From fb963b08f87014b915b8bbdf5325e6c6196bc622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 20 Jul 2021 17:11:08 +0300 Subject: [PATCH 1/2] pin zeroize to v1.3 and subtle to v2.4 --- Cargo.lock | 79 ++++++++++++++++++--------------------- argon2/CHANGELOG.md | 6 +++ argon2/Cargo.toml | 4 +- argon2/src/lib.rs | 5 ++- bcrypt-pbkdf/CHANGELOG.md | 6 +++ bcrypt-pbkdf/Cargo.toml | 4 +- bcrypt-pbkdf/src/lib.rs | 6 ++- sha-crypt/CHANGELOG.md | 6 +++ sha-crypt/Cargo.toml | 4 +- sha-crypt/src/lib.rs | 5 ++- 10 files changed, 72 insertions(+), 53 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3e71fed9..dec1081b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,8 +1,10 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. +version = 3 + [[package]] name = "argon2" -version = "0.2.1" +version = "0.2.2" dependencies = [ "blake2", "hex-literal", @@ -26,10 +28,10 @@ checksum = "d0d27fb6b6f1e43147af148af49d49329413ba781aa0d5e10979831c210173b5" [[package]] name = "bcrypt-pbkdf" -version = "0.6.1" +version = "0.6.2" dependencies = [ "blowfish", - "crypto-mac 0.11.0", + "crypto-mac 0.11.1", "pbkdf2", "sha2", "zeroize", @@ -89,19 +91,13 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.1.1" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dec1028182c380cc45a2e2c5ec841134f2dfd0f8f5f0a5bcd68004f81b5efdf4" +checksum = "66c99696f6c9dd7f35d486b9d04d7e6e202aa3e8c40d553f2fdf5e7e0c6a71ef" dependencies = [ "libc", ] -[[package]] -name = "cpuid-bool" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8aebca1129a03dc6dc2b127edd729435bbc4a37e1d5f4d7513165089ceb02634" - [[package]] name = "crossbeam-channel" version = "0.5.1" @@ -125,9 +121,9 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52fb27eab85b17fbb9f6fd667089e07d6a2eb8743d02639ee7f6a7a7729c9c94" +checksum = "4ec02e091aa634e2c3ada4a392989e7c3116673ef0ac5b72232439094d73b7fd" dependencies = [ "cfg-if", "crossbeam-utils", @@ -138,11 +134,10 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4feb231f0d4d6af81aed15928e58ecf5816aa62a2393e2c82f46973e92a9a278" +checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db" dependencies = [ - "autocfg", "cfg-if", "lazy_static", ] @@ -159,9 +154,9 @@ dependencies = [ [[package]] name = "crypto-mac" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e" +checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" dependencies = [ "generic-array", "subtle", @@ -194,9 +189,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" +checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ "cfg-if", "libc", @@ -205,9 +200,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.1.18" +version = "0.1.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c" +checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" dependencies = [ "libc", ] @@ -224,7 +219,7 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" dependencies = [ - "crypto-mac 0.11.0", + "crypto-mac 0.11.1", "digest", ] @@ -236,15 +231,15 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.94" +version = "0.2.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18794a8ad5b29321f790b55d93dfba91e125cb1a9edbd4f8e3150acc771c1a5e" +checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790" [[package]] name = "memoffset" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83fb6581e8ed1f85fd45c116db8405483899489e38406156c25eb743554361d" +checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" dependencies = [ "autocfg", ] @@ -267,9 +262,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "password-hash" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1a5d4e9c205d2c1ae73b84aab6240e98218c0e72e63b50422cfb2d1ca952282" +checksum = "fd482dfb8cfba5a93ec0f91e1c0f66967cb2fdc1a8dba646c4f9202c5d05d785" dependencies = [ "base64ct", "rand_core", @@ -281,7 +276,7 @@ name = "pbkdf2" version = "0.8.0" dependencies = [ "base64ct", - "crypto-mac 0.11.0", + "crypto-mac 0.11.1", "hex-literal", "hmac", "password-hash", @@ -299,9 +294,9 @@ checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" [[package]] name = "rand" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e" +checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" dependencies = [ "libc", "rand_chacha", @@ -311,9 +306,9 @@ dependencies = [ [[package]] name = "rand_chacha" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", "rand_core", @@ -321,18 +316,18 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.6.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7" +checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ "getrandom", ] [[package]] name = "rand_hc" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73" +checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" dependencies = [ "rand_core", ] @@ -392,20 +387,20 @@ dependencies = [ [[package]] name = "sha-1" -version = "0.9.4" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfebf75d25bd900fd1e7d11501efab59bc846dbc76196839663e6637bba9f25f" +checksum = "1a0c8611594e2ab4ebbf06ec7cbbf0a99450b8570e96cbf5188b5d5f6ef18d81" dependencies = [ "block-buffer", "cfg-if", - "cpuid-bool", + "cpufeatures", "digest", "opaque-debug", ] [[package]] name = "sha-crypt" -version = "0.2.0" +version = "0.2.1" dependencies = [ "rand", "sha2", diff --git a/argon2/CHANGELOG.md b/argon2/CHANGELOG.md index 6ddf32fc..d88eaaea 100644 --- a/argon2/CHANGELOG.md +++ b/argon2/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.2.2 (2021-07-20) +### Changed +- Pin `zeroize` dependency to v1.3 ([#190]) + +[#190]: https://github.com/RustCrypto/password-hashes/pull/190 + ## 0.2.1 (2021-05-28) ### Changed - `Params` always available; no longer feature-gated on `password-hash` ([#182]) diff --git a/argon2/Cargo.toml b/argon2/Cargo.toml index 20ccbb78..a008b910 100644 --- a/argon2/Cargo.toml +++ b/argon2/Cargo.toml @@ -4,7 +4,7 @@ description = """ Pure Rust implementation of the Argon2 password hashing function with support for the Argon2d, Argon2i, and Argon2id algorithmic variants """ -version = "0.2.1" +version = "0.2.2" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" documentation = "https://docs.rs/argon2" @@ -18,7 +18,7 @@ readme = "README.md" blake2 = { version = "0.9", default-features = false } password-hash = { version = "0.2", optional = true } rayon = { version = "1", optional = true } -zeroize = { version = "1", optional = true } +zeroize = { version = "=1.3", optional = true } [dev-dependencies] hex-literal = "0.3" diff --git a/argon2/src/lib.rs b/argon2/src/lib.rs index 3096b39b..bbe8bbd6 100644 --- a/argon2/src/lib.rs +++ b/argon2/src/lib.rs @@ -68,8 +68,9 @@ #![cfg_attr(not(feature = "parallel"), forbid(unsafe_code))] #![cfg_attr(docsrs, feature(doc_cfg))] #![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_root_url = "https://docs.rs/argon2/0.2.2" )] #![warn(rust_2018_idioms, missing_docs)] diff --git a/bcrypt-pbkdf/CHANGELOG.md b/bcrypt-pbkdf/CHANGELOG.md index 3e89a100..c1525822 100644 --- a/bcrypt-pbkdf/CHANGELOG.md +++ b/bcrypt-pbkdf/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.6.2 (2021-07-20) +### Changed +- Pin `zeroize` dependency to v1.3 ([#190]) + +[#190]: https://github.com/RustCrypto/password-hashes/pull/190 + ## 0.6.1 (2021-05-04) ### Changed - Bump `blowfish` dependency to v0.8 ([#171]) diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index 8d9c10d9..55cc3897 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "bcrypt-pbkdf" description = "bcrypt-pbkdf password-based key derivation function" -version = "0.6.1" +version = "0.6.2" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] repository = "https://github.com/RustCrypto/password-hashes/tree/master/bcrypt-pbkdf" keywords = ["crypto", "password", "hashing"] @@ -15,7 +15,7 @@ blowfish = { version = "0.8", features = ["bcrypt"] } crypto-mac = "0.11" pbkdf2 = { version = "0.8", default-features = false, path = "../pbkdf2" } sha2 = { version = "0.9", default-features = false } -zeroize = { version = "1", default-features = false } +zeroize = { version = "=1.3", default-features = false } [features] default = ["std"] diff --git a/bcrypt-pbkdf/src/lib.rs b/bcrypt-pbkdf/src/lib.rs index 3daef7e3..86ef2f58 100644 --- a/bcrypt-pbkdf/src/lib.rs +++ b/bcrypt-pbkdf/src/lib.rs @@ -5,7 +5,11 @@ //! [OpenSSH]: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf #![no_std] -#![doc(html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo_small.png")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_root_url = "https://docs.rs/bcrypt-pbkdf/0.6.2" +)] extern crate alloc; #[cfg(feature = "std")] diff --git a/sha-crypt/CHANGELOG.md b/sha-crypt/CHANGELOG.md index 6dafaadc..5eda7980 100644 --- a/sha-crypt/CHANGELOG.md +++ b/sha-crypt/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.2.1 (2021-07-20) +### Changed +- Pin `subtle` dependency to v2.4 ([#190]) + +[#190]: https://github.com/RustCrypto/password-hashes/pull/190 + ## 0.2.0 (2021-01-29) ### Changed - Bump `rand` dependency to v0.8 ([#86]) diff --git a/sha-crypt/Cargo.toml b/sha-crypt/Cargo.toml index 7fda3f3c..603d5d56 100644 --- a/sha-crypt/Cargo.toml +++ b/sha-crypt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sha-crypt" -version = "0.2.0" +version = "0.2.1" # Also update html_root_url in lib.rs when bumping this description = """ Pure Rust implementation of the SHA-crypt password hash based on SHA-512 as implemented by the POSIX crypt C library @@ -17,7 +17,7 @@ readme = "README.md" [dependencies] sha2 = { version = "0.9", default-features = false } rand = { version = "0.8", optional = true } -subtle = { version = "2", optional = true, default-features = false } +subtle = { version = "=2.4", optional = true, default-features = false } [features] default = ["simple"] diff --git a/sha-crypt/src/lib.rs b/sha-crypt/src/lib.rs index cf9ad91c..5fce16c4 100644 --- a/sha-crypt/src/lib.rs +++ b/sha-crypt/src/lib.rs @@ -31,8 +31,9 @@ #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] #![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_root_url = "https://docs.rs/sha-crypt/0.2.1" )] #![deny(unsafe_code)] #![warn(rust_2018_idioms)] // TODO(tarcieri): add `missing_docs` From de96ce98c4e2928d815a11c4f8431ebd8e7493f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 20 Jul 2021 17:16:44 +0300 Subject: [PATCH 2/2] make the doc attribute consistent across crates --- argon2/Cargo.toml | 2 +- bcrypt-pbkdf/Cargo.toml | 2 +- pbkdf2/Cargo.toml | 2 +- pbkdf2/src/lib.rs | 6 +++++- scrypt/Cargo.toml | 2 +- scrypt/src/lib.rs | 6 +++++- 6 files changed, 14 insertions(+), 6 deletions(-) diff --git a/argon2/Cargo.toml b/argon2/Cargo.toml index a008b910..86edd130 100644 --- a/argon2/Cargo.toml +++ b/argon2/Cargo.toml @@ -1,10 +1,10 @@ [package] name = "argon2" +version = "0.2.2" # Also update html_root_url in lib.rs when bumping this description = """ Pure Rust implementation of the Argon2 password hashing function with support for the Argon2d, Argon2i, and Argon2id algorithmic variants """ -version = "0.2.2" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" documentation = "https://docs.rs/argon2" diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index 55cc3897..3c901d17 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "bcrypt-pbkdf" -description = "bcrypt-pbkdf password-based key derivation function" version = "0.6.2" # Also update html_root_url in lib.rs when bumping this +description = "bcrypt-pbkdf password-based key derivation function" authors = ["RustCrypto Developers"] repository = "https://github.com/RustCrypto/password-hashes/tree/master/bcrypt-pbkdf" keywords = ["crypto", "password", "hashing"] diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index 261638e9..7d84d39d 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pbkdf2" -version = "0.8.0" +version = "0.8.0" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" description = "Generic implementation of PBKDF2" diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index b1d558cb..f9f49dcb 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -49,7 +49,11 @@ #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] -#![doc(html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo_small.png")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_root_url = "https://docs.rs/pbkdf2/0.8.0" +)] #[cfg(feature = "std")] extern crate std; diff --git a/scrypt/Cargo.toml b/scrypt/Cargo.toml index 08b0d512..633427cb 100644 --- a/scrypt/Cargo.toml +++ b/scrypt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "scrypt" -version = "0.7.0" +version = "0.7.0" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" description = "Scrypt password-based key derivation function" diff --git a/scrypt/src/lib.rs b/scrypt/src/lib.rs index a66aea8b..838f5dc7 100644 --- a/scrypt/src/lib.rs +++ b/scrypt/src/lib.rs @@ -39,7 +39,11 @@ #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] -#![doc(html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo_small.png")] +#![doc( + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", + html_root_url = "https://docs.rs/scrypt/0.7.0" +)] #[macro_use] extern crate alloc;