From d1dee205473140aca34180e5de8b9bbe17c2207d Mon Sep 17 00:00:00 2001 From: Suhas Daftuar Date: Mon, 17 Sep 2018 16:13:37 -0400 Subject: [PATCH 1/7] Fix crash bug with duplicate inputs within a transaction Introduced by #9049 --- src/validation.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/validation.cpp b/src/validation.cpp index 7795905c48..145862db73 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -3032,7 +3032,7 @@ bool CheckBlock(const CBlock& block, CValidationState& state, const Consensus::P // Check transactions for (const auto& tx : block.vtx) - if (!CheckTransaction(*tx, state, false)) + if (!CheckTransaction(*tx, state, true)) return state.Invalid(false, state.GetRejectCode(), state.GetRejectReason(), strprintf("Transaction check failed (tx hash %s) %s", tx->GetHash().ToString(), state.GetDebugMessage())); From 9bd08fd465c35f08f3aab3c713ce1d70ddc1c492 Mon Sep 17 00:00:00 2001 From: Suhas Daftuar Date: Mon, 17 Sep 2018 16:15:02 -0400 Subject: [PATCH 2/7] [qa] backport: Test for duplicate inputs within a transaction --- test/functional/p2p_invalid_block.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/test/functional/p2p_invalid_block.py b/test/functional/p2p_invalid_block.py index edcade63c1..7744526d9a 100755 --- a/test/functional/p2p_invalid_block.py +++ b/test/functional/p2p_invalid_block.py @@ -95,7 +95,18 @@ class InvalidBlockRequestTest(ComparisonTestFramework): assert(block2_orig.vtx != block2.vtx) self.tip = block2.sha256 - yield TestInstance([[block2, RejectResult(16, b'bad-txns-duplicate')], [block2_orig, True]]) + yield TestInstance([[block2, RejectResult(16, b'bad-txns-duplicate')]]) + + # Check transactions for duplicate inputs + self.log.info("Test duplicate input block.") + + block2_dup = copy.deepcopy(block2_orig) + block2_dup.vtx[2].vin.append(block2_dup.vtx[2].vin[0]) + block2_dup.vtx[2].rehash() + block2_dup.hashMerkleRoot = block2_dup.calc_merkle_root() + block2_dup.rehash() + block2_dup.solve() + yield TestInstance([[block2_dup, RejectResult(16, b'bad-txns-inputs-duplicate')], [block2_orig, True]]) height += 1 ''' From 86e2f1d4bb3a5d6e705617dbcec9cfbcf46112cb Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:26:48 +0200 Subject: [PATCH 3/7] build: Bump version to 0.16.3 Tree-SHA512: 56565311429f56d68508215eaa04f31f3e3f0144f367fc874da78652ce0aeb62b1d609513d9f8dcb204425c8e108103855a737eefc661f8b1f94c6219a9518a3 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 5803af5535..32b6368767 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N) AC_PREREQ([2.60]) define(_CLIENT_VERSION_MAJOR, 0) define(_CLIENT_VERSION_MINOR, 16) -define(_CLIENT_VERSION_REVISION, 2) +define(_CLIENT_VERSION_REVISION, 3) define(_CLIENT_VERSION_BUILD, 0) define(_CLIENT_VERSION_IS_RELEASE, true) define(_COPYRIGHT_YEAR, 2018) From a0f4ff6088e564560d8b2c029c493275bcca304f Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:41:24 +0200 Subject: [PATCH 4/7] doc: 0.16.3 release notes Tree-SHA512: 4237ac0c1cd0c0f4c3f50494cf5985a95317730194820a22e2814571107a684fdd5253625707c95ac558a1ad8ab9f36904c46647d0cb931fe67ea2407738133a --- doc/release-notes.md | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/doc/release-notes.md b/doc/release-notes.md index f8b9192abd..631eb0833f 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -1,6 +1,6 @@ -Bitcoin Core version 0.16.x is now available from: +Bitcoin Core version 0.16.3 is now available from: - + This is a new minor version release, with various bugfixes as well as updated translations. @@ -49,22 +49,42 @@ frequently tested on them. Notable changes =============== -(to be filled in) +Denial-of-Service vulnerability +------------------------------- -0.16.x change log +A denial-of-service vulnerability exploitable by miners has been discovered in +Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of +the vulnerable versions to 0.16.3 as soon as possible. + +0.16.3 change log ------------------ -(to be filled in) +### Consensus +- #14249 `696b936` Fix crash bug with duplicate inputs within a transaction (TheBlueMatt, sdaftuar) + +### RPC and other APIs +- #13547 `212ef1f` Make `signrawtransaction*` give an error when amount is needed but missing (ajtowns) + +### Miscellaneous +- #13655 `1cdbea7` bitcoinconsensus: invalid flags error should be set to `bitcoinconsensus_err` (afk11) + +### Documentation +- #13844 `11b9dbb` correct the help output for -prune (hebasto) Credits ======= Thanks to everyone who directly contributed to this release: -(to be filled in) +- Anthony Towns +- Hennadii Stepanov +- Matt Corallo +- Suhas Daftuar +- Thomas Kerin +- Wladimir J. van der Laan And to those that reported security issues: -(to be filled in) +- beardnboobies As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). From 49e34e288005a5b144a642e197b628396f5a0765 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:55:09 +0200 Subject: [PATCH 5/7] doc: Update manpages for 0.16.3 Tree-SHA512: e631405dd03438ac4b5fae5ed2fc0cb061e4cb7092ab068dd99b7c3001c95d166224f50af759454dbf47a2954409ac62c1232988918dd6650213918b853aea2d --- doc/man/bitcoin-cli.1 | 8 ++++---- doc/man/bitcoin-qt.1 | 10 +++++----- doc/man/bitcoin-tx.1 | 8 ++++---- doc/man/bitcoind.1 | 10 +++++----- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/doc/man/bitcoin-cli.1 b/doc/man/bitcoin-cli.1 index a84fe42204..bba46b2918 100644 --- a/doc/man/bitcoin-cli.1 +++ b/doc/man/bitcoin-cli.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-CLI "1" "July 2018" "bitcoin-cli v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-CLI "1" "September 2018" "bitcoin-cli v0.16.3.0" "User Commands" .SH NAME -bitcoin-cli \- manual page for bitcoin-cli v0.16.2.0 +bitcoin-cli \- manual page for bitcoin-cli v0.16.3.0 .SH DESCRIPTION -Bitcoin Core RPC client version v0.16.2.0 +Bitcoin Core RPC client version v0.16.3.0 .SS "Usage:" .TP bitcoin\-cli [options] [params] diff --git a/doc/man/bitcoin-qt.1 b/doc/man/bitcoin-qt.1 index 41302ac787..2b5bbc5b42 100644 --- a/doc/man/bitcoin-qt.1 +++ b/doc/man/bitcoin-qt.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-QT "1" "July 2018" "bitcoin-qt v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-QT "1" "September 2018" "bitcoin-qt v0.16.3.0" "User Commands" .SH NAME -bitcoin-qt \- manual page for bitcoin-qt v0.16.2.0 +bitcoin-qt \- manual page for bitcoin-qt v0.16.3.0 .SH DESCRIPTION -Bitcoin Core version v0.16.2.0 (64\-bit) +Bitcoin Core version v0.16.3.0 (64\-bit) Usage: .IP bitcoin\-qt [command\-line options] @@ -97,7 +97,7 @@ blocks if a target size in MiB is provided. This mode is incompatible with \fB\-txindex\fR and \fB\-rescan\fR. Warning: Reverting this setting requires re\-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, ->550 = automatically prune block files to stay under the +>=550 = automatically prune block files to stay under the specified target size in MiB) .HP \fB\-reindex\-chainstate\fR diff --git a/doc/man/bitcoin-tx.1 b/doc/man/bitcoin-tx.1 index 166a3a7884..96547cb69e 100644 --- a/doc/man/bitcoin-tx.1 +++ b/doc/man/bitcoin-tx.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-TX "1" "July 2018" "bitcoin-tx v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-TX "1" "September 2018" "bitcoin-tx v0.16.3.0" "User Commands" .SH NAME -bitcoin-tx \- manual page for bitcoin-tx v0.16.2.0 +bitcoin-tx \- manual page for bitcoin-tx v0.16.3.0 .SH DESCRIPTION -Bitcoin Core bitcoin\-tx utility version v0.16.2.0 +Bitcoin Core bitcoin\-tx utility version v0.16.3.0 .SS "Usage:" .TP bitcoin\-tx [options] [commands] diff --git a/doc/man/bitcoind.1 b/doc/man/bitcoind.1 index c91ac52c29..164e95e56e 100644 --- a/doc/man/bitcoind.1 +++ b/doc/man/bitcoind.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIND "1" "July 2018" "bitcoind v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIND "1" "September 2018" "bitcoind v0.16.3.0" "User Commands" .SH NAME -bitcoind \- manual page for bitcoind v0.16.2.0 +bitcoind \- manual page for bitcoind v0.16.3.0 .SH DESCRIPTION -Bitcoin Core Daemon version v0.16.2.0 +Bitcoin Core Daemon version v0.16.3.0 .SS "Usage:" .TP bitcoind [options] @@ -102,7 +102,7 @@ blocks if a target size in MiB is provided. This mode is incompatible with \fB\-txindex\fR and \fB\-rescan\fR. Warning: Reverting this setting requires re\-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, ->550 = automatically prune block files to stay under the +>=550 = automatically prune block files to stay under the specified target size in MiB) .HP \fB\-reindex\-chainstate\fR From f1250033bd149626cfe42008ca145733be850dfe Mon Sep 17 00:00:00 2001 From: Adrian Gallagher Date: Tue, 18 Sep 2018 18:59:37 -0700 Subject: [PATCH 6/7] Litecoin: Update man pages --- doc/man/litecoin-cli.1 | 6 +++--- doc/man/litecoin-qt.1 | 6 +++--- doc/man/litecoin-tx.1 | 6 +++--- doc/man/litecoind.1 | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/man/litecoin-cli.1 b/doc/man/litecoin-cli.1 index 1b14f01196..2e34c50911 100644 --- a/doc/man/litecoin-cli.1 +++ b/doc/man/litecoin-cli.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOIN-CLI "1" "September 2018" "bitcoin-cli v0.16.3.0" "User Commands" +.TH LITECOIN-CLI "1" "September 2018" "litecoin-cli v0.16.3.0" "User Commands" .SH NAME -bitcoin-cli \- manual page for bitcoin-cli v0.16.3.0 +litecoin-cli \- manual page for litecoin-cli v0.16.3.0 .SH DESCRIPTION -Bitcoin Core RPC client version v0.16.3.0 +Litecoin Core RPC client version v0.16.3.0 .SS "Usage:" .TP litecoin\-cli [options] [params] diff --git a/doc/man/litecoin-qt.1 b/doc/man/litecoin-qt.1 index 350a5beda6..18acad6e6c 100644 --- a/doc/man/litecoin-qt.1 +++ b/doc/man/litecoin-qt.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOIN-QT "1" "September 2018" "bitcoin-qt v0.16.3.0" "User Commands" +.TH LITECOIN-QT "1" "September 2018" "litecoin-qt v0.16.3.0" "User Commands" .SH NAME -bitcoin-qt \- manual page for bitcoin-qt v0.16.3.0 +litecoin-qt \- manual page for litecoin-qt v0.16.3.0 .SH DESCRIPTION -Bitcoin Core version v0.16.3.0 (64\-bit) +Litecoin Core version v0.16.3.0 (64\-bit) Usage: .IP litecoin\-qt [command\-line options] diff --git a/doc/man/litecoin-tx.1 b/doc/man/litecoin-tx.1 index c685808b31..66f8bf310f 100644 --- a/doc/man/litecoin-tx.1 +++ b/doc/man/litecoin-tx.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOIN-TX "1" "September 2018" "bitcoin-tx v0.16.3.0" "User Commands" +.TH LITECOIN-TX "1" "September 2018" "litecoin-tx v0.16.3.0" "User Commands" .SH NAME -bitcoin-tx \- manual page for bitcoin-tx v0.16.3.0 +litecoin-tx \- manual page for litecoin-tx v0.16.3.0 .SH DESCRIPTION -Bitcoin Core bitcoin\-tx utility version v0.16.3.0 +Litecoin Core litecoin\-tx utility version v0.16.3.0 .SS "Usage:" .TP litecoin\-tx [options] [commands] diff --git a/doc/man/litecoind.1 b/doc/man/litecoind.1 index 14b42f084c..6575b8a633 100644 --- a/doc/man/litecoind.1 +++ b/doc/man/litecoind.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOIND "1" "September 2018" "bitcoind v0.16.3.0" "User Commands" +.TH LITECOIND "1" "September 2018" "litecoind v0.16.3.0" "User Commands" .SH NAME -bitcoind \- manual page for bitcoind v0.16.3.0 +litecoind \- manual page for litecoind v0.16.3.0 .SH DESCRIPTION -Bitcoin Core Daemon version v0.16.3.0 +Litecoin Core Daemon version v0.16.3.0 .SS "Usage:" .TP litecoind [options] From 23705f3bfab4bde68137bf0b5b2a858e3bbb33e7 Mon Sep 17 00:00:00 2001 From: Adrian Gallagher Date: Tue, 18 Sep 2018 19:14:49 -0700 Subject: [PATCH 7/7] Litecoin: Update release notes for v0.16.3 --- doc/release-notes-litecoin.md | 106 ++++------------------------------ 1 file changed, 11 insertions(+), 95 deletions(-) diff --git a/doc/release-notes-litecoin.md b/doc/release-notes-litecoin.md index bc2b45e50c..222645c61b 100644 --- a/doc/release-notes-litecoin.md +++ b/doc/release-notes-litecoin.md @@ -1,6 +1,6 @@ -Litecoin Core version 0.16.2 is now available from: +Litecoin Core version 0.16.3 is now available from: - + This is a new minor version release, with various bugfixes as well as updated translations. @@ -49,101 +49,18 @@ frequently tested on them. Notable changes =============== -Miner block size removed ------------------------- +Denial-of-Service vulnerability +------------------------------- -The `-blockmaxsize` option for miners to limit their blocks' sizes was -deprecated in version 0.15.1, and has now been removed. Miners should use the -`-blockmaxweight` option if they want to limit the weight of their blocks' -weights. +A denial-of-service vulnerability exploitable by miners has been discovered in +Litecoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of +the vulnerable versions to 0.16.3 as soon as possible. -0.16.2 change log +0.16.3 change log ------------------ -### Policy -- #11423 `d353dd1` [Policy] Several transaction standardness rules (jl2012) - -### Mining -- #12756 `e802c22` [config] Remove blockmaxsize option (jnewbery) - -### Block and transaction handling -- #13199 `c71e535` Bugfix: ensure consistency of m_failed_blocks after reconsiderblock (sdaftuar) -- #13023 `bb79aaf` Fix some concurrency issues in ActivateBestChain() (skeees) - -### P2P protocol and network code -- #12626 `f60e84d` Limit the number of IPs addrman learns from each DNS seeder (EthanHeilman) - -### Wallet -- #13265 `5d8de76` Exit SyncMetaData if there are no transactions to sync (laanwj) -- #13030 `5ff571e` Fix zapwallettxes/multiwallet interaction. (jnewbery) -- #13622 `c04a4a5` Remove mapRequest tracking that just effects Qt display. (TheBlueMatt) -- #12905 `cfc6f74` [rpcwallet] Clamp walletpassphrase value at 100M seconds (sdaftuar) -- #13437 `ed82e71` wallet: Erase wtxOrderd wtx pointer on removeprunedfunds (MarcoFalke) - -### RPC and other APIs -- #13451 `cbd2f70` rpc: expose CBlockIndex::nTx in getblock(header) (instagibbs) -- #13507 `f7401c8` RPC: Fix parameter count check for importpubkey (kristapsk) -- #13452 `6b9dc8c` rpc: have verifytxoutproof check the number of txns in proof structure (instagibbs) -- #12837 `bf1f150` rpc: fix type mistmatch in `listreceivedbyaddress` (joemphilips) -- #12743 `657dfc5` Fix csBestBlock/cvBlockChange waiting in rpc/mining (sipa) - -### GUI -- #12999 `1720eb3` Show the Window when double clicking the taskbar icon (ken2812221) -- #12650 `f118a7a` Fix issue: "default port not shown correctly in settings dialog" (251Labs) -- #13251 `ea487f9` Rephrase Bech32 checkbox texts, and enable it with legacy address default (fanquake) -- #12432 `f78e7f6` [qt] send: Clear All also resets coin control options (Sjors) -- #12617 `21dd512` gui: Show messages as text not html (laanwj) -- #12793 `cf6feb7` qt: Avoid reseting on resetguisettigs=0 (MarcoFalke) - -### Build system -- #12474 `b0f692f` Allow depends system to support armv7l (hkjn) -- #12585 `72a3290` depends: Switch to downloading expat from GitHub (fanquake) -- #12648 `46ca8f3` test: Update trusted git root (MarcoFalke) -- #11995 `686cb86` depends: Fix Qt build with Xcode 9 (fanquake) -- #12636 `845838c` backport: #11995 Fix Qt build with Xcode 9 (fanquake) -- #12946 `e055bc0` depends: Fix Qt build with XCode 9.3 (fanquake) -- #12998 `7847b92` Default to defining endian-conversion DECLs in compat w/o config (TheBlueMatt) -- #13544 `9fd3e00` depends: Update Qt download url (fanquake) -- #12573 `88d1a64` Fix compilation when compiler do not support `__builtin_clz*` (532479301) - -### Tests and QA -- #12447 `01f931b` Add missing signal.h header (laanwj) -- #12545 `1286f3e` Use wait_until to ensure ping goes out (Empact) -- #12804 `4bdb0ce` Fix intermittent rpc_net.py failure. (jnewbery) -- #12553 `0e98f96` Prefer wait_until over polling with time.sleep (Empact) -- #12486 `cfebd40` Round target fee to 8 decimals in assert_fee_amount (kallewoof) -- #12843 `df38b13` Test starting bitcoind with -h and -version (jnewbery) -- #12475 `41c29f6` Fix python TypeError in script.py (MarcoFalke) -- #12638 `0a76ed2` Cache only chain and wallet for regtest datadir (MarcoFalke) -- #12902 `7460945` Handle potential cookie race when starting node (sdaftuar) -- #12904 `6c26df0` Ensure bitcoind processes are cleaned up when tests end (sdaftuar) -- #13049 `9ea62a3` Backports (MarcoFalke) -- #13201 `b8aacd6` Handle disconnect_node race (sdaftuar) -- #13061 `170b309` Make tests pass after 2020 (bmwiedemann) -- #13192 `79c4fff` [tests] Fixed intermittent failure in `p2p_sendheaders.py` (lmanners) -- #13300 `d9c5630` qa: Initialize lockstack to prevent null pointer deref (MarcoFalke) -- #13545 `e15e3a9` tests: Fix test case `streams_serializedata_xor` Remove Boost dependency. (practicalswift) -- #13304 `cbdabef` qa: Fix `wallet_listreceivedby` race (MarcoFalke) -- #13852 `b64f02f` Make signrawtransaction give an error when amount is needed but missing (ajtowns) -- #13797 `6518bcd` bitcoinconsensus: invalid flags should be set to bitcoinconsensus_error type, add test cases covering bitcoinconsensus error codes (Thomas Kerin) - -### Miscellaneous -- #12518 `a17fecf` Bump leveldb subtree (MarcoFalke) -- #12442 `f3b8d85` devtools: Exclude patches from lint-whitespace (MarcoFalke) -- #12988 `acdf433` Hold cs_main while calling UpdatedBlockTip() signal (skeees) -- #12985 `0684cf9` Windows: Avoid launching as admin when NSIS installer ends. (JeremyRand) -- #503 `87ec334` Fix CVE-2018-12356 by hardening the regex (jmutkawoa) -- #12887 `2291774` Add newlines to end of log messages (jnewbery) -- #12859 `18b0c69` Bugfix: Include for `std::unique_ptr` (luke-jr) -- #13131 `ce8aa54` Add Windows shutdown handler (ken2812221) -- #13652 `20461fc` rpc: Fix that CWallet::AbandonTransaction would leave the grandchildren, etc. active (Empact) - -### Documentation -- #12637 `60086dd` backport: #12556 fix version typo in getpeerinfo RPC call help (fanquake) -- #13184 `4087dd0` RPC Docs: `gettxout*`: clarify bestblock and unspent counts (harding) -- #13246 `6de7543` Bump to Ubuntu Bionic 18.04 in build-windows.md (ken2812221) -- #12556 `e730b82` Fix version typo in getpeerinfo RPC call help (tamasblummer) -- #13852 `9e116a6` [0.16] doc: correct the help output for -prune (hebasto) +### Consensus +- #14249 `696b936` Fix crash bug with duplicate inputs within a transaction (TheBlueMatt, sdaftuar) Credits ======= @@ -172,5 +89,4 @@ Thanks to everyone who directly contributed to this release: And to those that reported security issues: -- Braydon Fuller -- Himanshu Mehta \ No newline at end of file +- beardnboobies \ No newline at end of file