From a3df176064672fd3f1aa3f9f86ab7e14acb6fdbd Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Mon, 23 Sep 2024 16:46:24 -0700 Subject: [PATCH 1/2] Update dalek crates, k256, and wasmi for protocol 22 --- Cargo.lock | 47 +++++++++++++++++-------------------- Cargo.toml | 6 ++--- soroban-env-host/Cargo.toml | 24 ++----------------- 3 files changed, 27 insertions(+), 50 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5e6682f61..a5679a980 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -380,16 +380,15 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "digest", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -531,9 +530,9 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.16.7" +version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0997c976637b606099b9985693efa3581e84e41f5c11ba5255f88711058ad428" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", "digest", @@ -555,15 +554,16 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "2.0.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", "ed25519", "rand_core", "serde", "sha2", + "subtle", "zeroize", ] @@ -575,9 +575,9 @@ checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91" [[package]] name = "elliptic-curve" -version = "0.13.5" +version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", @@ -854,9 +854,9 @@ dependencies = [ [[package]] name = "k256" -version = "0.13.1" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cadb76004ed8e97623117f3df85b17aaa6626ab0b0831e6573f104df16cd1bcc" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" dependencies = [ "cfg-if", "ecdsa", @@ -1158,12 +1158,6 @@ dependencies = [ "spki", ] -[[package]] -name = "platforms" -version = "3.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630" - [[package]] name = "powerfmt" version = "0.2.0" @@ -1668,8 +1662,9 @@ version = "22.0.0" [[package]] name = "soroban-wasmi" -version = "0.36.0-soroban.22.0.0" -source = "git+https://github.com/stellar/wasmi?rev=122a74a7c491929e5ac9de876099154ef7c06d06#122a74a7c491929e5ac9de876099154ef7c06d06" +version = "0.36.1-soroban.22.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7044ea0ee6ff67039df1f232f0d3d98121f69a0409e944774912fc5f043c280f" dependencies = [ "arrayvec", "multi-stash", @@ -2069,8 +2064,9 @@ dependencies = [ [[package]] name = "wasmi_collections" -version = "0.36.0-soroban.22.0.0" -source = "git+https://github.com/stellar/wasmi?rev=122a74a7c491929e5ac9de876099154ef7c06d06#122a74a7c491929e5ac9de876099154ef7c06d06" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d1ff23df2c456c8b5d9a0ae7eed03a40f0c4520466b4aa87135c5fc557476e8" dependencies = [ "ahash", "hashbrown 0.14.1", @@ -2079,8 +2075,9 @@ dependencies = [ [[package]] name = "wasmi_core" -version = "0.36.0-soroban.22.0.0" -source = "git+https://github.com/stellar/wasmi?rev=122a74a7c491929e5ac9de876099154ef7c06d06#122a74a7c491929e5ac9de876099154ef7c06d06" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac1b21ded145eb313d44a5895442c28e18904fb95718dc83893779f55945d342" dependencies = [ "downcast-rs", "libm", @@ -2401,9 +2398,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.6.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] diff --git a/Cargo.toml b/Cargo.toml index cf6281186..1fdad5d48 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,10 +41,10 @@ default-features = false [workspace.dependencies.wasmi] package = "soroban-wasmi" -version = "=0.36.0-soroban.22.0.0" -git = "https://github.com/stellar/wasmi" -rev = "122a74a7c491929e5ac9de876099154ef7c06d06" +version = "=0.36.1-soroban.22.0.0" features = ["no-hash-maps"] +# git = "https://github.com/stellar/wasmi" +# rev = "8eb77b143ca5382c349dd5a8170ffa32a2d0ef03" # [patch."https://github.com/stellar/rs-stellar-xdr"] # [patch.crates-io] diff --git a/soroban-env-host/Cargo.toml b/soroban-env-host/Cargo.toml index d8a9b08e6..3d9074dd7 100644 --- a/soroban-env-host/Cargo.toml +++ b/soroban-env-host/Cargo.toml @@ -33,7 +33,7 @@ num-traits = "0.2.17" num-integer = "0.1.45" num-derive = "0.4.1" backtrace = { version = "0.3.69", optional = true } -k256 = {version = "0.13.1", default-features = false, features = ["ecdsa", "arithmetic"]} +k256 = {version = "0.13.3", default-features = false, features = ["ecdsa", "arithmetic"]} p256 = {version = "0.13.2", default-features = false, features = ["ecdsa", "arithmetic"]} ecdsa = {version = "0.16.7", default-features = false} sec1 = {version = "0.7.2"} @@ -46,27 +46,7 @@ getrandom = { version = "0.2.11", features=["js"] } sha3 = "0.10.8" # NB: this must match the same curve25519-dalek version used by ed25519-dalek # above used only for calibration -# -# NB temporary: curve25519-dalek _should_ be pinned to =4.1.1, and it _is_ -# pinned to that version in stellar-core (which embeds soroban-env-host), but -# there is code in curve25519-dalek version 4.1.1 that does not compile on rust -# nightly 2024-02-05, because of a small change to the way SIMD code is -# feature-gated in the rust stdlib, and for inexplicable reasons docs.rs builds -# its documentation using a nightly compiler. As a result, docs for -# soroban-env-host can't build if we pin this to 4.1.1 here. So we give it a -# _slightly_ wider version range _locally_, just to help the docs.rs build when -# it is building docs for this crate alone. When stellar-core builds -# soroban-env-host, it will still resolve curve25519-dalek to 4.1.1, since that -# version satisfies both stellar-core's strict 4.1.1 requirement as well as our -# range-requirement here. IOW nothing about this range-requirement changes what -# stellar-core ultimately ships. This is a temporary workaround until the next -# protocol release when we can safely bump the minimum curve25519-dalek version -# in stellar-core as well. -# -# NB: we relaxed this further in order to comply with the security advisory -# which requires "4.1.3". We will need to pin to this version once Core is -# updated to the new env version. -curve25519-dalek = { version = ">=4.1.1", default-features = false, features = ["digest"]} +curve25519-dalek = { version = ">=4.1.3", default-features = false, features = ["digest"]} ark-bls12-381 = { version = "0.4.0"} ark-serialize = { version = "0.4.2"} ark-ff = { version = "0.4.2"} From 861ac2bd92804942e0429e57d23d489c3b30ecd7 Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Mon, 23 Sep 2024 17:26:57 -0700 Subject: [PATCH 2/2] Remove dalek from deny --- deny.toml | 2 -- 1 file changed, 2 deletions(-) diff --git a/deny.toml b/deny.toml index b8c88e126..58ce283d4 100644 --- a/deny.toml +++ b/deny.toml @@ -53,8 +53,6 @@ exclude = [ # subsystems also winds up pulling in conflicts, but again, just # dev-deps or non-produciton configs. "tracking-allocator", - # Temporary - "curve25519-dalek" ] # If true, metadata will be collected with `--all-features`. Note that this can't