⚠️ Dan9470000 opened an issue: "Dear Cypherpunk, SLH-DSA & SAI-15, NO Offense, Peace Out."
(https://github.com/bitcoin/bitcoin/issues/32119)
### Motivation
This my identity if y'all not believe 4fbbc8e089720d559de2e4ba351ef411ee602a86c7da1a05894d5d7bd831685f for Opportunity Cost and Just listen to what is conveyed not to who is presenting it and send me the Entropy Pool Product and Ciphertext like QSC01 send it to my home and i wanna help to execute ideas, Bitcoin is an easily confused asset of Positivism Falsehood and the Byzantine Devil, What Solution? SAI-15 and SLH-DSA.
### Possible solution
If you can't believe me, send me yo
...
(https://github.com/bitcoin/bitcoin/issues/32119)
### Motivation
This my identity if y'all not believe 4fbbc8e089720d559de2e4ba351ef411ee602a86c7da1a05894d5d7bd831685f for Opportunity Cost and Just listen to what is conveyed not to who is presenting it and send me the Entropy Pool Product and Ciphertext like QSC01 send it to my home and i wanna help to execute ideas, Bitcoin is an easily confused asset of Positivism Falsehood and the Byzantine Devil, What Solution? SAI-15 and SLH-DSA.
### Possible solution
If you can't believe me, send me yo
...
✅ fanquake closed an issue: "Dear Cypherpunk, SLH-DSA & SAI-15, NO Offense, Peace Out."
(https://github.com/bitcoin/bitcoin/issues/32119)
(https://github.com/bitcoin/bitcoin/issues/32119)
💬 Dan9470000 commented on issue "SAI-15 and i can execution idea.":
(https://github.com/bitcoin/bitcoin/issues/32075#issuecomment-2744965769)
Will this be implemented or not, Brruhh?. Let's Discuss and Forget about this account, focus on cryptographic math, I am very open-minded to accept criticism.
(https://github.com/bitcoin/bitcoin/issues/32075#issuecomment-2744965769)
Will this be implemented or not, Brruhh?. Let's Discuss and Forget about this account, focus on cryptographic math, I am very open-minded to accept criticism.
💬 Dan9470000 commented on issue "SAI-15 and i can execution idea.":
(https://github.com/bitcoin/bitcoin/issues/32075#issuecomment-2744966393)
[NIST.FIPS.205.ipd.pdf](https://github.com/user-attachments/files/19400568/NIST.FIPS.205.ipd.pdf) SLH-DSA recommendation for now and until the futures, I don't have 100% control over changing SAI-15, let you implement.
(https://github.com/bitcoin/bitcoin/issues/32075#issuecomment-2744966393)
[NIST.FIPS.205.ipd.pdf](https://github.com/user-attachments/files/19400568/NIST.FIPS.205.ipd.pdf) SLH-DSA recommendation for now and until the futures, I don't have 100% control over changing SAI-15, let you implement.
:lock: fanquake locked an issue: "SAI-15 and i can execution idea."
(https://github.com/bitcoin/bitcoin/issues/32075)
(https://github.com/bitcoin/bitcoin/issues/32075)
:lock: achow101 locked an issue: "."
(https://github.com/bitcoin/bitcoin/issues/32119)
(https://github.com/bitcoin/bitcoin/issues/32119)
🤔 MurdoqZodoq reviewed a pull request: "[28.x] 28.1 backports and final changes"
(https://github.com/bitcoin/bitcoin/pull/31594#pullrequestreview-2707803550)
734
(https://github.com/bitcoin/bitcoin/pull/31594#pullrequestreview-2707803550)
734
⚠️ farrelA opened an issue: "Bitcoin Nebula, Please open a discussion."
(https://github.com/bitcoin/bitcoin/issues/32120)
Any Decentrilized 100% in here? Peace out guys, be healthy always, Let's fly higher 11111111111111111111111111100000000000000000000000000000000011111111111111111111111111111111111111111111111 Critize Message for Economic Think Tank. Why SAI-15 and SLH-DSA because for Signature Checksum to become a Balance for X Validate, I'm just criticizing it, I really care, not saying SHA 256 is a nightmare, y'all don't Sentiment I won't be here long, if you care who conveys information, not cryptography and
...
(https://github.com/bitcoin/bitcoin/issues/32120)
Any Decentrilized 100% in here? Peace out guys, be healthy always, Let's fly higher 11111111111111111111111111100000000000000000000000000000000011111111111111111111111111111111111111111111111 Critize Message for Economic Think Tank. Why SAI-15 and SLH-DSA because for Signature Checksum to become a Balance for X Validate, I'm just criticizing it, I really care, not saying SHA 256 is a nightmare, y'all don't Sentiment I won't be here long, if you care who conveys information, not cryptography and
...
💬 farrelA commented on issue "Bitcoin Nebula, Please open a discussion.":
(https://github.com/bitcoin/bitcoin/issues/32120#issuecomment-2745003343)
Hopefully it will be implemented not because of who I am, I don't have feelings for anyone, You're the wrong person if you keep canceling this because I care not only in terms of Technology but also the Philosophy of Accedence, Like US it is impossible to exceed the amount of Bitcoin that Satoshi Nakamoto owns because reward and resonance energy what US get so small so different than Satoshi owns and why Altcoin can't beating of Bitcoin? Because there's all create Math Mistake not the laws of na
...
(https://github.com/bitcoin/bitcoin/issues/32120#issuecomment-2745003343)
Hopefully it will be implemented not because of who I am, I don't have feelings for anyone, You're the wrong person if you keep canceling this because I care not only in terms of Technology but also the Philosophy of Accedence, Like US it is impossible to exceed the amount of Bitcoin that Satoshi Nakamoto owns because reward and resonance energy what US get so small so different than Satoshi owns and why Altcoin can't beating of Bitcoin? Because there's all create Math Mistake not the laws of na
...
✅ fanquake closed an issue: "Bitcoin Nebula, Please open a discussion."
(https://github.com/bitcoin/bitcoin/issues/32120)
(https://github.com/bitcoin/bitcoin/issues/32120)
:lock: achow101 locked an issue: "."
(https://github.com/bitcoin/bitcoin/issues/32120)
(https://github.com/bitcoin/bitcoin/issues/32120)
💬 fanquake commented on pull request "build: Switch to Qt 6":
(https://github.com/bitcoin/bitcoin/pull/30997#discussion_r2008659388)
Ok, so it looks like we should instead apply this patch: https://codereview.qt-project.org/c/qt/qtbase/+/633612 ?
(https://github.com/bitcoin/bitcoin/pull/30997#discussion_r2008659388)
Ok, so it looks like we should instead apply this patch: https://codereview.qt-project.org/c/qt/qtbase/+/633612 ?
💬 fanquake commented on pull request "build: Switch to Qt 6":
(https://github.com/bitcoin/bitcoin/pull/30997#discussion_r2008662782)
> ... or a poor design of Qt's internal find modules.
Possibly, have we reported this (regression?) upstream? From my reading of the Qt docs, I can't seem to find `pkg-config` listed as a build-time dependency.
(https://github.com/bitcoin/bitcoin/pull/30997#discussion_r2008662782)
> ... or a poor design of Qt's internal find modules.
Possibly, have we reported this (regression?) upstream? From my reading of the Qt docs, I can't seem to find `pkg-config` listed as a build-time dependency.
💬 davidgumberg commented on pull request "contrib: turn off compression of macOS SDK to fix determinism (across distros)":
(https://github.com/bitcoin/bitcoin/pull/32009#issuecomment-2745031877)
I don't have an explanation for this yet, but I am able to reproduce the provided hash on systems with python versions >= 3.12.0, with various `zlib` and `zlib-ng` versions.
`pkgdiff` again reports the mismatching archives as identical. But, now that the archives are uncompressed, the binary diff output is a little more revealing, here's the start of the diff:
<details>
<summary>
`git diff <(xxd rocky9.3/Xcode-15.0-15A240d-extracted-SDK-with-libcxx-headers.tar.gz) <(xxd fedora41/Xcode-
...
(https://github.com/bitcoin/bitcoin/pull/32009#issuecomment-2745031877)
I don't have an explanation for this yet, but I am able to reproduce the provided hash on systems with python versions >= 3.12.0, with various `zlib` and `zlib-ng` versions.
`pkgdiff` again reports the mismatching archives as identical. But, now that the archives are uncompressed, the binary diff output is a little more revealing, here's the start of the diff:
<details>
<summary>
`git diff <(xxd rocky9.3/Xcode-15.0-15A240d-extracted-SDK-with-libcxx-headers.tar.gz) <(xxd fedora41/Xcode-
...
💬 ajtowns commented on pull request "fuzz: enable running fuzz test cases in Debug mode":
(https://github.com/bitcoin/bitcoin/pull/32113#issuecomment-2745039599)
> I don't think the current patch will work. `G_FUZZING` influences more than just the behavior of the asserts/assumes. For example:
>
> * POW checks are different
> * The task runner is different
> * The random seeding is different
Yes -- the same fuzz seed will in many cases execute different code paths for the fuzzer when compiled in Debug mode without BUILD_FOR_FUZZING set. But that's a feature not a bug -- the idea is to be able to still run the fuzz tests with a relativ
...
(https://github.com/bitcoin/bitcoin/pull/32113#issuecomment-2745039599)
> I don't think the current patch will work. `G_FUZZING` influences more than just the behavior of the asserts/assumes. For example:
>
> * POW checks are different
> * The task runner is different
> * The random seeding is different
Yes -- the same fuzz seed will in many cases execute different code paths for the fuzzer when compiled in Debug mode without BUILD_FOR_FUZZING set. But that's a feature not a bug -- the idea is to be able to still run the fuzz tests with a relativ
...
💬 maflcko commented on pull request "contrib: turn off compression of macOS SDK to fix determinism (across distros)":
(https://github.com/bitcoin/bitcoin/pull/32009#issuecomment-2745042271)
> I don't have an explanation for this yet, but I am able to reproduce the provided hash on systems with python versions >= 3.12.0, with various `zlib` and `zlib-ng` versions, but python < 3.12.0 I get varying hashes.
A wild guess: Could this be related to https://github.com/python/cpython/issues/95385?
(https://github.com/bitcoin/bitcoin/pull/32009#issuecomment-2745042271)
> I don't have an explanation for this yet, but I am able to reproduce the provided hash on systems with python versions >= 3.12.0, with various `zlib` and `zlib-ng` versions, but python < 3.12.0 I get varying hashes.
A wild guess: Could this be related to https://github.com/python/cpython/issues/95385?
📝 achow101 locked a pull request: "[28.x] 28.1 backports and final changes"
(https://github.com/bitcoin/bitcoin/pull/31594)
Backports:
- #31502
- #31563
(https://github.com/bitcoin/bitcoin/pull/31594)
Backports:
- #31502
- #31563
💬 maflcko commented on pull request "fuzz: enable running fuzz test cases in Debug mode":
(https://github.com/bitcoin/bitcoin/pull/32113#issuecomment-2745046158)
> But that's a feature not a bug -- the idea is to be able to still run the fuzz tests with a relatively normal production-like build that doesn't completely special-case out POW checks, random seeding, etc.
My fear is that some bugs are not reproducible. (I know this is mostly theoretical, because we haven't seen such a case yet, but still it would be a bit disappointing if someone spent hours trying to reproduce a fuzz run, when it is impossible in a normal debug build)
> `inline bool Fu
...
(https://github.com/bitcoin/bitcoin/pull/32113#issuecomment-2745046158)
> But that's a feature not a bug -- the idea is to be able to still run the fuzz tests with a relatively normal production-like build that doesn't completely special-case out POW checks, random seeding, etc.
My fear is that some bugs are not reproducible. (I know this is mostly theoretical, because we haven't seen such a case yet, but still it would be a bit disappointing if someone spent hours trying to reproduce a fuzz run, when it is impossible in a normal debug build)
> `inline bool Fu
...
⚠️ maflcko opened an issue: "fuzz: package_rbf crashes after out-of-range memory read"
(https://github.com/bitcoin/bitcoin/issues/32121)
Diff to reproduce (turns UB into a runtime exception):
```diff
diff --git a/src/test/fuzz/rbf.cpp b/src/test/fuzz/rbf.cpp
index 3e5b361186..74099f770d 100644
--- a/src/test/fuzz/rbf.cpp
+++ b/src/test/fuzz/rbf.cpp
@@ -118,7 +118,7 @@ FUZZ_TARGET(package_rbf, .init = initialize_package_rbf)
}
assert(iter <= g_outpoints.size());
replacement_tx->vin.resize(1);
- replacement_tx->vin[0].prevout = g_outpoints[iter++];
+ replacement_tx->vin[0].prevout = g_outpoints.at(iter++);
...
(https://github.com/bitcoin/bitcoin/issues/32121)
Diff to reproduce (turns UB into a runtime exception):
```diff
diff --git a/src/test/fuzz/rbf.cpp b/src/test/fuzz/rbf.cpp
index 3e5b361186..74099f770d 100644
--- a/src/test/fuzz/rbf.cpp
+++ b/src/test/fuzz/rbf.cpp
@@ -118,7 +118,7 @@ FUZZ_TARGET(package_rbf, .init = initialize_package_rbf)
}
assert(iter <= g_outpoints.size());
replacement_tx->vin.resize(1);
- replacement_tx->vin[0].prevout = g_outpoints[iter++];
+ replacement_tx->vin[0].prevout = g_outpoints.at(iter++);
...
📝 maflcko opened a pull request: "fuzz: Fix off-by-one in package_rbf target"
(https://github.com/bitcoin/bitcoin/pull/32122)
Running the while loop up to `NUM_ITERS` times may set `iter` to `g_outpoints.size()`, which will then lead to an out-of-bounds read.
There was an assert, which I guess tried to catch this, but the condition in the assert was wrong as well.
Fix all issues by replacing the broken assert with the internal and correct check inside `std::vector::at` and by limiting `iter` to `NUM_ITERS` in the while loop.
(https://github.com/bitcoin/bitcoin/pull/32122)
Running the while loop up to `NUM_ITERS` times may set `iter` to `g_outpoints.size()`, which will then lead to an out-of-bounds read.
There was an assert, which I guess tried to catch this, but the condition in the assert was wrong as well.
Fix all issues by replacing the broken assert with the internal and correct check inside `std::vector::at` and by limiting `iter` to `NUM_ITERS` in the while loop.