d6cde007db rpcauth: Improve by using argparse and getpass modules (João Barbosa)
Pull request description:
This PR improves argument handling in `rpcauth.py` script by using `argparse` module. Specifying `-` as password makes it prompt securely with `getpass` module which prevents leaking passwords to bash history.
Tree-SHA512: 489d66c95f66b5618cb75fd8f07ea5647281226ab9e32b03051eb43f758b9334ac19b7c82c2ed4f8c7ffbb0bee949b3d389e1564ec7a6e372f2864233bc7cb88
27c44ef9c6 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287481 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003952 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)
Pull request description:
A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:
* Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
* Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
* Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.
Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
69ca48717c Implement prevector::fill once (Ben Woosley)
7bad78c2c8 Drop defunct IS_TRIVIALLY_CONSTRUCTIBLE handling from prevector.h (Ben Woosley)
Pull request description:
This is clean-up post #14651:
* Use one implementation of `prevector::fill`, as it's possible now that the implementations are identical.
* Only apply the `IS_TRIVIALLY_CONSTRUCTIBLE` handling to the bench file where it is used, and drop the now-unnecessary associated compat includes.
Tree-SHA512: 5930b3a17fccd39af10add40202ad97a297aebecc049af72ca920d0d55b3e4c3c30ce864c8a683355895f0196396d4ea56ba9f9637bdc7d16964cdf66c195485
3fb09b9889 Warn unrecognized sections in the config file (Akio Nakamura)
Pull request description:
This PR intends to resolve#14702.
In the config file, sections are specified by square bracket pair "[]"$,
or included in the option name itself which separated by a period"(.)".
Typicaly, [testnet] is not a correct section name and specified options
in that section are ignored but user cannot recognize what is happen.
So, add some log-warning messages if unrecognized section names are
present in the config file after checking section only args.
note: Currentry, followings are out of scope of this PR.
1) Empty section name or option name can describe.
e.g. [] , .a=b, =c
2) Multiple period characters can exist in the section name and option name.
e.g. [c.d.e], [..], f.g.h.i=j, ..=k
Tree-SHA512: 2cea02a0525feb40320613989a75cd7b7b1bd12158d5e6f3174ca77e6a25bb84425dd8812f62483df9fc482045c7b5402d69bc714430518b1847d055a2dc304b
fa7da0617c qa: Check specific reject reasons in feature_block (MarcoFalke)
Pull request description:
There are some consensus checks that are essentially turned off because we never send the block, but only the header. It happens that the header was sufficient to determine the invalidity of the block according to our consensus rules in those cases. Fix that by forcing the full block on the node unsolicited.
Tree-SHA512: a5534318370367ea8de07d853de7e845c8f5637cd6d5457e932a9555af26cc212625e443c00c93586d556cc770f301248e7cabd68131a37791ae91706e7e40b2
6be7d14d24 Properly generate salt in rpcauth.py, update tests (Carl Dong)
Pull request description:
Previously, when iterating over bytes of the generated salt to construct
a hex string, only one character would be outputted when the byte is
less than 0x10. Meaning that for a 16 byte salt, the hex string might be
less than 32 characters and collisions would occur.
Tree-SHA512: 7038ecbbac846cd1851112396acd8a04475685f5b6f786e4e7316acba4a56cc711c275b7f52f0f2b6bc6cfdc0c0d9d39c3afeb2c0aff3a30fde516bf642fdf9f
feeef7d30e Do not specify sudo in .travis (Julian Fleischer)
Pull request description:
Travis is deprecating the `sudo` keyword and moves everything to
the same infrastructure (sudo really selects between two infrastructures).
See https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration?utm_source=in-app&utm_medium=intercom for more info.
Tree-SHA512: 3364fbeaf7af5e91ef97cf7fbcc75427ecb4e10b02a31cbc17ccc46a6077bba7a000539717bb6a351c404a2b408af7de6c4587089b02367e67e1c8bfd8fe69d1
591203149f wallet: Create IsDatabaseLoaded function (Chun Kuan Lee)
15c93f075a wallet: Add trailing wallet.dat when detecting duplicate wallet if it's a directory. (Chun Kuan Lee)
c456fbd8df Refactor: Move m_db pointers into BerkeleyDatabase (Russell Yanofsky)
Pull request description:
Fix#14538
Fix crash attempting to load the same wallet with different path strings that resolve to the same absolute path. The primary check which prevents loading the same wallet twice is:
6b8d0a2164/src/wallet/db.cpp (L44)
But this check is skipped if both wallet paths resolve to the same absolute path, due to caching here:
6b8d0a2164/src/wallet/db.cpp (L467)
Meanwhile a secondary check for duplicate wallets is not reliable because it based on a literal comparison, instead of comparison using absolute paths:
6b8d0a2164/src/wallet/wallet.cpp (L3853)
This PR fixes the latter check to compare the absolute path of a new wallet being loaded to absolute paths of wallets already loaded, so there should no longer be any way to load the same wallet more than once.
Tree-SHA512: 2fa01811c160b57be3b76c6b4983556a04bbce71a3f8202429987ec020664a062e897deedcd9248bc04e9baaa2fc7b464e2595dcaeff2af0818387bf1fcdbf6f
In the config file, sections are specified by square bracket pair "[]"$,
or included in the option name itself which separated by a period"(.)".
Typicaly, [testnet] is not a correct section name and specified options
in that section are ignored but user cannot recognize what is happen.
So, add some log/stderr-warning messages if unrecognized section names
are present in the config file after checking section only args.
e816b341ab revert removal of fstream.hpp header in fs.h (Karl-Johan Alm)
Pull request description:
We cannot (yet) remove the EXPECTED_BOOST_INCLUDES entry as this header is still needed in `fs.h` (see #14763).
Partially reverts #14718.
Tree-SHA512: e94d8d6208bee14af20a7a529e60a4898358ec8c070a8bf0701e589a2ae33df1305deac83cee619f103c24be0eb3c12a2f490209c125b247acf21561c7de456e
c54e5a41c4 Remove unreferenced boost headers (Murray Nesbitt)
Pull request description:
Building with clang (e.g. on FreeBSD) is very noisy due to `-Wthread-safety-analysis` warnings regarding boost. This change removes a number of unnecessary boost includes, and silences the rest of the warnings when building with clang. This allows more potentially interesting warnings to surface from the noise.
Tested on FreeBSD 11.2
Tree-SHA512: 5e6a0623188b9be59aeae52866799aefb4c3c9ab5e569b07ee8d43fc92e0b5f1f76b96bb54c35c7043148df84641b4a96927fb71f6eb00460c20cd19cf250900
b08af10fb2 disallow oversized CBlockHeaderAndShortTxIDs (Kaz Wesley)
6bed4b374d fix a deserialization overflow edge case (Kaz Wesley)
051faf7e9d add a test demonstrating an overflow in a deserialization edge case (Kaz Wesley)
Pull request description:
A specially-constructed BlockTransactionsRequest can cause `offset` to wrap in deserialization. In the current code, there is not any way this could be dangerous; but disallowing it reduces the potential for future surprises.
Tree-SHA512: 1aaf7636e0801a905ed8807d0d1762132ac8b4421a600c35fb6d5e5033c6bfb587d8668cd9f48c7a08a2ae793a677b7649661e3ae248ab4f8499ab7b6ede483c
Previously, when iterating over bytes of the generated salt to construct
a hex string, only one character would be outputted when the byte is
less than 0x10. Meaning that for a 16 byte salt, the hex string might be
less than 32 characters and collisions would occur.
07e286d940 Improve scripted-diff developer docs (Carl Dong)
Pull request description:
Instead of verifying all scripted-diffs, provide an example that only verifies all scripted-diffs in commits since `origin/master`.
Tree-SHA512: 2faecfd1df04046c77ca2b7426675265f7ed656b2b7e2714ae61c0a38b3ea239f35d2be6d615c5191a21f3a453e37f6a4622bd4558173b768cb73183b56c4d62
9cc0230cfc Add NODISCARD to all {Decode,Parse}[...](...) functions returning bool. Sort includes. (practicalswift)
579497e77a tests: Explicitly ignore the return value of DecodeBase58(...) (practicalswift)
145fe95ec7 tests: Check return value of ParseParameters(...) (practicalswift)
7c5bc2a523 miner: Default to DEFAULT_BLOCK_MIN_TX_FEE if unable to parse -blockmintxfee (practicalswift)
Pull request description:
Changes in this PR:
* ~~Add linter to make sure the return value of `Parse[...](...)` is checked~~
* Add `__attribute__((warn_unused_result))` to all `{Decode,Parse}[...](...)` functions returning `bool`
* Fix violations
Context:
* #13712: `wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.` would have been prevented by this
Tree-SHA512: 41a97899f2d5a26584235fa02b1ebfb4faacd81ea97e927022955a658fa7e15d07a1443b4b7635151a43259a1adf8f2f4de3c1c75d7b5f09f0d5496463a1dae6
b4f6e58ca5 Better error message for user when corrupt wallet unlock fails (MeshCollider)
Pull request description:
Mentioned here: https://github.com/bitcoin/bitcoin/issues/14461#issuecomment-429183503
Current behavior is to assert(false) and crash, only info is printed in the log. This shows the message to the user before abort() instead.
Tree-SHA512: 526f9ed9262257fca55caf7153ab913ed958b13b079d2f01db797485614d8c375815a1554276e8cf73d3838104b2691a9cf85c8d097973127ae8de9e111446bf
86cddf0856 doc: add detached release notes for #14060 (mruddy)
Pull request description:
Adding detached release notes for #14060 in order to assist with https://github.com/bitcoin/bitcoin/pull/14688.
Tree-SHA512: 170cd0b6ac27237f58875f301132e0695dee36eec5d90a0c1234c0fa9db125151e6cebd94e63e634ddc4ddcfb77d7a4a07434ffd3725cb0dfa13fc4ccfbde2a0
ba8f0c6c8d Release notes: integrate detached release notes (David A. Harding)
6062f0e613 Release notes: update notes through to 11e1ac3ae0 (David A. Harding)
Pull request description:
This documents changes listed by `git log v0.17.0...11e1ac3 --merges` and integrates the existing detached release notes into the main file.
My goal is to update the release notes each month in order to reduce the amount of writing and review that needs to be done all at once near the start of the RC cycle.
Note: I've chosen to use fully-qualified URLs for linking to documentation, rather than shorter relative URLs that would otherwise be preferred, as the release notes are commonly copied into emails, reddit threads, and blog posts where relative URLs would be incomplete or would point to the wrong page.
Tree-SHA512: a943327d48e166f4a188ab0f468972609276e9c8f0ed85513823511ed989606445bf6b0ae9dd693b5d1e13d2f98c13573acd13865c57fe9c8ee9dbd04ceeff7f
5c5902acc5 build: Add bitcoin-tx.exe into Windows installer (Chun Kuan Lee)
Pull request description:
I think bitcoin-tx.exe should be packed into the Windows installer.
Tree-SHA512: 346051d3680e74e773d5d8736b5d90604dc52689484cf14b2bc47e1fe3a010f9322f82993e2b1ba3533736bcb9bc8478d71f8c4d42eadf6605195fba619d71a2
fa0815c300 rpc: Correctly name arguments (Jon Layton)
Pull request description:
Consistently use the same name to describe arguments in the documentation and add a test that uses the name.
By splitting it up, the changes are easier to potentially backport and also make review easier when we switch to `RPCHelpMan`.
The tests should pass with or without the changes in `src`.
Partly stolen from #14459 (More RPC help description fixes by ch4ot1c)
Tree-SHA512: 1072992b1e93ac41006613523e54a0a8004f529fcb101eb9d74d91474abb0945a5a7539f249905151b904b87448f9efc0cacbd9e052fbe2ea9111e62f3e7249c
7afddfa8ce importmulti: Don't add internal addresses to address book (Gregory Sanders)
Pull request description:
Currently anything imported with `internal` will not be treated as change since checking the address book is a primary test of this.
Added basic tests of all combinations of arguments and change identification.
Resolves https://github.com/bitcoin/bitcoin/issues/14662
Tree-SHA512: a1f08dc624a3fadee93cc5392d50c4796b0c5eedf38e295382f71570f2066d9e978ed6e3962084b902989863fe1273a8642d8fdb094a266d69de10622a4176b0
fa483e13b3 rpc: Add RPCHelpMan for machine-generated help (MarcoFalke)
fa0d36f712 rpc: Include rpc/util.h where needed for RPCHelpMan (MarcoFalke)
Pull request description:
This introduces a manager for the RPC help generation and demonstrates its use of it in some RPCs.
It is the first non-exhaustive step toward #14378 and I will create pull requests for the next steps after this one is merged.
Tree-SHA512: 86f68322443ff01cd964aaf0ebe186be63fbebe4c47676cf7a622cc2b5305fd176bd57badfd1bbf788a036812253eb0dead74ecc3b30664c3e0d9392b2248054
fa5a6ce102 qa: Raise ci test_runner timeout to 40 mins (MarcoFalke)
fa3df025e1 travis: Avoid timeout on verify-commits check (MarcoFalke)
Pull request description:
The verify-commits check is too expensive to run in full (calculate Tree-SHA512 and clean-merge for every single merge commit in history) every day (the cron job runs every ~24h). Since the cron job is running every day, it is also redundant to redo most of the work on the next day.
So, only check two days worth of commits and assume that travis checked the Tree-SHA512 and clean-merge for all other commits already. The script will still check all the signatures, since the check-result for them depends on external inputs such as current time or the public keys we got from the server.
[Note that travis is not meant to do the verification for anyone or is meant to be trusted in any way. This check only serves as a belt-and-suspender to notify maintainers in case of a technical issue or script malfunction. But since the script is timing out for months now, its purpose is diminished right now.]
Tree-SHA512: 336c5cbcc03cdf50be96cd61412471be9078d862da8ba2054f337441e062a6067c95fbbd03912e3de6a116f3caa75fd3f01a04864d34aae1489faa3154572815
fa21568208 qa: Avoid race in p2p_invalid_block by waiting for the block request (MarcoFalke)
6c787d340c tests: Make feature_block pass on centos (MarcoFalke)
Pull request description:
This hopefully fixes#14661, which I believe is caused by a race in `send_blocks_and_test`. By setting `request_block=False` we only effectively check `node.getbestblockhash() != blocks[-1].hash` before returning and checking the debug.log. By setting `request_block=True` (the default) we make sure that we send the block, then sync with a ping before asserting on the debug.log.
Even if this patch doesn't fix the issue, it is good cleanup: There is no reason to not wait for the blocks to be requested, since in all these cases the header gives no indication that the block is consensus invalid. So this patch makes the test also a bit stricter and more useful.
Unrelated to this, I also include a fix that makes the tests pass on latest CentOS.
Tree-SHA512: c7abee3b7dc790a8af6c289159a7751bd962f6fa16c1537e7e21a0a0ef05b9596d1f4eb75319614603c05cb803e021314fa3596508ba443edd03046b25527e0f
27154ce765 util.h: explicitly include required QString header (1Il1)
Pull request description:
Alternative to #14713.
Instead of depending on clang formatter to not reorder includes, another fix is to explicitly include the missing header file.
Tree-SHA512: f419ef2fd1dfd8da28160a94d187af78463fb398ef6aadd6c68ebf57e6d02380d93f5f370bf2d39e88dcbfeb252c3e5f245c0a157c7d0a64c38fc0f0c7004515
4e4de10f69 Throw error if CPubKey is invalid during PSBT keypath serialization (Gregory Sanders)
Pull request description:
Related to https://github.com/bitcoin/bitcoin/pull/14689
We should catch this error before attempting to deserialize it later.
Tree-SHA512: d2f3ea7f363818ac70c81ee988231b2bb50d055b6919f7bff3f27120c85a7048bfa183efae33e23e6b81d684bcb8bb81e5b209abb3acbcaff1d88014f4f1aa93
a6b5ec18f rpc: creates possibility to preserve labels on importprivkey (marcoagner)
Pull request description:
Closes#13087.
As discussed in the issue, this is a feature request instead of a bug report since the behaviour was as intended (i.e. label with default: `''`). With this, the old behaviour is kept while the possibility to achieve the preservation of labels, as expected in the open issue, is added.
Tree-SHA512: b33be50e1e7f62f7ddfae953177ba0926e2d848961f9fac7501c2b513322c0cb95787745d07d137488267bad1104ecfdbe800c6747f94162eb07c976835c1386
88a79cb436 fix converttopsbt permitsigdata arg, add basic test (Gregory Sanders)
Pull request description:
The final check for extraneous sigdata has a flipped boolean, resulting in incorrect behavior.
Resolves https://github.com/bitcoin/bitcoin/issues/14355
Tree-SHA512: 5157a74b8ddebd7d836fba96765c4d7ed15a73d4289817353d3566a0f6803bd4bbc3f936735c517c7a83a6cbdb4052b9c61d23f6cc4ad00a6077278cd51adbd4
