Skip to content

Commit

Permalink
Merge pull request #7072 from freedomofpress/backport-7071
Browse files Browse the repository at this point in the history
[2.7.0] Backport "Audit remaining Rust crates"
  • Loading branch information
zenmonkeykstop authored Nov 7, 2023
2 parents d64cf7b + 961413d commit 46bf7cf
Show file tree
Hide file tree
Showing 3 changed files with 419 additions and 238 deletions.
192 changes: 173 additions & 19 deletions supply-chain/audits.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,97 +3,216 @@

[[audits.ascii-canvas]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "3.0.0"

[[audits.bitflags]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
version = "1.3.2"

[[audits.cc]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
delta = "1.0.73 -> 1.0.83"

[[audits.chrono]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
delta = "0.4.26 -> 0.4.31"

[[audits.crc32fast]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "1.3.2"

[[audits.diff]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.1.13"

[[audits.digest]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.9.0"

[[audits.dirs-next]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "2.0.0"

[[audits.dirs-sys-next]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.1.2"

[[audits.ena]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
version = "0.14.2"

[[audits.fixedbitset]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.4.2"

[[audits.generic-array]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
version = "0.14.6"

[[audits.getrandom]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
version = "0.1.16"

[[audits.getrandom]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
delta = "0.1.16 -> 0.2.6"

[[audits.iana-time-zone]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.1.58"
notes = "Only code for Linux was reviewed."

[[audits.idna]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.3.0 -> 0.4.0"
notes = "Primarily adding a no_std mode"

[[audits.lalrpop]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
delta = "0.19.12 -> 0.20.0"
criteria = "safe-to-run"
delta = "0.19.10 -> 0.20.0"
notes = "Autogenerated code was not reviewed."

[[audits.lalrpop-util]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.19.12"

[[audits.lalrpop-util]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.19.12 -> 0.20.0"

[[audits.memoffset]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.6.5"

[[audits.memsec]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.6.3"

[[audits.petgraph]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
delta = "0.6.2 -> 0.6.4"

[[audits.phf_shared]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.10.0"

[[audits.pkg-config]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.3.26 -> 0.3.27"

[[audits.ppv-lite86]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
delta = "0.2.10 -> 0.2.16"

[[audits.pyo3]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.18.3"

[[audits.pyo3-build-config]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.18.3"
notes = "Windows, cross-compiling and abi3 code not reviewed."

[[audits.pyo3-ffi]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.18.3"
notes = "Unsurprisingly lots of unsafe, appears fine for an FFI library. PyPy and Windows code was skipped."

[[audits.pyo3-macros]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.18.3"

[[audits.pyo3-macros-backend]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.18.3"

[[audits.rand]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.7.3 -> 0.8.5"

[[audits.rand]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
delta = "0.8.3 -> 0.8.5"

[[audits.rand_chacha]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.2.2 -> 0.3.1"

[[audits.rand_core]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
delta = "0.5.1 -> 0.6.3"

[[audits.siphasher]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-deploy"
criteria = "safe-to-run"
version = "0.3.10"

[[audits.smallvec]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
delta = "1.6.1 -> 1.11.1"

[[audits.string_cache]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.8.7"

[[audits.term]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.7.0"
notes = "Windows code was not reviewed."

[[audits.tiny-keccak]]
who = "Cory Francis Myers <[email protected]>"
criteria = "safe-to-run"
version = "2.0.2"

[[audits.typenum]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "1.15.0"

[[audits.xxhash-rust]]
who = "Kunal Mehta <[email protected]>"
criteria = "safe-to-run"
version = "0.8.7"
notes = "Only the `xxh3` feature, used by Sequoia, was reviewed"

[[trusted.aho-corasick]]
criteria = "safe-to-deploy"
user-id = 189 # Andrew Gallant (BurntSushi)
Expand Down Expand Up @@ -149,6 +268,13 @@ user-id = 539 # Josh Stone (cuviper)
start = "2019-04-02"
end = "2024-04-10"

[[trusted.ena]]
criteria = "safe-to-deploy"
user-id = 1386 # Niko Matsakis (nikomatsakis)
start = "2019-03-19"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.equivalent]]
criteria = "safe-to-deploy"
user-id = 539 # Josh Stone (cuviper)
Expand Down Expand Up @@ -198,6 +324,13 @@ start = "2022-01-22"
end = "2024-04-10"
notes = "Rust Project member"

[[trusted.lalrpop]]
criteria = "safe-to-deploy"
user-id = 1386 # Niko Matsakis (nikomatsakis)
start = "2023-03-25"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.libc]]
criteria = "safe-to-deploy"
user-id = 1 # Alex Crichton (alexcrichton)
Expand Down Expand Up @@ -240,6 +373,27 @@ start = "2019-05-20"
end = "2024-04-10"
notes = "Rust Project member"

[[trusted.openssl]]
criteria = "safe-to-deploy"
user-id = 5 # Steven Fackler (sfackler)
start = "2019-02-22"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.openssl]]
criteria = "safe-to-deploy"
user-id = 163 # Alex Gaynor (alex)
start = "2023-03-24"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.openssl-sys]]
criteria = "safe-to-deploy"
user-id = 5 # Steven Fackler (sfackler)
start = "2019-03-01"
end = "2024-05-02"
notes = "Rust Project member"

[[trusted.parking_lot]]
criteria = "safe-to-deploy"
user-id = 2915 # Amanieu d'Antras (Amanieu)
Expand Down
Loading

0 comments on commit 46bf7cf

Please sign in to comment.