depends: capnp 1.4.0 #34825

1. 
   fanquake commented at 4:20 am on March 15, 2026: member

   Update capnp in depends to 1.4.0.

   It contains a number of bugfixes, and fixes for 2 CVEs, of which I think only Fix benign(?) buffer overrun in async readMessage() is relevant to us, and it seems to be considered benign:

   This is technically undefined behavior (a buffer overrun), but we suspect that it is benign with all known memory allocators. In C++, a zero-sized allocation (made with operator new(0), as is the case here) is required to return a unique pointer, different from any other such allocation. Because of this, all common memory allocators round up a zero-byte allocation to a word-sized allocation (32-bit or 64-bit, depending on the architecture). The overrun written to this allocation was exactly one pointer in size, so always fits into the actual allocation space.

   Nevertheless, the code is in fact relying on undefined behavior, and it is theoretically possible that some memory allocator implements zero-sized allocations in a way that would make this overrun dangerous.

   See https://github.com/capnproto/capnproto/compare/release-1.3.0...release-1.4.0 for all changes since 1.3.0.

2. depends: capnp 1.4.0 bde35d61f9
3. DrahtBot added the label Build system on Mar 15, 2026
4. 
   DrahtBot commented at 4:20 am on March 15, 2026: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Reviews

   See the guideline for information on the review process.

   Type	Reviewers
   ACK	sedited, janb84, hebasto

   If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

5. fanquake added the label DrahtBot Guix build requested on Mar 15, 2026
6. 
   sedited commented at 11:59 am on March 15, 2026: contributor

   Guix build:

    0aarch64
    1ec62534ffd0203c56d0a1b2104dd55f658e063d0d559c35aab8b64cf6e21d60d  guix-build-bde35d61f930/output/aarch64-linux-gnu/SHA256SUMS.part
    2b6dae771e9d6c0866d9db70e458b438d06486c626871254fa1dab43401fe9b76  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu-debug.tar.gz
    358593cb61f0ac298a1b638de79e20aa522b35e8a55bb8f677169dc5509f7b197  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu.tar.gz
    475442709c1c5f5d4170c8226d38356b64df0f93fdb42d09ad20b3cf04aa44225  guix-build-bde35d61f930/output/arm-linux-gnueabihf/SHA256SUMS.part
    5a400890fd6c67a35cfcf11996e833f6fb17c0080f03b8383b963b8adcada1581  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf-debug.tar.gz
    65342a9de114bbbb269074d5ea76280c6a5517fcec2c1a8d4887ce0823a1fa6cd  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf.tar.gz
    786e40581dd7729de86c2da482e28c3bc2f0d9cd470550b6c31fa05095a438418  guix-build-bde35d61f930/output/arm64-apple-darwin/SHA256SUMS.part
    8b29636ccd95e02024b06fc0524978de4e09ecce3d811f15465092857a6160436  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-codesigning.tar.gz
    9040e388d40cf3b1c6702b36b1191f6702848ad00d2fb73781570046e04e870b9  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.tar.gz
   101fbc643b03c7f6ed98adc62222bb664211ec8a1071c188255faaa8144a4d8ef3  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.zip
   111bc0c82aab27ea4a94aa5ace7e3b19d92bc0396a52ecfb467313f0f7e4ac0488  guix-build-bde35d61f930/output/dist-archive/bitcoin-bde35d61f930.tar.gz
   12c2d3d9ccc9e6983a0394eee921ac4cdf6886a252da22fc2eb752dd405321a36c  guix-build-bde35d61f930/output/powerpc64-linux-gnu/SHA256SUMS.part
   139775f669d09e06af241e17c9c9312bd03c92b0dff66c9319dd4dbe10d5211d31  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu-debug.tar.gz
   14a7fb65a523df273a8fdcb4c4faaa10288be3dde5c917417c915b92175fd3a210  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu.tar.gz
   15e04c0adbe8708ec8ecec88ed6ff0d3c1c21b23fd90d5f4fb2d79f5ab77bc6375  guix-build-bde35d61f930/output/riscv64-linux-gnu/SHA256SUMS.part
   16bdfa245758d486fc4e19872bce2f96616d60c5860b48e935c32b2cd5bbc65531  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu-debug.tar.gz
   179d4c041da864ef37ad18ad68a099fb9a1d762d5911030d5d09571ec8c32c9ecd  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu.tar.gz
   1850bd6aee20bb436e333d12a71fc77a521a84f585bc60b8b16a39929ef3576610  guix-build-bde35d61f930/output/x86_64-apple-darwin/SHA256SUMS.part
   196e080316d868be66beaef09cceb02c4a35aea2d54fe4fb6c5068913b45f1cee9  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-codesigning.tar.gz
   20b547135da1e8d2fb36488bb795e904d2b9f91c6e7bf3573f4c9207ea26218af2  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.tar.gz
   213f7a7eefcebb5e2b3ef3cffbef9796f9fad9f5e22bf8d6ec5bd2329250271f13  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.zip
   22ee62f3ac0a8d18187b70d622b9e1e9c7db248e08aceff5e1e810650d2361e5ac  guix-build-bde35d61f930/output/x86_64-linux-gnu/SHA256SUMS.part
   238a54fbb8674cb458d6c3cb6ab9c2b0342b6fc66fbaf48a2d02fbb91fb2da30c8  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu-debug.tar.gz
   2434787c95226e6d05c24424641bed8ac1baeb9b91bea2a691c19a668dbdfb18b3  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu.tar.gz
   2573a68dd0ce66e8a615f39a92287725e4a2b3ba1beb1afdbe6d0c0b80f77b2db4  guix-build-bde35d61f930/output/x86_64-w64-mingw32/SHA256SUMS.part
   262696da5196d3f5204843fb607595bb0ea0c3227aa88b70db04bf637a57490ad3  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-codesigning.tar.gz
   27f099a4c19c7c8a5b8232cfd00d0865f66cb5707b352d21870a72efba0e7ec829  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-debug.zip
   288eaa968be939000be2fe3c1a30dbdeb7acbf3e7aeaa632ef2ab08781c8189f33  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-setup-unsigned.exe
   29afad201e5d611f878dc4ef209bceae9c07df7e28f04fa0c0010b6d794811be2f  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-unsigned.zip
   

7. sedited approved
8. 
   sedited commented at 11:59 am on March 15, 2026: contributor

   ACK bde35d61f930a7cd2011aeb9f5443f3188484e80
9. 
   janb84 commented at 7:58 am on March 16, 2026: contributor

   My Guix Build Output (matches)

   Host architecture: aarch64 Commit: bde35d61f930

    0ec62534ffd0203c56d0a1b2104dd55f658e063d0d559c35aab8b64cf6e21d60d  guix-build-bde35d61f930/output/aarch64-linux-gnu/SHA256SUMS.part
    1b6dae771e9d6c0866d9db70e458b438d06486c626871254fa1dab43401fe9b76  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu-debug.tar.gz
    258593cb61f0ac298a1b638de79e20aa522b35e8a55bb8f677169dc5509f7b197  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu.tar.gz
    375442709c1c5f5d4170c8226d38356b64df0f93fdb42d09ad20b3cf04aa44225  guix-build-bde35d61f930/output/arm-linux-gnueabihf/SHA256SUMS.part
    4a400890fd6c67a35cfcf11996e833f6fb17c0080f03b8383b963b8adcada1581  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf-debug.tar.gz
    55342a9de114bbbb269074d5ea76280c6a5517fcec2c1a8d4887ce0823a1fa6cd  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf.tar.gz
    686e40581dd7729de86c2da482e28c3bc2f0d9cd470550b6c31fa05095a438418  guix-build-bde35d61f930/output/arm64-apple-darwin/SHA256SUMS.part
    7b29636ccd95e02024b06fc0524978de4e09ecce3d811f15465092857a6160436  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-codesigning.tar.gz
    8040e388d40cf3b1c6702b36b1191f6702848ad00d2fb73781570046e04e870b9  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.tar.gz
    91fbc643b03c7f6ed98adc62222bb664211ec8a1071c188255faaa8144a4d8ef3  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.zip
   101bc0c82aab27ea4a94aa5ace7e3b19d92bc0396a52ecfb467313f0f7e4ac0488  guix-build-bde35d61f930/output/dist-archive/bitcoin-bde35d61f930.tar.gz
   11c2d3d9ccc9e6983a0394eee921ac4cdf6886a252da22fc2eb752dd405321a36c  guix-build-bde35d61f930/output/powerpc64-linux-gnu/SHA256SUMS.part
   129775f669d09e06af241e17c9c9312bd03c92b0dff66c9319dd4dbe10d5211d31  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu-debug.tar.gz
   13a7fb65a523df273a8fdcb4c4faaa10288be3dde5c917417c915b92175fd3a210  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu.tar.gz
   14e04c0adbe8708ec8ecec88ed6ff0d3c1c21b23fd90d5f4fb2d79f5ab77bc6375  guix-build-bde35d61f930/output/riscv64-linux-gnu/SHA256SUMS.part
   15bdfa245758d486fc4e19872bce2f96616d60c5860b48e935c32b2cd5bbc65531  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu-debug.tar.gz
   169d4c041da864ef37ad18ad68a099fb9a1d762d5911030d5d09571ec8c32c9ecd  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu.tar.gz
   1750bd6aee20bb436e333d12a71fc77a521a84f585bc60b8b16a39929ef3576610  guix-build-bde35d61f930/output/x86_64-apple-darwin/SHA256SUMS.part
   186e080316d868be66beaef09cceb02c4a35aea2d54fe4fb6c5068913b45f1cee9  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-codesigning.tar.gz
   19b547135da1e8d2fb36488bb795e904d2b9f91c6e7bf3573f4c9207ea26218af2  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.tar.gz
   203f7a7eefcebb5e2b3ef3cffbef9796f9fad9f5e22bf8d6ec5bd2329250271f13  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.zip
   21ee62f3ac0a8d18187b70d622b9e1e9c7db248e08aceff5e1e810650d2361e5ac  guix-build-bde35d61f930/output/x86_64-linux-gnu/SHA256SUMS.part
   228a54fbb8674cb458d6c3cb6ab9c2b0342b6fc66fbaf48a2d02fbb91fb2da30c8  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu-debug.tar.gz
   2334787c95226e6d05c24424641bed8ac1baeb9b91bea2a691c19a668dbdfb18b3  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu.tar.gz
   2473a68dd0ce66e8a615f39a92287725e4a2b3ba1beb1afdbe6d0c0b80f77b2db4  guix-build-bde35d61f930/output/x86_64-w64-mingw32/SHA256SUMS.part
   252696da5196d3f5204843fb607595bb0ea0c3227aa88b70db04bf637a57490ad3  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-codesigning.tar.gz
   26f099a4c19c7c8a5b8232cfd00d0865f66cb5707b352d21870a72efba0e7ec829  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-debug.zip
   278eaa968be939000be2fe3c1a30dbdeb7acbf3e7aeaa632ef2ab08781c8189f33  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-setup-unsigned.exe
   28afad201e5d611f878dc4ef209bceae9c07df7e28f04fa0c0010b6d794811be2f  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-unsigned.zip
   

10. 
    janb84 commented at 10:52 am on March 16, 2026: contributor

    ACK bde35d61f930a7cd2011aeb9f5443f3188484e80

    Normal build without errors, Guix builds, test run fine, I do not see any obvious backward compatibility issues.

    LGTM

11. 
    hebasto commented at 9:00 pm on March 16, 2026: member

    My Guix build:

     0x86_64
     1ec62534ffd0203c56d0a1b2104dd55f658e063d0d559c35aab8b64cf6e21d60d  guix-build-bde35d61f930/output/aarch64-linux-gnu/SHA256SUMS.part
     2b6dae771e9d6c0866d9db70e458b438d06486c626871254fa1dab43401fe9b76  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu-debug.tar.gz
     358593cb61f0ac298a1b638de79e20aa522b35e8a55bb8f677169dc5509f7b197  guix-build-bde35d61f930/output/aarch64-linux-gnu/bitcoin-bde35d61f930-aarch64-linux-gnu.tar.gz
     475442709c1c5f5d4170c8226d38356b64df0f93fdb42d09ad20b3cf04aa44225  guix-build-bde35d61f930/output/arm-linux-gnueabihf/SHA256SUMS.part
     5a400890fd6c67a35cfcf11996e833f6fb17c0080f03b8383b963b8adcada1581  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf-debug.tar.gz
     65342a9de114bbbb269074d5ea76280c6a5517fcec2c1a8d4887ce0823a1fa6cd  guix-build-bde35d61f930/output/arm-linux-gnueabihf/bitcoin-bde35d61f930-arm-linux-gnueabihf.tar.gz
     786e40581dd7729de86c2da482e28c3bc2f0d9cd470550b6c31fa05095a438418  guix-build-bde35d61f930/output/arm64-apple-darwin/SHA256SUMS.part
     8b29636ccd95e02024b06fc0524978de4e09ecce3d811f15465092857a6160436  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-codesigning.tar.gz
     9040e388d40cf3b1c6702b36b1191f6702848ad00d2fb73781570046e04e870b9  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.tar.gz
    101fbc643b03c7f6ed98adc62222bb664211ec8a1071c188255faaa8144a4d8ef3  guix-build-bde35d61f930/output/arm64-apple-darwin/bitcoin-bde35d61f930-arm64-apple-darwin-unsigned.zip
    111bc0c82aab27ea4a94aa5ace7e3b19d92bc0396a52ecfb467313f0f7e4ac0488  guix-build-bde35d61f930/output/dist-archive/bitcoin-bde35d61f930.tar.gz
    12c2d3d9ccc9e6983a0394eee921ac4cdf6886a252da22fc2eb752dd405321a36c  guix-build-bde35d61f930/output/powerpc64-linux-gnu/SHA256SUMS.part
    139775f669d09e06af241e17c9c9312bd03c92b0dff66c9319dd4dbe10d5211d31  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu-debug.tar.gz
    14a7fb65a523df273a8fdcb4c4faaa10288be3dde5c917417c915b92175fd3a210  guix-build-bde35d61f930/output/powerpc64-linux-gnu/bitcoin-bde35d61f930-powerpc64-linux-gnu.tar.gz
    15e04c0adbe8708ec8ecec88ed6ff0d3c1c21b23fd90d5f4fb2d79f5ab77bc6375  guix-build-bde35d61f930/output/riscv64-linux-gnu/SHA256SUMS.part
    16bdfa245758d486fc4e19872bce2f96616d60c5860b48e935c32b2cd5bbc65531  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu-debug.tar.gz
    179d4c041da864ef37ad18ad68a099fb9a1d762d5911030d5d09571ec8c32c9ecd  guix-build-bde35d61f930/output/riscv64-linux-gnu/bitcoin-bde35d61f930-riscv64-linux-gnu.tar.gz
    1850bd6aee20bb436e333d12a71fc77a521a84f585bc60b8b16a39929ef3576610  guix-build-bde35d61f930/output/x86_64-apple-darwin/SHA256SUMS.part
    196e080316d868be66beaef09cceb02c4a35aea2d54fe4fb6c5068913b45f1cee9  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-codesigning.tar.gz
    20b547135da1e8d2fb36488bb795e904d2b9f91c6e7bf3573f4c9207ea26218af2  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.tar.gz
    213f7a7eefcebb5e2b3ef3cffbef9796f9fad9f5e22bf8d6ec5bd2329250271f13  guix-build-bde35d61f930/output/x86_64-apple-darwin/bitcoin-bde35d61f930-x86_64-apple-darwin-unsigned.zip
    22ee62f3ac0a8d18187b70d622b9e1e9c7db248e08aceff5e1e810650d2361e5ac  guix-build-bde35d61f930/output/x86_64-linux-gnu/SHA256SUMS.part
    238a54fbb8674cb458d6c3cb6ab9c2b0342b6fc66fbaf48a2d02fbb91fb2da30c8  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu-debug.tar.gz
    2434787c95226e6d05c24424641bed8ac1baeb9b91bea2a691c19a668dbdfb18b3  guix-build-bde35d61f930/output/x86_64-linux-gnu/bitcoin-bde35d61f930-x86_64-linux-gnu.tar.gz
    2573a68dd0ce66e8a615f39a92287725e4a2b3ba1beb1afdbe6d0c0b80f77b2db4  guix-build-bde35d61f930/output/x86_64-w64-mingw32/SHA256SUMS.part
    262696da5196d3f5204843fb607595bb0ea0c3227aa88b70db04bf637a57490ad3  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-codesigning.tar.gz
    27f099a4c19c7c8a5b8232cfd00d0865f66cb5707b352d21870a72efba0e7ec829  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-debug.zip
    288eaa968be939000be2fe3c1a30dbdeb7acbf3e7aeaa632ef2ab08781c8189f33  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-setup-unsigned.exe
    29afad201e5d611f878dc4ef209bceae9c07df7e28f04fa0c0010b6d794811be2f  guix-build-bde35d61f930/output/x86_64-w64-mingw32/bitcoin-bde35d61f930-win64-unsigned.zip
    

12. hebasto approved
13. 
    hebasto commented at 9:01 pm on March 16, 2026: member

    ACK bde35d61f930a7cd2011aeb9f5443f3188484e80.
14. fanquake merged this on Mar 17, 2026
15. fanquake closed this on Mar 17, 2026

    ---

16. fanquake deleted the branch on Mar 17, 2026
17. maflcko removed the label DrahtBot Guix build requested on Mar 24, 2026

Contributors
fanquake DrahtBot sedited janb84 hebasto

Labels
Build system