bitcoin/bitcoin

This version of miniupnpc fixes a buffer overflow in the XML (ugh)
parser during initial network discovery.

http://talosintel.com/reports/TALOS-2015-0035/

The commit fixing the vulnerability is:
miniupnp/miniupnp@79cca97

Reported by timothy on IRC.

Github-Pull: #6789
Rebased-From: 0cca024

This adds SCRIPT_VERIFY_LOW_S to STANDARD_SCRIPT_VERIFY_FLAGS which
 will make the node require the canonical 'low-s' encoding for
 ECDSA signatures when relaying or mining.

Consensus behavior is unchanged.

The rational is explained in a81cd96:
 Absent this kind of test ECDSA is not a strong signature as given
 a valid signature {r, s} both that value and {r, -s mod n} are valid.
 These two encodings have different hashes allowing third parties a
 vector to change users txids.  These attacks are avoided by picking
 a particular form as canonical and rejecting the other form(s); in
 the of the LOW_S rule, the smaller of the two possible S values is
 used.

If widely deployed this change would eliminate the last remaining
 known vector for nuisance malleability on boring SIGHASH_ALL
 p2pkh transactions.  On the down-side it will block most
 transactions made by sufficiently out of date software.

Unlike the other avenues to change txids on boring transactions this
 one was randomly violated by all deployed bitcoin software prior to
 its discovery.  So, while other malleability vectors where made
 non-standard as soon as they were discovered, this one has remained
 permitted.  Even BIP62 did not propose applying this rule to
 old version transactions, but conforming implementations have become
 much more common since BIP62 was initially written.

Bitcoin Core has produced compatible signatures since a28fb70 in
 September 2013, but this didn't make it into a release until 0.9
 in March 2014; Bitcoinj has done so for a similar span of time.
 Bitcoinjs and electrum have been more recently updated.

This does not replace the need for BIP62 or similar, as miners can
 still cooperate to break transactions.  Nor does it replace the
 need for wallet software to handle malleability sanely[1]. This
 only eliminates the cheap and irritating DOS attack.

[1] On the Malleability of Bitcoin Transactions
Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek
http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf

Conflicts:
	src/policy/policy.h

Rebased-From: b196b68
Github-Pull: #6769

5e6d893 travis: for travis generating an extra build (Cory Fields)
ceba0f8 PARTIAL: typofixes (found by misspell_fixer) (Veres Lajos)
2ede6b7 add support for miniupnpc api version 14 (Pavel Vasin)
0dfcdd4 rpc-tests: re-enable rpc-tests for Windows (Cory Fields)
c9ad65e net: Set SO_REUSEADDR for Windows too (Cory Fields)
0194bdd add unit test for CNetAddr::GetGroup. (Alex Morcos)
bdf2542 Fix masking of irrelevant bits in address groups. (Alex Morcos)
65426ac Add missing files to files.md (fanquake)
28d76d2 Handle leveldb::DestroyDB() errors on wipe failure (Adam Weiss)
843469e Use unique name for AlertNotify tempfile (Casey Rodarmor)
4e5ea71 Make sure LogPrint strings are line-terminated (J Ross Nicoll)
3861f0f build: fix libressl detection (Cory Fields)
04507de Avoid leaking file descriptors in RegisterLoad (Casey Rodarmor)
8b59079 Add autogen.sh to source tarball. (randy-waterhouse)

The thin space QT html hack results in cut-off chars/nums after a line break.

Avoid word wrap line breaks by using a smaller font and a line break before each alternative value)

Rebased-From: 24cb7c7
Github-Pull: #6694

Upstream: 9f68ed6 (PR #6539)

The value of new arg ttl is set to 2 as it's recommended default.

When running the rpc tests in Wine, nodes often fail to listen on localhost
due to a stale socket from a previous run. This aligns the behavior with other
platforms.

typo

Add error checking to CLevelDBWrapper for errors from
leveldb::DestroyDB().  Without it, if unlink() or DeleteFileW() fail to
delete files, they will fail silent.  If they fail to delete any files,
CLevelDBWrapper will silently open and read the existing database.

Typically any permissions issues would be caught by leveldb as it churns
through many files as part of its compaction process, but it is
conceivable that this could cause problems on Windows with anti-virus
and indexing software.

Checking libcrypto for a function after we've already found a (possibly
different) libcrypto is not what we want to do here.

pkg-config might've found a cross lib while AC_CHECK_LIB may find a different
or native one.

Run a link-test against the lib that's already been found instead.

This is pretty trivial, but if there's an error here we'll leak a file
descriptor. Changed it to always close the file.

SOCKET are defined as unsigned integers, thus always >=0.

Rebased-From: 89289d8

Conflicts:
	src/net.cpp

Github-Pull: #6412
Rebased-From: d422f9b

Conflicts:
	doc/gitian-building.md

Github-Pull: #6439
Rebased-From: 09d4ddf

Rebased-From: d4b1d5a
Github-Pull: #6438

Move from sourceforge to linux foundation.

Also get rid of some other stale mentions of sourceforge.

Github-Pull: #6319
Rebased-From: 88d8525

Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.

This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.

I intend to add this to the GUI options in another pull after this.

Conflicts:
	src/init.cpp
	src/main.cpp

Github-Pull: #6274
Rebased-From: 02a6702

Chance "getbalance *" not to use IsTrusted.  The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.

Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.

Github-Pull: #6276
Rebased-From: 7d6a85a
Rebased-By: @trasher-

Rebased-From: a5a81f7
Github-Pull: #6244

Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).

The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.

Also adds tests for the new behavior.

Github-Pull: #6226
Rebased-From: 4e157fc

Github-Pull: #6203
Rebased-From: d449772

To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.

Fixes #2927.

Conflicts:
	src/init.cpp

Rebased-From: 8c35b6f
Github-Pull: #6153

Fix two CSubNet constructor problems:

- The use of `/x` where 8 does not divide x was broken, due to a
  bit-order issue

- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
  are not 0 was broken. Fix this by explicitly normalizing the netwok
  according to the bitmask.

Also add tests for these cases.

Fixes #6179. Thanks to @jonasschnelli for reporting and initial fix.

Rebased-From: b45c50c
Github-Pull: #6186

Simplify the code by using CAddress.ip directly, instead of the reversed
GetByte() semantics.

Rebased-From: 19e8d7b
Github-Pull: #6186