Bitcoin Forum

Alternate cryptocurrencies => Altcoin Discussion => Topic started by: gatra on February 21, 2014, 08:21:12 PM


Title: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: gatra on February 21, 2014, 08:21:12 PM
Hi people!

This is to announce a new version of the client. This is not a hard fork, but it should be considered a mandatory update because it addresses security issues.

Downloads link: https://sourceforge.net/projects/riecoin/files/riecoin%200.8.7/? (https://sourceforge.net/projects/riecoin/files/riecoin%200.8.7/?)
And of course sources at https://github.com/riecoin/riecoin (https://github.com/riecoin/riecoin)
Site: riecoin.org (http://riecoin.org)

List of changes:
  • fixed logo and icons for Windows binaries
  • added option -spendzeroconfchange to workaround tx malleability problem as in https://github.com/bitcoin/bitcoin/pull/3651
  • added seed nodes
  • added checkpoints
  • Chinese translations fixed
  • difficulty field in getinfo, getmininginfo, getdifficulty now return the same as getwork: the size of the primes measured in bits. Note that this is not linear: 1500 is not 3x harder than 1000. It's like 700 times harder
  • fixed DoS (crash) vulnerability in PoW calculation

Are we the first *coin with an official release addressing the transaction malleability problem? of course I "stole" it from Bitcoin, but still...

Since this is a security update, plase make it sticky for some hours. Is there a place to request that?

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: gatra on February 21, 2014, 08:21:24 PM
More regarding the transaction malleability issue:

The new option is a workaround for the problem. By default spendzeroconfchange is 1, meaning the behavior would be the same as before. If you want to activate the new feature run with "-spendzeroconfchange=0", this will prevent spending unconfirmed change which is what creates transactions that could never confirm if a conflicting tx is broadcast. This feature is off by default because it can lead to unfriendly behavior: the reported balance may not be all spendable until your change is confirmed. So, please use it only if you know what you are doing. This should only affect you if you send more than once per block. Please read https://github.com/bitcoin/bitcoin/pull/3651 (https://github.com/bitcoin/bitcoin/pull/3651).

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: remistevens on February 21, 2014, 09:08:29 PM
Thanks Gatra!

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: -Greed- on February 21, 2014, 09:10:50 PM
Zipped windows wallet seems to be corrupted I couldn't unpack it.

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: gatra on February 21, 2014, 09:38:58 PM
Quote from: -Greed- on February 21, 2014, 09:10:50 PM
Zipped windows wallet seems to be corrupted I couldn't unpack it.

Thanks and sorry! I uploaded it again, something must went wrong during the upload.

Just in case, SHA1 hashes before uploading to sourceforge:

5ac81d76d6f5932a29cacda5755acdde1523c394 *riecoin-0.8.7-sources.zip
3ab4ab66df4540fb634d0f437d5f7e53f6e55c6b *riecoin-linux-32.tar.gz
917b32f8346a688f15e26d8c8276f61fcca1ef9b *riecoin-linux-64.tar.gz
fcf237ff0ee486ff7414c142bf9ca7885248f3f8 *riecoin-win32.zip


Thanks and regards,
gatra

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: -Greed- on February 21, 2014, 09:55:44 PM
Thanks for the fix, it's ok now.

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: trny on February 21, 2014, 10:33:46 PM
Great! While I'm not sure if RIC was the first client to officially address tx malleability, I still thank you for your continued work.

Title: Re: [ANN][RIC] Riecoin new client version 0.8.7 - security update!
Post by: AJMiles on March 23, 2014, 10:57:13 AM
Quote from: gatra on February 21, 2014, 08:21:24 PM
More regarding the transaction malleability issue:

The new option is a workaround for the problem. By default spendzeroconfchange is 1, meaning the behavior would be the same as before. If you want to activate the new feature run with "-spendzeroconfchange=0", this will prevent spending unconfirmed change which is what creates transactions that could never confirm if a conflicting tx is broadcast. This feature is off by default because it can lead to unfriendly behavior: the reported balance may not be all spendable until your change is confirmed. So, please use it only if you know what you are doing. This should only affect you if you send more than once per block. Please read https://github.com/bitcoin/bitcoin/pull/3651 (https://github.com/bitcoin/bitcoin/pull/3651).

All you need to do now is get bitcoin foundation to say yes, this was fixed also by RIEcoin.

... so what are you waiting for?

I'm seriously convinced, but you need to get more attention in this thread and show them how you solved those issues.



Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines