zcash_client_sqlite: Fix ambiguity in min checkpoint height query.

.github/workflows/audits.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: dtolnay/rust-toolchain@stable
         id: toolchain
       - run: rustup override set ${{steps.toolchain.outputs.name}}
-      - run: cargo install cargo-vet --version ~0.9
+      - run: cargo install cargo-vet --version ~0.10
       - run: cargo vet --locked
 
   cargo-deny:

supply-chain/audits.toml

@@ -647,14 +647,14 @@ end = "2025-04-22"
 
 [[trusted.incrementalmerkletree]]
 criteria = "safe-to-deploy"
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-12-17"
+user-id = 1244 # ebfull
+start = "2021-06-24"
 end = "2025-04-22"
 
 [[trusted.incrementalmerkletree]]
 criteria = "safe-to-deploy"
-user-id = 1244 # ebfull
-start = "2021-06-24"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-12-17"
 end = "2025-04-22"
 
 [[trusted.incrementalmerkletree]]
@@ -670,10 +670,10 @@ start = "2024-09-25"
 end = "2025-10-02"
 
 [[trusted.orchard]]
-criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-01-07"
-end = "2025-04-22"
+criteria = "safe-to-deploy"
+user-id = 169181 # Kris Nuttycombe (nuttycom)
+start = "2024-08-12"
+end = "2025-08-12"
 
 [[trusted.orchard]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
@@ -682,13 +682,19 @@ start = "2022-10-19"
 end = "2025-04-22"
 
 [[trusted.orchard]]
-criteria = "safe-to-deploy"
+criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-01-07"
+end = "2025-04-22"
+
+[[trusted.orchard]]
+criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
 user-id = 169181 # Kris Nuttycombe (nuttycom)
 start = "2024-08-12"
 end = "2025-08-12"
 
-[[trusted.orchard]]
-criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
+[[trusted.sapling-crypto]]
+criteria = "safe-to-deploy"
 user-id = 169181 # Kris Nuttycombe (nuttycom)
 start = "2024-08-12"
 end = "2025-08-12"
@@ -699,12 +705,6 @@ user-id = 6289 # Jack Grigg (str4d)
 start = "2024-01-26"
 end = "2025-04-22"
 
-[[trusted.sapling-crypto]]
-criteria = "safe-to-deploy"
-user-id = 169181 # Kris Nuttycombe (nuttycom)
-start = "2024-08-12"
-end = "2025-08-12"
-
 [[trusted.sapling-crypto]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
 user-id = 169181 # Kris Nuttycombe (nuttycom)
@@ -807,6 +807,12 @@ user-id = 169181 # Kris Nuttycombe (nuttycom)
 start = "2024-03-25"
 end = "2025-04-22"
 
+[[trusted.zcash_client_sqlite]]
+criteria = "safe-to-deploy"
+user-id = 6289 # Jack Grigg (str4d)
+start = "2020-06-25"
+end = "2025-10-22"
+
 [[trusted.zcash_client_sqlite]]
 criteria = "safe-to-deploy"
 user-id = 169181 # Kris Nuttycombe (nuttycom)
@@ -850,10 +856,10 @@ start = "2023-03-22"
 end = "2025-04-22"
 
 [[trusted.zcash_primitives]]
-criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
-user-id = 6289 # Jack Grigg (str4d)
-start = "2021-03-26"
-end = "2025-04-22"
+criteria = "safe-to-deploy"
+user-id = 169181 # Kris Nuttycombe (nuttycom)
+start = "2024-08-20"
+end = "2025-08-26"
 
 [[trusted.zcash_primitives]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
@@ -862,12 +868,6 @@ start = "2019-10-08"
 end = "2025-04-22"
 
 [[trusted.zcash_primitives]]
-criteria = "safe-to-deploy"
-user-id = 169181 # Kris Nuttycombe (nuttycom)
-start = "2024-08-20"
-end = "2025-08-26"
-
-[[trusted.zcash_proofs]]
 criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
 user-id = 6289 # Jack Grigg (str4d)
 start = "2021-03-26"
@@ -879,6 +879,12 @@ user-id = 169181 # Kris Nuttycombe (nuttycom)
 start = "2024-08-20"
 end = "2025-08-26"
 
+[[trusted.zcash_proofs]]
+criteria = ["safe-to-deploy", "crypto-reviewed", "license-reviewed"]
+user-id = 6289 # Jack Grigg (str4d)
+start = "2021-03-26"
+end = "2025-04-22"
+
 [[trusted.zcash_protocol]]
 criteria = "safe-to-deploy"
 user-id = 169181 # Kris Nuttycombe (nuttycom)

supply-chain/config.toml

@@ -2,7 +2,7 @@
 # cargo-vet config file
 
 [cargo-vet]
-version = "0.9"
+version = "0.10"
 
 [imports.bytecode-alliance]
 url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
@@ -255,10 +255,6 @@ criteria = "safe-to-run"
 version = "0.2.1"
 criteria = "safe-to-run"
 
-[[exemptions.cipher]]
-version = "0.4.4"
-criteria = "safe-to-deploy"
-
 [[exemptions.coarsetime]]
 version = "0.1.34"
 criteria = "safe-to-deploy"

supply-chain/imports.lock

@@ -1,22 +1,6 @@
 
 # cargo-vet imports lock
 
-[[unpublished.zcash_client_backend]]
-version = "0.14.0"
-audited_as = "0.13.0"
-
-[[unpublished.zcash_client_sqlite]]
-version = "0.12.0"
-audited_as = "0.11.2"
-
-[[unpublished.zcash_client_sqlite]]
-version = "0.12.1"
-audited_as = "0.12.0"
-
-[[unpublished.zcash_keys]]
-version = "0.4.0"
-audited_as = "0.3.0"
-
 [[publisher.bumpalo]]
 version = "3.16.0"
 when = "2024-04-08"
@@ -92,13 +76,6 @@ user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
-[[publisher.shardtree]]
-version = "0.4.0"
-when = "2024-08-12"
-user-id = 169181
-user-login = "nuttycom"
-user-name = "Kris Nuttycombe"
-
 [[publisher.shardtree]]
 version = "0.5.0"
 when = "2024-10-04"
@@ -261,25 +238,18 @@ user-login = "str4d"
 user-name = "Jack Grigg"
 
 [[publisher.zcash_client_backend]]
-version = "0.13.0"
-when = "2024-08-20"
-user-id = 169181
-user-login = "nuttycom"
-user-name = "Kris Nuttycombe"
-
-[[publisher.zcash_client_sqlite]]
-version = "0.11.2"
-when = "2024-09-03"
+version = "0.14.0"
+when = "2024-10-04"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
 
 [[publisher.zcash_client_sqlite]]
-version = "0.12.0"
-when = "2024-10-04"
-user-id = 169181
-user-login = "nuttycom"
-user-name = "Kris Nuttycombe"
+version = "0.12.2"
+when = "2024-10-22"
+user-id = 6289
+user-login = "str4d"
+user-name = "Jack Grigg"
 
 [[publisher.zcash_encoding]]
 version = "0.2.0"
@@ -302,8 +272,8 @@ user-login = "str4d"
 user-name = "Jack Grigg"
 
 [[publisher.zcash_keys]]
-version = "0.3.0"
-when = "2024-08-20"
+version = "0.4.0"
+when = "2024-10-04"
 user-id = 169181
 user-login = "nuttycom"
 user-name = "Kris Nuttycombe"
@@ -350,13 +320,6 @@ user-id = 6289
 user-login = "str4d"
 user-name = "Jack Grigg"
 
-[[publisher.zip321]]
-version = "0.1.0"
-when = "2024-08-20"
-user-id = 169181
-user-login = "nuttycom"
-user-name = "Kris Nuttycombe"
-
 [[publisher.zip321]]
 version = "0.2.0"
 when = "2024-10-04"
@@ -419,6 +382,12 @@ criteria = "safe-to-deploy"
 version = "1.0.73"
 notes = "I am the author of this crate."
 
+[[audits.bytecode-alliance.audits.cipher]]
+who = "Andrew Brown <andrew.brown@intel.com>"
+criteria = "safe-to-deploy"
+version = "0.4.4"
+notes = "Most unsafe is hidden by `inout` dependency; only remaining unsafe is raw-splitting a slice and an unreachable hint. Older versions of this regularly reach ~150k daily downloads."
+
 [[audits.bytecode-alliance.audits.constant_time_eq]]
 who = "Nick Fitzgerald <fitzgen@gmail.com>"
 criteria = "safe-to-deploy"

zcash_client_sqlite/CHANGELOG.md

@@ -7,6 +7,13 @@ and this library adheres to Rust's notion of
 
 ## [Unreleased]
 
+## [0.12.2] - 2024-10-21
+
+### Fixed
+- Fixes an error in determining the minimum checkpoint height to which it's
+  possible to rewind in the case of a reorg, when no other truncation height
+  information is available.
+
 ## [0.12.1] - 2024-10-10
 
 ### Fixed

zcash_client_sqlite/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "zcash_client_sqlite"
 description = "An SQLite-based Zcash light client"
-version = "0.12.1"
+version = "0.12.2"
 authors = [
     "Jack Grigg <jack@z.cash>",
     "Kris Nuttycombe <kris@electriccoin.co>"

zcash_client_sqlite/src/wallet.rs

@@ -2406,7 +2406,7 @@
                 let min_checkpoint_height_query =
                     "SELECT MIN(checkpoint_id) FROM sapling_tree_checkpoints";
                 #[cfg(feature = "orchard")]
-                let min_checkpoint_height_query = "SELECT MIN(checkpoint_id) 
+                let min_checkpoint_height_query = "SELECT MIN(sc.checkpoint_id)
                      FROM sapling_tree_checkpoints sc
                      JOIN orchard_tree_checkpoints oc
                      ON oc.checkpoint_id = sc.checkpoint_id";