Release New Crates Due to Vulnerability in forest_message 0.6.0 (#1058)

* version bump crypto to 0.5

* bump version of crypto in forest_message

* add flag to forest_crypto

* bump crypto to 0.5.1

* bump forest message to 0.7.1

* release runtime v0.1.2

* bump fil types to 0.1.9

* fil_types 0.1.10

* fallback on fil types git version

* 0.1.11 fil_types

* fix types dependency in runtime

* update Cargo lock

* blst_portable

* move back to pairing

* message 0.7.2 release

* update bls and proofs libraries

* bls-signatures 0.9

* crypto to 0.5.2

* update lock file

* Makefile fix

Makefile

@@ -76,10 +76,18 @@ test-vectors: pull-serialization-tests run-vectors
 
 # Test all without the submodule test vectors with release configuration
 test:
-	cargo test --all --all-features --exclude serialization_tests --exclude conformance_tests
+	cargo test --all --all-features --exclude serialization_tests --exclude conformance_tests --exclude forest_message --exclude forest_crypto
+	cargo test -p forest_crypto --features blst --no-default-features
+	cargo test -p forest_crypto --features pairing --no-default-features
+	cargo test -p forest_message --features blst --no-default-features
+	cargo test -p forest_message --features pairing --no-default-features
 
 test-release:
-	cargo test --release --all --all-features --exclude serialization_tests --exclude conformance_tests
+	cargo test --release --all --all-features --exclude serialization_tests --exclude conformance_tests --exclude forest_message --exclude forest_crypto
+	cargo test --release -p forest_crypto --features blst --no-default-features
+	cargo test --release -p forest_crypto --features pairing --no-default-features
+	cargo test --release -p forest_message --features blst --no-default-features
+	cargo test --release -p forest_message --features pairing --no-default-features
 
 test-all: test-release run-vectors
 
@@ -88,6 +96,6 @@ license:
 	./scripts/add_license.sh
 
 docs:
-	cargo doc --no-deps --all-features
+	cargo doc --no-deps
 
 .PHONY: clean clean-all lint build release test test-all test-release license test-vectors run-vectors pull-serialization-tests install docs run-serialization-vectors run-conformance-vectors

blockchain/blocks/Cargo.toml

@@ -11,8 +11,8 @@ features = ["json"]
 address = { package = "forest_address", version = "0.3" }
 beacon = { path = "../beacon" }
 byteorder = "1.3.4"
-crypto = { package = "forest_crypto", version = "0.4" }
-message = { package = "forest_message", version = "0.6" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
+message = { package = "forest_message", version = "0.7", features = ["blst"] }
 clock = { package = "fil_clock", path = "../../node/clock" }
 cid = { package = "forest_cid", version = "0.3", features = ["cbor"] }
 derive_builder = "0.9"

blockchain/chain/Cargo.toml

@@ -9,12 +9,12 @@ blocks = { package = "forest_blocks", path = "../blocks", features = ["json"] }
 db = { package = "forest_db", version = "0.1" }
 cid = { package = "forest_cid", version = "0.3" }
 clock = { package = "fil_clock", path = "../../node/clock" }
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 encoding = { package = "forest_encoding", version = "0.2.1" }
 serde = { version = "1.0", features = ["derive"] }
 num-bigint = { path = "../../utils/bigint", package = "forest_bigint" }
 num-traits = "0.2"
-message = { package = "forest_message", version = "0.6" }
+message = { package = "forest_message", version = "0.7", features = ["blst"] }
 ipld_blockstore = "0.1"
 ipld_amt = "0.2"
 thiserror = "1.0"

blockchain/chain_sync/Cargo.toml

@@ -17,11 +17,11 @@ libp2p = { version = "0.35", default-features = false }
 cid = { package = "forest_cid", version = "0.3" }
 ipld_blockstore = "0.1"
 chain = { path = "../chain" }
-message = { package = "forest_message", version = "0.6", features = ["proofs"] }
+message = { package = "forest_message", version = "0.7", features = ["proofs", "blst"] }
 state_tree = { path = "../../vm/state_tree/" }
 state_manager = { path = "../state_manager/" }
 num-bigint = { path = "../../utils/bigint", package = "forest_bigint" }
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 log = "0.4.8"
 async-std = { version = "1.9", features = ["tokio1", "unstable"] }
 forest_libp2p = { path = "../../node/forest_libp2p" }

blockchain/message_pool/Cargo.toml

@@ -8,14 +8,14 @@ edition = "2018"
 address = { package = "forest_address", version = "0.3" }
 vm = { package = "forest_vm", version = "0.3.1" }
 blocks = { package = "forest_blocks", path = "../blocks" }
-message = { package = "forest_message", version = "0.6", features = ["proofs", "json"] }
+message = { package = "forest_message", version = "0.7", features = ["proofs", "json", "blst"] }
 thiserror = "1.0"
 cid = { package = "forest_cid", version = "0.3" }
 encoding = { package = "forest_encoding", version = "0.2.1" }
 blockstore = { package = "ipld_blockstore", version = "0.1" }
 num-bigint = { path = "../../utils/bigint", package = "forest_bigint" }
 lru = "0.6"
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 chain = { path = "../chain" }
 state_tree = { path = "../../vm/state_tree/" }
 serde = { version = "1.0", features = ["derive"] }

blockchain/state_manager/Cargo.toml

@@ -29,7 +29,7 @@ async-std = { version = "1.9", features = ["unstable", "tokio1"] }
 async-log = "2.0.0"
 log = "0.4.8"
 fil_types = "0.1"
-message = { package = "forest_message", version = "0.6", features = ["json"] }
+message = { package = "forest_message", version = "0.7", features = ["json", "blst"] }
 vm = { package = "forest_vm", version = "0.3.1" }
 bitfield = { package = "forest_bitfield", version = "0.1" }
 serde = { version = "1.0", features = ["derive"] }
@@ -40,6 +40,6 @@ futures = "0.3.5"
 runtime = { package = "forest_runtime", version = "0.1" }
 lazy_static = "1.4"
 once_cell = "1.5"
-forest_crypto = { version = "0.4" }
+forest_crypto = { version = "0.5", features = ["blst"] }
 networks = { path = "../../types/networks" }
 statediff = { path = "../../utils/statediff", optional = true }

crypto/CHANGELOG.md

@@ -1,4 +1,10 @@
-# 0.5.0 [UNRELEASED]
+# 0.5.2
+
+- `pairing` feature doesn't use Rayon anymore so it can compile to wasm
+# 0.5.1
+
+- Changed `blst` to a default feature, and added `pairing` flag to use pairings instead.
+# 0.5.0 
 
 - Removed `from_byte` for `DomainSeparationTag`. If this is needed, can use the `FromPrimitive` trait.
 - Removes `Default` for `Signature`. This was an old need for when block signatures were not optional in `BlockHeader`s.

crypto/Cargo.toml

@@ -2,7 +2,7 @@
 name = "forest_crypto"
 description = "Filecoin crypto utilities for use in Forest"
 license = "MIT OR Apache-2.0"
-version = "0.4.1"
+version = "0.5.2"
 authors = ["ChainSafe Systems <info@chainsafe.io>"]
 edition = "2018"
 repository = "https://github.com/ChainSafe/forest"
@@ -14,7 +14,7 @@ features = ["json"]
 address = { package = "forest_address", version = "0.3" }
 encoding = { package = "forest_encoding", version = "0.2.1" }
 libsecp256k1 = "0.3.4"
-bls-signatures = { version = "0.9", default-features = false, features = ["blst"] }
+bls-signatures = { version = "0.9", default-features = false }
 serde = { version = "1.0", features = ["derive"] }
 num-traits = "0.2"
 num-derive = "0.3.0"
@@ -26,4 +26,7 @@ rand = "0.7.3"
 rand_chacha = "0.2.2"
 
 [features]
+default = ["blst"]
 json = ["base64"]
+blst = ["bls-signatures/blst"]
+pairing = ["bls-signatures/pairing"]

key_management/Cargo.toml

@@ -10,7 +10,7 @@ features = ["json"]
 [dependencies]
 thiserror = "1.0"
 address = { package = "forest_address", version = "0.3" }
-crypto = { package = "forest_crypto", version = "0.4", features = ["json"] }
+crypto = { package = "forest_crypto", version = "0.5", features = ["json", "blst"] }
 bls-signatures = { version = "0.9", default-features = false, features = ["blst"] }
 libsecp256k1 = "0.3.4"
 rand = "0.7.3"

node/forest_libp2p/Cargo.toml

@@ -28,7 +28,7 @@ log = "0.4.8"
 async-std = "1.9"
 serde = { version = "1.0", features = ["derive"] }
 forest_blocks = { path = "../../blockchain/blocks" }
-forest_message = "0.6"
+forest_message = "0.7"
 forest_encoding = "0.2.1"
 forest_cid = { version = "0.3" }
 bytes = "1.0"
@@ -50,6 +50,6 @@ git-version = "0.3.4"
 [dev-dependencies]
 forest_address = "0.3"
 num-bigint = { path = "../../utils/bigint", package = "forest_bigint" }
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 genesis = { path = "../../utils/genesis", features = ["testing"] }
 async-std = { version = "1.9", features = ["attributes"] }

node/rpc-client/Cargo.toml

@@ -10,10 +10,10 @@ cid = { package = "forest_cid", version = "0.3", features = ["json"] }
 blocks = { package = "forest_blocks", path = "../../blockchain/blocks", features = [
     "json"
 ] }
-message = { package = "forest_message", version = "0.6", features = ["json"] }
+message = { package = "forest_message", version = "0.7", features = ["json"] }
 serde_json = "1.0"
 log = "0.4.8"
-crypto = { package = "forest_crypto", version = "0.4", features = ["json"] }
+crypto = { package = "forest_crypto", version = "0.5", features = ["json", "blst"] }
 wallet = { package = "key_management", path = "../../key_management", features = [
     "json"
 ] }

node/rpc/Cargo.toml

@@ -42,14 +42,14 @@ chain = { path = "../../blockchain/chain", features = ["json"] }
 chain_sync = { path = "../../blockchain/chain_sync" }
 cid = { package = "forest_cid", version = "0.3", features = ["json"] }
 clock = { package = "fil_clock", path = "../clock" }
-crypto = { package = "forest_crypto", version = "0.4", features = ["json"] }
+crypto = { package = "forest_crypto", version = "0.5", features = ["json", "blst"] }
 encoding = { package = "forest_encoding", version = "0.2.1" }
 fil_types = "0.1"
 forest_libp2p = { path = "../forest_libp2p" }
 interpreter = { path = "../../vm/interpreter/" }
 ipld = { package = "forest_ipld", path = "../../ipld", features = ["json"] }
 ipld_amt = "0.2"
-message = { package = "forest_message", version = "0.6", features = ["json"] }
+message = { package = "forest_message", version = "0.7", features = ["json", "blst"] }
 message_pool = { path = "../../blockchain/message_pool" }
 networks = { path = "../../types/networks" }
 num-bigint = { version = "0.1.1", package = "forest_bigint" }

tests/conformance_tests/Cargo.toml

@@ -50,10 +50,10 @@ interpreter = { path = "../../vm/interpreter/", optional = true }
 num-bigint = { path = "../../utils/bigint", package = "forest_bigint", optional = true }
 vm = { package = "forest_vm", version = "0.3.1", optional = true }
 blockstore = { package = "ipld_blockstore", version = "0.1", features = ["resolve"], optional = true }
-crypto = { package = "forest_crypto", version = "0.4", optional = true }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"], optional = true }
 encoding = { package = "forest_encoding", version = "0.2.1", optional = true }
 fil_types = { version = "0.1", optional = true }
-forest_message = { version = "0.6", features = ["json"], optional = true }
+forest_message = { version = "0.7", features = ["json", "blst"], optional = true }
 state_tree = { path = "../../vm/state_tree/", optional = true }
 chain = { path = "../../blockchain/chain", optional = true }
 futures = { version = "0.3.5", optional = true }

tests/serialization_tests/Cargo.toml

@@ -11,15 +11,15 @@ submodule_tests = []
 
 [dev-dependencies]
 serde = { version = "1.0", features = ["derive"] }
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 base64 = { version = "0.13" }
 cid = { package = "forest_cid", version = "0.3", features = ["cbor", "json"] }
 serde_json = "1.0"
 hex = "0.4.2"
 vm = { package = "forest_vm", version = "0.3.1" }
 fil_types = "0.1"
 address = { package = "forest_address", version = "0.3" }
-forest_message = { version = "0.6", features = ["json"] }
+forest_message = { version = "0.7", features = ["json", "blst"] }
 encoding = { package = "forest_encoding", version = "0.2.1" }
 forest_blocks = { path = "../../blockchain/blocks", features = ["json"] }
 num-traits = "0.2"

types/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "fil_types"
 description = "Filecoin types used in Forest."
-version = "0.1.9"
+version = "0.1.11"
 license = "MIT OR Apache-2.0"
 authors = ["ChainSafe Systems <info@chainsafe.io>"]
 edition = "2018"

types/src/build_version/mod.rs

@@ -21,7 +21,7 @@ const MINER_API_VERSION: Version = new_version(0, 15, 0);
 const WORKER_API_VERSION: Version = new_version(0, 15, 0);
 
 lazy_static! {
-    pub static ref CURRENT_COMMIT: String = git_version!().to_string();
+    pub static ref CURRENT_COMMIT: String = git_version!(fallback = "unknown").to_string();
     pub static ref BUILD_TYPE: RwLock<BuildType> = RwLock::new(BuildType::BuildDefault);
     pub static ref RUNNING_NODE_TYPE: RwLock<NodeType> = RwLock::new(NodeType::Full);
 }

utils/auth/Cargo.toml

@@ -11,7 +11,7 @@ serde = { version = "1.0.101", default-features = false, features = ["derive"] }
 thiserror = "1.0"
 wallet = { package = "key_management", path = "../../key_management" }
 rand = "0.7.3"
-crypto = { package = "forest_crypto", version = "0.4" }
+crypto = { package = "forest_crypto", version = "0.5", features = ["blst"] }
 
 [dependencies.jsonrpc-v2]
 version = "0.10.0"