[v21.0.x] backport: v21.0.0-rc.3 #6145
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…etohd edge cases 69c37f4 rpc: make sure `upgradetohd` always has the passphrase for `UpgradeToHD` (Kittywhiskers Van Gogh) 619b640 wallet: unify HD chain generation in CWallet (Kittywhiskers Van Gogh) 163d318 wallet: unify HD chain generation in LegacyScriptPubKeyMan (Kittywhiskers Van Gogh) Pull request description: ## Motivation When filming demo footage for dashpay#6093, I realized that if I tried to create an encrypted blank legacy wallet and run `upgradetohd [mnemonic]`, the client would crash. ``` dash@b9c6631a824d:/src/dash$ ./src/qt/dash-qt QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-dash' dash-qt: wallet/scriptpubkeyman.cpp:399: void LegacyScriptPubKeyMan::GenerateNewCryptedHDChain(const SecureString &, const SecureString &, CKeyingMaterial): Assertion `res' failed. Posix Signal: Aborted No debug information available for stacktrace. You should add debug information and then run: dash-qt -printcrashinfo=bvcgc43iinzgc43ijfxgm3ybaadwiyltnawxc5avkbxxg2lyebjwsz3omfwduicbmjxxe5dfmqaaa=== ``` The expected set of operations when performing privileged operations is to first use `walletpassphrase [passphrase] [time]` to unlock the wallet and then perform the privileged operation. This routine that applies for almost all privileged RPCs doesn't apply here, the unlock state of the wallet has no bearing on constructing an encrypted HD chain as it needs to be encrypted with the master key stored in the wallet, which in turn is encrypted with a key derived from the passphrase (i.e., `upgradetohd` imports **always** need the passphrase, if encrypted). You might have noticed that I used `upgradetohd [mnemonic]` instead of the correct syntax, `upgradetohd [mnemonic] "" [passphrase]` that is supposed to be used when supplying a mnemonic to an encrypted wallet, because when you run the former, you don't get told to enter the passphrase into the RPC command, you're told. ``` Error: Please enter the wallet passphrase with walletpassphrase first. ``` Which tells you to treat it like any other routine privileged operation and follow the routine as mentioned above. This is where insufficient validation starts rearing its head, we only validate the passphrase if we're supplied one even though we should be demanding one if the wallet is encrypted and it isn't supplied. We didn't supply a passphrase because we're following the normal routine, we unlocked the wallet so `EnsureWalletIsUnlocked()` is happy, so now the following happens. ``` upgradetohd() | Insufficient validation has allowed us to supply a blank passphrase | for an encrypted wallet |- CWallet::UpgradeToHD() |- CWallet::GenerateNewHDChainEncrypted() | We get our hands on vMasterKey by generating the key from our passphrase | and using it to unlock vCryptedMasterKey. | | There's one small problem, we don't know if the output of CCrypter::Decrypt | isn't just gibberish. Since we don't have a passphrase, whatever came from | CCrypter::SetKeyFromPassphrase isn't the decryption key, meaning, the | vMasterKey we just got is gibberish |- LegacyScriptPubKeyMan::GenerateNewCryptedHDChain() |- res = LegacyScriptPubKeyMan::EncryptHDChain() | |- EncryptSecret() | |- CCrypter::SetKey() | This is where everything unravels, the gibberish key's size doesn't | match WALLET_CRYPTO_KEY_SIZE, it's no good for encryption. We bail out. |- assert(res) We assume are inputs are safe so there's no real reason we should crash. Except our inputs aren't safe, so we crash. Welp! :c ``` This problem has existed for a while but didn't cause the client to crash, in v20.1.1 (1951298), trying to do the same thing would return you a vague error ``` Failed to generate encrypted HD wallet (code -4) ``` In the process of working on mitigating this crash, another edge case was discovered, where if the wallet was unlocked and an incorrect passphrase was provided to `upgradetohd`, the user would not receive any feedback that they entered the wrong passphrase and the client would similarly crash. ``` upgradetohd() | We've been supplied a passphrase, so we can try and validate it by | trying to unlock the wallet with it. If it fails, we know we got the | wrong passphrase. |- CWallet::Unlock() | | Before we bother unlocking the wallet, we should check if we're | | already unlocked, if we are, we can just say "unlock successful". | |- CWallet::IsLocked() | | Wallet is indeed unlocked. | |- return true; | The validation method we just tried to use has a bail-out mechanism | that we don't account for, the "unlock" succeded so I guess we have the | right passphrase. [...] (continue call chain as mentioned earlier) |- assert(res) Oh... ``` This pull request aims to resolve crashes caused by the above two edge cases. ## Additional Information As this PR was required me to add additional guardrails on `GenerateNewCryptedHDChain()` and `GenerateNewHDChainEncrypted()`, it was taken as an opportunity to resolve a TODO ([source](https://github.com/dashpay/dash/blob/9456d0761d8883cc293dffba11dacded517b5f8f/src/wallet/wallet.cpp#L5028-L5038)). The following mitigations have been implemented. * Validating `vMasterKey` size (any key not of `WALLET_CRYPTO_KEY_SIZE` size cannot be used for encryption and so, cannot be a valid key) * Validating `secureWalletPassphrase`'s presence to catch attempts at passing a blank value (an encrypted wallet cannot have a blank passphrase) * Using `Unlock()` to validate the correctness of `vMasterKey`. (the two other instances of iterating through `mapMasterKeys` use `Unlock()`, see [here](https://github.com/dashpay/dash/blob/1394c41c8d0afb8370726488a2888be30d238148/src/wallet/wallet.cpp#L5498-L5500) and [here](https://github.com/dashpay/dash/blob/1394c41c8d0afb8370726488a2888be30d238148/src/wallet/wallet.cpp#L429-L431)) * `Lock()`'ing the wallet before `Unlock()`'ing the wallet to avoid the `IsLocked()` bail-out condition and then restoring to the previous lock state afterwards. * Add an `IsCrypted()` check to see if `upgradetohd`'s `walletpassphrase` is allowed to be empty. ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have added or updated relevant unit/integration/functional/e2e tests - [x] I have made corresponding changes to the documentation **(note: N/A)** - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: knst: utACK 69c37f4 UdjinM6: utACK 69c37f4 PastaPastaPasta: utACK 69c37f4 Tree-SHA512: 4bda1f7155511447d6672bbaa22b909f5e2fc7efd1fd8ae1c61e0cdbbf3f6c28f6e8c1a8fe2a270fdedff7279322c93bf0f8e01890aff556fb17288ef6907b3e
878bce0 docs: update SECURITY.md supported versions (Kittywhiskers Van Gogh) Pull request description: ## Additional Information Updates the supported versions list in `SECURITY.md` ## Checklist: - [x] I have performed a self-review of my own code **(note: N/A)** - [x] I have commented my code, particularly in hard-to-understand areas **(note: N/A)** - [x] I have added or updated relevant unit/integration/functional/e2e tests **(note: N/A)** - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK 878bce0 UdjinM6: utACK 878bce0 knst: utACK 878bce0 Tree-SHA512: d941a3ca0792b2f08f68cab562a35d869d8e93f627918a25a9753955b6103d1515899b0ca50ff936c966b9f9fd603e12d27b03267361c8f1030a31f9fffdf2ae
…lt branch to `develop` 8a66af2 docs: add release notes notifying change of default branch to `develop` (Kittywhiskers Van Gogh) Pull request description: ## Additional Information Add a release note notifying the new default branch as `develop`. ## Checklist: - [x] I have performed a self-review of my own code **(note: N/A)** - [x] I have commented my code, particularly in hard-to-understand areas **(note: N/A)** - [x] I have added or updated relevant unit/integration/functional/e2e tests **(note: N/A)** - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK 8a66af2 UdjinM6: utACK 8a66af2 Tree-SHA512: 82212ce670cf4b0f243a79170914ad04b1d118406ce6402b33dfb42a5ae0865c36de4b816530238bb9ded796c66f3dcc36fa9400ace59b6e7dad24ba47653e4f
e2f56de docs: update manpages for 21.0 (Konstantin Akimov) Pull request description: ## Issue being fixed or feature implemented dashpay#6081 ## What was done? run `./contrib/devtools/gen-manpages.sh`, sanitize version name ## How Has This Been Tested? n/a ## Breaking Changes n/a ## Checklist: - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACK e2f56de PastaPastaPasta: utACK e2f56de Tree-SHA512: 9b56f7a31279457aed1b7ed0b627d4364f786948f6df3176e24ab73b68d785fc90d9bf6136d7965c1c5b97b589b4d228edd338e666d1999e841c6e544f054c05
a8a3ea0 feat: enable EHF activation of MN_RR on mainnet (Konstantin Akimov) Pull request description: ## Issue being fixed or feature implemented dashpay#6081 ## What was done? Removed a code, that disabled MN_RR activation with EHF on Main Net ## How Has This Been Tested? This code is tested on devnet, is in process of testing on testnet. ## Breaking Changes It make MN_RR possible to get active on mainnet. ## Checklist: - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACK a8a3ea0 PastaPastaPasta: utACK a8a3ea0 Tree-SHA512: 0ae7aecca8463436e952154210cf564333cd77dd1149f7ff88ca144f3b7c434e75e473ea3a6850da1b126efd8a9cece34e46b4bf2b37f5937bcf1f5780e18f50
e1030a0 docs: add release notes for 6140 (pasta) 9ed292a feat: harden all sporks on mainnet to current values (pasta) Pull request description: ## Issue being fixed or feature implemented Harden all sporks on the mainnet; they are no longer necessary. Although retaining them might be beneficial in addressing bugs or issues, the greater priority is to protect mainnet by minimizing risks associated with potential centralization or even its perception. Sporks will continue to be valuable for testing on developer networks; however, on mainnet, the risks of maintaining them now outweigh the benefits of retaining them. ## What was done? Adjust CSporkManager::GetSporkValue to always return 0 for sporks in general and 1 for SPORK_21_QUORUM_ALL_CONNECTED specifically. ## How Has This Been Tested? Ran main net node with this patch. Sporks show as expected ## Breaking Changes This is not a breaking change. ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: knst: utACK e1030a0 UdjinM6: utACK e1030a0 (CI failure is unrelated) Tree-SHA512: f20d0f614b7e9d6eb5606c545d0747a9d415f2905512dd6100a2f9fb00bb6de02c8d5aa74cb41aa39163fde0ab05fe472913acc227b1b4afce7e984f8897940d
85762dc 60%+: bg, ro, vi (UdjinM6) 2d0e68d 80%+: ar, de, es, fi, fr, it, ja, ko, nl, pl, pt, ru, sk, th, tr, zh_CN, zh_TW (UdjinM6) f7992b0 en (UdjinM6) 49fc976 dashstrings (UdjinM6) c8333a5 chore: replace remaining `...` with `…` in translated strings (UdjinM6) ac2e9ea qt: Extract translations correctly from UTF-8 formatted source (Hennadii Stepanov) Pull request description: ## Issue being fixed or feature implemented Mostly regular translation updates but with 2 additional fixes: - ac2e9ea is a backport, without it `make translate` fails to update `dashstrings.cpp` properly (but I couldn't figure out which PR it belongs to 🤷♂️ ) - c8333a5 is needed to make it easier to replace all `...` with `…` in `*.ts` files locally to avoid annoying translators (`...` and `…` are visually the same in transifex interface) ## What was done? ## How Has This Been Tested? ## Breaking Changes ## Checklist: - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK 85762dc Tree-SHA512: c3624d8e5b26b0fd4d488e6988e81000d05bdc66f9e126b5d3fe3c1f6bceaa846ee81dfc7c0d18613b0ac682a94e0b17007e86724e7cc02d9cfce87b22ce6916
PastaPastaPasta
changed the title
dfd144b docs: add v21.0.0 release notes, archive old release notes, delete partials (pasta) Pull request description: ## Issue being fixed or feature implemented Add release notes for v21.0.0 ## What was done? See commits ## How Has This Been Tested? ## Breaking Changes ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ Top commit has no ACKs. Tree-SHA512: fafe225f7db59ccea6aa998b04204f22b913ab4d0a178737ca2311b093c04be39ce57c2a6ab3e8e0e312a10159118a024371a7315dcb5df3d8651d3535417861
…s, chaintxdata dfe7089 chore: bump assumevalid, minchainwork, checkpoints, chaintxdata (pasta) Pull request description: ## Issue being fixed or feature implemented bump assumevalid, minchainwork, checkpoints, chaintxdata in prep for v21 release final ## What was done? ## How Has This Been Tested? Reindex TBD ## Breaking Changes None ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - [ ] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: UdjinM6: utACK dfe7089 kwvg: utACK dfe7089 Tree-SHA512: 34ef58092cbae4389db87e3f4fc9978356abf19ea110575b89663f00c7621091141f138ce03bc21d7deca9f5b86588c1c2e0874aa8a85d7c54efa41a201d51cc
43c3953 chore: update seeds (Konstantin Akimov) 16dd043 chore: added extra onion seeds (provided by pasta) (Konstantin Akimov) Pull request description: ## Issue being fixed or feature implemented dashpay#6081 ## What was done? Extra onion seeds are provided by pasta. ```sh dash-cli protx list valid 1 2110129 > protx_list.json # Make sure the onion seeds still work! while IFS= read -r line do address=$(echo $line | cut -d':' -f1) port=$(echo $line | cut -d':' -f2) nc -v -x 127.0.0.1:9050 -z $address $port done < "onion_seeds.txt" python3 makeseeds.py protx_list.json onion_seeds.txt > nodes_main.txt python3 generate-seeds.py . > ../../src/chainparamsseeds.h ``` ## How Has This Been Tested? n/a ## Breaking Changes n/a ## Checklist: - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACK 43c3953 PastaPastaPasta: utACK dashpay@43c3953 Tree-SHA512: 8583f030949c6b26b5410eaa4db4f9b85fbe14bc147083861519d9564ae1fff52716b2d8deb233d30ecfb679e778cb2bb2f0ef3dee392cff1986b004b03d9e1e
UdjinM6
previously approved these changes
Jul 24, 2024
4969a72 chore: remove trailing whitespaces in release notes (UdjinM6) Pull request description: ## Issue being fixed or feature implemented https://gitlab.com/dashpay/dash/-/jobs/7421310092 ## What was done? ## How Has This Been Tested? ## Breaking Changes ## Checklist: - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK 4969a72 Tree-SHA512: 2c85bb45a097543abad3e8f97fd9b7cd847fbfdfd4b4916e24f6725ffc05cad38647ff008dc4a35b188a6db631e6fffcbd535362a794f440d45a678255c13428
UdjinM6
approved these changes
Jul 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue being fixed or feature implemented
Backports to v21 for rc.3; there are more PRs to be back ported here
What was done?
see commits
How Has This Been Tested?
Breaking Changes
None
Checklist:
Go over all the following points, and put an
xin all the boxes that apply.