make-release.py: Updated release notes and changelog for 2.1.0-rc1.
This commit is contained in:
parent
17a70bcd67
commit
fd8004d2bd
|
@ -1,3 +1,9 @@
|
|||
zcash (2.1.0~rc1) stable; urgency=medium
|
||||
|
||||
* 2.1.0-rc1 release.
|
||||
|
||||
-- Electric Coin Company <team@z.cash> Tue, 22 Oct 2019 14:52:02 -0600
|
||||
|
||||
zcash (2.0.7+3) stable; urgency=critical
|
||||
|
||||
* 2.0.7-3 release.
|
||||
|
|
|
@ -0,0 +1,177 @@
|
|||
Notable changes
|
||||
===============
|
||||
|
||||
DoS Mitigation: Mempool Size Limit and Random Drop
|
||||
--------------------------------------------------
|
||||
|
||||
This release adds a mechanism for preventing nodes from running out of memory
|
||||
in the situation where an attacker is trying to overwhelm the network with
|
||||
transactions. This is achieved by keeping track of and limiting the total
|
||||
`cost` and `evictionWeight` of all transactions in the mempool. The `cost` of a
|
||||
transaction is determined by its size in bytes, and its `evictionWeight` is a
|
||||
function of the transaction's `cost` and its fee. The maximum total cost is
|
||||
configurable via the parameter `mempooltxcostlimit` which defaults to
|
||||
80,000,000 (up to 20,000 txs). If a node's total mempool `cost` exceeds this
|
||||
limit the node will evict a random transaction, preferentially picking larger
|
||||
transactions and ones with below the standard fee. To prevent a node from
|
||||
re-accepting evicted transactions, it keeps track of ones that it has evicted
|
||||
recently. By default, a transaction will be considered recently evicted for 60
|
||||
minutes, but this can be configured with the parameter
|
||||
`mempoolevictionmemoryminutes`.
|
||||
|
||||
For full details see ZIP 401.
|
||||
|
||||
Fake chain detection during initial block download
|
||||
--------------------------------------------------
|
||||
|
||||
One of the mechanisms that `zcashd` uses to detect whether it is in "initial
|
||||
block download" (IBD) mode is to compare the active chain's cumulative work
|
||||
against a hard-coded "minimum chain work" value. This mechanism (inherited from
|
||||
Bitcoin Core) means that once a node exits IBD mode, it is either on the main
|
||||
chain, or a fake alternate chain with similar amounts of work. In the latter
|
||||
case, the node has most likely become the victim of a 50% + 1 adversary.
|
||||
|
||||
Starting from this release, `zcashd` additionally hard-codes the block hashes
|
||||
for the activation blocks of each past network upgrade (NU). During initial
|
||||
chain synchronization, and after the active chain has reached "minimum chain
|
||||
work", the node checks the blocks at each NU activation height against the
|
||||
hard-coded hashes. If any of them do not match, the node will immediately alert
|
||||
the user and **shut down for safety**.
|
||||
|
||||
Disabling old Sprout proofs
|
||||
---------------------------
|
||||
|
||||
As part of our ongoing work to clean up the codebase and minimise the security
|
||||
surface of `zcashd`, we are removing `libsnark` from the codebase, and dropping
|
||||
support for creating and verifying old Sprout proofs. Funds stored in Sprout
|
||||
addresses are not affected, as they are spent using the hybrid Sprout circuit
|
||||
(built using `bellman`) that was deployed during the Sapling network upgrade.
|
||||
|
||||
This change has several implications:
|
||||
|
||||
- `zcashd` no longer verifies old Sprout proofs, and will instead assume they
|
||||
are valid. This has a minor implication for nodes: during initial block
|
||||
download, an adversary could feed the node fake blocks containing invalid old
|
||||
Sprout proofs, and the node would accept the fake chain as valid. However,
|
||||
as soon as the active chain contains at least as much work as the hard-coded
|
||||
"minimum chain work" value, the node will detect this situation and shut down.
|
||||
|
||||
- Shielded transactions can no longer be created before Sapling has activated.
|
||||
This does not affect Zcash itself, but will affect downstream codebases that
|
||||
have not yet activated Sapling (or that start a new chain after this point and
|
||||
do not activate Sapling from launch). Note that the old Sprout circuit is
|
||||
[vulnerable to counterfeiting](https://z.cash/support/security/announcements/security-announcement-2019-02-05-cve-2019-7167/)
|
||||
and should not be used in current deployments.
|
||||
|
||||
- Starting from this release, the circuit parameters from the original Sprout
|
||||
MPC are no longer required to start `zcashd`, and will not be downloaded by
|
||||
`fetch-params.sh`. They are not being automatically deleted at this time.
|
||||
|
||||
We would like to take a moment to thank the `libsnark` authors and contributors.
|
||||
It was vital to the success of Zcash, and the development of zero-knowledge
|
||||
proofs in general, to have this code available and usable.
|
||||
|
||||
Changelog
|
||||
=========
|
||||
|
||||
Bryant Eisenbach (2):
|
||||
doc: Change Debian package description
|
||||
doc: Move text prior to "This package provides..."
|
||||
|
||||
Daira Hopwood (4):
|
||||
Remove copyright entries for Autoconf macros that have been deleted.
|
||||
Remove copyright entry for libsnark.
|
||||
Test setting an expiry height of 0.
|
||||
Fix setting an expiry height of 0. fixes #4132
|
||||
|
||||
Eirik Ogilvie-Wigley (33):
|
||||
Wrap metrics message in strprintf
|
||||
DoS protection: Weighted random drop of txs if mempool full
|
||||
Rebuild weighted list on removal and fix size calculation
|
||||
Grammatical fixes
|
||||
Remove transactions when ensuring size limit
|
||||
Help message cleanup and add lock
|
||||
Performance: Store weighted transactions in a tree
|
||||
Fix naming conventions
|
||||
No need to activate Overwinter/Sapling in rpc test
|
||||
Fix recently evicted list size
|
||||
Put size increment and decrement on their own lines
|
||||
Prevent adding duplicate transactions
|
||||
Move duplicate macro to reusable location
|
||||
mempool_limit rpc test cleanup
|
||||
Represent tx costs as signed integers
|
||||
Fix comments
|
||||
Rename variables for consistency
|
||||
Use tx cost rather than evictionWeight when checking mempool capacity
|
||||
Log rather than return error if a transaction is recently evicted
|
||||
Represent recently evicted list as a deque
|
||||
Rename files
|
||||
Update release notes
|
||||
Add test
|
||||
minor rpc test clean up
|
||||
Add explanatory comments
|
||||
Wording and grammatical fixes
|
||||
Update parameter names to match ZIP
|
||||
Clarify the difference between cost and evictionWeight
|
||||
Fix test cases: default mempool limiters
|
||||
Remove dots and underscores from parameter names
|
||||
Use same type when calling max
|
||||
make-release.py: Versioning changes for 2.1.0-rc1.
|
||||
make-release.py: Updated manpages for 2.1.0-rc1.
|
||||
|
||||
Gareth Davies (1):
|
||||
Updating IPFS link for chunking
|
||||
|
||||
Jack Grigg (39):
|
||||
depends: Add FreeBSD to hosts and builders
|
||||
depends: Explicitly set Boost toolchain during configuration
|
||||
depends: Add FreeBSD support to OpenSSL
|
||||
depends: Patch libevent to detect arch4random_addrandom
|
||||
depends: Add FreeBSD Rust binaries
|
||||
depends: Explicitly call Rust install script using bash
|
||||
depends: Use project-config.jam to configure Boost instead of user-config.jam
|
||||
depends: Set PIC flags for FreeBSD
|
||||
Always skip verification for old Sprout proofs
|
||||
Remove ability to create non-Groth16 Sprout JSDescriptions
|
||||
Use Sapling JSDescriptions in Boost tests
|
||||
Remove non-Groth16 Sprout proofs from joinsplit gtests
|
||||
Migrate test utilities to generate Sapling-type Sprout proofs
|
||||
Use Sapling JSDescriptions in gtests
|
||||
Revert "Allow user to ask server to save the Sprout R1CS out during startup."
|
||||
Remove libsnark code for pre-Sapling Sprout proofs
|
||||
Remove pre-Sapling Sprout circuit
|
||||
Revert "configure: Guess -march for libsnark OPTFLAGS instead of hard-coding"
|
||||
Revert "Check if OpenMP is available before using it"
|
||||
Remove libsnark from build system
|
||||
Remove libsnark
|
||||
Remove libgmp
|
||||
Remove libsnark unit tests from full test suite
|
||||
test: Require minimum of Sapling for all RPC tests
|
||||
test: Add Sapling v4 transactions to mininode framework
|
||||
test: Add hashFinalSaplingProxy to create_block
|
||||
test: Update RPC tests to use a minimum of Sapling
|
||||
rpc: Use Sapling transactions in zc_raw_joinsplit
|
||||
depends: Fix crate vendoring path
|
||||
depends: Helper for vendoring new crates
|
||||
depends: Add flag for building with a local librustzcash repo
|
||||
tests: Clean up use of repr() in mininode
|
||||
Remove makeGrothProof argument from JoinSplit::prove
|
||||
Stop fetching old Sprout parameters
|
||||
Add libsnark removal to notable changes
|
||||
Move AbortNode to the top of main.cpp
|
||||
Abort node if NU activations have unexpected hashes
|
||||
Add block hashes for Overwinter, Sapling, and testnet Blossom
|
||||
Update release notes with node abort behaviour
|
||||
|
||||
Larry Ruane (4):
|
||||
insightexplorer: formatting, pyflakes cleanups
|
||||
precompute empty merkle roots
|
||||
update unit tests to compute empty roots
|
||||
access array element using at()
|
||||
|
||||
jeff-liang (1):
|
||||
Display which network the node is running on.
|
||||
|
||||
Benjamin Winston (1):
|
||||
Removed stale seeder, fixing #4153
|
||||
|
Loading…
Reference in New Issue