Depshield will be deprecated on Monday December 12th

Please install our new product, Sonatype Lift with advanced features

Vulnerabilities

DepShield reports that this application's usage of rand_core:0.5.1 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2021-27378] An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because re...

Occurrences

rand_core:0.5.1 is a transitive dependency introduced by the following direct dependency(s):

• schnorrkel:0.9.1
        └─ curve25519-dalek:2.1.3
              └─ rand_core:0.5.1
        └─ merlin:2.0.1
              └─ rand_core:0.5.1
        └─ rand:0.7.3
              └─ rand_chacha:0.2.2
                    └─ rand_core:0.5.1
              └─ rand_core:0.5.1
        └─ rand_core:0.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of generic-array:0.12.4 results in the following vulnerability(s):

• (CVSS 8.6) CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Occurrences

generic-array:0.12.4 is a transitive dependency introduced by the following direct dependency(s):

• schnorrkel:0.9.1
        └─ curve25519-dalek:2.1.3
              └─ digest:0.8.1
                    └─ generic-array:0.12.4
        └─ sha2:0.8.2
              └─ block-buffer:0.7.3
                    └─ generic-array:0.12.4
              └─ digest:0.8.1
                    └─ generic-array:0.12.4

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of rand_chacha:0.2.2 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2021-27378] An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because re...

Occurrences

rand_chacha:0.2.2 is a transitive dependency introduced by the following direct dependency(s):

• schnorrkel:0.9.1
        └─ rand:0.7.3
              └─ rand_chacha:0.2.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Recently schnorrkel has been updated to 0.2.0: #5

They changed return type of sr25519_verify function.
Previously it returned true/false, but now it returns result on enum.

The task is to update schnorrkel to 0.2.0, change return type of sr25519_verify from bool to enum (prefixed), with all possible errors:

enum sr25519_verify_outcome {
  sr25519_success = 0,
  ...
  (and other errors as non-0 codes)
}

Vulnerabilities

DepShield reports that this application's usage of rand_chacha:0.3.1 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2021-27378] An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because re...

Occurrences

rand_chacha:0.3.1 is a transitive dependency introduced by the following direct dependency(s):

• cbindgen:0.20.0
        └─ tempfile:3.2.0
              └─ rand:0.8.4
                    └─ rand_chacha:0.3.1

• rand:0.8.4
        └─ rand_chacha:0.3.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Xcode error：xxx.xcodeproj Building for iOS, but the linked library 'libsr25519crust.a' was built for macOS.

Some errors occurred on the iOS system.

Undefined symbols for architecture x86_64:
"_readdir$INODE64", referenced from:
_macho_try_dsym in libsr25519crust.a(macho.o)
_macho_add in libsr25519crust.a(macho.o)
"_opendir$INODE64", referenced from:
std::sys::unix::fs::readdir::h714714ee58a81923 in libsr25519crust.a(std-f5ac182b2a26610e.std.6cj6x2el-cgu.0.rcgu.o)
_macho_try_dsym in libsr25519crust.a(macho.o)
_macho_add in libsr25519crust.a(macho.o)
"_readdir_r$INODE64", referenced from:
_$LT$std..sys..unix..fs..ReadDir$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::next::h3275646fa836ad24 in libsr25519crust.a(std-f5ac182b2a26610e.std.6cj6x2el-cgu.0.rcgu.o)
ld: symbol(s) not found for architecture x86_64

It would useful for Android development to have Rust bindings for Android (java) for following functions:

sr25519_derive_keypair_hard
sr25519_derive_keypair_soft
sr25519_derive_public_soft
sr25519_keypair_from_seed
sr25519_sign
sr25519_verify

It would be possible to use these bindings directly in Android via Mozilla's plugin