From 7f6c30641cae3cb531bece64470972405c874ee3 Mon Sep 17 00:00:00 2001
From: Ameer Ghani <inahga@divviup.org>
Date: Tue, 17 Dec 2024 14:43:34 -0600
Subject: [PATCH 1/2] cargo-vet: audit libbz2-rs-sys

---
 supply-chain/audits.toml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index d869ef03..d128a867 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -388,6 +388,20 @@ who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"
 delta = "0.1.3 -> 0.1.4"
 
+[[audits.libbz2-rs-sys]]
+who = "Ameer Ghani <inahga@divviup.org>"
+criteria = "safe-to-deploy"
+version = "0.1.1"
+notes = """
+libbz2-rs-sys mainly uses unsafe around the C FFI boundary, for libc interop,
+and for custom allocation support. Most end-user-facing decompression logic
+is in safe Rust. I have fuzzed and reviewed its code, and to the best of my
+ability I believe it's free of any serious security vulnerabilities.
+
+libbz2-rs-sys only depends on the libc crate, which is widely used and
+maintained Rust developers.
+"""
+
 [[audits.libc]]
 who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"

From 33db5391cdfefbcea47ddb0d0f61465c68f09acf Mon Sep 17 00:00:00 2001
From: Ameer Ghani <inahga@divviup.org>
Date: Tue, 17 Dec 2024 14:54:44 -0600
Subject: [PATCH 2/2] Update supply-chain/audits.toml

Co-authored-by: David Cook <dcook@letsencrypt.org>
---
 supply-chain/audits.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml
index d128a867..48e194ca 100644
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@@ -399,7 +399,7 @@ is in safe Rust. I have fuzzed and reviewed its code, and to the best of my
 ability I believe it's free of any serious security vulnerabilities.
 
 libbz2-rs-sys only depends on the libc crate, which is widely used and
-maintained Rust developers.
+maintained by the Rust project.
 """
 
 [[audits.libc]]