scrtlabs
diff --git a/‎.changelog/v0.38.11/bug-fixes/3528-evidence-missing-json-tags.md
Lines changed: 0 additions & 2 deletions b/‎.changelog/v0.38.11/bug-fixes/3528-evidence-missing-json-tags.md
Lines changed: 0 additions & 2 deletions
diff --git a/‎.changelog/v0.38.12/bug-fixes/0016-abc-light-proposer-priorities.md
Lines changed: 2 additions & 0 deletions b/‎.changelog/v0.38.12/bug-fixes/0016-abc-light-proposer-priorities.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎.changelog/v0.38.12/bug-fixes/3828-privval-drop-duplicate-listen.md
Lines changed: 1 addition & 0 deletions b/‎.changelog/v0.38.12/bug-fixes/3828-privval-drop-duplicate-listen.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎.changelog/v0.38.12/dependencies/3728-update-btcec-v2.md
Lines changed: 4 additions & 0 deletions b/‎.changelog/v0.38.12/dependencies/3728-update-btcec-v2.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎.changelog/v0.38.12/improvements/0016-abc-types-validator-set.md
Lines changed: 2 additions & 0 deletions b/‎.changelog/v0.38.12/improvements/0016-abc-types-validator-set.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎.changelog/v0.38.12/improvements/3819-e2e-log-level.md
Lines changed: 2 additions & 0 deletions b/‎.changelog/v0.38.12/improvements/3819-e2e-log-level.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎.changelog/v0.38.12/improvements/3836-e2e-log-format.md
Lines changed: 2 additions & 0 deletions b/‎.changelog/v0.38.12/improvements/3836-e2e-log-format.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎.changelog/v0.38.12/summary.md
Lines changed: 4 additions & 0 deletions b/‎.changelog/v0.38.12/summary.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/cometbft-docker.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cometbft-docker.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/proto-lint.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/proto-lint.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/testapp-docker.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/testapp-docker.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.golangci.yml
Lines changed: 2 additions & 2 deletions b/‎.golangci.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 29 additions & 2 deletions b/‎CHANGELOG.md
Lines changed: 29 additions & 2 deletions
diff --git a/‎Makefile
Lines changed: 4 additions & 4 deletions b/‎Makefile
Lines changed: 4 additions & 4 deletions
diff --git a/‎crypto/secp256k1/secp256k1.go
Lines changed: 2 additions & 4 deletions b/‎crypto/secp256k1/secp256k1.go
Lines changed: 2 additions & 4 deletions
@@ -0,0 +1,2 @@
+- `[light]` Cross-check proposer priorities in retrieved validator sets
+  ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))
@@ -0,0 +1 @@
+- `[privval]` Ignore duplicate privval listen when already connected ([\#3828](https://github.com/cometbft/cometbft/issues/3828)
@@ -0,0 +1,4 @@
+- `[crypto/secp256k1]` Adjust to breaking interface changes in
+  `btcec/v2` latest release, while avoiding breaking changes to
+  local CometBFT functions
+  ([\#3728](https://github.com/cometbft/cometbft/pull/3728))
@@ -0,0 +1,2 @@
+- `[types]` Check that proposer is one of the validators in `ValidateBasic`
+  ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))
@@ -0,0 +1,2 @@
+- `[e2e]` Add `log_level` option to manifest file
+  ([#3819](https://github.com/cometbft/cometbft/pull/3819)).
@@ -0,0 +1,2 @@
+- `[e2e]` Add `log_format` option to manifest file
+  ([#3836](https://github.com/cometbft/cometbft/issues/3836)).
@@ -0,0 +1,4 @@
+*September 3, 2024*
+
+This release includes a security fix for the light client and is recommended
+for all users.
@@ -51,7 +51,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.7.0
         with:
           context: .
           file: ./DOCKER/Dockerfile
 
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
-      - uses: bufbuild/buf-setup-action@v1.36.0
+      - uses: bufbuild/buf-setup-action@v1.38.0
       - uses: bufbuild/buf-lint-action@v1
         with:
           input: 'proto'
@@ -51,7 +51,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v6.6.1
+        uses: docker/build-push-action@v6.7.0
         with:
           context: .
           file: ./test/e2e/docker/Dockerfile
 
@@ -6,11 +6,11 @@ linters:
     - dogsled
     - dupl
     - errcheck
-    - exportloopref
+    # - copyloopvar
     - goconst
     - gofmt
     - goimports
-    - gosec
+    # - gosec
     - gosimple
     - govet
     - ineffassign
 
@@ -1,5 +1,34 @@
 # CHANGELOG
 
+## v0.38.12
+
+*September 3, 2024*
+
+This release includes a security fix for the light client and is recommended
+for all users.
+
+### BUG FIXES
+
+- `[light]` Cross-check proposer priorities in retrieved validator sets
+  ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))
+- `[privval]` Ignore duplicate privval listen when already connected ([\#3828](https://github.com/cometbft/cometbft/issues/3828)
+
+### DEPENDENCIES
+
+- `[crypto/secp256k1]` Adjust to breaking interface changes in
+  `btcec/v2` latest release, while avoiding breaking changes to
+  local CometBFT functions
+  ([\#3728](https://github.com/cometbft/cometbft/pull/3728))
+
+### IMPROVEMENTS
+
+- `[types]` Check that proposer is one of the validators in `ValidateBasic`
+  ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))
+- `[e2e]` Add `log_level` option to manifest file
+  ([#3819](https://github.com/cometbft/cometbft/pull/3819)).
+- `[e2e]` Add `log_format` option to manifest file
+  ([#3836](https://github.com/cometbft/cometbft/issues/3836)).
+
 ## v0.38.11
 
 *August 12, 2024*
@@ -12,8 +41,6 @@ It also includes a few other bug fixes and performance improvements.
 
 ### BUG FIXES
 
-- `[types]` Added missing JSON tags to `DuplicateVoteEvidence` and `LightClientAttackEvidence`
-  types ([\#3528](https://github.com/cometbft/cometbft/issues/3528))
 - `[types]` Only check IFF vote is a non-nil Precommit if extensionsEnabled
   types ([\#3565](https://github.com/cometbft/cometbft/issues/3565))
 
 
@@ -135,7 +135,7 @@ endif
 #? proto-gen: Generate protobuf files
 proto-gen: check-proto-deps
 	@echo "Generating Protobuf files"
-	@go run github.com/bufbuild/buf/cmd/buf generate
+	@go run github.com/bufbuild/buf/cmd/buf@latest generate
 	@mv ./proto/tendermint/abci/types.pb.go ./abci/types/
 	@cp ./proto/tendermint/rpc/grpc/types.pb.go ./rpc/grpc
 .PHONY: proto-gen
@@ -145,7 +145,7 @@ proto-gen: check-proto-deps
 #? proto-lint: Lint protobuf files
 proto-lint: check-proto-deps
 	@echo "Linting Protobuf files"
-	@go run github.com/bufbuild/buf/cmd/buf lint
+	@go run github.com/bufbuild/buf/cmd/buf@latest lint
 .PHONY: proto-lint
 
 #? proto-format: Format protobuf files
@@ -160,11 +160,11 @@ proto-check-breaking: check-proto-deps
 	@echo "Note: This is only useful if your changes have not yet been committed."
 	@echo "      Otherwise read up on buf's \"breaking\" command usage:"
 	@echo "      https://docs.buf.build/breaking/usage"
-	@go run github.com/bufbuild/buf/cmd/buf breaking --against ".git"
+	@go run github.com/bufbuild/buf/cmd/buf@latest breaking --against ".git"
 .PHONY: proto-check-breaking
 
 proto-check-breaking-ci:
-	@go run github.com/bufbuild/buf/cmd/buf breaking --against $(HTTPS_GIT)#branch=v0.34.x
+	@go run github.com/bufbuild/buf/cmd/buf@latest breaking --against $(HTTPS_GIT)#branch=v0.34.x
 .PHONY: proto-check-breaking-ci
 
 ###############################################################################
 
@@ -128,10 +128,8 @@ func GenPrivKeySecp256k1(secret []byte) PrivKey {
 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
 	priv, _ := secp256k1.PrivKeyFromBytes(privKey)
 
-	sig, err := ecdsa.SignCompact(priv, crypto.Sha256(msg), false)
-	if err != nil {
-		return nil, err
-	}
+	sum := sha256.Sum256(msg)
+	sig := ecdsa.SignCompact(priv, sum[:], false)
 
 	// remove the first byte which is compactSigRecoveryCode
 	return sig[1:], nil
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `[light]` Cross-check proposer priorities in retrieved validator sets
	`2`	`+ ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+- `[privval]` Ignore duplicate privval listen when already connected ([\#3828](https://github.com/cometbft/cometbft/issues/3828)
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `[types]` Check that proposer is one of the validators in `ValidateBasic`
	`2`	`+ ([\#ASA-2024-009](https://github.com/cometbft/cometbft/security/advisories/GHSA-g5xx-c4hv-9ccc))`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `[e2e]` Add `log_level` option to manifest file
	`2`	`+ ([#3819](https://github.com/cometbft/cometbft/pull/3819)).`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `[e2e]` Add `log_format` option to manifest file
	`2`	`+ ([#3836](https://github.com/cometbft/cometbft/issues/3836)).`