Update libsecp256k1 #6983
Merged
Update libsecp256k1 #6983
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: miniupnp/miniupnp@79cca97 Reported by timothy on IRC.
0cca024 Update miniupnpc to 1.9.20151008 (Wladimir J. van der Laan)
Also fix: "Exception: tostring() has been removed. Please call tobytes() instead."
To bridge the time until a dynamic method for determining this fee is merged. This is especially aimed at the stable releases (0.10, 0.11) because full mempool limiting, as will be in 0.12, is too invasive and risky to backport.
Common sentiment is that the miniupnpc codebase likely contains further vulnerabilities. I'd prefer to get rid of the dependency completely, but a compromise for now is to at least disable it by default.
21d27eb net: Disable upnp by default (Wladimir J. van der Laan)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This message is to inform you that I, Paul Rabahy have rolled over GPG keys. My old key = EA695E0CE2D0DCB0D65167A8D1CBA2A21BCD88F6 My new key = D62A803E27E7F43486035ADBBCD04D8E9CCCAC2A My new key now has an offline primary key with an online subkey that I will be using for normal communications. I have signed this message with both the old and new key so it should show up as validly signed. Please add my new key to your keyring so that future communication will be properly verified. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWB3/LAAoJENHLoqIbzYj2LBwQAMgH5u2KDuxK2gmpRjEpVXe8 XPOon+SRL5zXfu1dFInXCg8APJEVaXhSeY+/s0GmUq0INRpK4r0tvZVN84X2UoHz y88P6BeHzQI7dsCStINhW4Hb7DVpFvkHAxsRhy05/geD56/IOXnsG+5SvsH3essJ O6DuRQOipDWkZ9NQuQPrqzlkcBErMbL4Cs0ED5DOOYccntnt5HM909KDHfKcG8iJ /qNTVzVFYMGbLn6MVq89reatmIOxuVBkbixsqad5M4P9rQ3iGPnUzIEp4wn7/Ssd XDiCZypzlHkcs1GKBLtWnYWahlWHItcd/Yz3AiHLfUehcZb52p0mvIaTf4lyAR5p kQFTXZwrrzJDaomSE2Y2IeMIATZE7/7RInkHD6okUTFSoCFgxOeAxLBI6sxLH5x5 xLIdv45iiv3P5fz1gungfzn2OYy+dHgT74bJ32N18hs+xwZM2G6AYYvVvkTSDqC0 c3AopnjEV4i+4Aq0QfDD9fXpBc0QuDN7c5GkcFCiFlhN+gffjT8hkFliiW3e2X5K Vsycv1sYXFSS/YYZ7RCixWgTkpi18ABaLu/N1ses7hLNMxx9ovjrMIJ5gC6Nyga9 2BiumvNMh0iE9yhPiN0a4YsZZnW/tc5K1+OJxnKZvxWrXqOgIhnKZA1U1Y83COgA 6pI5uKrggGQWgQFJxTmciQEcBAEBCAAGBQJWB3/LAAoJEDJeXsBcJ6amLBwH/ib+ wiD3wDy+VeTDFvh4AgQqDRCk+CvGEKJlcoBLm3ZDwzi+/26XB/BCFoopW9h67ZmC yMFhgvCJ3RwPcVGgZBOZ//88E2symcYRBSZJVwMN/n3McmEKBmmEH6/tTqhLeBal 2pynse7qgfZV7P/rSMcqFdhzMYq6Jt25obTl3IqTo939G1oOxRK8ORNT3Hs4/uiF 7xsx+nUBe/L6dvw2Rxr8bWm7WKi/LF7fKN/HZuBfK2qH0S4ctG49fiBw3DTV+erO lYHdOMA9sjk90Le5sNBw75Hyr4WMLUkGFkh9SvDK1Xe3bUCfCpBTpcPnRUqnHL32 9GbqORFiaUGPRCnaWKQ= =JR4m -----END PGP SIGNATURE-----
…ial] Signed-off-by: Johnathan Corgan <[email protected]>
(note the 9x multiplier on (void*)'s for CTxMemPool::DynamicMemoryUsage was accidentally introduced in 5add7a7 but should have waited for this commit which adds the extra index)
2c4ffbc Create btcdrak-key.pgp (BtcDrak)
3b363df Updated Prab's PGP Key -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 (Paul Rabahy)
40b77d4 Always allow getheaders from whitelisted peers (Wladimir J. van der Laan)
7085728 doc: there is no libboost-base-dev, add missing sudo (Wladimir J. van der Laan)
Thanks to @MarcoFalke @dexX7 @laanwj for review.
Contributor
|
ACK |
Contributor
|
Concept ACK |
b5cbd39 Add basic coverage reporting for RPC tests (James O'Beirne)
- Force AUTHCOOKIE size to be 32 bytes: This provides protection against an attack where a process pretends to be Tor and uses the cookie authentication method to nab arbitrary files such as the wallet - torcontrol logging - fix cookie auth - add HASHEDPASSWORD auth, fix fd leak when fwrite() fails - better error reporting when cookie file is not ok - better init/shutdown flow - stop advertizing service when disconnected from tor control port - COOKIE->SAFECOOKIE auth
- add new data directory files for 0.12 to doc/files.md - mention torcontrol in doc/tor.md
58ef0ff doc: update docs for Tor listening (Wladimir J. van der Laan) 68ccdc4 doc: Mention Tor listening in release notes (Wladimir J. van der Laan) 09c1ae1 torcontrol improvements and fixes (Wladimir J. van der Laan) 2f796e5 Better error message if Tor version too old (Peter Todd) 8f4e67f net: Automatically create hidden service, listen on Tor (Wladimir J. van der Laan)
Member
|
Concept ACK. Should we keep this open until the 0.12 feature freeze, so that new changes to secp256k1 can be included up to then, or better to merge as soon as possible? |
Contributor
|
I would say merge asap, that will make #6954 easier to review. |
Contributor
|
ACK - merge ASAP |
sipa
added a commit
that referenced
this pull request
Nov 13, 2015
Member
|
if you get "/home/user/bitcoin/src/key.cpp:204: undefined reference to `secp256k1_ecdsa_sign_recoverable'" errors after updating to master including this pull you need to clean your git tree. |
Contributor
|
@laanwj yeah had the same, figured it was a build error somewhere. ACK cleaning the tree |
zkbot
added a commit
to zcash/zcash
that referenced
this pull request
Jun 17, 2017
Switch to libsecp256k1-based validation for ECDSA Cherry-picked from the following upstream PRs: - bitcoin/bitcoin#6983 - bitcoin/bitcoin#6954 Part of #2333.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
16 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This just updates the libsecp256k1 subtree to the latest master. It does not switch validation to it.