Github-Pull: #5465
Rebased-From: 422f873 d546191 d7db4b6 e27d7cb

Github-Pull: #5461
Rebased-From: aa768f1

Rebased-From: 164a45f
Github-Pull: #5471

Bump version but keep CLIENT_VERSION_IS_RELEASE at false as this is not
a release yet.

Rebased-From: 84857e8
Github-Pull: #5437

Previously transactions were only tested again the
STANDARD_SCRIPT_VERIFY_FLAGS prior to mempool acceptance, so any bugs in
those flags that allowed actually-invalid transactions to pass would
result in allowing invalid transactions into the mempool. Fortunately
there is a second check in CreateNewBlock() that would prevent those
transactions from being mined, resulting in an invalid block, however
this could still be exploited as a DoS attack.

Rebased-From: 7c041b3

…ional

Rebased-From: 4bc95c4

Rebased-From: 3497022
Github-Pull: #5459

Previously the minRelayTxFee was only enforced on user specified values.

It was possible for smartfee to produce a fee below minRelayTxFee which
 would just result in the transaction getting stuck because it can't be
 relayed.

This also introduces a maxtxfee option which sets an absolute maximum
 for any fee created by the wallet, with an intention of increasing
 user confidence that the automatic fees won't burn them. This was
 frequently a concern even before smartfees.

If the configured fee policy won't even allow the wallet to meet the relay
 fee the transaction creation may be aborted.

Rebased-From: aa279d6
Github-Pull: #5485

'Sane' was already defined by this code as:
 fee.GetFeePerK() > minRelayFee.GetFeePerK() * 10000
 But sanity was only enforced for data loaded from disk.

Note that this is a pretty expansive definition of 'sane': A 10 BTC
 fee is still passes the test if its on a 100kb transaction.

This prevents a single insane fee on the network from making us reject
 our stored fee data at start.  We still may reject valid saved fee
 state if minRelayFee is changed between executions.

This also reduces the risk and limits the damage from a cascading
 failure where one party pays a bunch of insane fees which cases
 others to pay insane fees.

Rebased-From: 6484930
Github-Pull: #5481

Don't allow immediate inv driven block downloads if
a peer already has MAX_BLOCKS_IN_TRANSIT_PER_PEER
active downloads.  Prevents bogus inv spam from
blowing up block transfer tracking data structures.

Rebased-From: c907704
Github-Pull: #5507

Github-Pull: #5512
Rebased-From: dd14a0e

Previously an empty script wouldn't be hashed, and CScriptID would be
assigned the incorrect value of 0 instead. This bug can be seen in the
RPC decodescript command:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "31h1vYVSYuKP6AhS86fbRdMw9XHieotbST"
    }

Correct output:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy"
    }

Rebased-From: d78f0da
Github-Pull: #5541

Rebased-From: 566c6cb
Github-Pull: #5536

Rebased-From: a15dba5
Github-Pull: #5533

Rebased-From: f9c571a
Github-Pull: #5565

Rebased-From: 06206bb
Github-Pull: 5571

I'm not comfortable with retaining this entry.

Rebased-From: a094b3d
Github-Pull: #5545

Besides giving a nicer error, this also prevents logging arbitrary data (which could have been used to exploit log readers) into debug.log

Rebased-From: 7f71813
Github-Pull: #5499

- Avoid ambiguous language regarding when transactions confirm
- Elaborate on downgrading warning
- Other minor language improvements
- Clarify watch-only behaviour

Github-Pull: #5534

The normative place for these for the entire project is COPYING,
and the main README already has a MIT license section.

Rebased-From: e6df2bb

There is still a redundancy here between configure.ac and
clientversion.h.

Rebased-From: edbc904

Broken hash logic caused all depends on some platforms (osx at least) to end up
with the same build-id. Without this fix, nothing will be rebuilt when recipes
or dependencies change.

Rebased-From: d57b303
Github-Pull: #5586

Rebased-From: 643415a
Github-Pull: #5583

Rebased-From: e64e084
Github-Pull: #5581

Rebased-From: 0d50c2f
Github-Pull: #5569

With the splashscreen being able to be closed it is possible to
shutdown during the lengthy verifyDB method. (Takes about a minute
on my machine). This change allows us to shutdown much sooner.

Github-Pull: #5557
Rebased-From: 70477a0

4a3d3e2 Fix typo in release notes (Peter Todd)

Rebased-From: be22b3d
Github-Pull: #5532

Github-Pull: #5528
Rebased-From: 2a3d988 a089c50 2c14d15

Rebased-From: 1c52aad
Github-Pull: #5535

Otherwise, if CCoinsViewCache::ModifyCoins throws an exception in between
setting hasModifier and constructing the CCoinsModifier, the cache ends up
in an inconsistent state, resulting in an assert failure in the next
modification.

Bug discovered by Wladimir J. van der Laan.

Rebased-From: 1c52aad
Github-Pull: #5597

Rebased-From: e413457
Github-Pull: #5597

2ecd294 Bugfix: configure: Correctly detect "nothing to build" condition (Luke Dashjr)
b7a4ecc Bugfix: Only check for boost when building code that requires it (Luke Dashjr)
a19eeac Bugfix: configure: Check for openssl/ec.h (Luke Dashjr)
fe925e2 Use EXTRA_LIBRARIES instead of noinst_LIBRARIES so we can avoid building unused code (Cory Fields)

Github-Pull: #5575
Rebased-From: 1eb1e65

If these are going to fail in bitcoind, they should fail in the tests as well.

Github-Pull: #5604
Rebased-From: d58c5d6

New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.

Github-Pull: #5634
Rebased-From: 488ed32

Github-Pull: #5634
Rebased-From: dad7764

Github-Pull: #5634
Rebased-From: 8dccba6

Add some defensive programming on top of #5634.

This copies the respective OpenSSL code in ECDSA_verify in
OpenSSL pre-1.0.1k (e.g. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1j/crypto/ecdsa/ecs_vrf.c#L89)
more closely.

As reported by @SergioDemianLerner.

Github-Pull: #5640
Rebased-From: c6b7b29

This will disconnect peers that do not transfer a block in 10 minutes, plus
5 minutes for every previously queued block with validated headers
(accomodating downstream bandwidth down to a few kilobytes per second - below
that the node would have trouble staying synchronized anyway).

Github-Pull: #5608
Rebased-From: 9161303

Github-Pull: #5619
Rebased-From: 13cdce4

Also add 0.9.4's release notes to the archive.
Added commits based on
http://sourceforge.net/p/bitcoin/mailman/message/33225960/
[skip ci]

af35bdc Update 0.10 release notes as of 0.10.0rc2 (Micha)

It turns out that some miners have been staying with old versions of
 Bitcoin Core because their software  behaves poorly with persistent
 connections and the Bitcoin Core thread and connection limits.

What happens is that underlying  HTTP libraries leave connections open
 invisibly to their users and then the user runs into the default four
 thread limit.  This looks like Bitcoin Core is unresponsive to RPC.

There are many things that should be improved in Bitcoin Core's behavior
 here, e.g. supporting more concurrent connections, not tying up threads
 for idle connections, disconnecting kept-alive  connections when limits
 are reached, etc. All are fairly big, risky changes.

Disabling keep-alive is a simple workaround. It's often not easy to turn
 off the keep-alive support in the client where it may be buried in some
 platform library.

If you are one of the few who really needs persistent connections you
 probably know that you want them and can find a switch; while if you
 don't and the misbehavior is hitting you it is hard to discover the
 source of your problems is keepalive related.  Given that it is best
 to default to off until they're handled better.

Github-Merge: #5655
Rebased-From: 16a5c18 56c1093 1dd8ee7

This avoids a regression for issues like #334 where high speed
 repeated connections eventually run the HTTP client out of
 sockets because all of theirs end up in time_wait.

Maybe the trade-off here is suboptimal, but if both choices will
 fail then we prefer fewer changes until the root cause is solved.

Rebased-From: 1a25a7e 7d2cb48
Github-Pull: #5674

- qt: avoid hard-coding font names

They may not contain all necessary characters for a language

- qt: fix broken unicode chars on osx 10.10

The default font changed again.

The real fix is to compile qt against a >= 10.8 sdk, but this is simple enough
to backport to 0.10 to avoid having to do that there.

Note: NSAppKitVersionNumber is a double and there's no official value for
NSAppKitVersionNumber10_10. Since == isn't reliable for doubles, use Apple's
guidelines for testing versions here:
https://developer.apple.com/library/mac/releasenotes/AppKit/RN-AppKit/

Chinese and Japanese fonts have been hard-coded as well, otherwise they fail to
show up at all.

- qt: fonts: allow SubstituteFonts to filter based on user's language

SubstituteFonts() has been moved to after app identification so that QSettings
are accessible.

Github-Pull: #5671
Rebased-From: 73cd4ed 52954e6 f5ad78b

Just like novacoin-project/novacoin@baf80c2

Github-Pull: #5700
Rebased-From: 944c256

Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.

Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.

Rebased-From: 2fa9a8e
Github-Pull: #5627

Rebased-From: ff09e31
Github-Pull: #5243

Github-Pull: #5720
Rebased-From: 55eade9

- before it was possible to use the steps to change e.g. amouns of
  authenticated or unauthenticated payment requests (AmountSpinBox is
  already set to read-only here) - this is now fixed
- also move the reimplemented stepEnabled() function to the
  protected section of our class, where it belongs (see Qt doc)

Github-Pull: #5637
Rebased-From: 0fd9e2b

fd7350d doc/release-notes.md: Add summary of mining enhancements (Luke Dashjr)

Conflicts:
	src/main.cpp
	src/script/bitcoinconsensus.cpp

Rebased-From: 858809a
Github-Pull: #5719

Rebased-From: 9fddced
Github-Pull: #5719

Make this projection of priority in 1 block match the calculation in the low priority reject code.

Rebased-From: 2d9b0b7
Github-Pull: #5675

3916a81 Increase coverage of DERSIG edge cases (Pieter Wuille)
6da2028 Add RPC test for DERSIG BIP switchover logic (Pieter Wuille)
773c30d BIP66 changeover logic (Pieter Wuille)
18695f0 Example unit tests from BIP66 (Pieter Wuille)
abfbeaf Change IsDERSignature to BIP66 implementation (Pieter Wuille)

This harmonizes the block fetch timeout with the existing ping timeout
 and eliminates a guaranteed eventual failure from congestion collapse
 for a network operating right at its limit.

It's unlikely that we wouldn't suffer other failures if we were really
 anywhere near the network's limit, and a complete avoidance of congestion
 collapse risk requires (I think) an exponential back-off. So this isn't
 a major concern, but I think it's also useful for reducing the complexity
 of understanding out timeouts.

Github-Pull: #5647
Rebased-From: 3ff735c

Add comment about free transactions no longer being the default
Inform about the relay policy change

63efb36 Modify release-notes for changes related to free tranactions (Alex Morcos)

Conflicts:
	doc/release-notes.md

Rebased-From: 04ca082
Github-Pull: #5757

7b6c847 doc/release-notes.md: Explain affect of BIP66 on miners (Luke Dashjr)

Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.

Rebased-From: 0c6ab67
Github-Pull: #5790

Rebased-From: e5d9d77
Github-Pull: #5706

This fixes a potential race condition in the CCheckQueueControl constructor,
which was looking directly at data in CCheckQueue without acquiring its lock.

Remove the now-unnecessary friendship for CCheckQueueControl

Rebased-From: cf008ac
Github-Pull: #5721

Normally bitcoin core does not display any network originated strings without
 sanitizing or hex encoding.  This wasn't done for strcommand in many places.

This could be used to play havoc with a terminal displaying the logs,
 especially with printtoconsole in use.

Thanks to Evil-Knievel for reporting this issue.

Conflicts:
	src/main.cpp

With headers-first we can compare against the best header timestamp, rather
than using checkpoints which require code updates to maintain.

Rebased-From: 85da07a
Github-Pull: #5820

…rence"-action (on OSX)

- fixes #5800

Conflicts:
	src/qt/bitcoingui.cpp

Rebased-From: 9bbb880
Github-Pull: #5858

This introduces a fixed limit for the size of p2p messages, and enforces it
before download.

Rebased-From: ba04c4a
Github-Pull: #5843

The only time when a client sends a "getaddr" message is when he
esatblishes an Outbound connection (see ProcessMessage() in
src/main.cpp).  Another bitcoin client is expected to receive a
"getaddr" message only on Inbound connection. Ignoring "gettaddr"
requests on Outbound connections can resolve potential privacy issues
(and as was said such request normally do not happen anyway).

Rebased-From: dca799e
Github-Pull: #5442

When re-indexing, there are a few cases where garbage data may be skipped in
the block files. In these cases, the indices are correctly written to the index
db, however the pointer to the next position for writing in the current block
file is calculated by adding the sizes of the valid blocks found.

As a result, when the re-index is finished, the index db is correct for all
existing blocks, but the next block will be written to an incorrect offset,
likely overwriting existing blocks.

Rather than using the sum of all valid blocks to determine the next write
position, use the end of the last block written to the file. Don't assume that
the current block is the last one in the file, since they may be read
out-of-order.

Rebased-From: bb6acff
Github-Pull: #5864

Rebased-From: a9af415
Github-Pull: #5879