7c9e821c4e scripts: add MACHO NOUNDEFS check to security-check.py (fanquake)
4ca92dc6d3 scripts: add MACHO PIE check to security-check.py (fanquake)
Pull request description:
This uses `otool -vh` to print the mach header and look for the `PIE` flag:
```bash
otool -vh src/bitcoind
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 24 2544 NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
```
From [`mach-o/loader.h`](https://opensource.apple.com/source/cctools/cctools-927.0.2/include/mach-o/loader.h.auto.html):
```c
#define MH_PIE 0x200000 /* When this bit is set, the OS will
load the main executable at a
random address. Only used in
MH_EXECUTE filetypes. */
```
ACKs for top commit:
laanwj:
code review ACK 7c9e821c4e
Tree-SHA512: 5ba2f60440d0e31c70371a355c91ca4f723d80f7287d04e2098bf5b11892cc74216ff8f1454603c4db9675d4f7983614843b992b8dcfca0309aadf2aa7ab2e4b
Now that we require glibc 2.17+, #17538, we can remove linking in librt
for backwards compatibility purposes. The clock_* functions from librt
were merged into glibc as part of the 2.17 release.
* The `clock_*' suite of functions (declared in <time.h>) is now available
directly in the main C library. Previously it was necessary to link with
-lrt to use these functions. This change has the effect that a
single-threaded program that uses a function such as `clock_gettime' (and
is not linked with -lrt) will no longer implicitly load the pthreads
library at runtime and so will not suffer the overheads associated with
multi-thread support in other code such as the C++ runtime library.
https://sourceware.org/ml/libc-announce/2012/msg00001.html
Note that librt is already not linked by the RISC-V and AARCH64 binaries.
Note that the current release binaries don't show incorrect version
numbers anywhere in the GUI, and we haven't reintroduced the issue that
#14701 fixed. This is just swapping a deprecated field for a newer
one and removing the additional version number.
aaaaad6ac9 scripted-diff: Bump copyright of files changed in 2019 (MarcoFalke)
Pull request description:
ACKs for top commit:
practicalswift:
ACK aaaaad6ac9
promag:
ACK aaaaad6ac9🎉
fanquake:
ACK aaaaad6ac9 - going to merge this now because the year is over and conflicts are minimal.
Tree-SHA512: 58cb1f53bc4c1395b2766f36fabc7e2332e213780a802762fff0afd59468dad0c3265f553714d761c7a2c44ff90f7dc250f04458f4b2eb8eef8b94f8c9891321
592af5ad3a Moved the include of the system projects to before the build depends on task. Otherwise it doesn't get run. (Aaron Clauson)
6e2215187e Included test_bitcoin-qt in msvc build. (Aaron Clauson)
Pull request description:
This PR includes the `test_bitcoin-qt` project in the msvc build. The project is already in the repo but is not part of the solution and therefore does not get built.
The test executable output from this project does not pass successfully on Windows (it may never have). This PR only builds the project and does not add a step to execute the tests.
MarcoFalke mentioned the fact that it's missing in #17571.
Top commit has no ACKs.
Tree-SHA512: ebb8fc7710022b995e842708bbf83b9c0084dac5e1a22fa3f53d9ea472faabe96d75ad53150cc915ded5f782515a896f2b60840390bde38c1d0f80d0fd56a4ea
to make explicit the use of invalid addresses for user safety and to encourage
the use of bech32 addresses by default.
Fix a typo to appease the linter.
8dc9aa90c3 doc: Update license year range to 2020 (Emil Engler)
Pull request description:
See #15061
The same procedure as every year. Happy new year to all of you :)
Top commit has no ACKs.
Tree-SHA512: f2d924a739f6becc050a22cd0e37d97653ac1ef78ec645c98b5647ae2e65b9668851e24090d3ab3585503235113e1c48ea20580c35538afac5043026589bf830
90df92206c test: Change filemode of rpc_whitelist.py (Emil Engler)
Pull request description:
All python tests have the file mode `755`.
Probably due to a mistake `rpc_whitelist.py` is the only test with the permission `644`.
This PR makes it coherent with the other tests and updates it to `755` as well.
ACKs for top commit:
practicalswift:
ACK 90df92206c -- all tests should be executable
Tree-SHA512: b9e69cb5184a3bbee4c7b14ac35985145a9fd3403d0e449d79f15c18e9660cafec495d639f5f730e0c69dde5f4a3d7590b4e42d385e794cd02add1f4e3b785e7
Instead of using /16 netgroups to bucket nodes in Addrman for connection
diversification, ASN, which better represents an actor in terms
of network-layer infrastructure, is used.
For testing, asmap.raw is used. It represents a minimal
asmap needed for testing purposes.
0b5a366bd7 ci: Update vcpkg cache on MSBuild update (Hennadii Stepanov)
b6fa752bc7 ci: Update Qt binaries for GitHub Actions (Hennadii Stepanov)
Pull request description:
On master (0cda557340) Visual Studio update in GitHub Actions CI virtual environment could break a build as the `vcpkg` cache is not updated accordingly (see #17788).
This PR:
- force vcpkg cache update on MSBuild update
- is an alternative to #17789
- fixes#17788
ACKs for top commit:
fanquake:
ACK 0b5a366bd7
Tree-SHA512: b9e69cb5184a3bbee4c7b14ac35985145a9fd3403d0e449d79f15c18e9660cafec495d639f5f730e0c69dde5f4a3d7590b4e42d385e794cd02add1f4e3b785e7
6094222de7 use preferred shebang approach for documentation (hackerrdave)
Pull request description:
Documentation update to use recommended shebang approach mentioned in the [developer notes](https://github.com/bitcoin/bitcoin/blob/master/doc/developer-notes.md#shebang)
ACKs for top commit:
hebasto:
ACK 6094222de7, I have reviewed the code, and it looks OK, I agree it can be merged.
Tree-SHA512: fc58632f0a6fa82c7abdddfac4897f082110d647426d2b468cba6fabf6b34a015fcad47e5b26be98e629b8b0417b8781e8d89da67189e20da228b97b17f1a532
e9fd366044 refactor: Remove null setting check in GetSetting() (Russell Yanofsky)
cba2710220 scripted-diff: Remove unused ArgsManager type flags in tests (Russell Yanofsky)
425bb30725 refactor: Add util_CheckValue test (Russell Yanofsky)
0fa54358b0 refactor: Add ArgsManager::GetSettingsList method (Russell Yanofsky)
3e185522ac refactor: Get rid of ArgsManagerHelper class (Russell Yanofsky)
dc0f148074 refactor: Replace FlagsOfKnownArg with GetArgFlags (Russell Yanofsky)
57e8b7a727 refactor: Clean up includeconf comments (Russell Yanofsky)
3f7dc9b808 refactor: Clean up long lines in settings code (Russell Yanofsky)
Pull request description:
This PR doesn't change behavior. It just implements some suggestions from #15934 and #16545 and few other small cleanups.
ACKs for top commit:
jnewbery:
Code review ACK e9fd366044
MarcoFalke:
ACK e9fd366044🚟
Tree-SHA512: 6e100d92c72f72bc39567187ab97a3547b3c06e5fcf1a1b74023358b8bca552124ca6a53c0ab53179b7f1329c03d9a73faaef6d73d2cd1a2321568a0286525e2
34d826ea5f doc: Mention PR Club in CONTRIBUTING.md (Emil Engler)
Pull request description:
As we have a ["Review Club"](https://github.com/bitcoin/bitcoin/labels/Review%20club) label it would be worth mentioning it in the CONTRIBUTING.md file for beginners.
ACKs for top commit:
practicalswift:
ACK 34d826ea5f -- The Bitcoin Core PR Review Club is a great effort to introduce new contributors to the project in a positive and friendly way! We need that kind of newcomer friendly on-ramps to attract and educate the next generation of contributors! Kudos to @ jnewbery for helping secure the project also in the super long-term :)
Tree-SHA512: 9c6cbe9a82e1f13db10ad19c50a55566dbe3f5ccaf5b91f75c5a743f7f4f690515274d64c132460791bd4d8e76255b5cbfb2877908459734b52e3fbdba71fbb3
4f4ae6f97e build: set AC_PREREQ to 2.69 (fanquake)
Pull request description:
We use build macros such as `AX_CHECK_LINK_FLAG`, that require >=2.64, so our configure should also require Autoconf >= 2.64. The build would already blow up if 2.64 wasn't available. i.e:
```bash
configure.ac:320: error: Autoconf version 2.64 or higher is required
build-aux/m4/ax_check_link_flag.m4:74: AX_CHECK_LINK_FLAG is expanded from...
```
For reference, Autoconf 2.69 was released in [April of 2012](https://lists.gnu.org/archive/html/autoconf/2012-04/msg00041.html).
See the [Autoconf Versioning docs](https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Versioning.html) for more info on `AC_PREREQ`.
ACKs for top commit:
hebasto:
re-ACK 4f4ae6f97e, Autoconf 2.69 seems wide available.
laanwj:
ACK 4f4ae6f97e
Tree-SHA512: b77de9164ae6667513d40edaf9e16c6e7734c100643297b2dbb2ff54072774fdeab7b3b15d52979b99e204c1c4dcca4725ff155d7f6fdab7a867629130e10185
If after a backup, an address is issued beyond the initial
keypool range and none of the addresses in this range
is seen onchain, if a wallet is restored from backup, even in
case of rescan, funds may be loss due to the look-ahead
buffer not being incremented and so restored wallet not detecting
onchain out-of-range address as derived from its seed.
This scenario is theoretically unavoidable due to the requirement
of the keypool to have a max size. However, given the default
keypool size, this is unlikely. Document better keypool size
implications to avoid user setting a too low value.
faede70882 doc: Add formatting to the good first issue template (MarcoFalke)
Pull request description:
Add minor formatting to the good first issue template so that it is easier to see with one glance what the required skills are.
Preview is here: https://github.com/MarcoFalke/bitcoin-core/issues/new/choose
ACKs for top commit:
fanquake:
ACK faede70882
Tree-SHA512: 0b0fcd051166981455061442e69f42c9fa726eaa228856e57434e012f7224781f4f3f12c31ce0a7a322df9999e79a8fbe63bf800b7933bc52c7cdaed90f37598
c78b123982 build: add -bind_at_load to hardened LDFLAGS (fanquake)
Pull request description:
This performs the same function as `-Wl,-z,now`, except for ld on macOS.
You can check the binaries using `otool -l`, and looking for the `LC_DYLD_INFO_ONLY` section; `lazy_bind_off` and `lazy_bind_size` should both be 0.
This seems to be the case with our current release binaries. However we can make the check, and applying the flag explicit in configure.
man ld:
```bash
-bind_at_load
Sets a bit in the mach header of the resulting binary which tells dyld
to bind all symbols when the binary is loaded, rather than lazily.
```
TODO:
- [ ] Follow up with `MH_BINDATLOAD` flag.
ACKs for top commit:
theuni:
ACK c78b123982.
Tree-SHA512: 12259558b84f7e3d75d6fcde63b517685e42b18fcf8e8cfcf347483c5ba089d3b4b6d330e7b7f61f83a328fe4d141b771e8e52ddee9cac6da87dfc073ab1183d
abc147de95 build: remove WINDOWS_BITS from build system (fanquake)
Pull request description:
We no longer build/ship 32 bit windows executables.
ACKs for top commit:
laanwj:
LGTM ACK abc147de95
Tree-SHA512: 7101393cddb7e578740e4c79532dac981eb963630ce63c28dfebf0f5ecde266c1836ac0efd1fd82e6010a6151755ad2cc2b09bc2f67edd7c0c77060ac046a9cd
6e77a7b65c keypool: Add comment about TopUp and when to use it (Andrew Chow)
ea50e34b28 keypool: Move opportunistic TopUps from LegacyScriptPubKeyMan to CWallet and ReserveDestination (Andrew Chow)
bb2c8ce23c keypool: Remove superfluous topup from CWallet::GetNewChangeDestination (Andrew Chow)
Pull request description:
* The `TopUp()` in `CWallet::GetNewChangeDestination` is unnecessary as currently m_spk_man calls TopUp further down the call stack inside LegacyScriptPubKeyMan::ReserveKeyFromKeyPool (called by LegacyScriptPubKeyMan::GetReservedDestination). This also lets us prepare for future changes with multiple ScriptPubKeyMans in the wallet.
* An opportunistic `TopUp()` is moved from `LegacyScriptPubKeyMan::GetNewDestination` to `CWallet::GetNewDestination`.
* Another opportunistic `TopUp()` is moved from `LegacyScriptPubKeyMan::ReserveKeyFromKeyPool`
Moving opportunistic TopUps ensures that ScriptPubKeyMans will always be topped up before requesting Destinations from them as we cannot always rely on future ScriptPubKeyMan implementaions topping up internally.
See also: https://github.com/bitcoin/bitcoin/pull/17373#discussion_r348598174
ACKs for top commit:
instagibbs:
utACK 6e77a7b65c only change is slight elaboration on comment
ryanofsky:
Code review ACK 6e77a7b65c. Only the comment changed since my previous review.
Tree-SHA512: bdfc8d303842c3fb7c3d40af7abfa6d9dac4ef71a24922bb92229674ee89bfe3113ebb46d3903ac48ef99f0a7d6eaac33282495844f2b31f91b8df55084c421f
e190000869 ci-s390x: Add qemu and depends support in the ci script (Elichai Turkel)
Pull request description:
Related: #17599
This adds qemu support just like we have in arm and compile the depends.
other than that I also fixed some missing includes to make the depends compile.
ACKs for top commit:
MarcoFalke:
ACK e190000 (first commit only, didn't look at second commit)
Tree-SHA512: 2b8a39772b86408569f52cdc33832dbce7e5e9cdd710524295f3d259628cdfc017e740f6f94941307d7f8e413236814a95ba851153c617eb5fb75b4bd9a7e52f
529d332fbf test: add IsRFC2544 tests (Mark Tyneway)
419ef3b7cc CNetAddr: fix IsRFC2544 comment (Mark Tyneway)
Pull request description:
The comment describing the functionality of `CNetAddr::IsRFC2544` is incorrect.
46d6930f8c/src/netaddress.h (L57)
It should actually read `198.18.0.0/15` based on [RFC 3330](https://tools.ietf.org/html/rfc3330):
```
198.18.0.0/15 - This block has been allocated for use in benchmark
tests of network interconnect devices. Its use is documented in
[RFC2544].
```
See [RFC 2544](https://tools.ietf.org/html/rfc2544) here.
See the implementation here:
47d981e827/src/netaddress.cpp (L142-L145)
This PR also adds tests for the minimum and maximum values that are valid RFC 2544 addresses.
ACKs for top commit:
practicalswift:
ACK 529d332fbf
laanwj:
ACK 529d332fbf
promag:
ACK 529d332fbf, nit could squash.
jonatack:
ACK 529d332fbf
Tree-SHA512: 954a9582856d77564e0ea5fd2e3d287d0cfc4ecfe0588115692d01005e8ca7ad8ab20ff390ded867dc91af2bfb758d4e73a336e6c0b7798846c30a6d69b8ae3d
Remove the forest of special exceptions, and simply log a short
message to the NET logging category when an exception happens during
packet processing. It is not good to panick end users with errors
that any peer can generate (let alone writing to stderr).