5df6f089b5 More tests of signer checks (Andrew Chow)
7c8bffdc24 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)
Pull request description:
The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.
Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.
Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
bd19cc78cf Serialize non-witness utxo as a non-witness tx but always deserialize as witness (Andrew Chow)
43811e6338 Fix PSBT deserialization of 0-input transactions (Andrew Chow)
Pull request description:
0-input transactions can be ambiguously deserialized as being witness transactions. Since the unsigned transaction is never serialized as a witness transaction as it has no witnesses, we should always deserialize it as a non-witness transaction and set the serialization flags as such.
When a transaction is serliazed for the non-witness-utxo, it is always a valid network transaction and thus it should be always be deserialized as a witness transaction and the deserialzation flags are set as such.
Fixes#13958
Tree-SHA512: 1937b3cb2618534478d4f533541fb9efce3cb5badb5d1964bfe19400f4aacc6c8ecedaf1f20d26b20baf94f81fd07dfb15b3b08089ecbd63aeecbc18c7c48086
8845c8aea6 tests: Replace usage of tostring() with tobytes() (Carl Dong)
Pull request description:
tostring() is deprecated as of python 3.7 and results in stderr output
causing tests to fail
Tree-SHA512: 8c5bbd6c6127490922add98543ee7719d19e11200e081784adef2f026ddf90d7735da7d0fb41fa4307d0d3450a27e126752c2b01cbd79b0c8a695855aed080ac
Strip out the witnesses when serializing the non-witness utxo. However
witness serializations are allowed, so make sure we always deserialize
as witness.
0-input transactions can be ambiguously deserialized as being witness
transactions. Since the unsigned transaction is never serialized as
a witness transaction as it has no witnesses, we should always
deserialize it as a non-witness transaction and set the serialization
flags as such.
Also always serialize the unsigned transaction as a non-witness transaction.
fa5ce27385 ui: Compile boost:signals2 only once (MarcoFalke)
Pull request description:
ui is one of the modules that poison other modules with `boost/signals2` headers. This moves the include to the cpp file and uses a forward declaration in the header.
Locally this speeds up the incremental build (building everything that uses the ui module) with gcc by ~5% for me. Gcc uses ~5% less memory.
Would be nice if someone could verify the numbers roughly.
I presume the improvements will be more pronounced if the other models would stop exposing the boost header as well.
Tree-SHA512: 078360eba330ddbca4268bd8552927eae242a239e18dfded25ec20be72650a68cd83af7ac160690249b943d33ae35d15df1313f1f60a0c28b9526853aa7d1e40
6ad0328f1c Don't assert(foo()) where foo has side effects (practicalswift)
Pull request description:
Don't `assert(foo())` where `foo` has side effects.
From `assert(3)`:
> If the macro `NDEBUG` is defined at the moment `<assert.h>` was last included, the macro `assert()` generates no code, and hence does nothing at all.
Bitcoin currently cannot be compiled without assertions, but we shouldn't rely on that.
Tree-SHA512: 28cff0c6d1c2fb612ca58c9c94142ed01c5cfd0a2fecb8e59cdb6c270374b215d952ed3491d921d84dc1b439fa49da4f0e75e080f6adcbc6b0e08be14e54c170
ef7beaea6a Visual Studio build configuration for Bitcoin Core (Aaron Clauson)
Pull request description:
This PR allows Bitcoin Core to be relatively easily built with Visual Studio 2017. It's anticipated that it could be useful for devs familiar with Visual Studio and Microsoft's tooling. In particular the ability to use the VS debugger is a big benefit.
~~Caveats:~~
- ~~There are some minor code changes required on Bitcoin Core in order for msvc to be able to successfully compile. I'll submit them in a separate PR, The code changes are available in #11528#11558 and #11562~~.
- ~~The vcpkg for SECP256K1 has not yet been accepted by Microsoft. The files are available from this [PR](https://github.com/Microsoft/vcpkg/pull/2005) and should be copied into a vcpkg/ports/secp256k1 directory prior to vcpkg install steps.~~
**Update:** For anyone wishing to test out the Visual Studio build with the various open pull requests the steps are:
- Clone and build [Vcpkg](https://github.com/Microsoft/vcpkg) (Microsoft's new open source C/C++ package manager)
- git clone https://github.com/Microsoft/vcpkg
- .\bootstrap-vcpkg.bat
- Set up Visual Studio to automatically reference vcpkg installs: .\vcpkg integrate install
- Install the required packages (replace x86 with x64 as required):
- vcpkg install boost:x86-windows-static
- vcpkg install libevent:x86-windows-static
- vcpkg install openssl:x86-windows-static
- vcpkg install zeromq:x86-windows-static
- vcpkg install berkeleydb:x86-windows-static
- vcpkg install secp256k1:x86-windows-static
- vcpkg install leveldb:x86-windows-static
- git clone https://github.com/bitcoin/bitcoin.git
- git checkout -b testbuild
- git pull origin pull/11526/head # Visual Studio build configuration for Bitcoin Core
- ~~git pull origin pull/11558/head # Minimal code changes to allow msvc compilation~~
- ~~git pull origin pull/11562/head # bench: use std::chrono rather than gettimeofday~~
- ~~Copy and unzip attached bitcoin-config.h to src/config, edit as required [bitcoin-config.zip](https://github.com/bitcoin/bitcoin/files/1429484/bitcoin-config.zip)~~
- ~~git pull origin pull/13031/head # gmtime fix for msvc~~
- Build the Visual Studio solution which, if successful, will result in all but the Qt dependent libraries/programs being built. If the build fails please add a comment.
Tree-SHA512: 5cd17273d33a09c35d8534c9f49123dec60ec05383669c67674b2cac88ada177bf94d7731c2a827759444f18d4b67085b91b02458124d0c32ab3a8f72ba5dac9
Now that 0.17 branch has been split off, master is 0.17.99 (pre-0.18).
Also clean out release notes.
Tree-SHA512: bb20025d3ead3346afc7a6a51af715783e705e1de9d1b90ced6423d8969d64e42b72d06a1eb853083b11e9cfe674775266792ae2cd18ed6c858938e125edab03
176aa5aa1d contrib: fix GetDesirableServiceFlags typo in seeds/README.md (MarcoFalke)
825fb02ef1 net: Update hardcoded seeds (Wladimir J. van der Laan)
61c0d3b9aa contrib: in makeseeds, add 0.16.x to PATTERN_AGENT, remove 0.13.x (Wladimir J. van der Laan)
Pull request description:
As per release process and https://github.com/bitcoin/bitcoin/blob/master/contrib/seeds/README.md
Tree-SHA512: c1acd43d8462196f2606babd5268ea75dbb844da729ac9592f08b4895c6a4754591ccbc6ac0bc364b2fb082695e72656154c141dd83c847db8973b3af8df74be
68400d8b96 tests: Use explicit imports (practicalswift)
Pull request description:
Enable automatic detection of undefined names in Python tests scripts. Remove wildcard imports.
Wildcard imports make it unclear which names are present in the namespace, confusing both readers and many automated tools.
An additional benefit of not using wildcard imports in tests scripts is that readers of a test script then can infer the rough testing scope just by looking at the imports.
Before this commit:
```
$ contrib/devtools/lint-python.sh | head -10
./test/functional/feature_rbf.py:8:1: F403 'from test_framework.util import *' used; unable to detect undefined names
./test/functional/feature_rbf.py:9:1: F403 'from test_framework.script import *' used; unable to detect undefined names
./test/functional/feature_rbf.py:10:1: F403 'from test_framework.mininode import *' used; unable to detect undefined names
./test/functional/feature_rbf.py:15:12: F405 bytes_to_hex_str may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:17:58: F405 CScript may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:25:13: F405 COIN may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:26:31: F405 satoshi_round may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:26:60: F405 COIN may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:30:41: F405 satoshi_round may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
./test/functional/feature_rbf.py:30:68: F405 COIN may be undefined, or defined from star imports: test_framework.mininode, test_framework.script, test_framework.util
$
```
After this commit:
```
$ contrib/devtools/lint-python.sh | head -10
$
```
Tree-SHA512: 3f826d39cffb6438388e5efcb20a9622ff8238247e882d68f7b38609877421b2a8e10e9229575f8eb6a8fa42dec4256986692e92922c86171f750a0e887438d9
To avoid:
$ make check
{…omissis…}
Running test/util/bitcoin-util-test.py...
/usr/local/bin/python3.7 ../test/util/bitcoin-util-test.py
../test/util/bitcoin-util-test.py:31: DeprecationWarning: This method will be removed in future versions. Use 'parser.read_file()' instead.
config.readfp(open(os.path.join(os.path.dirname(__file__), "../config.ini"), encoding="utf8"))
$ python3 --version
Python 3.7.0
869193f5a6 docs: fixed bitcoin-cli -help output for help2man (Hennadii Stepanov)
Pull request description:
Currently `bitcon-cli -help` output forces help2man to produce `.TP` and `.IP` commands instead of a single `.IP` command for `-stdinrpcpass` option.
Removing an extra space fixes this issue.
This pull request is rebased from #13879
Tree-SHA512: 1c5b25ed2ef7b7de42bc6210165bdbabe63f045699487f2db4790e0d3176f6493dfd3e8e19f4ddc38b551539465d7b41aea570f20dccbc0609f00fdfee1b5180
cf9ed307e6 qa: blocktools enforce named args for amount (MarcoFalke)
Pull request description:
Since #13669 changed some signatures, I think it might be worthwhile to enforce named args for primitive types such as amounts.
Tree-SHA512: 2733e7b6a20590b54bd54e81a09e3f5e2fadf4390bed594916b70729bcf485b048266012c1203369e0968032a2c6a2719107ac17ee925d8939af3df916eab1a6
4b7091a842 Replace median fee rate with feerate percentiles (Marcin Jachymiak)
Pull request description:
Currently, the `medianfeerate` statistic is calculated from the feerate of the middle transaction of a list of transactions sorted by feerate.
This PR instead uses the value of the 50th percentile weight unit in the block, and also calculates the feerate at the 10th, 25th, 75th, and 90th percentiles. This more accurately corresponds with what is generally meant by median feerate.
Tree-SHA512: 59255e243df90d7afbe69839408c58c9723884b8ab82c66dc24a769e89c6d539db1905374a3f025ff28272fb25a0b90e92d8101103e39a6d9c0d60423a596714
4441ad677a Make format string linter understand basic template parameter syntax (practicalswift)
Pull request description:
Make format string linter understand basic template parameter syntax.
Fixes issue described in https://github.com/bitcoin/bitcoin/pull/13705#issuecomment-412046126.
Thanks to @ken2812221 for reporting!
Tree-SHA512: 8fb995bc6b29d8b9926ef5969e02cf71c494e829434fcdeb4ed5fabad5ab96e86e5b8eea705e8a416927757b4fa4e58abc0fd4f483daa58c94e2c6fdcb8ee822