From 2dc4484928fc13c656bff490831a29e0af6738a9 Mon Sep 17 00:00:00 2001 From: MarkLTZ Date: Mon, 26 Aug 2024 07:48:26 +0000 Subject: [PATCH] Release v2.0.10 --- README.md | 2 +- configure.ac | 2 +- contrib/debian/changelog | 6 + contrib/gitian-descriptors/gitian-linux.yml | 2 +- contrib/gitian-descriptors/gitian-osx.yml | 2 +- contrib/gitian-descriptors/gitian-win.yml | 2 +- doc/man/bitcoinz-cli.1 | 6 +- doc/man/bitcoinz-tx.1 | 6 +- doc/man/bitcoinzd.1 | 6 +- doc/release-notes.md | 152 +++----------------- doc/release-notes/release-notes-2.0.9.md | 142 ++++++++++++++++++ src/clientversion.h | 2 +- 12 files changed, 183 insertions(+), 147 deletions(-) create mode 100644 doc/release-notes/release-notes-2.0.9.md diff --git a/README.md b/README.md index efc7ba763..c691525f7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# BitcoinZ 2.0.9 +# BitcoinZ 2.0.10 **Keep running wallet to strengthen the BitcoinZ network. Backup your wallet in many locations & keep your coins wallet offline.** ### Ports: diff --git a/configure.ac b/configure.ac index 3a081e352..7b0bd3f74 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N) AC_PREREQ([2.60]) define(_CLIENT_VERSION_MAJOR, 2) define(_CLIENT_VERSION_MINOR, 0) -define(_CLIENT_VERSION_REVISION, 9) +define(_CLIENT_VERSION_REVISION, 10) define(_CLIENT_VERSION_BUILD, 50) define(_ZC_BUILD_VAL, m4_if(m4_eval(_CLIENT_VERSION_BUILD < 25), 1, m4_incr(_CLIENT_VERSION_BUILD), m4_eval(_CLIENT_VERSION_BUILD < 50), 1, m4_eval(_CLIENT_VERSION_BUILD - 24), m4_eval(_CLIENT_VERSION_BUILD == 50), 1, , m4_eval(_CLIENT_VERSION_BUILD - 50))) define(_CLIENT_VERSION_SUFFIX, m4_if(m4_eval(_CLIENT_VERSION_BUILD < 25), 1, _CLIENT_VERSION_REVISION-beta$1, m4_eval(_CLIENT_VERSION_BUILD < 50), 1, _CLIENT_VERSION_REVISION-rc$1, m4_eval(_CLIENT_VERSION_BUILD == 50), 1, _CLIENT_VERSION_REVISION, _CLIENT_VERSION_REVISION-$1))) diff --git a/contrib/debian/changelog b/contrib/debian/changelog index 3c5a837bf..e9ef3fd14 100644 --- a/contrib/debian/changelog +++ b/contrib/debian/changelog @@ -1,3 +1,9 @@ +bitcoinz (2.0.10) stable; urgency=high + + * 2.0.10 release. + + -- The BitcoinZ Community Aug 2024 + bitcoinz (2.0.9) stable; urgency=medium * 2.0.9 release. diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 1eeac496d..ca7e52f40 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -1,5 +1,5 @@ --- -name: "bitcoinz-2.0.9" +name: "bitcoinz-2.0.10" enable_cache: true distro: "debian" suites: diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index a249b5f8e..151a962b5 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -1,5 +1,5 @@ --- -name: "bitcoinz-osx-2.0.9" +name: "bitcoinz-osx-2.0.10" enable_cache: true suites: - "trusty" diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index f63b74f74..8df3e3898 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -1,5 +1,5 @@ --- -name: "bitcoinz-win-2.0.9" +name: "bitcoinz-win-2.0.10" enable_cache: true suites: - "trusty" diff --git a/doc/man/bitcoinz-cli.1 b/doc/man/bitcoinz-cli.1 index 91c3133ad..d1941e036 100644 --- a/doc/man/bitcoinz-cli.1 +++ b/doc/man/bitcoinz-cli.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOINZ-CLI "1" "August 2024" "bitcoinz-cli v2.0.9" "User Commands" +.TH BITCOINZ-CLI "1" "August 2024" "bitcoinz-cli v2.0.10" "User Commands" .SH NAME -bitcoinz-cli \- manual page for bitcoinz-cli v2.0.9 +bitcoinz-cli \- manual page for bitcoinz-cli v2.0.10 .SH DESCRIPTION -BitcoinZ RPC client version v2.0.9 +BitcoinZ RPC client version v2.0.10 .PP In order to ensure you are adequately protecting your privacy when using BitcoinZ, please see . diff --git a/doc/man/bitcoinz-tx.1 b/doc/man/bitcoinz-tx.1 index 362f27bb4..f243b6435 100644 --- a/doc/man/bitcoinz-tx.1 +++ b/doc/man/bitcoinz-tx.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOINZ-TX "1" "August 2024" "bitcoinz-tx v2.0.9" "User Commands" +.TH BITCOINZ-TX "1" "August 2024" "bitcoinz-tx v2.0.10" "User Commands" .SH NAME -bitcoinz-tx \- manual page for bitcoinz-tx v2.0.9 +bitcoinz-tx \- manual page for bitcoinz-tx v2.0.10 .SH DESCRIPTION -BitcoinZ bitcoinz\-tx utility version v2.0.9 +BitcoinZ bitcoinz\-tx utility version v2.0.10 .SS "Usage:" .TP bitcoinz\-tx [options] [commands] diff --git a/doc/man/bitcoinzd.1 b/doc/man/bitcoinzd.1 index a9f9150df..57f0576a7 100644 --- a/doc/man/bitcoinzd.1 +++ b/doc/man/bitcoinzd.1 @@ -1,9 +1,9 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6. -.TH BITCOINZD "1" "August 2024" "bitcoinzd v2.0.9" "User Commands" +.TH BITCOINZD "1" "August 2024" "bitcoinzd v2.0.10" "User Commands" .SH NAME -bitcoinzd \- manual page for bitcoinzd v2.0.9 +bitcoinzd \- manual page for bitcoinzd v2.0.10 .SH DESCRIPTION -BitcoinZ Daemon version v2.0.9 +BitcoinZ Daemon version v2.0.10 .PP In order to ensure you are adequately protecting your privacy when using BitcoinZ, please see . diff --git a/doc/release-notes.md b/doc/release-notes.md index f525d5096..e6452b8c0 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -1,142 +1,30 @@ Notable changes =============== -DoS Mitigation: Mempool Size Limit and Random Drop --------------------------------------------------- +Fixes +----- -This release adds a mechanism for preventing nodes from running out of memory -in the situation where an attacker is trying to overwhelm the network with -transactions. This is achieved by keeping track of and limiting the total -`cost` and `evictionWeight` of all transactions in the mempool. The `cost` of a -transaction is determined by its size in bytes, and its `evictionWeight` is a -function of the transaction's `cost` and its fee. The maximum total cost is -configurable via the parameter `mempooltxcostlimit` which defaults to -80,000,000 (up to 20,000 txs). If a node's total mempool `cost` exceeds this -limit the node will evict a random transaction, preferentially picking larger -transactions and ones with below the standard fee. To prevent a node from -re-accepting evicted transactions, it keeps track of ones that it has evicted -recently. By default, a transaction will be considered recently evicted for 60 -minutes, but this can be configured with the parameter -`mempoolevictionmemoryminutes`. +Resolved a critical bug that prevented the program from starting up correctly in some cases. +The issue occurred during the startup process when the program attempted to rescan the latest indexed blocks. +A failure in the LoadBlockIndex() function, caused by a corrupted index file, was identified as the root cause. -For full details see ZIP 401. +Upgrading +========= -Asynchronous Operations Incorrectly Reporting Success ------------------------------------------------------ -We fixed an issue where asynchronous operations were sometimes reporting sucess -when they had actually failed. One way this could occur was when trying to use -`z_sendmany` to create a transaction spending coinbase funds in a way where -change would be generated (not a valid use of `z_sendmany`). In this case the -operation would erroneously report success, and the only way to see that the -transaction had actually failed was to look in the `debug.log` file. Such -operations will now correctly report that they have failed. +How to Upgrade +-------------- -Fake chain detection during initial block download --------------------------------------------------- +If you are running an older version, shut it down. Wait until it has completely +shut down (which might take a few minutes for older versions), then run the +installer (on Windows) or just copy over or bitcoinzd (on Linux). -One of the mechanisms that `bitcoinzd` uses to detect whether it is in "initial -block download" (IBD) mode is to compare the active chain's cumulative work -against a hard-coded "minimum chain work" value. This mechanism (inherited from -Bitcoin Core) means that once a node exits IBD mode, it is either on the main -chain, or a fake alternate chain with similar amounts of work. In the latter -case, the node has most likely become the victim of a 50% + 1 adversary. +If you are upgrading from version v2.0.9, due a bug on that version, to fix +a chainstate database corruption, you need to run this release with `-reindex` +option to rebuild the chainstate data structures. This will take anywhere from +30 minutes to several hours, depending on the speed of your machine. -Starting from this release, `bitcoinzd` additionally hard-codes the block hashes -for the activation blocks of each past network upgrade (NU). During initial -chain synchronization, and after the active chain has reached "minimum chain -work", the node checks the blocks at each NU activation height against the -hard-coded hashes. If any of them do not match, the node will immediately alert -the user and **shut down for safety**. +If you are upgrading from a version prior to v2.0.9, then the '-reindex' operation +is not necessary. -Disabling old Sprout proofs ---------------------------- - -As part of our ongoing work to clean up the codebase and minimise the security -surface of `bitcoinzd`, we are removing `libsnark` from the codebase, and dropping -support for creating and verifying old Sprout proofs. Funds stored in Sprout -addresses are not affected, as they are spent using the hybrid Sprout circuit -(built using `bellman`) that was deployed during the Sapling network upgrade. - -This change has several implications: - -- `bitcoinzd` no longer verifies old Sprout proofs, and will instead assume they - are valid. This has a minor implication for nodes: during initial block - download, an adversary could feed the node fake blocks containing invalid old - Sprout proofs, and the node would accept the fake chain as valid. However, - as soon as the active chain contains at least as much work as the hard-coded - "minimum chain work" value, the node will detect this situation and shut down. - -- Shielded transactions can no longer be created before Sapling has activated. - This does not affect BitcoinZ itself, but will affect downstream codebases that - have not yet activated Sapling (or that start a new chain after this point and - do not activate Sapling from launch). Note that the old Sprout circuit is - [vulnerable to counterfeiting](https://z.cash/support/security/announcements/security-announcement-2019-02-05-cve-2019-7167/) - and should not be used in current deployments. - -- Starting from this release, the circuit parameters from the original Sprout - MPC are no longer required to start `bitcoinzd`, and will not be downloaded by - `fetch-params.sh`. They are not being automatically deleted at this time. - -Option parsing behavior ------------------------ - -Command line options are now parsed strictly in the order in which they are -specified. It used to be the case that `-X -noX` ends up, unintuitively, with X -set, as `-X` had precedence over `-noX`. This is no longer the case. Like for -other software, the last specified value for an option will hold. - -Low-level RPC changes ---------------------- - -- Bare multisig outputs to our keys are no longer automatically treated as - incoming payments. As this feature was only available for multisig outputs for - which you had all private keys in your wallet, there was generally no use for - them compared to single-key schemes. Furthermore, no address format for such - outputs is defined, and wallet software can't easily send to it. These outputs - will no longer show up in `listtransactions`, `listunspent`, or contribute to - your balance, unless they are explicitly watched (using `importaddress` or - `importmulti` with hex script argument). `signrawtransaction*` also still - works for them. - -View shielded information in wallet transactions ------------------------------------------------- - -In previous `bitcoinzd` versions, to obtain information about shielded transactions -you would use either the `z_listreceivedbyaddress` RPC method (which returns all -notes received by an address) or `z_listunspent` (which returns unspent notes, -optionally filtered by addresses). There were no RPC methods that directly -returned details about spends, or anything equivalent to the `gettransaction` -method (which returns transparent information about in-wallet transactions). - -This release introduces a new RPC method `z_viewtransaction` to fill that gap. -Given the ID of a transaction in the wallet, it decrypts the transaction and -returns detailed shielded information for all decryptable new and spent notes, -including: - -- The address that each note belongs to. -- Values in both decimal ZEC and zatoshis. -- The ID of the transaction that each spent note was received in. -- An `outgoing` flag on each new note, which will be `true` if the output is not - for an address in the wallet. -- A `memoStr` field for each new note, containing its text memo (if its memo - field contains a valid UTF-8 string). - -Information will be shown for any address that appears in `z_listaddresses`; -this includes watch-only addresses linked to viewing keys imported with -`z_importviewingkey`, as well as addresses with spending keys (both generated -with `z_getnewaddress` and imported with `z_importkey`). - -Build system ------------- - -- The `--enable-lcov`, `--disable-tests`, and `--disable-mining` flags for - `zcutil/build.sh` have been removed. You can pass these flags instead by using - the `CONFIGURE_FLAGS` environment variable. For example, to enable coverage - instrumentation (thus enabling "make cov" to work), call: - - ``` - CONFIGURE_FLAGS="--enable-lcov --disable-hardening" ./zcutil/build.sh - ``` - -- The build system no longer defaults to verbose output. You can re-enable - verbose output with `./zcutil/build.sh V=1` +On Windows, do not forget to uninstall all earlier versions of the Bitcoin +client first. diff --git a/doc/release-notes/release-notes-2.0.9.md b/doc/release-notes/release-notes-2.0.9.md new file mode 100644 index 000000000..f525d5096 --- /dev/null +++ b/doc/release-notes/release-notes-2.0.9.md @@ -0,0 +1,142 @@ +Notable changes +=============== + +DoS Mitigation: Mempool Size Limit and Random Drop +-------------------------------------------------- + +This release adds a mechanism for preventing nodes from running out of memory +in the situation where an attacker is trying to overwhelm the network with +transactions. This is achieved by keeping track of and limiting the total +`cost` and `evictionWeight` of all transactions in the mempool. The `cost` of a +transaction is determined by its size in bytes, and its `evictionWeight` is a +function of the transaction's `cost` and its fee. The maximum total cost is +configurable via the parameter `mempooltxcostlimit` which defaults to +80,000,000 (up to 20,000 txs). If a node's total mempool `cost` exceeds this +limit the node will evict a random transaction, preferentially picking larger +transactions and ones with below the standard fee. To prevent a node from +re-accepting evicted transactions, it keeps track of ones that it has evicted +recently. By default, a transaction will be considered recently evicted for 60 +minutes, but this can be configured with the parameter +`mempoolevictionmemoryminutes`. + +For full details see ZIP 401. + +Asynchronous Operations Incorrectly Reporting Success +----------------------------------------------------- +We fixed an issue where asynchronous operations were sometimes reporting sucess +when they had actually failed. One way this could occur was when trying to use +`z_sendmany` to create a transaction spending coinbase funds in a way where +change would be generated (not a valid use of `z_sendmany`). In this case the +operation would erroneously report success, and the only way to see that the +transaction had actually failed was to look in the `debug.log` file. Such +operations will now correctly report that they have failed. + +Fake chain detection during initial block download +-------------------------------------------------- + +One of the mechanisms that `bitcoinzd` uses to detect whether it is in "initial +block download" (IBD) mode is to compare the active chain's cumulative work +against a hard-coded "minimum chain work" value. This mechanism (inherited from +Bitcoin Core) means that once a node exits IBD mode, it is either on the main +chain, or a fake alternate chain with similar amounts of work. In the latter +case, the node has most likely become the victim of a 50% + 1 adversary. + +Starting from this release, `bitcoinzd` additionally hard-codes the block hashes +for the activation blocks of each past network upgrade (NU). During initial +chain synchronization, and after the active chain has reached "minimum chain +work", the node checks the blocks at each NU activation height against the +hard-coded hashes. If any of them do not match, the node will immediately alert +the user and **shut down for safety**. + +Disabling old Sprout proofs +--------------------------- + +As part of our ongoing work to clean up the codebase and minimise the security +surface of `bitcoinzd`, we are removing `libsnark` from the codebase, and dropping +support for creating and verifying old Sprout proofs. Funds stored in Sprout +addresses are not affected, as they are spent using the hybrid Sprout circuit +(built using `bellman`) that was deployed during the Sapling network upgrade. + +This change has several implications: + +- `bitcoinzd` no longer verifies old Sprout proofs, and will instead assume they + are valid. This has a minor implication for nodes: during initial block + download, an adversary could feed the node fake blocks containing invalid old + Sprout proofs, and the node would accept the fake chain as valid. However, + as soon as the active chain contains at least as much work as the hard-coded + "minimum chain work" value, the node will detect this situation and shut down. + +- Shielded transactions can no longer be created before Sapling has activated. + This does not affect BitcoinZ itself, but will affect downstream codebases that + have not yet activated Sapling (or that start a new chain after this point and + do not activate Sapling from launch). Note that the old Sprout circuit is + [vulnerable to counterfeiting](https://z.cash/support/security/announcements/security-announcement-2019-02-05-cve-2019-7167/) + and should not be used in current deployments. + +- Starting from this release, the circuit parameters from the original Sprout + MPC are no longer required to start `bitcoinzd`, and will not be downloaded by + `fetch-params.sh`. They are not being automatically deleted at this time. + +Option parsing behavior +----------------------- + +Command line options are now parsed strictly in the order in which they are +specified. It used to be the case that `-X -noX` ends up, unintuitively, with X +set, as `-X` had precedence over `-noX`. This is no longer the case. Like for +other software, the last specified value for an option will hold. + +Low-level RPC changes +--------------------- + +- Bare multisig outputs to our keys are no longer automatically treated as + incoming payments. As this feature was only available for multisig outputs for + which you had all private keys in your wallet, there was generally no use for + them compared to single-key schemes. Furthermore, no address format for such + outputs is defined, and wallet software can't easily send to it. These outputs + will no longer show up in `listtransactions`, `listunspent`, or contribute to + your balance, unless they are explicitly watched (using `importaddress` or + `importmulti` with hex script argument). `signrawtransaction*` also still + works for them. + +View shielded information in wallet transactions +------------------------------------------------ + +In previous `bitcoinzd` versions, to obtain information about shielded transactions +you would use either the `z_listreceivedbyaddress` RPC method (which returns all +notes received by an address) or `z_listunspent` (which returns unspent notes, +optionally filtered by addresses). There were no RPC methods that directly +returned details about spends, or anything equivalent to the `gettransaction` +method (which returns transparent information about in-wallet transactions). + +This release introduces a new RPC method `z_viewtransaction` to fill that gap. +Given the ID of a transaction in the wallet, it decrypts the transaction and +returns detailed shielded information for all decryptable new and spent notes, +including: + +- The address that each note belongs to. +- Values in both decimal ZEC and zatoshis. +- The ID of the transaction that each spent note was received in. +- An `outgoing` flag on each new note, which will be `true` if the output is not + for an address in the wallet. +- A `memoStr` field for each new note, containing its text memo (if its memo + field contains a valid UTF-8 string). + +Information will be shown for any address that appears in `z_listaddresses`; +this includes watch-only addresses linked to viewing keys imported with +`z_importviewingkey`, as well as addresses with spending keys (both generated +with `z_getnewaddress` and imported with `z_importkey`). + +Build system +------------ + +- The `--enable-lcov`, `--disable-tests`, and `--disable-mining` flags for + `zcutil/build.sh` have been removed. You can pass these flags instead by using + the `CONFIGURE_FLAGS` environment variable. For example, to enable coverage + instrumentation (thus enabling "make cov" to work), call: + + ``` + CONFIGURE_FLAGS="--enable-lcov --disable-hardening" ./zcutil/build.sh + ``` + +- The build system no longer defaults to verbose output. You can re-enable + verbose output with `./zcutil/build.sh V=1` diff --git a/src/clientversion.h b/src/clientversion.h index 6b41b8649..c523ef40b 100644 --- a/src/clientversion.h +++ b/src/clientversion.h @@ -18,7 +18,7 @@ //! These need to be macros, as clientversion.cpp's and bitcoin*-res.rc's voodoo requires it #define CLIENT_VERSION_MAJOR 2 #define CLIENT_VERSION_MINOR 0 -#define CLIENT_VERSION_REVISION 9 +#define CLIENT_VERSION_REVISION 10 #define CLIENT_VERSION_BUILD 50 //! Set to true for release, false for prerelease or test build