Merge branch 'cometbft/v0.37.2' into yuandu/v0.37.2-bianjie

bianjieai · Aug 24, 2023 · 22b12f6 · 22b12f6
2 parents 9a0e094 + fe45483
commit 22b12f6
Show file tree

Hide file tree

Showing 46 changed files with 768 additions and 167 deletions.
diff --git a/.changelog/v0.37.2/bug-fixes/771-kvindexer-parsing-big-ints.md b/.changelog/v0.37.2/bug-fixes/771-kvindexer-parsing-big-ints.md
@@ -0,0 +1,4 @@
+- `[state/kvindex]` Querying event attributes that are bigger than int64 is now
+  enabled. We are not supporting reading floats from the db into the indexer
+  nor parsing them into BigFloats to not introduce breaking changes in minor
+  releases. ([\#771](https://github.com/cometbft/cometbft/pull/771))
diff --git a/.changelog/v0.37.2/bug-fixes/771-pubsub-parsing-big-ints.md b/.changelog/v0.37.2/bug-fixes/771-pubsub-parsing-big-ints.md
@@ -0,0 +1,4 @@
+- `[pubsub]` Pubsub queries are now able to parse big integers (larger than
+  int64). Very big floats are also properly parsed into very big integers
+  instead of being truncated to int64.
+  ([\#771](https://github.com/cometbft/cometbft/pull/771))
diff --git a/.changelog/v0.37.2/improvements/654-rpc-rm-response-data-logs.md b/.changelog/v0.37.2/improvements/654-rpc-rm-response-data-logs.md
@@ -0,0 +1,3 @@
+- `[rpc]` Remove response data from response failure logs in order
+  to prevent large quantities of log data from being produced
+  ([\#654](https://github.com/cometbft/cometbft/issues/654))
diff --git a/.changelog/v0.37.2/security-fixes/787-rpc-client-pw.md b/.changelog/v0.37.2/security-fixes/787-rpc-client-pw.md
@@ -0,0 +1,3 @@
+- `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC
+  client credentials from being inadvertently dumped to logs
+  ([\#787](https://github.com/cometbft/cometbft/pull/787))
diff --git a/.changelog/v0.37.2/security-fixes/793-cli-debug-kill-unsafe-cast.md b/.changelog/v0.37.2/security-fixes/793-cli-debug-kill-unsafe-cast.md
@@ -0,0 +1,2 @@
+- `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in
+  `debug kill` command ([\#793](https://github.com/cometbft/cometbft/pull/793))
diff --git a/.changelog/v0.37.2/security-fixes/865-fix-peerstate-marshaljson.md b/.changelog/v0.37.2/security-fixes/865-fix-peerstate-marshaljson.md
@@ -0,0 +1,3 @@
+- `[consensus]` **Low severity** - Avoid recursive call after rename to
+  `(*PeerState).MarshalJSON`
+  ([\#863](https://github.com/cometbft/cometbft/pull/863))
diff --git a/.changelog/v0.37.2/security-fixes/890-mempool-fix-cache.md b/.changelog/v0.37.2/security-fixes/890-mempool-fix-cache.md
@@ -0,0 +1,3 @@
+- `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from
+  appearing twice in the mempool
+  ([\#890](https://github.com/cometbft/cometbft/pull/890): @otrack)
diff --git a/.changelog/v0.37.2/summary.md b/.changelog/v0.37.2/summary.md
@@ -0,0 +1,4 @@
+*June 14, 2023*
+
+Provides several minor bug fixes, as well as fixes for several low-severity
+security issues.
diff --git a/.github/workflows/cometbft-docker.yml b/.github/workflows/cometbft-docker.yml
@@ -41,17 +41,17 @@ jobs:
           platforms: all
 
       - name: Set up Docker Build
-        uses: docker/setup-buildx-action@v2.5.0
+        uses: docker/setup-buildx-action@v2.7.0
 
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2.1.0
+        uses: docker/login-action@v2.2.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v4.1.1
         with:
           context: .
           file: ./DOCKER/Dockerfile

diff --git a/.github/workflows/e2e-long-37x.yml b/.github/workflows/e2e-long-37x.yml
@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/e2e-nightly-34x.yml b/.github/workflows/e2e-nightly-34x.yml
@@ -57,7 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
@@ -84,7 +84,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/e2e-nightly-37x.yml b/.github/workflows/e2e-nightly-37x.yml
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/e2e-nightly-main.yml b/.github/workflows/e2e-nightly-main.yml
@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/fuzz-nightly.yml b/.github/workflows/fuzz-nightly.yml
@@ -76,7 +76,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -57,7 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack upon pre-release
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/proto-lint.yml b/.github/workflows/proto-lint.yml
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1.17.0
+      - uses: bufbuild/buf-setup-action@v1.21.0
       - uses: bufbuild/buf-lint-action@v1
         with:
           input: 'proto'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -56,7 +56,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack upon release
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.24.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

diff --git a/.github/workflows/testapp-docker.yml b/.github/workflows/testapp-docker.yml
@@ -41,17 +41,17 @@ jobs:
           platforms: all
 
       - name: Set up Docker Build
-        uses: docker/setup-buildx-action@v2.5.0
+        uses: docker/setup-buildx-action@v2.7.0
 
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2.1.0
+        uses: docker/login-action@v2.2.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v4.1.1
         with:
           context: .
           file: ./test/e2e/docker/Dockerfile

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,43 @@
 # CHANGELOG
 
+## v0.37.2
+
+*June 14, 2023*
+
+Provides several minor bug fixes, as well as fixes for several low-severity
+security issues.
+
+### BUG FIXES
+
+- `[state/kvindex]` Querying event attributes that are bigger than int64 is now
+  enabled. We are not supporting reading floats from the db into the indexer
+  nor parsing them into BigFloats to not introduce breaking changes in minor
+  releases. ([\#771](https://github.com/cometbft/cometbft/pull/771))
+- `[pubsub]` Pubsub queries are now able to parse big integers (larger than
+  int64). Very big floats are also properly parsed into very big integers
+  instead of being truncated to int64.
+  ([\#771](https://github.com/cometbft/cometbft/pull/771))
+
+### IMPROVEMENTS
+
+- `[rpc]` Remove response data from response failure logs in order
+  to prevent large quantities of log data from being produced
+  ([\#654](https://github.com/cometbft/cometbft/issues/654))
+
+### SECURITY FIXES
+
+- `[rpc/jsonrpc/client]` **Low severity** - Prevent RPC
+  client credentials from being inadvertently dumped to logs
+  ([\#787](https://github.com/cometbft/cometbft/pull/787))
+- `[cmd/cometbft/commands/debug/kill]` **Low severity** - Fix unsafe int cast in
+  `debug kill` command ([\#793](https://github.com/cometbft/cometbft/pull/793))
+- `[consensus]` **Low severity** - Avoid recursive call after rename to
+  `(*PeerState).MarshalJSON`
+  ([\#863](https://github.com/cometbft/cometbft/pull/863))
+- `[mempool/clist_mempool]` **Low severity** - Prevent a transaction from
+  appearing twice in the mempool
+  ([\#890](https://github.com/cometbft/cometbft/pull/890): @otrack)
+
 ## v0.37.1
 
 *April 26, 2023*

diff --git a/cmd/cometbft/commands/debug/kill.go b/cmd/cometbft/commands/debug/kill.go
@@ -33,7 +33,7 @@ $ cometbft debug 34255 /path/to/cmt-debug.zip`,
 }
 
 func killCmdHandler(cmd *cobra.Command, args []string) error {
-	pid, err := strconv.ParseUint(args[0], 10, 64)
+	pid, err := strconv.Atoi(args[0])
 	if err != nil {
 		return err
 	}
@@ -100,7 +100,7 @@ func killCmdHandler(cmd *cobra.Command, args []string) error {
 // is tailed and piped to a file under the directory dir. An error is returned
 // if the output file cannot be created or the tail command cannot be started.
 // An error is not returned if any subsequent syscall fails.
-func killProc(pid uint64, dir string) error {
+func killProc(pid int, dir string) error {
 	// pipe STDERR output from tailing the CometBFT process to a file
 	//
 	// NOTE: This will only work on UNIX systems.
@@ -123,7 +123,7 @@ func killProc(pid uint64, dir string) error {
 	go func() {
 		// Killing the CometBFT process with the '-ABRT|-6' signal will result in
 		// a goroutine stacktrace.
-		p, err := os.FindProcess(int(pid))
+		p, err := os.FindProcess(pid)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "failed to find PID to kill CometBFT process: %s", err)
 		} else if err = p.Signal(syscall.SIGABRT); err != nil {

diff --git a/consensus/reactor.go b/consensus/reactor.go
@@ -1067,7 +1067,8 @@ func (ps *PeerState) MarshalJSON() ([]byte, error) {
 	ps.mtx.Lock()
 	defer ps.mtx.Unlock()
 
-	return cmtjson.Marshal(ps)
+	type jsonPeerState PeerState
+	return cmtjson.Marshal((*jsonPeerState)(ps))
 }
 
 // GetHeight returns an atomic snapshot of the PeerRoundState's height

diff --git a/consensus/reactor_test.go b/consensus/reactor_test.go
@@ -26,6 +26,7 @@ import (
 	"github.com/cometbft/cometbft/crypto/tmhash"
 	"github.com/cometbft/cometbft/libs/bits"
 	"github.com/cometbft/cometbft/libs/bytes"
+	"github.com/cometbft/cometbft/libs/json"
 	"github.com/cometbft/cometbft/libs/log"
 	cmtsync "github.com/cometbft/cometbft/libs/sync"
 	mempl "github.com/cometbft/cometbft/mempool"
@@ -1005,3 +1006,32 @@ func TestVoteSetBitsMessageValidateBasic(t *testing.T) {
 		})
 	}
 }
+
+func TestMarshalJSONPeerState(t *testing.T) {
+	ps := NewPeerState(nil)
+	data, err := json.Marshal(ps)
+	require.NoError(t, err)
+	require.JSONEq(t, `{
+		"round_state":{
+			"height": "0",
+			"round": -1,
+			"step": 0,
+			"start_time": "0001-01-01T00:00:00Z",
+			"proposal": false,
+			"proposal_block_part_set_header":
+				{"total":0, "hash":""},
+			"proposal_block_parts": null,
+			"proposal_pol_round": -1,
+			"proposal_pol": null,
+			"prevotes": null,
+			"precommits": null,
+			"last_commit_round": -1,
+			"last_commit": null,
+			"catchup_commit_round": -1,
+			"catchup_commit": null
+		},
+		"stats":{
+			"votes":"0",
+			"block_parts":"0"}
+		}`, string(data))
+}