From ebd7d8d78c2d89ceaf40894cedd6b21fb8bebe96 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Mon, 18 May 2015 11:21:32 +0200
Subject: [PATCH 1/4] Parameter interaction: disable upnp if -proxy set

To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.

Fixes #2927.

Conflicts:
	src/init.cpp

Rebased-From: 8c35b6f3be218101630101806300cfd75be23f58
Github-Pull: #6153
---
 src/init.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/init.cpp b/src/init.cpp
index 9ff87ad1e..00c8e399e 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -593,7 +593,11 @@ bool AppInit2(boost::thread_group& threadGroup)
     if (mapArgs.count("-proxy")) {
         // to protect privacy, do not listen by default if a default proxy server is specified
         if (SoftSetBoolArg("-listen", false))
-            LogPrintf("AppInit2 : parameter interaction: -proxy set -> setting -listen=0\n");
+            LogPrintf("%s: parameter interaction: -proxy set -> setting -listen=0\n", __func__);
+        // to protect privacy, do not use UPNP when a proxy is set. The user may still specify -listen=1
+        // to listen locally, so don't rely on this happening through -listen below.
+        if (SoftSetBoolArg("-upnp", false))
+            LogPrintf("%s: parameter interaction: -proxy set -> setting -upnp=0\n", __func__);
         // to protect privacy, do not discover addresses by default
         if (SoftSetBoolArg("-discover", false))
             LogPrintf("AppInit2 : parameter interaction: -proxy set -> setting -discover=0\n");

From ecc96f5ba9af206d1eb69f41d4d04f4fd014eeb3 Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sun, 31 May 2015 06:53:27 +0000
Subject: [PATCH 2/4] Remove P2SH coinbase flag, no longer interesting

Github-Pull: #6203
Rebased-From: d449772cf69c01932fc5d72c46054815d6300b3c
---
 src/init.cpp | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/init.cpp b/src/init.cpp
index 00c8e399e..ed05c1572 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -683,12 +683,6 @@ bool AppInit2(boost::thread_group& threadGroup)
     if (nConnectTimeout <= 0)
         nConnectTimeout = DEFAULT_CONNECT_TIMEOUT;
 
-    // Continue to put "/P2SH/" in the coinbase to monitor
-    // BIP16 support.
-    // This can be removed eventually...
-    const char* pszP2SH = "/P2SH/";
-    COINBASE_FLAGS << std::vector<unsigned char>(pszP2SH, pszP2SH+strlen(pszP2SH));
-
     // Fee-per-kilobyte amount considered the same as "free"
     // If you are mining, be careful setting this:
     // if you set it to zero then

From 181771b71296ffc242a4301a472f5a7ad5f6cc76 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Wed, 3 Jun 2015 09:42:03 +0200
Subject: [PATCH 3/4] json: fail read_string if string contains trailing
 garbage

Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes #6223).

The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.

Also adds tests for the new behavior.

Github-Pull: #6226
Rebased-From: 4e157fc60dae5ca69933ea4c1585a2a078b4d957
---
 src/json/json_spirit_reader_template.h |  6 +++---
 src/test/rpc_tests.cpp                 | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/json/json_spirit_reader_template.h b/src/json/json_spirit_reader_template.h
index 46f5892f6..47e3c1ca8 100644
--- a/src/json/json_spirit_reader_template.h
+++ b/src/json/json_spirit_reader_template.h
@@ -521,12 +521,11 @@ namespace json_spirit
      
         const spirit_namespace::parse_info< Iter_type > info = 
                             spirit_namespace::parse( begin, end, 
-                                                    Json_grammer< Value_type, Iter_type >( semantic_actions ), 
+                                                    Json_grammer< Value_type, Iter_type >( semantic_actions ) >> spirit_namespace::end_p,
                                                     spirit_namespace::space_p );
 
         if( !info.hit )
         {
-            assert( false ); // in theory exception should already have been thrown
             throw_error( info.stop, "error" );
         }
 
@@ -570,7 +569,8 @@ namespace json_spirit
     {
         typename String_type::const_iterator begin = s.begin();
 
-        return read_range( begin, s.end(), value );
+        bool success = read_range( begin, s.end(), value );
+        return success && begin == s.end();
     }
 
     template< class Istream_type >
diff --git a/src/test/rpc_tests.cpp b/src/test/rpc_tests.cpp
index d5475a92b..aed6e3ac2 100644
--- a/src/test/rpc_tests.cpp
+++ b/src/test/rpc_tests.cpp
@@ -139,6 +139,24 @@ BOOST_AUTO_TEST_CASE(rpc_parse_monetary_values)
     BOOST_CHECK_EQUAL(AmountFromValue(ValueFromString("20999999.99999999")), 2099999999999999LL);
 }
 
+BOOST_AUTO_TEST_CASE(json_parse_errors)
+{
+    Value value;
+    // Valid
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0"), value), true);
+    // Valid, with trailing whitespace
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0 "), value), true);
+    // Invalid, initial garbage
+    BOOST_CHECK_EQUAL(read_string(std::string("[1.0"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("a1.0"), value), false);
+    // Invalid, trailing garbage
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0sds"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("1.0]"), value), false);
+    // BTC addresses should fail parsing
+    BOOST_CHECK_EQUAL(read_string(std::string("175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W"), value), false);
+    BOOST_CHECK_EQUAL(read_string(std::string("3J98t1WpEZ73CNmQviecrnyiWrnqRhWNL"), value), false);
+}
+
 BOOST_AUTO_TEST_CASE(rpc_boostasiotocnetaddr)
 {
     // Check IPv4 addresses

From 09334e04a90fa49b68f9d3b3e3c4d739de144876 Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sat, 6 Jun 2015 14:23:38 +0000
Subject: [PATCH 4/4] configure: Detect (and reject) LibreSSL

Rebased-From: a5a81f7354b3aa3e797d973a7e6840f0e50e6533
Github-Pull: #6244
---
 configure.ac | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/configure.ac b/configure.ac
index 579035f59..ba8fc08af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -701,6 +701,14 @@ else
   fi
 fi
 
+AC_CHECK_LIB([crypto],[RAND_egd],[],[
+  AC_ARG_WITH([libressl],
+    [AS_HELP_STRING([--with-libressl],[Build with system LibreSSL (default is no; DANGEROUS; NOT SUPPORTED)])],
+    [AC_MSG_WARN([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])],
+    [AC_MSG_ERROR([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])]
+  )
+])
+
 CFLAGS_TEMP="$CFLAGS"
 LIBS_TEMP="$LIBS"
 CFLAGS="$CFLAGS $SSL_CFLAGS $CRYPTO_CFLAGS"