Split off CBlockTreeDB and CCoinsViewDB into txdb-*.{cpp,h} files,
implemented by either LevelDB or BDB.
Based on code from earlier commits by Mike Hearn in his leveldb
branch.
- this patch enables several new GCC compiler hardening options that
allows us to increase the security of our binaries (see:
https://wiki.debian.org/Hardening)
-D_FORTIFY_SOURCE=2:
Enables compile-time protection against static sized buffer overflows.
-Wl,-z,relro -Wl,-z,now:
Enables full RELRO (RELocation Read-Only), which is a generic mitigation
technique to harden the data sections of an ELF binary/process. See:
http://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/ for
further details.
This patch currently excludes our Windows executable!
- change to use -fstack-protector-all
- the minimum size of buffers (i.e. arrays) that will receive stack
smashing protection was changed to 1 byte (GCC default: 8)
- warn about functions that will not be protected against stack
smashing by adding -Wstack-protector
- add version information to bitcoin-qt.rc, which is displayed on Windows, when looking in the executable properties and selecting "Details"
- introduce a new clientversion.h (used in bitcoin-qt.rc to generate
version information), which takes only the version defines from
version.h and is included in it (to allow usage with the windres rc-file
compiler)
- move #define STRINGIFY(s) #s into clientversion.h as that is used in
bitcoin-qt.rc and rename to DO_STRINGIZE(X)
- add #define STRINGIZE(X) DO_STRINGIZE(X), which is needed to convert the
version defines into a version string in the rc-file
- this ensures we only need to update 1 file and have bitcoin-qt.exe
version information
- for RC-file documentation see:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa381058%28v=vs.85%29.aspx
- for extra security on Windows: enable ASLR and DEP via GCC linker flags
GCC linker flag description:
--dynamicbase The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows Vista for i386 PE targets.
--nxcompat The image is compatible with the Data Execution Prevention.
This feature was introduced with MS Windows XP SP2 for i386 PE targets.
- add UI-feedback via QValidatedLineEdit
- copy button for generated signature was moved to the signature output field
- add an addressbook button to verify message tab
- input fields are now evenly ordered for sign and verify tabs
- update FIRST_CLASS_MESSAGING support to ensure a good UX
- add a button and context menu entry in addressbook for verify message (to be consistent with sign message)
- focus is now only set/changed, when clearing input fields or adding an address via addressbook
- re-work / update some strings
- ensure model gets initialized in the SignVerifyMessageDialog constructor
- add checks for a valid model to both addressbook buttons
- remove unneeded includes for Qt GUI elements that are listed in ui_signverifymessagedialog.h anyway
Implement listunspent / getrawtransaction / createrawtransaction /
signrawtransaction, to support creation and
signing-on-multiple-device multisignature transactions.
- extend network options with a SOCKS version selection
- changing "Unit to show amounts in:" now also updates the unit used in the transaction fee box
- string updates
- link Apply button and OK button when enabling or disabling them
- use LookupNumeric() from netbase to verify proxy address (via an EventFilter)
- change proxy address field to QValidatedLineEdit and add visual feedback
- add a status label used for displaying a message for invalid proxy addresses
- allow usage of IPv6 address as proxy address
- added warning message when enabling / disabling SOCKS proxy
- Generate *.qm only when needed (and when qmake is run), this avoids a long qrc compile and link step every time
- Generate build.h every time, but only trigger link when it changed (like makefile.unix)
This will make bitcoin relay valid routable IPv6 addresses, and when
USE_IPV6 is enabled, listen on IPv6 interfaces and attempt connections
to IPv6 addresses.
For Qt builds, the build.h file is moved to build/build.h. For regular
builds, it is moved to obj/build.h. This allows the Qt build to be done
in a different directory than the source, and without interfering with
other builds.
All client version information is moved to version.cpp, which optionally
(-DHAVE_BUILD_INFO) includes build.h. build.h is automatically generated
on supporting platforms via contrib/genbuild.sh, using git describe.
The git export-subst attribute is used to put the commit id statically
in version.cpp inside generated archives, and this value is used if no
build.h is present.
The gitian descriptors are modified to use git archive instead of a
copy, to create the src/ directory in the output. This way,
src/src/version.cpp will contain the static commit id. To prevent
gitian builds from getting the "-dirty" marker in their git-describe
generated identifiers, no touching of files or running sed on the
makefile is performed anymore. This does not seem to influence
determinism.
It could just as well be on either part of the gitian build, but to safely put it on the Qt side would require bumping the filename, and every gitian user rebuilding it.
v0.5.3.1 put it on the Bitcoin side, and this is easier to work with and keep safe, so I'm moving it.
Use `qmake MINGW_THREAD_BUGFIX=0` to disable
Design goals:
* Only keep a limited number of addresses around, so that addr.dat does not grow without bound.
* Keep the address tables in-memory, and occasionally write the table to addr.dat.
* Make sure no (localized) attacker can fill the entire table with his nodes/addresses.
See comments in addrman.h for more detailed information.
This introduces CNetAddr and CService, respectively wrapping an
(IPv6) IP address and an IP+port combination. This functionality used
to be part of CAddress, which also contains network flags and
connection attempt information. These extra fields are however not
always necessary.
These classes, along with logic for creating connections and doing
name lookups, are moved to netbase.{h,cpp}, which does not depend on
headers.h.
Furthermore, CNetAddr is mostly IPv6-ready, though IPv6
functionality is not yet enabled for the application itself.