Merge bitcoin/bitcoin#31104: [28.x] Backports & 28.1rc1

8fef83a0a0 doc: update manual pages for 28.1rc1 (fanquake) df7764621e build: bump version to 28.1rc1 (fanquake) 9add853b65 doc: update release notes for 28.1rc1 (fanquake) 1025090fbe build: disable compiling fuzz/utxo_snapshot.cpp with MSVC (fanquake) 446f5d20d6 refactor: Drop deprecated space in operator""_mst (MarcoFalke) 9976162a0e addrman: change nid_type from int to int64_t (Martin Zumsande) 1d0411dc8f addrman, refactor: introduce user-defined type for internal nId (Martin Zumsande) 7fec638222 depends: For mingw cross compile use -gcc-posix to prevent library conflict (laanwj) f998ac6286 key: clear out secret data in `DecodeExtKey` (Sebastian Falbesoner) 0773560abf ci: add LLVM_SYMBOLIZER_PATH to Valgrind fuzz job (fanquake) b917334208 test: add missing sync to feature_fee_estimation.py (Martin Zumsande) f072721181 doc: add testnet4 section header for config file (Marnix) 6643fd2145 doc: Archive 28.0 release notes (Ava Chow) Pull request description: Backports: * #30568 * #31007 * #31013 * #31016 * #31035 * #31166 Contains: * A commit to do the same as #31307. ACKs for top commit: willcl-ark: ACK 8fef83a0a0 Tree-SHA512: 58f0c6cb9e5b7ac17ad20141acdc5423dbe8e79cc3a2cf1c4e503d289b75940632c9838c64e3ac733b1a55e65723fc1071ccdd9a860a710256cc88e29f42ccdb
2025-01-09 11:27:28 -03:00 · 2024-12-04 13:36:28 +00:00 · 2024-12-04 13:36:28 +00:00 · d6b225f165
commit d6b225f165
parent 89522379d1 8fef83a0a0
23 changed files with 495 additions and 380 deletions
--- a/build_msvc/fuzz/fuzz.vcxproj
+++ b/build_msvc/fuzz/fuzz.vcxproj
@ -9,7 +9,7 @@
    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
  </PropertyGroup>
  <ItemGroup>
-    <ClCompile Include="..\..\src\test\fuzz\*.cpp" />
+    <ClCompile Include="..\..\src\test\fuzz\*.cpp" Exclude="..\..\src\test\fuzz\utxo_snapshot.cpp" />
    <ClCompile Include="..\..\src\test\fuzz\util\descriptor.cpp">
      <ObjectFileName>$(IntDir)test_fuzz_util_descriptor.obj</ObjectFileName>
    </ClCompile>
--- a/ci/test/00_setup_env_native_fuzz_with_valgrind.sh
+++ b/ci/test/00_setup_env_native_fuzz_with_valgrind.sh
@ -17,3 +17,4 @@ export FUZZ_TESTS_CONFIG="--valgrind"
 export GOAL="install"
 export BITCOIN_CONFIG="--enable-fuzz --with-sanitizers=fuzzer CC=clang-16 CXX=clang++-16"
 export CCACHE_MAXSIZE=200M
 export LLVM_SYMBOLIZER_PATH="/usr/bin/llvm-symbolizer-16"
--- a/configure.ac
+++ b/configure.ac
@ -1,8 +1,8 @@
 AC_PREREQ([2.69])
 define(_CLIENT_VERSION_MAJOR, 28)
-define(_CLIENT_VERSION_MINOR, 0)
+define(_CLIENT_VERSION_MINOR, 1)
 define(_CLIENT_VERSION_BUILD, 0)
-define(_CLIENT_VERSION_RC, 0)
+define(_CLIENT_VERSION_RC, 1)
 define(_CLIENT_VERSION_IS_RELEASE, true)
 define(_COPYRIGHT_YEAR, 2024)
 define(_COPYRIGHT_HOLDERS,[The %s developers])
--- a/contrib/devtools/gen-bitcoin-conf.sh
+++ b/contrib/devtools/gen-bitcoin-conf.sh
@ -72,9 +72,12 @@ cat >> "${EXAMPLE_CONF_FILE}" << 'EOF'
 # Options for mainnet
 [main]
-# Options for testnet
+# Options for testnet3
 [test]
 # Options for testnet4
 [testnet4]
 # Options for signet
 [signet]
--- a/depends/hosts/mingw32.mk
+++ b/depends/hosts/mingw32.mk
@ -1,3 +1,6 @@
 ifneq ($(shell $(SHELL) $(.SHELLFLAGS) "command -v $(host)-gcc-posix"),)
 mingw32_CC := $(host)-gcc-posix
 endif
 ifneq ($(shell $(SHELL) $(.SHELLFLAGS) "command -v $(host)-g++-posix"),)
 mingw32_CXX := $(host)-g++-posix
 endif
--- a/doc/bitcoin-conf.md
+++ b/doc/bitcoin-conf.md
@ -31,7 +31,7 @@ Comments may appear in two ways:
 ### Network specific options
 Network specific options can be:
- placed into sections with headers `[main]` (not `[mainnet]`), `[test]` (not `[testnet]`), `[signet]` or `[regtest]`;
+- placed into sections with headers `[main]` (not `[mainnet]`), `[test]` (not `[testnet]`, for testnet3), `[testnet4]`, `[signet]` or `[regtest]`;
 - prefixed with a chain name; e.g., `regtest.maxmempool=100`.
 Network specific options take precedence over non-network specific options.
--- a/doc/man/bitcoin-cli.1
+++ b/doc/man/bitcoin-cli.1
@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIN-CLI "1" "September 2024" "bitcoin-cli v28.0.0" "User Commands"
+.TH BITCOIN-CLI "1" "December 2024" "bitcoin-cli v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoin-cli \- manual page for bitcoin-cli v28.0.0
+bitcoin-cli \- manual page for bitcoin-cli v28.1.0rc1
 .SH SYNOPSIS
 .B bitcoin-cli
 [\fI\,options\/\fR] \fI\,<command> \/\fR[\fI\,params\/\fR]  \fI\,Send command to Bitcoin Core\/\fR
@ -15,7 +15,7 @@ bitcoin-cli \- manual page for bitcoin-cli v28.0.0
 .B bitcoin-cli
 [\fI\,options\/\fR] \fI\,help <command>      Get help for a command\/\fR
 .SH DESCRIPTION
-Bitcoin Core RPC client version v28.0.0
+Bitcoin Core RPC client version v28.1.0rc1
 .SH OPTIONS
 .HP
 \-?
--- a/doc/man/bitcoin-qt.1
+++ b/doc/man/bitcoin-qt.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIN-QT "1" "September 2024" "bitcoin-qt v28.0.0" "User Commands"
+.TH BITCOIN-QT "1" "December 2024" "bitcoin-qt v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoin-qt \- manual page for bitcoin-qt v28.0.0
+bitcoin-qt \- manual page for bitcoin-qt v28.1.0rc1
 .SH SYNOPSIS
 .B bitcoin-qt
 [\fI\,command-line options\/\fR] [\fI\,URI\/\fR]
 .SH DESCRIPTION
-Bitcoin Core version v28.0.0
+Bitcoin Core version v28.1.0rc1
 .PP
 Optional URI is a Bitcoin address in BIP21 URI format.
 .SH OPTIONS
--- a/doc/man/bitcoin-tx.1
+++ b/doc/man/bitcoin-tx.1
@ -1,7 +1,7 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIN-TX "1" "September 2024" "bitcoin-tx v28.0.0" "User Commands"
+.TH BITCOIN-TX "1" "December 2024" "bitcoin-tx v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoin-tx \- manual page for bitcoin-tx v28.0.0
+bitcoin-tx \- manual page for bitcoin-tx v28.1.0rc1
 .SH SYNOPSIS
 .B bitcoin-tx
 [\fI\,options\/\fR] \fI\,<hex-tx> \/\fR[\fI\,commands\/\fR]  \fI\,Update hex-encoded bitcoin transaction\/\fR
@ -9,7 +9,7 @@ bitcoin-tx \- manual page for bitcoin-tx v28.0.0
 .B bitcoin-tx
 [\fI\,options\/\fR] \fI\,-create \/\fR[\fI\,commands\/\fR]   \fI\,Create hex-encoded bitcoin transaction\/\fR
 .SH DESCRIPTION
-Bitcoin Core bitcoin\-tx utility version v28.0.0
+Bitcoin Core bitcoin\-tx utility version v28.1.0rc1
 .SH OPTIONS
 .HP
 \-?
--- a/doc/man/bitcoin-util.1
+++ b/doc/man/bitcoin-util.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIN-UTIL "1" "September 2024" "bitcoin-util v28.0.0" "User Commands"
+.TH BITCOIN-UTIL "1" "December 2024" "bitcoin-util v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoin-util \- manual page for bitcoin-util v28.0.0
+bitcoin-util \- manual page for bitcoin-util v28.1.0rc1
 .SH SYNOPSIS
 .B bitcoin-util
 [\fI\,options\/\fR] [\fI\,commands\/\fR]  \fI\,Do stuff\/\fR
 .SH DESCRIPTION
-Bitcoin Core bitcoin\-util utility version v28.0.0
+Bitcoin Core bitcoin\-util utility version v28.1.0rc1
 .SH OPTIONS
 .HP
 \-?
--- a/doc/man/bitcoin-wallet.1
+++ b/doc/man/bitcoin-wallet.1
@ -1,9 +1,9 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIN-WALLET "1" "September 2024" "bitcoin-wallet v28.0.0" "User Commands"
+.TH BITCOIN-WALLET "1" "December 2024" "bitcoin-wallet v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoin-wallet \- manual page for bitcoin-wallet v28.0.0
+bitcoin-wallet \- manual page for bitcoin-wallet v28.1.0rc1
 .SH DESCRIPTION
-Bitcoin Core bitcoin\-wallet version v28.0.0
+Bitcoin Core bitcoin\-wallet version v28.1.0rc1
 .PP
 bitcoin\-wallet is an offline tool for creating and interacting with Bitcoin Core wallet files.
 By default bitcoin\-wallet will act on wallets in the default mainnet wallet directory in the datadir.
--- a/doc/man/bitcoind.1
+++ b/doc/man/bitcoind.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH BITCOIND "1" "September 2024" "bitcoind v28.0.0" "User Commands"
+.TH BITCOIND "1" "December 2024" "bitcoind v28.1.0rc1" "User Commands"
 .SH NAME
-bitcoind \- manual page for bitcoind v28.0.0
+bitcoind \- manual page for bitcoind v28.1.0rc1
 .SH SYNOPSIS
 .B bitcoind
 [\fI\,options\/\fR]                     \fI\,Start Bitcoin Core\/\fR
 .SH DESCRIPTION
-Bitcoin Core version v28.0.0
+Bitcoin Core version v28.1.0rc1
 .SH OPTIONS
 .HP
 \-?
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@ -1,6 +1,6 @@
-Bitcoin Core version 28.0 is now available from:
+Bitcoin Core version 28.1rc1 is now available from:
-  <https://bitcoincore.org/bin/bitcoin-core-28.0/>
+  <https://bitcoincore.org/bin/bitcoin-core-28.1/test.rc1>
 This release includes new features, various bug fixes and performance
 improvements, as well as updated translations.
@ -27,7 +27,7 @@ wallet versions of Bitcoin Core are generally supported.
 Running Bitcoin Core binaries on macOS requires self signing.
 ```
-cd /path/to/bitcoin-28.0/bin
+cd /path/to/bitcoin-28.x/bin
 xattr -d com.apple.quarantine bitcoin-cli bitcoin-qt bitcoin-tx bitcoin-util bitcoin-wallet bitcoind test_bitcoin
 codesign -s - bitcoin-cli bitcoin-qt bitcoin-tx bitcoin-util bitcoin-wallet bitcoind test_bitcoin
 ```
@ -44,328 +44,45 @@ unsupported systems.
 Notable changes
 ===============
-Testnet4/BIP94 support
+### P2P
 -----
-Support for Testnet4 as specified in [BIP94](https://github.com/bitcoin/bips/blob/master/bip-0094.mediawiki)
+- #30568 addrman: change internal id counting to int64_t
 has been added. The network can be selected with the `-testnet4` option and
 the section header is also named `[testnet4]`.
-While the intention is to phase out support for Testnet3 in an upcoming
+### Key
 version, support for it is still available via the known options in this
 release. (#29775)
-Windows Data Directory
+- #31166 key: clear out secret data in DecodeExtKey
 ----------------------
-The default data directory on Windows has been moved from `C:\Users\Username\AppData\Roaming\Bitcoin`
+### Build
 to `C:\Users\Username\AppData\Local\Bitcoin`. Bitcoin Core will check the existence
 of the old directory first and continue to use that directory for backwards
 compatibility if it is present. (#27064)
-JSON-RPC 2.0 Support
+- #31013 depends: For mingw cross compile use `-gcc-posix` to prevent library conflict
 --------------------
-The JSON-RPC server now recognizes JSON-RPC 2.0 requests and responds with
+### Test
 strict adherence to the [specification](https://www.jsonrpc.org/specification).
 See [JSON-RPC-interface.md](https://github.com/bitcoin/bitcoin/blob/master/doc/JSON-RPC-interface.md#json-rpc-11-vs-20) for details. (#27101)
-JSON-RPC clients may need to be updated to be compatible with the JSON-RPC server.
+- #31016 test: add missing sync to feature_fee_estimation.py
 Please open an issue on GitHub if any compatibility issues are found.
-libbitcoinconsensus Removal
+### Doc
 ---------------------------
-The libbitcoin-consensus library was deprecated in 27.0 and is now completely removed. (#29648)
+- #31007 doc: add testnet4 section header for config file
-P2P and Network Changes
+### CI
 -----------------------
- Previously if Bitcoin Core was listening for P2P connections, either using
+- #30961 ci: add LLVM_SYMBOLIZER_PATH to Valgrind fuzz job
  default settings or via `bind=addr:port` it would always also bind to
  `127.0.0.1:8334` to listen for Tor connections. It was not possible to switch
  this off, even if the node didn't use Tor. This has been changed and now
  `bind=addr:port` results in binding on `addr:port` only. The default behavior
  of binding to `0.0.0.0:8333` and `127.0.0.1:8334` has not been changed.
-  If you are using a `bind=...` configuration without `bind=...=onion` and rely
+### Misc
  on the previous implied behavior to accept incoming Tor connections at
  `127.0.0.1:8334`, you need to now make this explicit by using
  `bind=... bind=127.0.0.1:8334=onion`. (#22729)
- Bitcoin Core will now fail to start up if any of its P2P binds fail, rather
+- #31267 refactor: Drop deprecated space in `operator""_mst`
  than the previous behaviour where it would only abort startup if all P2P
  binds had failed. (#22729)
 - UNIX domain sockets can now be used for proxy connections. Set `-onion` or `-proxy`
  to the local socket path with the prefix `unix:` (e.g. `-onion=unix:/home/me/torsocket`).
  (#27375)
 - UNIX socket paths are now accepted for `-zmqpubrawblock` and `-zmqpubrawtx` with
  the format `-zmqpubrawtx=unix:/path/to/file` (#27679)
 - Additional "in" and "out" flags have been added to `-whitelist` to control whether
  permissions apply to inbound connections and/or manual ones (default: inbound only). (#27114)
 - Transactions having a feerate that is too low will be opportunistically paired with
  their child transactions and submitted as a package, thus enabling the node to download
  1-parent-1-child packages using the existing transaction relay protocol. Combined with
  other mempool policies, this change allows limited "package relay" when a parent transaction
  is below the mempool minimum feerate. Topologically Restricted Until Confirmation (TRUC)
  parents are additionally allowed to be below the minimum relay feerate (i.e., pay 0 fees).
  Use the `submitpackage` RPC to submit packages directly to the node. Warning: this P2P
  feature is limited (unlike the `submitpackage` interface, a child with multiple unconfirmed
  parents is not supported) and not yet reliable under adversarial conditions. (#28970)
 Mempool Policy Changes
 ----------------------
 - Transactions with version number set to 3 are now treated as standard on all networks (#29496),
  subject to opt-in Topologically Restricted Until Confirmation (TRUC) transaction policy as
  described in [BIP 431](https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki).  The
  policy includes limits on spending unconfirmed outputs (#28948), eviction of a previous descendant
  if a more incentive-compatible one is submitted (#29306), and a maximum transaction size of 10,000vB
  (#29873). These restrictions simplify the assessment of incentive compatibility of accepting or
  replacing TRUC transactions, thus ensuring any replacements are more profitable for the node and
  making fee-bumping more reliable.
 - Pay To Anchor (P2A) is a new standard witness output type for spending,
  a newly recognised output template. This allows for key-less anchor
  outputs, with compact spending conditions for additional efficiencies on
  top of an equivalent `sh(OP_TRUE)` output, in addition to the txid stability
  of the spending transaction.
  N.B. propagation of this output spending on the network will be limited
  until a sufficient number of nodes on the network adopt this upgrade. (#30352)
 - Limited package RBF is now enabled, where the proposed conflicting package would result in
  a connected component, aka cluster, of size 2 in the mempool. All clusters being conflicted
  against must be of size 2 or lower. (#28984)
 - The default value of the `-mempoolfullrbf` configuration option has been changed from 0 to 1,
  i.e. `mempoolfullrbf=1`. (#30493)
 Updated RPCs
 ------------
 - The `dumptxoutset` RPC now returns the UTXO set dump in a new and
  improved format. Correspondingly, the `loadtxoutset` RPC now expects
  this new format in the dumps it tries to load. Dumps with the old
  format are no longer supported and need to be recreated using the
  new format to be usable. (#29612)
 - AssumeUTXO mainnet parameters have been added for height 840,000.
  This means the `loadtxoutset` RPC can now be used on mainnet with
  the matching UTXO set from that height. (#28553)
 - The `warnings` field in `getblockchaininfo`, `getmininginfo` and
  `getnetworkinfo` now returns all the active node warnings as an array
  of strings, instead of a single warning. The current behaviour
  can be temporarily restored by running Bitcoin Core with the configuration
  option `-deprecatedrpc=warnings`. (#29845)
 - Previously when using the `sendrawtransaction` RPC and specifying outputs
  that are already in the UTXO set, an RPC error code of `-27` with the
  message "Transaction already in block chain" was returned in response.
  The error message has been changed to "Transaction outputs already in utxo set"
  to more accurately describe the source of the issue. (#30212)
 - The default mode for the `estimatesmartfee` RPC has been updated from `conservative` to `economical`,
  which is expected to reduce over-estimation for many users, particularly if Replace-by-Fee is an option.
  For users that require high confidence in their fee estimates at the cost of potentially over-estimating,
  the `conservative` mode remains available. (#30275)
 - RPC `scantxoutset` now returns 2 new fields in the "unspents" JSON array: `blockhash` and `confirmations`.
  See the scantxoutset help for details. (#30515)
 - RPC `submitpackage` now allows 2 new arguments to be passed: `maxfeerate` and `maxburnamount`. See the
  subtmitpackage help for details. (#28950)
 Changes to wallet-related RPCs can be found in the Wallet section below.
 Updated REST APIs
 -----------------
 - Parameter validation for `/rest/getutxos` has been improved by rejecting
  truncated or overly large txids and malformed outpoint indices via raising
  an HTTP_BAD_REQUEST "Parse error". These requests were previously handled
  silently. (#30482, #30444)
 Build System
 ------------
 - GCC 11.1 or later, or Clang 16.0 or later,
 are now required to compile Bitcoin Core. (#29091, #30263)
 - The minimum required glibc to run Bitcoin Core is now
 2.31. This means that RHEL 8 and Ubuntu 18.04 (Bionic)
 are no-longer supported. (#29987)
 - `--enable-lcov-branch-coverage` has been removed, given
 incompatibilities between lcov version 1 & 2. `LCOV_OPTS`
 should be used to set any options instead. (#30192)
 Updated Settings
 ----------------
 - When running with `-alertnotify`, an alert can now be raised multiple
 times instead of just once. Previously, it was only raised when unknown
 new consensus rules were activated. Its scope has now been increased to
 include all kernel warnings. Specifically, alerts will now also be raised
 when an invalid chain with a large amount of work has been detected.
 Additional warnings may be added in the future. (#30058)
 Changes to GUI or wallet related settings can be found in the GUI or Wallet section below.
 Wallet
 ------
 - The wallet now detects when wallet transactions conflict with the mempool. Mempool-conflicting
  transactions can be seen in the `"mempoolconflicts"` field of `gettransaction`. The inputs
  of mempool-conflicted transactions can now be respent without manually abandoning the
  transactions when the parent transaction is dropped from the mempool, which can cause wallet
  balances to appear higher. (#27307)
 - A new `max_tx_weight` option has been added to the RPCs `fundrawtransaction`, `walletcreatefundedpsbt`, and `send`.
 It specifies the maximum transaction weight. If the limit is exceeded during funding, the transaction will not be built.
 The default value is 4,000,000 WU. (#29523)
 - A new `createwalletdescriptor` RPC allows users to add new automatically generated
  descriptors to their wallet. This can be used to upgrade wallets created prior to the
  introduction of a new standard descriptor, such as taproot. (#29130)
 - A new RPC `gethdkeys` lists all of the BIP32 HD keys in use by all of the descriptors in the wallet.
  These keys can be used in conjunction with `createwalletdescriptor` to create and add single key
  descriptors to the wallet for a particular key that the wallet already knows. (#29130)
 - The `sendall` RPC can now spend unconfirmed change and will include additional fees as necessary
  for the resulting transaction to bump the unconfirmed transactions' feerates to the specified feerate. (#28979)
 - In RPC `bumpfee`, if a `fee_rate` is specified, the feerate is no longer restricted
  to following the wallet's incremental feerate of 5 sat/vb. The feerate must still be
  at least the sum of the original fee and the mempool's incremental feerate. (#27969)
 GUI Changes
 -----------
 - The "Migrate Wallet" menu allows users to migrate any legacy wallet in their wallet
 directory, regardless of the wallets loaded. (gui#824)
 - The "Information" window now displays the maximum mempool size along with the
 mempool usage. (gui#825)
 Low-level Changes
 =================
 Tests
 -----
 - The BIP94 timewarp attack mitigation is now active on the `regtest` network. (#30681)
 - A new `-testdatadir` option has been added to `test_bitcoin` to allow specifying the
  location of unit test data directories. (#26564)
 Blockstorage
 ------------
 - Block files are now XOR'd by default with a key stored in the blocksdir.
 Previous releases of Bitcoin Core or previous external software will not be able to read the blocksdir with a non-zero XOR-key.
 Refer to the `-blocksxor` help for more details. (#28052)
 Chainstate
 ----------
 - The chainstate database flushes that occur when blocks are pruned will no longer
 empty the database cache. The cache will remain populated longer, which significantly
 reduces the time for initial block download to complete. (#28280)
 Dependencies
 ------------
 - The dependency on Boost.Process has been replaced with cpp-subprocess, which is contained in source.
 Builders will no longer need Boost.Process to build with external signer support. (#28981)
 Credits
 =======
 Thanks to everyone who directly contributed to this release:
 - 0xb10c
 - Alfonso Roman Zubeldia
 - Andrew Toth
 - AngusP
 - Anthony Towns
 - Antoine Poinsot
 - Anton A
 - Ava Chow
 - Ayush Singh
 - Ben Westgate
 - Brandon Odiwuor
 - brunoerg
 - bstin
 - Charlie
 - Christopher Bergqvist
 - Cory Fields
 - crazeteam
 - Daniela Brozzoni
 - David Gumberg
 - dergoegge
 - Edil Medeiros
 - Epic Curious
 - Fabian Jahr
 - fanquake
 - furszy
 - glozow
 - Greg Sanders
 - hanmz
 - Hennadii Stepanov
 - Hernan Marino
 - Hodlinator
 - ishaanam
 - ismaelsadeeq
 - Jadi
 - Jon Atack
 - josibake
 - jrakibi
 - kevkevin
 - kevkevinpal
 - Konstantin Akimov
 - laanwj
 - Larry Ruane
 - Lőrinc
 - Luis Schwab
 - Luke Dashjr
 - MarcoFalke
 - marcofleon
 - Marnix
 - Martin Saposnic
 - Martin Zumsande
- Matt Corallo
+- Marnix
 - Matthew Zipkin
 - Matt Whitlock
 - Max Edwards
 - Michael Dietz
 - Murch
 - nanlour
 - pablomartin4btc
 - Peter Todd
 - Pieter Wuille
 - @RandyMcMillan
 - RoboSchmied
 - Roman Zeyde
 - Ryan Ofsky
 - Sebastian Falbesoner
- Sergi Delgado Segura
+
- Sjors Provoost
+Thanks to everyone who directly contributed to this release:
 - spicyzboss
 - StevenMia
 - stickies-v
 - stratospher
 - Suhas Daftuar
 - sunerok
 - tdb3
 - TheCharlatan
 - umiumi
 - Vasil Dimov
 - virtu
 - willcl-ark
 As well as to everyone that helped with translations on
 [Transifex](https://www.transifex.com/bitcoin/bitcoin/).
--- a/doc/release-notes/release-notes-28.0.md
+++ b/doc/release-notes/release-notes-28.0.md
@ -0,0 +1,371 @@
 Bitcoin Core version 28.0 is now available from:
  <https://bitcoincore.org/bin/bitcoin-core-28.0/>
 This release includes new features, various bug fixes and performance
 improvements, as well as updated translations.
 Please report bugs using the issue tracker at GitHub:
  <https://github.com/bitcoin/bitcoin/issues>
 To receive security and update notifications, please subscribe to:
  <https://bitcoincore.org/en/list/announcements/join/>
 How to Upgrade
 ==============
 If you are running an older version, shut it down. Wait until it has completely
 shut down (which might take a few minutes in some cases), then run the
 installer (on Windows) or just copy over `/Applications/Bitcoin-Qt` (on macOS)
 or `bitcoind`/`bitcoin-qt` (on Linux).
 Upgrading directly from a version of Bitcoin Core that has reached its EOL is
 possible, but it might take some time if the data directory needs to be migrated. Old
 wallet versions of Bitcoin Core are generally supported.
 Running Bitcoin Core binaries on macOS requires self signing.
 ```
 cd /path/to/bitcoin-28.0/bin
 xattr -d com.apple.quarantine bitcoin-cli bitcoin-qt bitcoin-tx bitcoin-util bitcoin-wallet bitcoind test_bitcoin
 codesign -s - bitcoin-cli bitcoin-qt bitcoin-tx bitcoin-util bitcoin-wallet bitcoind test_bitcoin
 ```
 Compatibility
 ==============
 Bitcoin Core is supported and extensively tested on operating systems
 using the Linux Kernel 3.17+, macOS 11.0+, and Windows 7 and newer. Bitcoin
 Core should also work on most other UNIX-like systems but is not as
 frequently tested on them. It is not recommended to use Bitcoin Core on
 unsupported systems.
 Notable changes
 ===============
 Testnet4/BIP94 support
 -----
 Support for Testnet4 as specified in [BIP94](https://github.com/bitcoin/bips/blob/master/bip-0094.mediawiki)
 has been added. The network can be selected with the `-testnet4` option and
 the section header is also named `[testnet4]`.
 While the intention is to phase out support for Testnet3 in an upcoming
 version, support for it is still available via the known options in this
 release. (#29775)
 Windows Data Directory
 ----------------------
 The default data directory on Windows has been moved from `C:\Users\Username\AppData\Roaming\Bitcoin`
 to `C:\Users\Username\AppData\Local\Bitcoin`. Bitcoin Core will check the existence
 of the old directory first and continue to use that directory for backwards
 compatibility if it is present. (#27064)
 JSON-RPC 2.0 Support
 --------------------
 The JSON-RPC server now recognizes JSON-RPC 2.0 requests and responds with
 strict adherence to the [specification](https://www.jsonrpc.org/specification).
 See [JSON-RPC-interface.md](https://github.com/bitcoin/bitcoin/blob/master/doc/JSON-RPC-interface.md#json-rpc-11-vs-20) for details. (#27101)
 JSON-RPC clients may need to be updated to be compatible with the JSON-RPC server.
 Please open an issue on GitHub if any compatibility issues are found.
 libbitcoinconsensus Removal
 ---------------------------
 The libbitcoin-consensus library was deprecated in 27.0 and is now completely removed. (#29648)
 P2P and Network Changes
 -----------------------
 - Previously if Bitcoin Core was listening for P2P connections, either using
  default settings or via `bind=addr:port` it would always also bind to
  `127.0.0.1:8334` to listen for Tor connections. It was not possible to switch
  this off, even if the node didn't use Tor. This has been changed and now
  `bind=addr:port` results in binding on `addr:port` only. The default behavior
  of binding to `0.0.0.0:8333` and `127.0.0.1:8334` has not been changed.
  If you are using a `bind=...` configuration without `bind=...=onion` and rely
  on the previous implied behavior to accept incoming Tor connections at
  `127.0.0.1:8334`, you need to now make this explicit by using
  `bind=... bind=127.0.0.1:8334=onion`. (#22729)
 - Bitcoin Core will now fail to start up if any of its P2P binds fail, rather
  than the previous behaviour where it would only abort startup if all P2P
  binds had failed. (#22729)
 - UNIX domain sockets can now be used for proxy connections. Set `-onion` or `-proxy`
  to the local socket path with the prefix `unix:` (e.g. `-onion=unix:/home/me/torsocket`).
  (#27375)
 - UNIX socket paths are now accepted for `-zmqpubrawblock` and `-zmqpubrawtx` with
  the format `-zmqpubrawtx=unix:/path/to/file` (#27679)
 - Additional "in" and "out" flags have been added to `-whitelist` to control whether
  permissions apply to inbound connections and/or manual ones (default: inbound only). (#27114)
 - Transactions having a feerate that is too low will be opportunistically paired with
  their child transactions and submitted as a package, thus enabling the node to download
  1-parent-1-child packages using the existing transaction relay protocol. Combined with
  other mempool policies, this change allows limited "package relay" when a parent transaction
  is below the mempool minimum feerate. Topologically Restricted Until Confirmation (TRUC)
  parents are additionally allowed to be below the minimum relay feerate (i.e., pay 0 fees).
  Use the `submitpackage` RPC to submit packages directly to the node. Warning: this P2P
  feature is limited (unlike the `submitpackage` interface, a child with multiple unconfirmed
  parents is not supported) and not yet reliable under adversarial conditions. (#28970)
 Mempool Policy Changes
 ----------------------
 - Transactions with version number set to 3 are now treated as standard on all networks (#29496),
  subject to opt-in Topologically Restricted Until Confirmation (TRUC) transaction policy as
  described in [BIP 431](https://github.com/bitcoin/bips/blob/master/bip-0431.mediawiki).  The
  policy includes limits on spending unconfirmed outputs (#28948), eviction of a previous descendant
  if a more incentive-compatible one is submitted (#29306), and a maximum transaction size of 10,000vB
  (#29873). These restrictions simplify the assessment of incentive compatibility of accepting or
  replacing TRUC transactions, thus ensuring any replacements are more profitable for the node and
  making fee-bumping more reliable.
 - Pay To Anchor (P2A) is a new standard witness output type for spending,
  a newly recognised output template. This allows for key-less anchor
  outputs, with compact spending conditions for additional efficiencies on
  top of an equivalent `sh(OP_TRUE)` output, in addition to the txid stability
  of the spending transaction.
  N.B. propagation of this output spending on the network will be limited
  until a sufficient number of nodes on the network adopt this upgrade. (#30352)
 - Limited package RBF is now enabled, where the proposed conflicting package would result in
  a connected component, aka cluster, of size 2 in the mempool. All clusters being conflicted
  against must be of size 2 or lower. (#28984)
 - The default value of the `-mempoolfullrbf` configuration option has been changed from 0 to 1,
  i.e. `mempoolfullrbf=1`. (#30493)
 Updated RPCs
 ------------
 - The `dumptxoutset` RPC now returns the UTXO set dump in a new and
  improved format. Correspondingly, the `loadtxoutset` RPC now expects
  this new format in the dumps it tries to load. Dumps with the old
  format are no longer supported and need to be recreated using the
  new format to be usable. (#29612)
 - AssumeUTXO mainnet parameters have been added for height 840,000.
  This means the `loadtxoutset` RPC can now be used on mainnet with
  the matching UTXO set from that height. (#28553)
 - The `warnings` field in `getblockchaininfo`, `getmininginfo` and
  `getnetworkinfo` now returns all the active node warnings as an array
  of strings, instead of a single warning. The current behaviour
  can be temporarily restored by running Bitcoin Core with the configuration
  option `-deprecatedrpc=warnings`. (#29845)
 - Previously when using the `sendrawtransaction` RPC and specifying outputs
  that are already in the UTXO set, an RPC error code of `-27` with the
  message "Transaction already in block chain" was returned in response.
  The error message has been changed to "Transaction outputs already in utxo set"
  to more accurately describe the source of the issue. (#30212)
 - The default mode for the `estimatesmartfee` RPC has been updated from `conservative` to `economical`,
  which is expected to reduce over-estimation for many users, particularly if Replace-by-Fee is an option.
  For users that require high confidence in their fee estimates at the cost of potentially over-estimating,
  the `conservative` mode remains available. (#30275)
 - RPC `scantxoutset` now returns 2 new fields in the "unspents" JSON array: `blockhash` and `confirmations`.
  See the scantxoutset help for details. (#30515)
 - RPC `submitpackage` now allows 2 new arguments to be passed: `maxfeerate` and `maxburnamount`. See the
  subtmitpackage help for details. (#28950)
 Changes to wallet-related RPCs can be found in the Wallet section below.
 Updated REST APIs
 -----------------
 - Parameter validation for `/rest/getutxos` has been improved by rejecting
  truncated or overly large txids and malformed outpoint indices via raising
  an HTTP_BAD_REQUEST "Parse error". These requests were previously handled
  silently. (#30482, #30444)
 Build System
 ------------
 - GCC 11.1 or later, or Clang 16.0 or later,
 are now required to compile Bitcoin Core. (#29091, #30263)
 - The minimum required glibc to run Bitcoin Core is now
 2.31. This means that RHEL 8 and Ubuntu 18.04 (Bionic)
 are no-longer supported. (#29987)
 - `--enable-lcov-branch-coverage` has been removed, given
 incompatibilities between lcov version 1 & 2. `LCOV_OPTS`
 should be used to set any options instead. (#30192)
 Updated Settings
 ----------------
 - When running with `-alertnotify`, an alert can now be raised multiple
 times instead of just once. Previously, it was only raised when unknown
 new consensus rules were activated. Its scope has now been increased to
 include all kernel warnings. Specifically, alerts will now also be raised
 when an invalid chain with a large amount of work has been detected.
 Additional warnings may be added in the future. (#30058)
 Changes to GUI or wallet related settings can be found in the GUI or Wallet section below.
 Wallet
 ------
 - The wallet now detects when wallet transactions conflict with the mempool. Mempool-conflicting
  transactions can be seen in the `"mempoolconflicts"` field of `gettransaction`. The inputs
  of mempool-conflicted transactions can now be respent without manually abandoning the
  transactions when the parent transaction is dropped from the mempool, which can cause wallet
  balances to appear higher. (#27307)
 - A new `max_tx_weight` option has been added to the RPCs `fundrawtransaction`, `walletcreatefundedpsbt`, and `send`.
 It specifies the maximum transaction weight. If the limit is exceeded during funding, the transaction will not be built.
 The default value is 4,000,000 WU. (#29523)
 - A new `createwalletdescriptor` RPC allows users to add new automatically generated
  descriptors to their wallet. This can be used to upgrade wallets created prior to the
  introduction of a new standard descriptor, such as taproot. (#29130)
 - A new RPC `gethdkeys` lists all of the BIP32 HD keys in use by all of the descriptors in the wallet.
  These keys can be used in conjunction with `createwalletdescriptor` to create and add single key
  descriptors to the wallet for a particular key that the wallet already knows. (#29130)
 - The `sendall` RPC can now spend unconfirmed change and will include additional fees as necessary
  for the resulting transaction to bump the unconfirmed transactions' feerates to the specified feerate. (#28979)
 - In RPC `bumpfee`, if a `fee_rate` is specified, the feerate is no longer restricted
  to following the wallet's incremental feerate of 5 sat/vb. The feerate must still be
  at least the sum of the original fee and the mempool's incremental feerate. (#27969)
 GUI Changes
 -----------
 - The "Migrate Wallet" menu allows users to migrate any legacy wallet in their wallet
 directory, regardless of the wallets loaded. (gui#824)
 - The "Information" window now displays the maximum mempool size along with the
 mempool usage. (gui#825)
 Low-level Changes
 =================
 Tests
 -----
 - The BIP94 timewarp attack mitigation is now active on the `regtest` network. (#30681)
 - A new `-testdatadir` option has been added to `test_bitcoin` to allow specifying the
  location of unit test data directories. (#26564)
 Blockstorage
 ------------
 - Block files are now XOR'd by default with a key stored in the blocksdir.
 Previous releases of Bitcoin Core or previous external software will not be able to read the blocksdir with a non-zero XOR-key.
 Refer to the `-blocksxor` help for more details. (#28052)
 Chainstate
 ----------
 - The chainstate database flushes that occur when blocks are pruned will no longer
 empty the database cache. The cache will remain populated longer, which significantly
 reduces the time for initial block download to complete. (#28280)
 Dependencies
 ------------
 - The dependency on Boost.Process has been replaced with cpp-subprocess, which is contained in source.
 Builders will no longer need Boost.Process to build with external signer support. (#28981)
 Credits
 =======
 Thanks to everyone who directly contributed to this release:
 - 0xb10c
 - Alfonso Roman Zubeldia
 - Andrew Toth
 - AngusP
 - Anthony Towns
 - Antoine Poinsot
 - Anton A
 - Ava Chow
 - Ayush Singh
 - Ben Westgate
 - Brandon Odiwuor
 - brunoerg
 - bstin
 - Charlie
 - Christopher Bergqvist
 - Cory Fields
 - crazeteam
 - Daniela Brozzoni
 - David Gumberg
 - dergoegge
 - Edil Medeiros
 - Epic Curious
 - Fabian Jahr
 - fanquake
 - furszy
 - glozow
 - Greg Sanders
 - hanmz
 - Hennadii Stepanov
 - Hernan Marino
 - Hodlinator
 - ishaanam
 - ismaelsadeeq
 - Jadi
 - Jon Atack
 - josibake
 - jrakibi
 - kevkevin
 - kevkevinpal
 - Konstantin Akimov
 - laanwj
 - Larry Ruane
 - Lőrinc
 - Luis Schwab
 - Luke Dashjr
 - MarcoFalke
 - marcofleon
 - Marnix
 - Martin Saposnic
 - Martin Zumsande
 - Matt Corallo
 - Matthew Zipkin
 - Matt Whitlock
 - Max Edwards
 - Michael Dietz
 - Murch
 - nanlour
 - pablomartin4btc
 - Peter Todd
 - Pieter Wuille
 - @RandyMcMillan
 - RoboSchmied
 - Roman Zeyde
 - Ryan Ofsky
 - Sebastian Falbesoner
 - Sergi Delgado Segura
 - Sjors Provoost
 - spicyzboss
 - StevenMia
 - stickies-v
 - stratospher
 - Suhas Daftuar
 - sunerok
 - tdb3
 - TheCharlatan
 - umiumi
 - Vasil Dimov
 - virtu
 - willcl-ark
 As well as to everyone that helped with translations on
 [Transifex](https://www.transifex.com/bitcoin/bitcoin/).
--- a/src/addrman.cpp
+++ b/src/addrman.cpp
@ -188,7 +188,7 @@ void AddrManImpl::Serialize(Stream& s_) const
    int nUBuckets = ADDRMAN_NEW_BUCKET_COUNT ^ (1 << 30);
    s << nUBuckets;
-    std::unordered_map<int, int> mapUnkIds;
+    std::unordered_map<nid_type, int> mapUnkIds;
    int nIds = 0;
    for (const auto& entry : mapInfo) {
        mapUnkIds[entry.first] = nIds;
@ -398,7 +398,7 @@ void AddrManImpl::Unserialize(Stream& s_)
    }
 }
-AddrInfo* AddrManImpl::Find(const CService& addr, int* pnId)
+AddrInfo* AddrManImpl::Find(const CService& addr, nid_type* pnId)
 {
    AssertLockHeld(cs);
@ -413,11 +413,11 @@ AddrInfo* AddrManImpl::Find(const CService& addr, int* pnId)
    return nullptr;
 }
-AddrInfo* AddrManImpl::Create(const CAddress& addr, const CNetAddr& addrSource, int* pnId)
+AddrInfo* AddrManImpl::Create(const CAddress& addr, const CNetAddr& addrSource, nid_type* pnId)
 {
    AssertLockHeld(cs);
-    int nId = nIdCount++;
+    nid_type nId = nIdCount++;
    mapInfo[nId] = AddrInfo(addr, addrSource);
    mapAddr[addr] = nId;
    mapInfo[nId].nRandomPos = vRandom.size();
@ -438,8 +438,8 @@ void AddrManImpl::SwapRandom(unsigned int nRndPos1, unsigned int nRndPos2) const
    assert(nRndPos1 < vRandom.size() && nRndPos2 < vRandom.size());
-    int nId1 = vRandom[nRndPos1];
+    nid_type nId1 = vRandom[nRndPos1];
-    int nId2 = vRandom[nRndPos2];
+    nid_type nId2 = vRandom[nRndPos2];
    const auto it_1{mapInfo.find(nId1)};
    const auto it_2{mapInfo.find(nId2)};
@ -453,7 +453,7 @@ void AddrManImpl::SwapRandom(unsigned int nRndPos1, unsigned int nRndPos2) const
    vRandom[nRndPos2] = nId1;
 }
-void AddrManImpl::Delete(int nId)
+void AddrManImpl::Delete(nid_type nId)
 {
    AssertLockHeld(cs);
@ -476,7 +476,7 @@ void AddrManImpl::ClearNew(int nUBucket, int nUBucketPos)
    // if there is an entry in the specified bucket, delete it.
    if (vvNew[nUBucket][nUBucketPos] != -1) {
-        int nIdDelete = vvNew[nUBucket][nUBucketPos];
+        nid_type nIdDelete = vvNew[nUBucket][nUBucketPos];
        AddrInfo& infoDelete = mapInfo[nIdDelete];
        assert(infoDelete.nRefCount > 0);
        infoDelete.nRefCount--;
@ -488,7 +488,7 @@ void AddrManImpl::ClearNew(int nUBucket, int nUBucketPos)
    }
 }
-void AddrManImpl::MakeTried(AddrInfo& info, int nId)
+void AddrManImpl::MakeTried(AddrInfo& info, nid_type nId)
 {
    AssertLockHeld(cs);
@ -515,7 +515,7 @@ void AddrManImpl::MakeTried(AddrInfo& info, int nId)
    // first make space to add it (the existing tried entry there is moved to new, deleting whatever is there).
    if (vvTried[nKBucket][nKBucketPos] != -1) {
        // find an item to evict
-        int nIdEvict = vvTried[nKBucket][nKBucketPos];
+        nid_type nIdEvict = vvTried[nKBucket][nKBucketPos];
        assert(mapInfo.count(nIdEvict) == 1);
        AddrInfo& infoOld = mapInfo[nIdEvict];
@ -554,7 +554,7 @@ bool AddrManImpl::AddSingle(const CAddress& addr, const CNetAddr& source, std::c
    if (!addr.IsRoutable())
        return false;
-    int nId;
+    nid_type nId;
    AddrInfo* pinfo = Find(addr, &nId);
    // Do not set a penalty for a source's self-announcement
@ -627,7 +627,7 @@ bool AddrManImpl::Good_(const CService& addr, bool test_before_evict, NodeSecond
 {
    AssertLockHeld(cs);
-    int nId;
+    nid_type nId;
    m_last_good = time;
@ -753,7 +753,8 @@ std::pair<CAddress, NodeSeconds> AddrManImpl::Select_(bool new_only, std::option
        // Iterate over the positions of that bucket, starting at the initial one,
        // and looping around.
-        int i, position, node_id;
+        int i, position;
        nid_type node_id;
        for (i = 0; i < ADDRMAN_BUCKET_SIZE; ++i) {
            position = (initial_position + i) % ADDRMAN_BUCKET_SIZE;
            node_id = GetEntry(search_tried, bucket, position);
@ -786,7 +787,7 @@ std::pair<CAddress, NodeSeconds> AddrManImpl::Select_(bool new_only, std::option
    }
 }
-int AddrManImpl::GetEntry(bool use_tried, size_t bucket, size_t position) const
+nid_type AddrManImpl::GetEntry(bool use_tried, size_t bucket, size_t position) const
 {
    AssertLockHeld(cs);
@ -849,7 +850,7 @@ std::vector<std::pair<AddrInfo, AddressPosition>> AddrManImpl::GetEntries_(bool
    std::vector<std::pair<AddrInfo, AddressPosition>> infos;
    for (int bucket = 0; bucket < bucket_count; ++bucket) {
        for (int position = 0; position < ADDRMAN_BUCKET_SIZE; ++position) {
-            int id = GetEntry(from_tried, bucket, position);
+            nid_type id = GetEntry(from_tried, bucket, position);
            if (id >= 0) {
                AddrInfo info = mapInfo.at(id);
                AddressPosition location = AddressPosition(
@ -904,8 +905,8 @@ void AddrManImpl::ResolveCollisions_()
 {
    AssertLockHeld(cs);
-    for (std::set<int>::iterator it = m_tried_collisions.begin(); it != m_tried_collisions.end();) {
+    for (std::set<nid_type>::iterator it = m_tried_collisions.begin(); it != m_tried_collisions.end();) {
-        int id_new = *it;
+        nid_type id_new = *it;
        bool erase_collision = false;
@ -923,7 +924,7 @@ void AddrManImpl::ResolveCollisions_()
            } else if (vvTried[tried_bucket][tried_bucket_pos] != -1) { // The position in the tried bucket is not empty
                // Get the to-be-evicted address that is being tested
-                int id_old = vvTried[tried_bucket][tried_bucket_pos];
+                nid_type id_old = vvTried[tried_bucket][tried_bucket_pos];
                AddrInfo& info_old = mapInfo[id_old];
                const auto current_time{Now<NodeSeconds>()};
@ -969,11 +970,11 @@ std::pair<CAddress, NodeSeconds> AddrManImpl::SelectTriedCollision_()
    if (m_tried_collisions.size() == 0) return {};
-    std::set<int>::iterator it = m_tried_collisions.begin();
+    std::set<nid_type>::iterator it = m_tried_collisions.begin();
    // Selects a random element from m_tried_collisions
    std::advance(it, insecure_rand.randrange(m_tried_collisions.size()));
-    int id_new = *it;
+    nid_type id_new = *it;
    // If id_new not found in mapInfo remove it from m_tried_collisions
    if (mapInfo.count(id_new) != 1) {
@ -1058,15 +1059,15 @@ int AddrManImpl::CheckAddrman() const
    LOG_TIME_MILLIS_WITH_CATEGORY_MSG_ONCE(
        strprintf("new %i, tried %i, total %u", nNew, nTried, vRandom.size()), BCLog::ADDRMAN);
-    std::unordered_set<int> setTried;
+    std::unordered_set<nid_type> setTried;
-    std::unordered_map<int, int> mapNew;
+    std::unordered_map<nid_type, int> mapNew;
    std::unordered_map<Network, NewTriedCount> local_counts;
    if (vRandom.size() != (size_t)(nTried + nNew))
        return -7;
    for (const auto& entry : mapInfo) {
-        int n = entry.first;
+        nid_type n = entry.first;
        const AddrInfo& info = entry.second;
        if (info.fInTried) {
            if (!TicksSinceEpoch<std::chrono::seconds>(info.m_last_success)) {
--- a/src/addrman_impl.h
+++ b/src/addrman_impl.h
@ -32,6 +32,13 @@ static constexpr int ADDRMAN_NEW_BUCKET_COUNT{1 << ADDRMAN_NEW_BUCKET_COUNT_LOG2
 static constexpr int32_t ADDRMAN_BUCKET_SIZE_LOG2{6};
 static constexpr int ADDRMAN_BUCKET_SIZE{1 << ADDRMAN_BUCKET_SIZE_LOG2};
 /**
 * User-defined type for the internally used nIds
 * This used to be int, making it feasible for attackers to cause an overflow,
 * see https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/
 */
 using nid_type = int64_t;
 /**
 * Extended statistics about a CAddress
 */
@ -179,36 +186,36 @@ private:
    static constexpr uint8_t INCOMPATIBILITY_BASE = 32;
    //! last used nId
-    int nIdCount GUARDED_BY(cs){0};
+    nid_type nIdCount GUARDED_BY(cs){0};
    //! table with information about all nIds
-    std::unordered_map<int, AddrInfo> mapInfo GUARDED_BY(cs);
+    std::unordered_map<nid_type, AddrInfo> mapInfo GUARDED_BY(cs);
    //! find an nId based on its network address and port.
-    std::unordered_map<CService, int, CServiceHash> mapAddr GUARDED_BY(cs);
+    std::unordered_map<CService, nid_type, CServiceHash> mapAddr GUARDED_BY(cs);
    //! randomly-ordered vector of all nIds
    //! This is mutable because it is unobservable outside the class, so any
    //! changes to it (even in const methods) are also unobservable.
-    mutable std::vector<int> vRandom GUARDED_BY(cs);
+    mutable std::vector<nid_type> vRandom GUARDED_BY(cs);
    // number of "tried" entries
    int nTried GUARDED_BY(cs){0};
    //! list of "tried" buckets
-    int vvTried[ADDRMAN_TRIED_BUCKET_COUNT][ADDRMAN_BUCKET_SIZE] GUARDED_BY(cs);
+    nid_type vvTried[ADDRMAN_TRIED_BUCKET_COUNT][ADDRMAN_BUCKET_SIZE] GUARDED_BY(cs);
    //! number of (unique) "new" entries
    int nNew GUARDED_BY(cs){0};
    //! list of "new" buckets
-    int vvNew[ADDRMAN_NEW_BUCKET_COUNT][ADDRMAN_BUCKET_SIZE] GUARDED_BY(cs);
+    nid_type vvNew[ADDRMAN_NEW_BUCKET_COUNT][ADDRMAN_BUCKET_SIZE] GUARDED_BY(cs);
    //! last time Good was called (memory only). Initially set to 1 so that "never" is strictly worse.
    NodeSeconds m_last_good GUARDED_BY(cs){1s};
    //! Holds addrs inserted into tried table that collide with existing entries. Test-before-evict discipline used to resolve these collisions.
-    std::set<int> m_tried_collisions;
+    std::set<nid_type> m_tried_collisions;
    /** Perform consistency checks every m_consistency_check_ratio operations (if non-zero). */
    const int32_t m_consistency_check_ratio;
@ -225,22 +232,22 @@ private:
    std::unordered_map<Network, NewTriedCount> m_network_counts GUARDED_BY(cs);
    //! Find an entry.
-    AddrInfo* Find(const CService& addr, int* pnId = nullptr) EXCLUSIVE_LOCKS_REQUIRED(cs);
+    AddrInfo* Find(const CService& addr, nid_type* pnId = nullptr) EXCLUSIVE_LOCKS_REQUIRED(cs);
    //! Create a new entry and add it to the internal data structures mapInfo, mapAddr and vRandom.
-    AddrInfo* Create(const CAddress& addr, const CNetAddr& addrSource, int* pnId = nullptr) EXCLUSIVE_LOCKS_REQUIRED(cs);
+    AddrInfo* Create(const CAddress& addr, const CNetAddr& addrSource, nid_type* pnId = nullptr) EXCLUSIVE_LOCKS_REQUIRED(cs);
    //! Swap two elements in vRandom.
    void SwapRandom(unsigned int nRandomPos1, unsigned int nRandomPos2) const EXCLUSIVE_LOCKS_REQUIRED(cs);
    //! Delete an entry. It must not be in tried, and have refcount 0.
-    void Delete(int nId) EXCLUSIVE_LOCKS_REQUIRED(cs);
+    void Delete(nid_type nId) EXCLUSIVE_LOCKS_REQUIRED(cs);
    //! Clear a position in a "new" table. This is the only place where entries are actually deleted.
    void ClearNew(int nUBucket, int nUBucketPos) EXCLUSIVE_LOCKS_REQUIRED(cs);
    //! Move an entry from the "new" table(s) to the "tried" table
-    void MakeTried(AddrInfo& info, int nId) EXCLUSIVE_LOCKS_REQUIRED(cs);
+    void MakeTried(AddrInfo& info, nid_type nId) EXCLUSIVE_LOCKS_REQUIRED(cs);
    /** Attempt to add a single address to addrman's new table.
     *  @see AddrMan::Add() for parameters. */
@ -256,9 +263,9 @@ private:
    /** Helper to generalize looking up an addrman entry from either table.
     *
-     *  @return  int The nid of the entry. If the addrman position is empty or not found, returns -1.
+     *  @return  nid_type The nid of the entry. If the addrman position is empty or not found, returns -1.
     * */
-    int GetEntry(bool use_tried, size_t bucket, size_t position) const EXCLUSIVE_LOCKS_REQUIRED(cs);
+    nid_type GetEntry(bool use_tried, size_t bucket, size_t position) const EXCLUSIVE_LOCKS_REQUIRED(cs);
    std::vector<CAddress> GetAddr_(size_t max_addresses, size_t max_pct, std::optional<Network> network, const bool filtered = true) const EXCLUSIVE_LOCKS_REQUIRED(cs);
--- a/src/key_io.cpp
+++ b/src/key_io.cpp
@ -274,6 +274,9 @@ CExtKey DecodeExtKey(const std::string& str)
            key.Decode(data.data() + prefix.size());
        }
    }
    if (!data.empty()) {
        memory_cleanse(data.data(), data.size());
    }
    return key;
 }
--- a/src/script/miniscript.cpp
+++ b/src/script/miniscript.cpp
@ -1,14 +1,17 @@
-// Copyright (c) 2019-2022 The Bitcoin Core developers
+// Copyright (c) 2019-present The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
-#include <string>
+#include <limits>
 #include <vector>
 #include <script/script.h>
 #include <script/miniscript.h>
 #include <serialize.h>
-#include <assert.h>
+#include <primitives/transaction.h>
 #include <script/miniscript.h>
 #include <script/script.h>
 #include <script/solver.h>
 #include <span.h>
 #include <util/check.h>
 #include <util/vector.h>
 namespace miniscript {
 namespace internal {
--- a/src/script/miniscript.h
+++ b/src/script/miniscript.h
@ -1,4 +1,4 @@
-// Copyright (c) 2019-2022 The Bitcoin Core developers
+// Copyright (c) 2019-present The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
@ -6,20 +6,24 @@
 #define BITCOIN_SCRIPT_MINISCRIPT_H
 #include <algorithm>
-#include <functional>
+#include <compare>
-#include <numeric>
+#include <cstdint>
 #include <cstdlib>
 #include <iterator>
 #include <memory>
 #include <optional>
-#include <string>
+#include <set>
 #include <stdexcept>
 #include <tuple>
 #include <utility>
 #include <vector>
-#include <assert.h>
+#include <consensus/consensus.h>
 #include <cstdlib>
 #include <policy/policy.h>
-#include <primitives/transaction.h>
+#include <script/interpreter.h>
 #include <script/parsing.h>
 #include <script/script.h>
 #include <serialize.h>
 #include <span.h>
 #include <util/check.h>
 #include <util/strencodings.h>
@ -150,7 +154,8 @@ public:
 };
 //! Literal operator to construct Type objects.
-inline consteval Type operator"" _mst(const char* c, size_t l) {
+inline consteval Type operator""_mst(const char* c, size_t l)
 {
    Type typ{Type::Make(0)};
    for (const char *p = c; p < c + l; p++) {
--- a/src/test/fuzz/addrman.cpp
+++ b/src/test/fuzz/addrman.cpp
@ -186,7 +186,7 @@ public:
            return false;
        }
-        auto IdsReferToSameAddress = [&](int id, int other_id) EXCLUSIVE_LOCKS_REQUIRED(m_impl->cs, other.m_impl->cs) {
+        auto IdsReferToSameAddress = [&](nid_type id, nid_type other_id) EXCLUSIVE_LOCKS_REQUIRED(m_impl->cs, other.m_impl->cs) {
            if (id == -1 && other_id == -1) {
                return true;
            }
--- a/src/test/fuzz/miniscript.cpp
+++ b/src/test/fuzz/miniscript.cpp
@ -20,7 +20,7 @@ using NodeRef = miniscript::NodeRef<CPubKey>;
 using Node = miniscript::Node<CPubKey>;
 using Type = miniscript::Type;
 using MsCtx = miniscript::MiniscriptContext;
-using miniscript::operator"" _mst;
+using miniscript::operator""_mst;
 //! Some pre-computed data for more efficient string roundtrips and to simulate challenges.
 struct TestData {
--- a/src/test/miniscript_tests.cpp
+++ b/src/test/miniscript_tests.cpp
@ -290,7 +290,7 @@ public:
 using Fragment = miniscript::Fragment;
 using NodeRef = miniscript::NodeRef<CPubKey>;
-using miniscript::operator"" _mst;
+using miniscript::operator""_mst;
 using Node = miniscript::Node<CPubKey>;
 /** Compute all challenges (pubkeys, hashes, timelocks) that occur in a given Miniscript. */
--- a/test/functional/feature_fee_estimation.py
+++ b/test/functional/feature_fee_estimation.py
@ -398,6 +398,7 @@ class EstimateFeeTest(BitcoinTestFramework):
        self.start_node(0)
        self.connect_nodes(0, 1)
        self.connect_nodes(0, 2)
        self.sync_blocks()
        assert_equal(self.nodes[0].estimatesmartfee(1)["errors"], ["Insufficient data or no feerate found"])
    def broadcast_and_mine(self, broadcaster, miner, feerate, count):