Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: cargo-auditable | Distribution: openSUSE Tumbleweed |
Version: 0.6.6~0 | Vendor: openSUSE |
Release: 1.4 | Build date: Fri Nov 29 03:28:10 2024 |
Group: Development/Languages/Rust | Build host: reproducible |
Size: 985520 | Source RPM: cargo-auditable-0.6.6~0-1.4.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://github.com/rust-secure-code/cargo-auditable | |
Summary: A tool to embed auditing information in ELF sections of rust binaries |
Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping. This works by embedding data about the dependency tree in JSON format into a dedicated linker section of the compiled executable.
(Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND MIT
* Fri Nov 29 2024 william.brown@suse.com - Update to version 0.6.6~0: * Bump version in Cargo.toml * Note the `object` upgrade in the changelog * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint * Update dependencies in the lock file * Populate changelog * apply clippy lint * add another --emit parsing test * shorter code with cargo fmt * Actually fix cargo-c compatibility * Attempt to fix cargo-capi incompatibility * Refactoring in preparation for fixes * Also read the --emit flag to rustc * Fill in changelogs * Bump versions * Drop cfg'd out tests * Drop obsolete doc line * Move dependency cycle tests from auditable-serde to cargo-auditable crate * Remove cargo_metadata from auditable-serde API surface. I can expose it as a separate crate if anyone tells me they need it. * Apply clippy lint * Upgrade miniz_oxide to 0.8.0 * Insulate our semver from miniz_oxide semver * Add support for Rust 2024 edition * Update tests * More robust OS detection for riscv feature detection * bump version * update changelog for auditable-extract 0.3.5 * Fix wasm component auditable data extraction * Update blocker description in README.md * Add openSUSE to adopters * Update list of know adopters * Fix detection of `riscv64-linux-android` target features * Silence noisy lint * Bump version requirement in rust-audit-info * Fill in changelogs * Bump semver of auditable-info * Drop obsolete comment now that wasm is enabled by default * Remove dependency on cargo-lock * Brag about adoption in the README * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc * Also build musl binaries * dist: update dist config for future releases * dist(cargo-auditable): ignore auditable2cdx for now * chore: add cargo-dist * Fri Jul 19 2024 William Brown <william.brown@suse.com> - Resolve build failure when backported to 15-SP3 * Fri Jul 19 2024 William Brown <william.brown@suse.com> - Depend on provides of rust to allow older compiler version usage * Tue May 28 2024 william.brown@suse.com - Update to version 0.6.4~0: * Release cargo-auditable v0.6.4 * Correctly attribute changelog file addition in changelog * Add changelog for auditable-extract * Verify various feature combinations in CI * Upgrade wasmparser to remove dependencies with `unsafe` * Add LoongArch support * cargo fmt * Move doc headers to README.md and point rustdoc to them, so that we have nice crates.io pages * Expand on the note about WebAssembly parsing * Populate changelogs * Resume bragging about all dependencies being safe, now that there is a caveat below * drop fuzz Cargo.lock to always fuzz against latest versions * Bump `cargo auditable` version * Mention WASM support in README * Revert "Be super duper extra sure both MinGW and MSVC are tested on CI" * Be super duper extra sure both MinGW and MSVC are tested on CI * Add wasm32 targets to CI for more platforms * Don't pass --target twice in tests * Install WASM toolchain in CI * cargo fmt * Add WASM end-to-end test * cargo fmt * Update documentation to mention the WASM feature * cargo fmt * Plumb WASM parsing feature through the whole stack * Make WASM parsing an optional, non-default feature * Add a fuzzing harness for WASM parsing * Rewritten WASM parsing to avoid heap allocations * Initial WASM extraction support * Nicer assertion * Drop obsolete comment * Clarify that embedding the compiler version has shipped. * Fixed section name for WASM * Unified and more robust platform detection. Fixed wasm build process * Initial WASM support * More robust platform detection for picking the binary format * Fix Windows CI to run both -msvc and -gnu * Use the correct link.exe flag for preserving the specified symbol even if it is unused * Fix Windows * Fix tests on Rust 1.77 * Placate clippy * Oopps, I meant components field * Also remove the dependencies field if empty * Use serde_json with order preservation feature to get a more compressible JSON after workarounds * Work around cyclonedx-bom limitations to produce minified JSON * Also record the dependency kind * cyclonedx-bom: also record PURL * Also write the dependency tree * Clear the serial number in the minimal CycloneDX variant * Prototype impl of auditable2cdx * Fill in auditable2cdx dependencies * Initial auditable2cdx boilerplace * add #![forbid(unsafe_code)] * Initial implementation of auditable-to-cyclonedx conversion * Add the necessary dependencies to auditable-cyclonedx * Initial dummy package for auditable-cyclonedx * Tue Mar 05 2024 Soc Virnyl Estela <uncomfy+openbuildservice@uncomfyhalomacro.pl> - Update specfile: * remove cargo_config file - Update service file: * replace obsoleted "disabled" mode with "manual" - Update to version 0.6.2~0: * Update the lockfile * New releases of cargo-auditable and auditable-serde * Use a separate project for the custom rustc path tests. Fixes intermittent test failures due to race conditions * Revert "add commit hashes to git sources" * Fix cyclic dependency graph being encoded * Revert "An unsuccessful attempt to fix cycles caused by dev-dependencies" * An unsuccessful attempt to fix cycles caused by dev-dependencies * Fix typo * Add comment * Add a test for an issue with cyclic dependencies reported at https://github.com/rustsec/rustsec/issues/1043 * Fix auditable-serde example not building * upgrade dependency miniz_oxide to 0.6.0 * fix formatting errors * apply clippy lints for --all-features * improve the internal docs and comments * apply clippy lints * add missing sources for one of test fixtures * add commit hashes to git sources * Run all tests on CI * cargo fmt * Run `cargo clean` in tests to get rid of stale binaries * Fix date in changelog * Populate changelog * Bump auditable-info version in rust-audit-info * Add auditable-info changelog * Bump versions following cargo-lock bump * auditable-serde: bump `cargo-lock` to v9 * switch to UNRELEASED * Update CHANGELOG.md * Print a better error if calling rustc fails * Drop unused import * placate Clippy * Don't inject audit info if --print argument is passed to rustc * Reflect the version change in Cargo.lock * Remove space from keywords * bump version to 0.6.1 * Fix date in changelog * Update CHANGELOG.md * Add publish=false * Commit the generated manpage * Add the code for generating a manpage; rather rudimentary so far, but it's a starting point * Explain relation to supply chain attacks * Add keywords to the Cargo manifest * Revert "generate a man page for cargo auditable" * fix formatting * fix review feedback, relocate file to under OUT_DIR, don't use anyhow and also commit the lock file * generate a man page for cargo auditable * Add Clippy suppression * placate clippy * commit Cargo.lock * Sync to latest object file writing code from rustc * Fix examples in docs * Allow redundant field names * Apply clippy suggestion: match -> if let * Check for clippy and format in CI * Apply clippy suggestions * Run CI with --locked * Thu Feb 23 2023 Andrea Manzini <andrea.manzini@suse.com> - Update to version 0.6.0~0: * README and documentation improvements * Read the rustc path passed by Cargo; fixes #90 * Read location of Cargo from the environment variable Cargo sets for third-party subcommands * Add a note on sccache version compatibility to CHANGELOG.md * Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error * Specifying the binary-scanning feature is no longer needed * Pass options such as --offline to `cargo metadata` * Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83 * Bump rust-audit-info to 0.5.2 * Bump auditable-serde version to 0.5.2 * Correctly fill in the source even in dependency entries when converting to cargo-lock data format * Drop the roundtrip through &str in semver::Version; now that semver 1.0 has shipped the versions are API-compatible and this is no longer necessary * Release auditable-info 0.6.1 * Bump all the version requirements for things depending on auditable-info * Fix audit_info_from_slice function signature * Thu Nov 03 2022 William Brown <william.brown@suse.com> - Initial commit
/usr/bin/cargo-auditable
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 23:06:42 2025