`sanitize` could be misused in two ways:
* accidentally modifying the addresses in the address book itself
* forgetting to sanitize new fields added to `MetaAddr`
This change prevents accidental modification by taking `&self`, and
explicitly creates a new sanitized `MetaAddr` with all fields listed.
* Create CODE_OF_CONDUCT.md
Starting with the zcashd CoC and the Rust CoC
* Update CODE_OF_CONDUCT.md
* Update contact email
Co-authored-by: Jane Lusby <jlusby42@gmail.com>
* Remove redundant contact line
Co-authored-by: Jane Lusby <jlusby42@gmail.com>
* cleanup code of conduct
* move the email link to be consistent with rustlangs
* Apply suggestions from code review
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
* Update CODE_OF_CONDUCT.md
remove forums from the list of official Zcash Foundation venues as the forums already have their own CoC
Co-authored-by: Jane Lusby <jlusby42@gmail.com>
Co-authored-by: Jane Lusby <jane@zfnd.org>
Co-authored-by: Pili Guerra <mpguerra@users.noreply.github.com>
* propose a v5 transaction rfc
* define orchard flags
* Update test sections
* Add security section
* move some code into sapling and orchard crates, do renames
* Move sapling value balance into shielded data
* Add AuthorizedAction type
* Order fields based on last serialized data
* Add the proofsOrchard field
* Delete visibility modifiers for readability
All those `pub`s make the design harder to read.
* Model anchor variants as generic trait types
* Be specific about the network upgrade
* Specify a file for each new type
* Document how the Orchard flags are used
Co-authored-by: teor <teor@riseup.net>
Zebra's latest alpha checkpoints on Canopy activation, continues our work on NU5, and fixes a security issue.
Some notable changes include:
## Added
- Log address book metrics when PeerSet or CandidateSet don't have many peers (#1906)
- Document test coverage workflow (#1919)
- Add a final job to CI, so we can easily require all the CI jobs to pass (#1927)
## Changed
- Zebra has moved its mandatory checkpoint from Sapling to Canopy (#1898, #1926)
- This is a breaking change for users that depend on the exact height of the mandatory checkpoint.
## Fixed
- tower-batch: wake waiting workers on close to avoid hangs (#1908)
- Assert that pre-Canopy blocks use checkpointing (#1909)
- Fix CI disk space usage by disabling incremental compilation in coverage builds (#1923)
## Security
- Stop relying on unchecked length fields when preallocating vectors (#1925)
Zebra already uses `Read::take` to enforce message, body, and block
maximum sizes.
So using `Read::take` on untrusted sizes can result in short reads,
without a corresponding `UnexpectedEof` error. (The old code was
correct, but copying it elsewhere would have been risky.)
Zebra believes the untrusted `JoinSplit` list size field when
deserializing `JoinSplit`s, and preallocates a `Vec` based on that size.
This is trivial a memory exhaustion attack.
Instead, use the current auto-growing implementation, which is limited
by the size of the message data.
teor
Deirdre Connolly
Deirdre Connolly
Alfredo Garcia
dependabot[bot]
Jane Lusby