From d1dee205473140aca34180e5de8b9bbe17c2207d Mon Sep 17 00:00:00 2001 From: Suhas Daftuar Date: Mon, 17 Sep 2018 16:13:37 -0400 Subject: [PATCH 1/5] Fix crash bug with duplicate inputs within a transaction Introduced by #9049 --- src/validation.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/validation.cpp b/src/validation.cpp index 7795905c48..145862db73 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -3032,7 +3032,7 @@ bool CheckBlock(const CBlock& block, CValidationState& state, const Consensus::P // Check transactions for (const auto& tx : block.vtx) - if (!CheckTransaction(*tx, state, false)) + if (!CheckTransaction(*tx, state, true)) return state.Invalid(false, state.GetRejectCode(), state.GetRejectReason(), strprintf("Transaction check failed (tx hash %s) %s", tx->GetHash().ToString(), state.GetDebugMessage())); From 9bd08fd465c35f08f3aab3c713ce1d70ddc1c492 Mon Sep 17 00:00:00 2001 From: Suhas Daftuar Date: Mon, 17 Sep 2018 16:15:02 -0400 Subject: [PATCH 2/5] [qa] backport: Test for duplicate inputs within a transaction --- test/functional/p2p_invalid_block.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/test/functional/p2p_invalid_block.py b/test/functional/p2p_invalid_block.py index edcade63c1..7744526d9a 100755 --- a/test/functional/p2p_invalid_block.py +++ b/test/functional/p2p_invalid_block.py @@ -95,7 +95,18 @@ class InvalidBlockRequestTest(ComparisonTestFramework): assert(block2_orig.vtx != block2.vtx) self.tip = block2.sha256 - yield TestInstance([[block2, RejectResult(16, b'bad-txns-duplicate')], [block2_orig, True]]) + yield TestInstance([[block2, RejectResult(16, b'bad-txns-duplicate')]]) + + # Check transactions for duplicate inputs + self.log.info("Test duplicate input block.") + + block2_dup = copy.deepcopy(block2_orig) + block2_dup.vtx[2].vin.append(block2_dup.vtx[2].vin[0]) + block2_dup.vtx[2].rehash() + block2_dup.hashMerkleRoot = block2_dup.calc_merkle_root() + block2_dup.rehash() + block2_dup.solve() + yield TestInstance([[block2_dup, RejectResult(16, b'bad-txns-inputs-duplicate')], [block2_orig, True]]) height += 1 ''' From 86e2f1d4bb3a5d6e705617dbcec9cfbcf46112cb Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:26:48 +0200 Subject: [PATCH 3/5] build: Bump version to 0.16.3 Tree-SHA512: 56565311429f56d68508215eaa04f31f3e3f0144f367fc874da78652ce0aeb62b1d609513d9f8dcb204425c8e108103855a737eefc661f8b1f94c6219a9518a3 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 5803af5535..32b6368767 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N) AC_PREREQ([2.60]) define(_CLIENT_VERSION_MAJOR, 0) define(_CLIENT_VERSION_MINOR, 16) -define(_CLIENT_VERSION_REVISION, 2) +define(_CLIENT_VERSION_REVISION, 3) define(_CLIENT_VERSION_BUILD, 0) define(_CLIENT_VERSION_IS_RELEASE, true) define(_COPYRIGHT_YEAR, 2018) From a0f4ff6088e564560d8b2c029c493275bcca304f Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:41:24 +0200 Subject: [PATCH 4/5] doc: 0.16.3 release notes Tree-SHA512: 4237ac0c1cd0c0f4c3f50494cf5985a95317730194820a22e2814571107a684fdd5253625707c95ac558a1ad8ab9f36904c46647d0cb931fe67ea2407738133a --- doc/release-notes.md | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/doc/release-notes.md b/doc/release-notes.md index f8b9192abd..631eb0833f 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -1,6 +1,6 @@ -Bitcoin Core version 0.16.x is now available from: +Bitcoin Core version 0.16.3 is now available from: - + This is a new minor version release, with various bugfixes as well as updated translations. @@ -49,22 +49,42 @@ frequently tested on them. Notable changes =============== -(to be filled in) +Denial-of-Service vulnerability +------------------------------- -0.16.x change log +A denial-of-service vulnerability exploitable by miners has been discovered in +Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of +the vulnerable versions to 0.16.3 as soon as possible. + +0.16.3 change log ------------------ -(to be filled in) +### Consensus +- #14249 `696b936` Fix crash bug with duplicate inputs within a transaction (TheBlueMatt, sdaftuar) + +### RPC and other APIs +- #13547 `212ef1f` Make `signrawtransaction*` give an error when amount is needed but missing (ajtowns) + +### Miscellaneous +- #13655 `1cdbea7` bitcoinconsensus: invalid flags error should be set to `bitcoinconsensus_err` (afk11) + +### Documentation +- #13844 `11b9dbb` correct the help output for -prune (hebasto) Credits ======= Thanks to everyone who directly contributed to this release: -(to be filled in) +- Anthony Towns +- Hennadii Stepanov +- Matt Corallo +- Suhas Daftuar +- Thomas Kerin +- Wladimir J. van der Laan And to those that reported security issues: -(to be filled in) +- beardnboobies As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). From 49e34e288005a5b144a642e197b628396f5a0765 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Tue, 18 Sep 2018 01:55:09 +0200 Subject: [PATCH 5/5] doc: Update manpages for 0.16.3 Tree-SHA512: e631405dd03438ac4b5fae5ed2fc0cb061e4cb7092ab068dd99b7c3001c95d166224f50af759454dbf47a2954409ac62c1232988918dd6650213918b853aea2d --- doc/man/bitcoin-cli.1 | 8 ++++---- doc/man/bitcoin-qt.1 | 10 +++++----- doc/man/bitcoin-tx.1 | 8 ++++---- doc/man/bitcoind.1 | 10 +++++----- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/doc/man/bitcoin-cli.1 b/doc/man/bitcoin-cli.1 index a84fe42204..bba46b2918 100644 --- a/doc/man/bitcoin-cli.1 +++ b/doc/man/bitcoin-cli.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-CLI "1" "July 2018" "bitcoin-cli v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-CLI "1" "September 2018" "bitcoin-cli v0.16.3.0" "User Commands" .SH NAME -bitcoin-cli \- manual page for bitcoin-cli v0.16.2.0 +bitcoin-cli \- manual page for bitcoin-cli v0.16.3.0 .SH DESCRIPTION -Bitcoin Core RPC client version v0.16.2.0 +Bitcoin Core RPC client version v0.16.3.0 .SS "Usage:" .TP bitcoin\-cli [options] [params] diff --git a/doc/man/bitcoin-qt.1 b/doc/man/bitcoin-qt.1 index 41302ac787..2b5bbc5b42 100644 --- a/doc/man/bitcoin-qt.1 +++ b/doc/man/bitcoin-qt.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-QT "1" "July 2018" "bitcoin-qt v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-QT "1" "September 2018" "bitcoin-qt v0.16.3.0" "User Commands" .SH NAME -bitcoin-qt \- manual page for bitcoin-qt v0.16.2.0 +bitcoin-qt \- manual page for bitcoin-qt v0.16.3.0 .SH DESCRIPTION -Bitcoin Core version v0.16.2.0 (64\-bit) +Bitcoin Core version v0.16.3.0 (64\-bit) Usage: .IP bitcoin\-qt [command\-line options] @@ -97,7 +97,7 @@ blocks if a target size in MiB is provided. This mode is incompatible with \fB\-txindex\fR and \fB\-rescan\fR. Warning: Reverting this setting requires re\-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, ->550 = automatically prune block files to stay under the +>=550 = automatically prune block files to stay under the specified target size in MiB) .HP \fB\-reindex\-chainstate\fR diff --git a/doc/man/bitcoin-tx.1 b/doc/man/bitcoin-tx.1 index 166a3a7884..96547cb69e 100644 --- a/doc/man/bitcoin-tx.1 +++ b/doc/man/bitcoin-tx.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIN-TX "1" "July 2018" "bitcoin-tx v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIN-TX "1" "September 2018" "bitcoin-tx v0.16.3.0" "User Commands" .SH NAME -bitcoin-tx \- manual page for bitcoin-tx v0.16.2.0 +bitcoin-tx \- manual page for bitcoin-tx v0.16.3.0 .SH DESCRIPTION -Bitcoin Core bitcoin\-tx utility version v0.16.2.0 +Bitcoin Core bitcoin\-tx utility version v0.16.3.0 .SS "Usage:" .TP bitcoin\-tx [options] [commands] diff --git a/doc/man/bitcoind.1 b/doc/man/bitcoind.1 index c91ac52c29..164e95e56e 100644 --- a/doc/man/bitcoind.1 +++ b/doc/man/bitcoind.1 @@ -1,9 +1,9 @@ -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.3. -.TH BITCOIND "1" "July 2018" "bitcoind v0.16.2.0" "User Commands" +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. +.TH BITCOIND "1" "September 2018" "bitcoind v0.16.3.0" "User Commands" .SH NAME -bitcoind \- manual page for bitcoind v0.16.2.0 +bitcoind \- manual page for bitcoind v0.16.3.0 .SH DESCRIPTION -Bitcoin Core Daemon version v0.16.2.0 +Bitcoin Core Daemon version v0.16.3.0 .SS "Usage:" .TP bitcoind [options] @@ -102,7 +102,7 @@ blocks if a target size in MiB is provided. This mode is incompatible with \fB\-txindex\fR and \fB\-rescan\fR. Warning: Reverting this setting requires re\-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, ->550 = automatically prune block files to stay under the +>=550 = automatically prune block files to stay under the specified target size in MiB) .HP \fB\-reindex\-chainstate\fR