From d64de4a905b5b5b62559e9359dddfba801b26ff4 Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Thu, 28 Dec 2023 19:00:00 -0800 Subject: [PATCH 1/5] build: update to btcutil v1.1.5 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 36d4aa21bd..425e6d7f2b 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/btcsuite/btcd require ( github.com/btcsuite/btcd/btcec/v2 v2.1.3 - github.com/btcsuite/btcd/btcutil v1.1.4 + github.com/btcsuite/btcd/btcutil v1.1.5 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd diff --git a/go.sum b/go.sum index 6a2ee39cd8..158e868092 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ github.com/btcsuite/btcd/btcec/v2 v2.1.3 h1:xM/n3yIhHAhHy04z4i43C8p4ehixJZMsnrVJ github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE= github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A= github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE= -github.com/btcsuite/btcd/btcutil v1.1.4 h1:mWvWRLRIPuoeZsVRpc0xNCkfeNxWy1E4jIZ06ZpGI1A= -github.com/btcsuite/btcd/btcutil v1.1.4/go.mod h1:PSZZ4UitpLBWzxGd5VGOrLnmOjtPP/a6HaFo12zMs00= +github.com/btcsuite/btcd/btcutil v1.1.5 h1:+wER79R5670vs/ZusMTF1yTcRYE5GUsFbdjdisflzM8= +github.com/btcsuite/btcd/btcutil v1.1.5/go.mod h1:PSZZ4UitpLBWzxGd5VGOrLnmOjtPP/a6HaFo12zMs00= github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc= github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc= github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ= From bf23715f9090e4d1386a54409262021f6624cb90 Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Sat, 30 Dec 2023 16:08:34 -0800 Subject: [PATCH 2/5] btcd: add SECURITY.md --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..e06625c87a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +The last major `btcd` release is to be considered the current support version. +Given an issue severe enough, a backport will be issued either to the prior +major release or the set of releases considered utilized enough. + +## Reporting a Vulnerability + +To report security issues, send an email to security@lightning.engineering +(this list isn't to be used for support). + +The following key can be used to communicate sensitive information: `91FE 464C +D751 01DA 6B6B AB60 555C 6465 E5BC B3AF`. From 3c2478514f224b14721499386c8efc35c412dba3 Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Thu, 28 Dec 2023 19:01:08 -0800 Subject: [PATCH 3/5] chaincfg: update mainnet block hashes --- chaincfg/params.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/chaincfg/params.go b/chaincfg/params.go index 3b38878b4a..3a7f7661e1 100644 --- a/chaincfg/params.go +++ b/chaincfg/params.go @@ -341,6 +341,9 @@ var MainNetParams = Params{ {691719, newHashFromStr("00000000000000000008a89e854d57e5667df88f1cdef6fde2fbca1de5b639ad")}, {724466, newHashFromStr("000000000000000000052d314a259755ca65944e68df6b12a067ea8f1f5a7091")}, {751565, newHashFromStr("00000000000000000009c97098b5295f7e5f183ac811fb5d1534040adb93cabd")}, + {781565, newHashFromStr("00000000000000000002b8c04999434c33b8e033f11a977b288f8411766ee61c")}, + {800000, newHashFromStr("00000000000000000002a7c4c1e48d76c5a37902165a270156b7a8d72728a054")}, + {810000, newHashFromStr("000000000000000000028028ca82b6aa81ce789e4eb9e0321b74c3cbaf405dd1")}, }, // Consensus rule change deployments. From 8d2ab63e36fd6a58967fa53aa4a1df8b9abe09fd Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Thu, 28 Dec 2023 19:01:42 -0800 Subject: [PATCH 4/5] build: bump version to btcd v0.24 --- version.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.go b/version.go index 19af5b8bd0..d7835910f8 100644 --- a/version.go +++ b/version.go @@ -17,8 +17,8 @@ const semanticAlphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr // versioning 2.0.0 spec (http://semver.org/). const ( appMajor uint = 0 - appMinor uint = 23 - appPatch uint = 3 + appMinor uint = 24 + appPatch uint = 0 // appPreRelease MUST only contain characters from semanticAlphabet // per the semantic versioning spec. From 4ec8f016b99d7295313c1d2b094033daf447ab11 Mon Sep 17 00:00:00 2001 From: Olaoluwa Osuntokun Date: Sat, 30 Dec 2023 16:43:07 -0800 Subject: [PATCH 5/5] rpcclient: fix race condition in `doDisconnect` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In this commit, we fix the following race condition: ``` ================== WARNING: DATA RACE Write at 0x00c000216018 by goroutine 31: github.com/btcsuite/btcd/rpcclient.(*Client).wsReconnectHandler() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:736 +0x2aa github.com/btcsuite/btcd/rpcclient.New·dwrap·13() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1496 +0x39 Previous read at 0x00c000216018 by goroutine 29: github.com/btcsuite/btcd/rpcclient.(*Client).doDisconnect() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1079 +0x247 github.com/btcsuite/btcd/rpcclient.(*Client).Disconnect() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1111 +0x47 github.com/btcsuite/btcd/rpcclient.(*Client).wsInHandler() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:491 +0x1eb github.com/btcsuite/btcd/rpcclient.(*Client).start·dwrap·11() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1181 +0x39 Goroutine 31 (running) created at: github.com/btcsuite/btcd/rpcclient.New() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1496 +0xd77 github.com/btcsuite/btcd/rpcclient.makeClient() /home/runner/work/btcd/btcd/rpcclient/chain_test.go:268 +0x1f9 github.com/btcsuite/btcd/rpcclient.TestClientConnectedToWSServerRunner.func2() /home/runner/work/btcd/btcd/rpcclient/chain_test.go:164 +0x47 testing.tRunner() /opt/hostedtoolcache/go/1.17.5/x64/src/testing/testing.go:1259 +0x22f testing.(*T).Run·dwrap·21() /opt/hostedtoolcache/go/1.17.5/x64/src/testing/testing.go:1306 +0x47 Goroutine 29 (finished) created at: github.com/btcsuite/btcd/rpcclient.(*Client).start() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1181 +0x2e4 github.com/btcsuite/btcd/rpcclient.New() /home/runner/work/btcd/btcd/rpcclient/infrastructure.go:1493 +0xc51 github.com/btcsuite/btcd/rpcclient.makeClient() /home/runner/work/btcd/btcd/rpcclient/chain_test.go:268 +0x1f9 github.com/btcsuite/btcd/rpcclient.TestClientConnectedToWSServerRunner.func2() /home/runner/work/btcd/btcd/rpcclient/chain_test.go:164 +0x47 testing.tRunner() /opt/hostedtoolcache/go/1.17.5/x64/src/testing/testing.go:1259 +0x22f testing.(*T).Run·dwrap·21() /opt/hostedtoolcache/go/1.17.5/x64/src/testing/testing.go:1306 +0x47 ``` This arises as in `wsReconnectHandler`, the mutex isn't held while the `conn` pointer is modified. --- rpcclient/infrastructure.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpcclient/infrastructure.go b/rpcclient/infrastructure.go index cf683db0ca..eddfb77700 100644 --- a/rpcclient/infrastructure.go +++ b/rpcclient/infrastructure.go @@ -733,10 +733,10 @@ out: // Reset the connection state and signal the reconnect // has happened. + c.mtx.Lock() c.wsConn = wsConn c.retryCount = 0 - c.mtx.Lock() c.disconnect = make(chan struct{}) c.disconnected = false c.mtx.Unlock()