Commit Graph

5791 Commits

Author SHA1 Message Date
Wladimir J. van der Laan
f6b753912b
qt: Pull updated translations from Transifex 2015-01-12 10:17:54 +01:00
Wladimir J. van der Laan
037bfefe6b
Improve robustness of DER recoding code
Add some defensive programming on top of #5634.

This copies the respective OpenSSL code in ECDSA_verify in
OpenSSL pre-1.0.1k (e.g. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1j/crypto/ecdsa/ecs_vrf.c#L89)
more closely.

As reported by @sergiodemianlerner.

Github-Pull: #5640
Rebased-From: c6b7b29f23
2015-01-12 09:28:24 +01:00
Wladimir J. van der Laan
b8ac476890
gitian: bump revision for OSX qt
Not necessary for windows or linux, as the intermedate build result
doesn't change.
However for OSX on 0.9 the builds for the intermediates are not
deterministic, so this cannot be assessed. Bump the dep version just in
case.
2015-01-10 11:48:02 +01:00
Wladimir J. van der Laan
65a1dda254
doc: Update release process for openssl bump 2015-01-10 11:19:47 +01:00
Wladimir J. van der Laan
60c51f1c38
fail immediately on an empty signature
Github-Pull: #5634
Rebased-From: 8dccba6a45
2015-01-10 08:58:47 +01:00
Wladimir J. van der Laan
f047dfa7df
gitian: openssl-1.0.1i.tar.gz -> openssl-1.0.1k.tar.gz 2015-01-10 08:57:25 +01:00
Cory Fields
b8e81b7ccd
consensus: guard against openssl's new strict DER checks
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.

Github-Pull: #5634
Rebased-From: 488ed32f2a
2015-01-10 08:31:14 +01:00
Gregory Maxwell
0a94661e8d
Disable SSLv3 (in favor of TLS) for the RPC client and server.
TLS is subject to downgrade attacks when SSLv3 is available, and
 SSLv3 has vulnerabilities.

The popular solution is to disable SSLv3. On the web this breaks
 some tiny number of very old clients. While Bitcoin RPC shouldn't
 be exposed to the open Internet, it also shouldn't be exposed to
 really old SSL implementations, so it shouldn't be a major issue
 for us to disable SSLv3.

There is more information on the downgrade attacks and disabling
 SSLv3 at https://disablessl3.com/ .

Rebased-From: 683dc4009b
2014-12-09 15:22:28 +01:00
Pieter Wuille
bb424e4447
Limit the number of new addressses to accumulate
Rebased-From: 12a49cac0a
2014-12-09 15:17:21 +01:00
Gregory Maxwell
cd5164aba2
Make -proxy set all network types, avoiding a connect leak.
Previously -proxy was not setting the proxy for IsLimited networks, so
 if you set your configuration to be onlynet=tor you wouldn't get an
 IPv4 proxy set.

The payment protocol gets its proxy configuration from the IPv4 proxy,
 and so it would experience a connection leak.

This addresses issue #5355 and also clears up a cosmetic bug where
 getinfo proxy output shows nothing when onlynet=tor is set.

Conflicts:
	src/init.cpp

Rebased-From: 3c77714134
Github-Issue: #5358
2014-11-24 15:33:46 +01:00
Gavin Andresen
25b49b5b45 Refactor -alertnotify code
Refactor common -alertnotify code into static CAlert::Notify method.
2014-10-08 12:17:57 +02:00
Cory Fields
5b9f78d69c build: Fix OSX build when using Homebrew and qt5
Qt5 is bottled, so configure won't find it without some help. Use
brew to find out its prefix.

Also, qt5 added the host_bins variable to pkg-config, use it.
2014-10-03 15:33:24 -04:00
Saivann
274352927f
doc: Add instructions for consistent Mac OS X build names
Rebased-From: 0dcb0a5578
2014-10-02 12:08:05 +02:00
Gavin Andresen
ffab1ddb85 Keep symlinks when copying into .app bundle
Code signing failed for me on OSX 10.9.5 because the
Versions/Current symbolic links were being replaced
with a duplicate copy of the frameworks' code.

Releases were bigger than they needed to be, for the
same reason.

Rebased-From: 965c306d6d
2014-10-02 09:03:36 +02:00
Cory Fields
613247fc97
osx: fix signing to make Gatekeeper happy (again)
The approach from 65f3fa8d1 worked for signing on 10.9.4, but not newer
versions. 10.9.5 (and up) want each framework to stand alone.

Now in addition to copying the plist's from Qt for each framework, we put them
in per-version dirs and only symlink to the latest, rather than using symlinks
for any contents.

Rebased-From: af0bd5e
2014-10-01 09:01:47 +02:00
Cory Fields
855fd498f9
build: fix release name strings for gitian builds
When building from a distdir as gitian does, checking for the .git dir
is not reliable. Instead, ask git if we're in a repo.

Rebase this into 0.9.3 branch after final to make sure that 0.9.4 will
have correct version strings in rcs.

Rebased-From: c65cc8c
2014-09-25 10:56:39 +02:00
Wladimir J. van der Laan
40d20412ff
build: change cdrkit location in build-process.md
The cdrkit.org domain expired.
Thanks to gdm85 on IRC for reporting this.

Rebased-From: 27fc5277f7
2014-09-22 16:42:15 +02:00
Wladimir J. van der Laan
213cd5948c
Remove mention of MacPorts from OSX build docs
Rebased-From: d547ebf
2014-09-18 11:53:33 +02:00
Cory Fields
e3d8d58659
build: osx: Fix incomplete framework packaging for codesigning
Starting with 10.9, Framework versions must be signed individually, rather
than as a single bundle version, in order to be properly codesigned. This
change ensures that the proper plist files and symlinks are present prior to
packaging.

Rebased-From: 65f3fa8
2014-09-13 12:11:29 +02:00
Wladimir J. van der Laan
cea5e49420
Update release notes 2014-09-12 10:25:55 +02:00
Wladimir J. van der Laan
ce16723310
Update release notes 2014-09-11 15:11:32 +02:00
Gavin Andresen
ea3c1b0806 Store fewer orphan tx by default, add -maxorphantx option
There is no reason to store thousands of orphan transactions;
normally an orphan's parents will either be broadcast or
mined reasonably quickly.

This pull drops the maximum number of orphans from 10,000 down
to 100, and adds a command-line option (-maxorphantx) that is
just like -maxorphanblocks to override the default.
2014-09-11 15:06:46 +02:00
shshshsh
af252082ef Make max number of orphan blocks kept in memory a startup parameter (fixes #4253)
Rebased-From: 7b45d943b2
2014-09-11 15:06:46 +02:00
Gavin Andresen
6d911ada83
Stricter handling of orphan transactions
Prevent denial-of-service attacks by banning
peers that send us invalid orphan transactions
and only storing orphan transactions given to
us by a peer while the peer is connected.

Rebased-From: c74332c678
2014-09-11 15:06:42 +02:00
phantomcircuit
306a93b79e
remove useless millisleep
reduces time to service requests improving performance

Rebased-From: 9189f5fe4d
2014-09-11 11:20:48 +02:00
Wladimir J. van der Laan
6fbd58df09
build: Remove message about Ubuntu 13.10 when no boost sleep implementation found
It's only confusing people into thinking that they should mess with
boost versions, which should not be necessary to get bitcoind to work.

If there is a bug in the build system with autodetecting boost it needs
to be solved not worked around.

Rebased-From: 539abc4729
2014-09-11 11:16:01 +02:00
Wladimir J. van der Laan
0655d64c22
doc: Remove outdated information about boost versions
Bitcoin core should work with any remotely recent boost version
if a proper build environment is present. Remove a confusing comment
from the build documentation.

Rebased-From: bd45b1a
2014-09-11 11:15:02 +02:00
Jeff Garzik
6eb5410d8f
Avoid returning many "inv" orphans
Rebased-From: 540ac45
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
2014-09-10 17:05:31 +02:00
Wladimir J. van der Laan
d030936da2
Limit CNode::mapAskFor
Tighten resource constraints on CNode.

Rebased-From: d4168c8
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
2014-09-10 17:00:37 +02:00
Gavin Andresen
12927dd315 Fix crashing bug caused by orphan(s) with duplicate prevout.hash
Rebased-From: def2fdb
Rebased-By: Wladimir J. van der Laan
2014-09-10 16:56:54 +02:00
Wladimir J. van der Laan
c6727f34d1 Avoid repeated lookups in mapOrphanTransactions and mapOrphanTransactionsByPrev
Rebased-From: 89d91f6
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
2014-09-09 09:20:54 +02:00
Wladimir J. van der Laan
ea55881c3e Filter translations through new update-translations script
This does not add any new messages from transifex, it just filters the
current ones.
2014-09-01 11:00:16 +02:00
Wladimir J. van der Laan
b62172a66a
Add deeper XML checking to update-translation script
- Catch problems such as mismatched formatting characters. Remove
  messages that can give problems at runtime.

- Also remove unfinished/untranslated messages, they just take up space
  in the ts and waste parsing time.

Fixes #4774.

Rebased-From: da59f28
Rebased-By: Wladimir J. van der Laan
2014-09-01 10:31:59 +02:00
Wladimir J. van der Laan
a12d6acc5d
doc: mention translations in release notes 2014-08-22 14:59:13 +02:00
Wladimir J. van der Laan
e6abbce8cd
qt: Language update for 0.9.3 2014-08-22 12:02:24 +02:00
Wladimir J. van der Laan
29ba8cc073
doc: Add list of contributors to 0.9.3 2014-08-22 12:00:15 +02:00
Wladimir J. van der Laan
a9c6eef915 gitian: Bump miniupnp version to 1.9.20140701
Also change build system: STATICLIB is now MINIUPNP_STATICLIB.
2014-08-22 11:29:09 +02:00
Rose Toomey
49df14d295
Update build-osx.md
The homebrew instructions were outdated - berkeley-db4 hasn't worked for months, based on the questions I'm seeing on Google/SO.  So I added a section explaining how to install berkeley-db4 using homebrew and move on with your life.  Thanks for the rest of the documentation!
Conflicts:
	doc/build-osx.md

Rebased-From: b1ed7c2
2014-08-21 18:28:40 +02:00
Cory Fields
47c78c2966 libc-compat: add new symbol that's now needed
Rebased-From: 565e569
2014-08-21 18:07:05 +02:00
Cory Fields
55911710f5 build: fix FDELT_TYPE configure check
This probably never worked properly. Confirmed working now with every compiler
I throw at it.

Rebased-From: 8021cf8
2014-08-21 18:06:30 +02:00
Cory Fields
0991401cdd
build: Fix boost build on some platforms
When the libpath doesn't line up with the value from config.sub, we don't find
the correct path to boost's libs. This adds a hack to try another path before
giving up.

Should close #3219.

Rebased-From: 54c7df81
2014-08-21 17:54:09 +02:00
Cory Fields
f62031b895
qt: fix unicode character display on osx when building with 10.7 sdk
Conflicts:
	src/qt/bitcoin.cpp

Rebased-From: 292cc072
2014-08-21 17:35:31 +02:00
Michael Ford
bba0175022 gitian: upgrade OpenSSL to 1.0.1i
Upgrade for https://www.openssl.org/news/secadv_20140806.txt

Rebased-From: 074bcdc
Github-Pull: #4648
2014-08-21 17:35:20 +02:00
Jeff Garzik
026b9dfd6e
Avoid querying DNS seeds, if we have open connections.
The goal is to increase independence and privacy.

Rebased-From: 2e7009d
2014-08-19 17:37:07 +02:00
Wladimir J. van der Laan
736d8b85b3 preliminary release notes for 0.9.3 2014-08-18 15:53:37 +02:00
Peter Todd
84fe0ffd68 Increase IsStandard() scriptSig length
Removes the limits on number of pubkeys for P2SH CHECKMULTISIG outputs.
Previously with the 500 byte scriptSig limit there were odd restrictions
where even a 1-of-12 P2SH could be spent in a standard transaction(1),
yet multisig scriptPubKey's requiring more signatures quickly ran out of
scriptSig space.

From a "stuff-data-in-the-blockchain" point of view not much has changed
as with the prior commit now only allowing the dummy value to be null
the newly allowed scriptSig space can only be used for signatures. In
any case, just using more outputs is trivial and doesn't cost much.

1) See 779b519480d8c5346de6e635119c7ee772e97ec872240c45e558f582a37b4b73
   Mined by BTC Guild.
2014-08-18 15:34:29 +02:00
Peter Todd
fd0c4606bc Check redeemScript size does not exceed 520 byte limit
redeemScripts >520bytes can't be spent due to the
MAX_SCRIPT_ELEMENT_SIZE limit; previously the addmultisigaddress and
createmultisig RPC calls would let you violate that limit unknowingly.

Also made the wallet code itself check the redeemScript prior to adding
it to the wallet, which in the (rare) instance that a user has added an
invalid oversized redeemScript to their wallet causes an error on
startup. The affected key isn't added to the wallet; other keys are
unaffected.
2014-08-18 15:34:29 +02:00
Wladimir J. van der Laan
4b57c5b3c7 Ignore too-long redeemScripts while loading wallet
This avoids that long redeemScripts that were grandfathered in
prevent the wallet from loading.

Fixes #4313.

Rebased-From: 18116b0
2014-08-18 15:34:29 +02:00
Jeff Garzik
f8cdf4f937 base58: add paranoid return value checks
Rebased-From: 88df548
2014-08-18 15:34:29 +02:00
Andrew Poelstra
f6f4c83382 key.cpp: fail with a friendlier message on missing ssl EC support
Previously if bitcoind is linked with an OpenSSL which is compiled
without EC support, this is seen as an assertion failure "pKey !=
NULL" at key.cpp:134, which occurs after several seconds. It is an
esoteric piece of knowledge to interpret this as "oops, I linked
with the wrong OpenSSL", and because of the delay it may not even
be noticed.

The new output is

: OpenSSL appears to lack support for elliptic curve cryptography. For
more information, visit
https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries
: Initialization sanity check failed. Bitcoin Core is shutting down.

which occurs immediately after attempted startup.

This also blocks in an InitSanityCheck() function which currently only
checks for EC support but should eventually do more. See #4081.

Rebased-From: 4a09e1d
2014-08-18 15:34:29 +02:00