diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c53ce92d7b..739c95d3e4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ on: branches: - master env: - GO_VERSION: 1.21.3 + GO_VERSION: 1.24.8 GOPATH: ${{ github.workspace }}/go WORKING_DIR: ${{ github.workspace }}/go/src/github.com/ethereum/go-ethereum jobs: diff --git a/Dockerfile b/Dockerfile index 9b0d8f4263..2f0f7feeb5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG VERSION="" ARG BUILDNUM="" # Build Geth in a stock Go builder container -FROM golang:1.22-alpine as builder +FROM golang:1.24-alpine as builder RUN apk add --no-cache gcc musl-dev linux-headers git @@ -18,10 +18,28 @@ RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/bootnode # Pull Geth into a second stage deploy alpine container -FROM alpine:latest +FROM alpine:3.20 + +# Update busybox to fix CVE (Alpine Linux Security Advisory 511246) +# Required version: busybox 1.36.1-r29 or higher +# Update OpenSSL to fix CVE (Alpine Linux Security Advisory 514077) +# Required version: openssl 3.3.2-r0, libssl3 3.3.2-r0, libcrypto3 3.3.2-r0 +# Update curl to fix CVE (Alpine Linux Security Advisory 513861) +# Required version: curl 8.9.0-r0, libcurl 8.9.0-r0 +# Update musl to fix CVE (Alpine Linux Security Advisory 517049) +# Required version: musl 1.2.5-r1, musl-utils 1.2.5-r1 +RUN apk update && \ + apk upgrade --no-cache busybox busybox-binsh ssl_client && \ + apk add --no-cache ca-certificates \ + 'libssl3>=3.3.2-r0' \ + 'libcrypto3>=3.3.2-r0' \ + 'openssl>=3.3.2-r0' \ + 'curl>=8.9.0-r0' \ + 'libcurl>=8.9.0-r0' \ + 'musl>=1.2.5-r1' \ + 'musl-utils>=1.2.5-r1' && \ + rm -rf /var/cache/apk/* -RUN apk add --no-cache ca-certificates curl -RUN apk add --no-cache openssl # quorum (6 may 2024): 3.1.4-r5 is the installed openssl version, want 3.1.4-r6 to get fix for CVE-2024-2511 COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/ COPY --from=builder /go-ethereum/build/bin/bootnode /usr/local/bin/ diff --git a/Dockerfile.alltools b/Dockerfile.alltools index 70ccc39825..79a37562a9 100644 --- a/Dockerfile.alltools +++ b/Dockerfile.alltools @@ -4,7 +4,7 @@ ARG VERSION="" ARG BUILDNUM="" # Build Geth in a stock Go builder container -FROM golang:1.20-alpine as builder +FROM golang:1.24-alpine as builder RUN apk add --no-cache gcc musl-dev linux-headers git diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000..97b87b3035 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +v1.13.15 diff --git a/eth/protocols/snap/handler.go b/eth/protocols/snap/handler.go index 3d668a2ebb..d9935f455f 100644 --- a/eth/protocols/snap/handler.go +++ b/eth/protocols/snap/handler.go @@ -469,7 +469,7 @@ func handleMessage(backend Backend, peer *Peer) error { // Storage slots requested, open the storage trie and retrieve from there account, err := snap.Account(common.BytesToHash(pathset[0])) loads++ // always account database reads, even for failures - if err != nil { + if err != nil || account == nil { break } stTrie, err := trie.NewSecure(common.BytesToHash(account.Root), triedb) diff --git a/go.mod b/go.mod index f3ecd27b78..561a3b223f 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ethereum/go-ethereum -go 1.20 +go 1.24.8 // Quorum - Replace Go modules that use modifications done by us replace github.com/coreos/etcd => github.com/Consensys/etcd v3.3.13-quorum197+incompatible @@ -28,7 +28,6 @@ require ( github.com/eapache/channels v1.1.0 github.com/edsrzf/mmap-go v1.0.0 github.com/fatih/color v1.7.0 - github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5 github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff github.com/go-stack/stack v1.8.1 github.com/golang/mock v1.6.0 @@ -68,11 +67,11 @@ require ( github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef - golang.org/x/crypto v0.21.0 - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.18.0 - golang.org/x/term v0.18.0 - golang.org/x/text v0.14.0 + golang.org/x/crypto v0.36.0 + golang.org/x/sync v0.12.0 + golang.org/x/sys v0.31.0 + golang.org/x/term v0.30.0 + golang.org/x/text v0.23.0 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 google.golang.org/grpc v1.56.3 google.golang.org/protobuf v1.33.0 @@ -122,7 +121,7 @@ require ( github.com/prometheus/procfs v0.6.0 // indirect github.com/stretchr/objx v0.1.1 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.38.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect diff --git a/params/version.go b/params/version.go index eeadb5bf72..4fbc80f5d9 100644 --- a/params/version.go +++ b/params/version.go @@ -22,8 +22,8 @@ import ( const ( VersionMajor = 1 // Major version component of the current release - VersionMinor = 10 // Minor version component of the current release - VersionPatch = 3 // Patch version component of the current release + VersionMinor = 13 // Minor version component of the current release + VersionPatch = 15 // Patch version component of the current release VersionMeta = "stable" // Version metadata to append to the version string QuorumVersionMajor = 24 diff --git a/trie/trie.go b/trie/trie.go index 7ed235fa8a..8e4d7c8fbf 100644 --- a/trie/trie.go +++ b/trie/trie.go @@ -183,6 +183,9 @@ func (t *Trie) tryGetNode(origNode node, path []byte, pos int) (item []byte, new if node, ok := origNode.(hashNode); ok { hash = node } else { + if origNode == nil { + return nil, origNode, 0, errors.New("cannot get node from nil") + } hash, _ = origNode.cache() } if hash == nil {