Addresses https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13132 and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166
Update zmq to 4.3.4 #22961
pull gruve-p wants to merge 1 commits into bitcoin:master from gruve-p:zmq-update changing 2 files +3 −3-
gruve-p commented at 7:53 AM on September 13, 2021: contributor
- MarcoFalke added the label DrahtBot Guix build requested on Sep 13, 2021
-
in depends/packages/zeromq.mk:5 in be2f415b44 outdated
0 | @@ -1,8 +1,8 @@ 1 | package=zeromq 2 | -$(package)_version=4.3.1 3 | +$(package)_version=4.3.4 4 | $(package)_download_path=https://github.com/zeromq/libzmq/releases/download/v$($(package)_version)/ 5 | $(package)_file_name=$(package)-$($(package)_version).tar.gz 6 | -$(package)_sha256_hash=bcbabe1e2c7d0eec4ed612e10b94b112dd5f06fcefa994a0c79a45d835cd21eb 7 | +$(package)_sha256_hash=c593001a89f5a85dd2ddf564805deb860e02471171b3f204944857336295c3e5
fanquake commented at 8:06 AM on September 13, 2021:The trailing whitespace here will not only trip up the CI linter, but the package will fail to download at all. How was this tested?
gruve-p commented at 8:11 AM on September 13, 2021:This was tested locally on another machine, will remove the trailing whitespace
fanquake commented at 8:07 AM on September 13, 2021: memberDo these effect us? We been building with CURVE authentication disabled since we updated ZeroMQ in depends to 4.1.5.
MarcoFalke commented at 8:32 AM on September 13, 2021: memberPlease squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits
Update zmq to 4.3.4 7552bae445gruve-p force-pushed on Sep 13, 2021hebasto commented at 11:17 AM on September 13, 2021: memberDo these effect us? We been building with CURVE authentication disabled since we updated ZeroMQ in depends to 4.1.5.
From the CVE descriptions I see no point in the
libzmqupdate.MarcoFalke commented at 11:24 AM on September 13, 2021: memberAre there other fixes that make the update worthwhile?
gruve-p commented at 5:52 PM on September 13, 2021: contributorFeel free to close this PR if you see no point in the update
DrahtBot commented at 8:34 PM on September 13, 2021: member<!--e57a25ab6845829454e8d69fc972939a-->
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
<!--174a7506f384e20aa4161008e828411d-->
Conflicts
Reviewers, this pull request conflicts with the following ones:
- #22555 (build: Fix
make apkfor Android w/ non-default SOURCES_PATH in depends by hebasto) - #22552 (build: Improve depends build system robustness by hebasto)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
DrahtBot commented at 10:59 AM on September 14, 2021: member<!--9cd9c72976c961c55c7acef8f6ba82cd-->
Guix builds
DrahtBot removed the label DrahtBot Guix build requested on Sep 14, 2021DrahtBot added the label Build system on Sep 14, 2021laanwj commented at 1:54 PM on September 16, 2021: memberI don't think it makes sense to track minor relases of a library here, if the changes don't affect our usage.
gruve-p closed this on Sep 20, 2021gruve-p deleted the branch on Nov 30, 2021DrahtBot locked this on Nov 30, 2022Labels
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-01 15:14 UTC
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-01 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me
More mirrored repositories can be found on mirror.b10c.me