From c1d64e1b1a321c9a74eb72bb08fd805b3739d373 Mon Sep 17 00:00:00 2001
From: JoelKatz <DavidJoelSchwartz@GMail.com>
Date: Tue, 9 May 2017 09:03:39 -0700
Subject: [PATCH 1/4] Overlay tuning and logging improvements:

Adjust overlay tuning to reflect measured behavior of the
network under increased load.

Improve logging of peer sendq size and disconnect reasons.
---
 src/ripple/overlay/impl/PeerImp.cpp | 10 +++++++++-
 src/ripple/overlay/impl/Tuning.h    | 13 ++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/ripple/overlay/impl/PeerImp.cpp b/src/ripple/overlay/impl/PeerImp.cpp
index 06a076a40c..765bf2d0b0 100644
--- a/src/ripple/overlay/impl/PeerImp.cpp
+++ b/src/ripple/overlay/impl/PeerImp.cpp
@@ -210,6 +210,12 @@ PeerImp::send (Message::pointer const& m)
         // a small senq periodically
         large_sendq_ = 0;
     }
+    else if ((sendq_size % Tuning::sendQueueLogFreq) == 0)
+    {
+        JLOG (journal_.debug()) <<
+            (name_.empty() ? remote_address_.to_string() : name_) <<
+                " sendq: " << sendq_size;
+    }
 
     send_queue_.push(m);
 
@@ -442,7 +448,9 @@ PeerImp::fail(std::string const& reason)
                 shared_from_this(), reason));
     if (socket_.is_open())
     {
-        JLOG (journal_.debug()) << reason;
+        JLOG (journal_.warn()) <<
+            (name_.empty() ? remote_address_.to_string() : name_) <<
+                " failed: " << reason;
     }
     close();
 }
diff --git a/src/ripple/overlay/impl/Tuning.h b/src/ripple/overlay/impl/Tuning.h
index 76e1f1b7a3..566280fe39 100644
--- a/src/ripple/overlay/impl/Tuning.h
+++ b/src/ripple/overlay/impl/Tuning.h
@@ -52,13 +52,13 @@ enum
 
     /** How many milliseconds to consider high latency
         on a peer connection */
-    peerHighLatency     =  250,
+    peerHighLatency     =  300,
 
     /** How often we check connections (seconds) */
-    checkSeconds        =   10,
+    checkSeconds        =   32,
 
     /** How often we latency/sendq probe connections */
-    timerSeconds        =    4,
+    timerSeconds        =    8,
 
     /** How many timer intervals a sendq has to stay large before we disconnect */
     sendqIntervals      =    4,
@@ -67,10 +67,13 @@ enum
     noPing              =   10,
 
     /** How many messages on a send queue before we refuse queries */
-    dropSendQueue       =    8,
+    dropSendQueue       =   192,
 
     /** How many messages we consider reasonable sustained on a send queue */
-    targetSendQueue     =   16,
+    targetSendQueue     =   128,
+
+    /** How often to log send queue size */
+    sendQueueLogFreq    =    64,
 };
 
 } // Tuning

From 256e58204af88eded8bb0b91aa9422648bd509cb Mon Sep 17 00:00:00 2001
From: JoelKatz <DavidJoelSchwartz@GMail.com>
Date: Mon, 8 May 2017 16:13:24 -0700
Subject: [PATCH 2/4] Give statically-configured bootcache entries priority:

Make sure statically-configured bootcache entries have at least
a reasonable minimum priority. This provides additional protection
against Sybil attacks.

Show the bootcache in the ouput of the print command.
---
 src/ripple/peerfinder/impl/Bootcache.cpp | 32 +++++++++++++++++++++++-
 src/ripple/peerfinder/impl/Bootcache.h   |  7 +++++-
 src/ripple/peerfinder/impl/Logic.h       |  2 +-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/src/ripple/peerfinder/impl/Bootcache.cpp b/src/ripple/peerfinder/impl/Bootcache.cpp
index f9c5257c06..1d0622e594 100644
--- a/src/ripple/peerfinder/impl/Bootcache.cpp
+++ b/src/ripple/peerfinder/impl/Bootcache.cpp
@@ -129,6 +129,30 @@ Bootcache::insert (beast::IP::Endpoint const& endpoint)
     return result.second;
 }
 
+bool
+Bootcache::insertStatic (beast::IP::Endpoint const& endpoint)
+{
+    auto result (m_map.insert (
+        value_type (endpoint, staticValence)));
+
+    if (! result.second && (result.first->right.valence() < staticValence))
+    {
+        // An existing entry has too low a valence, replace it
+        m_map.erase (result.first);
+        result = m_map.insert (
+            value_type (endpoint, staticValence));
+    }
+
+    if (result.second)
+    {
+        JLOG(m_journal.trace()) << beast::leftw (18) <<
+            "Bootcache insert " << endpoint;
+        prune ();
+        flagForUpdate();
+    }
+    return result.second;
+}
+
 void
 Bootcache::on_success (beast::IP::Endpoint const& endpoint)
 {
@@ -197,7 +221,13 @@ Bootcache::periodicActivity ()
 void
 Bootcache::onWrite (beast::PropertyStream::Map& map)
 {
-    map ["entries"] = std::uint32_t (m_map.size());
+    beast::PropertyStream::Set entries ("entries", map);
+    for (auto iter = m_map.right.begin(); iter != m_map.right.end(); ++iter)
+    {
+        beast::PropertyStream::Map entry (entries);
+        entry["endpoint"] = iter->get_left().to_string();
+        entry["valence"] = std::int32_t (iter->get_right().valence());
+    }
 }
 
     // Checks the cache size and prunes if its over the limit.
diff --git a/src/ripple/peerfinder/impl/Bootcache.h b/src/ripple/peerfinder/impl/Bootcache.h
index d8f56e7f89..319a76a7d8 100644
--- a/src/ripple/peerfinder/impl/Bootcache.h
+++ b/src/ripple/peerfinder/impl/Bootcache.h
@@ -110,6 +110,8 @@ private:
     bool m_needsUpdate;
 
 public:
+    static constexpr int staticValence = 32;
+
     using iterator = boost::transform_iterator <Transform,
         map_type::right_map::const_iterator>;
 
@@ -140,9 +142,12 @@ public:
     /** Load the persisted data from the Store into the container. */
     void load ();
 
-    /** Add the address to the cache. */
+    /** Add a newly-learned address to the cache. */
     bool insert (beast::IP::Endpoint const& endpoint);
 
+    /** Add a staticallyconfigured address to the cache. */
+    bool insertStatic (beast::IP::Endpoint const& endpoint);
+
     /** Called when an outbound connection handshake completes. */
     void on_success (beast::IP::Endpoint const& endpoint);
 
diff --git a/src/ripple/peerfinder/impl/Logic.h b/src/ripple/peerfinder/impl/Logic.h
index dc5354b152..34734311dc 100644
--- a/src/ripple/peerfinder/impl/Logic.h
+++ b/src/ripple/peerfinder/impl/Logic.h
@@ -990,7 +990,7 @@ public:
         std::lock_guard<std::recursive_mutex> _(lock_);
         for (auto addr : list)
         {
-            if (bootcache_.insert (addr))
+            if (bootcache_.insertStatic (addr))
                 ++count;
         }
         return count;

From dceef25e2cd480253e4b9a948d645984c1d6e5e8 Mon Sep 17 00:00:00 2001
From: Brad Chase <bchase@ripple.com>
Date: Tue, 9 May 2017 13:51:02 -0400
Subject: [PATCH 3/4] Update Travis dependency

---
 bin/ci/ubuntu/install-dependencies.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/ci/ubuntu/install-dependencies.sh b/bin/ci/ubuntu/install-dependencies.sh
index f993210169..5257eaa68b 100755
--- a/bin/ci/ubuntu/install-dependencies.sh
+++ b/bin/ci/ubuntu/install-dependencies.sh
@@ -53,6 +53,7 @@ if [ -x $HOME/bin/g++ ]; then
     $HOME/bin/g++ -v
 fi
 
+pip install --user requests==2.13.0
 pip install --user https://github.com/codecov/codecov-python/archive/master.zip
 
 bash bin/sh/install-boost.sh

From 208028a1420cc187a6b5b9e97846e8cafd54f39f Mon Sep 17 00:00:00 2001
From: Nik Bougalis <nikb@bougalis.net>
Date: Tue, 9 May 2017 13:37:49 -0700
Subject: [PATCH 4/4] Set version to 0.60.3

---
 RELEASENOTES.md                        | 37 ++++++++++++++++++++++++++
 src/ripple/protocol/impl/BuildInfo.cpp |  2 +-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 4df4a30b9f..6e1a72d28f 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -9,6 +9,43 @@ If you are using Red Hat Enterprise Linux 7 or CentOS 7, you can [update using `
 
 # Releases
 
+## Version 0.60.3
+
+The `rippled` 0.60.3 release helps to increase the stability of the network under heavy load.
+
+**New and Updated Features**
+
+This release has no new features.
+
+**Bug Fixes**
+
+Server overlay improvements ([#2110](https://github.com/ripple/rippled/pull/2011))
+
+## Version 0.60.2
+
+The `rippled` 0.60.2 release further strengthens handling of cases associated with a previously patched exploit, in which NoRipple flags were being bypassed by using offers.
+
+**New and Updated Features**
+
+This release has no new features.
+
+**Bug Fixes**
+
+Prevent the ability to bypass the `NoRipple` flag using offers ([#7cd4d78](https://github.com/ripple/rippled/commit/4ff40d4954dfaa237c8b708c2126cb39566776da))
+
+## Version 0.60.1
+
+The `rippled` 0.60.1 release corrects a technical flaw that resulted from using 32-bit space identifiers instead of the protocol-defined 16-bit values for Escrow and Payment Channel ledger entries. rippled version 0.60.1 also fixes a problem where the WebSocket timeout timer would not be cancelled when certain errors occurred during subscription streams. Ripple requires upgrading to rippled version 0.60.1 immediately.
+
+**New and Updated Feature**
+
+This release has no new features.
+
+**Bug Fixes**
+
+Correct calculation of Escrow and Payment Channel indices.
+Fix WebSocket timeout timer issues.
+
 ## Version 0.60.0
 
 The `rippled` 0.60.0 release introduces several enhancements that improve the reliability and scalability of the Ripple Consensus Ledger (RCL), including features that add ledger interoperability by improving Interledger Protocol compatibility. Ripple recommends that all server operators upgrade to version 0.60.0 by Thursday, 2017-03-30, for service continuity.
diff --git a/src/ripple/protocol/impl/BuildInfo.cpp b/src/ripple/protocol/impl/BuildInfo.cpp
index 5ec608a70e..f7a0ed7244 100644
--- a/src/ripple/protocol/impl/BuildInfo.cpp
+++ b/src/ripple/protocol/impl/BuildInfo.cpp
@@ -33,7 +33,7 @@ char const* const versionString =
     //  The build version number. You must edit this for each release
     //  and follow the format described at http://semver.org/
     //
-        "0.60.2"
+        "0.60.3"
 
 #if defined(DEBUG) || defined(SANITIZER)
        "+"