Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added documentation warnings about DNS rebinding attacks, issue #3841 #3890

Merged

Conversation

Projects
None yet
6 participants
@zebambam
Copy link
Contributor

commented Mar 15, 2019

For AMQP and ZMQP.

@zebambam zebambam requested review from ioptio and mdr0id Mar 15, 2019

@zebambam

This comment has been minimized.

Copy link
Contributor Author

commented Mar 15, 2019

This is the same as before, but squashed, from a proper branch, matching the issue number etc..

@mdr0id

This comment has been minimized.

Copy link
Contributor

commented Mar 15, 2019

utACK

@ioptio

ioptio approved these changes Mar 16, 2019

Copy link
Contributor

left a comment

ack

@mdr0id

This comment has been minimized.

Copy link
Contributor

commented Mar 17, 2019

@zkbot r+

@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 17, 2019

📌 Commit daf97cb has been approved by mdr0id

@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 17, 2019

⌛️ Testing commit daf97cb with merge 0fb94a0...

zkbot added a commit that referenced this pull request Mar 17, 2019

Auto merge of #3890 - zebambam:add_dns_rebinding_warnings_security_38…
…41, r=mdr0id

Added documentation warnings about DNS rebinding attacks, issue #3841

For AMQP and ZMQP.
@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 17, 2019

💔 Test failed - pr-merge

@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 18, 2019

@mdr0id Looks like a transient failure and you can retry.

@zebambam

This comment has been minimized.

Copy link
Contributor Author

commented Mar 18, 2019

This is for issue #3841

@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 18, 2019

The test failed on one of the builders:

[ RUN      ] WalletTests.ClearNoteWitnessCache
wallet/gtest/test_wallet.cpp:1462: Failure
Value of: (bool) saplingWitnesses[1]
  Actual: true
Expected: false
wallet/gtest/test_wallet.cpp:1473: Failure
Value of: (bool) saplingWitnesses[1]
  Actual: true
Expected: false
[  FAILED  ] WalletTests.ClearNoteWitnessCache (3 ms)
@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 18, 2019

@zkbot retry

@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 18, 2019

⌛️ Testing commit daf97cb with merge a6af065...

zkbot added a commit that referenced this pull request Mar 18, 2019

Auto merge of #3890 - zebambam:add_dns_rebinding_warnings_security_38…
…41, r=mdr0id

Added documentation warnings about DNS rebinding attacks, issue #3841

For AMQP and ZMQP.
@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 19, 2019

💔 Test failed - pr-merge

@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 19, 2019

Another transient failure this time with kitchen sink builder.
https://ci.z.cash/#/builders/10/builds/822/steps/7/logs/stdio

@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 19, 2019

@zkbot retry

@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 19, 2019

⌛️ Testing commit daf97cb with merge 2bdc7a8...

zkbot added a commit that referenced this pull request Mar 19, 2019

Auto merge of #3890 - zebambam:add_dns_rebinding_warnings_security_38…
…41, r=mdr0id

Added documentation warnings about DNS rebinding attacks, issue #3841

For AMQP and ZMQP.
@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 19, 2019

💔 Test failed - pr-merge

@str4d str4d added this to the v2.0.4 milestone Mar 19, 2019

@bitcartel

This comment has been minimized.

Copy link
Contributor

commented Mar 19, 2019

@zkbot retry

@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 19, 2019

⌛️ Testing commit daf97cb with merge 6391741...

zkbot added a commit that referenced this pull request Mar 19, 2019

Auto merge of #3890 - zebambam:add_dns_rebinding_warnings_security_38…
…41, r=mdr0id

Added documentation warnings about DNS rebinding attacks, issue #3841

For AMQP and ZMQP.
@zkbot

This comment has been minimized.

Copy link
Collaborator

commented Mar 20, 2019

☀️ Test successful - pr-merge
Approved by: mdr0id
Pushing 6391741 to master...

@zkbot zkbot merged commit daf97cb into zcash:master Mar 20, 2019

1 check passed

homu Test successful
Details

cronicc added a commit to ZencashOfficial/zen that referenced this pull request Apr 3, 2019

Merge pull request #158 from ZencashOfficial/AddressIndexing_development
* update zeromq dependency fixing [CVE-2019-6250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250)
* fix libsodium fall-back dl-path
* `-blockmaxcomplexity` switch, limit transactions to be included into blocks based on block complexity. Block complexity is the sum of transaction complexity per block. Transaction complexity is the number of inputs of a transaction squared. Like -mempooltxinputlimit this switch is intended as a last resort when unable to build blocks fast enough because of poor GBT performance. 0  or negative values means no limit is applied. (default: 0)
* `-deprecatedgetblocktemplate` switch, disable block complexity calculation and use the previous GetBlockTemplate implementation.
* `getblockfinalityindex` RPC method, display contextual confidence value of needed confirmations for block to be considered final, taking into account possible parallel penalized chains
* `getglobaltips` utility RPC method, display known chaintips including possible parallel penalized chains
* additions to the 51% attack prevention implementation adjusting block propagation of penalized chains
* multiple test cases added for all new features
* Backport of zcash/zcash#3897, fixes security issue https://z.cash/support/security/announcements/security-announcement-2019-03-19/ reported to Zcash by Alexis Enston, thanks to the original reporter and the Zcash team for notifying us about the issue!
* Updates to documentation addressing DNS rebinding attacks with ZMQ/AMQP, Zcash PR zcash/zcash#3890, credit to @zebambam.

cronicc added a commit to ZencashOfficial/zen that referenced this pull request Apr 3, 2019

Merge pull request #154 from ZencashOfficial/development
* update zeromq dependency fixing [CVE-2019-6250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250)
* fix libsodium fall-back dl-path
* `-blockmaxcomplexity` switch, limit transactions to be included into blocks based on block complexity. Block complexity is the sum of transaction complexity per block. Transaction complexity is the number of inputs of a transaction squared. Like -mempooltxinputlimit this switch is intended as a last resort when unable to build blocks fast enough because of poor GBT performance. 0  or negative values means no limit is applied. (default: 0)
* `-deprecatedgetblocktemplate` switch, disable block complexity calculation and use the previous GetBlockTemplate implementation.
* `getblockfinalityindex` RPC method, display contextual confidence value of needed confirmations for block to be considered final, taking into account possible parallel penalized chains
* `getglobaltips` utility RPC method, display known chaintips including possible parallel penalized chains
* additions to the 51% attack prevention implementation adjusting block propagation of penalized chains
* multiple test cases added for all new features
* Backport of zcash/zcash#3897, fixes security issue https://z.cash/support/security/announcements/security-announcement-2019-03-19/ reported to Zcash by Alexis Enston, thanks to the original reporter and the Zcash team for notifying us about the issue!
* Updates to documentation addressing DNS rebinding attacks with ZMQP/AMQP, Zcash PR zcash/zcash#3890, credit to @zebambam.

cronicc added a commit to ZencashOfficial/zen that referenced this pull request Apr 8, 2019

Merge pull request #164 from ZencashOfficial/development
* Update zeromq dependency fixing [CVE-2019-6250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250)
* Fix libsodium fall-back dl-path
* `-blockmaxcomplexity` switch, limit transactions to be included into blocks based on block complexity. Block complexity is the sum of transaction complexity per block. Transaction complexity is the number of inputs of a transaction squared. Like -mempooltxinputlimit this switch is intended as a last resort when unable to build blocks fast enough because of poor GBT performance. 0  or negative values means no limit is applied. (default: 0)
* `-deprecatedgetblocktemplate` switch, disable block complexity calculation and use the previous GetBlockTemplate implementation.
* `getblockfinalityindex` RPC method, display contextual confidence value of needed confirmations for block to be considered final, taking into account possible parallel penalized chains
* `getglobaltips` utility RPC method, display known chaintips including possible parallel penalized chains
* Additions to the 51% attack prevention implementation adjusting block propagation of penalized chains
* Multiple test cases added for all new features
* Backport of zcash/zcash#3897, fixes security issue https://z.cash/support/security/announcements/security-announcement-2019-03-19/ reported to Zcash by Alexis Enston, thanks to the original reporter and the Zcash team for notifying us about the issue!
* Updates to documentation addressing DNS rebinding attacks with ZMQ/AMQP, Zcash PR zcash/zcash#3890, credit to @zebambam.
* New mainnet and testnet checkpoint blocks
* Aria2 added to fetch-params.sh DL methods, wget resume support more robust
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.