| Age | Commit message (Collapse) | Author |
|---|
|
Four cases included:
* The CLTV operand type mismatches the tx locktime. In the script it is
1 (interpreted as block height), but in the tx is 500000000
(interpreted as date)
* The stack is empty when executing OP_CLTV
* The tx is final by having only one input with MAX_INT sequence number
* The operand for CLTV is negative (after OP_0 OP_1 OP_SUB)
Rebased-From: cb54d17355864fa08826d6511a0d7692b21ef2c9
|
|
Based on the earlier BIP66 soft-fork logic implemented by Pieter
Wuille's 5a47811da5158df763aa2fca09ce646ee0c51e7b
Rebased-From: 287f54fc90c29301faede8d4ac2ea24a91441917
|
|
Transactions that fail CLTV verification will be rejected from the
mempool, making it easy to test the feature. However blocks containing
"invalid" CLTV-using transactions will still be accepted; this is *not*
the soft-fork required to actually enable CLTV for production use.
Rebased-From: ffd75adce01a78b3461b3ff05bcc2b530a9ce994
|
|
<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime>
Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be
locked until some block height or block time in the future is reached.
Only the logic and unittests are implemented; this commit does not have
any actual soft-fork logic in it.
Thanks to Pieter Wuille for rebase.
Credit goes to Gregory Maxwell for the suggestion of comparing the
argument against the transaction nLockTime rather than the current
time/blockheight directly.
Rebased-From: bc60b2b4b401f0adff5b8b9678903ff8feb5867b
|
|
Will now be needed by CHECKLOCKTIMEVERIFY code.
Rebased-From: 48e9c57cf06352f890eac4285ae022d8746cf3fd
|
|
While the existing numeric opcodes are all limited to 4-byte bignum
arguments, new opcodes will need different limits.
Rebased-From: 99088d60d8a7747c6d1a7fd5d8cd388be1b3e138
|
|
This adds SCRIPT_VERIFY_LOW_S to STANDARD_SCRIPT_VERIFY_FLAGS which
will make the node require the canonical 'low-s' encoding for
ECDSA signatures when relaying or mining.
Consensus behavior is unchanged.
The rational is explained in a81cd96805ce6b65cca3a40ebbd3b2eb428abb7b:
Absent this kind of test ECDSA is not a strong signature as given
a valid signature {r, s} both that value and {r, -s mod n} are valid.
These two encodings have different hashes allowing third parties a
vector to change users txids. These attacks are avoided by picking
a particular form as canonical and rejecting the other form(s); in
the of the LOW_S rule, the smaller of the two possible S values is
used.
If widely deployed this change would eliminate the last remaining
known vector for nuisance malleability on boring SIGHASH_ALL
p2pkh transactions. On the down-side it will block most
transactions made by sufficiently out of date software.
Unlike the other avenues to change txids on boring transactions this
one was randomly violated by all deployed bitcoin software prior to
its discovery. So, while other malleability vectors where made
non-standard as soon as they were discovered, this one has remained
permitted. Even BIP62 did not propose applying this rule to
old version transactions, but conforming implementations have become
much more common since BIP62 was initially written.
Bitcoin Core has produced compatible signatures since a28fb70e in
September 2013, but this didn't make it into a release until 0.9
in March 2014; Bitcoinj has done so for a similar span of time.
Bitcoinjs and electrum have been more recently updated.
This does not replace the need for BIP62 or similar, as miners can
still cooperate to break transactions. Nor does it replace the
need for wallet software to handle malleability sanely[1]. This
only eliminates the cheap and irritating DOS attack.
[1] On the Malleability of Bitcoin Transactions
Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek
http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf
Conflicts:
src/policy/policy.h
Rebased-From: b196b685c9089b74fd4ff3d9a28ea847ab36179b
Github-Pull: #6769
|
|
|
|
5e6d893 travis: for travis generating an extra build (Cory Fields)
ceba0f8 PARTIAL: typofixes (found by misspell_fixer) (Veres Lajos)
2ede6b7 add support for miniupnpc api version 14 (Pavel Vasin)
0dfcdd4 rpc-tests: re-enable rpc-tests for Windows (Cory Fields)
c9ad65e net: Set SO_REUSEADDR for Windows too (Cory Fields)
0194bdd add unit test for CNetAddr::GetGroup. (Alex Morcos)
bdf2542 Fix masking of irrelevant bits in address groups. (Alex Morcos)
65426ac Add missing files to files.md (fanquake)
28d76d2 Handle leveldb::DestroyDB() errors on wipe failure (Adam Weiss)
843469e Use unique name for AlertNotify tempfile (Casey Rodarmor)
4e5ea71 Make sure LogPrint strings are line-terminated (J Ross Nicoll)
3861f0f build: fix libressl detection (Cory Fields)
04507de Avoid leaking file descriptors in RegisterLoad (Casey Rodarmor)
8b59079 Add autogen.sh to source tarball. (randy-waterhouse)
|
|
The thin space QT html hack results in cut-off chars/nums after a line break.
Avoid word wrap line breaks by using a smaller font and a line break before each alternative value)
Rebased-From: 24cb7c7bbba224dcb73fcf69296f5ef4734f745f
Github-Pull: #6694
|
|
Upstream: 9f68ed6b6d1a9c6436ce37913666165f2b180ee3 (PR #6539)
|
|
The value of new arg ttl is set to 2 as it's recommended default.
|
|
When running the rpc tests in Wine, nodes often fail to listen on localhost
due to a stale socket from a previous run. This aligns the behavior with other
platforms.
|
|
|
|
|
|
Add error checking to CLevelDBWrapper for errors from
leveldb::DestroyDB(). Without it, if unlink() or DeleteFileW() fail to
delete files, they will fail silent. If they fail to delete any files,
CLevelDBWrapper will silently open and read the existing database.
Typically any permissions issues would be caught by leveldb as it churns
through many files as part of its compaction process, but it is
conceivable that this could cause problems on Windows with anti-virus
and indexing software.
|
|
|
|
|
|
This is pretty trivial, but if there's an error here we'll leak a file
descriptor. Changed it to always close the file.
|
|
SOCKET are defined as unsigned integers, thus always >=0.
Rebased-From: 89289d875da108c42ca013f33597eda46cb6eb53
|
|
Conflicts:
src/net.cpp
Github-Pull: #6412
Rebased-From: d422f9b1fdb42a51aadaa1bbc157542dca2feb17
|
|
Rebased-From: d4b1d5a8baf18e4c8d62846360c0c1c0c9331d70
Github-Pull: #6438
|
|
Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.
This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.
I intend to add this to the GUI options in another pull after this.
Conflicts:
src/init.cpp
src/main.cpp
Github-Pull: #6274
Rebased-From: 02a6702a82a5b00e0e0351041dd3267308b7f319
|
|
Chance "getbalance *" not to use IsTrusted. The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.
Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.
Github-Pull: #6276
Rebased-From: 7d6a85ab5b1dc96e0f3f6f835f27bb81ba2af919
Rebased-By: @trasher-
|
|
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).
The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.
Also adds tests for the new behavior.
Github-Pull: #6226
Rebased-From: 4e157fc60dae5ca69933ea4c1585a2a078b4d957
|
|
Github-Pull: #6203
Rebased-From: d449772cf69c01932fc5d72c46054815d6300b3c
|
|
To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.
Fixes #2927.
Conflicts:
src/init.cpp
Rebased-From: 8c35b6f3be218101630101806300cfd75be23f58
Github-Pull: #6153
|
|
Fix two CSubNet constructor problems:
- The use of `/x` where 8 does not divide x was broken, due to a
bit-order issue
- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
are not 0 was broken. Fix this by explicitly normalizing the netwok
according to the bitmask.
Also add tests for these cases.
Fixes #6179. Thanks to @jonasschnelli for reporting and initial fix.
Rebased-From: b45c50ce511dbf541ea086ae40a3ad16ff06de0c
Github-Pull: #6186
|
|
Simplify the code by using CAddress.ip directly, instead of the reversed
GetByte() semantics.
Rebased-From: 19e8d7be42039724b4893515ec6457d0187024a9
Github-Pull: #6186
|
|
When the internal miner is enabled at the start of a new node, there
is an near instant assert in TestBlockValidity because its attempting
to mine a block before the top checkpoint.
Also avoids a data race around vNodes.
Github-Pull: #6123
Rebased-From: bba7c249296a9a2f444e1035fef8f8b593ba2aaf
|
|
|
|
|
|
fixes https://github.com/bitcoin/bitcoin/issues/6078
Github-Pull: #6093
Rebased-From: b3ffcdf91608d4435acfb9b0a6266a4073ffaf7f 3da78490073b04f52f0136e17b07246cc37bedf1
|
|
Backport from master
|
|
|
|
On hosts that had spent some time with a failed internet connection their
nAttempts penalty was going through the roof (e.g. thousands for all peers)
and as a result the connect search was pegging the CPU and failing to get
more than a 4 connections after days of running (because it was taking so
long per try).
Rebased-From: a784f90c9892f06b9fea4e7579f5eca3585482c3
Github-Pull: #6029
|
|
Also adds a test to CheckBlockIndex
Conflicts:
src/main.cpp
Rebased-From: c1ecee8f723c2635fbd51100fa09acdb0cbec8a0
Github-Pull: #6010
|
|
The environment is prepared by the main thread to guard against invalid locale settings.
|
|
The environment is prepared by the main thread to guard against invalid locale settings and to prevent deinitialization issues of Boost path, which can result in app crashes.
|
|
The scope of `std::locale::global` appears to be smaller than `setenv("LC_ALL", ...)` and insufficient to fix messed up locale settings for the whole application.
|
|
Some tests in CheckBlockIndex require chainActive.Tip(), but when reindexing, chainActive has not been set on the first call to CheckBlockIndex.
reindex.py starts a node, mines 3 blocks, stops, and reindexes with CheckBlockIndex enabled.
Rebased-From: 0421c18f3a261f04e83a03f59884e5798af74fd9
Github-Pull: #6012
|
|
Rebased-From: eb63bf86cf6dc99f150574463df6ffb013a34493
Github-Pull: #6007
|
|
This fixes a subtle bug involving block re-orgs and non-standard transactions.
Start with a block containing a non-standard transaction, and
one or more transactions spending it in the memory pool.
Then re-org away from that block to another chain that does
not contain the non-standard transaction.
Result before this fix: the dependent transactions get stuck
in the mempool without their parent, putting the mempool
in an inconsistent state.
Tested with a new unit test (adapted for 0.10).
Rebased-From: ad9e86dca11dce023d827d342e966f3806c39d27
Github-Pull: #5945
|
|
a1f425b Add a consistency check for the block chain data structures (Pieter Wuille)
This is a port of #5900 to 0.10.
Github-Pull: #5900
|
|
This change was suggested as Countermeasure 6 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
Rebased-From: 1d21ba2f5ecbf03086d0b65c4c4c80a39a94c2ee
Github-Pull: #5941
|
|
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
Rebased-From: c6a63ceeb4956933588995bcf01dc3095aaeb1fc
Github-Pull: #5941
|
|
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
Rebased-From: 68ba3f67bd500a64fb8932c6b41924ddc31d76f
Github-Pull: #5941
|
|
Conflicts:
src/addrman.cpp
Rebased-From: a8ff7c62edc63c7c94bc91c30b80995539ed7477
Github-Pull: #5941
|
|
Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.
This prevents attackers from having an advantages by inserting an
address multiple times.
This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
It is also more efficient.
Conflicts:
src/addrman.cpp
src/addrman.h
Rebased-From: e6b343d880f50d52390c5af8623afa15fcbc65a2
Github-Pull: #5941
|
|
Conflicts:
src/addrman.cpp
Rebased-From: b23add5521e4207085d41a0266617e94435fc22e
Github-Pull: #5941
|
