EOSIO v1.4.6 Release Notes

This release comprises critical security fixes

Important Notices

Synchronizing Sub-Module Changes

As part of this release, some of the URLs have changed for the submodules this git repository depends on. Users who are fetching updates into a pre-existing clone of the repository are strongly encouraged to execute git submodule sync to ensure that their workflow is not interrupted.

Changes

(#6610) Restricting Processing Time for Scheduled Transactions

The patches will introduce a new configuration parameter max-scheduled-transaction-time-per-block-ms which defaults to 100 which determines the maximum wall-clock time a node will spend retiring scheduled transactions before processing user-signed transactions.

For more information about the motivation for this change refer to this blog post about CVE-2019-6199.

(#6601) Properly implement lifecycle for blob type in fc::variants

Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant. Without these resources could slowly leak until the API node was unresponsive.

This change was previously released to the 1.5 and 1.6 branches.

Other Changes

• (#6610) Build WABT with support for C++ exceptions.
• (#6598) Use https url for wabt submodule - 1.4.x

EOSIO v1.6.0 Release Candidate 2

This is a RELEASE CANDIDATE for version 1.6.0. The latest STABLE release is v1.5.3.

Changes

Various Performance Improvements

Several of the PRs in this release contribute to the overall goal of increasing the efficiency of the peer-to-peer networking layer and real-time transaction throughput. Internal benchmarks show considerable increases in token-transfers-per-second as a result. While this does not represent real-world usage, it does suggest that there will be noticeable improvements to transactions per second, reductions in the billable CPU time for transactions, and lower latency for block propagation.

NOTICE: State History Plugin Fix (#6496)

This was included in Release v1.5.2 however, that release's proximity to this release candidate warrants re-mentioning the following:

Serialization for permission_object failed when both it and its parent were deleted. This happened in block 31700785 of the mainnet.

If you are running the state history plugin AND has proceeded past a block with this condition, then you'll need to restore from a snapshot made prior to that block to continue.

Other Changes

• (#6372) Net plugin cleanup
• (#6370) Fix requires in spec file to resolve dependency resolution issues with rpms
• (#6397) net_plugin reduce signed_block copies
• (#6398) Update buildkite pipeline to use new queues
• (#6400) Add community plugin links
• (#6401) Stop the unix_server from listening in shutdown stage as well.
• (#6436) Use 64-bit float printing of 128-bit floats on non x86_64
• (#6435) remove x86_64 arch dep specification on AMI2 build script
• (#6459) Allow disablement of net_plugin's listen socket
• (#6430) add a test that reduces the size of the producer set
• (#6426) Reflect Validation Script
• (#6470) Update the bios-boot-tutorial.py script and readme.md
• (#6485) Spelling correction
• (#6419) Update LICENSE path
• (#6498) Fix cluster writes for mongo DB
• (#6500) Fix return codes of build scripts so that buildkite can fail properly
• (#6490) Return 400 on get_block with nonexist block number
• (#6499) mongo_db_plugin action_trace indexes
• (#6471) Optimize transaction signature recovery
• (#6501) optimization when writing shared_blob data
• (#6494) packed_transaction enhancement
• (#6549) Consolidated Security Fixes for 1.6.0-rc2

Thanks!

Special thanks to the community contributors that submitted patches for this release:

• @conr2d
• @evsward
• @necokeine
• @iamveritas
• @UMU618

EOSIO v1.5.3 Release Notes

This release provides critical security bug fixes for HTTP API endpoint providers.

Changes

(#6546) Properly implement lifecycle for blob type in fc::variants

Add missing implementation of dtor, copy ctor, etc for blob_types of fc::variant. Without these resources could slowly leak until the API node was unresponsive.

NOTE: All HTTP API endpoint providers are advised to update immediately

Mitigations

None

Thanks

• Thanks to @greymass for discovering the issue
• Thanks to @LiquidEOS for assistance in identifying the root cause

EOSIO v1.6.0 Release Candidate 1

This is a RELEASE CANDIDATE for version 1.6.0. The latest STABLE release is v1.5.2.

Changes

Various Performance Improvements

Several of the PRs in this release contribute to the overall goal of increasing the efficiency of the peer-to-peer networking layer and real-time transaction throughput. Internal benchmarks show considerable increases in token-transfers-per-second as a result. While this does not represent real-world usage, it does suggest that there will be noticeable improvements to transactions per second, reductions in the billable CPU time for transactions, and lower latency for block propagation.

NOTICE: State History Plugin Fix (#6496)

This was included in Release v1.5.2 however, that release's proximity to this release candidate warrants re-mentioning the following:

Serialization for permission_object failed when both it and its parent were deleted. This happened in block 31700785 of the mainnet.

If you are running the state history plugin AND has proceeded past a block with this condition, then you'll need to restore from a snapshot made prior to that block to continue.

Other Changes

• (#6372) Net plugin cleanup
• (#6370) Fix requires in spec file to resolve dependency resolution issues with rpms
• (#6397) net_plugin reduce signed_block copies
• (#6398) Update buildkite pipeline to use new queues
• (#6400) Add community plugin links
• (#6401) Stop the unix_server from listening in shutdown stage as well.
• (#6436) Use 64-bit float printing of 128-bit floats on non x86_64
• (#6435) remove x86_64 arch dep specification on AMI2 build script
• (#6459) Allow disablement of net_plugin's listen socket
• (#6430) add a test that reduces the size of the producer set
• (#6426) Reflect Validation Script
• (#6470) Update the bios-boot-tutorial.py script and readme.md
• (#6485) Spelling correction
• (#6419) Update LICENSE path
• (#6498) Fix cluster writes for mongo DB
• (#6500) Fix return codes of build scripts so that buildkite can fail properly
• (#6490) Return 400 on get_block with nonexist block number
• (#6499) mongo_db_plugin action_trace indexes
• (#6471) Optimize transaction signature recovery
• (#6501) optimization when writing shared_blob data
• (#6494) packed_transaction enhancement

Thanks!

Special thanks to the community contributors that submitted patches for this release:

• @conr2d
• @evsward
• @necokeine
• @iamveritas
• @UMU618

EOSIO v1.5.2 Release Notes

This release provides bug fixes.

Changes

(#6496) state history plugin: permission_object bug

Fix for #6495: serialization for permission_object failed when both it and its parent were deleted. This happened in block 31700785 of the mainnet.

If you are running the state history plugin AND has proceeded past a block with this condition, then you'll need to restore from a snapshot made prior to that block to continue.

Mitigations

None

EOSIO v1.5.1 Release Notes

This release provides critical security bug fixes.

Mitigations

Use of Un-satisfied Authorizations in Self-addressed Actions and Transactions

This release contains subjective mitigations that will disallow any inline action or deferred transaction sent by a contract to itself that does not meet the following criteria:

For Self-Addressed Deferred Transactions

• Only allow authorizations that
  • are satisfiable by eosio.code
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

For Self-Addressed Inline Actions Sent From Direct Actions

• Only allow authorizations that
  • are satisfiable by eosio.code OR are present in the parent action
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

For Self-Addressed Inline Actions Sent From Recipient Handlers

• Only allow authorizations that
  • are satisfiable by eosio.code
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

Inline actions and deferred transactions sent to any other contract are unaffected by this change and remain secure.

Contract authors are advised to audit their code for instances where self-addressed inline actions and deferred transactions with improper authorizations may have slipped through as those contracts will no longer function properly.

For more information see the official block.one blog post

DEPRECATION NOTICE

The propagation of authorizations present on the parent action for self-addressed inline actions sent from direct actions is DEPRECATED IMMEDIATELY and will be removed during the first protocol upgrade. At that time only properly formed authorizations satisfiable using the eosio.code pattern will be allowed for any inline action or deferred transaction.

Contract Developers should take immediate action to refactor their contracts to not rely on these propagated authorizations.

EOSIO v1.4.5 Release Notes

This release provides critical security bug fixes.

Mitigations

Use of Un-satisfied Authorizations in Self-addressed Actions and Transactions

This release contains subjective mitigations that will disallow any inline action or deferred transaction sent by a contract to itself that does not meet the following criteria:

For Self-Addressed Deferred Transactions

• Only allow authorizations that
  • are satisfiable by eosio.code
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

For Self-Addressed Inline Actions Sent From Direct Actions

• Only allow authorizations that
  • are satisfiable by eosio.code OR are present in the parent action
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

For Self-Addressed Inline Actions Sent From Recipient Handlers

• Only allow authorizations that
  • are satisfiable by eosio.code
  • AND meet the minimum permission of the action as linked by the actor present in the authorization

Inline actions and deferred transactions sent to any other contract are unaffected by this change and remain secure.

Contract authors are advised to audit their code for instances where self-addressed inline actions and deferred transactions with improper authorizations may have slipped through as those contracts will no longer function properly.

For more information see the official block.one blog post

DEPRECATION NOTICE

The propagation of authorizations present on the parent action for self-addressed inline actions sent from direct actions is DEPRECATED IMMEDIATELY and will be removed during the first protocol upgrade. At that time only properly formed authorizations satisfiable using the eosio.code pattern will be allowed for any inline action or deferred transaction.

Contract Developers should take immediate action to refactor their contracts to not rely on these propagated authorizations.

EOSIO v1.5.0 Release Notes

This release comprises several additional features and fixes, in addition to the cumulative patches made against v1.4

A blog post providing more information can be found here

DEPRECATION/REMOVAL NOTICES

• Fedora <= 27 are end-of-life. As a result we will be DEPRECATING support for those platforms and any applicable packages and REMOVING them in the future v1.6.0 release. At that time we will SUPPORT Fedora 28 and 29 officially.

Changes

Changes to Enforcement of Subjective Whitelist/Blacklist (#6318)

This release enforces the whitelist/blacklist for actions dispatched from within contracts (inline actions) as well as transactions sent by contracts (deferred transactions). This allows a more complete whitelist/blacklist feature than the original spec allowed for.

As this feature is enforced on privileged accounts as well, an additional configuration has been added to allow explicitly specified contracts to act outside of the whitelist/blacklist. This can be useful for taking administrative action on behalf of an account or contract that is otherwise blacklisted. For more details, please see the notes in the PR linked above.

Support reverse iteration & show RAM payer in get table & changes to upper_bound and limit parameters (#6264) (#6285)

This release changes the get_table_rows and get_table_by_scope RPC calls to support iterating the response sequences in reverse. This resulted in a few breaking changes compared to previous versions of the RPC calls. Particularly:

• The definition of the upper_bound parameter has been corrected; see #6285 for details.
• The acceptable values of limit for the get_table_rows and get_table_by_scope RPC calls have been changed to be consistent with other RPC methods. Any zero or negative value will return an empty response sequence.

In addition to the changes, the RAM payer for each table row will now be part of the response sequence if the show_payer boolean in the request is set to true.

These changes are supported in cleos with new command line options.

Multi-threaded transaction/block key recovery (#6149) (#6167)

This release introduces the support for recovering keys from cryptographic signatures (aka signature verification) for transactions and blocks across multiple threads. Dispatching these recovery tasks has been pushed forward in the timeline for block validation and relay such that for most blocks the expense associated with them can be effectively mitigated. This should improve block validation times substantially however, it does not affect the cost of producing blocks or the billable expense of retiring transactions on the blockchain.

Add cleos helper command to add eosio.code to permission (#6116)

This release provides (community authored) convenience options for crafting permissions involving the eosio.code meta permission. This permission is essential for allowing contract code to act on behalf of users and making it accessible will allow easier access to better user facing solutions.

Enhancements to cleos multisig approve with proposal_hash, invalidate, and improved review (#6356)

This release modifies cleos support for enhancements to eosio.msig contract that were released as part of EOSIO contracts v1.5.0 and EOSIO contracts v1.3.0. See the PR for more information about the new features.

Replay ctrl-c support (#6237)

This release provides a safe path for responding to signals and gracefully shutting down nodeos during a replay without resulting in a corrupted state database. This has been a pain point for users who replay often, including the development team. The node is left in a state where it should be able to resume replaying from where it left off.

[ALPHA] State history plugin (#5970)

The State History Plugin is a re-imagining of how blockchain data will be retrieved from a running nodeos process in the future. It is intended to serve as the basis of a replacement for the currently deprecated History Plugin with additional features such as support for real-time streaming and access to contract table values and deltas.

This plugin is considered ALPHA at this time and is likely to change substantially before a final release however, the development team invites the community to evaluate it and provide feedback to help guide the development of this product.

Other Changes

• On keosd auto-launch force unix socket path (#6024)
• cleos parse last_bid_time support time_point (#6031)
• Remove unused contracts and cleanup tests (#6044)
• Add brackets (#6049)
• Added Address Sanitizer to the Sanitizers Pipeline (#6053)
• Fix cleos to get table rows only when satisfying condition (#6070)
• EOSIO.* Contract Test Cleanup (#6055)
• Transaction catch up in net_plugin (#6037)
• Remove eos_utilities lib (#6051)
• No need to prompt the user to set bnet-no-trx (#6065)
• Change exception name from wast_file_not_found to wasm_file_not_found (#6048)
• Add cleos Timing Information to Integration Tests (#6101)
• Enable nodeos remote test. (#6117)
• Build and push docker containers to automation gcr (#6131)
• Fix cleos Subcommand Permissions (#6147)
• make next_session_id thread safe (#6151)
• Start block state creation early (#6167)
• Update Sanitizers Pipeline ctest command (#6135)
• More Timing Information For cleos Commands In Integration Tests (#6165)
• fix _last_sent_block_id (#6152)
• Removed ricardeos.py script in favor of the one in eosio.cdt (#6200)
• Update comment to match latest code (#6204)
• Build eos image for eos (#6208)
• Nodeos permissive of redundant genesis state command line arguments (#6212)
• Remove hard-coded symbol name in help messages (#6142)
• Fix wrong full-board check in Tic-Tac-Toe contract (#5572)
• Fix bug:default producer vote num is bigger than actual producers num. (#6234)
• Fix json load decoding issue and reuse function 'getOutput'. (#6233)
• Fix shutdown on error (#6224)
• Support Secure Enclave wallet on 2018 Macmini & MacBookAir (#6221)
• Pass host, port to the cluster. (#6240)
• Cleanup - Remove eosio-abigen (#6247)
• removed eosiocpp reference in dockerfile (#6250)
• Update buildkite agent and set instance type (#6254)
• secp256 dependency ordering error (#6268)
• Add debian package build step to buildkite pipeline (#6270)
• transfer the function body of get_read_write_api. (#6282)
• Reduce noise (#6249)
• Modified the github pull request template to allow developers to use level-3 markdown headers in their descriptions (#6306)
• Use buildkite queues rather than roles. (#6309)
• Fix awk to correctly match mojave version when building bottle (#6307)
• Explicitly throw away get_table_type return value for code clarity (#6308)
• Change package naming convention in build scripts for deb and rpm (#6315)
• Revert to previous explicit soft float less operator (#6320)
• Add package build steps for all builds (#6317)
• Explicitly throw away get_table_type return value for code clarity (more) (#6319)
• remove repeat register of history_plugin (#6280)
• sudo removed from yum info (manually tested on centos 7 VM) (#6287)
• Migrate buildkite pipelines to using the new fleets (#6331)
• Fix rpm/deb package names (#6335)
• support reverse iteration & show RAM payer in get table (#6264)
• Remove some get_code dead code (#6349)
• licensing updates for wabt (#6350)
• Print the canonical path of wasm/abi when not found (#6346)
• Prepend syslog priority when logging to systemd journal (#6351) (fc)
• fix GMP & secp256 linker order for EosioTesterBuild.cmake.in (#6359)
• Fix requires in spec file to resolve dependency resolution issues with rpms (#6371)
• separate out version suffix (#6396)
• Update buildkite pipeline to use new queues (#6399)
• Fix deb package names (#6417)
• Fix requires in spec file to resolve dependency resolution issues with rpms (#6371)
• separate out version suffix (#6396)
• Update buildkite pipeline to use new queues (#6399)
• Fix deb package names (#6417)

Thanks!

Special thanks to the community contributors that submitted patches for this release:

• @conr2d
• @evsward
• @fingera
• @maoueh
• @Smalinuxer

[CANDIDATE] EOSIO Version 1.5.0-rc2

The latest STABLE release is v1.4.4

This is a RELEASE CANDIDATE for 1.5.0

EOSIO v1.4.4 Release Notes

NOTICE: IF YOU ARE UPGRADING TO THIS RELEASE FROM VERSION 1.3.X OR EARLIER AND USE THE HISTORY_PLUGIN YOU WILL NEED TO REPLAY THE BLOCKCHAIN TO RECONSTRUCT THAT PLUGIN'S DATA

NOTICE: package names have changed in this release to better reflect the supported systems' conventions

This release provides bug fixes and continuous integration improvements.

Changes

• (#6316) [BUILD] Fix ninja color diagnostics
• (#6265) [CLEOS] fix broken -r,--header - was passing headers after the double CRLF
• (#6342) [RPC] fix #6274 false exception msg in symbol parsing
• (#6258) [CMAKE] Added LLVM_DIR for OSX in EosioTester cmake module
• (#6358) [CI] Merge buildkite pipeline changes
• (#6362) Pull in changes to build scripts that were merged to develop

Thanks!

Special thanks to the community contributors that submitted patches for this release:

• @abourget

Mitigations

As mentioned above, operators who are concerned with misrepresentation of deferred transactions in the history_plugin are encouraged to reconstruct that plugin's state using --replay-blockchain