-
Notifications
You must be signed in to change notification settings - Fork 36.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0.10 #6911
Closed
Closed
0.10 #6911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bump version but keep CLIENT_VERSION_IS_RELEASE at false as this is not a release yet.
Previously transactions were only tested again the STANDARD_SCRIPT_VERIFY_FLAGS prior to mempool acceptance, so any bugs in those flags that allowed actually-invalid transactions to pass would result in allowing invalid transactions into the mempool. Fortunately there is a second check in CreateNewBlock() that would prevent those transactions from being mined, resulting in an invalid block, however this could still be exploited as a DoS attack. Rebased-From: 7c041b3
…ional Rebased-From: 4bc95c4
Previously the minRelayTxFee was only enforced on user specified values. It was possible for smartfee to produce a fee below minRelayTxFee which would just result in the transaction getting stuck because it can't be relayed. This also introduces a maxtxfee option which sets an absolute maximum for any fee created by the wallet, with an intention of increasing user confidence that the automatic fees won't burn them. This was frequently a concern even before smartfees. If the configured fee policy won't even allow the wallet to meet the relay fee the transaction creation may be aborted. Rebased-From: aa279d6 Github-Pull: #5485
'Sane' was already defined by this code as: fee.GetFeePerK() > minRelayFee.GetFeePerK() * 10000 But sanity was only enforced for data loaded from disk. Note that this is a pretty expansive definition of 'sane': A 10 BTC fee is still passes the test if its on a 100kb transaction. This prevents a single insane fee on the network from making us reject our stored fee data at start. We still may reject valid saved fee state if minRelayFee is changed between executions. This also reduces the risk and limits the damage from a cascading failure where one party pays a bunch of insane fees which cases others to pay insane fees. Rebased-From: 6484930 Github-Pull: #5481
Previously an empty script wouldn't be hashed, and CScriptID would be assigned the incorrect value of 0 instead. This bug can be seen in the RPC decodescript command: $ btc decodescript "" { "asm" : "", "type" : "nonstandard", "p2sh" : "31h1vYVSYuKP6AhS86fbRdMw9XHieotbST" } Correct output: $ btc decodescript "" { "asm" : "", "type" : "nonstandard", "p2sh" : "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy" } Rebased-From: d78f0da Github-Pull: #5541
Rebased-From: 06206bb Github-Pull: 5571
The value of new arg ttl is set to 2 as it's recommended default.
5e6d893 travis: for travis generating an extra build (Cory Fields) ceba0f8 PARTIAL: typofixes (found by misspell_fixer) (Veres Lajos) 2ede6b7 add support for miniupnpc api version 14 (Pavel Vasin) 0dfcdd4 rpc-tests: re-enable rpc-tests for Windows (Cory Fields) c9ad65e net: Set SO_REUSEADDR for Windows too (Cory Fields) 0194bdd add unit test for CNetAddr::GetGroup. (Alex Morcos) bdf2542 Fix masking of irrelevant bits in address groups. (Alex Morcos) 65426ac Add missing files to files.md (fanquake) 28d76d2 Handle leveldb::DestroyDB() errors on wipe failure (Adam Weiss) 843469e Use unique name for AlertNotify tempfile (Casey Rodarmor) 4e5ea71 Make sure LogPrint strings are line-terminated (J Ross Nicoll) 3861f0f build: fix libressl detection (Cory Fields) 04507de Avoid leaking file descriptors in RegisterLoad (Casey Rodarmor) 8b59079 Add autogen.sh to source tarball. (randy-waterhouse)
This adds SCRIPT_VERIFY_LOW_S to STANDARD_SCRIPT_VERIFY_FLAGS which will make the node require the canonical 'low-s' encoding for ECDSA signatures when relaying or mining. Consensus behavior is unchanged. The rational is explained in a81cd96: Absent this kind of test ECDSA is not a strong signature as given a valid signature {r, s} both that value and {r, -s mod n} are valid. These two encodings have different hashes allowing third parties a vector to change users txids. These attacks are avoided by picking a particular form as canonical and rejecting the other form(s); in the of the LOW_S rule, the smaller of the two possible S values is used. If widely deployed this change would eliminate the last remaining known vector for nuisance malleability on boring SIGHASH_ALL p2pkh transactions. On the down-side it will block most transactions made by sufficiently out of date software. Unlike the other avenues to change txids on boring transactions this one was randomly violated by all deployed bitcoin software prior to its discovery. So, while other malleability vectors where made non-standard as soon as they were discovered, this one has remained permitted. Even BIP62 did not propose applying this rule to old version transactions, but conforming implementations have become much more common since BIP62 was initially written. Bitcoin Core has produced compatible signatures since a28fb70 in September 2013, but this didn't make it into a release until 0.9 in March 2014; Bitcoinj has done so for a similar span of time. Bitcoinjs and electrum have been more recently updated. This does not replace the need for BIP62 or similar, as miners can still cooperate to break transactions. Nor does it replace the need for wallet software to handle malleability sanely[1]. This only eliminates the cheap and irritating DOS attack. [1] On the Malleability of Bitcoin Transactions Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf Conflicts: src/policy/policy.h Rebased-From: b196b68 Github-Pull: #6769
While the existing numeric opcodes are all limited to 4-byte bignum arguments, new opcodes will need different limits. Rebased-From: 99088d6
Will now be needed by CHECKLOCKTIMEVERIFY code. Rebased-From: 48e9c57
<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime> Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be locked until some block height or block time in the future is reached. Only the logic and unittests are implemented; this commit does not have any actual soft-fork logic in it. Thanks to Pieter Wuille for rebase. Credit goes to Gregory Maxwell for the suggestion of comparing the argument against the transaction nLockTime rather than the current time/blockheight directly. Rebased-From: bc60b2b
Transactions that fail CLTV verification will be rejected from the mempool, making it easy to test the feature. However blocks containing "invalid" CLTV-using transactions will still be accepted; this is *not* the soft-fork required to actually enable CLTV for production use. Rebased-From: ffd75ad
Four cases included: * The CLTV operand type mismatches the tx locktime. In the script it is 1 (interpreted as block height), but in the tx is 500000000 (interpreted as date) * The stack is empty when executing OP_CLTV * The tx is final by having only one input with MAX_INT sequence number * The operand for CLTV is negative (after OP_0 OP_1 OP_SUB) Rebased-From: cb54d17
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: miniupnp/miniupnp@79cca97 Reported by timothy on IRC. Github-Pull: #6789 Rebased-From: 0cca024
This passes `-Wa,--noexecstack` to the assembler when building platform-specific assembly files, to signal that a non-executable stack can be used. This is the same approach as used by Debian (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430583) Rebased-From: bfcdc21 Github-Pull: #6852
fb818b6 Bring historical release notes up to date (Micha)
Nagle appears to be a significant contributor to latency now that the static sleeps are gone. Most of our messages are relatively large compared to IP + TCP so I do not expect this to create enormous overhead. This may also reduce traffic burstyness somewhat. Conflicts: src/net.cpp Rebased-From: a4e28b3 Github-Pull: #6867
5dc72f8 CLTV: Add more tests to improve coverage (Esteban Ordano) 6a1343b Add RPC tests for the CHECKLOCKTIMEVERIFY (BIP65) soft-fork (Peter Todd) 4137248 Add CHECKLOCKTIMEVERIFY (BIP65) soft-fork logic (Peter Todd) 0e01d0f Enable CHECKLOCKTIMEVERIFY as a standard script verify flag (Peter Todd) 6d01325 Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65) (Peter Todd) 750d54f Move LOCKTIME_THRESHOLD to src/script/script.h (Peter Todd) 6897468 Make CScriptNum() take nMaxNumSize as an argument (Peter Todd)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.