zcashd release 5.4.2

Notable changes =============== This hotfix remediates memory exhaustion vulnerabilities that zcashd inherited as a fork of bitcoind. These bugs could allow an attacker to use peer-to-peer messages to fill the memory of a node, resulting in a crash. -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEX8Nd8pnYcf0pobEL9FXpuSAjoYsFAmP1DKQACgkQ9FXpuSAj oYt2jQv+IurleLqEbtBW2ajDYDIkcMu+asEtHCk3B6GELykKaFMgHYTffFBmuyJ+ 5GdoX685Rn6r8BxK6K1u129A9ztY7K0JpVeDA75tN5WLBj9twLdNaODfCLg5EjlZ UtxTNnynQ0MX5Uv7pt1DAM+++OKYujUHypaajgZ9ttqpSHZl3Z2ye0/HFEc4023p VH13CvU/3R4JLkFENi49rbS49LFfVuQrhAQoOPlCf3xoWbUYIdmWWZa/HOJV3g0e 3mqC+rhz97GVylLI4LJrm3v0tLeEUIuu+fdAziWfuWrBlB4jQ5p4L5trDHiQoqWB 5Qt5tjJKHHLnHHSyLcFFaes12tjPfrn9PBxYDPyfFAHIGf0WEiy36+6G5P7jpjYj OXLAmBPBIRBgZf9LJIHrgvqQynfGe9vaWgCArWWgSC8wZ2hWlM7pZRhCe+uw35R1 e5AfZjvbXj6gR+1631Mhl84e6xkGXe24szzuZDrUCqLBJpTb1JNLRh1OtT8zDN0t MfKtnE3W =AXAQ -----END PGP SIGNATURE----- Merge tag 'v5.4.2' into hotfix-v5.4.2 zcashd release 5.4.2 Notable changes =============== This hotfix remediates memory exhaustion vulnerabilities that zcashd inherited as a fork of bitcoind. These bugs could allow an attacker to use peer-to-peer messages to fill the memory of a node, resulting in a crash.
2023-03-13 06:19:46 -06:00 · 2023-03-13 06:19:46 -06:00 · ec88817b72
parent 1b2d994a39 b1fd336f8f
commit ec88817b72
13 changed files with 63 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-Zcash 5.4.1
+Zcash 5.4.2
 <img align="right" width="120" height="80" src="doc/imgs/logo.png">
 ===========

--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N)
 AC_PREREQ([2.60])
 define(_CLIENT_VERSION_MAJOR, 5)
 define(_CLIENT_VERSION_MINOR, 4)
-define(_CLIENT_VERSION_REVISION, 1)
+define(_CLIENT_VERSION_REVISION, 2)
 define(_CLIENT_VERSION_BUILD, 50)
 define(_ZC_BUILD_VAL, m4_if(m4_eval(_CLIENT_VERSION_BUILD < 25), 1, m4_incr(_CLIENT_VERSION_BUILD), m4_eval(_CLIENT_VERSION_BUILD < 50), 1, m4_eval(_CLIENT_VERSION_BUILD - 24), m4_eval(_CLIENT_VERSION_BUILD == 50), 1, , m4_eval(_CLIENT_VERSION_BUILD - 50)))
 define(_CLIENT_VERSION_SUFFIX, m4_if(m4_eval(_CLIENT_VERSION_BUILD < 25), 1, _CLIENT_VERSION_REVISION-beta$1, m4_eval(_CLIENT_VERSION_BUILD < 50), 1, _CLIENT_VERSION_REVISION-rc$1, m4_eval(_CLIENT_VERSION_BUILD == 50), 1, _CLIENT_VERSION_REVISION, _CLIENT_VERSION_REVISION-$1)))
--- a/contrib/debian/changelog
+++ b/contrib/debian/changelog
@ -1,3 +1,9 @@
+zcash (5.4.2) stable; urgency=high
+
+  * 5.4.2 release.
+
+ -- Electric Coin Company <team@electriccoin.co>  Mon, 20 Feb 2023 20:04:31 -0700
+
 zcash (5.4.1) stable; urgency=medium

  * 5.4.1 release.
--- a/contrib/gitian-descriptors/gitian-linux-parallel.yml
+++ b/contrib/gitian-descriptors/gitian-linux-parallel.yml
@ -1,5 +1,5 @@
 ---
-name: "zcash-5.4.1"
+name: "zcash-5.4.2"
 enable_cache: true
 distro: "debian"
 suites:
--- a/contrib/gitian-descriptors/gitian-linux.yml
+++ b/contrib/gitian-descriptors/gitian-linux.yml
@ -1,5 +1,5 @@
 ---
-name: "zcash-5.4.1"
+name: "zcash-5.4.2"
 enable_cache: true
 distro: "debian"
 suites:
--- a/doc/authors.md
+++ b/doc/authors.md
@ -2,13 +2,13 @@ Zcash Contributors
 ==================

 Jack Grigg (1297)
-Kris Nuttycombe (618)
+Kris Nuttycombe (622)
 Simon Liu (460)
 Sean Bowe (389)
-Daira Hopwood (376)
+Daira Hopwood (379)
 Eirik Ogilvie-Wigley (216)
 Wladimir J. van der Laan (159)
-Pieter Wuille (143)
+Pieter Wuille (146)
 Alfredo Garcia (120)
 Taylor Hornby (118)
 Marshall Gaucher (118)
@ -17,7 +17,7 @@ Marco Falke (90)
 Jonas Schnelli (90)
 Jay Graber (89)
 Larry Ruane (88)
-Greg Pfeil (83)
+Greg Pfeil (84)
 Cory Fields (78)
 sasha (62)
 Matt Corallo (61)
--- a/doc/man/zcash-cli.1
+++ b/doc/man/zcash-cli.1
@ -1,9 +1,9 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASH-CLI "1" "February 2023" "zcash-cli v5.4.1" "User Commands"
+.TH ZCASH-CLI "1" "February 2023" "zcash-cli v5.4.2" "User Commands"
 .SH NAME
-zcash-cli \- manual page for zcash-cli v5.4.1
+zcash-cli \- manual page for zcash-cli v5.4.2
 .SH DESCRIPTION
-Zcash RPC client version v5.4.1
+Zcash RPC client version v5.4.2
 .PP
 In order to ensure you are adequately protecting your privacy when using Zcash,
 please see <https://z.cash/support/security/>.
--- a/doc/man/zcash-tx.1
+++ b/doc/man/zcash-tx.1
@ -1,9 +1,9 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASH-TX "1" "February 2023" "zcash-tx v5.4.1" "User Commands"
+.TH ZCASH-TX "1" "February 2023" "zcash-tx v5.4.2" "User Commands"
 .SH NAME
-zcash-tx \- manual page for zcash-tx v5.4.1
+zcash-tx \- manual page for zcash-tx v5.4.2
 .SH DESCRIPTION
-Zcash zcash\-tx utility version v5.4.1
+Zcash zcash\-tx utility version v5.4.2
 .SS "Usage:"
 .TP
 zcash\-tx [options] <hex\-tx> [commands]
--- a/doc/man/zcashd-wallet-tool.1
+++ b/doc/man/zcashd-wallet-tool.1
@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASHD-WALLET-TOOL "1" "February 2023" "zcashd-wallet-tool v5.4.1" "User Commands"
+.TH ZCASHD-WALLET-TOOL "1" "February 2023" "zcashd-wallet-tool v5.4.2" "User Commands"
 .SH NAME
-zcashd-wallet-tool \- manual page for zcashd-wallet-tool v5.4.1
+zcashd-wallet-tool \- manual page for zcashd-wallet-tool v5.4.2
 .SH SYNOPSIS
 .B zcashd-wallet-tool
 [\fI\,OPTIONS\/\fR]
--- a/doc/man/zcashd.1
+++ b/doc/man/zcashd.1
@ -1,9 +1,9 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.1.
-.TH ZCASHD "1" "February 2023" "zcashd v5.4.1" "User Commands"
+.TH ZCASHD "1" "February 2023" "zcashd v5.4.2" "User Commands"
 .SH NAME
-zcashd \- manual page for zcashd v5.4.1
+zcashd \- manual page for zcashd v5.4.2
 .SH DESCRIPTION
-Zcash Daemon version v5.4.1
+Zcash Daemon version v5.4.2
 .PP
 In order to ensure you are adequately protecting your privacy when using Zcash,
 please see <https://z.cash/support/security/>.
--- a/doc/release-notes/release-notes-5.4.2.md
+++ b/doc/release-notes/release-notes-5.4.2.md
@ -0,0 +1,36 @@
+Notable changes
+===============
+
+This hotfix remediates memory exhaustion vulnerabilities that zcashd inherited
+as a fork of bitcoind. These bugs could allow an attacker to use peer-to-peer
+messages to fill the memory of a node, resulting in a crash.
+
+
+Changelog
+=========
+
+Daira Hopwood (3):
+      Enable a CRollingBloomFilter to be reset to a state where it takes little memory.
+      Ensure that CNode::{addrKnown, filterInventoryKnown} immediately take little memory when we disconnect the node.
+      Improve the encapsulation of `CNode::filterInventoryKnown`.
+
+Greg Pfeil (1):
+      Remove `ResetRequestCount`
+
+Jon Atack (1):
+      p2p, rpc, test: address rate-limiting follow-ups
+
+Kris Nuttycombe (4):
+      Update release notes for v5.3.3 hotfix
+      Postpone dependency updates for v5.4.2 hotfix.
+      make-release.py: Versioning changes for 5.4.2.
+      make-release.py: Updated manpages for 5.4.2.
+
+Matt Corallo (1):
+      Remove useless mapRequest tracking that just effects Qt display.
+
+Pieter Wuille (3):
+      Rate limit the processing of incoming addr messages
+      Randomize the order of addr processing
+      Add logging and addr rate limiting statistics
+
--- a/qa/zcash/postponed-updates.txt
+++ b/qa/zcash/postponed-updates.txt
@ -19,4 +19,4 @@ native_clang 15.0.7 2023-04-30
 leveldb 1.23 2023-06-01

 # We're never updating to this version
-bdb 18.1.40 2024-02-01
+bdb 18.1.40 2024-03-01
--- a/src/clientversion.h
+++ b/src/clientversion.h
@ -17,7 +17,7 @@
 //! These need to be macros, as clientversion.cpp's and bitcoin*-res.rc's voodoo requires it
 #define CLIENT_VERSION_MAJOR 5
 #define CLIENT_VERSION_MINOR 4
-#define CLIENT_VERSION_REVISION 1
+#define CLIENT_VERSION_REVISION 2
 #define CLIENT_VERSION_BUILD 50

 //! Set to true for release, false for prerelease or test build