| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Translations for the 0.9 branch have been closed. Make sure that all the
translation work done up to now ends up in the branch.
|
|
Make this projection of priority in 1 block match the calculation in the low priority reject code.
Rebased-From: 2d9b0b7f03a268e557c6dce1dfa29401b5c9178b
Github-Pull: #5675
Conflicts:
src/wallet.cpp
|
|
Rebased-From: 730b1ed1a0d2b2b0f278ee808e7e266a50fac94b
Github-Pull: #5154
|
|
Normally bitcoin core does not display any network originated strings without
sanitizing or hex encoding. This wasn't done for strcommand in many places.
This could be used to play havoc with a terminal displaying the logs,
especially with printtoconsole in use.
Thanks to Evil-Knievel for reporting this issue.
Conflicts:
src/main.cpp
src/net.cpp
src/rpcserver.cpp
Rebased-From: 28d4cff0ed2d4438da4bbf2d4ca0465715603af5
Github-Pull: #5770
|
|
|
|
|
|
|
|
|
|
|
|
Add some defensive programming on top of #5634.
This copies the respective OpenSSL code in ECDSA_verify in
OpenSSL pre-1.0.1k (e.g. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1j/crypto/ecdsa/ecs_vrf.c#L89)
more closely.
As reported by @sergiodemianlerner.
Github-Pull: #5640
Rebased-From: c6b7b29f232c651f898eeffb93f36c8f537c56d2
|
|
Github-Pull: #5634
Rebased-From: 8dccba6a45db0466370726ed462b9da2eae43bce
|
|
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.
Github-Pull: #5634
Rebased-From: 488ed32f2ada1d1dd108fc245d025c4d5f252783
|
|
TLS is subject to downgrade attacks when SSLv3 is available, and
SSLv3 has vulnerabilities.
The popular solution is to disable SSLv3. On the web this breaks
some tiny number of very old clients. While Bitcoin RPC shouldn't
be exposed to the open Internet, it also shouldn't be exposed to
really old SSL implementations, so it shouldn't be a major issue
for us to disable SSLv3.
There is more information on the downgrade attacks and disabling
SSLv3 at https://disablessl3.com/ .
Rebased-From: 683dc4009b2b01699e672f8150c28e2ebe0aae19
|
|
Rebased-From: 12a49cac0a561ada277e93549cae26a3123a6023
|
|
Previously -proxy was not setting the proxy for IsLimited networks, so
if you set your configuration to be onlynet=tor you wouldn't get an
IPv4 proxy set.
The payment protocol gets its proxy configuration from the IPv4 proxy,
and so it would experience a connection leak.
This addresses issue #5355 and also clears up a cosmetic bug where
getinfo proxy output shows nothing when onlynet=tor is set.
Conflicts:
src/init.cpp
Rebased-From: 3c777141349ad82d679a278df0619968af53c23
Github-Issue: #5358
|
|
Refactor common -alertnotify code into static CAlert::Notify method.
|
|
Qt5 is bottled, so configure won't find it without some help. Use
brew to find out its prefix.
Also, qt5 added the host_bins variable to pkg-config, use it.
|
|
There is no reason to store thousands of orphan transactions;
normally an orphan's parents will either be broadcast or
mined reasonably quickly.
This pull drops the maximum number of orphans from 10,000 down
to 100, and adds a command-line option (-maxorphantx) that is
just like -maxorphanblocks to override the default.
|
|
#4253)
Rebased-From: 7b45d943b29a443f1ac808c9ee4eeed6df0db9cc
|
|
Prevent denial-of-service attacks by banning
peers that send us invalid orphan transactions
and only storing orphan transactions given to
us by a peer while the peer is connected.
Rebased-From: c74332c67806ed92e6e18de174671a7c30608780
|
|
reduces time to service requests improving performance
Rebased-From: 9189f5fe4df1ac7ea6ca75ceada867beafda90a9
|
|
Rebased-From: 540ac45
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
|
|
Tighten resource constraints on CNode.
Rebased-From: d4168c8
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
|
|
Rebased-From: def2fdb
Rebased-By: Wladimir J. van der Laan
|
|
Rebased-From: 89d91f6
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
|
|
This does not add any new messages from transifex, it just filters the
current ones.
|
|
|
|
Rebased-From: 565e569
|
|
When the libpath doesn't line up with the value from config.sub, we don't find
the correct path to boost's libs. This adds a hack to try another path before
giving up.
Should close #3219.
Rebased-From: 54c7df81
|
|
Conflicts:
src/qt/bitcoin.cpp
Rebased-From: 292cc072
|
|
The goal is to increase independence and privacy.
Rebased-From: 2e7009d
|
|
Removes the limits on number of pubkeys for P2SH CHECKMULTISIG outputs.
Previously with the 500 byte scriptSig limit there were odd restrictions
where even a 1-of-12 P2SH could be spent in a standard transaction(1),
yet multisig scriptPubKey's requiring more signatures quickly ran out of
scriptSig space.
From a "stuff-data-in-the-blockchain" point of view not much has changed
as with the prior commit now only allowing the dummy value to be null
the newly allowed scriptSig space can only be used for signatures. In
any case, just using more outputs is trivial and doesn't cost much.
1) See 779b519480d8c5346de6e635119c7ee772e97ec872240c45e558f582a37b4b73
Mined by BTC Guild.
|
|
redeemScripts >520bytes can't be spent due to the
MAX_SCRIPT_ELEMENT_SIZE limit; previously the addmultisigaddress and
createmultisig RPC calls would let you violate that limit unknowingly.
Also made the wallet code itself check the redeemScript prior to adding
it to the wallet, which in the (rare) instance that a user has added an
invalid oversized redeemScript to their wallet causes an error on
startup. The affected key isn't added to the wallet; other keys are
unaffected.
|
|
This avoids that long redeemScripts that were grandfathered in
prevent the wallet from loading.
Fixes #4313.
Rebased-From: 18116b0
|
|
Rebased-From: 88df548
|
|
Previously if bitcoind is linked with an OpenSSL which is compiled
without EC support, this is seen as an assertion failure "pKey !=
NULL" at key.cpp:134, which occurs after several seconds. It is an
esoteric piece of knowledge to interpret this as "oops, I linked
with the wrong OpenSSL", and because of the delay it may not even
be noticed.
The new output is
: OpenSSL appears to lack support for elliptic curve cryptography. For
more information, visit
https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries
: Initialization sanity check failed. Bitcoin Core is shutting down.
which occurs immediately after attempted startup.
This also blocks in an InitSanityCheck() function which currently only
checks for EC support but should eventually do more. See #4081.
Rebased-From: 4a09e1d
|
|
Block 295,000 seems to meet the criteria of a reasonable timestamp and
no strange transactions. 295,000 is the current block height in the
bootstrap.dat torrent provided by jgarzik.
Rebased-From: 125fba1
|
|
and use it for most strings being serialized.
Rebased-From: 216e9a4
|
|
It's required when called from WalletModel
Rebased-From: ea3acaf
|
|
Rebased-From: 954d2e7
|
|
fallback'
Passes tests:
```
$ ./bitcoin-qt 'bitcoin:?r=http://www.example.com/'
.. fixed the original problem - this launches mainnet.
$ ./bitcoin-qt 'bitcoin:mngeNQbTKnmaMbx8EXCYdwUbnt9JJD52cC'
.. launches testnet
$ ./bitcoin-qt -testnet 'bitcoin:1NXXeQRyMFFFRfyUix2o7mk1vhvk2Nxp78'
.. sanity check - launches mainnet.
```
Fixes #4355. Closes #4411.
Rebased-From: dd49e92
|
|
Rebased-From: 6265ecc
|
|
Rebased-From: 48d8eb1 27bff74 4f497cd 05e3ecf 90320d6 b1fdd54
|
|
Rebased-From: a7e1d50
|
|
Fixes #4679.
This leaves us with only one candidate, checkip.dyndns.org.
GetMyExternalIP should be phased out as soon as possible.
Rebased-From: c33b983
|
|
|
|
Generally useless information. Only updates on connect time, not after
that. Peers can easily lie and the median filter is not effective in
preventing that.
In the past it was used for progress display in the GUI but
`CheckPoints::guessVerificationProgress` provides a better way that is now used.
It was too easy to mislead it. Peers do lie about it in practice, see issue #4065.
From the RPC, `getpeerinfo` gives the peer raw values, which are more
useful.
|
|
|
|
Rebased-From: 6afa493
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
|
