Fix leak on real output when using a very recent output

The wallet and the daemon applied different height considerations
when selecting outputs to use. This can leak information on which
input in a ring signature is the real one.

Found and originally fixed by smooth on Aeon.

src/cryptonote_core/blockchain.cpp

@@ -1483,6 +1483,17 @@ bool Blockchain::get_random_outs_for_amounts(const COMMAND_RPC_GET_RANDOM_OUTPUT
     for (uint64_t amount : req.amounts)
     {
         auto num_outs = m_db->get_num_outputs(amount);
+        // ensure we don't include outputs that aren't yet eligible to be used
+        // outpouts are sorted by height
+        while (num_outs > 0)
+        {
+          const tx_out_index toi = m_db->get_output_tx_and_index(amount, num_outs - 1);
+          const uint64_t height = m_db->get_tx_block_height(toi.first);
+          if (height + CRYPTONOTE_DEFAULT_TX_SPENDABLE_AGE <= m_db->height())
+            break;
+          --num_outs;
+        }
+
         // create outs_for_amount struct and populate amount field
         COMMAND_RPC_GET_RANDOM_OUTPUTS_FOR_AMOUNTS::outs_for_amount& result_outs = *res.outs.insert(res.outs.end(), COMMAND_RPC_GET_RANDOM_OUTPUTS_FOR_AMOUNTS::outs_for_amount());
         result_outs.amount = amount;

src/cryptonote_core/blockchain_storage.cpp

@@ -1042,7 +1042,7 @@ size_t blockchain_storage::find_end_of_allowed_index(const std::vector<std::pair
     --i;
     transactions_container::const_iterator it = m_transactions.find(amount_outs[i].first);
     CHECK_AND_ASSERT_MES(it != m_transactions.end(), 0, "internal error: failed to find transaction from outputs index with tx_id=" << amount_outs[i].first);
-    if(it->second.m_keeper_block_height + CRYPTONOTE_MINED_MONEY_UNLOCK_WINDOW <= get_current_blockchain_height() )
+    if(it->second.m_keeper_block_height + CRYPTONOTE_DEFAULT_TX_SPENDABLE_AGE <= get_current_blockchain_height() )
       return i+1;
   } while (i != 0);
   return 0;