Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated dalek dependecy #11

Closed
wants to merge 2 commits into from
Closed

Updated dalek dependecy #11

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e8086de
Updated dalek dependecy
markopoloparadox Jul 2, 2024
8a29bf2
bumped libp2p
markopoloparadox Jul 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 9 additions & 10 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions substrate/frame/support/src/dispatch.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -637,8 +637,20 @@ impl<T> CustomDispatchFee<T> for (Weight, DispatchClass, DispatchFeeModifier) {
}
}

impl<T> CustomDispatchFee<T> for (Weight, DispatchClass, Pays) {
fn custom_dispatch_fee(&self, _: T) -> DispatchFeeModifier {
DispatchFeeModifier::default()
}
}

// TODO: Eventually remove these

impl<T> CustomDispatchFee<T> for u64 {
fn custom_dispatch_fee(&self, _: T) -> DispatchFeeModifier {
DispatchFeeModifier::default()
}
}

impl<T> ClassifyDispatch<T> for u64 {
fn classify_dispatch(&self, _: T) -> DispatchClass {
DispatchClass::Normal
Expand Down Expand Up @@ -675,6 +687,12 @@ impl<T> PaysFee<T> for (u64, DispatchClass, Pays) {
}
}

impl<T> CustomDispatchFee<T> for (u64, DispatchClass, Pays) {
fn custom_dispatch_fee(&self, _: T) -> DispatchFeeModifier {
DispatchFeeModifier::default()
}
}

impl<T> WeighData<T> for (u64, DispatchClass) {
fn weigh_data(&self, args: T) -> Weight {
return self.0.weigh_data(args)
Expand All @@ -693,6 +711,12 @@ impl<T> PaysFee<T> for (u64, DispatchClass) {
}
}

impl<T> CustomDispatchFee<T> for (u64, DispatchClass) {
fn custom_dispatch_fee(&self, _: T) -> DispatchFeeModifier {
DispatchFeeModifier::default()
}
}

impl<T> WeighData<T> for (u64, Pays) {
fn weigh_data(&self, args: T) -> Weight {
return self.0.weigh_data(args)
Expand All @@ -711,6 +735,12 @@ impl<T> PaysFee<T> for (u64, Pays) {
}
}

impl<T> CustomDispatchFee<T> for (u64, Pays) {
fn custom_dispatch_fee(&self, _: T) -> DispatchFeeModifier {
DispatchFeeModifier::default()
}
}

// END TODO

#[cfg(test)]
Expand Down
2 changes: 1 addition & 1 deletion substrate/primitives/statement-store/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ thiserror = { version = "1.0", optional = true }
# ECIES dependencies
ed25519-dalek = { version = "2.1", optional = true }
x25519-dalek = { version = "2.0", optional = true, features = ["static_secrets"] }
curve25519-dalek = { version = "4.1.1", optional = true }
curve25519-dalek = { version = "4.1.3", optional = true }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gonna make a temp release based on your branch and see if these are still propagated through the consumed packages in bridge-api.

If not we can live with it till we prioritize the other vulnerabilities fix present in Cargo.lock versioned crates.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cargo.toml on both bridge-api and avail-core were modified to consume polkadot-1.7.1-patch-8-tmp.

On bridge-api:

╰─$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 630 security advisories (from /home/moraesjeremias/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (578 crate dependencies)
Crate:     curve25519-dalek
Version:   3.2.0
Title:     Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Date:      2024-06-18
ID:        RUSTSEC-2024-0344
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0344
Solution:  Upgrade to >=4.1.3

On avail-core:

╰─$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 630 security advisories (from /home/moraesjeremias/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (459 crate dependencies)
Crate:     curve25519-dalek
Version:   3.2.0
Title:     Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Date:      2024-06-18
ID:        RUSTSEC-2024-0344
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0344
Solution:  Upgrade to >=4.1.3

aes-gcm = { version = "0.10", optional = true }
hkdf = { version = "0.12.0", optional = true }
sha2 = { version = "0.10.7", optional = true }
Expand Down
Loading