); { let mut w = e.wrap_output(&mut encrypted).unwrap(); w.write_all(test_msg).unwrap(); diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index 3046718..ca92512 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -104,12 +104,33 @@ fn target_scrypt_work_factor() -> u8 { /// [`x25519::Identity`]: crate::x25519::Identity pub struct Recipient { passphrase: SecretString, + log_n: u8, } impl Recipient { /// Constructs a new `Recipient` with the given passphrase. + /// + /// The scrypt work factor is picked to target about 1 second for encryption or + /// decryption on this device. Override it with [`Self::set_work_factor`]. pub fn new(passphrase: SecretString) -> Self { - Self { passphrase } + Self { + passphrase, + log_n: target_scrypt_work_factor(), + } + } + + /// Sets the scrypt work factor to `N = 2^log_n`. + /// + /// This method must be called before [`Self::wrap_file_key`] to have an effect. + /// + /// [`Self::wrap_file_key`]: crate::Recipient::wrap_file_key + /// + /// # Panics + /// + /// Panics if `log_n == 0` or `log_n >= 64`. + pub fn set_work_factor(&mut self, log_n: u8) { + assert!(0 < log_n && log_n < 64); + self.log_n = log_n; } } @@ -127,10 +148,8 @@ impl crate::Recipient for Recipient { inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL); inner_salt[SCRYPT_SALT_LABEL.len()..].copy_from_slice(&salt); - let log_n = target_scrypt_work_factor(); - let enc_key = - scrypt(&inner_salt, log_n, self.passphrase.expose_secret()).expect("log_n < 64"); + scrypt(&inner_salt, self.log_n, self.passphrase.expose_secret()).expect("log_n < 64"); let encrypted_file_key = aead_encrypt(&enc_key, file_key.expose_secret()); let encoded_salt = BASE64_STANDARD_NO_PAD.encode(salt); @@ -140,7 +159,7 @@ impl crate::Recipient for Recipient { Ok(( vec![Stanza { tag: SCRYPT_RECIPIENT_TAG.to_owned(), - args: vec![encoded_salt, format!("{}", log_n)], + args: vec![encoded_salt, format!("{}", self.log_n)], body: encrypted_file_key, }], iter::once(label).collect(), From 67a539791bea7b2804a19da3c9e6015d668a15c6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 05:03:46 +0000 Subject: [PATCH 50/77] age: Adjust `scrypt::Identity::set_max_work_factor` docs They are now consistent with `scrypt::Recipient::set_work_factor`. --- age/src/scrypt.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index ca92512..5b04698 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -196,13 +196,13 @@ impl Identity { } } - /// Sets the maximum accepted scrypt work factor to `2^max_work_factor`. + /// Sets the maximum accepted scrypt work factor to `N = 2^max_log_n`. /// /// This method must be called before [`Self::unwrap_stanza`] to have an effect. /// /// [`Self::unwrap_stanza`]: crate::Identity::unwrap_stanza - pub fn set_max_work_factor(&mut self, max_work_factor: u8) { - self.max_work_factor = max_work_factor; + pub fn set_max_work_factor(&mut self, max_log_n: u8) { + self.max_work_factor = max_log_n; } } From 5eb44a157e91f25b09be6e922ce9c49164753ead Mon Sep 17 00:00:00 2001 From: Stefan Gehr Date: Wed, 28 Aug 2024 10:41:14 +0200 Subject: [PATCH 51/77] Use DirPath for output of rage-keygen as overwriting is not allowed --- rage/src/bin/rage-keygen/cli.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rage/src/bin/rage-keygen/cli.rs b/rage/src/bin/rage-keygen/cli.rs index 66837c4..aaae2d2 100644 --- a/rage/src/bin/rage-keygen/cli.rs +++ b/rage/src/bin/rage-keygen/cli.rs @@ -36,7 +36,7 @@ pub(crate) struct AgeOptions { #[arg(short, long)] #[arg(value_name = fl!("output"))] #[arg(help = fl!("keygen-help-flag-output"))] - #[arg(value_hint = ValueHint::AnyPath)] + #[arg(value_hint = ValueHint::DirPath)] pub(crate) output: Option, #[arg(short = 'y')] From d483e0b06952b9ac65bb5f9856c8548eb9252d99 Mon Sep 17 00:00:00 2001 From: Stefan Gehr Date: Wed, 28 Aug 2024 10:41:42 +0200 Subject: [PATCH 52/77] cargo fmt --all --- rage/src/bin/rage-keygen/cli.rs | 5 ++++- rage/src/bin/rage-mount/cli.rs | 5 ++++- rage/src/bin/rage/cli.rs | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/rage/src/bin/rage-keygen/cli.rs b/rage/src/bin/rage-keygen/cli.rs index aaae2d2..f54eb31 100644 --- a/rage/src/bin/rage-keygen/cli.rs +++ b/rage/src/bin/rage-keygen/cli.rs @@ -1,4 +1,7 @@ -use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; +use clap::{ + builder::{Styles, ValueHint}, + ArgAction, Parser, +}; use crate::fl; diff --git a/rage/src/bin/rage-mount/cli.rs b/rage/src/bin/rage-mount/cli.rs index 9f82d56..66e4099 100644 --- a/rage/src/bin/rage-mount/cli.rs +++ b/rage/src/bin/rage-mount/cli.rs @@ -1,4 +1,7 @@ -use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; +use clap::{ + builder::{Styles, ValueHint}, + ArgAction, Parser, +}; use crate::fl; diff --git a/rage/src/bin/rage/cli.rs b/rage/src/bin/rage/cli.rs index 25a7a4f..1084ce5 100644 --- a/rage/src/bin/rage/cli.rs +++ b/rage/src/bin/rage/cli.rs @@ -1,6 +1,9 @@ use std::path::Path; -use clap::{builder::{Styles, ValueHint}, ArgAction, Parser}; +use clap::{ + builder::{Styles, ValueHint}, + ArgAction, Parser, +}; use crate::fl; From a709c93c921aa0fb6a34b6a15de13d88c442f325 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 13:22:36 +0000 Subject: [PATCH 53/77] rage: Allow piping input when encrypting with passphrase on Unix Closes str4d/rage#374. --- rage/CHANGELOG.md | 4 ++++ rage/src/bin/rage/error.rs | 7 ++++++- rage/src/bin/rage/main.rs | 10 ++++++++-- rage/tests/cli_tests.rs | 10 +++++++++- ...encrypt-passphrase-without-file-argument.toml | 16 ++++++++++++++++ ...encrypt-passphrase-without-file-argument.toml | 0 6 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 rage/tests/unix/rage/encrypt-passphrase-without-file-argument.toml rename rage/tests/{cmd => windows}/rage/encrypt-passphrase-without-file-argument.toml (100%) diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index e49f64f..50a288c 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -12,6 +12,10 @@ to 1.0.0 are beta releases. ### Added - Partial French translation! +### Fixed +- [Unix] Files can now be encrypted with `rage --passphrase` when piped over + stdin, without requiring an explicit `-` argument as `INPUT`. + ## [0.10.0] - 2024-02-04 ### Added - Russian translation! diff --git a/rage/src/bin/rage/error.rs b/rage/src/bin/rage/error.rs index 3cb4a3e..596e52b 100644 --- a/rage/src/bin/rage/error.rs +++ b/rage/src/bin/rage/error.rs @@ -23,7 +23,10 @@ macro_rules! wlnfl { pub(crate) enum EncryptError { Age(age::EncryptError), - BrokenPipe { is_stdout: bool, source: io::Error }, + BrokenPipe { + is_stdout: bool, + source: io::Error, + }, IdentityRead(age::cli_common::ReadError), Io(io::Error), MissingRecipients, @@ -31,6 +34,7 @@ pub(crate) enum EncryptError { MixedRecipientAndPassphrase, MixedRecipientsFileAndPassphrase, PassphraseTimedOut, + #[cfg(not(unix))] PassphraseWithoutFileArgument, PluginNameFlag, } @@ -84,6 +88,7 @@ impl fmt::Display for EncryptError { wfl!(f, "err-enc-mixed-recipients-file-passphrase") } EncryptError::PassphraseTimedOut => wfl!(f, "err-passphrase-timed-out"), + #[cfg(not(unix))] EncryptError::PassphraseWithoutFileArgument => { wfl!(f, "err-enc-passphrase-without-file") } diff --git a/rage/src/bin/rage/main.rs b/rage/src/bin/rage/main.rs index a75a397..545e251 100644 --- a/rage/src/bin/rage/main.rs +++ b/rage/src/bin/rage/main.rs @@ -108,6 +108,7 @@ fn encrypt(opts: AgeOptions) -> Result<(), error::EncryptError> { (Format::Binary, file_io::OutputFormat::Binary) }; + #[cfg(not(unix))] let has_file_argument = opts.input.is_some(); let (input, output) = set_up_io(opts.input, opts.output, output_format)?; @@ -134,8 +135,13 @@ fn encrypt(opts: AgeOptions) -> Result<(), error::EncryptError> { return Err(error::EncryptError::MixedRecipientsFileAndPassphrase); } - if !has_file_argument { - return Err(error::EncryptError::PassphraseWithoutFileArgument); + // The `rpassword` crate opens `/dev/tty` directly on Unix, so we don't have + // any conflict with stdin. + #[cfg(not(unix))] + { + if !has_file_argument { + return Err(error::EncryptError::PassphraseWithoutFileArgument); + } } match read_or_generate_passphrase() { diff --git a/rage/tests/cli_tests.rs b/rage/tests/cli_tests.rs index 5c4acf5..adc8782 100644 --- a/rage/tests/cli_tests.rs +++ b/rage/tests/cli_tests.rs @@ -1,4 +1,12 @@ #[test] fn cli_tests() { - trycmd::TestCases::new().case("tests/cmd/*/*.toml"); + let tests = trycmd::TestCases::new(); + + tests.case("tests/cmd/*/*.toml"); + + #[cfg(unix)] + tests.case("tests/unix/*/*.toml"); + + #[cfg(not(unix))] + tests.case("tests/windows/*/*.toml"); } diff --git a/rage/tests/unix/rage/encrypt-passphrase-without-file-argument.toml b/rage/tests/unix/rage/encrypt-passphrase-without-file-argument.toml new file mode 100644 index 0000000..4b0c6be --- /dev/null +++ b/rage/tests/unix/rage/encrypt-passphrase-without-file-argument.toml @@ -0,0 +1,16 @@ +bin.name = "rage" +args = "-p" +status = "failed" +stdin = "" +stdout = "" +stderr = """ +Error: Parsing Error: Error { input: "", code: Tag } + +[ Did rage not do what you expected? Could an error be more useful? ] +[ Tell us: https://str4d.xyz/rage/report ] +""" + +# We get an error from the `pinentry` crate because we've passed a real but invalid binary +# that does not speak the pinentry protocol. +[env.add] +PINENTRY_PROGRAM = "true" diff --git a/rage/tests/cmd/rage/encrypt-passphrase-without-file-argument.toml b/rage/tests/windows/rage/encrypt-passphrase-without-file-argument.toml similarity index 100% rename from rage/tests/cmd/rage/encrypt-passphrase-without-file-argument.toml rename to rage/tests/windows/rage/encrypt-passphrase-without-file-argument.toml From 917fc489f6ae1f37cf207af8f936db39df9ee0e9 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 15:42:21 +0000 Subject: [PATCH 54/77] CI: Build `x86_64-darwin` release with `macos-13` runner `macos-latest` now points to `macos-14` which is an ARM64 chip. --- .github/workflows/release.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b53e75f..04e47d1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,13 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - name: [linux, armv7, arm64, windows, macos] + name: + - linux + - armv7 + - arm64 + - windows + - macos-x86_64 + include: - name: linux os: ubuntu-20.04 @@ -56,8 +62,8 @@ jobs: archive_name: rage.zip asset_suffix: x86_64-windows.zip - - name: macos - os: macos-latest + - name: macos-x86_64 + os: macos-13 archive_name: rage.tar.gz asset_suffix: x86_64-darwin.tar.gz From 0cdde6031549ee348feb98056265e4d4f3698e20 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 15:44:47 +0000 Subject: [PATCH 55/77] CI: Build releases for `arm64-darwin` --- .github/workflows/release.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 04e47d1..e806c8b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,6 +22,7 @@ jobs: - armv7 - arm64 - windows + - macos-arm64 - macos-x86_64 include: @@ -62,6 +63,11 @@ jobs: archive_name: rage.zip asset_suffix: x86_64-windows.zip + - name: macos-arm64 + os: macos-latest + archive_name: rage.tar.gz + asset_suffix: arm64-darwin.tar.gz + - name: macos-x86_64 os: macos-13 archive_name: rage.tar.gz @@ -140,6 +146,7 @@ jobs: - macos-11 - macos-12 - macos-13 + - macos-14 include: - os: ubuntu-20.04 @@ -177,6 +184,11 @@ jobs: archive_name: rage.tar.gz asset_suffix: x86_64-darwin.tar.gz + - os: macos-14 + name: macos + archive_name: rage.tar.gz + asset_suffix: arm64-darwin.tar.gz + steps: - name: Download archive uses: actions/download-artifact@v4 From e67f4016dc3701a2ab425485b741275b3a450bc9 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 15:45:59 +0000 Subject: [PATCH 56/77] CI: Remove `macos-11` from release testing It was removed by GitHub in Q2 2024. --- .github/workflows/release.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e806c8b..8a57fe3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -143,7 +143,6 @@ jobs: - ubuntu-22.04 - windows-2019 - windows-2022 - - macos-11 - macos-12 - macos-13 - macos-14 @@ -169,11 +168,6 @@ jobs: archive_name: rage.zip asset_suffix: x86_64-windows.zip - - os: macos-11 - name: macos - archive_name: rage.tar.gz - asset_suffix: x86_64-darwin.tar.gz - - os: macos-12 name: macos archive_name: rage.tar.gz From 05f996c9195011003f6f675ade4943c35bcd364f Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 15:47:41 +0000 Subject: [PATCH 57/77] CI: Add `ubuntu-24.04` to release testing --- .github/workflows/release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a57fe3..7fb7ca8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -141,6 +141,7 @@ jobs: os: - ubuntu-20.04 - ubuntu-22.04 + - ubuntu-24.04 - windows-2019 - windows-2022 - macos-12 @@ -158,6 +159,11 @@ jobs: archive_name: rage.tar.gz asset_suffix: x86_64-linux.tar.gz + - os: ubuntu-24.04 + name: linux + archive_name: rage.tar.gz + asset_suffix: x86_64-linux.tar.gz + - os: windows-2019 name: windows archive_name: rage.zip From 9343af9324ea5c10cf52cf111f77ee1109a8053a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 28 Aug 2024 16:10:33 +0000 Subject: [PATCH 58/77] CI: Generate Artifact Attestations for release artifacts --- .github/workflows/release.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7fb7ca8..d898e4f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,11 @@ on: required: true default: 'true' +permissions: + attestations: write + contents: write + id-token: write + jobs: build: name: Publish for ${{ matrix.name }} @@ -113,6 +118,11 @@ jobs: shell: bash if: matrix.name == 'windows' + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-path: 'release/rage/*' + - name: Upload archive as artifact uses: actions/upload-artifact@v4 with: @@ -299,6 +309,11 @@ jobs: - name: cargo deb run: cargo deb --package rage --no-build --target ${{ matrix.target }} ${{ matrix.deb_flags }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-path: 'target/${{ matrix.target }}/debian/*.deb' + - name: Upload Debian package as artifact uses: actions/upload-artifact@v4 with: From 9ab26bf360a3bca4a712bce9b46693df6bb18aed Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 30 Aug 2024 10:39:05 -0400 Subject: [PATCH 59/77] age: Take recipients by reference in `Encryptor::with_recipients` This aligns it with `Decryptor`, and means that recipients can be used to encrypt multiple files without cloning. Part of str4d/rage#353. --- age/CHANGELOG.md | 14 ++++++ age/benches/parser.rs | 20 +++----- age/benches/throughput.rs | 4 +- age/i18n/en-US/age.ftl | 2 + age/i18n/es-AR/age.ftl | 2 + age/i18n/fr/age.ftl | 2 + age/i18n/it/age.ftl | 2 + age/i18n/ru/age.ftl | 2 + age/i18n/zh-CN/age.ftl | 2 + age/i18n/zh-TW/age.ftl | 2 + age/src/error.rs | 4 ++ age/src/lib.rs | 2 +- age/src/primitives/armor.rs | 6 +-- age/src/protocol.rs | 91 ++++++++++++++++++++----------------- rage/i18n/en-US/rage.ftl | 1 - rage/i18n/es-AR/rage.ftl | 1 - rage/i18n/fr/rage.ftl | 1 - rage/i18n/it/rage.ftl | 1 - rage/i18n/ru/rage.ftl | 1 - rage/i18n/zh-CN/rage.ftl | 1 - rage/i18n/zh-TW/rage.ftl | 1 - rage/src/bin/rage/error.rs | 9 ++-- rage/src/bin/rage/main.rs | 13 +++--- 23 files changed, 106 insertions(+), 78 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 383c480..f6ed153 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -22,6 +22,20 @@ to 1.0.0 are beta releases. ### Changed - Migrated to `i18n-embed 0.15`. +- `age::Encryptor::with_recipients` now takes recipients by reference instead of + by value. This aligns it with `age::Decryptor` (which takes identities by + reference), and also means that errors with recipients are reported earlier. + This causes the following changes to the API: + - `Encryptor::with_recipients` takes `impl Iterator` + instead of `Vec>`. + - Verification of recipients and generation of stanzas now happens in + `Encryptor::with_recipients` instead of `Encryptor::wrap_output` and + `Encryptor::wrap_async_output`. + - `Encryptor::with_recipients` returns `Result` instead of + `Option`, and `Encryptor::{wrap_output, wrap_async_output}` return + `io::Result>` instead of `Result, EncryptError>`. + - `age::EncryptError` has a new variant `MissingRecipients`, taking the place + of the `None` that `Encryptor::with_recipients` could previously return. - `age::Decryptor` is now an opaque struct instead of an enum with `Recipients` and `Passphrase` variants. - `age::IdentityFile` now has a `C: Callbacks` generic parameter, which defaults diff --git a/age/benches/parser.rs b/age/benches/parser.rs index e67fb57..cea37c4 100644 --- a/age/benches/parser.rs +++ b/age/benches/parser.rs @@ -1,4 +1,4 @@ -use age::{x25519, Decryptor, Encryptor, Recipient}; +use age::{x25519, Decryptor, Encryptor}; use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion, Throughput}; #[cfg(unix)] @@ -8,7 +8,7 @@ use std::io::Write; fn bench(c: &mut Criterion) { let recipients: Vec<_> = (0..10) - .map(|_| Box::new(x25519::Identity::generate().to_public())) + .map(|_| x25519::Identity::generate().to_public()) .collect(); let mut group = c.benchmark_group("header"); @@ -16,17 +16,11 @@ fn bench(c: &mut Criterion) { group.throughput(Throughput::Elements(count as u64)); group.bench_function(BenchmarkId::new("parse", count), |b| { let mut encrypted = vec![]; - let mut output = Encryptor::with_recipients( - recipients - .iter() - .take(count) - .cloned() - .map(|r| r as Box) - .collect(), - ) - .unwrap() - .wrap_output(&mut encrypted) - .unwrap(); + let mut output = + Encryptor::with_recipients(recipients.iter().take(count).map(|r| r as _)) + .unwrap() + .wrap_output(&mut encrypted) + .unwrap(); output.write_all(&[]).unwrap(); output.finish().unwrap(); diff --git a/age/benches/throughput.rs b/age/benches/throughput.rs index a259218..8c5c349 100644 --- a/age/benches/throughput.rs +++ b/age/benches/throughput.rs @@ -52,7 +52,7 @@ fn bench(c: &mut Criterion_) { group.bench_function(BenchmarkId::new("encrypt", size), |b| { b.iter(|| { - let mut output = Encryptor::with_recipients(vec![Box::new(recipient.clone())]) + let mut output = Encryptor::with_recipients(iter::once(&recipient as _)) .unwrap() .wrap_output(io::sink()) .unwrap(); @@ -62,7 +62,7 @@ fn bench(c: &mut Criterion_) { }); group.bench_function(BenchmarkId::new("decrypt", size), |b| { - let mut output = Encryptor::with_recipients(vec![Box::new(recipient.clone())]) + let mut output = Encryptor::with_recipients(iter::once(&recipient as _)) .unwrap() .wrap_output(&mut ct_buf) .unwrap(); diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl index be8e916..f512f21 100644 --- a/age/i18n/en-US/age.ftl +++ b/age/i18n/en-US/age.ftl @@ -74,6 +74,8 @@ err-invalid-recipient-labels = The first recipient requires one or more invalid err-key-decryption = Failed to decrypt an encrypted key +err-missing-recipients = Missing recipients. + err-mixed-recipient-passphrase = {-scrypt-recipient} can't be used with other recipients. err-no-matching-keys = No matching keys found diff --git a/age/i18n/es-AR/age.ftl b/age/i18n/es-AR/age.ftl index 7e39bd6..08a5406 100644 --- a/age/i18n/es-AR/age.ftl +++ b/age/i18n/es-AR/age.ftl @@ -57,6 +57,8 @@ err-header-mac-invalid = MAC de encabezado inválido. err-key-decryption = No se pudo desencriptar una clave encriptada. +err-missing-recipients = No se encontraron destinatarios. + err-no-matching-keys = No se encontraron claves coincidentes. err-unknown-format = Formato {-age} desconocido. diff --git a/age/i18n/fr/age.ftl b/age/i18n/fr/age.ftl index 803fef2..e2be564 100644 --- a/age/i18n/fr/age.ftl +++ b/age/i18n/fr/age.ftl @@ -69,6 +69,8 @@ err-header-mac-invalid = Le MAC de l'en-tête est invalide err-key-decryption = Echec du déchiffrement d'une clef chiffrée +err-missing-recipients = Destinataires manquants. + err-no-matching-keys = Aucune clef correspondante n'a été trouvée err-unknown-format = Format {-age} inconnu. diff --git a/age/i18n/it/age.ftl b/age/i18n/it/age.ftl index 3749a0d..f8c16ca 100644 --- a/age/i18n/it/age.ftl +++ b/age/i18n/it/age.ftl @@ -69,6 +69,8 @@ err-header-mac-invalid = Il MAC dell'header è invalido err-key-decryption = La decifrazione di una chiave crittografata è fallita +err-missing-recipients = Destinatari mancanti. + err-no-matching-keys = Nessuna chiave corrispondente trovata err-unknown-format = Formato {-age} sconosciuto. diff --git a/age/i18n/ru/age.ftl b/age/i18n/ru/age.ftl index ede9cb5..1158cac 100644 --- a/age/i18n/ru/age.ftl +++ b/age/i18n/ru/age.ftl @@ -69,6 +69,8 @@ err-header-mac-invalid = Недействительный MAC заголовка err-key-decryption = Не удалось расшифровать зашифрованный ключ +err-missing-recipients = Отсутствуют получатели. + err-no-matching-keys = Не найдены подходящие ключи err-unknown-format = Неизвестный формат {-age}. diff --git a/age/i18n/zh-CN/age.ftl b/age/i18n/zh-CN/age.ftl index 5767ee5..d4aefd1 100644 --- a/age/i18n/zh-CN/age.ftl +++ b/age/i18n/zh-CN/age.ftl @@ -57,6 +57,8 @@ err-header-mac-invalid = 标头消息认证码 (MAC) 无效 err-key-decryption = 未能解密加密密钥 +err-missing-recipients = 缺少接收方。 + err-no-matching-keys = 未搜索到匹配的密钥 err-unknown-format = 未知的 {-age} 格式。 diff --git a/age/i18n/zh-TW/age.ftl b/age/i18n/zh-TW/age.ftl index 8180861..3caa462 100644 --- a/age/i18n/zh-TW/age.ftl +++ b/age/i18n/zh-TW/age.ftl @@ -57,6 +57,8 @@ err-header-mac-invalid = 標頭消息認證碼 (MAC) 無效 err-key-decryption = 未能解密加密密鑰 +err-missing-recipients = 缺少接收方。 + err-no-matching-keys = 未搜索到匹配的密鑰 err-unknown-format = 未知的 {-age} 格式。 diff --git a/age/src/error.rs b/age/src/error.rs index 174fba8..5505d4d 100644 --- a/age/src/error.rs +++ b/age/src/error.rs @@ -189,6 +189,8 @@ pub enum EncryptError { /// The plugin's binary name. binary_name: String, }, + /// The encryptor was not given any recipients. + MissingRecipients, /// [`scrypt::Recipient`] was mixed with other recipient types. /// /// [`scrypt::Recipient`]: crate::scrypt::Recipient @@ -219,6 +221,7 @@ impl Clone for EncryptError { Self::MissingPlugin { binary_name } => Self::MissingPlugin { binary_name: binary_name.clone(), }, + Self::MissingRecipients => Self::MissingRecipients, Self::MixedRecipientAndPassphrase => Self::MixedRecipientAndPassphrase, #[cfg(feature = "plugin")] Self::Plugin(e) => Self::Plugin(e.clone()), @@ -277,6 +280,7 @@ impl fmt::Display for EncryptError { wlnfl!(f, "err-missing-plugin", plugin_name = binary_name.as_str())?; wfl!(f, "rec-missing-plugin") } + EncryptError::MissingRecipients => wfl!(f, "err-missing-recipients"), EncryptError::MixedRecipientAndPassphrase => { wfl!(f, "err-mixed-recipient-passphrase") } diff --git a/age/src/lib.rs b/age/src/lib.rs index 38486ac..70ad0a9 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -42,7 +42,7 @@ //! // Encrypt the plaintext to a ciphertext... //! # fn encrypt(pubkey: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> { //! let encrypted = { -//! let encryptor = age::Encryptor::with_recipients(vec![Box::new(pubkey)]) +//! let encryptor = age::Encryptor::with_recipients(iter::once(&pubkey as _)) //! .expect("we provided a recipient"); //! //! let mut encrypted = vec![]; diff --git a/age/src/primitives/armor.rs b/age/src/primitives/armor.rs index 85033ca..c1ba968 100644 --- a/age/src/primitives/armor.rs +++ b/age/src/primitives/armor.rs @@ -291,7 +291,7 @@ enum ArmorIs { /// ``` /// # use std::io::Read; /// use std::io::Write; -/// # use std::iter; +/// use std::iter; /// /// # fn run_main() -> Result<(), ()> { /// # let identity = age::x25519::Identity::generate(); @@ -301,7 +301,7 @@ enum ArmorIs { /// /// # fn encrypt(recipient: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> { /// let encrypted = { -/// let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]) +/// let encryptor = age::Encryptor::with_recipients(iter::once(&recipient as _)) /// .expect("we provided a recipient"); /// /// let mut encrypted = vec![]; @@ -664,7 +664,7 @@ enum StartPos { /// # fn run_main() -> Result<(), ()> { /// # fn encrypt(recipient: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> { /// # let encrypted = { -/// # let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]) +/// # let encryptor = age::Encryptor::with_recipients(iter::once(&recipient as _)) /// # .expect("we provided a recipient"); /// # let mut encrypted = vec![]; /// # let mut writer = encryptor.wrap_output( diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 37c6ca3..05109fb 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -2,7 +2,9 @@ use age_core::{format::is_arbitrary_string, secrecy::SecretString}; use rand::{rngs::OsRng, RngCore}; + use std::io::{self, BufRead, Read, Write}; +use std::iter; use crate::{ error::{DecryptError, EncryptError}, @@ -47,18 +49,12 @@ impl Nonce { /// Encryptor for creating an age file. pub struct Encryptor { - recipients: Vec>, + header: Header, + nonce: Nonce, + payload_key: PayloadKey, } impl Encryptor { - /// Constructs an `Encryptor` that will create an age file encrypted to a list of - /// recipients. - /// - /// Returns `None` if no recipients were provided. - pub fn with_recipients(recipients: Vec>) -> Option { - (!recipients.is_empty()).then_some(Encryptor { recipients }) - } - /// Returns an `Encryptor` that will create an age file encrypted with a passphrase. /// Anyone with the passphrase can decrypt the file. /// @@ -68,20 +64,24 @@ impl Encryptor { /// /// [`x25519::Identity`]: crate::x25519::Identity pub fn with_user_passphrase(passphrase: SecretString) -> Self { - Encryptor { - recipients: vec![Box::new(scrypt::Recipient::new(passphrase))], - } + Self::with_recipients(iter::once(&scrypt::Recipient::new(passphrase) as _)) + .expect("no errors can occur with this recipient set") } - /// Creates the header for this age file. - fn prepare_header(self) -> Result<(Header, Nonce, PayloadKey), EncryptError> { + /// Constructs an `Encryptor` that will create an age file encrypted to a list of + /// recipients. + pub fn with_recipients<'a>( + recipients: impl Iterator, + ) -> Result { let file_key = new_file_key(); let recipients = { let mut control = None; - let mut stanzas = Vec::with_capacity(self.recipients.len() + 1); - for recipient in self.recipients { + let mut stanzas = vec![]; + let mut have_recipients = false; + for recipient in recipients { + have_recipients = true; let (mut r_stanzas, r_labels) = recipient.wrap_file_key(&file_key)?; if let Some(l_labels) = control.take() { @@ -107,6 +107,9 @@ impl Encryptor { stanzas.append(&mut r_stanzas); } + if !have_recipients { + return Err(EncryptError::MissingRecipients); + } stanzas }; @@ -114,7 +117,11 @@ impl Encryptor { let nonce = Nonce::random(); let payload_key = v1_payload_key(&file_key, &header, &nonce).expect("MAC is correct"); - Ok((Header::V1(header), nonce, payload_key)) + Ok(Self { + header: Header::V1(header), + nonce, + payload_key, + }) } /// Creates a wrapper around a writer that will encrypt its input. @@ -124,8 +131,12 @@ impl Encryptor { /// You **MUST** call [`StreamWriter::finish`] when you are done writing, in order to /// finish the encryption process. Failing to call [`StreamWriter::finish`] will /// result in a truncated file that will fail to decrypt. - pub fn wrap_output(self, mut output: W) -> Result, EncryptError> { - let (header, nonce, payload_key) = self.prepare_header()?; + pub fn wrap_output(self, mut output: W) -> io::Result> { + let Self { + header, + nonce, + payload_key, + } = self; header.write(&mut output)?; output.write_all(nonce.as_ref())?; Ok(Stream::encrypt(payload_key, output)) @@ -143,8 +154,12 @@ impl Encryptor { pub async fn wrap_async_output( self, mut output: W, - ) -> Result, EncryptError> { - let (header, nonce, payload_key) = self.prepare_header()?; + ) -> io::Result> { + let Self { + header, + nonce, + payload_key, + } = self; header.write_async(&mut output).await?; output.write_all(nonce.as_ref()).await?; Ok(Stream::encrypt_async(payload_key, output)) @@ -339,7 +354,7 @@ mod tests { use futures_test::task::noop_context; fn recipient_round_trip<'a>( - recipients: Vec>, + recipients: impl Iterator, identities: impl Iterator, ) { let test_msg = b"This is a test message. For testing."; @@ -362,7 +377,7 @@ mod tests { #[cfg(feature = "async")] fn recipient_async_round_trip<'a>( - recipients: Vec>, + recipients: impl Iterator, identities: impl Iterator, ) { let test_msg = b"This is a test message. For testing."; @@ -441,7 +456,7 @@ mod tests { let f = IdentityFile::from_buffer(buf).unwrap(); let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); recipient_round_trip( - vec![Box::new(pk)], + iter::once(&pk as _), f.into_identities().unwrap().iter().map(|i| i.as_ref()), ); } @@ -453,7 +468,7 @@ mod tests { let f = IdentityFile::from_buffer(buf).unwrap(); let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); recipient_async_round_trip( - vec![Box::new(pk)], + iter::once(&pk as _), f.into_identities().unwrap().iter().map(|i| i.as_ref()), ); } @@ -467,7 +482,7 @@ mod tests { recipient.set_work_factor(2); let mut encrypted = vec![]; - let e = Encryptor::with_recipients(vec![Box::new(recipient)]).unwrap(); + let e = Encryptor::with_recipients(iter::once(&recipient as _)).unwrap(); { let mut w = e.wrap_output(&mut encrypted).unwrap(); w.write_all(test_msg).unwrap(); @@ -495,7 +510,7 @@ mod tests { let pk: crate::ssh::Recipient = crate::ssh::recipient::tests::TEST_SSH_RSA_PK .parse() .unwrap(); - recipient_round_trip(vec![Box::new(pk)], iter::once(&sk as &dyn Identity)); + recipient_round_trip(iter::once(&pk as _), iter::once(&sk as &dyn Identity)); } #[cfg(all(feature = "ssh", feature = "async"))] @@ -506,7 +521,7 @@ mod tests { let pk: crate::ssh::Recipient = crate::ssh::recipient::tests::TEST_SSH_RSA_PK .parse() .unwrap(); - recipient_async_round_trip(vec![Box::new(pk)], iter::once(&sk as &dyn Identity)); + recipient_async_round_trip(iter::once(&pk as _), iter::once(&sk as &dyn Identity)); } #[cfg(feature = "ssh")] @@ -517,7 +532,7 @@ mod tests { let pk: crate::ssh::Recipient = crate::ssh::recipient::tests::TEST_SSH_ED25519_PK .parse() .unwrap(); - recipient_round_trip(vec![Box::new(pk)], iter::once(&sk as &dyn Identity)); + recipient_round_trip(iter::once(&pk as _), iter::once(&sk as &dyn Identity)); } #[cfg(all(feature = "ssh", feature = "async"))] @@ -528,7 +543,7 @@ mod tests { let pk: crate::ssh::Recipient = crate::ssh::recipient::tests::TEST_SSH_ED25519_PK .parse() .unwrap(); - recipient_async_round_trip(vec![Box::new(pk)], iter::once(&sk as &dyn Identity)); + recipient_async_round_trip(iter::once(&pk as _), iter::once(&sk as &dyn Identity)); } #[test] @@ -536,12 +551,10 @@ mod tests { let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); let passphrase = crate::scrypt::Recipient::new(SecretString::new("passphrase".to_string())); - let recipients = vec![Box::new(pk) as _, Box::new(passphrase) as _]; + let recipients = [&pk as &dyn Recipient, &passphrase as _]; - let mut encrypted = vec![]; - let e = Encryptor::with_recipients(recipients).unwrap(); assert!(matches!( - e.wrap_output(&mut encrypted), + Encryptor::with_recipients(recipients.into_iter()), Err(EncryptError::MixedRecipientAndPassphrase), )); } @@ -563,16 +576,12 @@ mod tests { #[test] fn incompatible_recipients() { let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); + let incompatible = IncompatibleRecipient(pk.clone()); - let recipients = vec![ - Box::new(pk.clone()) as _, - Box::new(IncompatibleRecipient(pk)) as _, - ]; + let recipients = [&pk as &dyn Recipient, &incompatible as _]; - let mut encrypted = vec![]; - let e = Encryptor::with_recipients(recipients).unwrap(); assert!(matches!( - e.wrap_output(&mut encrypted), + Encryptor::with_recipients(recipients.into_iter()), Err(EncryptError::IncompatibleRecipients { .. }), )); } diff --git a/rage/i18n/en-US/rage.ftl b/rage/i18n/en-US/rage.ftl index a27f797..ccc8368 100644 --- a/rage/i18n/en-US/rage.ftl +++ b/rage/i18n/en-US/rage.ftl @@ -153,7 +153,6 @@ rec-enc-broken-stdout = Are you piping to a program that isn't reading from stdi err-enc-broken-file = Could not write to file: {$err} -err-enc-missing-recipients = Missing recipients. rec-enc-missing-recipients = Did you forget to specify {-flag-recipient}? err-enc-mixed-identity-passphrase = {-flag-identity} can't be used with {-flag-passphrase}. diff --git a/rage/i18n/es-AR/rage.ftl b/rage/i18n/es-AR/rage.ftl index bdd27f7..712dd0c 100644 --- a/rage/i18n/es-AR/rage.ftl +++ b/rage/i18n/es-AR/rage.ftl @@ -120,7 +120,6 @@ rec-enc-broken-stdout = Estás enviando por pipe a un programa que no está leye err-enc-broken-file = No se pudo escribir al archivo: {$err} -err-enc-missing-recipients = No se encontraron destinatarios. rec-enc-missing-recipients = ¿Te olvidaste de especificar {-flag-recipient}? err-enc-mixed-identity-passphrase = {-flag-identity} no puede ser usado con {-flag-passphrase}. diff --git a/rage/i18n/fr/rage.ftl b/rage/i18n/fr/rage.ftl index 802301a..dac6ded 100644 --- a/rage/i18n/fr/rage.ftl +++ b/rage/i18n/fr/rage.ftl @@ -158,7 +158,6 @@ rec-enc-broken-stdout = Etes-vous en train de piper vers programme qui ne lit pa err-enc-broken-file = N'a pas pu écrire dans le fichier: {$err} -err-enc-missing-recipients = Destinataires manquants. rec-enc-missing-recipients = Avez-vous oublié de spécifier {-flag-recipient} ? err-enc-mixed-identity-passphrase = {-flag-identity} {-cantuse} {-flag-passphrase}. diff --git a/rage/i18n/it/rage.ftl b/rage/i18n/it/rage.ftl index a1442b8..d88e154 100644 --- a/rage/i18n/it/rage.ftl +++ b/rage/i18n/it/rage.ftl @@ -152,7 +152,6 @@ rec-enc-broken-stdout = Stai usando una pipe verso un programma che non sta legg err-enc-broken-file = Impossibile scrivere sul file: {$err} -err-enc-missing-recipients = Destinatari mancanti. rec-enc-missing-recipients = Hai dimenticato di specificare {-flag-recipient}? err-enc-mixed-identity-passphrase = {-flag-identity} non può essere usato assieme a {-flag-passphrase}. diff --git a/rage/i18n/ru/rage.ftl b/rage/i18n/ru/rage.ftl index 0d46dd3..89b3153 100644 --- a/rage/i18n/ru/rage.ftl +++ b/rage/i18n/ru/rage.ftl @@ -154,7 +154,6 @@ rec-enc-broken-stdout = Вы передаете данные в программ err-enc-broken-file = Не удалось записать в файл: {$err} -err-enc-missing-recipients = Отсутствуют получатели. rec-enc-missing-recipients = Вы забыли указать {-flag-recipient}? err-enc-mixed-identity-passphrase = {-flag-identity} не может использоваться с {-flag-passphrase}. diff --git a/rage/i18n/zh-CN/rage.ftl b/rage/i18n/zh-CN/rage.ftl index c65550d..abd62ad 100644 --- a/rage/i18n/zh-CN/rage.ftl +++ b/rage/i18n/zh-CN/rage.ftl @@ -118,7 +118,6 @@ rec-enc-broken-stdout = 您是否输出至非从 stdin 读取数据的程序? err-enc-broken-file = 未能写入文件: {$err} -err-enc-missing-recipients = 缺少接收方。 rec-enc-missing-recipients = 您是否忘记指定 {-flag-recipient} 标记? err-enc-mixed-identity-passphrase = {-flag-identity} 和 {-flag-passphrase} 标记不可联用。 diff --git a/rage/i18n/zh-TW/rage.ftl b/rage/i18n/zh-TW/rage.ftl index 7ca24f4..df21098 100644 --- a/rage/i18n/zh-TW/rage.ftl +++ b/rage/i18n/zh-TW/rage.ftl @@ -118,7 +118,6 @@ rec-enc-broken-stdout = 您是否輸出至非從 stdin 讀取數據的程序? err-enc-broken-file = 未能寫入文件: {$err} -err-enc-missing-recipients = 缺少接收方。 rec-enc-missing-recipients = 您是否忘記指定 {-flag-recipient} 標記? err-enc-mixed-identity-passphrase = {-flag-identity} 和 {-flag-passphrase} 標記不可聯用。 diff --git a/rage/src/bin/rage/error.rs b/rage/src/bin/rage/error.rs index 596e52b..7ac82e9 100644 --- a/rage/src/bin/rage/error.rs +++ b/rage/src/bin/rage/error.rs @@ -29,7 +29,6 @@ pub(crate) enum EncryptError { }, IdentityRead(age::cli_common::ReadError), Io(io::Error), - MissingRecipients, MixedIdentityAndPassphrase, MixedRecipientAndPassphrase, MixedRecipientsFileAndPassphrase, @@ -63,6 +62,10 @@ impl From for EncryptError { impl fmt::Display for EncryptError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { + EncryptError::Age(e @ age::EncryptError::MissingRecipients) => { + writeln!(f, "{}", e)?; + wfl!(f, "rec-enc-missing-recipients") + } EncryptError::Age(e) => write!(f, "{}", e), EncryptError::BrokenPipe { is_stdout, source } => { if *is_stdout { @@ -74,10 +77,6 @@ impl fmt::Display for EncryptError { } EncryptError::IdentityRead(e) => write!(f, "{}", e), EncryptError::Io(e) => write!(f, "{}", e), - EncryptError::MissingRecipients => { - wlnfl!(f, "err-enc-missing-recipients")?; - wfl!(f, "rec-enc-missing-recipients") - } EncryptError::MixedIdentityAndPassphrase => { wfl!(f, "err-enc-mixed-identity-passphrase") } diff --git a/rage/src/bin/rage/main.rs b/rage/src/bin/rage/main.rs index 545e251..8644ab4 100644 --- a/rage/src/bin/rage/main.rs +++ b/rage/src/bin/rage/main.rs @@ -172,19 +172,20 @@ fn encrypt(opts: AgeOptions) -> Result<(), error::EncryptError> { } else { if opts.recipient.is_empty() && opts.recipients_file.is_empty() && opts.identity.is_empty() { - return Err(error::EncryptError::MissingRecipients); + return Err(error::EncryptError::Age( + age::EncryptError::MissingRecipients, + )); } - match age::Encryptor::with_recipients(read_recipients( + let recipients = read_recipients( opts.recipient, opts.recipients_file, opts.identity, opts.max_work_factor, &mut stdin_guard, - )?) { - Some(encryptor) => encryptor, - None => return Err(error::EncryptError::MissingRecipients), - } + )?; + + age::Encryptor::with_recipients(recipients.iter().map(|r| r.as_ref() as _))? }; let mut output = encryptor.wrap_output(ArmoredWriter::wrap_output(output, format)?)?; From 195b86b6bc23505cacb93317151b65bf4a3d4e9b Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 30 Aug 2024 11:29:39 -0400 Subject: [PATCH 60/77] age: Add streamlined APIs for encryption and decryption Closes str4d/rage#333. --- age/CHANGELOG.md | 5 +++ age/src/lib.rs | 91 ++++++++++++++++++++++++++++++++++++++- age/src/simple.rs | 107 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 age/src/simple.rs diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index f6ed153..7b0bb86 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -10,6 +10,11 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added +- New streamlined APIs for use with a single recipient or identity and a small + amount of data (that can fit entirely in memory): + - `age::encrypt` + - `age::encrypt_and_armor` + - `age::decrypt` - `age::Decryptor::{decrypt, decrypt_async, is_scrypt}` - `age::IdentityFile::to_recipients` - `age::IdentityFile::with_callbacks` diff --git a/age/src/lib.rs b/age/src/lib.rs index 70ad0a9..28f448b 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -27,7 +27,76 @@ //! //! # Examples //! -//! ## Recipient-based encryption +//! ## Streamlined APIs +//! +//! These are useful when you only need to encrypt to a single recipient, and the data is +//! small enough to fit in memory. +//! +//! ### Recipient-based encryption +//! +//! ``` +//! # fn run_main() -> Result<(), ()> { +//! let key = age::x25519::Identity::generate(); +//! let pubkey = key.to_public(); +//! +//! let plaintext = b"Hello world!"; +//! +//! # fn encrypt(pubkey: age::x25519::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> { +//! let encrypted = age::encrypt(&pubkey, plaintext)?; +//! # Ok(encrypted) +//! # } +//! # fn decrypt(key: age::x25519::Identity, encrypted: Vec) -> Result, age::DecryptError> { +//! let decrypted = age::decrypt(&key, &encrypted)?; +//! # Ok(decrypted) +//! # } +//! # let decrypted = decrypt( +//! # key, +//! # encrypt(pubkey, &plaintext[..]).map_err(|_| ())? +//! # ).map_err(|_| ())?; +//! +//! assert_eq!(decrypted, plaintext); +//! # Ok(()) +//! # } +//! # run_main().unwrap(); +//! ``` +//! +//! ## Passphrase-based encryption +//! +//! ``` +//! use age::secrecy::Secret; +//! +//! # fn run_main() -> Result<(), ()> { +//! let passphrase = Secret::new("this is not a good passphrase".to_owned()); +//! let recipient = age::scrypt::Recipient::new(passphrase.clone()); +//! let identity = age::scrypt::Identity::new(passphrase); +//! +//! let plaintext = b"Hello world!"; +//! +//! # fn encrypt(recipient: age::scrypt::Recipient, plaintext: &[u8]) -> Result, age::EncryptError> { +//! let encrypted = age::encrypt(&recipient, plaintext)?; +//! # Ok(encrypted) +//! # } +//! # fn decrypt(identity: age::scrypt::Identity, encrypted: Vec) -> Result, age::DecryptError> { +//! let decrypted = age::decrypt(&identity, &encrypted)?; +//! # Ok(decrypted) +//! # } +//! # let decrypted = decrypt( +//! # identity, +//! # encrypt(recipient, &plaintext[..]).map_err(|_| ())? +//! # ).map_err(|_| ())?; +//! +//! assert_eq!(decrypted, plaintext); +//! # Ok(()) +//! # } +//! # run_main().unwrap(); +//! ``` +//! +//! ## Full APIs +//! +//! The full APIs support encrypting to multiple recipients, streaming the data, and have +//! async I/O options. +//! +//! ### Recipient-based encryption //! //! ``` //! use std::io::{Read, Write}; @@ -155,6 +224,7 @@ pub use primitives::stream; pub use protocol::{Decryptor, Encryptor}; #[cfg(feature = "armor")] +#[cfg_attr(docsrs, doc(cfg(feature = "armor")))] pub use primitives::armor; #[cfg(feature = "cli-common")] @@ -164,6 +234,17 @@ pub mod cli_common; mod i18n; pub use i18n::localizer; +// +// Simple interface +// + +mod simple; +pub use simple::{decrypt, encrypt}; + +#[cfg(feature = "armor")] +#[cfg_attr(docsrs, doc(cfg(feature = "armor")))] +pub use simple::encrypt_and_armor; + // // Identity types // @@ -180,6 +261,10 @@ pub mod plugin; #[cfg_attr(docsrs, doc(cfg(feature = "ssh")))] pub mod ssh; +// +// Core traits +// + use age_core::{ format::{FileKey, Stanza}, secrecy::SecretString, @@ -342,6 +427,10 @@ impl Callbacks for NoCallbacks { } } +// +// Fuzzing APIs +// + /// Helper for fuzzing the Header parser and serializer. #[cfg(fuzzing)] pub fn fuzz_header(data: &[u8]) { diff --git a/age/src/simple.rs b/age/src/simple.rs new file mode 100644 index 0000000..dbf3b1b --- /dev/null +++ b/age/src/simple.rs @@ -0,0 +1,107 @@ +use std::io::{Read, Write}; +use std::iter; + +use crate::{ + error::{DecryptError, EncryptError}, + Decryptor, Encryptor, Identity, Recipient, +}; + +#[cfg(feature = "armor")] +use crate::armor::{ArmoredReader, ArmoredWriter, Format}; + +/// Encrypts the given plaintext to the given recipient. +/// +/// To encrypt to more than one recipient, use [`Encryptor::with_recipients`]. +/// +/// This function returns binary ciphertext. To obtain an ASCII-armored text string, use +/// [`encrypt_and_armor`]. +pub fn encrypt(recipient: &impl Recipient, plaintext: &[u8]) -> Result, EncryptError> { + let encryptor = + Encryptor::with_recipients(iter::once(recipient as _)).expect("we provided a recipient"); + + let mut ciphertext = Vec::with_capacity(plaintext.len()); + let mut writer = encryptor.wrap_output(&mut ciphertext)?; + writer.write_all(plaintext)?; + writer.finish()?; + + Ok(ciphertext) +} + +/// Encrypts the given plaintext to the given recipient, and wraps the ciphertext in ASCII +/// armor. +/// +/// To encrypt to more than one recipient, use [`Encryptor::with_recipients`] along with +/// [`ArmoredWriter`]. +#[cfg(feature = "armor")] +#[cfg_attr(docsrs, doc(cfg(feature = "armor")))] +pub fn encrypt_and_armor( + recipient: &impl Recipient, + plaintext: &[u8], +) -> Result { + let encryptor = + Encryptor::with_recipients(iter::once(recipient as _)).expect("we provided a recipient"); + + let mut ciphertext = Vec::with_capacity(plaintext.len()); + let mut writer = encryptor.wrap_output(ArmoredWriter::wrap_output( + &mut ciphertext, + Format::AsciiArmor, + )?)?; + writer.write_all(plaintext)?; + writer.finish()?.finish()?; + + Ok(String::from_utf8(ciphertext).expect("is armored")) +} + +/// Decrypts the given ciphertext with the given identity. +/// +/// If the `armor` feature flag is enabled, this will also handle armored age ciphertexts. +/// +/// To attempt decryption with more than one identity, use [`Decryptor`] (as well as +/// [`ArmoredReader`] if the `armor` feature flag is enabled). +pub fn decrypt(identity: &impl Identity, ciphertext: &[u8]) -> Result, DecryptError> { + #[cfg(feature = "armor")] + let decryptor = Decryptor::new_buffered(ArmoredReader::new(ciphertext))?; + + #[cfg(not(feature = "armor"))] + let decryptor = Decryptor::new_buffered(ciphertext)?; + + let mut plaintext = vec![]; + let mut reader = decryptor.decrypt(iter::once(identity as _))?; + reader.read_to_end(&mut plaintext)?; + + Ok(plaintext) +} + +#[cfg(test)] +mod tests { + use super::{decrypt, encrypt}; + use crate::x25519; + + #[cfg(feature = "armor")] + use super::encrypt_and_armor; + + #[test] + fn x25519_round_trip() { + let sk: x25519::Identity = crate::x25519::tests::TEST_SK.parse().unwrap(); + let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); + let test_msg = b"This is a test message. For testing."; + + let encrypted = encrypt(&pk, test_msg).unwrap(); + let decrypted = decrypt(&sk, &encrypted).unwrap(); + assert_eq!(&decrypted[..], &test_msg[..]); + } + + #[cfg(feature = "armor")] + #[test] + fn x25519_round_trip_armor() { + let sk: x25519::Identity = crate::x25519::tests::TEST_SK.parse().unwrap(); + let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); + let test_msg = b"This is a test message. For testing."; + + let encrypted = encrypt_and_armor(&pk, test_msg).unwrap(); + assert!(encrypted.starts_with("-----BEGIN AGE ENCRYPTED FILE-----")); + + let decrypted = decrypt(&sk, encrypted.as_bytes()).unwrap(); + assert_eq!(&decrypted[..], &test_msg[..]); + } +} From 5955e489b7aae2cedf212a656fb05ffdcc0e2848 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 13:04:31 +0000 Subject: [PATCH 61/77] build(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4.4.1...v4.5.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1217a04..4eb1827 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,7 +91,7 @@ jobs: --timeout 180 --out xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4.4.1 + uses: codecov/codecov-action@v4.5.0 with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} From 5237281929c376e68554a073c3b4890a53d0317f Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 4 Sep 2024 01:04:52 +0000 Subject: [PATCH 62/77] rage: Add MacPorts package to installation list Closes str4d/rage#526. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 757603e..3bf0199 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ For more plugins, implementations, tools, and integrations, check out the |-------------|-------------| | Cargo (Rust 1.65+) | `cargo install rage` | | Homebrew (macOS or Linux) | `brew install rage` | +| MacPorts | `port install rage` | | Alpine Linux (edge) | `apk add rage` | | Arch Linux | `pacman -S rage-encryption` | | Debian | [Debian packages](https://github.com/str4d/rage/releases) | From a5661495f61886d050403d34a672dc1c0aabacfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Oct 2024 03:14:33 +0000 Subject: [PATCH 63/77] build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4.5.0...v4.6.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4eb1827..3d92bfd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,7 +91,7 @@ jobs: --timeout 180 --out xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4.5.0 + uses: codecov/codecov-action@v4.6.0 with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} From 5bae3f1eae4c3303f1b6ae371aa78a237a8caa49 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 19 Oct 2024 23:56:48 +0000 Subject: [PATCH 64/77] age-plugin: Fix no-label recipient plugins with old clients --- age-plugin/src/recipient.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index a7c54b9..3a12161 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -430,7 +430,10 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { }; let labels = labels.iter().map(|s| s.as_str()).collect::>(); - phase.send(LABELS, &labels, &[])?.unwrap(); + // We confirmed above that if `labels` is non-empty, the client supports labels. + // So we can unconditionally send this, and will only get an `unsupported` + // response if `labels` is empty (where it does not matter). + let _ = phase.send(LABELS, &labels, &[])?; match plugin.wrap_file_keys(file_keys, BidirCallbacks(&mut phase))? { Ok(files) => { From e8f14448e42686f07398cfc5416bc0ebf1dade50 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 20 Oct 2024 04:17:31 +0000 Subject: [PATCH 65/77] Update cargo-vet --- supply-chain/config.toml | 18 +--------- supply-chain/imports.lock | 71 ++++++++++++++++++++++++++------------- 2 files changed, 48 insertions(+), 41 deletions(-) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 86bb2aa..0fec24e 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -2,7 +2,7 @@ # cargo-vet config file [cargo-vet] -version = "0.9" +version = "0.10" [imports.bytecode-alliance] url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" @@ -53,10 +53,6 @@ criteria = "safe-to-deploy" version = "0.10.3" criteria = "safe-to-deploy" -[[exemptions.ahash]] -version = "0.8.6" -criteria = "safe-to-run" - [[exemptions.aho-corasick]] version = "1.1.1" criteria = "safe-to-deploy" @@ -121,10 +117,6 @@ criteria = "safe-to-deploy" version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.byteorder]] -version = "1.4.3" -criteria = "safe-to-deploy" - [[exemptions.bzip2]] version = "0.4.4" criteria = "safe-to-deploy" @@ -445,10 +437,6 @@ criteria = "safe-to-deploy" version = "0.4.12" criteria = "safe-to-deploy" -[[exemptions.log]] -version = "0.4.22" -criteria = "safe-to-deploy" - [[exemptions.memchr]] version = "2.6.3" criteria = "safe-to-deploy" @@ -725,10 +713,6 @@ criteria = "safe-to-deploy" version = "0.1.0" criteria = "safe-to-run" -[[exemptions.strsim]] -version = "0.11.1" -criteria = "safe-to-deploy" - [[exemptions.symbolic-common]] version = "12.10.0" criteria = "safe-to-run" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 294cef0..a89961e 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -517,6 +517,28 @@ delta = "0.8.2 -> 0.8.4" notes = "Audited at https://fxrev.dev/987054" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.ahash]] +who = "Nicholas Bishop " +criteria = "safe-to-run" +version = "0.8.3" +notes = """ +Note on does-not-implement-crypto: the aHash documentation explicitly +states it is not a cryptographically secure hash. +""" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.ahash]] +who = "Nicholas Bishop " +criteria = "safe-to-run" +delta = "0.8.3 -> 0.8.5" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + +[[audits.google.audits.ahash]] +who = "Nicholas Bishop " +criteria = "safe-to-run" +delta = "0.8.5 -> 0.8.11" +aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" + [[audits.google.audits.arrayvec]] who = "Nicholas Bishop " criteria = "safe-to-run" @@ -608,6 +630,13 @@ instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.byteorder]] +who = "danakj " +criteria = "safe-to-deploy" +version = "1.5.0" +notes = "Unsafe review in https://crrev.com/c/5838022" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.cast]] who = "George Burgess IV " criteria = "safe-to-run" @@ -779,6 +808,18 @@ delta = "1.4.0 -> 1.5.0" notes = "Unsafe review notes: https://crrev.com/c/5650836" aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.log]] +who = "danakj " +criteria = "safe-to-deploy" +version = "0.4.22" +notes = """ +Unsafe review in https://docs.google.com/document/d/1IXQbD1GhTRqNHIGxq6yy7qHqxeO4CwN5noMFXnqyDIM/edit?usp=sharing + +Unsafety is generally very well-documented, with one exception, which we +describe in the review doc. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.memmap2]] who = "Ying Hsu " criteria = "safe-to-run" @@ -1383,12 +1424,6 @@ renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.ahash]] -who = "Erich Gubler " -criteria = "safe-to-deploy" -delta = "0.8.7 -> 0.8.11" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -1710,6 +1745,12 @@ version = "1.1.0" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.strsim]] +who = "Ben Dean-Kawamura " +criteria = "safe-to-deploy" +delta = "0.10.0 -> 0.11.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.subtle]] who = "Simon Friedberger " criteria = "safe-to-deploy" @@ -1839,13 +1880,6 @@ criteria = "safe-to-deploy" delta = "0.5.1 -> 0.5.2" aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.ahash]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "0.8.6 -> 0.8.7" -notes = "Build-time `stdsimd` detection is replaced with a nightly-only feature flag." -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.aho-corasick]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -1889,17 +1923,6 @@ delta = "0.10.3 -> 0.10.4" notes = "Adds panics to prevent a block size of zero from causing unsoundness." aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" -[[audits.zcash.audits.byteorder]] -who = "Jack Grigg " -criteria = "safe-to-deploy" -delta = "1.4.3 -> 1.5.0" -notes = """ -- Adds two assertions to check the safety of `slice::from_raw_parts_mut` calls. -- Replaces a bunch of `unsafe` blocks containing `copy_nonoverlapping` calls - with safe `<&mut [u8]>::copy_from_slice` calls. -""" -aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml" - [[audits.zcash.audits.cipher]] who = "Daira Hopwood " criteria = "safe-to-deploy" From a59f0479d0e5478ddfb21cc4db5f5742b8a4d343 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 03:34:07 +0000 Subject: [PATCH 66/77] cargo update --- Cargo.lock | 237 +++++++++++----------- fuzz-afl/Cargo.lock | 331 ++++++++++++++----------------- fuzz/Cargo.lock | 333 +++++++++++++++---------------- supply-chain/audits.toml | 6 + supply-chain/config.toml | 64 +++--- supply-chain/imports.lock | 405 +++++++++++++++++++++++++++++++------- 6 files changed, 795 insertions(+), 581 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8758b64..280c3d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,12 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "adler2" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" + [[package]] name = "aead" version = "0.5.2" @@ -229,9 +235,9 @@ checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "arrayvec" -version = "0.7.4" +version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" [[package]] name = "autocfg" @@ -249,7 +255,7 @@ dependencies = [ "cc", "cfg-if", "libc", - "miniz_oxide", + "miniz_oxide 0.7.4", "object", "rustc-demangle", ] @@ -361,9 +367,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytemuck" -version = "1.16.3" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83" +checksum = "8334215b81e418a0a7bdb8ef0849474f40bb10c8b71f1c4ed315cff49f32494d" [[package]] name = "byteorder" @@ -409,9 +415,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.14" +version = "1.1.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" +checksum = "67b9470d453346108f93a59222a9a1a5724db32d0a4727b7ab7ace4b4d822dc9" dependencies = [ "jobserver", "libc", @@ -541,7 +547,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -771,18 +777,18 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] name = "dashmap" -version = "6.0.1" +version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "804c8821570c3f8b70230c2ba75ffa5c0f9a4189b9a432b6656c536712acae28" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" dependencies = [ "cfg-if", "crossbeam-utils", - "hashbrown", + "hashbrown 0.14.5", "lock_api", "once_cell", "parking_lot_core", @@ -827,7 +833,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -879,9 +885,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" +checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6" [[package]] name = "fiat-crypto" @@ -891,9 +897,9 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "filetime" -version = "0.2.24" +version = "0.2.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf401df4a4e3872c4fe8151134cf483738e74b67fc934d6532c882b3d24a4550" +checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586" dependencies = [ "cfg-if", "libc", @@ -924,12 +930,12 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.30" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae" +checksum = "a1b589b4dc103969ad3cf85c950899926ec64300a1a46d76c03a6072957036f0" dependencies = [ "crc32fast", - "miniz_oxide", + "miniz_oxide 0.8.0", ] [[package]] @@ -1065,7 +1071,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -1173,6 +1179,12 @@ version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" +[[package]] +name = "hashbrown" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb" + [[package]] name = "heck" version = "0.4.1" @@ -1256,9 +1268,9 @@ dependencies = [ [[package]] name = "i18n-embed" -version = "0.15.0" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e901c87176ac0b615033c81dbe927c230f74700abfd60ed953a6f547c87bbe6d" +checksum = "a7839d8c7bb8da7bd58c1112d3a1aeb7f178ff3df4ae87783e758ca3bfb750b7" dependencies = [ "arc-swap", "fluent", @@ -1278,9 +1290,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d73fe51b9655599147183495551696628b335f75b2dbfa225196b16d69d7288e" +checksum = "f6e9571c3cba9eba538eaa5ee40031b26debe76f0c7e17bafc97ea57a76cd82e" dependencies = [ "dashmap", "find-crate", @@ -1289,32 +1301,32 @@ dependencies = [ "i18n-config", "i18n-embed", "lazy_static", - "proc-macro-error", + "proc-macro-error2", "proc-macro2", "quote", "strsim 0.11.1", - "syn 2.0.75", + "syn", "unic-langid", ] [[package]] name = "i18n-embed-impl" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81093c4701672f59416582fe3145676126fd23ba5db910acad0793c1108aaa58" +checksum = "0f2cc0e0523d1fe6fc2c6f66e5038624ea8091b3e7748b5e8e0c84b1698db6c2" dependencies = [ "find-crate", "i18n-config", "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] name = "iana-time-zone" -version = "0.1.60" +version = "0.1.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" +checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220" dependencies = [ "android_system_properties", "core-foundation-sys", @@ -1335,12 +1347,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.4.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c" +checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" dependencies = [ "equivalent", - "hashbrown", + "hashbrown 0.15.0", ] [[package]] @@ -1451,9 +1463,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.158" +version = "0.2.161" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" +checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1" [[package]] name = "libm" @@ -1546,6 +1558,15 @@ dependencies = [ "adler", ] +[[package]] +name = "miniz_oxide" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1" +dependencies = [ + "adler2", +] + [[package]] name = "nix" version = "0.26.4" @@ -1682,18 +1703,18 @@ dependencies = [ [[package]] name = "object" -version = "0.36.3" +version = "0.36.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" +checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.19.0" +version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" [[package]] name = "oorandom" @@ -1806,7 +1827,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -1823,9 +1844,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pinentry" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa5b8bc68be6a5e2ba84ee86db53f816cba1905b94fcb7c236e606221cc8fc8" +checksum = "72268b7db3a2075ea65d4b93b755d086e99196e327837e690db6559b393a8d69" dependencies = [ "log", "nom", @@ -1864,9 +1885,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1877,9 +1898,9 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" @@ -1945,34 +1966,32 @@ dependencies = [ ] [[package]] -name = "proc-macro-error" -version = "1.0.4" +name = "proc-macro-error-attr2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" dependencies = [ - "proc-macro-error-attr", "proc-macro2", "quote", - "syn 1.0.109", - "version_check", ] [[package]] -name = "proc-macro-error-attr" -version = "1.0.4" +name = "proc-macro-error2" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" dependencies = [ + "proc-macro-error-attr2", "proc-macro2", "quote", - "version_check", + "syn", ] [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] @@ -2014,9 +2033,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -2110,9 +2129,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.3" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" dependencies = [ "bitflags 2.6.0", ] @@ -2148,9 +2167,9 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rgb" -version = "0.8.48" +version = "0.8.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f86ae463694029097b846d8f99fd5536740602ae00022c0c50c5600720b2f71" +checksum = "57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a" dependencies = [ "bytemuck", ] @@ -2222,7 +2241,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.75", + "syn", "walkdir", ] @@ -2250,18 +2269,18 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "aa260229e6538e52293eeb577aabd09945a09d6d9cc0fc550ed7529056c2e32a" dependencies = [ "bitflags 2.6.0", "errno", @@ -2355,29 +2374,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03" dependencies = [ "itoa", "memchr", @@ -2532,9 +2551,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "symbolic-common" -version = "12.10.0" +version = "12.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16629323a4ec5268ad23a575110a724ad4544aae623451de600c747bf87b36cf" +checksum = "366f1b4c6baf6cfefc234bbd4899535fca0b06c74443039a73f6dfb2fad88d77" dependencies = [ "debugid", "memmap2", @@ -2544,9 +2563,9 @@ dependencies = [ [[package]] name = "symbolic-demangle" -version = "12.10.0" +version = "12.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c043a45f08f41187414592b3ceb53fb0687da57209cc77401767fb69d5b596" +checksum = "aba05ba5b9962ea5617baf556293720a8b2d0a282aa14ee4bf10e22efc7da8c8" dependencies = [ "cpp_demangle", "rustc-demangle", @@ -2555,19 +2574,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.109" +version = "2.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "unicode-ident", -] - -[[package]] -name = "syn" -version = "2.0.75" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" +checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" dependencies = [ "proc-macro2", "quote", @@ -2576,9 +2585,9 @@ dependencies = [ [[package]] name = "tar" -version = "0.4.41" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb797dad5fb5b76fcf519e702f4a589483b5ef06567f160c392832c1f5e44909" +checksum = "c65998313f8e17d0d553d28f91a0df93e4dbbbf770279c7bc21ca0f09ea1a1f6" dependencies = [ "filetime", "libc", @@ -2624,7 +2633,7 @@ dependencies = [ "cfg-if", "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -2635,28 +2644,28 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", "test-case-core", ] [[package]] name = "thiserror" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" +checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.63" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" +checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -2723,7 +2732,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -2815,9 +2824,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -2837,9 +2846,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.10.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314" +checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a" [[package]] name = "version_check" @@ -2893,7 +2902,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.75", + "syn", "wasm-bindgen-shared", ] @@ -2915,7 +2924,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2970,7 +2979,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.48.0", ] [[package]] @@ -3268,7 +3277,7 @@ checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -3279,7 +3288,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] @@ -3299,7 +3308,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn", ] [[package]] diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index 6fe8ce2..31a0e07 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -14,9 +14,9 @@ dependencies = [ [[package]] name = "afl" -version = "0.15.10" +version = "0.15.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c21e10b6947189c5ff61343b5354e9ad1c1722bd47b69cd0a6b49e5fa7f7ecf6" +checksum = "80bb240a3b9ff18002142c1a736e98046461d51a694d687c3e7329b456ab0fe4" dependencies = [ "home", "libc", @@ -79,9 +79,9 @@ checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "autocfg" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "base64" @@ -89,6 +89,15 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +[[package]] +name = "basic-toml" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8" +dependencies = [ + "serde", +] + [[package]] name = "bech32" version = "0.9.1" @@ -110,6 +119,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + [[package]] name = "cfg-if" version = "1.0.0" @@ -162,13 +177,19 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] +[[package]] +name = "crossbeam-utils" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" + [[package]] name = "crypto-common" version = "0.1.6" @@ -202,16 +223,17 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "dashmap" -version = "5.5.3" +version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" dependencies = [ "cfg-if", + "crossbeam-utils", "hashbrown", "lock_api", "once_cell", @@ -237,15 +259,9 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] -[[package]] -name = "equivalent" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" - [[package]] name = "fiat-crypto" version = "0.2.9" @@ -258,7 +274,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59a98bbaacea1c0eb6a0876280051b892eb73594fd90cf3b20e9c817029c57d2" dependencies = [ - "toml 0.5.11", + "toml", ] [[package]] @@ -307,9 +323,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" +checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876" dependencies = [ "futures-channel", "futures-core", @@ -322,9 +338,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" dependencies = [ "futures-core", "futures-sink", @@ -332,15 +348,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" +checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" [[package]] name = "futures-executor" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" +checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f" dependencies = [ "futures-core", "futures-task", @@ -349,38 +365,38 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" +checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" [[package]] name = "futures-macro" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" +checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "futures-sink" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" +checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" [[package]] name = "futures-task" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" +checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" [[package]] name = "futures-util" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" dependencies = [ "futures-channel", "futures-core", @@ -445,28 +461,28 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "i18n-config" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c9ce3c48cbc21fd5b22b9331f32b5b51f6ad85d969b99e793427332e76e7640" +checksum = "8e88074831c0be5b89181b05e6748c4915f77769ecc9a4c372f88b169a8509c9" dependencies = [ + "basic-toml", "log", "serde", "serde_derive", "thiserror", - "toml 0.8.16", "unic-langid", ] [[package]] name = "i18n-embed" -version = "0.14.1" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c" +checksum = "a7839d8c7bb8da7bd58c1112d3a1aeb7f178ff3df4ae87783e758ca3bfb750b7" dependencies = [ "arc-swap", "fluent", @@ -485,9 +501,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.8.0" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" +checksum = "f6e9571c3cba9eba538eaa5ee40031b26debe76f0c7e17bafc97ea57a76cd82e" dependencies = [ "dashmap", "find-crate", @@ -496,35 +512,25 @@ dependencies = [ "i18n-config", "i18n-embed", "lazy_static", - "proc-macro-error", + "proc-macro-error2", "proc-macro2", "quote", "strsim", - "syn 2.0.72", + "syn", "unic-langid", ] [[package]] name = "i18n-embed-impl" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81093c4701672f59416582fe3145676126fd23ba5db910acad0793c1108aaa58" +checksum = "0f2cc0e0523d1fe6fc2c6f66e5038624ea8091b3e7748b5e8e0c84b1698db6c2" dependencies = [ "find-crate", "i18n-config", "proc-macro2", "quote", - "syn 2.0.72", -] - -[[package]] -name = "indexmap" -version = "2.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" -dependencies = [ - "equivalent", - "hashbrown", + "syn", ] [[package]] @@ -569,9 +575,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.155" +version = "0.2.161" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1" [[package]] name = "lock_api" @@ -613,9 +619,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.19.0" +version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" [[package]] name = "opaque-debug" @@ -658,29 +664,29 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.5" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" +checksum = "be57f64e946e500c8ee36ef6331845d40a93055567ec57e8fae13efd33759b95" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.5" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" +checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "pin-project-lite" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" +checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff" [[package]] name = "pin-utils" @@ -701,48 +707,49 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", + "zerocopy", ] [[package]] -name = "proc-macro-error-attr" -version = "1.0.4" +name = "proc-macro-error-attr2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" dependencies = [ "proc-macro2", "quote", - "version_check", +] + +[[package]] +name = "proc-macro-error2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" +dependencies = [ + "proc-macro-error-attr2", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -779,9 +786,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.3" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" dependencies = [ "bitflags", ] @@ -806,7 +813,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.72", + "syn", "walkdir", ] @@ -828,9 +835,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] @@ -902,31 +909,22 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", -] - -[[package]] -name = "serde_spanned" -version = "0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" -dependencies = [ - "serde", + "syn", ] [[package]] @@ -957,9 +955,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "strsim" -version = "0.10.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" @@ -969,19 +967,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "1.0.109" +version = "2.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "unicode-ident", -] - -[[package]] -name = "syn" -version = "2.0.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" dependencies = [ "proc-macro2", "quote", @@ -990,22 +978,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.63" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" +checksum = "5d171f59dbaa811dbbb1aee1e73db92ec2b122911a48e1390dfe327a821ddede" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.63" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" +checksum = "b08be0f17bd307950653ce45db00cd31200d82b624b36e181337d9c7d92765b5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] @@ -1026,40 +1014,6 @@ dependencies = [ "serde", ] -[[package]] -name = "toml" -version = "0.8.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81967dd0dd2c1ab0bc3468bd7caecc32b8a4aa47d0c8c695d8c2b2108168d62c" -dependencies = [ - "serde", - "serde_spanned", - "toml_datetime", - "toml_edit", -] - -[[package]] -name = "toml_datetime" -version = "0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8fb9f64314842840f1d940ac544da178732128f1c78c21772e876579e0da1db" -dependencies = [ - "serde", -] - -[[package]] -name = "toml_edit" -version = "0.22.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9f8729f5aea9562aac1cc0441f5d6de3cff1ee0c5d67293eeca5eb36ee7c16" -dependencies = [ - "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "winnow", -] - [[package]] name = "type-map" version = "0.5.0" @@ -1096,9 +1050,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -1134,11 +1088,11 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -1150,6 +1104,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -1214,15 +1177,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" -[[package]] -name = "winnow" -version = "0.6.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b480ae9340fc261e6be3e95a1ba86d54ae3f9171132a73ce8d4bbaf68339507c" -dependencies = [ - "memchr", -] - [[package]] name = "x25519-dalek" version = "2.0.1" @@ -1241,6 +1195,27 @@ version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "213b7324336b53d2414b2db8537e56544d981803139155afa84f76eeebb7a546" +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zeroize" version = "1.8.1" @@ -1258,5 +1233,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 5113e6f..d1e0548 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -75,9 +75,9 @@ checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] name = "autocfg" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "base64" @@ -85,6 +85,15 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +[[package]] +name = "basic-toml" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8" +dependencies = [ + "serde", +] + [[package]] name = "bech32" version = "0.9.1" @@ -107,10 +116,19 @@ dependencies = [ ] [[package]] -name = "cc" -version = "1.1.6" +name = "byteorder" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cc" +version = "1.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b9470d453346108f93a59222a9a1a5724db32d0a4727b7ab7ace4b4d822dc9" +dependencies = [ + "shlex", +] [[package]] name = "cfg-if" @@ -164,13 +182,19 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] +[[package]] +name = "crossbeam-utils" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" + [[package]] name = "crypto-common" version = "0.1.6" @@ -204,16 +228,17 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "dashmap" -version = "5.5.3" +version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" dependencies = [ "cfg-if", + "crossbeam-utils", "hashbrown", "lock_api", "once_cell", @@ -239,15 +264,9 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] -[[package]] -name = "equivalent" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" - [[package]] name = "fiat-crypto" version = "0.2.9" @@ -260,7 +279,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "59a98bbaacea1c0eb6a0876280051b892eb73594fd90cf3b20e9c817029c57d2" dependencies = [ - "toml 0.5.11", + "toml", ] [[package]] @@ -309,9 +328,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" +checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876" dependencies = [ "futures-channel", "futures-core", @@ -324,9 +343,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" dependencies = [ "futures-core", "futures-sink", @@ -334,15 +353,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" +checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" [[package]] name = "futures-executor" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d" +checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f" dependencies = [ "futures-core", "futures-task", @@ -351,38 +370,38 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" +checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" [[package]] name = "futures-macro" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" +checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "futures-sink" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" +checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" [[package]] name = "futures-task" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" +checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" [[package]] name = "futures-util" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" dependencies = [ "futures-channel", "futures-core", @@ -443,23 +462,23 @@ dependencies = [ [[package]] name = "i18n-config" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c9ce3c48cbc21fd5b22b9331f32b5b51f6ad85d969b99e793427332e76e7640" +checksum = "8e88074831c0be5b89181b05e6748c4915f77769ecc9a4c372f88b169a8509c9" dependencies = [ + "basic-toml", "log", "serde", "serde_derive", "thiserror", - "toml 0.8.16", "unic-langid", ] [[package]] name = "i18n-embed" -version = "0.14.1" +version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c" +checksum = "a7839d8c7bb8da7bd58c1112d3a1aeb7f178ff3df4ae87783e758ca3bfb750b7" dependencies = [ "arc-swap", "fluent", @@ -478,9 +497,9 @@ dependencies = [ [[package]] name = "i18n-embed-fl" -version = "0.8.0" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8241a781f49e923415e106fcd1f89c3fab92cc9f699a521c56e95dee273903d3" +checksum = "f6e9571c3cba9eba538eaa5ee40031b26debe76f0c7e17bafc97ea57a76cd82e" dependencies = [ "dashmap", "find-crate", @@ -489,35 +508,25 @@ dependencies = [ "i18n-config", "i18n-embed", "lazy_static", - "proc-macro-error", + "proc-macro-error2", "proc-macro2", "quote", "strsim", - "syn 2.0.72", + "syn", "unic-langid", ] [[package]] name = "i18n-embed-impl" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81093c4701672f59416582fe3145676126fd23ba5db910acad0793c1108aaa58" +checksum = "0f2cc0e0523d1fe6fc2c6f66e5038624ea8091b3e7748b5e8e0c84b1698db6c2" dependencies = [ "find-crate", "i18n-config", "proc-macro2", "quote", - "syn 2.0.72", -] - -[[package]] -name = "indexmap" -version = "2.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" -dependencies = [ - "equivalent", - "hashbrown", + "syn", ] [[package]] @@ -562,9 +571,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.155" +version = "0.2.161" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1" [[package]] name = "libfuzzer-sys" @@ -615,9 +624,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.19.0" +version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" [[package]] name = "opaque-debug" @@ -660,29 +669,29 @@ dependencies = [ [[package]] name = "pin-project" -version = "1.1.5" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" +checksum = "be57f64e946e500c8ee36ef6331845d40a93055567ec57e8fae13efd33759b95" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.1.5" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" +checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] name = "pin-project-lite" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" +checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff" [[package]] name = "pin-utils" @@ -703,48 +712,49 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", + "zerocopy", ] [[package]] -name = "proc-macro-error-attr" -version = "1.0.4" +name = "proc-macro-error-attr2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" dependencies = [ "proc-macro2", "quote", - "version_check", +] + +[[package]] +name = "proc-macro-error2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" +dependencies = [ + "proc-macro-error-attr2", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -781,9 +791,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.3" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" +checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" dependencies = [ "bitflags", ] @@ -808,7 +818,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "syn 2.0.72", + "syn", "walkdir", ] @@ -830,9 +840,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] @@ -904,31 +914,22 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.214" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", -] - -[[package]] -name = "serde_spanned" -version = "0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" -dependencies = [ - "serde", + "syn", ] [[package]] @@ -942,6 +943,12 @@ dependencies = [ "digest", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "slab" version = "0.4.9" @@ -959,9 +966,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "strsim" -version = "0.10.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" @@ -971,19 +978,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "1.0.109" +version = "2.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "unicode-ident", -] - -[[package]] -name = "syn" -version = "2.0.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" dependencies = [ "proc-macro2", "quote", @@ -992,22 +989,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.63" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" +checksum = "5d171f59dbaa811dbbb1aee1e73db92ec2b122911a48e1390dfe327a821ddede" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.63" +version = "1.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" +checksum = "b08be0f17bd307950653ce45db00cd31200d82b624b36e181337d9c7d92765b5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] [[package]] @@ -1028,40 +1025,6 @@ dependencies = [ "serde", ] -[[package]] -name = "toml" -version = "0.8.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81967dd0dd2c1ab0bc3468bd7caecc32b8a4aa47d0c8c695d8c2b2108168d62c" -dependencies = [ - "serde", - "serde_spanned", - "toml_datetime", - "toml_edit", -] - -[[package]] -name = "toml_datetime" -version = "0.6.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8fb9f64314842840f1d940ac544da178732128f1c78c21772e876579e0da1db" -dependencies = [ - "serde", -] - -[[package]] -name = "toml_edit" -version = "0.22.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9f8729f5aea9562aac1cc0441f5d6de3cff1ee0c5d67293eeca5eb36ee7c16" -dependencies = [ - "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "winnow", -] - [[package]] name = "type-map" version = "0.5.0" @@ -1098,9 +1061,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -1136,18 +1099,18 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ "windows-sys", ] [[package]] name = "windows-sys" -version = "0.52.0" +version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" dependencies = [ "windows-targets", ] @@ -1216,15 +1179,6 @@ version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" -[[package]] -name = "winnow" -version = "0.6.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b480ae9340fc261e6be3e95a1ba86d54ae3f9171132a73ce8d4bbaf68339507c" -dependencies = [ - "memchr", -] - [[package]] name = "x25519-dalek" version = "2.0.1" @@ -1237,6 +1191,27 @@ dependencies = [ "zeroize", ] +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zeroize" version = "1.8.1" @@ -1254,5 +1229,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn", ] diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index bd8ca6f..679e9d1 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -6,6 +6,12 @@ description = "The cryptographic code in this crate has been reviewed for correc [audits] +[[trusted.pinentry]] +criteria = "safe-to-deploy" +user-id = 6289 # Jack Grigg (str4d) +start = "2020-01-12" +end = "2025-11-03" + [[trusted.windows-sys]] criteria = "safe-to-deploy" user-id = 64539 # Kenny Kerr (kennykerr) diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 0fec24e..d38c238 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -130,7 +130,7 @@ version = "0.1.2" criteria = "safe-to-deploy" [[exemptions.cc]] -version = "1.1.14" +version = "1.1.34" criteria = "safe-to-deploy" [[exemptions.chacha20]] @@ -157,10 +157,6 @@ criteria = "safe-to-run" version = "0.2.2" criteria = "safe-to-run" -[[exemptions.cipher]] -version = "0.3.0" -criteria = "safe-to-deploy" - [[exemptions.clap]] version = "4.3.24" criteria = "safe-to-deploy" @@ -246,7 +242,7 @@ version = "0.1.0" criteria = "safe-to-deploy" [[exemptions.dashmap]] -version = "6.0.1" +version = "6.1.0" criteria = "safe-to-deploy" [[exemptions.der]] @@ -274,7 +270,7 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.filetime]] -version = "0.2.24" +version = "0.2.25" criteria = "safe-to-deploy" [[exemptions.find-crate]] @@ -341,6 +337,10 @@ criteria = "safe-to-deploy" version = "0.14.2" criteria = "safe-to-deploy" +[[exemptions.hashbrown]] +version = "0.15.0" +criteria = "safe-to-run" + [[exemptions.hermit-abi]] version = "0.3.3" criteria = "safe-to-deploy" @@ -370,23 +370,23 @@ version = "0.4.7" criteria = "safe-to-deploy" [[exemptions.i18n-embed]] -version = "0.15.0" +version = "0.15.2" criteria = "safe-to-deploy" [[exemptions.i18n-embed-fl]] -version = "0.9.1" +version = "0.9.2" criteria = "safe-to-deploy" [[exemptions.i18n-embed-impl]] -version = "0.8.3" +version = "0.8.4" criteria = "safe-to-deploy" [[exemptions.iana-time-zone]] -version = "0.1.60" +version = "0.1.61" criteria = "safe-to-deploy" [[exemptions.indexmap]] -version = "2.4.0" +version = "2.6.0" criteria = "safe-to-run" [[exemptions.inferno]] @@ -474,7 +474,7 @@ version = "0.1.1" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.36.3" +version = "0.36.5" criteria = "safe-to-run" [[exemptions.once_cell]] @@ -517,10 +517,6 @@ criteria = "safe-to-deploy" version = "1.1.3" criteria = "safe-to-deploy" -[[exemptions.pinentry]] -version = "0.5.0" -criteria = "safe-to-deploy" - [[exemptions.pkcs1]] version = "0.7.5" criteria = "safe-to-deploy" @@ -530,11 +526,11 @@ version = "0.10.2" criteria = "safe-to-deploy" [[exemptions.plotters]] -version = "0.3.6" +version = "0.3.7" criteria = "safe-to-run" [[exemptions.plotters-backend]] -version = "0.3.6" +version = "0.3.7" criteria = "safe-to-run" [[exemptions.plotters-svg]] @@ -557,8 +553,12 @@ criteria = "safe-to-run" version = "0.2.20" criteria = "safe-to-deploy" -[[exemptions.proc-macro-error]] -version = "1.0.4" +[[exemptions.proc-macro-error-attr2]] +version = "2.0.0" +criteria = "safe-to-deploy" + +[[exemptions.proc-macro-error2]] +version = "2.0.1" criteria = "safe-to-deploy" [[exemptions.proptest]] @@ -578,7 +578,7 @@ version = "0.8.5" criteria = "safe-to-deploy" [[exemptions.redox_syscall]] -version = "0.5.3" +version = "0.5.7" criteria = "safe-to-deploy" [[exemptions.regex]] @@ -594,7 +594,7 @@ version = "0.7.2" criteria = "safe-to-deploy" [[exemptions.rgb]] -version = "0.8.48" +version = "0.8.50" criteria = "safe-to-run" [[exemptions.roff]] @@ -669,10 +669,6 @@ criteria = "safe-to-deploy" version = "0.6.3" criteria = "safe-to-run" -[[exemptions.sha1]] -version = "0.10.6" -criteria = "safe-to-deploy" - [[exemptions.sha2]] version = "0.10.8" criteria = "safe-to-deploy" @@ -714,23 +710,19 @@ version = "0.1.0" criteria = "safe-to-run" [[exemptions.symbolic-common]] -version = "12.10.0" +version = "12.12.0" criteria = "safe-to-run" [[exemptions.symbolic-demangle]] -version = "12.10.0" +version = "12.12.0" criteria = "safe-to-run" [[exemptions.syn]] -version = "1.0.102" -criteria = "safe-to-deploy" - -[[exemptions.syn]] -version = "2.0.75" +version = "2.0.87" criteria = "safe-to-deploy" [[exemptions.tar]] -version = "0.4.41" +version = "0.4.43" criteria = "safe-to-deploy" [[exemptions.tempfile]] @@ -798,7 +790,7 @@ version = "0.2.2" criteria = "safe-to-deploy" [[exemptions.uuid]] -version = "1.10.0" +version = "1.11.0" criteria = "safe-to-run" [[exemptions.version_check]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index a89961e..b641c4a 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -15,6 +15,13 @@ user-id = 5946 user-login = "jrmuizel" user-name = "Jeff Muizelaar" +[[publisher.pinentry]] +version = "0.5.1" +when = "2024-08-31" +user-id = 6289 +user-login = "str4d" +user-name = "Jack Grigg" + [[publisher.windows-sys]] version = "0.45.0" when = "2023-01-21" @@ -241,12 +248,27 @@ criteria = "safe-to-deploy" version = "1.0.2" notes = "This is a small crate which forbids unsafe code and is a straightforward implementation of the adler hashing algorithm." +[[audits.bytecode-alliance.audits.adler2]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "2.0.0" +notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin." + [[audits.bytecode-alliance.audits.anes]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.1.6" notes = "Contains no unsafe code, no IO, no build.rs." +[[audits.bytecode-alliance.audits.arrayvec]] +who = "Nick Fitzgerald " +criteria = "safe-to-deploy" +version = "0.7.2" +notes = """ +Well documented invariants, good assertions for those invariants in unsafe code, +and tested with MIRI to boot. LGTM. +""" + [[audits.bytecode-alliance.audits.base64]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -264,6 +286,12 @@ criteria = "safe-to-deploy" version = "1.0.0" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.cipher]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +version = "0.4.4" +notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads." + [[audits.bytecode-alliance.audits.core-foundation-sys]] who = "Dan Gohman " criteria = "safe-to-deploy" @@ -381,6 +409,11 @@ who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.1.25 -> 0.1.32" +[[audits.bytecode-alliance.audits.libc]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.2.158 -> 0.2.161" + [[audits.bytecode-alliance.audits.libm]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -400,6 +433,26 @@ This is a minor update which has some testing affordances as well as some updated math algorithms. """ +[[audits.bytecode-alliance.audits.miniz_oxide]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.7.1" +notes = """ +This crate is a Rust implementation of zlib compression/decompression and has +been used by default by the Rust standard library for quite some time. It's also +a default dependency of the popular `backtrace` crate for decompressing debug +information. This crate forbids unsafe code and does not otherwise access system +resources. It's originally a port of the `miniz.c` library as well, and given +its own longevity should be relatively hardened against some of the more common +compression-related issues. +""" + +[[audits.bytecode-alliance.audits.miniz_oxide]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.8.0" +notes = "Minor updates, using new Rust features like `const`, no major changes." + [[audits.bytecode-alliance.audits.num-traits]] who = "Andrew Brown " criteria = "safe-to-deploy" @@ -447,12 +500,28 @@ who = "Alex Crichton " criteria = "safe-to-deploy" delta = "0.1.21 -> 0.1.24" +[[audits.bytecode-alliance.audits.rustix]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.38.34 -> 0.38.37" + +[[audits.bytecode-alliance.audits.rustix]] +who = "Dan Gohman " +criteria = "safe-to-deploy" +delta = "0.38.37 -> 0.38.38" + [[audits.bytecode-alliance.audits.semver]] who = "Pat Hickey " criteria = "safe-to-deploy" version = "1.0.17" notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct" +[[audits.bytecode-alliance.audits.sha1]] +who = "Andrew Brown " +criteria = "safe-to-deploy" +delta = "0.10.5 -> 0.10.6" +notes = "Only new code is some loongarch64 additions which include assembly code for that platform." + [[audits.bytecode-alliance.audits.tempfile]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -464,11 +533,6 @@ criteria = "safe-to-deploy" delta = "3.5.0 -> 3.6.0" notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal." -[[audits.bytecode-alliance.audits.unicode-ident]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "1.0.8" - [[audits.bytecode-alliance.audits.xattr]] who = "Andrew Brown " criteria = "safe-to-deploy" @@ -539,12 +603,6 @@ criteria = "safe-to-run" delta = "0.8.5 -> 0.8.11" aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" -[[audits.google.audits.arrayvec]] -who = "Nicholas Bishop " -criteria = "safe-to-run" -version = "0.7.4" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.autocfg]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -630,6 +688,27 @@ instead (see also https://crrev.com/c/5771867). """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.bytemuck]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.16.3 -> 1.17.1" +notes = "Unsafe review comments can be found in https://crrev.com/c/5813463" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.17.1 -> 1.18.0" +notes = "No code changes - just altering feature flag arrangements" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.bytemuck]] +who = "Adrian Taylor " +criteria = "safe-to-deploy" +delta = "1.18.0 -> 1.19.0" +notes = "No code changes - just comment changes and adding the track_caller attribute." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.byteorder]] who = "danakj " criteria = "safe-to-deploy" @@ -730,6 +809,58 @@ There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`. ''' aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.30 -> 1.0.31" +notes = """ +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +Only benign changes: + +* Comment-only changes in `.rs` files +* Also changing dependency version in `Cargo.toml`, but this is for `any_zlib` + feature which is not used in Chromium (i.e. this is a *partial* audit - see + the previous audit notes for 1.0.30) +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.31 -> 1.0.33" +notes = """ +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +This delta audit has been reviewed in https://crrev.com/c/5811890 +The delta can be seen at https://diff.rs/flate2/1.0.31/1.0.33 +The delta bumps up `miniz_oxide` dependency to `0.8.0` +The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium +and therefore hasn't been covered by this partial audit. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.flate2]] +who = "Lukasz Anforowicz " +criteria = "safe-to-deploy" +delta = "1.0.33 -> 1.0.34" +notes = """ +WARNING: This certification is a result of a **partial** audit. The +`any_zlib` code has **not** been audited. See the audit of 1.0.30 for +more details. + +The delta can be seen at https://diff.rs/flate2/1.0.33/1.0.34 +The delta bumps up `libz-rs-sys` dependency from `0.2.1` to `0.3.0` +The delta in `lib.rs` only tweaks comments and has no code changes. +The delta also contains some changes to `src/ffi/c.rs` which is *NOT* used by Chromium +and therefore hasn't been covered by this partial audit. +""" +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + [[audits.google.audits.futures]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -897,12 +1028,6 @@ delta = "0.2.9 -> 0.2.13" notes = "Audited at https://fxrev.dev/946396" aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT" -[[audits.google.audits.proc-macro-error-attr]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "1.0.4" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.proc-macro2]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" @@ -973,6 +1098,23 @@ Config-related changes in `test_size.rs`. """ aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" +[[audits.google.audits.proc-macro2]] +who = "danakj " +criteria = "safe-to-deploy" +delta = "1.0.86 -> 1.0.87" +notes = "No new unsafe interactions." +aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT" + +[[audits.google.audits.proc-macro2]] +who = "Liza Burakova Date: Sun, 3 Nov 2024 05:32:37 +0000 Subject: [PATCH 67/77] Migrate to `secrecy 0.10` --- Cargo.lock | 10 ++-- Cargo.toml | 4 +- age-core/CHANGELOG.md | 7 ++- age-core/src/format.rs | 25 +++++++-- age-core/src/plugin.rs | 2 +- age-plugin/examples/age-plugin-unencrypted.rs | 11 ++-- age-plugin/src/identity.rs | 2 +- age-plugin/src/recipient.rs | 19 ++++--- age/CHANGELOG.md | 2 +- age/Cargo.toml | 2 +- age/src/cli_common.rs | 6 +-- age/src/encrypted.rs | 6 ++- age/src/keys.rs | 10 ++-- age/src/lib.rs | 12 ++--- age/src/plugin.rs | 13 +++-- age/src/primitives.rs | 4 +- age/src/primitives/stream.rs | 8 +-- age/src/protocol.rs | 7 +-- age/src/scrypt.rs | 7 +-- age/src/ssh.rs | 8 +-- age/src/ssh/identity.rs | 54 ++++++++++++++----- age/src/x25519.rs | 13 ++--- age/tests/test_vectors.rs | 2 +- fuzz-afl/Cargo.lock | 4 +- fuzz/Cargo.lock | 4 +- supply-chain/config.toml | 2 +- supply-chain/imports.lock | 4 +- 27 files changed, 155 insertions(+), 93 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 280c3d2..1bb30a1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1844,9 +1844,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pinentry" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72268b7db3a2075ea65d4b93b755d086e99196e327837e690db6559b393a8d69" +checksum = "c1ecb857a7b11a03e8872c704d0a1ae1efc20533b3be98338008527a1928ffa6" dependencies = [ "log", "nom", @@ -2344,9 +2344,9 @@ dependencies = [ [[package]] name = "secrecy" -version = "0.8.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" dependencies = [ "zeroize", ] @@ -2979,7 +2979,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 1e24c15..d13d535 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -48,8 +48,8 @@ cookie-factory = "0.3.1" nom = { version = "7", default-features = false, features = ["alloc"] } # Secret management -pinentry = "0.5" -secrecy = "0.8" +pinentry = "0.6" +secrecy = "0.10" subtle = "2" zeroize = "1" diff --git a/age-core/CHANGELOG.md b/age-core/CHANGELOG.md index d458d20..baaa088 100644 --- a/age-core/CHANGELOG.md +++ b/age-core/CHANGELOG.md @@ -8,9 +8,14 @@ to 1.0.0 are beta releases. ## [Unreleased] ### Added -- `age_core::format::is_arbitrary_string` +- `age_core::format`: + - `FileKey::new` + - `FileKey::init_with_mut` + - `FileKey::try_init_with_mut` + - `is_arbitrary_string` ### Changed +- Migrated to `secrecy 0.10`. - `age::plugin::Connection::unidir_receive` now takes an additional argument to enable handling an optional fourth command. diff --git a/age-core/src/format.rs b/age-core/src/format.rs index 263b908..f8f97dc 100644 --- a/age-core/src/format.rs +++ b/age-core/src/format.rs @@ -5,7 +5,7 @@ use rand::{ distributions::{Distribution, Uniform}, thread_rng, RngCore, }; -use secrecy::{ExposeSecret, Secret}; +use secrecy::{ExposeSecret, ExposeSecretMut, SecretBox}; /// The prefix identifying an age stanza. const STANZA_TAG: &str = "-> "; @@ -14,11 +14,26 @@ const STANZA_TAG: &str = "-> "; pub const FILE_KEY_BYTES: usize = 16; /// A file key for encrypting or decrypting an age file. -pub struct FileKey(Secret<[u8; FILE_KEY_BYTES]>); +pub struct FileKey(SecretBox<[u8; FILE_KEY_BYTES]>); -impl From<[u8; FILE_KEY_BYTES]> for FileKey { - fn from(file_key: [u8; FILE_KEY_BYTES]) -> Self { - FileKey(Secret::new(file_key)) +impl FileKey { + /// Creates a file key using a pre-boxed key. + pub fn new(file_key: Box<[u8; FILE_KEY_BYTES]>) -> Self { + Self(SecretBox::new(file_key)) + } + + /// Creates a file key using a function that can initialize the key in-place. + pub fn init_with_mut(ctr: impl FnOnce(&mut [u8; FILE_KEY_BYTES])) -> Self { + Self(SecretBox::init_with_mut(ctr)) + } + + /// Same as [`Self::init_with_mut`], but the constructor can be fallible. + pub fn try_init_with_mut( + ctr: impl FnOnce(&mut [u8; FILE_KEY_BYTES]) -> Result<(), E>, + ) -> Result { + let mut file_key = SecretBox::new(Box::new([0; FILE_KEY_BYTES])); + ctr(file_key.expose_secret_mut())?; + Ok(Self(file_key)) } } diff --git a/age-core/src/plugin.rs b/age-core/src/plugin.rs index 027cde0..aa3e40c 100644 --- a/age-core/src/plugin.rs +++ b/age-core/src/plugin.rs @@ -4,7 +4,7 @@ //! implementations built around the `age-plugin` crate. use rand::{thread_rng, Rng}; -use secrecy::Zeroize; +use secrecy::zeroize::Zeroize; use std::env; use std::fmt; use std::io::{self, BufRead, BufReader, Read, Write}; diff --git a/age-plugin/examples/age-plugin-unencrypted.rs b/age-plugin/examples/age-plugin-unencrypted.rs index efa908d..f88018a 100644 --- a/age-plugin/examples/age-plugin-unencrypted.rs +++ b/age-plugin/examples/age-plugin-unencrypted.rs @@ -175,9 +175,14 @@ impl IdentityPluginV1 for IdentityPlugin { // identities. let _ = callbacks.message("This identity does nothing!")?; file_keys.entry(file_index).or_insert_with(|| { - Ok(FileKey::from( - TryInto::<[u8; 16]>::try_into(&stanza.body[..]).unwrap(), - )) + FileKey::try_init_with_mut(|file_key| { + if stanza.body.len() == file_key.len() { + file_key.copy_from_slice(&stanza.body); + Ok(()) + } else { + panic!("File key is wrong length") + } + }) }); break; } diff --git a/age-plugin/src/identity.rs b/age-plugin/src/identity.rs index 1d2536a..7431014 100644 --- a/age-plugin/src/identity.rs +++ b/age-plugin/src/identity.rs @@ -135,7 +135,7 @@ impl<'a, 'b, R: io::Read, W: io::Write> Callbacks for BidirCallbacks<'a, .and_then(|res| match res { Ok(s) => String::from_utf8(s.body) .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "secret is not UTF-8")) - .map(|s| Ok(SecretString::new(s))), + .map(|s| Ok(SecretString::from(s))), Err(e) => Ok(Err(e)), }) } diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index 3a12161..d916d3b 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -1,7 +1,7 @@ //! Recipient plugin helpers. use age_core::{ - format::{is_arbitrary_string, FileKey, Stanza, FILE_KEY_BYTES}, + format::{is_arbitrary_string, FileKey, Stanza}, plugin::{self, BidirSend, Connection}, secrecy::SecretString, }; @@ -183,7 +183,7 @@ impl<'a, 'b, R: io::Read, W: io::Write> Callbacks for BidirCallbacks<'a, .and_then(|res| match res { Ok(s) => String::from_utf8(s.body) .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "secret is not UTF-8")) - .map(|s| Ok(SecretString::new(s))), + .map(|s| Ok(SecretString::from(s))), Err(e) => Ok(Err(e)), }) } @@ -281,11 +281,16 @@ pub(crate) fn run_v1(mut plugin: P) -> io::Result<()> { }), (Some(WRAP_FILE_KEY), |s| { // TODO: Should we ignore file key commands with unexpected metadata args? - TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&s.body[..]) - .map_err(|_| Error::Internal { - message: "invalid file key length".to_owned(), - }) - .map(FileKey::from) + FileKey::try_init_with_mut(|file_key| { + if s.body.len() == file_key.len() { + file_key.copy_from_slice(&s.body); + Ok(()) + } else { + Err(Error::Internal { + message: "invalid file key length".to_owned(), + }) + } + }) }), (Some(EXTENSION_LABELS), |_| Ok(())), )?; diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index 7b0bb86..a582e70 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -26,7 +26,7 @@ to 1.0.0 are beta releases. - Partial French translation! ### Changed -- Migrated to `i18n-embed 0.15`. +- Migrated to `i18n-embed 0.15`, `secrecy 0.10`. - `age::Encryptor::with_recipients` now takes recipients by reference instead of by value. This aligns it with `age::Decryptor` (which takes identities by reference), and also means that errors with recipients are reported earlier. diff --git a/age/Cargo.toml b/age/Cargo.toml index d2ef80a..8c07f81 100644 --- a/age/Cargo.toml +++ b/age/Cargo.toml @@ -37,7 +37,7 @@ futures = { version = "0.3", optional = true } pin-project = "1" # Common CLI dependencies -pinentry = { version = "0.5", optional = true } +pinentry = { workspace = true, optional = true } # Dependencies used internally: # (Breaking upgrades to these are usually backwards-compatible, but check MSRVs.) diff --git a/age/src/cli_common.rs b/age/src/cli_common.rs index f8a25e6..c508544 100644 --- a/age/src/cli_common.rs +++ b/age/src/cli_common.rs @@ -125,10 +125,10 @@ pub fn read_secret( input.interact() } else { // Fall back to CLI interface. - let passphrase = prompt_password(format!("{}: ", description)).map(SecretString::new)?; + let passphrase = prompt_password(format!("{}: ", description)).map(SecretString::from)?; if let Some(confirm_prompt) = confirm { let confirm_passphrase = - prompt_password(format!("{}: ", confirm_prompt)).map(SecretString::new)?; + prompt_password(format!("{}: ", confirm_prompt)).map(SecretString::from)?; if !bool::from( passphrase @@ -199,7 +199,7 @@ impl Passphrase { acc + "-" + s } }); - Passphrase::Generated(SecretString::new(new_passphrase)) + Passphrase::Generated(SecretString::from(new_passphrase)) } } diff --git a/age/src/encrypted.rs b/age/src/encrypted.rs index 95b59f5..4570a2b 100644 --- a/age/src/encrypted.rs +++ b/age/src/encrypted.rs @@ -239,7 +239,7 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo= /// This intentionally panics if called twice. fn request_passphrase(&self, _: &str) -> Option { - Some(SecretString::new( + Some(SecretString::from( self.0.lock().unwrap().take().unwrap().to_owned(), )) } @@ -248,8 +248,10 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo= #[test] #[cfg(feature = "armor")] fn round_trip() { + use age_core::format::FileKey; + let pk: x25519::Recipient = TEST_RECIPIENT.parse().unwrap(); - let file_key = [12; 16].into(); + let file_key = FileKey::new(Box::new([12; 16])); let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); assert!(labels.is_empty()); diff --git a/age/src/keys.rs b/age/src/keys.rs index 857f086..06b6bd5 100644 --- a/age/src/keys.rs +++ b/age/src/keys.rs @@ -3,7 +3,7 @@ use age_core::{ format::FileKey, primitives::hkdf, - secrecy::{ExposeSecret, Secret}, + secrecy::{ExposeSecret, SecretBox}, }; use rand::{rngs::OsRng, RngCore}; @@ -18,17 +18,15 @@ const HEADER_KEY_LABEL: &[u8] = b"header"; const PAYLOAD_KEY_LABEL: &[u8] = b"payload"; pub(crate) fn new_file_key() -> FileKey { - let mut file_key = [0; 16]; - OsRng.fill_bytes(&mut file_key); - file_key.into() + FileKey::init_with_mut(|file_key| OsRng.fill_bytes(file_key)) } pub(crate) fn mac_key(file_key: &FileKey) -> HmacKey { - HmacKey(Secret::new(hkdf( + HmacKey(SecretBox::new(Box::new(hkdf( &[], HEADER_KEY_LABEL, file_key.expose_secret(), - ))) + )))) } pub(crate) fn v1_payload_key( diff --git a/age/src/lib.rs b/age/src/lib.rs index 28f448b..9dffa87 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -63,10 +63,10 @@ //! ## Passphrase-based encryption //! //! ``` -//! use age::secrecy::Secret; +//! use age::secrecy::SecretString; //! //! # fn run_main() -> Result<(), ()> { -//! let passphrase = Secret::new("this is not a good passphrase".to_owned()); +//! let passphrase = SecretString::from("this is not a good passphrase".to_owned()); //! let recipient = age::scrypt::Recipient::new(passphrase.clone()); //! let identity = age::scrypt::Identity::new(passphrase); //! @@ -152,16 +152,16 @@ //! ## Passphrase-based encryption //! //! ``` -//! use age::secrecy::Secret; +//! use age::secrecy::SecretString; //! use std::io::{Read, Write}; //! use std::iter; //! //! # fn run_main() -> Result<(), ()> { //! let plaintext = b"Hello world!"; -//! let passphrase = Secret::new("this is not a good passphrase".to_owned()); +//! let passphrase = SecretString::from("this is not a good passphrase".to_owned()); //! //! // Encrypt the plaintext to a ciphertext using the passphrase... -//! # fn encrypt(passphrase: Secret, plaintext: &[u8]) -> Result, age::EncryptError> { +//! # fn encrypt(passphrase: SecretString, plaintext: &[u8]) -> Result, age::EncryptError> { //! let encrypted = { //! let encryptor = age::Encryptor::with_user_passphrase(passphrase.clone()); //! @@ -176,7 +176,7 @@ //! # } //! //! // ... and decrypt the ciphertext to the plaintext again using the same passphrase. -//! # fn decrypt(passphrase: Secret, encrypted: Vec) -> Result, age::DecryptError> { +//! # fn decrypt(passphrase: SecretString, encrypted: Vec) -> Result, age::DecryptError> { //! let decrypted = { //! let decryptor = age::Decryptor::new(&encrypted[..])?; //! diff --git a/age/src/plugin.rs b/age/src/plugin.rs index 2b5cf75..fc1af5d 100644 --- a/age/src/plugin.rs +++ b/age/src/plugin.rs @@ -649,11 +649,14 @@ impl IdentityPluginV1 { // We only support a single file. assert!(command.args[0] == "0"); assert!(file_key.is_none()); - file_key = Some( - TryInto::<[u8; 16]>::try_into(&command.body[..]) - .map_err(|_| DecryptError::DecryptionFailed) - .map(FileKey::from), - ); + file_key = Some(FileKey::try_init_with_mut(|file_key| { + if command.body.len() == file_key.len() { + file_key.copy_from_slice(&command.body); + Ok(()) + } else { + Err(DecryptError::DecryptionFailed) + } + })); reply.ok(None) } CMD_ERROR => { diff --git a/age/src/primitives.rs b/age/src/primitives.rs index 32b6654..bc95b8d 100644 --- a/age/src/primitives.rs +++ b/age/src/primitives.rs @@ -1,6 +1,6 @@ //! Primitive cryptographic operations used by `age`. -use age_core::secrecy::{ExposeSecret, Secret}; +use age_core::secrecy::{ExposeSecret, SecretBox}; use hmac::{ digest::{CtOutput, MacError}, Hmac, Mac, @@ -15,7 +15,7 @@ pub mod armor; pub mod stream; -pub(crate) struct HmacKey(pub(crate) Secret<[u8; 32]>); +pub(crate) struct HmacKey(pub(crate) SecretBox<[u8; 32]>); /// `HMAC[key](message)` /// diff --git a/age/src/primitives/stream.rs b/age/src/primitives/stream.rs index adb5ced..880084d 100644 --- a/age/src/primitives/stream.rs +++ b/age/src/primitives/stream.rs @@ -1,6 +1,6 @@ //! I/O helper structs for age file encryption and decryption. -use age_core::secrecy::{ExposeSecret, SecretVec}; +use age_core::secrecy::{ExposeSecret, SecretSlice}; use chacha20poly1305::{ aead::{generic_array::GenericArray, Aead, KeyInit, KeySizeUser}, ChaCha20Poly1305, @@ -194,7 +194,7 @@ impl Stream { Ok(encrypted) } - fn decrypt_chunk(&mut self, chunk: &[u8], last: bool) -> io::Result> { + fn decrypt_chunk(&mut self, chunk: &[u8], last: bool) -> io::Result> { assert!(chunk.len() <= ENCRYPTED_CHUNK_SIZE); self.nonce.set_last(last).map_err(|_| { @@ -204,7 +204,7 @@ impl Stream { let decrypted = self .aead .decrypt(&self.nonce.to_bytes().into(), chunk) - .map(SecretVec::new) + .map(SecretSlice::from) .map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "decryption error"))?; self.nonce.increment_counter(); @@ -407,7 +407,7 @@ pub struct StreamReader { start: StartPos, plaintext_len: Option, cur_plaintext_pos: u64, - chunk: Option>, + chunk: Option>, } impl StreamReader { diff --git a/age/src/protocol.rs b/age/src/protocol.rs index 05109fb..a29c447 100644 --- a/age/src/protocol.rs +++ b/age/src/protocol.rs @@ -477,7 +477,7 @@ mod tests { fn scrypt_round_trip() { let test_msg = b"This is a test message. For testing."; - let mut recipient = scrypt::Recipient::new(SecretString::new("passphrase".to_string())); + let mut recipient = scrypt::Recipient::new(SecretString::from("passphrase".to_string())); // Override to something very fast for testing. recipient.set_work_factor(2); @@ -492,7 +492,7 @@ mod tests { let d = Decryptor::new(&encrypted[..]).unwrap(); let mut r = d .decrypt( - Some(&scrypt::Identity::new(SecretString::new("passphrase".to_string())) as _) + Some(&scrypt::Identity::new(SecretString::from("passphrase".to_string())) as _) .into_iter(), ) .unwrap(); @@ -549,7 +549,8 @@ mod tests { #[test] fn mixed_recipient_and_passphrase() { let pk: x25519::Recipient = crate::x25519::tests::TEST_PK.parse().unwrap(); - let passphrase = crate::scrypt::Recipient::new(SecretString::new("passphrase".to_string())); + let passphrase = + crate::scrypt::Recipient::new(SecretString::from("passphrase".to_string())); let recipients = [&pk as &dyn Recipient, &passphrase as _]; diff --git a/age/src/scrypt.rs b/age/src/scrypt.rs index 5b04698..60938e8 100644 --- a/age/src/scrypt.rs +++ b/age/src/scrypt.rs @@ -260,9 +260,10 @@ impl crate::Identity for Identity { aead_decrypt(&enc_key, FILE_KEY_BYTES, &stanza.body) .map(|mut pt| { // It's ours! - let file_key: [u8; FILE_KEY_BYTES] = pt[..].try_into().unwrap(); - pt.zeroize(); - file_key.into() + FileKey::init_with_mut(|file_key| { + file_key.copy_from_slice(&pt); + pt.zeroize(); + }) }) .map_err(DecryptError::from), ) diff --git a/age/src/ssh.rs b/age/src/ssh.rs index bcbb045..fadab56 100644 --- a/age/src/ssh.rs +++ b/age/src/ssh.rs @@ -194,7 +194,7 @@ mod decrypt { } mod read_ssh { - use age_core::secrecy::Secret; + use age_core::secrecy::SecretBox; use curve25519_dalek::edwards::{CompressedEdwardsY, EdwardsPoint}; use nom::{ branch::alt, @@ -349,14 +349,14 @@ mod read_ssh { /// Internal OpenSSH encoding of an Ed25519 private key. /// /// - [OpenSSH serialization code](https://github.com/openssh/openssh-portable/blob/4103a3ec7c68493dbc4f0994a229507e943a86d3/sshkey.c#L3277-L3283) - fn openssh_ed25519_privkey(input: &[u8]) -> IResult<&[u8], Secret<[u8; 64]>> { + fn openssh_ed25519_privkey(input: &[u8]) -> IResult<&[u8], SecretBox<[u8; 64]>> { delimited( string_tag(SSH_ED25519_KEY_PREFIX), map_opt(tuple((string, string)), |(pubkey_bytes, privkey_bytes)| { if privkey_bytes.len() == 64 && pubkey_bytes == &privkey_bytes[32..64] { - let mut privkey = [0; 64]; + let mut privkey = Box::new([0; 64]); privkey.copy_from_slice(privkey_bytes); - Some(Secret::new(privkey)) + Some(SecretBox::new(privkey)) } else { None } diff --git a/age/src/ssh/identity.rs b/age/src/ssh/identity.rs index e32941a..0dd43d2 100644 --- a/age/src/ssh/identity.rs +++ b/age/src/ssh/identity.rs @@ -1,7 +1,7 @@ use age_core::{ format::{FileKey, Stanza, FILE_KEY_BYTES}, primitives::{aead_decrypt, hkdf}, - secrecy::{ExposeSecret, Secret}, + secrecy::{ExposeSecret, SecretBox}, }; use base64::prelude::BASE64_STANDARD; use nom::{ @@ -32,12 +32,27 @@ use crate::{ }; /// An SSH private key for decrypting an age file. -#[derive(Clone)] pub enum UnencryptedKey { /// An ssh-rsa private key. SshRsa(Vec, Box), /// An ssh-ed25519 key pair. - SshEd25519(Vec, Secret<[u8; 64]>), + SshEd25519(Vec, SecretBox<[u8; 64]>), +} + +impl Clone for UnencryptedKey { + fn clone(&self) -> Self { + match self { + Self::SshRsa(ssh_key, sk) => Self::SshRsa(ssh_key.clone(), sk.clone()), + Self::SshEd25519(ssh_key, privkey) => Self::SshEd25519( + ssh_key.clone(), + SecretBox::new({ + let mut cloned_privkey = Box::new([0; 64]); + cloned_privkey.copy_from_slice(privkey.expose_secret()); + cloned_privkey + }), + ), + } + } } impl UnencryptedKey { @@ -64,11 +79,18 @@ impl UnencryptedKey { &stanza.body, ) .map_err(DecryptError::from) - .map(|mut pt| { + .and_then(|mut pt| { // It's ours! - let file_key: [u8; 16] = pt[..].try_into().unwrap(); - pt.zeroize(); - file_key.into() + FileKey::try_init_with_mut(|file_key| { + let ret = if pt.len() == file_key.len() { + file_key.copy_from_slice(&pt); + Ok(()) + } else { + Err(DecryptError::DecryptionFailed) + }; + pt.zeroize(); + ret + }) }), ) } @@ -115,9 +137,10 @@ impl UnencryptedKey { .map_err(DecryptError::from) .map(|mut pt| { // It's ours! - let file_key: [u8; FILE_KEY_BYTES] = pt[..].try_into().unwrap(); - pt.zeroize(); - file_key.into() + FileKey::init_with_mut(|file_key| { + file_key.copy_from_slice(&pt); + pt.zeroize(); + }) }), ) } @@ -354,7 +377,10 @@ pub(crate) fn ssh_identity(input: &str) -> IResult<&str, Identity> { #[cfg(test)] pub(crate) mod tests { - use age_core::secrecy::{ExposeSecret, SecretString}; + use age_core::{ + format::FileKey, + secrecy::{ExposeSecret, SecretString}, + }; use std::io::BufReader; use super::{Identity, UnsupportedKey}; @@ -491,7 +517,7 @@ AwQFBg== } fn request_passphrase(&self, _: &str) -> Option { - Some(SecretString::new(self.0.to_owned())) + Some(SecretString::from(self.0.to_owned())) } } @@ -505,7 +531,7 @@ AwQFBg== }; let pk: Recipient = TEST_SSH_RSA_PK.parse().unwrap(); - let file_key = [12; 16].into(); + let file_key = FileKey::new(Box::new([12; 16])); let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); assert!(labels.is_empty()); @@ -532,7 +558,7 @@ AwQFBg== let identity = identity.with_callbacks(TestPassphrase("passphrase")); let pk: Recipient = TEST_SSH_ED25519_PK.parse().unwrap(); - let file_key = [12; 16].into(); + let file_key = FileKey::new(Box::new([12; 16])); let (wrapped, labels) = pk.wrap_file_key(&file_key).unwrap(); assert!(labels.is_empty()); diff --git a/age/src/x25519.rs b/age/src/x25519.rs index 9d23ee5..98edb15 100644 --- a/age/src/x25519.rs +++ b/age/src/x25519.rs @@ -68,7 +68,7 @@ impl Identity { let sk_base32 = sk_bytes.to_base32(); let mut encoded = bech32::encode(SECRET_KEY_PREFIX, sk_base32, Variant::Bech32).expect("HRP is valid"); - let ret = SecretString::new(encoded.to_uppercase()); + let ret = SecretString::from(encoded.to_uppercase()); // Clear intermediates sk_bytes.zeroize(); @@ -136,9 +136,10 @@ impl crate::Identity for Identity { .ok() .map(|mut pt| { // It's ours! - let file_key: [u8; FILE_KEY_BYTES] = pt[..].try_into().unwrap(); - pt.zeroize(); - Ok(file_key.into()) + Ok(FileKey::init_with_mut(|file_key| { + file_key.copy_from_slice(&pt); + pt.zeroize(); + })) }) } } @@ -238,7 +239,7 @@ impl crate::Recipient for Recipient { #[cfg(test)] pub(crate) mod tests { - use age_core::secrecy::ExposeSecret; + use age_core::{format::FileKey, secrecy::ExposeSecret}; use proptest::prelude::*; use x25519_dalek::{PublicKey, StaticSecret}; @@ -265,7 +266,7 @@ pub(crate) mod tests { proptest! { #[test] fn wrap_and_unwrap(sk_bytes in proptest::collection::vec(any::(), ..=32)) { - let file_key = [7; 16].into(); + let file_key = FileKey::new(Box::new([7; 16])); let sk = { let mut tmp = [0; 32]; tmp[..sk_bytes.len()].copy_from_slice(&sk_bytes); diff --git a/age/tests/test_vectors.rs b/age/tests/test_vectors.rs index 765e1bb..1924b10 100644 --- a/age/tests/test_vectors.rs +++ b/age/tests/test_vectors.rs @@ -44,7 +44,7 @@ fn age_test_vectors() -> Result<(), Box> { name ))? .read_to_string(&mut passphrase)?; - let passphrase = SecretString::new(passphrase); + let passphrase = SecretString::from(passphrase); let identity = scrypt::Identity::new(passphrase); d.decrypt(Some(&identity as _).into_iter()) }; diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index 31a0e07..543d1ec 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -879,9 +879,9 @@ dependencies = [ [[package]] name = "secrecy" -version = "0.8.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" dependencies = [ "zeroize", ] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index d1e0548..a12faf6 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -884,9 +884,9 @@ dependencies = [ [[package]] name = "secrecy" -version = "0.8.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" dependencies = [ "zeroize", ] diff --git a/supply-chain/config.toml b/supply-chain/config.toml index d38c238..f6b8725 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -654,7 +654,7 @@ version = "0.11.0" criteria = "safe-to-deploy" [[exemptions.secrecy]] -version = "0.8.0" +version = "0.10.3" criteria = "safe-to-deploy" [[exemptions.self_cell]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b641c4a..12d3267 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -16,8 +16,8 @@ user-login = "jrmuizel" user-name = "Jeff Muizelaar" [[publisher.pinentry]] -version = "0.5.1" -when = "2024-08-31" +version = "0.6.0" +when = "2024-11-03" user-id = 6289 user-login = "str4d" user-name = "Jack Grigg" From d0889c90af83e5f281e81e8a086fca70ed5e0e13 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 07:04:20 +0000 Subject: [PATCH 68/77] age: Document crate's calling contract of `Identity::unwrap_stanza` Closes str4d/rage#509. --- age/src/lib.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/age/src/lib.rs b/age/src/lib.rs index 9dffa87..9e908eb 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -272,6 +272,17 @@ use age_core::{ /// A private key or other value that can unwrap an opaque file key from a recipient /// stanza. +/// +/// # Implementation notes +/// +/// The canonical entry point for this trait is [`Identity::unwrap_stanzas`]. The default +/// implementation of that method is: +/// ```ignore +/// stanzas.iter().find_map(|stanza| self.unwrap_stanza(stanza)) +/// ``` +/// +/// The `age` crate otherwise does not call [`Identity::unwrap_stanza`] directly. As such, +/// if you want to add file-level stanza checks, override [`Identity::unwrap_stanzas`]. pub trait Identity { /// Attempts to unwrap the given stanza with this identity. /// @@ -279,6 +290,8 @@ pub trait Identity { /// external implementations. You should not need to call this directly; instead, pass /// identities to [`Decryptor::decrypt`]. /// + /// The `age` crate only calls this method via [`Identity::unwrap_stanzas`]. + /// /// Returns: /// - `Some(Ok(file_key))` on success. /// - `Some(Err(e))` if a decryption error occurs. From bca6916bac6aa6058583981f5d9b7296f7a272bb Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 07:30:16 +0000 Subject: [PATCH 69/77] Update docs to permit multiple stanzas from recipients Closes str4d/rage#524. --- age-plugin/src/recipient.rs | 8 ++++++-- age/src/lib.rs | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/age-plugin/src/recipient.rs b/age-plugin/src/recipient.rs index d916d3b..0370c2d 100644 --- a/age-plugin/src/recipient.rs +++ b/age-plugin/src/recipient.rs @@ -81,8 +81,12 @@ pub trait RecipientPluginV1 { /// Wraps each `file_key` to all recipients and identities previously added via /// `add_recipient` and `add_identity`. /// - /// Returns either one stanza per recipient and identity for each file key, or any - /// errors if one or more recipients or identities could not be wrapped to. + /// Returns a set of stanzas per file key that wrap it to each recipient and identity. + /// Plugins may return more than one stanza per "actual recipient", e.g. to support + /// multiple formats, to build group aliases, or to act as a proxy. + /// + /// If one or more recipients or identities could not be wrapped to, no stanzas are + /// returned for any of the file keys. /// /// `callbacks` can be used to interact with the user, to have them take some physical /// action or request a secret value. diff --git a/age/src/lib.rs b/age/src/lib.rs index 9e908eb..7e80080 100644 --- a/age/src/lib.rs +++ b/age/src/lib.rs @@ -326,7 +326,8 @@ pub trait Recipient { /// and labels that constrain how the stanzas may be combined with those from other /// recipients. /// - /// Implementations MUST NOT return more than one stanza per "actual recipient". + /// Implementations may return more than one stanza per "actual recipient", e.g. to + /// support multiple formats, to build group aliases, or to act as a proxy. /// /// This method is part of the `Recipient` trait to expose age's [one joint] for /// external implementations. You should not need to call this directly; instead, pass From 1d2b3bfa376790d8da17558b103a7394f97237ff Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 08:04:59 +0000 Subject: [PATCH 70/77] age: Merge error cases in `cli_common::file_io` --- age/src/cli_common/file_io.rs | 57 ++++++++++++++++------------------- 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/age/src/cli_common/file_io.rs b/age/src/cli_common/file_io.rs index e24324f..b5758dc 100644 --- a/age/src/cli_common/file_io.rs +++ b/age/src/cli_common/file_io.rs @@ -16,39 +16,31 @@ use crate::{fl, util::LINE_ENDING, wfl, wlnfl}; const SHORT_OUTPUT_LENGTH: usize = 20 * 80; #[derive(Debug)] -struct DenyBinaryOutputError; +enum FileError { + DenyBinaryOutput, + DenyOverwriteFile(String), + DetectedBinaryOutput, +} -impl fmt::Display for DenyBinaryOutputError { +impl fmt::Display for FileError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - wlnfl!(f, "err-deny-binary-output")?; - wfl!(f, "rec-deny-binary-output") + match self { + Self::DenyBinaryOutput => { + wlnfl!(f, "err-deny-binary-output")?; + wfl!(f, "rec-deny-binary-output") + } + Self::DenyOverwriteFile(filename) => { + wfl!(f, "err-deny-overwrite-file", filename = filename.as_str()) + } + Self::DetectedBinaryOutput => { + wlnfl!(f, "err-detected-binary")?; + wfl!(f, "rec-detected-binary") + } + } } } -impl std::error::Error for DenyBinaryOutputError {} - -#[derive(Debug)] -struct DetectedBinaryOutputError; - -impl fmt::Display for DetectedBinaryOutputError { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - wlnfl!(f, "err-detected-binary")?; - wfl!(f, "rec-detected-binary") - } -} - -impl std::error::Error for DetectedBinaryOutputError {} - -#[derive(Debug)] -struct DenyOverwriteFileError(String); - -impl fmt::Display for DenyOverwriteFileError { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - wfl!(f, "err-deny-overwrite-file", filename = self.0.as_str()) - } -} - -impl std::error::Error for DenyOverwriteFileError {} +impl std::error::Error for FileError {} /// Wrapper around a [`File`]. pub struct FileReader { @@ -211,7 +203,7 @@ impl Write for StdoutWriter { if std::str::from_utf8(data).is_err() { return Err(io::Error::new( io::ErrorKind::InvalidInput, - DetectedBinaryOutputError, + FileError::DetectedBinaryOutput, )); } } @@ -359,7 +351,7 @@ impl OutputWriter { if !allow_overwrite && Path::new(&filename).exists() { return Err(io::Error::new( io::ErrorKind::AlreadyExists, - DenyOverwriteFileError(filename), + FileError::DenyOverwriteFile(filename), )); } @@ -378,7 +370,10 @@ impl OutputWriter { } else if is_tty { if let OutputFormat::Binary = format { // If output == Some("-") then this error is skipped. - return Err(io::Error::new(io::ErrorKind::Other, DenyBinaryOutputError)); + return Err(io::Error::new( + io::ErrorKind::Other, + FileError::DenyBinaryOutput, + )); } } From ae5a3929251492dc582ad695c04be199c8a8f20e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 08:22:43 +0000 Subject: [PATCH 71/77] Provide a better error on invalid filename or missing directory Closes str4d/rage#530. --- age/i18n/en-US/age.ftl | 4 +++ age/src/cli_common/file_io.rs | 27 ++++++++++++++++++- .../gen-output-invalid-filename.toml | 10 +++++++ .../gen-output-missing-directory.toml | 10 +++++++ 4 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 rage/tests/cmd/rage-keygen/gen-output-invalid-filename.toml create mode 100644 rage/tests/cmd/rage-keygen/gen-output-missing-directory.toml diff --git a/age/i18n/en-US/age.ftl b/age/i18n/en-US/age.ftl index f512f21..f1b07ed 100644 --- a/age/i18n/en-US/age.ftl +++ b/age/i18n/en-US/age.ftl @@ -46,6 +46,10 @@ rec-deny-binary-output = Did you mean to use {-flag-armor}? {rec-detected-binary err-deny-overwrite-file = refusing to overwrite existing file '{$filename}'. +err-invalid-filename = invalid filename '{$filename}'. + +err-missing-directory = directory '{$path}' does not exist. + ## Identity file errors err-failed-to-write-output = Failed to write to output: {$err} diff --git a/age/src/cli_common/file_io.rs b/age/src/cli_common/file_io.rs index b5758dc..7275df8 100644 --- a/age/src/cli_common/file_io.rs +++ b/age/src/cli_common/file_io.rs @@ -20,6 +20,8 @@ enum FileError { DenyBinaryOutput, DenyOverwriteFile(String), DetectedBinaryOutput, + InvalidFilename(String), + MissingDirectory(String), } impl fmt::Display for FileError { @@ -36,6 +38,10 @@ impl fmt::Display for FileError { wlnfl!(f, "err-detected-binary")?; wfl!(f, "rec-detected-binary") } + Self::InvalidFilename(filename) => { + wfl!(f, "err-invalid-filename", filename = filename.as_str()) + } + Self::MissingDirectory(path) => wfl!(f, "err-missing-directory", path = path.as_str()), } } } @@ -345,10 +351,29 @@ impl OutputWriter { // Respect the Unix convention that "-" as an output filename // parameter is an explicit request to use standard output. if filename != "-" { + let file_path = Path::new(&filename); + + // Provide a better error if the filename is invalid, or the directory + // containing the file does not exist (we don't automatically create + // directories). + if let Some(dir_path) = file_path.parent() { + if !(dir_path == Path::new("") || dir_path.exists()) { + return Err(io::Error::new( + io::ErrorKind::NotFound, + FileError::MissingDirectory(dir_path.display().to_string()), + )); + } + } else { + return Err(io::Error::new( + io::ErrorKind::NotFound, + FileError::InvalidFilename(filename), + )); + } + // We open the file lazily, but as we don't want the caller to assume // this, we eagerly confirm that the file does not exist if we can't // overwrite it. - if !allow_overwrite && Path::new(&filename).exists() { + if !allow_overwrite && file_path.exists() { return Err(io::Error::new( io::ErrorKind::AlreadyExists, FileError::DenyOverwriteFile(filename), diff --git a/rage/tests/cmd/rage-keygen/gen-output-invalid-filename.toml b/rage/tests/cmd/rage-keygen/gen-output-invalid-filename.toml new file mode 100644 index 0000000..d8b01cd --- /dev/null +++ b/rage/tests/cmd/rage-keygen/gen-output-invalid-filename.toml @@ -0,0 +1,10 @@ +bin.name = "rage-keygen" +args = "-o ''" +status = "failed" +stdout = "" +stderr = """ +Error: Failed to open output: invalid filename ''. + +[ Did rage not do what you expected? Could an error be more useful? ] +[ Tell us: https://str4d.xyz/rage/report ] +""" diff --git a/rage/tests/cmd/rage-keygen/gen-output-missing-directory.toml b/rage/tests/cmd/rage-keygen/gen-output-missing-directory.toml new file mode 100644 index 0000000..e05627b --- /dev/null +++ b/rage/tests/cmd/rage-keygen/gen-output-missing-directory.toml @@ -0,0 +1,10 @@ +bin.name = "rage-keygen" +args = "-o does-not-exist/key.txt" +status = "failed" +stdout = "" +stderr = """ +Error: Failed to open output: directory 'does-not-exist' does not exist. + +[ Did rage not do what you expected? Could an error be more useful? ] +[ Tell us: https://str4d.xyz/rage/report ] +""" From 25e050362c47c1844b81bcb7a6a0a51cafcf7c5a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 10:38:19 +0000 Subject: [PATCH 72/77] fuzz: Fix targets --- fuzz/fuzz_targets/decrypt.rs | 8 +------- fuzz/fuzz_targets/decrypt_buffered.rs | 8 +------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/fuzz/fuzz_targets/decrypt.rs b/fuzz/fuzz_targets/decrypt.rs index 7d15ea5..637edc1 100644 --- a/fuzz/fuzz_targets/decrypt.rs +++ b/fuzz/fuzz_targets/decrypt.rs @@ -7,12 +7,6 @@ use age::Decryptor; fuzz_target!(|data: &[u8]| { if let Ok(decryptor) = Decryptor::new(data) { - match decryptor { - Decryptor::Recipients(d) => { - let _ = d.decrypt(iter::empty()); - } - // Don't pay the cost of scrypt while fuzzing. - Decryptor::Passphrase(_) => (), - } + let _ = decryptor.decrypt(iter::empty()); } }); diff --git a/fuzz/fuzz_targets/decrypt_buffered.rs b/fuzz/fuzz_targets/decrypt_buffered.rs index 553525e..f23583d 100644 --- a/fuzz/fuzz_targets/decrypt_buffered.rs +++ b/fuzz/fuzz_targets/decrypt_buffered.rs @@ -7,12 +7,6 @@ use age::Decryptor; fuzz_target!(|data: &[u8]| { if let Ok(decryptor) = Decryptor::new_buffered(data) { - match decryptor { - Decryptor::Recipients(d) => { - let _ = d.decrypt(iter::empty()); - } - // Don't pay the cost of scrypt while fuzzing. - Decryptor::Passphrase(_) => (), - } + let _ = decryptor.decrypt(iter::empty()); } }); From e3a5c5fe8c76c7f0cf0e0a33a041fd4b7041b4de Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 10:41:28 +0000 Subject: [PATCH 73/77] Update user handles in readmes --- README.md | 4 ++-- age/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3bf0199..fd12040 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,8 @@ format. It features small explicit keys, no config options, and UNIX-style composability. The format specification is at [age-encryption.org/v1](https://age-encryption.org/v1). -age was designed by [@Benjojo12](https://twitter.com/Benjojo12) and -[@FiloSottile](https://twitter.com/FiloSottile). +age was designed by [@Benjojo](https://benjojo.co.uk/) and +[@FiloSottile](https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl). The reference interoperable Go implementation is available at [filippo.io/age](https://filippo.io/age). diff --git a/age/README.md b/age/README.md index ea7c188..5b8ace3 100644 --- a/age/README.md +++ b/age/README.md @@ -12,8 +12,8 @@ encryption and decryption of files or streams (e.g. in shell scripts), as well as additional features such as mounting an encrypted archive. The format specification is at [age-encryption.org/v1](https://age-encryption.org/v1). -The age format was designed by [@Benjojo12](https://twitter.com/Benjojo12) and -[@FiloSottile](https://twitter.com/FiloSottile). +The age format was designed by [@Benjojo](https://benjojo.co.uk/) and +[@FiloSottile](https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl). The reference interoperable Go implementation is available at [filippo.io/age](https://filippo.io/age). From d35d442f91156bfeb421de49c4ee6d9e5b038150 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 3 Nov 2024 10:42:17 +0000 Subject: [PATCH 74/77] v0.11.0 --- Cargo.lock | 8 ++++---- Cargo.toml | 4 ++-- age-core/CHANGELOG.md | 2 ++ age-core/Cargo.toml | 2 +- age-plugin/CHANGELOG.md | 3 +++ age-plugin/Cargo.toml | 2 +- age/CHANGELOG.md | 2 ++ age/Cargo.toml | 2 +- age/README.md | 2 +- fuzz-afl/Cargo.lock | 4 ++-- fuzz/Cargo.lock | 4 ++-- rage/CHANGELOG.md | 2 ++ rage/Cargo.toml | 2 +- rage/tests/cmd/rage-keygen/version.toml | 2 +- rage/tests/cmd/rage-mount/version.toml | 2 +- rage/tests/cmd/rage/version.toml | 2 +- 16 files changed, 27 insertions(+), 18 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1bb30a1..3ae0af0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -60,7 +60,7 @@ dependencies = [ [[package]] name = "age" -version = "0.10.0" +version = "0.11.0" dependencies = [ "aes", "aes-gcm", @@ -110,7 +110,7 @@ dependencies = [ [[package]] name = "age-core" -version = "0.10.0" +version = "0.11.0" dependencies = [ "base64", "chacha20poly1305", @@ -126,7 +126,7 @@ dependencies = [ [[package]] name = "age-plugin" -version = "0.5.0" +version = "0.6.0" dependencies = [ "age-core", "base64", @@ -2042,7 +2042,7 @@ dependencies = [ [[package]] name = "rage" -version = "0.10.0" +version = "0.11.0" dependencies = [ "age", "chrono", diff --git a/Cargo.toml b/Cargo.toml index d13d535..40b27a5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,8 +15,8 @@ repository = "https://github.com/str4d/rage" license = "MIT OR Apache-2.0" [workspace.dependencies] -age = { version = "0.10.0", path = "age" } -age-core = { version = "0.10.0", path = "age-core" } +age = { version = "0.11.0", path = "age" } +age-core = { version = "0.11.0", path = "age-core" } # Dependencies required by the age specification: # - Base64 from RFC 4648 diff --git a/age-core/CHANGELOG.md b/age-core/CHANGELOG.md index baaa088..bd5699d 100644 --- a/age-core/CHANGELOG.md +++ b/age-core/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] + +## [0.11.0] - 2024-11-03 ### Added - `age_core::format`: - `FileKey::new` diff --git a/age-core/Cargo.toml b/age-core/Cargo.toml index 5bab42b..131a54d 100644 --- a/age-core/Cargo.toml +++ b/age-core/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "age-core" description = "[BETA] Common functions used across the age crates" -version = "0.10.0" +version = "0.11.0" authors.workspace = true repository.workspace = true readme = "README.md" diff --git a/age-plugin/CHANGELOG.md b/age-plugin/CHANGELOG.md index b37396e..34b0bba 100644 --- a/age-plugin/CHANGELOG.md +++ b/age-plugin/CHANGELOG.md @@ -9,12 +9,15 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] + +## [0.6.0] - 2024-11-03 ### Added - `age_plugin::PluginHandler` - `impl age_plugin::identity::IdentityPluginV1 for std::convert::Infallible` - `impl age_plugin::recipient::RecipientPluginV1 for std::convert::Infallible` ### Changed +- Migrated to `age-core 0.11`. - `age_plugin::recipient::RecipientPluginV1` has a new `labels` method. Existing implementations of the trait should either return `HashSet::new()` to maintain existing compatibility, or return labels that apply the desired constraints. diff --git a/age-plugin/Cargo.toml b/age-plugin/Cargo.toml index 30fe48d..023b3c5 100644 --- a/age-plugin/Cargo.toml +++ b/age-plugin/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "age-plugin" description = "[BETA] API for writing age plugins." -version = "0.5.0" +version = "0.6.0" authors.workspace = true repository.workspace = true readme = "README.md" diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index a582e70..9cc9178 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] + +## [0.11.0] - 2024-11-03 ### Added - New streamlined APIs for use with a single recipient or identity and a small amount of data (that can fit entirely in memory): diff --git a/age/Cargo.toml b/age/Cargo.toml index 8c07f81..720270c 100644 --- a/age/Cargo.toml +++ b/age/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "age" description = "[BETA] A simple, secure, and modern encryption library." -version = "0.10.0" +version = "0.11.0" authors.workspace = true repository.workspace = true readme = "README.md" diff --git a/age/README.md b/age/README.md index 5b8ace3..e3a4cff 100644 --- a/age/README.md +++ b/age/README.md @@ -23,7 +23,7 @@ The reference interoperable Go implementation is available at Add this line to your `Cargo.toml`: ``` -age = "0.10" +age = "0.11" ``` See the [documentation](https://docs.rs/age) for examples. diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index 543d1ec..8622c91 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -26,7 +26,7 @@ dependencies = [ [[package]] name = "age" -version = "0.10.0" +version = "0.11.0" dependencies = [ "age-core", "base64", @@ -50,7 +50,7 @@ dependencies = [ [[package]] name = "age-core" -version = "0.10.0" +version = "0.11.0" dependencies = [ "base64", "chacha20poly1305", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index a12faf6..225219d 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -14,7 +14,7 @@ dependencies = [ [[package]] name = "age" -version = "0.10.0" +version = "0.11.0" dependencies = [ "age-core", "base64", @@ -38,7 +38,7 @@ dependencies = [ [[package]] name = "age-core" -version = "0.10.0" +version = "0.11.0" dependencies = [ "base64", "chacha20poly1305", diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index 50a288c..347ac10 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -9,6 +9,8 @@ and this project adheres to Rust's notion of to 1.0.0 are beta releases. ## [Unreleased] + +## [0.11.0] - 2024-11-03 ### Added - Partial French translation! diff --git a/rage/Cargo.toml b/rage/Cargo.toml index 865cc43..799c03f 100644 --- a/rage/Cargo.toml +++ b/rage/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "rage" description = "[BETA] A simple, secure, and modern encryption tool." -version = "0.10.0" +version = "0.11.0" authors.workspace = true repository.workspace = true readme = "../README.md" diff --git a/rage/tests/cmd/rage-keygen/version.toml b/rage/tests/cmd/rage-keygen/version.toml index e7ab588..d3dad01 100644 --- a/rage/tests/cmd/rage-keygen/version.toml +++ b/rage/tests/cmd/rage-keygen/version.toml @@ -1,6 +1,6 @@ bin.name = "rage-keygen" args = "--version" stdout = """ -rage-keygen 0.10.0 +rage-keygen 0.11.0 """ stderr = "" diff --git a/rage/tests/cmd/rage-mount/version.toml b/rage/tests/cmd/rage-mount/version.toml index 283726f..0117dd4 100644 --- a/rage/tests/cmd/rage-mount/version.toml +++ b/rage/tests/cmd/rage-mount/version.toml @@ -1,6 +1,6 @@ bin.name = "rage-mount" args = "--version" stdout = """ -rage-mount 0.10.0 +rage-mount 0.11.0 """ stderr = "" diff --git a/rage/tests/cmd/rage/version.toml b/rage/tests/cmd/rage/version.toml index 2d3ac3b..3443bd2 100644 --- a/rage/tests/cmd/rage/version.toml +++ b/rage/tests/cmd/rage/version.toml @@ -1,6 +1,6 @@ bin.name = "rage" args = "--version" stdout = """ -rage 0.10.0 +rage 0.11.0 """ stderr = "" From 383b6f52aa91d48720422b8049bcfc2a4aefbb31 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 18 Nov 2024 07:06:16 +0000 Subject: [PATCH 75/77] Replace the test `NoCallbacks` with the library version --- age/src/plugin.rs | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/age/src/plugin.rs b/age/src/plugin.rs index 98f11d1..f38ec0c 100644 --- a/age/src/plugin.rs +++ b/age/src/plugin.rs @@ -736,7 +736,7 @@ impl crate::Identity for IdentityPluginV1 { #[cfg(test)] mod tests { - use crate::{Callbacks, DecryptError, EncryptError}; + use crate::{DecryptError, EncryptError, NoCallbacks}; use super::{ Identity, IdentityPluginV1, Recipient, RecipientPluginV1, PLUGIN_IDENTITY_PREFIX, @@ -745,21 +745,6 @@ mod tests { const INVALID_PLUGIN_NAME: &str = "foobar/../../../../../../../usr/bin/echo"; - #[derive(Clone)] - struct NoCallbacks; - impl Callbacks for NoCallbacks { - fn display_message(&self, _: &str) {} - fn confirm(&self, _: &str, _: &str, _: Option<&str>) -> Option { - None - } - fn request_public_string(&self, _: &str) -> Option { - None - } - fn request_passphrase(&self, _: &str) -> Option { - None - } - } - #[test] fn default_for_plugin() { assert_eq!( From a82a76a8491afd17f53c1ce6ca3716667e61a536 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Mon, 18 Nov 2024 07:11:33 +0000 Subject: [PATCH 76/77] v0.11.1 --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- age/CHANGELOG.md | 2 +- age/Cargo.toml | 2 +- rage/CHANGELOG.md | 2 +- rage/Cargo.toml | 2 +- rage/tests/cmd/rage-keygen/version.toml | 2 +- rage/tests/cmd/rage-mount/version.toml | 2 +- rage/tests/cmd/rage/version.toml | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3ae0af0..72e9667 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -60,7 +60,7 @@ dependencies = [ [[package]] name = "age" -version = "0.11.0" +version = "0.11.1" dependencies = [ "aes", "aes-gcm", @@ -2042,7 +2042,7 @@ dependencies = [ [[package]] name = "rage" -version = "0.11.0" +version = "0.11.1" dependencies = [ "age", "chrono", diff --git a/Cargo.toml b/Cargo.toml index 40b27a5..8468db4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,7 +15,7 @@ repository = "https://github.com/str4d/rage" license = "MIT OR Apache-2.0" [workspace.dependencies] -age = { version = "0.11.0", path = "age" } +age = { version = "0.11.1", path = "age" } age-core = { version = "0.11.0", path = "age-core" } # Dependencies required by the age specification: diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index a1a82c8..e33ddfd 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -10,7 +10,7 @@ to 1.0.0 are beta releases. ## [Unreleased] -## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1] - 2024-11-18 +## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18 ### Security - The age plugin protocol previously allowed plugin names that could be interpreted as file paths. Under certain conditions, this could lead to a diff --git a/age/Cargo.toml b/age/Cargo.toml index 720270c..1151046 100644 --- a/age/Cargo.toml +++ b/age/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "age" description = "[BETA] A simple, secure, and modern encryption library." -version = "0.11.0" +version = "0.11.1" authors.workspace = true repository.workspace = true readme = "README.md" diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index 6653d5c..ab8d47f 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -10,7 +10,7 @@ to 1.0.0 are beta releases. ## [Unreleased] -## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1] - 2024-11-18 +## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18 ### Security - The age plugin protocol previously allowed plugin names that could be interpreted as file paths. Under certain conditions, this could lead to a diff --git a/rage/Cargo.toml b/rage/Cargo.toml index 799c03f..a472f7f 100644 --- a/rage/Cargo.toml +++ b/rage/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "rage" description = "[BETA] A simple, secure, and modern encryption tool." -version = "0.11.0" +version = "0.11.1" authors.workspace = true repository.workspace = true readme = "../README.md" diff --git a/rage/tests/cmd/rage-keygen/version.toml b/rage/tests/cmd/rage-keygen/version.toml index d3dad01..592c1fb 100644 --- a/rage/tests/cmd/rage-keygen/version.toml +++ b/rage/tests/cmd/rage-keygen/version.toml @@ -1,6 +1,6 @@ bin.name = "rage-keygen" args = "--version" stdout = """ -rage-keygen 0.11.0 +rage-keygen 0.11.1 """ stderr = "" diff --git a/rage/tests/cmd/rage-mount/version.toml b/rage/tests/cmd/rage-mount/version.toml index 0117dd4..e30e8af 100644 --- a/rage/tests/cmd/rage-mount/version.toml +++ b/rage/tests/cmd/rage-mount/version.toml @@ -1,6 +1,6 @@ bin.name = "rage-mount" args = "--version" stdout = """ -rage-mount 0.11.0 +rage-mount 0.11.1 """ stderr = "" diff --git a/rage/tests/cmd/rage/version.toml b/rage/tests/cmd/rage/version.toml index 3443bd2..1f92da8 100644 --- a/rage/tests/cmd/rage/version.toml +++ b/rage/tests/cmd/rage/version.toml @@ -1,6 +1,6 @@ bin.name = "rage" args = "--version" stdout = """ -rage 0.11.0 +rage 0.11.1 """ stderr = "" From 07808823074013acab5417de9d6ad176133312c6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 18 Dec 2024 15:17:33 +0000 Subject: [PATCH 77/77] Update changelog with GHSA for security vulnerability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thanks to ⬡-49016 for reporting this issue. --- age/CHANGELOG.md | 9 ++++----- rage/CHANGELOG.md | 11 +++++------ 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/age/CHANGELOG.md b/age/CHANGELOG.md index e33ddfd..eb79b40 100644 --- a/age/CHANGELOG.md +++ b/age/CHANGELOG.md @@ -12,11 +12,10 @@ to 1.0.0 are beta releases. ## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18 ### Security -- The age plugin protocol previously allowed plugin names that could be - interpreted as file paths. Under certain conditions, this could lead to a - different binary being executed as an age plugin than intended. Plugin names - are now required to only contain alphanumeric characters or the four special - characters `+-._`. +- Fixed a security vulnerability that could allow an attacker to execute an + arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin + names are now required to only contain alphanumeric characters or the four + special characters `+-._`. Thanks to ⬡-49016 for reporting this issue. ## [0.11.0] - 2024-11-03 ### Added diff --git a/rage/CHANGELOG.md b/rage/CHANGELOG.md index ab8d47f..a56681c 100644 --- a/rage/CHANGELOG.md +++ b/rage/CHANGELOG.md @@ -10,13 +10,12 @@ to 1.0.0 are beta releases. ## [Unreleased] -## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18 +## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-12-18 ### Security -- The age plugin protocol previously allowed plugin names that could be - interpreted as file paths. Under certain conditions, this could lead to a - different binary being executed as an age plugin than intended. Plugin names - are now required to only contain alphanumeric characters or the four special - characters `+-._`. +- Fixed a security vulnerability that could allow an attacker to execute an + arbitrary binary under certain conditions. See GHSA-4fg7-vxc8-qx5w. Plugin + names are now required to only contain alphanumeric characters or the four + special characters `+-._`. Thanks to ⬡-49016 for reporting this issue. ## [0.11.0] - 2024-11-03 ### Added