Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: theymos on April 08, 2014, 10:41:37 PM



Title: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 08, 2014, 10:41:37 PM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here (https://bitcoin.org/bin/0.9.1/). If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.

If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.

This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.

If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.

Download 0.9.1 (https://bitcoin.org/bin/0.9.1/)
Announcement (https://bitcoin.org/en/release/v0.9.1)

Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: alani123 on April 08, 2014, 10:47:38 PM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.



Quote
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.


I shivered for a monent. Next time try mentioning the good news first.

Thanks for the heads up!


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: CoinLearn on April 08, 2014, 10:59:00 PM
This is incredible... who found the bug ? Wladimir ?




_______________________________________________________________________________ _____________
www.CoinLearn.org - Learn and Earn Free Bitcoins


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: firejuan on April 08, 2014, 11:03:58 PM
The article I read and this subsequent website states the Heart bleed bug has been around since 12-11.

http://heartbleed.com/

This is incredible... who found the bug ? Wladimir ?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: poordeveloper on April 08, 2014, 11:04:09 PM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.
Does ever mean in the 0.9.0 version, or at any point of time?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mammix2 on April 08, 2014, 11:04:36 PM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.



Quote
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.


I shivered for a monent. Next time try mentioning the good news first.

Thanks for the heads up!

Exactly, we're not talking about a few £ or $ here and there...LOL!


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Joshuar on April 08, 2014, 11:07:04 PM
This applies to Multibit Bitcoin wallets? Multibit vs 0.5.17?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 08, 2014, 11:10:18 PM
Does ever mean in the 0.9.0 version, or at any point of time?

The payment protocol only exists in 0.9.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: knight22 on April 08, 2014, 11:20:59 PM
Do I need to uninstall 0.9.0?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:21:28 PM
This is incredible... who found the bug ? Wladimir ?

https://bitcointalk.org/index.php?topic=561923.msg6133060#msg6133060

Do I need to uninstall 0.9.0?

Nope.
Just QUIT NOW and
https://bitcointalk.org/index.php?topic=562388.msg6132859#msg6132859


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BittBurger on April 08, 2014, 11:25:13 PM
Quote
you must update immediately. Download here (https://bitcoin.org/bin/0.9.1/).

Theymos -

I have a number of people I need to tell to update.

Can I tell them to just go to bitcoin.org and update yet?

(the front end website I mean)

Updte:  Looks like here has 0.9.1?  https://bitcoin.org/en/download

-B-


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:25:56 PM
Theymos -

I have a number of people I need to tell to update.

Can I tell them to just go to bitcoin.org and update yet?

-B-

What about to use ALERT
https://en.bitcoin.it/wiki/Alerts


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: poordeveloper on April 08, 2014, 11:27:24 PM
Theymos -

I have a number of people I need to tell to update.

Can I tell them to just go to bitcoin.org and update yet?

-B-

What about to use ALERT
https://en.bitcoin.it/wiki/Alerts

My exact thoughts. I think this is serious enough.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: alani123 on April 08, 2014, 11:28:19 PM
Theymos -

I have a number of people I need to tell to update.

Can I tell them to just go to bitcoin.org and update yet?

-B-

What about to use ALERT
https://en.bitcoin.it/wiki/Alerts


Maybe he's talking about non techincal users. To answer his original question, YES the website seems to have updated the download links to the latest version.

https://bitcoin.org/en/download


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BittBurger on April 08, 2014, 11:28:52 PM
Exactly.  Thanks.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:31:01 PM
Sure. Thats good & OK.
But we should(??) alarm all users ASAP to at least shutdown bitcoin core and don't use it and upg. ASAP.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bronan on April 08, 2014, 11:31:10 PM
the new client crashes pretty nasty
ok found its my antivirus trying to avoid another bitcoin virus
people who use windows make sure when the program crashes to set any antivirus to allow the data
its a false positive


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:31:48 PM
the new client crashes pretty nasty

pls what OS do u use?
No crashes with 0.9.0??


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: /dev/null on April 08, 2014, 11:33:09 PM
Edit: using electrum is safe.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: madmadmax on April 08, 2014, 11:38:23 PM
That's exactly what all those three letter organizations doing within the Bitcoin Foundation, introducing vulnerabilities to the protocol.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bronan on April 08, 2014, 11:39:19 PM
I did not had this issue with 0.90 i get and error when it checks the blockchain
The antivirus reports the block data check as containing Trojan: Win32/Malagent
And it also reports to have found DOS/Azusa

This is data being checked by bitcoin-qt in the check files


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mufa23 on April 08, 2014, 11:40:12 PM
Which old clients (if any) are affected? I am still running v0.8.5-beta


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:42:13 PM
Which old clients (if any) are affected? I am still running v0.8.5-beta
Better shutdown NOW and upg. ASAP.
What I heard (and don't believe) only 0.9.0.

But I think 0.8.x (and all older) are affected - because OpenSSL contains this bug for 2 years.

Just upg. to 0.9.1


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 08, 2014, 11:43:11 PM
Which old clients (if any) are affected? I am still running v0.8.5-beta

All versions of Bitcoin-Qt are affected by the rpcssl part of the vulnerability if they are linked with an affected OpenSSL version.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:45:01 PM
I did not had this issue with 0.90 i get and error when it checks the blockchain
The antivirus reports the block data check as containing Trojan: Win32/Malagent
And it also reports to have found DOS/Azusa

This is data being checked by bitcoin-qt in the check files
Where did u download this?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bronan on April 08, 2014, 11:46:44 PM
From given links in this topic i use the win x64 version on windows 8.1
I am pretty sure its false positive of the av programs


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: vapourminer on April 08, 2014, 11:54:40 PM
just to get this straight..

ALL bitcoint-qt versions have this bug, correct?

how does this bug get triggered? just by having the client running?

or do you need to click a payment link (or something external to the client).. in other words just initiating a transfer via copy/pasteing an address was safe?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: vayvanne on April 08, 2014, 11:56:15 PM
Did you check control sums? Just offload bitcoin.org a little bit :D
By the way may this bug be used to empty gox and bitfunder?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:56:47 PM
just to get this straight..

ALL bitcoint-qt versions have this bug, correct?

how does this bug get triggered? just by having the client running?

or do you need to click a payment link (or something external to the client).. in other words just initiating a transfer via copy/pasteing an address was safe?

Here
https://bitcointalk.org/index.php?topic=561923.msg6133060#msg6133060
I suggest every1 to change wallet.
And have more of them and have them OFFLINE!
Online wallets are just for daily spendings.
If u have 5K or 100mil - u still have only few in your wallet and some VISA maybe.
Same for BTC


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bronan on April 08, 2014, 11:58:53 PM
Well to be sure i rescan now with eset/kapersky and a few others to see if any trojan/virus is found
My weekly scan with my 12 av products was overdue a few days so doing it now :D
The installer i downloaded from bitcoin.org does seem clean as wel
 


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 08, 2014, 11:59:47 PM
Did you check control sums? Just offload bitcoin.org a little bit :D
By the way may this bug be used to empty gox and bitfunder?
There is no reason to do this.
So grandmas dont get bad habits ;)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: edonkey on April 09, 2014, 12:01:30 AM
I was using Mac OS X Bitcoin-Qt 0.8.6. As far as I know, I've never used the rpcssl command line option.

So if this rpcssl option is not on by default, then this vulnerability could not have affected me, right?

I've already updated to 0.9.1. I just want to know if I have to go through the emergency measures of creating a new wallet and transferring everything to it.

That's kind of disruptive because it means updating all my miner configs as well. Unless I can preserve my old addresses in the new wallet. Never had to do that so I don't know if it works or not.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 09, 2014, 12:05:30 AM
I was using Mac OS X Bitcoin-Qt 0.8.6. As far as I know, I've never used the rpcssl command line option.

So if this rpcssl option is not on by default, then this vulnerability could not have affected me, right?

I've already updated to 0.9.1. I just want to know if I have to go through the emergency measures of creating a new wallet and transferring everything to it.

That's kind of disruptive because it means updating all my miner configs as well. Unless I can preserve my old addresses in the new wallet. Never had to do that so I don't know if it works or not.
If i would be miner - I would create 3-10 OFFLINE wallets with 10+ adreses each. And then re-conf miners every few weeks with new addr.

New wallet form time to time is a good idea.

And they can still mine (for a time) to old wallet - u just can transfer every X days mined BTC to new wallet...
And slowly change your configs...

Just my 2 satoshis


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Winterfrost on April 09, 2014, 12:06:44 AM
Did you check control sums? Just offload bitcoin.org a little bit :D
By the way may this bug be used to empty gox and bitfunder?

SHA-256 checksum of the magnet link matches what I have from the bitcoin.org download.

On the other hand, it's a critical piece of software and only ~60MB; I would still only download from the official source.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BlockchainHelp? on April 09, 2014, 12:08:35 AM
I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: awesomeami on April 09, 2014, 12:14:19 AM
I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?
If wallets were 100% time offline - I think they can't be abused by this bug.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mufa23 on April 09, 2014, 12:16:04 AM
how does this bug get triggered? just by having the client running?

or do you need to click a payment link (or something external to the client).. in other words just initiating a transfer via copy/pasteing an address was safe?
+1
I want to know as well.

I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

EDIT: Also, are the cold addresses generated from bitaddress.org safe? Most of my cold Bitcoins are stored on addresses (with their keys) generated from bitaddress.org (i.e. the "Bulk Wallet" option)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Bitcopia on April 09, 2014, 12:26:26 AM
how does this bug get triggered? just by having the client running?

or do you need to click a payment link (or something external to the client).. in other words just initiating a transfer via copy/pasteing an address was safe?
+1
I want to know as well.

EDIT: Also, are the cold addresses generated from bitaddress.org safe? Most of my cold Bitcoins are stored on addresses (with their keys) generated from bitaddress.org (i.e. the "Bulk Wallet" option)

I'm also curios. I'd rather not update if not necessary.

If necessary, is a standard update ok? Or is an entirely new wallet required?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: human on April 09, 2014, 12:35:22 AM
How about alt-coin-wallets based on pre-0.9 code?



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: gweedo on April 09, 2014, 12:40:23 AM
How about alt-coin-wallets based on pre-0.9 code?



Yes alt-coin wallets are affected. Unless they switched out openssl.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: vayvanne on April 09, 2014, 12:42:32 AM
It should depend does rpc accept connections from network by default config or not. If it does then wallets on such systems can be compromised and need a replacement. If it does not and user did not opened it to network then no reasons to worry.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BlockchainHelp? on April 09, 2014, 12:43:03 AM
I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?

Man I'm worried now, I guess I will bring my wallets online tomorrow and create 4 new wallets *sigh*


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 09, 2014, 12:47:54 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.

EDIT: Also, are the cold addresses generated from bitaddress.org safe? Most of my cold Bitcoins are stored on addresses (with their keys) generated from bitaddress.org (i.e. the "Bulk Wallet" option)

bitaddress.org's HTTPS may have been compromised due to this OpenSSL bug, which could have allowed a man-in-the-middle to serve you malicious JavaScript.

I recommend not using JavaScript Bitcoin software for anything important.

I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?

No, but don't ever run your 0.9.0 installation. When you want to access your cold storage, update to the latest version first.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: LogicalUnit on April 09, 2014, 12:53:18 AM
I'm using Armory 0.90-beta with bitcoind 0.9.0. I don't believe I've ever used rcpssl -- but I'm not sure. I have an encrypted online wallet, and an offline wallet. Could my wallets be compromised?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: STT on April 09, 2014, 12:54:12 AM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.


What about to use ALERT
https://en.bitcoin.it/wiki/Alerts

My exact thoughts. I think this is serious enough.

alert is like defcon 1 I think, Im trying to imagine the crypto equal of an impending nuclear winter

Quote
This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.


I shivered for a monent. Next time try mentioning the good news first.

Thanks for the heads up!
I think action first is probably wise, prevention before cure?


My noob question here is could gox claim this bug had any influence at all in their case

Quote
That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.

Do they do alpha beta test before then allowing a recommended update to the masses


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: almightyruler on April 09, 2014, 12:58:12 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

If you know how to use (or can figure it out) Gitian you could always recompile your favourite version of Bitcoin-qt with the newer version of OpenSSL.

Third parties could do the same thing but obviously that would require a lot of trust.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: southerngentuk on April 09, 2014, 01:00:14 AM
Is there a quick guide to install this ?

I have just switched from windows to Ubuntu, Help!

I got 0.9.0 installed via PPA but the PPA is not updated yet ( + I would like to know how to do it without)

I have :-

Downloaded bitcoin-0.9.1-linux.tar.gz

Then tar xvzf bitcoin-0.9.1-linux.tar.gz


This gives me a folder with bin + src but no ./configure. src has but that  fails.

Obviously I just don't get it  ;D



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mufa23 on April 09, 2014, 01:02:48 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.
How can you tell when you are using rpcssl? What activates/turns it on? I've never manually ran any RPC commands that had to do with SSL. Just importing privkeys.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 09, 2014, 01:08:52 AM
How can you tell when you are using rpcssl? What activates/turns it on? I've never manually ran any RPC commands that had to do with SSL. Just importing privkeys.

When you run bitcoind, you can run it with a number of command-line switches such as -config=..., -connect=..., etc. If you run bitcoind with -rpcssl=1, then you're potentially vulnerable to this bug.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 09, 2014, 01:11:20 AM
Is there a quick guide to install this ?

I have just switched from windows to Ubuntu, Help!

I got 0.9.0 installed via PPA but the PPA is not updated yet ( + I would like to know how to do it without)

I have :-

Downloaded bitcoin-0.9.1-linux.tar.gz

Then tar xvzf bitcoin-0.9.1-linux.tar.gz


This gives me a folder with bin + src but no ./configure. src has but that  fails.

Obviously I just don't get it  ;D



The downloaded bin directory contains a few executable files. Find the locations of those files already on your system and replace them with the new versions. Maybe they're in /usr/bin?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: defaced on April 09, 2014, 01:15:05 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

If you know how to use (or can figure it out) Gitian you could always recompile your favourite version of Bitcoin-qt with the newer version of OpenSSL.

Third parties could do the same thing but obviously that would require a lot of trust.

Yup, pretty easy stuff.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BlockchainHelp? on April 09, 2014, 01:17:16 AM
I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?

Shameful quote, I need to know :(



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: H34P5PR4Y on April 09, 2014, 01:19:42 AM
just downloaded 0.9.1 win64 bit and i get this error: Assertion Failed! Program C:\Program Files\Bitcoin\bitcoin-qt.exe
File ../../src/serialize.h, Line1013

Expression: nSize >=0



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: poordeveloper on April 09, 2014, 01:21:12 AM
For Windows users, if you are using a vulnerable OpenSSL version and want to update it to the latest, non-vulnerable one:
http://slproweb.com/products/Win32OpenSSL.html (linked from http://www.openssl.org/related/binaries.html (http://www.openssl.org/related/binaries.html))


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 7Priest7 on April 09, 2014, 01:35:00 AM
Memorized private keys, the safest way to own bitcoin.
Encrypted paper wallets, almost as safe.

Paper wallets without encryption could be physicly stolen then claimed.
Bitcoin clients have the possibility of security vulnerabilities and are targeted by bitcoin related malware.
Physical digital wallets are subject to theft just as unencrypted paper wallets are.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 01:51:02 AM
I created 4 private keys offline in Bitcoin-QT 9.0 via TailsOS. My client never touched the internet, do I need to bring my cold storage online to create 4 new wallets in 9.1?

Shameful quote, I need to know :(



Almost everyone should be pretty safe especially you. Unless they're not telling us something yet.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Siegfried on April 09, 2014, 01:54:26 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 01:58:19 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Go to bin 64


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 09, 2014, 02:00:16 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.
How can you tell when you are using rpcssl? What activates/turns it on? I've never manually ran any RPC commands that had to do with SSL. Just importing privkeys.

Even if you are using RPC you would have had to manually create a SSL private key and SSL cert using openssl and then manually install those by setting params in the bitcoin.conf in order to be be exectuing those RPC calls over SSL.

If all of those sounds foreign the simple answer is unless you already knew you were using RPC over SSL you weren't using it.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Siegfried on April 09, 2014, 02:00:54 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Go to bin 64

I have done that and clicked bitcoin-qt. I get the following error:

Could not display "/home/robert/Programs/bitcoin-0.9.1-linux/bin/64/bitcoin-qt". There is no application installed for shared library files. Do you want to search...


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 02:02:53 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Go to bin 64

I have done that and clicked bitcoin-qt. I get the following error:

Could not display "/home/robert/Programs/bitcoin-0.9.1-linux/bin/64/bitcoin-qt". There is no application installed for shared library files. Do you want to search...

That's right they made the resources static. I don't know any more. Try 32?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Siegfried on April 09, 2014, 02:04:24 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Go to bin 64

I have done that and clicked bitcoin-qt. I get the following error:

Could not display "/home/robert/Programs/bitcoin-0.9.1-linux/bin/64/bitcoin-qt". There is no application installed for shared library files. Do you want to search...

That's right they made the resources static. I don't know any more. Try 32?

Tried both. Thanks anyway.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: jambola2 on April 09, 2014, 02:09:26 AM
Edit: using electrum is safe.

Was scared shitless , until I saw this.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 02:09:50 AM
If you guys are worried, transfer everything to a paper wallet you made offline and let this blow over.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Quantus on April 09, 2014, 02:29:18 AM
I was running Bitcoin_qt 9.0. I downloaded the Bitcoin qt 9.1 setup.exe file and ran it. Am I good?


EDIT: I did't uninstall anything prior to installing 9.1 is that ok?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pandacoin on April 09, 2014, 02:30:33 AM
I have 0.8.5 version. Should I upgrade too? Backup before upgrade?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: fryarminer on April 09, 2014, 02:31:31 AM
What about Mycelium - is it safe?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 02:41:29 AM
I was running Bitcoin_qt 9.0. I downloaded the Bitcoin qt 9.1 setup.exe file and ran it. Am I good?


EDIT: I did't uninstall anything prior to installing 9.1 is that ok?

Good double check about version


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 02:42:10 AM
I have 0.8.5 version. Should I upgrade too? Backup before upgrade?

You don't have to but yes and yes


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 02:42:35 AM
What about Mycelium - is it safe?

Safe just check their site for updates


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 09, 2014, 02:58:54 AM
I have 0.8.5 version. Should I upgrade too? Backup before upgrade?

If you don't use RPC over SSL then there is no need to upgrade, of course an upgrade won't hurt.

As for "backup before upgrade"?  ALWAYS backup before upgrade, every single upgrade and periodically between upgrades.  You never need to ask that question again because there is never a scenario where if you are deciding if you should make a backup that it would be a bad idea to do so.  Always use dates in the names of backups so you don't write over previous versions.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pandacoin on April 09, 2014, 03:07:44 AM
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitpop on April 09, 2014, 03:13:07 AM
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.

Reusing addresses is bad anyway, I say start fresh. Don't lose old wallets tho.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Silver_Pharaoh on April 09, 2014, 03:34:16 AM
Okay, I'm using (According to the debug screen):

v0.8.6-beta
Which has
OpenSSL 1.0.1c 10 May 2012


Never clicked on any "payment" thingys and I've only received BTC and sent BTC from it.
My bitcoin.conf is empty.

Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys  ;D


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mufa23 on April 09, 2014, 03:48:42 AM
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.
How can you tell when you are using rpcssl? What activates/turns it on? I've never manually ran any RPC commands that had to do with SSL. Just importing privkeys.

Even if you are using RPC you would have had to manually create a SSL private key and SSL cert using openssl and then manually install those by setting params in the bitcoin.conf in order to be be exectuing those RPC calls over SSL.

If all of those sounds foreign the simple answer is unless you already knew you were using RPC over SSL you weren't using it.
Sounds good then. Just running with whatever default settings comes when you install it. Minus the "-detachdb" and "-datadir" (to download the blockchain to a different hard drive) commands. I don't even have the "bitcoin.conf" file, so nothing to worry about. Thanks! (off topic: i'm enjoying your RNG thread btw)




I have 0.8.5 version. Should I upgrade too? Backup before upgrade?
As for "backup before upgrade"?  ALWAYS backup before upgrade, every single upgrade and periodically between upgrades.  You never need to ask that question again because there is never a scenario where if you are deciding if you should make a backup that it would be a bad idea to do so.  Always use dates in the names of backups so you don't write over previous versions.
+1
I cannot stress this enough! ALWAYS backup before doing anything with your wallet. Between upgrades, when you import keys, etc... And keep the backups in multiple secure places.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 7Priest7 on April 09, 2014, 04:34:20 AM
Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys  ;D
The HeartBleed vulnerability has been around ~2 years.
OpenSSL is the program effected. The OpenSSL team has only discovered this vulnerability yesterday.
It is not specific to bitcoin-qt.
Anytime you have bitcoin-qt open you are potentially at risk.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Siegfried on April 09, 2014, 04:48:48 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: almightyruler on April 09, 2014, 04:55:53 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.

Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?

I had a quick look at this archive and the executables appear to be there:

bin/32/bitcoin-qt
bin/64/bitcoin-qt


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: seriouscoin on April 09, 2014, 05:01:52 AM
Armory offline and online are both safe right?

I'm using Armory 0.8.x


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: gweedo on April 09, 2014, 05:10:56 AM
Armory offline and online are both safe right?

I'm using Armory 0.8.x

Yes because it doesn't bitcoind rpcssl.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: techgeek on April 09, 2014, 05:14:12 AM
So glad my balance is still there, after the update.



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: jl2012 on April 09, 2014, 05:25:36 AM
Why don't the devs send an update notice with the emergency key?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: sebastian on April 09, 2014, 05:50:10 AM
Can really the CLIENT KEYs be compromised by this bug?

What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.

Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)

The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?



If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Siegfried on April 09, 2014, 06:02:20 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.

Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?

I had a quick look at this archive and the executables appear to be there:

bin/32/bitcoin-qt
bin/64/bitcoin-qt

The file I downloaded from your link and the previous link is 47.5 MB. I tried it again with your link, but same result. Bitcoin-qt is not an executable, it is a "shared library (application/x-sharedlib)". I have no program that can execute this file. Fuck. Why didn't they just make an "executable (application/x-executable)" file like version 0.8.5?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: poordeveloper on April 09, 2014, 06:04:06 AM
Can really the CLIENT KEYs be compromised by this bug?

What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.

Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)

The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?



If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
Bitcoin Core is considered a server / creates what would be considered a server in at least one of the cases highlighted by theymos.

And, even if it acted as a client in the other: This vulnerability also affects clients, which is basically why, if a browser you use uses OpenSSL (Android Browser, for example), the server itself can attack you this way.

So yes, what you say in your final sentence is true (at least for browsers using OpenSSL).


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Quantus on April 09, 2014, 06:17:31 AM
I bet the CIA was exploiting this bug for years.


Do I sound like a conspiracy nut?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: rupy on April 09, 2014, 06:29:26 AM
I think that it's probably more secure to use an old linux at this point...

Running bitcoind.static I got:

Code:
terminate called after throwing an instance of 'std::runtime_error'
  what():  locale::facet::_S_create_c_locale name not valid

Solution https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/ (https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pyromaniac on April 09, 2014, 07:12:28 AM
Bitcoin 0.9.1 in NOT working with russian version of windows!


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: jonathan on April 09, 2014, 07:17:51 AM
Did that glibc problem for linux users get auto-fixed with the 0.9.1 release? Yay! I feared we might be still stuck with 0.9.0's glibc headache:

 https://bitcointalk.org/index.php?topic=522014.msg5795604#msg5795604

... but I just ran the vanilla 0.9.1 in bash in debian wheezy without any trouble at all. Good work devs. :)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 07:32:45 AM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: BitCoinNutJob on April 09, 2014, 07:33:26 AM
another reason for new investors to avoid bitcoin :(


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 07:36:44 AM
Memorized private keys, the safest way to own bitcoin.
Memorized private keys are in fact one of the least secure ways to own bitcoin.

Can really the CLIENT KEYs be compromised by this bug?

What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.

Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)

The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?

If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
The vulnerability is bidirectional. The server (or anyone MITMing it!) can get the client to leak information too, which could include private wallet data.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: southerngentuk on April 09, 2014, 07:49:56 AM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   8)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 07:59:01 AM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   8)
Just be sure it's updated to a fixed version.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rampion on April 09, 2014, 08:02:28 AM
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link?

Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?

Would the wallet be considered compromised if I clicked on a "bitcoin:" link but didn't go through the payment, and thus I did not sign any transaction?

I just cannot wrap my head around it yet.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: southerngentuk on April 09, 2014, 08:04:25 AM
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   8)
Just be sure it's updated to a fixed version.
Looks good  :)
link for others :-   http://www.ubuntu.com/usn/usn-2165-1/ (http://www.ubuntu.com/usn/usn-2165-1/)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 08:04:38 AM
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link? Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?

I just cannot wrap my head around it yet.
In this case, the risk is only if you were MITM'd...


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rampion on April 09, 2014, 08:05:45 AM
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link? Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?

I just cannot wrap my head around it yet.
In this case, the risk is only if you were MITM'd...

But who could have MITM'd me? A malicious node? How can my priv keys be exposed just by clicking a "bitcoin:" link that I generated myself, especially if I did not go through the transaction and thus I didn't sign and broadcasted it?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pastet89 on April 09, 2014, 08:46:19 AM
Thanks for info. Is electrum compromised as well?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Polyatomic on April 09, 2014, 09:24:57 AM
If your on Ubuntu Saucy you can type,

apt-cache showpkg --names-only openssl

in a terminal to find out what version you have installed.

Package: openssl
Versions:
1.0.1e-3ubuntu1.2

more info here http://www.ubuntu.com/usn/usn-2165-1/


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Evilish on April 09, 2014, 10:18:07 AM
Does this only apply only for Bitcoin QT? Just wondering because I use BlockChain online wallet and MultiBit.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: platorin on April 09, 2014, 10:38:58 AM
Thank you for the info and the update. All best!


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: S4VV4S on April 09, 2014, 10:51:58 AM
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link?

Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?

Would the wallet be considered compromised if I clicked on a "bitcoin:" link but didn't go through the payment, and thus I did not sign any transaction?

I just cannot wrap my head around it yet.

+1
I would like to know this as well


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rampion on April 09, 2014, 11:02:31 AM
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link?

Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?

Would the wallet be considered compromised if I clicked on a "bitcoin:" link but didn't go through the payment, and thus I did not sign any transaction?

I just cannot wrap my head around it yet.

+1
I would like to know this as well

I've opened a dedicated thread (https://bitcointalk.org/index.php?topic=563048.msg6138709#msg6138709) in Technical Discussion for this purpose.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 5ick3uffalo on April 09, 2014, 11:14:40 AM
i am using QT v8.0.6 beta, need to upgrade or i am safe and sound?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 11:16:54 AM
i am using QT v8.0.6 beta, need to upgrade or i am safe and sound?
0.8.6 is only vulnerable if you use the -rpcssl options and expose RPC to the internet - which is vulnerable to other attacks even with this fixed.
So probably not.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 5ick3uffalo on April 09, 2014, 11:17:57 AM
i am using QT v8.0.6 beta, need to upgrade or i am safe and sound?
0.8.6 is only vulnerable if you use the -rpcssl options and expose RPC to the internet - which is vulnerable to other attacks even with this fixed.
So probably not.

Ok thank you :)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Hyena on April 09, 2014, 11:21:54 AM
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.

Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?

I had a quick look at this archive and the executables appear to be there:

bin/32/bitcoin-qt
bin/64/bitcoin-qt

The file I downloaded from your link and the previous link is 47.5 MB. I tried it again with your link, but same result. Bitcoin-qt is not an executable, it is a "shared library (application/x-sharedlib)". I have no program that can execute this file. Fuck. Why didn't they just make an "executable (application/x-executable)" file like version 0.8.5?

On Linux Mint 14 you can still launch your bitcoin-qt if you go to terminal and type "./bitcoin-qt". If you want to start it without having it tied to your terminal window then type "(./bitcoin-qt -min &> /dev/null &)"


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: mjosephs on April 09, 2014, 11:23:54 AM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.

At least two dozen people (and I was nowhere near the first one) told the devs that using the OpenSSL CA infrastructure for their "payment protocol" coin-tracking fantasies was a (a) crazy, (b) stupid, and (c) risky scheme that involved an utterly massive expansion of the attack surface to include all of SSL and the entire certificate authority ponzi-scheme.

What did they do?  They ignored common sense.

The bitcoin dev responsible for this idiocy is totally incompetent and should step down effective immediately.  Oh wait, that happened.

Carry on.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 11:33:42 AM
What did they do?  They ignored common sense.

The bitcoin dev responsible for this idiocy is totally incompetent and should step down effective immediately.  Oh wait, that happened.

Carry on.
It's easy to cry "I told you so" in retrospect. But there could have been an exploit in any of the other dependencies. Or in the Bitcoin P2P or RPC network code itself. By no means is OpenSSL the only software that has bugs.

The only long-term sustainable solution to key theft would be to isolate the private keys and signing from the wallet in either a separate process, a trusted computing module or even a seperate device (in order of increased security).


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Kenshin on April 09, 2014, 11:36:00 AM
I really like this new update. It has better functions then 0.9.0. I can't wait for the 1.0 release.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Lucko on April 09, 2014, 11:52:59 AM
Grate. About 2 hours before this showed up I lost 1,6 something BTC to this... And it took only about 2 hours of running application... So it is not that impossible... Well I think it was this since I have no clue what else could it be... Is there any trace left so I can be sure?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: ShadesOfMarble on April 09, 2014, 11:56:32 AM
Grate. About 2 hours before this showed up I lost 1,6 something BTC to this... And it took only about 2 hours of running application... So it is not that impossible... Well I think it was this since I have no clue what else could it be... Is there any trace left so I can be sure?
I guess wallet stealing trojans exists almost as long as Bitcoin, so your loss could have many (other) causes.

First, scan your computer. Second, did you click on any "bitcoin:"-link?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Hyena on April 09, 2014, 11:57:56 AM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.

At least two dozen people (and I was nowhere near the first one) told the devs that using the OpenSSL CA infrastructure for their "payment protocol" coin-tracking fantasies was a (a) crazy, (b) stupid, and (c) risky scheme that involved an utterly massive expansion of the attack surface to include all of SSL and the entire certificate authority ponzi-scheme.

What did they do?  They ignored common sense.

The bitcoin dev responsible for this idiocy is totally incompetent and should step down effective immediately.  Oh wait, that happened.

Carry on.

0.9 introduced a bunch of bullshit. How the hell can bitcoin magnet link be vulnerable?! If they continue introducing unwanted bullshit features, bloating the bitcoin official client then bitcoin will be dead for me. This has already gone too far. The protocol specifies flawless security (except quantum computing vulnerability). WHY on earth has this flawless security be ruined by eager developers adding features that are not essential to bitcoin protocol?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: IIOII on April 09, 2014, 12:05:02 PM
That's exactly what all those three letter organizations doing within the Bitcoin Foundation, introducing vulnerabilities to the protocol.

Yeah that's a risk that should not be disregarded lightly.

As far as I understand the main vulnerability was introduced in Bitcoin Core 0.9.0 by the payment protocol's reliance on OpenSSL. If I understand correctly the payment protocol was first introduced with Core 0.9.0 (I think Gavin was doing this).

I think (and mentioned this in the past) that the payment protocol is an entirely optional feature that is not essential for Bitcoin and should not be included. It can be substituted by third parties. The added security risk by reliance on (more) external libraries is much more relevant than providing a somehow useful, but non-essential feature.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: IIOII on April 09, 2014, 12:06:30 PM
If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised.

At least two dozen people (and I was nowhere near the first one) told the devs that using the OpenSSL CA infrastructure for their "payment protocol" coin-tracking fantasies was a (a) crazy, (b) stupid, and (c) risky scheme that involved an utterly massive expansion of the attack surface to include all of SSL and the entire certificate authority ponzi-scheme.

What did they do?  They ignored common sense.

The bitcoin dev responsible for this idiocy is totally incompetent and should step down effective immediately.  Oh wait, that happened.

Carry on.

0.9 introduced a bunch of bullshit. How the hell can bitcoin magnet link be vulnerable?! If they continue introducing unwanted bullshit features, bloating the bitcoin official client then bitcoin will be dead for me. This has already gone too far. The protocol specifies flawless security (except quantum computing vulnerability). WHY on earth has this flawless security be ruined by eager developers adding features that are not essential to bitcoin protocol?


+1

Funny... you posted this.. while I was still typing my reply.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Lucko on April 09, 2014, 12:07:08 PM
Grate. About 2 hours before this showed up I lost 1,6 something BTC to this... And it took only about 2 hours of running application... So it is not that impossible... Well I think it was this since I have no clue what else could it be... Is there any trace left so I can be sure?
I guess wallet stealing trojans exists almost as long as Bitcoin, so your loss could have many (other) causes.

First, scan your computer. Second, did you click on any "bitcoin:"-link?
It runs only wallet and no I just installed it... I used Ufasoft coin till now but it really runs bad with current blockchain size so I migrate keys.

I do have antivirus and malware bits on... So I don't think it is that. It also has own firewalled subnet...

EDIT: Scan completed. Noting found by AVG or Malwarebits


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 12:22:03 PM
The protocol specifies flawless security (except quantum computing vulnerability). WHY on earth has this flawless security be ruined by eager developers adding features that are not essential to bitcoin protocol?
Right, in principle, wallet functionality isn't needed at all to maintain the Bitcoin P2P network, the reason for Bitcoin Core's existence.

This is why --disable-wallet mode was introduced in 0.9.0. It allows you to build without the wallet, which removes quite a few dependencies (OpenSSL however is still required as we also use it for ECDSA at this point, and for RPC SSL support, but this could change after merging sipa's ECDSA library).

In the long run there are two options: either we remove the wallet, or we keep it and try to keep up with features of other wallets. Keeping up includes the payment protocol. If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: IIOII on April 09, 2014, 12:41:13 PM
If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.

Who did complain?

If payment protocol is distributed with Core, it should be an optional thing, which the user can decide to activate (by checkbox, whatever). Security is much more important.


Edit. imho the dialog introduced in 0.9.0 which replaced the receiving addresses field is not an improvement. It makes things more awkward. (An example of a really good improvement is coincontrol and wallet file selection.)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: fryarminer on April 09, 2014, 12:43:57 PM
Memorized private keys, the safest way to own bitcoin.
Memorized private keys are in fact one of the least secure ways to own bitcoin.


Dang it! I was sitting here trying to memorize private keys!


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bet4btc on April 09, 2014, 12:49:54 PM
When the ppa version will be ready?  >:(

what will happen if i will run the Linux version, with the Current version of qt (ppa)
Is it possible to  "switch" between versions at any given time, consider the block chain is updating sometimes from the linux version and some times from the pp version?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 12:53:37 PM
Everyone should keep in mind at all times that Bitcoin is still an experiment, Bitcoin technology (consensus systems) is still a very new field of computer science, and the whole thing could fall apart overnight.

If payment protocol is distributed with Core, it should be an optional thing, which the user can decide to activate (by checkbox, whatever). Security is much more important.
Of all the possible security flaws... OpenSSL, a security-oriented library, having a vulnerability in the most fundamental security feature used by virtually everything... is the LAST thing anyone would have reasonably considered to be a risk to security.

Edit. imho the dialog introduced in 0.9.0 which replaced the receiving addresses field is not an improvement. It makes things more awkward. (An example of a really good improvement is coincontrol and wallet file selection.)
It's much less confusing and makes it easier to use Bitcoin correctly.
Coin Control is handy, but inevitably a power user tool that is likely to give newbies the wrong idea.
Multiwallet support is unfortunately lagging behind since CodeShark went and made his own wallet instead. :(

When the ppa version will be ready?  >:(
Never, it's not affected (although your OS probably is...)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bet4btc on April 09, 2014, 12:58:27 PM
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 01:01:23 PM
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?
It should, but there's no point.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bet4btc on April 09, 2014, 01:09:21 PM
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?
It should, but there's no point.


Well, as for the openssl, what i did is this :

aptitude show libssl1.0.0 | grep Version

and it show this-

Version: 1.0.1-4ubuntu5.12

which seems to be the latest for ubuntu 12.04 LTS

I am still not sure i am protected..


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 01:16:58 PM
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?
It should, but there's no point.


Well, as for the openssl, what i did is this :

aptitude show libssl1.0.0 | grep Version

and it show this-

Version: 1.0.1-4ubuntu5.12

which seems to be the latest for ubuntu 12.04 LTS

I am still not sure i am protected..
http://www.ubuntu.com/usn/usn-2165-1/


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 01:18:49 PM
If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.

Who did complain?
No one yet. But that would happen soon enough after the new BIP007x features are rolled out by other (BitcoinJ) based wallets.

In any case the plan is to split the wallet off to a different repository, so that it can be maintained separately. This means you can create a fork with your own (subset of) features, without forking the entire node implementation as well.

This can happen only after SPV functionality has been implemented though. This would also isolate the wallet from potential bugs in the P2P network code (and vice versa), and also means that even if you run a full node, you don't have to have your wallet always online.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: IIOII on April 09, 2014, 01:26:12 PM
Of all the possible security flaws... OpenSSL, a security-oriented library, having a vulnerability in the most fundamental security feature used by virtually everything... is the LAST thing anyone would have reasonably considered to be a risk to security.

Any reliance on external libraries is added security risk. Because Core is financial software the most paranoid security approach should be in place. So where external libraries are not essential they should be avoided.

It's much less confusing and makes it easier to use Bitcoin correctly.
Coin Control is handy, but inevitably a power user tool that is likely to give newbies the wrong idea.
Multiwallet support is unfortunately lagging behind since CodeShark went and made his own wallet instead. :(

This is Bitcoin Core. You do not need to hide all complexity from the user. I'm accustomed to initiate all payments by myself - I dislike direct debit and similar things, because it gives me less feeling of control. Maybe this is also a question of cultural socialisation, so preference maybe different across countries - I don't know. Regardless, I think a Bitcoin Core user can be expected to know how to copy and paste Bitcoin addresses and type in the correct amount - there is no need for simplification.
There can be third party wallets which are "easier" to use.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: IIOII on April 09, 2014, 01:29:06 PM
In any case the plan is to split the wallet off to a different repository, so that it can be maintained separately. This means you can create a fork with your own (subset of) features, without forking the entire node implementation as well.

This can happen only after SPV functionality has been implemented though. This would also isolate the wallet from potential bugs in the P2P network code (and vice versa), and also means that even if you run a full node, you don't have to have your wallet always online.


This is encouraging.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: windpath on April 09, 2014, 01:30:57 PM
The protocol specifies flawless security (except quantum computing vulnerability). WHY on earth has this flawless security be ruined by eager developers adding features that are not essential to bitcoin protocol?
Right, in principle, wallet functionality isn't needed at all to maintain the Bitcoin P2P network, the reason for Bitcoin Core's existence.

This is why --disable-wallet mode was introduced in 0.9.0. It allows you to build without the wallet, which removes quite a few dependencies (OpenSSL however is still required as we also use it for ECDSA at this point, and for RPC SSL support, but this could change after merging sipa's ECDSA library).

In the long run there are two options: either we remove the wallet, or we keep it and try to keep up with features of other wallets. Keeping up includes the payment protocol. If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.


With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 01:44:28 PM
With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.
I'm not sure I follow you. In the post that you reply to, I talk about splitting off the wallet functionality. I don't see why you still feel that you need to rant. This can't be done in one day (unless we get a lot of knowledgeable new contributors), but it is the planned direction.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 01:54:36 PM
IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.
Nor does the Foundation have any relationship to Bitcoin Core.

At the very least separate out all "features" that are not required by the core as a separate application.
That includes the wallet.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: windpath on April 09, 2014, 01:56:32 PM
With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.
I'm not sure I follow you. In the post that you reply to, I talk about splitting off the wallet functionality. I don't see why you still feel that you need to rant. This can't be done in one day (unless we get a lot of knowledgeable new contributors), but it is the planned direction.


Re-reading my post, it does come off as a rant, that is not how it is intended....

I just believe that the "core" should be just that, the minimum code required to participate in and contribute to the network.

I think the planned direction to split out the wallet  is great, and appreciate you taking it.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: windpath on April 09, 2014, 02:01:53 PM
IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.
Nor does the Foundation have any relationship to Bitcoin Core.

I'm not sure I understand, this is from the foundation site:

Quote
As a non-political online money, Bitcoin is backed exclusively by code. This means that—ultimately—it is only as good as its software design. By funding the Bitcoin infrastructure, including a core development team, we can make Bitcoin more respected, trusted and useful to people worldwide.

Is this not a "relationship" to the core and its development?  ???


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 02:05:26 PM
IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.
Nor does the Foundation have any relationship to Bitcoin Core.

I'm not sure I understand, this is from the foundation site:

Quote
As a non-political online money, Bitcoin is backed exclusively by code. This means that—ultimately—it is only as good as its software design. By funding the Bitcoin infrastructure, including a core development team, we can make Bitcoin more respected, trusted and useful to people worldwide.

Is this not a "relationship" to the core and its development?  ???
The Foundation contributes financially to Bitcoin development in general.
It doesn't (or at least, isn't supposed to) favour or control any given implementation.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 02:23:51 PM
Re-reading my post, it does come off as a rant, that is not how it is intended....

I just believe that the "core" should be just that, the minimum code required to participate in and contribute to the network.

I think the planned direction to split out the wallet  is great, and appreciate you taking it.
It would be interesting if the authors of other* (SPV) wallets made it possible to run and manage a walletless bitcoind in the background, so that their users can optionally contribute to the network by running a full node.

*Armory does this, but only because it needs to, it cannot work in SPV mode


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Meuh6879 on April 09, 2014, 02:35:23 PM
update the binary (i don't touch the folder) is the right choice ?
(openssl is in binary file bitcoin-qt.exe, no ?)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: windpath on April 09, 2014, 02:42:37 PM
The Foundation contributes financially to Bitcoin development in general.
It doesn't (or at least, isn't supposed to) favour or control any given implementation.

I'm sorry, and I'm sure I'm not the first to point this out, when you have a board comprised of people running businesses based on Bitcoin it becomes very difficult to assert that their own positions and goals do not drive decision making about the core.

I honestly don't know any members of the board personally, and am not trying to throw anyone under the bus here, but I think we need to be realistic about "how it works"....

It would be interesting if the authors of other* (SPV) wallets made it possible to run and manage a walletless bitcoind in the background, so that their users can optionally contribute to the network by running a full node.

*Armory does this, but only because it needs to, it cannot work in SPV mode

100% agreed, I run 2 full nodes. 1 on my day-to-day computer (with Armory), and a second on a dedicated server that we pull data from for our site (http://162.242.245.151/).

I feel both obligated and proud to support the network, and can't see a reason that anyone involved with Bitcoin would not, would be nice if all wallet software had this option.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: KGambler on April 09, 2014, 03:04:21 PM
Should we change our wallet password too?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 04:01:13 PM
Should we change our wallet password too?
Not really. There are two scenarios:

1) Your private keys are not compromised. Either you never used a bitcoin: URI with a payment request, or, at least never from a compromised server. No need to change your password or do anything.

2) Your private keys are compromised. You clicked on a bitcoin: URI in your browser that fetched a payment request from a malicious SSL server. By an unlikely fluke, memory was leaked to the server that contained private keys. Send your coins to a new wallet while you can, before the attacker abuses your keys. Changing the password is not enough as a precaution in this case.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: MichaelBliss on April 09, 2014, 04:40:57 PM
 I just upgraded to 0.91 since I was using 0.9.  I've never input my password using 0.9 but I have with prior versions, is there any reason for me to start a new wallet and transfer funds?  As I understand, my bitcoin wallet password should be secure if I haven't entered the password into the 0.9 client?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: PepitaJoe on April 09, 2014, 05:44:01 PM
Does ever mean in the 0.9.0 version, or at any point of time?

The payment protocol only exists in 0.9.

My wallet is version 0.8.6 beta.
Can I continue to use it?
If I upgrade to 0.9.1 version I have to download all blockchain?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 05:48:04 PM
My wallet is version 0.8.6 beta.
Can I continue to use it?
yes

Quote
If I upgrade to 0.9.1 version I have to download all blockchain?
no

I just upgraded to 0.91 since I was using 0.9.  I've never input my password using 0.9 but I have with prior versions, is there any reason for me to start a new wallet and transfer funds?  As I understand, my bitcoin wallet password should be secure if I haven't entered the password into the 0.9 client?
no, no reason to do that


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: l4p7 on April 09, 2014, 06:03:11 PM
This applies to Multibit Bitcoin wallets? Multibit vs 0.5.17?
+1

Any update there?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 09, 2014, 06:04:56 PM
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?

http://i.imgur.com/KxeaFrr.jpg


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Lauda on April 09, 2014, 06:23:23 PM
Thanks for the quick fix.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 09, 2014, 06:25:14 PM
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?

It appears to me that you have a few unconfirmed transactions that hold up inputs.
Have you perhaps set "spend unconfirmed change" in options to false (or passed -spendzeroconfchange=0)?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: LiteCoinGuy on April 09, 2014, 06:26:48 PM
thanks for that fast action! very good.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 09, 2014, 06:32:38 PM
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?

If you look in the transaction list do you see any tx which are unconfirmed?  If so check another source (blockr.io or blockchain.info) to determine if the tx is indeed unconfirmed.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 09, 2014, 06:40:54 PM
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?

It appears to me that you have a few unconfirmed transactions that hold up inputs.
Have you perhaps set "spend unconfirmed change" in options to false (or passed -spendzeroconfchange=0)?
Nope.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 09, 2014, 06:42:16 PM
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?

If you look in the transaction list do you see any tx which are unconfirmed?  If so check another source (blockr.io or blockchain.info) to determine if the tx is indeed unconfirmed.
No, but i just noticed that it reverted me to 0.8.6.... How is this possible? All tx before 7/30/2013 are gone, and those coins are still unconfirmed. I was at version 0.9.0 prior to updating..

http://i.imgur.com/NHdFqRH.jpg


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 09, 2014, 06:57:42 PM
Updated to 0.9.1 again, ran it, and now those coins are out of unconfirmed balance and listed as 'conflicted' in transaction log and I don't recognize the address they were sent to.

http://i.imgur.com/egeHtNI.jpg


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: boumalo on April 09, 2014, 07:06:00 PM
I got the message "Corrupted block database detected.

Do you want to rebuild the block database now?" then when it was almost entirely rebuilt I got the message again and it is rebuilding again now-I updated to 0.9.1 between the rebuilt and it  didn't change anytging; can someone help me explain?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: dex1 on April 09, 2014, 08:05:47 PM

After having read this:

Is there a quick guide to install this ?

I have just switched from windows to Ubuntu, Help!

I got 0.9.0 installed via PPA but the PPA is not updated yet ( + I would like to know how to do it without)

I have :-

Downloaded bitcoin-0.9.1-linux.tar.gz

Then tar xvzf bitcoin-0.9.1-linux.tar.gz


This gives me a folder with bin + src but no ./configure. src has but that  fails.

Obviously I just don't get it  ;D



The downloaded bin directory contains a few executable files. Find the locations of those files already on your system and replace them with the new versions. Maybe they're in /usr/bin?

   ...and then this:

If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   8)
Just be sure it's updated to a fixed version.


   ...could someone tell me which one is correct please ?
   What's the way to follow in order to have it fixed when one has got Bitcoin Core 0.9.0 from Ubuntu PPA ?
   Plain English without discrepancies will be much appreciated. Thank you.




Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Geremia on April 09, 2014, 08:35:52 PM
Why isn't 0.9.1 on SourceForge, and what is its checksum?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 09, 2014, 08:38:08 PM
Why isn't 0.9.1 on SourceForge, and what is its checksum?
You should be verifying the PGP sigs from https://github.com/bitcoin/gitian.sigs


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: johnyj on April 09, 2014, 08:48:20 PM
Yes I think separate the core and wallet should be a good thing, but this might require some effort and time, modularization usually take years to achieve


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: brian123321 on April 09, 2014, 10:32:04 PM
Anyone have information on whether this affects multi bit or not?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: noobyonekenobi on April 09, 2014, 11:44:45 PM
Anyone have information on whether this affects multi bit or not?

"@MultiBitOrg Does the OpenSSL bug affect Multibit?"

"-@QuadraQ As MultiBit is installed on your machine you interact with it directly so no."
https://twitter.com/MultiBitOrg


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: thutrant on April 10, 2014, 12:05:54 AM
Anyone have information on whether this affects multi bit or not?

"@MultiBitOrg Does the OpenSSL bug affect Multibit?"

"-@QuadraQ As MultiBit is installed on your machine you interact with it directly so no."
https://twitter.com/MultiBitOrg

Good to know, thanks for posting!  But it's always better to be safe than sorry.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: merockstar on April 10, 2014, 01:07:27 AM
Is there a quick guide to install this ?

I have just switched from windows to Ubuntu, Help!

I got 0.9.0 installed via PPA but the PPA is not updated yet ( + I would like to know how to do it without)

I have :-

Downloaded bitcoin-0.9.1-linux.tar.gz

Then tar xvzf bitcoin-0.9.1-linux.tar.gz


This gives me a folder with bin + src but no ./configure. src has but that  fails.

Obviously I just don't get it  ;D


cd bin - change directory to the bin folder you just unzipped
cd 64 (or 32 depending on your processor) - change directory again to one of two directories inside /bitcoin-blahblahblah/bin/
./bitcoin-qt - execute the binary file

you don't need anything in the src directory, because you want to run a pre-compiled binary (kind of the linux equivalent to a windows .exe file). everything in the src directory is for that.

http://www.devtome.com/doku.php?id=making_a_qt_wallet_work_in_ubuntu_12.04


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: merockstar on April 10, 2014, 01:19:04 AM
Rawted,

Have you tried running bitcoin-qt with -rescan flag?

right click on bitcoin icon. go to properties, and where it says C:\Windows\Program Files(x86)\Bitcoin\bitcoin-blahblahblah.exe (or whatever yours says) add -rescan, run it, and let the blockchain resync.

then go back and remove the flag because you wont want to resync after everytime you run the client.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: southerngentuk on April 10, 2014, 01:50:17 AM
cd bin - change directory to the bin folder you just unzipped
cd 64 (or 32 depending on your processor) - change directory again to one of two directories inside /bitcoin-blahblahblah/bin/
./bitcoin-qt - execute the binary file

you don't need anything in the src directory, because you want to run a pre-compiled binary (kind of the linux equivalent to a windows .exe file). everything in the src directory is for that.

http://www.devtome.com/doku.php?id=making_a_qt_wallet_work_in_ubuntu_12.04

Thanks, I had resolved the issue by moving bitcoin-qt to the correct directory however this was really helpful in my understanding.  ;D


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Geremia on April 10, 2014, 01:59:32 AM
Why isn't 0.9.1 on SourceForge, and what is its checksum?
You should be verifying the PGP sigs from https://github.com/bitcoin/gitian.sigs
thanks


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Dabs on April 10, 2014, 05:27:18 AM
Well, one good side effect of this release is that a lot of people will upgrade. Which means more nodes to relay my 0.00001 transaction fee transaction.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Corelianer on April 10, 2014, 07:09:44 AM
I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pastet89 on April 10, 2014, 07:37:35 AM
Thanks for info. Is electrum compromised as well?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Luke-Jr on April 10, 2014, 07:42:19 AM
I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.
It exists. It just wasn't used for 0.9.1.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Vyker on April 10, 2014, 09:43:37 AM
Does anyone know if this affects Armory wallets? if so, how do we upgrade safely?



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 7Priest7 on April 10, 2014, 09:59:15 AM
Does anyone know if this affects Armory wallets? if so, how do we upgrade safely?

Probably, Armory uses the bitcoin daemon.
Just upgrade the bitcoin daemon(packaged with bitcoin-qt/core.)

In reality, I've not seen any evidence to prove this vulnerability could effect a average end bitcoin user behind a router.

EDIT:
Modern routers do more than route network traffic.
They block incoming connections.
My understanding of the heartbleed venerability leads me to believe it would require a open port to request the memory dumps.

I felt I should probably elaborate on my above statement.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: PrintMule on April 10, 2014, 11:14:06 AM
New like these make me wonder if people should avoid new updates if they are not critical. Like an update to 0.9.0 - I did not read changelog and thought, why bother updating...


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: wumpus on April 10, 2014, 11:15:39 AM
New like these make me wonder if people should avoid new updates if they are not critical. Like an update to 0.9.0 - I did not read changelog and thought, why bother updating...
It's perfectly reasonable to wait a while after a release, and not jump on every update. This is the reason that automatic updates aren't implemented.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: huggybear on April 10, 2014, 03:06:39 PM
Can someone tell me why the bitcoin-qt file isn't executable in linux?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: coinflow on April 10, 2014, 03:16:05 PM
New like these make me wonder if people should avoid new updates if they are not critical. Like an update to 0.9.0 - I did not read changelog and thought, why bother updating...
It's perfectly reasonable to wait a while after a release, and not jump on every update. This is the reason that automatic updates aren't implemented.

That makes only sense, if it is no hardfork. Otherwise you'd be on the wrong fork, missing coins that were send to you from the new fork and vice versa.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 10, 2014, 03:36:11 PM
Still missing those coins. It really is quite perplexing. The dates of the transactions with those coins are all from the june/july 2013 range and up until 0.9.1 were valid confirmed coins, and are now conflicted transactions and missing coins. Does this mean I was passed bad transactions previously and it's only now showing up? If so, how were those coins spendable prior?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: /dev/null on April 10, 2014, 05:22:58 PM
Still missing those coins. It really is quite perplexing. The dates of the transactions with those coins are all from the june/july 2013 range and up until 0.9.1 were valid confirmed coins, and are now conflicted transactions and missing coins. Does this mean I was passed bad transactions previously and it's only now showing up? If so, how were those coins spendable prior?

Do one thing, import wallet on blockchain.info then make a new wallet and send coins to your qt wallet. (Make sure to send a test amount first)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Comrade Capitalist on April 10, 2014, 06:18:11 PM
Can someone tell me why the bitcoin-qt file isn't executable in linux?
I use a very simple workaround. I created a shortcut on the desktop and pointed it to the bitcoin-qt file. That's it.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: huggybear on April 10, 2014, 11:02:57 PM
Can someone tell me why the bitcoin-qt file isn't executable in linux?
I use a very simple workaround. I created a shortcut on the desktop and pointed it to the bitcoin-qt file. That's it.

Sorry it's all Greek to me I only use Linux for Bitcoin-QT. Can you explain me step by step how I can bitcoin-qt get running. At version 0.8.6. the bitcoin-qt file was executable but in the new version it is a shared libary. I opened the context menu and tried to open the file with "run application" but nothing happens.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: MysteryMiner on April 10, 2014, 11:04:43 PM
This is extra bad OpenSSL bug. With Certificate Patrol extension installed on Firefox I see almost every site changing SSL keys. Already changed all my important passwords on websites.

But Bitcoin is not that badly affected. Deep web are changing .onion addresses, people changing TorChat identities. It is chaos there right now and recent attack on Hidden Wiki by some Anonymous moron does not help.

Maybe The Hidden Wiki got it's legendary .onion key leaked because of this OpenSSL vulnerability? This key leaking is exactly what the vulnerability will allow to do. Previously I thought that the hidden wiki's VPS host was broken by password reset.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Comrade Capitalist on April 11, 2014, 05:46:41 AM
Can someone tell me why the bitcoin-qt file isn't executable in linux?
I use a very simple workaround. I created a shortcut on the desktop and pointed it to the bitcoin-qt file. That's it.

Sorry it's all Greek to me I only use Linux for Bitcoin-QT. Can you explain me step by step how I can bitcoin-qt get running. At version 0.8.6. the bitcoin-qt file was executable but in the new version it is a shared libary. I opened the context menu and tried to open the file with "run application" but nothing happens.

1. Use instructions from this link: http://xmodulo.com/2013/11/create-desktop-shortcut-launcher-linux.html (http://xmodulo.com/2013/11/create-desktop-shortcut-launcher-linux.html) (or google linux+desktop+shortcut)
2. In the “command” field put the correct path to your “bitcoin-qt” file, i.e. “/home/user/bitcoin-0.9.1-linux/bin/64/bitcoin-qt” (without quotes) for example.
3. Uncheck “run in terminal” and check “is executable”, if those checkboxes exist.
4. Use new shortcut (or launcher).


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: smoothrunnings on April 11, 2014, 09:31:34 AM
How do you compile this on openSUSE? There are no instructions inside this build that explain how to compile/make Bitcoin-Qt/Bitcoind on any version of Linux and what dependencies are needed too. There seems to be a lot of assumptions being made...

Thanks,



If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here (https://bitcoin.org/bin/0.9.1/). If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.

If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.

This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.

If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.

Download 0.9.1 (https://bitcoin.org/bin/0.9.1/)
Announcement (https://bitcoin.org/en/release/v0.9.1)

Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Hyena on April 11, 2014, 09:34:43 AM
Maybe that's how all the darkweb marketplaces and forums got shut down? Utopia was butchered at birth, Black Market Reloaded Forum was also shut down by police.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: MysteryMiner on April 11, 2014, 11:10:45 AM
Maybe that's how all the darkweb marketplaces and forums got shut down? Utopia was butchered at birth, Black Market Reloaded Forum was also shut down by police.
It is only speculation. The exploit cannot deanonymize hidden service. I can be used to steal private key for .onion address and then impersonate the service. I think the black markets got shut down because of different security issues.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: tuvok007 on April 11, 2014, 12:57:54 PM
What if I have my blockchain on f drive? How do I update?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: theymos on April 11, 2014, 01:17:53 PM
How do you compile this on openSUSE? There are no instructions inside this build that explain how to compile/make Bitcoin-Qt/Bitcoind on any version of Linux and what dependencies are needed too. There seems to be a lot of assumptions being made...

The instructions are in src/doc/build-unix.md. For bitcoind, you only need OpenSSL (the fixed version), Boost, and Berkeley DB.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Corelianer on April 11, 2014, 01:19:39 PM
I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.
It exists. It just wasn't used for 0.9.1.
So if the possibility exists, but was not used. For what do you use it then?
I like to get infos about a new client-version before the last "Sorry all your Bitcoins are stolen" message...

If you talk about the "Alert" function, then Gavin is responsable for the lack of not using it.

I understand that you don't wana use it for bullshit rumors, but the Hardbleed bug is a serious one.

I recommend to use it for all new Bitcoin Core releases. If you don't call it URGENT, then it's just a feature upgrade.
But in this case I think URGENT would have been the right naming for it.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 11, 2014, 02:09:04 PM
I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.
It exists. It just wasn't used for 0.9.1.
So if the possibility exists, but was not used. For what do you use it then?
I like to get infos about a new client-version before the last "Sorry all your Bitcoins are stolen" message...

If you talk about the "Alert" function, then Gavin is responsable for the lack of not using it.

I understand that you don't wana use it for bullshit rumors, but the Hardbleed bug is a serious one.

I recommend to use it for all new Bitcoin Core releases. If you don't call it URGENT, then it's just a feature upgrade.
But in this case I think URGENT would have been the right naming for it.

IMHO the risk is being overstated and it probably doesn't warrant the use of the alert key. 


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Sahtor on April 11, 2014, 05:36:38 PM
Is Ubuntu ppa:bitcoin/bitcoin going to get updated soon?

Are you going to release ~trusty debs anytime soon?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: huggybear on April 11, 2014, 05:59:40 PM
1. Use instructions from this link: http://xmodulo.com/2013/11/create-desktop-shortcut-launcher-linux.html (http://xmodulo.com/2013/11/create-desktop-shortcut-launcher-linux.html) (or google linux+desktop+shortcut)
2. In the “command” field put the correct path to your “bitcoin-qt” file, i.e. “/home/user/bitcoin-0.9.1-linux/bin/64/bitcoin-qt” (without quotes) for example.
3. Uncheck “run in terminal” and check “is executable”, if those checkboxes exist.
4. Use new shortcut (or launcher).

Thanks a lot. I will try.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 11, 2014, 06:39:26 PM
Rawted,

Have you tried running bitcoin-qt with -rescan flag?

right click on bitcoin icon. go to properties, and where it says C:\Windows\Program Files(x86)\Bitcoin\bitcoin-blahblahblah.exe (or whatever yours says) add -rescan, run it, and let the blockchain resync.

then go back and remove the flag because you wont want to resync after everytime you run the client.
Yes sir, and thanks for your help. I replied to your PM. It seems to be almost 2.7btc I am missing now, however only 1.3 btc is showing as unconfirmed in 0.8.6-0.8.9, whereas it's showing as conflicted in 0.9.1. Nothing to the address in question, and none of the tx ids pop up on blockchain.info.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: cypherdoc on April 11, 2014, 07:22:25 PM
we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Comrade Capitalist on April 11, 2014, 08:19:16 PM
we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz

Luke-Jr has already addressed this issue:

If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   8)
Just be sure it's updated to a fixed version.

And bitcoin-0.9.1-linux.tar.gz is compiled. A little uncooperative maybe :) but compiled.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: vectisitch on April 11, 2014, 08:55:38 PM
what does this heartbleed thing do. i ask because i updated my bitcoin wallet to 0.0.1 and on the same day i was not able to unlock my blackcoin wallet anymore. it says incorrect password. even though i know it's the right one


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: chek2fire on April 12, 2014, 12:29:54 AM
we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz

I hope that they dont drop ppa support for bitcoin and they will update the package asap.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: windpath on April 12, 2014, 12:43:43 AM
I hope that they dont drop ppa support for bitcoin and they will update the package asap.

There is no reason to update the PPA, you need to update OpenSSL on your server, the Bitcoin PPA relies on it....


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: chek2fire on April 12, 2014, 12:44:48 AM
ubuntu has update OpenSSL with the latest bug free version.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitManXD on April 12, 2014, 12:52:30 AM
How can one use this exploit to steal bitcoins? I think it's quite hard if not impossible.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Nubarius on April 12, 2014, 08:49:59 AM
Bitcoin 0.9.1 in NOT working with russian version of windows!

The Windows version of Bitcoin Core 0.9.0 introduced a bug which affects data paths that contain non-ASCII characters. These are no longer recognised correctly (it's a new bug, Bitcoin-qt 0.8.* was fine with non-ASCII characters in paths). Since the data directory in Windows is C:\Users\[username]\AppData\Roaming\Bitcoin, the problem on a Russian system is likely to be the user name. My guess is that you have a Russian user name and the program is choking on the data path. Try copying the data directory to a path that contains only Latin letters and then change the path in the options accordingly, and it will probably work.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pinger on April 12, 2014, 02:00:00 PM
the new client crashes pretty nasty
ok found its my antivirus trying to avoid another bitcoin virus
people who use windows make sure when the program crashes to set any antivirus to allow the data
its a false positive

I get the same issue with Avast AV.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pinger on April 12, 2014, 02:01:21 PM
Paper wallets generated before 0.9 are also vulnerable if they found the public key?

Greetings.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 12, 2014, 03:38:31 PM
Paper wallets generated before 0.9 are also vulnerable if they found the public key?

Greetings.

Public Key? No.  Private Key probably although the risk of getting private key this way is academic at best.  Still if the paper wallet is funded and nobody stole the coins that is a very good canary in the coal mine.  If you have unfunded paper wallets well although the risk is very low I would just trash them and print new ones.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: laflaflaf on April 13, 2014, 06:54:26 AM
I downloaded it, and update very slow


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pinger on April 13, 2014, 07:51:27 AM
Does other Bitcoin clients also afected?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: bitsalame on April 14, 2014, 03:37:30 AM
So basically, if you had 0.9.0, but you neither have enabled manually rpcssl from the console, nor clicked on any bitcoin link, then your wallet has always been safe and no private keys could have been leaked.

This is a relief if you have several addresses linked to shares.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Freedom24 on April 14, 2014, 05:41:09 PM
How can I Upgrade my Bitcoin QT?

I use Linux Ubunto and I don't know what to do.



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: dex1 on April 15, 2014, 12:04:17 AM
How can I Upgrade my Bitcoin QT?

I use Linux Ubunto and I don't know what to do.



Being a noob myself I asked the same question (https://bitcointalk.org/index.php?topic=562400.msg6146151#msg6146151) and got no answer here. Just to have it clear I was using bitcoin 0.9.0 from Ubuntu PPA and
had my libssl1.0.0 updated however in the debug window it still showed old/insecure version of OpenSSL.

So here is what I did:

-First thing first back up ur wallet.
-Shut down your client.
-Now make a backup of your current bitcoin-qt executable/shared library which should be in /usr/bin
Code:
cd /usr/bin
sudo mv bitcoin-qt bitcoin-qt.bckup
-Download and verify bitcoin-0.9.1-linux.tar.gz (https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz)
-Navigate to your Home directory
Code:
cd ~
-and then to Downloads
Code:
cd Downloads
-unzip what you've downloaded
Code:
tar xvzf bitcoin-0.9.1-linux.tar.gz
-Navigate to just unzipped directory
Code:
cd bitcoin-0.9.1-linux
-and then depending on whether your system is 32 or 64 do
Code:
cd bin/32

/* alternatively if your system is 64 do */

cd bin/64
-copy bitcoin-qt from this directory to /usr/bin
Code:
sudo cp bitcoin-qt /usr/bin

-start your client the usual way.

Hope it helps...
 :) :) :)



Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: cypherdoc on April 15, 2014, 01:51:12 AM
How can I Upgrade my Bitcoin QT?

I use Linux Ubunto and I don't know what to do.



Being a noob myself I asked the same question (https://bitcointalk.org/index.php?topic=562400.msg6146151#msg6146151) and got no answer here. Just to have it clear I was using bitcoin 0.9.0 from Ubuntu PPA and
had my libssl1.0.0 updated however in the debug window it still showed old/insecure version of OpenSSL.

So here is what I did:

-First thing first back up ur wallet.
-Shut down your client.
-Now make a backup of your current bitcoin-qt executable/shared library which should be in /usr/bin
Code:
cd /usr/bin
sudo mv bitcoin-qt bitcoin-qt.bckup
-Download and verify bitcoin-0.9.1-linux.tar.gz (https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz)
-Navigate to your Home directory
Code:
cd ~
-and then to Downloads
Code:
cd Downloads
-unzip what you've downloaded
Code:
tar xvzf bitcoin-0.9.1-linux.tar.gz
-Navigate to just unzipped directory
Code:
cd bitcoin-0.9.1-linux
-and then depending on whether your system is 32 or 64 do
Code:
cd bin/32

/* alternatively if your system is 64 do */

cd bin/64
-copy bitcoin-qt from this directory to /usr/bin
Code:
sudo cp bitcoin-qt /usr/bin

-start your client the usual way.

Hope it helps...
 :) :) :)



nice. thank you.

how do i turn this into an icon executable seen in Dashboard?
Code:
hom@home:/usr/bin$ ./bitcoin-qt


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: gweedo on April 15, 2014, 02:00:44 AM
Is anyone else having an issue with multi-sig transactions. It seems that bitcoin 0.9.1 can't find the proper private key for the public key when using signrawtransaction. I tried on two different computers. I had to manually redo the transaction and insert the private key myself.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: androidboss on April 15, 2014, 04:56:08 AM
very good,i will try it


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: joinmicah on April 15, 2014, 01:55:44 PM
It is Very Important that you update you Client to combat against the Open SSL Bug known as HeartBleed.com More information at the following link


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: frogfrmr on April 15, 2014, 02:54:57 PM
Hi, I'm a newbie for sure.

I downloaded the new version v0.9.1.0-g026a939-beta (32-bit) and it appears to be communicating by the looks of the network traffic graph.  When I started it, days ago, it said "12 days behind" and now it says "2 weeks behind".  It also says:

 "Warning: The network does not appear to fully agree! Some miners appear to be experiencing issues.",

Should I just wait and see what happens?  Should I be concerned?

Thanks.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Kiki112 on April 15, 2014, 03:07:00 PM
I have 0.9.1 version now, does it mean I'm safe?
Do I also have to delete my previous version?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pointbiz on April 16, 2014, 01:58:15 AM
EDIT: Also, are the cold addresses generated from bitaddress.org safe? Most of my cold Bitcoins are stored on addresses (with their keys) generated from bitaddress.org (i.e. the "Bulk Wallet" option)

Verifying the SHA1 checksum of the bitaddress.org HTML that you download locally is the way to be sure you are safe.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Polyatomic on April 16, 2014, 07:53:40 AM
How can I Upgrade my Bitcoin QT?

I use Linux Ubunto and I don't know what to do.






nice. thank you.

how do i turn this into an icon executable seen in Dashboard?
Code:
hom@home:/usr/bin$ ./bitcoin-qt


You should be able to lock it to the launcher when its running aye


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Kimmo on April 16, 2014, 07:26:58 PM
Quick guide for Ubuntu

1. Download https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz
2. Open file, then click 'Extract'-button. Extract the files in your home folder.
3. Open terminal, enter:

Code:
sudo cp ~/bitcoin-0.9.1-linux/bin/64/bitcoin-qt /usr/bin  #(or 32 instead of 64 if you have 32-bit Ubuntu)

Done.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Zhan21 on April 17, 2014, 08:18:12 AM
Do I need to uninstall 0.9.0? ???


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: go4nature on April 17, 2014, 03:32:50 PM
I am not using bicoin-qt but i installed it and using multibit. It is necessary to update it or uninstall it?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Kimmo on April 17, 2014, 08:16:45 PM
Do I need to uninstall 0.9.0? ???

No.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Kimmo on April 17, 2014, 08:27:53 PM
I am not using bicoin-qt but i installed it and using multibit. It is necessary to update it or uninstall it?

If you don't use it you should be fine.


https://multibit.org/blog/2014/04/10/multibit-and-heartbleed.html
 (https://multibit.org/blog/2014/04/10/multibit-and-heartbleed.html)


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: haploid23 on April 18, 2014, 11:16:49 AM
Dam I'm still using 8.6 QT. It seems like there needs to be constant updates. What if one were to take a break from bitcoin for 5 years? There has to be a better way to not have vulnerable wallets during this time.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: DeathAndTaxes on April 19, 2014, 05:51:26 PM
Dam I'm still using 8.6 QT. It seems like there needs to be constant updates. What if one were to take a break from bitcoin for 5 years? There has to be a better way to not have vulnerable wallets during this time.

If you aren't using Bitcoin you wouldn't be vulnerable.  When you decide to start using Bitcoin after your five year break you would download and install the current software.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: dex1 on April 20, 2014, 11:43:30 AM

........

When the ppa version will be ready?  >:(
Never, it's not affected (although your OS probably is...)

"Never" took only 10 days which is good result IMO.
0.9.1 available now at Ubuntu PPA (https://launchpad.net/~bitcoin/+archive/bitcoin).

Big thank you for Matt Corallo and “Bitcoin” team
and Happy Easter everyone.





Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: kingscrown on April 22, 2014, 02:16:09 AM
what about old versions like 0.8.6 etc also compromised ?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: pandacoin on April 22, 2014, 12:00:57 PM
what about old versions like 0.8.6 etc also compromised ?

Maybe. In any case you should upgrade it to 0.9.1. I never upgrade to 0.9.0, I've waited feedbacks, then this Heartbleed bug found. Then I upgrade it from 0.8.6 to 0.9.1 and I have no problem at all.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: Rawted on April 22, 2014, 05:46:40 PM
Those coins are still missing for me, and the addy only showed up on the blockchain after sending it some dust. Anything else I should try before writing off these coins? Anyone have ANY idea how this could happen?


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: buzybit on April 22, 2014, 08:24:50 PM
updated normally


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: compumine on May 06, 2014, 03:10:39 AM
Could someone help out please?

When I start bitcoin core, I get "error opening block database, Do you want to rebuild the block database now?"  If I press "OK", I get "error opening block database"

What can I do to get my wallet working again?

Thanks.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: 7Priest7 on May 06, 2014, 05:39:58 AM
Could someone help out please?

When I start bitcoin core, I get "error opening block database, Do you want to rebuild the block database now?"  If I press "OK", I get "error opening block database"

What can I do to get my wallet working again?

Thanks.

Manually Delete then re-download the block chain.
It should be in .bitcoin folder in your user app data folder(%appdata%).
Your location may vary depending on the version of windoze you run.

You really should've created a new topic, You revived a dead thread.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: erono on May 06, 2014, 05:49:17 AM
I closed and restarted it and it seems fine. I think it was definitely downloading the first time because my network was going crazy.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: compumine on May 06, 2014, 06:09:11 AM
Could someone help out please?

When I start bitcoin core, I get "error opening block database, Do you want to rebuild the block database now?"  If I press "OK", I get "error opening block database"

What can I do to get my wallet working again?

Thanks.

Manually Delete then re-download the block chain.
It should be in .bitcoin folder in your user app data folder(%appdata%).
Your location may vary depending on the version of windoze you run.

You really should've created a new topic, You revived a dead thread.

thank you for your reply.  It's sorted out. I had to reinstall. But It's all good.


Title: Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
Post by: klabaki on May 07, 2014, 04:53:40 AM
If you use Bitcoin Core, then this poll matters to you:
https://bitcointalk.org/index.php?topic=598082.0

Bitcoin Core users can vote about a change in Bitcoin Core!


(I posted this to the Bitcoin Core update thread because it would directly affect Bitcoin Core users.)