Bitcoin Forum
July 08, 2015, 04:22:22 AM *
News: ♦♦♦ If you are using any wallet other than Bitcoin Core 0.10.x or 0.9.5, then you should not trust incoming transactions until they have ~30 confirmations. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Bitcoin-Qt / bitcoind version 0.8.4 released, fixes critical DoS vulnerability  (Read 29332 times)
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW

Ignore
September 04, 2013, 01:22:54 AM
 #1

Bitcoin-Qt version 0.8.4 is now available from:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/

This is a maintenance release to fix a critical bug and three
security issues; we urge all users to upgrade.

Please report bugs using the issue tracker at github:
  https://github.com/bitcoin/bitcoin/issues


How to Upgrade
--------------

If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).

If you are upgrading from version 0.7.2 or earlier, the first time you
run 0.8.4 your blockchain files will be re-indexed, which will take
anywhere from 30 minutes to several hours, depending on the speed of
your machine.

0.8.4 Release notes
===================

Security issues
---------------

An attacker could send a series of messages that resulted in
an integer division-by-zero error in the Bloom Filter handling
code, causing the Bitcoin-Qt or bitcoind process to crash.
Bloom filters were introduced with version 0.8, so versions 0.8.0
through 0.8.3 are vulnerable to this critical denial-of-service attack.

A constant-time algorithm is now used to check RPC password
guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838
(CVE-2013-4165)

Implement a better fix for the fill-memory-with-orphan-transactions
attack that was fixed in 0.8.3. See
https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors-of-attack/
for a description of the weaknesses of the previous fix.
(CVE-2013-4627)

Bugs fixed
----------

Fix multi-block reorg transaction resurrection.

Fix non-standard disconnected transactions causing mempool orphans.
This bug could cause nodes running with the -debug flag to crash.

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Linux: clicking on bitcoin: links was broken if you were using
a Gnome-based desktop.

Fix a hang-at-shutdown bug that only affects users that compile
their own version of Bitcoin against Boost versions 1.50-1.52.

Other changes
-------------

Checkpoint at block 250,000 to speed up initial block downloads
and make the progress indicator when downloading more accurate.


Thanks to everybody who contributed to the 0.8.4 releases!
----------------------------------------------------------

Pieter Wuille
Warren Togami
Patrick Strateman
pakt
Gregory Maxwell
Sergio Demian Lerner
grayleonard
Cory Fields
Matt Corallo
Gavin Andresen

How often do you get the chance to work on a potentially world-changing project?
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
AntMiner S5 & S4+ BITMAIN The most power efficient bitcoin miner on the market
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
1436329342
Hero Member
*
Offline Offline

Posts: 1436329342

View Profile Personal Message (Offline)

Ignore
1436329342
Reply with quote  #2

1436329342
Report to moderator
Fiyasko
Legendary
*
Offline Offline

Activity: 1428


Okey Dokey Lokey


View Profile

Ignore
September 04, 2013, 02:32:12 AM
 #2

Sad to see that updates are neccessary, but glad to see neccessary updates come out.

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
klaus
Legendary
*
Offline Offline

Activity: 1316



View Profile

Ignore
September 04, 2013, 02:38:23 AM
 #3


thanks alot gavin !

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
ninjaboon
Legendary
*
Offline Offline

Activity: 1078



View Profile WWW

Ignore
September 04, 2013, 02:38:36 AM
 #4

thanks for the upgrade post, will do an upgrade later on my linux PC.

freedomno1
Hero Member
*****
Offline Offline

Activity: 826


Activity: 9001 == OP


View Profile WWW

Ignore
September 04, 2013, 02:41:42 AM
 #5

Roger that upgrading now thanks as always to the devs

Coinlogger
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
September 04, 2013, 02:42:29 AM
 #6

Alrighty then upgrading now
LaserHorse
Full Member
***
Offline Offline

Activity: 140



View Profile

Ignore
September 04, 2013, 02:53:45 AM
 #7

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

PiMiner - control & monitor your miners with Raspberry Pi   •   BTC: 1AV5JekeEVET5u2jTsLDMRsTtagrBnNTBR
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile

Ignore
September 04, 2013, 02:59:22 AM
 #8

My standard, per-version refrain:  If downloading a new block chain, then download the torrent:

     [ANN] Bitcoin blockchain data torrent
     https://bitcointalk.org/index.php?topic=145386.0

Torrent handles bursty behavior such as new releases nicely, without loading the bitcoin P2P network so much.

(if you are upgrading and already have some block chain, this message does not apply to you)


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
cypherdoc
Legendary
*
Offline Offline

Activity: 1568



View Profile

Ignore
September 04, 2013, 03:00:34 AM
 #9

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile

Ignore
September 04, 2013, 03:04:42 AM
 #10

Thank you Gavin for all your work! +1
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile

Ignore
September 04, 2013, 03:25:16 AM
 #11

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1

Well... please help us confirm that the OSX issue is fixed.

Note the "hopefully!" tag...


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Vod
Legendary
*
Offline Offline

Activity: 1372


Licking my boob since 1970


View Profile WWW

Ignore
September 04, 2013, 03:25:46 AM
 #12

Thank you Gavin!

I HAVE BLOCKED ALL PERSONAL MESSAGES AS I AM AFK FOR AT LEAST THREE MONTHS.
"You have enemies? Good. That means you've stood up for something, sometime in your life." - Winston Churchill
Inaugural PICISI Sponsor - Read up on Armis' Long Con!
Seal
Donator
Hero Member
*
Offline Offline

Activity: 772


View Profile WWW

Ignore
September 04, 2013, 03:32:21 AM
 #13

Good work Gavin. Thank you.

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
KonstantinosM
Hero Member
*****
Offline Offline

Activity: 560


Personal Text?


View Profile

Ignore
September 04, 2013, 03:36:17 AM
 #14

I'm upgrading now! I did do a wallet backup just in case though.

May this version be mostly free of bugs so I don't have to do this again!

Installing only took a few seconds. I do have a bug through the last two versions though. My bitcoin client will freeze the first time I open it. I have to force close the client and the second time it will open up perfectly fine!

It's verifying blocks now.... 23:30 is the time.... When I checked again at 23:35 everything was working, up to date and synchronized!
Joe_Bauers
Hero Member
*****
Offline Offline

Activity: 742


GCVMMWH


View Profile WWW

Ignore
September 04, 2013, 03:41:16 AM
 #15

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Code:
user@debian7:~/bitcoin$ git checkout master
Previous HEAD position was 40809ae... Bump version numbers for 0.8.3 release
Switched to branch 'master'
user@debian7:~/bitcoin$ qmake
Project MESSAGE: Building with UPNP support
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
user@debian7:~/bitcoin$ make
cd /home/user/bitcoin/src/leveldb && CC=gcc CXX=g++ make OPT="-m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2" libleveldb.a libmemenv.a
make[1]: Entering directory `/home/user/bitcoin/src/leveldb'
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/dbformat.cc -o db/dbformat.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/db_impl.cc -o db/db_impl.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/version_set.cc -o db/version_set.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/block.cc -o table/block.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/table.cc -o table/table.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/cache.cc -o util/cache.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/env_posix.cc -o util/env_posix.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/hash.cc -o util/hash.o
rm -f libleveldb.a
ar -rs libleveldb.a db/builder.o db/c.o db/dbformat.o db/db_impl.o db/db_iter.o db/filename.o db/log_reader.o db/log_writer.o db/memtable.o db/repair.o db/table_cache.o db/version_edit.o db/version_set.o db/write_batch.o table/block_builder.o table/block.o table/filter_block.o table/format.o table/iterator.o table/merger.o table/table_builder.o table/table.o table/two_level_iterator.o util/arena.o util/bloom.o util/cache.o util/coding.o util/comparator.o util/crc32c.o util/env.o util/env_posix.o util/env_win.o util/filter_policy.o util/hash.o util/histogram.o util/logging.o util/options.o util/status.o port/port_posix.o
ar: creating libleveldb.a
make[1]: `libmemenv.a' is up to date.
make[1]: Leaving directory `/home/user/bitcoin/src/leveldb'
cd /home/user/bitcoin; /bin/sh share/genbuild.sh build/build.h
/usr/bin/uic-qt4 src/qt/forms/overviewpage.ui -o build/ui_overviewpage.h
/usr/bin/uic-qt4 src/qt/forms/sendcoinsentry.ui -o build/ui_sendcoinsentry.h
/usr/bin/uic-qt4 src/qt/forms/optionsdialog.ui -o build/ui_optionsdialog.h
/usr/bin/uic-qt4 src/qt/forms/intro.ui -o build/ui_intro.h
protoc --cpp_out=build --proto_path=src/qt --proto_path=src/qt src/qt/paymentrequest.proto
make: protoc: Command not found
make: *** [build/paymentrequest.pb.h] Error 127

Ɏ:: YHJMUHKdd9628xeKuJ3vTrGZuzdX8UxBhx :: YACoin since 5/2013
:: yacoin.org for info :: https://github.com/yacoin/yacoin/releases for client. TWTR:: @YACoinJoe
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 615



View Profile WWW

Ignore
September 04, 2013, 03:41:52 AM
 #16

When will I be able to compile bitcoin on Debian? Last time I tried the instructions were very confusing and I failed.

Discover anarcho-capitalism today!
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 1582



View Profile

Ignore
September 04, 2013, 04:11:11 AM
 #17

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

03aba838418b302bf6b5f6b0803856d3ede449ad  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJoDzAAoJECnZ7msfxzDBC8gQAINV3lBWrfH6GvFWj5f0SiBB
LWS4w6B7zc3VrzA2a+hNPDqlHjIMw270Vpsybd1m/6Hgx+SGaknPTAT6LKk9BPfW
7FwHqZqvrMQBSQbCM7ZJ052ldQiW/VKaVt0+7JwdDBTVy9Sa+80WLana8spTRkHC
L+fm7hqSIgF79PEso0FXr6lFjWLgg+xjrRwCEKD8YBuvs2PfeHCpZGLoD33UtKrt
C6txXW4WemP32f/d2gtVxO5EQtYo7u9oDPWU9FUpeMPSjOo6dcT0Tk/VfMttcZMQ
YlxiO/NpGRKdrbJbKjKZm+DKzNhpn8584QVQgkJc4xTev2J0pUEGVmiJWIVi2exC
mkyBFaqoKo68esfmIg5CFKSpuEf7ARnYLd3hjH/trBAb02btUPo/2v+T5O2MYO0v
CD4RU2VgBWCRGhxjwasHkYTESM1uEBaBFwZ/kTm7gcAZ8lnZx9SouDD/q7bj7u97
Mh9ahxWpvsv9lmGC/9rsoLwcV5QpWlyFFrwTrLqfu2HSDp26VdWFqbnSuM2pFGKN
IeUS6GP0dcfHEVffHIXTbfBEmxl/06claCoi+JG1g129ispay378xAWYBfSA7Mwj
ENoM3AK2xRKI1nieU0IDUCfxkwGxtEXA5bF4mqX3C0nQmPP+JM6u1CJV+gC/k0yM
7A9UZuGJux4QKHIFE6Cp
=l9+4
-----END PGP SIGNATURE-----

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a86003bca1461e8d68c36fee75230899640d3613  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJq8rAAoJECnZ7msfxzDBJ4MQAM6eVKnb2hr/jIe3wFGmTzGL
lZtEVoxKI/pjErPl7iW2w4PHVv9tvML/+U0DmYcCKCpm2ufJxw1OQ04PwRGGOiE+
7dFwAchjZNlvt1EvHjDZ/sbWb8kXwV3qY6keXP++YUAP52GTaDUi4yN294YJr5fM
JFkyWYrn/OY9iR9sEBiuRNRrgtYM7tlB4i5ngizl6QBMvIvjOPTrp9DNpgASCn0Z
/QpMCf1s4z4EUDme06IxC1J1CxMXCuqY/oiKkxZIkwzZBXh0DClDuGVVSPbz9cjP
XitxKp1ix+agHcrNuD0j1zwhYaBWRXaCiR1fYtW4aFBarWjGoYvRzumxixW1dBkY
jhjFbNHnb3Dk4qfugBpnK7HbFNyV8apeD9U8Wx4dl60KhVyjeIaPdXUpHCTJFdAF
uiFWnx7QM9PdkxNwBpPvIiDUbZKw0e6E6aWVcRBj37JBWe835FSGkzabV9FWYkKG
vTAvGQnDBWJmTBOv40Mo4bjBwABrpyefFPOwlakcUnCKh7SEmIYLPt8sJJON/otM
y5f38AsDGVlB52/Q5elvqvGYNA17+nuz+LiHporkl7Io8+kOqfepU992tActMPsk
JSgcghDX22PZjRHpelZwL26NHN6nW4ZtFH/PsDyn18RcrI3+lHD9WzASfVNHZaVW
eoiJfwxUDNmPS3r6XlKQ
=+eE4
-----END PGP SIGNATURE-----

Both signatures verify to gavin's key ...

Monetary Freedom - a basic human right
The ultimate outcome of central banking must be that everybody goes broke borrowing fiat money that has no value.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW

Ignore
September 04, 2013, 04:17:31 AM
 #18

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.

How often do you get the chance to work on a potentially world-changing project?
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 1582



View Profile

Ignore
September 04, 2013, 04:19:49 AM
 #19

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.


thnx ... i guess i'll go with the foo version for now.

Monetary Freedom - a basic human right
The ultimate outcome of central banking must be that everybody goes broke borrowing fiat money that has no value.
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile

Ignore
September 04, 2013, 04:33:36 AM
 #20

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Your paste indicates you are building the development version (master, aka pre-0.9), not 0.8.4 release.

Your 0.9 build fails due to lack of the protobufs compiler, "protoc"

You want to check out the v0.8.4 branch.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!