Merge pull request #7997

29c03e2 wallet_api: enable set_strict_default_file_permissions (tobtoht) 1c26d34 epee: add missing header (selsta) 1d451a6 depends: update zeromq package to 4.3.4 (selsta) 5180610 cmake: use CMAKE_CURRENT_LIST_DIR for git version (selsta) 5aae00a epee: avoid ADL selecting C++14 std::quoted (selsta) cf31136 cmake: set cpp14 standard (selsta) 945665f fix median overflow bug (koe) 908ecb3 LMDB: fix deadlock in resized detection (Howard Chu) a492c4e blockchain: fix pedantic assert (selsta) 1e663e8 Increase timeout for the mining test 4 times (to 240s) (mj-xmr) 4760f8b Wallet2: Update 'approximate_testnet_rolled_back_blocks' (rbrunner7) 76b6120 cmake: set required C/C++ standard to 11 (selsta) 3067987 Fix parallel make of OpenSSL (Howard Chu) 1219c74 add singapore.node.xmr.pm to seed nodes (lza_menace) 689dd52 net_node: add seed node (selsta) 95936a3 depends: update unwind, fix build with ubuntu 21.04 (selsta) e2c802f Only INFO log for short seed words with ALLOW_SHORT_WORDS active (rbrunner7) 14df8ad epee: don't log raw packet data (moneromooo-monero) 5fa7208 Mac: Enable on ARM, by not enforcing x86_64 (mj-xmr) fe6ab93 daemon: allow proxy configuration (anon) 52dcc03 bootstrap_daemon: proxy configuration support (xiphon) a6df656 wallet2: chunk get_outs.bin calls to avoid sanity limits (moneromooo-monero)
3 years ago · e4376eed9e
parent 97b7a41bfa 29c03e2d90
commit e4376eed9e
48 changed files with 323 additions and 190 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -57,6 +57,14 @@ endif()

 enable_language(C ASM)

+# Require C11/C++11 and disable extensions for all targets
+set(CMAKE_C_STANDARD 11)
+set(CMAKE_C_STANDARD_REQUIRED ON)
+set(CMAKE_C_EXTENSIONS OFF)
+set(CMAKE_CXX_STANDARD 14)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(CMAKE_CXX_EXTENSIONS OFF)
+
 function (die msg)
  if (NOT WIN32)
    string(ASCII 27 Esc)
@ -493,7 +501,7 @@ if (CMAKE_SYSTEM_NAME MATCHES "(SunOS|Solaris)")
 endif ()

 if (APPLE AND NOT IOS)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=x86-64 -fvisibility=default -std=c++11")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=default")
  if (NOT OPENSSL_ROOT_DIR)
      EXECUTE_PROCESS(COMMAND brew --prefix openssl
        OUTPUT_VARIABLE OPENSSL_ROOT_DIR
@ -675,14 +683,14 @@ else()
  endif()
  set(C_WARNINGS "-Waggregate-return -Wnested-externs -Wold-style-definition -Wstrict-prototypes")
  set(CXX_WARNINGS "-Wno-reorder -Wno-missing-field-initializers")
-  try_compile(STATIC_ASSERT_RES "${CMAKE_CURRENT_BINARY_DIR}/static-assert" "${CMAKE_CURRENT_SOURCE_DIR}/cmake/test-static-assert.c" COMPILE_DEFINITIONS "-std=c11")
+  try_compile(STATIC_ASSERT_RES "${CMAKE_CURRENT_BINARY_DIR}/static-assert" "${CMAKE_CURRENT_SOURCE_DIR}/cmake/test-static-assert.c" CMAKE_FLAGS -DCMAKE_C_STANDARD=11)
  if(STATIC_ASSERT_RES)
    set(STATIC_ASSERT_FLAG "")
  else()
    set(STATIC_ASSERT_FLAG "-Dstatic_assert=_Static_assert")
  endif()

-  try_compile(STATIC_ASSERT_CPP_RES "${CMAKE_CURRENT_BINARY_DIR}/static-assert" "${CMAKE_CURRENT_SOURCE_DIR}/cmake/test-static-assert.cpp" COMPILE_DEFINITIONS "-std=c++11")
+  try_compile(STATIC_ASSERT_CPP_RES "${CMAKE_CURRENT_BINARY_DIR}/static-assert" "${CMAKE_CURRENT_SOURCE_DIR}/cmake/test-static-assert.cpp" CMAKE_FLAGS -DCMAKE_CXX_STANDARD=11)
  if(STATIC_ASSERT_CPP_RES)
    set(STATIC_ASSERT_CPP_FLAG "")
  else()
@ -771,8 +779,8 @@ else()
  message(STATUS "Using C++ security hardening flags: ${CXX_SECURITY_FLAGS}")
  message(STATUS "Using linker security hardening flags: ${LD_SECURITY_FLAGS}")

-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 -D_GNU_SOURCE ${MINGW_FLAG} ${STATIC_ASSERT_FLAG} ${WARNINGS} ${C_WARNINGS} ${COVERAGE_FLAGS} ${PIC_FLAG} ${C_SECURITY_FLAGS}")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -D_GNU_SOURCE ${MINGW_FLAG} ${STATIC_ASSERT_CPP_FLAG} ${WARNINGS} ${CXX_WARNINGS} ${COVERAGE_FLAGS} ${PIC_FLAG} ${CXX_SECURITY_FLAGS}")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_GNU_SOURCE ${MINGW_FLAG} ${STATIC_ASSERT_FLAG} ${WARNINGS} ${C_WARNINGS} ${COVERAGE_FLAGS} ${PIC_FLAG} ${C_SECURITY_FLAGS}")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D_GNU_SOURCE ${MINGW_FLAG} ${STATIC_ASSERT_CPP_FLAG} ${WARNINGS} ${CXX_WARNINGS} ${COVERAGE_FLAGS} ${PIC_FLAG} ${CXX_SECURITY_FLAGS}")
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${LD_SECURITY_FLAGS} ${LD_BACKCOMPAT_FLAGS}")

  # With GCC 6.1.1 the compiled binary malfunctions due to aliasing. Until that
@ -1122,8 +1130,6 @@ option(BUILD_GUI_DEPS "Build GUI dependencies." OFF)
 option(INSTALL_VENDORED_LIBUNBOUND "Install libunbound binary built from source vendored with this repo." OFF)


-CHECK_C_COMPILER_FLAG(-std=c11 HAVE_C11)
-
 find_package(PythonInterp)
 find_program(iwyu_tool_path NAMES iwyu_tool.py iwyu_tool)
 if (iwyu_tool_path AND PYTHONINTERP_FOUND)
--- a/README.md
+++ b/README.md
@ -161,7 +161,7 @@ library archives (`.a`).

 | Dep          | Min. version  | Vendored | Debian/Ubuntu pkg    | Arch pkg     | Void pkg           | Fedora pkg          | Optional | Purpose         |
 | ------------ | ------------- | -------- | -------------------- | ------------ | ------------------ | ------------------- | -------- | --------------- |
-| GCC          | 4.7.3         | NO       | `build-essential`    | `base-devel` | `base-devel`       | `gcc`               | NO       |                 |
+| GCC          | 5             | NO       | `build-essential`    | `base-devel` | `base-devel`       | `gcc`               | NO       |                 |
 | CMake        | 3.5           | NO       | `cmake`              | `cmake`      | `cmake`            | `cmake`             | NO       |                 |
 | pkg-config   | any           | NO       | `pkg-config`         | `base-devel` | `base-devel`       | `pkgconf`           | NO       |                 |
 | Boost        | 1.58          | NO       | `libboost-all-dev`   | `boost`      | `boost-devel`      | `boost-devel`       | NO       | C++ libraries   |
--- a/cmake/GitVersion.cmake
+++ b/cmake/GitVersion.cmake
@ -32,7 +32,7 @@

 function (get_version_tag_from_git GIT)
    execute_process(COMMAND "${GIT}" rev-parse --short=9 HEAD
-                    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                    WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}
                    RESULT_VARIABLE RET
                    OUTPUT_VARIABLE COMMIT
                    OUTPUT_STRIP_TRAILING_WHITESPACE)
@ -49,7 +49,7 @@ function (get_version_tag_from_git GIT)

        # Get all the tags
        execute_process(COMMAND "${GIT}" tag -l --points-at HEAD
-                        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                        WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}
                        RESULT_VARIABLE RET
                        OUTPUT_VARIABLE TAG
                        OUTPUT_STRIP_TRAILING_WHITESPACE)
--- a/contrib/depends/packages/openssl.mk
+++ b/contrib/depends/packages/openssl.mk
@ -59,11 +59,11 @@ define $(package)_config_cmds
 endef

 define $(package)_build_cmds
-  $(MAKE) -j1 build_libs libcrypto.pc libssl.pc openssl.pc
+  $(MAKE) build_libs
 endef

 define $(package)_stage_cmds
-  $(MAKE) DESTDIR=$($(package)_staging_dir) -j1 install_sw
+  $(MAKE) DESTDIR=$($(package)_staging_dir) install_sw
 endef

 define $(package)_postprocess_cmds
--- a/contrib/depends/packages/unwind.mk
+++ b/contrib/depends/packages/unwind.mk
@ -1,8 +1,8 @@
 package=unwind
-$(package)_version=1.2
+$(package)_version=1.5.0
 $(package)_download_path=https://download.savannah.nongnu.org/releases/libunwind
 $(package)_file_name=lib$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=1de38ffbdc88bd694d10081865871cd2bfbb02ad8ef9e1606aee18d65532b992
+$(package)_sha256_hash=90337653d92d4a13de590781371c604f9031cdb50520366aa1e3a91e1efb1017
 $(package)_patches=fix_obj_order.patch

 define $(package)_preprocess_cmds
@ -12,7 +12,7 @@ endef
 define $(package)_config_cmds
  cp -f $(BASEDIR)/config.guess config/config.guess &&\
  cp -f $(BASEDIR)/config.sub config/config.sub &&\
-  $($(package)_autoconf) --disable-shared --enable-static AR_FLAGS=$($(package)_arflags)
+  $($(package)_autoconf) --disable-shared --enable-static --disable-tests --disable-documentation AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
--- a/contrib/depends/packages/zeromq.mk
+++ b/contrib/depends/packages/zeromq.mk
@ -1,9 +1,9 @@
 package=zeromq
-$(package)_version=4.1.7
-$(package)_download_path=https://github.com/zeromq/zeromq4-1/releases/download/v$($(package)_version)/
+$(package)_version=4.3.4
+$(package)_download_path=https://github.com/zeromq/libzmq/releases/download/v$($(package)_version)/
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=31c383cfcd3be1dc8a66e448c403029e793687e70473b89c4cc0bd626e7da299
-$(package)_patches=9114d3957725acd34aa8b8d011585812f3369411.patch 9e6745c12e0b100cd38acecc16ce7db02905e27c.patch ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch
+$(package)_sha256_hash=c593001a89f5a85dd2ddf564805deb860e02471171b3f204944857336295c3e5
+$(package)_patches=06aba27b04c5822cb88a69677382a0f053367143.patch

 define $(package)_set_vars
  $(package)_config_opts=--without-documentation --disable-shared --without-libsodium --disable-curve
@ -13,10 +13,7 @@ define $(package)_set_vars
 endef

 define $(package)_preprocess_cmds
-  patch -p1 < $($(package)_patch_dir)/9114d3957725acd34aa8b8d011585812f3369411.patch && \
-  patch -p1 < $($(package)_patch_dir)/9e6745c12e0b100cd38acecc16ce7db02905e27c.patch && \
-  patch -p1 < $($(package)_patch_dir)/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch && \
-  ./autogen.sh
+  patch -p1 < $($(package)_patch_dir)/06aba27b04c5822cb88a69677382a0f053367143.patch
 endef

 define $(package)_config_cmds
@ -24,7 +21,7 @@ define $(package)_config_cmds
 endef

 define $(package)_build_cmds
-  $(MAKE) libzmq.la
+  $(MAKE) src/libzmq.la
 endef

 define $(package)_stage_cmds
--- a/contrib/depends/patches/unwind/fix_obj_order.patch
+++ b/contrib/depends/patches/unwind/fix_obj_order.patch
@ -1,9 +1,9 @@
--- config/ltmain.sh.O	2017-01-13 16:00:54.000000000 +0000
-+++ config/ltmain.sh	2019-11-17 06:46:51.994402494 +0000
-@@ -7957,6 +7957,8 @@
- 	    esac
- 	  done
+--- config/ltmain.sh.0	2020-11-10 17:25:26.000000000 +0100
+++ config/ltmain.sh	2021-09-11 19:39:36.000000000 +0200
+@@ -10768,6 +10768,8 @@
 	fi
+ 	func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ 	tool_oldlib=$func_to_tool_file_result
 +	oldobjs=`for obj in $oldobjs; do echo $obj; done | sort`
 +	oldobjs=" `echo $oldobjs`"
 	eval cmds=\"$old_archive_cmds\"
--- a/contrib/depends/patches/zeromq/06aba27b04c5822cb88a69677382a0f053367143.patch
+++ b/contrib/depends/patches/zeromq/06aba27b04c5822cb88a69677382a0f053367143.patch
@ -0,0 +1,22 @@
+From 06aba27b04c5822cb88a69677382a0f053367143 Mon Sep 17 00:00:00 2001
+From: sabotagebeats <27985126+sabotagebeats@users.noreply.github.com>
+Date: Thu, 22 Jul 2021 21:53:19 -0700
+Subject: [PATCH] fix: building libzmq fails with error src/clock.cpp:131:16:
+ error: unused variable 'nsecs_per_usec'
+
+---
+ src/clock.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/clock.cpp b/src/clock.cpp
+index 93da90a8e..63c0100a5 100644
+--- a/src/clock.cpp
+++ b/src/clock.cpp
+@@ -195,6 +195,7 @@ uint64_t zmq::clock_t::now_us ()
+ 
+ #else
+ 
+    LIBZMQ_UNUSED (nsecs_per_usec);
+     //  Use POSIX gettimeofday function to get precise time.
+     struct timeval tv;
+     int rc = gettimeofday (&tv, NULL);
--- a/contrib/depends/patches/zeromq/9114d3957725acd34aa8b8d011585812f3369411.patch
+++ b/contrib/depends/patches/zeromq/9114d3957725acd34aa8b8d011585812f3369411.patch
@ -1,22 +0,0 @@
-From 9114d3957725acd34aa8b8d011585812f3369411 Mon Sep 17 00:00:00 2001
-From: Jeroen Ooms <jeroenooms@gmail.com>
-Date: Tue, 20 Oct 2015 13:10:38 +0200
-Subject: [PATCH] enable static libraries on mingw
-
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 393505b..e92131a 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -265,7 +265,7 @@ case "${host_os}" in
-         libzmq_dso_visibility="no"
-
-         if test "x$enable_static" = "xyes"; then
-            AC_MSG_ERROR([Building static libraries is not supported under MinGW32])
-+            CPPFLAGS="-DZMQ_STATIC"
-         fi
-
- 	# Set FD_SETSIZE to 1024
--- a/contrib/depends/patches/zeromq/9e6745c12e0b100cd38acecc16ce7db02905e27c.patch
+++ b/contrib/depends/patches/zeromq/9e6745c12e0b100cd38acecc16ce7db02905e27c.patch
@ -1,22 +0,0 @@
-From 9e6745c12e0b100cd38acecc16ce7db02905e27c Mon Sep 17 00:00:00 2001
-From: David Millard <dmillard10@gmail.com>
-Date: Tue, 10 May 2016 13:53:53 -0700
-Subject: [PATCH] Fix autotools for static MinGW builds
-
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5a0fa14..def6ea7 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -259,7 +259,7 @@ case "${host_os}" in
-         libzmq_dso_visibility="no"
-
-         if test "x$enable_static" = "xyes"; then
-            CPPFLAGS="-DZMQ_STATIC"
-+            CPPFLAGS="-DZMQ_STATIC $CPPFLAGS"
-         fi
-
- 	# Set FD_SETSIZE to 1024
--- a/contrib/depends/patches/zeromq/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch
+++ b/contrib/depends/patches/zeromq/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch
@ -1,38 +0,0 @@
-From ffe62d3398d5e0191f554f61049aa7ec9fc892ae Mon Sep 17 00:00:00 2001
-From: Gregory Lemercier <greglemercier@free.fr>
-Date: Sun, 7 Oct 2018 18:06:54 +0200
-Subject: [PATCH] Fix build on arm64 architectures with some strict compilers
-
-This patch fixes an issue that occurs on 64-bit architetures under
-strict compiler rules. The code initially checked that the received
-size stored in 'uint64_t' was not bigger than the max value of a
-'size_t' variable, which is legitimate on 32-bit architectures where
-'size_t' variables are stored on 32 bits. On 64-bit architectures,
-this test no longer makes sense since 'uint64_t' and 'size_t' types
-have the same size. The issue is fixed by ignoring this portion
-of code when built for arm64.
---
- src/v1_decoder.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/v1_decoder.cpp b/src/v1_decoder.cpp
-index b002dc9d..2c8c97a7 100644
--- a/src/v1_decoder.cpp
-+++ b/src/v1_decoder.cpp
-@@ -114,11 +114,13 @@ int zmq::v1_decoder_t::eight_byte_size_ready ()
-         return -1;
-     }
- 
-+#ifndef __aarch64__
-     //  Message size must fit within range of size_t data type.
-     if (payload_length - 1 > std::numeric_limits <size_t>::max ()) {
-         errno = EMSGSIZE;
-         return -1;
-     }
-+#endif
- 
-     const size_t msg_size = static_cast <size_t> (payload_length - 1);
- 
-- 
-2.20.1
-
--- a/contrib/depends/toolchain.cmake.in
+++ b/contrib/depends/toolchain.cmake.in
@ -80,7 +80,7 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
  SET(PORT OFF)
  SET(CMAKE_OSX_SYSROOT "@sdk@/MacOSX10.11.sdk/")
  SET(CMAKE_OSX_DEPLOYMENT_TARGET "10.08")
-  SET(CMAKE_CXX_STANDARD 11)
+  SET(CMAKE_CXX_STANDARD 14)
  SET(CMAKE_OSX_ARCHITECTURES "x86_64")
  SET(LLVM_ENABLE_PIC OFF)
  SET(LLVM_ENABLE_PIE OFF)
--- a/contrib/epee/include/net/abstract_tcp_server2.inl
+++ b/contrib/epee/include/net/abstract_tcp_server2.inl
@ -560,7 +560,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 			{ // LOCK: chunking
    		epee::critical_region_t<decltype(m_chunking_lock)> send_guard(m_chunking_lock); // *** critical *** 

-				MDEBUG("do_send() will SPLIT into small chunks, from packet="<<message_size<<" B for ptr="<<message_data);
+				MDEBUG("do_send() will SPLIT into small chunks, from packet="<<message_size<<" B for ptr="<<(const void*)message_data);
 				// 01234567890 
 				// ^^^^        (pos=0, len=4)     ;   pos:=pos+len, pos=4
 				//     ^^^^    (pos=4, len=4)     ;   pos:=pos+len, pos=8
@ -573,14 +573,14 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 				while (!message.empty()) {
 					byte_slice chunk = message.take_slice(chunksize_good);

-					MDEBUG("chunk_start="<<(void*)chunk.data()<<" ptr="<<message_data<<" pos="<<(chunk.data() - message_data));
+					MDEBUG("chunk_start="<<(void*)chunk.data()<<" ptr="<<(const void*)message_data<<" pos="<<(chunk.data() - message_data));
 					MDEBUG("part of " << message.size() << ": pos="<<(chunk.data() - message_data) << " len="<<chunk.size());

 					bool ok = do_send_chunk(std::move(chunk)); // <====== ***

 					all_ok = all_ok && ok;
 					if (!all_ok) {
-						MDEBUG("do_send() DONE ***FAILED*** from packet="<<message_size<<" B for ptr="<<message_data);
+						MDEBUG("do_send() DONE ***FAILED*** from packet="<<message_size<<" B for ptr="<<(const void*)message_data);
 						MDEBUG("do_send() SEND was aborted in middle of big package - this is mostly harmless "
 							<< " (e.g. peer closed connection) but if it causes trouble tell us at #monero-dev. " << message_size);
 						return false; // partial failure in sending
@ -588,7 +588,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 					// (in catch block, or uniq pointer) delete buf;
 				} // each chunk

-				MDEBUG("do_send() DONE SPLIT from packet="<<message_size<<" B for ptr="<<message_data);
+				MDEBUG("do_send() DONE SPLIT from packet="<<message_size<<" B for ptr="<<(const void*)message_data);

                MDEBUG("do_send() m_connection_type = " << m_connection_type);

--- a/contrib/epee/include/stats.inl
+++ b/contrib/epee/include/stats.inl
@ -1,6 +1,7 @@
 #include <math.h>
 #include <limits>
 #include <algorithm>
+#include "misc_language.h"
 #include "stats.h"

 enum
@ -86,7 +87,7 @@ Tpod Stats<T, Tpod>::get_median() const
    }
    else
    {
-      median = (sorted[(sorted.size() - 1) / 2] + sorted[sorted.size() / 2]) / 2;
+      median = epee::misc_utils::get_mid(sorted[(sorted.size() - 1) / 2], sorted[sorted.size() / 2]);
    }
    set_cached(bit_median);
  }
--- a/contrib/epee/src/CMakeLists.txt
+++ b/contrib/epee/src/CMakeLists.txt
@ -35,9 +35,7 @@ if (USE_READLINE AND (GNU_READLINE_FOUND OR (DEPENDS AND NOT MINGW)))
  add_library(epee_readline STATIC readline_buffer.cpp)
 endif()

-if(HAVE_C11)
-SET_PROPERTY(SOURCE memwipe.c PROPERTY COMPILE_FLAGS -std=c11)
-endif()
+set_property(SOURCE memwipe.c PROPERTY C_STANDARD 11)

 # Build and install libepee if we're building for GUI
 if (BUILD_GUI_DEPS)
--- a/contrib/epee/src/buffer.cpp
+++ b/contrib/epee/src/buffer.cpp
@ -26,6 +26,7 @@
 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+#include <limits>
 #include <string.h>
 #include "net/buffer.h"

--- a/contrib/epee/src/http_auth.cpp
+++ b/contrib/epee/src/http_auth.cpp
@ -209,12 +209,7 @@ namespace
  }

  template<typename T>
-  using quoted_result = boost::joined_range<
-    const boost::joined_range<const boost::string_ref, const T>, const boost::string_ref
-  >;
-
-  template<typename T>
-  quoted_result<T> quoted(const T& arg)
+  auto quoted_(const T& arg) // avoid ADL selecting C++14 std::quoted
  {
    return boost::range::join(boost::range::join(ceref(u8"\""), arg), ceref(u8"\""));
  }
@ -242,13 +237,13 @@ namespace
  {
    str.append(u8"Digest ");
    add_first_field(str, u8"algorithm", algorithm);
-    add_field(str, u8"nonce", quoted(user.server.nonce));
-    add_field(str, u8"realm", quoted(user.server.realm));
-    add_field(str, u8"response", quoted(response));
-    add_field(str, u8"uri", quoted(uri));
-    add_field(str, u8"username", quoted(user.credentials.username));
+    add_field(str, u8"nonce", quoted_(user.server.nonce));
+    add_field(str, u8"realm", quoted_(user.server.realm));
+    add_field(str, u8"response", quoted_(response));
+    add_field(str, u8"uri", quoted_(uri));
+    add_field(str, u8"username", quoted_(user.credentials.username));
    if (!user.server.opaque.empty())
-      add_field(str, u8"opaque", quoted(user.server.opaque));
+      add_field(str, u8"opaque", quoted_(user.server.opaque));
  }

  //! Implements superseded algorithm specified in RFC 2069
@ -674,8 +669,8 @@ namespace
          Digest::name, (i == 0 ? boost::string_ref{} : sess_algo)
        );
        add_field(out, u8"algorithm", algorithm);
-        add_field(out, u8"realm", quoted(auth_realm));
-        add_field(out, u8"nonce", quoted(nonce));
+        add_field(out, u8"realm", quoted_(auth_realm));
+        add_field(out, u8"nonce", quoted_(nonce));
        add_field(out, u8"stale", is_stale ? ceref("true") : ceref("false"));
        
        fields.push_back(std::make_pair(std::string(server_auth_field), std::move(out)));
--- a/contrib/epee/src/wipeable_string.cpp
+++ b/contrib/epee/src/wipeable_string.cpp
@ -27,6 +27,7 @@
 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 #include <boost/optional/optional.hpp>
+#include <limits>
 #include <string.h>
 #include "memwipe.h"
 #include "misc_log_ex.h"
--- a/contrib/epee/tests/src/CMakeLists.txt
+++ b/contrib/epee/tests/src/CMakeLists.txt
@ -1,6 +1,13 @@

 cmake_minimum_required(VERSION 2.8)

+set(CMAKE_C_STANDARD 11)
+set(CMAKE_C_STANDARD_REQUIRED ON)
+set(CMAKE_C_EXTENSIONS OFF)
+set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(CMAKE_CXX_EXTENSIONS OFF)
+
 set(Boost_USE_MULTITHREADED ON)

 include_directories(.)
@ -14,8 +21,8 @@ IF (MSVC)
 	include_directories(SYSTEM platform/msvc)
 ELSE()
 	# set stuff for other systems
-	SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 -Wall")
-	SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wno-reorder")
+	SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+	SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wno-reorder")
 ENDIF()


--- a/external/easylogging++/CMakeLists.txt
+++ b/external/easylogging++/CMakeLists.txt
@ -30,7 +30,9 @@ cmake_minimum_required(VERSION 2.8.7)

 project(easylogging CXX)

-SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(CMAKE_CXX_EXTENSIONS OFF)

 find_package(Threads)
 find_package(Backtrace)
--- a/src/blockchain_db/lmdb/db_lmdb.cpp
+++ b/src/blockchain_db/lmdb/db_lmdb.cpp
@ -467,7 +467,12 @@ void mdb_txn_safe::allow_new_txns()
  creation_gate.clear();
 }

-void lmdb_resized(MDB_env *env)
+void mdb_txn_safe::increment_txns(int i)
+{
+	num_active_txns += i;
+}
+
+void lmdb_resized(MDB_env *env, int isactive)
 {
  mdb_txn_safe::prevent_new_txns();

@ -478,7 +483,11 @@ void lmdb_resized(MDB_env *env)
  mdb_env_info(env, &mei);
  uint64_t old = mei.me_mapsize;

+  if (isactive)
+    mdb_txn_safe::increment_txns(-1);
  mdb_txn_safe::wait_no_active_txns();
+  if (isactive)
+    mdb_txn_safe::increment_txns(1);

  int result = mdb_env_set_mapsize(env, 0);
  if (result)
@ -496,7 +505,7 @@ inline int lmdb_txn_begin(MDB_env *env, MDB_txn *parent, unsigned int flags, MDB
 {
  int res = mdb_txn_begin(env, parent, flags, txn);
  if (res == MDB_MAP_RESIZED) {
-    lmdb_resized(env);
+    lmdb_resized(env, 1);
    res = mdb_txn_begin(env, parent, flags, txn);
  }
  return res;
@ -506,7 +515,7 @@ inline int lmdb_txn_renew(MDB_txn *txn)
 {
  int res = mdb_txn_renew(txn);
  if (res == MDB_MAP_RESIZED) {
-    lmdb_resized(mdb_txn_env(txn));
+    lmdb_resized(mdb_txn_env(txn), 0);
    res = mdb_txn_renew(txn);
  }
  return res;
--- a/src/blockchain_db/lmdb/db_lmdb.h
+++ b/src/blockchain_db/lmdb/db_lmdb.h
@ -154,6 +154,7 @@ struct mdb_txn_safe
  static void prevent_new_txns();
  static void wait_no_active_txns();
  static void allow_new_txns();
+  static void increment_txns(int);

  mdb_threadinfo* m_tinfo;
  MDB_txn* m_txn;
--- a/src/cryptonote_core/blockchain.cpp
+++ b/src/cryptonote_core/blockchain.cpp
@ -5037,6 +5037,8 @@ bool Blockchain::prepare_handle_incoming_blocks(const std::vector<block_complete
        unsigned nblocks = batches;
        if (i < extra)
          ++nblocks;
+        if (nblocks == 0)
+          break;
        tpool.submit(&waiter, boost::bind(&Blockchain::block_longhash_worker, this, thread_height, epee::span<const block>(&blocks[thread_height - height], nblocks), std::ref(maps[i])), true);
        thread_height += nblocks;
      }
--- a/src/cryptonote_core/cryptonote_core.cpp
+++ b/src/cryptonote_core/cryptonote_core.cpp
@ -386,6 +386,7 @@ namespace cryptonote
    m_fluffy_blocks_enabled = !get_arg(vm, arg_no_fluffy_blocks);
    m_offline = get_arg(vm, arg_offline);
    m_disable_dns_checkpoints = get_arg(vm, arg_disable_dns_checkpoints);
+
    if (!command_line::is_arg_defaulted(vm, arg_fluffy_blocks))
      MWARNING(arg_fluffy_blocks.name << " is obsolete, it is now default");

@ -458,7 +459,7 @@ namespace cryptonote
    return m_blockchain_storage.get_alternative_blocks_count();
  }
  //-----------------------------------------------------------------------------------------------
-  bool core::init(const boost::program_options::variables_map& vm, const cryptonote::test_options *test_options, const GetCheckpointsCallback& get_checkpoints/* = nullptr */)
+  bool core::init(const boost::program_options::variables_map& vm, const cryptonote::test_options *test_options, const GetCheckpointsCallback& get_checkpoints/* = nullptr */, bool allow_dns)
  {
    start_time = std::time(nullptr);

@ -469,6 +470,7 @@ namespace cryptonote
    }
    bool r = handle_command_line(vm);
    CHECK_AND_ASSERT_MES(r, false, "Failed to handle command line");
+    m_disable_dns_checkpoints |= not allow_dns;

    std::string db_sync_mode = command_line::get_arg(vm, cryptonote::arg_db_sync_mode);
    bool db_salvage = command_line::get_arg(vm, cryptonote::arg_db_salvage) != 0;
@ -695,7 +697,7 @@ namespace cryptonote
    CHECK_AND_ASSERT_MES(update_checkpoints(skip_dns_checkpoints), false, "One or more checkpoints loaded from json or dns conflicted with existing checkpoints.");

   // DNS versions checking
-    if (check_updates_string == "disabled")
+    if (check_updates_string == "disabled" || not allow_dns)
      check_updates_level = UPDATES_DISABLED;
    else if (check_updates_string == "notify")
      check_updates_level = UPDATES_NOTIFY;
--- a/src/cryptonote_core/cryptonote_core.h
+++ b/src/cryptonote_core/cryptonote_core.h
@ -283,10 +283,11 @@ namespace cryptonote
      * @param vm command line parameters
      * @param test_options configuration options for testing
      * @param get_checkpoints if set, will be called to get checkpoints data, must return checkpoints data pointer and size or nullptr if there ain't any checkpoints for specific network type
+      * @param allow_dns whether or not to allow DNS requests
      *
      * @return false if one of the init steps fails, otherwise true
      */
-     bool init(const boost::program_options::variables_map& vm, const test_options *test_options = NULL, const GetCheckpointsCallback& get_checkpoints = nullptr);
+     bool init(const boost::program_options::variables_map& vm, const test_options *test_options = NULL, const GetCheckpointsCallback& get_checkpoints = nullptr, bool allow_dns = true);

     /**
      * @copydoc Blockchain::reset_and_set_genesis_block
--- a/src/daemon/command_line_args.h
+++ b/src/daemon/command_line_args.h
@ -96,6 +96,16 @@ namespace daemon_args
  , 0
  };

+  const command_line::arg_descriptor<std::string> arg_proxy = {
+    "proxy",
+    "Network communication through proxy: <socks-ip:port> i.e. \"127.0.0.1:9050\"",
+    "",
+  };
+  const command_line::arg_descriptor<bool> arg_proxy_allow_dns_leaks = {
+    "proxy-allow-dns-leaks",
+    "Allow DNS leaks outside of proxy",
+    false,
+  };
  const command_line::arg_descriptor<bool> arg_public_node = {
    "public-node"
  , "Allow other users to use the node as a remote (restricted RPC mode, view-only commands) and advertise it over P2P"
--- a/src/daemon/command_parser_executor.cpp
+++ b/src/daemon/command_parser_executor.cpp
@ -887,16 +887,66 @@ bool t_command_parser_executor::check_blockchain_pruning(const std::vector<std::

 bool t_command_parser_executor::set_bootstrap_daemon(const std::vector<std::string>& args)
 {
-  const size_t args_count = args.size();
-  if (args_count < 1 || args_count > 3)
+  struct parsed_t
+  {
+    std::string address;
+    std::string user;
+    std::string password;
+    std::string proxy;
+  };
+
+  boost::optional<parsed_t> parsed = [&args]() -> boost::optional<parsed_t> {
+    const size_t args_count = args.size();
+    if (args_count == 0)
+    {
+      return {};
+    }
+    if (args[0] == "auto")
+    {
+      if (args_count == 1)
+      {
+        return {{args[0], "", "", ""}};
+      }
+      if (args_count == 2)
+      {
+        return {{args[0], "", "", args[1]}};
+      }
+    }
+    else if (args[0] == "none")
+    {
+      if (args_count == 1)
+      {
+        return {{"", "", "", ""}};
+      }
+    }
+    else
+    {
+      if (args_count == 1)
+      {
+        return {{args[0], "", "", ""}};
+      }
+      if (args_count == 2)
+      {
+        return {{args[0], "", "", args[1]}};
+      }
+      if (args_count == 3)
+      {
+        return {{args[0], args[1], args[2], ""}};
+      }
+      if (args_count == 4)
+      {
+        return {{args[0], args[1], args[2], args[3]}};
+      }
+    }
+    return {};
+  }();
+
+  if (!parsed)
  {
    return false;
  }

-  return m_executor.set_bootstrap_daemon(
-    args[0] != "none" ? args[0] : std::string(),
-    args_count > 1 ? args[1] : std::string(),
-    args_count > 2 ? args[2] : std::string());
+  return m_executor.set_bootstrap_daemon(parsed->address, parsed->user, parsed->password, parsed->proxy);
 }

 bool t_command_parser_executor::flush_cache(const std::vector<std::string>& args)
--- a/src/daemon/command_server.cpp
+++ b/src/daemon/command_server.cpp
@ -324,7 +324,7 @@ t_command_server::t_command_server(
    m_command_lookup.set_handler(
      "set_bootstrap_daemon"
    , std::bind(&t_command_parser_executor::set_bootstrap_daemon, &m_parser, p::_1)
-    , "set_bootstrap_daemon (auto | none | host[:port] [username] [password])"
+    , "set_bootstrap_daemon (auto | none | host[:port] [username] [password]) [proxy_ip:proxy_port]"
    , "URL of a 'bootstrap' remote daemon that the connected wallets can use while this daemon is still not fully synced.\n"
      "Use 'auto' to enable automatic public nodes discovering and bootstrap daemon switching"
    );
--- a/src/daemon/core.h
+++ b/src/daemon/core.h
@ -32,6 +32,7 @@
 #include "cryptonote_core/cryptonote_core.h"
 #include "cryptonote_protocol/cryptonote_protocol_handler.h"
 #include "misc_log_ex.h"
+#include "daemon/command_line_args.h"

 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "daemon"
@ -66,7 +67,14 @@ public:
 #else
    const cryptonote::GetCheckpointsCallback& get_checkpoints = nullptr;
 #endif
-    if (!m_core.init(m_vm_HACK, nullptr, get_checkpoints))
+
+    if (command_line::is_arg_defaulted(vm, daemon_args::arg_proxy) && command_line::get_arg(vm, daemon_args::arg_proxy_allow_dns_leaks)) {
+      MLOG_RED(el::Level::Warning, "--" << daemon_args::arg_proxy_allow_dns_leaks.name << " is enabled, but --"
+        << daemon_args::arg_proxy.name << " is not specified.");
+    }
+
+    const bool allow_dns = command_line::is_arg_defaulted(vm, daemon_args::arg_proxy) || command_line::get_arg(vm, daemon_args::arg_proxy_allow_dns_leaks);
+    if (!m_core.init(m_vm_HACK, nullptr, get_checkpoints, allow_dns))
    {
      throw std::runtime_error("Failed to initialize core");
    }
--- a/src/daemon/main.cpp
+++ b/src/daemon/main.cpp
@ -152,6 +152,8 @@ int main(int argc, char const * argv[])
      command_line::add_arg(core_settings, daemon_args::arg_max_log_file_size);
      command_line::add_arg(core_settings, daemon_args::arg_max_log_files);
      command_line::add_arg(core_settings, daemon_args::arg_max_concurrency);
+      command_line::add_arg(core_settings, daemon_args::arg_proxy);
+      command_line::add_arg(core_settings, daemon_args::arg_proxy_allow_dns_leaks);
      command_line::add_arg(core_settings, daemon_args::arg_public_node);
      command_line::add_arg(core_settings, daemon_args::arg_zmq_rpc_bind_ip);
      command_line::add_arg(core_settings, daemon_args::arg_zmq_rpc_bind_port);
--- a/src/daemon/p2p.h
+++ b/src/daemon/p2p.h
@ -33,6 +33,7 @@
 #include "cryptonote_protocol/cryptonote_protocol_handler.h"
 #include "p2p/net_node.h"
 #include "daemon/protocol.h"
+#include "daemon/command_line_args.h"

 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "daemon"
@ -61,7 +62,7 @@ public:
  {
    //initialize objects
    MGINFO("Initializing p2p server...");
-    if (!m_server.init(vm))
+    if (!m_server.init(vm, command_line::get_arg(vm, daemon_args::arg_proxy), command_line::get_arg(vm, daemon_args::arg_proxy_allow_dns_leaks)))
    {
      throw std::runtime_error("Failed to initialize p2p server.");
    }
--- a/src/daemon/rpc.h
+++ b/src/daemon/rpc.h
@ -62,7 +62,7 @@ public:
  {
    MGINFO("Initializing " << m_description << " RPC server...");

-    if (!m_server.init(vm, restricted, port, allow_rpc_payment))
+    if (!m_server.init(vm, restricted, port, allow_rpc_payment, command_line::get_arg(vm, daemon_args::arg_proxy)))
    {
      throw std::runtime_error("Failed to initialize " + m_description + " RPC server.");
    }
--- a/src/daemon/rpc_command_executor.cpp
+++ b/src/daemon/rpc_command_executor.cpp
@ -2405,7 +2405,8 @@ bool t_rpc_command_executor::check_blockchain_pruning()
 bool t_rpc_command_executor::set_bootstrap_daemon(
  const std::string &address,
  const std::string &username,
-  const std::string &password)
+  const std::string &password,
+  const std::string &proxy)
 {
    cryptonote::COMMAND_RPC_SET_BOOTSTRAP_DAEMON::request req;
    cryptonote::COMMAND_RPC_SET_BOOTSTRAP_DAEMON::response res;
@ -2414,6 +2415,7 @@ bool t_rpc_command_executor::set_bootstrap_daemon(
    req.address = address;
    req.username = username;
    req.password = password;
+    req.proxy = proxy;

    if (m_is_rpc)
    {
--- a/src/daemon/rpc_command_executor.h
+++ b/src/daemon/rpc_command_executor.h
@ -168,7 +168,8 @@ public:
  bool set_bootstrap_daemon(
    const std::string &address,
    const std::string &username,
-    const std::string &password);
+    const std::string &password,
+    const std::string &proxy);

  bool rpc_payments();

--- a/src/mnemonics/language_base.h
+++ b/src/mnemonics/language_base.h
@ -129,7 +129,7 @@ namespace Language
        if ((*it).size() < unique_prefix_length)
        {
          if (flags & ALLOW_SHORT_WORDS)
-            MWARNING(language_name << " word '" << *it << "' is shorter than its prefix length, " << unique_prefix_length);
+            MINFO(language_name << " word '" << *it << "' is shorter than its prefix length, " << unique_prefix_length);
          else
            throw std::runtime_error("Too short word in " + language_name + " word list: " + *it);
        }
--- a/src/p2p/net_node.cpp
+++ b/src/p2p/net_node.cpp
@ -94,6 +94,9 @@ namespace
        case net::i2p_address::get_type_id():
            set = client->set_connect_command(remote.as<net::i2p_address>());
            break;
+        case epee::net_utils::ipv4_network_address::get_type_id():
+            set = client->set_connect_command(remote.as<epee::net_utils::ipv4_network_address>());
+            break;
        default:
            MERROR("Unsupported network address in socks_connect");
            return false;
--- a/src/p2p/net_node.h
+++ b/src/p2p/net_node.h
@ -254,7 +254,8 @@ namespace nodetool
        m_igd(no_igd),
        m_offline(false),
        is_closing(false),
-        m_network_id()
+        m_network_id(),
+        m_enable_dns_seed_nodes(true)
    {}
    virtual ~node_server();

@ -262,7 +263,7 @@ namespace nodetool

    bool run();
    network_zone& add_zone(epee::net_utils::zone zone);
-    bool init(const boost::program_options::variables_map& vm);
+    bool init(const boost::program_options::variables_map& vm, const std::string& proxy = {}, bool proxy_dns_leaks_allowed = {});
    bool deinit();
    bool send_stop_signal();
    uint32_t get_this_peer_port(){return m_listening_port;}
@ -512,6 +513,7 @@ namespace nodetool

    epee::net_utils::ssl_support_t m_ssl_support;

+    bool m_enable_dns_seed_nodes;
    bool m_enable_dns_blocklist;
  };

--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@ -694,11 +694,15 @@ namespace nodetool
      full_addrs.insert("212.83.175.67:28080");
      full_addrs.insert("212.83.172.165:28080");
      full_addrs.insert("192.110.160.146:28080");
+      full_addrs.insert("88.99.173.38:28080");
+      full_addrs.insert("51.79.173.165:28080");
    }
    else if (m_nettype == cryptonote::STAGENET)
    {
      full_addrs.insert("162.210.173.150:38080");
      full_addrs.insert("192.110.160.146:38080");
+      full_addrs.insert("88.99.173.38:38080");
+      full_addrs.insert("51.79.173.165:38080");
    }
    else if (m_nettype == cryptonote::FAKECHAIN)
    {
@ -713,6 +717,8 @@ namespace nodetool
      full_addrs.insert("209.250.243.248:18080");
      full_addrs.insert("104.238.221.81:18080");
      full_addrs.insert("66.85.74.134:18080");
+      full_addrs.insert("88.99.173.38:18080");
+      full_addrs.insert("51.79.173.165:18080");
    }
    return full_addrs;
  }
@ -732,6 +738,12 @@ namespace nodetool
    {
      return get_ip_seed_nodes();
    }
+    if (!m_enable_dns_seed_nodes)
+    {
+      // TODO: a domain can be set through socks, so that the remote side does the lookup for the DNS seed nodes.
+      m_fallback_seed_nodes_added.test_and_set();
+      return get_ip_seed_nodes();
+    }

    std::set<std::string> full_addrs;

@ -839,7 +851,8 @@ namespace nodetool
        return {
          "xwvz3ekocr3dkyxfkmgm2hvbpzx2ysqmaxgter7znnqrhoicygkfswid.onion:18083",
          "4pixvbejrvihnkxmduo2agsnmc3rrulrqc7s3cbwwrep6h6hrzsibeqd.onion:18083",
-          "zbjkbsxc5munw3qusl7j2hpcmikhqocdf4pqhnhtpzw5nt5jrmofptid.onion:18083"
+          "zbjkbsxc5munw3qusl7j2hpcmikhqocdf4pqhnhtpzw5nt5jrmofptid.onion:18083",
+          "qz43zul2x56jexzoqgkx2trzwcfnr6l3hbtfcfx54g4r3eahy3bssjyd.onion:18083",
        };
      }
      return {};
@ -870,10 +883,21 @@ namespace nodetool
  }
  //-----------------------------------------------------------------------------------
  template<class t_payload_net_handler>
-  bool node_server<t_payload_net_handler>::init(const boost::program_options::variables_map& vm)
+  bool node_server<t_payload_net_handler>::init(const boost::program_options::variables_map& vm, const std::string& proxy, bool proxy_dns_leaks_allowed)
  {
    bool res = handle_command_line(vm);
    CHECK_AND_ASSERT_MES(res, false, "Failed to handle command line");
+    if (proxy.size())
+    {
+      const auto endpoint = net::get_tcp_endpoint(proxy);
+      CHECK_AND_ASSERT_MES(endpoint, false, "Failed to parse proxy: " << proxy << " - " << endpoint.error());
+      network_zone& public_zone = m_network_zones[epee::net_utils::zone::public_];
+      public_zone.m_connect = &socks_connect;
+      public_zone.m_proxy_address = *endpoint;
+      public_zone.m_can_pingback = false;
+      m_enable_dns_seed_nodes &= proxy_dns_leaks_allowed;
+      m_enable_dns_blocklist &= proxy_dns_leaks_allowed;
+    }

    if (m_nettype == cryptonote::TESTNET)
    {
--- a/src/rpc/bootstrap_daemon.cpp
+++ b/src/rpc/bootstrap_daemon.cpp
@ -7,6 +7,7 @@
 #include "crypto/crypto.h"
 #include "cryptonote_core/cryptonote_core.h"
 #include "misc_log_ex.h"
+#include "net/parse.h"

 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "daemon.rpc.bootstrap_daemon"
@ -16,19 +17,23 @@ namespace cryptonote

  bootstrap_daemon::bootstrap_daemon(
    std::function<std::map<std::string, bool>()> get_public_nodes,
-    bool rpc_payment_enabled)
+    bool rpc_payment_enabled,
+    const std::string &proxy)
    : m_selector(new bootstrap_node::selector_auto(std::move(get_public_nodes)))
    , m_rpc_payment_enabled(rpc_payment_enabled)
  {
+    set_proxy(proxy);
  }

  bootstrap_daemon::bootstrap_daemon(
    const std::string &address,
    boost::optional<epee::net_utils::http::login> credentials,
-    bool rpc_payment_enabled)
+    bool rpc_payment_enabled,
+    const std::string &proxy)
    : m_selector(nullptr)
    , m_rpc_payment_enabled(rpc_payment_enabled)
  {
+    set_proxy(proxy);
    if (!set_server(address, std::move(credentials)))
    {
      throw std::runtime_error("invalid bootstrap daemon address or credentials");
@ -78,6 +83,18 @@ namespace cryptonote
    return success;
  }

+  void bootstrap_daemon::set_proxy(const std::string &address)
+  {
+    if (!address.empty() && !net::get_tcp_endpoint(address))
+    {
+      throw std::runtime_error("invalid proxy address format");
+    }
+    if (!m_http_client.set_proxy(address))
+    {
+      throw std::runtime_error("failed to set proxy address");
+    }
+  }
+
  bool bootstrap_daemon::set_server(const std::string &address, const boost::optional<epee::net_utils::http::login> &credentials /* = boost::none */)
  {
    if (!m_http_client.set_server(address, credentials))
--- a/src/rpc/bootstrap_daemon.h
+++ b/src/rpc/bootstrap_daemon.h
@ -8,7 +8,7 @@
 #include <boost/thread/mutex.hpp>
 #include <boost/utility/string_ref.hpp>

-#include "net/http_client.h"
+#include "net/http.h"
 #include "storages/http_abstract_invoke.h"

 #include "bootstrap_node_selector.h"
@ -21,11 +21,13 @@ namespace cryptonote
  public:
    bootstrap_daemon(
      std::function<std::map<std::string, bool>()> get_public_nodes,
-      bool rpc_payment_enabled);
+      bool rpc_payment_enabled,
+      const std::string &proxy);
    bootstrap_daemon(
      const std::string &address,
      boost::optional<epee::net_utils::http::login> credentials,
-      bool rpc_payment_enabled);
+      bool rpc_payment_enabled,
+      const std::string &proxy);

    std::string address() const noexcept;
    boost::optional<std::pair<uint64_t, uint64_t>> get_height();
@ -72,12 +74,14 @@ namespace cryptonote
      return handle_result(result, result_struct.status);
    }

+    void set_proxy(const std::string &address);
+
  private:
    bool set_server(const std::string &address, const boost::optional<epee::net_utils::http::login> &credentials = boost::none);
    bool switch_server_if_needed();

  private:
-    epee::net_utils::http::http_simple_client m_http_client;
+    net::http::client m_http_client;
    const bool m_rpc_payment_enabled;
    const std::unique_ptr<bootstrap_node::selector> m_selector;
    boost::mutex m_selector_mutex;
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@ -154,6 +154,7 @@ namespace cryptonote
    command_line::add_arg(desc, arg_restricted_rpc);
    command_line::add_arg(desc, arg_bootstrap_daemon_address);
    command_line::add_arg(desc, arg_bootstrap_daemon_login);
+    command_line::add_arg(desc, arg_bootstrap_daemon_proxy);
    cryptonote::rpc_args::init_options(desc, true);
    command_line::add_arg(desc, arg_rpc_payment_address);
    command_line::add_arg(desc, arg_rpc_payment_difficulty);
@ -172,7 +173,10 @@ namespace cryptonote
    , m_rpc_payment_allow_free_loopback(false)
  {}
  //------------------------------------------------------------------------------------------------------------------------------
-  bool core_rpc_server::set_bootstrap_daemon(const std::string &address, const std::string &username_password)
+  bool core_rpc_server::set_bootstrap_daemon(
+    const std::string &address,
+    const std::string &username_password,
+    const std::string &proxy)
  {
    boost::optional<epee::net_utils::http::login> credentials;
    const auto loc = username_password.find(':');
@ -180,7 +184,7 @@ namespace cryptonote
    {
      credentials = epee::net_utils::http::login(username_password.substr(0, loc), username_password.substr(loc + 1));
    }
-    return set_bootstrap_daemon(address, credentials);
+    return set_bootstrap_daemon(address, credentials, proxy);
  }
  //------------------------------------------------------------------------------------------------------------------------------
  std::map<std::string, bool> core_rpc_server::get_public_nodes(uint32_t credits_per_hash_threshold/* = 0*/)
@ -217,7 +221,10 @@ namespace cryptonote
    return result;
  }
  //------------------------------------------------------------------------------------------------------------------------------
-  bool core_rpc_server::set_bootstrap_daemon(const std::string &address, const boost::optional<epee::net_utils::http::login> &credentials)
+  bool core_rpc_server::set_bootstrap_daemon(
+    const std::string &address,
+    const boost::optional<epee::net_utils::http::login> &credentials,
+    const std::string &proxy)
  {
    boost::unique_lock<boost::shared_mutex> lock(m_bootstrap_daemon_mutex);

@ -233,11 +240,11 @@ namespace cryptonote
      auto get_nodes = [this]() {
        return get_public_nodes(credits_per_hash_threshold);
      };
-      m_bootstrap_daemon.reset(new bootstrap_daemon(std::move(get_nodes), rpc_payment_enabled));
+      m_bootstrap_daemon.reset(new bootstrap_daemon(std::move(get_nodes), rpc_payment_enabled, m_bootstrap_daemon_proxy.empty() ? proxy : m_bootstrap_daemon_proxy));
    }
    else
    {
-      m_bootstrap_daemon.reset(new bootstrap_daemon(address, credentials, rpc_payment_enabled));
+      m_bootstrap_daemon.reset(new bootstrap_daemon(address, credentials, rpc_payment_enabled, m_bootstrap_daemon_proxy.empty() ? proxy : m_bootstrap_daemon_proxy));
    }

    m_should_use_bootstrap_daemon = m_bootstrap_daemon.get() != nullptr;
@ -255,8 +262,10 @@ namespace cryptonote
      , const bool restricted
      , const std::string& port
      , bool allow_rpc_payment
+      , const std::string& proxy
    )
  {
+    m_bootstrap_daemon_proxy = proxy;
    m_restricted = restricted;
    m_net_server.set_threads_prefix("RPC");
    m_net_server.set_connection_filter(&m_p2p);
@ -318,8 +327,10 @@ namespace cryptonote
        MWARNING("The RPC server is accessible from the outside, but no RPC payment was setup. RPC access will be free for all.");
    }

-    if (!set_bootstrap_daemon(command_line::get_arg(vm, arg_bootstrap_daemon_address),
-      command_line::get_arg(vm, arg_bootstrap_daemon_login)))
+    if (!set_bootstrap_daemon(
+          command_line::get_arg(vm, arg_bootstrap_daemon_address),
+          command_line::get_arg(vm, arg_bootstrap_daemon_login),
+          command_line::get_arg(vm, arg_bootstrap_daemon_proxy)))
    {
      MFATAL("Failed to parse bootstrap daemon address");
      return false;
@ -1608,15 +1619,15 @@ namespace cryptonote
    {
      credentials = epee::net_utils::http::login(req.username, req.password);
    }
-    
-    if (set_bootstrap_daemon(req.address, credentials))
+
+    if (set_bootstrap_daemon(req.address, credentials, req.proxy))
    {
      res.status = CORE_RPC_STATUS_OK;
    }
    else
    {
      res.status = "Failed to set bootstrap daemon";
-    }    
+    }

    return true;
  }
@ -3398,6 +3409,12 @@ namespace cryptonote
    , ""
    };

+  const command_line::arg_descriptor<std::string> core_rpc_server::arg_bootstrap_daemon_proxy = {
+      "bootstrap-daemon-proxy"
+    , "<ip>:<port> socks proxy to use for bootstrap daemon connections"
+    , ""
+    };
+
  const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_payment_address = {
      "rpc-payment-address"
    , "Restrict RPC to clients sending micropayment to this address"
--- a/src/rpc/core_rpc_server.h
+++ b/src/rpc/core_rpc_server.h
@ -72,6 +72,7 @@ namespace cryptonote
    static const command_line::arg_descriptor<bool> arg_rpc_ssl_allow_any_cert;
    static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_address;
    static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_login;
+    static const command_line::arg_descriptor<std::string> arg_bootstrap_daemon_proxy;
    static const command_line::arg_descriptor<std::string> arg_rpc_payment_address;
    static const command_line::arg_descriptor<uint64_t> arg_rpc_payment_difficulty;
    static const command_line::arg_descriptor<uint64_t> arg_rpc_payment_credits;
@ -90,7 +91,8 @@ namespace cryptonote
        const boost::program_options::variables_map& vm,
        const bool restricted,
        const std::string& port,
-        bool allow_rpc_payment
+        bool allow_rpc_payment,
+        const std::string& proxy = {}
      );
    network_type nettype() const { return m_core.get_nettype(); }

@ -270,8 +272,14 @@ private:
    uint64_t get_block_reward(const block& blk);
    bool fill_block_header_response(const block& blk, bool orphan_status, uint64_t height, const crypto::hash& hash, block_header_response& response, bool fill_pow_hash);
    std::map<std::string, bool> get_public_nodes(uint32_t credits_per_hash_threshold = 0);
-    bool set_bootstrap_daemon(const std::string &address, const std::string &username_password);
-    bool set_bootstrap_daemon(const std::string &address, const boost::optional<epee::net_utils::http::login> &credentials);
+    bool set_bootstrap_daemon(
+      const std::string &address,
+      const std::string &username_password,
+      const std::string &proxy);
+    bool set_bootstrap_daemon(
+      const std::string &address,
+      const boost::optional<epee::net_utils::http::login> &credentials,
+      const std::string &proxy);
    enum invoke_http_mode { JON, BIN, JON_RPC };
    template <typename COMMAND_TYPE>
    bool use_bootstrap_daemon_if_necessary(const invoke_http_mode &mode, const std::string &command_name, const typename COMMAND_TYPE::request& req, typename COMMAND_TYPE::response& res, bool &r);
@ -282,6 +290,7 @@ private:
    nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<cryptonote::core> >& m_p2p;
    boost::shared_mutex m_bootstrap_daemon_mutex;
    std::unique_ptr<bootstrap_daemon> m_bootstrap_daemon;
+    std::string m_bootstrap_daemon_proxy;
    bool m_should_use_bootstrap_daemon;
    std::chrono::system_clock::time_point m_bootstrap_height_check_time;
    bool m_was_bootstrap_ever_used;
--- a/src/rpc/core_rpc_server_commands_defs.h
+++ b/src/rpc/core_rpc_server_commands_defs.h
@ -1663,11 +1663,13 @@ namespace cryptonote
      std::string address;
      std::string username;
      std::string password;
+      std::string proxy;

      BEGIN_KV_SERIALIZE_MAP()
        KV_SERIALIZE(address)
        KV_SERIALIZE(username)
        KV_SERIALIZE(password)
+        KV_SERIALIZE(proxy)
      END_KV_SERIALIZE_MAP()
    };
    typedef epee::misc_utils::struct_init<request_t> request;
--- a/src/wallet/api/wallet_manager.cpp
+++ b/src/wallet/api/wallet_manager.cpp
@ -49,6 +49,11 @@ namespace epee {

 namespace Monero {

+WalletManagerImpl::WalletManagerImpl()
+{
+    tools::set_strict_default_file_permissions(true);
+}
+
 Wallet *WalletManagerImpl::createWallet(const std::string &path, const std::string &password,
                                    const std::string &language, NetworkType nettype, uint64_t kdf_rounds)
 {
--- a/src/wallet/api/wallet_manager.h
+++ b/src/wallet/api/wallet_manager.h
@ -95,7 +95,7 @@ public:
    bool setProxy(const std::string &address) override;

 private:
-    WalletManagerImpl() {}
+    WalletManagerImpl();
    friend struct WalletManagerFactory;
    net::http::client m_http_client;
    std::string m_errorString;
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@ -8546,18 +8546,30 @@ void wallet2::get_outs(std::vector<std::vector<tools::wallet2::get_outs_entry>>
    }

    // get the keys for those
-    req.get_txid = false;
-
+    // the response can get large and end up rejected by the anti DoS limits, so chunk it if needed
+    size_t offset = 0;
+    while (offset < req.outputs.size())
    {
+      static const size_t chunk_size = 1000;
+      COMMAND_RPC_GET_OUTPUTS_BIN::request chunk_req = AUTO_VAL_INIT(chunk_req);
+      COMMAND_RPC_GET_OUTPUTS_BIN::response chunk_daemon_resp = AUTO_VAL_INIT(chunk_daemon_resp);
+      chunk_req.get_txid = false;
+      for (size_t i = 0; i < std::min<size_t>(req.outputs.size() - offset, chunk_size); ++i)
+        chunk_req.outputs.push_back(req.outputs[offset + i]);
+
      const boost::lock_guard<boost::recursive_mutex> lock{m_daemon_rpc_mutex};
      uint64_t pre_call_credits = m_rpc_payment_state.credits;
-      req.client = get_client_signature();
-      bool r = epee::net_utils::invoke_http_bin("/get_outs.bin", req, daemon_resp, *m_http_client, rpc_timeout);
-      THROW_ON_RPC_RESPONSE_ERROR(r, {}, daemon_resp, "get_outs.bin", error::get_outs_error, get_rpc_status(daemon_resp.status));
-      THROW_WALLET_EXCEPTION_IF(daemon_resp.outs.size() != req.outputs.size(), error::wallet_internal_error,
+      chunk_req.client = get_client_signature();
+      bool r = epee::net_utils::invoke_http_bin("/get_outs.bin", chunk_req, chunk_daemon_resp, *m_http_client, rpc_timeout);
+      THROW_ON_RPC_RESPONSE_ERROR(r, {}, chunk_daemon_resp, "get_outs.bin", error::get_outs_error, get_rpc_status(chunk_daemon_resp.status));
+      THROW_WALLET_EXCEPTION_IF(chunk_daemon_resp.outs.size() != chunk_req.outputs.size(), error::wallet_internal_error,
        "daemon returned wrong response for get_outs.bin, wrong amounts count = " +
-        std::to_string(daemon_resp.outs.size()) + ", expected " +  std::to_string(req.outputs.size()));
-      check_rpc_cost("/get_outs.bin", daemon_resp.credits, pre_call_credits, daemon_resp.outs.size() * COST_PER_OUT);
+        std::to_string(chunk_daemon_resp.outs.size()) + ", expected " +  std::to_string(chunk_req.outputs.size()));
+      check_rpc_cost("/get_outs.bin", chunk_daemon_resp.credits, pre_call_credits, chunk_daemon_resp.outs.size() * COST_PER_OUT);
+
+      offset += chunk_size;
+      for (size_t i = 0; i < chunk_daemon_resp.outs.size(); ++i)
+        daemon_resp.outs.push_back(std::move(chunk_daemon_resp.outs[i]));
    }

    std::unordered_map<uint64_t, uint64_t> scanty_outs;
@ -12184,7 +12196,7 @@ uint64_t wallet2::get_approximate_blockchain_height() const
  // Calculated blockchain height
  uint64_t approx_blockchain_height = fork_block + (time(NULL) - fork_time)/seconds_per_block;
  // testnet got some huge rollbacks, so the estimation is way off
-  static const uint64_t approximate_testnet_rolled_back_blocks = 303967;
+  static const uint64_t approximate_testnet_rolled_back_blocks = 342100;
  if (m_nettype == TESTNET && approx_blockchain_height > approximate_testnet_rolled_back_blocks)
    approx_blockchain_height -= approximate_testnet_rolled_back_blocks;
  LOG_PRINT_L2("Calculated blockchain height: " << approx_blockchain_height);
--- a/src/wallet/wallet_rpc_helpers.h
+++ b/src/wallet/wallet_rpc_helpers.h
@ -28,6 +28,7 @@

 #pragma once

+#include <limits>
 #include <type_traits>

 namespace
--- a/tests/functional_tests/mining.py
+++ b/tests/functional_tests/mining.py
@ -95,7 +95,7 @@ class MiningTest():
        assert res_status.block_reward >= 600000000000

        # wait till we mined a few of them
-        timeout = 60 # randomx is slow to init
+        timeout = 240 # randomx is slow to init
        timeout_height = prev_height
        while True:
            time.sleep(1)