Age | Commit message (Collapse) | Author | Files | Lines |
|
- getTxKey method throws an exception, e.g., when user declines txKey export
|
|
633f1542 prep for 0.14.1 release (Riccardo Spagni)
|
|
2eef90d6 rpc: restrict the recent cutoff size in restricted RPC mode (moneromooo-monero)
0564da5f ensure no NULL is passed to memcpy (moneromooo-monero)
bc09766b abstract_tcp_server2: improve DoS resistance (moneromooo-monero)
1387549e serialization: check stream good flag at the end (moneromooo-monero)
a00cabd4 tree-hash: allocate variable memory on heap, not stack (moneromooo-monero)
f2152192 cryptonote: throw on tx hash calculation error (moneromooo-monero)
db2b9fba serialization: fail on read_varint error (moneromooo-monero)
68ad5481 cryptonote_protocol: fix another potential P2P DoS (moneromooo-monero)
1cc61018 cryptonote_protocol: expand basic DoS protection (moneromooo-monero)
8f66b705 cryptonote_protocol_handler: prevent potential DoS (anonimal)
39169ace epee: basic sanity check on allocation size from untrusted source (moneromooo-monero)
|
|
|
|
|
|
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
|
|
|
|
just in case
|
|
Large amounts might run out of stack
Reported by guidov
|
|
|
|
|
|
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
|
|
Count transactions as well
|
|
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.
This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
|
|
Reported by guidov
|
|
3a0fbea Don't use -march=native (hyc)
f8b2f25 Allow parallel make (hyc)
01ced20 Delete redundant cppzmq dependency (hyc)
1dc4ebf Use 9 digit build IDs (hyc)
|
|
c27d961 [depends] update openssl to 1.0.2r (who-biz)
|
|
|
|
|
|
|
|
|
|
f2f207d miner: fix double free of thread attributes (ston1th)
|
|
b0a04f7 epee: fix SSL autodetect on reconnection (xiphon)
|
|
643c86a miniupnpc: update to build on BSD (moneromooo-monero)
|
|
2cbe756 p2p: fix GCC 9.1 crash (moneromooo-monero)
35c20c4 Fix GCC 9.1 build warnings (moneromooo-monero)
e284889 cmake: do not use -mmitigate-rop on GCC >= 9.1 (moneromooo-monero)
|
|
|
|
It was removed, but it still accepted by the compiler, which warns
for every file
|
|
GCC wants operator= aand copy ctor to be both defined, or neither
|
|
issue: #5568
|
|
|
|
|
|
77594c4f functional_tests: fix python3 compatibility (moneromooo-monero)
|
|
f950517a core: update pruning if using --prune-blockchain on a pruned blockchain (moneromooo-monero)
|
|
35da33be blockchain: do not try to pop blocks down to the genesis block (moneromooo-monero)
4b51f9a3 core: do not commit half constructed batch db txn (moneromooo-monero)
|
|
9bfa4c20 Fix allow any cert mode in wallet rpc when configured over rpc (Lee Clagett)
3544596f Add ssl_options support to monerod's rpc mode. (Lee Clagett)
c9aaccf3 Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. (Lee Clagett)
|
|
4ac52e52 functional_tests: fix rare get_output_distribution failure (moneromooo-monero)
|
|
dbecfe7d unit_tests: make the density test a bit less stringent (moneromooo-monero)
|
|
b6830db2 Fix #5553 (Howard Chu)
|
|
Also add missing bans test to the default tests
|
|
Avoids a massive amount of spurious warnings if the last update before
the daemon exited was a while ago and the daemon was syncing
|
|
|
|
|
|
|
|
|
|
|
|
When the wallet auto refreshes after mining the last two blocks
but before popping them, it will then try to use outputs which
are not unlocked yet. This is really a wallet problem, which
will be fixed later.
|
|
It's an inherently random test
|
|
Make sure the tip hash still matches the cached block
|
|
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.
Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.
The above (1.1) is patched in openssl, where it was marked as low severity. Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
|
|
915f59e3 wallet: add unlock_time details to show_transfers (moneromooo-monero)
|
|
also add a note when receiving the tx, because the user
might not notice the "XXX blocks to unlock" in the balance.
|
|
3f612cda Changed odd bullet point to low level header (Rohaq)
af9bc4ec Used subeaders to avoid slightly wonky looking formatting (Rohaq)
1873af35 Made code block usage consistent across all .md files (Rohaq)
68103075 Updated Copyright notice (Rohaq)
39bd157f Added Table of Contents to main README.md (Rohaq)
|
|
e1016bce password: do not use line input on windows (moneromooo-monero)
|
|
615f287 wallet: fix certificate fingerprint length check (moneromooo-monero)
|
|
46244dd wallet_rpc_server: use original addresses in destinations in get_transfers (moneromooo-monero)
|
|
9a7a453 net_ssl: free certs after setting them up (moneromooo-monero)
|
|
1e8f3f6 rpc: fail update RPC when running offline (moneromooo-monero)
|
|
b8b957d cmake: fix incorrect hint for OPENSSL_ROOT_DIR (moneromooo-monero)
367bb80 mlog: default to not showing SSL errors (moneromooo-monero)
|
|
d47292e error: fix compile error on windows with depends (moneromooo-monero)
|
|
|
|
|
|
|
|
|
|
|
|
Fixed by crCr62U0
|
|
This keeps its builtin command editing away
Thanks iDunk for testing on Windows
|
|
And add them for pending transfers, where they were missing
|
|
|
|
|
|
a62e0725 net_ssl: SSL config tweaks for compatibility and security (moneromooo-monero)
|
|
7d5cc035 cmake: fix some case of "backtrace lib not found" breaking (moneromooo-monero)
|
|
e9809382 fix wide difficulty conversion with some versions of boost (moneromooo-monero)
|
|
1c44e658 wallet2: reject standalone short payment IDs in monero: URI API (moneromooo-monero)
|
|
7e5158aa mnemonics: fix 4 byte UTF-8 rewriting (moneromooo-monero)
|
|
ccc1e311 wallet_rpc_server: reject standalone short payment id in address book (moneromooo-monero)
|
|
b4ca72dd wallet2: fix infinite loop picking outputs in corner case (moneromooo-monero)
|
|
a4c4a2d8 blockchain: keep a rolling long term block weight median (moneromooo-monero)
|
|
0eb0d6b8 rpc: improve get_output_distribution (moneromooo-monero)
|
|
28a7d315 p2p: do not send last_seen timestamp to peers (moneromooo-monero)
|
|
f29fecd5 build: debug and test builds via contrib (Dusan Klinec)
|
|
add two RSA based ciphers for Windows/depends compatibility
also enforce server cipher ordering
also set ECDH to auto because vtnerd says it is good :)
When built with the depends system, openssl does not include any
cipher on the current whitelist, so add this one, which fixes the
problem, and does seem sensible.
|
|
|
|
If you use a ; separated set of include and lib directories,
it'll detect the headers in /usr/include and the libraries
where this points to.
|
|
state_not_recoverable is not defined there
|
|
|
|
a59c2746 unit_tests: fix crash in debug in output_distribution test (moneromooo-monero)
|
|
5e0da6fb change SSL certificate fingerprint whitelisting from SHA1 to SHA-256 (moneromooo-monero)
|
|
98fb98f9 wallet_rpc_server: adding missing return on error in set_daemon (moneromooo-monero)
9074c0d8 wallet_rpc_server: return false on error in set_log_categories (moneromooo-monero)
968848a7 wallet_rpc_server: fix crash in validate_address if no wallet is loaded (moneromooo-monero)
|
|
64983fce wallet2: default to trying to keep 5 outputs of 2+ monero (moneromooo-monero)
|
|
36ced067 functional_tests: flush stdout before popening new process (moneromooo-monero)
|
|
0aaf5e2a device/trezor: device sorting and filtering improved (Dusan Klinec)
|
|
|
|
|
|
It fixes at least one case of building on ARM with Docker
|
|
|
|
|
|
If we have fewer outputs available on the chain than what we
require, but the output we're spending already has a ring,
it would loop picking outputs randomly, but never find enough.
Also tune logs for better debugging this kind of thing.
|
|
SHA1 is too close to bruteforceable
|
|
|
|
Reported by SmajeNz0
|
|
Reported by SmajeNz0
|
|
updating the block size limit needs recent block sizes,
so we feed it dummy ones
|
|
It can now handle small reorgs without having to rescan the
whole blockchain.
Also add a test for it.
|
|
- Trezor type detection refactored, T1 disabled (was enabled before which was a bug)
- Sort connected devices by env TREZOR_PATH
- Compatibility with Trezor ecosystem using TREZOR_PATH env var
- Enables to pick particular Trezor to use in GUI as we don't have the multi-device selection yet
- Dump all detected devices to log for better debugging / troubleshooting
|
|
4be18df3 tx_sanity_check: relax uniqueness check a bit (moneromooo-monero)
b386ae57 wallet2: add missing "sanity check failed" reason message (moneromooo-monero)
|
|
c519d1df wallet2: fix wrong change being recorded in sweep_all (moneromooo-monero)
|
|
c0736643 unit_tests: don't delete log file on windows, it will fail (moneromooo-monero)
|
|
9956500d net_helper: clear recv buffer on eof (moneromooo-monero)
|
|
7af49ef0 daemonizer: add --non-interactive for windows (moneromooo-monero)
|
|
edbae2d0 levin_protocol_handler_async: tune down preallocation a fair bit (moneromooo-monero)
|
|
97e1c927 wallet: fix key image computation signaling to the device (Dusan Klinec)
|
|
7a9316eb serialization: set default log category (moneromooo-monero)
|
|
31a9aa83 wallet_rpc_server: add block_height and frozen to incoming_transfers (moneromooo-monero)
|
|
aba2b2e7 functional_tests: reset blockchain on test start (moneromooo-monero)
375fde94 hardfork: fix off by one updating fork index after popping (moneromooo-monero)
|
|
This can be used for fingerprinting and working out the
network topology.
Instead of sending the first N (which are sorted by last
seen time), we sent a random subset of the first N+N/5,
which ensures reasonably recent peers are used, while
preventing repeated calls from deducing new entries are
peers the target node just connected to.
The list is also randomly shuffled so the original set of
timestamps cannot be approximated.
|
|
In the case where previously a second unneeded output would be
added to a transaction. This should help *some* of the cases
where outputs are slowly being consolidated, leading to the
whole balance being locked when sending monero.
|
|
It triggers easily on testnet
|
|
|
|
leading to the sanity check triggering
|
|
|
|
|
|
|
|
The RPC functional tests need it
Thanks to iDunk for debugging/testing
|
|
It can allocate a lot when getting a lot of connections
(in particular, the stress test on windows apparently pushes
that memory to actual use, rather than just allocated)
|
|
|
|
|
|
|
|
|
|
|
|
55aae6a9 Fix socks tests in windows and handle errors better (Lee Clagett)
|
|
|
|
3e50a9e8 functional_tests: detect requests python module (moneromooo-monero)
|
|
0f52fe4c Windows: work around a boost 1.70 and cmake SNAFU (iDunk5400)
b414b69f Windows: fix a build error in MSYS2 with boost 1.70.0 (iDunk5400)
|
|
fbbe75d7 device/trezor: button request callback fix (Dusan Klinec)
|
|
5d0dcc18 add translations for it, fr, ja, sv from Pootle and refresh template .ts file (Monero-Pootle)
|
|
b672d4d6 epee: use boost/timer/timer.hpp, boost/timer.hpp is deprecated (moneromooo-monero)
|
|
588e6700 simplewallet: fix output representation offset (moneromooo-monero)
35e0a968 wallet2: "output lineup" fake out selection (moneromooo-monero)
|
|
84047cb7 wallet_rpc_server: add unlocked field to incoming_transfers output (moneromooo-monero)
|
|
58eade68 simplewallet: add the change amount to the prompt when locking (moneromooo-monero)
|
|
71102267 wallet_rpc_server: set suggested_confirmations_threshold for pool txes (moneromooo-monero)
|
|
|
|
Boost got upgraded to 1.70.0 in MSYS2. As a result, cmake (v3.13.4 as of this commit) can not configure boost properly, and cmake configuration fails as a result. This is a workaround as per https://gitlab.kitware.com/cmake/cmake/issues/18865
|
|
|
|
|
|
Based on python code by sarang:
https://github.com/SarangNoether/skunkworks/blob/outputs/outputs/simulate.py
|
|
|
|
|
|
|
|
|
|
|
|
299052bc Remove unneeded SFINAE on check_tx/block verification in core_tests (Doyle)
|
|
5fafb90e testdb: add override keyword where missing (stoffu)
|
|
e3dea478 unit_tests: undo is_blocked implementation factoring (moneromooo-monero)
|
|
b0a34668 daemon: fix absolute/relative log file test for windows (moneromooo-monero)
|
|
and delete obsolete BlockchainBDB::get_tx_output_indices along the way
|
|
|
|
The is_host_blocked method is not on master yet
|
|
|
|
|
|
294e858d wallet_rpc_server: add set_log_level/set_log_categories (moneromooo-monero)
|
|
|
|
c30d93fc rpc: add a pruned bool to the prune_blockchain call (moneromooo-monero)
|
|
926e0472 simplewallet: add another warning about long payment ids (moneromooo-monero)
|
|
02c01c0b Add Brewfile to allow for an even easier management of dependencies (Florian)
|
|
d009f6dd rpc: fix get_block_hashes.bin from wallet on pruned blockchain (moneromooo-monero)
bb0ef5b1 blockchain: lock the blockchain while pruning (moneromooo-monero)
|
|
b18f0b10 wallet: new --offline option (moneromooo-monero)
|
|
7d79222f daemon: remove debug info (moneromooo-monero)
8fec0f98 functional_tests: add sweep_single test (moneromooo-monero)
9880d61b wallet_rpc_server: remove unused code (moneromooo-monero)
8a61b33d rpc: omit irrelevant fields for pool txes in gettransactions (moneromooo-monero)
56508524 rpc: add relayed in get_transaction output (moneromooo-monero)
82e510f1 rpc: set default log category in core_rpc_server.h (moneromooo-monero)
|
|
6643b047 Increment m_threads_active when mining thread starts (Doyle)
|
|
07dd5536 hardfork: remove "no hf version db" recreation check (moneromooo-monero)
|
|
428249c5 easylogging++: minimal stdout logging format (moneromooo-monero)
|
|
b3648232 daemon: fix ratio not being floating point (moneromooo-monero)
e1b097b9 core_rpc_server: remove dummy assigning int to bool (moneromooo-monero)
|
|
f26e0b5d cryptonote_protocol: warn when the last connection goes (moneromooo-monero)
|
|
acb68dba bulletproofs: cut down on keyV allocations (moneromooo-monero)
|
|
61d63900 net_helper: avoid unnecessary memcpy (moneromooo-monero)
|
|
5140c15e daemon: if a log file has a /, interpret it from the cwd (moneromooo-monero)
|
|
ccb996af rpc: new sanity check on relayed transactions (moneromooo-monero)
|
|
c3cf930f abstract_tcp_server2: fix timeout on exit (moneromooo-monero)
|
|
34f8c237 simplewallet: fix warning about long payment id using the old option (moneromooo-monero)
|
|
bcb86ae6 wallet_rpc_server: fix inconsistent wallet caches on reload (moneromooo-monero)
|
|
f3425f8d rpc.getblocktemplate: set reserved_offset to zero when reserve_size==0 (stoffu)
|
|
58585986 p2p: fix integer overflow in host bans (moneromooo-monero)
|
|
93bb2f48 ringct: prevent use of full ringct signatures for more than one input (moneromooo-monero)
|
|
2c221d1b wallet2: update estimate_rct_tx_size for smaller rct proofs (moneromooo-monero)
|
|
374f388d wallet_rpc_server: add a all flag to export_outputs (moneromooo-monero)
|
|
e9fac29a unit_tests/long_term_block_weight: some tweaks that seem to make more sense (stoffu)
467f4c7e tests/block_weight: use integer division when computing median (stoffu)
815d08dc tests/block_weight: remove unused MULTIPLIER_SMALL (stoffu)
661f1fb8 blockchain: remove unused calc of short_term_constraint (stoffu)
|
|
f4f1471c readme: add some more instructions for translators (erciccione)
|
|
d4a78c74 build: libusb static compilation fix (Dusan Klinec)
|
|
ac874e2d tests: fix test_options initialization error (Dusan Klinec)
|
|
66d73d2f easylogging++: update to v9.96.7 (moneromooo-monero)
|
|
bea1918a blockchain_import: error out if preparing to handle blocks fails (moneromooo-monero)
|
|
ffdbcfb6 core: don't check block rate nor fork time in regtest mode (moneromooo-monero)
|
|
d34599da wallet: add number of blocks required for the balance to fully unlock (moneromooo-monero)
|
|
5e673c03 blockchain_db: fix db txn ending too early (moneromooo-monero)
|
|
|
|
|
|
|
|
We want to get all blocks here, even pruned ones
|
|
|
|
|
|
It will avoid connecting to a daemon (so useful for cold signing
using a RPC wallet), and not perform DNS queries.
|