fix(deps): update module github.com/btcsuite/btcd from v0.23.4 to v0.24.0 [security] - autoclosed

[figure-renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/btcsuite/btcd	require	minor	v0.23.4 -> v0.24.0

GitHub Vulnerability Alerts

CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds.

---

Release Notes

btcsuite/btcd (github.com/btcsuite/btcd)

v0.24.0: btcd v0.24.0

Compare Source

This release is a major release that includes several general bug fixes, security bug fixes (please update!), and also a series of performance improvements that dramatically reduce the time for initial block download from ~45 hours+ to around 6 hours! With this release,btcd now also supports BIP 155 and has gained support for pruning (--prune=MiB).

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.24.0.sig and manifest-v0.24.0.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.24.0.sig manifest-v0.24.0.txt

You should see the following if the verification was successful:

gpg: Signature made Sat Dec 30 17:11:22 2023 PST
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@&#8203;gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

What's Changed

• Musig2: Update to 1.0.0.rc2 by @​sputn1ck in https://github.com/btcsuite/btcd/pull/1913
• btcec/schnorr/musig2: fix BenchmarkPartialVerify by @​Roasbeef in https://github.com/btcsuite/btcd/pull/1920
• base58: fix decoding issue by @​guggero in https://github.com/btcsuite/btcd/pull/1923
• Update Docker documentation towards building your own image by @​guiand888 in https://github.com/btcsuite/btcd/pull/1925
• chainhash: JSON marshal hash as string by @​ffranr in https://github.com/btcsuite/btcd/pull/1932
• Update Dockerfile to Alpine 3.16 by @​guiand888 in https://github.com/btcsuite/btcd/pull/1924
• Fix memory leak in connmanager by @​hxw in https://github.com/btcsuite/btcd/pull/1576
• Update mining.md by @​jagottsicher in https://github.com/btcsuite/btcd/pull/1938
• Sighash taproot keyspend bug fix by @​Roasbeef in https://github.com/btcsuite/btcd/pull/1941
• btcutil/psbt: export helper functions, fix/add encoding of unknown fields by @​guggero in https://github.com/btcsuite/btcd/pull/1942
• docs: Update Go version as per the Readme. by @​hristog in https://github.com/btcsuite/btcd/pull/1944
• txscript: Fix typo in IsUnspendable() comment by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1945
• txscript: allow script builder capacity to be specified by @​guggero in https://github.com/btcsuite/btcd/pull/1954
• Export MakeScritpNum, AsSmallInt, and IsSmallInt by @​martonp in https://github.com/btcsuite/btcd/pull/1956
• chainhash: JSON Unmarshal hash from appropriate string. by @​LindenWang01 in https://github.com/btcsuite/btcd/pull/1952
• psbt: add verification method for utxo data by @​ziggie1984 in https://github.com/btcsuite/btcd/pull/1964
• txscript: fix typos by @​hieblmi in https://github.com/btcsuite/btcd/pull/1957
• chaincfg: Update checkpoints by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1968
• btcd: Add memory profiling flag by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1953
• blockchain: Use slices when fetching utxos by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1972
• main: Update README.md's minimum go version by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1977
• Add wire.Outpoint parser from string by @​GeorgeTsagk in https://github.com/btcsuite/btcd/pull/1879
• multi: Run gofmt on the entire repository by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1981
• blockchain+chaincfg: disable retargeting for regtest by @​guggero in https://github.com/btcsuite/btcd/pull/1985
• multi: remove repetitive the by @​cuishuang in https://github.com/btcsuite/btcd/pull/1998
• blockchain: refactor and export header validation checks by @​Crypt-iQ in https://github.com/btcsuite/btcd/pull/1931
• btcutil: format BTC amounts with trailing zeroes by @​C-Otto in https://github.com/btcsuite/btcd/pull/1996
• musig2: fix early nonce gen option by @​sputn1ck in https://github.com/btcsuite/btcd/pull/2003
• fix: missing sighashtype when finalizing taproot keyspend signature by @​0xEclair in https://github.com/btcsuite/btcd/pull/2006
• Add address field (rpc client & server) by @​lindlof in https://github.com/btcsuite/btcd/pull/1969
• schnorr: correct rfc reference in docs by @​wydengyre in https://github.com/btcsuite/btcd/pull/2016
• blockchain, integration, mining, main: Rolling merkle root calculation by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1979
• schnorr: bip-340 compliant verification by @​wydengyre in https://github.com/btcsuite/btcd/pull/2018
• txscript/engine: add execution StepCallback by @​halseth in https://github.com/btcsuite/btcd/pull/1980
• schnorr: bip-340 compliant signing by @​wydengyre in https://github.com/btcsuite/btcd/pull/2022
• main, wire, blockchain, indexers, ffldb: Add pruning by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1971
• chainhash: add support to legacy-marshaled hashes by @​Beerosagos in https://github.com/btcsuite/btcd/pull/2025
• rpcclient: catch shutdown signal when sending RPC requests by @​yyforyongyu in https://github.com/btcsuite/btcd/pull/2028
• integration: add test to check prune status by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/2043
• fix: typos in sighash.go by @​kevinheavey in https://github.com/btcsuite/btcd/pull/2047
• Update LICENSE by @​davidcardenasus in https://github.com/btcsuite/btcd/pull/2045
• blockchain: export CheckSerializedHeight by @​Crypt-iQ in https://github.com/btcsuite/btcd/pull/2051
• fix: default forward port by @​0xEclair in https://github.com/btcsuite/btcd/pull/2038
• Added tests for FutureGetBestBlockHashResult.Receive by @​ClaytonNorthey92 in https://github.com/btcsuite/btcd/pull/2048
• Added test for client.GetChainTxStatsAsync() in rpcclient. by @​ClaytonNorthey92 in https://github.com/btcsuite/btcd/pull/2049
• added tests for GetBestBlockHashAsync by @​ClaytonNorthey92 in https://github.com/btcsuite/btcd/pull/2057
• blockchain, btcjson: Implement getchaintips rpc call by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1918
• Fix typos by @​xiaolou86 in https://github.com/btcsuite/btcd/pull/2064
• Fix typos on signature.go by @​EvanTedesco in https://github.com/btcsuite/btcd/pull/2065
• schnorr: simplify some signing math by @​wydengyre in https://github.com/btcsuite/btcd/pull/2042
• Correct comments in singature.go by @​jcvernaleo in https://github.com/btcsuite/btcd/pull/2067
• blockchain: Add ancestor optimization to finding Ancestor by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1688
• Update petertodd seed DNS to .net by @​petertodd in https://github.com/btcsuite/btcd/pull/2069
• wire, netsync: change isSyncCandidate behavior by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/2035
• make: add install and release-install goals by @​guggero in https://github.com/btcsuite/btcd/pull/1890
• chainhash, wire, btcutil, main: Memory efficient txhash by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1978
• blockchain, cmd, netsync, main: Add utxocache by @​kcalvinalvin in https://github.com/btcsuite/btcd/pull/1955
• btcutil: update to chaincfg/chainhash/v1.1.0 by @​Roasbeef in https://github.com/btcsuite/btcd/pull/2072
• fix: enhance code comments by @​threewebcode in https://github.com/btcsuite/btcd/pull/2074
• multi: update main package and btcutil to chainhash/v1.1.0, use optimized dsha256 by @​Roasbeef in https://github.com/btcsuite/btcd/pull/2075
• doc: correct comments by @​bodhi-crypo in https://github.com/btcsuite/btcd/pull/2076
• rpctest: integration test harness fixes by @​guggero in https://github.com/btcsuite/btcd/pull/2071
• btcutil: reuse serialized tx during TxHash by @​Roasbeef in https://github.com/btcsuite/btcd/pull/2081
• wire: only borrow/return binaryFreeList buffers at the message level by @​Roasbeef in https://github.com/btcsuite/btcd/pull/2073
• build: create btcd v0.24 release branch by @​Roasbeef in https://github.com/btcsuite/btcd/pull/2082

New Contributors

• @​guiand888 made their first contribution in https://github.com/btcsuite/btcd/pull/1925
• @​hxw made their first contribution in https://github.com/btcsuite/btcd/pull/1576
• @​jagottsicher made their first contribution in https://github.com/btcsuite/btcd/pull/1938
• @​hristog made their first contribution in https://github.com/btcsuite/btcd/pull/1944
• @​martonp made their first contribution in https://github.com/btcsuite/btcd/pull/1956
• @​LindenWang01 made their first contribution in https://github.com/btcsuite/btcd/pull/1952
• @​ziggie1984 made their first contribution in https://github.com/btcsuite/btcd/pull/1964
• @​hieblmi made their first contribution in https://github.com/btcsuite/btcd/pull/1957
• @​GeorgeTsagk made their first contribution in https://github.com/btcsuite/btcd/pull/1879
• @​cuishuang made their first contribution in https://github.com/btcsuite/btcd/pull/1998
• @​C-Otto made their first contribution in https://github.com/btcsuite/btcd/pull/1996
• @​0xEclair made their first contribution in https://github.com/btcsuite/btcd/pull/2006
• @​wydengyre made their first contribution in https://github.com/btcsuite/btcd/pull/2016
• @​Beerosagos made their first contribution in https://github.com/btcsuite/btcd/pull/2025
• @​kevinheavey made their first contribution in https://github.com/btcsuite/btcd/pull/2047
• @​davidcardenasus made their first contribution in https://github.com/btcsuite/btcd/pull/2045
• @​ClaytonNorthey92 made their first contribution in https://github.com/btcsuite/btcd/pull/2048
• @​xiaolou86 made their first contribution in https://github.com/btcsuite/btcd/pull/2064
• @​EvanTedesco made their first contribution in https://github.com/btcsuite/btcd/pull/2065
• @​petertodd made their first contribution in https://github.com/btcsuite/btcd/pull/2069
• @​threewebcode made their first contribution in https://github.com/btcsuite/btcd/pull/2074
• @​bodhi-crypo made their first contribution in https://github.com/btcsuite/btcd/pull/2076

Full Changelog: btcsuite/btcd@v0.23.4...v0.24.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box