build: deprecate UPnP support #22644

fanquake · 2021-08-06T00:06:45Z

#18077 introduced support for NAT-PMP, but didn't present any sort of deprecation plan for moving away from UPNP. This means we are supporting both. I don't think Bitcoin Core should be actively supporting two different mechanisms (and thus two different dependencies) to essentially achieve the same outcome (NAT traversal); especially given our history with miniupnpc.

Using UPPp by default has been disabled since 0.11.1, which was released with an updated version of miniupnp, to fix a buffer overflow in its XML parsing. At the same time, using UPnP was disabled by default to prevent future vulnerabilities from potentially effecting the network at large. Note that even recent versions of miniupnpc contain (public) bugs that could be used to detrimentally effect a Bitcoin Core node.

miniupnp - implementation of UPnP (Universal Plug and Play)

NAT traversal implemented via IGD (Internet Gateway Device Standardised Control Protocol)
Not only does UPnP in have many issues in general, IGD has some issues of it's own.

libnatpmp - implementation of NAT-PMP (alternative to IGD)

NAT traversal
Maintained by the same author as miniupnp.

NAT-PMP has been succeeded by PCP (Port Control Protocol). However the two protocols share similar semantics, and thus, devices that implement PCP are interoperable with devices using NAT-PMP. See NAT-PMP Transition.

It's an unfortunate combination of how distros work, and the upstream maintainership of libnatpmp, that most distros are using a version of the source released in 2015, which is missing a number of bug fixes and improvements, and they may actually be using an even earlier version of the source, unknowingly, due to tarball mis-naming (see #21209).

practicalswift · 2021-08-06T03:46:02Z

Concept ACK on not supporting older potentially insecure versions of dependencies

DrahtBot · 2021-08-06T09:39:18Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type	Reviewers
Concept NACK	luke-jr
Concept ACK	practicalswift, hebasto

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

No conflicts as of last run.

luke-jr · 2021-09-14T16:33:03Z

Concept NACK. UPnP and NAT-PMP are different protocols, and routers don't always support both.

fanquake · 2022-03-21T16:01:04Z

Rebased, modified the changes slightly, updated the PR description.

hebasto · 2022-04-24T11:08:55Z

Concept ACK on using pkg-config for miniupnpc package detection.

Why not move on with non-controversial build system only stuff, and leave a controversial deprecation part for another PR/time?

This pulls in two changes I've upstreamed: Support for pkg-config: miniupnp/libnatpmp#19 Suppressing a deprecation warning: miniupnp/libnatpmp#28 Somewhat related to bitcoin#22644.

fanquake · 2022-08-01T10:24:16Z

Why not move on with non-controversial build system only stuff,

I'll split some changes out of here.

This pulls in two changes I've upstreamed: Support for pkg-config: miniupnp/libnatpmp#19 Suppressing a deprecation warning: miniupnp/libnatpmp#28 Somewhat related to bitcoin#22644.

…330d 6547100 depends: libnatpmp 07004b97cf691774efebe70404cf22201e4d330d (fanquake) Pull request description: This pulls in two changes I've upstreamed: Support for pkg-config: miniupnp/libnatpmp#19 Suppressing a deprecation warning: miniupnp/libnatpmp#28 and other upstream bug fixes. Somewhat related to #22644. Guix Build (arm64): ```bash 4a4b8e1cb5070482e53b3b869c5f6e19b892619184cf58315a3af368e13a52a2 guix-build-65471008e0a4/output/arm-linux-gnueabihf/SHA256SUMS.part 88b51f0f261f84b58da60a5c8df251b551379b811a255df9982ff496c70fc8b7 guix-build-65471008e0a4/output/arm-linux-gnueabihf/bitcoin-65471008e0a4-arm-linux-gnueabihf-debug.tar.gz 33a564914be6f4134d8e8a5f31a2bb97798a79bae8f75151b35564238d6f288e guix-build-65471008e0a4/output/arm-linux-gnueabihf/bitcoin-65471008e0a4-arm-linux-gnueabihf.tar.gz ea429260a2b5ac333f70b2b8b8697a4f76eee79cf6998d18c7de7b60818d8fe5 guix-build-65471008e0a4/output/arm64-apple-darwin/SHA256SUMS.part 304677e040592a0aee947c733657ea6c4dd8613f7c3a9834314a68e5f7a53325 guix-build-65471008e0a4/output/arm64-apple-darwin/bitcoin-65471008e0a4-arm64-apple-darwin-unsigned.dmg da171a60370ad1da6cfc1566fc4e16d09f6e896002b0ac9758fb4044eb1033c1 guix-build-65471008e0a4/output/arm64-apple-darwin/bitcoin-65471008e0a4-arm64-apple-darwin-unsigned.tar.gz 45c439319a9e2c07de8796dcfd182cdeb5600ad31f8f6b6dc383cc2914f49ab8 guix-build-65471008e0a4/output/arm64-apple-darwin/bitcoin-65471008e0a4-arm64-apple-darwin.tar.gz 120311e7c807b2641b5e7024e1b85fac0800680bccd924016f417b026aa90d25 guix-build-65471008e0a4/output/dist-archive/bitcoin-65471008e0a4.tar.gz 5272264317c93359c158c688cf0d0b6e70a6d9ec4b2e447b9fb9fcaf1950f6bc guix-build-65471008e0a4/output/powerpc64-linux-gnu/SHA256SUMS.part 98a0d14b8d05974d70f0d5243bfc2fec6aea30b9d8375f950f42a21d5e034065 guix-build-65471008e0a4/output/powerpc64-linux-gnu/bitcoin-65471008e0a4-powerpc64-linux-gnu-debug.tar.gz 8e07410ad2e7e204c5e84a81894c5398b34f36cc9e1ba386bf0963f09755818b guix-build-65471008e0a4/output/powerpc64-linux-gnu/bitcoin-65471008e0a4-powerpc64-linux-gnu.tar.gz 47ae8b948127f03e43a4c7e83a3611b650e26da50936ea9ce0247e01b29463f3 guix-build-65471008e0a4/output/powerpc64le-linux-gnu/SHA256SUMS.part 04e92527df8c7bb9f78c29b152d920830be0ef26d01e0ee1b32d52bb68fc9717 guix-build-65471008e0a4/output/powerpc64le-linux-gnu/bitcoin-65471008e0a4-powerpc64le-linux-gnu-debug.tar.gz ddb09291c9e270343b56e66fae33fd792eb2ec7e5a138337ec1608642dd3a983 guix-build-65471008e0a4/output/powerpc64le-linux-gnu/bitcoin-65471008e0a4-powerpc64le-linux-gnu.tar.gz de3cfcf47abed3d4d3881086eba94ee2c34d9078dc53639cc6321c2bd1041073 guix-build-65471008e0a4/output/riscv64-linux-gnu/SHA256SUMS.part fecd6a307b66fd54fa5792ce14e1a4d50df5646cdf6cc51d5b355fb1384f5105 guix-build-65471008e0a4/output/riscv64-linux-gnu/bitcoin-65471008e0a4-riscv64-linux-gnu-debug.tar.gz f2c5a85fb17ad9605809b4ac01eba56cd573744697b9c942d293b42a623a2832 guix-build-65471008e0a4/output/riscv64-linux-gnu/bitcoin-65471008e0a4-riscv64-linux-gnu.tar.gz 4cd0b05e96491d9b0fe7eff78aab885a2f0d62f141950117759fecceaeba5412 guix-build-65471008e0a4/output/x86_64-apple-darwin/SHA256SUMS.part bae30549d8044e1aa11bae6d57321a7a3a765c8b87ead9cdcc8abf9f22a564a3 guix-build-65471008e0a4/output/x86_64-apple-darwin/bitcoin-65471008e0a4-x86_64-apple-darwin-unsigned.dmg 435187b492d6df77d4fa7cd0f77ad08c587c4bd463295be802b6e222ee92a2fa guix-build-65471008e0a4/output/x86_64-apple-darwin/bitcoin-65471008e0a4-x86_64-apple-darwin-unsigned.tar.gz b9cf808ec88368a9b0e1883253a9d8c6f123bf7f61df40e34e5e4b8959846d65 guix-build-65471008e0a4/output/x86_64-apple-darwin/bitcoin-65471008e0a4-x86_64-apple-darwin.tar.gz b9d9a46f7d3188cd517a180fd24fdb38b8c695175fe9ac75c3b3eb2450d9f5d5 guix-build-65471008e0a4/output/x86_64-linux-gnu/SHA256SUMS.part fd601d6821fbe5faa1eb44b9f07046187f491a83fbf1e0fd603be212bfea3385 guix-build-65471008e0a4/output/x86_64-linux-gnu/bitcoin-65471008e0a4-x86_64-linux-gnu-debug.tar.gz 98ae9d653a8fdeda055468dbf674ee46b0727e1c5b768b1765fc4451defed36e guix-build-65471008e0a4/output/x86_64-linux-gnu/bitcoin-65471008e0a4-x86_64-linux-gnu.tar.gz 821de40cbc96c27bb1f0fbcfb46c4e801f202c2dfd7aa9ad88daf6ced2be90e5 guix-build-65471008e0a4/output/x86_64-w64-mingw32/SHA256SUMS.part 0f2425ea0a17c9aa80cf7d2eb316b9ebe76f49de777635ac37f9e6e21bcd650e guix-build-65471008e0a4/output/x86_64-w64-mingw32/bitcoin-65471008e0a4-win64-debug.zip 046ede05868c153ec1d87b8dad4b6494913ea3e952edee86b068d367c57fa7ec guix-build-65471008e0a4/output/x86_64-w64-mingw32/bitcoin-65471008e0a4-win64-setup-unsigned.exe 62b6e5ebb085735838ada1f328d6e092d7fb726caad6e049340bfa783897cfa1 guix-build-65471008e0a4/output/x86_64-w64-mingw32/bitcoin-65471008e0a4-win64-unsigned.tar.gz 265f9814a7fa3333395f34a5dceafd11d50d170aa5303386aa6f8244542d070a guix-build-65471008e0a4/output/x86_64-w64-mingw32/bitcoin-65471008e0a4-win64.zip ``` ACKs for top commit: theuni: Simple bump ACK 6547100. From a quick glance the upstream changes appear to be minimal and sane. hebasto: ACK 6547100 Tree-SHA512: 61541b7dcde611f5bafe5b77977403dab86fe24f0bf4bfb79ab7123bac8b7c4dcad53993d18ab40964756699a77952c8ecc5a0416055c9e436fc34867f7f9cf6

fanquake · 2023-02-02T14:40:19Z

Rebased and somewhat changed the approach here. This is now based on #27016, and includes a bump to miniupnpc 2.2.4 (which removes the need to include patches I've upstreamed).

Will rewrite the PR description shortly. Windows will need at least one more change, and something in configure for the arm macOS brew builds.

b3b673f mapport: require miniupnpc API version 17 or later (fanquake) Pull request description: Version 17 is currently the latest version, see: https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/apiversions.txt, and has been available since the release of 2.1. 2.1 or newer is readily available across all distros, see https://repology.org/project/miniupnpc/versions, so drop support for the older API versions. Split out of #22644. ACKs for top commit: hebasto: ACK b3b673f, tested on Ubuntu 20.04 w/ and w/o [`libminiupnpc-dev`](https://packages.ubuntu.com/focal/libminiupnpc-dev) package. TheCharlatan: ACK b3b673f Tree-SHA512: f53b36b82462c4ea83d9b83413dca8097885d1620f7ca0a53a79d6b3d3cf37c7773828b23f4278ccfcc3b14fcb0faffa35f60191b519b04570f3d2783d0303e2

b3b673f mapport: require miniupnpc API version 17 or later (fanquake) Pull request description: Version 17 is currently the latest version, see: https://github.com/miniupnp/miniupnp/blob/master/miniupnpc/apiversions.txt, and has been available since the release of 2.1. 2.1 or newer is readily available across all distros, see https://repology.org/project/miniupnpc/versions, so drop support for the older API versions. Split out of bitcoin#22644. ACKs for top commit: hebasto: ACK b3b673f, tested on Ubuntu 20.04 w/ and w/o [`libminiupnpc-dev`](https://packages.ubuntu.com/focal/libminiupnpc-dev) package. TheCharlatan: ACK b3b673f Tree-SHA512: f53b36b82462c4ea83d9b83413dca8097885d1620f7ca0a53a79d6b3d3cf37c7773828b23f4278ccfcc3b14fcb0faffa35f60191b519b04570f3d2783d0303e2

DrahtBot · 2023-04-06T15:34:38Z

Guix builds

File	commit `0459548` (master)	commit `a8c5dba` (master and this pull)
SHA256SUMS.part	`3b21459f399dc1ea...`	`9c40933ea3b0eacf...`
*-aarch64-linux-gnu-debug.tar.gz	`4fff85f0c784be03...`	`2829dff3d78623f6...`
*-aarch64-linux-gnu.tar.gz	`302a7296fa09024c...`	`71fb1ab0eb5b0f9a...`
*-arm-linux-gnueabihf-debug.tar.gz	`26ef559dfe85ff36...`	`bed43de4565808d0...`
*-arm-linux-gnueabihf.tar.gz	`c7c400b449bcbc25...`	`74dd1bcbd5e03a3a...`
*-powerpc64-linux-gnu-debug.tar.gz	`dbb0dab1769348dd...`	`8bd945b6e6939c57...`
*-powerpc64-linux-gnu.tar.gz	`29a49889d6a4b726...`	`5b2845e6606ae41a...`
*-powerpc64le-linux-gnu-debug.tar.gz	`0b55f161d313f183...`	`b1b326859906c9d2...`
*-powerpc64le-linux-gnu.tar.gz	`3470a917fac98913...`	`0d5c45e035c11683...`
*-riscv64-linux-gnu-debug.tar.gz	`bd0586823316a3bb...`	`5403aaeaf5b85b49...`
*-riscv64-linux-gnu.tar.gz	`066f0cd363c9cc8b...`	`9e2f2136d7ae628a...`
*-x86_64-linux-gnu-debug.tar.gz	`251d02a968fcc021...`	`242c49f07ab3c4e9...`
*-x86_64-linux-gnu.tar.gz	`47b6ba3557239b83...`	`fd8e309df6f3606c...`
*.tar.gz	`dc8ec0b33bd6e206...`	`c99020aaeb2cc8e1...`
guix_build.log	`5d15543628c9c161...`	`aac88d5c971efa20...`
guix_build.log.diff		`0344f7d16fad41b6...`

maflcko · 2023-08-24T09:23:41Z

Extracting miniupnpc...
/ci_container_base/depends/sources/miniupnpc-2.2.5.tar.gz: OK
Preprocessing miniupnpc...
Configuring miniupnpc...
Building miniupnpc...
patching file src/minisoap.c
patching file src/miniwget.c
make[1]: Entering directory '/ci_container_base/depends/work/build/x86_64-w64-mingw32/miniupnpc/2.2.5-c290993a88e'
fatal: not a git repository (or any parent up to mount point /ci_container_base)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
make[1]: *** No rule to make target 'build/libminiupnpc.a'.  Stop.
make[1]: Leaving directory '/ci_container_base/depends/work/build/x86_64-w64-mingw32/miniupnpc/2.2.5-c290993a88e'
make: *** [funcs.mk:291: /ci_container_base/depends/work/build/x86_64-w64-mingw32/miniupnpc/2.2.5-c290993a88e/./.stamp_built] Error 1
make: Leaving directory '/ci_container_base/depends'

Exit status: 2

fanquake · 2023-08-24T09:25:46Z

I can't see how that is related to the changes here, looks like a github/CI bug? Especially given:

fatal: not a git repository (or any parent up to mount point /ci_container_base)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

maflcko · 2023-08-25T13:50:08Z

I can reproduce locally on 3fbac1f

fanquake · 2023-08-25T14:18:12Z

Ok. When upstream re-arranged it's sources/how it builds, it didn't bother to update it's Windows makefile. Might send a patch

fanquake · 2023-09-07T11:01:26Z

I would still like to see this done, as I think the current upnp code / additional of natpmp was a bit of a mess, with no plan going forward, however probably not going to maintain this PR.

fanquake · 2025-07-23T10:37:05Z

No longer "Up for grabs". Replaced by #31130.

DrahtBot added the Build system label Aug 6, 2021

This was referenced Aug 6, 2021

build: Fix make apk for Android w/ non-default SOURCES_PATH in depends #22555

Closed

build: Improve depends build system robustness #22552

Closed

DrahtBot mentioned this pull request Nov 11, 2021

build: boring autotools cleanup #23473

Merged

DrahtBot added the Needs rebase label Dec 13, 2021

fanquake force-pushed the miniupnpc_pkg_config branch from e07625d to 410a2cb Compare March 21, 2022 15:57

DrahtBot removed the Needs rebase label Mar 21, 2022

DrahtBot mentioned this pull request Mar 21, 2022

doc: add more info to dependencies.md #24586

Merged

DrahtBot mentioned this pull request Mar 31, 2022

build: remove unneeded configure $*val setting #24671

Closed

DrahtBot added the Needs rebase label Apr 21, 2022

fanquake force-pushed the miniupnpc_pkg_config branch from 410a2cb to b178b64 Compare April 21, 2022 12:30

DrahtBot removed the Needs rebase label Apr 21, 2022

DrahtBot mentioned this pull request Apr 25, 2022

build: Fix macOS Apple M1 build with miniupnpc and libnatpmp. Again :) #24958

Merged

DrahtBot added the Needs rebase label Apr 28, 2022

fanquake force-pushed the miniupnpc_pkg_config branch from b178b64 to 3b96e2d Compare August 1, 2022 10:23

DrahtBot removed the Needs rebase label Aug 1, 2022

fanquake mentioned this pull request Aug 24, 2022

depends: libnatpmp 07004b97cf691774efebe70404cf22201e4d330d #25917

Merged

DrahtBot mentioned this pull request Aug 31, 2022

build: fix mingw miniupnpc cflags #25964

Merged

fanquake force-pushed the miniupnpc_pkg_config branch from 3b96e2d to cad3ae7 Compare November 28, 2022 16:44

fanquake removed the Needs rebase label Nov 28, 2022

fanquake mentioned this pull request Feb 1, 2023

mapport: require miniupnpc API version 17 or later #27016

Merged

fanquake force-pushed the miniupnpc_pkg_config branch from cad3ae7 to 78c5e40 Compare February 2, 2023 14:38

fanquake force-pushed the miniupnpc_pkg_config branch from 78c5e40 to 10cb3e1 Compare February 13, 2023 16:27

fanquake changed the title ~~Deprecate UPnP support, require 2.1 or later~~ build: deprecate UPnP support Feb 13, 2023

maflcko added the DrahtBot Guix build requested label Apr 6, 2023

fanquake force-pushed the miniupnpc_pkg_config branch from 10cb3e1 to 9a0112b Compare April 6, 2023 09:31

DrahtBot removed the DrahtBot Guix build requested label Apr 6, 2023

fanquake force-pushed the miniupnpc_pkg_config branch from 9a0112b to ee9edd7 Compare June 30, 2023 08:56

DrahtBot added the CI failed label Jun 30, 2023

fanquake added 3 commits August 23, 2023 15:01

depends: miniupnpc 2.2.5

3fbac1f

build: use pkg-config to check for miniupnpc availability

5f8467f

doc: mark UPnP usage as deprecated

78f8a7b

fanquake force-pushed the miniupnpc_pkg_config branch from ee9edd7 to 78f8a7b Compare August 23, 2023 14:01

fanquake closed this Sep 7, 2023

hebasto added the Up for grabs label Sep 7, 2023

fanquake deleted the miniupnpc_pkg_config branch April 4, 2024 13:30

bitcoin locked and limited conversation to collaborators Apr 4, 2025

fanquake removed the Up for grabs label Jul 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build: deprecate UPnP support #22644

build: deprecate UPnP support #22644

Uh oh!

fanquake commented Aug 6, 2021 •

edited

Loading

Uh oh!

practicalswift commented Aug 6, 2021

Uh oh!

DrahtBot commented Aug 6, 2021 •

edited

Loading

Uh oh!

luke-jr commented Sep 14, 2021

Uh oh!

fanquake commented Mar 21, 2022

Uh oh!

hebasto commented Apr 24, 2022

Uh oh!

fanquake commented Aug 1, 2022

Uh oh!

fanquake commented Feb 2, 2023 •

edited

Loading

Uh oh!

DrahtBot commented Apr 6, 2023

Uh oh!

maflcko commented Aug 24, 2023

Uh oh!

fanquake commented Aug 24, 2023

Uh oh!

maflcko commented Aug 25, 2023

Uh oh!

fanquake commented Aug 25, 2023

Uh oh!

fanquake commented Sep 7, 2023

Uh oh!

fanquake commented Jul 23, 2025

Uh oh!

Uh oh!

build: deprecate UPnP support #22644

build: deprecate UPnP support #22644

Uh oh!

Conversation

fanquake commented Aug 6, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

practicalswift commented Aug 6, 2021

Uh oh!

DrahtBot commented Aug 6, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews

Conflicts

Uh oh!

luke-jr commented Sep 14, 2021

Uh oh!

fanquake commented Mar 21, 2022

Uh oh!

hebasto commented Apr 24, 2022

Uh oh!

fanquake commented Aug 1, 2022

Uh oh!

fanquake commented Feb 2, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

DrahtBot commented Apr 6, 2023

Guix builds

Uh oh!

maflcko commented Aug 24, 2023

Uh oh!

fanquake commented Aug 24, 2023

Uh oh!

maflcko commented Aug 25, 2023

Uh oh!

fanquake commented Aug 25, 2023

Uh oh!

fanquake commented Sep 7, 2023

Uh oh!

fanquake commented Jul 23, 2025

Uh oh!

Uh oh!

fanquake commented Aug 6, 2021 •

edited

Loading

DrahtBot commented Aug 6, 2021 •

edited

Loading

fanquake commented Feb 2, 2023 •

edited

Loading