Notable changes
===============
This hotfix remediates memory exhaustion vulnerabilities that zcashd inherited
as a fork of bitcoind. These bugs could allow an attacker to use peer-to-peer
messages to fill the memory of a node, resulting in a crash.
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEX8Nd8pnYcf0pobEL9FXpuSAjoYsFAmP1DKQACgkQ9FXpuSAj
oYt2jQv+IurleLqEbtBW2ajDYDIkcMu+asEtHCk3B6GELykKaFMgHYTffFBmuyJ+
5GdoX685Rn6r8BxK6K1u129A9ztY7K0JpVeDA75tN5WLBj9twLdNaODfCLg5EjlZ
UtxTNnynQ0MX5Uv7pt1DAM+++OKYujUHypaajgZ9ttqpSHZl3Z2ye0/HFEc4023p
VH13CvU/3R4JLkFENi49rbS49LFfVuQrhAQoOPlCf3xoWbUYIdmWWZa/HOJV3g0e
3mqC+rhz97GVylLI4LJrm3v0tLeEUIuu+fdAziWfuWrBlB4jQ5p4L5trDHiQoqWB
5Qt5tjJKHHLnHHSyLcFFaes12tjPfrn9PBxYDPyfFAHIGf0WEiy36+6G5P7jpjYj
OXLAmBPBIRBgZf9LJIHrgvqQynfGe9vaWgCArWWgSC8wZ2hWlM7pZRhCe+uw35R1
e5AfZjvbXj6gR+1631Mhl84e6xkGXe24szzuZDrUCqLBJpTb1JNLRh1OtT8zDN0t
MfKtnE3W
=AXAQ
-----END PGP SIGNATURE-----
Merge tag 'v5.4.2' into hotfix-v5.4.2
zcashd release 5.4.2
Notable changes
===============
This hotfix remediates memory exhaustion vulnerabilities that zcashd inherited
as a fork of bitcoind. These bugs could allow an attacker to use peer-to-peer
messages to fill the memory of a node, resulting in a crash.
- We update Windows cross-compile builds to 15.0.7 because binaries are
provided for it, but not currently for any other platform we need.
- We update native x84_64 macOS builds to 15.0.4 because no 15.0.6
binaries are provided, and the 15.0.7 ones appear to be targeted at a
newer Darwin version.
- We keep FreeBSD on 14.0.6 because no Clang 15 binaries are provided,
and as FreeBSD is a Tier 3 platform it doesn't block us from upgrading
the remaining platforms.
Interrupting rpc-tests (e.g., with Ctrl-c) will print a list of the tests that were running when the
interrupt was received. This is useful for identifying tests that aren’t terminating.
For example:
```
wallet_broadcast.py:
Pass: True, Duration: 62 s
.................
zmq_test.py:
Pass: True, Duration: 29 s
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
The following tests were running when interrupted:
• mempool_reorg.py
Traceback (most recent call last):
...
```
`run_tests` now takes a (subclass of) `RPCTestHandler` as its first
argument, and returns `True` if all tests passed instead of calling
`sys.exit`. This enables RPC tests to be run from Python and the
execution of individual tests to be customised:
```python
import importlib
import sys
sys.path.append('qa/pull-tester')
rpc_tests = importlib.import_module('rpc-tests')
src_dir = '.'
build_dir = '.'
exeext = ''
class MyTestHandler(rpc_tests.RPCTestHandler):
def start_test(self, args, stdout, stderr):
print('Starting test!')
return subprocess.Popen(
args,
universal_newlines=True,
stdout=stdout,
stderr=stderr)
test_list = ['test_to_run.py']
all_passed = rpc_tests.run_tests(MyTestHandler, test_list, src_dir, build_dir, exeext)
```
Kris Nuttycombe
Jack Grigg
Kris Nuttycombe
Jack Grigg
Greg Pfeil
Greg Pfeil
Charlie O'Keefe
Daira Hopwood
TrellixVulnTeam
Alfredo Garcia
mdr0id