fix(blocksync): backport upstream PR #5863 (v0.38.x)#58
Draft
UnbornAztecKing wants to merge 4 commits into
Draft
fix(blocksync): backport upstream PR #5863 (v0.38.x)#58UnbornAztecKing wants to merge 4 commits into
UnbornAztecKing wants to merge 4 commits into
Conversation
…t (backport cometbft#5860) (cometbft#5863) --- Adds additional validation to blocksync, ensuring _before response unmarshalling_ that we have made a `BlockRequest` to the peer that is sending us a `BlockResponse` recently, and also that the response contains a valid amount of commit signatures (not > MaxVoteCount). To do this preunmarshal validation, we have added a `MsgBytesFilter` interface that `Reactors` can implement. Currently only `BLOCKSYNC` does. The `FilterMsgBytes` function is called for both comet P2P and libp2p implementations, inside of the `onReceive` function when setting up a peer for comet p2p, and inside of `handleStream` for libp2p, just before unmarshalling the message in both. - [x] Tests written/updated - [x] Changelog entry added in `CHANGELOG.md` - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments <hr>This is an automatic backport of pull request cometbft#5860 done by [Mergify](https://mergify.com).
Fixes govulncheck failures GO-2026-5026, GO-2026-4918 (x/net), and GO-2026-4910 (go-git) which were pre-existing in the base branch.
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
Bump google.golang.org/grpc to v1.71.0 (GO-2026-4762) and cosmossdk.io/x/tx to v1.1.0 (GO-2024-3339). Fix pre-existing non-constant format string issues in libs/os/os.go and types/validator_set_test.go that become compile errors under the Go 1.25 toolchain (auto-selected via x/tools upgrade).
![wiz-55df730c58[bot]](https://avatars.githubusercontent.com/b/555999?s=60&v=4){kind=small}
…ile to Go 1.25 - google.golang.org/grpc v1.71.0 → v1.79.3 (GO-2026-4762 fixed in v1.79.3) - github.com/cosmos/cosmos-sdk v0.50.4 → v0.50.11 (GO-2024-3339 call path via libs/log) - btcd v2.3.4 API: ecdsa.SignCompact no longer returns error; update secp256k1.go - test/e2e/docker/Dockerfile: golang:1.21-bullseye → golang:1.25-bullseye (go.mod requires go 1.25.0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of upstream cometbft#5863 onto the dydxprotocol fork.
Cherry-pick provenance:
git cherry-pick -m 1 35ffa9673fromupstream/v0.38.x.Upstream: cometbft#5860 (original), cometbft#5863 (v0.38.x backport).
Tests:
go test ./blocksync/... ./p2p/... -race— all pass.