Merge pull request #7131

c1d6547 protocol: include first new block in chain entry response (moneromooo-monero)
Merge pull request #7128
2025-12-09 06:10:53 -08:00 · 2020-12-12 22:05:41 -06:00 · 2020-12-12 22:03:59 -06:00 · 2020-12-12 22:02:20 -06:00 · 2020-12-12 01:36:56 +00:00 · 2020-12-11 18:47:28 +00:00
859 changed files with 320667 additions and 25700 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+custom: https://www.getmonero.org/get-started/contributing/
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,96 @@
+name: continuous-integration/gh-actions/cli
+
+on: [push, pull_request]
+
+jobs:
+  build-macos:
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: recursive
+    - name: update brew and install dependencies
+      run: brew update && brew install boost hidapi zmq libpgm miniupnpc ldns expat libunwind-headers protobuf
+    - name: build
+      run: make -j3
+
+  build-windows:
+    runs-on: windows-latest
+    defaults:
+      run:
+        shell: msys2 {0}
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: recursive
+    - uses: eine/setup-msys2@v1
+      with:
+        update: true
+        install: mingw-w64-x86_64-toolchain make mingw-w64-x86_64-cmake mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-zeromq mingw-w64-x86_64-libsodium mingw-w64-x86_64-hidapi mingw-w64-x86_64-protobuf-c mingw-w64-x86_64-libusb git
+    - name: build
+      run: make release-static-win64 -j2
+
+  build-ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: recursive
+    - name: remove bundled boost
+      run: sudo rm -rf /usr/local/share/boost
+    - name: set apt conf
+      run: |
+        echo "Acquire::Retries \"3\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::ftp::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+    - name: update apt
+      run: sudo apt update
+    - name: install monero dependencies
+      run: sudo apt -y install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev libsodium-dev libhidapi-dev libnorm-dev libusb-1.0-0-dev libpgm-dev libprotobuf-dev protobuf-compiler
+    - name: build
+      run: make -j3
+
+  libwallet-ubuntu:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: recursive
+    - name: remove bundled boost
+      run: sudo rm -rf /usr/local/share/boost
+    - name: set apt conf
+      run: |
+        echo "Acquire::Retries \"3\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::ftp::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+    - name: update apt
+      run: sudo apt update
+    - name: install monero dependencies
+      run: sudo apt -y install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev libsodium-dev libhidapi-dev libnorm-dev libusb-1.0-0-dev libpgm-dev libprotobuf-dev protobuf-compiler
+    - name: build
+      run: cmake -DBUILD_GUI_DEPS=ON && make -j3
+
+  test-ubuntu:
+    needs: build-ubuntu
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+      with:
+        submodules: recursive
+    - name: remove bundled boost
+      run: sudo rm -rf /usr/local/share/boost
+    - name: set apt conf
+      run: |
+        echo "Acquire::Retries \"3\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::http::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+        echo "Acquire::ftp::Timeout \"120\";" | sudo tee -a /etc/apt/apt.conf.d/80-custom
+    - name: update apt
+      run: sudo apt update
+    - name: install monero dependencies
+      run: sudo apt -y install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev libsodium-dev libhidapi-dev libnorm-dev libusb-1.0-0-dev libpgm-dev libprotobuf-dev protobuf-compiler
+    - name: install requests
+      run: pip install requests
+    - name: tests
+      env:
+        CTEST_OUTPUT_ON_FAILURE: ON
+      run: make release-test -j3
--- a/.gitignore
+++ b/.gitignore
@@ -96,6 +96,9 @@ local.properties
 # PDT-specific
 .buildpath

+# Netbeans-specific
+nbproject
+
 # sbteclipse plugin
 .target

@@ -103,4 +106,6 @@ local.properties
 .texlipse
 .idea/

-/testnet
+/testnet
+
+__pycache__/
--- a/.gitmodules
+++ b/.gitmodules
@@ -12,3 +12,10 @@
 [submodule "external/trezor-common"]
 	path = external/trezor-common
 	url = https://github.com/trezor/trezor-common.git
+[submodule "external/randomx"]
+	path = external/randomx
+	url = https://github.com/tevador/RandomX
+[submodule "external/supercop"]
+	path = external/supercop
+	url = https://github.com/monero-project/supercop
+	branch = monero
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,12 +18,14 @@ env:
    - SDK_URL=https://bitcoincore.org/depends-sources/sdks
    - DOCKER_PACKAGES="build-essential libtool cmake autotools-dev automake pkg-config bsdmainutils curl git ca-certificates ccache"
  matrix:
+# RISCV 64bit
+    - HOST=riscv64-linux-gnu PACKAGES="python3 gperf g++-riscv64-linux-gnu"
 # ARM v7
    - HOST=arm-linux-gnueabihf PACKAGES="python3 gperf g++-arm-linux-gnueabihf"
 # ARM v8
    - HOST=aarch64-linux-gnu PACKAGES="python3 gperf g++-aarch64-linux-gnu"
 # i686 Win
-    - HOST=i686-w64-mingw32 DEP_OPTS="NO_QT=1" PACKAGES="python3 g++-mingw-w64-i686 qttools5-dev-tools"
+    - HOST=i686-w64-mingw32 DEP_OPTS="NO_QT=1" PACKAGES="python3 g++-mingw-w64-i686 qttools5-dev-tools" MAKEJOBS=-j2
 # i686 Linux
    - HOST=i686-pc-linux-gnu PACKAGES="gperf cmake g++-multilib python3-zmq"
 # Win64
@@ -32,6 +34,8 @@ env:
    - HOST=x86_64-unknown-linux-gnu PACKAGES="gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev"
 # Cross-Mac
    - HOST=x86_64-apple-darwin11 PACKAGES="cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev python3-setuptools-git" OSX_SDK=10.11
+# x86_64 Freebsd
+    - HOST=x86_64-unknown-freebsd PACKAGES="clang-8 gperf cmake python3-zmq libdbus-1-dev libharfbuzz-dev"

 before_install:
    - export PATH=$(echo $PATH | tr ':' "\n" | sed '/\/opt\/python/d' | tr "\n" ":" | sed "s|::|:|g")
@@ -49,7 +53,7 @@ before_script:
    - if [ -n "$OSX_SDK" -a -f contrib/depends/sdk-sources/MacOSX${OSX_SDK}.sdk.tar.gz ]; then tar -C contrib/depends/SDKs -xf contrib/depends/sdk-sources/MacOSX${OSX_SDK}.sdk.tar.gz; fi
    - if [[ $HOST = *-mingw32 ]]; then $DOCKER_EXEC bash -c "update-alternatives --set $HOST-g++ \$(which $HOST-g++-posix)"; fi
    - if [[ $HOST = *-mingw32 ]]; then $DOCKER_EXEC bash -c "update-alternatives --set $HOST-gcc \$(which $HOST-gcc-posix)"; fi
-    - if [ -z "$NO_DEPENDS" ]; then $DOCKER_EXEC bash -c "CONFIG_SHELL= make $MAKEJOBS -C contrib/depends HOST=$HOST $DEP_OPTS"; fi
+    - if [ -z "$NO_DEPENDS" ]; then $DOCKER_EXEC bash -c "make $MAKEJOBS -C contrib/depends HOST=$HOST $DEP_OPTS"; fi
 script:
    - git submodule init && git submodule update
    - export TRAVIS_COMMIT_LOG=`git log --format=fuller -1`
--- a/ANONYMITY_NETWORKS.md
+++ b/ANONYMITY_NETWORKS.md
@@ -43,11 +43,13 @@ additional peers can be found through typical p2p peerlist sharing.
 ### Outbound Connections

 Connecting to an anonymous address requires the command line option
-`--proxy` which tells `monerod` the ip/port of a socks proxy provided by a
+`--tx-proxy` which tells `monerod` the ip/port of a socks proxy provided by a
 separate process. On most systems the configuration will look like:

-> `--proxy tor,127.0.0.1:9050,10`
-> `--proxy i2p,127.0.0.1:9000`
+```
+--tx-proxy tor,127.0.0.1:9050,10
+--tx-proxy i2p,127.0.0.1:9000
+```

 which tells `monerod` that ".onion" p2p addresses can be forwarded to a socks
 proxy at IP 127.0.0.1 port 9050 with a max of 10 outgoing connections and
@@ -55,12 +57,14 @@ proxy at IP 127.0.0.1 port 9050 with a max of 10 outgoing connections and
 9000 with the default max outgoing connections. Since there are no seed nodes
 for anonymity connections, peers must be manually specified:

-> `--add-exclusive-node rveahdfho7wo4b2m.onion:28083`
-> `--add-peer rveahdfho7wo4b2m.onion:28083`
+```
+--add-exclusive-node rveahdfho7wo4b2m.onion:28083
+--add-peer rveahdfho7wo4b2m.onion:28083
+```

 Either option can be listed multiple times, and can specify any mix of Tor,
 I2P, and IPv4 addresses. Using `--add-exclusive-node` will prevent the usage of
-seed nodes on ALL networks, which will typically be undesireable.
+seed nodes on ALL networks, which will typically be undesirable.

 ### Inbound Connections

@@ -68,8 +72,10 @@ Receiving anonymity connections is done through the option
 `--anonymous-inbound`. This option tells `monerod` the inbound address, network
 type, and max connections:

-> `--anonymous-inbound rveahdfho7wo4b2m.onion:28083,127.0.0.1:28083,25`
-> `--anonymous-inbound cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000,127.0.0.1:30000`
+```
+--anonymous-inbound rveahdfho7wo4b2m.onion:28083,127.0.0.1:28083,25
+--anonymous-inbound cmeua5767mz2q5jsaelk2rxhf67agrwuetaso5dzbenyzwlbkg2q.b32.i2p:5000,127.0.0.1:30000
+```

 which tells `monerod` that a max of 25 inbound Tor connections are being
 received at address "rveahdfho7wo4b2m.onion:28083" and forwarded to `monerod`
@@ -87,12 +93,16 @@ P2P anonymity connections. The anonymity network (Tor/i2p) is
 [configured in the same manner](#configuration), except the localhost port
 must be the RPC port (typically 18081 for mainnet) instead of the p2p port:

-> HiddenServiceDir /var/lib/tor/data/monero
-> HiddenServicePort 18081 127.0.0.1:18081
+```
+HiddenServiceDir /var/lib/tor/data/monero
+HiddenServicePort 18081 127.0.0.1:18081
+```

 Then the wallet will be configured to use a Tor/i2p address:
-> `--proxy 127.0.0.1:9050`
-> `--daemon-address rveahdfho7wo4b2m.onion`
+```
+--proxy 127.0.0.1:9050
+--daemon-address rveahdfho7wo4b2m.onion
+```

 The proxy must match the address type - a Tor proxy will not work properly with
 i2p addresses, etc.
@@ -114,7 +124,7 @@ encryption.

 Options `--add-exclusive-node` and `--add-peer` recognize ".onion" and
 ".b32.i2p" addresses, and will properly forward those addresses to the proxy
-provided with `--proxy tor,...` or `--proxy i2p,...`.
+provided with `--tx-proxy tor,...` or `--tx-proxy i2p,...`.

 Option `--anonymous-inbound` also recognizes ".onion" and ".b32.i2p" addresses,
 and will automatically be sent out to outgoing Tor/I2P connections so the peer
@@ -125,8 +135,10 @@ can distribute the address to its other peers.
 Tor must be configured for hidden services. An example configuration ("torrc")
 might look like:

-> HiddenServiceDir /var/lib/tor/data/monero
-> HiddenServicePort 28083 127.0.0.1:28083
+```
+HiddenServiceDir /var/lib/tor/data/monero
+HiddenServicePort 28083 127.0.0.1:28083
+```

 This will store key information in `/var/lib/tor/data/monero` and will forward
 "Tor port" 28083 to port 28083 of ip 127.0.0.1. The file
@@ -160,25 +172,6 @@ the system clock is noticeably off (and therefore more fingerprintable),
 linking the public IPv4/IPv6 connections with the anonymity networks will be
 more difficult.

-### Bandwidth Usage
-
-An ISP can passively monitor `monerod` connections from a node and observe when
-a transaction is sent over a Tor/I2P connection via timing analysis + size of
-data sent during that timeframe. I2P should provide better protection against
-this attack - its connections are not circuit based. However, if a node is
-only using I2P for broadcasting Monero transactions, the total aggregate of
-I2P data would also leak information.
-
-#### Mitigation
-
-There is no current mitigation for the user right now. This attack is fairly
-sophisticated, and likely requires support from the internet host of a Monero
-user.
-
-In the near future, "whitening" the amount of data sent over anonymity network
-connections will be performed. An attempt will be made to make a transaction
-broadcast indistinguishable from a peer timed sync command.
-
 ### Intermittent Monero Syncing

 If a user only runs `monerod` to send a transaction then quit, this can also
@@ -189,7 +182,7 @@ be used by an ISP to link a user to a transaction.
 Run `monerod` as often as possible to conceal when transactions are being sent.
 Future versions will also have peers that first receive a transaction over an
 anonymity network delay the broadcast to public peers by a randomized amount.
-This will not completetely mitigate a user who syncs up sends then quits, in
+This will not completely mitigate a user who syncs up sends then quits, in
 part because this rule is not enforceable, so this mitigation strategy is
 simply a best effort attempt.

@@ -202,9 +195,42 @@ the connections are not circuit based.

 #### Mitigation

-The best mitigiation is to use I2P instead of Tor. However, I2P
+The best mitigation is to use I2P instead of Tor. However, I2P
 has a smaller set of users (less cover traffic) and academic reviews, so there
-is a tradeoff in potential isses. Also, anyone attempting this strategy really
+is a trade off in potential issues. Also, anyone attempting this strategy really
 wants to uncover a user, it seems unlikely that this would be performed against
 every Tor/I2P user.

+### I2P/Tor Stream Used Twice
+
+If a single I2P/Tor stream is used 2+ times for transmitting a transaction, the
+operator of the hidden service can conclude that both transactions came from the
+same source. If the subsequent transactions spend a change output from the
+earlier transactions, this will also reveal the "real" spend in the ring
+signature. This issue was (primarily) raised by @secparam on Twitter.
+
+#### Mitigation
+
+`monerod` currently selects two outgoing connections every 5 minutes for
+transmitting transactions over I2P/Tor. Using outgoing connections prevents an
+adversary from making many incoming connections to obtain information (this
+technique was taken from Dandelion). Outgoing connections also do not have a
+persistent public key identity - the creation of a new circuit will generate
+a new public key identity. The lock time on a change address is ~20 minutes, so
+`monerod` will have rotated its selected outgoing connections several times in
+most cases. However, the number of outgoing connections is typically a small
+fixed number, so there is a decent probability of re-use with the same public
+key identity.
+
+@secparam (twitter) recommended changing circuits (Tor) as an additional
+precaution. This is likely not a good idea - forcibly requesting Tor to change
+circuits is observable by the ISP. Instead, `monerod` should likely disconnect
+from peers occasionally. Tor will rotate circuits every ~10 minutes, so
+establishing new connections will use a new public key identity and make it
+more difficult for the hidden service to link information. This process will
+have to be done carefully because closing/reconnecting connections can also
+leak information to hidden services if done improperly.
+
+At the current time, if users need to frequently make transactions, I2P/Tor
+will improve privacy from ISPs and other common adversaries, but still have
+some metadata leakages to unknown hidden service operators.
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 #
 # All rights reserved.
 #
@@ -27,13 +27,17 @@
 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 # Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+
 list(INSERT CMAKE_MODULE_PATH 0
-  "${CMAKE_SOURCE_DIR}/cmake")
+  "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 include(CheckCCompilerFlag)
 include(CheckCXXCompilerFlag)
 include(CheckLinkerFlag)
 include(CheckLibraryExists)
 include(CheckFunctionExists)
+include(FindPythonInterp)

 if (IOS)
    INCLUDE(CmakeLists_IOS.txt)
@@ -44,6 +48,13 @@ message(STATUS "CMake version ${CMAKE_VERSION}")

 project(monero)

+option (USE_CCACHE "Use ccache if a usable instance is found" ON)
+if (USE_CCACHE)
+	include(FindCcache) # Has to be included after the project() macro, to be able to read the CXX variable.
+else()
+	message(STATUS "ccache deselected")
+endif()
+
 enable_language(C ASM)

 function (die msg)
@@ -114,6 +125,7 @@ string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER)
 # when ARCH is not set to an explicit identifier, cmake's builtin is used
 # to identify the target architecture, to direct logic in this cmake script.
 # Since ARCH is a cached variable, it will not be set on first cmake invocation.
+if (NOT ARCH_ID)
 if (NOT ARCH OR ARCH STREQUAL "" OR ARCH STREQUAL "native" OR ARCH STREQUAL "default")
  if(CMAKE_SYSTEM_PROCESSOR STREQUAL "")
    set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_HOST_SYSTEM_PROCESSOR})
@@ -122,6 +134,7 @@ if (NOT ARCH OR ARCH STREQUAL "" OR ARCH STREQUAL "native" OR ARCH STREQUAL "def
 else()
  set(ARCH_ID "${ARCH}")
 endif()
+endif()
 string(TOLOWER "${ARCH_ID}" ARM_ID)
 string(SUBSTRING "${ARM_ID}" 0 3 ARM_TEST)
 if (ARM_TEST STREQUAL "arm")
@@ -187,7 +200,7 @@ if(NOT MANUAL_SUBMODULES)
      if (upToDate)
        message(STATUS "Submodule '${relative_path}' is up-to-date")
      else()
-        message(FATAL_ERROR "Submodule '${relative_path}' is not up-to-date. Please update with\ngit submodule update --init --force ${relative_path}\nor run cmake with -DMANUAL_SUBMODULES=1")
+        message(FATAL_ERROR "Submodule '${relative_path}' is not up-to-date. Please update all submodules with\ngit submodule update --init --force\nor run cmake with -DMANUAL_SUBMODULES=1\n")
      endif()
    endfunction ()
    
@@ -196,6 +209,8 @@ if(NOT MANUAL_SUBMODULES)
    check_submodule(external/unbound)
    check_submodule(external/rapidjson)
    check_submodule(external/trezor-common)
+    check_submodule(external/randomx)
+    check_submodule(external/supercop)
  endif()
 endif()

@@ -246,6 +261,18 @@ enable_testing()

 option(BUILD_DOCUMENTATION "Build the Doxygen documentation." ON)
 option(BUILD_TESTS "Build tests." OFF)
+if (CMAKE_BUILD_TYPE STREQUAL "Debug")
+  set(DEFAULT_BUILD_DEBUG_UTILITIES ON)
+else()
+  set(DEFAULT_BUILD_DEBUG_UTILITIES OFF)
+endif()
+option(BUILD_DEBUG_UTILITIES "Build debug utilities." DEFAULT_BUILD_DEBUG_UTILITIES)
+
+if(OSSFUZZ)
+  message(STATUS "Using OSS-Fuzz fuzzing system")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DOSSFUZZ")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DOSSFUZZ")
+endif()

 # Check whether we're on a 32-bit or 64-bit system
 if(CMAKE_SIZEOF_VOID_P EQUAL "8")
@@ -285,7 +312,7 @@ endif()
 # elseif(CMAKE_SYSTEM_NAME MATCHES ".*BSDI.*")
 #   set(BSDI TRUE)

-include_directories(external/rapidjson/include external/easylogging++ src contrib/epee/include external)
+include_directories(external/rapidjson/include external/easylogging++ src contrib/epee/include external external/supercop/include)

 if(APPLE)
  include_directories(SYSTEM /usr/include/malloc)
@@ -350,54 +377,9 @@ endif()
 # memory was the default in Cryptonote before Monero implemented LMDB, it still works but is unnecessary.
 # set(DATABASE memory)
 set(DATABASE lmdb)
-
-if (DEFINED ENV{DATABASE})
-  set(DATABASE $ENV{DATABASE})
-  message(STATUS "DATABASE set: ${DATABASE}")
-else()
-  message(STATUS "Could not find DATABASE in env (not required unless you want to change database type from default: ${DATABASE})")
-endif()
-
-set(BERKELEY_DB_OVERRIDE 0)
-if (DEFINED ENV{BERKELEY_DB})
-  set(BERKELEY_DB_OVERRIDE 1)
-  set(BERKELEY_DB $ENV{BERKELEY_DB})
-elseif()
-  set(BERKELEY_DB 0)
-endif()
-
-if (DATABASE STREQUAL "lmdb")
-  message(STATUS "Using LMDB as default DB type")
-  set(BLOCKCHAIN_DB DB_LMDB)
-  add_definitions("-DDEFAULT_DB_TYPE=\"lmdb\"")
-elseif (DATABASE STREQUAL "berkeleydb")
-  find_package(BerkeleyDB)
-  if(NOT BERKELEY_DB)
-      die("Found BerkeleyDB includes, but could not find BerkeleyDB library. Please make sure you have installed libdb and libdb-dev / libdb++-dev or the equivalent.")
-  else()
-    message(STATUS "Found BerkeleyDB include (db.h) in ${BERKELEY_DB_INCLUDE_DIR}")
-    if(BERKELEY_DB_LIBRARIES)
-      message(STATUS "Found BerkeleyDB shared library")
-      set(BDB_STATIC false CACHE BOOL "BDB Static flag")
-      set(BDB_INCLUDE ${BERKELEY_DB_INCLUDE_DIR} CACHE STRING "BDB include path")
-      set(BDB_LIBRARY ${BERKELEY_DB_LIBRARIES} CACHE STRING "BDB library name")
-      set(BDB_LIBRARY_DIRS "" CACHE STRING "BDB Library dirs")
-      set(BERKELEY_DB 1)
-    else()
-      die("Found BerkeleyDB includes, but could not find BerkeleyDB library. Please make sure you have installed libdb and libdb-dev / libdb++-dev or the equivalent.")
-    endif()
-  endif()
-
-  message(STATUS "Using Berkeley DB as default DB type")
-  add_definitions("-DDEFAULT_DB_TYPE=\"berkeley\"")
-else()
-  die("Invalid database type: ${DATABASE}")
-endif()
-
-if(BERKELEY_DB)
-  add_definitions("-DBERKELEY_DB")
-endif()
-
+message(STATUS "Using LMDB as default DB type")
+set(BLOCKCHAIN_DB DB_LMDB)
+add_definitions("-DDEFAULT_DB_TYPE=\"lmdb\"")
 add_definitions("-DBLOCKCHAIN_DB=${BLOCKCHAIN_DB}")

 # Can't install hook in static build on OSX, because OSX linker does not support --wrap
@@ -449,8 +431,8 @@ if (CMAKE_SYSTEM_NAME MATCHES "(SunOS|Solaris)")
 endif ()

 if (APPLE AND NOT IOS)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=x86-64 -fvisibility=default")
-  if (NOT OpenSSL_DIR)
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=x86-64 -fvisibility=default -std=c++11")
+  if (NOT OPENSSL_ROOT_DIR)
      EXECUTE_PROCESS(COMMAND brew --prefix openssl
        OUTPUT_VARIABLE OPENSSL_ROOT_DIR
        OUTPUT_STRIP_TRAILING_WHITESPACE)
@@ -475,6 +457,9 @@ add_definition_if_function_found(strptime HAVE_STRPTIME)

 add_definitions(-DAUTO_INITIALIZE_EASYLOGGINGPP)

+set(MONERO_GENERATED_HEADERS_DIR "${CMAKE_CURRENT_BINARY_DIR}/generated_include")
+include_directories(${MONERO_GENERATED_HEADERS_DIR})
+
 # Generate header for embedded translations
 # Generate header for embedded translations, use target toolchain if depends, otherwise use the
 # lrelease and lupdate binaries from the host
@@ -499,11 +484,6 @@ link_directories(${EASYLOGGING_LIBRARY_DIRS})
 # Final setup for liblmdb
 include_directories(${LMDB_INCLUDE})

-# Final setup for Berkeley DB
-if (BERKELEY_DB)
-  include_directories(${BDB_INCLUDE})
-endif()
-
 # Final setup for libunwind
 include_directories(${LIBUNWIND_INCLUDE})
 link_directories(${LIBUNWIND_LIBRARY_DIRS})
@@ -645,7 +625,7 @@ else()
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-strict-aliasing")

  # if those don't work for your compiler, single it out where appropriate
-  if(CMAKE_BUILD_TYPE STREQUAL "Release")
+  if(CMAKE_BUILD_TYPE STREQUAL "Release" AND NOT OPENBSD)
    set(C_SECURITY_FLAGS "${C_SECURITY_FLAGS} -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1")
    set(CXX_SECURITY_FLAGS "${CXX_SECURITY_FLAGS} -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1")
  endif()
@@ -657,7 +637,7 @@ else()
  add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS)

  # -fstack-protector
-  if (NOT WIN32)
+  if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
    add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS)
    add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS)
    add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS)
@@ -665,19 +645,25 @@ else()
  endif()

  # New in GCC 8.2
-  if (NOT WIN32)
+  if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
    add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS)
    add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS)
+  endif()
+  if (NOT WIN32 AND NOT OPENBSD)
    add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS)
    add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS)
  endif()

-  add_c_flag_if_supported(-mmitigate-rop C_SECURITY_FLAGS)
-  add_cxx_flag_if_supported(-mmitigate-rop CXX_SECURITY_FLAGS)
+  # Removed in GCC 9.1 (or before ?), but still accepted, so spams the output
+  if (NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))
+    add_c_flag_if_supported(-mmitigate-rop C_SECURITY_FLAGS)
+    add_cxx_flag_if_supported(-mmitigate-rop CXX_SECURITY_FLAGS)
+  endif()

  # linker
-  if (NOT WIN32)
-    # Windows binaries die on startup with PIE
+  if (NOT SANITIZE AND NOT OSSFUZZ AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
+    # PIE executables randomly crash at startup with ASAN
+    # Windows binaries die on startup with PIE when compiled with GCC <9.x
    add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS)
  endif()
  add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS)
@@ -701,6 +687,7 @@ else()
  if (WIN32)
    add_linker_flag_if_supported(-Wl,--dynamicbase LD_SECURITY_FLAGS)
    add_linker_flag_if_supported(-Wl,--nxcompat LD_SECURITY_FLAGS)
+    add_linker_flag_if_supported(-Wl,--high-entropy-va LD_SECURITY_FLAGS)
  endif()

  message(STATUS "Using C security hardening flags: ${C_SECURITY_FLAGS}")
@@ -797,7 +784,8 @@ else()

  endif(ARM)

-  if(ANDROID AND NOT BUILD_GUI_DEPS STREQUAL "ON" OR IOS)
+  # random crash on startup when asan is on if pie is enabled
+  if(NOT SANITIZE AND ANDROID AND NOT BUILD_GUI_DEPS STREQUAL "ON" OR IOS)
    #From Android 5: "only position independent executables (PIE) are supported" 
    message(STATUS "Enabling PIE executable")
    set(PIC_FLAG "")
@@ -875,10 +863,10 @@ if (${BOOST_IGNORE_SYSTEM_PATHS} STREQUAL "ON")
 endif()

 set(OLD_LIB_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES})
+set(Boost_NO_BOOST_CMAKE ON)
 if(STATIC)
  if(MINGW)
    set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
-    set(Boost_NO_BOOST_CMAKE ON)
  endif()

  set(Boost_USE_STATIC_LIBS ON)
@@ -946,7 +934,7 @@ if (HIDAPI_FOUND OR LibUSB_COMPILE_TEST_PASSED)
 endif()

 option(USE_READLINE "Build with GNU readline support." ON)
-if(USE_READLINE)
+if(USE_READLINE AND NOT DEPENDS)
  find_package(Readline)
  if(READLINE_FOUND AND GNU_READLINE_FOUND)
    add_definitions(-DHAVE_READLINE)
@@ -956,6 +944,14 @@ if(USE_READLINE)
  else()
    message(STATUS "Could not find GNU readline library so building without readline support")
  endif()
+elseif(USE_READLINE AND DEPENDS AND NOT MINGW)
+  find_path(Readline_INCLUDE_PATH readline/readline.h)
+  find_library(Readline_LIBRARY readline)
+  find_library(Terminfo_LIBRARY tinfo)
+  set(Readline_LIBRARY "${Readline_LIBRARY};${Terminfo_LIBRARY}")
+  set(GNU_READLINE_LIBRARY ${Readline_LIBRARY})
+  add_definitions(-DHAVE_READLINE)
+  set(EPEE_READLINE epee_readline)
 endif()

 if(ANDROID)
@@ -969,14 +965,16 @@ if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND ARCH_WIDTH EQUAL "32" AND NOT IOS AN
  endif()
 endif()

-find_path(ZMQ_INCLUDE_PATH zmq.hpp)
+find_path(ZMQ_INCLUDE_PATH zmq.h)
 find_library(ZMQ_LIB zmq)
 find_library(PGM_LIBRARY pgm)
 find_library(NORM_LIBRARY norm)
+find_library(GSSAPI_LIBRARY gssapi_krb5)
+find_library(PROTOLIB_LIBRARY protolib)
 find_library(SODIUM_LIBRARY sodium)

 if(NOT ZMQ_INCLUDE_PATH)
-  message(FATAL_ERROR "Could not find required header zmq.hpp")
+  message(FATAL_ERROR "Could not find required header zmq.h")
 endif()
 if(NOT ZMQ_LIB)
  message(FATAL_ERROR "Could not find required libzmq")
@@ -987,15 +985,32 @@ endif()
 if(NORM_LIBRARY)
  set(ZMQ_LIB "${ZMQ_LIB};${NORM_LIBRARY}")
 endif()
+if(GSSAPI_LIBRARY)
+  set(ZMQ_LIB "${ZMQ_LIB};${GSSAPI_LIBRARY}")
+endif()
+if(PROTOLIB_LIBRARY)
+  set(ZMQ_LIB "${ZMQ_LIB};${PROTOLIB_LIBRARY}")
+endif()
 if(SODIUM_LIBRARY)
  set(ZMQ_LIB "${ZMQ_LIB};${SODIUM_LIBRARY}")
 endif()

+include(external/supercop/functions.cmake) # place after setting flags and before src directory inclusion
 add_subdirectory(contrib)
 add_subdirectory(src)

+find_package(PythonInterp)
 if(BUILD_TESTS)
+  message(STATUS "Building tests")
  add_subdirectory(tests)
+else()
+  message(STATUS "Not building tests")
+endif()
+
+if(BUILD_DEBUG_UTILITIES)
+  message(STATUS "Building debug utilities")
+else()
+  message(STATUS "Not building debug utilities")
 endif()

 if(BUILD_DOCUMENTATION)
@@ -1031,3 +1046,11 @@ option(INSTALL_VENDORED_LIBUNBOUND "Install libunbound binary built from source
 CHECK_C_COMPILER_FLAG(-std=c11 HAVE_C11)

 find_package(PythonInterp)
+find_program(iwyu_tool_path NAMES iwyu_tool.py iwyu_tool)
+if (iwyu_tool_path AND PYTHONINTERP_FOUND)
+  add_custom_target(iwyu
+    COMMAND "${PYTHON_EXECUTABLE}" "${iwyu_tool_path}" -p "${CMAKE_BINARY_DIR}" -- --no_fwd_decls
+    COMMENT "Running include-what-you-use tool"
+    VERBATIM
+  )
+endif()
--- a/CMakeLists_IOS.txt
+++ b/CMakeLists_IOS.txt
@@ -1,4 +1,4 @@
-# Portions Copyright (c) 2017-2019, The Monero Project
+# Portions Copyright (c) 2017-2020, The Monero Project
 # This file is based off of the https://code.google.com/archive/p/ios-cmake/
 # It has been altered for Monero iOS development
 #
--- a/34
+++ b/34
@@ -29,9 +29,9 @@ ENV CFLAGS='-fPIC'
 ENV CXXFLAGS='-fPIC'

 #Cmake
-ARG CMAKE_VERSION=3.14.0
+ARG CMAKE_VERSION=3.14.6
 ARG CMAKE_VERSION_DOT=v3.14
-ARG CMAKE_HASH=aa76ba67b3c2af1946701f847073f4652af5cbd9f141f221c97af99127e75502
+ARG CMAKE_HASH=4e8ea11cabe459308671b476469eace1622e770317a15951d7b55a82ccaaccb9
 RUN set -ex \
    && curl -s -O https://cmake.org/files/${CMAKE_VERSION_DOT}/cmake-${CMAKE_VERSION}.tar.gz \
    && echo "${CMAKE_HASH}  cmake-${CMAKE_VERSION}.tar.gz" | sha256sum -c \
@@ -42,9 +42,9 @@ RUN set -ex \
    && make install

 ## Boost
-ARG BOOST_VERSION=1_69_0
-ARG BOOST_VERSION_DOT=1.69.0
-ARG BOOST_HASH=8f32d4617390d1c2d16f26a27ab60d97807b35440d45891fa340fc2648b04406
+ARG BOOST_VERSION=1_70_0
+ARG BOOST_VERSION_DOT=1.70.0
+ARG BOOST_HASH=430ae8354789de4fd19ee52f3b1f739e1fba576f0aded0897c3c2bc00fb38778
 RUN set -ex \
    && curl -s -L -o  boost_${BOOST_VERSION}.tar.bz2 https://dl.bintray.com/boostorg/release/${BOOST_VERSION_DOT}/source/boost_${BOOST_VERSION}.tar.bz2 \
    && echo "${BOOST_HASH}  boost_${BOOST_VERSION}.tar.bz2" | sha256sum -c \
@@ -55,8 +55,8 @@ RUN set -ex \
 ENV BOOST_ROOT /usr/local/boost_${BOOST_VERSION}

 # OpenSSL
-ARG OPENSSL_VERSION=1.1.1b
-ARG OPENSSL_HASH=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+ARG OPENSSL_VERSION=1.1.1g
+ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
 RUN set -ex \
    && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
    && echo "${OPENSSL_HASH}  openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
@@ -69,8 +69,8 @@ RUN set -ex \
 ENV OPENSSL_ROOT_DIR=/usr/local/openssl-${OPENSSL_VERSION}

 # ZMQ
-ARG ZMQ_VERSION=v4.3.1
-ARG ZMQ_HASH=2cb1240db64ce1ea299e00474c646a2453a8435b
+ARG ZMQ_VERSION=v4.3.2
+ARG ZMQ_HASH=a84ffa12b2eb3569ced199660bac5ad128bff1f0
 RUN set -ex \
    && git clone https://github.com/zeromq/libzmq.git -b ${ZMQ_VERSION} \
    && cd libzmq \
@@ -82,8 +82,8 @@ RUN set -ex \
    && ldconfig

 # zmq.hpp
-ARG CPPZMQ_VERSION=v4.3.0
-ARG CPPZMQ_HASH=213da0b04ae3b4d846c9abc46bab87f86bfb9cf4
+ARG CPPZMQ_VERSION=v4.4.1
+ARG CPPZMQ_HASH=f5b36e563598d48fcc0d82e589d3596afef945ae
 RUN set -ex \
    && git clone https://github.com/zeromq/cppzmq.git -b ${CPPZMQ_VERSION} \
    && cd cppzmq \
@@ -103,8 +103,8 @@ RUN set -ex \
    && make install

 # Sodium
-ARG SODIUM_VERSION=1.0.17
-ARG SODIUM_HASH=b732443c442239c2e0184820e9b23cca0de0828c
+ARG SODIUM_VERSION=1.0.18
+ARG SODIUM_HASH=4f5e89fa84ce1d178a6765b8b46f2b6f91216677
 RUN set -ex \
    && git clone https://github.com/jedisct1/libsodium.git -b ${SODIUM_VERSION} \
    && cd libsodium \
@@ -116,8 +116,8 @@ RUN set -ex \
    && make install

 # Udev
-ARG UDEV_VERSION=v3.2.7
-ARG UDEV_HASH=4758e346a14126fc3a964de5831e411c27ebe487
+ARG UDEV_VERSION=v3.2.8
+ARG UDEV_HASH=d69f3f28348123ab7fa0ebac63ec2fd16800c5e0
 RUN set -ex \
    && git clone https://github.com/gentoo/eudev -b ${UDEV_VERSION} \
    && cd eudev \
@@ -152,8 +152,8 @@ RUN set -ex \
    && make install

 # Protobuf
-ARG PROTOBUF_VERSION=v3.7.0
-ARG PROTOBUF_HASH=582743bf40c5d3639a70f98f183914a2c0cd0680
+ARG PROTOBUF_VERSION=v3.7.1
+ARG PROTOBUF_HASH=6973c3a5041636c1d8dc5f7f6c8c1f3c15bc63d6
 RUN set -ex \
    && git clone https://github.com/protocolbuffers/protobuf -b ${PROTOBUF_VERSION} \
    && cd protobuf \
--- a/LEVIN_PROTOCOL.md
+++ b/LEVIN_PROTOCOL.md
@@ -0,0 +1,165 @@
+# Levin Protocol
+This is a document explaining the current design of the levin protocol, as
+used by Monero. The protocol is largely inherited from cryptonote, but has
+undergone some changes.
+
+This document also may differ from the `struct bucket_head2` in Monero's
+code slightly - the spec here is slightly more strict to allow for
+extensibility.
+
+One of the goals of this document is to clearly indicate what is being sent
+"on the wire" to identify metadata that could de-anonymize users over I2P/Tor.
+These issues will be addressed as they are found. See `ANONMITY_NETWORKS.md` in
+the top-level folder for any outstanding issues.
+
+> This document does not currently list all data being sent by the monero
+> protocol, that portion is a work-in-progress. Please take the time to do it
+> if interested in learning about Monero p2p traffic!
+
+
+## Header
+This header is sent for every Monero p2p message.
+
+```
+ 0               1               2               3
+ 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|      0x01     |      0x21     |      0x01     |      0x01     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|      0x01     |      0x01     |      0x01     |      0x01     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                             Length                            |
+|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|  E. Response  |                   Command
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+                |                 Return Code
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+                |Q|S|B|E|               Reserved
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+                |      0x01     |      0x00     |      0x00     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|     0x00      |
+-+-+-+-+-+-+-+-+
+```
+
+### Signature
+The first 8 bytes are the "signature" which helps identify the protocol (in
+case someone connected to the wrong port, etc). The comments indicate that byte
+sequence is from "benders nightmare".
+
+This also can be used by deep packet inspection (DPI) engines to identify
+Monero when the link is not encrypted. SSL has been proposed as a means to
+mitigate this issue, but BIP-151 or the Noise protocol should also be considered.
+
+### Length
+The length is an unsigned 64-bit little endian integer. The length does _not_
+include the header.
+
+The implementation currently rejects received messages that exceed 100 MB
+(base 10) by default.
+
+### Expect Response
+A zero-byte if no response is expected from the peer, and a non-zero byte if a
+response is expected from the peer. Peers must respond to requests with this
+flag in the same order that they were received, however, other messages can be
+sent between responses.
+
+There are some commands in the
+[cryptonote protocol](#cryptonote-protocol-commands) where a response is
+expected from the peer, but this flag is not set. Those responses are returned
+as notify messages and can be sent in any order by the peer.
+
+### Command
+An unsigned 32-bit little endian integer representing the Monero specific
+command being invoked.
+
+### Return Code
+A signed 32-bit little integer integer representing the response from the peer
+from the last command that was invoked. This is `0` for request messages.
+
+### Flags
+ * `Q` - Bit is set if the message is a request.
+ * `S` - Bit is set if the message is a response.
+ * `B` - Bit is set if this is a the beginning of a [fragmented message](#fragmented-messages).
+ * `E` - Bit is set if this is the end of a [fragmented message](#fragmented-messages).
+
+### Version
+A fixed value of `1` as an unsigned 32-bit little endian integer.
+
+
+## Message Flow
+The protocol can be subdivided into: (1) notifications, (2) requests,
+(3) responses, (4) fragmented messages, and (5) dummy messages. Response
+messages must be sent in the same order that a peer issued a request message.
+A peer does not have to send a response immediately following a request - any
+other message type can be sent instead.
+
+### Notifications
+Notifications are one-way messages that can be sent at any time without
+an expectation of a response from the peer. The `Q` bit must be set, the `S`,
+`B` and `E` bits must be unset, and the `Expect Response` field must be zeroed.
+
+Some notifications must be in response to other notifications. This is not
+part of the levin messaging layer, and is described in the
+[commands](#commands) section.
+
+### Requests
+Requests are the basis of the admin protocol for Monero. The `Q` bit must be
+set, the `S`, `B` and `E` bits must be unset, and the `Expect Response` field
+must be non-zero. The peer is expected to send a response message with the same
+`command` number.
+
+### Responses
+Response message can only be sent after a peer first issues a request message.
+Responses must have the `S` bit set, the `Q`, `B` and `E` bits unset, and have
+a zeroed `Expect Response` field. The `Command` field must be the same value
+that was sent in the request message. The `Return Code` is specific to the
+`Command` being issued (see [commands])(#commands)).
+
+### Fragmented
+Fragmented messages were introduced for the "white noise" feature for i2p/tor.
+A transaction can be sent in fragments to conceal when "real" data is being
+sent instead of dummy messages. Only one fragmented message can be sent at a
+time, and bits `B` and `E` are never set at the same time
+(see [dummy messages](#dummy)). The re-constructed message must contain a
+levin header for a different (non-fragment) message type.
+
+The `Q` and `S` bits are never set and the `Expect Response` field must always
+be zero. The first fragment has the `B` bit set, neither `B` nor `E` is set for
+"middle" fragments, and `E` is set for the last fragment.
+
+### Dummy
+Dummy messages have the `B` and `E` bits set, the `Q` and `S` bits unset, and
+the `Expect Reponse` field zeroed. When a message of this type is received, the
+contents can be safely ignored.
+
+
+## Commands
+### P2P (Admin) Commands
+
+#### (`1001` Request) Handshake
+#### (`1001` Response) Handshake
+#### (`1002` Request) Timed Sync
+#### (`1002` Response) Timed Sync
+#### (`1003` Request) Ping
+#### (`1003` Response) Ping
+#### (`1004` Request) Stat Info
+#### (`1004` Response) Stat Info
+#### (`1005` Request) Network State
+#### (`1005` Response) Network State
+#### (`1006` Request) Peer ID
+#### (`1006` Reponse) Peer ID
+#### (`1007` Request) Support Flags
+#### (`1007` Response) Support Flags
+
+### Cryptonote Protocol Commands
+
+#### (`2001` Notification) New Block
+#### (`2002` Notification) New Transactions
+#### (`2003` Notification) Request Get Objects
+#### (`2004` Notification) Response Get Objects
+#### (`2006` Notification) Request Chain
+#### (`2007` Notification) Response Chain Entry
+#### (`2008` Notification) New Fluffy Block
+#### (`2009` Notification) Request Fluffy Missing TX
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-Copyright (c) 2014-2019, The Monero Project
+Copyright (c) 2014-2020, The Monero Project

 All rights reserved.

--- a/14
+++ b/14
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 #
 # All rights reserved.
 #
@@ -63,6 +63,10 @@ debug-test:
 	mkdir -p $(builddir)/debug
 	cd $(builddir)/debug && cmake -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=Debug $(topdir) &&  $(MAKE) && $(MAKE) ARGS="-E libwallet_api_tests" test

+debug-test-asan:
+	mkdir -p $(builddir)/debug
+	cd $(builddir)/debug && cmake -D BUILD_TESTS=ON -D SANITIZE=ON -D CMAKE_BUILD_TYPE=Debug $(topdir) &&  $(MAKE) && $(MAKE) ARGS="-E libwallet_api_tests" test
+
 debug-test-trezor:
 	mkdir -p $(builddir)/debug
 	cd $(builddir)/debug && cmake -D BUILD_TESTS=ON -D TREZOR_DEBUG=ON -D CMAKE_BUILD_TYPE=Debug $(topdir) &&  $(MAKE) && $(MAKE) ARGS="-E libwallet_api_tests" test
@@ -77,11 +81,11 @@ debug-static-all:

 debug-static-win64:
 	mkdir -p $(builddir)/debug
-	cd $(builddir)/debug && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="x86-64" -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Debug -D BUILD_TAG="win-x64" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/64-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys64 $(topdir) && $(MAKE)
+	cd $(builddir)/debug && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="x86-64" -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Debug -D BUILD_TAG="win-x64" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/64-bit-toolchain.cmake -D MSYS2_FOLDER=$(shell cd ${MINGW_PREFIX}/.. && pwd -W) $(topdir) && $(MAKE)
 
 debug-static-win32:
 	mkdir -p $(builddir)/debug
-	cd $(builddir)/debug && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Debug -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys32 $(topdir) && $(MAKE)
+	cd $(builddir)/debug && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Debug -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=$(shell cd ${MINGW_PREFIX}/.. && pwd -W) $(topdir) && $(MAKE)
 
 cmake-release:
 	mkdir -p $(builddir)/release
@@ -148,11 +152,11 @@ release-static-linux-i686:

 release-static-win64:
 	mkdir -p $(builddir)/release
-	cd $(builddir)/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="x86-64" -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x64" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/64-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys64 $(topdir) && $(MAKE)
+	cd $(builddir)/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="x86-64" -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x64" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/64-bit-toolchain.cmake -D MSYS2_FOLDER=$(shell cd ${MINGW_PREFIX}/.. && pwd -W) $(topdir) && $(MAKE)

 release-static-win32:
 	mkdir -p $(builddir)/release
-	cd $(builddir)/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys32 $(topdir) && $(MAKE)
+	cd $(builddir)/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=$(topdir)/cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=$(shell cd ${MINGW_PREFIX}/.. && pwd -W) $(topdir) && $(MAKE)

 fuzz:
 	mkdir -p $(builddir)/fuzz
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Monero

-Copyright (c) 2014-2019 The Monero Project.   
+Copyright (c) 2014-2020 The Monero Project.   
 Portions Copyright (c) 2012-2013 The Cryptonote developers.

 ## Table of Contents
@@ -10,8 +10,6 @@ Portions Copyright (c) 2012-2013 The Cryptonote developers.
  - [Research](#research)
  - [Announcements](#announcements)
  - [Translations](#translations)
-  - [Build](#build)
-    - [IMPORTANT](#important)
  - [Coverage](#coverage)
  - [Introduction](#introduction)
  - [About this project](#about-this-project)
@@ -22,6 +20,11 @@ Portions Copyright (c) 2012-2013 The Cryptonote developers.
  - [Release staging schedule and protocol](#release-staging-schedule-and-protocol)
  - [Compiling Monero from source](#compiling-monero-from-source)
    - [Dependencies](#dependencies)
+  - [Internationalization](#Internationalization)
+  - [Using Tor](#using-tor)
+  - [Pruning](#Pruning)
+  - [Debugging](#Debugging)
+  - [Known issues](#known-issues)

 ## Development resources

@@ -30,6 +33,7 @@ Portions Copyright (c) 2012-2013 The Cryptonote developers.
 - Mail: [dev@getmonero.org](mailto:dev@getmonero.org)
 - GitHub: [https://github.com/monero-project/monero](https://github.com/monero-project/monero)
 - IRC: [#monero-dev on Freenode](https://webchat.freenode.net/?randomnick=1&channels=%23monero-dev&prompt=1&uio=d4)
+- It is HIGHLY recommended that you join the #monero-dev IRC channel if you are developing software that uses Monero. Due to the nature of this open source software project, joining this channel and idling is the best way to stay updated on best practices and new developments in the Monero ecosystem. All you need to do is join the IRC channel and idle to stay updated with the latest in Monero development. If you do not, you risk wasting resources on developing integrations that are not compatible with the Monero network. The Monero core team and community continuously make efforts to communicate updates, developments, and documentation via other platforms – but for the best information, you need to talk to other Monero developers, and they are on IRC. #monero-dev is about Monero development, not getting help about using Monero, or help about development of other software, including yours, unless it also pertains to Monero code itself. For these cases, checkout #monero. 

 ## Vulnerability response

@@ -50,31 +54,11 @@ Our researchers are available on IRC in [#monero-research-lab on Freenode](https
 - You can subscribe to an [announcement listserv](https://lists.getmonero.org) to get critical announcements from the Monero core team. The announcement list can be very helpful for knowing when software updates are needed.

 ## Translations
-The CLI wallet is available in different languages. If you want to help translate it, see our self-hosted localization platform, Pootle, on [translate.getmonero.org](https://translate.getmonero.org/projects/CLI/). Every translation *must* be uploaded on the platform, pull requests directly editing the code in this repository will be closed. If you need help with Pootle, you can find a guide with screenshots [here](https://github.com/monero-ecosystem/monero-translations/blob/master/pootle.md).
+The CLI wallet is available in different languages. If you want to help translate it, see our self-hosted localization platform, Weblate, on [translate.getmonero.org]( https://translate.getmonero.org/projects/monero/cli-wallet/). Every translation *must* be uploaded on the platform, pull requests directly editing the code in this repository will be closed. If you need help with Weblate, you can find a guide with screenshots [here](https://github.com/monero-ecosystem/monero-translations/blob/master/weblate.md).
 &nbsp;

 If you need help/support/info about translations, contact the localization workgroup. You can find the complete list of contacts on the repository of the workgroup: [monero-translations](https://github.com/monero-ecosystem/monero-translations#contacts).

-## Build
-
-### IMPORTANT
-
-These builds are of the master branch, which is used for active development and can be either unstable or incompatible with release software. Please compile release branches.
-
-| Operating System      | Processor | Status |
-| --------------------- | -------- |--------|
-| Ubuntu 16.04          |  i686    | [![Ubuntu 16.04 i686](https://build.getmonero.org/png?builder=monero-static-ubuntu-i686)](https://build.getmonero.org/builders/monero-static-ubuntu-i686)
-| Ubuntu 16.04          |  amd64   | [![Ubuntu 16.04 amd64](https://build.getmonero.org/png?builder=monero-static-ubuntu-amd64)](https://build.getmonero.org/builders/monero-static-ubuntu-amd64)
-| Ubuntu 16.04          |  armv7   | [![Ubuntu 16.04 armv7](https://build.getmonero.org/png?builder=monero-static-ubuntu-arm7)](https://build.getmonero.org/builders/monero-static-ubuntu-arm7)
-| Debian Stable         |  armv8   | [![Debian armv8](https://build.getmonero.org/png?builder=monero-static-debian-armv8)](https://build.getmonero.org/builders/monero-static-debian-armv8)
-| macOS 10.11             |  amd64   | [![macOS 10.11 amd64](https://build.getmonero.org/png?builder=monero-static-osx-10.11)](https://build.getmonero.org/builders/monero-static-osx-10.11)
-| macOS 10.12             |  amd64   | [![macOS 10.12 amd64](https://build.getmonero.org/png?builder=monero-static-osx-10.12)](https://build.getmonero.org/builders/monero-static-osx-10.12)
-| macOS 10.13             |  amd64   | [![macOS 10.13 amd64](https://build.getmonero.org/png?builder=monero-static-osx-10.13)](https://build.getmonero.org/builders/monero-static-osx-10.13)
-| FreeBSD 11            |  amd64   | [![FreeBSD 11 amd64](https://build.getmonero.org/png?builder=monero-static-freebsd64)](https://build.getmonero.org/builders/monero-static-freebsd64)
-| DragonFly BSD 4.6     |  amd64   | [![DragonFly BSD amd64](https://build.getmonero.org/png?builder=monero-static-dragonflybsd-amd64)](https://build.getmonero.org/builders/monero-static-dragonflybsd-amd64)
-| Windows (MSYS2/MinGW) |  i686    | [![Windows (MSYS2/MinGW) i686](https://build.getmonero.org/png?builder=monero-static-win32)](https://build.getmonero.org/builders/monero-static-win32)
-| Windows (MSYS2/MinGW) |  amd64   | [![Windows (MSYS2/MinGW) amd64](https://build.getmonero.org/png?builder=monero-static-win64)](https://build.getmonero.org/builders/monero-static-win64)
-
 ## Coverage

 | Type      | Status |
@@ -89,11 +73,11 @@ Monero is a private, secure, untraceable, decentralised digital currency. You ar

 **Privacy:** Monero uses a cryptographically sound system to allow you to send and receive funds without your transactions being easily revealed on the blockchain (the ledger of transactions that everyone has). This ensures that your purchases, receipts, and all transfers remain absolutely private by default.

-**Security:** Using the power of a distributed peer-to-peer consensus network, every transaction on the network is cryptographically secured. Individual wallets have a 25 word mnemonic seed that is only displayed once, and can be written down to backup the wallet. Wallet files are encrypted with a passphrase to ensure they are useless if stolen.
+**Security:** Using the power of a distributed peer-to-peer consensus network, every transaction on the network is cryptographically secured. Individual wallets have a 25-word mnemonic seed that is only displayed once and can be written down to backup the wallet. Wallet files are encrypted with a passphrase to ensure they are useless if stolen.

-**Untraceability:** By taking advantage of ring signatures, a special property of a certain type of cryptography, Monero is able to ensure that transactions are not only untraceable, but have an optional measure of ambiguity that ensures that transactions cannot easily be tied back to an individual user or computer.
+**Untraceability:** By taking advantage of ring signatures, a special property of a certain type of cryptography, Monero is able to ensure that transactions are not only untraceable but have an optional measure of ambiguity that ensures that transactions cannot easily be tied back to an individual user or computer.

-**Decentralization:** The utility of monero depends on its decentralised peer-to-peer consensus network - anyone should be able to run the monero software, validate the integrity of the blockchain, and participate in all aspects of the monero network using consumer-grade commodity hardware. Decentralization of the monero network is maintained by software development that minimizes the costs of running the monero software and inhibits the proliferation of specialized, non-commodity hardware.  
+**Decentralization:** The utility of Monero depends on its decentralised peer-to-peer consensus network - anyone should be able to run the monero software, validate the integrity of the blockchain, and participate in all aspects of the monero network using consumer-grade commodity hardware. Decentralization of the monero network is maintained by software development that minimizes the costs of running the monero software and inhibits the proliferation of specialized, non-commodity hardware.  

 ## About this project

@@ -101,13 +85,13 @@ This is the core implementation of Monero. It is open source and completely free

 As with many development projects, the repository on Github is considered to be the "staging" area for the latest changes. Before changes are merged into that branch on the main repository, they are tested by individual developers in their own branches, submitted as a pull request, and then subsequently tested by contributors who focus on testing and code reviews. That having been said, the repository should be carefully considered before using it in a production environment, unless there is a patch in the repository for a particular show-stopping issue you are experiencing. It is generally a better idea to use a tagged release for stability.

-**Anyone is welcome to contribute to Monero's codebase!** If you have a fix or code change, feel free to submit it as a pull request directly to the "master" branch. In cases where the change is relatively small or does not affect other parts of the codebase it may be merged in immediately by any one of the collaborators. On the other hand, if the change is particularly large or complex, it is expected that it will be discussed at length either well in advance of the pull request being submitted, or even directly on the pull request.
+**Anyone is welcome to contribute to Monero's codebase!** If you have a fix or code change, feel free to submit it as a pull request directly to the "master" branch. In cases where the change is relatively small or does not affect other parts of the codebase, it may be merged in immediately by any one of the collaborators. On the other hand, if the change is particularly large or complex, it is expected that it will be discussed at length either well in advance of the pull request being submitted, or even directly on the pull request.

 ## Supporting the project

-Monero is a 100% community-sponsored endeavor. If you want to join our efforts, the easiest thing you can do is support the project financially. Both Monero and Bitcoin donations can be made to **donate.getmonero.org** if using a client that supports the [OpenAlias](https://openalias.org) standard. Alternatively you can send XMR to the Monero donation address via the `donate` command (type `help` in the command-line wallet for details).
+Monero is a 100% community-sponsored endeavor. If you want to join our efforts, the easiest thing you can do is support the project financially. Both Monero and Bitcoin donations can be made to **donate.getmonero.org** if using a client that supports the [OpenAlias](https://openalias.org) standard. Alternatively, you can send XMR to the Monero donation address via the `donate` command (type `help` in the command-line wallet for details).

-The Monero donation address is: `44AFFq5kSiGBoZ4NMDwYtN18obc8AemS33DBLWs3H7otXft3XjrpDtQGv7SqSsaBYBb98uNbr2VBBEt7f2wfn3RVGQBEP3A` (viewkey: `f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501`)
+The Monero donation address is: `888tNkZrPN6JsEgekjMnABU4TBzc2Dt29EPAvkRxbANsAnjyPbb3iQ1YBRk1UXcdRsiKc9dhwMVgN5S9cQUiyoogDavup3H` (viewkey: `f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501`)

 The Bitcoin donation address is: `1KTexdemPdxSBcG55heUuTjDRYqbC5ZL8H`

@@ -137,7 +121,7 @@ Monero uses a fixed-schedule software upgrade (hard fork) mechanism to implement
 Dates are provided in the format YYYY-MM-DD.


-| Software upgrade block height | Date       | Fork version | Minimum Monero version | Recommended Monero version | Details                                                                            |  
+| Software upgrade block height  | Date       | Fork version      | Minimum Monero version | Recommended Monero version | Details                                                                            |  
 | ------------------------------ | -----------| ----------------- | ---------------------- | -------------------------- | ---------------------------------------------------------------------------------- |
 | 1009827                        | 2016-03-22 | v2                | v0.9.4                 | v0.9.4                     | Allow only >= ringsize 3, blocktime = 120 seconds, fee-free blocksize 60 kb       |
 | 1141317                        | 2016-09-21 | v3                | v0.9.4                 | v0.10.0                    | Splits coinbase into denominations  |
@@ -147,15 +131,20 @@ Dates are provided in the format YYYY-MM-DD.
 | 1546000                        | 2018-04-06 | v7                | v0.12.0.0              | v0.12.3.0                  | Cryptonight variant 1, ringsize >= 7, sorted inputs
 | 1685555                        | 2018-10-18 | v8                | v0.13.0.0              | v0.13.0.4                  | max transaction size at half the penalty free block size, bulletproofs enabled, cryptonight variant 2, fixed ringsize [11](https://youtu.be/KOO5S4vxi0o)
 | 1686275                        | 2018-10-19 | v9                | v0.13.0.0              | v0.13.0.4                  | bulletproofs required
-| 1788000                        | 2019-03-09 | v10               | v0.14.0.0              | v0.14.0.2                  | New PoW based on Cryptonight-R, new block weight algorithm, slightly more efficient RingCT format
-| 1788720                        | 2019-03-10 | v11               | v0.14.0.0              | v0.14.0.2                  | forbid old RingCT transaction format
-| XXXXXXX                        | 2019-10-XX | XX                | XXXXXXXXX              | XXXXXXXXX                  | X
+| 1788000                        | 2019-03-09 | v10               | v0.14.0.0              | v0.14.1.2                  | New PoW based on Cryptonight-R, new block weight algorithm, slightly more efficient RingCT format
+| 1788720                        | 2019-03-10 | v11               | v0.14.0.0              | v0.14.1.2                  | forbid old RingCT transaction format
+| 1978433                        | 2019-11-30* | v12                | v0.15.0.0              | v0.16.0.0                  | New PoW based on RandomX, only allow >= 2 outputs, change to the block median used to calculate penalty, v1 coinbases are forbidden, rct sigs in coinbase forbidden, 10 block lock time for incoming outputs
+| 2210000                        | 2020-10-17 | v13                | v0.17.0.0              | v0.17.1.7                  | New CLSAG transaction format
+| 2210720                        | 2020-10-18 | v14               | v0.17.1.1              | v0.17.1.7                  | forbid old MLSAG transaction format
+| XXXXXXX                        | XXX-XX-XX | XXX                | vX.XX.X.X              | vX.XX.X.X                  | XXX |

 X's indicate that these details have not been determined as of commit date.

+\* indicates estimate as of commit date
+
 ## Release staging schedule and protocol

-Approximately three months prior to a scheduled software upgrade, a branch from Master will be created with the new release version tag. Pull requests that address bugs should then be made to both Master and the new release branch. Pull requests that require extensive review and testing (generally, optimizations and new features) should *not* be made to the release branch.
+Approximately three months prior to a scheduled software upgrade, a branch from master will be created with the new release version tag. Pull requests that address bugs should then be made to both master and the new release branch. Pull requests that require extensive review and testing (generally, optimizations and new features) should *not* be made to the release branch.

 ## Compiling Monero from source

@@ -163,34 +152,39 @@ Approximately three months prior to a scheduled software upgrade, a branch from

 The following table summarizes the tools and libraries required to build. A
 few of the libraries are also included in this repository (marked as
-"Vendored"). By default, the build uses the library installed on the system,
+"Vendored"). By default, the build uses the library installed on the system
 and ignores the vendored sources. However, if no library is found installed on
 the system, then the vendored source will be built and used. The vendored
 sources are also used for statically-linked builds because distribution
 packages often include only shared library binaries (`.so`) but not static
 library archives (`.a`).

-| Dep          | Min. version  | Vendored | Debian/Ubuntu pkg  | Arch pkg     | Fedora            | Optional | Purpose        |
-| ------------ | ------------- | -------- | ------------------ | ------------ | ----------------- | -------- | -------------- |
-| GCC          | 4.7.3         | NO       | `build-essential`  | `base-devel` | `gcc`             | NO       |                |
-| CMake        | 3.5           | NO       | `cmake`            | `cmake`      | `cmake`           | NO       |                |
-| pkg-config   | any           | NO       | `pkg-config`       | `base-devel` | `pkgconf`         | NO       |                |
-| Boost        | 1.58          | NO       | `libboost-all-dev` | `boost`      | `boost-devel`     | NO       | C++ libraries  |
-| OpenSSL      | basically any | NO       | `libssl-dev`       | `openssl`    | `openssl-devel`   | NO       | sha256 sum     |
-| libzmq       | 3.0.0         | NO       | `libzmq3-dev`      | `zeromq`     | `cppzmq-devel`    | NO       | ZeroMQ library |
-| OpenPGM      | ?             | NO       | `libpgm-dev`       | `libpgm`     | `openpgm-devel`   | NO       | For ZeroMQ     |
-| libnorm[2]   | ?             | NO       | `libnorm-dev`      |              |               `   | YES      | For ZeroMQ     |
-| libunbound   | 1.4.16        | YES      | `libunbound-dev`   | `unbound`    | `unbound-devel`   | NO       | DNS resolver   |
-| libsodium    | ?             | NO       | `libsodium-dev`    | `libsodium`  | `libsodium-devel` | NO       | cryptography   |
-| libunwind    | any           | NO       | `libunwind8-dev`   | `libunwind`  | `libunwind-devel` | YES      | Stack traces   |
-| liblzma      | any           | NO       | `liblzma-dev`      | `xz`         | `xz-devel`        | YES      | For libunwind  |
-| libreadline  | 6.3.0         | NO       | `libreadline6-dev` | `readline`   | `readline-devel`  | YES      | Input editing  |
-| ldns         | 1.6.17        | NO       | `libldns-dev`      | `ldns`       | `ldns-devel`      | YES      | SSL toolkit    |
-| expat        | 1.1           | NO       | `libexpat1-dev`    | `expat`      | `expat-devel`     | YES      | XML parsing    |
-| GTest        | 1.5           | YES      | `libgtest-dev`[1]  | `gtest`      | `gtest-devel`     | YES      | Test suite     |
-| Doxygen      | any           | NO       | `doxygen`          | `doxygen`    | `doxygen`         | YES      | Documentation  |
-| Graphviz     | any           | NO       | `graphviz`         | `graphviz`   | `graphviz`        | YES      | Documentation  |
-
+| Dep          | Min. version  | Vendored | Debian/Ubuntu pkg    | Arch pkg     | Void pkg           | Fedora pkg          | Optional | Purpose         |
+| ------------ | ------------- | -------- | -------------------- | ------------ | ------------------ | ------------------- | -------- | --------------- |
+| GCC          | 4.7.3         | NO       | `build-essential`    | `base-devel` | `base-devel`       | `gcc`               | NO       |                 |
+| CMake        | 3.5           | NO       | `cmake`              | `cmake`      | `cmake`            | `cmake`             | NO       |                 |
+| pkg-config   | any           | NO       | `pkg-config`         | `base-devel` | `base-devel`       | `pkgconf`           | NO       |                 |
+| Boost        | 1.58          | NO       | `libboost-all-dev`   | `boost`      | `boost-devel`      | `boost-devel`       | NO       | C++ libraries   |
+| OpenSSL      | basically any | NO       | `libssl-dev`         | `openssl`    | `libressl-devel`   | `openssl-devel`     | NO       | sha256 sum      |
+| libzmq       | 3.0.0         | NO       | `libzmq3-dev`        | `zeromq`     | `zeromq-devel`     | `zeromq-devel`      | NO       | ZeroMQ library  |
+| OpenPGM      | ?             | NO       | `libpgm-dev`         | `libpgm`     |                    | `openpgm-devel`     | NO       | For ZeroMQ      |
+| libnorm[2]   | ?             | NO       | `libnorm-dev`        |              |                    |                     | YES      | For ZeroMQ      |
+| libunbound   | 1.4.16        | YES      | `libunbound-dev`     | `unbound`    | `unbound-devel`    | `unbound-devel`     | NO       | DNS resolver    |
+| libsodium    | ?             | NO       | `libsodium-dev`      | `libsodium`  | `libsodium-devel`  | `libsodium-devel`   | NO       | cryptography    |
+| libunwind    | any           | NO       | `libunwind8-dev`     | `libunwind`  | `libunwind-devel`  | `libunwind-devel`   | YES      | Stack traces    |
+| liblzma      | any           | NO       | `liblzma-dev`        | `xz`         | `liblzma-devel`    | `xz-devel`          | YES      | For libunwind   |
+| libreadline  | 6.3.0         | NO       | `libreadline6-dev`   | `readline`   | `readline-devel`   | `readline-devel`    | YES      | Input editing   |
+| ldns         | 1.6.17        | NO       | `libldns-dev`        | `ldns`       | `libldns-devel`    | `ldns-devel`        | YES      | SSL toolkit     |
+| expat        | 1.1           | NO       | `libexpat1-dev`      | `expat`      | `expat-devel`      | `expat-devel`       | YES      | XML parsing     |
+| GTest        | 1.5           | YES      | `libgtest-dev`[1]    | `gtest`      | `gtest-devel`      | `gtest-devel`       | YES      | Test suite      |
+| Doxygen      | any           | NO       | `doxygen`            | `doxygen`    | `doxygen`          | `doxygen`           | YES      | Documentation   |
+| Graphviz     | any           | NO       | `graphviz`           | `graphviz`   | `graphviz`         | `graphviz`          | YES      | Documentation   |
+| lrelease     | ?             | NO       | `qttools5-dev-tools` | `qt5-tools`  | `qt5-tools`        | `qt5-linguist`      | YES      | Translations    |
+| libhidapi    | ?             | NO       | `libhidapi-dev`      | `hidapi`     | `hidapi-devel`     | `hidapi-devel`      | YES      | Hardware wallet |
+| libusb       | ?             | NO       | `libusb-1.0-0-dev`   | `libusb`     | `libusb-devel`     | `libusbx-devel`     | YES      | Hardware wallet |
+| libprotobuf  | ?             | NO       | `libprotobuf-dev`    | `protobuf`   | `protobuf-devel`   | `protobuf-devel`    | YES      | Hardware wallet |
+| protoc       | ?             | NO       | `protobuf-compiler`  | `protobuf`   | `protobuf`         | `protobuf-compiler` | YES      | Hardware wallet |
+| libudev      | ?             | No       | `libudev-dev`        | `systemd`    | `eudev-libudev-devel` | `systemd-devel`     | YES      | Hardware wallet |

 [1] On Debian/Ubuntu `libgtest-dev` only includes sources and headers. You must
 build the library binary manually. This can be done with the following command ```sudo apt-get install libgtest-dev && cd /usr/src/gtest && sudo cmake . && sudo make && sudo mv libg* /usr/lib/ ```
@@ -198,13 +192,13 @@ build the library binary manually. This can be done with the following command `

 Install all dependencies at once on Debian/Ubuntu:

-``` sudo apt update && sudo apt install build-essential cmake pkg-config libboost-all-dev libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev libexpat1-dev doxygen graphviz libpgm-dev```
+``` sudo apt update && sudo apt install build-essential cmake pkg-config libboost-all-dev libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev libexpat1-dev doxygen graphviz libpgm-dev qttools5-dev-tools libhidapi-dev libusb-1.0-0-dev libprotobuf-dev protobuf-compiler libudev-dev```

 Install all dependencies at once on macOS with the provided Brewfile:
 ``` brew update && brew bundle --file=contrib/brew/Brewfile ```

-FreeBSD one liner for required to build dependencies
-```pkg install git gmake cmake pkgconf boost-libs cppzmq libsodium```
+FreeBSD 12.1 one-liner required to build dependencies:
+```pkg install git gmake cmake pkgconf boost-libs libzmq4 libsodium```

 ### Cloning the repository

@@ -228,7 +222,7 @@ invokes cmake commands as needed.

    ```bash
    cd monero
-    git checkout release-v0.14
+    git checkout release-v0.17
    make
    ```

@@ -237,9 +231,6 @@ invokes cmake commands as needed.
    this to be worthwhile, the machine should have one core and about 2GB of RAM
    available per thread.

-    *Note*: If cmake can not find zmq.hpp file on macOS, installing `zmq.hpp` from
-    https://github.com/zeromq/cppzmq to `/usr/local/include` should fix that error.
-
    *Note*: The instructions above will compile the most stable release of the
    Monero software. If you would like to use and test the most recent software,
    use ```git checkout master```. The master branch may contain updates that are
@@ -299,12 +290,12 @@ Tested on a Raspberry Pi Zero with a clean install of minimal Raspbian Stretch (

 * If using an external hard disk without an external power supply, ensure it gets enough power to avoid hardware issues when syncing, by adding the line "max_usb_current=1" to /boot/config.txt

-* Clone monero and checkout the most recent release version:
+* Clone Monero and checkout the most recent release version:

    ```bash
    git clone https://github.com/monero-project/monero.git
    cd monero
-    git checkout tags/v0.14.1.0
+    git checkout tags/v0.17.1.7
    ```

 * Build:
@@ -325,7 +316,7 @@ Tested on a Raspberry Pi Zero with a clean install of minimal Raspbian Stretch (

 #### *Note for Raspbian Jessie users:*

-If you are using the older Raspbian Jessie image, compiling Monero is a bit more complicated. The version of Boost available in the Debian Jessie repositories is too old to use with Monero, and thus you must compile a newer version yourself. The following explains the extra steps, and has been tested on a Raspberry Pi 2 with a clean install of minimal Raspbian Jessie.
+If you are using the older Raspbian Jessie image, compiling Monero is a bit more complicated. The version of Boost available in the Debian Jessie repositories is too old to use with Monero, and thus you must compile a newer version yourself. The following explains the extra steps and has been tested on a Raspberry Pi 2 with a clean install of minimal Raspbian Jessie.

 * As before, `apt-get update && apt-get upgrade` to install all of the latest software, and increase the system swap size

@@ -337,15 +328,15 @@ If you are using the older Raspbian Jessie image, compiling Monero is a bit more
    ```


-* Then, install the dependencies for Monero except `libunwind` and `libboost-all-dev`
+* Then, install the dependencies for Monero except for `libunwind` and `libboost-all-dev`

-* Install the latest version of boost (this may first require invoking `apt-get remove --purge libboost*` to remove a previous version if you're not using a clean install):
+* Install the latest version of boost (this may first require invoking `apt-get remove --purge libboost*-dev` to remove a previous version if you're not using a clean install):

    ```bash
    cd
-    wget https://sourceforge.net/projects/boost/files/boost/1.64.0/boost_1_64_0.tar.bz2
-    tar xvfo boost_1_64_0.tar.bz2
-    cd boost_1_64_0
+    wget https://sourceforge.net/projects/boost/files/boost/1.72.0/boost_1_72_0.tar.bz2
+    tar xvfo boost_1_72_0.tar.bz2
+    cd boost_1_72_0
    ./bootstrap.sh
    sudo ./b2
    ```
@@ -358,7 +349,7 @@ If you are using the older Raspbian Jessie image, compiling Monero is a bit more

 * Wait ~4 hours

-* From here, follow the [general Raspberry Pi instructions](#on-the-raspberry-pi) from the "Clone monero and checkout most recent release version" step.
+* From here, follow the [general Raspberry Pi instructions](#on-the-raspberry-pi) from the "Clone Monero and checkout most recent release version" step.

 #### On Windows:

@@ -421,10 +412,10 @@ application.
    cd monero
    ```

-* If you would like a specific [version/tag](https://github.com/monero-project/monero/tags), do a git checkout for that version. eg. 'v0.14.1.0'. If you don't care about the version and just want binaries from master, skip this step:
-	
+* If you would like a specific [version/tag](https://github.com/monero-project/monero/tags), do a git checkout for that version. eg. 'v0.17.1.7'. If you don't care about the version and just want binaries from master, skip this step:
+
    ```bash
-    git checkout v0.14.1.0
+    git checkout v0.17.1.7
    ```

 * If you are on a 64-bit system, run:
@@ -457,110 +448,21 @@ application.

 ### On FreeBSD:

-The project can be built from scratch by following instructions for Linux above(but use `gmake` instead of `make`). If you are running monero in a jail you need to add the flag: `allow.sysvipc=1` to your jail configuration, otherwise lmdb will throw the error message: `Failed to open lmdb environment: Function not implemented`.
+The project can be built from scratch by following instructions for Linux above(but use `gmake` instead of `make`). 
+If you are running Monero in a jail, you need to add `sysvsem="new"` to your jail configuration, otherwise lmdb will throw the error message: `Failed to open lmdb environment: Function not implemented`.

-We expect to add Monero into the ports tree in the near future, which will aid in managing installations using ports or packages.
+Monero is also available as a port or package as 'monero-cli`.

 ### On OpenBSD:

-#### OpenBSD < 6.2
+You will need to add a few packages to your system. `pkg_add cmake gmake zeromq libiconv boost`.

-This has been tested on OpenBSD 5.8.
-
-You will need to add a few packages to your system. `pkg_add db cmake gcc gcc-libs g++ gtest`.
-
-The doxygen and graphviz packages are optional and require the xbase set.
-
-The Boost package has a bug that will prevent librpc.a from building correctly. In order to fix this, you will have to Build boost yourself from scratch. Follow the directions here (under "Building Boost"):
-https://github.com/bitcoin/bitcoin/blob/master/doc/build-openbsd.md
-
-You will have to add the serialization, date_time, and regex modules to Boost when building as they are needed by Monero.
-
-To build: `env CC=egcc CXX=eg++ CPP=ecpp DEVELOPER_LOCAL_TOOLS=1 BOOST_ROOT=/path/to/the/boost/you/built make release-static-64`
-
-#### OpenBSD 6.2 and 6.3
-
-You will need to add a few packages to your system. `pkg_add cmake zeromq libiconv`.
-
-The doxygen and graphviz packages are optional and require the xbase set.
-
-
-Build the Boost library using clang. This guide is derived from: https://github.com/bitcoin/bitcoin/blob/master/doc/build-openbsd.md
-
-We assume you are compiling with a non-root user and you have `doas` enabled.
-
-Note: do not use the boost package provided by OpenBSD, as we are installing boost to `/usr/local`.
-
-```bash
-# Create boost building directory
-mkdir ~/boost
-cd ~/boost
-
-# Fetch boost source
-ftp -o boost_1_64_0.tar.bz2 https://netcologne.dl.sourceforge.net/project/boost/boost/1.64.0/boost_1_64_0.tar.bz2
-
-# MUST output: (SHA256) boost_1_64_0.tar.bz2: OK
-echo "7bcc5caace97baa948931d712ea5f37038dbb1c5d89b43ad4def4ed7cb683332 boost_1_64_0.tar.bz2" | sha256 -c
-tar xfj boost_1_64_0.tar.bz2
-
-# Fetch and apply boost patches, required for OpenBSD
-ftp -o boost_test_impl_execution_monitor_ipp.patch https://raw.githubusercontent.com/openbsd/ports/bee9e6df517077a7269ff0dfd57995f5c6a10379/devel/boost/patches/patch-boost_test_impl_execution_monitor_ipp
-ftp -o boost_config_platform_bsd_hpp.patch https://raw.githubusercontent.com/openbsd/ports/90658284fb786f5a60dd9d6e8d14500c167bdaa0/devel/boost/patches/patch-boost_config_platform_bsd_hpp
-
-# MUST output: (SHA256) boost_config_platform_bsd_hpp.patch: OK
-echo "1f5e59d1154f16ee1e0cc169395f30d5e7d22a5bd9f86358f738b0ccaea5e51d boost_config_platform_bsd_hpp.patch" | sha256 -c
-# MUST output: (SHA256) boost_test_impl_execution_monitor_ipp.patch: OK
-echo "30cec182a1437d40c3e0bd9a866ab5ddc1400a56185b7e671bb3782634ed0206 boost_test_impl_execution_monitor_ipp.patch" | sha256 -c
-
-cd boost_1_64_0
-patch -p0 < ../boost_test_impl_execution_monitor_ipp.patch
-patch -p0 < ../boost_config_platform_bsd_hpp.patch
-
-# Start building boost
-echo 'using clang : : c++ : <cxxflags>"-fvisibility=hidden -fPIC" <linkflags>"" <archiver>"ar" <striper>"strip"  <ranlib>"ranlib" <rc>"" : ;' > user-config.jam
-./bootstrap.sh --without-icu --with-libraries=chrono,filesystem,program_options,system,thread,test,date_time,regex,serialization,locale --with-toolset=clang
-./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" -sICONV_PATH=/usr/local
-doas ./b2 -d0 runtime-link=shared threadapi=pthread threading=multi link=static variant=release --layout=tagged --build-type=complete --user-config=user-config.jam -sNO_BZIP2=1 -sICONV_PATH=/usr/local --prefix=/usr/local install
-```
-
-Build the cppzmq bindings.
-
-We assume you are compiling with a non-root user and you have `doas` enabled.
-
-```bash
-# Create cppzmq building directory
-mkdir ~/cppzmq
-cd ~/cppzmq
-
-# Fetch cppzmq source
-ftp -o cppzmq-4.2.3.tar.gz https://github.com/zeromq/cppzmq/archive/v4.2.3.tar.gz
-
-# MUST output: (SHA256) cppzmq-4.2.3.tar.gz: OK
-echo "3e6b57bf49115f4ae893b1ff7848ead7267013087dc7be1ab27636a97144d373 cppzmq-4.2.3.tar.gz" | sha256 -c
-tar xfz cppzmq-4.2.3.tar.gz
-
-# Start building cppzmq
-cd cppzmq-4.2.3
-mkdir build
-cd build
-cmake ..
-doas make install
-```
-
-Build monero:
-```bash
-env DEVELOPER_LOCAL_TOOLS=1 BOOST_ROOT=/usr/local make release-static
-```
-
-#### OpenBSD >= 6.4
-
-You will need to add a few packages to your system. `pkg_add cmake gmake zeromq cppzmq libiconv boost`.
-
-The doxygen and graphviz packages are optional and require the xbase set.
+The `doxygen` and `graphviz` packages are optional and require the xbase set.
+Running the test suite also requires `py-requests` package.

 Build monero: `env DEVELOPER_LOCAL_TOOLS=1 BOOST_ROOT=/usr/local gmake release-static`

-Note: you may encounter the following error, when compiling the latest version of monero as a normal user:
+Note: you may encounter the following error when compiling the latest version of Monero as a normal user:

 ```
 LLVM ERROR: out of memory
@@ -569,6 +471,14 @@ c++: error: unable to execute command: Abort trap (core dumped)

 Then you need to increase the data ulimit size to 2GB and try again: `ulimit -d 2000000`

+### On NetBSD:
+
+Check that the dependencies are present: `pkg_info -c libexecinfo boost-headers boost-libs protobuf readline libusb1 zeromq git-base pkgconf gmake cmake | more`, and install any that are reported missing, using `pkg_add` or from your pkgsrc tree.  Readline is optional but worth having.
+
+Third-party dependencies are usually under `/usr/pkg/`, but if you have a custom setup, adjust the "/usr/pkg" (below) accordingly.
+
+Clone the monero repository recursively and checkout the most recent release as described above. Then build monero: `gmake BOOST_ROOT=/usr/pkg LDFLAGS="-Wl,-R/usr/pkg/lib" release`.  The resulting executables can be found in `build/NetBSD/[Release version]/Release/bin/`.
+
 ### On Solaris:

 The default Solaris linker can't be used, you have to install GNU ld, then run cmake manually with the path to your copy of GNU ld:
@@ -624,6 +534,13 @@ You can also cross-compile static binaries on Linux for Windows and macOS with t
  * Requires: `g++-arm-linux-gnueabihf`
 * ```make depends target=aarch64-linux-gnu``` for armv8 binaries.
  * Requires: `g++-aarch64-linux-gnu`
+* ```make depends target=riscv64-linux-gnu``` for RISC V 64 bit binaries.
+  * Requires: `g++-riscv64-linux-gnu`
+* ```make depends target=x86_64-unknown-freebsd``` for freebsd binaries.
+  * Requires: `clang-8`
+* ```make depends target=arm-linux-android``` for 32bit android binaries
+* ```make depends target=aarch64-linux-android``` for 64bit android binaries
+

 The required packages are the names for each toolchain on apt. Depending on your distro, they may have different names.

@@ -637,17 +554,19 @@ The produced binaries still link libc dynamically. If the binary is compiled on

 Packages are available for

-* Ubuntu and [snap supported](https://snapcraft.io/docs/core/install) systems, via a community contributed build.
+* Debian Buster
+
+    See the [instructions in the whonix/monero-gui repository](https://gitlab.com/whonix/monero-gui#how-to-install-monero-using-apt-get)
+
+* Debian Bullseye and Sid

    ```bash
-    snap install monero --beta
+    sudo apt install monero
    ```
+More info and versions in the [Debian package tracker](https://tracker.debian.org/pkg/monero).

-Installing a snap is very quick. Snaps are secure. They are isolated with all of their dependencies. Snaps also auto update when a new version is released.
-
-* Arch Linux (via [AUR](https://aur.archlinux.org/)):
-  - Stable release: [`monero`](https://aur.archlinux.org/packages/monero)
-  - Bleeding edge: [`monero-git`](https://aur.archlinux.org/packages/monero-git)
+* Arch Linux (via Community packages):
+    [`monero`](https://www.archlinux.org/packages/community/x86_64/monero/)

 * Void Linux:

@@ -661,18 +580,33 @@ Installing a snap is very quick. Snaps are secure. They are isolated with all of
    guix package -i monero
    ```

+* Gentoo [Monero overlay](https://github.com/gentoo-monero/gentoo-monero)
+
+    ```bash
+    emerge --noreplace eselect-repository
+    eselect repository enable monero
+    emaint sync -r monero
+    echo '*/*::monero ~amd64' >> /etc/portage/package.accept_keywords
+    emerge net-p2p/monero
+    ```
+
+* macOS (homebrew)
+    ```bash
+    brew install monero
+    ```
+
 * Docker

    ```bash
    # Build using all available cores
    docker build -t monero .
-    
+
    # or build using a specific number of cores (reduce RAM requirement)
    docker build --build-arg NPROC=1 -t monero .
-    
+
    # either run in foreground
    docker run -it -v /monero/chain:/root/.bitmonero -v /monero/wallet:/wallet -p 18080:18080 monero
-    
+
    # or in background
    docker run -it -d -v /monero/chain:/root/.bitmonero -v /monero/wallet:/wallet -p 18080:18080 monero
    ```
@@ -685,7 +619,7 @@ Packaging for your favorite distribution would be a welcome contribution!
 ## Running monerod

 The build places the binary in `bin/` sub-directory within the build directory
-from which cmake was invoked (repository root by default). To run in
+from which cmake was invoked (repository root by default). To run in the
 foreground:

 ```bash
@@ -696,7 +630,7 @@ To list all available options, run `./bin/monerod --help`.  Options can be
 specified either on the command line or in a configuration file passed by the
 `--config-file` argument.  To specify an option in the configuration file, add
 a line with the syntax `argumentname=value`, where `argumentname` is the name
-of the argument without the leading dashes, for example `log-level=1`.
+of the argument without the leading dashes, for example, `log-level=1`.

 To run in background:

@@ -721,7 +655,7 @@ See [README.i18n.md](README.i18n.md).
 ## Using Tor

 > There is a new, still experimental, [integration with Tor](ANONYMITY_NETWORKS.md). The
-> feature allows connecting over IPv4 and Tor simulatenously - IPv4 is used for
+> feature allows connecting over IPv4 and Tor simultaneously - IPv4 is used for
 > relaying blocks and relaying transactions received by peers whereas Tor is
 > used solely for relaying transactions received over local RPC. This provides
 > privacy and better protection against surrounding node (sybil) attacks.
@@ -766,6 +700,16 @@ DNS_PUBLIC=tcp torsocks ./monerod --p2p-bind-ip 127.0.0.1 --no-igd --rpc-bind-ip
    --data-dir /home/amnesia/Persistent/your/directory/to/the/blockchain
 ```

+## Pruning
+
+As of May 2020, the full Monero blockchain file is about 80 GB. One can store a pruned blockchain, which is about 28 GB.
+A pruned blockchain can only serve part of the historical chain data to other peers, but is otherwise identical in
+functionality to the full blockchain.
+To use a pruned blockchain, it is best to start the initial sync with --prune-blockchain. However, it is also possible
+to prune an existing blockchain using the monero-blockchain-prune tool or using the --prune-blockchain monerod option
+with an existing chain. If an existing chain exists, pruning will temporarily require disk space to store both the full
+and pruned blockchains.
+
 ## Debugging

 This section contains general instructions for debugging failed installs or problems encountered with Monero. First, ensure you are running the latest version built from the Github repo.
@@ -804,7 +748,13 @@ gdb /path/to/monerod /path/to/dumpfile`

 Print the stack trace with `bt`

-#### To run monero within gdb:
+ * If a program crashed and cores are managed by systemd, the following can also get a stack trace for that crash:
+
+```bash
+coredumpctl -1 gdb
+```
+
+#### To run Monero within gdb:

 Type `gdb /path/to/monerod`

@@ -845,3 +795,20 @@ The output of `mdb_stat -ea <path to blockchain dir>` will indicate inconsistenc
 The output of `mdb_dump -s blocks <path to blockchain dir>` and `mdb_dump -s block_info <path to blockchain dir>` is useful for indicating whether blocks and block_info contain the same keys.

 These records are dumped as hex data, where the first line is the key and the second line is the data.
+
+# Known Issues
+
+## Protocols
+
+### Socket-based
+
+Because of the nature of the socket-based protocols that drive monero, certain protocol weaknesses are somewhat unavoidable at this time. While these weaknesses can theoretically be fully mitigated, the effort required (the means) may not justify the ends. As such, please consider taking the following precautions if you are a monero node operator:
+
+- Run `monerod` on a "secured" machine. If operational security is not your forte, at a very minimum, have a dedicated a computer running `monerod` and **do not** browse the web, use email clients, or use any other potentially harmful apps on your `monerod` machine. **Do not click links or load URL/MUA content on the same machine**. Doing so may potentially exploit weaknesses in commands which accept "localhost" and "127.0.0.1".
+- If you plan on hosting a public "remote" node, start `monerod` with `--restricted-rpc`. This is a must.
+
+### Blockchain-based
+
+Certain blockchain "features" can be considered "bugs" if misused correctly. Consequently, please consider the following:
+
+- When receiving monero, be aware that it may be locked for an arbitrary time if the sender elected to, preventing you from spending that monero until the lock time expires. You may want to hold off acting upon such a transaction until the unlock time lapses. To get a sense of that time, you can consider the remaining blocktime until unlock as seen in the `show_transfers` command.
--- a/ZMQ.md
+++ b/ZMQ.md
@@ -0,0 +1,61 @@
+# The Current/Future Status of ZMQ in Monero
+
+## ZMQ Pub/Sub
+Client `ZMQ_SUB` sockets must "subscribe" to topics before it receives any data.
+This allows filtering on the server side, so network traffic is reduced. Monero
+allows for filtering on: (1) format, (2) context, and (3) event.
+
+ * **format** refers to the _wire_ format (i.e. JSON) used to send event
+   information.
+ * **context** allows for a reduction in fields for the event, so the
+   daemon doesn't waste cycles serializing fields that get ignored.
+ * **event** refers to status changes occurring within the daemon (i.e. new
+   block to main chain).
+
+ * Formats:
+   * `json`
+ * Contexts:
+   * `full` - the entire block or transaction is transmitted (the hash can be
+     computed remotely).
+   * `minimal` - the bare minimum for a remote client to react to an event is
+     sent.
+ * Events:
+   * `chain_main` - changes to the primary/main blockchain.
+   * `txpool_add` - new _publicly visible_ transactions in the mempool.
+     Includes previously unseen transactions in a block but _not_ the
+     `miner_tx`. Does not "re-publish" after a reorg. Includes `do_not_relay`
+     transactions.
+
+The subscription topics are formatted as `format-context-event`, with prefix
+matching supported by both Monero and ZMQ. The `format`, `context` and `event`
+will _never_ have hyphens or colons in their name. For example, subscribing to
+`json-minimal-chain_main` will send minimal information in JSON when changes
+to the main/primary blockchain occur. Whereas, subscribing to `json-minimal`
+will send minimal information in JSON on all available events supported by the
+daemon.
+
+The Monero daemon will ensure that events prefixed by `chain` will be sent in
+"chain-order" - the `prev_id` (hash) field will _always_ refer to a previous
+block. On rollbacks/reorgs, the event will reference an earlier block in the
+chain instead of the last block. The Monero daemon also ensures that
+`txpool_add` events are sent before `chain_*` events - the `chain_*` messages
+will only serialize miner transactions since the other transactions were
+previously published via `txpool_add`. This prevents transactions from being
+serialized twice, even when the transaction was first observed in a block.
+
+ZMQ Pub/Sub will drop messages if the network is congested, so the above rules
+for send order are used for detecting lost messages. A missing gap in `height`
+or `prev_id` for `chain_*` events indicates a lost pub message. Missing
+`txpool_add` messages can only be detected at the next `chain_` message.
+
+Since blockchain events can be dropped, clients will likely want to have a
+timeout against `chain_main` events. The `GetLastBlockHeader` RPC is useful
+for checking the current chain state. Dropped messages should be rare in most
+conditions.
+
+The Monero daemon will send a `txpool_add` pub exactly once for each
+transaction, even after a reorg or restarts. Clients should use the
+`GetTransactionPool` after a reorg to get all transactions that have been put
+back into the tx pool or been invalidated due to a double-spend.
+
+
--- a/cmake/32-bit-toolchain.cmake
+++ b/cmake/32-bit-toolchain.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
--- a/cmake/64-bit-toolchain.cmake
+++ b/cmake/64-bit-toolchain.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
--- a/cmake/CheckTrezor.cmake
+++ b/cmake/CheckTrezor.cmake
@@ -91,7 +91,7 @@ endif()

 # Protobuf compilation test
 if(Protobuf_FOUND AND USE_DEVICE_TREZOR AND TREZOR_PYTHON)
-    execute_process(COMMAND ${Protobuf_PROTOC_EXECUTABLE} -I "${CMAKE_SOURCE_DIR}/cmake" -I "${Protobuf_INCLUDE_DIR}" "${CMAKE_SOURCE_DIR}/cmake/test-protobuf.proto" --cpp_out ${CMAKE_BINARY_DIR} RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE ERR)
+    execute_process(COMMAND ${Protobuf_PROTOC_EXECUTABLE} -I "${CMAKE_CURRENT_LIST_DIR}" -I "${Protobuf_INCLUDE_DIR}" "${CMAKE_CURRENT_LIST_DIR}/test-protobuf.proto" --cpp_out ${CMAKE_BINARY_DIR} RESULT_VARIABLE RET OUTPUT_VARIABLE OUT ERROR_VARIABLE ERR)
    if(RET)
        message(STATUS "Protobuf test generation failed: ${OUT} ${ERR}")
    endif()
@@ -100,7 +100,7 @@ if(Protobuf_FOUND AND USE_DEVICE_TREZOR AND TREZOR_PYTHON)
        "${CMAKE_BINARY_DIR}"
        SOURCES
        "${CMAKE_BINARY_DIR}/test-protobuf.pb.cc"
-        "${CMAKE_SOURCE_DIR}/cmake/test-protobuf.cpp"
+        "${CMAKE_CURRENT_LIST_DIR}/test-protobuf.cpp"
        CMAKE_FLAGS
        "-DINCLUDE_DIRECTORIES=${Protobuf_INCLUDE_DIR};${CMAKE_BINARY_DIR}"
        "-DCMAKE_CXX_STANDARD=11"
@@ -159,7 +159,7 @@ if(Protobuf_FOUND AND USE_DEVICE_TREZOR AND TREZOR_PYTHON AND Protobuf_COMPILE_T

        set(TREZOR_LIBUSB_LIBRARIES "")
        if(LibUSB_COMPILE_TEST_PASSED)
-            list(APPEND TREZOR_LIBUSB_LIBRARIES ${LibUSB_LIBRARIES})
+            list(APPEND TREZOR_LIBUSB_LIBRARIES ${LibUSB_LIBRARIES} ${LIBUSB_DEP_LINKER})
            message(STATUS "Trezor compatible LibUSB found at: ${LibUSB_INCLUDE_DIRS}")
        endif()

@@ -174,7 +174,7 @@ if(Protobuf_FOUND AND USE_DEVICE_TREZOR AND TREZOR_PYTHON AND Protobuf_COMPILE_T

            if (TREZOR_LIBUSB_LIBRARIES)
                list(APPEND TREZOR_DEP_LIBS ${TREZOR_LIBUSB_LIBRARIES})
-                string(APPEND TREZOR_DEP_LINKER " -lusb-1.0")
+                string(APPEND TREZOR_DEP_LINKER " -lusb-1.0 ${LIBUSB_DEP_LINKER}")
            endif()
        endif()
    endif()
--- a/cmake/FindBerkeleyDB.cmake
+++ b/cmake/FindBerkeleyDB.cmake
@@ -1,25 +0,0 @@
-# - Try to find Berkeley DB
-# Once done this will define
-#
-#  BERKELEY_DB_FOUND - system has Berkeley DB
-#  BERKELEY_DB_INCLUDE_DIR - the Berkeley DB include directory
-#  BERKELEY_DB_LIBRARIES - Link these to use Berkeley DB
-#  BERKELEY_DB_DEFINITIONS - Compiler switches required for using Berkeley DB
-
-# Copyright (c) 2006, Alexander Dymo, <adymo@kdevelop.org>
-#
-# Redistribution and use is allowed according to the terms of the BSD license.
-# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
-
-find_path(BERKELEY_DB_INCLUDE_DIR db_cxx.h
-  /usr/include/db4
-  /usr/local/include/db4
-)
-
-find_library(BERKELEY_DB_LIBRARIES NAMES db_cxx )
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Berkeley "Could not find Berkeley DB >= 4.1" BERKELEY_DB_INCLUDE_DIR BERKELEY_DB_LIBRARIES)
-# show the BERKELEY_DB_INCLUDE_DIR and BERKELEY_DB_LIBRARIES variables only in the advanced view
-mark_as_advanced(BERKELEY_DB_INCLUDE_DIR BERKELEY_DB_LIBRARIES )
-
--- a/cmake/FindCcache.cmake
+++ b/cmake/FindCcache.cmake
@@ -0,0 +1,60 @@
+# Copyright (c) 2014-2020, The Monero Project
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+#    conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+#    of conditions and the following disclaimer in the documentation and/or other
+#    materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without specific
+#    prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# - Try to find readline include dirs and libraries 
+#
+# Automatically finds ccache build accelerator, if it's found in PATH.
+#
+# Usage of this module as follows:
+#
+#     project(monero)
+#     include(FindCcache) # Include AFTER the project() macro to be able to reach the CMAKE_CXX_COMPILER variable
+#
+# Properties modified by this module:
+#
+#  GLOBAL PROPERTY RULE_LAUNCH_COMPILE     set to ccache, when ccache found
+#  GLOBAL PROPERTY RULE_LAUNCH_LINK        set to ccache, when ccache found
+
+find_program(CCACHE_FOUND ccache)
+if (CCACHE_FOUND)
+	# Try to compile a test program with ccache, in order to verify if it really works. (needed on exotic setups)
+	# Create a temporary file with a simple program.
+	set(TEMP_CPP_FILE "${CMAKE_BINARY_DIR}/${CMAKE_FILES_DIRECTORY}/CMakeTmp/test-program.cpp")
+	file(WRITE "${TEMP_CPP_FILE}" "int main() { return 0; }")
+	# And run the found ccache on it.
+	execute_process(COMMAND "${CCACHE_FOUND}" "${CMAKE_CXX_COMPILER}" "${TEMP_CPP_FILE}"  RESULT_VARIABLE RET)
+	if (${RET} EQUAL 0)
+		# Success
+		message(STATUS "Found usable ccache: ${CCACHE_FOUND}")
+		set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE "${CCACHE_FOUND}")
+		set_property(GLOBAL PROPERTY RULE_LAUNCH_LINK    "${CCACHE_FOUND}")
+	else()
+		message(STATUS "Found ccache ${CCACHE_FOUND}, but is UNUSABLE! Return code: ${RET}")
+	endif()
+else()
+	message(STATUS "ccache NOT found! Please install it for faster rebuilds.")
+endif()
--- a/cmake/FindLibUSB.cmake
+++ b/cmake/FindLibUSB.cmake
@@ -119,6 +119,12 @@ if ( LibUSB_FOUND )
                find_library(IOKIT IOKit)
                list(APPEND TEST_COMPILE_EXTRA_LIBRARIES ${IOKIT})
                list(APPEND TEST_COMPILE_EXTRA_LIBRARIES ${COREFOUNDATION})
+
+                if(STATIC)
+                    find_library(OBJC objc.a)
+                    set(LIBUSB_DEP_LINKER ${OBJC})
+                    list(APPEND TEST_COMPILE_EXTRA_LIBRARIES ${LIBUSB_DEP_LINKER})
+                endif()
            endif()
        endif()
        if (WIN32)
--- a/cmake/FindUnbound.cmake
+++ b/cmake/FindUnbound.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without modification, are
--- a/cmake/GitVersion.cmake
+++ b/cmake/GitVersion.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
@@ -29,35 +29,43 @@
 # Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers

 # Check what commit we're on
-execute_process(COMMAND "${GIT}" rev-parse --short HEAD RESULT_VARIABLE RET OUTPUT_VARIABLE COMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)

-if(RET)
-	# Something went wrong, set the version tag to -unknown
-	
-    message(WARNING "Cannot determine current commit. Make sure that you are building either from a Git working tree or from a source archive.")
-    set(VERSIONTAG "unknown")
-    configure_file("src/version.cpp.in" "${TO}")
-else()
-	message(STATUS "You are currently on commit ${COMMIT}")
-	
-	# Get all the tags
-	execute_process(COMMAND "${GIT}" rev-list --tags --max-count=1 --abbrev-commit RESULT_VARIABLE RET OUTPUT_VARIABLE TAGGEDCOMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)
-	
-    if(NOT TAGGEDCOMMIT)
-        message(WARNING "Cannot determine most recent tag. Make sure that you are building either from a Git working tree or from a source archive.")
-        set(VERSIONTAG "${COMMIT}")
+function (get_version_tag_from_git GIT)
+    execute_process(COMMAND "${GIT}" rev-parse --short=9 HEAD
+                    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                    RESULT_VARIABLE RET
+                    OUTPUT_VARIABLE COMMIT
+                    OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+    if(RET)
+        # Something went wrong, set the version tag to -unknown
+
+        message(WARNING "Cannot determine current commit. Make sure that you are building either from a Git working tree or from a source archive.")
+        set(VERSIONTAG "unknown")
+        set(VERSION_IS_RELEASE "false")
    else()
-        message(STATUS "The most recent tag was at ${TAGGEDCOMMIT}")
-        
+        string(SUBSTRING ${COMMIT} 0 9 COMMIT)
+        message(STATUS "You are currently on commit ${COMMIT}")
+
+        # Get all the tags
+        execute_process(COMMAND "${GIT}" tag -l --points-at HEAD
+                        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                        RESULT_VARIABLE RET
+                        OUTPUT_VARIABLE TAG
+                        OUTPUT_STRIP_TRAILING_WHITESPACE)
+
        # Check if we're building that tagged commit or a different one
-        if(COMMIT STREQUAL TAGGEDCOMMIT)
+        if(TAG)
            message(STATUS "You are building a tagged release")
            set(VERSIONTAG "release")
+            set(VERSION_IS_RELEASE "true")
        else()
            message(STATUS "You are ahead of or behind a tagged release")
            set(VERSIONTAG "${COMMIT}")
-        endif()
-    endif()	    
+            set(VERSION_IS_RELEASE "false")
+        endif()	    
+    endif()

-    configure_file("src/version.cpp.in" "${TO}")
-endif()
+    set(VERSIONTAG "${VERSIONTAG}" PARENT_SCOPE)
+    set(VERSION_IS_RELEASE "${VERSION_IS_RELEASE}" PARENT_SCOPE)
+endfunction()
--- a/cmake/Version.cmake
+++ b/cmake/Version.cmake
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
@@ -26,27 +26,25 @@
 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-function (write_static_version_header hash)
-  set(VERSIONTAG "${hash}")
-  configure_file("${CMAKE_SOURCE_DIR}/src/version.cpp.in" "${CMAKE_BINARY_DIR}/version.cpp")
+function (write_version tag)
+  set(VERSIONTAG "${tag}" CACHE STRING "The tag portion of the Monero software version" FORCE)
+  configure_file("${CMAKE_CURRENT_LIST_DIR}/../src/version.cpp.in" "${CMAKE_BINARY_DIR}/version.cpp")
 endfunction ()

 find_package(Git QUIET)
 if ("$Format:$" STREQUAL "")
  # We're in a tarball; use hard-coded variables.
-  write_static_version_header("release")
+  set(VERSION_IS_RELEASE "true")
+  write_version("release")
 elseif (GIT_FOUND OR Git_FOUND)
  message(STATUS "Found Git: ${GIT_EXECUTABLE}")
-  add_custom_command(
-    OUTPUT            "${CMAKE_BINARY_DIR}/version.cpp"
-    COMMAND           "${CMAKE_COMMAND}"
-                      "-D" "GIT=${GIT_EXECUTABLE}"
-                      "-D" "TO=${CMAKE_BINARY_DIR}/version.cpp"
-                      "-P" "cmake/GenVersion.cmake"
-    WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}")
+  include(GitVersion)
+  get_version_tag_from_git("${GIT_EXECUTABLE}")
+  write_version("${VERSIONTAG}")
 else()
  message(STATUS "WARNING: Git was not found!")
-  write_static_version_header("unknown")
+  set(VERSION_IS_RELEASE "false")
+  write_version("unknown")
 endif ()
 add_custom_target(genversion ALL
  DEPENDS "${CMAKE_BINARY_DIR}/version.cpp")
--- a/cmake/test-libusb-version.c
+++ b/cmake/test-libusb-version.c
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
--- a/cmake/test-protobuf.cpp
+++ b/cmake/test-protobuf.cpp
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
--- a/cmake/test-static-assert.c
+++ b/cmake/test-static-assert.c
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
--- a/cmake/test-static-assert.cpp
+++ b/cmake/test-static-assert.cpp
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
--- a/contrib/CMakeLists.txt
+++ b/contrib/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
--- a/contrib/codefresh/codefresh.yml
+++ b/contrib/codefresh/codefresh.yml
@@ -1,18 +0,0 @@
-version: '1.0'
-steps:
-  init_submodules:
-    title: Init Submodules
-    commands:
-      - git submodule update --init --recursive
-    image: codefreshio/git-image:latest
-    working_directory: ${{main_clone}}
-
-  BuildingDockerImage:
-    title: Building Docker Image
-    type: build
-    image_name: monero
-    working_directory: ./
-    tag: '${{CF_BRANCH_TAG_NORMALIZED}}'
-    dockerfile: Dockerfile
-    build_arguments:
-      - NPROC=1
--- a/contrib/depends/Makefile
+++ b/contrib/depends/Makefile
@@ -53,8 +53,12 @@ endif
 host_arch=$(firstword $(subst -, ,$(canonical_host)))
 host_vendor=$(word 2,$(subst -, ,$(canonical_host)))
 full_host_os:=$(subst $(host_arch)-$(host_vendor)-,,$(canonical_host))
+host_os:=$(findstring android,$(full_host_os))
+ifeq ($(host_os),)
 host_os:=$(findstring linux,$(full_host_os))
+endif
 host_os+=$(findstring darwin,$(full_host_os))
+host_os+=$(findstring freebsd,$(full_host_os))
 host_os+=$(findstring mingw32,$(full_host_os))
 host_os:=$(strip $(host_os))
 ifeq ($(host_os),)
@@ -71,9 +75,15 @@ endif
 ifeq ($(host_os),linux)
 host_cmake=Linux
 endif
+ifeq ($(host_os),freebsd)
+host_cmake=FreeBSD
+endif
 ifeq ($(host_os),darwin)
 host_cmake=Darwin
 endif
+ifeq ($(host_os),android)
+host_cmake=Android
+endif

 AT_$(V):=
 AT_:=@
@@ -217,4 +227,6 @@ download-win:
 	@$(MAKE) -s HOST=x86_64-w64-mingw32 download-one
 download: download-osx download-linux download-win

+ $(foreach package,$(all_packages),$(eval $(call ext_add_stages,$(package))))
+
 .PHONY: install cached download-one download-osx download-linux download-win download check-packages check-sources
--- a/contrib/depends/README.md
+++ b/contrib/depends/README.md
@@ -33,6 +33,7 @@ Common `host-platform-triplets` for cross compilation are:
 - `x86_64-apple-darwin11` for MacOSX
 - `arm-linux-gnueabihf` for Linux ARM 32 bit
 - `aarch64-linux-gnu` for Linux ARM 64 bit
+- `riscv64-linux-gnu` for Linux RISCV 64 bit

 No other options are needed, the paths are automatically configured.

--- a/contrib/depends/builders/default.mk
+++ b/contrib/depends/builders/default.mk
@@ -17,4 +17,4 @@ define add_build_flags_func
 build_$(build_arch)_$(build_os)_$1 += $(build_$(build_os)_$1)
 build_$1=$$(build_$(build_arch)_$(build_os)_$1)
 endef
-$(foreach flags, CFLAGS CXXFLAGS LDFLAGS, $(eval $(call add_build_flags_func,$(flags))))
+$(foreach flags, CFLAGS CXXFLAGS ARFLAGS LDFLAGS, $(eval $(call add_build_flags_func,$(flags))))
--- a/contrib/depends/funcs.mk
+++ b/contrib/depends/funcs.mk
@@ -10,6 +10,7 @@ $(1)_libtool=$($($(1)_type)_LIBTOOL)
 $(1)_nm=$($($(1)_type)_NM)
 $(1)_cflags=$($($(1)_type)_CFLAGS) $($($(1)_type)_$(release_type)_CFLAGS)
 $(1)_cxxflags=$($($(1)_type)_CXXFLAGS) $($($(1)_type)_$(release_type)_CXXFLAGS)
+$(1)_arflags=$($($(1)_type)_ARFLAGS) $($($(1)_type)_$(release_type)_ARFLAGS)
 $(1)_ldflags=$($($(1)_type)_LDFLAGS) $($($(1)_type)_$(release_type)_LDFLAGS) -L$($($(1)_type)_prefix)/lib
 $(1)_cppflags=$($($(1)_type)_CPPFLAGS) $($($(1)_type)_$(release_type)_CPPFLAGS) -I$($($(1)_type)_prefix)/include
 $(1)_recipe_hash:=
@@ -102,6 +103,11 @@ $(1)_cxxflags+=$($(1)_cxxflags_$(host_arch)) $($(1)_cxxflags_$(host_arch)_$(rele
 $(1)_cxxflags+=$($(1)_cxxflags_$(host_os)) $($(1)_cxxflags_$(host_os)_$(release_type))
 $(1)_cxxflags+=$($(1)_cxxflags_$(host_arch)_$(host_os)) $($(1)_cxxflags_$(host_arch)_$(host_os)_$(release_type))

+$(1)_arflags+=$($(1)_arflags_$(release_type))
+$(1)_arflags+=$($(1)_arflags_$(host_arch)) $($(1)_arflags_$(host_arch)_$(release_type))
+$(1)_arflags+=$($(1)_arflags_$(host_os)) $($(1)_arflags_$(host_os)_$(release_type))
+$(1)_arflags+=$($(1)_arflags_$(host_arch)_$(host_os)) $($(1)_arflags_$(host_arch)_$(host_os)_$(release_type))
+
 $(1)_cppflags+=$($(1)_cppflags_$(release_type))
 $(1)_cppflags+=$($(1)_cppflags_$(host_arch)) $($(1)_cppflags_$(host_arch)_$(release_type))
 $(1)_cppflags+=$($(1)_cppflags_$(host_os)) $($(1)_cppflags_$(host_os)_$(release_type))
@@ -129,9 +135,9 @@ $(1)_config_env+=$($(1)_config_env_$(host_arch)_$(host_os)) $($(1)_config_env_$(

 $(1)_config_env+=PKG_CONFIG_LIBDIR=$($($(1)_type)_prefix)/lib/pkgconfig
 $(1)_config_env+=PKG_CONFIG_PATH=$($($(1)_type)_prefix)/share/pkgconfig
-$(1)_config_env+=PATH=$(build_prefix)/bin:$(PATH)
-$(1)_build_env+=PATH=$(build_prefix)/bin:$(PATH)
-$(1)_stage_env+=PATH=$(build_prefix)/bin:$(PATH)
+$(1)_config_env+=PATH="$(build_prefix)/bin:$(PATH)"
+$(1)_build_env+=PATH="$(build_prefix)/bin:$(PATH)"
+$(1)_stage_env+=PATH="$(build_prefix)/bin:$(PATH)"
 $(1)_autoconf=./configure --host=$($($(1)_type)_host) --disable-dependency-tracking --prefix=$($($(1)_type)_prefix) $$($(1)_config_opts) CC="$$($(1)_cc)" CXX="$$($(1)_cxx)"

 ifneq ($($(1)_nm),)
@@ -143,6 +149,9 @@ endif
 ifneq ($($(1)_ar),)
 $(1)_autoconf += AR="$$($(1)_ar)"
 endif
+ifneq ($($(1)_arflags),)
+$(1)_autoconf += ARFLAGS="$$($(1)_arflags)"
+endif
 ifneq ($($(1)_cflags),)
 $(1)_autoconf += CFLAGS="$$($(1)_cflags)"
 endif
@@ -213,6 +222,14 @@ $(1): | $($(1)_cached_checksum)

 endef

+stages = fetched extracted preprocessed configured built staged postprocessed cached cached_checksum
+
+define ext_add_stages
+$(foreach stage,$(stages),
+          $(1)_$(stage): $($(1)_$(stage))
+          .PHONY: $(1)_$(stage))
+endef
+
 # These functions create the build targets for each package. They must be
 # broken down into small steps so that each part is done for all packages
 # before moving on to the next step. Otherwise, a package's info
--- a/contrib/depends/hosts/android.mk
+++ b/contrib/depends/hosts/android.mk
@@ -0,0 +1,22 @@
+ANDROID_API=21
+
+ifeq ($(host_arch),arm)
+host_toolchain=arm-linux-androideabi-
+endif
+
+android_CC=$(host_toolchain)clang
+android_CXX=$(host_toolchain)clang++
+android_RANLIB=:
+
+android_CFLAGS=-pipe
+android_CXXFLAGS=$(android_CFLAGS)
+android_ARFLAGS=crsD
+
+android_release_CFLAGS=-O2
+android_release_CXXFLAGS=$(android_release_CFLAGS)
+
+android_debug_CFLAGS=-g -O0
+android_debug_CXXFLAGS=$(android_debug_CFLAGS)
+
+android_native_toolchain=android_ndk
+
--- a/contrib/depends/hosts/darwin.mk
+++ b/contrib/depends/hosts/darwin.mk
@@ -7,6 +7,7 @@ darwin_CXX=clang++ -target $(host) -mmacosx-version-min=$(OSX_MIN_VERSION) --sys

 darwin_CFLAGS=-pipe
 darwin_CXXFLAGS=$(darwin_CFLAGS)
+darwin_ARFLAGS=cr

 darwin_release_CFLAGS=-O1
 darwin_release_CXXFLAGS=$(darwin_release_CFLAGS)
--- a/contrib/depends/hosts/default.mk
+++ b/contrib/depends/hosts/default.mk
@@ -23,4 +23,4 @@ host_$(release_type)_$1 = $$($(host_arch)_$(host_os)_$(release_type)_$1)
 endef

 $(foreach tool,CC CXX AR RANLIB STRIP NM LIBTOOL OTOOL INSTALL_NAME_TOOL,$(eval $(call add_host_tool_func,$(tool))))
-$(foreach flags,CFLAGS CXXFLAGS CPPFLAGS LDFLAGS, $(eval $(call add_host_flags_func,$(flags))))
+$(foreach flags,CFLAGS CXXFLAGS ARFLAGS CPPFLAGS LDFLAGS, $(eval $(call add_host_flags_func,$(flags))))
--- a/contrib/depends/hosts/freebsd.mk
+++ b/contrib/depends/hosts/freebsd.mk
@@ -0,0 +1,18 @@
+freebsd_CC=clang-8
+freebsd_CXX=clang++-8
+freebsd_AR=ar
+freebsd_RANLIB=ranlib
+freebsd_NM=nm
+
+freebsd_CFLAGS=-pipe
+freebsd_CXXFLAGS=$(freebsd_CFLAGS)
+freebsd_ARFLAGS=cr
+
+freebsd_release_CFLAGS=-O2
+freebsd_release_CXXFLAGS=$(freebsd_release_CFLAGS)
+
+freebsd_debug_CFLAGS=-g -O0
+freebsd_debug_CXXFLAGS=$(freebsd_debug_CFLAGS)
+
+freebsd_native_toolchain=freebsd_base
+
--- a/contrib/depends/hosts/linux.mk
+++ b/contrib/depends/hosts/linux.mk
@@ -1,5 +1,6 @@
 linux_CFLAGS=-pipe
 linux_CXXFLAGS=$(linux_CFLAGS)
+linux_ARFLAGS=cr

 linux_release_CFLAGS=-O2
 linux_release_CXXFLAGS=$(linux_release_CFLAGS)
--- a/contrib/depends/hosts/mingw32.mk
+++ b/contrib/depends/hosts/mingw32.mk
@@ -1,5 +1,6 @@
 mingw32_CFLAGS=-pipe
 mingw32_CXXFLAGS=$(mingw32_CFLAGS)
+mingw32_ARFLAGS=cr

 mingw32_release_CFLAGS=-O2
 mingw32_release_CXXFLAGS=$(mingw32_release_CFLAGS)
--- a/contrib/depends/packages/android_ndk.mk
+++ b/contrib/depends/packages/android_ndk.mk
@@ -0,0 +1,22 @@
+package=android_ndk
+$(package)_version=17b
+$(package)_download_path=https://dl.google.com/android/repository/
+$(package)_file_name=android-ndk-r$($(package)_version)-linux-x86_64.zip
+$(package)_sha256_hash=5dfbbdc2d3ba859fed90d0e978af87c71a91a5be1f6e1c40ba697503d48ccecd
+
+define $(package)_set_vars
+$(package)_config_opts_arm=--arch arm
+$(package)_config_opts_aarch64=--arch arm64
+endef
+
+define $(package)_extract_cmds
+  echo $($(package)_sha256_hash) $($(1)_source_dir)/$($(package)_file_name) | sha256sum -c &&\
+  unzip -q $($(1)_source_dir)/$($(package)_file_name)
+endef
+
+define $(package)_stage_cmds
+  android-ndk-r$($(package)_version)/build/tools/make_standalone_toolchain.py --api 21 \
+    --install-dir $(build_prefix) --stl=libc++ $($(package)_config_opts) &&\
+  mv $(build_prefix) $($(package)_staging_dir)/$(host_prefix)
+endef
+
--- a/contrib/depends/packages/boost.mk
+++ b/contrib/depends/packages/boost.mk
@@ -3,6 +3,8 @@ $(package)_version=1_64_0
 $(package)_download_path=https://dl.bintray.com/boostorg/release/1.64.0/source/
 $(package)_file_name=$(package)_$($(package)_version).tar.bz2
 $(package)_sha256_hash=7bcc5caace97baa948931d712ea5f37038dbb1c5d89b43ad4def4ed7cb683332
+$(package)_dependencies=libiconv
+$(package)_patches=fix_aroptions.patch

 define $(package)_set_vars
 $(package)_config_opts_release=variant=release
@@ -10,6 +12,7 @@ $(package)_config_opts_debug=variant=debug
 $(package)_config_opts=--layout=tagged --build-type=complete --user-config=user-config.jam
 $(package)_config_opts+=threading=multi link=static -sNO_BZIP2=1 -sNO_ZLIB=1
 $(package)_config_opts_linux=threadapi=pthread runtime-link=shared
+$(package)_config_opts_android=threadapi=pthread runtime-link=static target-os=android
 $(package)_config_opts_darwin=--toolset=darwin-4.2.1 runtime-link=shared
 $(package)_config_opts_mingw32=binary-format=pe target-os=windows threadapi=win32 runtime-link=static
 $(package)_config_opts_x86_64_mingw32=address-model=64
@@ -22,10 +25,12 @@ $(package)_archiver_darwin=$($(package)_libtool)
 $(package)_config_libraries=chrono,filesystem,program_options,system,thread,test,date_time,regex,serialization,locale
 $(package)_cxxflags=-std=c++11
 $(package)_cxxflags_linux=-fPIC
+$(package)_cxxflags_freebsd=-fPIC
 endef

 define $(package)_preprocess_cmds
-  echo "using $(boost_toolset_$(host_os)) : : $($(package)_cxx) : <cxxflags>\"$($(package)_cxxflags) $($(package)_cppflags)\" <linkflags>\"$($(package)_ldflags)\" <archiver>\"$(boost_archiver_$(host_os))\" <striper>\"$(host_STR    IP)\"  <ranlib>\"$(host_RANLIB)\" <rc>\"$(host_WINDRES)\" : ;" > user-config.jam
+  patch -p1 < $($(package)_patch_dir)/fix_aroptions.patch &&\
+  echo "using $(boost_toolset_$(host_os)) : : $($(package)_cxx) : <cxxflags>\"$($(package)_cxxflags) $($(package)_cppflags)\" <linkflags>\"$($(package)_ldflags)\" <archiver>\"$(boost_archiver_$(host_os))\" <arflags>\"$($(package)_arflags)\" <striper>\"$(host_STRIP)\"  <ranlib>\"$(host_RANLIB)\" <rc>\"$(host_WINDRES)\" : ;" > user-config.jam
 endef

 define $(package)_config_cmds
--- a/contrib/depends/packages/cppzmq.mk
+++ b/contrib/depends/packages/cppzmq.mk
@@ -1,15 +0,0 @@
-package=cppzmq
-$(package)_version=4.2.3
-$(package)_download_path=https://github.com/zeromq/cppzmq/archive/
-$(package)_file_name=v$($(package)_version).tar.gz
-$(package)_sha256_hash=3e6b57bf49115f4ae893b1ff7848ead7267013087dc7be1ab27636a97144d373
-$(package)_dependencies=zeromq
-
-define $(package)_stage_cmds
-  mkdir $($(package)_staging_prefix_dir)/include &&\
-  cp zmq.hpp $($(package)_staging_prefix_dir)/include
-endef
-
-define $(package)_postprocess_cmds
-  rm -rf bin share
-endef
--- a/contrib/depends/packages/eudev.mk
+++ b/contrib/depends/packages/eudev.mk
@@ -9,7 +9,7 @@ define $(package)_set_vars
 endef

 define $(package)_config_cmds
-  $($(package)_autoconf)
+  $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmd
@@ -23,3 +23,7 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
+
+define $(package)_postprocess_cmds
+  rm lib/*.la
+endef
--- a/contrib/depends/packages/expat.mk
+++ b/contrib/depends/packages/expat.mk
@@ -1,11 +1,12 @@
 package=expat
 $(package)_version=2.2.4
-$(package)_download_path=https://downloads.sourceforge.net/project/expat/expat/$($(package)_version)
+$(package)_download_path=https://github.com/libexpat/libexpat/releases/download/R_2_2_4
 $(package)_file_name=$(package)-$($(package)_version).tar.bz2
 $(package)_sha256_hash=03ad85db965f8ab2d27328abcf0bc5571af6ec0a414874b2066ee3fdd372019e

 define $(package)_set_vars
 $(package)_config_opts=--enable-static
+$(package)_config_opts=--disable-shared
 $(package)_config_opts+=--prefix=$(host_prefix)
 endef

@@ -20,3 +21,8 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
+
+define $(package)_postprocess_cmds
+  rm lib/*.la
+endef
+
--- a/contrib/depends/packages/freebsd_base.mk
+++ b/contrib/depends/packages/freebsd_base.mk
@@ -0,0 +1,23 @@
+package=freebsd_base
+$(package)_version=11.3
+$(package)_download_path=https://download.freebsd.org/ftp/releases/amd64/$($(package)_version)-RELEASE/
+$(package)_download_file=base.txz
+$(package)_file_name=freebsd-base-$($(package)_version).txz
+$(package)_sha256_hash=4599023ac136325b86f2fddeec64c1624daa83657e40b00b2ef944c81463a4ff
+
+define $(package)_extract_cmds
+  echo $($(package)_sha256_hash) $($(1)_source_dir)/$($(package)_file_name) | sha256sum -c &&\
+  tar xf $($(1)_source_dir)/$($(package)_file_name) ./lib/ ./usr/lib/ ./usr/include/
+endef
+
+define $(package)_build_cmds
+  mkdir bin &&\
+  echo "exec /usr/bin/clang-8 -target x86_64-unknown-freebsd$($(package)_version) --sysroot=$(host_prefix)/native $$$$""@" > bin/clang-8 &&\
+  echo "exec /usr/bin/clang++-8 -target x86_64-unknown-freebsd$($(package)_version) --sysroot=$(host_prefix)/native $$$$""@" > bin/clang++-8 &&\
+  chmod 755 bin/*
+endef
+
+define $(package)_stage_cmds
+  mkdir $($(package)_staging_dir)/$(host_prefix)/native &&\
+  mv bin lib usr $($(package)_staging_dir)/$(host_prefix)/native
+endef
--- a/contrib/depends/packages/hidapi.mk
+++ b/contrib/depends/packages/hidapi.mk
@@ -1,8 +1,8 @@
 package=hidapi
-$(package)_version=0.8.0-rc1
-$(package)_download_path=https://github.com/signal11/hidapi/archive
+$(package)_version=0.9.0
+$(package)_download_path=https://github.com/libusb/hidapi/archive
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=3c147200bf48a04c1e927cd81589c5ddceff61e6dac137a605f6ac9793f4af61
+$(package)_sha256_hash=630ee1834bdd5c5761ab079fd04f463a89585df8fcae51a7bfe4229b1e02a652
 $(package)_linux_dependencies=libusb eudev

 define $(package)_set_vars
@@ -18,7 +18,7 @@ endef

 define $(package)_config_cmds
  ./bootstrap &&\
-  $($(package)_autoconf) $($(package)_config_opts)
+  $($(package)_autoconf) $($(package)_config_opts) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -28,3 +28,8 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
+
+define $(package)_postprocess_cmds
+  rm lib/*.la
+endef
+
--- a/contrib/depends/packages/icu4c.mk
+++ b/contrib/depends/packages/icu4c.mk
@@ -1,8 +1,8 @@
 package=icu4c
-$(package)_version=55.1
-$(package)_download_path=https://github.com/TheCharlatan/icu4c/archive
-$(package)_file_name=55.1.tar.gz
-$(package)_sha256_hash=1f912c54035533fb4268809701d65c7468d00e292efbc31e6444908450cc46ef
+$(package)_version=55.2
+$(package)_download_path=https://github.com/unicode-org/icu/releases/download/release-55-2/
+$(package)_file_name=$(package)-55_2-src.tgz
+$(package)_sha256_hash=eda2aa9f9c787748a2e2d310590720ca8bcc6252adf6b4cfb03b65bef9d66759
 $(package)_patches=icu-001-dont-build-static-dynamic-twice.patch

 define $(package)_set_vars
@@ -21,11 +21,6 @@ define $(package)_config_cmds
  $(MAKE) $($(package)_build_opts)
 endef

-#define $(package)_build_cmds
-#  cd source &&\
-   $(MAKE) $($((package)_build_opts) `nproc`
-#endef
-
 define $(package)_stage_cmds
  cd buildb &&\
  $(MAKE) $($(package)_build_opts) DESTDIR=$($(package)_staging_dir) install lib/*
--- a/contrib/depends/packages/ldns.mk
+++ b/contrib/depends/packages/ldns.mk
@@ -6,12 +6,16 @@ $(package)_sha256_hash=8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f
 $(package)_dependencies=openssl

 define $(package)_set_vars
-  $(package)_config_opts=--disable-shared --enable-static --disable-dane-ta-usage --with-drill 
-  $(package)_config_opts=--with-ssl=$(host_prefix) 
+  $(package)_config_opts=--disable-shared --enable-static --with-drill
+  $(package)_config_opts+=--with-ssl=$(host_prefix)
  $(package)_config_opts_release=--disable-debug-mode
  $(package)_config_opts_linux=--with-pic
 endef

+define $(package)_preprocess_cmds
+   cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub .
+endef
+
 define $(package)_config_cmds
  $($(package)_autoconf)
 endef
@@ -25,4 +29,6 @@ define $(package)_stage_cmds
 endef

 define $(package)_postprocess_cmds
+  rm lib/*.la
 endef
+
--- a/contrib/depends/packages/libiconv.mk
+++ b/contrib/depends/packages/libiconv.mk
@@ -10,6 +10,7 @@ define $(package)_set_vars
  $(package)_config_opts=--enable-static
  $(package)_config_opts=--disable-shared
  $(package)_config_opts_linux=--with-pic
+  $(package)_config_opts_freebsd=--with-pic
 endef

 define $(package)_preprocess_cmds
@@ -18,7 +19,7 @@ define $(package)_preprocess_cmds
 endef

 define $(package)_config_cmds
-  $($(package)_autoconf)
+  $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -28,3 +29,7 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
+
+define $(package)_postprocess_cmds
+  rm lib/*.la
+endef
--- a/contrib/depends/packages/libusb.mk
+++ b/contrib/depends/packages/libusb.mk
@@ -19,11 +19,11 @@ ifneq ($(host_os),darwin)
  define $(package)_config_cmds
    cp -f $(BASEDIR)/config.guess config.guess &&\
    cp -f $(BASEDIR)/config.sub config.sub &&\
-    $($(package)_autoconf)
+    $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
  endef
 else
  define $(package)_config_cmds
-    $($(package)_autoconf)
+    $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
  endef
 endif

--- a/contrib/depends/packages/native_cctools.mk
+++ b/contrib/depends/packages/native_cctools.mk
@@ -10,6 +10,7 @@ $(package)_clang_download_file=clang+llvm-$($(package)_clang_version)-x86_64-lin
 $(package)_clang_file_name=clang-llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz
 $(package)_clang_sha256_hash=99b28a6b48e793705228a390471991386daa33a9717cd9ca007fcdde69608fd9
 $(package)_extra_sources=$($(package)_clang_file_name)
+$(package)_patches=skip_otool.patch

 define $(package)_fetch_cmds
 $(call fetch_file,$(package),$($(package)_download_path),$($(package)_download_file),$($(package)_file_name),$($(package)_sha256_hash)) && \
@@ -37,7 +38,10 @@ $(package)_cc=$($(package)_extract_dir)/toolchain/bin/clang
 $(package)_cxx=$($(package)_extract_dir)/toolchain/bin/clang++
 endef

+# If clang gets updated to a version with a fix for https://reviews.llvm.org/D50559
+# then the patch that skips otool can be removed.
 define $(package)_preprocess_cmds
+  patch -p0 < $($(package)_patch_dir)/skip_otool.patch && \
  cd $($(package)_build_subdir); ./autogen.sh && \
  sed -i.old "/define HAVE_PTHREADS/d" ld64/src/ld/InputFiles.h
 endef
--- a/contrib/depends/packages/native_ds_store.mk
+++ b/contrib/depends/packages/native_ds_store.mk
@@ -1,9 +1,9 @@
 package=native_ds_store
 $(package)_version=1.1.0
-$(package)_download_path=https://bitbucket.org/al45tair/ds_store/get
-$(package)_download_file=v$($(package)_version).tar.bz2
-$(package)_file_name=$(package)-$($(package)_version).tar.bz2
-$(package)_sha256_hash=921596764d71d1bbd3297a90ef6d286f718794d667e4f81d91d14053525d64c1
+$(package)_download_path=https://github.com/al45tair/ds_store/archive/
+$(package)_download_file=v$($(package)_version).tar.gz
+$(package)_file_name=$(package)-$($(package)_version).tar.gz
+$(package)_sha256_hash=a9f4c0755c6be7224ff7029e188dd262e830bb81e801424841db9eb0780ec8ed
 $(package)_install_libdir=$(build_prefix)/lib/python/dist-packages
 $(package)_dependencies=native_biplist

--- a/contrib/depends/packages/native_mac_alias.mk
+++ b/contrib/depends/packages/native_mac_alias.mk
@@ -1,9 +1,9 @@
 package=native_mac_alias
 $(package)_version=1.1.0
-$(package)_download_path=https://bitbucket.org/al45tair/mac_alias/get
-$(package)_download_file=v$($(package)_version).tar.bz2
-$(package)_file_name=$(package)-$($(package)_version).tar.bz2
-$(package)_sha256_hash=87ad827e66790028361e43fc754f68ed041a9bdb214cca03c853f079b04fb120
+$(package)_download_path=https://github.com/al45tair/mac_alias/archive/
+$(package)_download_file=v$($(package)_version).tar.gz
+$(package)_file_name=$(package)-$($(package)_version).tar.gz
+$(package)_sha256_hash=b10cb44ecb64fc25283fae7a9cf365d2829377d84e37b9c21100aca8757509be
 $(package)_install_libdir=$(build_prefix)/lib/python/dist-packages
 $(package)_patches=python3.patch

--- a/contrib/depends/packages/ncurses.mk
+++ b/contrib/depends/packages/ncurses.mk
@@ -0,0 +1,64 @@
+package=ncurses
+$(package)_version=6.1
+$(package)_download_path=https://ftp.gnu.org/gnu/ncurses
+$(package)_file_name=$(package)-$($(package)_version).tar.gz
+$(package)_sha256_hash=aa057eeeb4a14d470101eff4597d5833dcef5965331be3528c08d99cebaa0d17
+$(package)_patches=fallback.c
+
+define $(package)_set_vars
+  $(package)_build_opts=CC="$($(package)_cc)"
+  $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" ARFLAGS=$($(package)_arflags) cf_cv_ar_flags=""
+  $(package)_config_env_darwin=RANLIB="$(host_prefix)/native/bin/x86_64-apple-darwin11-ranlib" AR="$(host_prefix)/native/bin/x86_64-apple-darwin11-ar" CC="$(host_prefix)/native/bin/$($(package)_cc)"
+  $(package)_config_opts=--prefix=$(host_prefix)
+  $(package)_config_opts+=--disable-shared
+  $(package)_config_opts+=--with-build-cc=gcc
+  $(package)_config_opts+=--without-debug
+  $(package)_config_opts+=--without-ada
+  $(package)_config_opts+=--without-cxx-binding
+  $(package)_config_opts+=--without-cxx
+  $(package)_config_opts+=--without-ticlib
+  $(package)_config_opts+=--without-tic
+  $(package)_config_opts+=--without-progs
+  $(package)_config_opts+=--without-tests
+  $(package)_config_opts+=--without-tack
+  $(package)_config_opts+=--without-manpages
+  $(package)_config_opts+=--with-termlib=tinfo
+  $(package)_config_opts+=--disable-tic-depends
+  $(package)_config_opts+=--disable-big-strings
+  $(package)_config_opts+=--disable-ext-colors
+  $(package)_config_opts+=--enable-pc-files
+  $(package)_config_opts+=--host=$(HOST)
+  $(pacakge)_config_opts+=--without-shared
+  $(pacakge)_config_opts+=--without-pthread
+  $(pacakge)_config_opts+=--disable-rpath
+  $(pacakge)_config_opts+=--disable-colorfgbg
+  $(pacakge)_config_opts+=--disable-ext-mouse
+  $(pacakge)_config_opts+=--disable-symlinks
+  $(pacakge)_config_opts+=--enable-warnings
+  $(pacakge)_config_opts+=--enable-assertions
+  $(package)_config_opts+=--with-default-terminfo-dir=/etc/_terminfo_
+  $(package)_config_opts+=--with-terminfo-dirs=/etc/_terminfo_
+  $(pacakge)_config_opts+=--enable-database
+  $(pacakge)_config_opts+=--enable-sp-funcs
+  $(pacakge)_config_opts+=--disable-term-driver
+  $(pacakge)_config_opts+=--enable-interop
+  $(pacakge)_config_opts+=--enable-widec
+  $(package)_build_opts=CFLAGS="$($(package)_cflags) $($(package)_cppflags) -fPIC"
+endef
+
+define $(package)_preprocess_cmds
+  cp $($(package)_patch_dir)/fallback.c ncurses
+endef
+
+define $(package)_config_cmds
+  ./configure $($(package)_config_opts)
+endef
+
+define $(package)_build_cmds
+  $(MAKE) $($(package)_build_opts) V=1
+endef
+
+define $(package)_stage_cmds
+  $(MAKE) install.libs DESTDIR=$($(package)_staging_dir)
+endef
+
--- a/contrib/depends/packages/openssl.mk
+++ b/contrib/depends/packages/openssl.mk
@@ -1,56 +1,57 @@
 package=openssl
-$(package)_version=1.0.2q
+$(package)_version=1.1.1i
 $(package)_download_path=https://www.openssl.org/source
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
+$(package)_sha256_hash=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242

 define $(package)_set_vars
-$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
+$(package)_config_env=AR="$($(package)_ar)" ARFLAGS=$($(package)_arflags) RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
+$(package)_config_env_arm_android=ANDROID_NDK_HOME="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
+$(package)_config_env_aarch64_android=ANDROID_NDK_HOME="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
+$(package)_build_env_arm_android=ANDROID_NDK_HOME="$(host_prefix)/native"
+$(package)_build_env_aarch64_android=ANDROID_NDK_HOME="$(host_prefix)/native"
 $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
 $(package)_config_opts+=no-capieng
 $(package)_config_opts+=no-dso
 $(package)_config_opts+=no-dtls1
 $(package)_config_opts+=no-ec_nistp_64_gcc_128
 $(package)_config_opts+=no-gost
-$(package)_config_opts+=no-gmp
 $(package)_config_opts+=no-heartbeats
-$(package)_config_opts+=no-jpake
-$(package)_config_opts+=no-krb5
-$(package)_config_opts+=no-libunbound
 $(package)_config_opts+=no-md2
 $(package)_config_opts+=no-rc5
 $(package)_config_opts+=no-rdrand
 $(package)_config_opts+=no-rfc3779
-$(package)_config_opts+=no-rsax
 $(package)_config_opts+=no-sctp
-$(package)_config_opts+=no-sha0
 $(package)_config_opts+=no-shared
 $(package)_config_opts+=no-ssl-trace
 $(package)_config_opts+=no-ssl2
 $(package)_config_opts+=no-ssl3
-$(package)_config_opts+=no-static_engine
-$(package)_config_opts+=no-store
 $(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
 $(package)_config_opts+=no-zlib
 $(package)_config_opts+=no-zlib-dynamic
 $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags)
 $(package)_config_opts_linux=-fPIC -Wa,--noexecstack
+$(package)_config_opts_freebsd=-fPIC -Wa,--noexecstack
 $(package)_config_opts_x86_64_linux=linux-x86_64
 $(package)_config_opts_i686_linux=linux-generic32
 $(package)_config_opts_arm_linux=linux-generic32
 $(package)_config_opts_aarch64_linux=linux-generic64
+$(package)_config_opts_arm_android=--static android-arm
+$(package)_config_opts_aarch64_android=--static android-arm64
+$(package)_config_opts_riscv64_linux=linux-generic64
 $(package)_config_opts_mipsel_linux=linux-generic32
 $(package)_config_opts_mips_linux=linux-generic32
 $(package)_config_opts_powerpc_linux=linux-generic32
 $(package)_config_opts_x86_64_darwin=darwin64-x86_64-cc
 $(package)_config_opts_x86_64_mingw32=mingw64
 $(package)_config_opts_i686_mingw32=mingw
+$(package)_config_opts_x86_64_freebsd=BSD-x86_64
 endef

 define $(package)_preprocess_cmds
-  sed -i.old "/define DATE/d" util/mkbuildinf.pl && \
-  sed -i.old "s|engines apps test|engines|" Makefile.org
+  sed -i.old 's|"engines", "apps", "test", "util", "tools", "fuzz"|"engines", "tools"|' Configure && \
+  sed -i -e 's|cflags --sysroot.*",|cflags",|' Configurations/15-android.conf
 endef

 define $(package)_config_cmds
@@ -62,7 +63,7 @@ define $(package)_build_cmds
 endef

 define $(package)_stage_cmds
-  $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw
+  $(MAKE) DESTDIR=$($(package)_staging_dir) -j1 install_sw
 endef

 define $(package)_postprocess_cmds
--- a/contrib/depends/packages/packages.mk
+++ b/contrib/depends/packages/packages.mk
@@ -1,25 +1,35 @@
-packages:=boost openssl zeromq cppzmq expat ldns cppzmq readline libiconv hidapi protobuf libusb
-native_packages := native_ccache native_protobuf
+packages:=boost openssl zeromq libiconv

-darwin_native_packages = native_biplist native_ds_store native_mac_alias
-darwin_packages = sodium-darwin
+native_packages := native_ccache

-linux_packages = eudev
+hardware_packages := hidapi protobuf libusb
+hardware_native_packages := native_protobuf
+
+android_native_packages = android_ndk
+android_packages = ncurses readline sodium
+
+darwin_native_packages = native_biplist native_ds_store native_mac_alias $(hardware_native_packages)
+darwin_packages = sodium ncurses readline $(hardware_packages)
+
+# not really native...
+freebsd_native_packages = freebsd_base
+freebsd_packages = ncurses readline sodium
+
+linux_packages = eudev ncurses readline sodium $(hardware_packages)
+linux_native_packages = $(hardware_native_packages)
 qt_packages = qt

 ifeq ($(build_tests),ON)
 packages += gtest
 endif

-ifeq ($(host_os),linux)
-packages += unwind
-packages += sodium
-endif
-ifeq ($(host_os),mingw32)
-packages += icu4c
-packages += sodium
+ifneq ($(host_arch),riscv64)
+linux_packages += unwind
 endif

+mingw32_packages = icu4c sodium $(hardware_packages)
+mingw32_native_packages = $(hardware_native_packages)
+
 ifneq ($(build_os),darwin)
 darwin_native_packages += native_cctools native_cdrkit native_libdmg-hfsplus
 endif
--- a/contrib/depends/packages/protobuf.mk
+++ b/contrib/depends/packages/protobuf.mk
@@ -12,7 +12,7 @@ define $(package)_set_vars
 endef

 define $(package)_config_cmds
-  $($(package)_autoconf)
+  $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -25,5 +25,7 @@ define $(package)_stage_cmds
 endef

 define $(package)_postprocess_cmds
-  rm lib/libprotoc.a
+  rm lib/libprotoc.a &&\
+  rm lib/*.la
 endef
+
--- a/contrib/depends/packages/qt.mk
+++ b/contrib/depends/packages/qt.mk
@@ -1,6 +1,6 @@
 PACKAGE=qt
 $(package)_version=5.7.1
-$(package)_download_path=https://download.qt.io/archive/qt/5.7/5.7.1/submodules
+$(package)_download_path=http://linorg.usp.br/Qt/archive/qt/5.7/5.7.1/submodules
 $(package)_suffix=opensource-src-$($(package)_version).tar.gz
 $(package)_file_name=qtbase-$($(package)_suffix)
 $(package)_sha256_hash=95f83e532d23b3ddbde7973f380ecae1bac13230340557276f75f2e37984e410
--- a/contrib/depends/packages/readline.mk
+++ b/contrib/depends/packages/readline.mk
@@ -3,19 +3,22 @@ $(package)_version=8.0
 $(package)_download_path=https://ftp.gnu.org/gnu/readline
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
 $(package)_sha256_hash=e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461
+$(package)_dependencies=ncurses

 define $(package)_set_vars
  $(package)_build_opts=CC="$($(package)_cc)"
-  $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
-  $(package)_config_opts=--prefix=$(host_prefix)
-  $(package)_config_opts+=--disable-shared --enable-multibye --without-purify --without-curses
+  $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" LDFLAGS="-L$(host_prefix)/lib" ARFLAGS=$($(package)_arflags)
+  $(package)_config_env_darwin=RANLIB="$(host_prefix)/native/bin/x86_64-apple-darwin11-ranlib" AR="$(host_prefix)/native/bin/x86_64-apple-darwin11-ar" CC="$(host_prefix)/native/bin/$($(package)_cc)"
+  $(package)_config_opts+=--prefix=$(host_prefix)
+  $(package)_config_opts+=--exec-prefix=$(host_prefix)
+  $(package)_config_opts+=--host=$(HOST)
+  $(package)_config_opts+=--disable-shared --with-curses
  $(package)_config_opts_release=--disable-debug-mode
+  $(package)_config_opts_darwin+=RANLIB="$(host_prefix)/native/bin/x86_64-apple-darwin11-ranlib" AR="$(host_prefix)/native/bin/x86_64-apple-darwin11-ar" CC="$(host_prefix)/native/bin/$($(package)_cc)"
  $(package)_build_opts=CFLAGS="$($(package)_cflags) $($(package)_cppflags) -fPIC"
 endef

 define $(package)_config_cmds
-  export bash_cv_have_mbstate_t=yes &&\
-  export bash_cv_wcwidth_broken=yes &&\
  ./configure $($(package)_config_opts)
 endef

@@ -24,6 +27,6 @@ define $(package)_build_cmds
 endef

 define $(package)_stage_cmds
-  $(MAKE) DESTDIR=$($(package)_staging_dir) install
+  $(MAKE) install DESTDIR=$($(package)_staging_dir) prefix=$(host_prefix) exec-prefix=$(host_prefix)
 endef

--- a/contrib/depends/packages/sodium-darwin.mk
+++ b/contrib/depends/packages/sodium-darwin.mk
@@ -1,25 +0,0 @@
-package=sodium-darwin
-$(package)_version=1.0.16
-$(package)_download_path=https://download.libsodium.org/libsodium/releases/
-$(package)_file_name=libsodium-$($(package)_version).tar.gz
-$(package)_sha256_hash=eeadc7e1e1bcef09680fb4837d448fbdf57224978f865ac1c16745868fbd0533
-
-define $(package)_set_vars
-$(package)_build_opts_darwin=OS=Darwin LIBTOOL="$($(package)_libtool)"
-$(package)_config_opts=--enable-static --disable-shared
-$(package)_config_opts+=--prefix=$(host_prefix)
-endef
-
-define $(package)_config_cmds
-  ./autogen.sh &&\
-  $($(package)_autoconf) $($(package)_config_opts) RANLIB="$(host_prefix)/native/bin/x86_64-apple-darwin11-ranlib" AR="$(host_prefix)/native/bin/x86_64-apple-darwin11-ar" CC="$(host_prefix)/native/bin/$($(package)_cc)"
-endef
-
-define $(package)_build_cmds
-  echo "path is problematic here" &&\
-  make
-endef
-
-define $(package)_stage_cmds
-  $(MAKE) DESTDIR=$($(package)_staging_dir) install
-endef
--- a/contrib/depends/packages/sodium.mk
+++ b/contrib/depends/packages/sodium.mk
@@ -1,19 +1,22 @@
 package=sodium
-$(package)_version=1.0.16
+$(package)_version=1.0.18
 $(package)_download_path=https://download.libsodium.org/libsodium/releases/
 $(package)_file_name=libsodium-$($(package)_version).tar.gz
-$(package)_sha256_hash=eeadc7e1e1bcef09680fb4837d448fbdf57224978f865ac1c16745868fbd0533
-$(package)_patches=fix-whitespace.patch
+$(package)_sha256_hash=6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1
+$(package)_patches=disable-glibc-getrandom-getentropy.patch fix-whitespace.patch

 define $(package)_set_vars
 $(package)_config_opts=--enable-static --disable-shared
 $(package)_config_opts+=--prefix=$(host_prefix)
+$(package)_config_opts_android=RANLIB=$($(package)_ranlib) AR=$($(package)_ar) CC=$($(package)_cc)
+$(package)_config_opts_darwin=RANLIB="$(host_prefix)/native/bin/x86_64-apple-darwin11-ranlib" AR="$(host_prefix)/native/bin/x86_64-apple-darwin11-ar" CC="$(host_prefix)/native/bin/$($(package)_cc)"
 endef

 define $(package)_config_cmds
+  patch -p1 < $($(package)_patch_dir)/disable-glibc-getrandom-getentropy.patch &&\
  ./autogen.sh &&\
  patch -p1 < $($(package)_patch_dir)/fix-whitespace.patch &&\
-  $($(package)_autoconf) $($(package)_config_opts)
+  $($(package)_autoconf) $($(package)_config_opts) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -23,3 +26,8 @@ endef
 define $(package)_stage_cmds
  $(MAKE) DESTDIR=$($(package)_staging_dir) install
 endef
+
+define $(package)_postprocess_cmds
+  rm lib/*.la
+endef
+
--- a/contrib/depends/packages/unwind.mk
+++ b/contrib/depends/packages/unwind.mk
@@ -3,11 +3,16 @@ $(package)_version=1.2
 $(package)_download_path=https://download.savannah.nongnu.org/releases/libunwind
 $(package)_file_name=lib$(package)-$($(package)_version).tar.gz
 $(package)_sha256_hash=1de38ffbdc88bd694d10081865871cd2bfbb02ad8ef9e1606aee18d65532b992
+$(package)_patches=fix_obj_order.patch
+
+define $(package)_preprocess_cmds
+  patch -p0 < $($(package)_patch_dir)/fix_obj_order.patch
+endef

 define $(package)_config_cmds
  cp -f $(BASEDIR)/config.guess config/config.guess &&\
  cp -f $(BASEDIR)/config.sub config/config.sub &&\
-  $($(package)_autoconf) --disable-shared --enable-static
+  $($(package)_autoconf) --disable-shared --enable-static AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -19,4 +24,6 @@ define $(package)_stage_cmds
 endef

 define $(package)_postprocess_cmds
+  rm lib/*.la
 endef
+
--- a/contrib/depends/packages/zeromq.mk
+++ b/contrib/depends/packages/zeromq.mk
@@ -1,24 +1,26 @@
 package=zeromq
-$(package)_version=4.1.5
+$(package)_version=4.1.7
 $(package)_download_path=https://github.com/zeromq/zeromq4-1/releases/download/v$($(package)_version)/
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=04aac57f081ffa3a2ee5ed04887be9e205df3a7ddade0027460b8042432bdbcf
-$(package)_patches=9114d3957725acd34aa8b8d011585812f3369411.patch 9e6745c12e0b100cd38acecc16ce7db02905e27c.patch
+$(package)_sha256_hash=31c383cfcd3be1dc8a66e448c403029e793687e70473b89c4cc0bd626e7da299
+$(package)_patches=9114d3957725acd34aa8b8d011585812f3369411.patch 9e6745c12e0b100cd38acecc16ce7db02905e27c.patch ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch

 define $(package)_set_vars
  $(package)_config_opts=--without-documentation --disable-shared --without-libsodium --disable-curve
  $(package)_config_opts_linux=--with-pic
+  $(package)_config_opts_freebsd=--with-pic
  $(package)_cxxflags=-std=c++11
 endef

 define $(package)_preprocess_cmds
  patch -p1 < $($(package)_patch_dir)/9114d3957725acd34aa8b8d011585812f3369411.patch && \
  patch -p1 < $($(package)_patch_dir)/9e6745c12e0b100cd38acecc16ce7db02905e27c.patch && \
+  patch -p1 < $($(package)_patch_dir)/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch && \
  ./autogen.sh
 endef

 define $(package)_config_cmds
-  $($(package)_autoconf)
+  $($(package)_autoconf) AR_FLAGS=$($(package)_arflags)
 endef

 define $(package)_build_cmds
@@ -30,5 +32,7 @@ define $(package)_stage_cmds
 endef

 define $(package)_postprocess_cmds
-  rm -rf bin share
+  rm -rf bin share &&\
+  rm lib/*.la
 endef
+
--- a/contrib/depends/patches/boost/fix_aroptions.patch
+++ b/contrib/depends/patches/boost/fix_aroptions.patch
@@ -0,0 +1,28 @@
+--- boost_1_64_0/tools/build/src/tools/gcc.jam.O	2017-04-17 03:22:26.000000000 +0100
+++ boost_1_64_0/tools/build/src/tools/gcc.jam	2019-11-15 15:46:16.957937137 +0000
+@@ -243,6 +243,8 @@
+     {
+         ECHO notice: using gcc archiver :: $(condition) :: $(archiver[1]) ;
+     }
+    local arflags = [ feature.get-values <arflags> : $(options) ] ;
+    toolset.flags gcc.archive .ARFLAGS $(condition) : $(arflags) ;
+ 
+     # - Ranlib.
+     local ranlib = [ common.get-invocation-command gcc
+@@ -970,6 +972,7 @@
+ # logic in intel-linux, but that is hardly worth the trouble as on Linux, 'ar'
+ # is always available.
+ .AR = ar ;
+.ARFLAGS = rc ;
+ .RANLIB = ranlib ;
+ 
+ toolset.flags gcc.archive AROPTIONS <archiveflags> ;
+@@ -1011,7 +1014,7 @@
+ #
+ actions piecemeal archive
+ {
+-    "$(.AR)" $(AROPTIONS) rc "$(<)" "$(>)"
+    "$(.AR)" $(AROPTIONS) $(.ARFLAGS) "$(<)" "$(>)"
+     "$(.RANLIB)" "$(<)"
+ }
+ 
--- a/contrib/depends/patches/native_cctools/skip_otool.patch
+++ b/contrib/depends/patches/native_cctools/skip_otool.patch
@@ -0,0 +1,12 @@
+--- cctools/Makefile.am.O	2016-06-09 15:06:16.000000000 +0100
+++ cctools/Makefile.am	2019-11-18 08:59:20.078663220 +0000
+@@ -1,7 +1,7 @@
+ if ISDARWIN
+-SUBDIRS=libstuff ar as misc otool ld64 $(LD_CLASSIC)
+SUBDIRS=libstuff ar as misc ld64 $(LD_CLASSIC)
+ else
+-SUBDIRS=libstuff ar as misc libobjc2 otool ld64 $(LD_CLASSIC)
+SUBDIRS=libstuff ar as misc ld64 $(LD_CLASSIC)
+ endif
+ 
+ ACLOCAL_AMFLAGS = -I m4
--- a/contrib/depends/patches/ncurses/fallback.c
+++ b/contrib/depends/patches/ncurses/fallback.c
--- a/contrib/depends/patches/sodium/disable-glibc-getrandom-getentropy.patch
+++ b/contrib/depends/patches/sodium/disable-glibc-getrandom-getentropy.patch
@@ -0,0 +1,25 @@
+diff --git a/configure.ac b/configure.ac
+index 9e2de27c..0fa85c2d 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -807,6 +807,10 @@ AS_IF([test "x$EMSCRIPTEN" = "x"],[
+ # include <sys/random.h>
+ #endif
+ ]], [[
+#ifdef __linux__
+# error getrandom() is currently disabled on Linux to support glibc < 2.25
+#endif
+
+ unsigned char buf;
+ (void) getrandom((void *) &buf, 1U, 0U);
+   ]])],
+@@ -825,6 +829,9 @@ unsigned char buf;
+ # include <sys/random.h>
+ #endif
+ ]], [[
+#ifdef __linux__
+# error getentropy() is currently disabled on Linux to support glibc < 2.25
+#endif
+ #ifdef __APPLE__
+ # error getentropy() is currently disabled on Apple operating systems
+ #endif
--- a/contrib/depends/patches/sodium/fix-whitespace.patch
+++ b/contrib/depends/patches/sodium/fix-whitespace.patch
@@ -5,8 +5,8 @@ index b29f769..ca008ae 100755
@@ -591,7 +591,7 @@ MAKEFLAGS=
 PACKAGE_NAME='libsodium'
 PACKAGE_TARNAME='libsodium'
- PACKAGE_VERSION='1.0.16'
-PACKAGE_STRING='libsodium 1.0.16'
+ PACKAGE_VERSION='1.0.18'
+-PACKAGE_STRING='libsodium 1.0.18'
 +PACKAGE_STRING='libsodium'
 PACKAGE_BUGREPORT='https://github.com/jedisct1/libsodium/issues'
 PACKAGE_URL='https://github.com/jedisct1/libsodium'
--- a/contrib/depends/patches/unwind/fix_obj_order.patch
+++ b/contrib/depends/patches/unwind/fix_obj_order.patch
@@ -0,0 +1,11 @@
+--- config/ltmain.sh.O	2017-01-13 16:00:54.000000000 +0000
+++ config/ltmain.sh	2019-11-17 06:46:51.994402494 +0000
+@@ -7957,6 +7957,8 @@
+ 	    esac
+ 	  done
+ 	fi
+	oldobjs=`for obj in $oldobjs; do echo $obj; done | sort`
+	oldobjs=" `echo $oldobjs`"
+ 	eval cmds=\"$old_archive_cmds\"
+ 
+ 	func_len " $cmds"
--- a/contrib/depends/patches/zeromq/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch
+++ b/contrib/depends/patches/zeromq/ffe62d3398d5e0191f554f61049aa7ec9fc892ae.patch
@@ -0,0 +1,38 @@
+From ffe62d3398d5e0191f554f61049aa7ec9fc892ae Mon Sep 17 00:00:00 2001
+From: Gregory Lemercier <greglemercier@free.fr>
+Date: Sun, 7 Oct 2018 18:06:54 +0200
+Subject: [PATCH] Fix build on arm64 architectures with some strict compilers
+
+This patch fixes an issue that occurs on 64-bit architetures under
+strict compiler rules. The code initially checked that the received
+size stored in 'uint64_t' was not bigger than the max value of a
+'size_t' variable, which is legitimate on 32-bit architectures where
+'size_t' variables are stored on 32 bits. On 64-bit architectures,
+this test no longer makes sense since 'uint64_t' and 'size_t' types
+have the same size. The issue is fixed by ignoring this portion
+of code when built for arm64.
+---
+ src/v1_decoder.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/v1_decoder.cpp b/src/v1_decoder.cpp
+index b002dc9d..2c8c97a7 100644
+--- a/src/v1_decoder.cpp
+++ b/src/v1_decoder.cpp
+@@ -114,11 +114,13 @@ int zmq::v1_decoder_t::eight_byte_size_ready ()
+         return -1;
+     }
+ 
+#ifndef __aarch64__
+     //  Message size must fit within range of size_t data type.
+     if (payload_length - 1 > std::numeric_limits <size_t>::max ()) {
+         errno = EMSGSIZE;
+         return -1;
+     }
+#endif
+ 
+     const size_t msg_size = static_cast <size_t> (payload_length - 1);
+ 
+-- 
+2.20.1
+
--- a/contrib/depends/toolchain.cmake.in
+++ b/contrib/depends/toolchain.cmake.in
@@ -1,5 +1,6 @@
-# Set the system name, either Darwin, Linux, or Windows
+# Set the system name to one of Android, Darwin, FreeBSD, Linux, or Windows
 SET(CMAKE_SYSTEM_NAME @depends@)
+SET(CMAKE_SYSTEM_PROCESSOR @arch@)
 SET(CMAKE_BUILD_TYPE @release_type@)

 OPTION(STATIC "Link libraries statically" ON)
@@ -8,6 +9,7 @@ OPTION(BUILD_TESTS "Build tests." OFF)

 SET(STATIC ON)
 SET(UNBOUND_STATIC ON)
+SET(ARCH "default")

 SET(BUILD_TESTS @build_tests@)
 SET(TREZOR_DEBUG @build_tests@)
@@ -17,14 +19,19 @@ SET(CMAKE_FIND_ROOT_PATH @prefix@ /usr)

 SET(ENV{PKG_CONFIG_PATH} @prefix@/lib/pkgconfig)

+SET(Readline_ROOT_DIR @prefix@)
+SET(Readline_INCLUDE_DIR @prefix@/include)
+SET(Readline_LIBRARY @prefix@/lib/libreadline.a)
+SET(Terminfo_LIBRARY @prefix@/lib/libtinfo.a)
+
 SET(LRELEASE_PATH @prefix@/native/bin CACHE FILEPATH "path to lrelease" FORCE)

-SET(Readline_ROOT_DIR @prefix@)
-
+if(NOT CMAKE_SYSTEM_NAME STREQUAL "Android")
 SET(LIBUNWIND_INCLUDE_DIR @prefix@/include)
 SET(LIBUNWIND_LIBRARIES @prefix@/lib/libunwind.a)
 SET(LIBUNWIND_LIBRARY_DIRS @prefix@/lib)

+if(NOT CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
 SET(LIBUSB-1.0_LIBRARY @prefix@/lib/libusb-1.0.a)
 SET(LIBUDEV_LIBRARY @prefix@/lib/libudev.a)

@@ -33,20 +40,23 @@ SET(Protobuf_PROTOC_EXECUTABLE @prefix@/native/bin/protoc CACHE FILEPATH "Path t
 SET(Protobuf_INCLUDE_DIR @prefix@/include CACHE PATH "Protobuf include dir")
 SET(Protobuf_INCLUDE_DIRS @prefix@/include CACHE PATH "Protobuf include dir")
 SET(Protobuf_LIBRARY @prefix@/lib/libprotobuf.a CACHE FILEPATH "Protobuf library")
+endif()
+
+endif()

 SET(ZMQ_INCLUDE_PATH @prefix@/include)
 SET(ZMQ_LIB @prefix@/lib/libzmq.a)

-SET(BOOST_IGNORE_SYSTEM_PATHS_DEFAULT ON)
-SET(BOOST_IGNORE_SYSTEM_PATH ON)
+SET(Boost_IGNORE_SYSTEM_PATH ON)
 SET(BOOST_ROOT @prefix@)
+SET(BOOST_INCLUDEDIR @prefix@/include)
 SET(BOOST_LIBRARYDIR @prefix@/lib)
-SET(BOOST_IGNORE_SYSTEM_PATHS_DEFAULT OFF)
-SET(BOOST_NO_SYSTEM_PATHS TRUE)
-SET(BOOST_USE_STATIC_LIBS TRUE)
-SET(BOOST_USE_STATIC_RUNTIME TRUE)
+SET(Boost_IGNORE_SYSTEM_PATHS_DEFAULT OFF)
+SET(Boost_NO_SYSTEM_PATHS ON)
+SET(Boost_USE_STATIC_LIBS ON)
+SET(Boost_USE_STATIC_RUNTIME ON)

-SET(OpenSSL_DIR @prefix@/lib)
+SET(OPENSSL_ROOT_DIR @prefix@)
 SET(ARCHITECTURE @arch@)

 # for libraries and headers in the target directories
@@ -54,14 +64,14 @@ set (CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) # Find programs on host
 set (CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) # Find libs in target
 set (CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) # Find includes in target

-set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_HOST_SYSTEM_PROCESSOR} CACHE STRING "" FORCE)
-
 # specify the cross compiler to be used. Darwin uses clang provided by the SDK.
 if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
  SET(CMAKE_C_COMPILER @prefix@/native/bin/clang)
  SET(CMAKE_C_COMPILER_TARGET x86_64-apple-darwin11)
  SET(CMAKE_CXX_COMPILER @prefix@/native/bin/clang++ -stdlib=libc++)
  SET(CMAKE_CXX_COMPILER_TARGET x86_64-apple-darwin11)
+  SET(CMAKE_ASM_COMPILER_TARGET x86_64-apple-darwin11)
+  SET(CMAKE_ASM-ATT_COMPILER_TARGET x86_64-apple-darwin11)
  SET(_CMAKE_TOOLCHAIN_PREFIX x86_64-apple-darwin11-)
  SET(APPLE True)
  SET(BUILD_TAG "mac-x64")
@@ -74,6 +84,22 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
  SET(CMAKE_OSX_ARCHITECTURES "x86_64")
  SET(LLVM_ENABLE_PIC OFF)
  SET(LLVM_ENABLE_PIE OFF)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Android")
+  SET(ANDROID TRUE)
+  if(ARCHITECTURE STREQUAL "arm")
+    SET(CMAKE_ANDROID_ARCH_ABI "armeabi-v7a")
+    SET(CMAKE_SYSTEM_PROCESSOR "armv7-a")
+    SET(CMAKE_ANDROID_ARM_MODE ON)
+    SET(CMAKE_C_COMPILER_TARGET arm-linux-androideabi)
+    SET(CMAKE_CXX_COMPILER_TARGET arm-linux-androideabi)
+    SET(_CMAKE_TOOLCHAIN_PREFIX arm-linux-androideabi-)
+  elseif(ARCHITECTURE STREQUAL "aarch64")
+    SET(CMAKE_ANDROID_ARCH_ABI "arm64-v8a")
+    SET(CMAKE_SYSTEM_PROCESSOR "aarch64")
+  endif()
+  SET(CMAKE_ANDROID_STANDALONE_TOOLCHAIN @prefix@/native)
+  SET(CMAKE_C_COMPILER "${_CMAKE_TOOLCHAIN_PREFIX}clang")
+  SET(CMAKE_CXX_COMPILER "${_CMAKE_TOOLCHAIN_PREFIX}clang++")
 else()
  SET(CMAKE_C_COMPILER @CC@)
  SET(CMAKE_CXX_COMPILER @CXX@)
@@ -85,22 +111,47 @@ if(ARCHITECTURE STREQUAL "arm")
  set(ARM_ID "armv7-a")
  set(BUILD_64 OFF)
  set(CMAKE_BUILD_TYPE release)
-  set(BUILD_TAG "linux-armv7")
+  if(ANDROID)
+    set(BUILD_TAG "android-armv7")
+  else()
+    set(BUILD_TAG "linux-armv7")
+  endif()
  set(ARM7)
 elseif(ARCHITECTURE STREQUAL "aarch64")
  set(ARCH "armv8-a")
  set(ARM ON)
  set(ARM_ID "armv8-a")
-  set(BUILD_TAG "linux-armv8")
+  if(ANDROID)
+    set(BUILD_TAG "android-armv8")
+  else()
+    set(BUILD_TAG "linux-armv8")
+  endif()
  set(BUILD_64 ON)
 endif()

-if(ARCHITECTURE STREQUAL "i686" AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
-  SET(LINUX_32 ON)
-  SET(ARCH_ID "i386")
+if(ARCHITECTURE STREQUAL "riscv64")
+    set(NO_AES ON)
+    set(ARCH "rv64imafdc")
 endif()

-if(ARCHITECTURE STREQUAL "x86_64" AND CMAKE_SYSTEM_NAME STREQUAL "Linux")
+if(ARCHITECTURE STREQUAL "i686")
+  SET(ARCH_ID "i386")
+  if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    set(BUILD_TAG "linux-x86")
+    SET(LINUX_32 ON)
+  elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+    set(BUILD_TAG "win-x32")
+  endif()
+endif()
+
+if(ARCHITECTURE STREQUAL "x86_64")
+  if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    set(BUILD_TAG "linux-x64")
+  elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
+    set(BUILD_TAG "freebsd-x64")
+  elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+    set(BUILD_TAG "win-x64")
+  endif()
  SET(ARCH_ID "x86_64")
 endif()

--- a/contrib/epee/CMakeLists.txt
+++ b/contrib/epee/CMakeLists.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2014-2019, The Monero Project
+# Copyright (c) 2014-2020, The Monero Project
 # 
 # All rights reserved.
 # 
--- a/contrib/epee/demo/iface/transport_defs.h
+++ b/contrib/epee/demo/iface/transport_defs.h
@@ -218,7 +218,7 @@ namespace demo

    s.m_subobj.m_str = "subszzzzzzzz";
    s.m_list_of_self.push_back(s);
-    s.m_storage_entry_int = epee::serialization::storage_entry(uint64_t(22222));;
+    s.m_storage_entry_int = epee::serialization::storage_entry(uint64_t(22222));
    s.m_storage_entry_string = epee::serialization::storage_entry(std::string("sdsvsdvs"));
    return s;
  }
--- a/contrib/epee/include/byte_slice.h
+++ b/contrib/epee/include/byte_slice.h
@@ -0,0 +1,177 @@
+// Copyright (c) 2019-2020, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+#include <cstddef>
+#include <cstdint>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include "span.h"
+
+namespace epee
+{
+  struct byte_slice_data;
+  class byte_stream;
+
+  struct release_byte_slice
+  {
+    //! For use with `zmq_message_init_data`, use second arg for buffer pointer.
+    static void call(void*, void* ptr) noexcept;
+    void operator()(byte_slice_data* ptr) const noexcept
+    {
+      call(nullptr, ptr);
+    }
+  };
+
+  //! Frees ref count + buffer allocated internally by `byte_buffer`.
+  struct release_byte_buffer
+  {
+    void operator()(std::uint8_t* buf) const noexcept;
+  };
+
+  /*! Inspired by slices in golang. Storage is thread-safe reference counted,
+      allowing for cheap copies or range selection on the bytes. The bytes
+      owned by this class are always immutable.
+
+      The functions `operator=`, `take_slice` and `remove_prefix` may alter the
+      reference count for the backing store, which will invalidate pointers
+      previously returned if the reference count is zero. Be careful about
+      "caching" pointers in these circumstances. */
+  class byte_slice
+  {
+    /* A custom reference count is used instead of shared_ptr because it allows
+       for an allocation optimization for the span constructor. This also
+       reduces the size of this class by one pointer. */
+    std::unique_ptr<byte_slice_data, release_byte_slice> storage_;
+    span<const std::uint8_t> portion_; // within storage_
+
+    //! Internal use only; use to increase `storage` reference count.
+    byte_slice(byte_slice_data* storage, span<const std::uint8_t> portion) noexcept;
+
+    struct adapt_buffer{};
+
+    template<typename T>
+    explicit byte_slice(const adapt_buffer, T&& buffer);
+
+  public:
+    using value_type = std::uint8_t;
+    using size_type = std::size_t;
+    using difference_type = std::ptrdiff_t;
+    using pointer = const std::uint8_t*;
+    using const_pointer = const std::uint8_t*;
+    using reference = std::uint8_t;
+    using const_reference = std::uint8_t;
+    using iterator = pointer;
+    using const_iterator = const_pointer;
+
+    //! Construct empty slice.
+    byte_slice() noexcept
+      : storage_(nullptr), portion_()
+    {}
+
+    //! Construct empty slice
+    byte_slice(std::nullptr_t) noexcept
+      : byte_slice()
+    {}
+
+    //! Scatter-gather (copy) multiple `sources` into a single allocated slice.
+    explicit byte_slice(std::initializer_list<span<const std::uint8_t>> sources);
+
+    //! Convert `buffer` into a slice using one allocation for shared count.
+    explicit byte_slice(std::vector<std::uint8_t>&& buffer);
+
+    //! Convert `buffer` into a slice using one allocation for shared count.
+    explicit byte_slice(std::string&& buffer);
+
+    //! Convert `stream` into a slice with zero allocations.
+    explicit byte_slice(byte_stream&& stream) noexcept;
+
+    byte_slice(byte_slice&& source) noexcept;
+    ~byte_slice() noexcept = default;
+
+    //! \note May invalidate previously retrieved pointers.
+    byte_slice& operator=(byte_slice&&) noexcept;
+
+    //! \return A shallow (cheap) copy of the data from `this` slice.
+    byte_slice clone() const noexcept { return {storage_.get(), portion_}; }
+
+    iterator begin() const noexcept { return portion_.begin(); }
+    const_iterator cbegin() const noexcept { return portion_.begin(); }
+
+    iterator end() const noexcept { return portion_.end(); }
+    const_iterator cend() const noexcept { return portion_.end(); }
+
+    bool empty() const noexcept { return storage_ == nullptr; }
+    const std::uint8_t* data() const noexcept { return portion_.data(); }
+    std::size_t size() const noexcept { return portion_.size(); }
+
+    /*! Drop bytes from the beginning of `this` slice.
+
+        \note May invalidate previously retrieved pointers.
+        \post `this->size() = this->size() - std::min(this->size(), max_bytes)`
+        \post `if (this->size() <= max_bytes) this->data() = nullptr`
+        \return Number of bytes removed. */
+    std::size_t remove_prefix(std::size_t max_bytes) noexcept;
+
+    /*! "Take" bytes from the beginning of `this` slice.
+
+        \note May invalidate previously retrieved pointers.
+        \post `this->size() = this->size() - std::min(this->size(), max_bytes)`
+        \post `if (this->size() <= max_bytes) this->data() = nullptr`
+        \return Slice containing the bytes removed from `this` slice. */
+    byte_slice take_slice(std::size_t max_bytes) noexcept;
+
+    /*! Return a shallow (cheap) copy of a slice from `begin` and `end` offsets.
+
+        \throw std::out_of_range If `end < begin`.
+        \throw std::out_of_range If `size() < end`.
+        \return Slice starting at `data() + begin` of size `end - begin`. */
+    byte_slice get_slice(std::size_t begin, std::size_t end) const;
+
+    //! \post `empty()` \return Ownership of ref-counted buffer.
+    std::unique_ptr<byte_slice_data, release_byte_slice> take_buffer() noexcept;
+  };
+
+  //! Alias for a buffer that has space for a `byte_slice` ref count.
+  using byte_buffer = std::unique_ptr<std::uint8_t, release_byte_buffer>;
+
+  /*! \return `buf` with a new size of exactly `length`. New bytes not
+        initialized. A `nullptr` is returned on allocation failure. */
+  byte_buffer byte_buffer_resize(byte_buffer buf, std::size_t length) noexcept;
+
+  /*! Increase `buf` of size `current` by `more` bytes.
+
+    \throw std::range_error if `current + more` exceeds `size_t` bounds.
+    \return Buffer of `current + more` bytes. A `nullptr` is returned on
+      allocation failure. */
+  byte_buffer byte_buffer_increase(byte_buffer buf, std::size_t current, std::size_t more);
+} // epee
+
--- a/contrib/epee/include/byte_stream.h
+++ b/contrib/epee/include/byte_stream.h
@@ -0,0 +1,227 @@
+// Copyright (c) 2020, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+#include <cassert>
+#include <cstdint>
+#include <cstring>
+
+#include "byte_slice.h"
+#include "span.h"
+
+namespace epee
+{
+  /*! \brief A partial drop-in replacement for `std::ostream`.
+
+      Only a few base `std::ostream` functions are implemented - enough for
+      rapidjson output currently.
+
+      Advantages over `std::stringstream` or `rapidjson::StringBuffer`:
+        - The internal buffer can be taken without a copy.
+        - The internal buffer can be given to `byte_slice` with zero
+          allocations for reference count.
+        - The internal buffer can be given to `zmq_msg_data_init` without a
+          copy or extra allocation.
+      an additional advantage over `std::stringstream`:
+        - Construction is significantly faster - the global `std::locale`
+          does not have to be acquired (global thread synchronization), and
+          an extra allocation for `std::stringbuf` is not needed (which is an
+          addition to the buffer inside of that object). */
+  class byte_stream
+  {
+    byte_buffer buffer_;        //! Beginning of buffer
+    std::uint8_t* next_write_;  //! Current write position
+    const std::uint8_t* end_;   //! End of buffer
+    std::size_t increase_size_; //! Minimum buffer size increase
+
+    //! \post `requested <= available()`
+    void overflow(const std::size_t requested);
+
+    //! Ensures that at least `requested` bytes are available.
+    void check(const std::size_t requested)
+    {
+      const std::size_t remaining = available();
+      if (remaining < requested)
+        overflow(requested);
+    }
+
+  public:
+    using char_type = std::uint8_t;
+    using Ch = char_type;
+
+    //! \return Default minimum size increase on buffer overflow
+    static constexpr std::size_t default_increase() noexcept { return 4096; }
+
+    //! Increase internal buffer by at least `byte_stream_increase` bytes.
+    byte_stream() noexcept
+      : byte_stream(default_increase())
+    {}
+
+    //! Increase internal buffer by at least `increase` bytes.
+    explicit byte_stream(const std::size_t increase) noexcept
+      : buffer_(nullptr),
+        next_write_(nullptr),
+        end_(nullptr),
+        increase_size_(increase)
+    {}
+
+    byte_stream(byte_stream&& rhs) noexcept;
+    ~byte_stream() noexcept = default;
+    byte_stream& operator=(byte_stream&& rhs) noexcept;
+
+    //! \return The minimum increase size on buffer overflow
+    std::size_t increase_size() const noexcept { return increase_size_; }
+
+    const std::uint8_t* data() const noexcept { return buffer_.get(); }
+    std::uint8_t* tellp() const noexcept { return next_write_; }
+    std::size_t available() const noexcept { return end_ - next_write_; }
+    std::size_t size() const noexcept { return next_write_ - buffer_.get(); }
+    std::size_t capacity() const noexcept { return end_ - buffer_.get(); }
+
+    //! Compatibility with rapidjson.
+    void Flush() const noexcept
+    {}
+
+    /*! Reserve at least `more` bytes.
+        \post `size() + more <= available()`.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void reserve(const std::size_t more)
+    {
+      check(more);
+    }
+
+    //! Reset write position, but do not release internal memory. \post `size() == 0`.
+    void clear() noexcept { next_write_ = buffer_.get(); }
+
+    /*! Copy `length` bytes starting at `ptr` to end of stream.
+        \throw std::range_error If exceeding max size_t value.
+        \throw std::bad_alloc If allocation fails. */
+    void write(const std::uint8_t* ptr, const std::size_t length)
+    {
+      check(length);
+      std::memcpy(tellp(), ptr, length);
+      next_write_ += length;
+    }
+
+    /*! Copy `length` bytes starting at `ptr` to end of stream.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void write(const char* ptr, const std::size_t length)
+    {
+      write(reinterpret_cast<const std::uint8_t*>(ptr), length);
+    }
+
+    /*! Copy `source` to end of stream.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void write(const epee::span<const std::uint8_t> source)
+    {
+      write(source.data(), source.size());
+    }
+
+    /*! Copy `source` to end of stream.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void write(const epee::span<const char> source)
+    {
+      write(source.data(), source.size());
+    }
+
+    /*! Copy `ch` to end of stream.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void put(const std::uint8_t ch)
+    {
+      check(1);
+      put_unsafe(ch);
+    }
+
+    /*! Copy `ch` to end of stream. Provides rapidjson compatability.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void Put(const std::uint8_t ch)
+    {
+      put(ch);
+    }
+
+    /*! Writes `ch` to end of stream without runtime capacity checks. Must use
+        `reserve` before calling this function. Primarily for use with
+        rapidjson, which writes characters at a time but reserves memory in
+        blocks. Most applications want to use `put` or `write`. */
+    void put_unsafe(const std::uint8_t ch) noexcept
+    {
+      assert(1 <= available());
+      *(tellp()) = ch;
+      ++next_write_;
+    }
+
+    /*! Write `ch` to end of stream `count` times.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void put_n(const std::uint8_t ch, const std::size_t count)
+    {
+      check(count);
+      std::memset(tellp(), count, ch);
+      next_write_ += count;
+    }
+
+    /*! Copy `ch` to end of stream.
+        \throw std::range_error if exceeding max `size_t` value.
+        \throw std::bad_alloc if allocation fails. */
+    void push_back(const std::uint8_t ch)
+    {
+      put(ch);
+    }
+
+    //! \return The internal buffer. \post `size() == capacity() == 0`.
+    byte_buffer take_buffer() noexcept;
+  };
+
+  //! Compatability/optimization for rapidjson.
+
+  inline void PutReserve(byte_stream& dest, const std::size_t length)
+  {
+    dest.reserve(length);
+  }
+
+  //! Compatability/optimization for rapidjson.
+
+  inline void PutUnsafe(byte_stream& dest, const std::uint8_t ch)
+  {
+    dest.put_unsafe(ch);
+  }
+
+  //! Compability/optimization for rapidjson.
+  inline void PutN(byte_stream& dest, const std::uint8_t ch, const std::size_t count)
+  {
+    dest.put_n(ch, count);
+  }
+} // epee
+
--- a/contrib/epee/include/console_handler.h
+++ b/contrib/epee/include/console_handler.h
@@ -45,6 +45,9 @@
  #include "readline_buffer.h"
 #endif

+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "console_handler"
+
 namespace epee
 {
  class async_stdin_reader
@@ -96,7 +99,7 @@ namespace epee
        res = true;
      }

-      if (!eos())
+      if (!eos() && m_read_status != state_cancelled)
        m_read_status = state_init;

      return res;
@@ -122,6 +125,14 @@ namespace epee
      }
    }

+    void cancel()
+    {
+      boost::unique_lock<boost::mutex> lock(m_response_mutex);
+      m_read_status = state_cancelled;
+      m_has_read_request = false;
+      m_response_cv.notify_one();
+    }
+
  private:
    bool start_read()
    {
@@ -162,6 +173,9 @@ namespace epee

      while (m_run.load(std::memory_order_relaxed))
      {
+        if (m_read_status == state_cancelled)
+          return false;
+
        fd_set read_set;
        FD_ZERO(&read_set);
        FD_SET(stdin_fileno, &read_set);
@@ -179,6 +193,9 @@ namespace epee
 #else
      while (m_run.load(std::memory_order_relaxed))
      {
+        if (m_read_status == state_cancelled)
+          return false;
+
        int retval = ::WaitForSingleObject(::GetStdHandle(STD_INPUT_HANDLE), 100);
        switch (retval)
        {
@@ -219,7 +236,8 @@ reread:
            case rdln::full:    break;
            }
 #else
-            std::getline(std::cin, line);
+            if (m_read_status != state_cancelled)
+              std::getline(std::cin, line);
 #endif
            read_ok = !std::cin.eof() && !std::cin.fail();
          }
@@ -303,7 +321,7 @@ eof:
    template<class chain_handler>
    bool run(chain_handler ch_handler, std::function<std::string(void)> prompt, const std::string& usage = "", std::function<void(void)> exit_handler = NULL)
    {
-      return run(prompt, usage, [&](const std::string& cmd) { return ch_handler(cmd); }, exit_handler);
+      return run(prompt, usage, [&](const boost::optional<std::string>& cmd) { return ch_handler(cmd); }, exit_handler);
    }

    void stop()
@@ -312,6 +330,12 @@ eof:
      m_stdin_reader.stop();
    }

+    void cancel()
+    {
+      m_cancel = true;
+      m_stdin_reader.cancel();
+    }
+
    void print_prompt()
    {
      std::string prompt = m_prompt();
@@ -360,18 +384,23 @@ eof:
            std::cout << std::endl;
            break;
          }
+
+          if (m_cancel)
+          {
+            MDEBUG("Input cancelled");
+            cmd_handler(boost::none);
+            m_cancel = false;
+            continue;
+          }
          if (!get_line_ret)
          {
            MERROR("Failed to read line.");
          }
+
          string_tools::trim(command);

          LOG_PRINT_L2("Read command: " << command);
-          if (command.empty())
-          {
-            continue;
-          }
-          else if(cmd_handler(command))
+          if(cmd_handler(command))
          {
            continue;
          }
@@ -401,6 +430,7 @@ eof:
  private:
    async_stdin_reader m_stdin_reader;
    std::atomic<bool> m_running = {true};
+    std::atomic<bool> m_cancel = {false};
    std::function<std::string(void)> m_prompt;
  };

@@ -435,7 +465,7 @@ eof:
  bool run_default_console_handler_no_srv_param(t_server* ptsrv, t_handler handlr, std::function<std::string(void)> prompt, const std::string& usage = "")
  {
    async_console_handler console_handler;
-    return console_handler.run(ptsrv, boost::bind<bool>(no_srv_param_adapter<t_server, t_handler>, _1, _2, handlr), prompt, usage);
+    return console_handler.run(ptsrv, std::bind<bool>(no_srv_param_adapter<t_server, t_handler>, std::placeholders::_1, std::placeholders::_2, handlr), prompt, usage);
  }

  template<class t_server, class t_handler>
@@ -482,8 +512,16 @@ eof:
  class command_handler {
  public:
    typedef boost::function<bool (const std::vector<std::string> &)> callback;
+    typedef boost::function<bool (void)> empty_callback;
    typedef std::map<std::string, std::pair<callback, std::pair<std::string, std::string>>> lookup;

+    command_handler():
+      m_unknown_command_handler([](const std::vector<std::string>&){return false;}),
+      m_empty_command_handler([](){return true;}),
+      m_cancel_handler([](){return true;})
+    {
+    }
+
    std::string get_usage()
    {
      std::stringstream ss;
@@ -505,6 +543,31 @@ eof:
      return it->second.second;
    }

+    std::vector<std::string> get_command_list(const std::vector<std::string>& keywords = std::vector<std::string>())
+    {
+      std::vector<std::string> list;
+      list.reserve(m_command_handlers.size());
+      for(auto const& x:m_command_handlers)
+      {
+        bool take = true;
+        for(auto const& y:keywords)
+        {
+          bool in_usage = x.second.second.first.find(y) != std::string::npos;
+          bool in_description = x.second.second.second.find(y) != std::string::npos;
+          if (!(in_usage || in_description))
+          {
+            take = false;
+            break;
+          }
+        }
+        if (take)
+        {
+          list.push_back(x.first);
+        }
+      }
+      return list;
+    }
+
    void set_handler(const std::string& cmd, const callback& hndlr, const std::string& usage = "", const std::string& description = "")
    {
      lookup::mapped_type & vt = m_command_handlers[cmd];
@@ -516,25 +579,45 @@ eof:
 #endif
    }

+    void set_unknown_command_handler(const callback& hndlr)
+    {
+      m_unknown_command_handler = hndlr;
+    }
+
+    void set_empty_command_handler(const empty_callback& hndlr)
+    {
+      m_empty_command_handler = hndlr;
+    }
+
+    void set_cancel_handler(const empty_callback& hndlr)
+    {
+      m_cancel_handler = hndlr;
+    }
+
    bool process_command_vec(const std::vector<std::string>& cmd)
    {
-      if(!cmd.size())
-        return false;
+      if(!cmd.size() || (cmd.size() == 1 && !cmd[0].size()))
+        return m_empty_command_handler();
      auto it = m_command_handlers.find(cmd.front());
      if(it == m_command_handlers.end())
-        return false;
+        return m_unknown_command_handler(cmd);
      std::vector<std::string> cmd_local(cmd.begin()+1, cmd.end());
      return it->second.first(cmd_local);
    }

-    bool process_command_str(const std::string& cmd)
+    bool process_command_str(const boost::optional<std::string>& cmd)
    {
+      if (!cmd)
+        return m_cancel_handler();
      std::vector<std::string> cmd_v;
-      boost::split(cmd_v,cmd,boost::is_any_of(" "), boost::token_compress_on);
+      boost::split(cmd_v,*cmd,boost::is_any_of(" "), boost::token_compress_on);
      return process_command_vec(cmd_v);
    }
  private:
    lookup m_command_handlers;
+    callback m_unknown_command_handler;
+    empty_callback m_empty_command_handler;
+    empty_callback m_cancel_handler;
  };

  /************************************************************************/
@@ -547,10 +630,21 @@ eof:
    std::unique_ptr<boost::thread> m_console_thread;
    async_console_handler m_console_handler;
  public:
+    ~console_handlers_binder() {
+      try
+      {
+        stop_handling();
+        if (m_console_thread.get() != nullptr)
+        {
+          m_console_thread->join();
+        }
+      }
+      catch (const std::exception &e) { /* ignore */ }
+    }
+
    bool start_handling(std::function<std::string(void)> prompt, const std::string& usage_string = "", std::function<void(void)> exit_handler = NULL)
    {
      m_console_thread.reset(new boost::thread(boost::bind(&console_handlers_binder::run_handling, this, prompt, usage_string, exit_handler)));
-      m_console_thread->detach();
      return true;
    }
    bool start_handling(const std::string &prompt, const std::string& usage_string = "", std::function<void(void)> exit_handler = NULL)
@@ -565,13 +659,18 @@ eof:

    bool run_handling(std::function<std::string(void)> prompt, const std::string& usage_string, std::function<void(void)> exit_handler = NULL)
    {
-      return m_console_handler.run(boost::bind(&console_handlers_binder::process_command_str, this, _1), prompt, usage_string, exit_handler);
+      return m_console_handler.run(std::bind(&console_handlers_binder::process_command_str, this, std::placeholders::_1), prompt, usage_string, exit_handler);
    }

    void print_prompt()
    {
      m_console_handler.print_prompt();
    }
+
+    void cancel_input()
+    {
+      m_console_handler.cancel();
+    }
  };

  ///* work around because of broken boost bind */
--- a/contrib/epee/include/hex.h
+++ b/contrib/epee/include/hex.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2019, The Monero Project
+// Copyright (c) 2017-2020, The Monero Project
 //
 // All rights reserved.
 //
@@ -51,12 +51,22 @@ namespace epee
    template<std::size_t N>
    static std::array<char, N * 2> array(const std::array<std::uint8_t, N>& src) noexcept
    {
-      std::array<char, N * 2> out{{}};
+      std::array<char, N * 2> out;
      static_assert(N <= 128, "keep the stack size down");
      buffer_unchecked(out.data(), {src.data(), src.size()});
      return out;
    }

+    //! \return An array containing hex of `src`.
+    template<typename T>
+    static std::array<char, sizeof(T) * 2> array(const T& src) noexcept
+    {
+      std::array<char, sizeof(T) * 2> out;
+      static_assert(sizeof(T) <= 128, "keep the stack size down");
+      buffer_unchecked(out.data(), as_byte_span(src));
+      return out;
+    }
+
    //! Append `src` as hex to `out`.
    static void buffer(std::ostream& out, const span<const std::uint8_t> src);

@@ -70,9 +80,20 @@ namespace epee
    static void buffer_unchecked(char* out, const span<const std::uint8_t> src) noexcept;
  };

+  //! Convert hex in UTF8 encoding to binary
  struct from_hex
  {
-      //! \return An std::vector of unsigned integers from the `src`
-      static std::vector<uint8_t> vector(boost::string_ref src);
+    static bool to_string(std::string& out, boost::string_ref src);
+
+    static bool to_buffer(span<std::uint8_t> out, boost::string_ref src) noexcept;
+
+  private:
+    static bool to_buffer_unchecked(std::uint8_t* out, boost::string_ref src) noexcept;
+  };
+
+  //! Convert hex in current C locale encoding to binary
+  struct from_hex_locale
+  {
+      static std::vector<uint8_t> to_vector(boost::string_ref src);
  };
 }
--- a/contrib/epee/include/int-util.h
+++ b/contrib/epee/include/int-util.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
@@ -129,9 +129,32 @@ static inline uint32_t div128_32(uint64_t dividend_hi, uint64_t dividend_lo, uin
  return remainder;
 }

+// Long divisor with 2^64 base
+void div128_64(uint64_t dividend_hi, uint64_t dividend_lo, uint64_t divisor, uint64_t* quotient_hi, uint64_t *quotient_lo, uint64_t *remainder_hi, uint64_t *remainder_lo);
+
+static inline void add64clamp(uint64_t *value, uint64_t add)
+{
+  static const uint64_t maxval = (uint64_t)-1;
+  if (*value > maxval - add)
+    *value = maxval;
+  else
+    *value += add;
+}
+
+static inline void sub64clamp(uint64_t *value, uint64_t sub)
+{
+  if (*value < sub)
+    *value = 0;
+  else
+    *value -= sub;
+}
+
+#define IDENT16(x) ((uint16_t) (x))
 #define IDENT32(x) ((uint32_t) (x))
 #define IDENT64(x) ((uint64_t) (x))

+#define SWAP16(x) ((((uint16_t) (x) & 0x00ff) << 8) | \
+  (((uint16_t) (x) & 0xff00) >> 8))
 #define SWAP32(x) ((((uint32_t) (x) & 0x000000ff) << 24) | \
  (((uint32_t) (x) & 0x0000ff00) <<  8) | \
  (((uint32_t) (x) & 0x00ff0000) >>  8) | \
@@ -145,10 +168,18 @@ static inline uint32_t div128_32(uint64_t dividend_hi, uint64_t dividend_lo, uin
  (((uint64_t) (x) & 0x00ff000000000000) >> 40) | \
  (((uint64_t) (x) & 0xff00000000000000) >> 56))

+static inline uint16_t ident16(uint16_t x) { return x; }
 static inline uint32_t ident32(uint32_t x) { return x; }
 static inline uint64_t ident64(uint64_t x) { return x; }

 #ifndef __OpenBSD__
+#  if defined(__ANDROID__) && defined(__swap16) && !defined(swap16)
+#      define swap16 __swap16
+#  elif !defined(swap16)
+static inline uint16_t swap16(uint16_t x) {
+  return ((x & 0x00ff) << 8) | ((x & 0xff00) >> 8);
+}
+#  endif
 #  if defined(__ANDROID__) && defined(__swap32) && !defined(swap32)
 #      define swap32 __swap32
 #  elif !defined(swap32)
@@ -176,6 +207,12 @@ static inline uint64_t swap64(uint64_t x) {
 static inline void mem_inplace_ident(void *mem UNUSED, size_t n UNUSED) { }
 #undef UNUSED

+static inline void mem_inplace_swap16(void *mem, size_t n) {
+  size_t i;
+  for (i = 0; i < n; i++) {
+    ((uint16_t *) mem)[i] = swap16(((const uint16_t *) mem)[i]);
+  }
+}
 static inline void mem_inplace_swap32(void *mem, size_t n) {
  size_t i;
  for (i = 0; i < n; i++) {
@@ -189,6 +226,9 @@ static inline void mem_inplace_swap64(void *mem, size_t n) {
  }
 }

+static inline void memcpy_ident16(void *dst, const void *src, size_t n) {
+  memcpy(dst, src, 2 * n);
+}
 static inline void memcpy_ident32(void *dst, const void *src, size_t n) {
  memcpy(dst, src, 4 * n);
 }
@@ -196,6 +236,12 @@ static inline void memcpy_ident64(void *dst, const void *src, size_t n) {
  memcpy(dst, src, 8 * n);
 }

+static inline void memcpy_swap16(void *dst, const void *src, size_t n) {
+  size_t i;
+  for (i = 0; i < n; i++) {
+    ((uint16_t *) dst)[i] = swap16(((const uint16_t *) src)[i]);
+  }
+}
 static inline void memcpy_swap32(void *dst, const void *src, size_t n) {
  size_t i;
  for (i = 0; i < n; i++) {
@@ -220,6 +266,14 @@ static_assert(false, "BYTE_ORDER is undefined. Perhaps, GNU extensions are not e
 #endif

 #if BYTE_ORDER == LITTLE_ENDIAN
+#define SWAP16LE IDENT16
+#define SWAP16BE SWAP16
+#define swap16le ident16
+#define swap16be swap16
+#define mem_inplace_swap16le mem_inplace_ident
+#define mem_inplace_swap16be mem_inplace_swap16
+#define memcpy_swap16le memcpy_ident16
+#define memcpy_swap16be memcpy_swap16
 #define SWAP32LE IDENT32
 #define SWAP32BE SWAP32
 #define swap32le ident32
@@ -239,6 +293,14 @@ static_assert(false, "BYTE_ORDER is undefined. Perhaps, GNU extensions are not e
 #endif

 #if BYTE_ORDER == BIG_ENDIAN
+#define SWAP16BE IDENT16
+#define SWAP16LE SWAP16
+#define swap16be ident16
+#define swap16le swap16
+#define mem_inplace_swap16be mem_inplace_ident
+#define mem_inplace_swap16le mem_inplace_swap16
+#define memcpy_swap16be memcpy_ident16
+#define memcpy_swap16le memcpy_swap16
 #define SWAP32BE IDENT32
 #define SWAP32LE SWAP32
 #define swap32be ident32
--- a/contrib/epee/include/math_helper.h
+++ b/contrib/epee/include/math_helper.h
@@ -32,6 +32,7 @@

 #include <list>
 #include <numeric>
+#include <random>
 #include <boost/timer/timer.hpp>
 #include <boost/uuid/uuid.hpp>
 #include <boost/uuid/random_generator.hpp>
@@ -230,7 +231,7 @@ namespace math_helper
 		}

 	}
-	template<uint64_t scale, int default_interval, bool start_immediate = true>
+	template<typename get_interval, bool start_immediate = true>
 	class once_a_time
 	{
    uint64_t get_time() const
@@ -251,14 +252,25 @@ namespace math_helper
 #endif
    }

+    void set_next_interval()
+    {
+      m_interval = get_interval()();
+    }
+
 	public:
-		once_a_time():m_interval(default_interval * scale)
+		once_a_time()
 		{
 			m_last_worked_time = 0;
      if(!start_immediate)
        m_last_worked_time = get_time();
+      set_next_interval();
 		}

+    void trigger()
+    {
+      m_last_worked_time = 0;
+    }
+
 		template<class functor_t>
 		bool do_call(functor_t functr)
 		{
@@ -268,6 +280,7 @@ namespace math_helper
 			{
 				bool res = functr();
 				m_last_worked_time = get_time();
+        set_next_interval();
 				return res;
 			}
 			return true;
@@ -278,9 +291,13 @@ namespace math_helper
 		uint64_t m_interval;
 	};

+  template<uint64_t N> struct get_constant_interval { public: uint64_t operator()() const { return N; } };
+
  template<int default_interval, bool start_immediate = true>
-  class once_a_time_seconds: public once_a_time<1000000, default_interval, start_immediate> {};
+  class once_a_time_seconds: public once_a_time<get_constant_interval<default_interval * (uint64_t)1000000>, start_immediate> {};
  template<int default_interval, bool start_immediate = true>
-  class once_a_time_milliseconds: public once_a_time<1000, default_interval, start_immediate> {};
+  class once_a_time_milliseconds: public once_a_time<get_constant_interval<default_interval * (uint64_t)1000>, start_immediate> {};
+  template<typename get_interval, bool start_immediate = true>
+  class once_a_time_seconds_range: public once_a_time<get_interval, start_immediate> {};
 }
 }
--- a/contrib/epee/include/md5_l.h
+++ b/contrib/epee/include/md5_l.h
@@ -85,7 +85,7 @@ namespace md5
 		MD5Update( &ctx, input, ilen );
 		MD5Final( output, &ctx);

-		memset( &ctx, 0, sizeof( MD5_CTX) );
+		memwipe( &ctx, sizeof( MD5_CTX ));
 		return true;
 	}

--- a/contrib/epee/include/md5_l.inl
+++ b/contrib/epee/include/md5_l.inl
@@ -277,7 +277,7 @@ namespace md5
 		/* Zeroize sensitive information.

 		*/
-		MD5_memset ((POINTER)context, 0, sizeof (*context)); 
+		memwipe ((POINTER)context, sizeof (*context));
 	}

 	/* MD5 basic transformation. Transforms state based on block.
@@ -369,7 +369,7 @@ namespace md5

 		/* Zeroize sensitive information.
 		*/
-		MD5_memset ((POINTER)x, 0, sizeof (x)); 
+		memwipe ((POINTER)x, sizeof (x));
 	}

 	/* Note: Replace "for loop" with standard memcpy if possible.
@@ -431,9 +431,9 @@ namespace md5
 		MD5Update(&hmac->octx, k_opad, 64);     /* apply outer pad */

 		/* scrub the pads and key context (if used) */
-		MD5_memset( (POINTER)&k_ipad, 0, sizeof(k_ipad));
-		MD5_memset( (POINTER)&k_opad, 0, sizeof(k_opad));
-		MD5_memset( (POINTER)&tk, 0, sizeof(tk));
+		memwipe( (POINTER)&k_ipad, sizeof(k_ipad));
+		memwipe( (POINTER)&k_opad, sizeof(k_opad));
+		memwipe( (POINTER)&tk, sizeof(tk));

 		/* and we're done. */
 	}
@@ -459,7 +459,7 @@ namespace md5
 			state->istate[lupe] = htonl(hmac.ictx.state[lupe]);
 			state->ostate[lupe] = htonl(hmac.octx.state[lupe]);
 		}
-		MD5_memset( (POINTER)&hmac, 0, sizeof(hmac));
+		memwipe( (POINTER)&hmac, sizeof(hmac));
 	}


--- a/contrib/epee/include/memwipe.h
+++ b/contrib/epee/include/memwipe.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2019, The Monero Project
+// Copyright (c) 2017-2020, The Monero Project
 // 
 // All rights reserved.
 // 
--- a/contrib/epee/include/misc_language.h
+++ b/contrib/epee/include/misc_language.h
@@ -106,6 +106,14 @@ namespace misc_utils
 		return true;
 	}

+  template <typename T>
+  T get_mid(const T &a, const T &b)
+  {
+    //returns the average of two numbers; overflow safe and works with at least all integral and floating point types
+    //(a+b)/2 = (a/2) + (b/2) + ((a - 2*(a/2)) + (b - 2*(b/2)))/2
+    return (a/2) + (b/2) + ((a - 2*(a/2)) + (b - 2*(b/2)))/2;
+  }
+
  template<class type_vec_type>
  type_vec_type median(std::vector<type_vec_type> &v)
  {
@@ -122,7 +130,7 @@ namespace misc_utils
      return v[n];
    }else 
    {//2, 4, 6...
-      return (v[n-1] + v[n])/2;
+      return get_mid<type_vec_type>(v[n-1],v[n]);
    }

  }
--- a/contrib/epee/include/misc_log_ex.h
+++ b/contrib/epee/include/misc_log_ex.h
@@ -28,6 +28,8 @@
 #ifndef _MISC_LOG_EX_H_
 #define _MISC_LOG_EX_H_

+#ifdef __cplusplus
+
 #include <string>

 #include "easylogging++.h"
@@ -38,29 +40,29 @@
 #define MAX_LOG_FILE_SIZE 104850000 // 100 MB - 7600 bytes
 #define MAX_LOG_FILES 50

-#define MCLOG_TYPE(level, cat, type, x) do { \
+#define MCLOG_TYPE(level, cat, color, type, x) do { \
    if (ELPP->vRegistry()->allowed(level, cat)) { \
-      el::base::Writer(level, __FILE__, __LINE__, ELPP_FUNC, type).construct(cat) << x; \
+      el::base::Writer(level, color, __FILE__, __LINE__, ELPP_FUNC, type).construct(cat) << x; \
    } \
  } while (0)

-#define MCLOG(level, cat, x) MCLOG_TYPE(level, cat, el::base::DispatchAction::NormalLog, x)
-#define MCLOG_FILE(level, cat, x) MCLOG_TYPE(level, cat, el::base::DispatchAction::FileOnlyLog, x)
+#define MCLOG(level, cat, color, x) MCLOG_TYPE(level, cat, color, el::base::DispatchAction::NormalLog, x)
+#define MCLOG_FILE(level, cat, x) MCLOG_TYPE(level, cat, el::Color::Default, el::base::DispatchAction::FileOnlyLog, x)

-#define MCFATAL(cat,x) MCLOG(el::Level::Fatal,cat, x)
-#define MCERROR(cat,x) MCLOG(el::Level::Error,cat, x)
-#define MCWARNING(cat,x) MCLOG(el::Level::Warning,cat, x)
-#define MCINFO(cat,x) MCLOG(el::Level::Info,cat, x)
-#define MCDEBUG(cat,x) MCLOG(el::Level::Debug,cat, x)
-#define MCTRACE(cat,x) MCLOG(el::Level::Trace,cat, x)
+#define MCFATAL(cat,x) MCLOG(el::Level::Fatal,cat, el::Color::Default, x)
+#define MCERROR(cat,x) MCLOG(el::Level::Error,cat, el::Color::Default, x)
+#define MCWARNING(cat,x) MCLOG(el::Level::Warning,cat, el::Color::Default, x)
+#define MCINFO(cat,x) MCLOG(el::Level::Info,cat, el::Color::Default, x)
+#define MCDEBUG(cat,x) MCLOG(el::Level::Debug,cat, el::Color::Default, x)
+#define MCTRACE(cat,x) MCLOG(el::Level::Trace,cat, el::Color::Default, x)

-#define MCLOG_COLOR(level,cat,color,x) MCLOG(level,cat,"\033[1;" color "m" << x << "\033[0m")
-#define MCLOG_RED(level,cat,x) MCLOG_COLOR(level,cat,"31",x)
-#define MCLOG_GREEN(level,cat,x) MCLOG_COLOR(level,cat,"32",x)
-#define MCLOG_YELLOW(level,cat,x) MCLOG_COLOR(level,cat,"33",x)
-#define MCLOG_BLUE(level,cat,x) MCLOG_COLOR(level,cat,"34",x)
-#define MCLOG_MAGENTA(level,cat,x) MCLOG_COLOR(level,cat,"35",x)
-#define MCLOG_CYAN(level,cat,x) MCLOG_COLOR(level,cat,"36",x)
+#define MCLOG_COLOR(level,cat,color,x) MCLOG(level,cat,color,x)
+#define MCLOG_RED(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Red,x)
+#define MCLOG_GREEN(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Green,x)
+#define MCLOG_YELLOW(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Yellow,x)
+#define MCLOG_BLUE(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Blue,x)
+#define MCLOG_MAGENTA(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Magenta,x)
+#define MCLOG_CYAN(level,cat,x) MCLOG_COLOR(level,cat,el::Color::Cyan,x)

 #define MLOG_RED(level,x) MCLOG_RED(level,MONERO_DEFAULT_LOG_CATEGORY,x)
 #define MLOG_GREEN(level,x) MCLOG_GREEN(level,MONERO_DEFAULT_LOG_CATEGORY,x)
@@ -75,7 +77,7 @@
 #define MINFO(x) MCINFO(MONERO_DEFAULT_LOG_CATEGORY,x)
 #define MDEBUG(x) MCDEBUG(MONERO_DEFAULT_LOG_CATEGORY,x)
 #define MTRACE(x) MCTRACE(MONERO_DEFAULT_LOG_CATEGORY,x)
-#define MLOG(level,x) MCLOG(level,MONERO_DEFAULT_LOG_CATEGORY,x)
+#define MLOG(level,x) MCLOG(level,MONERO_DEFAULT_LOG_CATEGORY,el::Color::Default,x)

 #define MGINFO(x) MCINFO("global",x)
 #define MGINFO_RED(x) MCLOG_RED(el::Level::Info, "global",x)
@@ -85,14 +87,14 @@
 #define MGINFO_MAGENTA(x) MCLOG_MAGENTA(el::Level::Info, "global",x)
 #define MGINFO_CYAN(x) MCLOG_CYAN(el::Level::Info, "global",x)

-#define IFLOG(level, cat, type, init, x) \
+#define IFLOG(level, cat, color, type, init, x) \
  do { \
    if (ELPP->vRegistry()->allowed(level, cat)) { \
      init; \
-      el::base::Writer(level, __FILE__, __LINE__, ELPP_FUNC, type).construct(cat) << x; \
+      el::base::Writer(level, color, __FILE__, __LINE__, ELPP_FUNC, type).construct(cat) << x; \
    } \
  } while(0)
-#define MIDEBUG(init, x) IFLOG(el::Level::Debug, MONERO_DEFAULT_LOG_CATEGORY, el::base::DispatchAction::NormalLog, init, x)
+#define MIDEBUG(init, x) IFLOG(el::Level::Debug, MONERO_DEFAULT_LOG_CATEGORY, el::Color::Default, el::base::DispatchAction::NormalLog, init, x)


 #define LOG_ERROR(x) MERROR(x)
@@ -220,4 +222,28 @@ void set_console_color(int color, bool bright);
 void reset_console_color();

 }
+
+extern "C"
+{
+
+#endif
+
+#ifdef __GNUC__
+#define ATTRIBUTE_PRINTF __attribute__((format(printf, 2, 3)))
+#else
+#define ATTRIBUTE_PRINTF
+#endif
+
+bool merror(const char *category, const char *format, ...) ATTRIBUTE_PRINTF;
+bool mwarning(const char *category, const char *format, ...) ATTRIBUTE_PRINTF;
+bool minfo(const char *category, const char *format, ...) ATTRIBUTE_PRINTF;
+bool mdebug(const char *category, const char *format, ...) ATTRIBUTE_PRINTF;
+bool mtrace(const char *category, const char *format, ...) ATTRIBUTE_PRINTF;
+
+#ifdef __cplusplus
+
+}
+
+#endif
+
 #endif //_MISC_LOG_EX_H_
--- a/contrib/epee/include/net/abstract_http_client.h
+++ b/contrib/epee/include/net/abstract_http_client.h
@@ -0,0 +1,88 @@
+// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the Andrey N. Sabelnikov nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER  BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once
+
+#include <string>
+#include <boost/optional/optional.hpp>
+#include "http_auth.h"
+#include "net/net_ssl.h"
+
+namespace epee
+{
+namespace net_utils
+{
+  inline const char* get_hex_vals()
+  {
+    static constexpr const char hexVals[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
+    return hexVals;
+  }
+
+  inline const char* get_unsave_chars()
+  {
+    //static constexpr char unsave_chars[] = "\"<>%\\^[]`+$,@:;/!#?=&";
+    static constexpr const char unsave_chars[] = "\"<>%\\^[]`+$,@:;!#&";
+    return unsave_chars;
+  }
+
+  bool is_unsafe(unsigned char compare_char);
+  std::string dec_to_hex(char num, int radix);
+  int get_index(const char *s, char c);
+  std::string hex_to_dec_2bytes(const char *s);
+  std::string convert(char val);
+  std::string conver_to_url_format(const std::string& uri);
+  std::string convert_from_url_format(const std::string& uri);
+  std::string convert_to_url_format_force_all(const std::string& uri);
+
+namespace http
+{
+  class abstract_http_client
+  {
+  public:
+    abstract_http_client() {}
+    virtual ~abstract_http_client() {}
+    bool set_server(const std::string& address, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
+    virtual bool set_proxy(const std::string& address);
+    virtual void set_server(std::string host, std::string port, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect) = 0;
+    virtual void set_auto_connect(bool auto_connect) = 0;
+    virtual bool connect(std::chrono::milliseconds timeout) = 0;
+    virtual bool disconnect() = 0;
+    virtual bool is_connected(bool *ssl = NULL) = 0;
+    virtual bool invoke(const boost::string_ref uri, const boost::string_ref method, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) = 0;
+    virtual bool invoke_get(const boost::string_ref uri, std::chrono::milliseconds timeout, const std::string& body = std::string(), const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) = 0;
+    virtual bool invoke_post(const boost::string_ref uri, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) = 0;
+    virtual uint64_t get_bytes_sent() const = 0;
+    virtual uint64_t get_bytes_received() const = 0;
+  };
+
+  class http_client_factory
+  {
+  public:
+    virtual ~http_client_factory() {}
+    virtual std::unique_ptr<abstract_http_client> create() = 0;
+  };
+}
+}
+}
--- a/contrib/epee/include/net/abstract_tcp_server2.h
+++ b/contrib/epee/include/net/abstract_tcp_server2.h
@@ -48,11 +48,10 @@
 #include <boost/asio.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/array.hpp>
-#include <boost/noncopyable.hpp>
-#include <boost/shared_ptr.hpp>
 #include <boost/enable_shared_from_this.hpp>
 #include <boost/interprocess/detail/atomic.hpp>
 #include <boost/thread/thread.hpp>
+#include "byte_slice.h"
 #include "net_utils_base.h"
 #include "syncobj.h"
 #include "connection_basic.hpp"
@@ -70,7 +69,7 @@ namespace net_utils

  struct i_connection_filter
  {
-    virtual bool is_remote_host_allowed(const epee::net_utils::network_address &address)=0;
+    virtual bool is_remote_host_allowed(const epee::net_utils::network_address &address, time_t *t = NULL)=0;
  protected:
    virtual ~i_connection_filter(){}
  };
@@ -90,25 +89,24 @@ namespace net_utils
  public:
    typedef typename t_protocol_handler::connection_context t_connection_context;

-    struct shared_state : connection_basic_shared_state
+    struct shared_state : connection_basic_shared_state, t_protocol_handler::config_type
    {
      shared_state()
-        : connection_basic_shared_state(), pfilter(nullptr), config(), stop_signal_sent(false)
+        : connection_basic_shared_state(), t_protocol_handler::config_type(), pfilter(nullptr), stop_signal_sent(false)
      {}

      i_connection_filter* pfilter;
-      typename t_protocol_handler::config_type config;
      bool stop_signal_sent;
    };

    /// Construct a connection with the given io_service.
    explicit connection( boost::asio::io_service& io_service,
-                        boost::shared_ptr<shared_state> state,
+                        std::shared_ptr<shared_state> state,
 			t_connection_type connection_type,
 			epee::net_utils::ssl_support_t ssl_support);

    explicit connection( boost::asio::ip::tcp::socket&& sock,
-			 boost::shared_ptr<shared_state> state,
+			 std::shared_ptr<shared_state> state,
 			t_connection_type connection_type,
 			epee::net_utils::ssl_support_t ssl_support);

@@ -135,8 +133,7 @@ namespace net_utils
    
  private:
    //----------------- i_service_endpoint ---------------------
-    virtual bool do_send(const void* ptr, size_t cb); ///< (see do_send from i_service_endpoint)
-    virtual bool do_send_chunk(const void* ptr, size_t cb); ///< will send (or queue) a part of data
+    virtual bool do_send(byte_slice message); ///< (see do_send from i_service_endpoint)
    virtual bool send_done();
    virtual bool close();
    virtual bool call_run_once_service_io();
@@ -145,6 +142,8 @@ namespace net_utils
    virtual bool add_ref();
    virtual bool release();
    //------------------------------------------------------
+    bool do_send_chunk(byte_slice chunk); ///< will send (or queue) a part of data. internal use only
+
    boost::shared_ptr<connection<t_protocol_handler> > safe_shared_from_this();
    bool shutdown();
    /// Handle completion of a receive operation.
@@ -227,8 +226,12 @@ namespace net_utils
    std::map<std::string, t_connection_type> server_type_map;
    void create_server_type_map();

-    bool init_server(uint32_t port, const std::string address = "0.0.0.0", ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
-    bool init_server(const std::string port,  const std::string& address = "0.0.0.0", ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
+    bool init_server(uint32_t port, const std::string& address = "0.0.0.0",
+	uint32_t port_ipv6 = 0, const std::string& address_ipv6 = "::", bool use_ipv6 = false, bool require_ipv4 = true,
+	ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);
+    bool init_server(const std::string port,  const std::string& address = "0.0.0.0",
+	const std::string port_ipv6 = "", const std::string address_ipv6 = "::", bool use_ipv6 = false, bool require_ipv4 = true,
+	ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect);

    /// Run the server's io_service loop.
    bool run_server(size_t threads_count, bool wait = true, const boost::thread::attributes& attrs = boost::thread::attributes());
@@ -265,10 +268,17 @@ namespace net_utils
    typename t_protocol_handler::config_type& get_config_object()
    {
      assert(m_state != nullptr); // always set in constructor
-      return m_state->config;
+      return *m_state;
+    }
+
+    std::shared_ptr<typename t_protocol_handler::config_type> get_config_shared()
+    {
+      assert(m_state != nullptr); // always set in constructor
+      return {m_state};
    }

    int get_binded_port(){return m_port;}
+    int get_binded_port_ipv6(){return m_port_ipv6;}

    long get_connections_count() const
    {
@@ -339,11 +349,13 @@ namespace net_utils
    /// Run the server's io_service loop.
    bool worker_thread();
    /// Handle completion of an asynchronous accept operation.
-    void handle_accept(const boost::system::error_code& e);
+    void handle_accept_ipv4(const boost::system::error_code& e);
+    void handle_accept_ipv6(const boost::system::error_code& e);
+    void handle_accept(const boost::system::error_code& e, bool ipv6 = false);

    bool is_thread_worker();

-    const boost::shared_ptr<typename connection<t_protocol_handler>::shared_state> m_state;
+    const std::shared_ptr<typename connection<t_protocol_handler>::shared_state> m_state;

    /// The io_service used to perform asynchronous operations.
    struct worker
@@ -360,11 +372,16 @@ namespace net_utils

    /// Acceptor used to listen for incoming connections.
    boost::asio::ip::tcp::acceptor acceptor_;
+    boost::asio::ip::tcp::acceptor acceptor_ipv6;
    epee::net_utils::network_address default_remote;

    std::atomic<bool> m_stop_signal_sent;
    uint32_t m_port;
+    uint32_t m_port_ipv6;
    std::string m_address;
+    std::string m_address_ipv6;
+    bool m_use_ipv6;
+    bool m_require_ipv4;
    std::string m_thread_name_prefix; //TODO: change to enum server_type, now used
    size_t m_threads_count;
    std::vector<boost::shared_ptr<boost::thread> > m_threads;
@@ -376,6 +393,8 @@ namespace net_utils

    /// The next connection to be accepted
    connection_ptr new_connection_;
+    connection_ptr new_connection_ipv6;
+

    boost::mutex connections_mutex;
    std::set<connection_ptr> connections_;
--- a/contrib/epee/include/net/abstract_tcp_server2.inl
+++ b/contrib/epee/include/net/abstract_tcp_server2.inl
@@ -32,7 +32,6 @@



-#include <boost/bind.hpp>
 #include <boost/foreach.hpp>
 #include <boost/uuid/random_generator.hpp>
 #include <boost/chrono.hpp>
@@ -50,10 +49,15 @@
 #include <sstream>
 #include <iomanip>
 #include <algorithm>
+#include <functional>
+#include <random>

 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "net"

+#define AGGRESSIVE_TIMEOUT_THRESHOLD 120 // sockets
+#define NEW_CONNECTION_TIMEOUT_LOCAL 1200000 // 2 minutes
+#define NEW_CONNECTION_TIMEOUT_REMOTE 10000 // 10 seconds
 #define DEFAULT_TIMEOUT_MS_LOCAL 1800000 // 30 minutes
 #define DEFAULT_TIMEOUT_MS_REMOTE 300000 // 5 minutes
 #define TIMEOUT_EXTRA_MS_PER_BYTE 0.2
@@ -65,7 +69,7 @@ namespace epee
 namespace net_utils
 {
  template<typename T>
-  T& check_and_get(boost::shared_ptr<T>& ptr)
+  T& check_and_get(std::shared_ptr<T>& ptr)
  {
    CHECK_AND_ASSERT_THROW_MES(bool(ptr), "shared_state cannot be null");
    return *ptr;
@@ -78,7 +82,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)

  template<class t_protocol_handler>
  connection<t_protocol_handler>::connection( boost::asio::io_service& io_service,
-                boost::shared_ptr<shared_state> state,
+                std::shared_ptr<shared_state> state,
 		t_connection_type connection_type,
 		ssl_support_t ssl_support
 	)
@@ -88,13 +92,13 @@ PRAGMA_WARNING_DISABLE_VS(4355)

  template<class t_protocol_handler>
  connection<t_protocol_handler>::connection( boost::asio::ip::tcp::socket&& sock,
-                boost::shared_ptr<shared_state> state,
+                std::shared_ptr<shared_state> state,
 		t_connection_type connection_type,
 		ssl_support_t ssl_support
 	)
 	: 
 		connection_basic(std::move(sock), state, ssl_support),
-		m_protocol_handler(this, check_and_get(state).config, context),
+		m_protocol_handler(this, check_and_get(state), context),
 		buffer_ssl_init_fill(0),
 		m_connection_type( connection_type ),
 		m_throttle_speed_in("speed_in", "throttle_speed_in"),
@@ -142,10 +146,18 @@ PRAGMA_WARNING_DISABLE_VS(4355)
    boost::system::error_code ec;
    auto remote_ep = socket().remote_endpoint(ec);
    CHECK_AND_NO_ASSERT_MES(!ec, false, "Failed to get remote endpoint: " << ec.message() << ':' << ec.value());
-    CHECK_AND_NO_ASSERT_MES(remote_ep.address().is_v4(), false, "IPv6 not supported here");
+    CHECK_AND_NO_ASSERT_MES(remote_ep.address().is_v4() || remote_ep.address().is_v6(), false, "only IPv4 and IPv6 supported here");

-    const unsigned long ip_{boost::asio::detail::socket_ops::host_to_network_long(remote_ep.address().to_v4().to_ulong())};
-    return start(is_income, is_multithreaded, ipv4_network_address{uint32_t(ip_), remote_ep.port()});
+    if (remote_ep.address().is_v4())
+    {
+      const unsigned long ip_ = boost::asio::detail::socket_ops::host_to_network_long(remote_ep.address().to_v4().to_ulong());
+      return start(is_income, is_multithreaded, ipv4_network_address{uint32_t(ip_), remote_ep.port()});
+    }
+    else
+    {
+      const auto ip_ = remote_ep.address().to_v6();
+      return start(is_income, is_multithreaded, ipv6_network_address{ip_, remote_ep.port()});
+    }
    CATCH_ENTRY_L0("connection<t_protocol_handler>::start()", false);
  }
  //---------------------------------------------------------------------------------
@@ -189,7 +201,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)

    m_protocol_handler.after_init_connection();

-    reset_timer(get_default_timeout(), false);
+    reset_timer(boost::posix_time::milliseconds(m_local ? NEW_CONNECTION_TIMEOUT_LOCAL : NEW_CONNECTION_TIMEOUT_REMOTE), false);

    // first read on the raw socket to detect SSL for the server
    buffer_ssl_init_fill = 0;
@@ -197,15 +209,15 @@ PRAGMA_WARNING_DISABLE_VS(4355)
      socket().async_receive(boost::asio::buffer(buffer_),
        boost::asio::socket_base::message_peek,
        strand_.wrap(
-          boost::bind(&connection<t_protocol_handler>::handle_receive, self,
-            boost::asio::placeholders::error,
-            boost::asio::placeholders::bytes_transferred)));
+          std::bind(&connection<t_protocol_handler>::handle_receive, self,
+            std::placeholders::_1,
+            std::placeholders::_2)));
    else
      async_read_some(boost::asio::buffer(buffer_),
        strand_.wrap(
-          boost::bind(&connection<t_protocol_handler>::handle_read, self,
-            boost::asio::placeholders::error,
-            boost::asio::placeholders::bytes_transferred)));
+          std::bind(&connection<t_protocol_handler>::handle_read, self,
+            std::placeholders::_1,
+            std::placeholders::_2)));
 #if !defined(_WIN32) || !defined(__i686)
 	// not supported before Windows7, too lazy for runtime check
 	// Just exclude for 32bit windows builds
@@ -324,12 +336,14 @@ PRAGMA_WARNING_DISABLE_VS(4355)
    
    if (!e)
    {
+        double current_speed_down;
 		{
 			CRITICAL_REGION_LOCAL(m_throttle_speed_in_mutex);
 			m_throttle_speed_in.handle_trafic_exact(bytes_transferred);
-			context.m_current_speed_down = m_throttle_speed_in.get_current_speed();
-			context.m_max_speed_down = std::max(context.m_max_speed_down, context.m_current_speed_down);
+			current_speed_down = m_throttle_speed_in.get_current_speed();
 		}
+        context.m_current_speed_down = current_speed_down;
+        context.m_max_speed_down = std::max(context.m_max_speed_down, current_speed_down);
    
    {
 			CRITICAL_REGION_LOCAL(	epee::net_utils::network_throttle_manager::network_throttle_manager::m_lock_get_global_throttle_in );
@@ -348,8 +362,8 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 				}
 				
 				delay *= 0.5;
-				if (delay > 0) {
-					long int ms = (long int)(delay * 100);
+				long int ms = (long int)(delay * 100);
+				if (ms > 0) {
 					reset_timer(boost::posix_time::milliseconds(ms + 1), true);
 					boost::this_thread::sleep_for(boost::chrono::milliseconds(ms));
 				}
@@ -365,7 +379,6 @@ PRAGMA_WARNING_DISABLE_VS(4355)
      if(!recv_res)
      {  
        //_info("[sock " << socket().native_handle() << "] protocol_want_close");
-
        //some error in protocol, protocol handler ask to close connection
        boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1);
        bool do_shutdown = false;
@@ -396,7 +409,12 @@ PRAGMA_WARNING_DISABLE_VS(4355)
      else
      {
        _dbg3("[sock " << socket().native_handle() << "] peer closed connection");
-        if (m_ready_to_close)
+        bool do_shutdown = false;
+        CRITICAL_REGION_BEGIN(m_send_que_lock);
+        if(!m_send_que.size())
+          do_shutdown = true;
+        CRITICAL_REGION_END();
+        if (m_ready_to_close || do_shutdown)
          shutdown();
      }
      m_ready_to_close = true;
@@ -456,6 +474,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
      {
        MERROR("SSL handshake failed");
        boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1);
+        m_ready_to_close = true;
        bool do_shutdown = false;
        CRITICAL_REGION_BEGIN(m_send_que_lock);
        if(!m_send_que.size())
@@ -507,7 +526,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
  }
  //---------------------------------------------------------------------------------
    template<class t_protocol_handler>
-  bool connection<t_protocol_handler>::do_send(const void* ptr, size_t cb) {
+  bool connection<t_protocol_handler>::do_send(byte_slice message) {
    TRY_ENTRY();

    // Use safe_shared_from_this, because of this is public method and it can be called on the object being deleted
@@ -516,6 +535,9 @@ PRAGMA_WARNING_DISABLE_VS(4355)
    if (m_was_shutdown) return false;
 		// TODO avoid copy

+		std::uint8_t const* const message_data = message.data();
+		const std::size_t message_size = message.size();
+
 		const double factor = 32; // TODO config
 		typedef long long signed int t_safe; // my t_size to avoid any overunderflow in arithmetic
 		const t_safe chunksize_good = (t_safe)( 1024 * std::max(1.0,factor) );
@@ -525,13 +547,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
        CHECK_AND_ASSERT_MES(! (chunksize_max<0), false, "Negative chunksize_max" ); // make sure it is unsigned before removin sign with cast:
        long long unsigned int chunksize_max_unsigned = static_cast<long long unsigned int>( chunksize_max ) ;

-        if (allow_split && (cb > chunksize_max_unsigned)) {
+        if (allow_split && (message_size > chunksize_max_unsigned)) {
 			{ // LOCK: chunking
    		epee::critical_region_t<decltype(m_chunking_lock)> send_guard(m_chunking_lock); // *** critical *** 

-				MDEBUG("do_send() will SPLIT into small chunks, from packet="<<cb<<" B for ptr="<<ptr);
-				t_safe all = cb; // all bytes to send 
-				t_safe pos = 0; // current sending position
+				MDEBUG("do_send() will SPLIT into small chunks, from packet="<<message_size<<" B for ptr="<<message_data);
 				// 01234567890 
 				// ^^^^        (pos=0, len=4)     ;   pos:=pos+len, pos=4
 				//     ^^^^    (pos=4, len=4)     ;   pos:=pos+len, pos=8
@@ -541,40 +561,25 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 				// char* buf = new char[ bufsize ];

 				bool all_ok = true;
-				while (pos < all) {
-					t_safe lenall = all-pos; // length from here to end
-					t_safe len = std::min( chunksize_good , lenall); // take a smaller part
-					CHECK_AND_ASSERT_MES(len<=chunksize_good, false, "len too large");
-					// pos=8; len=4; all=10;	len=3;
+				while (!message.empty()) {
+					byte_slice chunk = message.take_slice(chunksize_good);

-                    CHECK_AND_ASSERT_MES(! (len<0), false, "negative len"); // check before we cast away sign:
-                    unsigned long long int len_unsigned = static_cast<long long int>( len );
-                    CHECK_AND_ASSERT_MES(len>0, false, "len not strictly positive"); // (redundant)
-                    CHECK_AND_ASSERT_MES(len_unsigned < std::numeric_limits<size_t>::max(), false, "Invalid len_unsigned");   // yeap we want strong < then max size, to be sure
-					
-					void *chunk_start = ((char*)ptr) + pos;
-					MDEBUG("chunk_start="<<chunk_start<<" ptr="<<ptr<<" pos="<<pos);
-					CHECK_AND_ASSERT_MES(chunk_start >= ptr, false, "Pointer wraparound"); // not wrapped around address?
-					//std::memcpy( (void*)buf, chunk_start, len);
+					MDEBUG("chunk_start="<<(void*)chunk.data()<<" ptr="<<message_data<<" pos="<<(chunk.data() - message_data));
+					MDEBUG("part of " << message.size() << ": pos="<<(chunk.data() - message_data) << " len="<<chunk.size());

-					MDEBUG("part of " << lenall << ": pos="<<pos << " len="<<len);
-
-					bool ok = do_send_chunk(chunk_start, len); // <====== ***
+					bool ok = do_send_chunk(std::move(chunk)); // <====== ***

 					all_ok = all_ok && ok;
 					if (!all_ok) {
-						MDEBUG("do_send() DONE ***FAILED*** from packet="<<cb<<" B for ptr="<<ptr);
+						MDEBUG("do_send() DONE ***FAILED*** from packet="<<message_size<<" B for ptr="<<message_data);
 						MDEBUG("do_send() SEND was aborted in middle of big package - this is mostly harmless "
-							<< " (e.g. peer closed connection) but if it causes trouble tell us at #monero-dev. " << cb);
+							<< " (e.g. peer closed connection) but if it causes trouble tell us at #monero-dev. " << message_size);
 						return false; // partial failure in sending
 					}
-					pos = pos+len;
-					CHECK_AND_ASSERT_MES(pos >0, false, "pos <= 0");
-
 					// (in catch block, or uniq pointer) delete buf;
 				} // each chunk

-				MDEBUG("do_send() DONE SPLIT from packet="<<cb<<" B for ptr="<<ptr);
+				MDEBUG("do_send() DONE SPLIT from packet="<<message_size<<" B for ptr="<<message_data);

                MDEBUG("do_send() m_connection_type = " << m_connection_type);

@@ -582,7 +587,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 			} // LOCK: chunking
 		} // a big block (to be chunked) - all chunks
 		else { // small block
-			return do_send_chunk(ptr,cb); // just send as 1 big chunk
+			return do_send_chunk(std::move(message)); // just send as 1 big chunk
 		}

    CATCH_ENTRY_L0("connection<t_protocol_handler>::do_send", false);
@@ -590,7 +595,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)

  //---------------------------------------------------------------------------------
  template<class t_protocol_handler>
-  bool connection<t_protocol_handler>::do_send_chunk(const void* ptr, size_t cb)
+  bool connection<t_protocol_handler>::do_send_chunk(byte_slice chunk)
  {
    TRY_ENTRY();
    // Use safe_shared_from_this, because of this is public method and it can be called on the object being deleted
@@ -599,16 +604,18 @@ PRAGMA_WARNING_DISABLE_VS(4355)
      return false;
    if(m_was_shutdown)
      return false;
+    double current_speed_up;
    {
 		CRITICAL_REGION_LOCAL(m_throttle_speed_out_mutex);
-		m_throttle_speed_out.handle_trafic_exact(cb);
-		context.m_current_speed_up = m_throttle_speed_out.get_current_speed();
-		context.m_max_speed_up = std::max(context.m_max_speed_up, context.m_current_speed_up);
+		m_throttle_speed_out.handle_trafic_exact(chunk.size());
+		current_speed_up = m_throttle_speed_out.get_current_speed();
 	}
+    context.m_current_speed_up = current_speed_up;
+    context.m_max_speed_up = std::max(context.m_max_speed_up, current_speed_up);

    //_info("[sock " << socket().native_handle() << "] SEND " << cb);
    context.m_last_send = time(NULL);
-    context.m_send_cnt += cb;
+    context.m_send_cnt += chunk.size();
    //some data should be wrote to stream
    //request complete
    
@@ -628,8 +635,18 @@ PRAGMA_WARNING_DISABLE_VS(4355)
            return false; // aborted
        }*/

-        long int ms = 250 + (rand()%50);
-        MDEBUG("Sleeping because QUEUE is FULL, in " << __FUNCTION__ << " for " << ms << " ms before packet_size="<<cb); // XXX debug sleep
+        using engine = std::mt19937;
+
+        engine rng;
+        std::random_device dev;
+        std::seed_seq::result_type rand[engine::state_size]{};  // Use complete bit space
+
+        std::generate_n(rand, engine::state_size, std::ref(dev));
+        std::seed_seq seed(rand, rand + engine::state_size);
+        rng.seed(seed);
+
+        long int ms = 250 + (rng() % 50);
+        MDEBUG("Sleeping because QUEUE is FULL, in " << __FUNCTION__ << " for " << ms << " ms before packet_size="<<chunk.size()); // XXX debug sleep
        m_send_que_lock.unlock();
        boost::this_thread::sleep(boost::posix_time::milliseconds( ms ) );
        m_send_que_lock.lock();
@@ -642,12 +659,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
        }
    }

-    m_send_que.resize(m_send_que.size()+1);
-    m_send_que.back().assign((const char*)ptr, cb);
-    
+    m_send_que.push_back(std::move(chunk));
+
    if(m_send_que.size() > 1)
    { // active operation should be in progress, nothing to do, just wait last operation callback
-        auto size_now = cb;
+        auto size_now = m_send_que.back().size();
        MDEBUG("do_send_chunk() NOW just queues: packet="<<size_now<<" B, is added to queue-size="<<m_send_que.size());
        //do_send_handler_delayed( ptr , size_now ); // (((H))) // empty function
      
@@ -665,13 +681,13 @@ PRAGMA_WARNING_DISABLE_VS(4355)
        auto size_now = m_send_que.front().size();
        MDEBUG("do_send_chunk() NOW SENSD: packet="<<size_now<<" B");
        if (speed_limit_is_enabled())
-			do_send_handler_write( ptr , size_now ); // (((H)))
+			do_send_handler_write( m_send_que.back().data(), m_send_que.back().size() ); // (((H)))

        CHECK_AND_ASSERT_MES( size_now == m_send_que.front().size(), false, "Unexpected queue size");
        reset_timer(get_default_timeout(), false);
            async_write(boost::asio::buffer(m_send_que.front().data(), size_now ) ,
                                 strand_.wrap(
-                                 boost::bind(&connection<t_protocol_handler>::handle_write, self, _1, _2)
+                                 std::bind(&connection<t_protocol_handler>::handle_write, self, std::placeholders::_1, std::placeholders::_2)
                                 )
                                 );
        //_dbg3("(chunk): " << size_now);
@@ -691,7 +707,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
  {
    unsigned count;
    try { count = host_count(m_host); } catch (...) { count = 0; }
-    const unsigned shift = std::min(std::max(count, 1u) - 1, 8u);
+    const unsigned shift = get_state().sock_count > AGGRESSIVE_TIMEOUT_THRESHOLD ? std::min(std::max(count, 1u) - 1, 8u) : 0;
    boost::posix_time::milliseconds timeout(0);
    if (m_local)
      timeout = boost::posix_time::milliseconds(DEFAULT_TIMEOUT_MS_LOCAL >> shift);
@@ -704,7 +720,9 @@ PRAGMA_WARNING_DISABLE_VS(4355)
  boost::posix_time::milliseconds connection<t_protocol_handler>::get_timeout_from_bytes_read(size_t bytes)
  {
    boost::posix_time::milliseconds ms = (boost::posix_time::milliseconds)(unsigned)(bytes * TIMEOUT_EXTRA_MS_PER_BYTE);
-    ms += m_timer.expires_from_now();
+    const auto cur = m_timer.expires_from_now().total_milliseconds();
+    if (cur > 0)
+      ms += (boost::posix_time::milliseconds)cur;
    if (ms > get_default_timeout())
      ms = get_default_timeout();
    return ms;
@@ -730,17 +748,29 @@ PRAGMA_WARNING_DISABLE_VS(4355)
  template<class t_protocol_handler>
  void connection<t_protocol_handler>::reset_timer(boost::posix_time::milliseconds ms, bool add)
  {
-    if (m_connection_type != e_connection_type_RPC)
+    if (ms.total_milliseconds() < 0)
+    {
+      MWARNING("Ignoring negative timeout " << ms);
      return;
-    MTRACE("Setting " << ms << " expiry");
+    }
+    MTRACE((add ? "Adding" : "Setting") << " " << ms << " expiry");
    auto self = safe_shared_from_this();
    if(!self)
    {
      MERROR("Resetting timer on a dead object");
      return;
    }
+    if (m_was_shutdown)
+    {
+      MERROR("Setting timer on a shut down object");
+      return;
+    }
    if (add)
-      ms += m_timer.expires_from_now();
+    {
+      const auto cur = m_timer.expires_from_now().total_milliseconds();
+      if (cur > 0)
+        ms += (boost::posix_time::milliseconds)cur;
+    }
    m_timer.expires_from_now(ms);
    m_timer.async_wait([=](const boost::system::error_code& ec)
    {
@@ -861,7 +891,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 		CHECK_AND_ASSERT_MES( size_now == m_send_que.front().size(), void(), "Unexpected queue size");
 		  async_write(boost::asio::buffer(m_send_que.front().data(), size_now) , 
           strand_.wrap(
-            boost::bind(&connection<t_protocol_handler>::handle_write, connection<t_protocol_handler>::shared_from_this(), _1, _2)
+            std::bind(&connection<t_protocol_handler>::handle_write, connection<t_protocol_handler>::shared_from_this(), std::placeholders::_1, std::placeholders::_2)
 			  )
          );
      //_dbg3("(normal)" << size_now);
@@ -895,16 +925,18 @@ PRAGMA_WARNING_DISABLE_VS(4355)

  template<class t_protocol_handler>
  boosted_tcp_server<t_protocol_handler>::boosted_tcp_server( t_connection_type connection_type ) :
-    m_state(boost::make_shared<typename connection<t_protocol_handler>::shared_state>()),
+    m_state(std::make_shared<typename connection<t_protocol_handler>::shared_state>()),
    m_io_service_local_instance(new worker()),
    io_service_(m_io_service_local_instance->io_service),
    acceptor_(io_service_),
+    acceptor_ipv6(io_service_),
    default_remote(),
    m_stop_signal_sent(false), m_port(0), 
    m_threads_count(0),
    m_thread_index(0),
 		m_connection_type( connection_type ),
-    new_connection_()
+    new_connection_(),
+    new_connection_ipv6()
  {
    create_server_type_map();
    m_thread_name_prefix = "NET";
@@ -912,15 +944,17 @@ PRAGMA_WARNING_DISABLE_VS(4355)

  template<class t_protocol_handler>
  boosted_tcp_server<t_protocol_handler>::boosted_tcp_server(boost::asio::io_service& extarnal_io_service, t_connection_type connection_type) :
-    m_state(boost::make_shared<typename connection<t_protocol_handler>::shared_state>()),
+    m_state(std::make_shared<typename connection<t_protocol_handler>::shared_state>()),
    io_service_(extarnal_io_service),
    acceptor_(io_service_),
+    acceptor_ipv6(io_service_),
    default_remote(),
    m_stop_signal_sent(false), m_port(0),
    m_threads_count(0),
    m_thread_index(0),
 		m_connection_type(connection_type),
-    new_connection_()
+    new_connection_(),
+    new_connection_ipv6()
  {
    create_server_type_map();
    m_thread_name_prefix = "NET";
@@ -942,29 +976,94 @@ PRAGMA_WARNING_DISABLE_VS(4355)
  }
  //---------------------------------------------------------------------------------
  template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::init_server(uint32_t port, const std::string address, ssl_options_t ssl_options)
+    bool boosted_tcp_server<t_protocol_handler>::init_server(uint32_t port,  const std::string& address,
+	uint32_t port_ipv6, const std::string& address_ipv6, bool use_ipv6, bool require_ipv4,
+	ssl_options_t ssl_options)
  {
    TRY_ENTRY();
    m_stop_signal_sent = false;
    m_port = port;
+    m_port_ipv6 = port_ipv6;
    m_address = address;
+    m_address_ipv6 = address_ipv6;
+    m_use_ipv6 = use_ipv6;
+    m_require_ipv4 = require_ipv4;
+
    if (ssl_options)
      m_state->configure_ssl(std::move(ssl_options));
-    // Open the acceptor with the option to reuse the address (i.e. SO_REUSEADDR).
-    boost::asio::ip::tcp::resolver resolver(io_service_);
-    boost::asio::ip::tcp::resolver::query query(address, boost::lexical_cast<std::string>(port), boost::asio::ip::tcp::resolver::query::canonical_name);
-    boost::asio::ip::tcp::endpoint endpoint = *resolver.resolve(query);
-    acceptor_.open(endpoint.protocol());
-    acceptor_.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
-    acceptor_.bind(endpoint);
-    acceptor_.listen();
-    boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_.local_endpoint();
-    m_port = binded_endpoint.port();
-    MDEBUG("start accept");
-    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
-    acceptor_.async_accept(new_connection_->socket(),
-      boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
-      boost::asio::placeholders::error));
+
+    std::string ipv4_failed = "";
+    std::string ipv6_failed = "";
+    try
+    {
+      boost::asio::ip::tcp::resolver resolver(io_service_);
+      boost::asio::ip::tcp::resolver::query query(address, boost::lexical_cast<std::string>(port), boost::asio::ip::tcp::resolver::query::canonical_name);
+      boost::asio::ip::tcp::endpoint endpoint = *resolver.resolve(query);
+      acceptor_.open(endpoint.protocol());
+#if !defined(_WIN32)
+      acceptor_.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
+#endif
+      acceptor_.bind(endpoint);
+      acceptor_.listen();
+      boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_.local_endpoint();
+      m_port = binded_endpoint.port();
+      MDEBUG("start accept (IPv4)");
+      new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
+      acceptor_.async_accept(new_connection_->socket(),
+	boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv4, this,
+	boost::asio::placeholders::error));
+    }
+    catch (const std::exception &e)
+    {
+      ipv4_failed = e.what();
+    }
+
+    if (ipv4_failed != "")
+    {
+      MERROR("Failed to bind IPv4: " << ipv4_failed);
+      if (require_ipv4)
+      {
+        throw std::runtime_error("Failed to bind IPv4 (set to required)");
+      }
+    }
+
+    if (use_ipv6)
+    {
+      try
+      {
+        if (port_ipv6 == 0) port_ipv6 = port; // default arg means bind to same port as ipv4
+        boost::asio::ip::tcp::resolver resolver(io_service_);
+        boost::asio::ip::tcp::resolver::query query(address_ipv6, boost::lexical_cast<std::string>(port_ipv6), boost::asio::ip::tcp::resolver::query::canonical_name);
+        boost::asio::ip::tcp::endpoint endpoint = *resolver.resolve(query);
+        acceptor_ipv6.open(endpoint.protocol());
+#if !defined(_WIN32)
+        acceptor_ipv6.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true));
+#endif
+        acceptor_ipv6.set_option(boost::asio::ip::v6_only(true));
+        acceptor_ipv6.bind(endpoint);
+        acceptor_ipv6.listen();
+        boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_ipv6.local_endpoint();
+        m_port_ipv6 = binded_endpoint.port();
+        MDEBUG("start accept (IPv6)");
+        new_connection_ipv6.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, m_state->ssl_options().support));
+        acceptor_ipv6.async_accept(new_connection_ipv6->socket(),
+            boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept_ipv6, this,
+              boost::asio::placeholders::error));
+      }
+      catch (const std::exception &e)
+      {
+        ipv6_failed = e.what();
+      }
+    }
+
+      if (use_ipv6 && ipv6_failed != "")
+      {
+        MERROR("Failed to bind IPv6: " << ipv6_failed);
+        if (ipv4_failed != "")
+        {
+          throw std::runtime_error("Failed to bind IPv4 and IPv6");
+        }
+      }

    return true;
    }
@@ -983,15 +1082,23 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 PUSH_WARNINGS
 DISABLE_GCC_WARNING(maybe-uninitialized)
  template<class t_protocol_handler>
-  bool boosted_tcp_server<t_protocol_handler>::init_server(const std::string port, const std::string& address, ssl_options_t ssl_options)
+  bool boosted_tcp_server<t_protocol_handler>::init_server(const std::string port,  const std::string& address,
+      const std::string port_ipv6, const std::string address_ipv6, bool use_ipv6, bool require_ipv4,
+      ssl_options_t ssl_options)
  {
    uint32_t p = 0;
+    uint32_t p_ipv6 = 0;

    if (port.size() && !string_tools::get_xtype_from_string(p, port)) {
      MERROR("Failed to convert port no = " << port);
      return false;
    }
-    return this->init_server(p, address, std::move(ssl_options));
+
+    if (port_ipv6.size() && !string_tools::get_xtype_from_string(p_ipv6, port_ipv6)) {
+      MERROR("Failed to convert port no = " << port_ipv6);
+      return false;
+    }
+    return this->init_server(p, address, p_ipv6, address_ipv6, use_ipv6, require_ipv4, std::move(ssl_options));
  }
 POP_WARNINGS
  //---------------------------------------------------------------------------------
@@ -1083,7 +1190,7 @@ POP_WARNINGS
      {
        //some problems with the listening socket ?..
        _dbg1("Net service stopped without stop request, restarting...");
-        if(!this->init_server(m_port, m_address))
+        if(!this->init_server(m_port, m_address, m_port_ipv6, m_address_ipv6, m_use_ipv6, m_require_ipv4))
        {
          _dbg1("Reiniting service failed, exit.");
          return false;
@@ -1149,29 +1256,52 @@ POP_WARNINGS
  }
  //---------------------------------------------------------------------------------
  template<class t_protocol_handler>
-  void boosted_tcp_server<t_protocol_handler>::handle_accept(const boost::system::error_code& e)
+  void boosted_tcp_server<t_protocol_handler>::handle_accept_ipv4(const boost::system::error_code& e)
+  {
+    this->handle_accept(e, false);
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  void boosted_tcp_server<t_protocol_handler>::handle_accept_ipv6(const boost::system::error_code& e)
+  {
+    this->handle_accept(e, true);
+  }
+  //---------------------------------------------------------------------------------
+  template<class t_protocol_handler>
+  void boosted_tcp_server<t_protocol_handler>::handle_accept(const boost::system::error_code& e, bool ipv6)
  {
    MDEBUG("handle_accept");
+
+    boost::asio::ip::tcp::acceptor* current_acceptor = &acceptor_;
+    connection_ptr* current_new_connection = &new_connection_;
+    auto accept_function_pointer = &boosted_tcp_server<t_protocol_handler>::handle_accept_ipv4;
+    if (ipv6)
+    {
+      current_acceptor = &acceptor_ipv6;
+      current_new_connection = &new_connection_ipv6;
+      accept_function_pointer = &boosted_tcp_server<t_protocol_handler>::handle_accept_ipv6;
+    }
+
    try
    {
    if (!e)
    {
-		if (m_connection_type == e_connection_type_RPC) {
-			const char *ssl_message = "unknown";
-			switch (new_connection_->get_ssl_support())
-			{
-				case epee::net_utils::ssl_support_t::e_ssl_support_disabled: ssl_message = "disabled"; break;
-				case epee::net_utils::ssl_support_t::e_ssl_support_enabled: ssl_message = "enabled"; break;
-				case epee::net_utils::ssl_support_t::e_ssl_support_autodetect: ssl_message = "autodetection"; break;
-			}
-			MDEBUG("New server for RPC connections, SSL " << ssl_message);
-			new_connection_->setRpcStation(); // hopefully this is not needed actually
-		}
-		connection_ptr conn(std::move(new_connection_));
-      new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, conn->get_ssl_support()));
-      acceptor_.async_accept(new_connection_->socket(),
-        boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
-        boost::asio::placeholders::error));
+      if (m_connection_type == e_connection_type_RPC) {
+        const char *ssl_message = "unknown";
+        switch ((*current_new_connection)->get_ssl_support())
+        {
+          case epee::net_utils::ssl_support_t::e_ssl_support_disabled: ssl_message = "disabled"; break;
+          case epee::net_utils::ssl_support_t::e_ssl_support_enabled: ssl_message = "enabled"; break;
+          case epee::net_utils::ssl_support_t::e_ssl_support_autodetect: ssl_message = "autodetection"; break;
+        }
+        MDEBUG("New server for RPC connections, SSL " << ssl_message);
+        (*current_new_connection)->setRpcStation(); // hopefully this is not needed actually
+      }
+      connection_ptr conn(std::move((*current_new_connection)));
+      (*current_new_connection).reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, conn->get_ssl_support()));
+      current_acceptor->async_accept((*current_new_connection)->socket(),
+          boost::bind(accept_function_pointer, this,
+            boost::asio::placeholders::error));

      boost::asio::socket_base::keep_alive opt(true);
      conn->socket().set_option(opt);
@@ -1203,10 +1333,10 @@ POP_WARNINGS
    assert(m_state != nullptr); // always set in constructor
    _erro("Some problems at accept: " << e.message() << ", connections_count = " << m_state->sock_count);
    misc_utils::sleep_no_w(100);
-    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, new_connection_->get_ssl_support()));
-    acceptor_.async_accept(new_connection_->socket(),
-      boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
-      boost::asio::placeholders::error));
+    (*current_new_connection).reset(new connection<t_protocol_handler>(io_service_, m_state, m_connection_type, (*current_new_connection)->get_ssl_support()));
+    current_acceptor->async_accept((*current_new_connection)->socket(),
+        boost::bind(accept_function_pointer, this,
+          boost::asio::placeholders::error));
  }
  //---------------------------------------------------------------------------------
  template<class t_protocol_handler>
@@ -1271,7 +1401,7 @@ POP_WARNINGS
      shared_context->connect_mut.lock(); shared_context->ec = ec_; shared_context->cond.notify_one(); shared_context->connect_mut.unlock();
    };

-    sock_.async_connect(remote_endpoint, boost::bind<void>(connect_callback, _1, local_shared_context));
+    sock_.async_connect(remote_endpoint, std::bind<void>(connect_callback, std::placeholders::_1, local_shared_context));
    while(local_shared_context->ec == boost::asio::error::would_block)
    {
      bool r = local_shared_context->cond.timed_wait(lock, boost::get_system_time() + boost::posix_time::milliseconds(conn_timeout));
@@ -1340,23 +1470,84 @@ POP_WARNINGS
    epee::misc_utils::auto_scope_leave_caller scope_exit_handler = epee::misc_utils::create_scope_leave_handler([&](){ CRITICAL_REGION_LOCAL(connections_mutex); connections_.erase(new_connection_l); });
    boost::asio::ip::tcp::socket&  sock_ = new_connection_l->socket();

-    //////////////////////////////////////////////////////////////////////////
+    bool try_ipv6 = false;
+
    boost::asio::ip::tcp::resolver resolver(io_service_);
    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
-    boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
+    boost::system::error_code resolve_error;
+    boost::asio::ip::tcp::resolver::iterator iterator;
+    try
+    {
+      //resolving ipv4 address as ipv6 throws, catch here and move on
+      iterator = resolver.resolve(query, resolve_error);
+    }
+    catch (const boost::system::system_error& e)
+    {
+      if (!m_use_ipv6 || (resolve_error != boost::asio::error::host_not_found &&
+            resolve_error != boost::asio::error::host_not_found_try_again))
+      {
+        throw;
+      }
+      try_ipv6 = true;
+    }
+    catch (...)
+    {
+      throw;
+    }
+
+    std::string bind_ip_to_use;
+
    boost::asio::ip::tcp::resolver::iterator end;
    if(iterator == end)
    {
-      _erro("Failed to resolve " << adr);
-      return false;
+      if (!m_use_ipv6)
+      {
+        _erro("Failed to resolve " << adr);
+        return false;
+      }
+      else
+      {
+        try_ipv6 = true;
+        MINFO("Resolving address as IPv4 failed, trying IPv6");
+      }
+    }
+    else
+    {
+      bind_ip_to_use = bind_ip;
    }
-    //////////////////////////////////////////////////////////////////////////

+    if (try_ipv6)
+    {
+      boost::asio::ip::tcp::resolver::query query6(boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+
+      iterator = resolver.resolve(query6, resolve_error);
+
+      if(iterator == end)
+      {
+        _erro("Failed to resolve " << adr);
+        return false;
+      }
+      else
+      {
+        if (bind_ip == "0.0.0.0")
+        {
+          bind_ip_to_use = "::";
+        }
+        else
+        {
+          bind_ip_to_use = "";
+        }
+
+      }
+
+    }
+
+    MDEBUG("Trying to connect to " << adr << ":" << port << ", bind_ip = " << bind_ip_to_use);

    //boost::asio::ip::tcp::endpoint remote_endpoint(boost::asio::ip::address::from_string(addr.c_str()), port);
    boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);

-    auto try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip, conn_timeout, ssl_support);
+    auto try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip_to_use, conn_timeout, ssl_support);
    if (try_connect_result == CONNECT_FAILURE)
      return false;
    if (ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect && try_connect_result == CONNECT_NO_SSL)
@@ -1364,7 +1555,7 @@ POP_WARNINGS
      // we connected, but could not connect with SSL, try without
      MERROR("SSL handshake failed on an autodetect connection, reconnecting without SSL");
      new_connection_l->disable_ssl();
-      try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip, conn_timeout, epee::net_utils::ssl_support_t::e_ssl_support_disabled);
+      try_connect_result = try_connect(new_connection_l, adr, port, sock_, remote_endpoint, bind_ip_to_use, conn_timeout, epee::net_utils::ssl_support_t::e_ssl_support_disabled);
      if (try_connect_result != CONNECT_SUCCESS)
        return false;
    }
@@ -1404,17 +1595,59 @@ POP_WARNINGS
    epee::misc_utils::auto_scope_leave_caller scope_exit_handler = epee::misc_utils::create_scope_leave_handler([&](){ CRITICAL_REGION_LOCAL(connections_mutex); connections_.erase(new_connection_l); });
    boost::asio::ip::tcp::socket&  sock_ = new_connection_l->socket();
    
-    //////////////////////////////////////////////////////////////////////////
+    bool try_ipv6 = false;
+
    boost::asio::ip::tcp::resolver resolver(io_service_);
    boost::asio::ip::tcp::resolver::query query(boost::asio::ip::tcp::v4(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
-    boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query);
+    boost::system::error_code resolve_error;
+    boost::asio::ip::tcp::resolver::iterator iterator;
+    try
+    {
+      //resolving ipv4 address as ipv6 throws, catch here and move on
+      iterator = resolver.resolve(query, resolve_error);
+    }
+    catch (const boost::system::system_error& e)
+    {
+      if (!m_use_ipv6 || (resolve_error != boost::asio::error::host_not_found &&
+            resolve_error != boost::asio::error::host_not_found_try_again))
+      {
+        throw;
+      }
+      try_ipv6 = true;
+    }
+    catch (...)
+    {
+      throw;
+    }
+
    boost::asio::ip::tcp::resolver::iterator end;
    if(iterator == end)
    {
-      _erro("Failed to resolve " << adr);
-      return false;
+      if (!try_ipv6)
+      {
+        _erro("Failed to resolve " << adr);
+        return false;
+      }
+      else
+      {
+        MINFO("Resolving address as IPv4 failed, trying IPv6");
+      }
    }
-    //////////////////////////////////////////////////////////////////////////
+
+    if (try_ipv6)
+    {
+      boost::asio::ip::tcp::resolver::query query6(boost::asio::ip::tcp::v6(), adr, port, boost::asio::ip::tcp::resolver::query::canonical_name);
+
+      iterator = resolver.resolve(query6, resolve_error);
+
+      if(iterator == end)
+      {
+        _erro("Failed to resolve " << adr);
+        return false;
+      }
+    }
+
+
    boost::asio::ip::tcp::endpoint remote_endpoint(*iterator);
     
    sock_.open(remote_endpoint.protocol());
--- a/contrib/epee/include/net/connection_basic.hpp
+++ b/contrib/epee/include/net/connection_basic.hpp
@@ -8,7 +8,7 @@
 // ! (how ever if in some wonderful juristdictions that is not the case, then why not make another sub-class withat that members and licence it as epee part)
 // ! Working on above premise, IF this is valid in your juristdictions, then consider this code as released as:

-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 // 
 // All rights reserved.
 // 
@@ -49,6 +49,7 @@
 #include <boost/asio.hpp>
 #include <boost/asio/ssl.hpp>

+#include "byte_slice.h"
 #include "net/net_utils_base.h"
 #include "net/net_ssl.h"
 #include "syncobj.h"
@@ -99,7 +100,7 @@ class connection_basic_pimpl; // PIMPL for this class

 class connection_basic { // not-templated base class for rapid developmet of some code parts
 		// beware of removing const, net_utils::connection is sketchily doing a cast to prevent storing ptr twice
-		const boost::shared_ptr<connection_basic_shared_state> m_state;
+		const std::shared_ptr<connection_basic_shared_state> m_state;
 	public:

 		std::unique_ptr< connection_basic_pimpl > mI; // my Implementation
@@ -108,7 +109,7 @@ class connection_basic { // not-templated base class for rapid developmet of som
    volatile uint32_t m_want_close_connection;
    std::atomic<bool> m_was_shutdown;
    critical_section m_send_que_lock;
-    std::list<std::string> m_send_que;
+    std::deque<byte_slice> m_send_que;
    volatile bool m_is_multithreaded;
    /// Strand to ensure the connection's handlers are not called concurrently.
    boost::asio::io_service::strand strand_;
@@ -118,8 +119,8 @@ class connection_basic { // not-templated base class for rapid developmet of som

 	public:
 		// first counter is the ++/-- count of current sockets, the other socket_number is only-increasing ++ number generator
-		connection_basic(boost::asio::ip::tcp::socket&& socket, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
-		connection_basic(boost::asio::io_service &io_service, boost::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
+		connection_basic(boost::asio::ip::tcp::socket&& socket, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);
+		connection_basic(boost::asio::io_service &io_service, std::shared_ptr<connection_basic_shared_state> state, ssl_support_t ssl_support);

 		virtual ~connection_basic() noexcept(false);

@@ -186,8 +187,6 @@ class connection_basic { // not-templated base class for rapid developmet of som
 		void sleep_before_packet(size_t packet_size, int phase, int q_len); // execute a sleep ; phase is not really used now(?)
 		static void save_limit_to_file(int limit); ///< for dr-monero
 		static double get_sleep_time(size_t cb);
-		
-		static void set_save_graph(bool save_graph);
 };

 } // nameserver
--- a/contrib/epee/include/net/enums.h
+++ b/contrib/epee/include/net/enums.h
@@ -49,7 +49,7 @@ namespace net_utils
 	{
 		invalid = 0,
 		public_ = 1, // public is keyword
-		i2p = 2,
+		i2p = 2,     // order from here changes priority of selection for origin TXes
 		tor = 3
 	};

--- a/contrib/epee/include/net/http_auth.h
+++ b/contrib/epee/include/net/http_auth.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2019, The Monero Project
+// Copyright (c) 2014-2020, The Monero Project
 //
 // All rights reserved.
 //
--- a/contrib/epee/include/net/http_base.h
+++ b/contrib/epee/include/net/http_base.h
@@ -33,6 +33,7 @@
 #include <string>
 #include <utility>

+#include "memwipe.h"
 #include "string_tools.h"

 #undef MONERO_DEFAULT_LOG_CATEGORY
@@ -200,6 +201,11 @@ namespace net_utils
 				this->~http_response_info();
 				new(this) http_response_info();
 			}
+
+			void wipe()
+			{
+				memwipe(&m_body[0], m_body.size());
+			}
 		};
 	}
 }
--- a/contrib/epee/include/net/http_client.h
+++ b/contrib/epee/include/net/http_client.h
@@ -47,6 +47,7 @@

 #include "string_tools.h"
 #include "reg_exp_definer.h"
+#include "abstract_http_client.h"
 #include "http_base.h" 
 #include "http_auth.h"
 #include "to_nonconst_iterator.h"
@@ -105,140 +106,11 @@ namespace net_utils


 	//---------------------------------------------------------------------------
-	static inline const char* get_hex_vals()
-	{
-		static const char hexVals[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
-		return hexVals;
-	}
-
-	static inline const char* get_unsave_chars()
-	{
-		//static char unsave_chars[] = "\"<>%\\^[]`+$,@:;/!#?=&";
-		static const char unsave_chars[] = "\"<>%\\^[]`+$,@:;!#&";
-		return unsave_chars;
-	}
-
-	static inline bool is_unsafe(unsigned char compare_char)
-	{
-		if(compare_char <= 32 || compare_char >= 123)
-			return true;
-
-		const char* punsave = get_unsave_chars();
-
-		for(int ichar_pos = 0; 0!=punsave[ichar_pos] ;ichar_pos++)
-			if(compare_char == punsave[ichar_pos])
-				return true;
-
-		return false;
-	}
-	
-	static inline 
-		std::string dec_to_hex(char num, int radix)
-	{
-		int temp=0;
-		std::string csTmp;
-		int num_char;
-
-		num_char = (int) num;
-		if (num_char < 0)
-			num_char = 256 + num_char;
-
-		while (num_char >= radix)
-		{
-			temp = num_char % radix;
-			num_char = (int)floor((float)num_char / (float)radix);
-			csTmp = get_hex_vals()[temp];
-		}
-
-		csTmp += get_hex_vals()[num_char];
-
-		if(csTmp.size() < 2)
-		{
-			csTmp += '0';
-		}
-		
-		std::reverse(csTmp.begin(), csTmp.end());
-		//_mbsrev((unsigned char*)csTmp.data());
-
-		return csTmp;
-	}
-	static inline int get_index(const char *s, char c) { const char *ptr = (const char*)memchr(s, c, 16); return ptr ? ptr-s : -1; }
-	static inline 
-		std::string hex_to_dec_2bytes(const char *s)
-	{
-		const char *hex = get_hex_vals();
-		int i0 = get_index(hex, toupper(s[0]));
-		int i1 = get_index(hex, toupper(s[1]));
-		if (i0 < 0 || i1 < 0)
-			return std::string("%") + std::string(1, s[0]) + std::string(1, s[1]);
-		return std::string(1, i0 * 16 | i1);
-	}
-
-	static inline std::string convert(char val)
-	{
-		std::string csRet;
-		csRet += "%";
-		csRet += dec_to_hex(val, 16);
-		return  csRet;
-	}
-	static inline std::string conver_to_url_format(const std::string& uri)
-	{
-
-		std::string result;
-
-		for(size_t i = 0; i!= uri.size(); i++)
-		{
-			if(is_unsafe(uri[i]))
-				result += convert(uri[i]);
-			else
-				result += uri[i];
-
-		}
-
-		return result;
-	}
-	static inline std::string convert_from_url_format(const std::string& uri)
-	{
-
-		std::string result;
-
-		for(size_t i = 0; i!= uri.size(); i++)
-		{
-			if(uri[i] == '%' && i + 2 < uri.size())
-			{
-				result += hex_to_dec_2bytes(uri.c_str() + i + 1);
-				i += 2;
-			}
-			else
-				result += uri[i];
-
-		}
-
-		return result;
-	}
-
-  static inline std::string convert_to_url_format_force_all(const std::string& uri)
-  {
-
-    std::string result;
-
-    for(size_t i = 0; i!= uri.size(); i++)
-    {
-        result += convert(uri[i]);
-    }
-
-    return result;
-  }
-
-
-
-
-
 	namespace http
 	{

 		template<typename net_client_type>
-		class http_simple_client_template: public i_target_handler
+    class http_simple_client_template : public i_target_handler, public abstract_http_client
 		{
 		private:
 			enum reciev_machine_state
@@ -279,7 +151,7 @@ namespace net_utils

 		public:
 			explicit http_simple_client_template()
-				: i_target_handler()
+				: i_target_handler(), abstract_http_client()
 				, m_net_client()
 				, m_host_buff()
 				, m_port()
@@ -299,26 +171,19 @@ namespace net_utils
 			const std::string &get_host() const { return m_host_buff; };
 			const std::string &get_port() const { return m_port; };

-			bool set_server(const std::string& address, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect)
-			{
-				http::url_content parsed{};
-				const bool r = parse_url(address, parsed);
-				CHECK_AND_ASSERT_MES(r, false, "failed to parse url: " << address);
-				set_server(std::move(parsed.host), std::to_string(parsed.port), std::move(user), std::move(ssl_options));
-				return true;
-			}
+			using abstract_http_client::set_server;

-			void set_server(std::string host, std::string port, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect)
+			void set_server(std::string host, std::string port, boost::optional<login> user, ssl_options_t ssl_options = ssl_support_t::e_ssl_support_autodetect) override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				disconnect();
 				m_host_buff = std::move(host);
 				m_port = std::move(port);
-                                m_auth = user ? http_client_auth{std::move(*user)} : http_client_auth{};
+				m_auth = user ? http_client_auth{std::move(*user)} : http_client_auth{};
 				m_net_client.set_ssl(std::move(ssl_options));
 			}

-			void set_auto_connect(bool auto_connect)
+			void set_auto_connect(bool auto_connect) override
 			{
 				m_auto_connect = auto_connect;
 			}
@@ -330,25 +195,25 @@ namespace net_utils
 				m_net_client.set_connector(std::move(connector));
 			}

-      bool connect(std::chrono::milliseconds timeout)
+      bool connect(std::chrono::milliseconds timeout) override
      {
        CRITICAL_REGION_LOCAL(m_lock);
        return m_net_client.connect(m_host_buff, m_port, timeout);
      }
 			//---------------------------------------------------------------------------
-			bool disconnect()
+			bool disconnect() override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				return m_net_client.disconnect();
 			}
 			//---------------------------------------------------------------------------
-			bool is_connected(bool *ssl = NULL)
+			bool is_connected(bool *ssl = NULL) override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				return m_net_client.is_connected(ssl);
 			}
 			//---------------------------------------------------------------------------
-			virtual bool handle_target_data(std::string& piece_of_transfer)
+			virtual bool handle_target_data(std::string& piece_of_transfer) override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				m_response_info.m_body += piece_of_transfer;
@@ -361,15 +226,14 @@ namespace net_utils
        return true;
      }
 			//---------------------------------------------------------------------------
-			inline 
-				bool invoke_get(const boost::string_ref uri, std::chrono::milliseconds timeout, const std::string& body = std::string(), const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
+			inline bool invoke_get(const boost::string_ref uri, std::chrono::milliseconds timeout, const std::string& body = std::string(), const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) override
 			{
 					CRITICAL_REGION_LOCAL(m_lock);
 					return invoke(uri, "GET", body, timeout, ppresponse_info, additional_params);
 			}

 			//---------------------------------------------------------------------------
-			inline bool invoke(const boost::string_ref uri, const boost::string_ref method, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
+			inline bool invoke(const boost::string_ref uri, const boost::string_ref method, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				if(!is_connected())
@@ -442,7 +306,7 @@ namespace net_utils
 				return false;
 			}
 			//---------------------------------------------------------------------------
-			inline bool invoke_post(const boost::string_ref uri, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
+			inline bool invoke_post(const boost::string_ref uri, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) override
 			{
 				CRITICAL_REGION_LOCAL(m_lock);
 				return invoke(uri, "POST", body, timeout, ppresponse_info, additional_params);
@@ -456,16 +320,21 @@ namespace net_utils
 				return handle_reciev(timeout);
 			}
 			//---------------------------------------------------------------------------
-			uint64_t get_bytes_sent() const
+			uint64_t get_bytes_sent() const override
 			{
 				return m_net_client.get_bytes_sent();
 			}
 			//---------------------------------------------------------------------------
-			uint64_t get_bytes_received() const
+			uint64_t get_bytes_received() const override
 			{
 				return m_net_client.get_bytes_received();
 			}
 			//---------------------------------------------------------------------------
+			void wipe_response()
+			{
+				m_response_info.wipe();
+			}
+			//---------------------------------------------------------------------------
 		private: 
 			//---------------------------------------------------------------------------
 			inline bool handle_reciev(std::chrono::milliseconds timeout)
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@@ -202,7 +202,7 @@ namespace net_utils

 			virtual bool thread_init()
 			{
-				return m_config.m_phandler->init_server_thread();;
+				return m_config.m_phandler->init_server_thread();
 			}
 	
 			virtual bool thread_deinit()
--- a/contrib/epee/include/net/http_protocol_handler.inl
+++ b/contrib/epee/include/net/http_protocol_handler.inl
@@ -577,6 +577,10 @@ namespace net_utils
 		if (query_info.m_http_method != http::http_method_options)
 		{
 			res = handle_request(query_info, response);
+			if (response.m_response_code == 500)
+			{
+				m_want_close = true;	// close on all "Internal server error"s
+			}
 		}
 		else
 		{
@@ -587,11 +591,12 @@ namespace net_utils
 		std::string response_data = get_response_header(response);
 		//LOG_PRINT_L0("HTTP_SEND: << \r\n" << response_data + response.m_body);

-    LOG_PRINT_L3("HTTP_RESPONSE_HEAD: << \r\n" << response_data);
-		
-		m_psnd_hndlr->do_send((void*)response_data.data(), response_data.size());
+		LOG_PRINT_L3("HTTP_RESPONSE_HEAD: << \r\n" << response_data);
+
 		if ((response.m_body.size() && (query_info.m_http_method != http::http_method_head)) || (query_info.m_http_method == http::http_method_options))
-			m_psnd_hndlr->do_send((void*)response.m_body.data(), response.m_body.size());
+			response_data += response.m_body;
+
+		m_psnd_hndlr->do_send(byte_slice{std::move(response_data)});
 		m_psnd_hndlr->send_done();
 		return res;
 	}
--- a/contrib/epee/include/net/http_server_handlers_map2.h
+++ b/contrib/epee/include/net/http_server_handlers_map2.h
@@ -42,8 +42,17 @@
  MINFO("HTTP [" << m_conn_context.m_remote_address.host_str() << "] " << query_info.m_http_method_str << " " << query_info.m_URI); \
  response.m_response_code = 200; \
  response.m_response_comment = "Ok"; \
-  if(!handle_http_request_map(query_info, response, m_conn_context)) \
-  {response.m_response_code = 404;response.m_response_comment = "Not found";} \
+  try \
+  { \
+    if(!handle_http_request_map(query_info, response, m_conn_context)) \
+    {response.m_response_code = 404;response.m_response_comment = "Not found";} \
+  } \
+  catch (const std::exception &e) \
+  { \
+    MERROR(m_conn_context << "Exception in handle_http_request_map: " << e.what()); \
+    response.m_response_code = 500; \
+    response.m_response_comment = "Internal Server Error"; \
+  } \
  return true; \
 }

@@ -69,9 +78,11 @@
      uint64_t ticks1 = epee::misc_utils::get_tick_count(); \
      boost::value_initialized<command_type::response> resp;\
      MINFO(m_conn_context << "calling " << s_pattern); \
-      if(!callback_f(static_cast<command_type::request&>(req), static_cast<command_type::response&>(resp), &m_conn_context)) \
+      bool res = false; \
+      try { res = callback_f(static_cast<command_type::request&>(req), static_cast<command_type::response&>(resp), &m_conn_context); } \
+      catch (const std::exception &e) { MERROR(m_conn_context << "Failed to " << #callback_f << "(): " << e.what()); } \
+      if (!res) \
      { \
-        LOG_ERROR("Failed to " << #callback_f << "()"); \
        response_info.m_response_code = 500; \
        response_info.m_response_comment = "Internal Server Error"; \
        return true; \
@@ -97,9 +108,11 @@
      uint64_t ticks1 = misc_utils::get_tick_count(); \
      boost::value_initialized<command_type::response> resp;\
      MINFO(m_conn_context << "calling " << s_pattern); \
-      if(!callback_f(static_cast<command_type::request&>(req), static_cast<command_type::response&>(resp), &m_conn_context)) \
+      bool res = false; \
+      try { res = callback_f(static_cast<command_type::request&>(req), static_cast<command_type::response&>(resp), &m_conn_context); } \
+      catch (const std::exception &e) { MERROR(m_conn_context << "Failed to " << #callback_f << "()"); } \
+      if (!res) \
      { \
-        LOG_ERROR("Failed to " << #callback_f << "()"); \
        response_info.m_response_code = 500; \
        response_info.m_response_comment = "Internal Server Error"; \
        return true; \
@@ -120,6 +133,7 @@
 #define BEGIN_JSON_RPC_MAP(uri)    else if(query_info.m_URI == uri) \
    { \
    uint64_t ticks = epee::misc_utils::get_tick_count(); \
+    response_info.m_mime_tipe = "application/json"; \
    epee::serialization::portable_storage ps; \
    if(!ps.load_from_json(query_info.m_body)) \
    { \
@@ -148,6 +162,7 @@

 #define PREPARE_OBJECTS_FROM_JSON(command_type) \
  handled = true; \
+  response_info.m_mime_tipe = "application/json"; \
  boost::value_initialized<epee::json_rpc::request<command_type::request> > req_; \
  epee::json_rpc::request<command_type::request>& req = static_cast<epee::json_rpc::request<command_type::request>&>(req_);\
  if(!req.load(ps)) \
@@ -182,7 +197,10 @@
  fail_resp.jsonrpc = "2.0"; \
  fail_resp.id = req.id; \
  MINFO(m_conn_context << "Calling RPC method " << method_name); \
-  if(!callback_f(req.params, resp.result, fail_resp.error, &m_conn_context)) \
+  bool res = false; \
+  try { res = callback_f(req.params, resp.result, fail_resp.error, &m_conn_context); } \
+  catch (const std::exception &e) { MERROR(m_conn_context << "Failed to " << #callback_f << "(): " << e.what()); } \
+  if (!res) \
  { \
    epee::serialization::store_t_to_json(static_cast<epee::json_rpc::error_response&>(fail_resp), response_info.m_body); \
    return true; \
@@ -201,7 +219,10 @@
  fail_resp.jsonrpc = "2.0"; \
  fail_resp.id = req.id; \
  MINFO(m_conn_context << "calling RPC method " << method_name); \
-  if(!callback_f(req.params, resp.result, fail_resp.error, response_info, &m_conn_context)) \
+  bool res = false; \
+  try { res = callback_f(req.params, resp.result, fail_resp.error, response_info, &m_conn_context); } \
+  catch (const std::exception &e) { MERROR(m_conn_context << "Failed to " << #callback_f << "(): " << e.what()); } \
+  if (!res) \
  { \
    epee::serialization::store_t_to_json(static_cast<epee::json_rpc::error_response&>(fail_resp), response_info.m_body); \
    return true; \
@@ -215,7 +236,10 @@
 { \
  PREPARE_OBJECTS_FROM_JSON(command_type) \
  MINFO(m_conn_context << "calling RPC method " << method_name); \
-  if(!callback_f(req.params, resp.result, &m_conn_context)) \
+  bool res = false; \
+  try { res = callback_f(req.params, resp.result, &m_conn_context); } \
+  catch (const std::exception &e) { MERROR(m_conn_context << "Failed to " << #callback_f << "(): " << e.what()); } \
+  if (!res) \
  { \
    epee::json_rpc::error_response fail_resp = AUTO_VAL_INIT(fail_resp); \
    fail_resp.jsonrpc = "2.0"; \
--- a/contrib/epee/include/net/http_server_impl_base.h
+++ b/contrib/epee/include/net/http_server_impl_base.h
@@ -31,7 +31,7 @@


 #include <boost/thread.hpp>
-#include <boost/bind.hpp> 
+#include <boost/bind/bind.hpp>

 #include "net/abstract_tcp_server2.h"
 #include "http_protocol_handler.h"
@@ -57,6 +57,7 @@ namespace epee
    {}

    bool init(std::function<void(size_t, uint8_t*)> rng, const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
+      const std::string& bind_ipv6_address = "::", bool use_ipv6 = false, bool require_ipv4 = true,
      std::vector<std::string> access_control_origins = std::vector<std::string>(),
      boost::optional<net_utils::http::login> user = boost::none,
      net_utils::ssl_options_t ssl_options = net_utils::ssl_support_t::e_ssl_support_autodetect)
@@ -75,8 +76,12 @@ namespace epee

      m_net_server.get_config_object().m_user = std::move(user);

-      MGINFO("Binding on " << bind_ip << ":" << bind_port);
-      bool res = m_net_server.init_server(bind_port, bind_ip, std::move(ssl_options));
+      MGINFO("Binding on " << bind_ip << " (IPv4):" << bind_port);
+      if (use_ipv6)
+      {
+        MGINFO("Binding on " << bind_ipv6_address << " (IPv6):" << bind_port);
+      }
+      bool res = m_net_server.init_server(bind_port, bind_ip, bind_port, bind_ipv6_address, use_ipv6, require_ipv4, std::move(ssl_options));
      if(!res)
      {
        LOG_ERROR("Failed to bind server");
--- a/contrib/epee/include/net/levin_base.h
+++ b/contrib/epee/include/net/levin_base.h
@@ -29,7 +29,11 @@
 #ifndef _LEVIN_BASE_H_
 #define _LEVIN_BASE_H_

+#include <cstdint>
+
+#include "byte_slice.h"
 #include "net_utils_base.h"
+#include "span.h"

 #define LEVIN_SIGNATURE  0x0101010101012101LL  //Bender's nightmare

@@ -72,6 +76,8 @@ namespace levin

 #define LEVIN_PACKET_REQUEST			0x00000001
 #define LEVIN_PACKET_RESPONSE		0x00000002
+#define LEVIN_PACKET_BEGIN		0x00000004
+#define LEVIN_PACKET_END		0x00000008
  

 #define LEVIN_PROTOCOL_VER_0         0
@@ -118,9 +124,30 @@ namespace levin
    }
  }

+  //! \return Intialized levin header.
+  bucket_head2 make_header(uint32_t command, uint64_t msg_size, uint32_t flags, bool expect_response) noexcept;

+  //! \return A levin notification message.
+  byte_slice make_notify(int command, epee::span<const std::uint8_t> payload);
+
+  /*! Generate a dummy levin message.
+
+      \param noise_bytes Total size of the returned `byte_slice`.
+      \return `nullptr` if `noise_size` is smaller than the levin header.
+        Otherwise, a dummy levin message. */
+  byte_slice make_noise_notify(std::size_t noise_bytes);
+
+  /*! Generate 1+ levin messages that are identical to the noise message size.
+
+   \param noise Each levin message will be identical to the size of this
+      message. The bytes from this message will be used for padding.
+   \return `nullptr` if `noise.size()` is less than the levin header size.
+      Otherwise, a levin notification message OR 2+ levin fragment messages.
+      Each message is `noise.size()` in length. */
+  byte_slice make_fragmented_notify(const byte_slice& noise, int command, epee::span<const std::uint8_t> payload);
 }
 }


 #endif //_LEVIN_BASE_H_
+
--- a/contrib/epee/include/net/levin_protocol_handler.h
+++ b/contrib/epee/include/net/levin_protocol_handler.h
@@ -157,10 +157,9 @@ namespace levin
 						m_current_head.m_return_code = m_config.m_pcommands_handler->invoke(m_current_head.m_command, buff_to_invoke, return_buff, m_conn_context);
 						m_current_head.m_cb = return_buff.size();
 						m_current_head.m_have_to_return_data = false;
-						std::string send_buff((const char*)&m_current_head, sizeof(m_current_head));
-						send_buff += return_buff;

-						if(!m_psnd_hndlr->do_send(send_buff.data(), send_buff.size()))
+						return_buff.insert(0, (const char*)&m_current_head, sizeof(m_current_head));
+						if(!m_psnd_hndlr->do_send(byte_slice{std::move(return_buff)}))
 							return false;

 					}
--- a/contrib/epee/include/net/levin_protocol_handler_async.h
+++ b/contrib/epee/include/net/levin_protocol_handler_async.h
@@ -32,6 +32,7 @@
 #include <boost/smart_ptr/make_shared.hpp>

 #include <atomic>
+#include <deque>

 #include "levin_base.h"
 #include "buffer.h"
@@ -91,6 +92,7 @@ public:
  int invoke_async(int command, const epee::span<const uint8_t> in_buff, boost::uuids::uuid connection_id, const callback_t &cb, size_t timeout = LEVIN_DEFAULT_TIMEOUT_PRECONFIGURED);

  int notify(int command, const epee::span<const uint8_t> in_buff, boost::uuids::uuid connection_id);
+  int send(epee::byte_slice message, const boost::uuids::uuid& connection_id);
  bool close(boost::uuids::uuid connection_id);
  bool update_connection_context(const t_connection_context& contxt);
  bool request_callback(boost::uuids::uuid connection_id);
@@ -99,6 +101,8 @@ public:
  template<class callback_t>
  bool for_connection(const boost::uuids::uuid &connection_id, const callback_t &cb);
  size_t get_connections_count();
+  size_t get_out_connections_count();
+  size_t get_in_connections_count();
  void set_handler(levin_commands_handler<t_connection_context>* handler, void (*destroy)(levin_commands_handler<t_connection_context>*) = NULL);

  async_protocol_handler_config():m_pcommands_handler(NULL), m_pcommands_handler_destroy(NULL), m_max_packet_size(LEVIN_DEFAULT_MAX_PACKET_SIZE), m_invoke_timeout(LEVIN_DEFAULT_TIMEOUT_PRECONFIGURED)
@@ -115,6 +119,22 @@ public:
 template<class t_connection_context = net_utils::connection_context_base>
 class async_protocol_handler
 {
+  std::string m_fragment_buffer;
+
+  bool send_message(uint32_t command, epee::span<const uint8_t> in_buff, uint32_t flags, bool expect_response)
+  {
+    const bucket_head2 head = make_header(command, in_buff.size(), flags, expect_response);
+    if(!m_pservice_endpoint->do_send(byte_slice{as_byte_span(head), in_buff}))
+      return false;
+
+    MDEBUG(m_connection_context << "LEVIN_PACKET_SENT. [len=" << head.m_cb
+        << ", flags" << head.m_flags
+        << ", r?=" << head.m_have_to_return_data
+        <<", cmd = " << head.m_command
+        << ", ver=" << head.m_protocol_version);
+    return true;
+  }
+
 public:
  typedef t_connection_context connection_context;
  typedef async_protocol_handler_config<t_connection_context> config_type;
@@ -134,7 +154,6 @@ public:
  critical_section m_local_inv_buff_lock;
  std::string m_local_inv_buff;

-  critical_section m_send_lock;
  critical_section m_call_lock;

  volatile uint32_t m_wait_count;
@@ -253,6 +272,11 @@ public:
  bool add_invoke_response_handler(const callback_t &cb, uint64_t timeout,  async_protocol_handler& con, int command)
  {
    CRITICAL_REGION_LOCAL(m_invoke_response_handlers_lock);
+    if (m_protocol_released)
+    {
+      MERROR("Adding response handler to a released object");
+      return false;
+    }
    boost::shared_ptr<invoke_response_handler_base> handler(boost::make_shared<anvoke_handler<callback_t>>(cb, timeout, con, command));
    m_invoke_response_handlers.push_back(handler);
    return handler->is_timer_started();
@@ -374,7 +398,12 @@ public:
      return false;
    }

-    if(m_cache_in_buffer.size() +  cb > m_config.m_max_packet_size)
+    // these should never fail, but do runtime check for safety
+    CHECK_AND_ASSERT_MES(m_config.m_max_packet_size >= m_cache_in_buffer.size(), false, "Bad m_cache_in_buffer.size()");
+    CHECK_AND_ASSERT_MES(m_config.m_max_packet_size - m_cache_in_buffer.size() >= m_fragment_buffer.size(), false, "Bad m_cache_in_buffer.size() + m_fragment_buffer.size()");
+
+    // flipped to subtraction; prevent overflow since m_max_packet_size is variable and public
+    if(cb > m_config.m_max_packet_size - m_cache_in_buffer.size() - m_fragment_buffer.size())
    {
      MWARNING(m_connection_context << "Maximum packet size exceed!, m_max_packet_size = " << m_config.m_max_packet_size
                          << ", packet received " << m_cache_in_buffer.size() +  cb 
@@ -406,8 +435,38 @@ public:
          }
          break;
        }
+
        {
+          std::string temp{};
          epee::span<const uint8_t> buff_to_invoke = m_cache_in_buffer.carve((std::string::size_type)m_current_head.m_cb);
+          m_state = stream_state_head;
+
+          // abstract_tcp_server2.h manages max bandwidth for a p2p link
+          if (!(m_current_head.m_flags & (LEVIN_PACKET_REQUEST | LEVIN_PACKET_RESPONSE)))
+          {
+            // special noise/fragment command
+            static constexpr const uint32_t both_flags = (LEVIN_PACKET_BEGIN | LEVIN_PACKET_END);
+            if ((m_current_head.m_flags & both_flags) == both_flags)
+              break; // noise message, skip to next message
+
+            if (m_current_head.m_flags & LEVIN_PACKET_BEGIN)
+              m_fragment_buffer.clear();
+
+            m_fragment_buffer.append(reinterpret_cast<const char*>(buff_to_invoke.data()), buff_to_invoke.size());
+            if (!(m_current_head.m_flags & LEVIN_PACKET_END))
+              break; // skip to next message
+
+            if (m_fragment_buffer.size() < sizeof(bucket_head2))
+            {
+              MERROR(m_connection_context << "Fragmented data too small for levin header");
+              return false;
+            }
+
+            temp = std::move(m_fragment_buffer);
+            m_fragment_buffer.clear();
+            std::memcpy(std::addressof(m_current_head), std::addressof(temp[0]), sizeof(bucket_head2));
+            buff_to_invoke = {reinterpret_cast<const uint8_t*>(temp.data()) + sizeof(bucket_head2), temp.size() - sizeof(bucket_head2)};
+          }

          bool is_response = (m_oponent_protocol_ver == LEVIN_PROTOCOL_VER_1 && m_current_head.m_flags&LEVIN_PACKET_RESPONSE);

@@ -456,43 +515,33 @@ public:
            if(m_current_head.m_have_to_return_data)
            {
              std::string return_buff;
-              m_current_head.m_return_code = m_config.m_pcommands_handler->invoke(
-                                                                  m_current_head.m_command, 
-                                                                  buff_to_invoke, 
-                                                                  return_buff, 
-                                                                  m_connection_context);
-              m_current_head.m_cb = return_buff.size();
-              m_current_head.m_have_to_return_data = false;
-              m_current_head.m_protocol_version = LEVIN_PROTOCOL_VER_1;
-              m_current_head.m_flags = LEVIN_PACKET_RESPONSE;
-#if BYTE_ORDER == LITTLE_ENDIAN
-              std::string send_buff((const char*)&m_current_head, sizeof(m_current_head));
-#else
-              bucket_head2 head = m_current_head;
-              head.m_signature = SWAP64LE(head.m_signature);
-              head.m_cb = SWAP64LE(head.m_cb);
-              head.m_command = SWAP32LE(head.m_command);
-              head.m_return_code = SWAP32LE(head.m_return_code);
-              head.m_flags = SWAP32LE(head.m_flags);
-              head.m_protocol_version = SWAP32LE(head.m_protocol_version);
-              std::string send_buff((const char*)&head, sizeof(head));
-#endif
-              send_buff += return_buff;
-              CRITICAL_REGION_BEGIN(m_send_lock);
-              if(!m_pservice_endpoint->do_send(send_buff.data(), send_buff.size()))
+              const uint32_t return_code = m_config.m_pcommands_handler->invoke(
+                m_current_head.m_command, buff_to_invoke, return_buff, m_connection_context
+              );
+
+              bucket_head2 head = make_header(m_current_head.m_command, return_buff.size(), LEVIN_PACKET_RESPONSE, false);
+              head.m_return_code = SWAP32LE(return_code);
+              return_buff.insert(0, reinterpret_cast<const char*>(&head), sizeof(head));
+
+              if(!m_pservice_endpoint->do_send(byte_slice{std::move(return_buff)}))
                return false;
-              CRITICAL_REGION_END();
-              MDEBUG(m_connection_context << "LEVIN_PACKET_SENT. [len=" << m_current_head.m_cb
-                << ", flags" << m_current_head.m_flags 
-                << ", r?=" << m_current_head.m_have_to_return_data 
-                <<", cmd = " << m_current_head.m_command 
-                << ", ver=" << m_current_head.m_protocol_version);
+
+              MDEBUG(m_connection_context << "LEVIN_PACKET_SENT. [len=" << head.m_cb
+                << ", flags" << head.m_flags
+                << ", r?=" << head.m_have_to_return_data
+                <<", cmd = " << head.m_command
+                << ", ver=" << head.m_protocol_version);
            }
            else
              m_config.m_pcommands_handler->notify(m_current_head.m_command, buff_to_invoke, m_connection_context);
          }
+          // reuse small buffer
+          if (!temp.empty() && temp.capacity() <= 64 * 1024)
+          {
+            temp.clear();
+            m_fragment_buffer = std::move(temp);
+          }
        }
-        m_state = stream_state_head;
        break;
      case stream_state_head:
        {
@@ -582,26 +631,10 @@ public:
        break;
      }

-      bucket_head2 head = {0};
-      head.m_signature = SWAP64LE(LEVIN_SIGNATURE);
-      head.m_cb = SWAP64LE(in_buff.size());
-      head.m_have_to_return_data = true;
-
-      head.m_flags = SWAP32LE(LEVIN_PACKET_REQUEST);
-      head.m_command = SWAP32LE(command);
-      head.m_protocol_version = SWAP32LE(LEVIN_PROTOCOL_VER_1);
-
      boost::interprocess::ipcdetail::atomic_write32(&m_invoke_buf_ready, 0);
-      CRITICAL_REGION_BEGIN(m_send_lock);
-      CRITICAL_REGION_LOCAL1(m_invoke_response_handlers_lock);
-      if(!m_pservice_endpoint->do_send(&head, sizeof(head)))
-      {
-        LOG_ERROR_CC(m_connection_context, "Failed to do_send");
-        err_code = LEVIN_ERROR_CONNECTION;
-        break;
-      }
+      CRITICAL_REGION_BEGIN(m_invoke_response_handlers_lock);

-      if(!m_pservice_endpoint->do_send(in_buff.data(), in_buff.size()))
+      if(!send_message(command, in_buff, LEVIN_PACKET_REQUEST, true))
      {
        LOG_ERROR_CC(m_connection_context, "Failed to do_send");
        err_code = LEVIN_ERROR_CONNECTION;
@@ -618,7 +651,7 @@ public:

    if (LEVIN_OK != err_code)
    {
-      epee::span<const uint8_t> stub_buff{(const uint8_t*)"", 0};
+      epee::span<const uint8_t> stub_buff = nullptr;
      // Never call callback inside critical section, that can cause deadlock
      cb(err_code, stub_buff, m_connection_context);
      return false;
@@ -640,36 +673,14 @@ public:
    if(m_deletion_initiated)
      return LEVIN_ERROR_CONNECTION_DESTROYED;

-    bucket_head2 head = {0};
-    head.m_signature = SWAP64LE(LEVIN_SIGNATURE);
-    head.m_cb = SWAP64LE(in_buff.size());
-    head.m_have_to_return_data = true;
-
-    head.m_flags = SWAP32LE(LEVIN_PACKET_REQUEST);
-    head.m_command = SWAP32LE(command);
-    head.m_protocol_version = SWAP32LE(LEVIN_PROTOCOL_VER_1);
-
    boost::interprocess::ipcdetail::atomic_write32(&m_invoke_buf_ready, 0);
-    CRITICAL_REGION_BEGIN(m_send_lock);
-    if(!m_pservice_endpoint->do_send(&head, sizeof(head)))
+
+    if (!send_message(command, in_buff, LEVIN_PACKET_REQUEST, true))
    {
-      LOG_ERROR_CC(m_connection_context, "Failed to do_send");
+      LOG_ERROR_CC(m_connection_context, "Failed to send request");
      return LEVIN_ERROR_CONNECTION;
    }

-    if(!m_pservice_endpoint->do_send(in_buff.data(), in_buff.size()))
-    {
-      LOG_ERROR_CC(m_connection_context, "Failed to do_send");
-      return LEVIN_ERROR_CONNECTION;
-    }
-    CRITICAL_REGION_END();
-
-    MDEBUG(m_connection_context << "LEVIN_PACKET_SENT. [len=" << head.m_cb
-                            << ", f=" << head.m_flags 
-                            << ", r?=" << head.m_have_to_return_data 
-                            << ", cmd = " << head.m_command 
-                            << ", ver=" << head.m_protocol_version);
-
    uint64_t ticks_start = misc_utils::get_tick_count();
    size_t prev_size = 0;

@@ -714,33 +725,38 @@ public:
    if(m_deletion_initiated)
      return LEVIN_ERROR_CONNECTION_DESTROYED;

-    bucket_head2 head = {0};
-    head.m_signature = SWAP64LE(LEVIN_SIGNATURE);
-    head.m_have_to_return_data = false;
-    head.m_cb = SWAP64LE(in_buff.size());
-
-    head.m_command = SWAP32LE(command);
-    head.m_protocol_version = SWAP32LE(LEVIN_PROTOCOL_VER_1);
-    head.m_flags = SWAP32LE(LEVIN_PACKET_REQUEST);
-    CRITICAL_REGION_BEGIN(m_send_lock);
-    if(!m_pservice_endpoint->do_send(&head, sizeof(head)))
+    if (!send_message(command, in_buff, LEVIN_PACKET_REQUEST, false))
    {
-      LOG_ERROR_CC(m_connection_context, "Failed to do_send()");
+      LOG_ERROR_CC(m_connection_context, "Failed to send notify message");
      return -1;
    }

-    if(!m_pservice_endpoint->do_send(in_buff.data(), in_buff.size()))
+    return 1;
+  }
+
+  /*! Sends `message` without adding a levin header. The message must have
+      been created with `make_notify`, `make_noise_notify` or
+      `make_fragmented_notify`. See additional instructions for
+      `make_fragmented_notify`.
+
+      \return 1 on success */
+  int send(byte_slice message)
+  {
+    const misc_utils::auto_scope_leave_caller scope_exit_handler = misc_utils::create_scope_leave_handler(
+      boost::bind(&async_protocol_handler::finish_outer_call, this)
+    );
+
+    if(m_deletion_initiated)
+      return LEVIN_ERROR_CONNECTION_DESTROYED;
+
+    const std::size_t length = message.size();
+    if (!m_pservice_endpoint->do_send(std::move(message)))
    {
-      LOG_ERROR_CC(m_connection_context, "Failed to do_send()");
+      LOG_ERROR_CC(m_connection_context, "Failed to send message, dropping it");
      return -1;
    }
-    CRITICAL_REGION_END();
-    LOG_DEBUG_CC(m_connection_context, "LEVIN_PACKET_SENT. [len=" << head.m_cb <<
-      ", f=" << head.m_flags << 
-      ", r?=" << head.m_have_to_return_data <<
-      ", cmd = " << head.m_command << 
-      ", ver=" << head.m_protocol_version);

+    MDEBUG(m_connection_context << "LEVIN_PACKET_SENT. [len=" << (length - sizeof(bucket_head2)) << ", r?=0]");
    return 1;
  }
  //------------------------------------------------------------------------------------------
@@ -780,7 +796,7 @@ void async_protocol_handler_config<t_connection_context>::delete_connections(siz
      auto i = connections.end() - 1;
      async_protocol_handler<t_connection_context> *conn = m_connects.at(*i);
      del_connection(conn);
-      close(*i);
+      conn->close();
      connections.erase(i);
    }
    catch (const std::out_of_range &e)
@@ -882,6 +898,28 @@ size_t async_protocol_handler_config<t_connection_context>::get_connections_coun
 }
 //------------------------------------------------------------------------------------------
 template<class t_connection_context>
+size_t async_protocol_handler_config<t_connection_context>::get_out_connections_count()
+{
+  CRITICAL_REGION_LOCAL(m_connects_lock);
+  size_t count = 0;
+  for (const auto &c: m_connects)
+    if (!c.second->m_connection_context.m_is_income)
+      ++count;
+  return count;
+}
+//------------------------------------------------------------------------------------------
+template<class t_connection_context>
+size_t async_protocol_handler_config<t_connection_context>::get_in_connections_count()
+{
+  CRITICAL_REGION_LOCAL(m_connects_lock);
+  size_t count = 0;
+  for (const auto &c: m_connects)
+    if (c.second->m_connection_context.m_is_income)
+      ++count;
+  return count;
+}
+//------------------------------------------------------------------------------------------
+template<class t_connection_context>
 void async_protocol_handler_config<t_connection_context>::set_handler(levin_commands_handler<t_connection_context>* handler, void (*destroy)(levin_commands_handler<t_connection_context>*))
 {
  if (m_pcommands_handler && m_pcommands_handler_destroy)
@@ -899,11 +937,24 @@ int async_protocol_handler_config<t_connection_context>::notify(int command, con
 }
 //------------------------------------------------------------------------------------------
 template<class t_connection_context>
+int async_protocol_handler_config<t_connection_context>::send(byte_slice message, const boost::uuids::uuid& connection_id)
+{
+  async_protocol_handler<t_connection_context>* aph;
+  int r = find_and_lock_connection(connection_id, aph);
+  return LEVIN_OK == r ? aph->send(std::move(message)) : 0;
+}
+//------------------------------------------------------------------------------------------
+template<class t_connection_context>
 bool async_protocol_handler_config<t_connection_context>::close(boost::uuids::uuid connection_id)
 {
  CRITICAL_REGION_LOCAL(m_connects_lock);
  async_protocol_handler<t_connection_context>* aph = find_connection(connection_id);
-  return 0 != aph ? aph->close() : false;
+  if (!aph)
+    return false;
+  if (!aph->close())
+    return false;
+  m_connects.erase(connection_id);
+  return true;
 }
 //------------------------------------------------------------------------------------------
 template<class t_connection_context>
--- a/contrib/epee/include/net/local_ip.h
+++ b/contrib/epee/include/net/local_ip.h
@@ -27,6 +27,13 @@

 #pragma once

+#include <string>
+#include "int-util.h"
+
+// IP addresses are kept in network byte order
+// Masks below are little endian
+// -> convert from network byte order to host byte order before comparing
+
 namespace epee
 {
  namespace net_utils
@@ -34,6 +41,7 @@ namespace epee
    inline
    bool is_ip_local(uint32_t ip)
    {
+      ip = SWAP32LE(ip);
      /*
      local ip area
      10.0.0.0 <20> 10.255.255.255 
@@ -57,6 +65,7 @@ namespace epee
    inline
    bool is_ip_loopback(uint32_t ip)
    {
+      ip = SWAP32LE(ip);
      if( (ip | 0xffffff00) == 0xffffff7f)
        return true;
      //MAKE_IP
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`custom: https://www.getmonero.org/get-started/contributing/`