From 16f45600c8c372a738ffef544292864256382601 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Sat, 16 May 2015 10:37:27 +0200 Subject: [PATCH 01/14] doc: small amandment to release notes --- doc/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/release-notes.md b/doc/release-notes.md index 9d6daa2feb..192ed69d29 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -46,7 +46,7 @@ This does not affect wallet forward or backward compatibility. Notable changes =============== -This fixes a serious problem on Windows with usernames that have non-ASCII +This fixes a serious problem on Windows with data directories that have non-ASCII characters (https://github.com/bitcoin/bitcoin/issues/6078). For other platforms there are no notable changes. From e4a7d51537509dab765976f8642f9e15b84408bb Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 26 May 2015 08:59:13 +0200 Subject: [PATCH 02/14] Simplify code for CSubnet Simplify the code by using CAddress.ip directly, instead of the reversed GetByte() semantics. Rebased-From: 19e8d7be42039724b4893515ec6457d0187024a9 Github-Pull: #6186 --- src/netbase.cpp | 14 ++++++-------- src/netbase.h | 2 ++ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/netbase.cpp b/src/netbase.cpp index 053c645a1b..fe6e79efca 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -1214,12 +1214,12 @@ CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup) std::string strNetmask = strSubnet.substr(slash + 1); int32_t n; // IPv4 addresses start at offset 12, and first 12 bytes must match, so just offset n - int noffset = network.IsIPv4() ? (12 * 8) : 0; + const int astartofs = network.IsIPv4() ? 12 : 0; if (ParseInt32(strNetmask, &n)) // If valid number, assume /24 symtex { - if(n >= 0 && n <= (128 - noffset)) // Only valid if in range of bits of address + if(n >= 0 && n <= (128 - astartofs*8)) // Only valid if in range of bits of address { - n += noffset; + n += astartofs*8; // Clear bits [n..127] for (; n < 128; ++n) netmask[n>>3] &= ~(1<<(n&7)); @@ -1233,12 +1233,10 @@ CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup) { if (LookupHost(strNetmask.c_str(), vIP, 1, false)) // Never allow lookup for netmask { - // Remember: GetByte returns bytes in reversed order // Copy only the *last* four bytes in case of IPv4, the rest of the mask should stay 1's as // we don't want pchIPv4 to be part of the mask. - int asize = network.IsIPv4() ? 4 : 16; - for(int x=0; x Date: Tue, 26 May 2015 08:59:20 +0200 Subject: [PATCH 03/14] Fix two problems in CSubNet parsing Fix two CSubNet constructor problems: - The use of `/x` where 8 does not divide x was broken, due to a bit-order issue - The use of e.g. `1.2.3.4/24` where the netmasked bits in the network are not 0 was broken. Fix this by explicitly normalizing the netwok according to the bitmask. Also add tests for these cases. Fixes #6179. Thanks to @jonasschnelli for reporting and initial fix. Rebased-From: b45c50ce511dbf541ea086ae40a3ad16ff06de0c Github-Pull: #6186 --- src/netbase.cpp | 6 +++++- src/test/netbase_tests.cpp | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/netbase.cpp b/src/netbase.cpp index fe6e79efca..d7c263f347 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -1222,7 +1222,7 @@ CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup) n += astartofs*8; // Clear bits [n..127] for (; n < 128; ++n) - netmask[n>>3] &= ~(1<<(n&7)); + netmask[n>>3] &= ~(1<<(7-(n&7))); } else { @@ -1249,6 +1249,10 @@ CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup) { valid = false; } + + // Normalize network according to netmask + for(int x=0; x<16; ++x) + network.ip[x] &= netmask[x]; } bool CSubNet::Match(const CNetAddr &addr) const diff --git a/src/test/netbase_tests.cpp b/src/test/netbase_tests.cpp index c26e738384..d5188c3acc 100644 --- a/src/test/netbase_tests.cpp +++ b/src/test/netbase_tests.cpp @@ -116,6 +116,11 @@ BOOST_AUTO_TEST_CASE(subnet_test) BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:8"))); BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:9"))); BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:0/112").Match(CNetAddr("1:2:3:4:5:6:7:1234"))); + BOOST_CHECK(CSubNet("192.168.0.1/24").Match(CNetAddr("192.168.0.2"))); + BOOST_CHECK(CSubNet("192.168.0.20/29").Match(CNetAddr("192.168.0.18"))); + BOOST_CHECK(CSubNet("1.2.2.1/24").Match(CNetAddr("1.2.2.4"))); + BOOST_CHECK(CSubNet("1.2.2.110/31").Match(CNetAddr("1.2.2.111"))); + BOOST_CHECK(CSubNet("1.2.2.20/26").Match(CNetAddr("1.2.2.63"))); // All-Matching IPv6 Matches arbitrary IPv4 and IPv6 BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1:2:3:4:5:6:7:1234"))); BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1.2.3.4"))); From ebd7d8d78c2d89ceaf40894cedd6b21fb8bebe96 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Mon, 18 May 2015 11:21:32 +0200 Subject: [PATCH 04/14] Parameter interaction: disable upnp if -proxy set To protect privacy, do not use UPNP when a proxy is set. The user may still specify -listen=1 to listen locally (for a hidden service), so don't rely on this happening through -listen. Fixes #2927. Conflicts: src/init.cpp Rebased-From: 8c35b6f3be218101630101806300cfd75be23f58 Github-Pull: #6153 --- src/init.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/init.cpp b/src/init.cpp index 9ff87ad1e6..00c8e399e8 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -593,7 +593,11 @@ bool AppInit2(boost::thread_group& threadGroup) if (mapArgs.count("-proxy")) { // to protect privacy, do not listen by default if a default proxy server is specified if (SoftSetBoolArg("-listen", false)) - LogPrintf("AppInit2 : parameter interaction: -proxy set -> setting -listen=0\n"); + LogPrintf("%s: parameter interaction: -proxy set -> setting -listen=0\n", __func__); + // to protect privacy, do not use UPNP when a proxy is set. The user may still specify -listen=1 + // to listen locally, so don't rely on this happening through -listen below. + if (SoftSetBoolArg("-upnp", false)) + LogPrintf("%s: parameter interaction: -proxy set -> setting -upnp=0\n", __func__); // to protect privacy, do not discover addresses by default if (SoftSetBoolArg("-discover", false)) LogPrintf("AppInit2 : parameter interaction: -proxy set -> setting -discover=0\n"); From ecc96f5ba9af206d1eb69f41d4d04f4fd014eeb3 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Sun, 31 May 2015 06:53:27 +0000 Subject: [PATCH 05/14] Remove P2SH coinbase flag, no longer interesting Github-Pull: #6203 Rebased-From: d449772cf69c01932fc5d72c46054815d6300b3c --- src/init.cpp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/init.cpp b/src/init.cpp index 00c8e399e8..ed05c15729 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -683,12 +683,6 @@ bool AppInit2(boost::thread_group& threadGroup) if (nConnectTimeout <= 0) nConnectTimeout = DEFAULT_CONNECT_TIMEOUT; - // Continue to put "/P2SH/" in the coinbase to monitor - // BIP16 support. - // This can be removed eventually... - const char* pszP2SH = "/P2SH/"; - COINBASE_FLAGS << std::vector(pszP2SH, pszP2SH+strlen(pszP2SH)); - // Fee-per-kilobyte amount considered the same as "free" // If you are mining, be careful setting this: // if you set it to zero then From 181771b71296ffc242a4301a472f5a7ad5f6cc76 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Wed, 3 Jun 2015 09:42:03 +0200 Subject: [PATCH 06/14] json: fail read_string if string contains trailing garbage Change `read_string` to fail when not the entire input has been consumed. This avoids unexpected, even dangerous behavior (fixes #6223). The new JSON parser adapted in #6121 also solves this problem so in master this is a temporary fix, but should be backported to older releases. Also adds tests for the new behavior. Github-Pull: #6226 Rebased-From: 4e157fc60dae5ca69933ea4c1585a2a078b4d957 --- src/json/json_spirit_reader_template.h | 6 +++--- src/test/rpc_tests.cpp | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/json/json_spirit_reader_template.h b/src/json/json_spirit_reader_template.h index 46f5892f62..47e3c1ca84 100644 --- a/src/json/json_spirit_reader_template.h +++ b/src/json/json_spirit_reader_template.h @@ -521,12 +521,11 @@ namespace json_spirit const spirit_namespace::parse_info< Iter_type > info = spirit_namespace::parse( begin, end, - Json_grammer< Value_type, Iter_type >( semantic_actions ), + Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p, spirit_namespace::space_p ); if( !info.hit ) { - assert( false ); // in theory exception should already have been thrown throw_error( info.stop, "error" ); } @@ -570,7 +569,8 @@ namespace json_spirit { typename String_type::const_iterator begin = s.begin(); - return read_range( begin, s.end(), value ); + bool success = read_range( begin, s.end(), value ); + return success && begin == s.end(); } template< class Istream_type > diff --git a/src/test/rpc_tests.cpp b/src/test/rpc_tests.cpp index d5475a92bf..aed6e3ac21 100644 --- a/src/test/rpc_tests.cpp +++ b/src/test/rpc_tests.cpp @@ -139,6 +139,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values) BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL); } +BOOST_AUTO_TEST_CASE(json_parse_errors) +{ + Value value; + // Valid + BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true); + // Valid, with trailing whitespace + BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true); + // Invalid, initial garbage + BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false); + // Invalid, trailing garbage + BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false); + // BTC addresses should fail parsing + BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false); + BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false); +} + BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr) { // Check IPv4 addresses From 09334e04a90fa49b68f9d3b3e3c4d739de144876 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Sat, 6 Jun 2015 14:23:38 +0000 Subject: [PATCH 07/14] configure: Detect (and reject) LibreSSL Rebased-From: a5a81f7354b3aa3e797d973a7e6840f0e50e6533 Github-Pull: #6244 --- configure.ac | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/configure.ac b/configure.ac index 579035f59a..ba8fc08afd 100644 --- a/configure.ac +++ b/configure.ac @@ -701,6 +701,14 @@ else fi fi +AC_CHECK_LIB([crypto],[RAND_egd],[],[ + AC_ARG_WITH([libressl], + [AS_HELP_STRING([--with-libressl],[Build with system LibreSSL (default is no; DANGEROUS; NOT SUPPORTED)])], + [AC_MSG_WARN([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])], + [AC_MSG_ERROR([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])] + ) +]) + CFLAGS_TEMP="$CFLAGS" LIBS_TEMP="$LIBS" CFLAGS="$CFLAGS $SSL_CFLAGS $CRYPTO_CFLAGS" From 0fd846445894e9641d6a908a3e87065ec4d9fef4 Mon Sep 17 00:00:00 2001 From: Tom Harding Date: Fri, 12 Jun 2015 14:07:43 -0700 Subject: [PATCH 08/14] Fix getbalance * Chance "getbalance *" not to use IsTrusted. The method and result now match the "getbalance " behavior. In particular, "getbalance * 0" now works. Also fixed a comment -- GetGalance has required 1 confirmation for many years, and the default "getbalance *" behavior matches that. Github-Pull: #6276 Rebased-From: 7d6a85ab5b1dc96e0f3f6f835f27bb81ba2af919 Rebased-By: @trasher- --- src/rpcwallet.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rpcwallet.cpp b/src/rpcwallet.cpp index e43eee1551..ace6746311 100644 --- a/src/rpcwallet.cpp +++ b/src/rpcwallet.cpp @@ -665,12 +665,12 @@ Value getbalance(const Array& params, bool fHelp) if (params[0].get_str() == "*") { // Calculate total balance a different way from GetBalance() // (GetBalance() sums up all unspent TxOuts) - // getbalance and getbalance '*' 0 should return the same number + // getbalance and "getbalance * 1 true" should return the same number CAmount nBalance = 0; for (map::iterator it = pwalletMain->mapWallet.begin(); it != pwalletMain->mapWallet.end(); ++it) { const CWalletTx& wtx = (*it).second; - if (!wtx.IsTrusted() || wtx.GetBlocksToMaturity() > 0) + if (!IsFinalTx(wtx) || wtx.GetBlocksToMaturity() > 0 || wtx.GetDepthInMainChain() < 0) continue; CAmount allFee; From be6420407b37c4c45a42874ea3cd974605fb65dc Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 12 Jun 2015 12:00:39 +0200 Subject: [PATCH 09/14] Add option `-alerts` to opt out of alert system Make it possible to opt-out of the centralized alert system by providing an option `-noalerts` or `-alerts=0`. The default remains unchanged. This is a gentler form of #6260, in which I went a bit overboard by removing the alert system completely. I intend to add this to the GUI options in another pull after this. Conflicts: src/init.cpp src/main.cpp Github-Pull: #6274 Rebased-From: 02a6702a82a5b00e0e0351041dd3267308b7f319 --- src/init.cpp | 3 +++ src/main.cpp | 4 ++-- src/main.h | 3 +++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/init.cpp b/src/init.cpp index ed05c15729..85e4710c39 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -241,6 +241,7 @@ std::string HelpMessage(HelpMessageMode mode) string strUsage = _("Options:") + "\n"; strUsage += " -? " + _("This help message") + "\n"; strUsage += " -alertnotify= " + _("Execute command when a relevant alert is received or we see a really long fork (%s in cmd is replaced by message)") + "\n"; + strUsage += " -alerts " + strprintf(_("Receive and display P2P network alerts (default: %u)"), DEFAULT_ALERTS); strUsage += " -blocknotify= " + _("Execute command when the best block changes (%s in cmd is replaced by block hash)") + "\n"; strUsage += " -checkblocks= " + strprintf(_("How many blocks to check at startup (default: %u, 0 = all)"), 288) + "\n"; strUsage += " -checklevel= " + strprintf(_("How thorough the block verification of -checkblocks is (0-4, default: %u)"), 3) + "\n"; @@ -745,6 +746,8 @@ bool AppInit2(boost::thread_group& threadGroup) fIsBareMultisigStd = GetArg("-permitbaremultisig", true) != 0; nMaxDatacarrierBytes = GetArg("-datacarriersize", nMaxDatacarrierBytes); + fAlerts = GetBoolArg("-alerts", DEFAULT_ALERTS); + // ********************************************************* Step 4: application initialization: dir lock, daemonize, pidfile, debug log // Sanity check diff --git a/src/main.cpp b/src/main.cpp index c37e1092eb..4d287eec92 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -53,7 +53,7 @@ bool fTxIndex = false; bool fIsBareMultisigStd = true; bool fCheckBlockIndex = false; unsigned int nCoinCacheSize = 5000; - +bool fAlerts = DEFAULT_ALERTS; /** Fees smaller than this (in satoshi) are considered zero fee (for relaying and mining) */ CFeeRate minRelayTxFee = CFeeRate(1000); @@ -4265,7 +4265,7 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, } - else if (strCommand == "alert") + else if (fAlerts && strCommand == "alert") { CAlert alert; vRecv >> alert; diff --git a/src/main.h b/src/main.h index 71f21716d0..9a875a0750 100644 --- a/src/main.h +++ b/src/main.h @@ -54,6 +54,8 @@ static const unsigned int DEFAULT_BLOCK_MAX_SIZE = 750000; static const unsigned int DEFAULT_BLOCK_MIN_SIZE = 0; /** Default for -blockprioritysize, maximum space for zero/low-fee transactions **/ static const unsigned int DEFAULT_BLOCK_PRIORITY_SIZE = 50000; +/** Default for accepting alerts from the P2P network. */ +static const bool DEFAULT_ALERTS = true; /** The maximum size for transactions we're willing to relay/mine */ static const unsigned int MAX_STANDARD_TX_SIZE = 100000; /** The maximum allowed number of signature check operations in a block (network rule) */ @@ -129,6 +131,7 @@ extern bool fIsBareMultisigStd; extern bool fCheckBlockIndex; extern unsigned int nCoinCacheSize; extern CFeeRate minRelayTxFee; +extern bool fAlerts; /** Best header we've seen so far (used for getheaders queries' starting points). */ extern CBlockIndex *pindexBestHeader; From 3f5563877a493a3a2060659ebe4b7aae62a17d84 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Mon, 22 Jun 2015 08:52:11 +0200 Subject: [PATCH 10/14] doc: update mailing list address Move from sourceforge to linux foundation. Also get rid of some other stale mentions of sourceforge. Github-Pull: #6319 Rebased-From: 88d8525ca2ff2afc171cd0f625a098371f3a6af5 --- README.md | 2 +- contrib/debian/copyright | 3 +-- contrib/gitian-downloader/linux-download-config | 2 +- contrib/gitian-downloader/win32-download-config | 2 +- doc/dnsseed-policy.md | 3 ++- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fb9c0b6d77..d59767d4cc 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ development team members simply pulls it. If it is a *more complicated or potentially controversial* change, then the patch submitter will be asked to start a discussion (if they haven't already) on the -[mailing list](http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development). +[mailing list](https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev) The patch will be accepted if there is broad consensus that it is a good thing. Developers should expect to rework and resubmit patches if the code doesn't diff --git a/contrib/debian/copyright b/contrib/debian/copyright index a6ee201991..b45222e5d3 100644 --- a/contrib/debian/copyright +++ b/contrib/debian/copyright @@ -2,8 +2,7 @@ Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?rev=174 Upstream-Name: Bitcoin Upstream-Contact: Satoshi Nakamoto irc://#bitcoin@freenode.net -Source: http://sourceforge.net/projects/bitcoin/files/ - https://github.com/bitcoin/bitcoin +Source: https://github.com/bitcoin/bitcoin Files: * Copyright: 2009-2012, Bitcoin Core Developers diff --git a/contrib/gitian-downloader/linux-download-config b/contrib/gitian-downloader/linux-download-config index f5e6382b84..4c03779526 100644 --- a/contrib/gitian-downloader/linux-download-config +++ b/contrib/gitian-downloader/linux-download-config @@ -3,7 +3,7 @@ name: bitcoin urls: - http://bitcoin.org/bitcoin-latest-linux-gitian.zip rss: -- url: http://sourceforge.net/api/file/index/project-id/244765/mtime/desc/limit/100/rss +- url: xpath: //item/link/text() pattern: bitcoin-\d+.\d+.\d+-linux-gitian.zip signers: diff --git a/contrib/gitian-downloader/win32-download-config b/contrib/gitian-downloader/win32-download-config index 06c164180d..083bce5de8 100644 --- a/contrib/gitian-downloader/win32-download-config +++ b/contrib/gitian-downloader/win32-download-config @@ -3,7 +3,7 @@ name: bitcoin urls: - http://bitcoin.org/bitcoin-latest-win32-gitian.zip rss: -- url: http://sourceforge.net/api/file/index/project-id/244765/mtime/desc/limit/100/rss +- url: xpath: //item/link/text() pattern: bitcoin-\d+.\d+.\d+-win32-gitian.zip signers: diff --git a/doc/dnsseed-policy.md b/doc/dnsseed-policy.md index 66a1757ac5..e6b4e6df5a 100644 --- a/doc/dnsseed-policy.md +++ b/doc/dnsseed-policy.md @@ -45,7 +45,8 @@ related to the DNS seed operation. If these expectations cannot be satisfied the operator should discontinue providing services and contact the active Bitcoin -Core development team as well as posting on bitcoin-development. +Core development team as well as posting on +[bitcoin-dev](https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev). Behavior outside of these expectations may be reasonable in some situations but should be discussed in public in advance. From 7e66e9c97bf270b551ab40ae84078a37a8a05586 Mon Sep 17 00:00:00 2001 From: Cory Fields Date: Tue, 14 Jul 2015 17:38:03 -0400 Subject: [PATCH 11/14] openssl: avoid config file load/race Rebased-From: d4b1d5a8baf18e4c8d62846360c0c1c0c9331d70 Github-Pull: #6438 --- src/util.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/util.cpp b/src/util.cpp index 3316c172a7..d789e05ecb 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -78,6 +78,7 @@ #include #include #include +#include // Work around clang compilation problem in Boost 1.46: // /usr/include/boost/program_options/detail/config_file.hpp:163:17: error: call to function 'to_internal' that is neither visible in the template definition nor found by argument-dependent lookup @@ -128,6 +129,13 @@ public: ppmutexOpenSSL[i] = new CCriticalSection(); CRYPTO_set_locking_callback(locking_callback); + // OpenSSL can optionally load a config file which lists optional loadable modules and engines. + // We don't use them so we don't require the config. However some of our libs may call functions + // which attempt to load the config file, possibly resulting in an exit() or crash if it is missing + // or corrupt. Explicitly tell OpenSSL not to try to load the file. The result for our libs will be + // that the config appears to have been loaded and there are no modules/engines available. + OPENSSL_no_config(); + #ifdef WIN32 // Seed OpenSSL PRNG with current contents of the screen RAND_screen(); From 255eced936a484de1ce3b5ef6893327b92df0a93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=B8=BFtcDrak?= Date: Tue, 14 Jul 2015 23:33:49 +0100 Subject: [PATCH 12/14] Updated URL location of netinstall for Debian Conflicts: doc/gitian-building.md Github-Pull: #6439 Rebased-From: 09d4ddf1c5841b757c2676d508a68baa2dbdc4c7 --- doc/gitian-building.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/gitian-building.md b/doc/gitian-building.md index defddedc6e..6a29574741 100644 --- a/doc/gitian-building.md +++ b/doc/gitian-building.md @@ -74,7 +74,7 @@ In the VirtualBox GUI click "Create" and choose the following parameters in the - Disk size: at least 40GB; as low as 20GB *may* be possible, but better to err on the safe side - Push the `Create` button -Get the [Debian 7.4 net installer](http://ftp.at.debian.org/debian-jigdo/current/amd64/iso-cd/debian-7.4.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)). +Get the [Debian 7.8 net installer](http://cdimage.debian.org/cdimage/archive/7.8.0/amd64/iso-cd/debian-7.8.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)). This DVD image can be validated using a SHA256 hashing tool, for example on Unixy OSes by entering the following in a terminal: From 0739e6e57a4b59966588a79ac2646eb3264c4dfa Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Thu, 9 Jul 2015 18:23:27 -0400 Subject: [PATCH 13/14] Test whether created sockets are select()able Conflicts: src/net.cpp Github-Pull: #6412 Rebased-From: d422f9b1fdb42a51aadaa1bbc157542dca2feb17 --- src/compat.h | 8 ++++++++ src/net.cpp | 19 +++++++++++++++++++ src/netbase.cpp | 3 +++ 3 files changed, 30 insertions(+) diff --git a/src/compat.h b/src/compat.h index 477dd2bfeb..85c94830ae 100644 --- a/src/compat.h +++ b/src/compat.h @@ -90,4 +90,12 @@ typedef u_int SOCKET; size_t strnlen_int( const char *start, size_t max_len); +bool static inline IsSelectableSocket(SOCKET s) { +#ifdef WIN32 + return true; +#else + return (s >= 0 && s < FD_SETSIZE); +#endif +} + #endif // BITCOIN_COMPAT_H diff --git a/src/net.cpp b/src/net.cpp index 47221edef6..6eb2020b33 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -403,6 +403,12 @@ CNode* ConnectNode(CAddress addrConnect, const char *pszDest) if (pszDest ? ConnectSocketByName(addrConnect, hSocket, pszDest, Params().GetDefaultPort(), nConnectTimeout, &proxyConnectionFailed) : ConnectSocket(addrConnect, hSocket, nConnectTimeout, &proxyConnectionFailed)) { + if (!IsSelectableSocket(hSocket)) { + LogPrintf("Cannot create connection: non-selectable socket created (fd >= FD_SETSIZE ?)\n"); + CloseSocket(hSocket); + return NULL; + } + addrman.Attempt(addrConnect); // Add node @@ -871,8 +877,14 @@ void ThreadSocketHandler() if (nErr != WSAEWOULDBLOCK) LogPrintf("socket error accept failed: %s\n", NetworkErrorString(nErr)); } + else if (!IsSelectableSocket(hSocket)) + { + LogPrintf("connection from %s dropped: non-selectable socket\n", addr.ToString()); + CloseSocket(hSocket); + } else if (nInbound >= nMaxConnections - MAX_OUTBOUND_CONNECTIONS) { + LogPrint("net", "connection from %s dropped (full)\n", addr.ToString()); CloseSocket(hSocket); } else if (CNode::IsBanned(addr) && !whitelisted) @@ -1498,6 +1510,13 @@ bool BindListenPort(const CService &addrBind, string& strError, bool fWhiteliste LogPrintf("%s\n", strError); return false; } + if (!IsSelectableSocket(hListenSocket)) + { + strError = "Error: Couldn't create a listenable socket for incoming connections"; + LogPrintf("%s\n", strError); + return false; + } + #ifndef WIN32 #ifdef SO_NOSIGPIPE diff --git a/src/netbase.cpp b/src/netbase.cpp index d7c263f347..7f20cd05ec 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -267,6 +267,9 @@ bool static InterruptibleRecv(char* data, size_t len, int timeout, SOCKET& hSock } else { // Other error or blocking int nErr = WSAGetLastError(); if (nErr == WSAEINPROGRESS || nErr == WSAEWOULDBLOCK || nErr == WSAEINVAL) { + if (!IsSelectableSocket(hSocket)) { + return false; + } struct timeval tval = MillisToTimeval(std::min(endTime - curTime, maxWait)); fd_set fdset; FD_ZERO(&fdset); From ae52a7ffd1b3743e76220812c7f581c5c08f975b Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Mon, 20 Jul 2015 17:10:02 +0200 Subject: [PATCH 14/14] Fix warning introduced by #6412 SOCKET are defined as unsigned integers, thus always >=0. Rebased-From: 89289d875da108c42ca013f33597eda46cb6eb53 --- src/compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/compat.h b/src/compat.h index 85c94830ae..e08e348ed8 100644 --- a/src/compat.h +++ b/src/compat.h @@ -94,7 +94,7 @@ bool static inline IsSelectableSocket(SOCKET s) { #ifdef WIN32 return true; #else - return (s >= 0 && s < FD_SETSIZE); + return (s < FD_SETSIZE); #endif }