Bug 1873525 - qcms: Add back COPYING, add CONTRIBUTING.md and bump the version. r=gfx-reviewers,aosmond,supply-chain-reviewers

This also switches qcms to use a wildcard-audit because it's maintained
in m-c

Differential Revision: https://phabricator.services.mozilla.com/D197955

Cargo.lock

@@ -4514,7 +4514,7 @@ dependencies = [
 
 [[package]]
 name = "qcms"
-version = "0.2.0"
+version = "0.3.0"
 dependencies = [
  "libc",
 ]

gfx/qcms/CONTRIBUTING.md

@@ -0,0 +1,7 @@
+qcms is mirrored to https://github.com/FirefoxGraphics/qcms but all development
+happens via the regular [Firefox contribution process](https://firefox-source-docs.mozilla.org/setup/contributing_code.html).
+
+Bug should be filed under the 'Core' product in the 'Graphics: Color Management' component.
+
+If this process is too onerous, github PRs and issues can be used but they will still need to be migrated over
+to the Firefox process before landing.

gfx/qcms/COPYING

@@ -0,0 +1,21 @@
+qcms
+Copyright (C) 2009-2024 Mozilla Corporation
+Copyright (C) 1998-2007 Marti Maria
+
+Permission is hereby granted, free of charge, to any person obtaining 
+a copy of this software and associated documentation files (the "Software"), 
+to deal in the Software without restriction, including without limitation 
+the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+and/or sell copies of the Software, and to permit persons to whom the Software 
+is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in 
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 
+THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

gfx/qcms/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "qcms"
 authors = ["Jeff Muizelaar", "Benoit Girard", "Andrew Osmond"]
-version = "0.2.0"
+version = "0.3.0"
 edition = "2018"
 include = ["src/**/*", "build.rs"]
 description = "lightweight color management"

supply-chain/audits.toml

@@ -309,6 +309,14 @@ start = "2022-08-04"
 end = "2024-03-09"
 notes = "This code contains two cryptographic back ends.  No unsafe code is contained if the Rust `hpke` crate is used (the `rust-hpke` feature).  Using NSS (the `nss` feature) involves extensive use of bindings to the native code provided by NSS.  This interface uses wrappers that attempt to add safety to a fundamentally very dangerous library, but those wrappers have only been validated for use following the needs of this crate."
 
+[[wildcard-audits.qcms]]
+who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
+criteria = "safe-to-deploy"
+user-id = 5946 # Jeff Muizelaar (jrmuizel)
+start = "2020-11-05"
+end = "2025-01-09"
+notes = "Maintained by the Graphics team at Mozilla in mozilla-central."
+
 [[wildcard-audits.rust_cascade]]
 who = "Dana Keeler <dkeeler@mozilla.com>"
 criteria = "safe-to-deploy"
@@ -2999,11 +3007,6 @@ who = "Drew Willcoxon <adw@mozilla.com>"
 criteria = "safe-to-deploy"
 delta = "0.11.9 -> 0.12.1"
 
-[[audits.qcms]]
-who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
-criteria = "safe-to-deploy"
-version = "0.2.0"
-
 [[audits.qlog]]
 who = "Kershaw Chang <kershaw@mozilla.com>"
 criteria = "safe-to-deploy"

supply-chain/imports.lock

@@ -1,6 +1,10 @@
 
 # cargo-vet imports lock
 
+[[unpublished.qcms]]
+version = "0.3.0"
+audited_as = "0.2.0"
+
 [[publisher.aho-corasick]]
 version = "0.7.20"
 when = "2022-11-22"
@@ -1786,3 +1790,9 @@ criteria = "safe-to-deploy"
 version = "1.4.0"
 notes = "I have read over the macros, and audited the unsafe code."
 aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"
+
+[[audits.mozilla.audits.qcms]]
+who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
+criteria = "safe-to-deploy"
+version = "0.2.0"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"