moneromooo-monero
542cab02e1
rpc: restrict the recent cutoff size in restricted RPC mode
2019-06-14 08:48:27 +00:00
moneromooo-monero
434e617a1d
ensure no NULL is passed to memcpy
...
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
2019-06-14 08:48:25 +00:00
moneromooo-monero
279f1f2c26
abstract_tcp_server2: improve DoS resistance
2019-06-14 08:48:22 +00:00
moneromooo-monero
756773e5fe
serialization: check stream good flag at the end
...
just in case
2019-06-14 08:48:19 +00:00
moneromooo-monero
e3f714aa2a
tree-hash: allocate variable memory on heap, not stack
...
Large amounts might run out of stack
Reported by guidov
2019-06-14 08:48:16 +00:00
moneromooo-monero
67baa3a66b
cryptonote: throw on tx hash calculation error
2019-06-14 08:48:13 +00:00
moneromooo-monero
d6bb9ecc6f
serialization: fail on read_varint error
2019-06-14 08:48:10 +00:00
moneromooo-monero
19490e44af
cryptonote_protocol: fix another potential P2P DoS
...
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
2019-06-14 08:48:07 +00:00
moneromooo-monero
fa4aa47ea0
cryptonote_protocol: expand basic DoS protection
...
Count transactions as well
2019-06-14 08:48:04 +00:00
anonimal
3c953d5369
cryptonote_protocol_handler: prevent potential DoS
...
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.
This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595 .
2019-06-14 08:48:01 +00:00
moneromooo-monero
b873b69ded
epee: basic sanity check on allocation size from untrusted source
...
Reported by guidov
2019-06-14 08:47:58 +00:00
luigi1111
3395de2e7f
Merge pull request #5633
...
cfa88ac
Don't use -march=native (hyc)
e85bf46
Allow parallel make (hyc)
0ef8391
Delete redundant cppzmq dependency (hyc)
86591eb
Use 9 digit build IDs (hyc)
2019-06-12 14:50:01 -05:00
luigi1111
9f2882dbb7
Merge pull request #5631
...
c27d961
[depends] update openssl to 1.0.2r (who-biz)
2019-06-12 14:45:40 -05:00
Howard Chu
86591ebf64
Use 9 digit build IDs
2019-06-12 16:15:07 +01:00
Howard Chu
0ef8391628
Delete redundant cppzmq dependency
2019-06-12 10:21:19 +01:00
Howard Chu
e85bf46641
Allow parallel make
2019-06-12 09:10:37 +01:00
Howard Chu
cfa88acb2b
Don't use -march=native
2019-06-12 09:10:29 +01:00
luigi1111
538fae4ec2
Merge pull request #5614
...
4cff925
p2p: fix GCC 9.1 crash (monermooo-monero)
f47488c
Fix GCC 9.1 build warnings (moneromooo-monero)
ce13a98
cmake: do not use -mmitigate-rop on GCC >= 9.1 (moneromooo-monero)
2019-06-11 17:22:11 -05:00
luigi1111
0c62e7b15f
Merge pull request #5622
...
b0a04f7
epee: fix SSL autodetect on reconnection (xiphon)
2019-06-11 17:05:17 -05:00
luigi1111
24806b5035
Merge pull request #5620
...
117f950
miner: fix double free of thread attributes (ston1th)
2019-06-11 17:02:51 -05:00
luigi1111
0a1731aa7c
Merge pull request #5617
...
6375111
miniupnpc: update to build on BSD (moneromooo-monero)
2019-06-11 17:01:14 -05:00
xiphon
b0a04f7d45
epee: fix SSL autodetect on reconnection
2019-06-10 10:40:16 +00:00
ston1th
117f9501d8
miner: fix double free of thread attributes
...
issue: #5568
2019-06-09 12:29:03 +02:00
moneromooo-monero
ce13a98239
cmake: do not use -mmitigate-rop on GCC >= 9.1
...
It was removed, but it still accepted by the compiler, which warns
for every file
2019-06-09 09:40:55 +00:00
moneromooo-monero
f47488c734
Fix GCC 9.1 build warnings
...
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-09 09:39:34 +00:00
moneromooo-monero
6375111fa4
miniupnpc: update to build on BSD
2019-06-08 18:37:42 +00:00
moneromooo-monero
4cff9257e0
p2p: fix GCC 9.1 crash
2019-06-08 17:53:13 +00:00
Riccardo Spagni
256f8d8b66
Merge pull request #5584
...
eeebad66
functional_tests: fix python3 compatibility (moneromooo-monero)
2019-06-01 20:32:39 +02:00
Riccardo Spagni
9a2883266c
Merge pull request #5578
...
b7a96a08
core: update pruning if using --prune-blockchain on a pruned blockchain (moneromooo-monero)
2019-06-01 20:32:18 +02:00
Riccardo Spagni
3f2c82326e
Merge pull request #5572
...
a663ccba
blockchain: do not try to pop blocks down to the genesis block (moneromooo-monero)
8f2a99d8
core: do not commit half constructed batch db txn (moneromooo-monero)
2019-06-01 20:31:55 +02:00
Riccardo Spagni
8b9920f0af
Merge pull request #5551
...
de6cfacc
refresh and update translations for new release (erciccione)
2019-06-01 20:31:32 +02:00
Riccardo Spagni
162229286f
Merge pull request #5565
...
4456a4b9
Fix allow any cert mode in wallet rpc when configured over rpc (Lee Clagett)
fafc5c36
Add ssl_options support to monerod's rpc mode. (Lee Clagett)
ce73cc3a
Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works. (Lee Clagett)
2019-06-01 20:31:13 +02:00
Riccardo Spagni
2f5efc7f59
Merge pull request #5562
...
13864702
functional_tests: fix rare get_output_distribution failure (moneromooo-monero)
2019-06-01 20:30:54 +02:00
Riccardo Spagni
0565fe21ec
Merge pull request #5563
...
205a0ba1
unit_tests: make the density test a bit less stringent (moneromooo-monero)
2019-06-01 20:30:38 +02:00
Riccardo Spagni
ff5b30864a
Merge pull request #5564
...
b6830db2
Fix #5553 (Howard Chu)
2019-06-01 20:30:01 +02:00
moneromooo-monero
eeebad6630
functional_tests: fix python3 compatibility
...
Also add missing bans test to the default tests
2019-05-29 12:00:33 +00:00
moneromooo-monero
b7a96a0874
core: update pruning if using --prune-blockchain on a pruned blockchain
...
Avoids a massive amount of spurious warnings if the last update before
the daemon exited was a while ago and the daemon was syncing
2019-05-28 09:12:29 +00:00
moneromooo-monero
a663ccba71
blockchain: do not try to pop blocks down to the genesis block
2019-05-26 17:11:37 +00:00
moneromooo-monero
8f2a99d8ab
core: do not commit half constructed batch db txn
2019-05-25 16:25:10 +00:00
moneromooo-monero
13864702f1
functional_tests: fix rare get_output_distribution failure
...
When the wallet auto refreshes after mining the last two blocks
but before popping them, it will then try to use outputs which
are not unlocked yet. This is really a wallet problem, which
will be fixed later.
2019-05-22 11:24:08 +00:00
moneromooo-monero
205a0ba101
unit_tests: make the density test a bit less stringent
...
It's an inherently random test
2019-05-22 11:23:20 +00:00
Lee Clagett
4456a4b9b3
Fix allow any cert mode in wallet rpc when configured over rpc
2019-05-21 16:17:50 +00:00
Lee Clagett
fafc5c3692
Add ssl_options support to monerod's rpc mode.
2019-05-21 16:17:34 +00:00
Lee Clagett
ce73cc3add
Fix configuration bug; wallet2 --daemon-ssl-allow-any-cert now works.
2019-05-21 16:17:13 +00:00
Howard Chu
b6830db2d4
Fix #5553
...
Make sure the tip hash still matches the cached block
2019-05-19 03:02:33 +01:00
who-biz
c27d96129e
[depends] update openssl to 1.0.2r
...
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.
Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543 ), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.
The above (1.1) is patched in openssl, where it was marked as low severity. Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
2019-05-18 02:18:55 -04:00
erciccione
de6cfacc02
refresh and update translations for new release
2019-05-17 14:13:10 +02:00
Riccardo Spagni
5fbfa8a656
Merge pull request #5548
...
915f59e3
wallet: add unlock_time details to show_transfers (moneromooo-monero)
2019-05-17 13:17:40 +02:00
moneromooo-monero
915f59e3c0
wallet: add unlock_time details to show_transfers
...
also add a note when receiving the tx, because the user
might not notice the "XXX blocks to unlock" in the balance.
2019-05-16 21:37:05 +00:00
Riccardo Spagni
e8487fa46b
Merge pull request #5539
...
3f612cda
Changed odd bullet point to low level header (Rohaq)
af9bc4ec
Used subeaders to avoid slightly wonky looking formatting (Rohaq)
1873af35
Made code block usage consistent across all .md files (Rohaq)
68103075
Updated Copyright notice (Rohaq)
39bd157f
Added Table of Contents to main README.md (Rohaq)
2019-05-15 16:10:41 +02:00