Merge pull request #9864

97e1a49dd checkpoints: update to a recent block height (selsta)
Merge pull request #9867
2025-12-11 01:21:28 +09:00 · 2025-03-26 12:37:43 +00:00 · 2025-03-26 12:36:28 +00:00 · 2025-03-25 18:55:04 -05:00 · 2025-03-25 21:22:47 +01:00 · 2025-03-24 13:58:34 +00:00
280 changed files with 12795 additions and 6106 deletions
--- a/.github/actions/set-make-job-count/action.yml
+++ b/.github/actions/set-make-job-count/action.yml
@ -0,0 +1,22 @@
+name: 'set-make-job-count'
+description: 'Set the MAKE_JOB_COUNT environment variable to a value suitable for the host runner'
+runs:
+  using: "composite"
+  steps:
+    # Each job runner requires 2.25 GiB (i.e. 1024 * 9/4 MiB) memory and
+    # a dedicated logical CPU core
+    - name: set-jobs-macOS
+      if: runner.os == 'macOS'
+      run: |
+        echo MAKE_JOB_COUNT=$(expr $(printf '%s\n%s' $(( $(sysctl -n hw.memsize) * 4 / (1073741824 * 9) )) $(sysctl -n hw.logicalcpu) | sort -n | head -n1) '|' 1) >> $GITHUB_ENV
+      shell: bash
+    - name: set-jobs-windows
+      if: runner.os == 'Windows'
+      run: |
+        echo MAKE_JOB_COUNT=$(expr $(printf '%s\n%s' $(( $(grep MemTotal: /proc/meminfo | cut -d: -f2 | cut -dk -f1) * 4 / (1048576 * 9) )) $(nproc) | sort -n | head -n1) '|' 1) >> $GITHUB_ENV
+      shell: msys2 {0}
+    - name: set-jobs-linux
+      if: runner.os == 'Linux'
+      run: |
+        echo MAKE_JOB_COUNT=$(expr $(printf '%s\n%s' $(( $(grep MemTotal: /proc/meminfo | cut -d: -f2 | cut -dk -f1) * 4 / (1048576 * 9) )) $(nproc) | sort -n | head -n1) '|' 1) >> $GITHUB_ENV
+      shell: bash
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -2,6 +2,9 @@ name: ci/gh-actions/cli

 on:
  push:
+    paths-ignore:
+      - 'docs/**'
+      - '**/README.md'
  pull_request:
    paths-ignore:
      - 'docs/**'
@ -9,40 +12,45 @@ on:

 # The below variables reduce repetitions across similar targets
 env:
-  REMOVE_BUNDLED_BOOST : rm -rf /usr/local/share/boost
-  BUILD_DEFAULT_LINUX: |
-        cmake -S . -B build -D ARCH="default" -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=Release && cmake --build build -j3
-  APT_INSTALL_LINUX: 'sudo apt -y install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev libsodium-dev libhidapi-dev libnorm-dev libusb-1.0-0-dev libpgm-dev libprotobuf-dev protobuf-compiler ccache'
+  # ARCH="default" (not "native") ensures, that a different execution host can execute binaries compiled elsewhere.
+  BUILD_DEFAULT_LINUX: 'cmake -S . -B build -D ARCH="default" -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=Release && cmake --build build --target all && cmake --build build --target wallet_api'
+  APT_INSTALL_LINUX: 'apt -y install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev libsodium-dev libhidapi-dev libusb-1.0-0-dev libprotobuf-dev protobuf-compiler ccache git'
  APT_SET_CONF: |
-        echo "Acquire::Retries \"3\";"         | sudo tee -a /etc/apt/apt.conf.d/80-custom
-        echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
-        echo "Acquire::ftp::Timeout \"120\";"  | sudo tee -a /etc/apt/apt.conf.d/80-custom
+    tee -a /etc/apt/apt.conf.d/80-custom << EOF
+    Acquire::Retries "3";
+    Acquire::http::Timeout "120";
+    Acquire::ftp::Timeout "120";
+    EOF
  CCACHE_SETTINGS: |
-        ccache --max-size=150M
-        ccache --set-config=compression=true
+    ccache --max-size=150M
+    ccache --set-config=compression=true

 jobs:
  build-macos:
+    name: 'macOS (brew)'
    runs-on: macOS-latest
    env:
      CCACHE_TEMPDIR: /tmp/.ccache-temp
    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - uses: actions/cache@v2
-      with:
-        path: /Users/runner/Library/Caches/ccache
-        key: ccache-${{ runner.os }}-build-${{ github.sha }}
-        restore-keys: ccache-${{ runner.os }}-build-
-    - name: install dependencies
-      run: HOMEBREW_NO_AUTO_UPDATE=1 brew install boost hidapi openssl zmq libpgm miniupnpc ldns expat libunwind-headers protobuf ccache
-    - name: build
-      run: |
-        ${{env.CCACHE_SETTINGS}}
-        make -j3
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: actions/cache@v4
+        with:
+          path: /Users/runner/Library/Caches/ccache
+          key: ccache-${{ runner.os }}-build-${{ github.sha }}
+          restore-keys: ccache-${{ runner.os }}-build-
+      - uses: ./.github/actions/set-make-job-count
+      - name: install dependencies
+        run: |
+          HOMEBREW_NO_AUTO_UPDATE=1 brew install boost hidapi openssl zmq libpgm miniupnpc expat libunwind-headers protobuf ccache
+      - name: build
+        run: |
+          ${{env.CCACHE_SETTINGS}}
+          make -j${{env.MAKE_JOB_COUNT}}

  build-windows:
+    name: 'Windows (MSYS2)'
    runs-on: windows-latest
    env:
      CCACHE_TEMPDIR: C:\Users\runneradmin\.ccache-temp
@ -51,132 +59,194 @@ jobs:
      run:
        shell: msys2 {0}
    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - uses: actions/cache@v2
-      with:
-        path: C:\Users\runneradmin\.ccache
-        key: ccache-${{ runner.os }}-build-${{ github.sha }}
-        restore-keys: ccache-${{ runner.os }}-build-
-    - uses: eine/setup-msys2@v2
-      with:
-        update: true
-        install: mingw-w64-x86_64-toolchain make mingw-w64-x86_64-cmake mingw-w64-x86_64-ccache mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-zeromq mingw-w64-x86_64-libsodium mingw-w64-x86_64-hidapi mingw-w64-x86_64-protobuf-c mingw-w64-x86_64-libusb mingw-w64-x86_64-unbound git
-    - name: build
-      run: |
-        ${{env.CCACHE_SETTINGS}}
-        make release-static-win64 -j2
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: actions/cache@v4
+        with:
+          path: C:\Users\runneradmin\.ccache
+          key: ccache-${{ runner.os }}-build-${{ github.sha }}
+          restore-keys: ccache-${{ runner.os }}-build-
+      - uses: msys2/setup-msys2@v2
+        with:
+          update: true
+          install: mingw-w64-x86_64-toolchain make mingw-w64-x86_64-cmake mingw-w64-x86_64-ccache mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-zeromq mingw-w64-x86_64-libsodium mingw-w64-x86_64-hidapi mingw-w64-x86_64-protobuf-c mingw-w64-x86_64-libusb mingw-w64-x86_64-unbound git
+      - uses: ./.github/actions/set-make-job-count
+      - name: build
+        run: |
+          ${{env.CCACHE_SETTINGS}}
+          make release-static-win64 -j${{env.MAKE_JOB_COUNT}}

-# See the OS labels and monitor deprecations here:
-# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
+  build-arch:
+    name: 'Arch Linux'
+    runs-on: ubuntu-latest
+    container:
+      image: archlinux:latest
+    steps:
+      - name: install dependencies
+        run: pacman -Syyu --noconfirm base-devel git cmake boost openssl zeromq unbound libsodium readline expat gtest python3 doxygen graphviz hidapi libusb protobuf
+      - name: configure git
+        run: git config --global --add safe.directory '*'
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: ./.github/actions/set-make-job-count
+      - name: build
+        env:
+          CMAKE_BUILD_PARALLEL_LEVEL: ${{env.MAKE_JOB_COUNT}}
+        run: ${{env.BUILD_DEFAULT_LINUX}}
+
+  build-debian:
+    # Oldest supported Debian version
+    name: 'Debian 10'
+    runs-on: ubuntu-latest
+    container:
+      image: debian:10
+      env:
+        DEBIAN_FRONTEND: noninteractive
+    steps:
+      - name: set apt conf
+        run: ${{env.APT_SET_CONF}}
+      - name: update apt
+        run: apt update
+      - name: install monero dependencies
+        run: ${{env.APT_INSTALL_LINUX}}
+      - name: configure git
+        run: git config --global --add safe.directory '*'
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: ./.github/actions/set-make-job-count
+      - name: build
+        env:
+          CMAKE_BUILD_PARALLEL_LEVEL: ${{env.MAKE_JOB_COUNT}}
+        run: ${{env.BUILD_DEFAULT_LINUX}}

  build-ubuntu:
-    runs-on: ${{ matrix.os }}
-    env:
-      CCACHE_TEMPDIR: /tmp/.ccache-temp
-    strategy:
-      matrix:
-        os: [ubuntu-latest, ubuntu-18.04]
-    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - uses: actions/cache@v2
-      with:
-        path: ~/.ccache
-        key: ccache-${{ runner.os }}-build-${{ matrix.os }}-${{ github.sha }}
-        restore-keys: ccache-${{ runner.os }}-build-${{ matrix.os }}
-    - name: remove bundled boost
-      run: ${{env.REMOVE_BUNDLED_BOOST}}
-    - name: set apt conf
-      run: ${{env.APT_SET_CONF}}
-    - name: update apt
-      run: sudo apt update
-    - name: install monero dependencies
-      run: ${{env.APT_INSTALL_LINUX}}
-    - name: build
-      run: |
-        ${{env.CCACHE_SETTINGS}}
-        ${{env.BUILD_DEFAULT_LINUX}}
-
-  libwallet-ubuntu:
+    name: ${{ matrix.name }}
    runs-on: ubuntu-latest
-    env:
-      CCACHE_TEMPDIR: /tmp/.ccache-temp
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Oldest supported Ubuntu LTS version
+          - name: Ubuntu 20.04
+            container: ubuntu:20.04
+
+          # Most popular Ubuntu LTS version
+          - name: Ubuntu 22.04
+            container: ubuntu:22.04
+    container:
+      image: ${{ matrix.container }}
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        CCACHE_TEMPDIR: /tmp/.ccache-temp
+        CCACHE_DIR: ~/.ccache
    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - uses: actions/cache@v2
-      with:
-        path: ~/.ccache
-        key: ccache-${{ runner.os }}-libwallet-${{ github.sha }}
-        restore-keys: ccache-${{ runner.os }}-libwallet-
-    - name: remove bundled boost
-      run: ${{env.REMOVE_BUNDLED_BOOST}}
-    - name: set apt conf
-      run: ${{env.APT_SET_CONF}}
-    - name: update apt
-      run: sudo apt update
-    - name: install monero dependencies
-      run: ${{env.APT_INSTALL_LINUX}}
-    - name: build
-      run: |
-        ${{env.CCACHE_SETTINGS}}
-        cmake .
-        make wallet_api -j3
+      - name: set apt conf
+        run: ${{env.APT_SET_CONF}}
+      - name: update apt
+        run: apt update
+      - name: install monero dependencies
+        run: ${{env.APT_INSTALL_LINUX}}
+      - name: configure git
+        run: git config --global --add safe.directory '*'
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: actions/cache@v4
+        with:
+          path: ~/.ccache
+          key: ccache-${{ matrix.container }}-build-${{ github.sha }}
+          restore-keys: ccache-${{ matrix.container }}-build-
+      - uses: ./.github/actions/set-make-job-count
+      - name: build
+        env:
+          CMAKE_BUILD_PARALLEL_LEVEL: ${{env.MAKE_JOB_COUNT}}
+        run: |
+          ${{env.CCACHE_SETTINGS}}
+          ${{env.BUILD_DEFAULT_LINUX}}

  test-ubuntu:
+    name: "${{ matrix.name }} (tests)"
    needs: build-ubuntu
    runs-on: ubuntu-latest
-    env:
-      CCACHE_TEMPDIR: /tmp/.ccache-temp
-    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - name: ccache
-      uses: actions/cache@v2
-      with:
-        path: ~/.ccache
-        key: ccache-${{ runner.os }}-build-ubuntu-latest-${{ github.sha }}
-        restore-keys: ccache-${{ runner.os }}-build-ubuntu-latest
-    - name: remove bundled boost
-      run: ${{env.REMOVE_BUNDLED_BOOST}}
-    - name: set apt conf
-      run: ${{env.APT_SET_CONF}}
-    - name: update apt
-      run: sudo apt update
-    - name: install monero dependencies
-      run: ${{env.APT_INSTALL_LINUX}}
-    - name: install Python dependencies
-      run: pip install requests psutil monotonic
-    - name: tests
+    strategy:
+      matrix:
+        include:
+          - name: Ubuntu 20.04
+            container: ubuntu:20.04
+    container:
+      image: ${{ matrix.container }}
      env:
-        CTEST_OUTPUT_ON_FAILURE: ON
-      run: |
-        ${{env.CCACHE_SETTINGS}}
-        ${{env.BUILD_DEFAULT_LINUX}}
-        cmake --build build --target test
-
-# ARCH="default" (not "native") ensures, that a different execution host can execute binaries compiled elsewhere.
-# BUILD_SHARED_LIBS=ON speeds up the linkage part a bit, reduces size, and is the only place where the dynamic linkage is tested.
+        DEBIAN_FRONTEND: noninteractive
+        CCACHE_TEMPDIR: /tmp/.ccache-temp
+        CCACHE_DIR: ~/.ccache
+      # Setting up a loop device (losetup) requires additional capabilities.
+      # tests/create_test_disks.sh
+      options: --privileged
+    steps:
+      - name: set apt conf
+        run: ${{env.APT_SET_CONF}}
+      - name: update apt
+        run: apt update
+      - name: install monero dependencies
+        run: ${{env.APT_INSTALL_LINUX}}
+      - name: install pip
+        run: apt install -y python3-pip
+      - name: install Python dependencies
+        run: pip install requests psutil monotonic zmq deepdiff
+      - name: configure git
+        run: git config --global --add safe.directory '*'
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - uses: actions/cache@v4
+        with:
+          path: ~/.ccache
+          key: ccache-${{ matrix.container }}-build-${{ github.sha }}
+          restore-keys: ccache-${{ matrix.container }}-build-
+      - name: create dummy disk drives for testing
+        run: tests/create_test_disks.sh >> $GITHUB_ENV
+      - uses: ./.github/actions/set-make-job-count
+      - name: tests
+        env:
+          CTEST_OUTPUT_ON_FAILURE: ON
+          DNS_PUBLIC: tcp://9.9.9.9
+          CMAKE_BUILD_PARALLEL_LEVEL: ${{env.MAKE_JOB_COUNT}}
+        run: |
+          ${{env.CCACHE_SETTINGS}}
+          ${{env.BUILD_DEFAULT_LINUX}}
+          cmake --build build --target test

  source-archive:
-    runs-on: ubuntu-20.04
+    name: "source archive"
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:20.04
+      env:
+        DEBIAN_FRONTEND: noninteractive
    steps:
-    - uses: actions/checkout@v1
-      with:
-        submodules: recursive
-    - name: archive
-      run: |
-        pip install git-archive-all
-        export VERSION="monero-$(git describe)"
-        export OUTPUT="$VERSION.tar"
-        echo "OUTPUT=$OUTPUT" >> $GITHUB_ENV
-        /home/runner/.local/bin/git-archive-all --prefix "$VERSION/" --force-submodules "$OUTPUT"
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{ env.OUTPUT }}
-        path: /home/runner/work/monero/monero/${{ env.OUTPUT }}
+      - name: set apt conf
+        run: ${{env.APT_SET_CONF}}
+      - name: update apt
+        run: apt update
+      - name: install dependencies
+        run: apt install -y git python3-pip
+      - name: configure git
+        run: git config --global --add safe.directory '*'
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: recursive
+      - name: archive
+        run: |
+          pip install git-archive-all
+          export VERSION="monero-$(git describe)"
+          export OUTPUT="$VERSION.tar"
+          echo "OUTPUT=$OUTPUT" >> $GITHUB_ENV
+          git-archive-all --prefix "$VERSION/" --force-submodules "$OUTPUT"
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.OUTPUT }}
+          path: ${{ env.OUTPUT }}
--- a/.github/workflows/depends.yml
+++ b/.github/workflows/depends.yml
@ -9,18 +9,23 @@ on:

 env:
  APT_SET_CONF: |
-        echo "Acquire::Retries \"3\";"         | sudo tee -a /etc/apt/apt.conf.d/80-custom
-        echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
-        echo "Acquire::ftp::Timeout \"120\";"  | sudo tee -a /etc/apt/apt.conf.d/80-custom
+    tee -a /etc/apt/apt.conf.d/80-custom << EOF
+    Acquire::Retries "3";
+    Acquire::http::Timeout "120";
+    Acquire::ftp::Timeout "120";
+    EOF
  CCACHE_SETTINGS: |
        ccache --max-size=150M
        ccache --set-config=compression=true

 jobs:
  build-cross:
-    runs-on: ubuntu-18.04
-    env:
-      CCACHE_TEMPDIR: /tmp/.ccache-temp
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:20.04
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        CCACHE_TEMPDIR: /tmp/.ccache-temp
    strategy:
      fail-fast: false
      matrix:
@ -36,40 +41,47 @@ jobs:
            packages: "python3 gperf g++-aarch64-linux-gnu"
          - name: "i686 Win"
            host: "i686-w64-mingw32"
-            packages: "python3 g++-mingw-w64-i686 qttools5-dev-tools"
+            packages: "python3 g++-mingw-w64-i686"
          - name: "i686 Linux"
            host: "i686-pc-linux-gnu"
            packages: "gperf cmake g++-multilib python3-zmq"
          - name: "Win64"
            host: "x86_64-w64-mingw32"
-            packages: "cmake python3 g++-mingw-w64-x86-64 qttools5-dev-tools"
+            packages: "cmake python3 g++-mingw-w64-x86-64"
          - name: "x86_64 Linux"
            host: "x86_64-unknown-linux-gnu"
            packages: "gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev"
          - name: "Cross-Mac x86_64"
            host: "x86_64-apple-darwin11"
-            packages: "cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git"
+            packages: "cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git libtinfo5"
          - name: "Cross-Mac aarch64"
            host: "aarch64-apple-darwin11"
-            packages: "cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git"
+            packages: "cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git libtinfo5"
          - name: "x86_64 Freebsd"
            host: "x86_64-unknown-freebsd"
            packages: "clang-8 gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev"
    name: ${{ matrix.toolchain.name }}
    steps:
-    - uses: actions/checkout@v1
+    - name: set apt conf
+      run: ${{env.APT_SET_CONF}}
+    - name: install dependencies
+      run: apt update; apt -y install build-essential libtool cmake autotools-dev automake pkg-config python3 gperf bsdmainutils curl git ca-certificates unzip ccache ${{ matrix.toolchain.packages }}
+    - name: configure git
+      run: git config --global --add safe.directory '*'
+    - uses: actions/checkout@v4
      with:
+        fetch-depth: 0
        submodules: recursive
 # Most volatile cache
    - name: ccache
-      uses: actions/cache@v2
+      uses: actions/cache@v4
      with:
        path: ~/.ccache
        key: ccache-${{ matrix.toolchain.host }}-${{ github.sha }}
        restore-keys: ccache-${{ matrix.toolchain.host }}-
 # Less volatile cache
    - name: depends cache
-      uses: actions/cache@v2
+      uses: actions/cache@v4
      with:
        path: contrib/depends/built
        key: depends-${{ matrix.toolchain.host }}-${{ hashFiles('contrib/depends/packages/*') }}
@ -78,28 +90,24 @@ jobs:
          depends-${{ matrix.toolchain.host }}-
 # Static cache
    - name: OSX SDK cache
-      uses: actions/cache@v2
+      uses: actions/cache@v4
      with:
        path: contrib/depends/sdk-sources
        key: sdk-${{ matrix.toolchain.host }}-${{ matrix.toolchain.osx_sdk }}
        restore-keys: sdk-${{ matrix.toolchain.host }}-${{ matrix.toolchain.osx_sdk }}
-    - name: set apt conf
-      run: ${{env.APT_SET_CONF}}
-    - name: install dependencies
-      run: sudo apt update; sudo apt -y install build-essential libtool cmake autotools-dev automake pkg-config bsdmainutils curl git ca-certificates ccache ${{ matrix.toolchain.packages }}
    - name: prepare w64-mingw32
      if: ${{ matrix.toolchain.host == 'x86_64-w64-mingw32' || matrix.toolchain.host == 'i686-w64-mingw32' }}
      run: |
-        sudo update-alternatives --set ${{ matrix.toolchain.host }}-g++ $(which ${{ matrix.toolchain.host }}-g++-posix)
-        sudo update-alternatives --set ${{ matrix.toolchain.host }}-gcc $(which ${{ matrix.toolchain.host }}-gcc-posix)
+        update-alternatives --set ${{ matrix.toolchain.host }}-g++ $(which ${{ matrix.toolchain.host }}-g++-posix)
+        update-alternatives --set ${{ matrix.toolchain.host }}-gcc $(which ${{ matrix.toolchain.host }}-gcc-posix)
    - name: build
      run: |
        ${{env.CCACHE_SETTINGS}}
-        make depends target=${{ matrix.toolchain.host }} -j2
-    - uses: actions/upload-artifact@v2
+        make depends target=${{ matrix.toolchain.host }} -j4
+    - uses: actions/upload-artifact@v4
      if: ${{ matrix.toolchain.host == 'x86_64-w64-mingw32' || matrix.toolchain.host == 'x86_64-apple-darwin11' || matrix.toolchain.host == 'x86_64-unknown-linux-gnu' }}
      with:
        name: ${{ matrix.toolchain.name }}
        path: |
-          /home/runner/work/monero/monero/build/${{ matrix.toolchain.host }}/release/bin/monero-wallet-cli*
-          /home/runner/work/monero/monero/build/${{ matrix.toolchain.host }}/release/bin/monerod*
+          build/${{ matrix.toolchain.host }}/release/bin/monero-wallet-cli*
+          build/${{ matrix.toolchain.host }}/release/bin/monerod*
--- a/.github/workflows/gitian.yml
+++ b/.github/workflows/gitian.yml
@ -0,0 +1,49 @@
+name: ci/gh-actions/gitian
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build-gitian:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system:
+          - name: "Linux"
+            option: "l"
+          - name: "Windows"
+            option: "w"
+          - name: "Android"
+            option: "a"
+          - name: "FreeBSD"
+            option: "f"
+          - name: "macOS"
+            option: "m"
+    name: ${{ matrix.operating-system.name }}
+    steps:
+    - name: prepare
+      run: |
+        sudo apt update
+        curl -O https://raw.githubusercontent.com/monero-project/monero/${{ github.ref_name }}/contrib/gitian/gitian-build.py
+        chmod +x gitian-build.py
+    - name: setup
+      run: |
+        ./gitian-build.py --setup --docker github-actions ${{ github.ref_name }}
+    - name: build
+      run: |
+        ./gitian-build.py --docker --detach-sign --no-commit --build -j 3 -o ${{ matrix.operating-system.option }} github-actions ${{ github.ref_name }}
+    - name: post build
+      run: |
+        cd out/${{ github.ref_name }}
+        shasum -a256 *
+        echo \`\`\` >> $GITHUB_STEP_SUMMARY
+        shasum -a256 * >> $GITHUB_STEP_SUMMARY
+        echo \`\`\` >> $GITHUB_STEP_SUMMARY
+    - uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.operating-system.name }}
+        path: |
+          out/${{ github.ref_name }}/*
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -794,7 +794,7 @@ else()
    set(USE_LTO_DEFAULT false)
    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,10485760")
    if(NOT BUILD_64)
-      add_definitions(-DWINVER=0x0501 -D_WIN32_WINNT=0x0501)
+      add_definitions(-DWINVER=0x0600 -D_WIN32_WINNT=0x0600)
    endif()
  endif()
  set(C_WARNINGS "-Waggregate-return -Wnested-externs -Wold-style-definition -Wstrict-prototypes")
@ -1075,27 +1075,39 @@ if(STATIC)
  set(Boost_USE_STATIC_LIBS ON)
  set(Boost_USE_STATIC_RUNTIME ON)
 endif()
-find_package(Boost 1.58 QUIET REQUIRED COMPONENTS system filesystem thread date_time chrono regex serialization program_options locale)
-add_definitions(-DBOOST_ASIO_ENABLE_SEQUENTIAL_STRAND_ALLOCATION)

-set(CMAKE_FIND_LIBRARY_SUFFIXES ${OLD_LIB_SUFFIXES})
+# Find Boost headers
+set(BOOST_MIN_VER 1.62)
+find_package(Boost ${BOOST_MIN_VER} QUIET REQUIRED)
+
 if(NOT Boost_FOUND)
-  die("Could not find Boost libraries, please make sure you have installed Boost or libboost-all-dev (>=1.58) or the equivalent")
+  die("Could not find Boost libraries, please make sure you have installed Boost or libboost-all-dev (>=${BOOST_MIN_VER}) or the equivalent")
 elseif(Boost_FOUND)
-  message(STATUS "Found Boost Version: ${Boost_VERSION}")
-  if (Boost_VERSION VERSION_LESS 10 AND Boost_VERSION VERSION_LESS 1.62.0 AND NOT (OPENSSL_VERSION VERSION_LESS 1.1))
-    set(BOOST_BEFORE_1_62 true)
+  message(STATUS "Found Boost Version: ${Boost_VERSION_STRING}")
+
+  set(BOOST_COMPONENTS filesystem thread date_time chrono serialization program_options locale)
+
+  # Boost System is header-only since 1.69
+  if (Boost_VERSION_STRING VERSION_LESS 1.69.0)
+    list(APPEND BOOST_COMPONENTS system)
  endif()
-  if (NOT Boost_VERSION VERSION_LESS 10 AND Boost_VERSION VERSION_LESS 106200 AND NOT (OPENSSL_VERSION VERSION_LESS 1.1))
-    set(BOOST_BEFORE_1_62 true)
-  endif()
-  if (BOOST_BEFORE_1_62)
-      message(FATAL_ERROR "Boost ${Boost_VERSION} (older than 1.62) is too old to link with OpenSSL ${OPENSSL_VERSION} (1.1 or newer) found at ${OPENSSL_INCLUDE_DIR} and ${OPENSSL_LIBRARIES}. "
-                          "Update Boost or install OpenSSL 1.0 and set path to it when running cmake: "
-                          "cmake -DOPENSSL_ROOT_DIR='/usr/include/openssl-1.0'")
+
+  # Boost Regex is header-only since 1.77
+  if (Boost_VERSION_STRING VERSION_LESS 1.77.0)
+    list(APPEND BOOST_COMPONENTS regex)
  endif()
+
+  message(STATUS "Boost components: ${BOOST_COMPONENTS}")
+
+  # Find required Boost libraries
+  find_package(Boost ${BOOST_MIN_VER} QUIET REQUIRED COMPONENTS ${BOOST_COMPONENTS})
+  set(CMAKE_FIND_LIBRARY_SUFFIXES ${OLD_LIB_SUFFIXES})
 endif()

+add_definitions(-DBOOST_ASIO_ENABLE_SEQUENTIAL_STRAND_ALLOCATION)
+add_definitions(-DBOOST_NO_AUTO_PTR)
+add_definitions(-DBOOST_UUID_DISABLE_ALIGNMENT) # This restores UUID's std::has_unique_object_representations property
+
 include_directories(SYSTEM ${Boost_INCLUDE_DIRS})
 if(MINGW)
  set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -Wa,-mbig-obj")
@ -1178,6 +1190,9 @@ find_library(NORM_LIBRARY norm)
 find_library(GSSAPI_LIBRARY gssapi_krb5)
 find_library(PROTOLIB_LIBRARY protolib)
 find_library(SODIUM_LIBRARY sodium)
+find_library(BSD_LIBRARY bsd)
+find_library(MD_LIBRARY md)
+find_library(PROTOKIT_LIBRARY protokit)

 if(NOT ZMQ_INCLUDE_PATH)
  message(FATAL_ERROR "Could not find required header zmq.h")
@ -1185,6 +1200,7 @@ endif()
 if(NOT ZMQ_LIB)
  message(FATAL_ERROR "Could not find required libzmq")
 endif()
+include_directories(${ZMQ_INCLUDE_PATH})
 if(PGM_LIBRARY)
  set(ZMQ_LIB "${ZMQ_LIB};${PGM_LIBRARY}")
 endif()
@ -1198,7 +1214,24 @@ if(PROTOLIB_LIBRARY)
  set(ZMQ_LIB "${ZMQ_LIB};${PROTOLIB_LIBRARY}")
 endif()
 if(SODIUM_LIBRARY)
+  message(STATUS "ZMQ_LIB: ${ZMQ_LIB};${SODIUM_LIBRARY}")
  set(ZMQ_LIB "${ZMQ_LIB};${SODIUM_LIBRARY}")
+  find_path(SODIUM_INCLUDE_PATH sodium/crypto_verify_32.h)
+  if (SODIUM_INCLUDE_PATH)
+    message(STATUS "SODIUM_INCLUDE_PATH: ${SODIUM_INCLUDE_PATH}")
+    include_directories(${SODIUM_INCLUDE_PATH})
+  else()
+    message(FATAL_ERROR "Could not find required sodium/crypto_verify_32.h")
+  endif()
+endif()
+if(BSD_LIBRARY)
+  set(ZMQ_LIB "${ZMQ_LIB};${BSD_LIBRARY}")
+endif()
+if(MD_LIBRARY)
+  set(ZMQ_LIB "${ZMQ_LIB};${MD_LIBRARY}")
+endif()
+if(PROTOKIT_LIBRARY)
+  set(ZMQ_LIB "${ZMQ_LIB};${PROTOKIT_LIBRARY}")
 endif()

 include(external/supercop/functions.cmake) # place after setting flags and before src directory inclusion
--- a/4
+++ b/4
@ -48,7 +48,7 @@ all: release-all

 depends:
 	cd contrib/depends && $(MAKE) HOST=$(target) && cd ../.. && mkdir -p build/$(target)/release
-	cd build/$(target)/release && cmake -DCMAKE_TOOLCHAIN_FILE=$(CURDIR)/contrib/depends/$(target)/share/toolchain.cmake ../../.. && $(MAKE)
+	cd build/$(target)/release && USE_DEVICE_TREZOR_MANDATORY=1 cmake -DCMAKE_TOOLCHAIN_FILE=$(CURDIR)/contrib/depends/$(target)/share/toolchain.cmake ../../.. && $(MAKE)

 cmake-debug:
 	mkdir -p $(builddir)/debug
@ -104,7 +104,7 @@ release-all:

 release-static:
 	mkdir -p $(builddir)/release
-	cd $(builddir)/release && cmake -D STATIC=ON -D ARCH="x86-64" -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release $(topdir) && $(MAKE)
+	cd $(builddir)/release && cmake -D STATIC=ON -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release $(topdir) && $(MAKE)

 coverage:
 	mkdir -p $(builddir)/debug
--- a/README.md
+++ b/README.md
@ -138,8 +138,8 @@ Dates are provided in the format YYYY-MM-DD.
 | 1978433                        | 2019-11-30 | v12               | v0.15.0.0              | v0.16.0.0                  | New PoW based on RandomX, only allow >= 2 outputs, change to the block median used to calculate penalty, v1 coinbases are forbidden, rct sigs in coinbase forbidden, 10 block lock time for incoming outputs
 | 2210000                        | 2020-10-17 | v13               | v0.17.0.0              | v0.17.3.2                  | New CLSAG transaction format
 | 2210720                        | 2020-10-18 | v14               | v0.17.1.1              | v0.17.3.2                  | forbid old MLSAG transaction format
-| 2688888                        | 2022-08-13 | v15               | v0.18.0.0              | v0.18.0.0                  | ringsize = 16, bulletproofs+, view tags, adjusted dynamic block weight algorithm
-| 2689608                        | 2022-08-14 | v16               | v0.18.0.0              | v0.18.0.0                  | forbid old v14 transaction format
+| 2688888                        | 2022-08-13 | v15               | v0.18.0.0              | v0.18.4.0                  | ringsize = 16, bulletproofs+, view tags, adjusted dynamic block weight algorithm
+| 2689608                        | 2022-08-14 | v16               | v0.18.0.0              | v0.18.4.0                  | forbid old v14 transaction format
 | XXXXXXX                        | XXX-XX-XX | XXX                | vX.XX.X.X              | vX.XX.X.X                  | XXX |

 X's indicate that these details have not been determined as of commit date.
@ -168,8 +168,8 @@ library archives (`.a`).
 | GCC          | 5             | NO       | `build-essential`    | `base-devel` | `base-devel`       | `gcc`               | NO       |                 |
 | CMake        | 3.5           | NO       | `cmake`              | `cmake`      | `cmake`            | `cmake`             | NO       |                 |
 | pkg-config   | any           | NO       | `pkg-config`         | `base-devel` | `base-devel`       | `pkgconf`           | NO       |                 |
-| Boost        | 1.58          | NO       | `libboost-all-dev`   | `boost`      | `boost-devel`      | `boost-devel`       | NO       | C++ libraries   |
-| OpenSSL      | basically any | NO       | `libssl-dev`         | `openssl`    | `libressl-devel`   | `openssl-devel`     | NO       | sha256 sum      |
+| Boost        | 1.66          | NO       | `libboost-all-dev`   | `boost`      | `boost-devel`      | `boost-devel`       | NO       | C++ libraries   |
+| OpenSSL      | basically any | NO       | `libssl-dev`         | `openssl`    | `openssl-devel`    | `openssl-devel`     | NO       | sha256 sum      |
 | libzmq       | 4.2.0         | NO       | `libzmq3-dev`        | `zeromq`     | `zeromq-devel`     | `zeromq-devel`      | NO       | ZeroMQ library  |
 | OpenPGM      | ?             | NO       | `libpgm-dev`         | `libpgm`     |                    | `openpgm-devel`     | NO       | For ZeroMQ      |
 | libnorm[2]   | ?             | NO       | `libnorm-dev`        |              |                    |                     | YES      | For ZeroMQ      |
@ -178,7 +178,6 @@ library archives (`.a`).
 | libunwind    | any           | NO       | `libunwind8-dev`     | `libunwind`  | `libunwind-devel`  | `libunwind-devel`   | YES      | Stack traces    |
 | liblzma      | any           | NO       | `liblzma-dev`        | `xz`         | `liblzma-devel`    | `xz-devel`          | YES      | For libunwind   |
 | libreadline  | 6.3.0         | NO       | `libreadline6-dev`   | `readline`   | `readline-devel`   | `readline-devel`    | YES      | Input editing   |
-| ldns         | 1.6.17        | NO       | `libldns-dev`        | `ldns`       | `libldns-devel`    | `ldns-devel`        | YES      | SSL toolkit     |
 | expat        | 1.1           | NO       | `libexpat1-dev`      | `expat`      | `expat-devel`      | `expat-devel`       | YES      | XML parsing     |
 | GTest        | 1.5           | YES      | `libgtest-dev`[1]    | `gtest`      | `gtest-devel`      | `gtest-devel`       | YES      | Test suite      |
 | ccache       | any           | NO       | `ccache`             | `ccache`     | `ccache`           | `ccache`            | YES      | Compil. cache   |
@ -205,23 +204,23 @@ then:
 Install all dependencies at once on Debian/Ubuntu:

 ```
-sudo apt update && sudo apt install build-essential cmake pkg-config libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev libexpat1-dev libpgm-dev qttools5-dev-tools libhidapi-dev libusb-1.0-0-dev libprotobuf-dev protobuf-compiler libudev-dev libboost-chrono-dev libboost-date-time-dev libboost-filesystem-dev libboost-locale-dev libboost-program-options-dev libboost-regex-dev libboost-serialization-dev libboost-system-dev libboost-thread-dev python3 ccache doxygen graphviz
+sudo apt update && sudo apt install build-essential cmake pkg-config libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libexpat1-dev libpgm-dev qttools5-dev-tools libhidapi-dev libusb-1.0-0-dev libprotobuf-dev protobuf-compiler libudev-dev libboost-chrono-dev libboost-date-time-dev libboost-filesystem-dev libboost-locale-dev libboost-program-options-dev libboost-regex-dev libboost-serialization-dev libboost-system-dev libboost-thread-dev python3 ccache doxygen graphviz
 ```

 Install all dependencies at once on Arch:
 ```
-sudo pacman -Syu --needed base-devel cmake boost openssl zeromq libpgm unbound libsodium libunwind xz readline ldns expat gtest python3 ccache doxygen graphviz qt5-tools hidapi libusb protobuf systemd
+sudo pacman -Syu --needed base-devel cmake boost openssl zeromq libpgm unbound libsodium libunwind xz readline expat gtest python3 ccache doxygen graphviz qt5-tools hidapi libusb protobuf systemd
 ```

 Install all dependencies at once on Fedora:
 ```
-sudo dnf install gcc gcc-c++ cmake pkgconf boost-devel openssl-devel zeromq-devel openpgm-devel unbound-devel libsodium-devel libunwind-devel xz-devel readline-devel ldns-devel expat-devel gtest-devel ccache doxygen graphviz qt5-linguist hidapi-devel libusbx-devel protobuf-devel protobuf-compiler systemd-devel
+sudo dnf install gcc gcc-c++ cmake pkgconf boost-devel openssl-devel zeromq-devel openpgm-devel unbound-devel libsodium-devel libunwind-devel xz-devel readline-devel expat-devel gtest-devel ccache doxygen graphviz qt5-linguist hidapi-devel libusbx-devel protobuf-devel protobuf-compiler systemd-devel
 ```

 Install all dependencies at once on openSUSE:

 ```
-sudo zypper ref && sudo zypper in cppzmq-devel ldns-devel libboost_chrono-devel libboost_date_time-devel libboost_filesystem-devel libboost_locale-devel libboost_program_options-devel libboost_regex-devel libboost_serialization-devel libboost_system-devel libboost_thread-devel libexpat-devel libminiupnpc-devel libsodium-devel libunwind-devel unbound-devel cmake doxygen ccache fdupes gcc-c++ libevent-devel libopenssl-devel pkgconf-pkg-config readline-devel xz-devel libqt5-qttools-devel patterns-devel-C-C++-devel_C_C++
+sudo zypper ref && sudo zypper in cppzmq-devel libboost_chrono-devel libboost_date_time-devel libboost_filesystem-devel libboost_locale-devel libboost_program_options-devel libboost_regex-devel libboost_serialization-devel libboost_system-devel libboost_thread-devel libexpat-devel libminiupnpc-devel libsodium-devel libunwind-devel unbound-devel cmake doxygen ccache fdupes gcc-c++ libevent-devel libopenssl-devel pkgconf-pkg-config readline-devel xz-devel libqt5-qttools-devel patterns-devel-C-C++-devel_C_C++
 ```

 Install all dependencies at once on macOS with the provided Brewfile:
@ -345,7 +344,7 @@ Tested on a Raspberry Pi Zero with a clean install of minimal Raspbian Stretch (
    ```bash
    git clone https://github.com/monero-project/monero.git
    cd monero
-    git checkout v0.18.0.0
+    git checkout v0.18.4.0
    ```

 * Build:
@ -464,10 +463,10 @@ application.
    cd monero
    ```

-* If you would like a specific [version/tag](https://github.com/monero-project/monero/tags), do a git checkout for that version. eg. 'v0.18.0.0'. If you don't care about the version and just want binaries from master, skip this step:
+* If you would like a specific [version/tag](https://github.com/monero-project/monero/tags), do a git checkout for that version. eg. 'v0.18.4.0'. If you don't care about the version and just want binaries from master, skip this step:

    ```bash
-    git checkout v0.18.0.0
+    git checkout v0.18.4.0
    ```

 * If you are on a 64-bit system, run:
--- a/cmake/CheckTrezor.cmake
+++ b/cmake/CheckTrezor.cmake
@ -55,6 +55,10 @@ if (USE_DEVICE_TREZOR)
        set(Protobuf_FOUND 1)  # override found if all rquired info was provided by variables
    endif()

+    if (Protobuf_VERSION VERSION_GREATER_EQUAL 22.0)
+        add_definitions(-DPROTOBUF_HAS_ABSEIL)
+    endif()
+
    if(TREZOR_DEBUG)
        set(USE_DEVICE_TREZOR_DEBUG 1)
    endif()
--- a/cmake/FindLibUSB.cmake
+++ b/cmake/FindLibUSB.cmake
@ -113,7 +113,7 @@ if ( LibUSB_FOUND )
    if (APPLE OR LibUSB_VERSION_1.0.16 OR STATIC)
        if (APPLE)
            if(DEPENDS)
-                list(APPEND TEST_COMPILE_EXTRA_LIBRARIES "-framework Foundation -framework IOKit")
+                list(APPEND TEST_COMPILE_EXTRA_LIBRARIES "-framework Foundation -framework IOKit -framework Security")
            else()
                find_library(COREFOUNDATION CoreFoundation)
                find_library(IOKIT IOKit)
--- a/contrib/brew/Brewfile
+++ b/contrib/brew/Brewfile
@ -25,7 +25,6 @@ brew "unbound"
 brew "libsodium"
 brew "miniupnpc"
 brew "readline"
-brew "ldns"
 brew "expat"
 brew "ccache"
 brew "doxygen"
--- a/contrib/depends/Makefile
+++ b/contrib/depends/Makefile
@ -21,18 +21,24 @@ host_toolchain:=$(HOST)-
 endif

 ifneq ($(DEBUG),)
-release_type=Debug
+release_type=debug
 else
-release_type=Release
+release_type=release
 endif

 ifneq ($(TESTS),)
 build_tests=ON
-release_type=Debug
+release_type=debug
 else
 build_tests=OFF
 endif

+ifeq ($(release_type),debug)
+cmake_release_type=Debug
+else
+cmake_release_type=Release
+endif
+
 base_build_dir=$(BASEDIR)/work/build
 base_staging_dir=$(BASEDIR)/work/staging
 base_download_dir=$(BASEDIR)/work/download
@ -110,8 +116,7 @@ $(host_arch)_$(host_os)_id_string+=$(shell $(host_CXX) --version 2>/dev/null)
 $(host_arch)_$(host_os)_id_string+=$(shell $(host_RANLIB) --version 2>/dev/null)
 $(host_arch)_$(host_os)_id_string+=$(shell $(host_STRIP) --version 2>/dev/null)

-qt_packages_$(NO_QT) = $(qt_packages) 
-packages += $($(host_arch)_$(host_os)_packages) $($(host_os)_packages) $(qt_packages_)
+packages += $($(host_arch)_$(host_os)_packages) $($(host_os)_packages)
 native_packages += $($(host_arch)_$(host_os)_native_packages) $($(host_os)_native_packages)

 all_packages = $(packages) $(native_packages)
@ -180,7 +185,7 @@ $(host_prefix)/share/toolchain.cmake : toolchain.cmake.in $(host_prefix)/.stamp_
            -e 's|@LDFLAGS@|$(strip $(host_LDFLAGS) $(host_$(release_type)_LDFLAGS))|' \
            -e 's|@allow_host_packages@|$(ALLOW_HOST_PACKAGES)|' \
            -e 's|@debug@|$(DEBUG)|' \
-            -e 's|@release_type@|$(release_type)|' \
+            -e 's|@release_type@|$(cmake_release_type)|' \
            -e 's|@build_tests@|$(build_tests)|' \
            -e 's|@depends@|$(host_cmake)|' \
            -e 's|@prefix@|$($(host_arch)_$(host_os)_prefix)|'\
--- a/contrib/depends/config.site.in
+++ b/contrib/depends/config.site.in
@ -7,27 +7,12 @@ ac_tool_prefix=${host_alias}-
 if test -z $with_boost; then
  with_boost=$depends_prefix
 fi
-if test -z $with_qt_plugindir; then
-  with_qt_plugindir=$depends_prefix/plugins
-fi
-if test -z $with_qt_translationdir; then
-  with_qt_translationdir=$depends_prefix/translations
-fi

 if test x@host_os@ = xdarwin; then
  BREW=no
  PORT=no
 fi

-if test x@host_os@ = xmingw32; then
-  if test -z $with_qt_incdir; then
-    with_qt_incdir=$depends_prefix/include
-  fi
-  if test -z $with_qt_libdir; then
-    with_qt_libdir=$depends_prefix/lib
-  fi
-fi
-
 PATH=$depends_prefix/native/bin:$PATH
 PKG_CONFIG="`which pkg-config` --static"

--- a/contrib/depends/funcs.mk
+++ b/contrib/depends/funcs.mk
@ -143,8 +143,11 @@ $(1)_config_env+=PKG_CONFIG_PATH=$($($(1)_type)_prefix)/share/pkgconfig
 $(1)_config_env+=PATH="$(build_prefix)/bin:$(PATH)"
 $(1)_build_env+=PATH="$(build_prefix)/bin:$(PATH)"
 $(1)_stage_env+=PATH="$(build_prefix)/bin:$(PATH)"
-$(1)_autoconf=./configure --host=$($($(1)_type)_host) --disable-dependency-tracking --prefix=$($($(1)_type)_prefix) $$($(1)_config_opts) CC="$$($(1)_cc)" CXX="$$($(1)_cxx)"
+$(1)_autoconf=./configure --host=$($($(1)_type)_host) --prefix=$($($(1)_type)_prefix) $$($(1)_config_opts) CC="$$($(1)_cc)" CXX="$$($(1)_cxx)"

+ifeq ($(filter $(1),libusb unbound),)
+$(1)_autoconf += --disable-dependency-tracking
+endif
 ifneq ($($(1)_nm),)
 $(1)_autoconf += NM="$$($(1)_nm)"
 endif
--- a/contrib/depends/packages/boost.mk
+++ b/contrib/depends/packages/boost.mk
@ -1,15 +1,15 @@
 package=boost                                                                                                                                                                                                                      
-$(package)_version=1_64_0
-$(package)_download_path=https://downloads.sourceforge.net/project/boost/boost/1.64.0/
-$(package)_file_name=$(package)_$($(package)_version).tar.bz2
-$(package)_sha256_hash=7bcc5caace97baa948931d712ea5f37038dbb1c5d89b43ad4def4ed7cb683332
+$(package)_version=1.69.0
+$(package)_download_path=https://archives.boost.io/release/$($(package)_version)/source/
+$(package)_file_name=$(package)_$(subst .,_,$($(package)_version)).tar.gz
+$(package)_sha256_hash=9a2c2819310839ea373f42d69e733c339b4e9a19deab6bfec448281554aa4dbb
 $(package)_dependencies=libiconv
 $(package)_patches=fix_aroptions.patch fix_arm_arch.patch

 define $(package)_set_vars
 $(package)_config_opts_release=variant=release
 $(package)_config_opts_debug=variant=debug
-$(package)_config_opts=--layout=tagged --build-type=complete --user-config=user-config.jam
+$(package)_config_opts+=--layout=system --user-config=user-config.jam
 $(package)_config_opts+=threading=multi link=static -sNO_BZIP2=1 -sNO_ZLIB=1
 $(package)_config_opts_linux=threadapi=pthread runtime-link=shared
 $(package)_config_opts_android=threadapi=pthread runtime-link=static target-os=android
--- a/contrib/depends/packages/expat.mk
+++ b/contrib/depends/packages/expat.mk
@ -1,12 +1,12 @@
 package=expat
-$(package)_version=2.4.1
-$(package)_download_path=https://github.com/libexpat/libexpat/releases/download/R_2_4_1
+$(package)_version=2.6.0
+$(package)_download_path=https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$($(package)_version))/
 $(package)_file_name=$(package)-$($(package)_version).tar.bz2
-$(package)_sha256_hash=2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40
+$(package)_sha256_hash=ff60e6a6b6ce570ae012dc7b73169c7fdf4b6bf08c12ed0ec6f55736b78d85ba

 define $(package)_set_vars
-$(package)_config_opts=--enable-static
-$(package)_config_opts=--disable-shared
+$(package)_config_opts=--disable-shared --without-docbook --without-tests --without-examples
+$(package)_config_opts+=--enable-option-checking --without-xmlwf --with-pic
 $(package)_config_opts+=--prefix=$(host_prefix)
 endef

@ -23,6 +23,6 @@ define $(package)_stage_cmds
 endef

 define $(package)_postprocess_cmds
-  rm lib/*.la
+  rm -rf share lib/cmake lib/*.la
 endef

--- a/contrib/depends/packages/hidapi.mk
+++ b/contrib/depends/packages/hidapi.mk
@ -1,8 +1,8 @@
 package=hidapi
-$(package)_version=0.11.0
-$(package)_download_path=https://github.com/libusb/hidapi/archive
+$(package)_version=0.13.1
+$(package)_download_path=https://github.com/libusb/hidapi/archive/refs/tags
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=391d8e52f2d6a5cf76e2b0c079cfefe25497ba1d4659131297081fc0cd744632
+$(package)_sha256_hash=476a2c9a4dc7d1fc97dd223b84338dbea3809a84caea2dcd887d9778725490e3
 $(package)_linux_dependencies=libusb eudev
 $(package)_patches=missing_win_include.patch

--- a/contrib/depends/packages/ldns.mk
+++ b/contrib/depends/packages/ldns.mk
@ -1,34 +0,0 @@
-package=ldns
-$(package)_version=1.7.1
-$(package)_download_path=https://www.nlnetlabs.nl/downloads/$(package)/
-$(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229
-$(package)_dependencies=openssl
-
-define $(package)_set_vars
-  $(package)_config_opts=--disable-shared --enable-static --with-drill
-  $(package)_config_opts+=--with-ssl=$(host_prefix)
-  $(package)_config_opts_release=--disable-debug-mode
-  $(package)_config_opts_linux=--with-pic
-endef
-
-define $(package)_preprocess_cmds
-   cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub .
-endef
-
-define $(package)_config_cmds
-  $($(package)_autoconf)
-endef
-
-define $(package)_build_cmds
-  $(MAKE)
-endef
-
-define $(package)_stage_cmds
-  $(MAKE) DESTDIR=$($(package)_staging_dir) install-h install-lib
-endef
-
-define $(package)_postprocess_cmds
-  rm lib/*.la
-endef
-
--- a/contrib/depends/packages/libusb.mk
+++ b/contrib/depends/packages/libusb.mk
@ -1,8 +1,8 @@
 package=libusb
-$(package)_version=1.0.22
-$(package)_download_path=https://sourceforge.net/projects/libusb/files/libusb-1.0/libusb-$($(package)_version)/
+$(package)_version=1.0.26
+$(package)_download_path=https://github.com/libusb/libusb/releases/download/v$($(package)_version)
 $(package)_file_name=$(package)-$($(package)_version).tar.bz2
-$(package)_sha256_hash=75aeb9d59a4fdb800d329a545c2e6799f732362193b465ea198f2aa275518157
+$(package)_sha256_hash=12ce7a61fc9854d1d2a1ffe095f7b5fac19ddba095c259e6067a46500381b5a5

 define $(package)_preprocess_cmds
  autoreconf -i
--- a/contrib/depends/packages/openssl.mk
+++ b/contrib/depends/packages/openssl.mk
@ -1,21 +1,19 @@
 package=openssl
-$(package)_version=1.1.1l
+$(package)_version=3.0.13
 $(package)_download_path=https://www.openssl.org/source
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
-$(package)_patches=fix_darwin.patch
+$(package)_sha256_hash=88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313

 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" ARFLAGS=$($(package)_arflags) RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
-$(package)_config_env_android=ANDROID_NDK_HOME="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
-$(package)_build_env_android=ANDROID_NDK_HOME="$(host_prefix)/native"
-$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
+$(package)_config_env_android=ANDROID_NDK_ROOT="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
+$(package)_build_env_android=ANDROID_NDK_ROOT="$(host_prefix)/native"
+$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl --libdir=$(host_prefix)/lib
 $(package)_config_opts+=no-capieng
 $(package)_config_opts+=no-dso
 $(package)_config_opts+=no-dtls1
 $(package)_config_opts+=no-ec_nistp_64_gcc_128
 $(package)_config_opts+=no-gost
-$(package)_config_opts+=no-heartbeats
 $(package)_config_opts+=no-md2
 $(package)_config_opts+=no-rc5
 $(package)_config_opts+=no-rdrand
@ -23,8 +21,8 @@ $(package)_config_opts+=no-rfc3779
 $(package)_config_opts+=no-sctp
 $(package)_config_opts+=no-shared
 $(package)_config_opts+=no-ssl-trace
-$(package)_config_opts+=no-ssl2
 $(package)_config_opts+=no-ssl3
+$(package)_config_opts+=no-tests
 $(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
 $(package)_config_opts+=no-zlib
@ -50,8 +48,7 @@ $(package)_config_opts_x86_64_freebsd=BSD-x86_64
 endef

 define $(package)_preprocess_cmds
-  sed -i.old 's|"engines", "apps", "test", "util", "tools", "fuzz"|"engines", "tools"|' Configure && \
-  patch -p1 < $($(package)_patch_dir)/fix_darwin.patch
+  sed -i.old 's|crypto ssl apps util tools fuzz providers doc|crypto ssl util tools providers|' build.info
 endef

 define $(package)_config_cmds
--- a/contrib/depends/packages/packages.mk
+++ b/contrib/depends/packages/packages.mk
@ -1,4 +1,4 @@
-packages:=boost openssl zeromq libiconv expat ldns unbound
+packages:=boost openssl zeromq libiconv expat unbound

 # ccache is useless in gitian builds
 ifneq ($(GITIAN),1)
@ -20,7 +20,6 @@ freebsd_packages = ncurses readline sodium

 linux_packages = eudev ncurses readline sodium $(hardware_packages)
 linux_native_packages = $(hardware_native_packages)
-qt_packages = qt

 ifeq ($(build_tests),ON)
 packages += gtest
--- a/contrib/depends/packages/qt.mk
+++ b/contrib/depends/packages/qt.mk
@ -1,175 +0,0 @@
-PACKAGE=qt
-$(package)_version=5.15.1
-$(package)_download_path=https://download.qt.io/official_releases/qt/5.15/$($(package)_version)/submodules
-$(package)_suffix=everywhere-src-$($(package)_version).tar.xz
-$(package)_file_name=qtbase-$($(package)_suffix)
-$(package)_sha256_hash=33960404d579675b7210de103ed06a72613bfc4305443e278e2d32a3eb1f3d8c
-$(package)_build_subdir=qtbase
-$(package)_qt_libs=corelib
-$(package)_patches=fix_qt_pkgconfig.patch fix_no_printer.patch fix_rcc_determinism.patch no-xlib.patch
-
-$(package)_qttranslations_file_name=qttranslations-$($(package)_suffix)
-$(package)_qttranslations_sha256_hash=46e0c0e3a511fbcc803a4146204062e47f6ed43b34d98a3c27372a03b8746bd8
-
-$(package)_qttools_file_name=qttools-$($(package)_suffix)
-$(package)_qttools_sha256_hash=c98ee5f0f980bf68cbf0c94d62434816a92441733de50bd9adbe9b9055f03498
-
-$(package)_extra_sources  = $($(package)_qttranslations_file_name)
-$(package)_extra_sources += $($(package)_qttools_file_name)
-
-define $(package)_set_vars
-$(package)_config_opts_release = -release
-$(package)_config_opts_debug = -debug
-$(package)_config_opts += -bindir $(build_prefix)/bin
-$(package)_config_opts += -c++std c++11
-$(package)_config_opts += -confirm-license
-$(package)_config_opts += -dbus-runtime
-$(package)_config_opts += -hostprefix $(build_prefix)
-$(package)_config_opts += -no-compile-examples
-$(package)_config_opts += -no-cups
-$(package)_config_opts += -no-egl
-$(package)_config_opts += -no-eglfs
-$(package)_config_opts += -no-evdev
-$(package)_config_opts += -no-gui
-$(package)_config_opts += -no-freetype
-$(package)_config_opts += -no-gif
-$(package)_config_opts += -no-glib
-$(package)_config_opts += -no-icu
-$(package)_config_opts += -no-ico
-$(package)_config_opts += -no-iconv
-$(package)_config_opts += -no-kms
-$(package)_config_opts += -no-linuxfb
-$(package)_config_opts += -no-libjpeg
-$(package)_config_opts += -no-libudev
-$(package)_config_opts += -no-mtdev
-$(package)_config_opts += -no-openvg
-$(package)_config_opts += -no-reduce-relocations
-$(package)_config_opts += -no-sql-db2
-$(package)_config_opts += -no-sql-ibase
-$(package)_config_opts += -no-sql-oci
-$(package)_config_opts += -no-sql-tds
-$(package)_config_opts += -no-sql-mysql
-$(package)_config_opts += -no-sql-odbc
-$(package)_config_opts += -no-sql-psql
-$(package)_config_opts += -no-sql-sqlite
-$(package)_config_opts += -no-sql-sqlite2
-$(package)_config_opts += -no-use-gold-linker
-$(package)_config_opts += -nomake examples
-$(package)_config_opts += -nomake tests
-$(package)_config_opts += -opensource
-$(package)_config_opts += -no-openssl
-$(package)_config_opts += -optimized-qmake
-$(package)_config_opts += -pch
-$(package)_config_opts += -pkg-config
-$(package)_config_opts += -prefix $(host_prefix)
-$(package)_config_opts += -no-libpng
-$(package)_config_opts += -qt-pcre
-$(package)_config_opts += -qt-harfbuzz
-$(package)_config_opts += -no-zlib
-$(package)_config_opts += -static
-$(package)_config_opts += -silent
-$(package)_config_opts += -v
-$(package)_config_opts += -no-feature-bearermanagement
-$(package)_config_opts += -no-feature-colordialog
-$(package)_config_opts += -no-feature-dial
-$(package)_config_opts += -no-feature-filesystemwatcher
-$(package)_config_opts += -no-feature-fontcombobox
-$(package)_config_opts += -no-feature-ftp
-$(package)_config_opts += -no-feature-image_heuristic_mask
-$(package)_config_opts += -no-feature-keysequenceedit
-$(package)_config_opts += -no-feature-lcdnumber
-$(package)_config_opts += -no-feature-pdf
-$(package)_config_opts += -no-feature-printdialog
-$(package)_config_opts += -no-feature-printer
-$(package)_config_opts += -no-feature-printpreviewdialog
-$(package)_config_opts += -no-feature-printpreviewwidget
-$(package)_config_opts += -no-feature-sessionmanager
-$(package)_config_opts += -no-feature-sql
-$(package)_config_opts += -no-feature-statemachine
-$(package)_config_opts += -no-feature-syntaxhighlighter
-$(package)_config_opts += -no-feature-textbrowser
-$(package)_config_opts += -no-feature-textodfwriter
-$(package)_config_opts += -no-feature-topleveldomain
-$(package)_config_opts += -no-feature-udpsocket
-$(package)_config_opts += -no-feature-undocommand
-$(package)_config_opts += -no-feature-undogroup
-$(package)_config_opts += -no-feature-undostack
-$(package)_config_opts += -no-feature-undoview
-$(package)_config_opts += -no-feature-vnc
-$(package)_config_opts += -no-feature-wizard
-$(package)_config_opts_linux = -no-fontconfig
-$(package)_config_opts_linux += -no-opengl
-$(package)_config_opts_linux += -no-xcb
-$(package)_config_opts_linux += -no-feature-xlib
-endef
-
-define $(package)_fetch_cmds
-$(call fetch_file,$(package),$($(package)_download_path),$($(package)_download_file),$($(package)_file_name),$($(package)_sha256_hash)) && \
-$(call fetch_file,$(package),$($(package)_download_path),$($(package)_qttranslations_file_name),$($(package)_qttranslations_file_name),$($(package)_qttranslations_sha256_hash)) && \
-$(call fetch_file,$(package),$($(package)_download_path),$($(package)_qttools_file_name),$($(package)_qttools_file_name),$($(package)_qttools_sha256_hash))
-endef
-
-define $(package)_extract_cmds
-  mkdir -p $($(package)_extract_dir) && \
-  echo "$($(package)_sha256_hash)  $($(package)_source)" > $($(package)_extract_dir)/.$($(package)_file_name).hash && \
-  echo "$($(package)_qttranslations_sha256_hash)  $($(package)_source_dir)/$($(package)_qttranslations_file_name)" >> $($(package)_extract_dir)/.$($(package)_file_name).hash && \
-  echo "$($(package)_qttools_sha256_hash)  $($(package)_source_dir)/$($(package)_qttools_file_name)" >> $($(package)_extract_dir)/.$($(package)_file_name).hash && \
-  $(build_SHA256SUM) -c $($(package)_extract_dir)/.$($(package)_file_name).hash && \
-  mkdir qtbase && \
-  tar --strip-components=1 -xf $($(package)_source) -C qtbase && \
-  mkdir qttranslations && \
-  tar --strip-components=1 -xf $($(package)_source_dir)/$($(package)_qttranslations_file_name) -C qttranslations && \
-  mkdir qttools && \
-  tar --strip-components=1 -xf $($(package)_source_dir)/$($(package)_qttools_file_name) -C qttools
-endef
-
-
-define $(package)_preprocess_cmds
-  sed -i.old "s|FT_Get_Font_Format|FT_Get_X11_Font_Format|" qtbase/src/platformsupport/fontdatabases/freetype/qfontengine_ft.cpp && \
-  sed -i.old "s|updateqm.commands = \$$$$\$$$$LRELEASE|updateqm.commands = $($(package)_extract_dir)/qttools/bin/lrelease|" qttranslations/translations/translations.pro && \
-  sed -i.old "/updateqm.depends =/d" qttranslations/translations/translations.pro && \
-  sed -i.old "s/src_plugins.depends = src_sql src_network/src_plugins.depends = src_network/" qtbase/src/src.pro && \
-  cp -r qtbase/mkspecs/linux-arm-gnueabi-g++ qtbase/mkspecs/bitcoin-linux-g++ && \
-  sed -i.old "s/arm-linux-gnueabi-/$(host)-/g" qtbase/mkspecs/bitcoin-linux-g++/qmake.conf && \
-  patch -p1 -i $($(package)_patch_dir)/fix_qt_pkgconfig.patch && \
-  patch -p1 -i $($(package)_patch_dir)/fix_no_printer.patch && \
-  echo "!host_build: QMAKE_CFLAGS     += $($(package)_cflags) $($(package)_cppflags)" >> qtbase/mkspecs/common/gcc-base.conf && \
-  echo "!host_build: QMAKE_CXXFLAGS   += $($(package)_cxxflags) $($(package)_cppflags)" >> qtbase/mkspecs/common/gcc-base.conf && \
-  echo "!host_build: QMAKE_LFLAGS     += $($(package)_ldflags)" >> qtbase/mkspecs/common/gcc-base.conf && \
-  patch -p1 -i $($(package)_patch_dir)/no-xlib.patch && \
-  echo "QMAKE_LINK_OBJECT_MAX = 10" >> qtbase/mkspecs/win32-g++/qmake.conf && \
-  echo "QMAKE_LINK_OBJECT_SCRIPT = object_script" >> qtbase/mkspecs/win32-g++/qmake.conf && \
-  sed -i.old "s|QMAKE_CFLAGS           += |!host_build: QMAKE_CFLAGS            = $($(package)_cflags) $($(package)_cppflags) |" qtbase/mkspecs/win32-g++/qmake.conf && \
-  sed -i.old "s|QMAKE_CXXFLAGS         += |!host_build: QMAKE_CXXFLAGS            = $($(package)_cxxflags) $($(package)_cppflags) |" qtbase/mkspecs/win32-g++/qmake.conf && \
-  sed -i.old "0,/^QMAKE_LFLAGS_/s|^QMAKE_LFLAGS_|!host_build: QMAKE_LFLAGS            = $($(package)_ldflags)\n&|" qtbase/mkspecs/win32-g++/qmake.conf && \
-  sed -i.old "s/LIBRARY_PATH/(CROSS_)?\0/g" qtbase/mkspecs/features/toolchain.prf
-endef
-
-define $(package)_config_cmds
-  export PKG_CONFIG_SYSROOT_DIR=/ && \
-  export PKG_CONFIG_LIBDIR=$(host_prefix)/lib/pkgconfig && \
-  export PKG_CONFIG_PATH=$(host_prefix)/share/pkgconfig  && \
-  ./configure $($(package)_config_opts) && \
-  echo "CONFIG += force_bootstrap" >> mkspecs/qconfig.pri && \
-  $(MAKE) sub-src-clean && \
-  cd ../qttranslations && ../qtbase/bin/qmake qttranslations.pro -o Makefile && \
-  cd translations && ../../qtbase/bin/qmake translations.pro -o Makefile && cd ../.. &&\
-  cd qttools/src/linguist/lrelease/ && ../../../../qtbase/bin/qmake lrelease.pro -o Makefile
-endef
-
-define $(package)_build_cmds
-  $(MAKE) -C src $(addprefix sub-,$($(package)_qt_libs)) && \
-  $(MAKE) -C ../qttools/src/linguist/lrelease && \
-  $(MAKE) -C ../qttranslations
-endef
-
-define $(package)_stage_cmds
-  $(MAKE) -C src INSTALL_ROOT=$($(package)_staging_dir) $(addsuffix -install_subtargets,$(addprefix sub-,$($(package)_qt_libs))) && cd .. &&\
-  $(MAKE) -C qttools/src/linguist/lrelease INSTALL_ROOT=$($(package)_staging_dir) install_target && \
-  $(MAKE) -C qttranslations INSTALL_ROOT=$($(package)_staging_dir) install_subtargets
-endef
-
-define $(package)_postprocess_cmds
-  rm -rf native/mkspecs/ native/lib/ lib/cmake/ && \
-  rm -f lib/lib*.la lib/*.prl plugins/*/*.prl
-endef
--- a/contrib/depends/packages/unbound.mk
+++ b/contrib/depends/packages/unbound.mk
@ -1,17 +1,21 @@
 package=unbound
-$(package)_version=1.15.0
+$(package)_version=1.19.1
 $(package)_download_path=https://www.nlnetlabs.nl/downloads/$(package)/
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=a480dc6c8937447b98d161fe911ffc76cfaffa2da18788781314e81339f1126f
-$(package)_dependencies=openssl expat ldns
+$(package)_sha256_hash=bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9
+$(package)_dependencies=openssl expat
 $(package)_patches=disable-glibc-reallocarray.patch


 define $(package)_set_vars
-  $(package)_config_opts=--disable-shared --enable-static --without-pyunbound --prefix=$(host_prefix) --with-libexpat=$(host_prefix) --with-ssl=$(host_prefix) --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only
+  $(package)_config_opts=--disable-shared --enable-static --without-pyunbound --prefix=$(host_prefix)
+  $(package)_config_opts+=--with-libexpat=$(host_prefix) --with-ssl=$(host_prefix) --with-libevent=no
+  $(package)_config_opts+=--without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only
  $(package)_config_opts_linux=--with-pic
  $(package)_config_opts_w64=--enable-static-exe --sysconfdir=/etc --prefix=$(host_prefix) --target=$(host_prefix)
+  $(package)_config_opts_x86_64_darwin=ac_cv_func_SHA384_Init=yes
  $(package)_build_opts_mingw32=LDFLAGS="$($(package)_ldflags) -lpthread"
+  $(package)_cflags_mingw32+="-D_WIN32_WINNT=0x600"
 endef

 define $(package)_preprocess_cmds
@ -30,6 +34,3 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
-
-define $(package)_postprocess_cmds
-endef
--- a/contrib/depends/patches/openssl/fix_darwin.patch
+++ b/contrib/depends/patches/openssl/fix_darwin.patch
@ -1,60 +0,0 @@
-From 96ac8f13f4d0ee96baf5724d9f96c44c34b8606c Mon Sep 17 00:00:00 2001
-From: David Carlier <devnexen@gmail.com>
-Date: Tue, 24 Aug 2021 22:40:14 +0100
-Subject: [PATCH] Darwin platform allows to build on releases before
- Yosemite/ios 8.
-
-issue #16407 #16408
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/16409)
---
- crypto/rand/rand_unix.c |  5 +----
- include/crypto/rand.h   | 10 ++++++++++
- 2 files changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
-index 43f1069d151d..0f4525106af7 100644
--- a/crypto/rand/rand_unix.c
-+++ b/crypto/rand/rand_unix.c
-@@ -34,9 +34,6 @@
- #if defined(__OpenBSD__)
- # include <sys/param.h>
- #endif
-#if defined(__APPLE__)
-# include <CommonCrypto/CommonRandom.h>
-#endif
- 
- #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
- # include <sys/types.h>
-@@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
-         if (errno != ENOSYS)
-             return -1;
-     }
-#  elif defined(__APPLE__)
-+#  elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
-     if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
- 	    return (ssize_t)buflen;
- 
-diff --git a/include/crypto/rand.h b/include/crypto/rand.h
-index 5350d3a93119..674f840fd13c 100644
--- a/include/crypto/rand.h
-+++ b/include/crypto/rand.h
-@@ -20,6 +20,16 @@
- 
- # include <openssl/rand.h>
- 
-+# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
-+#  include <Availability.h>
-+#  if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \
-+     (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
-+#   define OPENSSL_APPLE_CRYPTO_RANDOM 1
-+#   include <CommonCrypto/CommonCryptoError.h>
-+#   include <CommonCrypto/CommonRandom.h>
-+#  endif
-+# endif
-+
- /* forward declaration */
- typedef struct rand_pool_st RAND_POOL;
- 
--- a/contrib/depends/patches/qt/fix_no_printer.patch
+++ b/contrib/depends/patches/qt/fix_no_printer.patch
@ -1,19 +0,0 @@
--- x/qtbase/src/plugins/platforms/cocoa/qprintengine_mac_p.h
-+++ y/qtbase/src/plugins/platforms/cocoa/qprintengine_mac_p.h
-@@ -52,6 +52,7 @@
- //
-
- #include <QtCore/qglobal.h>
-+#include <qpa/qplatformprintdevice.h>
-
- #ifndef QT_NO_PRINTER
-
--- x/qtbase/src/plugins/plugins.pro
-+++ y/qtbase/src/plugins/plugins.pro
-@@ -9,6 +9,3 @@ qtHaveModule(gui) {
-     !android:qtConfig(library): SUBDIRS *= generic
- }
- qtHaveModule(widgets): SUBDIRS += styles
-
-!winrt:qtHaveModule(printsupport): \
-    SUBDIRS += printsupport
--- a/contrib/depends/patches/qt/fix_qt_pkgconfig.patch
+++ b/contrib/depends/patches/qt/fix_qt_pkgconfig.patch
@ -1,11 +0,0 @@
--- old/qtbase/mkspecs/features/qt_module.prf
-+++ new/qtbase/mkspecs/features/qt_module.prf
-@@ -269,7 +269,7 @@ load(qt_installs)
- load(qt_targets)
- 
- # this builds on top of qt_common
-!internal_module:if(unix|mingw):!if(darwin:debug_and_release:CONFIG(debug, debug|release)) {
-+if(unix|mingw):!if(darwin:debug_and_release:CONFIG(debug, debug|release)) {
-     CONFIG += create_pc
-     QMAKE_PKGCONFIG_DESTDIR = pkgconfig
-     host_build: \
--- a/contrib/depends/patches/qt/fix_rcc_determinism.patch
+++ b/contrib/depends/patches/qt/fix_rcc_determinism.patch
@ -1,15 +0,0 @@
--- old/qtbase/src/tools/rcc/rcc.cpp
-+++ new/qtbase/src/tools/rcc/rcc.cpp
-@@ -207,7 +207,11 @@ void RCCFileInfo::writeDataInfo(RCCResourceLibrary &lib)
-     if (lib.formatVersion() >= 2) {
-         // last modified time stamp
-         const QDateTime lastModified = m_fileInfo.lastModified();
-        lib.writeNumber8(quint64(lastModified.isValid() ? lastModified.toMSecsSinceEpoch() : 0));
-+        quint64 lastmod = quint64(lastModified.isValid() ? lastModified.toMSecsSinceEpoch() : 0);
-+        static const quint64 sourceDate = 1000 * qgetenv("QT_RCC_SOURCE_DATE_OVERRIDE").toULongLong();
-+        if (sourceDate != 0)
-+            lastmod = sourceDate;
-+        lib.writeNumber8(lastmod);
-         if (text || pass1)
-             lib.writeChar('\n');
-     }
--- a/contrib/depends/patches/qt/no-xlib.patch
+++ b/contrib/depends/patches/qt/no-xlib.patch
@ -1,69 +0,0 @@
-From 9563cef873ae82e06f60708d706d054717e801ce Mon Sep 17 00:00:00 2001
-From: Carl Dong <contact@carldong.me>
-Date: Thu, 18 Jul 2019 17:22:05 -0400
-Subject: [PATCH] Wrap xlib related code blocks in #if's
-
-They are not necessary to compile QT.
---
- qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp b/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp
-index 7c62c2e2b3..c05c6c0a07 100644
--- a/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp
-+++ b/qtbase/src/plugins/platforms/xcb/qxcbcursor.cpp
-@@ -49,7 +49,9 @@
- #include <QtGui/QWindow>
- #include <QtGui/QBitmap>
- #include <QtGui/private/qguiapplication_p.h>
-+#if QT_CONFIG(xcb_xlib) && QT_CONFIG(library)
- #include <X11/cursorfont.h>
-+#endif
- #include <xcb/xfixes.h>
- #include <xcb/xcb_image.h>
- 
-@@ -391,6 +393,7 @@ void QXcbCursor::changeCursor(QCursor *cursor, QWindow *window)
-     xcb_flush(xcb_connection());
- }
- 
-+#if QT_CONFIG(xcb_xlib) && QT_CONFIG(library)
- static int cursorIdForShape(int cshape)
- {
-     int cursorId = 0;
-@@ -444,6 +447,7 @@ static int cursorIdForShape(int cshape)
-     }
-     return cursorId;
- }
-+#endif
- 
- xcb_cursor_t QXcbCursor::createNonStandardCursor(int cshape)
- {
-@@ -556,7 +560,9 @@ static xcb_cursor_t loadCursor(void *dpy, int cshape)
- xcb_cursor_t QXcbCursor::createFontCursor(int cshape)
- {
-     xcb_connection_t *conn = xcb_connection();
-+#if QT_CONFIG(xcb_xlib) && QT_CONFIG(library)
-     int cursorId = cursorIdForShape(cshape);
-+#endif
-     xcb_cursor_t cursor = XCB_NONE;
- 
-     // Try Xcursor first
-@@ -586,6 +592,7 @@ xcb_cursor_t QXcbCursor::createFontCursor(int cshape)
-     // Non-standard X11 cursors are created from bitmaps
-     cursor = createNonStandardCursor(cshape);
- 
-+#if QT_CONFIG(xcb_xlib) && QT_CONFIG(library)
-     // Create a glpyh cursor if everything else failed
-     if (!cursor && cursorId) {
-         cursor = xcb_generate_id(conn);
-@@ -593,6 +600,7 @@ xcb_cursor_t QXcbCursor::createFontCursor(int cshape)
-                                 cursorId, cursorId + 1,
-                                 0xFFFF, 0xFFFF, 0xFFFF, 0, 0, 0);
-     }
-+#endif
- 
-     if (cursor && cshape >= 0 && cshape < Qt::LastCursor && connection()->hasXFixes()) {
-         const char *name = cursorNames[cshape].front();
---
-2.22.0
-
--- a/contrib/depends/toolchain.cmake.in
+++ b/contrib/depends/toolchain.cmake.in
@ -27,8 +27,6 @@ SET(Terminfo_LIBRARY @prefix@/lib/libtinfo.a)
 SET(UNBOUND_INCLUDE_DIR @prefix@/include)
 SET(UNBOUND_LIBRARIES @prefix@/lib/libunbound.a)

-SET(LRELEASE_PATH @prefix@/native/bin CACHE FILEPATH "path to lrelease" FORCE)
-
 if(NOT CMAKE_SYSTEM_NAME STREQUAL "Android")
 SET(LIBUNWIND_INCLUDE_DIR @prefix@/include)
 SET(LIBUNWIND_LIBRARIES @prefix@/lib/libunwind.a)
@ -146,8 +144,11 @@ elseif(ARCHITECTURE STREQUAL "aarch64")
 endif()

 if(ARCHITECTURE STREQUAL "riscv64")
-    set(NO_AES ON)
-    set(ARCH "rv64imafdc")
+  if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    set(BUILD_TAG "linux-riscv64")
+  endif()
+  set(ARCH_ID "riscv64")
+  set(ARCH "rv64gc")
 endif()

 if(ARCHITECTURE STREQUAL "i686")
--- a/contrib/epee/include/byte_stream.h
+++ b/contrib/epee/include/byte_stream.h
@ -74,6 +74,7 @@ namespace epee
  public:
    using char_type = std::uint8_t;
    using Ch = char_type;
+    using value_type = char_type;

    //! Increase internal buffer by at least `byte_stream_increase` bytes.
    byte_stream() noexcept
@ -86,6 +87,7 @@ namespace epee
    ~byte_stream() noexcept = default;
    byte_stream& operator=(byte_stream&& rhs) noexcept;

+    std::uint8_t* data() noexcept { return buffer_.get(); }
    const std::uint8_t* data() const noexcept { return buffer_.get(); }
    std::uint8_t* tellp() const noexcept { return next_write_; }
    std::size_t available() const noexcept { return end_ - next_write_; }
--- a/contrib/epee/include/file_io_utils.h
+++ b/contrib/epee/include/file_io_utils.h
@ -29,6 +29,7 @@

 #include <string>
 #include <ctime>
+#include <cstdint>

 namespace epee
 {
@ -37,7 +38,6 @@ namespace file_io_utils
    bool is_file_exist(const std::string& path);
    bool save_string_to_file(const std::string& path_to_file, const std::string& str);
    bool load_file_to_string(const std::string& path_to_file, std::string& target_str, size_t max_size = 1000000000);
-    bool get_file_size(const std::string& path_to_file, uint64_t &size);
 }
 }

--- a/contrib/epee/include/md5_l.h
+++ b/contrib/epee/include/md5_l.h
@ -1,96 +0,0 @@
-/*
- * libEtPan! -- a mail stuff library
- *
- * Copyright (C) 2001, 2005 - DINH Viet Hoa
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the libEtPan! project nor the names of its
- *    contributors may be used to endorse or promote products derived
- *    from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * $Id: md5.h,v 1.1.1.1 2005/03/18 20:17:27 zautrix Exp $
- */
-
-/* MD5.H - header file for MD5C.C
- */
-
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
-#ifndef MD5_H
-#define MD5_H
-
-
-#include "md5global.h"
-
-namespace md5
-{
-	/* MD5 context. */
-	typedef struct {
-		UINT4 state[4];                                   /* state (ABCD) */
-		UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
-		unsigned char buffer[64];                         /* input buffer */
-	} MD5_CTX;
-
-	static void MD5Init(MD5_CTX * context);
-	static void MD5Update( MD5_CTX *context, const unsigned char *input, unsigned int inputLen );
-	static void MD5Final ( unsigned char digest[16], MD5_CTX *context );
-
-	
-	inline bool md5( unsigned char *input, int ilen, unsigned char output[16] )
-	{
-		MD5_CTX ctx;
-
-		MD5Init( &ctx );
-		MD5Update( &ctx, input, ilen );
-		MD5Final( output, &ctx);
-
-		memwipe( &ctx, sizeof( MD5_CTX ));
-		return true;
-	}
-
-
-}
-
-#include "md5_l.inl"
-
-#endif
--- a/contrib/epee/include/md5_l.inl
+++ b/contrib/epee/include/md5_l.inl
@ -1,352 +0,0 @@
-/*
-* libEtPan! -- a mail stuff library
-*
-* Copyright (C) 2001, 2005 - DINH Viet Hoa
-* All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-*    notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-*    notice, this list of conditions and the following disclaimer in the
-*    documentation and/or other materials provided with the distribution.
-* 3. Neither the name of the libEtPan! project nor the names of its
-*    contributors may be used to endorse or promote products derived
-*    from this software without specific prior written permission.
-*
-* THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-* ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-* SUCH DAMAGE.
-*/
-
-/*
-* $Id: md5.c,v 1.1.1.1 2005/03/18 20:17:27 zautrix Exp $
-*/
-
-/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
-*/
-
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-
-These notices must be retained in any copies of any part of this
-documentation and/or software.
-*/
-
-#ifdef _WIN32
-# include <winsock2.h>
-#else
-# include <arpa/inet.h>
-#endif
-#include "md5global.h"
-#include "md5_l.h"
-
-namespace md5
-{
-	/* Constants for MD5Transform routine.
-	*/
-
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-	static void MD5_memcpy (POINTER output, POINTER input, unsigned int len)
-	{
-		unsigned int i; 
-
-		for (i = 0; i < len; i++) 
-			output[i] = input[i]; 
-	}
-
-	static void MD5Transform (UINT4 state[4], unsigned char block[64]);
-
-	static unsigned char* PADDING()
-	{
-		static unsigned char local_PADDING[64] = {
-			0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 
-		};
-
-		return local_PADDING;
-
-	}
-
-
-
-	/* F, G, H and I are basic MD5 functions.
-
-	*/
-#ifdef I
-	/* This might be defined via NANA */
-#undef I
-#endif
-
-#define MD5_M_F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define MD5_M_G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define MD5_M_H(x, y, z) ((x) ^ (y) ^ (z))
-#define MD5_M_I(x, y, z) ((y) ^ ((x) | (~z)))
-
-	/* ROTATE_LEFT rotates x left n bits.
-
-	*/
-
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-	/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-	Rotation is separate from addition to prevent recomputation.
-	*/
-
-#define FF(a, b, c, d, x, s, ac) { (a) += MD5_M_F ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s));        (a) += (b);        } 
-#define GG(a, b, c, d, x, s, ac) {        (a) += MD5_M_G ((b), (c), (d)) + (x) + (UINT4)(ac);        (a) = ROTATE_LEFT ((a), (s));        (a) += (b);         } 
-#define HH(a, b, c, d, x, s, ac) {        (a) += MD5_M_H ((b), (c), (d)) + (x) + (UINT4)(ac);        (a) = ROTATE_LEFT ((a), (s));        (a) += (b);        } 
-#define II(a, b, c, d, x, s, ac) {        (a) += MD5_M_I ((b), (c), (d)) + (x) + (UINT4)(ac);        (a) = ROTATE_LEFT ((a), (s));        (a) += (b);        } 
-
-	/* MD5 initialization. Begins an MD5 operation, writing a new context.
-	*/
-
-	static void MD5Init(MD5_CTX * context)
-	{
-		context->count[0] = context->count[1] = 0; 
-
-		/* Load magic initialization constants.
-
-		*/
-		context->state[0] = 0x67452301; 
-		context->state[1] = 0xefcdab89; 
-		context->state[2] = 0x98badcfe; 
-		context->state[3] = 0x10325476; 
-	}
-
-	/* MD5 block update operation. Continues an MD5 message-digest
-	operation, processing another message block, and updating the context. 
-	*/
-
-	static void MD5Update( MD5_CTX *context, const unsigned char *input, unsigned int inputLen )
-	{
-		unsigned int i, index, partLen; 
-
-		/* Compute number of bytes mod 64 */
-		index = (unsigned int)((context->count[0] >> 3) & 0x3F);
-
-		/* Update number of bits */
-		if ((context->count[0] += ((UINT4)inputLen << 3))
-			< ((UINT4)inputLen << 3))
-			context->count[1]++;
-		context->count[1] += ((UINT4)inputLen >> 29);
-
-		partLen = 64 - index; 
-
-		/* Transform as many times as possible.
-
-		*/
-		if (inputLen >= partLen)
-		{ 
-			MD5_memcpy( (POINTER)&context->buffer[index], (POINTER)input, partLen );
-			MD5Transform( context->state, context->buffer ); 
-
-			for (i = partLen; i + 63 < inputLen; i += 64) 
-				MD5Transform (context->state, (unsigned char*)&input[i]); 
-
-			index = 0; 
-		} 
-		else 
-			i = 0; 
-
-		/* Buffer remaining input */
-		MD5_memcpy( (POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i );
-
-	}
-
-	/* Encodes input (UINT4) into output (unsigned char). Assumes len is
-	a multiple of 4. 
-
-	*/
-
-	static void Encode (unsigned char *output, UINT4 *input, unsigned int len)
-	{
-		unsigned int i, j; 
-
-		for (i = 0, j = 0; j < len; i++, j += 4) { 
-			output[j] = (unsigned char)(input[i] & 0xff); 
-			output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 
-			output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 
-			output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 
-		} 
-	}
-
-	/* Decodes input (unsigned char) into output (UINT4). Assumes len is
-	a multiple of 4. 
-
-	*/
-
-	static void Decode (UINT4 *output, unsigned char *input, unsigned int len)
-	{
-		unsigned int i, j; 
-
-		for (i = 0, j = 0; j < len; i++, j += 4) 
-			output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | (((UINT4)input[j+2]) << 16)
-			| (((UINT4)input[j+3]) << 24); 
-	}
-
-	/* MD5 finalization. Ends an MD5 message-digest operation, writing the
-	the message digest and zeroizing the context. 
-
-	*/
-
-	static void MD5Final ( unsigned char digest[16], MD5_CTX *context )
-	{
-		unsigned char bits[8]; 
-		unsigned int index, padLen; 
-
-		/* Save number of bits */
-		Encode (bits, context->count, 8);
-
-		/* Pad out to 56 mod 64.
-
-		*/
-		index = (unsigned int)((context->count[0] >> 3) & 0x3f); 
-		padLen = (index < 56) ? (56 - index) : (120 - index); 
-		MD5Update (context, PADDING(), padLen); 
-
-		/* Append length (before padding) */
-		MD5Update (context, bits, 8);
-
-		/* Store state in digest */
-		Encode (digest, context->state, 16);
-
-		/* Zeroize sensitive information.
-
-		*/
-		memwipe ((POINTER)context, sizeof (*context));
-	}
-
-	/* MD5 basic transformation. Transforms state based on block.
-
-	*/
-
-	static void MD5Transform (UINT4 state[4], unsigned char block[64])
-	{
-		UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 
-
-		Decode (x, block, 64); 
-
-		/* Round 1 */
-		FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
-		FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
-		FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
-		FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
-		FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
-		FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
-		FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
-		FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
-		FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
-		FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
-		FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-		FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-		FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-		FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-		FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-		FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-		/* Round 2 */
-		GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
-		GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
-		GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-		GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
-		GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
-		GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
-		GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-		GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
-		GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
-		GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-		GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
-		GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 
-		GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 
-		GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 
-		GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 
-		GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 
-
-		/* Round 3 */
-		HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
-		HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
-		HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-		HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-		HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
-		HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
-		HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
-		HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-		HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-		HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
-		HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
-		HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
-		HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
-		HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-		HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-		HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
-		/* Round 4 */
-		II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
-		II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
-		II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-		II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
-		II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-		II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
-		II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-		II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
-		II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
-		II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-		II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
-		II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-		II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
-		II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-		II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
-		II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
-		state[0] += a; 
-		state[1] += b; 
-		state[2] += c; 
-		state[3] += d; 
-
-		/* Zeroize sensitive information.
-		*/
-		memwipe ((POINTER)x, sizeof (x));
-	}
-}
--- a/contrib/epee/include/md5global.h
+++ b/contrib/epee/include/md5global.h
@ -1,77 +0,0 @@
-/*
- * libEtPan! -- a mail stuff library
- *
- * Copyright (C) 2001, 2005 - DINH Viet Hoa
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the libEtPan! project nor the names of its
- *    contributors may be used to endorse or promote products derived
- *    from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * $Id: md5global.h,v 1.1.1.1 2005/03/18 20:17:28 zautrix Exp $
- */
-
-/* GLOBAL.H - RSAREF types and constants
- */
-
-#ifndef MD5GLOBAL_H
-#define MD5GLOBAL_H
-
-namespace md5
-{
-
-
-	/* PROTOTYPES should be set to one if and only if the compiler supports
-	function argument prototyping.
-	The following makes PROTOTYPES default to 0 if it has not already
-	been defined with C compiler flags.
-	*/
-#ifndef PROTOTYPES
-#define PROTOTYPES 0
-#endif
-
-	/* POINTER defines a generic pointer type */
-	typedef unsigned char *POINTER;
-
-	/* UINT2 defines a two byte word */
-	typedef unsigned short int UINT2;
-
-	/* UINT4 defines a four byte word */
-	//typedef unsigned long int UINT4;
-	typedef unsigned int UINT4;
-
-	/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
-	If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
-	returns an empty list.
-	*/
-#if PROTOTYPES
-#define PROTO_LIST(list) list
-#else
-#define PROTO_LIST(list) ()
-#endif
-
-}
-
-#endif
--- a/contrib/epee/include/net/abstract_tcp_server2.h
+++ b/contrib/epee/include/net/abstract_tcp_server2.h
@ -47,6 +47,7 @@
 #include <condition_variable>

 #include <boost/asio.hpp>
+#include <boost/asio/post.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/asio/strand.hpp>
 #include <boost/asio/steady_timer.hpp>
@ -64,6 +65,7 @@
 #define MONERO_DEFAULT_LOG_CATEGORY "net"

 #define ABSTRACT_SERVER_SEND_QUE_MAX_COUNT 1000
+#define ABSTRACT_SERVER_SEND_QUE_MAX_BYTES_DEFAULT 100 * 1024 * 1024

 namespace epee
 {
@ -76,6 +78,13 @@ namespace net_utils
  protected:
    virtual ~i_connection_filter(){}
  };
+
+  struct i_connection_limit
+  {
+    virtual bool is_host_limit(const epee::net_utils::network_address &address)=0;
+  protected:
+    virtual ~i_connection_limit(){}
+  };
  

  /************************************************************************/
@ -100,8 +109,8 @@ namespace net_utils
    using ec_t = boost::system::error_code;
    using handshake_t = boost::asio::ssl::stream_base::handshake_type;

-    using io_context_t = boost::asio::io_service;
-    using strand_t = boost::asio::io_service::strand;
+    using io_context_t = boost::asio::io_context;
+    using strand_t = io_context_t::strand;
    using socket_t = boost::asio::ip::tcp::socket;

    using network_throttle_t = epee::net_utils::network_throttle;
@ -162,6 +171,7 @@ namespace net_utils
        } read;
        struct {
          std::deque<epee::byte_slice> queue;
+          std::size_t total_bytes;
          bool wait_consume;
        } write;
      };
@ -260,20 +270,28 @@ namespace net_utils
    struct shared_state : connection_basic_shared_state, t_protocol_handler::config_type
    {
      shared_state()
-        : connection_basic_shared_state(), t_protocol_handler::config_type(), pfilter(nullptr), stop_signal_sent(false)
+        : connection_basic_shared_state(),
+          t_protocol_handler::config_type(),
+          pfilter(nullptr),
+          plimit(nullptr),
+          response_soft_limit(ABSTRACT_SERVER_SEND_QUE_MAX_BYTES_DEFAULT), 
+          stop_signal_sent(false)
      {}

      i_connection_filter* pfilter;
+      i_connection_limit* plimit;
+      std::size_t response_soft_limit;
      bool stop_signal_sent;
    };

-    /// Construct a connection with the given io_service.
-    explicit connection( boost::asio::io_service& io_service,
+    /// Construct a connection with the given io_context.
+    explicit connection( io_context_t& io_context,
                        std::shared_ptr<shared_state> state,
 			t_connection_type connection_type,
 			epee::net_utils::ssl_support_t ssl_support);

-    explicit connection( boost::asio::ip::tcp::socket&& sock,
+    explicit connection( io_context_t& io_context,
+      boost::asio::ip::tcp::socket&& sock,
 			 std::shared_ptr<shared_state> state,
 			t_connection_type connection_type,
 			epee::net_utils::ssl_support_t ssl_support);
@ -306,7 +324,7 @@ namespace net_utils
    virtual bool close();
    virtual bool call_run_once_service_io();
    virtual bool request_callback();
-    virtual boost::asio::io_service& get_io_service();
+    virtual io_context_t& get_io_context();
    virtual bool add_ref();
    virtual bool release();
    //------------------------------------------------------
@ -336,7 +354,7 @@ namespace net_utils
    /// serve up files from the given directory.

    boosted_tcp_server(t_connection_type connection_type);
-    explicit boosted_tcp_server(boost::asio::io_service& external_io_service, t_connection_type connection_type);
+    explicit boosted_tcp_server(boost::asio::io_context& external_io_context, t_connection_type connection_type);
    ~boosted_tcp_server();
    
    std::map<std::string, t_connection_type> server_type_map;
@ -349,7 +367,7 @@ namespace net_utils
 	const std::string port_ipv6 = "", const std::string address_ipv6 = "::", bool use_ipv6 = false, bool require_ipv4 = true,
 	ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);

-    /// Run the server's io_service loop.
+    /// Run the server's io_context loop.
    bool run_server(size_t threads_count, bool wait = true, const boost::thread::attributes& attrs = boost::thread::attributes());

    /// wait for service workers stop
@ -369,6 +387,8 @@ namespace net_utils
    size_t get_threads_count(){return m_threads_count;}

    void set_connection_filter(i_connection_filter* pfilter);
+    void set_connection_limit(i_connection_limit* plimit);
+    void set_response_soft_limit(std::size_t limit);

    void set_default_remote(epee::net_utils::network_address remote)
    {
@ -409,7 +429,7 @@ namespace net_utils
      return connections_count;
    }

-    boost::asio::io_service& get_io_service(){return io_service_;}
+    boost::asio::io_context& get_io_context(){return io_context_;}

    struct idle_callback_conext_base
    {
@ -417,7 +437,7 @@ namespace net_utils

      virtual bool call_handler(){return true;}

-      idle_callback_conext_base(boost::asio::io_service& io_serice):
+      idle_callback_conext_base(boost::asio::io_context& io_serice):
                                                          m_timer(io_serice)
      {}
      boost::asio::deadline_timer m_timer;
@ -426,7 +446,7 @@ namespace net_utils
    template <class t_handler>
    struct idle_callback_conext: public idle_callback_conext_base
    {
-      idle_callback_conext(boost::asio::io_service& io_serice, t_handler& h, uint64_t period):
+      idle_callback_conext(boost::asio::io_context& io_serice, t_handler& h, uint64_t period):
                                                    idle_callback_conext_base(io_serice),
                                                    m_handler(h)
      {this->m_period = period;}
@ -442,7 +462,7 @@ namespace net_utils
    template<class t_handler>
    bool add_idle_handler(t_handler t_callback, uint64_t timeout_ms)
      {
-        boost::shared_ptr<idle_callback_conext<t_handler>> ptr(new idle_callback_conext<t_handler>(io_service_, t_callback, timeout_ms));
+        boost::shared_ptr<idle_callback_conext<t_handler>> ptr(new idle_callback_conext<t_handler>(io_context_, t_callback, timeout_ms));
        //needed call handler here ?...
        ptr->m_timer.expires_from_now(boost::posix_time::milliseconds(ptr->m_period));
        ptr->m_timer.async_wait(boost::bind(&boosted_tcp_server<t_protocol_handler>::global_timer_handler<t_handler>, this, ptr));
@ -461,14 +481,14 @@ namespace net_utils
    }

    template<class t_handler>
-    bool async_call(t_handler t_callback)
+    bool async_call(t_handler&& t_callback)
    {
-      io_service_.post(t_callback);
+      boost::asio::post(io_context_, std::forward<t_handler>(t_callback));
      return true;
    }

  private:
-    /// Run the server's io_service loop.
+    /// Run the server's io_context loop.
    bool worker_thread();
    /// Handle completion of an asynchronous accept operation.
    void handle_accept_ipv4(const boost::system::error_code& e);
@ -479,18 +499,18 @@ namespace net_utils

    const std::shared_ptr<typename connection<t_protocol_handler>::shared_state> m_state;

-    /// The io_service used to perform asynchronous operations.
+    /// The io_context used to perform asynchronous operations.
    struct worker
    {
      worker()
-        : io_service(), work(io_service)
+        : io_context(), work(io_context.get_executor())
      {}

-      boost::asio::io_service io_service;
-      boost::asio::io_service::work work;
+      boost::asio::io_context io_context;
+      boost::asio::executor_work_guard<boost::asio::io_context::executor_type> work;
    };
-    std::unique_ptr<worker> m_io_service_local_instance;
-    boost::asio::io_service& io_service_;    
+    std::unique_ptr<worker> m_io_context_local_instance;
+    boost::asio::io_context& io_context_;    

    /// Acceptor used to listen for incoming connections.
    boost::asio::ip::tcp::acceptor acceptor_;
--- a/contrib/epee/include/net/abstract_tcp_server2.inl
+++ b/contrib/epee/include/net/abstract_tcp_server2.inl
@ -31,11 +31,12 @@
 // 


-
+#include <boost/asio/post.hpp>
 #include <boost/foreach.hpp>
 #include <boost/uuid/random_generator.hpp>
 #include <boost/chrono.hpp>
 #include <boost/utility/value_init.hpp>
+#include <boost/asio/bind_executor.hpp>
 #include <boost/asio/deadline_timer.hpp>
 #include <boost/date_time/posix_time/posix_time.hpp> // TODO
 #include <boost/thread/condition_variable.hpp> // TODO
@ -145,23 +146,19 @@ namespace net_utils
    if (m_state.timers.general.wait_expire) {
      m_state.timers.general.cancel_expire = true;
      m_state.timers.general.reset_expire = true;
-      ec_t ec;
-      m_timers.general.expires_from_now(
+      m_timers.general.expires_after(
        std::min(
-          duration + (add ? m_timers.general.expires_from_now() : duration_t{}),
+          duration + (add ? (m_timers.general.expiry() - std::chrono::steady_clock::now()) : duration_t{}),
          get_default_timeout()
-        ),
-        ec
+        )
      );
    }
    else {
-      ec_t ec;
-      m_timers.general.expires_from_now(
+      m_timers.general.expires_after(
        std::min(
-          duration + (add ? m_timers.general.expires_from_now() : duration_t{}),
+          duration + (add ? (m_timers.general.expiry() - std::chrono::steady_clock::now()) : duration_t{}),
          get_default_timeout()
-        ),
-        ec
+        )
      );
      async_wait_timer();
    }
@ -202,8 +199,7 @@ namespace net_utils
      return;
    m_state.timers.general.cancel_expire = true;
    m_state.timers.general.reset_expire = false;
-    ec_t ec;
-    m_timers.general.cancel(ec);
+    m_timers.general.cancel();
  }

  template<typename T>
@ -225,7 +221,8 @@ namespace net_utils
          m_state.data.read.buffer.size()
        ),
        boost::asio::transfer_exactly(epee::net_utils::get_ssl_magic_size()),
-        m_strand.wrap(
+        boost::asio::bind_executor(
+          m_strand,
          [this, self](const ec_t &ec, size_t bytes_transferred){
            std::lock_guard<std::mutex> guard(m_state.lock);
            m_state.socket.wait_read = false;
@ -246,7 +243,8 @@ namespace net_utils
            ) {
              m_state.ssl.enabled = false;
              m_state.socket.handle_read = true;
-              connection_basic::strand_.post(
+              boost::asio::post(
+                connection_basic::strand_,
                [this, self, bytes_transferred]{
                  bool success = m_handler.handle_recv(
                    reinterpret_cast<char *>(m_state.data.read.buffer.data()),
@ -304,7 +302,8 @@ namespace net_utils
    static_cast<shared_state&>(
      connection_basic::get_state()
    ).ssl_options().configure(connection_basic::socket_, handshake);
-    m_strand.post(
+    boost::asio::post(
+      m_strand,
      [this, self, on_handshake]{
        connection_basic::socket_.async_handshake(
          handshake,
@ -313,7 +312,7 @@ namespace net_utils
            m_state.ssl.forced ? 0 :
            epee::net_utils::get_ssl_magic_size()
          ),
-          m_strand.wrap(on_handshake)
+          boost::asio::bind_executor(m_strand, on_handshake)
        );
      }
    );
@ -328,7 +327,7 @@ namespace net_utils
      return;
    }
    auto self = connection<T>::shared_from_this();
-    if (m_connection_type != e_connection_type_RPC) {
+    if (speed_limit_is_enabled()) {
      auto calc_duration = []{
        CRITICAL_REGION_LOCAL(
          network_throttle_manager_t::m_lock_get_global_throttle_in
@ -345,8 +344,7 @@ namespace net_utils
      };
      const auto duration = calc_duration();
      if (duration > duration_t{}) {
-        ec_t ec;
-        m_timers.throttle.in.expires_from_now(duration, ec);
+        m_timers.throttle.in.expires_after(duration);
        m_state.timers.throttle.in.wait_expire = true;
        m_timers.throttle.in.async_wait([this, self](const ec_t &ec){
          std::lock_guard<std::mutex> guard(m_state.lock);
@ -382,7 +380,7 @@ namespace net_utils
            m_conn_context.m_max_speed_down,
            speed
          );
-          {
+          if (speed_limit_is_enabled()) {
            CRITICAL_REGION_LOCAL(
              network_throttle_manager_t::m_lock_get_global_throttle_in
            );
@ -401,7 +399,8 @@ namespace net_utils
        // writes until the connection terminates without deadlocking waiting
        // for handle_recv.
        m_state.socket.handle_read = true;
-        connection_basic::strand_.post(
+        boost::asio::post(
+          connection_basic::strand_,
          [this, self, bytes_transferred]{
            bool success = m_handler.handle_recv(
              reinterpret_cast<char *>(m_state.data.read.buffer.data()),
@ -428,17 +427,18 @@ namespace net_utils
          m_state.data.read.buffer.data(),
          m_state.data.read.buffer.size()
        ),
-        m_strand.wrap(on_read)
+        boost::asio::bind_executor(m_strand, on_read)
      );
    else
-      m_strand.post(
+      boost::asio::post(
+        m_strand,
        [this, self, on_read]{
          connection_basic::socket_.async_read_some(
            boost::asio::buffer(
              m_state.data.read.buffer.data(),
              m_state.data.read.buffer.size()
            ),
-            m_strand.wrap(on_read)
+            boost::asio::bind_executor(m_strand, on_read)
          );
        }
      );
@ -454,7 +454,7 @@ namespace net_utils
      return;
    }
    auto self = connection<T>::shared_from_this();
-    if (m_connection_type != e_connection_type_RPC) {
+    if (speed_limit_is_enabled()) {
      auto calc_duration = [this]{
        CRITICAL_REGION_LOCAL(
          network_throttle_manager_t::m_lock_get_global_throttle_out
@ -473,8 +473,7 @@ namespace net_utils
      };
      const auto duration = calc_duration();
      if (duration > duration_t{}) {
-        ec_t ec;
-        m_timers.throttle.out.expires_from_now(duration, ec);
+        m_timers.throttle.out.expires_after(duration);
        m_state.timers.throttle.out.wait_expire = true;
        m_timers.throttle.out.async_wait([this, self](const ec_t &ec){
          std::lock_guard<std::mutex> guard(m_state.lock);
@ -498,10 +497,12 @@ namespace net_utils
      if (m_state.socket.cancel_write) {
        m_state.socket.cancel_write = false;
        m_state.data.write.queue.clear();
+        m_state.data.write.total_bytes = 0;
        state_status_check();
      }
      else if (ec.value()) {
        m_state.data.write.queue.clear();
+        m_state.data.write.total_bytes = 0;
        interrupt();
      }
      else {
@ -513,7 +514,7 @@ namespace net_utils
            m_conn_context.m_max_speed_down,
            speed
          );
-          {
+          if (speed_limit_is_enabled()) {
            CRITICAL_REGION_LOCAL(
              network_throttle_manager_t::m_lock_get_global_throttle_out
            );
@ -526,8 +527,11 @@ namespace net_utils

          start_timer(get_default_timeout(), true);
        }
-        assert(bytes_transferred == m_state.data.write.queue.back().size());
+        const std::size_t byte_count = m_state.data.write.queue.back().size();
+        assert(bytes_transferred == byte_count);
        m_state.data.write.queue.pop_back();
+        m_state.data.write.total_bytes -=
+          std::min(m_state.data.write.total_bytes, byte_count);
        m_state.condition.notify_all();
        start_write();
      }
@ -539,10 +543,11 @@ namespace net_utils
          m_state.data.write.queue.back().data(),
          m_state.data.write.queue.back().size()
        ),
-        m_strand.wrap(on_write)
+        boost::asio::bind_executor(m_strand, on_write)
      );
    else
-      m_strand.post(
+      boost::asio::post(
+        m_strand,
        [this, self, on_write]{
          boost::asio::async_write(
            connection_basic::socket_,
@ -550,7 +555,7 @@ namespace net_utils
              m_state.data.write.queue.back().data(),
              m_state.data.write.queue.back().size()
            ),
-            m_strand.wrap(on_write)
+            boost::asio::bind_executor(m_strand, on_write)
          );
        }
      );
@ -583,17 +588,15 @@ namespace net_utils
            break;
        }
      }
-      else if (ec.value())
-        terminate();
      else {
-        cancel_timer();
-        on_interrupted();
+        terminate();
      }
    };
-    m_strand.post(
+    boost::asio::post(
+      m_strand,
      [this, self, on_shutdown]{
        connection_basic::socket_.async_shutdown(
-          m_strand.wrap(on_shutdown)
+          boost::asio::bind_executor(m_strand, on_shutdown)
        );
      }
    );
@ -608,15 +611,13 @@ namespace net_utils
      wait_socket = m_state.socket.cancel_handshake = true;
    if (m_state.timers.throttle.in.wait_expire) {
      m_state.timers.throttle.in.cancel_expire = true;
-      ec_t ec;
-      m_timers.throttle.in.cancel(ec);
+      m_timers.throttle.in.cancel();
    }
    if (m_state.socket.wait_read)
      wait_socket = m_state.socket.cancel_read = true;
    if (m_state.timers.throttle.out.wait_expire) {
      m_state.timers.throttle.out.cancel_expire = true;
-      ec_t ec;
-      m_timers.throttle.out.cancel(ec);
+      m_timers.throttle.out.cancel();
    }
    if (m_state.socket.wait_write)
      wait_socket = m_state.socket.cancel_write = true;
@ -674,8 +675,9 @@ namespace net_utils
      return;
    if (m_state.timers.throttle.out.wait_expire)
      return;
-    if (m_state.socket.wait_write)
-      return;
+    // \NOTE See on_terminating() comments
+    //if (m_state.socket.wait_write)
+    // return;
    if (m_state.socket.wait_shutdown)
      return;
    if (m_state.protocol.wait_init)
@ -733,8 +735,13 @@ namespace net_utils
      return;
    if (m_state.timers.throttle.out.wait_expire)
      return;
-    if (m_state.socket.wait_write)
-      return;
+    // Writes cannot be canceled due to `async_write` being a "composed"
+    // handler. ASIO has new cancellation routines, not available in 1.66, to
+    // handle this situation. The problem is that if cancel is called after an
+    // intermediate handler is queued, the op will not check the cancel flag in
+    // our code, and will instead queue up another write.
+    //if (m_state.socket.wait_write)
+    //  return;
    if (m_state.socket.wait_shutdown)
      return;
    if (m_state.protocol.wait_init)
@ -761,6 +768,8 @@ namespace net_utils
    std::lock_guard<std::mutex> guard(m_state.lock);
    if (m_state.status != status_t::RUNNING || m_state.socket.wait_handshake)
      return false;
+    if (std::numeric_limits<std::size_t>::max() - m_state.data.write.total_bytes < message.size())
+      return false;

    // Wait for the write queue to fall below the max. If it doesn't after a
    // randomized delay, drop the connection.
@ -778,7 +787,14 @@ namespace net_utils
          std::uniform_int_distribution<>(5000, 6000)(rng)
        );
      };
-      if (m_state.data.write.queue.size() <= ABSTRACT_SERVER_SEND_QUE_MAX_COUNT)
+
+      // The bytes check intentionally does not include incoming message size.
+      // This allows for a soft overflow; a single http response will never fail
+      // this check, but multiple responses could. Clients can avoid this case
+      // by reading the entire response before making another request. P2P
+      // should never hit the MAX_BYTES check (when using default values).
+      if (m_state.data.write.queue.size() <= ABSTRACT_SERVER_SEND_QUE_MAX_COUNT &&
+          m_state.data.write.total_bytes <= static_cast<shared_state&>(connection_basic::get_state()).response_soft_limit)
        return true;
      m_state.data.write.wait_consume = true;
      bool success = m_state.condition.wait_for(
@ -787,14 +803,23 @@ namespace net_utils
        [this]{
          return (
            m_state.status != status_t::RUNNING ||
-            m_state.data.write.queue.size() <=
-              ABSTRACT_SERVER_SEND_QUE_MAX_COUNT
+            (
+              m_state.data.write.queue.size() <=
+                ABSTRACT_SERVER_SEND_QUE_MAX_COUNT &&
+              m_state.data.write.total_bytes <=
+                static_cast<shared_state&>(connection_basic::get_state()).response_soft_limit
+            )
          );
        }
      );
      m_state.data.write.wait_consume = false;
      if (!success) {
-        terminate();
+        // synchronize with intermediate writes on `m_strand`
+        auto self = connection<T>::shared_from_this();
+        boost::asio::post(m_strand, [this, self] {
+          std::lock_guard<std::mutex> guard(m_state.lock);
+          terminate();
+        });
        return false;
      }
      else
@ -820,7 +845,9 @@ namespace net_utils
    ) {
      if (!wait_consume())
        return false;
+      const std::size_t byte_count = message.size();
      m_state.data.write.queue.emplace_front(std::move(message));
+      m_state.data.write.total_bytes += byte_count;
      start_write();
    }
    else {
@ -830,6 +857,7 @@ namespace net_utils
        m_state.data.write.queue.emplace_front(
          message.take_slice(CHUNK_SIZE)
        );
+        m_state.data.write.total_bytes += m_state.data.write.queue.front().size();
        start_write();
      }
    }
@ -863,7 +891,7 @@ namespace net_utils
          ipv4_network_address{
            uint32_t{
              boost::asio::detail::socket_ops::host_to_network_long(
-                endpoint.address().to_v4().to_ulong()
+                endpoint.address().to_v4().to_uint()
              )
            },
            endpoint.port()
@ -876,6 +904,13 @@ namespace net_utils
    ).pfilter;
    if (filter && !filter->is_remote_host_allowed(*real_remote))
      return false;
+
+    auto *limit = static_cast<shared_state&>(
+      connection_basic::get_state()
+    ).plimit;
+    if (is_income && limit && limit->is_host_limit(*real_remote))
+      return false;
+
    ec_t ec;
    #if !defined(_WIN32) || !defined(__i686)
    connection_basic::socket_.next_layer().set_option(
@ -941,7 +976,8 @@ namespace net_utils
    ssl_support_t ssl_support
  ):
    connection(
-      std::move(socket_t{io_context}),
+      io_context,
+      socket_t{io_context},
      std::move(shared_state),
      connection_type,
      ssl_support
@ -951,15 +987,16 @@ namespace net_utils

  template<typename T>
  connection<T>::connection(
+    io_context_t &io_context,
    socket_t &&socket,
    std::shared_ptr<shared_state> shared_state,
    t_connection_type connection_type,
    ssl_support_t ssl_support
  ):
-    connection_basic(std::move(socket), shared_state, ssl_support),
+    connection_basic(io_context, std::move(socket), shared_state, ssl_support),
    m_handler(this, *shared_state, m_conn_context),
    m_connection_type(connection_type),
-    m_io_context{GET_IO_SERVICE(connection_basic::socket_)},
+    m_io_context{io_context},
    m_strand{m_io_context},
    m_timers{m_io_context}
  {
@ -1025,7 +1062,7 @@ namespace net_utils
  template<typename T>
  bool connection<T>::speed_limit_is_enabled() const
  {
-    return m_connection_type != e_connection_type_RPC;
+    return m_connection_type == e_connection_type_P2P;
  }

  template<typename T>
@ -1078,7 +1115,7 @@ namespace net_utils
      return false;
    auto self = connection<T>::shared_from_this();
    ++m_state.protocol.wait_callback;
-    connection_basic::strand_.post([this, self]{
+    boost::asio::post(connection_basic::strand_, [this, self]{
      m_handler.handle_qued_callback();
      std::lock_guard<std::mutex> guard(m_state.lock);
      --m_state.protocol.wait_callback;
@ -1091,7 +1128,7 @@ namespace net_utils
  }

  template<typename T>
-  typename connection<T>::io_context_t &connection<T>::get_io_service()
+  typename connection<T>::io_context_t &connection<T>::get_io_context()
  {
    return m_io_context;
  }
@ -1131,10 +1168,10 @@ namespace net_utils
  template<class t_protocol_handler>
  boosted_tcp_server<t_protocol_handler>::boosted_tcp_server( t_connection_type connection_type ) :
    m_state(std::make_shared<typename connection<t_protocol_handler>::shared_state>()),
-    m_io_service_local_instance(new worker()),
-    io_service_(m_io_service_local_instance->io_service),
-    acceptor_(io_service_),
-    acceptor_ipv6(io_service_),
+    m_io_context_local_instance(new worker()),
+    io_context_(m_io_context_local_instance->io_context),
+    acceptor_(io_context_),
+    acceptor_ipv6(io_context_),
    default_remote(),
    m_stop_signal_sent(false), m_port(0), 
    m_threads_count(0),
@ -1148,11 +1185,11 @@ namespace net_utils
  }

  template<class t_protocol_handler>
-  boosted_tcp_server<t_protocol_handler>::boosted_tcp_server(boost::asio::io_service& extarnal_io_service, t_connection_type connection_type) :
+  boosted_tcp_server<t_protocol_handler>::boosted_tcp_server(boost::asio::io_context& extarnal_io_context, t_connection_type connection_type) :
    m_state(std::make_shared<typename connection<t_protocol_handler>::shared_state>()),
-    io_service_(extarnal_io_service),
-    acceptor_(io_service_),
-    acceptor_ipv6(io_service_),
+    io_context_(extarnal_io_context),
+    acceptor_(io_context_),
+    acceptor_ipv6(io_context_),
    default_remote(),
    m_stop_signal_sent(false), m_port(0),
    m_threads_count(0),
@ -1199,24 +1236,27 @@ namespace net_utils

    std::string ipv4_failed = "";
    std::string ipv6_failed = "";
+
+    boost::asio::ip::tcp::resolver resolver(io_context_);
+
    try
    {
-      boost::asio::ip::tcp::resolver resolver(io_service_);
-      boost::asio::ip::tcp::resolver::query query(address, boost::lexical_cast<std::string>(port), boost::asio::ip::tcp::resolver::query::canonical_name);
-      boost::asio::ip::tcp::endpoint endpoint = *resolver.resolve(query);
-      acceptor_.open(endpoint.protocol());
+      const auto results = resolver.resolve(
+        address, boost::lexical_cast<std::string>(port), boost::asio::ip::tcp::resolver::canonical_name
+      );
+      acceptor_.open(results.begin()->endpoint().protocol());
 #if !defined(_WIN32)
      acceptor_.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
 #endif
-      acceptor_.bind(endpoint);
+      acceptor_.bind(*results.begin());
      acceptor_.listen();
      boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_.local_endpoint();
      m_port = binded_endpoint.port();
      MDEBUG("start accept (IPv4)");
-      new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
+      new_connection_.reset(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, m_state->ssl_options().support));
      acceptor_.async_accept(new_connection_->socket(),
-	boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv4, this,
-	boost::asio::placeholders::error));
+            boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv4, this,
+              boost::asio::placeholders::error));
    }
    catch (const std::exception &e)
    {
@ -1237,23 +1277,25 @@ namespace net_utils
      try
      {
        if (port_ipv6 == 0) port_ipv6 = port; // default arg means bind to same port as ipv4
-        boost::asio::ip::tcp::resolver resolver(io_service_);
-        boost::asio::ip::tcp::resolver::query query(address_ipv6, boost::lexical_cast<std::string>(port_ipv6), boost::asio::ip::tcp::resolver::query::canonical_name);
-        boost::asio::ip::tcp::endpoint endpoint = *resolver.resolve(query);
-        acceptor_ipv6.open(endpoint.protocol());
+
+        const auto results = resolver.resolve(
+          address_ipv6, boost::lexical_cast<std::string>(port_ipv6), boost::asio::ip::tcp::resolver::canonical_name
+        );
+
+        acceptor_ipv6.open(results.begin()->endpoint().protocol());
 #if !defined(_WIN32)
        acceptor_ipv6.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
 #endif
        acceptor_ipv6.set_option(boost::asio::ip::v6_only(true));
-        acceptor_ipv6.bind(endpoint);
+        acceptor_ipv6.bind(*results.begin());
        acceptor_ipv6.listen();
        boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_ipv6.local_endpoint();
        m_port_ipv6 = binded_endpoint.port();
        MDEBUG("start accept (IPv6)");
-        new_connection_ipv6.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
+        new_connection_ipv6.reset(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, m_state->ssl_options().support));
        acceptor_ipv6.async_accept(new_connection_ipv6->socket(),
-            boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv6, this,
-              boost::asio::placeholders::error));
+          boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv6, this,
+          boost::asio::placeholders::error));
      }
      catch (const std::exception &e)
      {
@ -1317,7 +1359,7 @@ namespace net_utils
    {
      try
      {
-        io_service_.run();
+        io_context_.run();
        return true;
      }
      catch(const std::exception& ex)
@ -1352,6 +1394,20 @@ namespace net_utils
  }
  //---------------------------------------------------------------------------------
  template<class t_protocol_handler>
+  void boosted_tcp_server<t_protocol_handler>::set_connection_limit(i_connection_limit* plimit)
+  {
+    assert(m_state != nullptr); // always set in constructor
+    m_state->plimit = plimit;
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  void boosted_tcp_server<t_protocol_handler>::set_response_soft_limit(const std::size_t limit)
+  {
+    assert(m_state != nullptr); // always set in constructor
+    m_state->response_soft_limit = limit;
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
  bool boosted_tcp_server<t_protocol_handler>::run_server(size_t threads_count, bool wait, const boost::thread::attributes& attrs)
  {
    TRY_ENTRY();
@ -1361,7 +1417,7 @@ namespace net_utils
    while(!m_stop_signal_sent)
    {

-      // Create a pool of threads to run all of the io_services.
+      // Create a pool of threads to run all of the io_contexts.
      CRITICAL_REGION_BEGIN(m_threads_lock);
      for (std::size_t i = 0; i < threads_count; ++i)
      {
@ -1453,7 +1509,7 @@ namespace net_utils
    }
    connections_.clear();
    connections_mutex.unlock();
-    io_service_.stop();
+    io_context_.stop();
    CATCH_ENTRY_L0("boosted_tcp_server<t_protocol_handler>::send_stop_signal()", void());
  }
  //---------------------------------------------------------------------------------
@ -1500,7 +1556,7 @@ namespace net_utils
        (*current_new_connection)->setRpcStation(); // hopefully this is not needed actually
      }
      connection_ptr conn(std::move((*current_new_connection)));
-      (*current_new_connection).reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, conn->get_ssl_support()));
+      (*current_new_connection).reset(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, conn->get_ssl_support()));
      current_acceptor->async_accept((*current_new_connection)->socket(),
          boost::bind(accept_function_pointer, this,
            boost::asio::placeholders::error));
@ -1535,7 +1591,7 @@ namespace net_utils
    assert(m_state != nullptr); // always set in constructor
    _erro("Some problems at accept: " << e.message() << ", connections_count = " << m_state->sock_count);
    misc_utils::sleep_no_w(100);
-    (*current_new_connection).reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, (*current_new_connection)->get_ssl_support()));
+    (*current_new_connection).reset(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, (*current_new_connection)->get_ssl_support()));
    current_acceptor->async_accept((*current_new_connection)->socket(),
        boost::bind(accept_function_pointer, this,
          boost::asio::placeholders::error));
@ -1544,9 +1600,9 @@ namespace net_utils
  template<class t_protocol_handler>
  bool boosted_tcp_server<t_protocol_handler>::add_connection(t_connection_context& out, boost::asio::ip::tcp::socket&& sock, network_address real_remote, epee::net_utils::ssl_support_t ssl_support)
  {
-    if(std::addressof(get_io_service()) == std::addressof(GET_IO_SERVICE(sock)))
+    if(std::addressof(get_io_context()) == std::addressof(sock.get_executor().context()))
    {
-      connection_ptr conn(new connection<t_protocol_handler>(std::move(sock), m_state, m_connection_type, ssl_support));
+      connection_ptr conn(new connection<t_protocol_handler>(io_context_, std::move(sock), m_state, m_connection_type, ssl_support));
      if(conn->start(false, 1 < m_threads_count, std::move(real_remote)))
      {
        conn->get_context(out);
@ -1556,7 +1612,7 @@ namespace net_utils
    }
    else
    {
-	MWARNING(out << " was not added, socket/io_service mismatch");
+	MWARNING(out << " was not added, socket/io_context mismatch");
    }
    return false;
  }
@ -1569,7 +1625,7 @@ namespace net_utils
    sock_.open(remote_endpoint.protocol());
    if(bind_ip != "0.0.0.0" && bind_ip != "0" && bind_ip != "" )
    {
-      boost::asio::ip::tcp::endpoint local_endpoint(boost::asio::ip::address::from_string(bind_ip.c_str()), 0);
+      boost::asio::ip::tcp::endpoint local_endpoint(boost::asio::ip::make_address(bind_ip), 0);
      boost::system::error_code ec;
      sock_.bind(local_endpoint, ec);
      if (ec)
@ -1664,7 +1720,7 @@ namespace net_utils
  {
    TRY_ENTRY();

-    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, ssl_support) );
+    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, ssl_support) );
    connections_mutex.lock();
    connections_.insert(new_connection_l);
    MDEBUG("connections_ size now " << connections_.size());
@ -1674,14 +1730,16 @@ namespace net_utils

    bool try_ipv6 = false;

-    boost::asio::ip::tcp::resolver resolver(io_service_);
-    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+    boost::asio::ip::tcp::resolver resolver(io_context_);
+    boost::asio::ip::tcp::resolver::results_type results{};
    boost::system::error_code resolve_error;
-    boost::asio::ip::tcp::resolver::iterator iterator;
+
    try
    {
      //resolving ipv4 address as ipv6 throws, catch here and move on
-      iterator = resolver.resolve(query, resolve_error);
+      results = resolver.resolve(
+        boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::canonical_name, resolve_error
+      );
    }
    catch (const boost::system::system_error& e)
    {
@ -1699,8 +1757,7 @@ namespace net_utils

    std::string bind_ip_to_use;

-    boost::asio::ip::tcp::resolver::iterator end;
-    if(iterator == end)
+    if(results.empty())
    {
      if (!m_use_ipv6)
      {
@ -1720,11 +1777,11 @@ namespace net_utils

    if (try_ipv6)
    {
-      boost::asio::ip::tcp::resolver::query query6(boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+      results = resolver.resolve(
+        boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::canonical_name, resolve_error
+      );

-      iterator = resolver.resolve(query6, resolve_error);
-
-      if(iterator == end)
+      if(results.empty())
      {
        _erro("Failed to resolve " << adr);
        return false;
@ -1744,6 +1801,8 @@ namespace net_utils

    }

+    const auto iterator = results.begin();
+
    MDEBUG("Trying to connect to " << adr << ":" << port << ", bind_ip = " << bind_ip_to_use);

    //boost::asio::ip::tcp::endpoint remote_endpoint(boost::asio::ip::address::from_string(addr.c_str()), port);
@ -1770,7 +1829,6 @@ namespace net_utils
    if (r)
    {
      new_connection_l->get_context(conn_context);
-      //new_connection_l.reset(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_pfilter));
    }
    else
    {
@ -1789,7 +1847,7 @@ namespace net_utils
  bool boosted_tcp_server<t_protocol_handler>::connect_async(const std::string& adr, const std::string& port, uint32_t conn_timeout, const t_callback &cb, const std::string& bind_ip, epee::net_utils::ssl_support_t ssl_support)
  {
    TRY_ENTRY();    
-    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, ssl_support) );
+    connection_ptr new_connection_l(new connection<t_protocol_handler>(io_context_, m_state, m_connection_type, ssl_support) );
    connections_mutex.lock();
    connections_.insert(new_connection_l);
    MDEBUG("connections_ size now " << connections_.size());
@ -1799,14 +1857,16 @@ namespace net_utils
    
    bool try_ipv6 = false;

-    boost::asio::ip::tcp::resolver resolver(io_service_);
-    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+    boost::asio::ip::tcp::resolver resolver(io_context_);
+    boost::asio::ip::tcp::resolver::results_type results{};
    boost::system::error_code resolve_error;
-    boost::asio::ip::tcp::resolver::iterator iterator;
+
    try
    {
      //resolving ipv4 address as ipv6 throws, catch here and move on
-      iterator = resolver.resolve(query, resolve_error);
+      results = resolver.resolve(
+        boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::canonical_name, resolve_error
+      );
    }
    catch (const boost::system::system_error& e)
    {
@ -1822,8 +1882,7 @@ namespace net_utils
      throw;
    }

-    boost::asio::ip::tcp::resolver::iterator end;
-    if(iterator == end)
+    if(results.empty())
    {
      if (!try_ipv6)
      {
@ -1838,24 +1897,23 @@ namespace net_utils

    if (try_ipv6)
    {
-      boost::asio::ip::tcp::resolver::query query6(boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+      results = resolver.resolve(
+        boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::canonical_name, resolve_error
+      );

-      iterator = resolver.resolve(query6, resolve_error);
-
-      if(iterator == end)
+      if(results.empty())
      {
        _erro("Failed to resolve " << adr);
        return false;
      }
    }

-
-    boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);
+    boost::asio::ip::tcp::endpoint remote_endpoint(*results.begin());
     
    sock_.open(remote_endpoint.protocol());
    if(bind_ip != "0.0.0.0" && bind_ip != "0" && bind_ip != "" )
    {
-      boost::asio::ip::tcp::endpoint local_endpoint(boost::asio::ip::address::from_string(bind_ip.c_str()), 0);
+      boost::asio::ip::tcp::endpoint local_endpoint(boost::asio::ip::make_address(bind_ip.c_str()), 0);
      boost::system::error_code ec;
      sock_.bind(local_endpoint, ec);
      if (ec)
@ -1867,7 +1925,7 @@ namespace net_utils
      }
    }
    
-    boost::shared_ptr<boost::asio::deadline_timer> sh_deadline(new boost::asio::deadline_timer(io_service_));
+    boost::shared_ptr<boost::asio::deadline_timer> sh_deadline(new boost::asio::deadline_timer(io_context_));
    //start deadline
    sh_deadline->expires_from_now(boost::posix_time::milliseconds(conn_timeout));
    sh_deadline->async_wait([=](const boost::system::error_code& error)
--- a/contrib/epee/include/net/connection_basic.hpp
+++ b/contrib/epee/include/net/connection_basic.hpp
@ -112,21 +112,20 @@ class connection_basic { // not-templated base class for rapid developmet of som
    std::deque<byte_slice> m_send_que;
    volatile bool m_is_multithreaded;
    /// Strand to ensure the connection's handlers are not called concurrently.
-    boost::asio::io_service::strand strand_;
+    boost::asio::io_context::strand strand_;
    /// Socket for the connection.
    boost::asio::ssl::stream<boost::asio::ip::tcp::socket> socket_;
    ssl_support_t m_ssl_support;

 	public:
 		// first counter is the ++/-- count of current sockets, the other socket_number is only-increasing ++ number generator
-		connection_basic(boost::asio::ip::tcp::socket&& socket, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
-		connection_basic(boost::asio::io_service &io_service, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
+		connection_basic(boost::asio::io_context &context, boost::asio::ip::tcp::socket&& sock, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
+		connection_basic(boost::asio::io_context &context, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);

 		virtual ~connection_basic() noexcept(false);

                //! \return `shared_state` object passed in construction (ptr never changes).
 		connection_basic_shared_state& get_state() noexcept { return *m_state; /* verified in constructor */ }
-		connection_basic(boost::asio::io_service& io_service, std::atomic<long> &ref_sock_count, std::atomic<long> &sock_number, ssl_support_t ssl);

 		boost::asio::ip::tcp::socket& socket() { return socket_.next_layer(); }
 		ssl_support_t get_ssl_support() const { return m_ssl_support; }
@ -135,7 +134,7 @@ class connection_basic { // not-templated base class for rapid developmet of som
 		bool handshake(boost::asio::ssl::stream_base::handshake_type type, boost::asio::const_buffer buffer = {})
 		{
 			//m_state != nullptr verified in constructor
-			return m_state->ssl_options().handshake(socket_, type, buffer);
+			return m_state->ssl_options().handshake(strand_.context(), socket_, type, buffer);
 		}

 		template<typename MutableBufferSequence, typename ReadHandler>
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@ -32,6 +32,7 @@

 #include <boost/optional/optional.hpp>
 #include <string>
+#include <unordered_map>
 #include "net_utils_base.h"
 #include "http_auth.h"
 #include "http_base.h"
@ -54,8 +55,13 @@ namespace net_utils
 		{
 			std::string m_folder;
 			std::vector<std::string> m_access_control_origins;
+			std::unordered_map<std::string, std::size_t> m_connections;
 			boost::optional<login> m_user;
 			size_t m_max_content_length{std::numeric_limits<size_t>::max()};
+			std::size_t m_connection_count{0};
+			std::size_t m_max_public_ip_connections{3};
+			std::size_t m_max_private_ip_connections{25};
+			std::size_t m_max_connections{100};
 			critical_section m_lock;
 		};

@ -70,7 +76,7 @@ namespace net_utils
 			typedef http_server_config config_type;

 			simple_http_connection_handler(i_service_endpoint* psnd_hndlr, config_type& config, t_connection_context& conn_context);
-			virtual ~simple_http_connection_handler(){}
+			virtual ~simple_http_connection_handler();

 			bool release_protocol()
 			{
@ -86,10 +92,7 @@ namespace net_utils
 			{
 				return true;
 			}
-			bool after_init_connection()
-			{
-				return true;
-			}
+			bool after_init_connection();
 			virtual bool handle_recv(const void* ptr, size_t cb);
 			virtual bool handle_request(const http::http_request_info& query_info, http_response_info& response);

@ -146,6 +149,7 @@ namespace net_utils
 		protected:
 			i_service_endpoint* m_psnd_hndlr; 
 			t_connection_context& m_conn_context;
+			bool m_initialized;
 		};

 		template<class t_connection_context>
@ -212,10 +216,6 @@ namespace net_utils
 			}
 			void handle_qued_callback()
 			{}
-			bool after_init_connection()
-			{
-				return true;
-			}

 		private:
 			//simple_http_connection_handler::config_type m_stub_config;
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@ -208,11 +208,46 @@ namespace net_utils
 		m_newlines(0),
 		m_bytes_read(0),
 		m_psnd_hndlr(psnd_hndlr),
-		m_conn_context(conn_context)
+		m_conn_context(conn_context),
+		m_initialized(false)
 	{

 	}
 	//--------------------------------------------------------------------------------------------
+	template<class t_connection_context>
+	simple_http_connection_handler<t_connection_context>::~simple_http_connection_handler()
+	{
+	  try
+	  {
+	    if (m_initialized)
+	    {
+	      CRITICAL_REGION_LOCAL(m_config.m_lock);
+	      if (m_config.m_connection_count)
+	        --m_config.m_connection_count;
+	      auto elem = m_config.m_connections.find(m_conn_context.m_remote_address.host_str());
+	      if (elem != m_config.m_connections.end())
+	      {
+	        if (elem->second == 1 || elem->second == 0)
+	          m_config.m_connections.erase(elem);
+	        else
+	          --(elem->second);
+	      }
+	    }
+	  }
+	  catch (...)
+	  {}
+	}
+	//--------------------------------------------------------------------------------------------
+	template<class t_connection_context>
+	bool simple_http_connection_handler<t_connection_context>::after_init_connection()
+	{
+	  CRITICAL_REGION_LOCAL(m_config.m_lock);
+	  ++m_config.m_connections[m_conn_context.m_remote_address.host_str()];
+	  ++m_config.m_connection_count;
+	  m_initialized = true;
+	  return true;
+	}
+	//--------------------------------------------------------------------------------------------
    template<class t_connection_context>
 	bool simple_http_connection_handler<t_connection_context>::set_ready_state()
 	{
--- a/contrib/epee/include/net/http_server_handlers_map2.h
+++ b/contrib/epee/include/net/http_server_handlers_map2.h
@ -71,7 +71,7 @@
    else if((query_info.m_URI == s_pattern) && (cond)) \
    { \
      handled = true; \
-      uint64_t ticks = misc_utils::get_tick_count(); \
+      uint64_t ticks = epee::misc_utils::get_tick_count(); \
      boost::value_initialized<command_type::request> req; \
      bool parse_res = epee::serialization::load_t_from_json(static_cast<command_type::request&>(req), query_info.m_body); \
      if (!parse_res) \
@ -107,7 +107,7 @@
    else if(query_info.m_URI == s_pattern) \
    { \
      handled = true; \
-      uint64_t ticks = misc_utils::get_tick_count(); \
+      uint64_t ticks = epee::misc_utils::get_tick_count(); \
      boost::value_initialized<command_type::request> req; \
      bool parse_res = epee::serialization::load_t_from_binary(static_cast<command_type::request&>(req), epee::strspan<uint8_t>(query_info.m_body)); \
      if (!parse_res) \
@ -117,7 +117,7 @@
         response_info.m_response_comment = "Bad request"; \
         return true; \
      } \
-      uint64_t ticks1 = misc_utils::get_tick_count(); \
+      uint64_t ticks1 = epee::misc_utils::get_tick_count(); \
      boost::value_initialized<command_type::response> resp;\
      MINFO(m_conn_context << "calling " << s_pattern); \
      bool res = false; \
@ -129,7 +129,7 @@
        response_info.m_response_comment = "Internal Server Error"; \
        return true; \
      } \
-      uint64_t ticks2 = misc_utils::get_tick_count(); \
+      uint64_t ticks2 = epee::misc_utils::get_tick_count(); \
      epee::byte_slice buffer; \
      epee::serialization::store_t_to_binary(static_cast<command_type::response&>(resp), buffer, 64 * 1024); \
      uint64_t ticks3 = epee::misc_utils::get_tick_count(); \
@ -171,6 +171,13 @@
      epee::serialization::store_t_to_json(static_cast<epee::json_rpc::error_response&>(rsp), response_info.m_body); \
      return true; \
    } \
+    epee::serialization::storage_entry params_; \
+    params_ = epee::serialization::storage_entry(epee::serialization::section()); \
+    if(!ps.get_value("params", params_, nullptr)) \
+    { \
+      epee::serialization::section params_section; \
+      ps.set_value("params", std::move(params_section), nullptr); \
+    } \
    if(false) return true; //just a stub to have "else if"


--- a/contrib/epee/include/net/http_server_impl_base.h
+++ b/contrib/epee/include/net/http_server_impl_base.h
@ -33,6 +33,7 @@
 #include <boost/thread.hpp>
 #include <boost/bind/bind.hpp>

+#include "cryptonote_config.h"
 #include "net/abstract_tcp_server2.h"
 #include "http_protocol_handler.h"
 #include "net/http_server_handlers_map2.h"
@ -44,7 +45,8 @@ namespace epee
 {

  template<class t_child_class, class t_connection_context = epee::net_utils::connection_context_base>
-  class http_server_impl_base: public net_utils::http::i_http_server_handler<t_connection_context>
+  class http_server_impl_base: public net_utils::http::i_http_server_handler<t_connection_context>,
+                                      net_utils::i_connection_limit
  {

  public:
@ -52,7 +54,7 @@ namespace epee
        : m_net_server(epee::net_utils::e_connection_type_RPC)
    {}

-    explicit http_server_impl_base(boost::asio::io_service& external_io_service)
+    explicit http_server_impl_base(boost::asio::io_context& external_io_service)
        : m_net_server(external_io_service)
    {}

@ -60,8 +62,16 @@ namespace epee
      const std::string& bind_ipv6_address = "::", bool use_ipv6 = false, bool require_ipv4 = true,
      std::vector<std::string> access_control_origins = std::vector<std::string>(),
      boost::optional<net_utils::http::login> user = boost::none,
-      net_utils::ssl_options_t ssl_options = net_utils::ssl_support_t::e_ssl_support_autodetect)
+      net_utils::ssl_options_t ssl_options = net_utils::ssl_support_t::e_ssl_support_autodetect,
+      const std::size_t max_public_ip_connections = DEFAULT_RPC_MAX_CONNECTIONS_PER_PUBLIC_IP,
+      const std::size_t max_private_ip_connections = DEFAULT_RPC_MAX_CONNECTIONS_PER_PRIVATE_IP,
+      const std::size_t max_connections = DEFAULT_RPC_MAX_CONNECTIONS,
+      const std::size_t response_soft_limit = DEFAULT_RPC_SOFT_LIMIT_SIZE)
    {
+      if (max_connections < max_public_ip_connections)
+        throw std::invalid_argument{"Max public IP connections cannot be more than max connections"};
+      if (max_connections < max_private_ip_connections)
+        throw std::invalid_argument{"Max private IP connections cannot be more than max connections"};

      //set self as callback handler
      m_net_server.get_config_object().m_phandler = static_cast<t_child_class*>(this);
@ -75,6 +85,11 @@ namespace epee
      m_net_server.get_config_object().m_access_control_origins = std::move(access_control_origins);

      m_net_server.get_config_object().m_user = std::move(user);
+      m_net_server.get_config_object().m_max_public_ip_connections = max_public_ip_connections;
+      m_net_server.get_config_object().m_max_private_ip_connections = max_private_ip_connections;
+      m_net_server.get_config_object().m_max_connections = max_connections;
+      m_net_server.set_response_soft_limit(response_soft_limit);
+      m_net_server.set_connection_limit(this);

      MGINFO("Binding on " << bind_ip << " (IPv4):" << bind_port);
      if (use_ipv6)
@ -131,6 +146,26 @@ namespace epee
    }

  protected: 
+
+    virtual bool is_host_limit(const net_utils::network_address& na) override final
+    {
+      auto& config = m_net_server.get_config_object();
+      CRITICAL_REGION_LOCAL(config.m_lock);
+      if (config.m_max_connections <= config.m_connection_count)
+        return true;
+
+      const bool is_private = na.is_loopback() || na.is_local();
+      const auto elem = config.m_connections.find(na.host_str());
+      if (elem != config.m_connections.end())
+      {
+        if (is_private)
+          return config.m_max_private_ip_connections <= elem->second;
+        else
+          return config.m_max_public_ip_connections <= elem->second;
+      }
+      return false;
+    }
+
    net_utils::boosted_tcp_server<net_utils::http::http_custom_handler<t_connection_context> > m_net_server;
  };
 }
--- a/contrib/epee/include/net/levin_protocol_handler_async.h
+++ b/contrib/epee/include/net/levin_protocol_handler_async.h
@ -200,7 +200,7 @@ public:
  struct anvoke_handler: invoke_response_handler_base
  {
    anvoke_handler(const callback_t& cb, uint64_t timeout,  async_protocol_handler& con, int command)
-      :m_cb(cb), m_timeout(timeout), m_con(con), m_timer(con.m_pservice_endpoint->get_io_service()), m_timer_started(false),
+      :m_cb(cb), m_timeout(timeout), m_con(con), m_timer(con.m_pservice_endpoint->get_io_context()), m_timer_started(false),
      m_cancel_timer_called(false), m_timer_cancelled(false), m_command(command)
    {
      if(m_con.start_outer_call())
--- a/contrib/epee/include/net/net_helper.h
+++ b/contrib/epee/include/net/net_helper.h
@ -34,7 +34,7 @@
 #include <atomic>
 #include <string>
 #include <boost/version.hpp>
-#include <boost/asio/io_service.hpp>
+#include <boost/asio/io_context.hpp>
 #include <boost/asio/ip/tcp.hpp>
 #include <boost/asio/read.hpp>
 #include <boost/asio/ssl.hpp>
@ -158,11 +158,11 @@ namespace net_utils
    inline
 			try_connect_result_t try_connect(const std::string& addr, const std::string& port, std::chrono::milliseconds timeout)
 		{
-				m_deadline.expires_from_now(timeout);
+				m_deadline.expires_after(timeout);
 				boost::unique_future<boost::asio::ip::tcp::socket> connection = m_connector(addr, port, m_deadline);
 				for (;;)
 				{
-					m_io_service.reset();
+					m_io_service.restart();
 					m_io_service.run_one();

 					if (connection.is_ready())
@ -178,7 +178,7 @@ namespace net_utils
 					// SSL Options
 					if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
 					{
-						if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, {}, addr, timeout))
+						if (!m_ssl_options.handshake(m_io_service, *m_ssl_socket, boost::asio::ssl::stream_base::client, {}, addr, timeout))
 						{
 							if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
 							{
@ -285,7 +285,7 @@ namespace net_utils

 			try
 			{
-				m_deadline.expires_from_now(timeout);
+				m_deadline.expires_after(timeout);

 				// Set up the variable that receives the result of the asynchronous
 				// operation. The error code is set to would_block to signal that the
@ -303,7 +303,7 @@ namespace net_utils
 				// Block until the asynchronous operation has completed.
 				while (ec == boost::asio::error::would_block)
 				{
-					m_io_service.reset();
+					m_io_service.restart();
 					m_io_service.run_one(); 
 				}

@ -409,7 +409,7 @@ namespace net_utils
 				// Set a deadline for the asynchronous operation. Since this function uses
 				// a composed operation (async_read_until), the deadline applies to the
 				// entire operation, rather than individual reads from the socket.
-				m_deadline.expires_from_now(timeout);
+				m_deadline.expires_after(timeout);

 				// Set up the variable that receives the result of the asynchronous
 				// operation. The error code is set to would_block to signal that the
@ -436,7 +436,7 @@ namespace net_utils
 				// Block until the asynchronous operation has completed.
 				while (ec == boost::asio::error::would_block && !m_shutdowned)
 				{
-					m_io_service.reset();
+					m_io_service.restart();
 					m_io_service.run_one(); 
 				}

@ -495,7 +495,7 @@ namespace net_utils
 				// Set a deadline for the asynchronous operation. Since this function uses
 				// a composed operation (async_read_until), the deadline applies to the
 				// entire operation, rather than individual reads from the socket.
-				m_deadline.expires_from_now(timeout);
+				m_deadline.expires_after(timeout);

 				// Set up the variable that receives the result of the asynchronous
 				// operation. The error code is set to would_block to signal that the
@ -580,7 +580,7 @@ namespace net_utils
 			return true;
 		}
 		
-		boost::asio::io_service& get_io_service()
+		boost::asio::io_context& get_io_service()
 		{
 			return m_io_service;
 		}
@ -607,7 +607,7 @@ namespace net_utils
 			// Check whether the deadline has passed. We compare the deadline against
 			// the current time since a new asynchronous operation may have moved the
 			// deadline before this actor had a chance to run.
-			if (m_deadline.expires_at() <= std::chrono::steady_clock::now())
+			if (m_deadline.expiry() <= std::chrono::steady_clock::now())
 			{
 				// The deadline has passed. The socket is closed so that any outstanding
 				// asynchronous operations are cancelled. This allows the blocked
@ -628,11 +628,11 @@ namespace net_utils
 		void shutdown_ssl() {
 			// ssl socket shutdown blocks if server doesn't respond. We close after 2 secs
 			boost::system::error_code ec = boost::asio::error::would_block;
-			m_deadline.expires_from_now(std::chrono::milliseconds(2000));
+			m_deadline.expires_after(std::chrono::milliseconds(2000));
 			m_ssl_socket->async_shutdown(boost::lambda::var(ec) = boost::lambda::_1);
 			while (ec == boost::asio::error::would_block)
 			{
-				m_io_service.reset();
+				m_io_service.restart();
 				m_io_service.run_one();
 			}
 			// Ignore "short read" error
@ -676,7 +676,7 @@ namespace net_utils
 		}
 		
 	protected:
-		boost::asio::io_service m_io_service;
+		boost::asio::io_context m_io_service;
 		boost::asio::ssl::context m_ctx;
 		std::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket>> m_ssl_socket;
 		std::function<connect_func> m_connector;
@ -688,119 +688,6 @@ namespace net_utils
 		std::atomic<uint64_t> m_bytes_sent;
 		std::atomic<uint64_t> m_bytes_received;
 	};
-
-
-	/************************************************************************/
-	/*                                                                      */
-	/************************************************************************/
-	class async_blocked_mode_client: public blocked_mode_client
-	{
-	public:
-		async_blocked_mode_client():m_send_deadline(blocked_mode_client::m_io_service)
-		{
-
-			// No deadline is required until the first socket operation is started. We
-			// set the deadline to positive infinity so that the actor takes no action
-			// until a specific deadline is set.
-			m_send_deadline.expires_at(boost::posix_time::pos_infin);
-
-			// Start the persistent actor that checks for deadline expiry.
-			check_send_deadline();
-		}
-		~async_blocked_mode_client()
-		{
-			m_send_deadline.cancel();
-		}
-		
-		bool shutdown()
-		{
-			blocked_mode_client::shutdown();
-			m_send_deadline.cancel();
-			return true;
-		}
-
-		inline 
-			bool send(const void* data, size_t sz)
-		{
-			try
-			{
-				/*
-				m_send_deadline.expires_from_now(boost::posix_time::milliseconds(m_reciev_timeout));
-
-				// Set up the variable that receives the result of the asynchronous
-				// operation. The error code is set to would_block to signal that the
-				// operation is incomplete. Asio guarantees that its asynchronous
-				// operations will never fail with would_block, so any other value in
-				// ec indicates completion.
-				boost::system::error_code ec = boost::asio::error::would_block;
-
-				// Start the asynchronous operation itself. The boost::lambda function
-				// object is used as a callback and will update the ec variable when the
-				// operation completes. The blocking_udp_client.cpp example shows how you
-				// can use boost::bind rather than boost::lambda.
-				boost::asio::async_write(m_socket, boost::asio::buffer(data, sz), boost::lambda::var(ec) = boost::lambda::_1);
-
-				// Block until the asynchronous operation has completed.
-				while(ec == boost::asio::error::would_block)
-				{
-					m_io_service.run_one();
-				}*/
-				
-				boost::system::error_code ec;
-
-				size_t writen = write(data, sz, ec);
-				
-				if (!writen || ec)
-				{
-					LOG_PRINT_L3("Problems at write: " << ec.message());
-					return false;
-				}else
-				{
-					m_send_deadline.expires_at(boost::posix_time::pos_infin);
-				}
-			}
-
-			catch(const boost::system::system_error& er)
-			{
-				LOG_ERROR("Some problems at connect, message: " << er.what());
-				return false;
-			}
-			catch(...)
-			{
-				LOG_ERROR("Some fatal problems.");
-				return false;
-			}
-
-			return true;
-		}
-
-
-	private:
-
-		boost::asio::deadline_timer m_send_deadline;
-
-		void check_send_deadline()
-		{
-			// Check whether the deadline has passed. We compare the deadline against
-			// the current time since a new asynchronous operation may have moved the
-			// deadline before this actor had a chance to run.
-			if (m_send_deadline.expires_at() <= boost::asio::deadline_timer::traits_type::now())
-			{
-				// The deadline has passed. The socket is closed so that any outstanding
-				// asynchronous operations are cancelled. This allows the blocked
-				// connect(), read_line() or write_line() functions to return.
-				LOG_PRINT_L3("Timed out socket");
-				m_ssl_socket->next_layer().close();
-
-				// There is no longer an active deadline. The expiry is set to positive
-				// infinity so that the actor takes no action until a new deadline is set.
-				m_send_deadline.expires_at(boost::posix_time::pos_infin);
-			}
-
-			// Put the actor back to sleep.
-			m_send_deadline.async_wait(boost::bind(&async_blocked_mode_client::check_send_deadline, this));
-		}
-	};
 }
 }

--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@ -34,6 +34,7 @@
 #include <string>
 #include <vector>
 #include <boost/utility/string_ref.hpp>
+#include <boost/asio/io_context.hpp>
 #include <boost/asio/ip/tcp.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/filesystem/path.hpp>
@ -125,6 +126,7 @@ namespace net_utils
        \note It is strongly encouraged that clients using `system_ca`
          verification provide a non-empty `host` for rfc2818 verification.

+        \param io_context associated with `socket`.
        \param socket Used in SSL handshake and verification
        \param type Client or server
        \param host This parameter is only used when
@ -136,6 +138,7 @@ namespace net_utils
        \return True if the SSL handshake completes with peer verification
          settings. */
    bool handshake(
+      boost::asio::io_context& io_context,
      boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
      boost::asio::ssl::stream_base::handshake_type type,
      boost::asio::const_buffer buffer = {},
--- a/contrib/epee/include/net/net_utils_base.h
+++ b/contrib/epee/include/net/net_utils_base.h
@ -30,7 +30,7 @@
 #define _NET_UTILS_BASE_H_

 #include <boost/uuid/uuid.hpp>
-#include <boost/asio/io_service.hpp>
+#include <boost/asio/io_context.hpp>
 #include <boost/asio/ip/address_v6.hpp>
 #include <typeinfo>
 #include <type_traits>
@ -47,10 +47,12 @@
 #define MAKE_IP( a1, a2, a3, a4 )	(a1|(a2<<8)|(a3<<16)|(((uint32_t)a4)<<24))
 #endif

+/* Use the below function carefully. The executor and io_context are slightly
+  different concepts. */
 #if BOOST_VERSION >= 107000
-#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
+  #define MONERO_GET_EXECUTOR(type) type . get_executor()
 #else
-#define GET_IO_SERVICE(s) ((s).get_io_service())
+  #define MONERO_GET_EXECUTOR(type) type . get_io_context()
 #endif

 namespace net
@ -443,7 +445,7 @@ namespace net_utils
    virtual bool send_done()=0;
    virtual bool call_run_once_service_io()=0;
    virtual bool request_callback()=0;
-    virtual boost::asio::io_service& get_io_service()=0;
+    virtual boost::asio::io_context& get_io_context()=0;
    //protect from deletion connection object(with protocol instance) during external call "invoke"
    virtual bool add_ref()=0;
    virtual bool release()=0;
--- a/contrib/epee/include/net/network_throttle-detail.hpp
+++ b/contrib/epee/include/net/network_throttle-detail.hpp
@ -46,13 +46,13 @@ namespace net_utils


 class network_throttle : public i_network_throttle {
-	private:
+	public:
 		struct packet_info {
 			size_t m_size; // octets sent. Summary for given small-window (e.g. for all packaged in 1 second)
 			packet_info();
 		};

-
+	private:
 		network_speed_bps m_target_speed;
 		size_t m_network_add_cost; // estimated add cost of headers 
 		size_t m_network_minimal_segment; // estimated minimal cost of sending 1 byte to round up to
--- a/contrib/epee/include/serialization/keyvalue_serialization.h
+++ b/contrib/epee/include/serialization/keyvalue_serialization.h
@ -98,16 +98,18 @@ public: \
 #define KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, val_name) \
  epee::serialization::selector<is_store>::serialize_t_val_as_blob(this_ref.varialble, stg, hparent_section, val_name); 

-#define KV_SERIALIZE_VAL_POD_AS_BLOB_N(varialble, val_name) \
-  static_assert(std::is_pod<decltype(this_ref.varialble)>::value, "t_type must be a POD type."); \
-  KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, val_name)
+#define KV_SERIALIZE_VAL_POD_AS_BLOB_N(variable, val_name) \
+  static_assert(std::is_trivially_copyable<decltype(this_ref.variable)>(), "t_type must be a trivially copyable type."); \
+  static_assert(std::is_standard_layout<decltype(this_ref.variable)>(), "t_type must be a standard layout type."); \
+  KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(variable, val_name)

-#define KV_SERIALIZE_VAL_POD_AS_BLOB_OPT_N(varialble, val_name, default_value) \
+#define KV_SERIALIZE_VAL_POD_AS_BLOB_OPT_N(variable, val_name, default_value) \
  do { \
-    static_assert(std::is_pod<decltype(this_ref.varialble)>::value, "t_type must be a POD type."); \
-    bool ret = KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, val_name); \
+    static_assert(std::is_trivially_copyable<decltype(this_ref.variable)>(), "t_type must be a trivially copyable type."); \
+    static_assert(std::is_standard_layout<decltype(this_ref.variable)>(), "t_type must be a standard layout type."); \
+    bool ret = KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(variable, val_name) \
    if (!ret) \
-      epee::serialize_default(this_ref.varialble, default_value); \
+      epee::serialize_default(this_ref.variable, default_value); \
  } while(0);

 #define KV_SERIALIZE_CONTAINER_POD_AS_BLOB_N(varialble, val_name) \
@ -118,7 +120,7 @@ public: \
 #define KV_SERIALIZE(varialble)                           KV_SERIALIZE_N(varialble, #varialble)
 #define KV_SERIALIZE_VAL_POD_AS_BLOB(varialble)           KV_SERIALIZE_VAL_POD_AS_BLOB_N(varialble, #varialble)
 #define KV_SERIALIZE_VAL_POD_AS_BLOB_OPT(varialble, def)  KV_SERIALIZE_VAL_POD_AS_BLOB_OPT_N(varialble, #varialble, def)
-#define KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE(varialble)     KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, #varialble) //skip is_pod compile time check
+#define KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE(varialble)     KV_SERIALIZE_VAL_POD_AS_BLOB_FORCE_N(varialble, #varialble) //skip is_trivially_copyable and is_standard_layout compile time check
 #define KV_SERIALIZE_CONTAINER_POD_AS_BLOB(varialble)     KV_SERIALIZE_CONTAINER_POD_AS_BLOB_N(varialble, #varialble)
 #define KV_SERIALIZE_OPT(variable,default_value)          KV_SERIALIZE_OPT_N(variable, #variable, default_value)

--- a/contrib/epee/include/span.h
+++ b/contrib/epee/include/span.h
@ -133,26 +133,37 @@ namespace epee
    return {src.data(), src.size()};
  }

-  template<typename T>
-  constexpr bool has_padding() noexcept
-  {
-    return !std::is_standard_layout<T>() || alignof(T) != 1;
-  }
-
  //! \return Cast data from `src` as `span<const std::uint8_t>`.
  template<typename T>
  span<const std::uint8_t> to_byte_span(const span<const T> src) noexcept
  {
-    static_assert(!has_padding<T>(), "source type may have padding");
+    static_assert(!std::is_empty<T>(), "empty value types will not work -> sizeof == 1");
+    static_assert(std::is_standard_layout<T>(), "type must have standard layout");
+    static_assert(std::is_trivially_copyable<T>(), "type must be trivially copyable");
+    static_assert(alignof(T) == 1, "type may have padding");
    return {reinterpret_cast<const std::uint8_t*>(src.data()), src.size_bytes()}; 
  }

+  //! \return `span<std::uint8_t>` from a STL compatible `src`.
+  template<typename T>
+  constexpr span<std::uint8_t> to_mut_byte_span(T& src)
+  {
+    using value_type = typename T::value_type;
+    static_assert(!std::is_empty<value_type>(), "empty value types will not work -> sizeof == 1");
+    static_assert(std::is_standard_layout<value_type>(), "value type must have standard layout");
+    static_assert(std::is_trivially_copyable<value_type>(), "value type must be trivially copyable");
+    static_assert(alignof(value_type) == 1, "value type may have padding");
+    return {reinterpret_cast<std::uint8_t*>(src.data()), src.size() * sizeof(value_type)};
+  }
+
  //! \return `span<const std::uint8_t>` which represents the bytes at `&src`.
  template<typename T>
  span<const std::uint8_t> as_byte_span(const T& src) noexcept
  {
    static_assert(!std::is_empty<T>(), "empty types will not work -> sizeof == 1");
-    static_assert(!has_padding<T>(), "source type may have padding");
+    static_assert(std::is_standard_layout<T>(), "type must have standard layout");
+    static_assert(std::is_trivially_copyable<T>(), "type must be trivially copyable");
+    static_assert(alignof(T) == 1, "type may have padding");
    return {reinterpret_cast<const std::uint8_t*>(std::addressof(src)), sizeof(T)};
  }

@ -161,7 +172,9 @@ namespace epee
  span<std::uint8_t> as_mut_byte_span(T& src) noexcept
  {
    static_assert(!std::is_empty<T>(), "empty types will not work -> sizeof == 1");
-    static_assert(!has_padding<T>(), "source type may have padding");
+    static_assert(std::is_standard_layout<T>(), "type must have standard layout");
+    static_assert(std::is_trivially_copyable<T>(), "type must be trivially copyable");
+    static_assert(alignof(T) == 1, "type may have padding");
    return {reinterpret_cast<std::uint8_t*>(std::addressof(src)), sizeof(T)};
  }

--- a/contrib/epee/include/storages/parserse_base_utils.h
+++ b/contrib/epee/include/storages/parserse_base_utils.h
@ -30,6 +30,7 @@

 #include <boost/utility/string_ref_fwd.hpp>
 #include <string>
+#include <cstdint>

 namespace epee 
 {
--- a/contrib/epee/include/storages/portable_storage_from_bin.h
+++ b/contrib/epee/include/storages/portable_storage_from_bin.h
@ -33,6 +33,9 @@
 #include "portable_storage_base.h"
 #include "portable_storage_bin_utils.h"

+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "serialization"
+
 #ifdef EPEE_PORTABLE_STORAGE_RECURSION_LIMIT
 #define EPEE_PORTABLE_STORAGE_RECURSION_LIMIT_INTERNAL EPEE_PORTABLE_STORAGE_RECURSION_LIMIT
 #else 
--- a/contrib/epee/include/storages/portable_storage_from_json.h
+++ b/contrib/epee/include/storages/portable_storage_from_json.h
@ -31,6 +31,9 @@
 #include "parserse_base_utils.h"
 #include "file_io_utils.h"

+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "serialization"
+
 #define EPEE_JSON_RECURSION_LIMIT_INTERNAL 100

 namespace epee
--- a/contrib/epee/include/storages/portable_storage_val_converters.h
+++ b/contrib/epee/include/storages/portable_storage_val_converters.h
@ -37,6 +37,7 @@
 #include "misc_log_ex.h"

 #include <boost/lexical_cast.hpp>
+#include <boost/numeric/conversion/bounds.hpp>
 #include <typeinfo>
 #include <iomanip>

--- a/contrib/epee/include/string_tools.h
+++ b/contrib/epee/include/string_tools.h
@ -31,6 +31,7 @@
 #include "mlocker.h"

 #include <boost/utility/string_ref.hpp>
+#include <boost/algorithm/string.hpp> 
 #include <sstream>
 #include <string>
 #include <cstdint>
@ -69,23 +70,17 @@ namespace string_tools
 #ifdef _WIN32
   std::string get_current_module_path();
 #endif
-  bool set_module_name_and_folder(const std::string& path_to_process_);
-  bool trim_left(std::string& str);
-  bool trim_right(std::string& str);
+  void set_module_name_and_folder(const std::string& path_to_process_);
  //----------------------------------------------------------------------------
  inline std::string& trim(std::string& str)
  {
-    trim_left(str);
-    trim_right(str);
+    boost::trim(str);
    return str;
  }
  //----------------------------------------------------------------------------
-  inline std::string trim(const std::string& str_)
+  inline std::string trim(const std::string& str)
  {
-    std::string str = str_;
-    trim_left(str);
-    trim_right(str);
-    return str;
+    return boost::trim_copy(str);
  }
  std::string pad_string(std::string s, size_t n, char c = ' ', bool prepend = false);
  
@ -94,6 +89,7 @@ namespace string_tools
  std::string pod_to_hex(const t_pod_type& s)
  {
    static_assert(std::is_standard_layout<t_pod_type>(), "expected standard layout type");
+    static_assert(alignof(t_pod_type) == 1, "type may have padding");
    return to_hex::string(as_byte_span(s));
  }
  //----------------------------------------------------------------------------
@ -101,6 +97,8 @@ namespace string_tools
  bool hex_to_pod(const boost::string_ref hex_str, t_pod_type& s)
  {
    static_assert(std::is_standard_layout<t_pod_type>(), "expected standard layout type");
+    static_assert(alignof(t_pod_type) == 1, "type may have padding");
+    static_assert(std::is_trivially_copyable<t_pod_type>(), "type must be trivially copyable");
    return from_hex::to_buffer(as_mut_byte_span(s), hex_str);
  }
  //----------------------------------------------------------------------------
--- a/contrib/epee/src/abstract_http_client.cpp
+++ b/contrib/epee/src/abstract_http_client.cpp
@ -135,6 +135,13 @@ namespace http
    http::url_content parsed{};
    const bool r = parse_url(address, parsed);
    CHECK_AND_ASSERT_MES(r, false, "failed to parse url: " << address);
+    if (parsed.port == 0)
+    {
+      if (parsed.schema == "http")
+        parsed.port = 80;
+      else if (parsed.schema == "https")
+        parsed.port = 443;
+    }
    set_server(std::move(parsed.host), std::to_string(parsed.port), std::move(user), std::move(ssl_options));
    return true;
  }
--- a/contrib/epee/src/byte_slice.cpp
+++ b/contrib/epee/src/byte_slice.cpp
@ -152,7 +152,11 @@ namespace epee
  {
    std::size_t space_needed = 0;
    for (const auto& source : sources)
+    {
+      if (std::numeric_limits<std::size_t>::max() - space_needed < source.size())
+        throw std::bad_alloc{};
      space_needed += source.size();
+    }

    if (space_needed)
    {
@ -162,9 +166,9 @@ namespace epee

      for (const auto& source : sources)
      {
+        assert(source.size() <= out.size()); // see check above
        std::memcpy(out.data(), source.data(), source.size());
-        if (out.remove_prefix(source.size()) < source.size())
-          throw std::bad_alloc{}; // size_t overflow on space_needed
+        out.remove_prefix(source.size());
      }
      storage_ = std::move(storage);
    }
--- a/contrib/epee/src/connection_basic.cpp
+++ b/contrib/epee/src/connection_basic.cpp
@ -46,12 +46,6 @@
 // TODO:
 #include "net/network_throttle-detail.hpp"

-#if BOOST_VERSION >= 107000
-#define GET_IO_SERVICE(s) ((boost::asio::io_context&)(s).get_executor().context())
-#else
-#define GET_IO_SERVICE(s) ((s).get_io_service())
-#endif
-
 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "net.conn"

@ -127,12 +121,12 @@ connection_basic_pimpl::connection_basic_pimpl(const std::string &name) : m_thro
 int connection_basic_pimpl::m_default_tos;

 // methods:
-connection_basic::connection_basic(boost::asio::ip::tcp::socket&& sock, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
+connection_basic::connection_basic(boost::asio::io_context &io_context, boost::asio::ip::tcp::socket&& sock, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
 	:
 	m_state(std::move(state)),
 	mI( new connection_basic_pimpl("peer") ),
-	strand_(GET_IO_SERVICE(sock)),
-	socket_(GET_IO_SERVICE(sock), get_context(m_state.get())),
+	strand_(io_context),
+	socket_(io_context, get_context(m_state.get())),
 	m_want_close_connection(false),
 	m_was_shutdown(false),
 	m_is_multithreaded(false),
@ -152,12 +146,12 @@ connection_basic::connection_basic(boost::asio::ip::tcp::socket&& sock, std::sha
 	_note("Spawned connection #"<<mI->m_peer_number<<" to " << remote_addr_str << " currently we have sockets count:" << m_state->sock_count);
 }

-connection_basic::connection_basic(boost::asio::io_service &io_service, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
+connection_basic::connection_basic(boost::asio::io_context &io_context, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support)
 	:
 	m_state(std::move(state)),
 	mI( new connection_basic_pimpl("peer") ),
-	strand_(io_service),
-	socket_(io_service, get_context(m_state.get())),
+	strand_(io_context),
+	socket_(io_context, get_context(m_state.get())),
 	m_want_close_connection(false),
 	m_was_shutdown(false),
 	m_is_multithreaded(false),
--- a/contrib/epee/src/file_io_utils.cpp
+++ b/contrib/epee/src/file_io_utils.cpp
@ -29,7 +29,7 @@
 #include <fstream>
 #include <boost/filesystem/path.hpp>
 #include <boost/filesystem/operations.hpp>
-#ifdef WIN32
+#ifdef _WIN32
 #include <windows.h>
 #include "string_tools.h"
 #endif
@ -70,7 +70,7 @@ namespace file_io_utils

 	bool save_string_to_file(const std::string& path_to_file, const std::string& str)
 	{
-#ifdef WIN32
+#ifdef _WIN32
                std::wstring wide_path;
                try { wide_path = string_tools::utf8_to_utf16(path_to_file); } catch (...) { return false; }
                HANDLE file_handle = CreateFileW(wide_path.c_str(), GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
@ -104,7 +104,7 @@ namespace file_io_utils

 	bool load_file_to_string(const std::string& path_to_file, std::string& target_str, size_t max_size)
 	{
-#ifdef WIN32
+#ifdef _WIN32
                std::wstring wide_path;
                try { wide_path = string_tools::utf8_to_utf16(path_to_file); } catch (...) { return false; }
                HANDLE file_handle = CreateFileW(wide_path.c_str(), GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
@ -149,40 +149,5 @@ namespace file_io_utils
 		}
 #endif
 	}
-
-
-	bool get_file_size(const std::string& path_to_file, uint64_t &size)
-	{
-#ifdef WIN32
-                std::wstring wide_path;
-                try { wide_path = string_tools::utf8_to_utf16(path_to_file); } catch (...) { return false; }
-                HANDLE file_handle = CreateFileW(wide_path.c_str(), GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
-                if (file_handle == INVALID_HANDLE_VALUE)
-                    return false;
-                LARGE_INTEGER file_size;
-                BOOL result = GetFileSizeEx(file_handle, &file_size);
-                CloseHandle(file_handle);
-                if (result) {
-                    size = file_size.QuadPart;
-                }
-                return size;
-#else
-		try
-		{
-			std::ifstream fstream;
-			fstream.exceptions(std::ifstream::failbit | std::ifstream::badbit);
-			fstream.open(path_to_file, std::ios_base::binary | std::ios_base::in | std::ios::ate);
-			size = fstream.tellg();
-			fstream.close();
-			return true;
-		}
-
-		catch(...)
-		{
-			return false;
-		}
-#endif
-	}
-
 }
 }
--- a/contrib/epee/src/http_auth.cpp
+++ b/contrib/epee/src/http_auth.cpp
@ -63,11 +63,11 @@
 #include <cassert>
 #include <iterator>
 #include <limits>
+#include <openssl/evp.h>
 #include <tuple>
 #include <type_traits>

 #include "hex.h"
-#include "md5_l.h"
 #include "string_coding.h"

 /* This file uses the `u8` prefix and specifies all chars by ASCII numeric
@ -114,8 +114,8 @@ namespace
      void operator()(const T& arg) const
      {
        const boost::iterator_range<const char*> data(boost::as_literal(arg));
-        md5::MD5Update(
-          std::addressof(ctx),
+        EVP_DigestUpdate(
+          ctx,
          reinterpret_cast<const std::uint8_t*>(data.begin()),
          data.size()
        );
@ -126,25 +126,25 @@ namespace
      }
      void operator()(const epee::wipeable_string& arg) const
      {
-        md5::MD5Update(
-          std::addressof(ctx),
+        EVP_DigestUpdate(
+          ctx,
          reinterpret_cast<const std::uint8_t*>(arg.data()),
          arg.size()
        );
      }

-      md5::MD5_CTX& ctx;
+      EVP_MD_CTX *ctx;
    };

    template<typename... T>
    std::array<char, 32> operator()(const T&... args) const
    {      
-      md5::MD5_CTX ctx{};
-      md5::MD5Init(std::addressof(ctx));
-      boost::fusion::for_each(std::tie(args...), update{ctx});
+      std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> ctx(EVP_MD_CTX_new(), &EVP_MD_CTX_free);
+      EVP_DigestInit(ctx.get(), EVP_md5());
+      boost::fusion::for_each(std::tie(args...), update{ctx.get()});

      std::array<std::uint8_t, 16> digest{{}};
-      md5::MD5Final(digest.data(), std::addressof(ctx));
+      EVP_DigestFinal(ctx.get(), digest.data(), NULL);
      return epee::to_hex::array(digest);
    }
  };
--- a/contrib/epee/src/mlog.cpp
+++ b/contrib/epee/src/mlog.cpp
@ -176,11 +176,12 @@ void mlog_configure(const std::string &filename_base, bool console, const std::s
      std::vector<boost::filesystem::path> found_files;
      const boost::filesystem::directory_iterator end_itr;
      const boost::filesystem::path filename_base_path(filename_base);
+      const std::string filename_base_name = filename_base_path.filename().string();
      const boost::filesystem::path parent_path = filename_base_path.has_parent_path() ? filename_base_path.parent_path() : ".";
      for (boost::filesystem::directory_iterator iter(parent_path); iter != end_itr; ++iter)
      {
-        const std::string filename = iter->path().string();
-        if (filename.size() >= filename_base.size() && std::memcmp(filename.data(), filename_base.data(), filename_base.size()) == 0)
+        const std::string filename = iter->path().filename().string();
+        if (filename.size() >= filename_base_name.size() && std::memcmp(filename.data(), filename_base_name.data(), filename_base_name.size()) == 0)
        {
          found_files.push_back(iter->path());
        }
@ -338,11 +339,21 @@ bool is_stdout_a_tty()
  return is_a_tty.load(std::memory_order_relaxed);
 }

+static bool is_nocolor()
+{
+  static const char *no_color_var = getenv("NO_COLOR");
+  static const bool no_color = no_color_var && *no_color_var; // apparently, NO_COLOR=0 means no color too (as per no-color.org)
+  return no_color;
+}
+
 void set_console_color(int color, bool bright)
 {
  if (!is_stdout_a_tty())
    return;

+  if (is_nocolor())
+    return;
+
  switch(color)
  {
  case console_color_default:
@ -461,6 +472,9 @@ void reset_console_color() {
  if (!is_stdout_a_tty())
    return;

+  if (is_nocolor())
+    return;
+
 #ifdef WIN32
  HANDLE h_stdout = GetStdHandle(STD_OUTPUT_HANDLE);
  SetConsoleTextAttribute(h_stdout, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
--- a/contrib/epee/src/net_helper.cpp
+++ b/contrib/epee/src/net_helper.cpp
@ -4,22 +4,38 @@ namespace epee
 {
 namespace net_utils
 {
+	namespace
+	{
+		struct new_connection
+		{
+			boost::promise<boost::asio::ip::tcp::socket> result_;
+			boost::asio::ip::tcp::socket socket_;
+
+			template<typename T>
+			explicit new_connection(T&& executor)
+			  : result_(), socket_(std::forward<T>(executor))
+			{}
+		};
+	}
+
 	boost::unique_future<boost::asio::ip::tcp::socket>
 	direct_connect::operator()(const std::string& addr, const std::string& port, boost::asio::steady_timer& timeout) const
 	{
 		// Get a list of endpoints corresponding to the server name.
 		//////////////////////////////////////////////////////////////////////////
-		boost::asio::ip::tcp::resolver resolver(GET_IO_SERVICE(timeout));
-		boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), addr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+		boost::asio::ip::tcp::resolver resolver(MONERO_GET_EXECUTOR(timeout));

 		bool try_ipv6 = false;
-		boost::asio::ip::tcp::resolver::iterator iterator;
-		boost::asio::ip::tcp::resolver::iterator end;
+		boost::asio::ip::tcp::resolver::results_type results{};
 		boost::system::error_code resolve_error;
+
 		try
 		{
-			iterator = resolver.resolve(query, resolve_error);
-			if(iterator == end) // Documentation states that successful call is guaranteed to be non-empty
+			results = resolver.resolve(
+				boost::asio::ip::tcp::v4(), addr, port, boost::asio::ip::tcp::resolver::canonical_name, resolve_error
+			);
+
+			if (results.empty())
 			{
 				// if IPv4 resolution fails, try IPv6.  Unintentional outgoing IPv6 connections should only
 				// be possible if for some reason a hostname was given and that hostname fails IPv4 resolution,
@ -37,27 +53,20 @@ namespace net_utils
 			}
 			try_ipv6 = true;
 		}
+
 		if (try_ipv6)
 		{
-			boost::asio::ip::tcp::resolver::query query6(boost::asio::ip::tcp::v6(), addr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
-			iterator = resolver.resolve(query6);
-			if (iterator == end)
+			results = resolver.resolve(
+				boost::asio::ip::tcp::v6(), addr, port, boost::asio::ip::tcp::resolver::canonical_name
+			);
+			if (results.empty())
 				throw boost::system::system_error{boost::asio::error::fault, "Failed to resolve " + addr};
 		}

 		//////////////////////////////////////////////////////////////////////////

-		struct new_connection
-		{
-			boost::promise<boost::asio::ip::tcp::socket> result_;
-			boost::asio::ip::tcp::socket socket_;

-			explicit new_connection(boost::asio::io_service& io_service)
-			  : result_(), socket_(io_service)
-			{}
-		};
-
-		const auto shared = std::make_shared<new_connection>(GET_IO_SERVICE(timeout));
+		const auto shared = std::make_shared<new_connection>(MONERO_GET_EXECUTOR(timeout));
 		timeout.async_wait([shared] (boost::system::error_code error)
 		{
 			if (error != boost::system::errc::operation_canceled && shared && shared->socket_.is_open())
@ -66,7 +75,7 @@ namespace net_utils
 				shared->socket_.close();
 			}
 		});
-		shared->socket_.async_connect(*iterator, [shared] (boost::system::error_code error)
+		shared->socket_.async_connect(*results.begin(), [shared] (boost::system::error_code error)
 		{
 			if (shared)
 			{
--- a/contrib/epee/src/net_ssl.cpp
+++ b/contrib/epee/src/net_ssl.cpp
@ -29,6 +29,7 @@

 #include <string.h>
 #include <thread>
+#include <boost/asio/post.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/cerrno.hpp>
 #include <boost/filesystem/operations.hpp>
@ -45,6 +46,13 @@
 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "net.ssl"

+
+#if BOOST_VERSION >= 107300
+  #define MONERO_HOSTNAME_VERIFY boost::asio::ssl::host_name_verification
+#else
+  #define MONERO_HOSTNAME_VERIFY boost::asio::ssl::rfc2818_verification
+#endif
+
 // openssl genrsa -out /tmp/KEY 4096
 // openssl req -new -key /tmp/KEY -out /tmp/REQ
 // openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
@ -496,6 +504,13 @@ void ssl_options_t::configure(
  const std::string& host) const
 {
  socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true));
+  {
+    // in case server is doing "virtual" domains, set hostname
+    SSL* const ssl_ctx = socket.native_handle();
+    if (type == boost::asio::ssl::stream_base::client && !host.empty() && ssl_ctx)
+      SSL_set_tlsext_host_name(ssl_ctx, host.c_str());
+  }
+

  /* Using system-wide CA store for client verification is funky - there is
     no expected hostname for server to verify against. If server doesn't have
@ -513,17 +528,13 @@ void ssl_options_t::configure(
  {
    socket.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);

-    // in case server is doing "virtual" domains, set hostname
-    SSL* const ssl_ctx = socket.native_handle();
-    if (type == boost::asio::ssl::stream_base::client && !host.empty() && ssl_ctx)
-      SSL_set_tlsext_host_name(ssl_ctx, host.c_str());
-
+    
    socket.set_verify_callback([&](const bool preverified, boost::asio::ssl::verify_context &ctx)
    {
      // preverified means it passed system or user CA check. System CA is never loaded
      // when fingerprints are whitelisted.
      const bool verified = preverified &&
-        (verification != ssl_verification_t::system_ca || host.empty() || boost::asio::ssl::rfc2818_verification(host)(preverified, ctx));
+        (verification != ssl_verification_t::system_ca || host.empty() || MONERO_HOSTNAME_VERIFY(host)(preverified, ctx));

      if (!verified && !has_fingerprint(ctx))
      {
@ -541,6 +552,7 @@ void ssl_options_t::configure(
 }

 bool ssl_options_t::handshake(
+  boost::asio::io_context& io_context,
  boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
  boost::asio::ssl::stream_base::handshake_type type,
  boost::asio::const_buffer buffer,
@ -552,12 +564,11 @@ bool ssl_options_t::handshake(
  auto start_handshake = [&]{
    using ec_t = boost::system::error_code;
    using timer_t = boost::asio::steady_timer;
-    using strand_t = boost::asio::io_service::strand;
+    using strand_t = boost::asio::io_context::strand;
    using socket_t = boost::asio::ip::tcp::socket;

-    auto &io_context = GET_IO_SERVICE(socket);
    if (io_context.stopped())
-      io_context.reset();
+      io_context.restart();
    strand_t strand(io_context);
    timer_t deadline(io_context, timeout);

@ -592,13 +603,13 @@ bool ssl_options_t::handshake(
      state.result = ec;
      if (!state.cancel_handshake) {
        state.cancel_timer = true;
-        ec_t ec;
-        deadline.cancel(ec);
+        deadline.cancel();
      }
    };

    deadline.async_wait(on_timer);
-    strand.post(
+    boost::asio::post(
+      strand,
      [&]{
        socket.async_handshake(
          type,
--- a/contrib/epee/src/network_throttle-detail.cpp
+++ b/contrib/epee/src/network_throttle-detail.cpp
@ -46,7 +46,7 @@
 #include "misc_log_ex.h" 
 #include <boost/chrono.hpp>
 #include "misc_language.h"
-#include <sstream>
+#include <fstream>
 #include <iomanip>
 #include <algorithm>

@ -186,6 +186,23 @@ void network_throttle::handle_trafic_exact(size_t packet_size)
 	_handle_trafic_exact(packet_size, packet_size);
 }

+namespace
+{
+	struct output_history
+	{
+		const boost::circular_buffer< network_throttle::packet_info >& history;
+	};
+
+	std::ostream& operator<<(std::ostream& out, const output_history& source)
+	{
+		out << '[';
+		for (auto sample: source.history)
+			out << sample.m_size << ' ';
+		out << ']';
+		return out;
+	}
+}
+
 void network_throttle::_handle_trafic_exact(size_t packet_size, size_t orginal_size)
 {
 	tick();
@ -196,14 +213,11 @@ void network_throttle::_handle_trafic_exact(size_t packet_size, size_t orginal_s
 	m_total_packets++;
 	m_total_bytes += packet_size;

-	std::ostringstream oss; oss << "["; 	for (auto sample: m_history) oss << sample.m_size << " ";	 oss << "]" << std::ends;
-	std::string history_str = oss.str();
-
 	MTRACE("Throttle " << m_name << ": packet of ~"<<packet_size<<"b " << " (from "<<orginal_size<<" b)"
        << " Speed AVG=" << std::setw(4) <<  ((long int)(cts .average/1024)) <<"[w="<<cts .window<<"]"
        <<           " " << std::setw(4) <<  ((long int)(cts2.average/1024)) <<"[w="<<cts2.window<<"]"
 				<<" / " << " Limit="<< ((long int)(m_target_speed/1024)) <<" KiB/sec "
-				<< " " << history_str
+				<< " " << output_history{m_history}
 		);
 }

@ -289,8 +303,6 @@ void network_throttle::calculate_times(size_t packet_size, calculate_times_struc
    }

 	if (dbg) {
-		std::ostringstream oss; oss << "["; 	for (auto sample: m_history) oss << sample.m_size << " ";	 oss << "]" << std::ends;
-		std::string history_str = oss.str();
 		MTRACE((cts.delay > 0 ? "SLEEP" : "")
 			<< "dbg " << m_name << ": " 
 			<< "speed is A=" << std::setw(8) <<cts.average<<" vs "
@ -300,7 +312,7 @@ void network_throttle::calculate_times(size_t packet_size, calculate_times_struc
 			<< "E="<< std::setw(8) << E << " (Enow="<<std::setw(8)<<Enow<<") "
            << "M=" << std::setw(8) << M <<" W="<< std::setw(8) << cts.window << " "
            << "R=" << std::setw(8) << cts.recomendetDataSize << " Wgood" << std::setw(8) << Wgood << " "
-			<< "History: " << std::setw(8) << history_str << " "
+			<< "History: " << std::setw(8) << output_history{m_history} << " "
 			<< "m_last_sample_time=" << std::setw(8) << m_last_sample_time
 		);

--- a/contrib/epee/src/portable_storage.cpp
+++ b/contrib/epee/src/portable_storage.cpp
@ -49,7 +49,7 @@ namespace serialization
    byte_stream ss;
    ss.reserve(initial_buffer_size);
    store_to_binary(ss);
-    target = epee::byte_slice{std::move(ss)};
+    target = epee::byte_slice{std::move(ss), false};
    return true;
    CATCH_ENTRY("portable_storage::store_to_binary", false);
  }
--- a/contrib/epee/src/readline_buffer.cpp
+++ b/contrib/epee/src/readline_buffer.cpp
@ -238,6 +238,10 @@ static char** attempted_completion(const char* text, int start, int end)

 static void install_line_handler()
 {
+#if RL_READLINE_VERSION >= 0x0801
+  rl_variable_bind("enable-bracketed-paste", "off");
+#endif
+
  rl_attempted_completion_function = attempted_completion;
  rl_callback_handler_install("", handle_line);
  stifle_history(500);
--- a/contrib/epee/src/string_tools.cpp
+++ b/contrib/epee/src/string_tools.cpp
@ -38,9 +38,12 @@
 #include <cstdlib>
 #include <string>
 #include <type_traits>
+#include <system_error>
 #include <boost/lexical_cast.hpp>
+#include <boost/algorithm/string.hpp>
 #include <boost/algorithm/string/predicate.hpp>
 #include <boost/utility/string_ref.hpp>
+#include <boost/filesystem.hpp>
 #include "misc_log_ex.h"
 #include "storages/parserse_base_utils.h"
 #include "hex.h"
@ -157,46 +160,20 @@ namespace string_tools
    return pname;
  }
 #endif
-	
-    bool set_module_name_and_folder(const std::string& path_to_process_)
-	{
-    std::string path_to_process = path_to_process_;
+
+  void set_module_name_and_folder(const std::string& path_to_process_)
+  {
+    boost::filesystem::path path_to_process = path_to_process_;
+
 #ifdef _WIN32
    path_to_process = get_current_module_path();
 #endif 
-		std::string::size_type a = path_to_process.rfind( '\\' );
-		if(a == std::string::npos )
-		{
-			a = path_to_process.rfind( '/' );
-		}
-		if ( a != std::string::npos )
-		{	
-			get_current_module_name() = path_to_process.substr(a+1, path_to_process.size());
-			get_current_module_folder() = path_to_process.substr(0, a);
-			return true;
-		}else
-			return false;

-	}
+    get_current_module_name() = path_to_process.filename().string();
+    get_current_module_folder() = path_to_process.parent_path().string();
+  }

 	//----------------------------------------------------------------------------
-	bool trim_left(std::string& str)
-	{
-		for(std::string::iterator it = str.begin(); it!= str.end() && isspace(static_cast<unsigned char>(*it));)
-			str.erase(str.begin());
-			
-		return true;
-	}
-	//----------------------------------------------------------------------------
-	bool trim_right(std::string& str)
-	{
-
-		for(std::string::reverse_iterator it = str.rbegin(); it!= str.rend() && isspace(static_cast<unsigned char>(*it));)
-			str.erase( --((it++).base()));
-
-		return true;
-	}
-  //----------------------------------------------------------------------------
  std::string pad_string(std::string s, size_t n, char c, bool prepend)
  {
    if (s.size() < n)
@ -209,28 +186,22 @@ namespace string_tools
    return s;
  }
  
-    std::string get_extension(const std::string& str)
-	{
-		std::string res;
-		std::string::size_type pos = str.rfind('.');
-		if(std::string::npos == pos)
-			return res;
-		
-		res = str.substr(pos+1, str.size()-pos);
-		return res;
-	}
-	//----------------------------------------------------------------------------
-	std::string cut_off_extension(const std::string& str)
-	{
-		std::string res;
-		std::string::size_type pos = str.rfind('.');
-		if(std::string::npos == pos)
-			return str;
+  std::string get_extension(const std::string& str)
+  {
+    std::string ext_with_dot = boost::filesystem::path(str).extension().string();
+
+    if (ext_with_dot.empty())
+      return {};
+
+    return ext_with_dot.erase(0, 1);
+  }
+
+	//----------------------------------------------------------------------------
+  std::string cut_off_extension(const std::string& str)
+  {
+    return boost::filesystem::path(str).replace_extension("").string();
+  }

-		res = str.substr(0, pos);
-		return res;
-	}
-  //----------------------------------------------------------------------------
 #ifdef _WIN32
  std::wstring utf8_to_utf16(const std::string& str)
  {
--- a/contrib/gitian/DOCKRUN.md
+++ b/contrib/gitian/DOCKRUN.md
@ -57,7 +57,8 @@ The dockrun.sh script will do everything to build the binaries. Just specify the
 version to build as its only argument, e.g.

 ```bash
-./dockrun.sh v0.17.3.0
+VERSION=v0.18.4.0
+./dockrun.sh $VERSION
 ```

 The build should run to completion with no errors, and will display the SHA256 checksums
@ -78,7 +79,7 @@ e.g.

 ```bash
 # Run build processes with 8 threads
-OPT="-j 8" ./dockrun.sh v0.17.3.0
+OPT="-j 8" ./dockrun.sh $VERSION
 ```

 Post-build
@ -98,16 +99,16 @@ more builder/var/install-linux.log
 more builder/var/build-linux.log
 ```

-You can find the compiled archives inside of the container at the following directory (be sure to replace `v0.17.3.0` with the version being built):
+You can find the compiled archives inside of the container at the following directory:

 ```bash
 docker exec -it gitrun /bin/bash
-ls -la out/v0.17.3.0/
+ls -la out/$VERSION/
 ```

-To copy the compiled archives to the local host out of the Docker container, you can run the following (be sure to replace `v0.17.3.0` with the version being built):
+To copy the compiled archives to the local host out of the Docker container, you can run the following:

 ```bash
 mkdir out
-docker cp gitrun:/home/ubuntu/out/v0.17.3.0 out
+docker cp gitrun:/home/ubuntu/out/$VERSION out
 ```
--- a/contrib/gitian/README.md
+++ b/contrib/gitian/README.md
@ -133,7 +133,7 @@ Common setup part:
 su - gitianuser

 GH_USER=YOUR_GITHUB_USER_NAME
-VERSION=v0.18.0.0
+VERSION=v0.18.4.0
 ```

 Where `GH_USER` is your GitHub user name and `VERSION` is the version tag you want to build. 
--- a/contrib/gitian/gitian-linux.yml
+++ b/contrib/gitian/gitian-linux.yml
@ -21,6 +21,7 @@ packages:
 - "g++-7-arm-linux-gnueabihf"
 - "gcc-arm-linux-gnueabihf"
 - "g++-arm-linux-gnueabihf"
+- "g++-riscv64-linux-gnu"
 - "g++-7-multilib"
 - "gcc-7-multilib"
 - "binutils-arm-linux-gnueabihf"
@ -43,7 +44,7 @@ files: []
 script: |

  WRAP_DIR=$HOME/wrapped
-  HOSTS="x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu i686-linux-gnu"
+  HOSTS="x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu i686-linux-gnu riscv64-linux-gnu"
  FAKETIME_HOST_PROGS=""
  FAKETIME_PROGS="date"
  HOST_CFLAGS="-O2 -g"
@ -159,7 +160,13 @@ script: |
    fi
    export C_INCLUDE_PATH="$EXTRA_INCLUDES"
    export CPLUS_INCLUDE_PATH="$EXTRA_INCLUDES"
-    cmake .. -DCMAKE_TOOLCHAIN_FILE=${BASEPREFIX}/${i}/share/toolchain.cmake -DBACKCOMPAT=ON -DCMAKE_SKIP_RPATH=ON
+    #  glibc only added riscv support in 2.27, disable backwards compatibility
+    if [ "$i" == "riscv64-linux-gnu" ]; then
+      BACKCOMPAT_OPTION=OFF
+    else
+      BACKCOMPAT_OPTION=ON
+    fi
+    cmake .. -DCMAKE_TOOLCHAIN_FILE=${BASEPREFIX}/${i}/share/toolchain.cmake -DBACKCOMPAT=${BACKCOMPAT_OPTION} -DCMAKE_SKIP_RPATH=ON
    make ${MAKEOPTS}
    chmod 755 bin/*
    cp ../LICENSE ../README.md ../docs/ANONYMITY_NETWORKS.md bin
--- a/docs/ANONYMITY_NETWORKS.md
+++ b/docs/ANONYMITY_NETWORKS.md
@ -71,13 +71,13 @@ type, and max connections:

 ```
 --anonymous-inbound rveahdfho7wo4b2m.onion:28083,127.0.0.1:28083,25
--anonymous-inbound cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000,127.0.0.1:30000
+--anonymous-inbound cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p,127.0.0.1:30000
 ```

 which tells `monerod` that a max of 25 inbound Tor connections are being
 received at address "rveahdfho7wo4b2m.onion:28083" and forwarded to `monerod`
 localhost port 28083, and a default max I2P connections are being received at
-address "cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000" and
+address "cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p" and
 forwarded to `monerod` localhost port 30000.
 These addresses will be shared with outgoing peers, over the same network type,
 otherwise the peer will not be notified of the peer address by the proxy.
--- a/external/CMakeLists.txt
+++ b/external/CMakeLists.txt
@ -39,6 +39,7 @@ find_package(Miniupnpc REQUIRED)

 message(STATUS "Using in-tree miniupnpc")
 set(UPNPC_NO_INSTALL TRUE CACHE BOOL "Disable miniupnp installation" FORCE)
+set(UPNPC_BUILD_SHARED OFF CACHE BOOL "Disable building shared library" FORCE)
 add_subdirectory(miniupnp/miniupnpc)
 set_property(TARGET libminiupnpc-static PROPERTY FOLDER "external")
 set_property(TARGET libminiupnpc-static PROPERTY POSITION_INDEPENDENT_CODE ON)
--- a/external/easylogging++/easylogging++.cc
+++ b/external/easylogging++/easylogging++.cc
@ -149,6 +149,11 @@ static el::Color colorFromLevel(el::Level level)

 static void setConsoleColor(el::Color color, bool bright)
 {
+  static const char *no_color_var = getenv("NO_COLOR");
+  static const bool no_color = no_color_var && *no_color_var; // apparently, NO_COLOR=0 means no color too (as per no-color.org)
+  if (no_color)
+    return;
+
 #if ELPP_OS_WINDOWS
  HANDLE h_stdout = GetStdHandle(STD_OUTPUT_HANDLE);
  switch (color)
--- a/external/randomx
+++ b/external/randomx
@ -1 +1 @@
-Subproject commit 85c527a62301b7b8be89d941020308b1cb92b75c
+Subproject commit 102f8acf90a7649ada410de5499a7ec62e49e1da
--- a/src/blockchain_db/blockchain_db.h
+++ b/src/blockchain_db/blockchain_db.h
@ -1883,16 +1883,18 @@ public:
  }
  virtual ~db_txn_guard()
  {
-    if (active)
-      stop();
+    stop();
  }
  void stop()
  {
-    if (readonly)
-      db->block_rtxn_stop();
-    else
-      db->block_wtxn_stop();
-    active = false;
+    if (active)
+    {
+      if (readonly)
+        db->block_rtxn_stop();
+      else
+        db->block_wtxn_stop();
+      active = false;
+    }
  }
  void abort()
  {
--- a/src/blockchain_db/lmdb/db_lmdb.cpp
+++ b/src/blockchain_db/lmdb/db_lmdb.cpp
@ -28,13 +28,17 @@
 #include "db_lmdb.h"

 #include <boost/filesystem.hpp>
+#include <boost/filesystem/fstream.hpp>
 #include <boost/format.hpp>
 #include <boost/circular_buffer.hpp>
 #include <memory>  // std::unique_ptr
 #include <cstring>  // memcpy

+#ifdef WIN32
+#include <winioctl.h>
+#endif
+
 #include "string_tools.h"
-#include "file_io_utils.h"
 #include "common/util.h"
 #include "common/pruning.h"
 #include "cryptonote_basic/cryptonote_format_utils.h"
@ -465,6 +469,32 @@ void mdb_txn_safe::increment_txns(int i)
 	num_active_txns += i;
 }

+#define TXN_PREFIX(flags); \
+  mdb_txn_safe auto_txn; \
+  mdb_txn_safe* txn_ptr = &auto_txn; \
+  if (m_batch_active) \
+    txn_ptr = m_write_txn; \
+  else \
+  { \
+    if (auto mdb_res = lmdb_txn_begin(m_env, NULL, flags, auto_txn)) \
+      throw0(DB_ERROR(lmdb_error(std::string("Failed to create a transaction for the db in ")+__FUNCTION__+": ", mdb_res).c_str())); \
+  } \
+
+#define TXN_PREFIX_RDONLY() \
+  MDB_txn *m_txn; \
+  mdb_txn_cursors *m_cursors; \
+  mdb_txn_safe auto_txn; \
+  bool my_rtxn = block_rtxn_start(&m_txn, &m_cursors); \
+  if (my_rtxn) auto_txn.m_tinfo = m_tinfo.get(); \
+  else auto_txn.uncheck()
+#define TXN_POSTFIX_RDONLY()
+
+#define TXN_POSTFIX_SUCCESS() \
+  do { \
+    if (! m_batch_active) \
+      auto_txn.commit(); \
+  } while(0)
+
 void lmdb_resized(MDB_env *env, int isactive)
 {
  mdb_txn_safe::prevent_new_txns();
@ -713,21 +743,20 @@ uint64_t BlockchainLMDB::get_estimated_batch_size(uint64_t batch_num_blocks, uin
  }
  else
  {
-    MDB_txn *rtxn;
-    mdb_txn_cursors *rcurs;
-    bool my_rtxn = block_rtxn_start(&rtxn, &rcurs);
-    for (uint64_t block_num = block_start; block_num <= block_stop; ++block_num)
    {
-      // we have access to block weight, which will be greater or equal to block size,
-      // so use this as a proxy. If it's too much off, we might have to check actual size,
-      // which involves reading more data, so is not really wanted
-      size_t block_weight = get_block_weight(block_num);
-      total_block_size += block_weight;
-      // Track number of blocks being totalled here instead of assuming, in case
-      // some blocks were to be skipped for being outliers.
-      ++num_blocks_used;
+      TXN_PREFIX_RDONLY();
+      for (uint64_t block_num = block_start; block_num <= block_stop; ++block_num)
+      {
+        // we have access to block weight, which will be greater or equal to block size,
+        // so use this as a proxy. If it's too much off, we might have to check actual size,
+        // which involves reading more data, so is not really wanted
+        size_t block_weight = get_block_weight(block_num);
+        total_block_size += block_weight;
+        // Track number of blocks being totalled here instead of assuming, in case
+        // some blocks were to be skipped for being outliers.
+        ++num_blocks_used;
+      }
    }
-    if (my_rtxn) block_rtxn_stop();
    avg_block_size = total_block_size / (num_blocks_used ? num_blocks_used : 1);
    MDEBUG("average block size across recent " << num_blocks_used << " blocks: " << avg_block_size);
  }
@ -1296,6 +1325,54 @@ BlockchainLMDB::BlockchainLMDB(bool batch_transactions): BlockchainDB()
  m_hardfork = nullptr;
 }

+#ifdef WIN32
+static bool disable_ntfs_compression(const boost::filesystem::path& filepath)
+{
+  DWORD file_attributes = ::GetFileAttributesW(filepath.c_str());
+  if (file_attributes == INVALID_FILE_ATTRIBUTES)
+  {
+    MERROR("Failed to get " << filepath.string() << " file attributes. Error: " << ::GetLastError());
+    return false;
+  }
+  
+  if (!(file_attributes & FILE_ATTRIBUTE_COMPRESSED))
+    return true; // not compressed
+
+  LOG_PRINT_L1("Disabling NTFS compression for " << filepath.string());
+  HANDLE file_handle = ::CreateFileW(
+    filepath.c_str(),
+    GENERIC_READ | GENERIC_WRITE,
+    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+    nullptr,
+    OPEN_EXISTING,
+    boost::filesystem::is_directory(filepath) ? FILE_FLAG_BACKUP_SEMANTICS : 0, // Needed to open handles to directories
+    nullptr
+  );
+
+  if (file_handle == INVALID_HANDLE_VALUE)
+  {
+    MERROR("Failed to open handle: " << filepath.string() << ". Error: " << ::GetLastError());
+    return false;
+  }
+
+  USHORT compression_state = COMPRESSION_FORMAT_NONE;
+  DWORD bytes_returned;
+  BOOL ok = ::DeviceIoControl(
+    file_handle,
+    FSCTL_SET_COMPRESSION,
+    &compression_state,
+    sizeof(compression_state),
+    nullptr,
+    0,
+    &bytes_returned,
+    nullptr
+  );
+
+  ::CloseHandle(file_handle);
+  return ok;
+}
+#endif
+
 void BlockchainLMDB::open(const std::string& filename, const int db_flags)
 {
  int result;
@ -1322,6 +1399,18 @@ void BlockchainLMDB::open(const std::string& filename, const int db_flags)
    throw DB_ERROR("Database could not be opened");
  }

+#ifdef WIN32
+  // ensure NTFS compression is disabled on the directory and database file to avoid corruption of the blockchain 
+  if (!disable_ntfs_compression(filename))
+    LOG_PRINT_L0("Failed to disable NTFS compression on folder: " << filename << ". Error: " << ::GetLastError());
+  boost::filesystem::path datafile(filename);
+  datafile /= CRYPTONOTE_BLOCKCHAINDATA_FILENAME;
+  if (!boost::filesystem::exists(datafile))
+    boost::filesystem::ofstream(datafile).close(); // create the file to see if NTFS compression is enabled beforehand
+  if (!disable_ntfs_compression(datafile))
+    throw DB_ERROR("Database file is NTFS compressed and compression could not be disabled");
+#endif
+
  boost::optional<bool> is_hdd_result = tools::is_hdd(filename.c_str());
  if (is_hdd_result)
  {
@ -1678,32 +1767,6 @@ void BlockchainLMDB::unlock()
  check_open();
 }

-#define TXN_PREFIX(flags); \
-  mdb_txn_safe auto_txn; \
-  mdb_txn_safe* txn_ptr = &auto_txn; \
-  if (m_batch_active) \
-    txn_ptr = m_write_txn; \
-  else \
-  { \
-    if (auto mdb_res = lmdb_txn_begin(m_env, NULL, flags, auto_txn)) \
-      throw0(DB_ERROR(lmdb_error(std::string("Failed to create a transaction for the db in ")+__FUNCTION__+": ", mdb_res).c_str())); \
-  } \
-
-#define TXN_PREFIX_RDONLY() \
-  MDB_txn *m_txn; \
-  mdb_txn_cursors *m_cursors; \
-  mdb_txn_safe auto_txn; \
-  bool my_rtxn = block_rtxn_start(&m_txn, &m_cursors); \
-  if (my_rtxn) auto_txn.m_tinfo = m_tinfo.get(); \
-  else auto_txn.uncheck()
-#define TXN_POSTFIX_RDONLY()
-
-#define TXN_POSTFIX_SUCCESS() \
-  do { \
-    if (! m_batch_active) \
-      auto_txn.commit(); \
-  } while(0)
-

 // The below two macros are for DB access within block add/remove, whether
 // regular batch txn is in use or not. m_write_txn is used as a batch txn, even
@ -3923,13 +3986,20 @@ void BlockchainLMDB::block_rtxn_stop() const
  LOG_PRINT_L3("BlockchainLMDB::" << __func__);
  mdb_txn_reset(m_tinfo->m_ti_rtxn);
  memset(&m_tinfo->m_ti_rflags, 0, sizeof(m_tinfo->m_ti_rflags));
+  /* cancel out the increment from rtxn_start */
+  mdb_txn_safe::increment_txns(-1);
 }

 bool BlockchainLMDB::block_rtxn_start() const
 {
  MDB_txn *mtxn;
  mdb_txn_cursors *mcur;
-  return block_rtxn_start(&mtxn, &mcur);
+  /* auto_txn is only used for the create gate */
+  mdb_txn_safe auto_txn;
+  bool ret = block_rtxn_start(&mtxn, &mcur);
+  if (ret)
+    auto_txn.increment_txns(1); /* remember there is an active readtxn */
+  return ret;
 }

 void BlockchainLMDB::block_wtxn_start()
@ -4494,12 +4564,11 @@ bool BlockchainLMDB::is_read_only() const

 uint64_t BlockchainLMDB::get_database_size() const
 {
-  uint64_t size = 0;
  boost::filesystem::path datafile(m_folder);
  datafile /= CRYPTONOTE_BLOCKCHAINDATA_FILENAME;
-  if (!epee::file_io_utils::get_file_size(datafile.string(), size))
-    size = 0;
-  return size;
+  boost::system::error_code ec{};
+  const boost::uintmax_t size = boost::filesystem::file_size(datafile, ec);
+  return (ec ? 0 : static_cast<uint64_t>(size));
 }

 void BlockchainLMDB::fixup()
--- a/src/blockchain_utilities/blockchain_import.cpp
+++ b/src/blockchain_utilities/blockchain_import.cpp
@ -174,7 +174,9 @@ int check_flush(cryptonote::core &core, std::vector<block_complete_entry> &block
    for(auto& tx_blob: block_entry.txs)
    {
      tx_verification_context tvc = AUTO_VAL_INIT(tvc);
-      core.handle_incoming_tx(tx_blob, tvc, relay_method::block, true);
+      CHECK_AND_ASSERT_THROW_MES(tx_blob.prunable_hash == crypto::null_hash,
+        "block entry must not contain pruned txs");
+      core.handle_incoming_tx(tx_blob.blob, tvc, relay_method::block, true);
      if(tvc.m_verifivation_failed)
      {
        cryptonote::transaction transaction;
@ -190,8 +192,9 @@ int check_flush(cryptonote::core &core, std::vector<block_complete_entry> &block
    // process block

    block_verification_context bvc = {};
+    pool_supplement ps{};

-    core.handle_incoming_block(block_entry.block, pblocks.empty() ? NULL : &pblocks[blockidx++], bvc, false); // <--- process block
+    core.handle_incoming_block(block_entry.block, pblocks.empty() ? NULL : &pblocks[blockidx++], bvc, ps, false); // <--- process block

    if(bvc.m_verifivation_failed)
    {
--- a/src/blockchain_utilities/blockchain_stats.cpp
+++ b/src/blockchain_utilities/blockchain_stats.cpp
@ -46,6 +46,77 @@ using namespace cryptonote;

 static bool stop_requested = false;

+static bool do_inputs, do_outputs, do_ringsize, do_hours, do_emission, do_fees, do_diff;
+
+static struct tm prevtm, currtm;
+static uint64_t prevsz, currsz;
+static uint64_t prevtxs, currtxs;
+static uint64_t currblks;
+static uint64_t h;
+static uint64_t totins, totouts, totrings;
+static boost::multiprecision::uint128_t prevemission, prevfees;
+static boost::multiprecision::uint128_t emission, fees;
+static boost::multiprecision::uint128_t totdiff, mindiff, maxdiff;
+
+#define MAX_INOUT	0xffffffff
+#define MAX_RINGS	0xffffffff
+
+static uint32_t minins = MAX_INOUT, maxins;
+static uint32_t minouts = MAX_INOUT, maxouts;
+static uint32_t minrings = MAX_RINGS, maxrings;
+static uint32_t io, tottxs;
+static uint32_t txhr[24];
+
+static void doprint()
+{
+  char timebuf[64];
+
+  strftime(timebuf, sizeof(timebuf), "%Y-%m-%d", &prevtm);
+  prevtm = currtm;
+  std::cout << timebuf << "\t" << currblks << "\t" << h << "\t" << currtxs << "\t" << prevtxs + currtxs << "\t" << currsz << "\t" << prevsz + currsz;
+  prevsz += currsz;
+  currsz = 0;
+  prevtxs += currtxs;
+  currtxs = 0;
+  if (!tottxs)
+    tottxs = 1;
+  if (do_emission) {
+    std::cout << "\t" << print_money(emission) << "\t" << print_money(prevemission + emission);
+    prevemission += emission;
+    emission = 0;
+  }
+  if (do_fees) {
+    std::cout << "\t" << print_money(fees) << "\t" << print_money(prevfees + fees);
+    prevfees += fees;
+    fees = 0;
+  }
+  if (do_diff) {
+    std::cout << "\t" << (maxdiff ? mindiff : 0) << "\t" << maxdiff << "\t" << totdiff / currblks;
+    mindiff = 0; maxdiff = 0; totdiff = 0;
+  }
+  if (do_inputs) {
+    std::cout << "\t" << (maxins ? minins : 0) << "\t" << maxins << "\t" << totins * 1.0 / tottxs;
+    minins = MAX_INOUT; maxins = 0; totins = 0;
+  }
+  if (do_outputs) {
+    std::cout << "\t" << (maxouts ? minouts : 0) << "\t" << maxouts << "\t" << totouts * 1.0 / tottxs;
+    minouts = MAX_INOUT; maxouts = 0; totouts = 0;
+  }
+  if (do_ringsize) {
+    std::cout << "\t" << (maxrings ? minrings : 0) << "\t" << maxrings << "\t" << totrings * 1.0 / tottxs;
+    minrings = MAX_RINGS; maxrings = 0; totrings = 0;
+  }
+  if (do_hours) {
+    for (int i=0; i<24; i++) {
+      std::cout << "\t" << txhr[i];
+      txhr[i] = 0;
+    }
+  }
+  currblks = 0;
+  tottxs = 0;
+  std::cout << ENDL;
+}
+
 int main(int argc, char* argv[])
 {
  TRY_ENTRY();
@ -123,13 +194,13 @@ int main(int argc, char* argv[])
  network_type net_type = opt_testnet ? TESTNET : opt_stagenet ? STAGENET : MAINNET;
  block_start = command_line::get_arg(vm, arg_block_start);
  block_stop = command_line::get_arg(vm, arg_block_stop);
-  bool do_inputs = command_line::get_arg(vm, arg_inputs);
-  bool do_outputs = command_line::get_arg(vm, arg_outputs);
-  bool do_ringsize = command_line::get_arg(vm, arg_ringsize);
-  bool do_hours = command_line::get_arg(vm, arg_hours);
-  bool do_emission = command_line::get_arg(vm, arg_emission);
-  bool do_fees = command_line::get_arg(vm, arg_fees);
-  bool do_diff = command_line::get_arg(vm, arg_diff);
+  do_inputs = command_line::get_arg(vm, arg_inputs);
+  do_outputs = command_line::get_arg(vm, arg_outputs);
+  do_ringsize = command_line::get_arg(vm, arg_ringsize);
+  do_hours = command_line::get_arg(vm, arg_hours);
+  do_emission = command_line::get_arg(vm, arg_emission);
+  do_fees = command_line::get_arg(vm, arg_fees);
+  do_diff = command_line::get_arg(vm, arg_diff);

  LOG_PRINT_L0("Initializing source blockchain (BlockchainDB)");
  std::unique_ptr<Blockchain> core_storage;
@ -211,25 +282,7 @@ plot 'stats.csv' index "DATA" using (timecolumn(1,"%Y-%m-%d")):4 with lines, ''
  }
  std::cout << ENDL;

-#define MAX_INOUT	0xffffffff
-#define MAX_RINGS	0xffffffff
-
-  struct tm prevtm = {0}, currtm;
-  uint64_t prevsz = 0, currsz = 0;
-  uint64_t prevtxs = 0, currtxs = 0;
-  uint64_t currblks = 0;
-  uint64_t totins = 0, totouts = 0, totrings = 0;
-  boost::multiprecision::uint128_t prevemission = 0, prevfees = 0;
-  boost::multiprecision::uint128_t emission = 0, fees = 0;
-  boost::multiprecision::uint128_t totdiff = 0, mindiff = 0, maxdiff = 0;
-  uint32_t minins = MAX_INOUT, maxins = 0;
-  uint32_t minouts = MAX_INOUT, maxouts = 0;
-  uint32_t minrings = MAX_RINGS, maxrings = 0;
-  uint32_t io, tottxs = 0;
-  uint32_t txhr[24] = {0};
-  unsigned int i;
-
-  for (uint64_t h = block_start; h < block_stop; ++h)
+  for (h = block_start; h < block_stop; ++h)
  {
    cryptonote::blobdata bd = db->get_block_blob_from_height(h);
    cryptonote::block blk;
@ -239,7 +292,6 @@ plot 'stats.csv' index "DATA" using (timecolumn(1,"%Y-%m-%d")):4 with lines, ''
      return 1;
    }
    time_t tt = blk.timestamp;
-    char timebuf[64];
    epee::misc_utils::get_gmt_time(tt, currtm);
    if (!prevtm.tm_year)
      prevtm = currtm;
@ -247,54 +299,9 @@ plot 'stats.csv' index "DATA" using (timecolumn(1,"%Y-%m-%d")):4 with lines, ''
    if (currtm.tm_mday > prevtm.tm_mday || (currtm.tm_mday == 1 && prevtm.tm_mday > 27))
    {
      // check for timestamp fudging around month ends
-      if (prevtm.tm_mday == 1 && currtm.tm_mday > 27)
-        goto skip;
-      strftime(timebuf, sizeof(timebuf), "%Y-%m-%d", &prevtm);
-      prevtm = currtm;
-      std::cout << timebuf << "\t" << currblks << "\t" << h << "\t" << currtxs << "\t" << prevtxs + currtxs << "\t" << currsz << "\t" << prevsz + currsz;
-      prevsz += currsz;
-      currsz = 0;
-      prevtxs += currtxs;
-      currtxs = 0;
-      if (!tottxs)
-        tottxs = 1;
-      if (do_emission) {
-        std::cout << "\t" << print_money(emission) << "\t" << print_money(prevemission + emission);
-        prevemission += emission;
-        emission = 0;
-      }
-      if (do_fees) {
-        std::cout << "\t" << print_money(fees) << "\t" << print_money(prevfees + fees);
-        prevfees += fees;
-        fees = 0;
-      }
-      if (do_diff) {
-        std::cout << "\t" << (maxdiff ? mindiff : 0) << "\t" << maxdiff << "\t" << totdiff / currblks;
-        mindiff = 0; maxdiff = 0; totdiff = 0;
-      }
-      if (do_inputs) {
-        std::cout << "\t" << (maxins ? minins : 0) << "\t" << maxins << "\t" << totins * 1.0 / tottxs;
-        minins = MAX_INOUT; maxins = 0; totins = 0;
-      }
-      if (do_outputs) {
-        std::cout << "\t" << (maxouts ? minouts : 0) << "\t" << maxouts << "\t" << totouts * 1.0 / tottxs;
-        minouts = MAX_INOUT; maxouts = 0; totouts = 0;
-      }
-      if (do_ringsize) {
-        std::cout << "\t" << (maxrings ? minrings : 0) << "\t" << maxrings << "\t" << totrings * 1.0 / tottxs;
-        minrings = MAX_RINGS; maxrings = 0; totrings = 0;
-      }
-      if (do_hours) {
-        for (i=0; i<24; i++) {
-          std::cout << "\t" << txhr[i];
-          txhr[i] = 0;
-        }
-      }
-      currblks = 0;
-      tottxs = 0;
-      std::cout << ENDL;
+      if (!(prevtm.tm_mday == 1 && currtm.tm_mday > 27))
+        doprint();
    }
-skip:
    currsz += bd.size();
    uint64_t coinbase_amount;
    uint64_t tx_fee_amount = 0;
@ -371,6 +378,8 @@ skip:
    if (stop_requested)
      break;
  }
+  if (currblks)
+    doprint();

  core_storage->deinit();
  return 0;
--- a/src/blocks/checkpoints.dat
+++ b/src/blocks/checkpoints.dat
--- a/src/checkpoints/checkpoints.cpp
+++ b/src/checkpoints/checkpoints.cpp
@ -240,6 +240,18 @@ namespace cryptonote
    ADD_CHECKPOINT2(2092500, "c4e00820c9c7989b49153d5e90ae095a18a11d990e82fcc3be54e6ed785472b5", "0xb4e585a31369cb");
    ADD_CHECKPOINT2(2182500, "0d22b5f81982eff21d094af9e821dc2007e6342069e3b1a37b15d97646353124", "0xead4a874083492");
    ADD_CHECKPOINT2(2661600, "41c9060e8426012238e8a26da26fcb90797436896cc70886a894c2c560bcccf2", "0x2e0d87526ff161f");
+    ADD_CHECKPOINT2(2677000, "1b9fee6246eeb176bd17d637bf252e9af54a4218675f01b4449cc0901867f9eb", "0x2f165bc1a5163ba");
+    ADD_CHECKPOINT2(2706000, "d8eb144c5e1fe6b329ecc900ec95e7792fccff84175fb23a25ed59d7299a511c", "0x310f7d89372f705");
+    ADD_CHECKPOINT2(2720000, "b19fb41dff15bd1016afbee9f8469f05aab715c9e5d1b974466a11fd58ecbb86", "0x3216b5851ddbb61");
+    ADD_CHECKPOINT2(2817000, "39726d19ccaac01d150bec827b877ffae710b516bd633503662036ef4422e577", "0x3900669561954c1");
+    ADD_CHECKPOINT2(2844000, "28fc7b446dfef5b469f5778eb72ddf32a307a5f5a9823d1c394e772349e05d40", "0x3af384ec0e97d12");
+    ADD_CHECKPOINT2(2851000, "5bf0e47fc782263191a33f63a67db6c711781dc2a3c442e17ed901ec401be5c9", "0x3b6cd8a8ed610e8");
+    ADD_CHECKPOINT2(2971000, "3d4cac5ac515eeabd18769ab943af85f36db51d28720def0d0e6effc2c8f5ce3", "0x436e532738b8b5b");
+    ADD_CHECKPOINT2(2985000, "08f5e6b7301c1b6ed88268a28f8677a06e8ff943b3f9e48d3080f71f9c134bfb", "0x444b7b42a633c96");
+    ADD_CHECKPOINT2(3088000, "bddf8ca09110d33d6d497f13a113630c2b6af1c84d4f3a6f35cb1446f2604ade", "0x4aed3615c2f8c3e");
+    ADD_CHECKPOINT2(3102800, "083f4a34f9490403b564286e7f13fd1ed45c52c86fa47195f151594e5bc87504", "0x4bbed52d4da5dfb");
+    ADD_CHECKPOINT2(3198000, "1d685b39be51e4e84e0af69fa78e023c7cb21de7d33acd012d0371d5f78712d5", "0x517d415fee3a816");
+    ADD_CHECKPOINT2(3375700, "96ef57b830ef7a7ccb61ada8595a4670765b6954d8cbf45c6cf583700a676302", "0x61209b7da8a0fa6");
    return true;
  }

--- a/src/common/boost_serialization_helper.h
+++ b/src/common/boost_serialization_helper.h
@ -35,6 +35,7 @@
 #include <boost/archive/portable_binary_iarchive.hpp>
 #include <boost/filesystem/operations.hpp>

+#include "common/util.h"

 namespace tools
 {
@ -110,7 +111,7 @@ namespace tools
    catch(...)
    {
      // if failed, try reading in unportable mode
-      boost::filesystem::copy_file(file_path, file_path + ".unportable", boost::filesystem::copy_option::overwrite_if_exists);
+      tools::copy_file(file_path, file_path + ".unportable");
      data_file.close();
      data_file.open( file_path, std::ios_base::binary | std::ios_base::in);
      if(data_file.fail())
--- a/src/common/combinator.h
+++ b/src/common/combinator.h
@ -34,6 +34,7 @@
 #include <iostream>
 #include <vector>
 #include <stdexcept>
+#include <cstdint>

 namespace tools {

--- a/src/common/data_cache.h
+++ b/src/common/data_cache.h
@ -0,0 +1,65 @@
+// Copyright (c) 2014-2022, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once 
+
+#include <unordered_set>
+#include <mutex>
+
+namespace tools
+{
+  template<typename T, size_t MAX_SIZE>
+  class data_cache
+  {
+  public:
+    void add(const T& value)
+    {
+      std::lock_guard<std::mutex> lock(m);
+      if (data.insert(value).second)
+      {
+        T& old_value = buf[counter++ % MAX_SIZE];
+        data.erase(old_value);
+        old_value = value;
+      }
+    }
+
+    bool has(const T& value) const
+    {
+      std::lock_guard<std::mutex> lock(m);
+      return (data.find(value) != data.end());
+    }
+
+  private:
+    mutable std::mutex m;
+    std::unordered_set<T> data;
+    T buf[MAX_SIZE] = {};
+    size_t counter = 0;
+  };
+}
--- a/src/common/dns_utils.cpp
+++ b/src/common/dns_utils.cpp
@ -30,6 +30,8 @@
 // check local first (in the event of static or in-source compilation of libunbound)
 #include "unbound.h"

+#include <deque>
+#include <set>
 #include <stdlib.h>
 #include "include_base_utils.h"
 #include "common/threadpool.h"
@ -327,11 +329,6 @@ std::vector<std::string> DNSResolver::get_record(const std::string& url, int rec
  dnssec_available = false;
  dnssec_valid = false;

-  if (!check_address_syntax(url.c_str()))
-  {
-    return addresses;
-  }
-
  // destructor takes care of cleanup
  ub_result_ptr result;

@ -414,16 +411,6 @@ DNSResolver DNSResolver::create()
  return DNSResolver();
 }

-bool DNSResolver::check_address_syntax(const char *addr) const
-{
-  // if string doesn't contain a dot, we won't consider it a url for now.
-  if (strchr(addr,'.') == NULL)
-  {
-    return false;
-  }
-  return true;
-}
-
 namespace dns_utils
 {

@ -521,7 +508,7 @@ bool load_txt_records_from_dns(std::vector<std::string> &good_records, const std

  // send all requests in parallel
  std::deque<bool> avail(dns_urls.size(), false), valid(dns_urls.size(), false);
-  tools::threadpool& tpool = tools::threadpool::getInstance();
+  tools::threadpool& tpool = tools::threadpool::getInstanceForIO();
  tools::threadpool::waiter waiter(tpool);
  for (size_t n = 0; n < dns_urls.size(); ++n)
  {
--- a/src/common/dns_utils.h
+++ b/src/common/dns_utils.h
@ -159,15 +159,6 @@ private:
  // TODO: modify this to accommodate DNSSEC
  std::vector<std::string> get_record(const std::string& url, int record_type, boost::optional<std::string> (*reader)(const char *,size_t), bool& dnssec_available, bool& dnssec_valid);

-  /**
-   * @brief Checks a string to see if it looks like a URL
-   *
-   * @param addr the string to be checked
-   *
-   * @return true if it looks enough like a URL, false if not
-   */
-  bool check_address_syntax(const char *addr) const;
-
  DNSResolverData *m_data;
 }; // class DNSResolver

--- a/src/common/download.cpp
+++ b/src/common/download.cpp
@ -30,7 +30,6 @@
 #include <atomic>
 #include <boost/filesystem.hpp>
 #include <boost/thread/thread.hpp>
-#include "file_io_utils.h"
 #include "net/http_client.h"
 #include "download.h"

@ -73,8 +72,11 @@ namespace tools
    {
      boost::unique_lock<boost::mutex> lock(control->mutex);
      std::ios_base::openmode mode = std::ios_base::out | std::ios_base::binary;
-      uint64_t existing_size = 0;
-      if (epee::file_io_utils::get_file_size(control->path, existing_size) && existing_size > 0)
+      boost::system::error_code ec{};
+      uint64_t existing_size = static_cast<uint64_t>(boost::filesystem::file_size(control->path, ec));
+      if (ec)
+        existing_size = 0;
+      if (existing_size > 0)
      {
        MINFO("Resuming downloading " << control->uri << " to " << control->path << " from " << existing_size);
        mode |= std::ios_base::app;
--- a/src/common/password.cpp
+++ b/src/common/password.cpp
@ -185,7 +185,7 @@ namespace
        return false;
      if (verify)
      {
-        std::cout << "Confirm password: ";
+        std::cout << "Confirm password: " << std::flush;
        if (!read_from_tty(pass2, hide_input))
          return false;
        if(pass1!=pass2)
--- a/src/common/perf_timer.cpp
+++ b/src/common/perf_timer.cpp
@ -62,7 +62,7 @@ namespace tools
    while (1)
    {
      t1 = epee::misc_utils::get_ns_count();
-      if (t1 - t0 > 1*1000000000) break; // work one second
+      if (t1 - t0 > 1*100000000) break; // work 0.1 seconds
    }

    uint64_t r1 = get_tick_count();
--- a/src/common/stack_trace.cpp
+++ b/src/common/stack_trace.cpp
@ -34,6 +34,7 @@
 #include "easylogging++/easylogging++.h"

 #include <stdexcept>
+#include <iomanip>
 #ifdef USE_UNWIND
 #define UNW_LOCAL_ONLY
 #include <libunwind.h>
--- a/src/common/threadpool.h
+++ b/src/common/threadpool.h
@ -31,6 +31,7 @@
 #include <boost/thread/mutex.hpp>
 #include <boost/thread/thread.hpp>
 #include <cstddef>
+#include <deque>
 #include <functional>
 #include <utility>
 #include <vector>
@ -42,10 +43,14 @@ namespace tools
 class threadpool
 {
 public:
-  static threadpool& getInstance() {
+  static threadpool& getInstanceForCompute() {
    static threadpool instance;
    return instance;
  }
+  static threadpool& getInstanceForIO() {
+    static threadpool instance(8);
+    return instance;
+  }
  static threadpool *getNewForUnitTests(unsigned max_threads = 0) {
    return new threadpool(max_threads);
  }
--- a/src/common/util.cpp
+++ b/src/common/util.cpp
@ -115,6 +115,24 @@ static int flock_exnb(int fd)

 namespace tools
 {
+
+  void copy_file(const std::string& from, const std::string& to)
+  {
+    using boost::filesystem::path;
+  #if BOOST_VERSION < 107400
+    // Remove this preprocessor if/else when we are bumping the boost version.
+    boost::filesystem::copy_file(
+        path(from),
+        path(to),
+        boost::filesystem::copy_option::overwrite_if_exists);
+  #else
+    boost::filesystem::copy_file(
+        path(from),
+        path(to),
+        boost::filesystem::copy_options::overwrite_existing);
+  #endif
+  }
+
  std::function<void(int)> signal_handler::m_handler;

  private_file::private_file() noexcept : m_handle(), m_filename() {}
@ -122,7 +140,7 @@ namespace tools
  private_file::private_file(std::FILE* handle, std::string&& filename) noexcept
    : m_handle(handle), m_filename(std::move(filename)) {}

-  private_file private_file::create(std::string name)
+  private_file private_file::create(std::string name, uint32_t extra_flags)
  {
 #ifdef WIN32
    struct close_handle
@ -175,7 +193,7 @@ namespace tools
        name.c_str(),
        GENERIC_WRITE, FILE_SHARE_READ,
        std::addressof(attributes),
-        CREATE_NEW, (FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE),
+        CREATE_NEW, (FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE | extra_flags),
        nullptr
      )
    };
@ -194,7 +212,7 @@ namespace tools
      }
    }
 #else
-    const int fdr = open(name.c_str(), (O_RDONLY | O_CREAT), S_IRUSR);
+    const int fdr = open(name.c_str(), (O_RDONLY | O_CREAT | extra_flags), S_IRUSR);
    if (0 <= fdr)
    {
      struct stat rstats = {};
@ -225,6 +243,23 @@ namespace tools
    return {};
  }

+  private_file private_file::drop_and_recreate(std::string filename)
+  {
+    if (epee::file_io_utils::is_file_exist(filename)) {
+      boost::system::error_code ec{};
+      boost::filesystem::remove(filename, ec);
+      if (ec) {
+        MERROR("Failed to remove " << filename << ": " << ec.message());
+        return {};
+      }
+    }
+#ifdef WIN32
+    return create(filename);
+#else
+    return create(filename, O_EXCL);
+#endif
+  }
+
  private_file::~private_file() noexcept
  {
    try
@ -882,13 +917,6 @@ std::string get_nix_version_display_string()

  bool is_local_address(const std::string &address)
  {
-    // always assume Tor/I2P addresses to be untrusted by default
-    if (is_privacy_preserving_network(address))
-    {
-      MDEBUG("Address '" << address << "' is Tor/I2P, non local");
-      return false;
-    }
-
    // extract host
    epee::net_utils::http::url_content u_c;
    if (!epee::net_utils::parse_url(address, u_c))
@ -902,20 +930,22 @@ std::string get_nix_version_display_string()
      return false;
    }

-    // resolve to IP
-    boost::asio::io_service io_service;
-    boost::asio::ip::tcp::resolver resolver(io_service);
-    boost::asio::ip::tcp::resolver::query query(u_c.host, "");
-    boost::asio::ip::tcp::resolver::iterator i = resolver.resolve(query);
-    while (i != boost::asio::ip::tcp::resolver::iterator())
+    if (u_c.host == "localhost" || boost::ends_with(u_c.host, ".localhost")) { // RFC 6761 (6.3)
+      MDEBUG("Address '" << address << "' is local");
+      return true;
+    }
+
+    boost::system::error_code ec;
+    const auto parsed_ip = boost::asio::ip::make_address(u_c.host, ec);
+    if (ec) {
+      MDEBUG("Failed to parse '" << address << "' as IP address: " << ec.message() << ". Considering it not local");
+      return false;
+    }
+
+    if (parsed_ip.is_loopback())
    {
-      const boost::asio::ip::tcp::endpoint &ep = *i;
-      if (ep.address().is_loopback())
-      {
-        MDEBUG("Address '" << address << "' is local");
-        return true;
-      }
-      ++i;
+      MDEBUG("Address '" << address << "' is local");
+      return true;
    }

    MDEBUG("Address '" << address << "' is not local");
--- a/src/common/util.h
+++ b/src/common/util.h
@ -67,6 +67,8 @@ namespace tools
    }
  };

+  void copy_file(const std::string& from, const std::string& to);
+
  //! A file restricted to process owner AND process. Deletes file on destruction.
  class private_file {
    std::unique_ptr<std::FILE, close_file> m_handle;
@ -80,7 +82,11 @@ namespace tools

    /*! \return File only readable by owner and only used by this process
      OR `private_file{}` on error. */
-    static private_file create(std::string filename);
+    static private_file create(std::string filename, uint32_t extra_flags = 0);
+
+    /*! \return Drop and create file only readable by owner and only used
+      by this process OR `private_file{}` on error. */
+    static private_file drop_and_recreate(std::string filename);    

    private_file(private_file&&) = default;
    private_file& operator=(private_file&&) = default;
--- a/src/crypto/c_threads.h
+++ b/src/crypto/c_threads.h
@ -30,29 +30,41 @@
 #pragma once

 #ifdef _WIN32
+
 #include <windows.h>
-#define CTHR_MUTEX_TYPE	HANDLE
-#define CTHR_MUTEX_INIT	NULL
-#define CTHR_MUTEX_LOCK(x)	do { if (x == NULL) { \
-    HANDLE p = CreateMutex(NULL, FALSE, NULL); \
-    if (InterlockedCompareExchangePointer((PVOID*)&x, (PVOID)p, NULL) != NULL) \
-      CloseHandle(p); \
-  } WaitForSingleObject(x, INFINITE); } while(0)
-#define CTHR_MUTEX_UNLOCK(x)	ReleaseMutex(x)
+
+#define CTHR_RWLOCK_TYPE	SRWLOCK
+#define CTHR_RWLOCK_INIT	SRWLOCK_INIT
+#define CTHR_RWLOCK_LOCK_WRITE(x)	AcquireSRWLockExclusive(&x)
+#define CTHR_RWLOCK_UNLOCK_WRITE(x)	ReleaseSRWLockExclusive(&x)
+#define CTHR_RWLOCK_LOCK_READ(x)	AcquireSRWLockShared(&x)
+#define CTHR_RWLOCK_UNLOCK_READ(x)	ReleaseSRWLockShared(&x)
+#define CTHR_RWLOCK_TRYLOCK_READ(x)	TryAcquireSRWLockShared(&x)
+
 #define CTHR_THREAD_TYPE	HANDLE
-#define CTHR_THREAD_RTYPE	void
-#define CTHR_THREAD_RETURN	return
-#define CTHR_THREAD_CREATE(thr, func, arg)	thr = (HANDLE)_beginthread(func, 0, arg)
-#define CTHR_THREAD_JOIN(thr)			WaitForSingleObject(thr, INFINITE)
+#define CTHR_THREAD_RTYPE	unsigned __stdcall
+#define CTHR_THREAD_RETURN	_endthreadex(0); return 0;
+#define CTHR_THREAD_CREATE(thr, func, arg)	((thr = (HANDLE)_beginthreadex(0, 0, func, arg, 0, 0)) != 0L)
+#define CTHR_THREAD_JOIN(thr)			do { WaitForSingleObject(thr, INFINITE); CloseHandle(thr); } while(0)
+#define CTHR_THREAD_CLOSE(thr)			CloseHandle((HANDLE)thr);
+
 #else
+
 #include <pthread.h>
-#define CTHR_MUTEX_TYPE pthread_mutex_t
-#define CTHR_MUTEX_INIT	PTHREAD_MUTEX_INITIALIZER
-#define CTHR_MUTEX_LOCK(x)	pthread_mutex_lock(&x)
-#define CTHR_MUTEX_UNLOCK(x)	pthread_mutex_unlock(&x)
+
+#define CTHR_RWLOCK_TYPE	pthread_rwlock_t
+#define CTHR_RWLOCK_INIT	PTHREAD_RWLOCK_INITIALIZER
+#define CTHR_RWLOCK_LOCK_WRITE(x)	pthread_rwlock_wrlock(&x)
+#define CTHR_RWLOCK_UNLOCK_WRITE(x)	pthread_rwlock_unlock(&x)
+#define CTHR_RWLOCK_LOCK_READ(x)	pthread_rwlock_rdlock(&x)
+#define CTHR_RWLOCK_UNLOCK_READ(x)	pthread_rwlock_unlock(&x)
+#define CTHR_RWLOCK_TRYLOCK_READ(x)	(pthread_rwlock_tryrdlock(&x) == 0)
+
 #define CTHR_THREAD_TYPE pthread_t
 #define CTHR_THREAD_RTYPE	void *
 #define CTHR_THREAD_RETURN	return NULL
-#define CTHR_THREAD_CREATE(thr, func, arg)	pthread_create(&thr, NULL, func, arg)
+#define CTHR_THREAD_CREATE(thr, func, arg)	(pthread_create(&thr, NULL, func, arg) == 0)
 #define CTHR_THREAD_JOIN(thr)			pthread_join(thr, NULL)
+#define CTHR_THREAD_CLOSE(thr)
+
 #endif
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@ -171,7 +171,9 @@ namespace crypto {
  /* Generate a value filled with random bytes.
   */
  template<typename T>
-  typename std::enable_if<std::is_pod<T>::value, T>::type rand() {
+  T rand() {
+    static_assert(std::is_standard_layout<T>(), "cannot write random bytes into non-standard layout type");
+    static_assert(std::is_trivially_copyable<T>(), "cannot write random bytes into non-trivially copyable type");
    typename std::remove_cv<T>::type res;
    generate_random_bytes_thread_safe(sizeof(T), (uint8_t*)&res);
    return res;
@ -314,8 +316,14 @@ namespace crypto {
  inline std::ostream &operator <<(std::ostream &o, const crypto::public_key &v) {
    epee::to_hex::formatted(o, epee::as_byte_span(v)); return o;
  }
-  inline std::ostream &operator <<(std::ostream &o, const crypto::secret_key &v) {
-    epee::to_hex::formatted(o, epee::as_byte_span(v)); return o;
+  /* Do NOT overload the << operator for crypto::secret_key here. Use secret_key_explicit_print_ref
+   * instead to prevent accidental implicit dumping of secret key material to the logs (which has
+   * happened before). For the same reason, do not overload it for crypto::ec_scalar either since
+   * crypto::secret_key is a subclass. I'm not sorry that it's obtuse; that's the point, bozo.
+   */
+  struct secret_key_explicit_print_ref { const crypto::secret_key &sk; };
+  inline std::ostream &operator <<(std::ostream &o, const secret_key_explicit_print_ref v) {
+    epee::to_hex::formatted(o, epee::as_byte_span(unwrap(unwrap(v.sk)))); return o;
  }
  inline std::ostream &operator <<(std::ostream &o, const crypto::key_derivation &v) {
    epee::to_hex::formatted(o, epee::as_byte_span(v)); return o;
--- a/src/crypto/generic-ops.h
+++ b/src/crypto/generic-ops.h
@ -33,6 +33,7 @@
 #include <cstddef>
 #include <cstring>
 #include <functional>
+#include <memory>
 #include <sodium/crypto_verify_32.h>

 #define CRYPTO_MAKE_COMPARABLE(type) \
@ -60,14 +61,18 @@ namespace crypto { \
 namespace crypto { \
  static_assert(sizeof(std::size_t) <= sizeof(type), "Size of " #type " must be at least that of size_t"); \
  inline std::size_t hash_value(const type &_v) { \
-    return reinterpret_cast<const std::size_t &>(_v); \
+    std::size_t h; \
+    memcpy(&h, std::addressof(_v), sizeof(h)); \
+    return h; \
  } \
 } \
 namespace std { \
  template<> \
  struct hash<crypto::type> { \
    std::size_t operator()(const crypto::type &_v) const { \
-      return reinterpret_cast<const std::size_t &>(_v); \
+      std::size_t h; \
+      memcpy(&h, std::addressof(_v), sizeof(h)); \
+      return h; \
    } \
  }; \
 }
--- a/src/crypto/hash-ops.h
+++ b/src/crypto/hash-ops.h
@ -97,5 +97,9 @@ void rx_slow_hash_allocate_state(void);
 void rx_slow_hash_free_state(void);
 uint64_t rx_seedheight(const uint64_t height);
 void rx_seedheights(const uint64_t height, uint64_t *seed_height, uint64_t *next_height);
-void rx_slow_hash(const uint64_t mainheight, const uint64_t seedheight, const char *seedhash, const void *data, size_t length, char *hash, int miners, int is_alt);
-void rx_reorg(const uint64_t split_height);
+
+void rx_set_main_seedhash(const char *seedhash, size_t max_dataset_init_threads);
+void rx_slow_hash(const char *seedhash, const void *data, size_t length, char *result_hash);
+
+void rx_set_miner_thread(uint32_t value, size_t max_dataset_init_threads);
+uint32_t rx_get_miner_thread(void);
--- a/src/crypto/jh.c
+++ b/src/crypto/jh.c
@ -34,7 +34,7 @@ typedef struct {
 	unsigned long long databitlen;    /*the message size in bits*/
 	unsigned long long datasize_in_buffer;      /*the size of the message remained in buffer; assumed to be multiple of 8bits except for the last partial block at the end of the message*/
 	DATA_ALIGN16(uint64 x[8][2]);     /*the 1024-bit state, ( x[i][0] || x[i][1] ) is the ith row of the state in the pseudocode*/
-	unsigned char buffer[64];         /*the 512-bit message block to be hashed;*/
+	DATA_ALIGN16(unsigned char buffer[64]);         /*the 512-bit message block to be hashed;*/
 } hashState;


@ -213,16 +213,24 @@ static void E8(hashState *state)
 /*The compression function F8 */
 static void F8(hashState *state)
 {
-      uint64  i;
+      uint64_t* x = (uint64_t*)state->x;

      /*xor the 512-bit message with the fist half of the 1024-bit hash state*/
-      for (i = 0; i < 8; i++)  state->x[i >> 1][i & 1] ^= ((uint64*)state->buffer)[i];
+      for (int i = 0; i < 8; ++i) {
+            uint64 b;
+            memcpy(&b, &state->buffer[i << 3], sizeof(b));
+            x[i] ^= b;
+      }

      /*the bijective function E8 */
      E8(state);

      /*xor the 512-bit message with the second half of the 1024-bit hash state*/
-      for (i = 0; i < 8; i++)  state->x[(8+i) >> 1][(8+i) & 1] ^= ((uint64*)state->buffer)[i];
+      for (int i = 0; i < 8; ++i) {
+            uint64 b;
+            memcpy(&b, &state->buffer[i << 3], sizeof(b));
+            x[i + 8] ^= b;
+      }
 }

 /*before hashing a message, initialize the hash state as H0 */
@ -240,6 +248,7 @@ static HashReturn Init(hashState *state, int hashbitlen)
            case 224: memcpy(state->x,JH224_H0,128); break;
            case 256: memcpy(state->x,JH256_H0,128); break;
            case 384: memcpy(state->x,JH384_H0,128); break;
+            default:
            case 512: memcpy(state->x,JH512_H0,128); break;
      }

--- a/src/crypto/rx-slow-hash.c
+++ b/src/crypto/rx-slow-hash.c
@ -43,32 +43,41 @@

 #define RX_LOGCAT	"randomx"

+// Report large page allocation failures as debug messages
+#define alloc_err_msg(x) mdebug(RX_LOGCAT, x);
+
+static CTHR_RWLOCK_TYPE main_dataset_lock = CTHR_RWLOCK_INIT;
+static CTHR_RWLOCK_TYPE main_cache_lock = CTHR_RWLOCK_INIT;
+
+static randomx_dataset *main_dataset = NULL;
+static randomx_cache *main_cache = NULL;
+static char main_seedhash[HASH_SIZE];
+static int main_seedhash_set = 0;
+
+static CTHR_RWLOCK_TYPE secondary_cache_lock = CTHR_RWLOCK_INIT;
+
+static randomx_cache *secondary_cache = NULL;
+static char secondary_seedhash[HASH_SIZE];
+static int secondary_seedhash_set = 0;
+
 #if defined(_MSC_VER)
 #define THREADV __declspec(thread)
 #else
 #define THREADV __thread
 #endif

-typedef struct rx_state {
-  CTHR_MUTEX_TYPE rs_mutex;
-  char rs_hash[HASH_SIZE];
-  uint64_t  rs_height;
-  randomx_cache *rs_cache;
-} rx_state;
+static THREADV randomx_vm *main_vm_full = NULL;
+static THREADV randomx_vm *main_vm_light = NULL;
+static THREADV randomx_vm *secondary_vm_light = NULL;

-static CTHR_MUTEX_TYPE rx_mutex = CTHR_MUTEX_INIT;
-static CTHR_MUTEX_TYPE rx_dataset_mutex = CTHR_MUTEX_INIT;
+static THREADV uint32_t miner_thread = 0;

-static rx_state rx_s[2] = {{CTHR_MUTEX_INIT,{0},0,0},{CTHR_MUTEX_INIT,{0},0,0}};
-
-static randomx_dataset *rx_dataset;
-static int rx_dataset_nomem;
-static int rx_dataset_nolp;
-static uint64_t rx_dataset_height;
-static THREADV randomx_vm *rx_vm = NULL;
+static bool is_main(const char* seedhash) { return main_seedhash_set && (memcmp(seedhash, main_seedhash, HASH_SIZE) == 0); }
+static bool is_secondary(const char* seedhash) { return secondary_seedhash_set && (memcmp(seedhash, secondary_seedhash, HASH_SIZE) == 0); }

 static void local_abort(const char *msg)
 {
+  merror(RX_LOGCAT, "%s", msg);
  fprintf(stderr, "%s\n", msg);
 #ifdef NDEBUG
  _exit(1);
@ -77,6 +86,16 @@ static void local_abort(const char *msg)
 #endif
 }

+static void hash2hex(const char* hash, char* hex) {
+  const char* d = "0123456789abcdef";
+  for (int i = 0; i < HASH_SIZE; ++i) {
+    const uint8_t b = hash[i];
+    hex[i * 2 + 0] = d[b >> 4];
+    hex[i * 2 + 1] = d[b & 15];
+  }
+  hex[HASH_SIZE * 2] = '\0';
+}
+
 static inline int disabled_flags(void) {
  static int flags = -1;

@ -157,19 +176,6 @@ static unsigned int get_seedhash_epoch_blocks(void)
  return blocks;
 }

-void rx_reorg(const uint64_t split_height) {
-  int i;
-  CTHR_MUTEX_LOCK(rx_mutex);
-  for (i=0; i<2; i++) {
-    if (split_height <= rx_s[i].rs_height) {
-      if (rx_s[i].rs_height == rx_dataset_height)
-        rx_dataset_height = 1;
-      rx_s[i].rs_height = 1;	/* set to an invalid seed height */
-    }
-  }
-  CTHR_MUTEX_UNLOCK(rx_mutex);
-}
-
 uint64_t rx_seedheight(const uint64_t height) {
  const uint64_t seedhash_epoch_lag = get_seedhash_epoch_lag();
  const uint64_t seedhash_epoch_blocks = get_seedhash_epoch_blocks();
@ -183,6 +189,103 @@ void rx_seedheights(const uint64_t height, uint64_t *seedheight, uint64_t *nexth
  *nextheight = rx_seedheight(height + get_seedhash_epoch_lag());
 }

+static void rx_alloc_dataset(randomx_flags flags, randomx_dataset** dataset, int ignore_env)
+{
+  if (*dataset) {
+    return;
+  }
+
+  if (disabled_flags() & RANDOMX_FLAG_FULL_MEM) {
+    static int shown = 0;
+    if (!shown) {
+      shown = 1;
+      minfo(RX_LOGCAT, "RandomX dataset is disabled by MONERO_RANDOMX_UMASK environment variable.");
+    }
+    return;
+  }
+
+  if (!ignore_env && !getenv("MONERO_RANDOMX_FULL_MEM")) {
+    static int shown = 0;
+    if (!shown) {
+      shown = 1;
+      minfo(RX_LOGCAT, "RandomX dataset is not enabled by default. Use MONERO_RANDOMX_FULL_MEM environment variable to enable it.");
+    }
+    return;
+  }
+
+  *dataset = randomx_alloc_dataset((flags | RANDOMX_FLAG_LARGE_PAGES) & ~disabled_flags());
+  if (!*dataset) {
+    alloc_err_msg("Couldn't allocate RandomX dataset using large pages");
+    *dataset = randomx_alloc_dataset(flags & ~disabled_flags());
+    if (!*dataset) {
+      merror(RX_LOGCAT, "Couldn't allocate RandomX dataset");
+    }
+  }
+}
+
+static void rx_alloc_cache(randomx_flags flags, randomx_cache** cache)
+{
+  if (*cache) {
+    return;
+  }
+
+  *cache = randomx_alloc_cache((flags | RANDOMX_FLAG_LARGE_PAGES) & ~disabled_flags());
+  if (!*cache) {
+    alloc_err_msg("Couldn't allocate RandomX cache using large pages");
+    *cache = randomx_alloc_cache(flags & ~disabled_flags());
+    if (!*cache) local_abort("Couldn't allocate RandomX cache");
+  }
+}
+
+static void rx_init_full_vm(randomx_flags flags, randomx_vm** vm)
+{
+  if (*vm || !main_dataset || (disabled_flags() & RANDOMX_FLAG_FULL_MEM)) {
+    return;
+  }
+
+  if ((flags & RANDOMX_FLAG_JIT) && !miner_thread) {
+    flags |= RANDOMX_FLAG_SECURE;
+  }
+
+  *vm = randomx_create_vm((flags | RANDOMX_FLAG_LARGE_PAGES | RANDOMX_FLAG_FULL_MEM) & ~disabled_flags(), NULL, main_dataset);
+  if (!*vm) {
+    static int shown = 0;
+    if (!shown) {
+        shown = 1;
+        alloc_err_msg("Couldn't allocate RandomX full VM using large pages (will print only once)");
+    }
+    *vm = randomx_create_vm((flags | RANDOMX_FLAG_FULL_MEM) & ~disabled_flags(), NULL, main_dataset);
+    if (!*vm) {
+      merror(RX_LOGCAT, "Couldn't allocate RandomX full VM");
+    }
+  }
+}
+
+static void rx_init_light_vm(randomx_flags flags, randomx_vm** vm, randomx_cache* cache)
+{
+  if (*vm) {
+    randomx_vm_set_cache(*vm, cache);
+    return;
+  }
+
+  if ((flags & RANDOMX_FLAG_JIT) && !miner_thread) {
+    flags |= RANDOMX_FLAG_SECURE;
+  }
+
+  flags &= ~RANDOMX_FLAG_FULL_MEM;
+
+  *vm = randomx_create_vm((flags | RANDOMX_FLAG_LARGE_PAGES) & ~disabled_flags(), cache, NULL);
+  if (!*vm) {
+    static int shown = 0;
+    if (!shown) {
+        shown = 1;
+        alloc_err_msg("Couldn't allocate RandomX light VM using large pages (will print only once)");
+    }
+    *vm = randomx_create_vm(flags & ~disabled_flags(), cache, NULL);
+    if (!*vm) local_abort("Couldn't allocate RandomX light VM");
+  }
+}
+
 typedef struct seedinfo {
  randomx_cache *si_cache;
  unsigned long si_start;
@ -191,187 +294,231 @@ typedef struct seedinfo {

 static CTHR_THREAD_RTYPE rx_seedthread(void *arg) {
  seedinfo *si = arg;
-  randomx_init_dataset(rx_dataset, si->si_cache, si->si_start, si->si_count);
+  randomx_init_dataset(main_dataset, si->si_cache, si->si_start, si->si_count);
  CTHR_THREAD_RETURN;
 }

-static void rx_initdata(randomx_cache *rs_cache, const int miners, const uint64_t seedheight) {
-  if (miners > 1) {
-    unsigned long delta = randomx_dataset_item_count() / miners;
-    unsigned long start = 0;
-    int i;
-    seedinfo *si;
-    CTHR_THREAD_TYPE *st;
-    si = malloc(miners * sizeof(seedinfo));
-    if (si == NULL)
-      local_abort("Couldn't allocate RandomX mining threadinfo");
-    st = malloc(miners * sizeof(CTHR_THREAD_TYPE));
-    if (st == NULL) {
-      free(si);
-      local_abort("Couldn't allocate RandomX mining threadlist");
-    }
-    for (i=0; i<miners-1; i++) {
-      si[i].si_cache = rs_cache;
-      si[i].si_start = start;
-      si[i].si_count = delta;
-      start += delta;
-    }
-    si[i].si_cache = rs_cache;
+static void rx_init_dataset(size_t max_threads) {
+  if (!main_dataset) {
+    return;
+  }
+
+  // leave 2 CPU cores for other tasks
+  const size_t num_threads = (max_threads < 4) ? 1 : (max_threads - 2);
+  seedinfo* si = malloc(num_threads * sizeof(seedinfo));
+  if (!si) local_abort("Couldn't allocate RandomX mining threadinfo");
+
+  const uint32_t delta = randomx_dataset_item_count() / num_threads;
+  uint32_t start = 0;
+
+  const size_t n1 = num_threads - 1;
+  for (size_t i = 0; i < n1; ++i) {
+    si[i].si_cache = main_cache;
    si[i].si_start = start;
-    si[i].si_count = randomx_dataset_item_count() - start;
-    for (i=1; i<miners; i++) {
-      CTHR_THREAD_CREATE(st[i], rx_seedthread, &si[i]);
-    }
-    randomx_init_dataset(rx_dataset, rs_cache, 0, si[0].si_count);
-    for (i=1; i<miners; i++) {
-      CTHR_THREAD_JOIN(st[i]);
-    }
-    free(st);
-    free(si);
-  } else {
-    randomx_init_dataset(rx_dataset, rs_cache, 0, randomx_dataset_item_count());
+    si[i].si_count = delta;
+    start += delta;
  }
-  rx_dataset_height = seedheight;
+
+  si[n1].si_cache = main_cache;
+  si[n1].si_start = start;
+  si[n1].si_count = randomx_dataset_item_count() - start;
+
+  CTHR_THREAD_TYPE *st = malloc(num_threads * sizeof(CTHR_THREAD_TYPE));
+  if (!st) local_abort("Couldn't allocate RandomX mining threadlist");
+
+  CTHR_RWLOCK_LOCK_READ(main_cache_lock);
+  for (size_t i = 0; i < n1; ++i) {
+    if (!CTHR_THREAD_CREATE(st[i], rx_seedthread, &si[i])) {
+      local_abort("Couldn't start RandomX seed thread");
+    }
+  }
+  randomx_init_dataset(main_dataset, si[n1].si_cache, si[n1].si_start, si[n1].si_count);
+  for (size_t i = 0; i < n1; ++i) CTHR_THREAD_JOIN(st[i]);
+  CTHR_RWLOCK_UNLOCK_READ(main_cache_lock);
+
+  free(st);
+  free(si);
+
+  minfo(RX_LOGCAT, "RandomX dataset initialized");
 }

-void rx_slow_hash(const uint64_t mainheight, const uint64_t seedheight, const char *seedhash, const void *data, size_t length,
-  char *hash, int miners, int is_alt) {
-  uint64_t s_height = rx_seedheight(mainheight);
-  int toggle = (s_height & get_seedhash_epoch_blocks()) != 0;
-  randomx_flags flags = enabled_flags() & ~disabled_flags();
-  rx_state *rx_sp;
-  randomx_cache *cache;
+typedef struct thread_info {
+  char seedhash[HASH_SIZE];
+  size_t max_threads;
+} thread_info;

-  CTHR_MUTEX_LOCK(rx_mutex);
+static CTHR_THREAD_RTYPE rx_set_main_seedhash_thread(void *arg) {
+  thread_info* info = arg;

-  /* if alt block but with same seed as mainchain, no need for alt cache */
-  if (is_alt) {
-    if (s_height == seedheight && !memcmp(rx_s[toggle].rs_hash, seedhash, HASH_SIZE))
-      is_alt = 0;
-  } else {
-  /* RPC could request an earlier block on mainchain */
-    if (s_height > seedheight)
-      is_alt = 1;
-    /* miner can be ahead of mainchain */
-    else if (s_height < seedheight)
-      toggle ^= 1;
+  CTHR_RWLOCK_LOCK_WRITE(main_dataset_lock);
+  CTHR_RWLOCK_LOCK_WRITE(main_cache_lock);
+
+  // Double check that seedhash wasn't already updated
+  if (is_main(info->seedhash)) {
+    CTHR_RWLOCK_UNLOCK_WRITE(main_cache_lock);
+    CTHR_RWLOCK_UNLOCK_WRITE(main_dataset_lock);
+    free(info);
+    CTHR_THREAD_RETURN;
+  }
+  memcpy(main_seedhash, info->seedhash, HASH_SIZE);
+  main_seedhash_set = 1;
+
+  char buf[HASH_SIZE * 2 + 1];
+  hash2hex(main_seedhash, buf);
+  minfo(RX_LOGCAT, "RandomX new main seed hash is %s", buf);
+
+  const randomx_flags flags = enabled_flags() & ~disabled_flags();
+  rx_alloc_dataset(flags, &main_dataset, 0);
+  rx_alloc_cache(flags, &main_cache);
+
+  randomx_init_cache(main_cache, info->seedhash, HASH_SIZE);
+  minfo(RX_LOGCAT, "RandomX main cache initialized");
+
+  CTHR_RWLOCK_UNLOCK_WRITE(main_cache_lock);
+
+  // From this point, rx_slow_hash can calculate hashes in light mode, but dataset is not initialized yet
+  rx_init_dataset(info->max_threads);
+
+  CTHR_RWLOCK_UNLOCK_WRITE(main_dataset_lock);
+
+  free(info);
+  CTHR_THREAD_RETURN;
+}
+
+void rx_set_main_seedhash(const char *seedhash, size_t max_dataset_init_threads) {
+  // Early out if seedhash didn't change
+  if (is_main(seedhash)) {
+    return;
  }

-  toggle ^= (is_alt != 0);
+  // Update main cache and dataset in the background
+  thread_info* info = malloc(sizeof(thread_info));
+  if (!info) local_abort("Couldn't allocate RandomX mining threadinfo");

-  rx_sp = &rx_s[toggle];
-  CTHR_MUTEX_LOCK(rx_sp->rs_mutex);
-  CTHR_MUTEX_UNLOCK(rx_mutex);
+  memcpy(info->seedhash, seedhash, HASH_SIZE);
+  info->max_threads = max_dataset_init_threads;

-  cache = rx_sp->rs_cache;
-  if (cache == NULL) {
-    if (!(disabled_flags() & RANDOMX_FLAG_LARGE_PAGES)) {
-      cache = randomx_alloc_cache(flags | RANDOMX_FLAG_LARGE_PAGES);
-      if (cache == NULL) {
-        mdebug(RX_LOGCAT, "Couldn't use largePages for RandomX cache");
-      }
-    }
-    if (cache == NULL) {
-      cache = randomx_alloc_cache(flags);
-      if (cache == NULL)
-        local_abort("Couldn't allocate RandomX cache");
-    }
+  CTHR_THREAD_TYPE t;
+  if (!CTHR_THREAD_CREATE(t, rx_set_main_seedhash_thread, info)) {
+    local_abort("Couldn't start RandomX seed thread");
  }
-  if (rx_sp->rs_height != seedheight || rx_sp->rs_cache == NULL || memcmp(seedhash, rx_sp->rs_hash, HASH_SIZE)) {
-    randomx_init_cache(cache, seedhash, HASH_SIZE);
-    rx_sp->rs_cache = cache;
-    rx_sp->rs_height = seedheight;
-    memcpy(rx_sp->rs_hash, seedhash, HASH_SIZE);
-  }
-  if (rx_vm == NULL) {
-    if ((flags & RANDOMX_FLAG_JIT) && !miners) {
-        flags |= RANDOMX_FLAG_SECURE & ~disabled_flags();
-    }
-    if (miners && (disabled_flags() & RANDOMX_FLAG_FULL_MEM)) {
-      miners = 0;
-    }
-    if (miners) {
-      CTHR_MUTEX_LOCK(rx_dataset_mutex);
-      if (!rx_dataset_nomem) {
-        if (rx_dataset == NULL) {
-          if (!(disabled_flags() & RANDOMX_FLAG_LARGE_PAGES)) {
-            rx_dataset = randomx_alloc_dataset(RANDOMX_FLAG_LARGE_PAGES);
-            if (rx_dataset == NULL) {
-              mdebug(RX_LOGCAT, "Couldn't use largePages for RandomX dataset");
-            }
-          }
-          if (rx_dataset == NULL)
-            rx_dataset = randomx_alloc_dataset(RANDOMX_FLAG_DEFAULT);
-          if (rx_dataset != NULL)
-            rx_initdata(rx_sp->rs_cache, miners, seedheight);
+  CTHR_THREAD_CLOSE(t);
+}
+
+void rx_slow_hash(const char *seedhash, const void *data, size_t length, char *result_hash) {
+  const randomx_flags flags = enabled_flags() & ~disabled_flags();
+  int success = 0;
+
+  // Fast path (seedhash == main_seedhash)
+  // Multiple threads can run in parallel in fast or light mode, 1-2 ms or 10-15 ms per hash per thread
+  if (is_main(seedhash)) {
+    // If CTHR_RWLOCK_TRYLOCK_READ fails it means dataset is being initialized now, so use the light mode
+    if (main_dataset && CTHR_RWLOCK_TRYLOCK_READ(main_dataset_lock)) {
+      // Double check that main_seedhash didn't change
+      if (is_main(seedhash)) {
+        rx_init_full_vm(flags, &main_vm_full);
+        if (main_vm_full) {
+          randomx_calculate_hash(main_vm_full, data, length, result_hash);
+          success = 1;
        }
      }
-      if (rx_dataset != NULL)
-        flags |= RANDOMX_FLAG_FULL_MEM;
-      else {
-        miners = 0;
-        if (!rx_dataset_nomem) {
-          rx_dataset_nomem = 1;
-          mwarning(RX_LOGCAT, "Couldn't allocate RandomX dataset for miner");
-        }
+      CTHR_RWLOCK_UNLOCK_READ(main_dataset_lock);
+    } else {
+      CTHR_RWLOCK_LOCK_READ(main_cache_lock);
+      // Double check that main_seedhash didn't change
+      if (is_main(seedhash)) {
+        rx_init_light_vm(flags, &main_vm_light, main_cache);
+        randomx_calculate_hash(main_vm_light, data, length, result_hash);
+        success = 1;
      }
-      CTHR_MUTEX_UNLOCK(rx_dataset_mutex);
+      CTHR_RWLOCK_UNLOCK_READ(main_cache_lock);
    }
-    if (!(disabled_flags() & RANDOMX_FLAG_LARGE_PAGES) && !rx_dataset_nolp) {
-      rx_vm = randomx_create_vm(flags | RANDOMX_FLAG_LARGE_PAGES, rx_sp->rs_cache, rx_dataset);
-      if(rx_vm == NULL) { //large pages failed
-        mdebug(RX_LOGCAT, "Couldn't use largePages for RandomX VM");
-        rx_dataset_nolp = 1;
-      }
-    }
-    if (rx_vm == NULL)
-      rx_vm = randomx_create_vm(flags, rx_sp->rs_cache, rx_dataset);
-    if(rx_vm == NULL) {//fallback if everything fails
-      flags = RANDOMX_FLAG_DEFAULT | (miners ? RANDOMX_FLAG_FULL_MEM : 0);
-      rx_vm = randomx_create_vm(flags, rx_sp->rs_cache, rx_dataset);
-    }
-    if (rx_vm == NULL)
-      local_abort("Couldn't allocate RandomX VM");
-  } else if (miners) {
-    CTHR_MUTEX_LOCK(rx_dataset_mutex);
-    if (rx_dataset != NULL && rx_dataset_height != seedheight)
-      rx_initdata(cache, miners, seedheight);
-    else if (rx_dataset == NULL) {
-      /* this is a no-op if the cache hasn't changed */
-      randomx_vm_set_cache(rx_vm, rx_sp->rs_cache);
-    }
-    CTHR_MUTEX_UNLOCK(rx_dataset_mutex);
-  } else {
-    /* this is a no-op if the cache hasn't changed */
-    randomx_vm_set_cache(rx_vm, rx_sp->rs_cache);
  }
-  /* mainchain users can run in parallel */
-  if (!is_alt)
-    CTHR_MUTEX_UNLOCK(rx_sp->rs_mutex);
-  randomx_calculate_hash(rx_vm, data, length, hash);
-  /* altchain slot users always get fully serialized */
-  if (is_alt)
-    CTHR_MUTEX_UNLOCK(rx_sp->rs_mutex);
+
+  if (success) {
+    return;
+  }
+
+  char buf[HASH_SIZE * 2 + 1];
+
+  // Slow path (seedhash != main_seedhash, but seedhash == secondary_seedhash)
+  // Multiple threads can run in parallel in light mode, 10-15 ms per hash per thread
+  if (!secondary_cache) {
+    CTHR_RWLOCK_LOCK_WRITE(secondary_cache_lock);
+    if (!secondary_cache) {
+      hash2hex(seedhash, buf);
+      minfo(RX_LOGCAT, "RandomX new secondary seed hash is %s", buf);
+
+      rx_alloc_cache(flags, &secondary_cache);
+      randomx_init_cache(secondary_cache, seedhash, HASH_SIZE);
+      minfo(RX_LOGCAT, "RandomX secondary cache updated");
+      memcpy(secondary_seedhash, seedhash, HASH_SIZE);
+      secondary_seedhash_set = 1;
+    }
+    CTHR_RWLOCK_UNLOCK_WRITE(secondary_cache_lock);
+  }
+
+  CTHR_RWLOCK_LOCK_READ(secondary_cache_lock);
+  if (is_secondary(seedhash)) {
+    rx_init_light_vm(flags, &secondary_vm_light, secondary_cache);
+    randomx_calculate_hash(secondary_vm_light, data, length, result_hash);
+    success = 1;
+  }
+  CTHR_RWLOCK_UNLOCK_READ(secondary_cache_lock);
+
+  if (success) {
+    return;
+  }
+
+  // Slowest path (seedhash != main_seedhash, seedhash != secondary_seedhash)
+  // Only one thread runs at a time and updates secondary_seedhash if needed, up to 200-500 ms per hash
+  CTHR_RWLOCK_LOCK_WRITE(secondary_cache_lock);
+  if (!is_secondary(seedhash)) {
+    hash2hex(seedhash, buf);
+    minfo(RX_LOGCAT, "RandomX new secondary seed hash is %s", buf);
+
+    randomx_init_cache(secondary_cache, seedhash, HASH_SIZE);
+    minfo(RX_LOGCAT, "RandomX secondary cache updated");
+    memcpy(secondary_seedhash, seedhash, HASH_SIZE);
+    secondary_seedhash_set = 1;
+  }
+  rx_init_light_vm(flags, &secondary_vm_light, secondary_cache);
+  randomx_calculate_hash(secondary_vm_light, data, length, result_hash);
+  CTHR_RWLOCK_UNLOCK_WRITE(secondary_cache_lock);
 }

-void rx_slow_hash_allocate_state(void) {
+void rx_set_miner_thread(uint32_t value, size_t max_dataset_init_threads) {
+  miner_thread = value;
+
+  // If dataset is not allocated yet, try to allocate and initialize it
+  CTHR_RWLOCK_LOCK_WRITE(main_dataset_lock);
+  if (main_dataset) {
+    CTHR_RWLOCK_UNLOCK_WRITE(main_dataset_lock);
+    return;
+  }
+
+  const randomx_flags flags = enabled_flags() & ~disabled_flags();
+  rx_alloc_dataset(flags, &main_dataset, 1);
+  rx_init_dataset(max_dataset_init_threads);
+
+  CTHR_RWLOCK_UNLOCK_WRITE(main_dataset_lock);
 }

-void rx_slow_hash_free_state(void) {
-  if (rx_vm != NULL) {
-    randomx_destroy_vm(rx_vm);
-    rx_vm = NULL;
+uint32_t rx_get_miner_thread() {
+  return miner_thread;
+}
+
+void rx_slow_hash_allocate_state() {}
+
+static void rx_destroy_vm(randomx_vm** vm) {
+  if (*vm) {
+    randomx_destroy_vm(*vm);
+    *vm = NULL;
  }
 }

-void rx_stop_mining(void) {
-  CTHR_MUTEX_LOCK(rx_dataset_mutex);
-  if (rx_dataset != NULL) {
-    randomx_dataset *rd = rx_dataset;
-    rx_dataset = NULL;
-    randomx_release_dataset(rd);
-  }
-  rx_dataset_nomem = 0;
-  rx_dataset_nolp = 0;
-  CTHR_MUTEX_UNLOCK(rx_dataset_mutex);
+void rx_slow_hash_free_state() {
+  rx_destroy_vm(&main_vm_full);
+  rx_destroy_vm(&main_vm_light);
+  rx_destroy_vm(&secondary_vm_light);
 }
--- a/src/cryptonote_basic/account.cpp
+++ b/src/cryptonote_basic/account.cpp
@ -152,6 +152,17 @@ DISABLE_VS_WARNINGS(4244 4345)
    m_keys.m_multisig_keys.clear();
  }
  //-----------------------------------------------------------------
+  void account_base::set_spend_key(const crypto::secret_key& spend_secret_key)
+  {
+    // make sure derived spend public key matches saved public spend key
+    crypto::public_key spend_public_key;
+    crypto::secret_key_to_public_key(spend_secret_key, spend_public_key);
+    CHECK_AND_ASSERT_THROW_MES(m_keys.m_account_address.m_spend_public_key == spend_public_key,
+        "Unexpected derived public spend key");
+
+    m_keys.m_spend_secret_key = spend_secret_key;
+  }
+  //-----------------------------------------------------------------
  crypto::secret_key account_base::generate(const crypto::secret_key& recovery_key, bool recover, bool two_random)
  {
    crypto::secret_key first = generate_keys(m_keys.m_account_address.m_spend_public_key, m_keys.m_spend_secret_key, recovery_key, recover);
--- a/src/cryptonote_basic/account.h
+++ b/src/cryptonote_basic/account.h
@ -95,6 +95,7 @@ namespace cryptonote
    bool store(const std::string& file_path);

    void forget_spend_key();
+    void set_spend_key(const crypto::secret_key& spend_secret_key);
    const std::vector<crypto::secret_key> &get_multisig_keys() const { return m_keys.m_multisig_keys; }

    void encrypt_keys(const crypto::chacha_key &key) { m_keys.encrypt(key); }
--- a/src/cryptonote_basic/connection_context.cpp
+++ b/src/cryptonote_basic/connection_context.cpp
@ -29,6 +29,7 @@

 #include "connection_context.h"

+#include <boost/optional/optional.hpp>
 #include "cryptonote_protocol/cryptonote_protocol_defs.h"
 #include "p2p/p2p_protocol_defs.h"

@ -69,4 +70,23 @@ namespace cryptonote
    };
    return std::numeric_limits<size_t>::max();
  }
+
+  void cryptonote_connection_context::set_state_normal()
+  {
+    m_state = state_normal;
+    m_expected_heights_start = 0;
+    m_needed_objects.clear();
+    m_needed_objects.shrink_to_fit();
+    m_expected_heights.clear();
+    m_expected_heights.shrink_to_fit();
+    m_requested_objects.clear();
+  }
+
+  boost::optional<crypto::hash> cryptonote_connection_context::get_expected_hash(const uint64_t height) const
+  {
+    const auto difference = height - m_expected_heights_start;
+    if (height < m_expected_heights_start || m_expected_heights.size() <= difference)
+      return boost::none;
+    return m_expected_heights[difference];
+  }
 } // cryptonote
--- a/src/cryptonote_basic/connection_context.h
+++ b/src/cryptonote_basic/connection_context.h
@ -34,6 +34,7 @@
 #include <atomic>
 #include <algorithm>
 #include <boost/date_time/posix_time/posix_time.hpp>
+#include <boost/optional/optional_fwd.hpp>
 #include "net/net_utils_base.h"
 #include "crypto/hash.h"

@ -42,7 +43,7 @@ namespace cryptonote
  struct cryptonote_connection_context: public epee::net_utils::connection_context_base
  {
    cryptonote_connection_context(): m_state(state_before_handshake), m_remote_blockchain_height(0), m_last_response_height(0),
-        m_last_request_time(boost::date_time::not_a_date_time), m_callback_request_count(0),
+        m_expected_heights_start(0), m_last_request_time(boost::date_time::not_a_date_time), m_callback_request_count(0),
        m_last_known_hash(crypto::null_hash), m_pruning_seed(0), m_rpc_port(0), m_rpc_credits_per_hash(0), m_anchor(false), m_score(0),
        m_expect_response(0), m_expect_height(0), m_num_requested(0) {}

@ -92,11 +93,18 @@ namespace cryptonote
    //! \return Maximum number of bytes permissible for `command`.
    static size_t get_max_bytes(int command) noexcept;

+    //! Use this instead of `m_state = state_normal`.
+    void set_state_normal();
+
+    boost::optional<crypto::hash> get_expected_hash(uint64_t height) const;
+
    state m_state;
    std::vector<std::pair<crypto::hash, uint64_t>> m_needed_objects;
+    std::vector<crypto::hash> m_expected_heights;
    std::unordered_set<crypto::hash> m_requested_objects;
    uint64_t m_remote_blockchain_height;
    uint64_t m_last_response_height;
+    uint64_t m_expected_heights_start;
    boost::posix_time::ptime m_last_request_time;
    copyable_atomic m_callback_request_count; //in debug purpose: problem with double callback rise
    crypto::hash m_last_known_hash;
--- a/src/cryptonote_basic/cryptonote_basic_impl.h
+++ b/src/cryptonote_basic/cryptonote_basic_impl.h
@ -39,15 +39,6 @@ namespace cryptonote {
  /************************************************************************/
  /*                                                                      */
  /************************************************************************/
-  template<class t_array>
-  struct array_hasher: std::unary_function<t_array&, std::size_t>
-  {
-    std::size_t operator()(const t_array& val) const
-    {
-      return boost::hash_range(&val.data[0], &val.data[sizeof(val.data)]);
-    }
-  };
-

 #pragma pack(push, 1)
  struct public_address_outer_blob
--- a/Show More
+++ b/Show More