This is an update to the so-called "stable" Merkle branch code, but it fixes a bug in the stratum server API which shows up on witness blocks with a transaction count that is not 2^n or 2^n + 2^(n-1).
Since v13.2.2, the stratum mining code does a trick to avoid copying blocks when verifying shares: it uses the stable Merkle branch code to recompute the right-half of the transaction Merkle tree when the segwit commitment is updated. The trick is that it pops off the top hash (representing the left-hand side of the tree), so that the recomputed "root" is actually the root of the right-side subtree, which is the last hash of the coinbase branch proof. However prior to this fix, any duplicated hashes between the last "real" hash value of the right subtree and its root were not performed. This resulted in an incorrect value being used, and therefore the incorrect coinbase Merkle branch being reported to miners.
This is an update to the so-called "stable" Merkle branch code, but it fixes a bug in the stratum server API which shows up on witness blocks with a transaction count that is not 2^n or 2^n + 2^(n-1).
Since v13.2.2, the stratum mining code does a trick to avoid copying blocks when verifying shares: it uses the stable Merkle branch code to recompute the right-half of the transaction Merkle tree when the segwit commitment is updated. The trick is that it pops off the top hash (representing the left-hand side of the tree), so that the recomputed "root" is actually the root of the right-side subtree, which is the last hash of the coinbase branch proof. However prior to this fix, any duplicated hashes between the last "real" hash value of the right subtree and its root were not performed. This resulted in an incorrect value being used, and therefore the incorrect coinbase Merkle branch being reported to miners.