v2.1.5 (#3096 )

## Issue Addressed New release to address openssl vuln fixed in #3095 Closes #3093
Update openssl for CVE-2022-0778 (#3095 )
2026-03-07 18:51:45 +00:00 · 2022-03-17 23:13:46 +00:00 · 2022-03-17 03:33:32 +00:00 · 2022-03-17 03:33:30 +00:00 · 2022-03-17 03:33:29 +00:00
9 changed files with 38 additions and 14 deletions
--- a/.github/workflows/test-suite.yml
+++ b/.github/workflows/test-suite.yml
@@ -21,6 +21,18 @@ jobs:
    steps:
        - name: Check that the pull request is not targeting the stable branch
          run: test ${{ github.base_ref }} != "stable"
+  extract-msrv:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: Extract Minimum Supported Rust Version (MSRV)
+      run: |
+        metadata=$(cargo metadata --no-deps --format-version 1)
+        msrv=$(echo $metadata | jq -r '.packages | map(select(.name == "lighthouse")) | .[0].rust_version')
+        echo "::set-output name=MSRV::$msrv"
+      id: extract_msrv
+    outputs:
+      MSRV: ${{ steps.extract_msrv.outputs.MSRV }}
  cargo-fmt:
    name: cargo-fmt
    runs-on: ubuntu-latest
@@ -229,6 +241,16 @@ jobs:
      run: make lint
    - name: Certify Cargo.lock freshness
      run: git diff --exit-code Cargo.lock
+  check-msrv:
+    name: check-msrv
+    runs-on: ubuntu-latest
+    needs: [cargo-fmt, extract-msrv]
+    steps:
+    - uses: actions/checkout@v1
+    - name: Install Rust @ MSRV (${{ needs.extract-msrv.outputs.MSRV }})
+      run: rustup override set ${{ needs.extract-msrv.outputs.MSRV }}
+    - name: Run cargo check
+      run: cargo check --workspace
  arbitrary-check:
    name: arbitrary-check
    runs-on: ubuntu-latest
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -335,7 +335,7 @@ dependencies = [

 [[package]]
 name = "beacon_node"
-version = "2.1.4"
+version = "2.1.5"
 dependencies = [
 "beacon_chain",
 "clap",
@@ -501,7 +501,7 @@ dependencies = [

 [[package]]
 name = "boot_node"
-version = "2.1.4"
+version = "2.1.5"
 dependencies = [
 "beacon_node",
 "clap",
@@ -2828,7 +2828,7 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"

 [[package]]
 name = "lcli"
-version = "2.1.4"
+version = "2.1.5"
 dependencies = [
 "account_utils",
 "bls",
@@ -3369,7 +3369,7 @@ dependencies = [

 [[package]]
 name = "lighthouse"
-version = "2.1.4"
+version = "2.1.5"
 dependencies = [
 "account_manager",
 "account_utils",
@@ -4127,9 +4127,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"

 [[package]]
 name = "openssl-src"
-version = "111.17.0+1.1.1m"
+version = "111.18.0+1.1.1n"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05d6a336abd10814198f66e2a91ccd7336611f30334119ca8ce300536666fcf4"
+checksum = "7897a926e1e8d00219127dc020130eca4292e5ca666dd592480d72c3eca2ff6c"
 dependencies = [
 "cc",
 ]
--- a/beacon_node/Cargo.toml
+++ b/beacon_node/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "beacon_node"
-version = "2.1.4"
+version = "2.1.5"
 authors = ["Paul Hauner <paul@paulhauner.com>", "Age Manning <Age@AgeManning.com"]
 edition = "2021"

--- a/boot_node/Cargo.toml
+++ b/boot_node/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "boot_node"
-version = "2.1.4"
+version = "2.1.5"
 authors = ["Sigma Prime <contact@sigmaprime.io>"]
 edition = "2021"

--- a/bors.toml
+++ b/bors.toml
@@ -18,7 +18,8 @@ status = [
    "op-pool-tests",
    "doppelganger-protection-test",
    "execution-engine-integration-ubuntu",
-    "cargo-vendor"
+    "cargo-vendor",
+    "check-msrv"
 ]
 use_squash_merge = true
 timeout_sec = 10800
--- a/common/lighthouse_version/src/lib.rs
+++ b/common/lighthouse_version/src/lib.rs
@@ -16,7 +16,7 @@ pub const VERSION: &str = git_version!(
        // NOTE: using --match instead of --exclude for compatibility with old Git
        "--match=thiswillnevermatchlol"
    ],
-    prefix = "Lighthouse/v2.1.4-",
+    prefix = "Lighthouse/v2.1.5-",
    fallback = "unknown"
 );

--- a/lcli/Cargo.toml
+++ b/lcli/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "lcli"
 description = "Lighthouse CLI (modeled after zcli)"
-version = "2.1.4"
+version = "2.1.5"
 authors = ["Paul Hauner <paul@paulhauner.com>"]
 edition = "2021"

--- a/lighthouse/Cargo.toml
+++ b/lighthouse/Cargo.toml
@@ -1,9 +1,10 @@
 [package]
 name = "lighthouse"
-version = "2.1.4"
+version = "2.1.5"
 authors = ["Sigma Prime <contact@sigmaprime.io>"]
 edition = "2021"
 autotests = false
+rust-version = "1.58"

 [features]
 # Writes debugging .ssz files to /tmp during block processing.
--- a/validator_client/src/notifier.rs
+++ b/validator_client/src/notifier.rs
@@ -89,7 +89,7 @@ async fn notify<T: SlotClock + 'static, E: EthSpec>(
            info!(
                log,
                "All validators active";
-                "proposers" => proposing_validators,
+                "current_epoch_proposers" => proposing_validators,
                "active_validators" => attesting_validators,
                "total_validators" => total_validators,
                "epoch" => format!("{}", epoch),
@@ -99,7 +99,7 @@ async fn notify<T: SlotClock + 'static, E: EthSpec>(
            info!(
                log,
                "Some validators active";
-                "proposers" => proposing_validators,
+                "current_epoch_proposers" => proposing_validators,
                "active_validators" => attesting_validators,
                "total_validators" => total_validators,
                "epoch" => format!("{}", epoch),
Author	SHA1	Message	Date
Michael Sproul	9bc9527998	v2.1.5 (#3096 ) ## Issue Addressed New release to address openssl vuln fixed in #3095 Closes #3093	2022-03-17 23:13:46 +00:00
Michael Sproul	a1befd89aa	Update openssl for CVE-2022-0778 (#3095 ) ## Issue Addressed Fix the `cargo-audit` failure for the recent openssl bug involving parsing of untrusted certificates (CVE-2022-0778). ## Additional Info Lighthouse loads remote certificates in the following cases: * When connecting to an eth1 node (`--eth1-endpoints`). * When connecting to a beacon node from the VC (`--beacon-nodes`). * When connecting to a beacon node for checkpoint sync (`--checkpoint-sync-url`). In all of these cases we are already placing a lot of trust in the server at the other end, however due to the scope for MITM attacks we are still potentially vulnerable. E.g. an ISP could inject an invalid certificate for the remote host which would cause Lighthouse to hang indefinitely.	2022-03-17 03:33:32 +00:00
kraemahz	139c24a0f8	Clarify proposers message is about current epoch (#3084 ) ## Issue Addressed #3083 ## Proposed Changes Changes "proposers" to "proposers_this_epoch" in the validator log message. Co-authored-by: kraemahz <58143782+kraemahz@users.noreply.github.com>	2022-03-17 03:33:30 +00:00
Michael Sproul	e715db8b99	Add minimum supported Rust version (#3082 ) ## Proposed Changes Set a minimum supported Rust version (MSRV) in the `Cargo.toml` for the Lighthouse binary so that attempts to compile it with an outdated compiler fail immediately with a clear error. To ensure that the codebase builds with the MSRV I've also added a Github actions job that runs `cargo check` using the MSRV extracted from `Cargo.toml`. This will force us to keep it up to date. I opted to use `cargo check` rather than Clippy because Clippy frequently introduces new lints that we adopt, so our MSRV for Clippy is usually the most recent Rust version, while the MSRV for building Lighthouse is older.	2022-03-17 03:33:29 +00:00