Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump-up CometBFT to v0.37.2 #4

Open
wants to merge 19 commits into
base: release/v0.37.2-bianjie
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
4cbca75
Fix `TestStateOversizedBlock` (backport #755) (#765)
mergify[bot] Apr 27, 2023
9267594
v0.37 pubsub: Handle big ints (#771)
jmalicevic May 3, 2023
38ab766
Struct `Client` exposes sensitive data (#784) (#787)
mergify[bot] May 4, 2023
72fa535
Unsafe int cast in `kill` command (backport #783) (#793)
mergify[bot] May 4, 2023
8d28044
build(deps): Bump bufbuild/buf-setup-action from 1.17.0 to 1.18.0 (#814)
dependabot[bot] May 8, 2023
2e13f73
rpc: Remove response data from response failure logs (backport #829) …
mergify[bot] May 16, 2023
7bcca5c
build(deps): Bump slackapi/slack-github-action from 1.23.0 to 1.24.0 …
dependabot[bot] May 25, 2023
92f900f
build(deps): Bump bufbuild/buf-setup-action from 1.18.0 to 1.19.0 (#867)
dependabot[bot] May 25, 2023
6c94617
build(deps): Bump bufbuild/buf-setup-action from 1.19.0 to 1.20.0 (#911)
dependabot[bot] Jun 5, 2023
587522f
v0.37.x: Prevent a transaction to appear twice in the mempool (backpo…
mergify[bot] Jun 7, 2023
9cbdef8
e2e: Generate prometheus.yaml on setup (#954) (#957)
mergify[bot] Jun 13, 2023
e45db5d
build(deps): Bump bufbuild/buf-setup-action from 1.20.0 to 1.21.0 (#936)
dependabot[bot] Jun 13, 2023
3f62405
build(deps): Bump docker/login-action from 2.1.0 to 2.2.0 (#937)
dependabot[bot] Jun 13, 2023
79f182b
build(deps): Bump docker/setup-buildx-action from 2.5.0 to 2.7.0 (#958)
dependabot[bot] Jun 13, 2023
3e6b456
build(deps): Bump docker/build-push-action from 4.0.0 to 4.1.1 (#959)
dependabot[bot] Jun 13, 2023
4f04b67
Add requirement for `CheckTx` in ABCI spec (backport #928) (#965)
mergify[bot] Jun 14, 2023
9a453da
fix: avoid recursive call after rename to (*PeerState).MarshalJSON (#…
mergify[bot] Jun 14, 2023
fe45483
Release v0.37.2 (#972)
thanethomson Jun 14, 2023
22b12f6
Merge branch 'cometbft/v0.37.2' into yuandu/v0.37.2-bianjie
taramakage Aug 24, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
- `[state/kvindex]` Querying event attributes that are bigger than int64 is now
enabled. We are not supporting reading floats from the db into the indexer
nor parsing them into BigFloats to not introduce breaking changes in minor
releases. ([\#771](https://github.com/cometbft/cometbft/pull/771))
4 changes: 4 additions & 0 deletions .changelog/v0.37.2/bug-fixes/771-pubsub-parsing-big-ints.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
- `[pubsub]` Pubsub queries are now able to parse big integers (larger than
int64). Very big floats are also properly parsed into very big integers
instead of being truncated to int64.
([\#771](https://github.com/cometbft/cometbft/pull/771))
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- `[rpc]` Remove response data from response failure logs in order
to prevent large quantities of log data from being produced
([\#654](https://github.com/cometbft/cometbft/issues/654))
3 changes: 3 additions & 0 deletions .changelog/v0.37.2/security-fixes/787-rpc-client-pw.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC
client credentials from being inadvertently dumped to logs
([\#787](https://github.com/cometbft/cometbft/pull/787))
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in
`debug kill` command ([\#793](https://github.com/cometbft/cometbft/pull/793))
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- `[consensus]` **Low severity** - Avoid recursive call after rename to
`(*PeerState).MarshalJSON`
([\#863](https://github.com/cometbft/cometbft/pull/863))
3 changes: 3 additions & 0 deletions .changelog/v0.37.2/security-fixes/890-mempool-fix-cache.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from
appearing twice in the mempool
([\#890](https://github.com/cometbft/cometbft/pull/890): @otrack)
4 changes: 4 additions & 0 deletions .changelog/v0.37.2/summary.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
*June 14, 2023*

Provides several minor bug fixes, as well as fixes for several low-severity
security issues.
6 changes: 3 additions & 3 deletions .github/workflows/cometbft-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,17 +41,17 @@ jobs:
platforms: all

- name: Set up Docker Build
uses: docker/setup-buildx-action@v2.5.0
uses: docker/setup-buildx-action@v2.7.0

- name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v2.1.0
uses: docker/login-action@v2.2.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Publish to Docker Hub
uses: docker/build-push-action@v4.0.0
uses: docker/build-push-action@v4.1.1
with:
context: .
file: ./DOCKER/Dockerfile
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-long-37x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on failure
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/e2e-nightly-34x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on failure
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand All @@ -84,7 +84,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on success
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-nightly-37x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on failure
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/e2e-nightly-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on failure
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand All @@ -73,7 +73,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on success
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/fuzz-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack on failure
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack upon pre-release
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/proto-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
timeout-minutes: 5
steps:
- uses: actions/checkout@v3
- uses: bufbuild/buf-setup-action@v1.17.0
- uses: bufbuild/buf-setup-action@v1.21.0
- uses: bufbuild/buf-lint-action@v1
with:
input: 'proto'
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Notify Slack upon release
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@v1.24.0
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/testapp-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,17 +41,17 @@ jobs:
platforms: all

- name: Set up Docker Build
uses: docker/setup-buildx-action@v2.5.0
uses: docker/setup-buildx-action@v2.7.0

- name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v2.1.0
uses: docker/login-action@v2.2.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Publish to Docker Hub
uses: docker/build-push-action@v4.0.0
uses: docker/build-push-action@v4.1.1
with:
context: .
file: ./test/e2e/docker/Dockerfile
Expand Down
38 changes: 38 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,43 @@
# CHANGELOG

## v0.37.2

*June 14, 2023*

Provides several minor bug fixes, as well as fixes for several low-severity
security issues.

### BUG FIXES

- `[state/kvindex]` Querying event attributes that are bigger than int64 is now
enabled. We are not supporting reading floats from the db into the indexer
nor parsing them into BigFloats to not introduce breaking changes in minor
releases. ([\#771](https://github.com/cometbft/cometbft/pull/771))
- `[pubsub]` Pubsub queries are now able to parse big integers (larger than
int64). Very big floats are also properly parsed into very big integers
instead of being truncated to int64.
([\#771](https://github.com/cometbft/cometbft/pull/771))

### IMPROVEMENTS

- `[rpc]` Remove response data from response failure logs in order
to prevent large quantities of log data from being produced
([\#654](https://github.com/cometbft/cometbft/issues/654))

### SECURITY FIXES

- `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC
client credentials from being inadvertently dumped to logs
([\#787](https://github.com/cometbft/cometbft/pull/787))
- `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in
`debug kill` command ([\#793](https://github.com/cometbft/cometbft/pull/793))
- `[consensus]` **Low severity** - Avoid recursive call after rename to
`(*PeerState).MarshalJSON`
([\#863](https://github.com/cometbft/cometbft/pull/863))
- `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from
appearing twice in the mempool
([\#890](https://github.com/cometbft/cometbft/pull/890): @otrack)

## v0.37.1

*April 26, 2023*
Expand Down
6 changes: 3 additions & 3 deletions cmd/cometbft/commands/debug/kill.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ $ cometbft debug 34255 /path/to/cmt-debug.zip`,
}

func killCmdHandler(cmd *cobra.Command, args []string) error {
pid, err := strconv.ParseUint(args[0], 10, 64)
pid, err := strconv.Atoi(args[0])
if err != nil {
return err
}
Expand Down Expand Up @@ -100,7 +100,7 @@ func killCmdHandler(cmd *cobra.Command, args []string) error {
// is tailed and piped to a file under the directory dir. An error is returned
// if the output file cannot be created or the tail command cannot be started.
// An error is not returned if any subsequent syscall fails.
func killProc(pid uint64, dir string) error {
func killProc(pid int, dir string) error {
// pipe STDERR output from tailing the CometBFT process to a file
//
// NOTE: This will only work on UNIX systems.
Expand All @@ -123,7 +123,7 @@ func killProc(pid uint64, dir string) error {
go func() {
// Killing the CometBFT process with the '-ABRT|-6' signal will result in
// a goroutine stacktrace.
p, err := os.FindProcess(int(pid))
p, err := os.FindProcess(pid)
if err != nil {
fmt.Fprintf(os.Stderr, "failed to find PID to kill CometBFT process: %s", err)
} else if err = p.Signal(syscall.SIGABRT); err != nil {
Expand Down
3 changes: 2 additions & 1 deletion consensus/reactor.go
Original file line number Diff line number Diff line change
Expand Up @@ -1067,7 +1067,8 @@ func (ps *PeerState) MarshalJSON() ([]byte, error) {
ps.mtx.Lock()
defer ps.mtx.Unlock()

return cmtjson.Marshal(ps)
type jsonPeerState PeerState
return cmtjson.Marshal((*jsonPeerState)(ps))
}

// GetHeight returns an atomic snapshot of the PeerRoundState's height
Expand Down
30 changes: 30 additions & 0 deletions consensus/reactor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/cometbft/cometbft/crypto/tmhash"
"github.com/cometbft/cometbft/libs/bits"
"github.com/cometbft/cometbft/libs/bytes"
"github.com/cometbft/cometbft/libs/json"
"github.com/cometbft/cometbft/libs/log"
cmtsync "github.com/cometbft/cometbft/libs/sync"
mempl "github.com/cometbft/cometbft/mempool"
Expand Down Expand Up @@ -1005,3 +1006,32 @@ func TestVoteSetBitsMessageValidateBasic(t *testing.T) {
})
}
}

func TestMarshalJSONPeerState(t *testing.T) {
ps := NewPeerState(nil)
data, err := json.Marshal(ps)
require.NoError(t, err)
require.JSONEq(t, `{
"round_state":{
"height": "0",
"round": -1,
"step": 0,
"start_time": "0001-01-01T00:00:00Z",
"proposal": false,
"proposal_block_part_set_header":
{"total":0, "hash":""},
"proposal_block_parts": null,
"proposal_pol_round": -1,
"proposal_pol": null,
"prevotes": null,
"precommits": null,
"last_commit_round": -1,
"last_commit": null,
"catchup_commit_round": -1,
"catchup_commit": null
},
"stats":{
"votes":"0",
"block_parts":"0"}
}`, string(data))
}
Loading