Update LevelDB tree to include #6917 (0.10) #6946

307f7d4 Report script evaluation failures in log and reject messages (Pieter Wuille)

b0210a9 Merge pull request #135
ee3eb4b Fix a memory leak and add a number of small tests.
4d879a3 Merge pull request #134
d5e8362 Merge pull request #127
7b92cf6 Merge pull request #132
0bf70a5 Merge pull request #133
29ae131 Make scalar_add_bit test's overflow detection exact
9048def Avoid undefined shift behaviour
efb7d4b Use constant-time conditional moves instead of byte slicing
d220062 Merge pull request #131
82f9254 Fix typo
601ca04 Merge pull request #129
35399e0 Bugfix: b is restricted, not r
c35ff1e Convert lambda splitter to pure scalar code.
cc604e9 Avoid division when decomposing scalars
ff8746d Add secp256k1_scalar_mul_shift_var
bd313f7 Merge pull request #119
276f987 Merge pull request #124
25d125e Merge pull request #126
24b3c65 Add a test case for ECDSA recomputing infinity
32600e5 Add a test for r >= order signature handling
4d4eeea Make secp256k1_fe_mul_inner use the r != property
be82e92 Require that r and b are different for field multiplication.
597128d Make num optional
659b554 Make constant initializers independent from num
0af5b47 Merge pull request #120
e2e8a36 Merge pull request #117
c76be9e Remove unused num functions
4285a98 Move lambda-splitting code to scalar.
f24041d Switch all EC/ECDSA logic from num to scalar
6794be6 Add scalar splitting functions
d1502eb Add secp256k1_scalar_inverse_var which delegates to GMP
b5c9ee7 Make test_point_times_order test meaningful again
0b73059 Switch wnaf splitting from num-based to scalar-based
1e6c77c Generalize secp256k1_scalar_get_bits
5213207 Add secp256k1_scalar_add_bit
3c0ae43 Merge pull request #122
6e05287 Do signature recovery/verification with 4 possible recid case
e3d692f Explain why no y=0 check is necessary for doubling
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point
666d3b5 Merge pull request #121
2a54f9b Correct typo in comment
9d64145 Merge pull request #114
99f0728 Fix secp256k1_num_set_bin handling of 0
d907ebc Add bounds checking to field element setters
bb2cd94 Merge pull request #116
665775b Don't split the g factor when not using endomorphism
9431d6b Merge pull request #115
e2274c5 build: osx: attempt to work with homebrew keg-only packages

git-subtree-dir: src/secp256k1
git-subtree-split: b0210a95da433e048a11d298efbcc14eb423c95f

12a49ca Limit the number of new addressses to accumulate (Pieter Wuille)

199627c [REST] adding basic documentation (Jonas Schnelli)

60d1ecd change nSubsidy's type from int64_t to CAmount (HarryWu)

8487790 bitcoin-tx: Add the "-txid" option. Also add the hex-encoded transaction to the JSON output as the "hex" property. (mruddy)

87bddb7 Squashed 'src/secp256k1/' changes from ad2028f..b0210a9 (Pieter Wuille)
ffe3291 Remove gmp dependency and doc mentions (Pieter Wuille)

35e408f Regard connection failures as attempt for addrman (Wladimir J. van der Laan)

8a20cd3 prioritisetransaction RPC: Restore compatibility with existing implementations by using satoshis for fee offset rather than BTC (Luke Dashjr)

afd4b94 Move CMerkleBlock and CPartialMerkleTree to their own file (Matt Corallo)

No return at the end of void function.

db0916b Fix missing python2 in rpc-tests (Matt Corallo)

Signed-off-by: Gavin Andresen <gavinandresen@gmail.com>

TLS is subject to downgrade attacks when SSLv3 is available, and
 SSLv3 has vulnerabilities.

The popular solution is to disable SSLv3. On the web this breaks
 some tiny number of very old clients. While Bitcoin RPC shouldn't
 be exposed to the open Internet, it also shouldn't be exposed to
 really old SSL implementations, so it shouldn't be a major issue
 for us to disable SSLv3.

There is more information on the downgrade attacks and disabling
 SSLv3 at https://disablessl3.com/ .

a26bf47 Add a new test for FormatParagraph (string longer than the default width). (Pavel Janík)
83b81f6 Format paragraphs properly - count the space between words. (Pavel Janík)

11d7a7d [RPC] add rpc-test for http keep-alive (persistent connections) (Jonas Schnelli)

683dc40 Disable SSLv3 (in favor of TLS) for the RPC client and server. (Gregory Maxwell)

- the function only returned true, so make it void
- add a comment about payment request network detection

- also rename current ones to match the new ones
- remove constant from guiconstant.h and add it to paymentserver.cpp

- current code only does this for payment request files, which are
  used on Mac
- also rename readPaymentRequest to readPaymentRequestFromFile, so it's
  obvious that function only handles payment request files and not URIs
- small logging changes in readPaymentRequestFromFile

- this test required to make readPaymentRequestFromFile() public in order
  to be able to is it in paymentservertests.cpp

This still leaves transactions in mempool that are potentially
invalid if the maturity period has been reorged out of, but at
least they're not missing inputs entirely.

65b0328 newlines in strings are invalid JSON (Ryan X. Charles)

5ec654b [Qt] update paymentserver license and cleanup ordering (Philip Kaufmann)
4333e26 [Qt] add BIP70 DoS protection test (Philip Kaufmann)
31f8494 [Qt] add BIP70 payment request size DoS protection for URIs (Philip Kaufmann)
2284ccb [Qt] remove dup lock that is done in SetAddressBook() (Philip Kaufmann)
1ec753f [Qt] ensure socket is set to NULL in PaymentServer::ipcSendCommandLine (Philip Kaufmann)
814429d [Qt] add BIP70/BIP71 constants for all messages and mime types (Philip Kaufmann)
b82695b [Qt] make PaymentServer::ipcParseCommandLine void (Philip Kaufmann)

1577df9 Port of walletbackup.sh to Python. (mrbandrews)

6e6a36c contrib: show pull # in prompt for github-merge script (Wladimir J. van der Laan)

- rest block request returns full unfolded tx details
- /rest/block/notxdetails/<HASH> returns block where transactions are only represented by its hash

4c69ebe Add /opt/local/include/db48 only if it exists. (Pavel Janík)

4be639e Use RPC_INVALID_PARAMETER instead of RPC_WALLET_ERROR for invalid amount. No return at the end of void function. (Pavel Janík)
b93173d Move SendMoney() to rpcwallet.cpp. (Pavel Janík)

932ef50 [REST] JSON output: remove block infos from tx details if it is nested in block (Jonas Schnelli)
cae5486 [REST] added /rest/block/notxdetails/<hash> into REST-interface.md documentation (Jonas Schnelli)
73351c3 [REST] /rest/block response with full tx details (Jonas Schnelli)

34318d7 RPC-test based on invalidateblock for mempool coinbase spends (Gavin Andresen)
7fd6219 Make CTxMemPool::remove more effecient by avoiding recursion (Matt Corallo)
b7b4318 Make CTxMemPool::check more thourough by using CheckInputs (Matt Corallo)
723d12c Remove txn which are invalidated by coinbase maturity during reorg (Matt Corallo)
868d041 Remove coinbase-dependant transactions during reorg. (Matt Corallo)

Github-Pull: #5465
Rebased-From: 422f873ef3d62f7dff9c00dc0f221912ce28f130 d546191dc28fac0e365c8f2aba47ac69a8920d6c d7db4b6317fd9c79bd6fd7c7455d7186b306411f e27d7cb24835c6ce16c12eb758c2d75806103c4a

Github-Pull: #5461
Rebased-From: aa768f1848b00e0fd615016598d3fb1f1da240ed

Rebased-From: 164a45f57a8a7367e67a5e65b9e938844730cd87
Github-Pull: #5471

Bump version but keep CLIENT_VERSION_IS_RELEASE at false as this is not
a release yet.

Rebased-From: 84857e87e42e412336ea60d0f8544c1679bab827
Github-Pull: #5437

Previously transactions were only tested again the
STANDARD_SCRIPT_VERIFY_FLAGS prior to mempool acceptance, so any bugs in
those flags that allowed actually-invalid transactions to pass would
result in allowing invalid transactions into the mempool. Fortunately
there is a second check in CreateNewBlock() that would prevent those
transactions from being mined, resulting in an invalid block, however
this could still be exploited as a DoS attack.

Rebased-From: 7c041b3b91aa08a8f5863382b865a5174281ad03

Rebased-From: 4bc95c43871645c1d69a0d719c13b38151a3a13f

Rebased-From: 34970223472c9e83689a1c710eebc7c16f152b02
Github-Pull: #5459

Previously the minRelayTxFee was only enforced on user specified values.

It was possible for smartfee to produce a fee below minRelayTxFee which
 would just result in the transaction getting stuck because it can't be
 relayed.

This also introduces a maxtxfee option which sets an absolute maximum
 for any fee created by the wallet, with an intention of increasing
 user confidence that the automatic fees won't burn them. This was
 frequently a concern even before smartfees.

If the configured fee policy won't even allow the wallet to meet the relay
 fee the transaction creation may be aborted.

Rebased-From: aa279d613152e87ea25edfdf76c86779c0632f18
Github-Pull: #5485

'Sane' was already defined by this code as:
 fee.GetFeePerK() > minRelayFee.GetFeePerK() * 10000
 But sanity was only enforced for data loaded from disk.

Note that this is a pretty expansive definition of 'sane': A 10 BTC
 fee is still passes the test if its on a 100kb transaction.

This prevents a single insane fee on the network from making us reject
 our stored fee data at start.  We still may reject valid saved fee
 state if minRelayFee is changed between executions.

This also reduces the risk and limits the damage from a cascading
 failure where one party pays a bunch of insane fees which cases
 others to pay insane fees.

Rebased-From: 64849306905e625fd44d297e8d58c3e1dd98cb90
Github-Pull: #5481

Don't allow immediate inv driven block downloads if
a peer already has MAX_BLOCKS_IN_TRANSIT_PER_PEER
active downloads.  Prevents bogus inv spam from
blowing up block transfer tracking data structures.

Rebased-From: c90770430d7c1eb7ece2d4ddb987b0f2210fd86f
Github-Pull: #5507

Github-Pull: #5512
Rebased-From: dd14a0e799b6552ae85aaab2b0b48f788c578aea

Previously an empty script wouldn't be hashed, and CScriptID would be
assigned the incorrect value of 0 instead. This bug can be seen in the
RPC decodescript command:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "31h1vYVSYuKP6AhS86fbRdMw9XHieotbST"
    }

Correct output:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy"
    }

Rebased-From: d78f0dafd520f481f909cca7e361a4e482cbea72
Github-Pull: #5541

Rebased-From: 566c6cb8a2a277d9c5e4897ad02c5bb15786523c
Github-Pull: #5536

Rebased-From: a15dba5dff1229b67ff44bf16ff14063e885f376
Github-Pull: #5533

Rebased-From: f9c571aad8261eb9a5cab9dce5b490bd253c5fe1
Github-Pull: #5565

Rebased-From: 06206bb3b78067f1f433dde8062c8ab01aaf43eb
Github-Pull: 5571

I'm not comfortable with retaining this entry.

Rebased-From: a094b3d9732aaca362e883655319852e4ce9a174
Github-Pull: #5545

Besides giving a nicer error, this also prevents logging arbitrary data (which could have been used to exploit log readers) into debug.log

Rebased-From: 7f718139191d67da29c5d856d29e035bbc51e659
Github-Pull: #5499

- Avoid ambiguous language regarding when transactions confirm
- Elaborate on downgrading warning
- Other minor language improvements
- Clarify watch-only behaviour

Github-Pull: #5534

The normative place for these for the entire project is COPYING,
and the main README already has a MIT license section.

Rebased-From: e6df2bb48f4bff7a2dec4aa226102b0cf2cd828b

There is still a redundancy here between configure.ac and
clientversion.h.

Rebased-From: edbc9045cb21020d0cc19d226f55ee169e2ffb92

Broken hash logic caused all depends on some platforms (osx at least) to end up
with the same build-id. Without this fix, nothing will be rebuilt when recipes
or dependencies change.

Rebased-From: d57b303e1e5b3fc31da0769b14b01fdcc19b1f7a
Github-Pull: #5586

Rebased-From: 643415aade0dae528098df2d822288ba0c5f6ce2
Github-Pull: #5583

Rebased-From: e64e084e95ca85b038c7f65ad0824d14d03bc044
Github-Pull: #5581

Rebased-From: 0d50c2fd81ee7239570954e6eacb3dbbfe3bb5fe
Github-Pull: #5569

With the splashscreen being able to be closed it is possible to
shutdown during the lengthy verifyDB method. (Takes about a minute
on my machine). This change allows us to shutdown much sooner.

Github-Pull: #5557
Rebased-From: 70477a0bdf6eb6d123ce256f064bbd3bc356c82a

4a3d3e2 Fix typo in release notes (Peter Todd)

Rebased-From: be22b3da1df15757ef15e4c4963507bcdff6a872
Github-Pull: #5532

Github-Pull: #5528
Rebased-From: 2a3d988b802dcea4453241e37168d8511078940a a089c50981e822014ffc18e8a37b3518feb52206 2c14d1532fe66a243cdbfb7de48b298213305765

Rebased-From: 1c52aad540ec1370db60fd68fc3485413e3cb8e1
Github-Pull: #5535

Otherwise, if CCoinsViewCache::ModifyCoins throws an exception in between
setting hasModifier and constructing the CCoinsModifier, the cache ends up
in an inconsistent state, resulting in an assert failure in the next
modification.

Bug discovered by Wladimir J. van der Laan.

Rebased-From: 1c52aad540ec1370db60fd68fc3485413e3cb8e1
Github-Pull: #5597

Rebased-From: e41345790f1041f5c5e5605d73a0af174769aa55
Github-Pull: #5597

2ecd294 Bugfix: configure: Correctly detect "nothing to build" condition (Luke Dashjr)
b7a4ecc Bugfix: Only check for boost when building code that requires it (Luke Dashjr)
a19eeac Bugfix: configure: Check for openssl/ec.h (Luke Dashjr)
fe925e2 Use EXTRA_LIBRARIES instead of noinst_LIBRARIES so we can avoid building unused code (Cory Fields)

Github-Pull: #5575
Rebased-From: 1eb1e65f092dc2b6e1067d2018440fbbd997fa5c

If these are going to fail in bitcoind, they should fail in the tests as well.

Github-Pull: #5604
Rebased-From: d58c5d6f21fd2421bc8cbb224849e8c38b617775

New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.

Github-Pull: #5634
Rebased-From: 488ed32f2ada1d1dd108fc245d025c4d5f252783

Github-Pull: #5634
Rebased-From: dad7764a9dedb1143b6ea8bfd37f71f7ff72f518

Github-Pull: #5634
Rebased-From: 8dccba6a45db0466370726ed462b9da2eae43bce

Add some defensive programming on top of #5634.

This copies the respective OpenSSL code in ECDSA_verify in
OpenSSL pre-1.0.1k (e.g. https://github.com/openssl/openssl/blob/OpenSSL_1_0_1j/crypto/ecdsa/ecs_vrf.c#L89)
more closely.

As reported by @sergiodemianlerner.

Github-Pull: #5640
Rebased-From: c6b7b29f232c651f898eeffb93f36c8f537c56d2

This will disconnect peers that do not transfer a block in 10 minutes, plus
5 minutes for every previously queued block with validated headers
(accomodating downstream bandwidth down to a few kilobytes per second - below
that the node would have trouble staying synchronized anyway).

Github-Pull: #5608
Rebased-From: 916130348ca803d762db912307b247f60f9aacd6

Github-Pull: #5619
Rebased-From: 13cdce4336818d0f6cefe6b3e61c45762d97d7c6

Also add 0.9.4's release notes to the archive.
Added commits based on
http://sourceforge.net/p/bitcoin/mailman/message/33225960/
[skip ci]

af35bdc Update 0.10 release notes as of 0.10.0rc2 (Micha)

It turns out that some miners have been staying with old versions of
 Bitcoin Core because their software  behaves poorly with persistent
 connections and the Bitcoin Core thread and connection limits.

What happens is that underlying  HTTP libraries leave connections open
 invisibly to their users and then the user runs into the default four
 thread limit.  This looks like Bitcoin Core is unresponsive to RPC.

There are many things that should be improved in Bitcoin Core's behavior
 here, e.g. supporting more concurrent connections, not tying up threads
 for idle connections, disconnecting kept-alive  connections when limits
 are reached, etc. All are fairly big, risky changes.

Disabling keep-alive is a simple workaround. It's often not easy to turn
 off the keep-alive support in the client where it may be buried in some
 platform library.

If you are one of the few who really needs persistent connections you
 probably know that you want them and can find a switch; while if you
 don't and the misbehavior is hitting you it is hard to discover the
 source of your problems is keepalive related.  Given that it is best
 to default to off until they're handled better.

Github-Merge: #5655
Rebased-From: 16a5c18cea7330bd68dc9d2f768eb518af88795b 56c1093dae0c523f9f643f00c67414691272a983 1dd8ee72afc26191da51d8d3a5590eab7c9368f6

This avoids a regression for issues like #334 where high speed
 repeated connections eventually run the HTTP client out of
 sockets because all of theirs end up in time_wait.

Maybe the trade-off here is suboptimal, but if both choices will
 fail then we prefer fewer changes until the root cause is solved.

Rebased-From: 1a25a7edf82706c3152e2d978d320ec465a34de1 7d2cb485116636595250fce4ea4eab16a877479b
Github-Pull: #5674

- qt: avoid hard-coding font names

They may not contain all necessary characters for a language

- qt: fix broken unicode chars on osx 10.10

The default font changed again.

The real fix is to compile qt against a >= 10.8 sdk, but this is simple enough
to backport to 0.10 to avoid having to do that there.

Note: NSAppKitVersionNumber is a double and there's no official value for
NSAppKitVersionNumber10_10. Since == isn't reliable for doubles, use Apple's
guidelines for testing versions here:
https://developer.apple.com/library/mac/releasenotes/AppKit/RN-AppKit/

Chinese and Japanese fonts have been hard-coded as well, otherwise they fail to
show up at all.

- qt: fonts: allow SubstituteFonts to filter based on user's language

SubstituteFonts() has been moved to after app identification so that QSettings
are accessible.

Github-Pull: #5671
Rebased-From: 73cd4edb4f1ff98c20549a609e96fa40834f5e73 52954e6efd373c14736237c4c79769bf00f5dfb8 f5ad78b34af8f50e12fab63b331768b96ec2c779

Just like https://github.com/novacoin-project/novacoin/commit/baf80c26a2e7f1ba6061d63d174eff0a09111e6f

Github-Pull: #5700
Rebased-From: 944c256741b260bd8b758be4a0543af1cb080943

Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.

Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.

Rebased-From: 2fa9a8ec86033b809a1c48f0396c3482c0d5d33c
Github-Pull: #5627

Rebased-From: ff09e31a51dcee404c9c037c7c5f50c522e67ea8
Github-Pull: #5243

Github-Pull: #5720
Rebased-From: 55eade9d46ebfa4b32b79893595d91d529fa30bb

- before it was possible to use the steps to change e.g. amouns of
  authenticated or unauthenticated payment requests (AmountSpinBox is
  already set to read-only here) - this is now fixed
- also move the reimplemented stepEnabled() function to the
  protected section of our class, where it belongs (see Qt doc)

Github-Pull: #5637
Rebased-From: 0fd9e2bf43d217d9a76003476661c8ab53606548

fd7350d doc/release-notes.md: Add summary of mining enhancements (Luke Dashjr)

Conflicts:
	src/main.cpp
	src/script/bitcoinconsensus.cpp

Rebased-From: 858809a33e4f690c4ad213f44a6c4465fc2ef025
Github-Pull: #5719

Rebased-From: 9fddceda44fb5592be179d783f0e5ac616c51c0d
Github-Pull: #5719

Make this projection of priority in 1 block match the calculation in the low priority reject code.

Rebased-From: 2d9b0b7f03a268e557c6dce1dfa29401b5c9178b
Github-Pull: #5675

3916a81 Increase coverage of DERSIG edge cases (Pieter Wuille)
6da2028 Add RPC test for DERSIG BIP switchover logic (Pieter Wuille)
773c30d BIP66 changeover logic (Pieter Wuille)
18695f0 Example unit tests from BIP66 (Pieter Wuille)
abfbeaf Change IsDERSignature to BIP66 implementation (Pieter Wuille)

This harmonizes the block fetch timeout with the existing ping timeout
 and eliminates a guaranteed eventual failure from congestion collapse
 for a network operating right at its limit.

It's unlikely that we wouldn't suffer other failures if we were really
 anywhere near the network's limit, and a complete avoidance of congestion
 collapse risk requires (I think) an exponential back-off. So this isn't
 a major concern, but I think it's also useful for reducing the complexity
 of understanding out timeouts.

Github-Pull: #5647
Rebased-From: 3ff735c99ae75c21397079f49859b81e89a2f5f8

Add comment about free transactions no longer being the default
Inform about the relay policy change

63efb36 Modify release-notes for changes related to free tranactions (Alex Morcos)

Conflicts:
	doc/release-notes.md

Rebased-From: 04ca082dd9c1d4221af65d945a66b87e66058f92
Github-Pull: #5757

7b6c847 doc/release-notes.md: Explain affect of BIP66 on miners (Luke Dashjr)

Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.

Rebased-From: 0c6ab676ee7d2071d48775d81116c86dacc6abf6
Github-Pull: #5790

Rebased-From: e5d9d77df2de715d24638e3bab78750b7ad3e1fd
Github-Pull: #5706

This fixes a potential race condition in the CCheckQueueControl constructor,
which was looking directly at data in CCheckQueue without acquiring its lock.

Remove the now-unnecessary friendship for CCheckQueueControl

Rebased-From: cf008ac8c3c5d582562d88ad89020daef3e64dcb
Github-Pull: #5721

Normally bitcoin core does not display any network originated strings without
 sanitizing or hex encoding.  This wasn't done for strcommand in many places.

This could be used to play havoc with a terminal displaying the logs,
 especially with printtoconsole in use.

Thanks to Evil-Knievel for reporting this issue.

Conflicts:
	src/main.cpp

With headers-first we can compare against the best header timestamp, rather
than using checkpoints which require code updates to maintain.

Rebased-From: 85da07a5a001a563488382435202b74a3e3e964a
Github-Pull: #5820

- fixes #5800

Conflicts:
	src/qt/bitcoingui.cpp

Rebased-From: 9bbb880be44dbc378bdd3210eed42eaa77efb774
Github-Pull: #5858

This introduces a fixed limit for the size of p2p messages, and enforces it
before download.

Rebased-From: ba04c4a7801e7d68a5e84035b919e5c3626eb7a7
Github-Pull: #5843

The only time when a client sends a "getaddr" message is when he
esatblishes an Outbound connection (see ProcessMessage() in
src/main.cpp).  Another bitcoin client is expected to receive a
"getaddr" message only on Inbound connection. Ignoring "gettaddr"
requests on Outbound connections can resolve potential privacy issues
(and as was said such request normally do not happen anyway).

Rebased-From: dca799e1db6e319fdd47e0bfdb038eab0efabb85
Github-Pull: #5442

When re-indexing, there are a few cases where garbage data may be skipped in
the block files. In these cases, the indices are correctly written to the index
db, however the pointer to the next position for writing in the current block
file is calculated by adding the sizes of the valid blocks found.

As a result, when the re-index is finished, the index db is correct for all
existing blocks, but the next block will be written to an incorrect offset,
likely overwriting existing blocks.

Rather than using the sum of all valid blocks to determine the next write
position, use the end of the last block written to the file. Don't assume that
the current block is the last one in the file, since they may be read
out-of-order.

Rebased-From: bb6acff07982dda68b5c2ac81c99dbd7255bb9cc
Github-Pull: #5864

Rebased-From: a9af415887f03cb2565895bc55be72748549e527
Github-Pull: #5879

Rebased-From: 88f6c8c3657cba81c65da34a7161c860c8a23c5f
Github-Pull: #5879

fixes #5878

Rebased-From: 89e70e931d3d320d2dae4c296601aab113b2e508
Github-Pull: #5880

Rebased-From: 8b60808c1eaddb402a699ba53d865932e08109ec
Github-Pull: #5880

Suggested by Jonas Nick.

Rebased-From: 9c2737901b5203f267d21d728019d64b46f1d9f3
Github-Pull: #5860

strnlen is available at build-time but not at runtime, causing a crash.

0.11 drops support for 10.6, so this is not needed in master.

8752b5c 0.10 fix for crashes on OSX 10.6 (Cory Fields)

The path locale is lazy initialized and to avoid deinitialization errors
in multithreading environments, it is set explicitly by the main thread.

Conflicts:
	src/util.cpp
Rebased-From: 317e66c741aef0fd272e50aa2e82ff192ca5f7e5
Github-Pull: #5877

Rebased-From: cd3d67cf3b0d573d2c387c2ec35e8b52129863d9
Github-Pull: #5890

Rebased-From: fc720207e0e513e531b1f266b966a2ffa57b936a
Github-Pull: #5942

This adds a -checkblockindex (defaulting to true for regtest), which occasionally
does a full consistency check for mapBlockIndex, setBlockIndexCandidates, chainActive, and
mapBlocksUnlinked.

Conflicts:
	src/addrman.cpp

Rebased-From: b23add5521e4207085d41a0266617e94435fc22e
Github-Pull: #5941

Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.

This prevents attackers from having an advantages by inserting an
address multiple times.

This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.

It is also more efficient.

Conflicts:
	src/addrman.cpp
	src/addrman.h

Rebased-From: e6b343d880f50d52390c5af8623afa15fcbc65a2
Github-Pull: #5941

Conflicts:
	src/addrman.cpp

Rebased-From: a8ff7c62edc63c7c94bc91c30b80995539ed7477
Github-Pull: #5941

This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.

Rebased-From: 68ba3f67bd500a64fb8932c6b41924ddc31d76f
Github-Pull: #5941

This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.

Rebased-From: c6a63ceeb4956933588995bcf01dc3095aaeb1fc
Github-Pull: #5941

This change was suggested as Countermeasure 6 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.

Rebased-From: 1d21ba2f5ecbf03086d0b65c4c4c80a39a94c2ee
Github-Pull: #5941

a1f425b Add a consistency check for the block chain data structures (Pieter Wuille)

This is a port of #5900 to 0.10.

Github-Pull: #5900

Rebased-From: 15facb4aca75122b6ae0dcc6f6e112127e6a0e59

To give the torrents (which use web seeds) better names, we updated the
URL scheme on bitcoin.org/bin. This updates the release notes and
release doc accordingly, plus updates some other details based on recent
changes to the site.

[skip ci]

bf1cc80 Docs: Use new Bitcoin.org download URLs (David A. Harding)

For discovering the vulnerability and discussing the fix that led to PR #5860.

This fixes a subtle bug involving block re-orgs and non-standard transactions.

Start with a block containing a non-standard transaction, and
one or more transactions spending it in the memory pool.

Then re-org away from that block to another chain that does
not contain the non-standard transaction.

Result before this fix: the dependent transactions get stuck
in the mempool without their parent, putting the mempool
in an inconsistent state.

Tested with a new unit test (adapted for 0.10).

Rebased-From: ad9e86dca11dce023d827d342e966f3806c39d27
Github-Pull: #5945

Rebased-From: eb63bf86cf6dc99f150574463df6ffb013a34493
Github-Pull: #6007

Some tests in CheckBlockIndex require chainActive.Tip(), but when reindexing, chainActive has not been set on the first call to CheckBlockIndex.

reindex.py starts a node, mines 3 blocks, stops, and reindexes with CheckBlockIndex enabled.

Rebased-From: 0421c18f3a261f04e83a03f59884e5798af74fd9
Github-Pull: #6012

The scope of `std::locale::global` appears to be smaller than `setenv("LC_ALL", ...)` and insufficient to fix messed up locale settings for the whole application.

The environment is prepared by the main thread to guard against invalid locale settings and to prevent deinitialization issues of Boost path, which can result in app crashes.

The environment is prepared by the main thread to guard against invalid locale settings.

323de27 Initialization: setup environment before starting QT tests (dexX7)
7494e09 Initialization: setup environment before starting tests (dexX7)
df45564 Initialization: set fallback locale as environment variable (dexX7)

Also adds a test to CheckBlockIndex

Conflicts:
	src/main.cpp

Rebased-From: c1ecee8f723c2635fbd51100fa09acdb0cbec8a0
Github-Pull: #6010

On hosts that had spent some time with a failed internet connection their
 nAttempts penalty was going through the roof (e.g. thousands for all peers)
 and as a result the connect search was pegging the CPU and failing to get
 more than a 4 connections after days of running (because it was taking so
 long per try).

Rebased-From: a784f90c9892f06b9fea4e7579f5eca3585482c3
Github-Pull: #6029

Backport from master

824c011 wallet: fix boost::get usage with boost 1.58 (Cory Fields)

fixes https://github.com/bitcoin/bitcoin/issues/6078

Github-Pull: #6093
Rebased-From: b3ffcdf91608d4435acfb9b0a6266a4073ffaf7f 3da78490073b04f52f0136e17b07246cc37bedf1

When the internal miner is enabled at the start of a new node, there
 is an near instant assert in TestBlockValidity because its attempting
 to mine a block before the top checkpoint.

Also avoids a data race around vNodes.

Github-Pull: #6123
Rebased-From: bba7c249296a9a2f444e1035fef8f8b593ba2aaf

Simplify the code by using CAddress.ip directly, instead of the reversed
GetByte() semantics.

Rebased-From: 19e8d7be42039724b4893515ec6457d0187024a9
Github-Pull: #6186

Fix two CSubNet constructor problems:

- The use of `/x` where 8 does not divide x was broken, due to a
  bit-order issue

- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
  are not 0 was broken. Fix this by explicitly normalizing the netwok
  according to the bitmask.

Also add tests for these cases.

Fixes #6179. Thanks to @jonasschnelli for reporting and initial fix.

Rebased-From: b45c50ce511dbf541ea086ae40a3ad16ff06de0c
Github-Pull: #6186

To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.

Fixes #2927.

Conflicts:
	src/init.cpp

Rebased-From: 8c35b6f3be218101630101806300cfd75be23f58
Github-Pull: #6153

Github-Pull: #6203
Rebased-From: d449772cf69c01932fc5d72c46054815d6300b3c

Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).

The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.

Also adds tests for the new behavior.

Github-Pull: #6226
Rebased-From: 4e157fc60dae5ca69933ea4c1585a2a078b4d957

Rebased-From: a5a81f7354b3aa3e797d973a7e6840f0e50e6533
Github-Pull: #6244

Chance "getbalance *" not to use IsTrusted.  The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.

Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.

Github-Pull: #6276
Rebased-From: 7d6a85ab5b1dc96e0f3f6f835f27bb81ba2af919
Rebased-By: @trasher-

Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.

This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.

I intend to add this to the GUI options in another pull after this.

Conflicts:
	src/init.cpp
	src/main.cpp

Github-Pull: #6274
Rebased-From: 02a6702a82a5b00e0e0351041dd3267308b7f319

Move from sourceforge to linux foundation.

Also get rid of some other stale mentions of sourceforge.

Github-Pull: #6319
Rebased-From: 88d8525ca2ff2afc171cd0f625a098371f3a6af5

Rebased-From: d4b1d5a8baf18e4c8d62846360c0c1c0c9331d70
Github-Pull: #6438

Conflicts:
	doc/gitian-building.md

Github-Pull: #6439
Rebased-From: 09d4ddf1c5841b757c2676d508a68baa2dbdc4c7

Conflicts:
	src/net.cpp

Github-Pull: #6412
Rebased-From: d422f9b1fdb42a51aadaa1bbc157542dca2feb17

SOCKET are defined as unsigned integers, thus always >=0.

Rebased-From: 89289d875da108c42ca013f33597eda46cb6eb53

This is pretty trivial, but if there's an error here we'll leak a file
descriptor. Changed it to always close the file.

Checking libcrypto for a function after we've already found a (possibly
different) libcrypto is not what we want to do here.

pkg-config might've found a cross lib while AC_CHECK_LIB may find a different
or native one.

Run a link-test against the lib that's already been found instead.

Add error checking to CLevelDBWrapper for errors from
leveldb::DestroyDB().  Without it, if unlink() or DeleteFileW() fail to
delete files, they will fail silent.  If they fail to delete any files,
CLevelDBWrapper will silently open and read the existing database.

Typically any permissions issues would be caught by leveldb as it churns
through many files as part of its compaction process, but it is
conceivable that this could cause problems on Windows with anti-virus
and indexing software.

typo

When running the rpc tests in Wine, nodes often fail to listen on localhost
due to a stale socket from a previous run. This aligns the behavior with other
platforms.

The value of new arg ttl is set to 2 as it's recommended default.

Upstream: 9f68ed6b6d1a9c6436ce37913666165f2b180ee3 (PR #6539)

The thin space QT html hack results in cut-off chars/nums after a line break.

Avoid word wrap line breaks by using a smaller font and a line break before each alternative value)

Rebased-From: 24cb7c7bbba224dcb73fcf69296f5ef4734f745f
Github-Pull: #6694

5e6d893 travis: for travis generating an extra build (Cory Fields)
ceba0f8 PARTIAL: typofixes (found by misspell_fixer) (Veres Lajos)
2ede6b7 add support for miniupnpc api version 14 (Pavel Vasin)
0dfcdd4 rpc-tests: re-enable rpc-tests for Windows (Cory Fields)
c9ad65e net: Set SO_REUSEADDR for Windows too (Cory Fields)
0194bdd add unit test for CNetAddr::GetGroup. (Alex Morcos)
bdf2542 Fix masking of irrelevant bits in address groups. (Alex Morcos)
65426ac Add missing files to files.md (fanquake)
28d76d2 Handle leveldb::DestroyDB() errors on wipe failure (Adam Weiss)
843469e Use unique name for AlertNotify tempfile (Casey Rodarmor)
4e5ea71 Make sure LogPrint strings are line-terminated (J Ross Nicoll)
3861f0f build: fix libressl detection (Cory Fields)
04507de Avoid leaking file descriptors in RegisterLoad (Casey Rodarmor)
8b59079 Add autogen.sh to source tarball. (randy-waterhouse)

This adds SCRIPT_VERIFY_LOW_S to STANDARD_SCRIPT_VERIFY_FLAGS which
 will make the node require the canonical 'low-s' encoding for
 ECDSA signatures when relaying or mining.

Consensus behavior is unchanged.

The rational is explained in a81cd96805ce6b65cca3a40ebbd3b2eb428abb7b:
 Absent this kind of test ECDSA is not a strong signature as given
 a valid signature {r, s} both that value and {r, -s mod n} are valid.
 These two encodings have different hashes allowing third parties a
 vector to change users txids.  These attacks are avoided by picking
 a particular form as canonical and rejecting the other form(s); in
 the of the LOW_S rule, the smaller of the two possible S values is
 used.

If widely deployed this change would eliminate the last remaining
 known vector for nuisance malleability on boring SIGHASH_ALL
 p2pkh transactions.  On the down-side it will block most
 transactions made by sufficiently out of date software.

Unlike the other avenues to change txids on boring transactions this
 one was randomly violated by all deployed bitcoin software prior to
 its discovery.  So, while other malleability vectors where made
 non-standard as soon as they were discovered, this one has remained
 permitted.  Even BIP62 did not propose applying this rule to
 old version transactions, but conforming implementations have become
 much more common since BIP62 was initially written.

Bitcoin Core has produced compatible signatures since a28fb70e in
 September 2013, but this didn't make it into a release until 0.9
 in March 2014; Bitcoinj has done so for a similar span of time.
 Bitcoinjs and electrum have been more recently updated.

This does not replace the need for BIP62 or similar, as miners can
 still cooperate to break transactions.  Nor does it replace the
 need for wallet software to handle malleability sanely[1]. This
 only eliminates the cheap and irritating DOS attack.

[1] On the Malleability of Bitcoin Transactions
Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek
http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf

Conflicts:
	src/policy/policy.h

Rebased-From: b196b685c9089b74fd4ff3d9a28ea847ab36179b
Github-Pull: #6769

While the existing numeric opcodes are all limited to 4-byte bignum
arguments, new opcodes will need different limits.

Rebased-From: 99088d60d8a7747c6d1a7fd5d8cd388be1b3e138

Will now be needed by CHECKLOCKTIMEVERIFY code.

Rebased-From: 48e9c57cf06352f890eac4285ae022d8746cf3fd

<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime>

Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be
locked until some block height or block time in the future is reached.

Only the logic and unittests are implemented; this commit does not have
any actual soft-fork logic in it.

Thanks to Pieter Wuille for rebase.

Credit goes to Gregory Maxwell for the suggestion of comparing the
argument against the transaction nLockTime rather than the current
time/blockheight directly.

Rebased-From: bc60b2b4b401f0adff5b8b9678903ff8feb5867b

Transactions that fail CLTV verification will be rejected from the
mempool, making it easy to test the feature. However blocks containing
"invalid" CLTV-using transactions will still be accepted; this is *not*
the soft-fork required to actually enable CLTV for production use.

Rebased-From: ffd75adce01a78b3461b3ff05bcc2b530a9ce994

Based on the earlier BIP66 soft-fork logic implemented by Pieter
Wuille's 5a47811da5158df763aa2fca09ce646ee0c51e7b

Rebased-From: 287f54fc90c29301faede8d4ac2ea24a91441917

bip65-cltv.py is based on the earlier BIP66 soft-fork RPC test
implemented by Pieter Wuille's 819bcf9b9902319176cdb1d476cacfee9b3727ec

bip65-cltv-p2p.py is based on the earlier BIP66 P2P test by Suhas
Daftuar's d76412b068d95454732aa3def95decf35251759a

Rebased-From: 308257856099e82e91881ba97f741d840184727c

Four cases included:

* The CLTV operand type mismatches the tx locktime. In the script it is
  1 (interpreted as block height), but in the tx is 500000000
  (interpreted as date)
* The stack is empty when executing OP_CLTV
* The tx is final by having only one input with MAX_INT sequence number
* The operand for CLTV is negative (after OP_0 OP_1 OP_SUB)

Rebased-From: cb54d17355864fa08826d6511a0d7692b21ef2c9

This version of miniupnpc fixes a buffer overflow in the XML (ugh)
parser during initial network discovery.

http://talosintel.com/reports/TALOS-2015-0035/

The commit fixing the vulnerability is:
https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

Reported by timothy on IRC.

Github-Pull: #6789
Rebased-From: 0cca0248f030ea32bd8de778b5a2782e0d191978

Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.

I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.

Rebased-From: 21d27ebad5721bc61c62bc72dc3ab3197f9da268
Github-Pull: #6795

Github-Pull: #6797
Rebased-From: 8be371db340b03dc03142c1bb3390fdfc84f56b4

To bridge the time until a dynamic method for determining this fee is
merged.

This is especially aimed at the stable releases (0.10, 0.11) because
full mempool limiting, as will be in 0.12, is too invasive and risky to
backport.

Github-Pull: #6793
Rebased-From: 28e3249e53b8ef7516636df0f1406466a513095d 4e2efb3c5fde4b1e332cc032e3dc4082ec4e3cac

[skip ci]

This passes `-Wa,--noexecstack` to the assembler when building
platform-specific assembly files, to signal that a non-executable stack
can be used. This is the same approach as used by Debian
(see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430583)

Rebased-From: bfcdc21a5da25ec1aa4aecc4cd8960dfa1c11781
Github-Pull: #6852

fb818b6 Bring historical release notes up to date (Micha)

Nagle appears to be a significant contributor to latency now that the static
 sleeps are gone.  Most of our messages are relatively large compared to
 IP + TCP so I do not expect this to create enormous overhead.

This may also reduce traffic burstyness somewhat.

Conflicts:
	src/net.cpp

Rebased-From: a4e28b3d1e5c95eb0c87f144851cd65048c3e0bc
Github-Pull: #6867

5dc72f8 CLTV: Add more tests to improve coverage (Esteban Ordano)
6a1343b Add RPC tests for the CHECKLOCKTIMEVERIFY (BIP65) soft-fork (Peter Todd)
4137248 Add CHECKLOCKTIMEVERIFY (BIP65) soft-fork logic (Peter Todd)
0e01d0f Enable CHECKLOCKTIMEVERIFY as a standard script verify flag (Peter Todd)
6d01325 Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65) (Peter Todd)
750d54f Move LOCKTIME_THRESHOLD to src/script/script.h (Peter Todd)
6897468 Make CScriptNum() take nMaxNumSize as an argument (Peter Todd)

Translations for 0.12 have been opened, translations for 0.10 have been
closed.