diff --git a/CHANGELOG.md b/CHANGELOG.md index 70b9197e8..9684a1d2c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,11 @@ * `[tendermint-proto]` Fix panic in evidence serialization in the case where we receive an empty evidence Protobuf structure ([#782]) +* `[light-node]` Upgrade `jsonrpc` dependency to v17.0 to fix security + vulnerability in `hyper` v0.12.35 ([#803]) [#782]: https://github.com/informalsystems/tendermint-rs/issues/782 +[#803]: https://github.com/informalsystems/tendermint-rs/issues/803 ## v0.18.0 diff --git a/light-node/Cargo.toml b/light-node/Cargo.toml index f53e4d926..2fbff2663 100644 --- a/light-node/Cargo.toml +++ b/light-node/Cargo.toml @@ -30,10 +30,10 @@ path = "src/bin/tendermint-light-node/main.rs" anomaly = { version = "0.2", features = ["serializer"] } async-trait = "0.1" gumdrop = "0.7" -jsonrpc-core = "14.2" -jsonrpc-core-client = "14.2" -jsonrpc-http-server = "14.2" -jsonrpc-derive = "14.2" +jsonrpc-core = "17.0" +jsonrpc-core-client = "17.0" +jsonrpc-http-server = "17.0" +jsonrpc-derive = "17.0" serde = { version = "1", features = ["serde_derive"] } serde_json = "1.0" thiserror = "1.0" diff --git a/light-node/src/commands/start.rs b/light-node/src/commands/start.rs index 88e7ea1b7..dcde6e008 100644 --- a/light-node/src/commands/start.rs +++ b/light-node/src/commands/start.rs @@ -44,14 +44,14 @@ impl Runnable for StartCmd { fn run(&self) { if let Err(e) = StartCmd::assert_init_was_run() { status_err!(&e); - panic!(e); + panic!("{}", e); } let supervisor = match self.construct_supervisor() { Ok(supervisor) => supervisor, Err(e) => { status_err!(&e); - panic!(e); + panic!("{}", e); } }; diff --git a/light-node/src/rpc.rs b/light-node/src/rpc.rs index 4feab2c06..e6dab2887 100644 --- a/light-node/src/rpc.rs +++ b/light-node/src/rpc.rs @@ -34,8 +34,9 @@ where } mod sealed { - use jsonrpc_core::futures::future::{self, FutureResult}; + use jsonrpc_core::futures; use jsonrpc_core::types::Error; + use jsonrpc_core::{BoxFuture, Result}; use jsonrpc_derive::rpc; use tendermint_light_client::supervisor::Handle; @@ -46,11 +47,11 @@ mod sealed { pub trait Rpc { /// Returns the latest trusted block. #[rpc(name = "state")] - fn state(&self) -> FutureResult, Error>; + fn state(&self) -> BoxFuture>>; /// Returns the latest status. #[rpc(name = "status")] - fn status(&self) -> FutureResult; + fn status(&self) -> BoxFuture>; } pub use self::rpc_impl_Rpc::gen_client::Client; @@ -75,7 +76,7 @@ mod sealed { where H: Handle + Send + Sync + 'static, { - fn state(&self) -> FutureResult, Error> { + fn state(&self) -> BoxFuture>> { let res = self.handle.latest_trusted().map_err(|e| { let mut err = Error::internal_error(); err.message = e.to_string(); @@ -83,10 +84,10 @@ mod sealed { err }); - future::result(res) + Box::pin(futures::future::ready(res)) } - fn status(&self) -> FutureResult { + fn status(&self) -> BoxFuture> { let res = self.handle.latest_status().map_err(|e| { let mut err = Error::internal_error(); err.message = e.to_string(); @@ -94,15 +95,13 @@ mod sealed { err }); - future::result(res) + Box::pin(futures::future::ready(res)) } } } #[cfg(test)] mod test { - use futures::compat::Future01CompatExt as _; - use jsonrpc_core::futures::future::Future; use jsonrpc_core::IoHandler; use jsonrpc_core_client::transports::local; use pretty_assertions::assert_eq; @@ -117,13 +116,15 @@ mod test { #[tokio::test] async fn state() { let server = Server::new(MockHandle {}); - let fut = { + let have = { let mut io = IoHandler::new(); io.extend_with(server.to_delegate()); let (client, server) = local::connect::(io); - client.state().join(server) + tokio::select! { + result = client.state() => result.unwrap(), + _ = server => panic!("server terminated before client state request completed"), + } }; - let (have, _) = fut.compat().await.unwrap(); let want = serde_json::from_str(LIGHTBLOCK_JSON).unwrap(); assert_eq!(have, want); @@ -132,13 +133,15 @@ mod test { #[tokio::test] async fn status() { let server = Server::new(MockHandle {}); - let fut = { + let have = { let mut io = IoHandler::new(); io.extend_with(server.to_delegate()); let (client, server) = local::connect::(io); - client.status().join(server) + tokio::select! { + result = client.status() => result.unwrap(), + _ = server => panic!("server terminated before client status request completed"), + } }; - let (have, _) = fut.compat().await.unwrap(); let want = serde_json::from_str(STATUS_JSON).unwrap(); assert_eq!(have, want); diff --git a/tendermint/src/lite.rs b/tendermint/src/lite.rs deleted file mode 100644 index d1fb6c52e..000000000 --- a/tendermint/src/lite.rs +++ /dev/null @@ -1,6 +0,0 @@ -//! Core logic and traits of a light client. - -pub mod types; - -pub use self::types::*; - diff --git a/tendermint/src/public_key/pub_key_request.rs b/tendermint/src/public_key/pub_key_request.rs index 876cf9f86..6632c8586 100644 --- a/tendermint/src/public_key/pub_key_request.rs +++ b/tendermint/src/public_key/pub_key_request.rs @@ -67,7 +67,7 @@ mod tests { match PubKeyRequest::decode(want.as_ref()) { Ok(have) => assert_eq!(have, msg), - Err(err) => panic!(err.to_string()), + Err(err) => panic!("{}", err.to_string()), } } }