.

stevensmccoy734-commits commented at 1:52 am on October 28, 2025: none

Merge bitcoin/bitcoin#33391: test: Prevent disk space warning during node_init_tests

bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f test: Prevent disk space warning during node_init_tests (Ryan Ofsky)

Pull request description:

  mzumsande pointed out https://github.com/bitcoin/bitcoin/pull/32345#issuecomment-3286964369 that this test was print a warning:

  ```
  Warning: Disk space for "/tmp/test_common bitcoin/node_init_tests/init_test/bf78678cb7723a3e84b5/blocks" may not accommodate the block files. Approximately 810 GB of data will be stored in this directory.
  ```

  Fix by setting regtest instead of mainnet network before running the test.

ACKs for top commit:
  achow101:
    ACK bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f
  Eunovo:
    Tested ACK https://github.com/bitcoin/bitcoin/pull/33391/commits/bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f:
  janb84:
    ACK bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f
  l0rinc:
    tested ACK bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f
  mzumsande:
    utACK bdf01c6f61262cd6e211ead3c0dbc66ccb48b32f
  enirox001:
    utACK bdf01c6

Tree-SHA512: ac4e1e48246c84a4c4b80ccb25e962b0090359ab0e541ee4f1a9e18ac9da8ec35a78c9a55501d231423053e945ff785862f0db141d4b620d622327670c764f8c

5aa3d3135d

Merge bitcoin/bitcoin#33373: depends: systemtap 5.3

28efd724b47841a16d0630cec4b59563cda54a81 depends: systemtap 5.3 (fanquake)

Pull request description:

  The diff in the copied header is:
  ```diff
  < #if __STDC_VERSION__ >= 199901L
  ---
  > #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
  ```

  From
  https://sourceware.org/git/?p=systemtap.git;a=commit;h=b8345d8e07b725a943a97b19aa4866e74baadd98.

ACKs for top commit:
  0xB10C:
    ACK 28efd724b47841a16d0630cec4b59563cda54a81

Tree-SHA512: 30eb4656d354e463937b68f8977d3c3bfe1e5a63be19a9e446a41cabcd1222290f4c7ecc64e516c4f5cc38b744229906fd92a9a56f4e1380dfb8db9ed518ebb4

c4adfbf706

net: remove unnecessary casts in socket operations

These methods in the Sock class wrap corresponding syscalls,
accepting void* arguments and casting to char* internally, which is
needed for Windows support and ignored on other platforms because
the syscall itself accepts void*:

Send()
Recv()
GetSockOpt()
SetSockOpt()

67f632b6de

cmake: Install `bitcoin` manpage 7584a4fda9

Merge bitcoin/bitcoin#33380: test: Add submitblock test in interface_ipc

0a26731c4cc182e887ce959cdd301227cdc752d7 test: Add submitblock test in interface_ipc (TheCharlatan)

Pull request description:

  Expands the ipc mining test a bit with submitting a solved block and checking its validity.

ACKs for top commit:
  Sjors:
    ACK 0a26731c4cc182e887ce959cdd301227cdc752d7
  marcofleon:
    code review ACK 0a26731c4cc182e887ce959cdd301227cdc752d7
  zaidmstrr:
    Tested ACK [0a26731](https://github.com/bitcoin/bitcoin/pull/33380/commits/0a26731c4cc182e887ce959cdd301227cdc752d7)

Tree-SHA512: 35c87d88496eec469bddedf2ae82c494626abb47ae15d5a45d6ab0400199c86501199c3e569e83836549830042be76b197b470e1100a317bdfef2578a9d5a92f

947bed28fe

net: Do not apply whitelist permission to onion inbounds

Tor inbound connections do not reveal the peer's actual network address.
Therefore do not apply whitelist permissions to them.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>

f563ce9081

key: use static context for libsecp256k1 calls where applicable

The dynamically created signing context for libsecp256k1 calls is only
needed for functions that involve generator point multiplication with a
secret key, i.e. different variants of public key creation and signing.
The API docs hint to this by stating "not secp256k1_context_static" for
the context parameter. In our case that applies to the following calls:
- `secp256k1_ec_pubkey_create`
- `secp256k1_keypair_create`
- `secp256k1_ellswift_create`
- `secp256k1_ecdsa_sign`
- `secp256k1_ecdsa_sign_recoverable`
- `secp256k1_schnorrsig_sign32`
- `ec_seckey_export_der` (not a direct secp256k1 function, but calls
  `secp256k1_ec_pubkey_create` inside)

For all the other secp256k1 calls we can simply use the static context.

1ff9e92948

build, msvc: Update vcpkg manifest baseline

This change updates the vcpkg manifest baseline from the "2025.03.19
Release" to the "2025.08.27 Release", with the following package
changes:
 - boost: 1.87.0 --> 1.88.0
 - qtbase: 6.8.2#1 -> 6.9.1
 - qttools: 6.8.2 -> 6.9.1
 - sqlite3: 3.49.1 --> 3.50.4

ef20c2d11d

musig: Move synthetic xpub construction to its own function f14876213a

Merge bitcoin/bitcoin#33395: net: do not apply whitelist permissions to onion inbounds

f563ce90818d486d2a199439d2f6ba39cd106352 net: Do not apply whitelist permission to onion inbounds (Martin Zumsande)

Pull request description:

  Tor inbound connections do not reveal the peer's actual network address. Do not apply whitelist permissions to them since address-based matching is ineffective.

ACKs for top commit:
  darosior:
    ACK f563ce90818d486d2a199439d2f6ba39cd106352
  furszy:
    ACK f563ce90818d486d2a199439d2f6ba39cd106352
  vasild:
    ACK f563ce90818d486d2a199439d2f6ba39cd106352

Tree-SHA512: 49ae70e382fc2f78b7073553fe649a6843a41214b2986ea7f77e285d02b7bd00fe0320a1b71d1aaca08713808fb14af058f0b1f19f19adb3a77b97cb9d3449ce

2b0cd1f3fb

init: add exe name to bitcoind, bitcoin-node -version output to be able to distinguish these in tests 0972f55040

test: add tool_bitcoin to test bitcoin wrapper behavior 29e836fae6

Merge bitcoin/bitcoin#33407: cmake: Install `bitcoin` manpage

7584a4fda95d004d31c2df15fdb6f3a7f9654348 cmake: Install `bitcoin` manpage (Hennadii Stepanov)

Pull request description:

  This PR is an amendment to https://github.com/bitcoin/bitcoin/pull/31375.

ACKs for top commit:
  ryanofsky:
    Code review ACK 7584a4fda95d004d31c2df15fdb6f3a7f9654348.

Tree-SHA512: 66810c1d65fa8ae469b8161a5f807aa7b43a7b18e88d40b05617c7110b2e03e07bcb8f310c1736fb2c3738e274fc524032ff5d34d5c644824a4edd64372f1e9f

1444ed855f

bitcoin: Make wrapper not require -m

Choose the right binary by default if an IPC option is specified

453b0fa286

Merge commit '535fa0ad0d2637f845beae92ea9dbbbbbe377c74' into pr/subtree-5 c49a43591f

Squashed 'src/ipc/libmultiprocess/' changes from 13424cf2ecc1..47d79db8a552

47d79db8a552 Merge bitcoin-core/libmultiprocess#201: bug: fix mptest hang, ProxyClient<Thread> deadlock in disconnect handler
f15ae9c9b9fb Merge bitcoin-core/libmultiprocess#211: Add .gitignore
4a269b21b8c8 bug: fix ProxyClient<Thread> deadlock if disconnected as IPC call is returning
85df96482c49 Use try_emplace in SetThread instead of threads.find
ca9b380ea91a Use std::optional in ConnThreads to allow shortening locks
9b0799113557 doc: describe ThreadContext struct and synchronization requirements
d60db601ed9b proxy-io.h: add Waiter::m_mutex thread safety annotations
4e365b019a9f ci: Use -Wthread-safety not -Wthread-safety-analysis
15d7bafbb001 Add .gitignore
fe1cd8c76131 Merge bitcoin-core/libmultiprocess#208: ci: Test minimum cmake version in olddeps job
b713a0b7bfbc Merge bitcoin-core/libmultiprocess#207: ci: output CMake version in CI script
0f580397c913 ci: Test minimum cmake version in olddeps job
d603dcc0eef0 ci: output CMake version in CI script

git-subtree-dir: src/ipc/libmultiprocess
git-subtree-split: 47d79db8a5528097b408e18f7b0bae11a6702d26

535fa0ad0d

test: Avoid interface_ipc.py Duplicate ID errors

This change should fix issue https://github.com/bitcoin/bitcoin/issues/33417
reported by zaidmstrr. It's possible to reproduce the `mp/proxy.capnp:0:
failed: Duplicate ID @0xcc316e3f71a040fb` error by installing libmultiprocess
system-wide, or to one of the locations listed in the python test's `imports`
list before the local libmultiprocess subtree, and then running the test.

e9c52272eb

system: add helper for fetching total system memory

Added a minimal system helper to query total physical RAM on [Linux/macOS/Windows](https://stackoverflow.com/a/2513561) (on other platforms we just return an empty optional).

The added test checks if the value is roughly correct by checking if the CI platforms are returning any value and if the value is at least 1 GiB and not more than 10 TiB.

The max value is only validated on 64 bits, since it's not unreasonable for 32 bits to have max memory, but on 64 bits it's likely an error.

https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/ns-sysinfoapi-memorystatusex
> ullTotalPhys The amount of actual physical memory, in bytes.

https://man7.org/linux/man-pages/man3/sysconf.3.html:
> _SC_PHYS_PAGES The number of pages of physical memory. Note that it is possible for the product of this value and the value of _SC_PAGESIZE to overflow.
> _SC_PAGESIZE Size of a page in bytes. Must not be less than 1.

See https://godbolt.org/z/ec81Tjvrj for further details

6c720459be

coins: warn on oversized -dbcache

Oversized allocations can cause out-of-memory errors or [heavy swapping](https://github.com/getumbrel/umbrel-os/issues/64#issuecomment-663637321), [grinding the system to a halt](https://x.com/murchandamus/status/1964432335849607224).

`LogOversizedDbCache()` now emits a startup warning if the configured `-dbcache` exceeds a cap derived from system RAM, using the same parsing/clamping as cache sizing via CalculateDbCacheBytes(). This isn't meant as a recommended setting, rather a likely upper limit.

Note that we're not modifying the set value, just issuing a warning.
Also note that the 75% calculation is rounded for the last two numbers since we have to divide first before multiplying, otherwise we wouldn't stay inside size_t on 32-bit systems - and this was simpler than casting back and forth.

We could have chosen the remaining free memory for the warning (e.g. warn if free memory is less than 1 GiB), but this is just a heuristic, we assumed that on systems with a lot of memory, other processes are also running, while memory constrained ones run only Core.

If total RAM < 2 GiB, cap is `DEFAULT_DB_CACHE` (`450 MiB`), otherwise it's 75% of total RAM.
The threshold is chosen to be close to values commonly used in [raspiblitz](https://github.com/raspiblitz/raspiblitz/blob/dev/home.admin/_provision.setup.sh#L98-L115) for common setups:

| Total RAM | `dbcache` (MiB) | raspiblitz % | proposed cap (MiB) |
|----------:|----------------:|-------------:|-------------------:|
|     1 GiB |             512 |        50.0% |               450* |
|     2 GiB |            1536 |        75.0% |               1536 |
|     4 GiB |            2560 |        62.5% |               3072 |
|     8 GiB |            4096 |        50.0% |               6144 |
|    16 GiB |            4096 |        25.0% |              12288 |
|    32 GiB |            4096 |        12.5% |              24576 |

[Umbrel issues](https://github.com/getumbrel/umbrel-os/issues/64#issuecomment-663816367) also mention 75% being the upper limit.

Starting `bitcoind` on an 8 GiB rpi4b with a dbcache of 7 GiB:
> ./build/bin/bitcoind -dbcache=7000

warns now as follows:
```
2025-09-07T17:24:29Z [warning] A 7000 MiB dbcache may be too large for a system memory of only 7800 MiB.
2025-09-07T17:24:29Z Cache configuration:
2025-09-07T17:24:29Z * Using 2.0 MiB for block index database
2025-09-07T17:24:29Z * Using 8.0 MiB for chain state database
2025-09-07T17:24:29Z * Using 6990.0 MiB for in-memory UTXO set (plus up to 286.1 MiB of unused mempool space)
```

Besides the [godbolt](https://godbolt.org/z/EPsaE3xTj) reproducers for the new total memory method, we also tested the warnings manually on:
- [x] Apple M4 Max, macOS 15.6.1
- [x] Intel Core i9-9900K, Ubuntu 24.04.2 LTS
- [x] Raspberry Pi 4 Model B, Armbian Linux 6.12.22-current-bcm2711
- [x] Intel Xeon x64, Windows 11 Home Version 24H2, OS Build 26100.4351

Co-authored-by: stickies-v <stickies-v@protonmail.com>
Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>
Co-authored-by: w0xlt <woltx@protonmail.com>

168360f4ae

Merge bitcoin/bitcoin#33420: test: Avoid interface_ipc.py Duplicate ID errors

e9c52272ebd78d01882ac9b32b1aee8e12d87bec test: Avoid interface_ipc.py Duplicate ID errors (Ryan Ofsky)

Pull request description:

  This change should fix issue https://github.com/bitcoin/bitcoin/issues/33417 reported by zaidmstrr. It's possible to reproduce the `mp/proxy.capnp:0: failed: Duplicate ID @0xcc316e3f71a040fb` error by installing libmultiprocess system-wide, or to one of the locations listed in the python test's `imports` list before the local libmultiprocess subtree, and then running the test.

ACKs for top commit:
  zaidmstrr:
    Tested ACK [e9c5227](https://github.com/bitcoin/bitcoin/pull/33420/commits/e9c52272ebd78d01882ac9b32b1aee8e12d87bec)

Tree-SHA512: 5df7fe767989b91245ce96f7c43b6767b7af49ec6c7007175e462341ffd69e161f21632697804060ce286b3e102a8d141a57a53f7e0e32299ef9a3a69ca8794a

74fa028da1

rpc: addpeeraddress: throw on invalid IP

Throw RPC_CLIENT_INVALID_IP_OR_SUBNET when LookupHost(addr, false) fails
in addpeeraddress. This aligns with setban/addconnection and avoids the
opaque {"success": false} result for input errors. The JSON {success,
error?} object remains for addrman outcomes only. Update test to match.

316a0c5132

Merge bitcoin/bitcoin#33333: coins: warn on oversized `-dbcache`

168360f4ae47cbfdb30a2cc4704435bc67e12f16 coins: warn on oversized -dbcache (Lőrinc)
6c720459beead5c825b354a1d5c11969b6e3a170 system: add helper for fetching total system memory (Lőrinc)

Pull request description:

  ### Summary

  Oversized allocations can cause out-of-memory errors or [heavy swapping](https://github.com/getumbrel/umbrel-os/issues/64#issuecomment-663637321), [grinding the system to a halt](https://x.com/murchandamus/status/1964432335849607224).

  ### Fix

  Added a minimal system helper to query total physical RAM on [Linux/macOS/Windows](https://stackoverflow.com/a/2513561) (on unsupported platforms we just disable this warning completely).
  The added test checks if the value is roughly correct by checking if the CI platforms are returning any value and if the value is at least 1 GB (as a simple property test checking if the unit size is correct, e.g. doesn't return megabytes or bits).

  ### Details

  `LogOversizedDbCache()` now emits a startup warning if the configured `-dbcache` exceeds a cap derived from system RAM, using the same parsing/clamping as cache sizing via `CalculateDbCacheBytes()`. This isn't meant as a recommended setting, rather a likely upper limit.

  Note that we're not modifying the set value, just issuing a warning.
  Also note that the 75% calculation is rounded for the last two numbers since we have to divide first before multiplying, otherwise we wouldn't stay inside `size_t` on 32-bit systems - and this was simpler than casting back and forth.

  We could have chosen the remaining free memory for the warning (e.g. warn if free memory is less than 1 GiB), but this is just a heuristic, we assumed that on systems with a lot of memory, other processes are also running, while memory constrained ones run only Core.

  ### Cap

  If total RAM < 2 GiB, cap is `DEFAULT_DB_CACHE` (`450 MiB`), otherwise it's 75% of total RAM.
  The threshold is chosen to be close to values commonly used in [raspiblitz](https://github.com/raspiblitz/raspiblitz/blob/dev/home.admin/_provision.setup.sh#L98-L115) for common setups:

  | Total RAM | `dbcache` (MiB) | raspiblitz % | proposed cap (MiB) |
  |----------:|----------------:|-------------:|-------------------:|
  |     1 GiB |             512 |        50.0% |               450* |
  |     2 GiB |            1536 |        75.0% |               1536 |
  |     4 GiB |            2560 |        62.5% |               3072 |
  |     8 GiB |            4096 |        50.0% |               6144 |
  |    16 GiB |            4096 |        25.0% |              12288 |
  |    32 GiB |            4096 |        12.5% |              24576 |

  [Umbrel issues](https://github.com/getumbrel/umbrel-os/issues/64#issuecomment-663816367) also mention 75% being the upper limit.

  ### Reproducer

  Starting `bitcoind` on an 8 GiB rpi4b with a dbcache of 7 GiB:
  > ./build/bin/bitcoind -dbcache=7000

  warns now as follows:
  ```
  2025-09-07T17:24:29Z [warning] A 7000 MiB dbcache may be too large for a system memory of only 7800 MiB.
  Warning: A 7000 MiB dbcache may be too large for a system memory of only 7800 MiB.
  2025-09-07T17:24:29Z Cache configuration:
  2025-09-07T17:24:29Z * Using 2.0 MiB for block index database
  2025-09-07T17:24:29Z * Using 8.0 MiB for chain state database
  2025-09-07T17:24:29Z * Using 6990.0 MiB for in-memory UTXO set (plus up to 286.1 MiB of unused mempool space)
  ```

  ### Manual testing

  Besides the [godbolt](https://godbolt.org/z/ec81Tjvrj) reproducers for the new total memory method, we also tested the warnings manually on:
  - [x] Apple M4 Max, macOS 15.6.1
  - [x] Intel Core i9-9900K, Ubuntu 24.04.2 LTS
  - [x] Raspberry Pi 4 Model B, Armbian Linux 6.12.22-current-bcm2711
  - [x] Intel Xeon x64, Windows 11 Home Version 24H2, OS Build 26100.4351

ACKs for top commit:
  achow101:
    ACK 168360f4ae47cbfdb30a2cc4704435bc67e12f16
  w0xlt:
    reACK https://github.com/bitcoin/bitcoin/pull/33333/commits/168360f4ae47cbfdb30a2cc4704435bc67e12f16
  hodlinator:
    re-ACK 168360f4ae47cbfdb30a2cc4704435bc67e12f16
  danielabrozzoni:
    reACK 168360f4ae47cbfdb30a2cc4704435bc67e12f16

Tree-SHA512: aa0c9b1034d55a6a4212685a19715d8cd89668ab7c33c688711a15559e6ad81aa65f3cd8b488c91385306e1e16cd9eeefa8f659ba90ef19ce9c7a2e64f8b561a

5aec516b2c

Merge bitcoin/bitcoin#33378: Remove unnecessary casts when calling socket operations

67f632b6deb8b4aa190c458b71d2bc8c793626d5 net: remove unnecessary casts in socket operations (Matthew Zipkin)

Pull request description:

  During review of https://github.com/bitcoin/bitcoin/pull/32747 several casting operations were questioned in existing code that had been copied or moved. That lead me to find a few other similar casts in the codebase.

  It turns out that since the `Sock` class wraps syscalls with its own internal casting (see https://github.com/bitcoin/bitcoin/pull/24357 and https://github.com/bitcoin/bitcoin/pull/20788 written in 2020-2022) we no longer need to cast the arguments when calling these functions. The original argument-casts are old and were cleaned up a bit in https://github.com/bitcoin/bitcoin/pull/12855 written in 2018.

  The casting is only needed for windows compatibility, where those syscalls require a data argument to be of type `char*` specifically:

  https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-getsockopt

  ```
  int getsockopt(
    [in]      SOCKET s,
    [in]      int    level,
    [in]      int    optname,
    [out]     char   *optval,
    [in, out] int    *optlen
  );
  ```

  but on POSIX the argument is `void*`:

  https://www.man7.org/linux/man-pages/man2/getsockopt.2.html

  ```
         int getsockopt(socklen *restrict optlen;
                        int sockfd, int level, int optname,
                        void optval[_Nullable restrict *optlen],
                        socklen_t *restrict optlen);
  ```

ACKs for top commit:
  Raimo33:
    ACK 67f632b6deb8b4aa190c458b71d2bc8c793626d5
  achow101:
    ACK 67f632b6deb8b4aa190c458b71d2bc8c793626d5
  hodlinator:
    ACK 67f632b6deb8b4aa190c458b71d2bc8c793626d5
  vasild:
    ACK 67f632b6deb8b4aa190c458b71d2bc8c793626d5
  davidgumberg:
    ACK https://github.com/bitcoin/bitcoin/commit/67f632b6deb8b4aa190c458b71d2bc8c793626d5

Tree-SHA512: c326d7242698b8d4d019f630fb6281398da2773c4e5aad1e3bba093a012c2119ad8815f42bd009e61a9a90db9b8e6ed5c75174aac059c9df83dd3aa5618a9ba6

eaf2c46475

log: reword `signature validations` to `script verification` in `assumevalid` log

Even though not all script verification is turned off currently (e.g. we're still doing the cheaper sigop counts), this naming is more consistent with other usages.

91ac64b0a6

test: don't throw from the destructor of DebugLogHelper

Throwing an exception from the destructor of a class is a bad practice,
avoid that and instead print the message to the standard error output
and call `std::abort()`.

d6aa266d43

test: forbid copying of DebugLogHelper 2427939935

Merge bitcoin/bitcoin#33412: Update libmultiprocess subtree to fix intermittent mptest hang

535fa0ad0d2637f845beae92ea9dbbbbbe377c74 Squashed 'src/ipc/libmultiprocess/' changes from 13424cf2ecc1..47d79db8a552 (Ryan Ofsky)

Pull request description:

  Includes:

  - https://github.com/bitcoin-core/libmultiprocess/pull/207
  - https://github.com/bitcoin-core/libmultiprocess/pull/208
  - https://github.com/bitcoin-core/libmultiprocess/pull/211
  - https://github.com/bitcoin-core/libmultiprocess/pull/201

  The last change fixes the test hang reported https://github.com/bitcoin/bitcoin/issues/33244

  The changes can be verified by running `test/lint/git-subtree-check.sh src/ipc/libmultiprocess` as described in [developer notes](https://github.com/bitcoin/bitcoin/blob/master/doc/developer-notes.md#subtrees) and [lint instructions](https://github.com/bitcoin/bitcoin/tree/master/test/lint#git-subtree-checksh)

ACKs for top commit:
  Sjors:
    ACK c49a43591f88dc199cc04e76f3cfcb7ba136f1a6
  TheCharlatan:
    ACK c49a43591f88dc199cc04e76f3cfcb7ba136f1a6

Tree-SHA512: e87e92caee20693d969308a9250804ffdea4d6fb84a23a2399c3ee43419e6dceb46a224e2410d35a5690dea14b5af9e94017a8f2ca733fa27781154ef8377e6d

edb871cba2

fuzz: Reduce iterations in slow targets 6a33970fef

rpc: Always return per-wtxid entries in submitpackage tx-results

When submitpackage produced no per-transaction result for a member,
the RPC previously set "error": "unevaluated" but then continued
without inserting the entry into tx-results, making it impossible for
callers to know which wtxids were unevaluated.

Insert the placeholder result before continuing, update help text, and
adjust functional tests to expect entries for all submitted wtxids.

cad9a7fd73

build(windows): Remove lingering registry entries and shortcuts upon install

Prior releases installed using these paths. Especially annoying was that the lingering registry entry for the uninstaller would show up as "Bitcoin Core (64-bit)" besides the current "Bitcoin Core" entry in the list of installed programs, and whichever was uninstalled last would fail to work as they would default to the same install directory.

79752b9c0b

Merge bitcoin/bitcoin#28592: p2p: Increase tx relay rate

b81f37031c8f2ccad9346f1b65ee0f8083c44796 p2p: Increase tx relay rate (Anthony Towns)

Pull request description:

  In the presence of smaller transactions on the network, blocks can sustain a higher relay rate than 7tx/second. In this event, the per-peer inventory queues can grow too large.

  This commit bumps the rate up to 14 tx/s (for inbound peers), increasing the safety margin by a factor of 2.

  Outbound peers continue to receive relayed transactions at 2.5x the rate of inbound peers, for a rate of 35tx/second.

ACKs for top commit:
  sipa:
    ACK b81f37031c8f2ccad9346f1b65ee0f8083c44796
  achow101:
    ACK b81f37031c8f2ccad9346f1b65ee0f8083c44796
  darosior:
    utACK b81f37031c8f2ccad9346f1b65ee0f8083c44796.
  glozow:
    utACK b81f37031c8f2ccad9346f1b65ee0f8083c44796

Tree-SHA512: 854ea0824d5f4c629f1dceb9ee61cc9226c8f0d4d26664737e68db917f65341d4800362ab55ed32673db920b2b59aa116b4cb9ee063367b2e43c94a904b41c08

56c6daa64f

Merge bitcoin/bitcoin#33422: build: Remove lingering Windows registry & shortcuts (#32132 follow-up)

79752b9c0b6bd9b2203ac98d28dd67734050c14a build(windows): Remove lingering registry entries and shortcuts upon install (Hodlinator)

Pull request description:

  ### Problem

  Prior to fb2b05b1259d3e69e6e675adfa30b429424c7625 / #32132 we installed using paths with an extra " (64-bit)"-suffix. Installing a version including that commit on top of a version that does not results in 2 entries in the "Installed apps" list. Both of them end up running the same `C:\Program Files\Bitcoin\uninstall.exe`. However, only one of the entries is removed by the uninstaller. The left over registry entry will now point to an executable that no longer exists and fail to work.

  Removing the left over "Installed apps"  entry on master currently requires the user to manually remove the Windows Registry entries (or run the correct old/new installer to ensure the uninstaller exists again).

  ### Solution

  This PR automates removal of old entries (& shortcuts) when installing the new version.

  ### Disclaimer

  Not an NSIS expert - confirmed that added deletion commands work without causing any visible errors both when prior items exist and when they don't.

ACKs for top commit:
  achow101:
    ACK 79752b9c0b6bd9b2203ac98d28dd67734050c14a
  hebasto:
    ACK 79752b9c0b6bd9b2203ac98d28dd67734050c14a.

Tree-SHA512: d23bd2e8f035ca93c3bd6187b3e5545c89c541b51d7b2b91b79bae1ebe328cd08c38b57e75a39bb376771fc85a537fe1d628903b9eadd32d04c3eb976c2e6d87

df101c97c2

Merge bitcoin/bitcoin#33429: fuzz: reduce iterations in slow targets

6a33970fef1b7b4d634f28277607b882958c95ac fuzz: Reduce iterations in slow targets (marcofleon)

Pull request description:

  The `mini_miner`, `txdownloadman`, `txdownloadman_impl`, and `tx_pool_standard` fuzz targets are all slow-running targets. Fix this by reducing the iteration count in the `LIMITED_WHILE` loops.

  This should help decrease the run time of the fuzz CI jobs. See https://github.com/bitcoin/bitcoin/pull/33425.

  Addresses https://github.com/bitcoin/bitcoin/issues/32870 as well.

ACKs for top commit:
  Crypt-iQ:
    crACK 6a33970fef1b7b4d634f28277607b882958c95ac
  dergoegge:
    utACK 6a33970fef1b7b4d634f28277607b882958c95ac
  enirox001:
    Concept ACK 6a33970
  brunoerg:
    ACK 6a33970fef1b7b4d634f28277607b882958c95ac

Tree-SHA512: d03d687507f497e587f7199866266298ca67d9843985dc96d1c957a6fbffb3c6cd5144a4876c471b84c84318295b0438908c745f3a4ac0254dca3e72655ecc14

953544d028

test: add block 2016 to mock mainnet

The next commit requires an additional mainnet block which changes the difficulty.

Also fix a few minor mistakes in the test (suite):
- rename the create_coinbase retarger_period argument to halving_period. Before bitcoin#31583 this was hardcoded for regtest where these values are the same.
- drop unused fees argument from mine helper

Finally the CPU miner instructions for generating the alternative mainnet chain are expanded.

4c3c1f42cf

rpc: fix getblock(header) returns target for tip

A target field was added to the getblock and getblockheader RPC calls in bitcoin#31583, but it mistakingly always used the tip value.

Because regtest does not have difficulty adjustment, a test is added for mainnet instead.

bf7996cbc3

rpc/net: report per-peer last_inv_sequence 77b2ebb811

datacarrier: Undeprecate configuration option

Reverts commit 0b4048c73385166144d0b3e76beb9a2ac4cc1eca

451ba9ada4

system: improve handling around GetTotalRAM()

This patch achieves two things:
1. Fix unused variable warning (https://github.com/bitcoin/bitcoin/pull/33333#discussion_r2362493046)
2. Enable GetTotalRAM() on other platforms where it was tested to work.

Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>

337a6e7386

test: split out `system_ram_tests` to signal when total ram cannot be determined

when `GetTotalRAM` returns an `std::nullopt` now we're getting:
```
The following tests did not run:
        106 - system_ram_tests (Skipped)
```

56791b5829

Merge bitcoin/bitcoin#33435: system: improve handling around GetTotalRAM()

56791b582958e905e5ba5cbf172a8ea7dad1a8b0 test: split out `system_ram_tests` to signal when total ram cannot be determined (Lőrinc)
337a6e738616781f81504275bac8ed7bcf8068df system: improve handling around GetTotalRAM() (Vasil Dimov)

Pull request description:

  1. Fix unused variable warning (https://github.com/bitcoin/bitcoin/pull/33333#discussion_r2362493046)
  2. Enable `GetTotalRAM()` on other platforms where it was tested to work.
  3. Skip the `GetTotalRAM()` unit test on unsupported platforms.

  Prior discussion: https://github.com/bitcoin/bitcoin/pull/33333#discussion_r2362493046

ACKs for top commit:
  l0rinc:
    ACK 56791b582958e905e5ba5cbf172a8ea7dad1a8b0
  hebasto:
    ACK 56791b582958e905e5ba5cbf172a8ea7dad1a8b0.

Tree-SHA512: bc419aa55edad77473dbcf810f02d02fa0c45a6355a93d17f7881051117b753c584296ab3840893270ecdc9bb2bee0fe4e070607c6560b794e97a25da733c47d

34fefb6335

doc: remove unrelated `bitcoin-wallet` binary from `libbitcoin_ipc` description

`bitcoin-wallet` as-is is merely an offline wallet inspection tool
(introduced more than 9 years ago in PR #13926) that doesn't have any
relation with IPC/multiprocess, so remove it from the list of binaries
that use `libbitcoin_ipc`.

fbde8d9a81

test: validate behaviour of getpeerinfo last_inv_sequence and inv_to_send

Co-Authored-By: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz>

2738b63e02

Merge bitcoin/bitcoin#33302: ci: disable cirrus cache in 32bit arm job

00c253d494176b31dc4aaba24dc7e61aecb20be2 ci: disable cirrus cache in 32bit arm job (will)
ff18b6bbaf322739fe98fd51b0d89d65a5775ab5 ci: refactor docker action to return provider str (will)

Pull request description:

  Add an optional matrix field allowing opt-out of configuring cirrus GHA cache when not using cirrus runners.

  This is not needed for the cirruslabs/[save|restore]-cache actions, as they automatically fallback based on runner type.

  Addresses https://github.com/bitcoin/bitcoin/issues/31965#issuecomment-3252638785

ACKs for top commit:
  m3dwards:
    ACK 00c253d494176b31dc4aaba24dc7e61aecb20be2

Tree-SHA512: 4c79deec2b0018f62a982b2d1051c78e94e242a1b8faf5db037353b05b707827dafded56c9b5ffbc861fcadac5a90571077e6ab69410975f7a2f40c755630a8e

3b3ab3a50a

Merge bitcoin/bitcoin#33459: doc: remove unrelated `bitcoin-wallet` binary from `libbitcoin_ipc` description

fbde8d9a81d82e53933fe45e36d3a70206a48e0e doc: remove unrelated `bitcoin-wallet` binary from `libbitcoin_ipc` description (Sebastian Falbesoner)

Pull request description:

  `bitcoin-wallet` as-is is merely an offline wallet inspection tool (introduced more than 9 years ago in PR #13926) that doesn't have any relation with IPC/multiprocess, so remove it from the list of binaries that use `libbitcoin_ipc`.

ACKs for top commit:
  pablomartin4btc:
    ACK fbde8d9a81d82e53933fe45e36d3a70206a48e0e

Tree-SHA512: e11720d35596575cd9785b9b00e6b11e46ba4c8aad6fe98e952d4aa4310f9e5c719dd2f177da8b5c3abefc831cbace0e1a0620f428d847f9bdcf7252a8889641

6861dadfcb

Merge bitcoin/bitcoin#33427: rpc: Always return per-wtxid entries in submitpackage tx-results

cad9a7fd7370f6df38370569f9d2de6ac6b7137a rpc: Always return per-wtxid entries in submitpackage tx-results (John Moffett)

Pull request description:

  Follow-up to #28848

  When `submitpackage` produced no per-transaction result for a member, the RPC set `"error": "unevaluated"` but then continued without inserting the entry into `tx-results`, making it impossible for callers to know which `wtxids` were unevaluated.

  This inserts the error result before continuing, updates help text, and adjusts functional tests to expect entries for all submitted `wtxids`.

ACKs for top commit:
  instagibbs:
    ACK cad9a7fd7370f6df38370569f9d2de6ac6b7137a
  glozow:
    ACK cad9a7fd7370f6df38370569f9d2de6ac6b7137a

Tree-SHA512: 8df5c9b3d1f17aaf0311c38f028ae4b55d4c52a660f85171f105c4f65d130b14ab00698ac5d7c27403a0c37fff391c154c3ad44cc99ba4d549d9c30751b8360f

a86e1a6e32

ci: link against -lstdc++ in native fuzz with msan job b77137a564

Merge bitcoin/bitcoin#33425: ci: remove Clang build from msan fuzz job

b77137a5644e09a08442aed7d8a4a9290fb53526 ci: link against -lstdc++ in native fuzz with msan job (fanquake)

Pull request description:

  Remove the Clang build from msan fuzz by using the apt install LLVM / Clang, and just linking against `-lstdc++`.

ACKs for top commit:
  maflcko:
    lgtm ACK b77137a5644e09a08442aed7d8a4a9290fb53526

Tree-SHA512: dc32b22a93196120a343d91265db3f42f6dc00afc887929986987ea62f2513580c855e98d088f037adb4c2e62358f98e47b914a412ef9c1069037917a36c0b03

eaa1a3cd0b

Merge bitcoin/bitcoin#33448: net/rpc: Report inv information for debugging

2738b63e025d240618b3c72c28243c3e4d7d9c79 test: validate behaviour of getpeerinfo last_inv_sequence and inv_to_send (Anthony Towns)
77b2ebb811824899f56976f8e3113914706edc97 rpc/net: report per-peer last_inv_sequence (Anthony Towns)
adefb51c5437667696cacaf163ea08b39e961358 rpc/net: add per-peer inv_to_send sizes (Anthony Towns)

Pull request description:

  Adds per-peer entries to `getpeerinfo` for the size of the inv_to_send queue and the mempool sequence number as at the last INV. Can be helpful for debugging tx relay performance and privacy/fingerprinting issues.

ACKs for top commit:
  sipa:
    utACK 2738b63e025d240618b3c72c28243c3e4d7d9c79
  instagibbs:
    ACK 2738b63e025d240618b3c72c28243c3e4d7d9c79

Tree-SHA512: e3c9c52e8e38b099d405a177ffba6783c5821cc5ce1432b98218843e00906986ce2141dcd5b04a67006c328211a672e519fa3390e012688499bfc9ac99767599

89144eb473

depends: static libxcb_cursor

Modern Ubuntu isn't shipping with this library installed by default.
Staticly link it to remove the need for end-users to install it.

Closes #33432.

eca50854e1

net: use generic network key for addrcache

The generic key can also be used in other places
where behavior between different network identities should
be uncorrelated to avoid fingerprinting.
This also changes RANDOMIZER_ID - since it is not
being persisted to disk, there are no compatibility issues.

94db966a3b

Merge bitcoin/bitcoin#33388: test: don't throw from the destructor of DebugLogHelper

2427939935f3e6669be6bf553be89639e0afabaa test: forbid copying of DebugLogHelper (Daniel Pfeifer)
d6aa266d432f24c1f1bf7ece64aeba342cabeaf2 test: don't throw from the destructor of DebugLogHelper (Vasil Dimov)

Pull request description:

  Throwing an exception from the destructor of a class is a bad practice because the destructor will be called when an object of that type is alive on the stack and another exception is thrown, which will result in "exception during the exception". This would terminate the program without any messages.

  Instead print the message to the standard error output and call `std::abort()`.

  ---

  This change is part of https://github.com/bitcoin/bitcoin/pull/26812. It is an improvement on its own, so creating a separate PR for it following the discussion at https://github.com/bitcoin/bitcoin/pull/32604#discussion_r2345091587. Getting it in will reduce the size of #26812.

ACKs for top commit:
  Crypt-iQ:
    crACK 2427939
  l0rinc:
    Code review reACK 2427939935f3e6669be6bf553be89639e0afabaa
  optout21:
    crACK 2427939935f3e6669be6bf553be89639e0afabaa
  furszy:
    utACK 2427939935f3e6669be6bf553be89639e0afabaa

Tree-SHA512: 918c1e40d2db4ded6213cd78a18490ad10a9f43c0533df64bdf09f0b216715415030e444712981e4407c32ebf552fbb0e3cce718e048df10c2b8937caf015564

350692e561

Merge bitcoin/bitcoin#33031: wallet: Set descriptor cache upgraded flag for migrated wallets

88b0647f027a608acb61ec32329d19f8e5b0a9fd wallet: Always write last hardened cache flag in migrated wallets (Ava Chow)
8a08eef645eeb3e1991a80480c5ee232bfceeb37 tests: Check that the last hardened cache upgrade occurs (Ava Chow)

Pull request description:

  #32597 set the descriptor cache upgraded flag for newly created wallets, but migrated wallets still did not have the flag set when they are migrated. For consistency, and to avoid an unnecessary upgrade, we should be setting this flag for migrated wallets.

  The flag would end up being set anyways at the end of migration when the wallet is reloaded as it would perform the automatic upgrade at that time. However, this is unnecessary and we should just set it from the get go.

  This PR also adds a couple tests to verify that the flag is being set, and that the upgrade is being performed.

ACKs for top commit:
  cedwies:
    re-ACK 88b0647
  rkrux:
    lgtm ACK 88b0647f027a608acb61ec32329d19f8e5b0a9fd
  pablomartin4btc:
    ACK 88b0647f027a608acb61ec32329d19f8e5b0a9fd

Tree-SHA512: 7d0850db0ae38eedd1e6a3bfaa548c6c612182291059fb1a47279a4c4984ee7914ecd02d8c7e427ef67bf9f5e67cbc57a7ae4412fad539e1bf3e05c512a60d69

dd61f08fd5

Merge bitcoin/bitcoin#33408: msvc: Update vcpkg manifest

ef20c2d11d960bf915f88cdb2ceac2184e4aec10 build, msvc: Update vcpkg manifest baseline (Hennadii Stepanov)

Pull request description:

  This PR updates the vcpkg manifest baseline from the ["2025.03.19 Release"](https://github.com/microsoft/vcpkg/releases/tag/2025.03.19) to the ["2025.08.27 Release"](https://github.com/microsoft/vcpkg/releases/tag/2025.08.27), with the following package
  changes:
   - `boost`: 1.87.0 --> 1.88.0
   - `qtbase`: 6.8.2#1 -> 6.9.1
   - `qttools`: 6.8.2 -> 6.9.1
   - `sqlite3`: 3.49.1 --> 3.50.4

  The previous update was made in https://github.com/bitcoin/bitcoin/pull/32213.

ACKs for top commit:
  hodlinator:
    ACK ef20c2d11d960bf915f88cdb2ceac2184e4aec10

Tree-SHA512: 3c95fea911e1481b3536958d83dcaa52012abdff350cd08c21b30b3df61a501b2f3272e879882820bb59456066e9270de820bcb47810d3d1b8e8a1267d987d90

ad4a49090d

cli: Allow arguments to be both strings and json 44a493e150

test: Remove convert_to_json_for_cli df67bb6fd8

Merge bitcoin/bitcoin#33158: macdeploy: avoid use of `Bitcoin Core` in Linux cross build

8e434a84999c473a7295772a346cbce27888d28e macdeploy: rename macOS output to bitcoin-macos-app.zip (fanquake)
05353d9cf08ca4e8210436d686d76417ff12d53c macdeploy: combine appname & -zip arguments (fanquake)

Pull request description:

  Output `bitcoin-macos-app.zip`, similar to what we do for Windows: `bitcoin-win64-setup.exe`.

ACKs for top commit:
  hodlinator:
    re-ACK 8e434a84999c473a7295772a346cbce27888d28e
  willcl-ark:
    ACK 8e434a84999c473a7295772a346cbce27888d28e

Tree-SHA512: e762c9866630c4f8c577027ee9492d74a5c7f4b194df73876d702703b9100c356a30986c2f209ba3f3e2d483017f5e61596a2a7cdfae0a684f8dc244420cd108

5ae8edbc30

Merge bitcoin/bitcoin#33446: rpc: fix getblock(header) returns target for tip

bf7996cbc3becf329d8b1cd2f1007fec9b3a3188 rpc: fix getblock(header) returns target for tip (Sjors Provoost)
4c3c1f42cf705e039751395799240da33ca969bd test: add block 2016 to mock mainnet (Sjors Provoost)

Pull request description:

  A `target` field was added to the `getblock` and `getblockheader` RPC calls in #31583, but it mistakingly always used the tip value.

  This PR fixes it to return the target for the given block. Because regtest does not have difficulty adjustment, the mainnet test is expanded to cover the fix.

  A preliminary commit deals with mining block 2016 that's needed for the test. It also:
  - renames the `create_coinbase` `retarget_period` argument to `halving_period`. Before #31583 this was hardcoded for regtest where these values are the same.
  - drops unused `fees` argument from `mine` helper
  - expands the CPU miner instructions for generating the alternative mainnet chain

  Fixes #33440

ACKs for top commit:
  sipa:
    utACK bf7996cbc3becf329d8b1cd2f1007fec9b3a3188
  luke-jr:
    crACK bf7996cbc3becf329d8b1cd2f1007fec9b3a3188
  TheCharlatan:
    ACK bf7996cbc3becf329d8b1cd2f1007fec9b3a3188
  ismaelsadeeq:
    Code review ACK bf7996cbc3becf329d8b1cd2f1007fec9b3a3188

Tree-SHA512: 2a2e11efd91f4aaccf9d2ec4dff9fd82c366b8a7e797ce5981dca2e6f08028f69154f4e6a27aef20d78b0e6c3304416789267c2fad42d7aa5072f8537d0c8b0d

d41b503ae1

miner: fix `addPackageTxs` unsigned integer overflow b807dfcdc5

ci: Turn centos config into alpine musl config fa6b2e9efe

Merge bitcoin/bitcoin#33475: bugfix: miner: fix `addPackageTxs` unsigned integer overflow

b807dfcdc5929c314d43b790c9e705d5bf0a86e8 miner: fix `addPackageTxs` unsigned integer overflow (ismaelsadeeq)

Pull request description:

  This PR fixes an unsigned integer overflow in the `addPackageTxs` method of the `BlockAssembler`.

  The overflow is a rare edge case that might occur on master when a miner reserves 2000 WU and wants to create an block to be empty.

  i.e, by starting with `-blockmaxweight=2000`, `-blockreservedweight=2000`, or just `blockmaxweight=2000`, and then calling the mining interface `createNewBlock` with `blockReservedWeight` set to `2000`.

  Instead of bailing out after going through transactions equivalent to `MAX_CONSECUTIVE_FAILURES`, the loop never breaks until all mempool transactions are visited.

  See https://github.com/bitcoin/bitcoin/pull/33421#issuecomment-3324859282

  The fix avoids the overflow by using addition instead adding `BLOCK_FULL_ENOUGH_WEIGHT_DELTA` to the block weight and comparing it with `m_options.nBlockMaxWeight`.

  Another alternative that preserves the same structure is to use `static_cast`. See https://github.com/bitcoin/bitcoin/pull/33421/commits/c9530cf35d351628eea4992c66fc1df548d1b580.

  This fix can be tested by cherry-picking the commits from #33421 without the static cast fix and running:

  ```bash
  echo "AQAAAAAAA
  AAnJycnAAAAAAAAAAAAAAAAAA" | base64 --decode > miner.crash

  FUZZ=block_template_cache ./build_fuzz/bin/fuzz miner.crash
  ```

  ---

  This is part of a larger inconsistency in how size/weight is represented in the codebase. It may be worth defining a dedicated type for size/weight.

ACKs for top commit:
  glozow:
    nice, utACK b807dfcdc5929c314d43b790c9e705d5bf0a86e8
  furszy:
    Code ACK b807dfcdc5929c314d43b790c9e705d5bf0a86e8

Tree-SHA512: c1d2f7e500f9b0624a4c22a146921a1644017065e6c94d0c5027486392321f5de26c61751a24765e025e45b34c535adfd6d0e2ac809dea6846b99f37d13043c9

05d984b1a4

ci: remove 3rd party js from windows dll gha job

We can use vswhere.exe directly to create a vs developer
prompt and so can remove this third party dependency.

Co-authored-by: David Gumberg <davidzgumberg@gmail.com>

7ae0497eef

Merge bitcoin/bitcoin#33230: cli: Handle arguments that can be either JSON or string

df67bb6fd84c393eaf00f19074085ee080546bd3 test: Remove convert_to_json_for_cli (Ava Chow)
44a493e150a706ec10899d0fcbc029e7466e5e81 cli: Allow arguments to be both strings and json (Ava Chow)

Pull request description:

  There are some RPCs where the argument can be either JSON that needs to be parsed, or a string that we can pass straight through. However, `bitcoin-cli` would always parse those arguments as JSON which makes for some cumbersome argument passing when using those RPCs. Notably, `hash_or_height` in `getblockstats` and `gettxoutsetinfo` do this, and results in a more cumbersome command of `bitcoin-cli getblockstats '"<hash>"'`. Otherwise, using a normal invocation of `bitcoin-cli getblockstats <hash>` results in `error: Error parsing JSON`. This PR marks those particular options as also being a string so that when `bitcoin-cli` fails to parse the argument as JSON, it will assume that the argument is a string and pass it straight through.

ACKs for top commit:
  ryanofsky:
    Code review ACK df67bb6fd84c393eaf00f19074085ee080546bd3, just rebased since last review. I do still think it would be good to improve the test (https://github.com/bitcoin/bitcoin/pull/33230#discussion_r2369570345)
  rkrux:
    Light code review, lgtm ACK df67bb6fd84c393eaf00f19074085ee080546bd3
  mzumsande:
    Code Review ACK df67bb6fd84c393eaf00f19074085ee080546bd3

Tree-SHA512: 6c488570fbb24d0cf10508416c56accfc7af5163b7a7187d22d78c812424a9e3ecc95906d3e295fbf6af54bf80903aa448fd879dd6a9944ba8b4d1a33eb29ef2

e62e0a12b3

Merge bitcoin/bitcoin#33229: multiprocess: Don't require bitcoin -m argument when IPC options are used

453b0fa286e5dce0af682b7b73684dd6415a50de bitcoin: Make wrapper not require -m (Ryan Ofsky)
29e836fae660d9a89c54a094ae1a032e6a88c334 test: add tool_bitcoin to test bitcoin wrapper behavior (Ryan Ofsky)
0972f5504021b482b27523fd3bcb8036cf6b439c init: add exe name to bitcoind, bitcoin-node -version output to be able to distinguish these in tests (Ryan Ofsky)

Pull request description:

  This change makes the `bitcoin` command respect IPC command line options and _bitcoin.conf_ settings, so IPC listening can be enabled by just running `bitcoin node -ipcbind=unix` or `bitcoin node` with `ipcbind=unix` in the configuration file, and there is no longer a need to specify a multiprocess `-m` option like `bitcoin -m node [...]`

  sipa and theuni in #31802 pointed out that users shouldn't be exposed to multiprocess implementation details just to use IPC features, so current need to specify the `bitcoin -m` option in conjunction with `-ipcbind` could be seen as a design mistake and not just a usage inconvenience.

  This PR also adds a dedicated functional test for the `bitcoin` wrapper command and to make sure it calls the right binaries and test the new functionality.

  ---

  This PR is part of the [process separation project](https://github.com/bitcoin/bitcoin/issues/28722).

ACKs for top commit:
  Sjors:
    re-ACK 453b0fa286e5dce0af682b7b73684dd6415a50de
  achow101:
    ACK 453b0fa286e5dce0af682b7b73684dd6415a50de
  TheCharlatan:
    Re-ACK 453b0fa286e5dce0af682b7b73684dd6415a50de

Tree-SHA512: 9e49cb7e183fd220fa7a4e8ac68cef55f3cb2ccec40ad2a9d3e3f31db64c4953db8337f8caf7fce877bc97002ae97568dcf47ee269a06ca1f503f119bfe392c1

31b29f8eb6

Merge bitcoin/bitcoin#33430: rpc: addpeeraddress: throw on invalid IP

316a0c513278d53cb25f42ea502d20691962aad6 rpc: addpeeraddress: throw on invalid IP (John Moffett)

Pull request description:

  Right now we return an opaque `{"success" : false}` in `addpeeraddress` for an empty or invalid IP. This changes it to throw `RPC_CLIENT_INVALID_IP_OR_SUBNET` with the error message `Invalid IP address`. Tests updated to match.

ACKs for top commit:
  sipa:
    utACK 316a0c513278d53cb25f42ea502d20691962aad6
  achow101:
    ACK 316a0c513278d53cb25f42ea502d20691962aad6
  vasild:
    ACK 316a0c513278d53cb25f42ea502d20691962aad6
  pablomartin4btc:
    tACK 316a0c513278d53cb25f42ea502d20691962aad6

Tree-SHA512: 79a8ce127d0a24b2eb1f31bc3294b895d0c6424032a6b49168259e0e94aff69723d067adf1b4dc3c9b79e597531e5b65e4b8fc5a8e21fba0b81f99168de12b96

65e909dfdd

contrib: fix using macdploy script without translations.

QT translations are optional, but the script would error when
'translations_dir' falls back to its default value NULL.

This PR fixes it by moving the set-up of QT translations under
the check for 'translations_dir' presence.

7b5261f7ef

Merge bitcoin/bitcoin#33399: key: use static context for libsecp256k1 calls where applicable

1ff9e929489e625a603e8755b8efe849feda1f16 key: use static context for libsecp256k1 calls where applicable (Sebastian Falbesoner)

Pull request description:

  The dynamically created [signing context](https://github.com/bitcoin/bitcoin/blob/2d6a0c464912c325faf35d4ad28b1990e828b414/src/key.cpp#L19) for libsecp256k1 calls is only needed for functions that involve generator point multiplication with a secret key, i.e. different variants of public key creation and signing. The API docs hint to those by stating "[(not secp256k1_context_static)](https://github.com/bitcoin-core/secp256k1/blob/b4756543028065b3ae6f30e9e6d7f1ecf2bb08c6/include/secp256k1.h#L645)" for the context parameter. In our case that applies to the following calls:
  - `secp256k1_ec_pubkey_create`
  - `secp256k1_keypair_create`
  - `secp256k1_ellswift_create`
  - `secp256k1_ecdsa_sign`
  - `secp256k1_ecdsa_sign_recoverable`
  - `secp256k1_schnorrsig_sign32`
  - `ec_seckey_export_der` (not a direct secp256k1 function, but calls `secp256k1_ec_pubkey_create` inside)

  For all the other secp256k1 calls we can simply use the static context. This is done for consistency to other calls that already use `secp256k1_context_static`, and also to reduce dependencies on the global signing context variable. Looked closer at this in the course of reviewing #29675, where some functions used the signing context that didn't need to, avoiding a move to another module (see https://github.com/bitcoin/bitcoin/pull/29675#discussion_r2333831377).

ACKs for top commit:
  Eunovo:
    ACK https://github.com/bitcoin/bitcoin/pull/33399/commits/1ff9e929489e625a603e8755b8efe849feda1f16
  furszy:
    ACK 1ff9e929489e625a603e8755b8efe849feda1f16
  rkrux:
    crACK 1ff9e929489e625a603e8755b8efe849feda1f16

Tree-SHA512: f091efa56c358057828f3455d4ca9ce40ec0d35f3e38ab147fe3928bb5dbf7ffbc27dbf97b71937828ab95ea4e9be5f96d89a2d29e2aa18df4542aae1b33e258

7e08445449

Merge bitcoin/bitcoin#33313: test/refactor: use test deque to avoid quadratic iteration

75e6984ec8c6fa196ad78c11f454da506d7c8ff1 test/refactor: use test deque to avoid quadratic iteration (Lőrinc)

Pull request description:

  Extracted from https://github.com/bitcoin/bitcoin/pull/33141#discussion_r2323012972.

  -----

  In Python, [list `pop(0)` is linear](https://docs.python.org/3/tutorial/datastructures.html#using-lists-as-queues), so consuming all items in the test results in quadratic iteration.

  Switching to `collections.deque` with `popleft()` expresses FIFO intent and avoids the O(n^2) path.
  Behavior is unchanged - for a few hundred items the perf impact is likely negligible.

ACKs for top commit:
  maflcko:
    lgtm ACK 75e6984ec8c6fa196ad78c11f454da506d7c8ff1
  theStack:
    re-ACK 75e6984ec8c6fa196ad78c11f454da506d7c8ff1
  enirox001:
    reACK 75e6984
  w0xlt:
    reACK https://github.com/bitcoin/bitcoin/pull/33313/commits/75e6984ec8c6fa196ad78c11f454da506d7c8ff1

Tree-SHA512: 290f6aeeb33d8b12b7acbbfede7ce0bef1c831a7ab9efc9c3a08c049986572e289cdece0844db908cf198395f574575ce4073c268033bf6dbaadc3828c96c1d8

200150beba

doc: rpc: fix case typo in `finalizepsbt` help (final_scriptwitness) ff05bebcc4

test: set par=2 in default config for functional test framework

Depending on the host machine, a default `par` value can spawn up to 15 script verification threads for each node.
Running the functional test suite with default `par` can exhaust file descriptors or hit other resource limits when many threads are spawned.
These threads are mostly idle and the same code paths are executed with a value of `par=2`.
Limit this to 2 for functional tests that do not override the default option.

Co-authored-by: maflcko <6399679+maflcko@users.noreply.github.com>

dda5228e02

Merge bitcoin/bitcoin#33484: doc: rpc: fix case typo in `finalizepsbt` help (final_scriptwitness)

ff05bebcc4262966b117082a67dc4c63a3f67d2d doc: rpc: fix case typo in `finalizepsbt` help (final_scriptwitness) (Sebastian Falbesoner)

Pull request description:

  The lower-case spelling matches the `decodepsbt` result field:
  https://github.com/bitcoin/bitcoin/blob/200150beba6601237036bc01ee10f6a0a2246c3d/src/rpc/rawtransaction.cpp#L871
  https://github.com/bitcoin/bitcoin/blob/200150beba6601237036bc01ee10f6a0a2246c3d/src/rpc/rawtransaction.cpp#L1253

ACKs for top commit:
  l0rinc:
    ACK ff05bebcc4262966b117082a67dc4c63a3f67d2d
  rkrux:
    Ah crACK ff05bebcc4262966b117082a67dc4c63a3f67d2d

Tree-SHA512: c0a0e29e95fed3fcee4df4f3fc87b32774d76bebadcda5aa010bc45142727536d6a71e4c0e70564db8bdb734e8647c80953793ac9ecd6c434345e972f8d9b7b0

d8fe258cd6

ci: Reduce Alpine musl task to md runner size

Per https://github.com/bitcoin/bitcoin/pull/33480#discussion_r2387381492

444409ff2b

net: merge AlreadyConnectedToAddress() and FindNode(CNetAddr)

`CConnman::AlreadyConnectedToAddress()` is the only caller of
`CConnman::FindNode(CNetAddr)`, so merge the two in one function.

The unit test that checked whether `AlreadyConnectedToAddress()` ignores
the port is now unnecessary because now the function takes a `CNetAddr`
argument. It has no access to the port.

3a4d1a25cf

wallet, log: reduce unconditional logging during load

The removed statements were logged up to two or three times for each loaded
wallet. The SQLite version only needs to be logged once.
The full wallet path is dropped, since the existing unconditional
logging while loading wallets is sufficient (also reduces anonymization
efforts in case of sharing logs).

Co-authored-by: Martin Zumsande <mzumsande@gmail.com>

fc861332b3

ci: use latest versions of lint deps

Some of the versions used here are > 2 years old. i.e mypy. Use the
latest avilable versions, except for LIEF, which is generally changed
with Guix.

d4f47f9771

fuzz: don't bypass_limits for most mempool harnesses

Using bypass_limits=true is essentially fuzzing part of a
reorg only, and results in TRUC invariants unable to be
checked. Remove most instances of bypassing limits, leaving
one harness able to do so.

bbe8e9063c

Mempool: Do not enforce TRUC checks on reorg

Not enforcing TRUC topology on reorg was the intended
behavior, but the appropriate bypass argument was not
checked.

This mistake means we could potentially invalidate a long
chain of perfectly incentive-compatible transactions that
were made historically, including subsequent non-TRUC
transactions, all of which may have been very high feerate.

Lastly, it wastes CPU cycles doing topology checks since
this behavior cannot actually enforce the topology in
general for the reorg setting.

26e71c237d

test: add more TRUC reorg coverge 06df14ba75

Merge bitcoin/bitcoin#33487: ci: use latest versions of lint deps

d4f47f97715c7b6a2879e99c62f09ccead8cc4cd ci: use latest versions of lint deps (fanquake)

Pull request description:

  Some of the versions used here are > 2 years old. i.e `mypy`. Use the latest avilable versions, except for LIEF, which is generally changed with Guix.

  Side note. I can't remember the last time one of these tools (mypy, ruff, vulture) actually caught an issue in the lint job.

ACKs for top commit:
  maflcko:
    lgtm ACK d4f47f97715c7b6a2879e99c62f09ccead8cc4cd
  janb84:
    lgtm ACK d4f47f97715c7b6a2879e99c62f09ccead8cc4cd
  hebasto:
    ACK d4f47f97715c7b6a2879e99c62f09ccead8cc4cd, I have reviewed the code and it looks OK.

Tree-SHA512: 8b312535c9fea8e76d58f517ada6d6ea7a119c5e03c8cb84a41b5b6ca80dfaaff65a81478bdc1a5acf734cfb0bc66a8b3ba5400db8973c43ca913b07568abfe4

25212dfdb4

depends: Fix `$(package)_fetched` target

Ensure the download timestamp is created only after a successful
download.

771978952a

depends: Drop redundant check for downloaded file

The `fetch_file` commands are invoked for the `$($(package)_fetched)`
target, so the existence of the download stamp has already been tested.

46135d90ea

ci: expose all ACTIONS_* vars

When using `docker buildx build` in conjunction with the `gha` backend
cache type, it's important to specify the URL and TOKEN needed to
authenticate.

On Cirrus runners this is working with only `ACTIONS_CACHE_URL` and
`ACTIONS_RUNTIME_TOKEN`, but this is not enough for the GitHub backend.

Fix this by exporting all `ACTIONS_*` variables.

This fixes cache restore/save on forks or where GH-hosted runners are
being used.

bc706955d7

depends: Use hash instead of file name for package download stamp

The package version is still included for convenience.

6de8051263

depends: Update URL for `qrencode` package source tarball

The https://fukuchi.org/ homepage no longer links to the source tarball,
and previously available files appear to have been removed. The homepage
now instructs users to download source tarballs from the GitHub releases
page instead.

The diff between the source trees is immaterial.

93a70a42d3

p2p: Use different inbound inv timer per network

Currently nodes schedule their invs to all inbound peers at the same time.
It is trivial to make use this timing pattern for fingerprinting
identities on different networks. Using a separate timers for each network will
make the fingerprinting harder.

0f7d4ee4e8

Merge bitcoin/bitcoin#33299: wallet: reduce unconditional logging during load

fc861332b351c9390400054ff74193ce26eb0713 wallet, log: reduce unconditional logging during load (furszy)

Pull request description:

  Currently the unconditional log during init with a default wallet happens three times:
  ```
  2025-09-03T19:57:16Z init message: Verifying wallet(s)…
  2025-09-03T19:57:16Z Using SQLite Version 3.45.1
  2025-09-03T19:57:16Z Using wallet XXX/.bitcoin/regtest
  2025-09-03T19:57:16Z Using SQLite Version 3.45.1
  2025-09-03T19:57:16Z Using wallet XXX/.bitcoin/regtest
  (...)
  2025-09-03T19:57:16Z Using SQLite Version 3.45.1
  2025-09-03T19:57:16Z Using wallet XXX/.bitcoin/regtest
  2025-09-03T19:57:16Z init message: Loading wallet…
  ```
  For non-default wallets it's logged two times.

  That seems a bit too much, so just log the SQLite version just one, and remove the log for the full path of the wallet, since it's already clear from other logs which wallet is being loaded.

ACKs for top commit:
  achow101:
    ACK fc861332b351c9390400054ff74193ce26eb0713
  furszy:
    utACK fc861332b351c9390400054ff74193ce26eb0713
  stickies-v:
    ACK fc861332b351c9390400054ff74193ce26eb0713

Tree-SHA512: ca45c8ede985e6feab0cb93d718a6d633691276ca6e5f13f6471759f11dee98b312e1c802a7fb42c7fa859b6edc44a8c54b9e2ca389655cf028aebf2dabe51f6

8f73d95221

pubkey: Return tweaks from BIP32 derivation

MuSig2 needs the BIP32 derivation tweaks in order to sign with a key
derived from the aggregate pubkey.

4b24bfeab9

sign: Include taproot output key's KeyOriginInfo in sigdata 9baff05e49

Add MuSig2SecNonce class for secure allocation of musig nonces c06a1dc86f

signingprovider: Add musig2 secnonces

Adds GetMuSig2SecNonces which returns secp256k1_musig_secnonce*, and
DeleteMuSig2Session which removes the MuSig2 secnonce from wherever it
was retrieved. FlatSigningProvider stores it as a pointer to a map of
session id to secnonce so that deletion will actually delete from the
object that actually owns the secnonces.

The session id is just a unique identifier for the caller to determine
what secnonces have been created.

4d8b4f5336

psbt: MuSig2 data in Fill/FromSignatureData d99a081679

musig: Add MuSig2AggregatePubkeys variant that validates the aggregate

A common pattern that MuSig2 functions will use is to aggregate the
pubkeys to get the keyagg_cache and then validate the aggregated pubkey
against a provided aggregate pubkey. A variant of MuSig2AggregatePubkeys
is added which does that.

The functionality of GetMuSig2KeyAggCache and GetCPubKeyFromMuSig2KeyAggCache
are included in MuSig2AggregatePubkeys (and used internally) so there is
no expectation that callers will need these so they are made static.

82ea67c607

sign: Add CreateMuSig2Nonce 512b17fc56

sign: Add CreateMuSig2PartialSig bf69442b3f

sign: Add CreateMuSig2AggregateSig 258db93889

sign: Create MuSig2 signatures for known MuSig2 aggregate keys

When creating Taproot signatures, if the key being signed for is known
to be a MuSig2 aggregate key, do the MuSig2 signing algorithms.

First try to create the aggregate signature. This will fail if there are
not enough partial signatures or public nonces. If it does fail, try to
create a partial signature with all participant keys. This will fail for
those keys that we do not have the private keys for, and if there are
not enough public nonces. Lastly, if the partial signatures could not be
created, add our own public nonces for the private keys that we know, if
they do not yet exist.

4a273edda0

wallet: Keep secnonces in DescriptorScriptPubKeyMan 68ef954c4c

test: Test MuSig2 in the wallet ac599c4a9c

test: increase timeout in p2p_leak_tx.py

With a low but not negligible probability in the order
of 10^-6 the exponential timer NextInvToInBounds can lead
to an interval >60s, making the test fail.
Also uses mocktime to speed up the test and fixes a
non-matching on_inv override.

Co-authored-by: Vasil Dimov <vd@FreeBSD.org>

576dd97cb9

test: fix (w)txid confusion in p2p_leak_tx.py

Before, we'd send a MSG_TX with a wtxid in it, which
would always result in a notfound answer

99bc552980

test: make notfound_on_unannounced more reliable

By using mocktime, we will always hit both the notfound
branch and the tx sent branch.
The previous version didn't achieve that due to timing
issues.

Co-authored-by: Martin Zumsande <mzumsande@gmail.com>

14ae71f323

Merge bitcoin/bitcoin#33260: test: Use extra_port() helper in feature_bind_extra.py

fabc2615af26c61a503f23ae4fd0353f90602bbe test: Use extra_port() helper in feature_bind_extra.py (MarcoFalke)

Pull request description:

  This is a refactor for self-validating and self-documenting code.

  Currently, the test assumes that extra ports are available and just increments them without checking. However, this may not be the case when the test is modified to use more ports. In this case, the tests may fail intermittently and the failure is hard to debug.

  Fix this confusion, by calling `p2p_port` each time. This ensures the required `assert n <= MAX_NODES` is checked each time.

  Closes https://github.com/bitcoin/bitcoin/issues/33250

ACKs for top commit:
  achow101:
    ACK fabc2615af26c61a503f23ae4fd0353f90602bbe
  janb84:
    crACK fabc2615af26c61a503f23ae4fd0353f90602bbe
  w0xlt:
    ACK fabc2615af26c61a503f23ae4fd0353f90602bbe

Tree-SHA512: 1eff00be7f43104ae8a66e79fbf64075ec22bb20f392ac1e4c8a7dd694d4f1760aa44ea54ab7b1f2b947ab018851ab3c10d3c717714c0bee4d8d24617594c2bb

7502d4e940

Merge bitcoin/bitcoin#33453: docs: Undeprecate datacarrier and datacarriersize configuration options

451ba9ada41f687c0e4bb34d5925374a68a8f8a3 datacarrier: Undeprecate configuration option (Anthony Towns)

Pull request description:

  Removes the deprecation for the `datacarrier` and `datacarriersize` options by reverting commit 0b4048c73385166144d0b3e76beb9a2ac4cc1eca from https://github.com/bitcoin/bitcoin/pull/32406

  **Many current Bitcoin Core users want to continue using this option**
  This statement is based on public postings from many Bitcoin Core users and not a formal survey. AJ Towns’ observation from [#32406](https://github.com/bitcoin/bitcoin/pull/32406/commits/0b4048c73385166144d0b3e76beb9a2ac4cc1eca#r2084024874) that “_for now there seem to be a bunch of users who like the option_” has only become more apparent in the months since.

  **The deprecation intent is unclear to users**
  This echo’s Ava Chow’s comment from #32714 that “_IMO we should not have removal warnings if there is no current plan to actually remove them._” In months since that comment, partially due to increased feedback from Bitcoin Core users wanting to keep this option, there is even less likelihood of a near term plan to remove these options. That leaves Bitcoin Core users in an unclear situation: the option could be removed in the next version or perhaps never. Removing the deprecation gives clarity for their planning purposes. Deprecating the option in the future, preferably with a removal schedule to better inform users, would still be possible.

  **Minimal downsides to removing deprecation**
  As a best practice, Bitcoin Core has avoided an option when the developers cannot articulate when they should be used. There is non-zero maintenance cost to keeping this code around (although leaving the options deprecated for a long time has the same effect). “Don’t offer users footguns” is also a good principle, but with this option, there seems to be only small impacts that can quickly be remedied by changing the option value by Bitcoin Core users. There already exist in Bitcoin Core more potentially-user-harmful options/values than what datacarrier might cause.

ACKs for top commit:
  ajtowns:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  darosior:
    That said, certain users care strongly about using those options. In these conditions, i do not see the project removing the option anytime soon. Therefore i think it's technically incorrect (and confusing) to mark it as deprecated. utACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3 on removing the deprecation.
  instagibbs:
    crACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  Raimo33:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  Ademan:
    utACK 451ba9a
  ryanofsky:
    Code review ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  marcofleon:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  achow101:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  moonsettler:
    ACK https://github.com/bitcoin/bitcoin/commit/451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  ismaelsadeeq:
    utACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3 🛰️
  jonatack:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  Zero-1729:
    crACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3
  vasild:
    ACK 451ba9ada41f687c0e4bb34d5925374a68a8f8a3

Tree-SHA512: b83fc509f5dd820976596e1ae9fb69a22ada567e0e0ac88da5fc5e940a46d8894b40cc70c3eff2cbdabd4da5ec913f0d18c1632fc906f210b308855868410699

cc4a2cc6bd

Merge bitcoin/bitcoin#28584: Fuzz: extend CConnman tests

0802398e749c5e16fa7085cd87c91a31bbe043bd fuzz: make it possible to mock (fuzz) CThreadInterrupt (Vasil Dimov)
6d9e5d130d2e1d052044e9a72d44cfffb5d3c771 fuzz: add CConnman::SocketHandler() to the tests (Vasil Dimov)
3265df63a48db187e0d240ce801ee573787fed80 fuzz: add CConnman::InitBinds() to the tests (Vasil Dimov)
91cbf4dbd864b65ba6b107957f087d1d305914b2 fuzz: add CConnman::CreateNodeFromAcceptedSocket() to the tests (Vasil Dimov)
50da7432ec1e5431b243aa30f8a9339f8e8ed97d fuzz: add CConnman::OpenNetworkConnection() to the tests (Vasil Dimov)
e6a917c8f8e0f1a0fa71dc9bbb6e1074f81edea3 fuzz: add Fuzzed NetEventsInterface and use it in connman tests (Vasil Dimov)
e883b37768812d96feec207a37202c7d1b603c1f fuzz: set the output argument of FuzzedSock::Accept() (Vasil Dimov)

Pull request description:

  Extend `CConnman` fuzz tests to also exercise the methods `OpenNetworkConnection()`, `CreateNodeFromAcceptedSocket()`, `InitBinds()` and `SocketHandler()`.

  Previously fuzzing those methods would have resulted in real socket functions being called in the operating system which is undesirable during fuzzing. Now that https://github.com/bitcoin/bitcoin/pull/21878 is complete all those are mocked to a fuzzed socket and a fuzzed DNS resolver (see how `CreateSock` and `g_dns_lookup` are replaced in the first commit).

ACKs for top commit:
  achow101:
    ACK 0802398e749c5e16fa7085cd87c91a31bbe043bd
  jonatack:
    Review re-ACK 0802398e749c5e16fa7085cd87c91a31bbe043bd
  dergoegge:
    Code review ACK 0802398e749c5e16fa7085cd87c91a31bbe043bd

Tree-SHA512: a717d4e79f42bacf2b029c821fdc265e10e4e5c41af77cd4cb452cc5720ec83c62789d5b3dfafd39a22cc8c0500b18169aa7864d497dded729a32ab863dd6c4d

f41f97240c

ci: Remove bash -c from cmake invocation using eval 50194029e7

Drop support for EOL macOS 13 fadad7a494

fuzz: Drop unused workaround after Apple-Clang bump 1aaaaa078b

Merge bitcoin/bitcoin#33401: ci: Remove bash -c from cmake invocation using eval

50194029e7c2581b751931080f5999785a39929f ci: Remove bash -c from cmake invocation using eval (Brandon Odiwuor)

Pull request description:

  Follow up to https://github.com/bitcoin/bitcoin/pull/32970

  https://github.com/bitcoin/bitcoin/pull/32970#r2213730157

  > Does `cmake -S ...` still need to be wrapped in `bash -c "..."`?

  https://github.com/bitcoin/bitcoin/pull/32970#r2213741192
  > It is not trivial to replace. Maybe the `eval` hack from below can be used:
  >
  > ```shell
  >   # parses TEST_RUNNER_EXTRA as an array which allows for multiple arguments such as TEST_RUNNER_EXTRA='--exclude "rpc_bind.py --ipv6"'
  >
  >   eval "TEST_RUNNER_EXTRA=($TEST_RUNNER_EXTRA)"
  > ```
  >however, I haven't tried this yet.

  https://github.com/bitcoin/bitcoin/pull/32970#r2213801696
  > Yeah, the eval hack should work:
  >
  > ```
  > $ export T="-DREDUCE_EXPORTS=ON -DCMAKE_CXX_FLAGS='-Wno-psabi     -Wno-error=maybe-uninitialized'";  eval "T=($T)"; for i in "${T[@]}"; do  echo "_${i}_" ; done
  > _-DREDUCE_EXPORTS=ON_
  > _-DCMAKE_CXX_FLAGS=-Wno-psabi     -Wno-error=maybe-uninitialized_
  > ```
  >
  > (can be done in a follow-up)

  This replaces the `bash -c` wrapper with an eval-based array parsing to preserve spaces in flag values (e.g., in CMAKE_CXX_FLAGS), allowing ShellCheck to lint the cmake command

ACKs for top commit:
  maflcko:
    lgtm ACK 50194029e7c2581b751931080f5999785a39929f
  hebasto:
    ACK 50194029e7c2581b751931080f5999785a39929f.

Tree-SHA512: 6fd22569e2c719a8d13805f18e1e7e3b8eb57d0a6307f2e7175988b25750eafb7c8260796c8e7350db67d622dbe97e6af7bab8ee52187bb8e8eeae3740a47c01

acc7f2a433

net: avoid recursive m_nodes_mutex lock in DisconnectNode()

Have `CConnman::DisconnectNode()` iterate `m_nodes` itself instead of
using `FindNode()`. This avoids recursive mutex lock and drops the only
caller of `FindNode()` which used the return value for something else
than a boolean found/notfound.

4268abae1a

net: change FindNode() to not return a node and rename it

All callers of `CConnman::FindNode()` use its return value `CNode*` only
as a boolean null/notnull. So change that method to return `bool`.

This removes the dangerous pattern of handling a `CNode` object (the
return value of `FindNode()`) without holding `CConnman::m_nodes_mutex`
and without having that object's reference count incremented for the
duration of the usage.

Also rename the method to better describe what it does.

2a4450ccbb

doc: clarify peer address in getpeerinfo and addnode RPC help

The returned value in `getpeerinfo/addr` could be a hostname as well as
an IP address and the `:port` part could be missing. It is displayed
from `CNode::m_addr_name` which could have been set from RPC `addnode`
where the argument is allowed to be a hostname and an optional port.

87e7f37918

Merge bitcoin/bitcoin#32326: net: improve the interface around FindNode() and avoid a recursive mutex lock

87e7f37918d42c28033e9f684db52f94eeed617b doc: clarify peer address in getpeerinfo and addnode RPC help (Vasil Dimov)
2a4450ccbbe30f6522c3108f136b2b867b2a87fe net: change FindNode() to not return a node and rename it (Vasil Dimov)
4268abae1a1d06f2c4bd26b85b3a491719217fae net: avoid recursive m_nodes_mutex lock in DisconnectNode() (Vasil Dimov)
3a4d1a25cf949eb5f27d6dfd4e1b4a966b2cde75 net: merge AlreadyConnectedToAddress() and FindNode(CNetAddr) (Vasil Dimov)

Pull request description:

  `CConnman::FindNode()` would lock `m_nodes_mutex`, find the node in `m_nodes`, release the mutex and return the node. The current code is safe but it is a dangerous interface where a caller may end up using the node returned from `FindNode()` without owning `m_nodes_mutex` and without having that node's reference count incremented.

  Change `FindNode()` to return a boolean since all but one of its callers used its return value to check whether a node exists and did not do anything else with the return value.

  Remove a recursive lock on `m_nodes_mutex`.

  Rename `FindNode()` to better describe what it does.

ACKs for top commit:
  achow101:
    ACK 87e7f37918d42c28033e9f684db52f94eeed617b
  furszy:
    Code review ACK 87e7f37918d42c28033e9f684db52f94eeed617b
  hodlinator:
    re-ACK 87e7f37918d42c28033e9f684db52f94eeed617b

Tree-SHA512: 44fb64cd1226eca124ed1f447b4a1ebc42cc5c9e8561fc91949bbeaeaa7fa16fcfd664e85ce142e5abe62cb64197c178ca4ca93b3b3217b913e3c498d0b7d1c9

75353a0163

test: add assumevalid scenarios scaffold

Increase the test to 6 nodes and add flows for baseline, deep anchor, and too-recent cases, plus scaffolding for off-best-header, not-in-assumevalid,
and reindex gates.
Assertions are minimal here; follow-ups add reason checks.

Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>

4fad4e992c

validation: log initial script verification state

Replaced `atomic<bool>` with `std::optional<bool>` (logged once on first observation). Safe because `ConnectBlock` holds `cs_main`.\
After this change, the state is logged before the very first `UpdateTip` line.

Co-authored-by: Eunovo <eunovo9@gmail.com>
Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>
Co-authored-by: w0xlt <woltx@protonmail.com>

9bc298556c

refactor: untangle assumevalid decision branches

Flatten nested conditionals into a linear gating sequence for readability and precise logging. No functional change, TODOs are addressed in next commit

f2ea6f04e7

log: separate script verification reasons

Replace `fScriptChecks` with `script_check_reason` and log the precise reason when checks are enabled; log a plain "Disabling" when they are skipped.
Adjust the functional test to assert the new reason strings.

Co-authored-by: w0xlt <woltx@protonmail.com>
Co-authored-by: Eunovo <eunovo9@gmail.com>
Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>
Co-authored-by: TheCharlatan <seb.kung@gmail.com>
Co-authored-by: Andrew Toth <andrewstoth@gmail.com>

6c13a38ab5

log: split assumevalid ancestry-failure-reason message

When the assumevalid ancestry check fails, log a precise reason:
- "block height above assumevalid height" if the block is above the assumevalid block (the default reason)
- "block not in of assumevalid chain" otherwise

The new split was added under the existing condition to simplify conceptually that the two cases are related.
It could still be useful to know when the block is just above the assumevalid block or when it's not even on the same chain.

Update the functional test to assert the new reason strings. No behavior change.

Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>

45bd891465

net: support overriding the proxy selection in ConnectNode()

Normally `ConnectNode()` would choose whether to use a proxy and which
one. Make it possible to override this from the callers and same for
`OpenNetworkConnection()` - pass down the proxy to `ConnectNode()`.

Document both functions.

This is useful if we want to open connections to IPv4 or IPv6 peers
through the Tor SOCKS5 proxy.

Also have `OpenNetworkConnection()` return whether the connection
succeeded or not. This can be used when the caller needs to keep track
of how many (successful) connections were opened.

c76de2eea1

rpc: refactor: use string_view in Arg/MaybeArg

Modernizes interface by not forcing users to deal with raw pointers,
without adding copying overhead. Generalizes the logic of whether
we return by value or by optional/pointer.

In cases where functions take a `const std::string&` and it would
be too much work to update them, a string copy is made (which was
already happening anyway).

b3bf18f0ba

refactor: increase string_view usage

Update select functions that take a const std::string& to take a
std::string_view instead. In a next commit, this allows us to use
the {Arg,MaybeArg}<std::string_view> helper.

037830ca0d

rpc: refactor: use more (Maybe)Arg<std::string_view>

Use the {Arg,MaybeArg}<std::string_view> helper in all places where
it is a trivial change. In many places, this simplifies the logic
and reduces duplication of default values.

b63428ac9c

Merge bitcoin/bitcoin#33504: Mempool: Do not enforce TRUC checks on reorg

06df14ba75be5f48cf9c417424900ace17d1cf4d test: add more TRUC reorg coverge (Greg Sanders)
26e71c237d9d2197824b547f55ee3a0a60149f92 Mempool: Do not enforce TRUC checks on reorg (Greg Sanders)
bbe8e9063c15dc230553e0cbf16d603f5ad0e4cf fuzz: don't bypass_limits for most mempool harnesses (Greg Sanders)

Pull request description:

  This was the intended behavior but our tests didn't cover the scenario where in-block transactions themselves violate TRUC topological constraints.

  The behavior in master will potentially lead to many erroneous evictions during a reorg, where evicted TRUC packages may be very high feerate and make sense to mine all together in the next block and are well within the normal anti-DoS chain limits.

  This issue exists since the merge of https://github.com/bitcoin/bitcoin/pull/28948/files#diff-97c3a52bc5fad452d82670a7fd291800bae20c7bc35bb82686c2c0a4ea7b5b98R956

ACKs for top commit:
  sdaftuar:
    ACK 06df14ba75be5f48cf9c417424900ace17d1cf4d
  glozow:
    ACK 06df14ba75b
  ismaelsadeeq:
    Code review ACK 06df14ba75be5f48cf9c417424900ace17d1cf4d

Tree-SHA512: bdb6e4dd622ed8b0b11866263fff559fcca6e0ca1c56a884cca9ac4572f0026528a63a9f4c8a0660df2f5efe0766310a30e5df1d6c560f31e4324ea5d4b3c1a8

1ed00a0d39

ci: use a more generic way of finding mt.exe

This sets up a vs developer command prompt and should hopefully should
be more resilient to upstream changes

Co-authored-by: David Gumberg <davidzgumberg@gmail.com>

e1a1b14c93

ci: Check windows manifests for all executables

The other executables have manifests and these should be checked in
addition to bitcoind. Skipping fuzz.exe, bench_bitcoin.exe and
test_bitcoin-qt.exe as they do not have manifests.

156927903d

tests: add unit tests for CBlockIndex::GetAncestor and LastCommonAncestor 2e09d66fbb

chain: make use of pskip in LastCommonAncestor (optimization)

By using the pskip pointer, which regularly allows jumping back much faster
than pprev, the forking point between two CBlockIndex entries can be found
much faster.

A simulation shows that no more than 136 steps are needed to jump anywhere
within the first 2^20 block heights, and on average 65 jumps for uniform
forking points around that height.

3635d62f5a

test: addrman: check isTerrible when time is more than 10min in the future 8e47ed6906

Merge bitcoin/bitcoin#33434: depends: static libxcb-cursor

eca50854e1cb04e20478bd3df4762e18520a3611 depends: static libxcb_cursor (fanquake)

Pull request description:

  Remove the runtime requirement of `libxcb-cursor`. This library is no-longer present on modern Ubuntu.
  Fixes #33432.
  Also related to #32097.

ACKs for top commit:
  davidgumberg:
    Addendum ACK https://github.com/bitcoin/bitcoin/commit/eca50854e1cb04e20478bd3df4762e18520a3611
  willcl-ark:
    Code review ACK eca50854e1cb04e20478bd3df4762e18520a3611

Tree-SHA512: d545a03baf5030de64874b79add87b6ef5f95eb5ca31aa66007ee03554103d2eda5e56dfd4395d0a12e24b2e489457e4f19ed9e6d390351c72a0da630f03cc42

007900ee9b

Merge bitcoin/bitcoin#33482: contrib: fix macOS deployment with no translations

7b5261f7ef3d88361204c40eb10c0d9dc44f5ed7 contrib: fix using macdploy script without translations. (amisha)

Pull request description:

  **Description**
  From what I deciphered reading the line https://github.com/bitcoin/bitcoin/blob/master/contrib/macdeploy/macdeployqtplus#L390 is that qt translations are optional to have hence we should be able to build without it but the case where the flag translations_dir falls back to its default Null value it raises this error.

  The config comments also mentioned that adding translation file is optional.

  ```
  ./macdeployqtplus --help
  usage: macdeployqtplus [-h] [-verbose [VERBOSE]] [-no-plugins] [-no-strip] [-translations-dir path] [-zip zip] app-bundle

  Improved version of macdeployqt. Outputs a ready-to-deploy app in a folder "dist" and optionally wraps it in a .zip file. Note, that the "dist" folder will be deleted before deploying on each run. Optionally, Qt translation files
  (.qm) can be added to the bundle.
  ```

  **Steps to reproduce**
  So I was following the general steps to set up app on macos however I didn't download any qt translations presuming it was optional from the comment linkedin in PR, so to reproduce if you have translation directories in place ull need to delete them and then try to build the file, otherwise don't download it at all and try to build it. It should fail on that flag as translations dir was never downloaded.

  **Approach taken**
  I have moved the code which adds language files under the if statement that first checks if the value of the flag is not Null before referencing it.

ACKs for top commit:
  ismaelsadeeq:
    ACK 7b5261f7ef3d88361204c40eb10c0d9dc44f5ed7

Tree-SHA512: 8d51b17569e42c9feb95e1be17b1551c708a05eb44b82c74db0b25e07006b4ee223d64484f8bdb2ee1420f6e571686561ae1c09bd3362f77dcbb507bc5085f86

86eaa4d6cd

Merge bitcoin/bitcoin#33121: test: fix p2p_leak_tx.py

14ae71f323dd011c6d51470ea15cf00750970f65 test: make notfound_on_unannounced more reliable (David Gumberg)
99bc552980d9a10da03e4b90c390bcd6cae686be test: fix (w)txid confusion in p2p_leak_tx.py (Martin Zumsande)
576dd97cb91ecff7d95898a0dc79b9b1a8a8f4f2 test: increase timeout in p2p_leak_tx.py (Martin Zumsande)

Pull request description:

  This fixes two issues with `p2p_leak_tx.py`:

  1.) #33090: As far as I can see, this is just the randomness of `NextInvToInbounds`/ `rand_exp_duration`, which has a probability of `e^-(60s/5s) = 6.14×10^−6` to result in a period > 60s (our waiting time), so that the test would fail every 160k runs... Doubling the timeout should be sufficient to lower the probability drastically.

  2.) The subtest `test_notfound_on_unannounced_tx` has some (w)txid confusion: we send a `MSG_TX`-type getdata with a `wtxid` in it, which necessarily always results in a NOTFOUND. Fixed this, and change the subtest to be more deterministic based on `mocktime`.

ACKs for top commit:
  stratospher:
    ACK 14ae71f. nice restructuring using mocktime!
  davidgumberg:
    reACK https://github.com/bitcoin/bitcoin/commit/14ae71f323dd011c6d51470ea15cf00750970f65
  vasild:
    ACK 14ae71f323dd011c6d51470ea15cf00750970f65

Tree-SHA512: be5a4ca7bf56f82b6fa04d90ef9312dc2e6f8ff7ddf70b39d979dc42fbdd823157109b8b5dc46eb7f81ac1e816f40e6966b3c8a7d384aadee01e2189c20d3e3a

cfb0d74698

Merge bitcoin/bitcoin#33533: test: addrman: check isTerrible when time is more than 10min in the future

8e47ed6906d5e381498681e2cab9f2e318597705 test: addrman: check isTerrible when time is more than 10min in the future (brunoerg)

Pull request description:

  This PR adds test coverage to kill the following mutant (https://corecheck.dev/mutation/src/addrman.cpp#L76):
  ```diff
  diff --git a/src/addrman.cpp b/src/addrman.cpp
  index 9c3a24db90..0ffd349315 100644
  --- a/src/addrman.cpp
  +++ b/src/addrman.cpp
  @@ -73,7 +73,7 @@ bool AddrInfo::IsTerrible(NodeSeconds now) const
       }

       if (nTime > now + 10min) { // came in a flying DeLorean
  -        return true;
  +        return false;
       }
  ```

  When the `nTime` is set 10 minutes in the future the addr should be marked as terrible.

ACKs for top commit:
  Crypt-iQ:
    crACK 8e47ed6906d5e381498681e2cab9f2e318597705
  danielabrozzoni:
    tACK 8e47ed6906d5e381498681e2cab9f2e318597705
  marcofleon:
    Nice, code review ACK 8e47ed6906d5e381498681e2cab9f2e318597705

Tree-SHA512: b53b3aa234a73ec7808cb1555916ac64dd707f230ec290a1712493ece8e274a060e16d862b31df0f744804ebd3c0c2825c49becb7d3040cc358e48c4002524cb

25dbe4bc86

Merge bitcoin/bitcoin#33485: test: set par=2 in default config for functional test framework

dda5228e02ca6a839bf87ae7dbd133547563816a test: set par=2 in default config for functional test framework (Andrew Toth)

Pull request description:

  Depending on the host machine, a default `par` value can spawn up to 15 script verification threads for each node. Running the functional test suite with default `par` can exhaust file descriptors or hit other resource limits when many threads are spawned. These threads are mostly idle and the same code paths are executed with a value of `par=2`. Limit this to 2 for functional tests that do not override the default option.

ACKs for top commit:
  maflcko:
    lgtm ACK dda5228e02ca6a839bf87ae7dbd133547563816a
  pablomartin4btc:
    ACK dda5228e02ca6a839bf87ae7dbd133547563816a
  l0rinc:
    Code review ACK dda5228e02ca6a839bf87ae7dbd133547563816a
  theStack:
    ACK dda5228e02ca6a839bf87ae7dbd133547563816a

Tree-SHA512: 4459972330ff50ac7391141db6382579de09d84e68959eaeb5f20972bb9daf9aac1bd68355028ded9ee65e838c12dbd53e6f3bb6cdc375d269f666c19a19eaec

2578da69f4

Merge bitcoin/bitcoin#33464: p2p: Use network-dependent timers for inbound inv scheduling

0f7d4ee4e8281ed141a6ebb7e0edee7b864e4dcf p2p: Use different inbound inv timer per network (Martin Zumsande)
94db966a3bb52a3677eb5f762447202ed3889f0f net: use generic network key for addrcache (Martin Zumsande)

Pull request description:

  Currently, `NextInvToInbounds` schedules  each round of `inv` at the same time for all inbound peers. It's being done this way because with a separate timer per peer (like it's done for outbounds), an attacker could do multiple connections to learn about the time a transaction arrived. (#13298).

  However, having a single timer for inbounds of all networks is also an obvious fingerprinting vector: Connecting to a suspected pair of privacy-network and clearnet addresses and observing the `inv` pattern makes it trivial to confirm or refute that they are the same node.

  This PR changes it such that a separate timer is used for each network.
  It uses the existing method  from `getaddr` caching and generalizes it to be saved in a new field `m_network_key` in `CNode` which will be used for both `getaddr` caching and `inv` scheduling, and can also be used for any future anti-fingerprinting measures.

ACKs for top commit:
  sipa:
    utACK 0f7d4ee4e8281ed141a6ebb7e0edee7b864e4dcf
  stratospher:
    reACK 0f7d4ee.
  naiyoma:
    Tested ACK 0f7d4ee4e8281ed141a6ebb7e0edee7b864e4dcf
  danielabrozzoni:
    reACK 0f7d4ee4e8

Tree-SHA512: e197c3005b2522051db432948874320b74c23e01e66988ee1ee11917dac0923f58c1252fa47da24e68b08d7a355d8e5e0a3ccdfa6e4324cb901f21dfa880cd9c

a33bd767a3

Fix windows libc++ fs::path fstream compile errors

As reported by hebasto in https://github.com/bitcoin/bitcoin/issues/33545,
newer libc++ versions implementing https://wg21.link/lwg3430 will no longer
implicitly convert `fs::path` objects to `std::filesystem::path` objects when
constructing `std::ifstream` and `std::ofstream` types.

This is not a problem in Unix systems since `fs::path` objects use
`std::string` as their native string type, but it causes compile errors on
Windows which use `std::wstring` as their string type, since `fstream`s can't
be constructed from `wstring`s.

Fix the windows libc++ compile errors by adding a new `fs::path::std_path()`
method and using it construct `fstream`s more portably.

Additionally, delete `fs::path`'s implicit `native_string` conversion so these
errors will not go undetected in the future, even though there is not currently
a CI job testing Windows libc++ builds.

b0113afd44

Simplify fs::path by dropping filename() and make_preferred() overloads

These overloads were needed to allow passing `fs::path` objects directly to
libstdc++'s `fstream` constructors, but after the previous commit, there is no
longer any remaining code that does pass `fs::path` objects to `fstream`
constructors. Writing new code which does this is also discouraged because the
standard has been updated in https://wg21.link/lwg3430 to disallow it.

Dropping these also means its no longer possible to pass `fs::path` arguments
directly to `fstream::open` in libstdc++, which is somewhat unfortunate but not
a big loss because it is already not possible to pass them to the constructor.
So this commit updates `fstream::open` calls.

Additionally, this change required updates to src/bitcoin.cpp since it was
relying on the overloaded filename() method.

c864a4c194

Merge bitcoin/bitcoin#33454: net: support overriding the proxy selection in ConnectNode()

c76de2eea18076f91dd80b52f66ba790f071a2b1 net: support overriding the proxy selection in ConnectNode() (Vasil Dimov)

Pull request description:

  Normally `ConnectNode()` would choose whether to use a proxy and which one. Make it possible to override this from the callers and same for `OpenNetworkConnection()` - pass down the proxy to `ConnectNode()`.

  Document both functions.

  This is useful if we want to open connections to IPv4 or IPv6 peers through the Tor SOCKS5 proxy.

  Also have `OpenNetworkConnection()` return whether the connection succeeded or not. This can be used when the caller needs to keep track of how many (successful) connections were opened.

  ---

  This is part of [#29415 Broadcast own transactions only via short-lived Tor or I2P connections](https://github.com/bitcoin/bitcoin/pull/29415). Putting it in its own PR to reduce the size of #29415 and because it does not depend on the other commits from there.

ACKs for top commit:
  stratospher:
    ACK c76de2e.
  optout21:
    ACK c76de2eea18076f91dd80b52f66ba790f071a2b1
  mzumsande:
    Code Review ACK c76de2eea18076f91dd80b52f66ba790f071a2b1
  andrewtoth:
    ACK c76de2eea18076f91dd80b52f66ba790f071a2b1

Tree-SHA512: 1d266e4280cdb1d0599971fa8b5da58b1b7451635be46abb15c0b823a1e18cf6e7bcba4a365ad198e6fd1afee4097d81a54253fa680c8b386ca6b9d68d795ff0

452ea59281

Merge bitcoin/bitcoin#33489: build: Drop support for EOL macOS 13

1aaaaa078bb2efed126e3f41ecf7c81ccf005818 fuzz: Drop unused workaround after Apple-Clang bump (MarcoFalke)
fadad7a49477cd61fbbfe20a0a61023c2d4d70a1 Drop support for EOL macOS 13 (MarcoFalke)

Pull request description:

  Now that macOS 13 is EOL (https://en.wikipedia.org/wiki/MacOS_Ventura), it seems odd to still support it.

  (macOS Ventura 13.7.8 received its final security update on 20 Aug 2025: https://support.apple.com/en-us/100100)

  This patch will only be released in version 31.x, another 6 months out from now.

  So:

  * Update the depends build and release note template to drop EOL macOS 13.
  * As a result, update the earliest Xcode to version 16 in CI.
  * Also, bump the macOS CI runner to version 15, to avoid issues when version 14 will be at its EOL in about 1 year.

  This also allows to drop a small workaround in the fuzz tests and unlocks libcpp hardening (https://github.com/bitcoin/bitcoin/pull/33462)

ACKs for top commit:
  stickies-v:
    re-ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
  l0rinc:
    code review ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
  hodlinator:
    re-ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
  hebasto:
    ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818.

Tree-SHA512: 6d247a8432ef8ea8c6ff2a221472b278f8344346b172980299507f9898bb9e8e16480c128b1f4ca692bcbcc393da2b2fd6895ac5f118bc09e0f30f910529d20c

919e6d01e9

ci: Use native platform for win-cross task fa6fd16f36

Squashed 'src/ipc/libmultiprocess/' changes from 47d79db8a552..a4f929696490

a4f929696490 Merge bitcoin-core/libmultiprocess#224: doc: fix typos
f4344ae87da0 Merge bitcoin-core/libmultiprocess#222: test, ci: Fix threadsanitizer errors in mptest
1434642b3804 doc: fix typos
73d22ba2e930 test: Fix tsan race in thread busy test
b74e1bba014d ci: Use tsan-instrumented cap'n proto in sanitizers job
c332774409ad test: Fix failing exception check in new thread busy test
ca3c05d56709 test: Use KJ_LOG instead of std::cout for logging
7eb1da120ab6 ci: Use tsan-instrumented libcxx in sanitizers job
ec86e4336e98 Merge bitcoin-core/libmultiprocess#220: Add log levels and advertise them to users via logging callback
515ce93ad349 Logging: Pass LogData struct to logging callback
213574ccc43d Logging: reclassify remaining log messages
e4de0412b430 Logging: Break out expensive log messages and classify them as Trace
408874a78fdc Logging: Use new logging macros
67b092d835cd Logging: Disable logging if messsage level is less than the requested level
d0a1ba7ebf21 Logging: add log levels to mirror Core's
463a8296d188 Logging: Disable moving or copying Logger
83a2e10c0b03 Logging: Add an EventLoop constructor to allow for user-specified log options
58cf47a7fc8c Merge bitcoin-core/libmultiprocess#221: test default PassField impl handles output parameters
db03a663f514 Merge bitcoin-core/libmultiprocess#214: Fix crash on simultaneous IPC calls using the same thread
afcc40b0f1e8 Merge bitcoin-core/libmultiprocess#213: util+doc: Clearer errors when attempting to run examples + polished docs
6db669628387 test In|Out parameter
29cf2ada75ea test default PassField impl handles output parameters
1238170f68e8 test: simultaneous IPC calls using same thread
eb069ab75d83 Fix crash on simultaneous IPC calls using the same thread
ec03a9639ab5 doc: Precision and typos
2b4348193551 doc: Where possible, remove links to ryanofsky/bitcoin/
286fe469c9c9 util: Add helpful error message when failing to execute file

git-subtree-dir: src/ipc/libmultiprocess
git-subtree-split: a4f92969649018ca70f949a09148bccfeaecd99a

0f01e1577f

Merge commit '0f01e1577f7c6734eb345139a12aba329ef22a5f' into pr/subtree-6 eda91b07fd

Merge bitcoin/bitcoin#33515: Improve LastCommonAncestor performance + add tests

3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b chain: make use of pskip in LastCommonAncestor (optimization) (Pieter Wuille)
2e09d66fbb7bb253ce90ffcda026ce58426ba4e4 tests: add unit tests for CBlockIndex::GetAncestor and LastCommonAncestor (Pieter Wuille)

Pull request description:

  In theory, the `LastCommonAncestor` function in chain.cpp can take $\mathcal{O}(n)$ time, walking over the entire chain, if the forking point is very early, which could take ~milliseconds. I expect this to be very rare in normal occurrences, but it seems nontrivial to reason about worst cases as it's accessible from several places in net_processing.

  This PR modifies the algorithm to make use of the `CBlockIndex::pskip` skip pointers to find the forking point in sublinear time (a simulation shows that for heights up to $34 \cdot 4^k - 2$ and $k \geq 8$, no more than $k^2 + 10k + 13$ steps are ever needed), in a way that should be nearly free - at worst the same number of memory accesses should be made, with a tiny increase in computation.

  As it appears we didn't really have tests for this function, unit tests are added for that function as well as `CBlockIndex::GetAncestor()`.

  This is inspired by https://github.com/bitcoin/bitcoin/pull/32180#discussion_r2394877881

ACKs for top commit:
  optout21:
    ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b
  achow101:
    ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b
  vasild:
    ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b
  mzumsande:
    Code Review ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b
  furszy:
    ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b
  stratospher:
    ACK 3635d62f5a935801e26a0d5fa2cb5e2dbbb42f9b.

Tree-SHA512: f9b7dea1e34c1cc1ec1da3fb9e90c4acbf4aaf0f04768844f538201efa6b11eeeefc97b720509e78c21878977192e2c4031fd8974151667e2e756247002b8164

de1dc6b47b

Merge bitcoin/bitcoin#32998: Bump SCRIPT_VERIFY flags to 64 bit

652424ad162b63d73ecb6bd65bd26946e90c617f test: additional test coverage for script_verify_flags (Anthony Towns)
417437eb01ac014c57aca47f44d7f8d3da351987 script/verify_flags: extend script_verify_flags to 64 bits (Anthony Towns)
3cbbcb66efc39c6566ab31836e4eb582b77581d2 script/interpreter: make script_verify_flag_name an ordinary enum (Anthony Towns)
bddcadee82daf3ed1441820a0ffc4c5ef78f64f1 script/verify_flags: make script_verify_flags type safe (Anthony Towns)
a5ead122fe060e7e582914dcb7acfaeee7a8ac48 script/interpreter: introduce script_verify_flags typename (Anthony Towns)
4577fb2b1e098c3f560b1ff50a37ebfef2af5f32 rpc: have getdeploymentinfo report script verify flags (Anthony Towns)
a3986935f073be799a35dfa92ab5004e12b35467 validation: export GetBlockScriptFlags() (Anthony Towns)
5db8cd2d37eba3ca6abc66386a3b9dc2185fa3ce Move mapFlagNames and FormatScriptFlags logic to script/interpreter.h (Anthony Towns)

Pull request description:

  We currently use 21 of 32 possible bits for `SCRIPT_VERIFY_*` flags, with open PRs that may use 8 more (#29247, #31989, #32247, #32453). The mutinynet fork that has included many experimental soft fork features is [already reusing bits here](https://github.com/benthecarman/bitcoin/blob/d4a86277ed8a0712e03fbbce290e9209165e049c/src/script/interpreter.h#L175-L195). Therefore, bump this to 64 bits.

  In order to make it easier to update this logic in future, this PR also introduces a dedicated type for the script flags, and disables implicit conversion between that type and the underlying integer type. To make verifying that this change doesn't cause flags to disappear, this PR also resurrects the changes from #28806 so that the script flags that are consensus enforced on each block can be queried via getdeploymentinfo.

ACKs for top commit:
  instagibbs:
    reACK https://github.com/bitcoin/bitcoin/pull/32998/commits/652424ad162b63d73ecb6bd65bd26946e90c617f
  achow101:
    ACK 652424ad162b63d73ecb6bd65bd26946e90c617f
  darosior:
    ACK 652424ad162b63d73ecb6bd65bd26946e90c617f
  theStack:
    Code-review ACK 652424ad162b63d73ecb6bd65bd26946e90c617f :flags:

Tree-SHA512: 7b30152196cdfdef8b9700b571b7d7d4e94d28fbc5c26ea7532788037efc02e4b1d8de392b0b20507badfdc26f5c125f8356a479604a9149b8aae23a7cf5549f

d735e2e9b3

Merge bitcoin/bitcoin#32513: ci: remove 3rd party js from windows dll gha job

156927903d64297500dd73380908c654b07bfb1a ci: Check windows manifests for all executables (Max Edwards)
e1a1b14c9359751a4d0117a27a303d1f1d3ed30f ci: use a more generic way of finding mt.exe (Max Edwards)
7ae0497eef8f5b37fc1184897a5bbc9f023dfa67 ci: remove 3rd party js from windows dll gha job (Max Edwards)

Pull request description:

  The windows job uses the external dependency `ilammy/msvc-dev-cmd` which runs javascript. We use this to put various tools on the path such as `MSBuild.exe` and `mt.exe`. We can remove this dependency and use `vswhere.exe` directly to find these tools and create a "[Developer command prompt](https://github.com/microsoft/vswhere/wiki/Start-Developer-Command-Prompt#using-powershell)" as someone would on their dev machine.

  While in this area of the code, this PR also runs some additional manifest checks on the windows binaries.

  Fixes: #32508

ACKs for top commit:
  davidgumberg:
    crACK 156927903d64297
  hebasto:
    ACK 156927903d64297500dd73380908c654b07bfb1a.

Tree-SHA512: df640dff27579a1c95daddc5a5ba8fd655bbd0a6f2aff74d0f63439c7185c0b18a90abfee3f1f032fe833cd19b822ef71812f44b24c4c044222e46d01c271864

ec5841888d

Merge bitcoin/bitcoin#33494: depends: Update URL for `qrencode` package source tarball

93a70a42d30fa2f9404b76d5bbdb5ea316fc1032 depends: Update URL for `qrencode` package source tarball (Hennadii Stepanov)
6de80512632afe612a3427463c94ac51f90f5203 depends: Use hash instead of file name for package download stamp (Hennadii Stepanov)
46135d90ea9002e273f2a75283444afd080b81b1 depends: Drop redundant check for downloaded file (Hennadii Stepanov)
771978952a98a0da2d215c9ed8c5db13250ad58d depends: Fix `$(package)_fetched` target (Hennadii Stepanov)

Pull request description:

  The https://fukuchi.org/ homepage no longer links to the source tarball, and previously available files appear to have been removed. The homepage now instructs users to download source tarballs from the GitHub [releases](https://github.com/fukuchi/libqrencode/releases) page instead.

  The diff between the source trees is immaterial:
  ```diff
  --- old
  +++ new
  @@ -1,19 +1,16 @@
   27e7deccd2925c94e4190ee64794a051199f215f145f76fd664cdebedbbf8a35  acinclude.m4
  -e1e35b1309482f699a9700a2065a0bce09c2108dd1f78ba7bfbe0f7f0bdcd2e6  aclocal.m4
   a9308eec78790720dbcd5452ab8f241b5f1c6939ccf3389917b8e78cb2b58c9e  autogen.sh
   aa36725d577048f0370dc7415a1acb578fbdfb531c1b384a836d9360a81f6f5c  bitstream.c
   3feaacd7d096834fc5956215598564ec287ad443185c4433c3f8007cc53ceaa6  bitstream.h
   21bd5a34c90d3d6ee540ceb48c3d5aea5f21bd6b829ef3112db832af0bd423d8  ChangeLog
   f8a7a94c9622fab721df47e8121533ebfcb79885aca01ecec2fff00dfb84caef  cmake/FindIconv.cmake
   6345e7eecb92473f361a8eb98dd373aa09cae79a43408cf4b42b00b411c9c197  CMakeLists.txt
  -031d560570eab2eda57c2f9ee9952445002f8bf4a23965fcaf43bbc2c61590e2  config.h.in
  -d2f42cc5771b69f2d2ecd4b31509864ae2b18b25c823986390bb372ee07030fa  configure
   02867a8ea08206c84d5f4c05f41a15c639291091e3dfac27f3a9029d8f5d3028  configure.ac
   a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING
   76c41754bccbf69a60fb7833776637c60b86f59104705c0a5cea9ee3a2968f3d  Doxyfile
   36d84f714cf28397b02d6c44860106a7cb858fc6d25239a2698a72fa5136e5c3  libqrencode.pc.in
   f0ce93a7e1b1f0fab87dd071ec3c8dd80a567d778dfc5930d9f375d676ecb9a0  Makefile.am
  -507c2385fb49c5724e8e3dfca97feb24cbdd4e651f3f0bfa62524e60088091a0  Makefile.in
  +dcb782b1b382328c0bce9194944bdcc65a6035d8e9f89e39436ed2e55ae8b969  makeREADME.sh
   6046d347c6c564fc13a24dc0a15a09a83023e00a4e0d0f23029a81f86ac4d024  mask.c
   9f853cee7d72191a8dbf018b7a86c0f0b6ca661e27a51fab677af911f2ff9e7e  mask.h
   a4e17b68d8db573e152132ebcbdc837b55415c12027f81232662db645faf79f0  mmask.c
  @@ -30,7 +27,7 @@
   6e9ff66002b4a839c6e78bcd6a55342d9eb8b289273fa838441b27ee9969e293  qrinput.h
   68831e02ee1ba602b1937328abec000e616c4472d9dc40067dd45ab7072df172  qrspec.c
   a2a9a5af4d62015e82b48b8316aea2b70031dcdc1ed2b829c0102ea5dc02aca2  qrspec.h
  -8730d006f1d45b90dc0ef9a20e4119420f15b37a09483c929baa4225e21f7900  README
  +a56773b55989ea5cae8a43f2d845ce0afa9576a26170937fbe36a69fee953cd4  README.md
   ace480f2e16001e276c73a5e965c282915ad81e2c28cce3ef574b5a8db7210e8  rsecc.c
   c731ebe26d58d5e5df3b2d694de0fb1c4ae80a36cf0559c49b04e989dee8b182  rsecc.h
   8ed1af4414b5628845519581c82bf51ba2b4dee1f8352c1fd01b50afcd0a0ed7  split.c
  @@ -46,7 +43,6 @@
   e26b20198a7393b3c060891876fa45edb81488aef9df6d6cf45893a605e5e5e4  tests/decoder.h
   adabfbddb0f25de2e2cae970195fcfdf11ad1fa66ce64e237d83f821346f64c4  tests/frame
   23c283a3d3b5f1bbb3108603ebf05d7a95951ba86a288e09140eab612a5eb258  tests/Makefile.am
  -c8b819bf7f00c979ab0b6f0d0fb10289d2006bc6acda1737d2f1c383a60e1e66  tests/Makefile.in
   ebd71b937d4d39f382f8c57f362a01f11fd617b66dbdf6f1a3c4897c8c42e235  tests/prof_qrencode.c
   d4adcb234d4c31473cd9ffedd1bfa9645ba336d426640ba5893dfe6e75db171d  tests/pthread_qrencode.c
   62298641504b0a2c1d199cd7f656cb376959200169042de76f7c5950d2d42395  tests/rscode.c
  @@ -63,6 +59,7 @@
   cf5792cbfb92ba46f7f5f14b98f00813b0e7e4f5e7c790c6a28793774474bf26  tests/test_monkey.c
   3a2c58346d57f6bb2a634d6febf3c65ac524259a2d789657f8d60c678bf8d658  tests/test_mqrspec.c
   b9d8c569ba36a2258cb1ad0d1f85ce4fb2935fad519e902bade59aa9772321aa  tests/test_qrencode.c
  +785fe14a6f8bc096b20ec271771fb09f22f29eb4f9d729f5b40d6b4cc824ce36  tests/test_qrenc.sh
   d0eee6eddf98ee4595c07f7da40c7de548651bf839b26995756e94db2599451f  tests/test_qrinput.c
   ace7885e435ef77cc127da0ac23c724498aaa8d80d53b908063f79c9f0b7acce  tests/test_qrspec.c
   fde9c2735ce94be51e1b0bbffe65415aa3afd2da5bd4c0e2c5e50e1a2f1ea3f7  tests/test_rs.c
  @@ -71,12 +68,4 @@
   6f35c0e1235b31d0068c4ab175d8110c736e60df0309d4be7b3e57dd62d316f6  tests/URI_testset.inc
   6be3983fc397cd5dade1dd219ad6cbe7977f416410b1509984006ecec51605b5  tests/view_qrcode.c
   92b5be1ca2239399232d51503715c848dae9bf3db71b1f03157bfa9779826910  TODO
  -c8af04e62bad4ab75dafd22119026e5e3943f385bdcbe7731a4938102453754c  use/compile
  -1d9048b0ac9d4d1dfce7aa4e3a0b59ccfd32db2f7693814aa6f4c778560f5669  use/config.guess
   b522487f9c47661d321367d133f3d41247dd16d435f2d4b9c643dee95bf65eee  use/config.rpath
  -5bf0da2576ebb21ab60a9d9291a85b40af0e956a9eafb709ca8b20dcb105f4ee  use/config.sub
  -732bcd6b9e23f241e015d71b0a3a862104053aba20718c1f56b292cee7e29371  use/depcomp
  -608b76d735bb2ec2bcb1271644c3d5e7a428fb8d2338e114e8a48ebf91ccfd23  use/install-sh
  -2304d53af1f63b76a11651efdd18578adf2bda1ffc2c257100cba374b55f284b  use/ltmain.sh
  -f038345dab184e538098d22a8edc423762da66a90ebe269f23bfef85287cd30c  use/missing
  -7c1ae35455771ae32050c2ed109e3d297160b6d1a2f70b0278cf6968e5e7e98c  use/test-driver
  ```

  ---

  **UPDATE 2025-09-30**

  A few commits have been added:

  1. The first commit fixes the `$(package)_fetched` target, which erroneously succeeds on the second run after a failure on the master branch:
  ```
  $ gmake -C depends clean-all
  $ gmake -C depends qrencode_fetched FALLBACK_DOWNLOAD_PATH="https://fallback.invalid"
  $ gmake -C depends qrencode_fetched FALLBACK_DOWNLOAD_PATH="https://fallback.invalid"
  $ echo $?
  0
  ```
  With the first commit applied:
  ```
  $ gmake -C depends clean-all
  $ gmake -C depends qrencode_fetched FALLBACK_DOWNLOAD_PATH="https://fallback.invalid"
  $ gmake -C depends qrencode_fetched FALLBACK_DOWNLOAD_PATH="https://fallback.invalid"
  $ echo $?
  2
  ```

  2. The second and third commits allow the depends build subsystem to detect when the source tarball content has been modified and needs to be re-downloaded, even if the file name remains the same.

ACKs for top commit:
  m3dwards:
    ACK 93a70a42d30fa2f9404b76d5bbdb5ea316fc1032
  achow101:
    ACK 93a70a42d30fa2f9404b76d5bbdb5ea316fc1032
  vasild:
    ACK 93a70a42d30fa2f9404b76d5bbdb5ea316fc1032
  janb84:
    ACK 93a70a42d30fa2f9404b76d5bbdb5ea316fc1032

Tree-SHA512: 38b7c029070426196c747fc45c9d00bae534eeeb2d9cd9f221580fce8380f4f8aecb6c48b2563e322edd8c9534f5dd42d8f4e110ada42bb83568cf2dcfb7dc22

b510893d00

doc: how to update a subtree a1226bc760

ci: add libcpp hardening flags to macOS fuzz job

Follows up to
https://github.com/bitcoin/bitcoin/pull/33425#issuecomment-3323149107.

e4c04f7759

ci: Refactor get_previous_releases step in win-test-cross task

This refactor does not change behavior, but allows the step to be
re-used in other tasks, such as a mac-test-cross task

fa8c750a0a

ci: Add macOS cross task for arm64 fad5a7101c

Revert "depends: Use hash instead of file name for package download stamp"

This reverts commit 6de80512632afe612a3427463c94ac51f90f5203.

a89a822e6e

Revert "depends: Update URL for `qrencode` package source tarball"

This reverts commit 93a70a42d30fa2f9404b76d5bbdb5ea316fc1032.

e4335a3192

depends: Use $(package)_file_name when downloading from the fallback 671b774d1b

ci: Properly include $FILE_ENV in DEPENDS_HASH

$FILE_ENV has a full relative path already, prepending with ci/test/
results in a non-existent path which means that DEPENDS_HASH was not
actually committing to the test's environment file.

ceeb53adcd

Update ci.yml b35341b9ba

Merge bitcoin/bitcoin#33584: ci: upgrade GitHub Action to download-artifact@v5

b35341b9ba63a0108596e56e9eecc851a4558d98 Update ci.yml (Coder)

Pull request description:

  Release notes:https://github.com/actions/download-artifact/releases/tag/v5.0.0

  Change:
  uses: actions/download-artifact@v4 -> uses: actions/download-artifact@v5

ACKs for top commit:
  maflcko:
    lgtm ACK b35341b9ba63a0108596e56e9eecc851a4558d98
  willcl-ark:
    ACK b35341b9ba63a0108596e56e9eecc851a4558d98
  hebasto:
    ACK b35341b9ba63a0108596e56e9eecc851a4558d98, I have reviewed the code and it looks OK.

Tree-SHA512: f82dd0fe3ca8d431b9ff6ef9f23a4f2e92a1463c6f55fbe9b46b9e13750d311bd2aa915a8570f76600363b3a1ccbf394c95216cfac0f6db30846d9be7ec7c4cf

d44b860cd0

Merge bitcoin/bitcoin#33581: ci: Properly include $FILE_ENV in DEPENDS_HASH

ceeb53adcd0a6a87a65c8ebbb20472c15c502dfd ci: Properly include $FILE_ENV in DEPENDS_HASH (Ava Chow)

Pull request description:

  $FILE_ENV has a full relative path already, prepending with ci/test/ results in a non-existent path which means that DEPENDS_HASH was not actually committing to the test's environment file.

ACKs for top commit:
  maflcko:
    lgtm ACK ceeb53adcd0a6a87a65c8ebbb20472c15c502dfd

Tree-SHA512: 80a7a23676ff8bf2f48a7d3c5897217f11d7d4d4f8a54897d2b7c42689585d2d63e45fad2b8f4c442111f128a87eeb6edeac2b25c79862e6bc035eeb1ebc7f4e

90b2884ce4

Merge bitcoin/bitcoin#33568: doc: how to update a subtree

a1226bc760c70a22ef4a197d5690aca4d83cb74c doc: how to update a subtree (Sjors Provoost)

Pull request description:

  We have instructions on how to verify a subtree update, but not on how to perform one.

ACKs for top commit:
  yuvicc:
    ACK a1226bc760c70a22ef4a197d5690aca4d83cb74c
  achow101:
    ACK a1226bc760c70a22ef4a197d5690aca4d83cb74c
  janb84:
    ACK a1226bc760c70a22ef4a197d5690aca4d83cb74c
  furszy:
    ACK a1226bc760c70a22ef4a197d5690aca4d83cb74c

Tree-SHA512: ba3ccc56a9f1c7f461e0db9699612e1fd64b7c72bfd1dae63d4cb830db416871a493820d3a7924c19b6ce353fc20c5fe07578b053dec6ea68273a007cbebc512

6b4a92b0fa

Merge bitcoin/bitcoin#33577: Revert "depends: Update URL for `qrencode` package source tarball"

e4335a31920cd390d936cd51cc4478a234db1276 Revert "depends: Update URL for `qrencode` package source tarball" (Ava Chow)
a89a822e6eb58c9598099d4dbdf7df90d97eb1e2 Revert "depends: Use hash instead of file name for package download stamp" (Ava Chow)

Pull request description:

  The new URL breaks CI on the current release branches, see https://github.com/bitcoin/bitcoin/pull/33494#issuecomment-3380802351.

  The old URL also no longer exists so the tarball is fetched from the depends sources cache that we host, but the original tarball has already been overwritten on there. We will need to manually reinstate the original tarball.

ACKs for top commit:
  m3dwards:
    utACK e4335a31920cd390d936cd51cc4478a234db1276
  maflcko:
    review ACK e4335a31920cd390d936cd51cc4478a234db1276 💤
  glozow:
    ACK e4335a31920cd390d936cd51cc4478a234db1276

Tree-SHA512: a5028342d77b4768daaec8688acd364795d683aed2bea0407c7827d44f814a97d50cc3b30c2de2a8296a2b212115fe1e76c57685a74e93387fc57afdabb93bd2

cd1b7fa1ff

Merge bitcoin/bitcoin#33518: Update libmultiprocess subtree to support reduced logging

0f01e1577f7c6734eb345139a12aba329ef22a5f Squashed 'src/ipc/libmultiprocess/' changes from 47d79db8a552..a4f929696490 (Ryan Ofsky)

Pull request description:

  Includes:

  - https://github.com/bitcoin-core/libmultiprocess/pull/213
  - https://github.com/bitcoin-core/libmultiprocess/pull/214
  - https://github.com/bitcoin-core/libmultiprocess/pull/221
  - https://github.com/bitcoin-core/libmultiprocess/pull/220
  - https://github.com/bitcoin-core/libmultiprocess/pull/222
  - https://github.com/bitcoin-core/libmultiprocess/pull/224

  The change https://github.com/bitcoin-core/libmultiprocess/pull/220 is needed to support #33517 and fix poor performance in some cases caused by slow logging.

  The changes can be verified by running `test/lint/git-subtree-check.sh src/ipc/libmultiprocess` as described in [developer notes](https://github.com/bitcoin/bitcoin/blob/master/doc/developer-notes.md#subtrees) and [lint instructions](https://github.com/bitcoin/bitcoin/tree/master/test/lint#git-subtree-checksh)

ACKs for top commit:
  Sjors:
    utACK eda91b07fd9f2a6af3c31659d51f51aacf8989c4
  theuni:
    utACK eda91b07fd9f2a6af3c31659d51f51aacf8989c4.

Tree-SHA512: 43c2f47bb95f56181f3ce8cf41380e83b1c00b363a7c732d735a9115ed251fa2c2c9bd096d9be011e47503047a740b2e05c9a79d7e4170a4de9c20ad0de3e501

becf150013

refactor: Construct g_verify_flag_names on first use faa9d10c84

doc: bump the template macOS version

It makes more sense to have a higher OS version than one that is not
supported

f6567527d8

Merge bitcoin/bitcoin#33573: doc: bump the template macOS version

f6567527d8dafa70335de782511791165bb89ccb doc: bump the template macOS version (kevkevinpal)

Pull request description:

  Motivated by https://github.com/bitcoin/bitcoin/pull/33489#issuecomment-3361601497

  The minimum version of MacOS for this repo is now 14 and above so it makes sense to update the issue template to reflect that.
  We are now using a higher version but since it is just a bug template, there is no need to put the lowest version we support.

ACKs for top commit:
  maflcko:
    lgtm ACK f6567527d8dafa70335de782511791165bb89ccb
  l0rinc:
    ACK f6567527d8dafa70335de782511791165bb89ccb
  janb84:
    ACK f6567527d8dafa70335de782511791165bb89ccb

Tree-SHA512: 701b161bda25245996c94b6d2119b5cc85a34917551dcf8c92ffacf3aa80fa7fe84bb3497edc7e600c5b2443de13a6f6107fc7289721e585b16c4972d07a796c

d2987102dd

multiprocess: update multiprocess EventLoop construction to use options

This uses the constructors recently added upstream.

9d068225ee

multiprocess: align our logging with libmultiprocess's

Without this change, logging (even if unused) may account for a
substantial portion of bitcoin-node's and/or client's runtime cpu usage, due
to libmultiprocess's expensive message serialization.

This (along with some recent upstream changes) avoids the overhead by opting
out of log handling for messages that we're not interested in.

Info, Warning, and Error are logged unconditionally to match our behavior
elsewhere. See BCLog::Logger::GetCategoryLogLevel .

0626b90f50

doc: archive release notes for v30.0 8d6e49158e

txgraph: Make level of Cluster implicit (optimization)

This reduces per-Cluster memory usage by making Clusters not aware of their
own level. Instead, track it either in calling code, or infer it based on
the transactions in them.

d40302fbaf

txgraph: move some sanity checks from Cluster to TxGraphImpl (refactor) 2b1d302508

txgraph: avoid holes in DepGraph positions (mem optimization) b1637a90de

depgraph: add memory usage control (feature)

Co-Authored-By: Lőrinc <pap.lorinc@gmail.com>

bb5cb222ae

txgraph: keep data structures compact (mem optimization) 4ba562e5f4

txgraph: keep track of Cluster memory usage (preparation) 7680bb8fd4

txgraph: expose memory usage estimate function (feature) 04c808ac4c

txgraph: avoid accessing other Cluster internals (refactor)

This adds 4 functions to Cluster to help implement Merge() and Split() without
needing access to the internals of the other Cluster. This is a preparation for
a follow-up that will make Clusters a virtual class whose internals are abstracted
away.

2602d89edd

txgraph: make Cluster an abstract class (refactor) 726b995739

txgraph: comment fixes (doc fix) 6baf12621f

txgraph: abstract out creation of empty Clusters (refactor) e93b0f09cc

txgraph: give Clusters a range of intended tx counts (preparation) e346250732

txgraph: add SingletonClusterImpl (mem optimization)

This adds a specialized Cluster implementation for singleton clusters, saving
a significant amount of memory by avoiding the need for m_depgraph, m_mapping,
and m_linearization, and their overheads.

023cd5a546

refactor: assert newly-created parent cache entry has zero memory usage

During `BatchWrite`, the parent entry is created under a guard that guarantees insertion, so the new `Coin` is default-constructed and empty.
Assert this invariant to document why there is no `cachedCoinsUsage` decrement before the assignment at this site.

Co-authored-by: Andrew Toth <andrewstoth@gmail.com>

67cff8bec9

refactor: remove redundant usage tracking from `CoinsViewCacheCursor`

When a coin is spent via `SpendCoin()`, `cachedCoinsUsage` is already decremented and the coin's `scriptPubKey` is cleared, so `DynamicMemoryUsage()` is `0`.

`CoinsViewCacheCursor::NextAndMaybeErase()` was subtracting usage again when erasing spent entries.
Replace it with an assert that documents spent coins have zero dynamic memory usage by the time the cursor encounters them.

Remove the now-unnecessary `usage` reference from the cursor's constructor and member variables.

39cf8bb3d0

coins: fix `cachedCoinsUsage` accounting to prevent underflow

Move the `cachedCoinsUsage` subtract in `AddCoin()` to after the `possible_overwrite` check.
Previously a throw before assignment decremented the counter without changing the entry, which corrupted accounting and later underflowed.

In `Flush()`, reset `cachedCoinsUsage` to `0` only when `BatchWrite()` succeeds and `cacheCoins` is actually cleared. In production `BatchWrite()` returns `true`, so this mostly affects tests. On failure, leave the counter unchanged to keep it in sync with the cache.

The existing `Flush()` workaround in fuzzing was also removed now that the source of the problem was fixed, so the fuzzer no longer needs `coins_view_cache.Flush()` to realign `cachedCoinsUsage` after an exception.
Replace the prior `expected_code_path` tracking with direct assertions. The role of the variable was to verify that code execution follows only expected paths, either successful addition, or if it's an exception, the message is verified and checked that overwrite was disallowed.

With these changes the counter stays consistent across success and exception paths, so we can finally remove the `UBSan` suppressions for `CCoinsViewCache` that were masking the issue.

Included a unit test as well, attempting to add a different coin to the same outpoint without allowing overwrites and make sure it throws.
We use `SelfTest()` to validates accounting, and check that the cache remains usable.

Co-authored-by: Ryan Ofsky <ryan@ofsky.org>
Co-authored-by: w0xlt <woltx@protonmail.com>

d7c9d6c291

coins: only adjust `cachedCoinsUsage` on `EmplaceCoinInternalDANGER` insert

`EmplaceCoinInternalDANGER()` incremented `cachedCoinsUsage` even when `try_emplace` did not insert (duplicate key), inflating the counter.
This is mostly reachable in tests today since `AssumeUTXO` does not overwrite.

Increment only on successful insert, and capture `coin.DynamicMemoryUsage()` before the move so accounting uses the correct value.

Fuzz: add an `EmplaceCoinInternalDANGER` path to exercise insert-only accounting.
Unit test: emplace two different coins at the same outpoint (with different `DynamicMemoryUsage()`), verify `SelfTest()` passes and `AccessCoin(outpoint)` returns the first coin.

Co-authored-by: Andrew Toth <andrewstoth@gmail.com>
Co-authored-by: w0xlt <woltx@protonmail.com>

24d861da78

Merge bitcoin/bitcoin#33580: depends: Use $(package)_file_name when downloading from the fallback

671b774d1b58c491b53f2b2f6ee42fb6b65a0e71 depends: Use $(package)_file_name when downloading from the fallback (Ava Chow)

Pull request description:

  The server hosting the fallbacks uses `make download` so the files are only available with their overridden names rather than the original name on the upstream source. We should therefore also use the overridden name when downloading from the fallback.

  Fixes https://github.com/bitcoin-core/bitcoincore.org/issues/1168

ACKs for top commit:
  theuni:
    utACK 671b774d1b58c491b53f2b2f6ee42fb6b65a0e71. I was going to PR the same change.
  janb84:
    ut ACK 671b774d1b58c491b53f2b2f6ee42fb6b65a0e71
  hebasto:
    ACK 671b774d1b58c491b53f2b2f6ee42fb6b65a0e71, tested with the following patch:

Tree-SHA512: ba010adb64900d8d748487cc1a658e2b163872354f4e7b38c4dfc37a14fcb22fec4379a635d2c6788c64dd46bef0d94aa3eb6f522ec700680e886d5468678031

563747971b

Merge bitcoin/bitcoin#33601: doc: archive release notes for v30.0

8d6e49158e3a1b3215484b5d139c5d8a3fffc4c9 doc: archive release notes for v30.0 (fanquake)

Pull request description:

  Archive v30.0 release notes.

ACKs for top commit:
  janb84:
    ACK 8d6e49158e3a1b3215484b5d139c5d8a3fffc4c9
  willcl-ark:
    ACK 8d6e49158e3a1b3215484b5d139c5d8a3fffc4c9

Tree-SHA512: 322daee16e8d46808c3b669d9c893172eccefe5dafcd79646c9d265360bd606df7be1222a6c12c16517dec88ae1fee6d1aaa7e71761cc5d7fdc8b5e0bdc82292

93b56e95c0

Merge bitcoin/bitcoin#33558: ci: Use native platform for win-cross task

fa6fd16f36e1240cda58a46e1717b02e8d3172a3 ci: Use native platform for win-cross task (MarcoFalke)

Pull request description:

  Forcing the architecture to amd64 is no longer required. Dropping it should have some benefits:

  * Faster CI speed on other arches (riscv64, arm, ...)
  * Unlock the CI task to run on riscv64 at all

ACKs for top commit:
  hebasto:
    ACK fa6fd16f36e1240cda58a46e1717b02e8d3172a3, tested on Ubuntu 24.04, RISC-V.

Tree-SHA512: 68a3fc90cc22ab085d6946deb106e50b22e06eebc61523a9dcb53b38a50021a19da26cc29e2cd20f4673ffc5cc10f441dacca7cc799782258351609d9fa04969

64a7c7cbb9

doc: archive release notes for v29.2 c11a3dcc88

miner: fix empty mempool case for waitNext()

Block template fees are calculated by looping over new_tmpl->vTxFees
and return (early) once the fee_threshold is exceeded.

This left an edge case when the mempool is empty, which this commit
fixes and adds a test for. It does so by using std::accumulate instead
of manual loops.

Also update interface_ipc.py to account for the new behavior.

Co-authored-by: Raimo33 <claudio.raimondi@protonmail.com>

8f7673257a

Merge bitcoin/bitcoin#33508: ci: fix buildx gha cache authentication on forks

bc706955d740f8a59bec78e44d33e80d1cca373b ci: expose all ACTIONS_* vars (willcl-ark)

Pull request description:

  When using `docker buildx build` in conjunction with the `gha` backend cache type (as we do in our CI) it's important to specify the URL and TOKEN needed to authenticate.

  On Cirrus runners this is working with only `ACTIONS_CACHE_URL` and `ACTIONS_RUNTIME_TOKEN`, but this is not enough for the GitHub backend.

  Fix this by exporting all `ACTIONS_*` variables.

  This fixes docker build layer cache restore/save on forks or where GH-hosted runners are being used, and addresses https://github.com/bitcoin/bitcoin/issues/31965#issuecomment-3324707093

ACKs for top commit:
  m3dwards:
    ACK bc706955d740f8a59bec78e44d33e80d1cca373b
  maflcko:
    lgtm ACK bc706955d740f8a59bec78e44d33e80d1cca373b

Tree-SHA512: 13e973bb1c1ca5448dd6c3c176fb5ce39c725886ba2012d3253158205309a7038a1430135b37400e1f2f69408a9d0f4e2b3c5f0515154a593ec382ab7db10266

6c4fe401e9

randomenv: Fix MinGW dllimport warning for `environ`

Extends 7703884 to guard environ declaration on all Windows builds, not just MSVC.
In the mingw-w64 headers (used by llvm-mingw), environ is defined as a macro which expands through _environ to (* __p__environ()), a call to a dllimport function, causing the same inconsistent linkage warning as MSVC.

Use WIN32 instead of _MSC_VER to match the platform-specific guards already used throughout the file.

The warning occurs with llvm-mingw (both UCRT and MSVCRT variants as tested by Hebasto), but not with the mingw-w64 toolchain currently used in CI (as mentioned by fanquake).

Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>

9610b0d1e2

test: change log rate limit version gate from 299900 to 290100 7b544341c0

Merge bitcoin/bitcoin#33157: cluster mempool: control/optimize TxGraph memory usage

023cd5a5469ad61205bf7bb1135895f2b4a20ea9 txgraph: add SingletonClusterImpl (mem optimization) (Pieter Wuille)
e34625073253132c4b711b3c33ee50be60290e35 txgraph: give Clusters a range of intended tx counts (preparation) (Pieter Wuille)
e93b0f09cc2ad7b743f896a09c48d584dfcc2787 txgraph: abstract out creation of empty Clusters (refactor) (Pieter Wuille)
6baf12621f66f124cadffe4bb00cd11b75a7c3ea txgraph: comment fixes (doc fix) (Pieter Wuille)
726b995739ab7b88fb5d1c85a33e6c68a4e146bc txgraph: make Cluster an abstract class (refactor) (Pieter Wuille)
2602d89edd04693d0ebbc6b3c87a7c3fe90dcf40 txgraph: avoid accessing other Cluster internals (refactor) (Pieter Wuille)
04c808ac4c47dcbaffa06476403db649c757436e txgraph: expose memory usage estimate function (feature) (Pieter Wuille)
7680bb8fd48d2357d3c1a7b8121a6ad88d2f6ccf txgraph: keep track of Cluster memory usage (preparation) (Pieter Wuille)
4ba562e5f4e4aa2f390e6f3e871be9b0d216794e txgraph: keep data structures compact (mem optimization) (Pieter Wuille)
bb5cb222ae55a61646cb721ed19618ed332d37ff depgraph: add memory usage control (feature) (Pieter Wuille)
b1637a90deb8528a6892dbc1065876583b5075d6 txgraph: avoid holes in DepGraph positions (mem optimization) (Pieter Wuille)
2b1d30250877ba2576cfc6d56fe5aa0d9e77f706 txgraph: move some sanity checks from Cluster to TxGraphImpl (refactor) (Pieter Wuille)
d40302fbaf41bcb70939db534111f490d7eed5c1 txgraph: Make level of Cluster implicit (optimization) (Pieter Wuille)

Pull request description:

  Part of #30289.

  This adds a few optimizations to reduce `TxGraph`'s memory usage, and makes sure that dynamic memory it uses doesn't linger after shrinking clusters. Finally, it exposes a function `GetMainMemoryUsage()` to compute `TxGraph`'s approximate memory usage.

  It makes the `Cluster` type abstract, with two instances (`SingletonClusterImpl` for 1-transaction clusters, and `GenericClusterImpl` for others).

  On my 64-bit system, I obtain the following numbers:
  * `SingletonClusterImpl`: 48 bytes, plus 16 bytes malloc overhead in its `unique_ptr`, plus 8-byte pointer in `m_clusters`
  * `GenericClusterImpl`: 104 bytes, plus 16 bytes malloc overhead in its `unique_ptr`, plus 8-byte pointer in `m_clusters`, plus 72 bytes malloc overhead inside its vectors and `DepGraph`, plus 40 bytes per transaction in those.
  * `TxGraphImpl::Entry`: 72 bytes per transaction
  * `TxGraphImpl::ChunkData`: 8 bytes, plus 56 bytes in `std::set` overhead + malloc overhead, all per chunk.
  * `TxGraph::Ref`: 16 bytes per transaction

  This overall amounts to 200 bytes per cluster, plus 64 bytes per chunk, plus 128 bytes per transaction, but only 224 bytes overall per singleton cluster.

ACKs for top commit:
  l0rinc:
    code review reACK 023cd5a5469ad61205bf7bb1135895f2b4a20ea9
  instagibbs:
    reACK 023cd5a5469ad61205bf7bb1135895f2b4a20ea9
  ismaelsadeeq:
    reACK 023cd5a5469ad61205bf7bb1135895f2b4a20ea9  🚢
  glozow:
    reACK 023cd5a5469ad61205bf7bb1135895f2b4a20ea9

Tree-SHA512: c957b27f47318be7c25d71453df2ae9d4e7bf21dab13b6e5e975cca122a221a99b15c584872491225785d276a9165f090675ee0f4460a2775bd3271933e3b246

fdcf67de80

Merge bitcoin/bitcoin#33612: test: change log rate limit version gate

7b544341c0021dd713f05bc439ee190de911930c test: change log rate limit version gate from 299900 to 290100 (Eugene Siegel)

Pull request description:

  Change the version gate from 299900 to 290100 for bypassing the log rate limit in case an explicit version is set in the functional test framework.

  See discussion here: https://github.com/bitcoin/bitcoin/pull/33225#discussion_r2287838255

ACKs for top commit:
  maflcko:
    lgtm ACK 7b544341c0021dd713f05bc439ee190de911930c
  janb84:
    ACK 7b544341c0021dd713f05bc439ee190de911930c
  stickies-v:
    ACK 7b544341c0021dd713f05bc439ee190de911930c

Tree-SHA512: c07c8741dfdeca87c49748b7082c2ecb829da391908316f35daef7292bc017814a89f04e16e738f3a105541bbc38e4feb5bca3fb6ab718a1dc1de7c70a9c8a58

6e1adbbaa1

TxGraph: change m_excluded_clusters

Change BlockBuilderImpl's m_excluded_clusters to unordered
set since ordering is not used.

Change the set to a set of sequence numbers for a modest
stability increase under fuzz testing.

9b43428c96

Merge bitcoin/bitcoin#33610: doc: archive release notes for v29.2

c11a3dcc88950d35cc8a97c6afba7d8f7eff9883 doc: archive release notes for v29.2 (fanquake)

Pull request description:

ACKs for top commit:
  janb84:
    ACK c11a3dcc88950d35cc8a97c6afba7d8f7eff9883
  stickies-v:
    ACK c11a3dcc88950d35cc8a97c6afba7d8f7eff9883, matches https://github.com/bitcoin/bitcoin/blob/3226616493289b111997bb107e569fef54386743/doc/release-notes.md

Tree-SHA512: bb566000d6907f70785f45878208479c01df7aa3a50f46ccf9156478bbc798d56b64f5c3fd6555900e03fe44ad7021c0513ed711c22eec4a783e84cd89f8a73c

9314113b29

test: P2SH sig ops are only counted with `SCRIPT_VERIFY_P2SH` flag 3a10d700bc

Merge bitcoin/bitcoin#33517: multiprocess: Fix high overhead from message logging

0626b90f507db68610a69feec86deb712dd095a1 multiprocess: align our logging with libmultiprocess's (Cory Fields)
9d068225ee2b79da43e264994cd84279655a2210 multiprocess: update multiprocess EventLoop construction to use options (Cory Fields)

Pull request description:

  This fixes https://github.com/bitcoin-core/libmultiprocess/issues/215 on Core's side. ~It depends on https://github.com/bitcoin-core/libmultiprocess/pull/220 being merged upstream, and a PR to update our subtree. I've included a subtree merge from my repo here for now, but will rebase on top of the merge from upstream once it's in.~ Edit: Rebased on top of #33518.

  For context: before https://github.com/bitcoin-core/libmultiprocess/pull/220, libmultiprocess serializesd every log message parameter, even if that message was ultimately going to be discarded. The upstream PR accomplished 2 main things:
  - Creates logging categories, similar to Core's
  - Using macros, avoids serializing parameters for disabled log levels.

  That allowed the expensive serialization to be skipped, but the default log level is `Trace`. This PR updates our usage of libmultiprocess options to honor our log categories and levels.

  Because of the substantial unnecessary overhead (see the [flamegraphs](https://github.com/bitcoin-core/libmultiprocess/issues/215). Logging accounts for 50% of my application's cpu time, and nearly 10% of bitcoin-node's, both of which go to ~0% once fixed), it'd be a shame to ship the first multiprocess binaries without this fixed. So I propose that we also backport this (and the required libmultiprocess subtree merge) ~to v30. Sorry about the timing~ :(

  Edit: Didn't make it for v30, but it would still make sense to backport for a v30.1.

ACKs for top commit:
  Sjors:
    ACK 0626b90f507db68610a69feec86deb712dd095a1
  TheCharlatan:
    ACK 0626b90f507db68610a69feec86deb712dd095a1
  sipa:
    utACK 0626b90f507db68610a69feec86deb712dd095a1

Tree-SHA512: 70b63b62d1f6de547f4d4775538d7bcaf32f57d8a72c5b26762b57755810c8be6942d9dfebab43cf1c1d8d025a555f72a48e9ebf3d84f8d40d6592ca801cda5d

db4bde0b03

Merge bitcoin/bitcoin#29675: wallet: Be able to receive and spend inputs involving MuSig2 aggregate keys

ac599c4a9cb3b2d424932d3fd91f9eed17426827 test: Test MuSig2 in the wallet (Ava Chow)
68ef954c4c59802a6810a462eaa8dd61728ba820 wallet: Keep secnonces in DescriptorScriptPubKeyMan (Ava Chow)
4a273edda0ec10f0c5ae5d94b9925fa334d1c6e6 sign: Create MuSig2 signatures for known MuSig2 aggregate keys (Ava Chow)
258db938899409c8ee1cef04e16ba1795ea0038d sign: Add CreateMuSig2AggregateSig (Ava Chow)
bf69442b3f5004dc3df5a1b1d752114ba68fa5f4 sign: Add CreateMuSig2PartialSig (Ava Chow)
512b17fc56eac3a2e2b9ba489b5423d098cce0db sign: Add CreateMuSig2Nonce (Ava Chow)
82ea67c607cde6187d7082429d27b927dc21c0c6 musig: Add MuSig2AggregatePubkeys variant that validates the aggregate (Ava Chow)
d99a081679e16668458512aba2fd13a3e1bdb09f psbt: MuSig2 data in Fill/FromSignatureData (Ava Chow)
4d8b4f53363f013ed3972997f0b05b9c19e9db9d signingprovider: Add musig2 secnonces (Ava Chow)
c06a1dc86ff2347538e95041ab7b97af25342958 Add MuSig2SecNonce class for secure allocation of musig nonces (Ava Chow)
9baff05e494443cd82708490f384aa3034ad43bd sign: Include taproot output key's KeyOriginInfo in sigdata (Ava Chow)
4b24bfeab9d6732aae3e69efd33105792ef1198f pubkey: Return tweaks from BIP32 derivation (Ava Chow)
f14876213aad0e67088b75cae24323db9f2576d8 musig: Move synthetic xpub construction to its own function (Ava Chow)
fb8720f1e09f4e41802f07be53fb220d6f6c127f sign: Refactor Schnorr sighash computation out of CreateSchnorrSig (Ava Chow)
a4cfddda644f1fc9a815b2d16c997716cd63554a tests: Clarify why musig derivation adds a pubkey and xpub (Ava Chow)
39a63bf2e7e38dd3f30b5d1a8f6b2fff0e380d12 descriptors: Add a doxygen comment for has_hardened output_parameter (Ava Chow)
2320184d0ea87279558a8e6cbb3bccf5ba1bb781 descriptors: Fix meaning of any_key_parsed (Ava Chow)

Pull request description:

  This PR implements MuSig2 signing so that the wallet can receive and spend from imported `musig(0` descriptors.

  The libsecp musig module is enabled so that it can be used for all of the MuSig2 cryptography.

  Secnonces are handled in a separate class which holds the libsecp secnonce object in a `secure_unique_ptr`. Since secnonces must not be used, this class has no serialization and will only live in memory. A restart of the software will require a restart of the MuSig2 signing process.

ACKs for top commit:
  fjahr:
    tACK ac599c4a9cb3b2d424932d3fd91f9eed17426827
  rkrux:
    lgtm tACK ac599c4a9cb3b2d424932d3fd91f9eed17426827
  theStack:
    Code-review ACK ac599c4a9cb3b2d424932d3fd91f9eed17426827 :old_key:

Tree-SHA512: 626b9adc42ed2403e2f4405321eb9ce009a829c07d968e95ab288fe4940b195b0af35ca279a4a7fa51af76e55382bad6f63a23bca14a84140559b3c667e7041e

48aa0e98d0

Merge bitcoin/bitcoin#33462: ci: add libcpp hardening flags to macOS fuzz job

e4c04f7759b0b390189410f5ef3ad5faa5354698 ci: add libcpp hardening flags to macOS fuzz job (fanquake)

Pull request description:

  Follows up to https://github.com/bitcoin/bitcoin/pull/33425#issuecomment-3323149107.

ACKs for top commit:
  maflcko:
    lgtm ACK e4c04f7759b0b390189410f5ef3ad5faa5354698. The qa-assets repo has a libc++ debug run, so this isn't required, but it seems fast enough to not hurt.

Tree-SHA512: 6c0dc90528ca867df49027eebf2d1c417a7395f9f94779076ace48e3e4b21771e7d99e8b3ed75ca56da87153418a446075429aa6b9ec5cd4b6b8cb5b0c25c1d7

2f7a50f67c

Squashed 'src/secp256k1/' changes from b9313c6e1a..d543c0d917

d543c0d917 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework
f44c1ebd96 Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors
a44a339384 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job
15d014804e ci: Drop default for `inputs.command` in `run-in-docker-action`
1decc49a1f ci: Use YAML anchor and aliases for repeated "CI script" steps
dff1bc107d ci, refactor: Generalize use of `matrix.configuration.env_vars`
4b644da199 ci: Use YAML anchor and aliases for repeated "Print logs" steps
a889cd93df ci: Bump `actions/checkout` version
574c2f3080 ci: Use YAML anchor and aliases for repeated "Checkout" steps
53585f93b7 ci: Use clang-snapshot in "MSan" job
6894c964f3 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan
2b7337f63a Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements
f163c35897 ci: Set `DEBIAN_FRONTEND=noninteractive`
70ae177ca0 ci: Bump `docker/build-push-action` version
b2a95a420f ci: Drop `tags` input for `docker/build-push-action`
122014edb3 ci: Add `scope` parameter to `cache-{to,from}` options
2f4546ce56 test: add --log option to display tests execution
95b9953ea4 test: Add option to display all available tests
953f7b0088 test: support running specific tests/modules targets
0302c1a3d7 test: add --help for command-line options
9ec3bfe22d test: adapt modules to the new test infrastructure
48789dafc2 test: introduce (mini) unit test framework
baa265429f Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once
4d90585fea docs: Improve API docs of _context_set_illegal_callback
895f53d1cf docs: Clarify that callback can be called more than once
de6af6ae35 Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark
5817885153 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check
ab560078aa build: Fix warnings in x86_64 assembly check
10dab907e7 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value
dfe284ed2d bench: improve context creation in ECDH benchmark
7321bdf27b doc: clarify API doc of `secp256k1_ecdsa_recover` return value
b475654302 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication
9cce703863 refactor: move 'gettime_i64()' to tests_common.h
0c91c56041 test: introduce group order byte-array constant for deduplication
88be4e8d86 Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign
36e76952cb Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so)
399b582a5f Split memclear into two versions
4985ac0f89 Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static)
7ebaa134a7 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so)
806de38bfc doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static)
03fb60ad2e Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows
d93380fb35 Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation
8113671f80 Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy
325d65a8cf Rename and clear var containing k or -k
960ba5f9c6 Use size_t instead of int for RFC6979 outlen copy
737912430d ci: Add more tests for clang-cl
7379a5bed3 doc: Recommend clang-cl when building on Windows
f36afb8b3d Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification
5153cf1c91 tests: refactor tagged hash tests
d2dcf52091 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper
489a43d1bf docs: fix broken link to eprint cache.pdf paper
d599714147 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report
0458def51e doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations
1aecce5936 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations
106a7cbf41 doc: Exclude modules' `bench_impl.h` headers from coverage report
a9e955d3ea autotools, docs: Adjust help string for `--enable-coverage` option
e523e4f90e Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment
24ba8ff168 chore(ci): Fix typo in Dockerfile comment
74b8068c5d Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors
c25c3c8a88 test: update wycheproof test vectors
20e3b44746 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS`
2c076d907a Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof
7b07b22957 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS
5433648ca0 Fix typos and spellings
9ea54c69b7 tests: update Wycheproof files

git-subtree-dir: src/secp256k1
git-subtree-split: d543c0d917a76a201578948701cc30ef336e0fe6

3cbf7cb3e6

Update secp256k1 subtree to latest master 879c21045e

Merge bitcoin/bitcoin#33624: test: P2SH sig ops are only counted with `SCRIPT_VERIFY_P2SH`

3a10d700bc1889b3690097efc935c5a4ba5966bb test: P2SH sig ops are only counted with `SCRIPT_VERIFY_P2SH` flag (brunoerg)

Pull request description:

  This PR adds a test case for `GetTransactionSigOpCost` to check that P2SH sig ops are only counted when `SCRIPT_VERIFY_P2SH` flag is set.

  Kills the following [mutant](https://corecheck.dev/mutation/src/consensus/tx_verify.cpp#L150):

  ```diff
  diff --git a/src/consensus/tx_verify.cpp b/src/consensus/tx_verify.cpp
  index 9d09872597..cc7cdaaf8f 100644
  --- a/src/consensus/tx_verify.cpp
  +++ b/src/consensus/tx_verify.cpp
  @@ -147,7 +147,7 @@ int64_t GetTransactionSigOpCost(const CTransaction& tx, const CCoinsViewCache& i
       if (tx.IsCoinBase())
           return nSigOps;

  -    if (flags & SCRIPT_VERIFY_P2SH) {
  +    if (1==1) {
           nSigOps += GetP2SHSigOpCount(tx, inputs) * WITNESS_SCALE_FACTOR;
       }
  ```

ACKs for top commit:
  l0rinc:
    Tested ACK 3a10d700bc1889b3690097efc935c5a4ba5966bb
  maflcko:
    re-lgtm ACK 3a10d700bc1889b3690097efc935c5a4ba5966bb
  instagibbs:
    ACK 3a10d700bc1889b3690097efc935c5a4ba5966bb
  janb84:
    tested ACK 3a10d700bc1889b3690097efc935c5a4ba5966bb

Tree-SHA512: f560b4f9f2ce5c5fdd0a86e7e1f8ea27a8c6fda0327a6186a0c21e2c06ef13beeb017686db1688cace68812a01701abe46e8e1a095afefc6f2aed6ed96ba8288

b1f8a13702

Merge bitcoin/bitcoin#33480: ci: Turn CentOS config into Alpine musl config

444409ff2b78d8f3e541bd6e883af8da7adfd264 ci: Reduce Alpine musl task to md runner size (MarcoFalke)
fa6b2e9efece2d728bdc257c36c95db03e1a7bc4 ci: Turn centos config into alpine musl config (MarcoFalke)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/issues/33437

  Historically, the centos task was added to add CI coverage for old packages and 32-bit depends builds, but both are now covered by different tasks.

  The CentOS task aligns with Ubuntu/Debian CI tasks in terms of libc usage, but (slightly) differs in package naming and update philosophy. I am not aware of the task ever discovering a centos-related issue, so it seems fine to recycle it into an Alpine Linux task.

  The main difference would be that musl libc is now used. Also, busybox is used in Alpine, so in theory the busybox install could be removed from the arm CI task in the future.

  Packaging considerations: All packages should roughly be the same (gcc remains at version 14, python remains at version 3.12, etc). Also, all packages are from the Alpine main track, coming with 2 years of support. The only exception is the py3-pip package (https://pkgs.alpinelinux.org/packages?name=py3-pip&branch=v3.22&repo=&arch=riscv64) from the community track, however, I don't expect any issues arising from that.

ACKs for top commit:
  janb84:
    reACK 444409ff2b78d8f3e541bd6e883af8da7adfd264
  willcl-ark:
    ACK 444409ff2b78d8f3e541bd6e883af8da7adfd264

Tree-SHA512: fd1a1da0fd766591e44a57dbdb84f9b3b47ca92113a429bba139ee5fef54714b8fe509c321e7b3a470c29b4af7d9eab9786e1660b9effb862ecea52824f458aa

ea17618c11

Merge bitcoin/bitcoin#33549: ci: Add macOS cross task for arm64-apple-darwin

fad5a7101cc3dccbb525cfe9afc105aace8da88e ci: Add macOS cross task for arm64 (MarcoFalke)
fa8c750a0aff9c03270b71a91536639f3922eed8 ci: Refactor get_previous_releases step in win-test-cross task (MarcoFalke)

Pull request description:

  Cross compiling to Intel macOS seems fine, but it would be good to cross compile to arm64-apple-darwin as well.

  Further reading:

  * https://en.wikipedia.org/wiki/Mac_transition_to_Apple_silicon#Timeline.
  * It is harder to find native Intel macOS hardware (E.g. GitHub is in the process of dropping it: https://github.blog/changelog/2025-07-11-upcoming-changes-to-macos-hosted-runners-macos-latest-migration-and-xcode-support-policy-updates/#macos-13-is-closing-down)

ACKs for top commit:
  Sjors:
    utACK fad5a7101cc3dccbb525cfe9afc105aace8da88e
  hodlinator:
    crACK fad5a7101cc3dccbb525cfe9afc105aace8da88e

Tree-SHA512: ce96ac9f68f594584dc910555bd34590084e3e45ca02a22d4949e88bb569de3bf87ebf6b5c6718ae82d7750a98212b72f6dab80bddfc9652a57180fbdda97f42

40e7d4cd0d

test: Move get_binary_paths and Binaries to util.py

Can be reviewed with the git options
--color-moved=dimmed-zebra --color-moved-ws=ignore-all-space

fa9f495308

test: Move export_env_build_path to util.py fa75ef4328

Merge bitcoin/bitcoin#32313: coins: fix `cachedCoinsUsage` accounting in `CCoinsViewCache`

24d861da7894add47747eff69dd3fc71fbcdd7d0 coins: only adjust `cachedCoinsUsage` on `EmplaceCoinInternalDANGER` insert (Lőrinc)
d7c9d6c2914aadd711544908d0fad8857a809c72 coins: fix `cachedCoinsUsage` accounting to prevent underflow (Lőrinc)
39cf8bb3d0d9ee84544d161bf66d90d5e2a1a140 refactor: remove redundant usage tracking from `CoinsViewCacheCursor` (Lőrinc)
67cff8bec9094e968f36d351fb2e38c9bf563757 refactor: assert newly-created parent cache entry has zero memory usage (Lőrinc)

Pull request description:

  ### Summary

  This PR fixes `cachedCoinsUsage` accounting bugs in `CCoinsViewCache` that caused UBSan `unsigned-integer-overflow` violations during testing. The issues stemmed from incorrect decrement timing in `AddCoin()`, unconditional reset in `Flush()` on failure, and incorrect increment in `EmplaceCoinInternalDANGER()` when insertion fails.

  ### Problems Fixed

  **1. `AddCoin()` underflow on exception**
  - Previously decremented `cachedCoinsUsage` *before* the `possible_overwrite` validation
  - If validation threw, the map entry remained unchanged but counter was decremented
  - This corrupted accounting and later caused underflow
  - **Impact**: Test-only in current codebase, but unsound accounting that could affect future changes

  **2. `Flush()` accounting drift on failure**
  - Unconditionally reset `cachedCoinsUsage` to 0, even when `BatchWrite()` failed
  - Left the map populated while the counter read zero
  - **Impact**: Test-only (production `BatchWrite()` returns `true`), but broke accounting consistency

  **3. Cursor redundant usage tracking**
  - `CoinsViewCacheCursor::NextAndMaybeErase()` subtracted usage when erasing spent entries
  - However, `SpendCoin()` already decremented and cleared the `scriptPubKey`, leaving `DynamicMemoryUsage()` at 0
  - **Impact**: Redundant code that obscured actual accounting behavior

  **4. `EmplaceCoinInternalDANGER()` double-counting**
  - Incremented `cachedCoinsUsage` even when `try_emplace` did not insert (duplicate key)
  - Inflated the counter on duplicate attempts
  - **Impact**: Mostly test-reachable (AssumeUTXO doesn't overwrite in production), but incorrect accounting

  ### Testing

  To reproduce the historical UBSan failures on the referenced baseline and to verify the fix, run:
  ```
  MAKEJOBS="-j$(nproc)" FILE_ENV="./ci/test/00_setup_env_native_fuzz.sh" ./ci/test_run_all.sh
  ```

  The change was tested with the related unit and fuzz test, and asserted before/after each `cachedCoinsUsage` change (in production code and fuzz) that the calculations are still correct by recalculating them from scratch.

  <details>
  <summary>Details</summary>

  ```C++
  bool CCoinsViewCache::CacheUsageValid() const
  {
      size_t actual{0};
      for (auto& entry : cacheCoins | std::views::values) actual += entry.coin.DynamicMemoryUsage();
      return actual == cachedCoinsUsage;
  }
  ```
  or
  ```patch
  diff --git a/src/coins.cpp b/src/coins.cpp
  --- a/src/coins.cpp(revision fd3b1a7f4bb2ac527f23d4eb4cfa40a3215906e5)
  +++ b/src/coins.cpp(revision 872a05633bfdbd06ad82190d7fe34b42d13ebfe9)
  @@ -96,6 +96,7 @@
           fresh = !it->second.IsDirty();
       }
       if (!inserted) {
  +        Assert(cachedCoinsUsage >= it->second.coin.DynamicMemoryUsage());
           cachedCoinsUsage -= it->second.coin.DynamicMemoryUsage();
       }
       it->second.coin = std::move(coin);
  @@ -133,6 +134,7 @@
   bool CCoinsViewCache::SpendCoin(const COutPoint &outpoint, Coin* moveout) {
       CCoinsMap::iterator it = FetchCoin(outpoint);
       if (it == cacheCoins.end()) return false;
  +    Assert(cachedCoinsUsage >= it->second.coin.DynamicMemoryUsage());
       cachedCoinsUsage -= it->second.coin.DynamicMemoryUsage();
       TRACEPOINT(utxocache, spent,
              outpoint.hash.data(),
  @@ -226,10 +228,12 @@
               if (itUs->second.IsFresh() && it->second.coin.IsSpent()) {
                   // The grandparent cache does not have an entry, and the coin
                   // has been spent. We can just delete it from the parent cache.
  +                Assert(cachedCoinsUsage >= itUs->second.coin.DynamicMemoryUsage());
                   cachedCoinsUsage -= itUs->second.coin.DynamicMemoryUsage();
                   cacheCoins.erase(itUs);
               } else {
                   // A normal modification.
  +                Assert(cachedCoinsUsage >= itUs->second.coin.DynamicMemoryUsage());
                   cachedCoinsUsage -= itUs->second.coin.DynamicMemoryUsage();
                   if (cursor.WillErase(*it)) {
                       // Since this entry will be erased,
  @@ -279,6 +283,7 @@
   {
       CCoinsMap::iterator it = cacheCoins.find(hash);
       if (it != cacheCoins.end() && !it->second.IsDirty() && !it->second.IsFresh()) {
  +        Assert(cachedCoinsUsage >= it->second.coin.DynamicMemoryUsage());
           cachedCoinsUsage -= it->second.coin.DynamicMemoryUsage();
           TRACEPOINT(utxocache, uncache,
                  hash.hash.data(),
  ```

  </details>

ACKs for top commit:
  optout21:
    reACK 24d861da7894add47747eff69dd3fc71fbcdd7d0
  andrewtoth:
    ACK 24d861da7894add47747eff69dd3fc71fbcdd7d0
  sipa:
    ACK 24d861da7894add47747eff69dd3fc71fbcdd7d0
  w0xlt:
    ACK https://github.com/bitcoin/bitcoin/pull/32313/commits/24d861da7894add47747eff69dd3fc71fbcdd7d0

Tree-SHA512: ff1b756b46220f278ab6c850626a0f376bed64389ef7f66a95c994e1c7cceec1d1843d2b24e8deabe10e2bdade2a274d9654ac60eb2b9bf471a71db8a2ff496c

f76e1ae389

Merge bitcoin/bitcoin#33469: TxGraph: change m_excluded_clusters

9b43428c96872f0fbbbab4c066c6010fc18c6cc4 TxGraph: change m_excluded_clusters (Greg Sanders)

Pull request description:

  Change BlockBuilderImpl's m_excluded_clusters to unordered set since ordering is not used.

  Change the set to a set of sequence numbers for a modest stability increase under fuzz testing.

ACKs for top commit:
  sipa:
    ACK 9b43428c96872f0fbbbab4c066c6010fc18c6cc4
  marcofleon:
    tACK 9b43428c96872f0fbbbab4c066c6010fc18c6cc4
  glozow:
    ACK 9b43428c96872f0fbbbab4c066c6010fc18c6cc4

Tree-SHA512: 140a492af93f3eff756847a8168aab2624bb7df407f177dde6f3b07e9db2d0ced6b125e2b126f4957ccd054272056bedf74f9f0e64a80d90c16fd94e0fa86a44

e14451ac87

Squashed 'src/leveldb/' changes from aba469ad6a..cad64b151d

cad64b151d Merge bitcoin-core/leveldb-subtree#57: doc: fix typos
157ed16be9 doc: fix typos

git-subtree-dir: src/leveldb
git-subtree-split: cad64b151dabe9ffe9771a54d7c9dbfb3355cefb

f21162d819

Update leveldb subtree to latest master 54ffe3de5b

doc: archive release notes for v28.3 ceea24b921

Merge bitcoin/bitcoin#33642: doc: archive release notes for v28.3

ceea24b92153d799dfaed1874c86d91c5d002d68 doc: archive release notes for v28.3 (fanquake)

Pull request description:

ACKs for top commit:
  stickies-v:
    ACK ceea24b92153d799dfaed1874c86d91c5d002d68 - matches https://github.com/bitcoin/bitcoin/blob/da5f5de4055ecad75490820c0f51db007a0a7d8f/doc/release-notes.md

Tree-SHA512: 56b449c456c221cfb15722356ee3028de8f788c6d35ea6055161024dd03b860a38deeca5f6cf3a70e62a6d02b0d07793fed17aeae514306cdd2bd79aa703f65a

4371740beb

Merge bitcoin/bitcoin#33641: Update leveldb subtree to latest master

f21162d8193319d3cdd43cecd66ee5389632533b Squashed 'src/leveldb/' changes from aba469ad6a..cad64b151d (fanquake)

Pull request description:

  Rather than continue to close PRs/"Send these upstream" i.e: #33638, #33148, #22664, #13781; just fix the typos.

  Includes https://github.com/bitcoin-core/leveldb-subtree/pull/57.

ACKs for top commit:
  l0rinc:
    ACK 54ffe3de5b1d15f10516ea536a12e13cd7d338f3
  cedwies:
    ACK 54ffe3d
  stickies-v:
    ACK 54ffe3de5b1d15f10516ea536a12e13cd7d338f3

Tree-SHA512: cc4d758ee95a1943f14e800472dfef24d5598a1dfafede32300821bc27e02a80ae97ea12ee87643b395b204262c7bc28e64d421a3d375d46bef7782381fd4362

e744fd1249

[doc] correct topology requirements in submitpackage helptext 3d22282564

Merge bitcoin/bitcoin#33630: doc: correct topology requirements in submitpackage helptext

3d222825642bfb052ce40cbc1c69318a0d8835bf [doc] correct topology requirements in submitpackage helptext (glozow)

Pull request description:

  This doc is outdated since #31385. Also made it explicit that a singleton is ok.

  Can be backported to 30.x, but doesn't need to be backported earlier ("if any" covers #31096).

ACKs for top commit:
  janb84:
    ACK 3d222825642bfb052ce40cbc1c69318a0d8835bf
  instagibbs:
    ACK 3d222825642bfb052ce40cbc1c69318a0d8835bf

Tree-SHA512: 95e40630a5b2a571029c0657c20a5e2a1cf1789913b868cee314c1a9fcb9a09fccdd3c87f3f15a8eb95c5ff9b83f8adee0661f86619bf21965866b6f6a76dfd0

d30f149360

build: Move CMAKE_SKIP_INSTALL_RPATH from CMake to Guix script

Remove CMAKE_SKIP_INSTALL_RPATH from CMakeLists.txt and add CMAKE_SKIP_RPATH to the Guix build script. This keeps build-environment-specific settings in the build scripts rather than hardcoded in the CMake configuration.

4b41f99d57

Merge bitcoin/bitcoin#33625: Update secp256k1 subtree to latest master

3cbf7cb3e6ac51492b354732bddbb4f58ce97ed3 Squashed 'src/secp256k1/' changes from b9313c6e1a..d543c0d917 (fanquake)

Pull request description:

  Updates the subtree to https://github.com/bitcoin-core/secp256k1/commit/d543c0d917a76a201578948701cc30ef336e0fe6
  Related to #33284.

ACKs for top commit:
  hebasto:
    ACK 879c21045eba64b3dc875f6f2c2c579abecde1d0.
  janb84:
    ACK 879c21045eba64b3dc875f6f2c2c579abecde1d0

Tree-SHA512: 1802cd84959b5c935170792f458651f30431fe8340ead7966ff381c1c0c3a9f6c21bbb8dd96a07482ffed49642ded49e80b61802e688b8351956b111dffd5a78

0eeae4d174

Merge bitcoin/bitcoin#33633: test: [move-only] binary utils to utils.py

fa75ef4328f638221bcf85fcbefa885122084622 test: Move export_env_build_path to util.py (MarcoFalke)
fa9f495308afdc3c9c1a98a8a28234340986eb53 test: Move get_binary_paths and Binaries to util.py (MarcoFalke)

Pull request description:

  Having the binary related utils sit in the test_framework.py is fine. However, they are mostly stand-alone utils, which may be used externally.

  So move them to utils.py, to allow easier external use. The diff is trivial and can be reviewed via the git options `--color-moved=dimmed-zebra --color-moved-ws=ignore-all-space`.

ACKs for top commit:
  kevkevinpal:
    ACK [fa75ef4](https://github.com/bitcoin/bitcoin/pull/33633/commits/fa75ef4328f638221bcf85fcbefa885122084622)
  Sjors:
    lgtm ACK fa75ef4328f638221bcf85fcbefa885122084622
  yuvicc:
    Code review ACK fa75ef4328f638221bcf85fcbefa885122084622
  janb84:
    ACK fa75ef4328f638221bcf85fcbefa885122084622
  musaHaruna:
    Code Review ACK [fa75ef4](https://github.com/bitcoin/bitcoin/pull/33633/commits/fa75ef4328f638221bcf85fcbefa885122084622)
  enirox001:
    ACK [fa75ef4](https://github.com/bitcoin/bitcoin/commit/fa75ef4328f638221bcf85fcbefa885122084622)

Tree-SHA512: f382118484cb5495e8888214437e72c81727d54f97b3c09dfd996faab6cb6643c4c2d816b89ab82de73fc091c36ed7b8744c7d34a443b6adc415eb06697ef6ea

689ec28d1d

Merge bitcoin/bitcoin#33470: build: Move CMAKE_SKIP_INSTALL_RPATH from CMake to Guix script

4b41f99d57d822dfc258865d1dad03204fe0380f build: Move CMAKE_SKIP_INSTALL_RPATH from CMake to Guix script (Henry Romp)

Pull request description:

  Remove `CMAKE_SKIP_INSTALL_RPATH` from CMakeLists.txt and add `CMAKE_SKIP_RPATH` to the Guix build script. This keeps build-environment-specific settings in the build scripts rather than hardcoded in the CMake configuration.

ACKs for top commit:
  purpleKarrot:
    ACK 4b41f99d57d822dfc258865d1dad03204fe0380f
  janb84:
    re ACK 4b41f99d57d822dfc258865d1dad03204fe0380f

Tree-SHA512: 74d6af382476d731f10f9833978d670e9981c160ba306d0e9d4b1ad1e9b9960b8d03a3b9b608e234edb1c0c2c7a2b4f9f606a2a7887b7a153792159e71ae9b21

abe7cbfe1a

ci: Drop libFuzzer from msan fuzz task fa70e23de7

ci: Remove unused MAYBE_CPUSET

The option is currently unused. If it is used again in the future, it
could trivially be added back.

Also, the logic is just a single undocumented python command one-liner.

So remove it for now.

fa72a2bd5c

ci: Move buildx command to python script

This has a few benefits:

* The shellcheck SC2086 warning is disabled for the whole command, but
  is only needed for the DOCKER_BUILD_CACHE_ARG env var.  So in Python,
  only pass this one env var to shlex.split() for proper word splitting.
* Future logic improvements can be implemented in Python.

The comments are moved, which can be checked via the git options:
--color-moved=dimmed-zebra --color-moved-ws=ignore-all-space

fab64a5d6f

ci: Only write docker build images to Cirrus cache

Other cache providers offer too little space for this to be useful.

fabe0e07de

Merge bitcoin/bitcoin#33370: ci: use Mold linker for asan-lsan-ubsan-integer-no-depends-usdt workflow

f031536f2d267655a0fb40ab84d03e7ffa903d4c ci: use Mold linker for asan-lsan-ubsan-integer-no-depends-usdt workflow (Brandon Odiwuor)

Pull request description:

  Follow up to https://github.com/bitcoin/bitcoin/pull/32888#pullrequestreview-2993523631 and https://github.com/bitcoin/bitcoin/pull/32888#issuecomment-3044773485

  >>Can we use `mold` as a linker in other Linux based system workflows ? dependencies [we have](https://github.com/bitcoin/bitcoin/blob/master/doc/dependencies.md#compiler) seem to satisfy the deps here https://github.com/rui314/mold?tab=readme-ov-file#how-to-build
  >
  > Sure, happy to review a follow-up. Only place to avoid it would probably the ci tasks that mirror the guix build (win-cross, mac-cross)

  Updated the `ASan + LSan + UBSan + integer, no depends, USDT` workflow to use `mold` linker

ACKs for top commit:
  maflcko:
    lgtm ACK f031536f2d267655a0fb40ab84d03e7ffa903d4c

Tree-SHA512: 35a4cb3eec732bee3f18a3ea70e49b1c99b8e88624a0bb28eca8f3d72ed0835af8773307a27c750b89fc6d969ff20dd87b840d755b7fd14d3cb6ab68d9f587b9

c862936d16

test: Use unassigned p2p_port instead of hardcoded 60000 in p2p_i2p_ports.py fa20275db3

ci: Doc ASLR workaround for sanitizer tasks fa0e36156c

Merge bitcoin/bitcoin#33550: Fix windows libc++ `fs::path` `fstream` compile errors

c864a4c1940d682f7eb6fdb3b91b18d638b59330 Simplify fs::path by dropping filename() and make_preferred() overloads (Ryan Ofsky)
b0113afd44b4c7c0d0da9883424bd2978de3d18c Fix windows libc++ fs::path fstream compile errors (Ryan Ofsky)

Pull request description:

  Drop support for passing `fs::path` directly to `std::ifstream` and `std::ofstream` constructors and `open()` functions, because as reported by hebasto in https://github.com/bitcoin/bitcoin/issues/33545, after https://wg21.link/lwg3430 there is no way this can continue to work in windows builds, and there are already compile errors compiling for windows with newer versions of libc++.

  Instead, add an `fs::path::std_path()` method that returns `std::filesystem::path` references and use it where needed.

ACKs for top commit:
  hebasto:
    ACK c864a4c1940d682f7eb6fdb3b91b18d638b59330.
  l0rinc:
    Code review ACK c864a4c1940d682f7eb6fdb3b91b18d638b59330
  maflcko:
    re-ACK c864a4c1940d682f7eb6fdb3b91b18d638b59330 🌥

Tree-SHA512: d22372692ab86244e2b2caf4c5e9c9acbd9ba38df5411606b75e428474eabead152fc7ca1afe0bb0df6b818351211a70487e94b40a17b68db5aa757604a0ddf6

3fee0754a2

ci: add Valgrind fuzz e4b04630bc

Merge bitcoin/bitcoin#33670: test: Use unassigned p2p_port instead of hardcoded 60000 in p2p_i2p_ports.py

fa20275db32c5b9b0fe35effe2d1cf3d958e7310 test: Use unassigned p2p_port instead of hardcoded 60000 in p2p_i2p_ports.py (MarcoFalke)

Pull request description:

  The goal is to fix https://github.com/bitcoin/bitcoin/issues/30030.

  The root cause it unclear. However, hard-coding the port to 60000 does not seem ideal anyway. This could break in an unlikely setting where so many functional tests are run, such that the port is occupied. Also, it could fail when `TEST_RUNNER_PORT_MIN` is set sufficiently high. (This is purely theoretical, as I don't think anyone would run a command like this, but on current master it fails, and on this pull it passes: `TEST_RUNNER_PORT_MIN=60000 ./bld-cmake/test/functional/p2p_i2p_ports.py --portseed=0`)

  So fix those issues (and hopefully also 30030) by using an unoccupied p2p_port.

  The logic is similar to the `extra_port()` logic in the `feature_bind_extra.py` test.

ACKs for top commit:
  laanwj:
    Code review ACK fa20275db32c5b9b0fe35effe2d1cf3d958e7310
  mzumsande:
    ACK fa20275db32c5b9b0fe35effe2d1cf3d958e7310

Tree-SHA512: ac5487ca195db9ca746b78b8add91d0b9ef59cc3be0cdb7fbd9f76d42549eea68a61c32b4f5a162e01f3777959110f9f8d56ff05af6a13a9f61ea5be5b7d8631

c211d18322

Merge bitcoin/bitcoin#33570: randomenv: Fix MinGW dllimport warning for `environ`

9610b0d1e28aeda02a2ddcf1f0591ae577c3e88e randomenv: Fix MinGW dllimport warning for `environ` (Lőrinc)

Pull request description:

  Related to https://github.com/bitcoin/bitcoin/pull/33550#issuecomment-3378978210

  Extends 7703884 to guard environ declaration on all Windows builds, not just MSVC.

  In the `mingw-w64` headers (used by `llvm-mingw`), `environ` is defined as a macro which  expands through [`_environ`](https://github.com/msys2-contrib/mingw-w64/blob/cdb052f1d4056cd510cb83197b55868427b87476/mingw-w64-headers/crt/stdlib.h#L262-L264) to `(* __p__environ())`, a call to a `dllimport` function, causing the same inconsistent linkage warning as MSVC.

  Use `WIN32` instead of `_MSC_VER` to match the platform-specific guards already used throughout the file.

  The warning occurs with `llvm-mingw` (both `UCRT` and `MSVCRT` variants as tested by Hebasto), but not with the `mingw-w64` toolchain currently used in CI (as mentioned by fanquake).

  ----

  The error was reproduced by adding a temporary [nightly build](https://github.com/l0rinc/bitcoin-core-nightly/pull/4) pointing to https://github.com/l0rinc/bitcoin/pull/45. On `master` the failure can be seen in https://github.com/l0rinc/bitcoin-core-nightly/pull/2

  before:
  https://github.com/l0rinc/bitcoin-core-nightly/actions/runs/18327936488/job/52196728885?pr=2

  <details>
  <summary>Details</summary>

  ```
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/src/randomenv.cpp:61:15: warning: '__p__environ' redeclared without 'dllimport' attribute: previous 'dllimport' ignored [-Winconsistent-dllimport]
     61 | extern char** environ; // NOLINT(readability-redundant-declaration): Necessary on some platforms
        |               ^
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/llvm_mingw_toolchain/aarch64-w64-mingw32/include/stdlib.h:656:17: note: expanded from macro 'environ'
    656 | #define environ _environ
        |                 ^
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/llvm_mingw_toolchain/aarch64-w64-mingw32/include/stdlib.h:225:21: note: expanded from macro '_environ'
    225 | #define _environ (* __p__environ())
        |                     ^
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/llvm_mingw_toolchain/aarch64-w64-mingw32/include/stdlib.h:221:27: note: previous declaration is here
    221 |   _CRTIMP char ***__cdecl __p__environ(void);
        |                           ^
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/llvm_mingw_toolchain/aarch64-w64-mingw32/include/stdlib.h:221:3: note: previous attribute is here
    221 |   _CRTIMP char ***__cdecl __p__environ(void);
        |   ^
  /home/runner/work/bitcoin-core-nightly/bitcoin-core-nightly/llvm_mingw_toolchain/aarch64-w64-mingw32/include/_mingw.h:52:40: note: expanded from macro '_CRTIMP'
     52 | #      define _CRTIMP  __attribute__ ((__dllimport__))
        |                                        ^
  1 warning generated.
  ```

  </details>

  after:
  https://github.com/l0rinc/bitcoin-core-nightly/actions/runs/18329616268/job/52201940831?pr=4

  <details>
  <summary>Details</summary>

  ```
  [ 28%] Building CXX object src/util/CMakeFiles/bitcoin_util.dir/__/randomenv.cpp.obj
  ```

  </details>

  Note that there are some other remaining warnings in the logs that will be fixed in separate PRs

ACKs for top commit:
  sipa:
    utACK 9610b0d1e28aeda02a2ddcf1f0591ae577c3e88e if this makes the compilers happy
  laanwj:
    Code review ACK 9610b0d1e28aeda02a2ddcf1f0591ae577c3e88e
  hebasto:
    re-ACK 9610b0d1e28aeda02a2ddcf1f0591ae577c3e88e.

Tree-SHA512: a9e39d288b663ed24cbbbae228850e6f02d417d8781a3ac3d0b3db0b7ff734bbd62fddb9f57b8f77daab4e9c016ff66906ebc5fb2de7635ef539ef7f4dc2eaba

98c4994d0f

Merge bitcoin/bitcoin#33639: ci: Only write docker build images to Cirrus cache

fabe0e07de1ad2f26da62f3ebe0e9be3f939b1f8 ci: Only write docker build images to Cirrus cache (MarcoFalke)
fab64a5d6fd7d2c19f73342e11f33d50cddff512 ci: Move buildx command to python script (MarcoFalke)
fa72a2bd5c80d27d4875744dc01bec943e6b43f0 ci: Remove unused MAYBE_CPUSET (MarcoFalke)

Pull request description:

  The `DOCKER_BUILD_CACHE_ARG` env var holds the options on how to use cache providers. Storing the image layers is useful for the Cirrus cache provider, because it offers 10GB per runner (https://cirrus-runners.app/setup/#speeding-up-the-cache). The cached image layers can help to avoid issues when the upstream package manager infra (apt native, apt llvm, pip, apk, git clone, ...) has outages or network issues.

  However, on the GitHub Actions cache provider, a *total* cache of 10GB is offered for the whole repo. This cache must be shared with the depends cache, and the ccache, as well as the previous releases cache. So it is already full and trying to put the docker build layers into it will lead to an overflow.

  Fix it by only writing to the docker cache on Cirrus.

  Also, `DOCKER_BUILD_CACHE_ARG` requires a `shellcheck disable=SC2086` on the full build command. Fix that as well by using `shlex.split` from Python on just this variable.

ACKs for top commit:
  m3dwards:
    ACK fabe0e07de1ad2f26da62f3ebe0e9be3f939b1f8
  cedwies:
    reACK fabe0e0
  l0rinc:
    Code review ACK fabe0e07de1ad2f26da62f3ebe0e9be3f939b1f8
  willcl-ark:
    ACK fabe0e07de1ad2f26da62f3ebe0e9be3f939b1f8

Tree-SHA512: 4f471f080007fdd0c3bc97b0cfe0e9c0457e5029a7ccde1d784d30eb4752e5eb309cd4b122b182bce31f1b986c8a9f3e9a49da1768bedbb2b1f64f70183680ba

1569bcc387

Merge bitcoin/bitcoin#33461: ci: add Valgrind fuzz

e4b04630bcf59ea03c1373777a0167af699f92a4 ci: add Valgrind fuzz (fanquake)

Pull request description:

  Valgrind fuzz runtime?

ACKs for top commit:
  dergoegge:
    ACK e4b04630bcf59ea03c1373777a0167af699f92a4

Tree-SHA512: 0d62da6baf10fb59e3a32df8af72bd0f371e72a725fdea8dfd08f0242634b3c8bcdbf86ff8777ccada0570d13f20ebf8e21a2f935570f3463097b9d411e7b3ce

7d27af98c7

test: set number of RPC server threads to 2

The default `-rpcthreads` value spawns 16 HTTP server threads for each node.
Running the functional test suite with default `rpcthreads` can exhaust file
descriptors or hit other resource limits very easily.
Moreover, having 16 threads is unnecessary since they are mostly idle. We
run RPC calls on a single RPC connection and wait for it result synchronously.
There is (almost) never two RPC calls occurring concurrently.
Because of this, the threads are mostly idle, so we can safely limit the number
of them to two.

e9cd45e3d3

Merge bitcoin/bitcoin#33674: ci: Doc ASLR workaround for sanitizer tasks

fa0e36156cba535846ae2ecfaaa554d7f14fcdfd ci: Doc ASLR workaround for sanitizer tasks (MarcoFalke)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/issues/30674

ACKs for top commit:
  fanquake:
    ACK fa0e36156cba535846ae2ecfaaa554d7f14fcdfd

Tree-SHA512: 9811a35526c707a6b2438e4f15d1ea765c9ecf1786cb37cd23e3bc5d65a25623f276a74b4a70c24492126a87514845111741290fc3095206decf17ee2c52dd2a

11684c9ce2

Merge bitcoin/bitcoin#32266: depends: Avoid `warning: "_FORTIFY_SOURCE" redefined` for `libevent`

fe71a4b139f3a142468c2e931775813bc8f9d2ad depends: Avoid `warning: "_FORTIFY_SOURCE" redefined` for `libevent` (Hennadii Stepanov)

Pull request description:

  On Alpine Linux 3.12.3, compiling the `libevent` package produces multiple warnings:
  ```
  $ gmake -C depends -j $(nproc) libevent
  <snip>
  <command-line>: warning: "_FORTIFY_SOURCE" redefined
  <built-in>: note: this is the location of the previous definition
  <snip>
  ```

  This PR fixes these warnings.

ACKs for top commit:
  shahsb:
    ACK https://github.com/bitcoin/bitcoin/pull/32266/commits/fe71a4b139f3a142468c2e931775813bc8f9d2ad
  maflcko:
    lgtm ACK fe71a4b139f3a142468c2e931775813bc8f9d2ad
  theuni:
    utACK fe71a4b139f3a142468c2e931775813bc8f9d2ad

Tree-SHA512: 0a3ffb2a4cf811bce93addac8e5394cf6b3d79a46245cbdd8488771b9b51e56f66cd9222548138041e69183d52ad4b909d3d1441593f9d79d557d6c000fb324b

1c85d06232

Merge bitcoin/bitcoin#33679: test: set number of RPC server threads to 2

e9cd45e3d3c7592265ebf67387090b3df1501df4 test: set number of RPC server threads to 2 (furszy)

Pull request description:

  The default `-rpcthreads` value spawns 16 HTTP server threads for each node.
  Running the functional test suite with default `rpcthreads` can exhaust file
  descriptors or hit other resource limits very easily (more when tests are run
  in parallel).
  Furthermore, having 16 threads is unnecessary since they are mostly idle. We
  run RPC calls on a single RPC connection and wait for it result synchronously.
  There is (almost) never two RPC calls occurring concurrently.
  Because of this, the threads are mostly idle, so we can safely limit the number
  of them to two.

  Note for reviewers:
  I checked this does not introduce any timing regression but would be good
  to double-check it on your end too. We could add another thread if needed.
  Just the 16 threads default value is too high and unnecessary.

ACKs for top commit:
  maflcko:
    lgtm ACK e9cd45e3d3c7592265ebf67387090b3df1501df4
  l0rinc:
    ACK e9cd45e3d3c7592265ebf67387090b3df1501df4
  kevkevinpal:
    ACK [e9cd45e](https://github.com/bitcoin/bitcoin/pull/33679/commits/e9cd45e3d3c7592265ebf67387090b3df1501df4)
  andrewtoth:
    ACK e9cd45e3d3c7592265ebf67387090b3df1501df4

Tree-SHA512: a777286f4a890fb87f5df72cd2ccfdc628657206a4b3e995044e5a0d12987b8c78a7cf7d684cc4e92605aa782aaeebc44e9f754752c3a524152fac94fa30f4b5

d32f9525e4

Merge bitcoin/bitcoin#33566: miner: fix empty mempool case for waitNext()

8f7673257a1a86717c1d83770dc857fc254df107 miner: fix empty mempool case for waitNext() (Sjors Provoost)

Pull request description:

  Block template fees are calculated by looping over `new_tmpl->vTxFees` and return (early) once the `fee_threshold` is exceeded.

  This left an edge case when the mempool is empty, which this commit fixes and adds a test for.

  Also update `test/functional/interface_ipc.py` to reflect the new behavior,

  Fixes https://github.com/Sjors/sv2-tp/issues/9

ACKs for top commit:
  optout21:
    ACK 8f7673257a1a86717c1d83770dc857fc254df107
  cedwies:
    tACK 8f76732
  sipa:
    utACK 8f7673257a1a86717c1d83770dc857fc254df107
  zaidmstrr:
    Concept ACK [8f76732](https://github.com/bitcoin/bitcoin/pull/33566/commits/8f7673257a1a86717c1d83770dc857fc254df107)

Tree-SHA512: ef200fe95e96f810e425283bc37f945c4bf5efa16f4b74820b8a07968f30c5146bca213a372124be84b48beead5dfd35f2b5d10d188d0a465f847ebab61de10a

211bf6c975

Merge bitcoin/bitcoin#33600: refactor: Construct g_verify_flag_names on first use

faa9d10c84bc6b465cbca266468990cc716b4300 refactor: Construct g_verify_flag_names on first use (MarcoFalke)

Pull request description:

  The current usage of the `g_verify_flag_names` map seems fine and I can not see a static initialization order fiasco here.

  However, it seems brittle to hope this remains the case in the future. Also, it triggers a msan false-positive in the fuzz CI task. (C.f https://github.com/bitcoin-core/qa-assets/actions/runs/18352815555/job/52413137315?pr=241#step:7:5245)

  So just apply the "Construct on first use" idiom.

ACKs for top commit:
  kevkevinpal:
    ACK [faa9d10](https://github.com/bitcoin/bitcoin/pull/33600/commits/faa9d10c84bc6b465cbca266468990cc716b4300)
  ajtowns:
    ACK faa9d10c84bc6b465cbca266468990cc716b4300
  janb84:
    lgtm ACK faa9d10c84bc6b465cbca266468990cc716b4300
  stickies-v:
    ACK faa9d10c84bc6b465cbca266468990cc716b4300

Tree-SHA512: 6685dfc91c99a8245722e07fac99a7a6d58586c30964be7ccd74a176dfbf00c6255c8594621e2909640763924f51d3efd4ce65ed65eaeeb1d05c2fd01fe63604

99cb2054bd

Merge bitcoin/bitcoin#33172: test: p2p block malleability

d0e1bbad016cc4949094daea2934712f92dfeecd test: repeat block malleability test with relayable block over P2P (Musa Haruna)

Pull request description:

  This PR adds a functional test to repeat the existing malleability check for oversized coinbase witness nonce size using a block that is small enough to be relayed over the P2P network.

  This addresses the TODO in test_block_malleability by ensuring behavior is consistent between submitblock RPC and P2P relay.

ACKs for top commit:
  maflcko:
    lgtm ACK d0e1bbad016cc4949094daea2934712f92dfeecd
  janb84:
    re ACK d0e1bbad016cc4949094daea2934712f92dfeecd
  glozow:
    utACK d0e1bbad016cc4949094daea2934712f92dfeecd

Tree-SHA512: 05aec4fade5af8043f40274a8d2f3cf3f540acd038138975bdefbbbc81e105792d6d2588256a2ee5ddb1e05b37fe2d0b3d287160d2dbe86e1aac7cfa9cc02116

70a6fb5e5a

Merge bitcoin/bitcoin#32579: p2p: Correct unrealistic headerssync unit test behavior

cc5dda1de333cf7aa10e2237ee2c9221f705dbd9 headerssync: Make HeadersSyncState more flexible and move constants (Hodlinator)
8fd1c2893e6768223069d8b2fdec033b026cb2eb test(headerssync): Test returning of pow_validated_headers behavior (Hodlinator)
7b00643ef5f932116ee303af9984312b27c040f1 test(headerssync): headers_sync_chainwork test improvements (Hodlinator)
04eeb9578c60ce5661f285f6bde996569fafdcc3 doc(test): Improve comments (Hodlinator)
fe896f8faa7883f33169fe3e6dddb91feaca23e1 refactor(test): Store HeadersSyncState on the stack (Hodlinator)
f03686892a9c07e87e6dd12027d988fe188b1f9e refactor(test): Break up headers_sync_state (Hodlinator)
e984618d0b9946dc11f1087adf22a4cfbf9c1a77 refactor(headerssync): Process spans of headers (Hodlinator)
a4ac9915a95eb865779cf4627dd518d94c01032b refactor(headerssync): Extract test constants ahead of breakup into functions (Hodlinator)

Pull request description:

  ### Background

  As part of the release process we often run *contrib/devtools/headerssync-params.py* and increase the values of the constants `HEADER_COMMITMENT_PERIOD` and `REDOWNLOAD_BUFFER_SIZE` in *src/headerssync.cpp* as per *doc/release-process.md* (example: 11a2d3a63e90cdc1920ede3c67d52a9c72860e6b). This helps fine tune the memory consumption per `HeadersSyncState`-instance in the face of malicious peers.

  (The `REDOWNLOAD_BUFFER_SIZE`/`HEADER_COMMITMENT_PERIOD` ratio determines how many Headers Sync commitment bits must match between PRESYNC & REDOWNLOAD phases before we start permanently storing headers from a peer. For more details see comments in *src/headerssync.h* and *contrib/devtools/headerssync-params.py*).

  ### Problem: Not feeding back headers until completing sync

  During v30 release process #33274 made `REDOWNLOAD_BUFFER_SIZE` exceed the `target_blocks` constant used to control the length of chains generated for testing Headers Sync (`15000`, *headers_sync_chainwork_tests.cpp*).

  The `HeadersSyncState::m_redownloaded_headers`-buffer now does not reach the `REDOWNLOAD_BUFFER_SIZE`-threshold during those unit tests. As a consequence `HeadersSyncState::PopHeadersReadyForAcceptance()` will not start feeding back headers until the PoW threshold has been met. While this will not cause the unit test to start failing on master, it means we have gone from testing behavior that resembles mainnet (way more than `REDOWNLOAD_BUFFER_SIZE` headers to reach the PoW limit), to behavior that is not possible/expected there.

  ### Solution

  Avoid testing this unrealistic condition of completing Headers Sync before reaching `REDOWNLOAD_BUFFER_SIZE` by making tests able to define their own values through the new `HeadersSyncParams` instead of having them hard-coded for all chains & tests.

  ### Commits

  * First 6 commits refactor and improve the unit tests in order to clarify latter changes.
  * We then add checks for the behavior around the `REDOWNLOAD_BUFFER_SIZE` threshold.
  * The main change: we extract the section from *headerssync.cpp* containing the constants to *kernel/chainparams.cpp*, making `HeadersSyncState` no longer hard-coded to mainnet.

  ### Notes

  This PR used to be called "headerssync: Preempt unrealistic unit test behavior".

ACKs for top commit:
  l0rinc:
    reACK cc5dda1de333cf7aa10e2237ee2c9221f705dbd9
  marcofleon:
    code review ACK cc5dda1de333cf7aa10e2237ee2c9221f705dbd9
  danielabrozzoni:
    reACK cc5dda1de333cf7aa10e2237ee2c9221f705dbd9

Tree-SHA512: ccc824dcbbb8ad5ae98c3bf5808b38467aac0230739898a758c9b939eecd74f982df088fa0ba81cc1c1732f19a607b135a6e9577bb9fcf7f8570567ce92f66e6

161864a038

test: Update BIP324 test vectors

based on https://github.com/bitcoin/bips/pull/2016

51877f2fc5

Merge bitcoin/bitcoin#32588: util: Abort on failing CHECK_NONFATAL in debug builds

fa37153288ca420420636046ef6b8c4ba7e5a478 util: Abort on failing CHECK_NONFATAL in debug builds (MarcoFalke)
fa0dc4bdffb06b6f0c192fe1aa02b4dfdcdc6e15 test: Allow testing of check failures (MarcoFalke)
faeb58fe668662d8262c4cc7c54ad2af756dbe3b refactor: Set G_ABORT_ON_FAILED_ASSUME when G_FUZZING_BUILD (MarcoFalke)

Pull request description:

  A failing `CHECK_NONFATAL` will throw an exception. This is fine and even desired in production builds, because the program may catch the exception and give the user a way to easily report the bug upstream.

  However, in debug development builds, exceptions for internal bugs are problematic:

  * The exception could accidentally be caught and silently ignored
  * The exception does not include a full stacktrace, possibly making debugging harder

  Fix all issues by turning the exception into an abort in debug builds.

  This can be tested by reverting the hunks to `src/rpc/node.cpp` and `test/functional/rpc_misc.py` and then running the functional or fuzz tests.

ACKs for top commit:
  achow101:
    ACK fa37153288ca420420636046ef6b8c4ba7e5a478
  ryanofsky:
    Code review ACK fa37153288ca420420636046ef6b8c4ba7e5a478, just catching subprocess.CalledProcessError in test fixing up a comment since last review
  stickies-v:
    ACK fa37153288ca420420636046ef6b8c4ba7e5a478

Tree-SHA512: 2d892b838ccef6f9b25a066e7c2f6cd6f5acc94aad1d91fce62308983bd3f5c5d724897a76de4e3cc5c3678ddadc87e2ee8c87362965373526038e598dfb0101

af78d36512

Merge bitcoin/bitcoin#33666: ci: Drop libFuzzer from msan fuzz task

fa70e23de75baaf8c1ef6836ffe8ca73562c8937 ci: Drop libFuzzer from msan fuzz task (MarcoFalke)

Pull request description:

  libFuzzer is mostly unmaintained (https://llvm.org/docs/LibFuzzer.html#status), and it isn't really needed by the CI tasks. While it provides some additional stats like rss or the max input byte size, they are not essential. Dropping libFuzzer here would also drop the "60 seconds sanity check" for empty folders, but I think this is an acceptable price to pay to silence false-positives that were hit for years.

  Also, there seems to be a history of intermittent false-positive msan warnings (https://github.com/bitcoin/bitcoin/pull/33600#issuecomment-3391921802).

  It is unclear what exactly is causing the false-positives, so just disable libFuzzer in this task for now, to work around them.

ACKs for top commit:
  kevkevinpal:
    ACK [fa70e23](https://github.com/bitcoin/bitcoin/pull/33666/commits/fa70e23de75baaf8c1ef6836ffe8ca73562c8937)
  dergoegge:
    ACK fa70e23de75baaf8c1ef6836ffe8ca73562c8937

Tree-SHA512: c3e5958b8378ba30f51d923f97a84dec2ee60af8b9c2a4f13bc8de486a490031468371120e421384aa198ffec591db554e636935ab3c6d4de5e870238f5079f2

f6ba97cea1

Merge bitcoin/bitcoin#33252: p2p: add `DifferenceFormatter` fuzz target and invariant check

65a10fc3c52ea09a4794345bcf607dff908c783a p2p: add assertion for BlockTransactionsRequest indexes (frankomosh)
58be359f6b240528e4df23296dec65202f28a773 fuzz: add a target for DifferenceFormatter Class (frankomosh)

Pull request description:

  Adds a fuzz test for the [`DifferenceFormatter`](https://github.com/bitcoin/bitcoin/blob/e3f416dbf7633b2fb19c933e5508bd231cc7e9cf/src/blockencodings.h#L22-L42) (used in [`BlockTransactionsRequest`](https://github.com/bitcoin/bitcoin/blob/master/src/blockencodings.h#L44-L54), [BIP 152](https://github.com/bitcoin/bips/blob/master/bip-0152.mediawiki)). The DifferenceFormatter class implements differential encoding for compact block transactions (BIP 152). This PR ensures that its strictly-monotonic property is maintained. It complements the tests in [`blocktransactionsrequest_deserialize`](https://github.com/bitcoin/bitcoin/blob/9703b7e6d563ea58f83a6eca819562365404f4ab/src/test/fuzz/deserialize.cpp#L314).

  Additionally, there's an added invariant check after GETBLOCKTXN deserialization in `net_processing.cpp`.

ACKs for top commit:
  Crypt-iQ:
    tACK 65a10fc3c52ea09a4794345bcf607dff908c783a
  achow101:
    ACK 65a10fc3c52ea09a4794345bcf607dff908c783a
  dergoegge:
    Code review ACK 65a10fc3c52ea09a4794345bcf607dff908c783a

Tree-SHA512: 70659cf045e99bb5f753763c7ddac094cb2883c202c899276cbe616889afa053b2d5e831f99d6386d4d1e4118cd35fa0b14b54667853fe067f6efe2eb77b4097

00ad998d95

Merge bitcoin/bitcoin#32983: rpc: refactor: use string_view in Arg/MaybeArg

b63428ac9ce2c903670409b3e47b9f6730917ae8 rpc: refactor: use more (Maybe)Arg<std::string_view> (stickies-v)
037830ca0dbb6ede9f9d72691c756f4bae6c97e2 refactor: increase string_view usage (stickies-v)
b3bf18f0bac0ffe18206ee20642e11264ba0c99d rpc: refactor: use string_view in Arg/MaybeArg (stickies-v)

Pull request description:

  The `RPCHelpMan::{Arg,MaybeArg}` helpers avoid copying (potentially) large strings by returning them as `const std::string*` (`MaybeArg`) or `const std::string&` (`Arg`). For `MaybeArg`, this has the not-so-nice effect that users need to deal with raw pointers, potentially also requiring new functions (e.g. [`EnsureUniqueWalletName` ](https://github.com/bitcoin/bitcoin/pull/32845/commits/d127b25199118756122232d9aafff19f1922869b#diff-d8bfcfbdd5fa7d5c52d38c1fe5eeac9ce5c5a794cdfaf683585140fa70a32374R32)) with raw pointers being implemented.

  This PR aims to improve on this by returning a trivially copyable `std::string_view` (`Arg`) or `std::optional<std::string_view>` (`MaybeArg`), modernizing the interface without introducing any additional copying overhead. In doing so, it also generalizes whether we return by value or by pointer/reference using `std::is_trivially_copyable_v` instead of defining the types manually.

  In cases where functions currently take a `const std::string&` and it would be too much work / touching consensus logic to update them (`signmessage.cpp`), a `std::string` copy is made (which was already happening anyway).

  The last 2 commits increase usage of the `{Arg,MaybeArg}<std::string_view>` helpers, and could be dropped/pruned if anything turns out to be controversial - I just think it's a nice little cleanup.

ACKs for top commit:
  maflcko:
    re-ACK b63428ac9ce2c903670409b3e47b9f6730917ae8 🎉
  achow101:
    ACK b63428ac9ce2c903670409b3e47b9f6730917ae8
  pablomartin4btc:
    re-ACK [b63428a](https://github.com/bitcoin/bitcoin/commit/b63428ac9ce2c903670409b3e47b9f6730917ae8)
  w0xlt:
    reACK https://github.com/bitcoin/bitcoin/pull/32983/commits/b63428ac9ce2c903670409b3e47b9f6730917ae8

Tree-SHA512: b4942c353a1658c22a88d8c9b402c288ad35265a3b88aa2072b1f9b6d921cd073194ed4b00b807cb48ca440f47c87ef3d8e0dd1a5d814be58fc7743f26288277

c6c4edf324

Merge bitcoin/bitcoin#33336: log: print every script verification state change

45bd8914658a675d00aa9c83373d6903a8a9ece8 log: split assumevalid ancestry-failure-reason message (Lőrinc)
6c13a38ab51caf1fa7502f746e33bbf86153a541 log: separate script verification reasons (Lőrinc)
f2ea6f04e79b6646b9320a910694a22c5520977d refactor: untangle assumevalid decision branches (Lőrinc)
9bc298556cb02cfa1382bbaa9e5638006b403576 validation: log initial script verification state (Lőrinc)
4fad4e992c49a532e3a8928965f242cb311eeb29 test: add assumevalid scenarios scaffold (Lőrinc)
91ac64b0a66fc792eabd0a9bb5bb22459c852c6d log: reword `signature validations` to `script verification` in `assumevalid` log (Lőrinc)

Pull request description:

  ### Summary

  Users can encounter cases where script checks are unexpectedly enabled (e.g. after reindex, or when `assumevalid`/`minimumchainwork` gates fail). Without an explicit line, they must infer state from the absence of a message, which is incomplete and error-prone.
  The existing "Assuming ancestors of block …" line does not reliably indicate whether script checks are actually enabled, which makes debugging/benchmarking confusing.

  ### What this changes

  We make the initial **script-verification** state explicit and log **why** checks are enabled to avoid confusion.
  * Always log the first script-verification state on startup, **before** the first `UpdateTip`.
  * Flatten the nested `assumevalid` conditionals into a linear gating sequence for readability.
  * Extend the functional test to assert the old behavior with the new reason strings.

  This is a **logging-only** test change it shouldn't change any other behavior.

  ### Example output

  The state (with reason) is logged at startup and whenever the reason changes, e.g.:

  * `Disabling script verification at block #904336 (000000000000000000014106b2082b1a18aaf3091e8b337c6fed110db8c56620).`
  * `Enabling script verification at block #912527 (000000000000000000010bb6aa3ecabd7d41738463b6c6621776c2e40dbe738a): block too recent relative to best header.`
  * `Enabling script verification at block #912684 (00000000000000000001375cf7b90b2b86e559d05ed92ca764d376702ead3858): block height above assumevalid height.`

  ------

  Follow-up to https://github.com/bitcoin/bitcoin/pull/32975#discussion_r2329269037

ACKs for top commit:
  Eunovo:
    re-ACK https://github.com/bitcoin/bitcoin/pull/33336/commits/45bd8914658a675d00aa9c83373d6903a8a9ece8
  achow101:
    ACK 45bd8914658a675d00aa9c83373d6903a8a9ece8
  hodlinator:
    re-ACK 45bd8914658a675d00aa9c83373d6903a8a9ece8
  yuvicc:
    ACK 45bd8914658a675d00aa9c83373d6903a8a9ece8
  andrewtoth:
    ACK 45bd8914658a675d00aa9c83373d6903a8a9ece8
  ajtowns:
    ACK 45bd8914658a675d00aa9c83373d6903a8a9ece8

Tree-SHA512: 58328d7c418a6fe18f1c7fe1dd31955bb6fce8b928b0df693f6200807932eb5933146300af886a80a1d922228d93faf531145186dae55ad4ad1f691970732eca

0eb554728c

Merge bitcoin/bitcoin#33210: fuzz: enhance wallet_fees by mocking mempool stuff

5ded99a7f007b142f6b0ec89e0c71ef281b42684 fuzz: MockMempoolMinFee in wallet_fees (brunoerg)
c9a7a198d9e81e99de99a2aaff1687d13d6674e8 test: move MockMempoolMinFee to util/txmempool (brunoerg)
adf67eb21baf39a222b65480e45ae76f093e8f66 fuzz: create FeeEstimatorTestingSetup to set fee_estimator (brunoerg)
ff10a37e99271125a9ece92bae571f7b78fb9e22 fuzz: mock CBlockPolicyEstimator in wallet_fuzz (brunoerg)
f591c3becafcdd7c81722c647865a1f908b6469a fees: make estimateSmartFee/HighestTargetTracked virtual for mocking (brunoerg)
19273d0705fcd2fbde686bc3b5b2375f691e303d fuzz: set mempool options in wallet_fees (brunoerg)

Pull request description:

  Some functions in `wallet/fees.cpp` (fuzzed by the wallet_fees target) depends on some mempool stuff - e.g. relay current min fee, smart fee and max blocks estimation, relay dust fee and other ones. For better fuzzing of it, it would be great to have these values/interactions. That said, this PR enhances the `wallet_fees` target by:

  - Setting mempool options - `min_relay_feerate`,  `dust_relay_feerate` and `incremental_relay_feerate` - when creating the `CTxMemPool`.
  - Creates a `ConsumeMempoolMinFee` function which is used to have a mempool min fee (similar approach from `MockMempoolMinFee` from unit test).
  - Mock `CBlockPolicyEstimator` - estimateSmartFee/HighestTagretTracket functions, especifically. It's better to mock it then trying to interact to CBlockPolicyEstimator in order to have some effective values due to performance.

  Note that I created `FeeEstimatorTestingSetup` because we cannot set `m_node.fee_estimator` in `ChainTestingSetup` since fae8c73d9e4eba4603447bb52b6e3e760fbf15f8.

ACKs for top commit:
  maflcko:
    re-ACK 5ded99a7f007b142f6b0ec89e0c71ef281b42684 🎯
  ismaelsadeeq:
    Code review ACK 5ded99a7f007b142f6b0ec89e0c71ef281b42684

Tree-SHA512: 13d2af042098afd237ef349437021ea841069d93d4c3e3a32e1b562c027d00c727f375426709d34421092993398caf7ba8ff19077982cb6f470f8938a44e7754

1916c51cd8

Merge bitcoin/bitcoin#32813: clang-format: make formatting deterministic for different formatter versions

13f36c020f0329b5e975282b45292fdf2a495e31 clang-format: regenerate configs (Lőrinc)

Pull request description:

  Updates `.clang-format` file to reflect [latest supported Clang-Format standards](https://releases.llvm.org/16.0.0/tools/clang/docs/ClangFormatStyleOptions.html) while preserving most of the existing formatting behavior.

  Note that [`AfterStruct` brace placement](https://github.com/bitcoin/bitcoin/pull/32414#discussion_r2072678126) was originally aligned here with `AfterClass`, but was reverted by reviewer demand.

ACKs for top commit:
  maflcko:
    re-ACK 13f36c020f0329b5e975282b45292fdf2a495e31 🖼
  achow101:
    ACK 13f36c020f0329b5e975282b45292fdf2a495e31
  hodlinator:
    re-ACK 13f36c020f0329b5e975282b45292fdf2a495e31

Tree-SHA512: 02bd9d8a22a9af268297aeddd1f2b2cce079fddd0e1f764d6e9650bb614cb7bcfbd20b38d6e4e5db1744b3dd1ba540380010c085f2cbc0be8aa936f21d27d8de

f54ffb4bc1

Merge bitcoin/bitcoin#33688: test: Update BIP324 test vectors

51877f2fc5eb02b4229258b4b43731c4da843793 test: Update BIP324 test vectors (Tim Ruffing)

Pull request description:

  This updates the hardcoded test vectors from BIP324. The test vectors had to be regenerated (in the aux files of the BIP) because there was a bug in the script used for generating them (https://github.com/bitcoin/bips/pull/2016).

ACKs for top commit:
  jonatack:
    ACK 51877f2fc5eb02b4229258b4b43731c4da843793
  theStack:
    ACK 51877f2fc5eb02b4229258b4b43731c4da843793

Tree-SHA512: 59f4075e286067b11fce98667c860f3083b6cca8a2e49da8783ccdce8e32c34fd3e1943191d24dcf5bb68d8a2540726d99f7c29e8b0f104032ccb82423ca8d82

9bd9ec00b2

Merge bitcoin/bitcoin#29640: Fix tiebreak when loading blocks from disk (and add tests for comparing chain ties)

0465574c127907df9b764055a585e8281bae8d1d test: Fixes send_blocks_and_test docs (Sergi Delgado Segura)
09c95f21e71d196120e6c9d0b1d1923a4927408d test: Adds block tiebreak over restarts tests (Sergi Delgado Segura)
18524b072e6bdd590a9f6badd15d897b5ef5ce54 Make nSequenceId init value constants (Sergi Delgado Segura)
8b91883a23aac64a37d929eeae81325e221d177d Set the same best tip on restart if two candidates have the same work (Sergi Delgado Segura)
5370bed21e0b04feca6ec09738ecbe792095a338 test: add functional test for complex reorgs (Pieter Wuille)
ab145cb3b471d07a2e8ee79edde46ec67f47d580 Updates CBlockIndexWorkComparator outdated comment (Sergi Delgado Segura)

Pull request description:

  This PR grabs some interesting bits from https://github.com/bitcoin/bitcoin/pull/29284 and fixes some edge cases in how block tiebreaks are dealt with.

  ## Regarding #29284

  The main functionality from the PR was dropped given it was not an issue anymore, however, reviewers pointed out some comments were outdated https://github.com/bitcoin/bitcoin/pull/29284#discussion_r1522023578 (which to my understanding may have led to thinking that there was still an issue) it also added test coverage for the aforementioned case which was already passing on master and is useful to keep.

  ## New functionality

  While reviewing the superseded PR, it was noticed that blocks that are loaded from disk may face a similar issue (check https://github.com/bitcoin/bitcoin/pull/29284#issuecomment-1994317785 for more context).

  The issue comes from how tiebreaks for equal work blocks are handled: if two blocks have the same amount of work, the one that is activatable first wins, that is, the one for which we have all its data (and all of its ancestors'). The variable that keeps track of this, within `CBlockIndex` is `nSequenceId`, which is not persisted over restarts. This means that when a node is restarted, all blocks loaded from disk are defaulted the same `nSequenceId`: 0.
  Now, when trying to decide what chain is best on loading blocks from disk, the previous tiebreaker rule is not decisive anymore, so the `CBlockIndexWorkComparator` has to default to its last rule: whatever block is loaded first (has a smaller memory address).

  This means that if multiple same work tip candidates were available before restarting the node, it could be the case that the selected chain tip after restarting does not match the one before.

  Therefore, the way `nSequenceId` is initialized is changed to:

  - 0 for blocks that belong to the previously known best chain
  - 1 to all other blocks loaded from disk

ACKs for top commit:
  sipa:
    utACK 0465574c127907df9b764055a585e8281bae8d1d
  TheCharlatan:
    ACK 0465574c127907df9b764055a585e8281bae8d1d
  furszy:
    Tested ACK 0465574c127907df9b764055a585e8281bae8d1d.

Tree-SHA512: 161da814da03ce10c34d27d79a315460a9c98d019b85ee35bc5daa991ed3b6a2e69a829e421fc70d093a83cf7a2e403763041e594df39ed1991445e54c16532a

56e9703968

Merge bitcoin/bitcoin#32504: test: descriptor: cover invalid multi/multi_a cases

58e55b17e632dbd4425dd64825b087f242ac4b7b test: descriptor: cover invalid multi/multi_a cases (brunoerg)

Pull request description:

  This PR adds test coverage for invalid `multi()` and `multi_a()` cases, see:

  1. https://github.com/bitcoin/bitcoin/blob/53eb5593f0a1a8ae5cf0fabea58e2f22193a5c55/src/script/descriptor.cpp#L1819-L1821

  2.  https://github.com/bitcoin/bitcoin/blob/53eb5593f0a1a8ae5cf0fabea58e2f22193a5c55/src/script/descriptor.cpp#L1835-L1837

  3. https://github.com/bitcoin/bitcoin/blob/53eb5593f0a1a8ae5cf0fabea58e2f22193a5c55/src/script/descriptor.cpp#L1838-L1840

  We could also exercise to exceed the number of keys - 20 for `multi` and 999 for `multi_a`.

ACKs for top commit:
  maflcko:
    lgtm ACK 58e55b17e632dbd4425dd64825b087f242ac4b7b
  darosior:
    utACK 58e55b17e632dbd4425dd64825b087f242ac4b7b
  glozow:
    ACK 58e55b17e632dbd4425dd64825b087f242ac4b7b

Tree-SHA512: 0983e9c70e4bef13fa21b2e22e17c2e86eda0950f6271a42b24b91eef22c3277659a862a78bd511c9e14c92859070b3bf2968cfa24de0a1397de1f824946c757

5e1f626ac3

Merge bitcoin/bitcoin#31514: wallet: allow label for non-ranged external descriptor (if `internal=false`) & disallow label for ranged descriptors

664657ed134365588914c2cf6a3975ce368a4f49 bugfix: disallow label for ranged descriptors & allow external non-ranged descriptors to have label (scgbckbone)

Pull request description:

  Motivation:
  * ranged descriptors MUST not be able to have label (current impl allows it)
  * external non-ranged descriptor MUST be able to have label (current impl disallows it, **if** `internal=false` is provided via importdescriptor user data)

  Repro steps:
  * create blank wallet and import descriptors
  * external has `label=test` (not internal)
  ```
      conn = bitcoind.create_wallet(wallet_name=w_name, disable_private_keys=True, blank=True,
                                    passphrase=None, avoid_reuse=False, descriptors=True)
      descriptors = [
          {
              "timestamp": "now",
              "label": "test",
              "active": True,
              "desc": "wpkh([0f056943/84h/1h/0h]tpubDC7jGaaSE66Pn4dgtbAAstde4bCyhSUs4r3P8WhMVvPByvcRrzrwqSvpF9Ghx83Z1LfVugGRrSBko5UEKELCz9HoMv5qKmGq3fqnnbS5E9r/0/*)#erexmnep",
              "internal": False
          },
          {
              "desc": "wpkh([0f056943/84h/1h/0h]tpubDC7jGaaSE66Pn4dgtbAAstde4bCyhSUs4r3P8WhMVvPByvcRrzrwqSvpF9Ghx83Z1LfVugGRrSBko5UEKELCz9HoMv5qKmGq3fqnnbS5E9r/1/*)#ghu8xxfe",
              "active": True,
              "internal": True,
              "timestamp": "now"
          },
      ]
      r = conn.importdescriptors(descriptors)
      print(r)
  ```
  response:
  ```
  [{'error': {'code': -8,
              'message': 'Internal addresses should not have a label'},
    'success': False,
    'warnings': ['Range not given, using default keypool range']},
   {'success': True,
    'warnings': ['Range not given, using default keypool range']}]
  ```
  But in above, ONLY external has a label.

  If you remove `internal: False` from external descriptor import object - it will import no problem:
  ```
  [{'success': True,
    'warnings': ['Range not given, using default keypool range']},
   {'success': True,
    'warnings': ['Range not given, using default keypool range']}]

  ```
  Even tho it should NOT, as the descriptor is ranged. Current implementation relies on checking user provided data to decide whether desc is ranged.

ACKs for top commit:
  achow101:
    ACK 664657ed134365588914c2cf6a3975ce368a4f49
  rkrux:
    lgtm crACK 664657ed134365588914c2cf6a3975ce368a4f49

Tree-SHA512: 9e70aea620019c29950ba417d4ae38d65cd94a4f6fcabbc021d67b031de1c44c27d6f6f5cb7e6950a099eb6e58bed9be764d4c6347195daeccb14a5d95c123b2

80bb7012be

Delete .github/workflows/ci.yml 068b0c9fee

DrahtBot added the label Backport on Oct 28, 2025

DrahtBot commented at 1:53 am on October 28, 2025: contributor

♻️ Automatically closing for now based on heuristics. Please leave a comment, if this was erroneous. Generally, please focus on creating high-quality, original content that demonstrates a clear understanding of the project’s requirements and goals.

DrahtBot closed this on Oct 28, 2025

DrahtBot commented at 1:53 am on October 28, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33721.

Reviews

See the guideline for information on the review process. A summary of reviews will appear here.

bitcoin locked this on Oct 28, 2025

fanquake renamed this:
~~Patch 6~~
.
on Oct 28, 2025

fanquake removed the label Backport on Oct 28, 2025

DrahtBot added the label Backport on Oct 28, 2025

. #33721

Code Coverage & Benchmarks

Reviews