Bitcoin Forum
April 17, 2014, 05:22:59 AM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5  All
  Print  
Author Topic: Bitcoin-Qt / bitcoind version 0.8.4 released, fixes critical DoS vulnerability  (Read 17149 times)
Gavin Andresen
Hero Member
*****
Offline Offline

Activity: 1330


Chief Scientist


View Profile WWW

Ignore
September 04, 2013, 01:22:54 AM
 #1

Bitcoin-Qt version 0.8.4 is now available from:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/

This is a maintenance release to fix a critical bug and three
security issues; we urge all users to upgrade.

Please report bugs using the issue tracker at github:
  https://github.com/bitcoin/bitcoin/issues


How to Upgrade
--------------

If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).

If you are upgrading from version 0.7.2 or earlier, the first time you
run 0.8.4 your blockchain files will be re-indexed, which will take
anywhere from 30 minutes to several hours, depending on the speed of
your machine.

0.8.4 Release notes
===================

Security issues
---------------

An attacker could send a series of messages that resulted in
an integer division-by-zero error in the Bloom Filter handling
code, causing the Bitcoin-Qt or bitcoind process to crash.
Bloom filters were introduced with version 0.8, so versions 0.8.0
through 0.8.3 are vulnerable to this critical denial-of-service attack.

A constant-time algorithm is now used to check RPC password
guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838
(CVE-2013-4165)

Implement a better fix for the fill-memory-with-orphan-transactions
attack that was fixed in 0.8.3. See
https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors-of-attack/
for a description of the weaknesses of the previous fix.
(CVE-2013-4627)

Bugs fixed
----------

Fix multi-block reorg transaction resurrection.

Fix non-standard disconnected transactions causing mempool orphans.
This bug could cause nodes running with the -debug flag to crash.

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Linux: clicking on bitcoin: links was broken if you were using
a Gnome-based desktop.

Fix a hang-at-shutdown bug that only affects users that compile
their own version of Bitcoin against Boost versions 1.50-1.52.

Other changes
-------------

Checkpoint at block 250,000 to speed up initial block downloads
and make the progress indicator when downloading more accurate.


Thanks to everybody who contributed to the 0.8.4 releases!
----------------------------------------------------------

Pieter Wuille
Warren Togami
Patrick Strateman
pakt
Gregory Maxwell
Sergio Demian Lerner
grayleonard
Cory Fields
Matt Corallo
Gavin Andresen

Will I see you in Amsterdam?
  http://bitcoin2014.com/
The Latest in ASIC Scrypt Miners. FREE Same-Day Shipping.
GAWMiners.com - Promo Code: FREESHIPPING
Mining Made Easy
For Everyone

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397712179
Hero Member
*
Offline Offline

Posts: 1397712179

View Profile Personal Message (Offline)

Ignore
1397712179
Reply with quote  #2

1397712179
Report to moderator
1397712179
Hero Member
*
Offline Offline

Posts: 1397712179

View Profile Personal Message (Offline)

Ignore
1397712179
Reply with quote  #2

1397712179
Report to moderator
1397712179
Hero Member
*
Offline Offline

Posts: 1397712179

View Profile Personal Message (Offline)

Ignore
1397712179
Reply with quote  #2

1397712179
Report to moderator
1397712179
Hero Member
*
Offline Offline

Posts: 1397712179

View Profile Personal Message (Offline)

Ignore
1397712179
Reply with quote  #2

1397712179
Report to moderator
JackRabiit
Hero Member
*****
Offline Offline

Activity: 1162


Okey Dokey Lokey


View Profile

Ignore
September 04, 2013, 02:32:12 AM
 #2

Sad to see that updates are neccessary, but glad to see neccessary updates come out.

klaus
Hero Member
*****
Offline Offline

Activity: 994



View Profile

Ignore
September 04, 2013, 02:38:23 AM
 #3


thanks alot gavin !

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
ninjaboon
Hero Member
*****
Offline Offline

Activity: 616



View Profile WWW

Ignore
September 04, 2013, 02:38:36 AM
 #4

thanks for the upgrade post, will do an upgrade later on my linux PC.

freedomno1
Sr. Member
****
Offline Offline

Activity: 406


Activity: 9001 == OP


View Profile

Ignore
September 04, 2013, 02:41:42 AM
 #5

Roger that upgrading now thanks as always to the devs

✰ A Ship Is Safe In The Harbor,  But That's Not What Ships Are For | PrimeDice.com | The New Way To Roll  *Thread*
Searching for freedom, and believing in bitcoins ability to change the world
BTC Tip Jar 1EByjy9e4FeGZuTV4Rx5hbf4PnFt7jGh8M
Coinlogger
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
September 04, 2013, 02:42:29 AM
 #6

Alrighty then upgrading now
LaserHorse
Full Member
***
Offline Offline

Activity: 140



View Profile

Ignore
September 04, 2013, 02:53:45 AM
 #7

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

PiMiner - control & monitor your miners with Raspberry Pi   •   BTC: 1AV5JekeEVET5u2jTsLDMRsTtagrBnNTBR
jgarzik
Staff
Hero Member
*****
Offline Offline

Activity: 1260


View Profile

Ignore
September 04, 2013, 02:59:22 AM
 #8

My standard, per-version refrain:  If downloading a new block chain, then download the torrent:

     [ANN] Bitcoin blockchain data torrent
     https://bitcointalk.org/index.php?topic=145386.0

Torrent handles bursty behavior such as new releases nicely, without loading the bitcoin P2P network so much.

(if you are upgrading and already have some block chain, this message does not apply to you)


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
September 04, 2013, 03:00:34 AM
 #9

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1
bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
September 04, 2013, 03:04:42 AM
 #10

Thank you Gavin for all your work! +1

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
jgarzik
Staff
Hero Member
*****
Offline Offline

Activity: 1260


View Profile

Ignore
September 04, 2013, 03:25:16 AM
 #11

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1

Well... please help us confirm that the OSX issue is fixed.

Note the "hopefully!" tag...


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Vod
Hero Member
*****
Offline Offline

Activity: 994


Licking my boob since 1970


View Profile

Ignore
September 04, 2013, 03:25:46 AM
 #12

Thank you Gavin!

BTC: 12sTkefnDQTYQL9M1PmhsVSDMhQFYSGUgJ    LTC: LetWRnxuuEn6PVpnXxHZC6L8kzQXmWv67t
I don't need your coins - I will never ask for a loan.
Seal
Donator
Hero Member
*
Offline Offline

Activity: 729


View Profile WWW

Ignore
September 04, 2013, 03:32:21 AM
 #13

Good work Gavin. Thank you.

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
KonstantinosM
Sr. Member
****
Offline Offline

Activity: 266


Personal Text?


View Profile

Ignore
September 04, 2013, 03:36:17 AM
 #14

I'm upgrading now! I did do a wallet backup just in case though.

May this version be mostly free of bugs so I don't have to do this again!

Installing only took a few seconds. I do have a bug through the last two versions though. My bitcoin client will freeze the first time I open it. I have to force close the client and the second time it will open up perfectly fine!

It's verifying blocks now.... 23:30 is the time.... When I checked again at 23:35 everything was working, up to date and synchronized!

As of now I'm still really new to this cryptocurrency scene, don't take my advice without a grain of salt!
Joe_Bauers
Sr. Member
****
Offline Offline

Activity: 406


GCVMMWH


View Profile WWW

Ignore
September 04, 2013, 03:41:16 AM
 #15

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Code:
user@debian7:~/bitcoin$ git checkout master
Previous HEAD position was 40809ae... Bump version numbers for 0.8.3 release
Switched to branch 'master'
user@debian7:~/bitcoin$ qmake
Project MESSAGE: Building with UPNP support
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
user@debian7:~/bitcoin$ make
cd /home/user/bitcoin/src/leveldb && CC=gcc CXX=g++ make OPT="-m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2" libleveldb.a libmemenv.a
make[1]: Entering directory `/home/user/bitcoin/src/leveldb'
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/dbformat.cc -o db/dbformat.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/db_impl.cc -o db/db_impl.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/version_set.cc -o db/version_set.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/block.cc -o table/block.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/table.cc -o table/table.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/cache.cc -o util/cache.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/env_posix.cc -o util/env_posix.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/hash.cc -o util/hash.o
rm -f libleveldb.a
ar -rs libleveldb.a db/builder.o db/c.o db/dbformat.o db/db_impl.o db/db_iter.o db/filename.o db/log_reader.o db/log_writer.o db/memtable.o db/repair.o db/table_cache.o db/version_edit.o db/version_set.o db/write_batch.o table/block_builder.o table/block.o table/filter_block.o table/format.o table/iterator.o table/merger.o table/table_builder.o table/table.o table/two_level_iterator.o util/arena.o util/bloom.o util/cache.o util/coding.o util/comparator.o util/crc32c.o util/env.o util/env_posix.o util/env_win.o util/filter_policy.o util/hash.o util/histogram.o util/logging.o util/options.o util/status.o port/port_posix.o
ar: creating libleveldb.a
make[1]: `libmemenv.a' is up to date.
make[1]: Leaving directory `/home/user/bitcoin/src/leveldb'
cd /home/user/bitcoin; /bin/sh share/genbuild.sh build/build.h
/usr/bin/uic-qt4 src/qt/forms/overviewpage.ui -o build/ui_overviewpage.h
/usr/bin/uic-qt4 src/qt/forms/sendcoinsentry.ui -o build/ui_sendcoinsentry.h
/usr/bin/uic-qt4 src/qt/forms/optionsdialog.ui -o build/ui_optionsdialog.h
/usr/bin/uic-qt4 src/qt/forms/intro.ui -o build/ui_intro.h
protoc --cpp_out=build --proto_path=src/qt --proto_path=src/qt src/qt/paymentrequest.proto
make: protoc: Command not found
make: *** [build/paymentrequest.pb.h] Error 127

Ɏ:: YHJMUHKdd9628xeKuJ3vTrGZuzdX8UxBhx :: YACoin since 5/2013
:: yacoin.org for info :: https://github.com/yacoin/yacoin/releases for client. TWTR:: @YACoinJoe
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 600



View Profile WWW

Ignore
September 04, 2013, 03:41:52 AM
 #16

When will I be able to compile bitcoin on Debian? Last time I tried the instructions were very confusing and I failed.

Discover anarcho-capitalism today!
marcus_of_augustus
Hero Member
*****
Offline Offline

Activity: 1134



View Profile

Ignore
September 04, 2013, 04:11:11 AM
 #17

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

03aba838418b302bf6b5f6b0803856d3ede449ad  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJoDzAAoJECnZ7msfxzDBC8gQAINV3lBWrfH6GvFWj5f0SiBB
LWS4w6B7zc3VrzA2a+hNPDqlHjIMw270Vpsybd1m/6Hgx+SGaknPTAT6LKk9BPfW
7FwHqZqvrMQBSQbCM7ZJ052ldQiW/VKaVt0+7JwdDBTVy9Sa+80WLana8spTRkHC
L+fm7hqSIgF79PEso0FXr6lFjWLgg+xjrRwCEKD8YBuvs2PfeHCpZGLoD33UtKrt
C6txXW4WemP32f/d2gtVxO5EQtYo7u9oDPWU9FUpeMPSjOo6dcT0Tk/VfMttcZMQ
YlxiO/NpGRKdrbJbKjKZm+DKzNhpn8584QVQgkJc4xTev2J0pUEGVmiJWIVi2exC
mkyBFaqoKo68esfmIg5CFKSpuEf7ARnYLd3hjH/trBAb02btUPo/2v+T5O2MYO0v
CD4RU2VgBWCRGhxjwasHkYTESM1uEBaBFwZ/kTm7gcAZ8lnZx9SouDD/q7bj7u97
Mh9ahxWpvsv9lmGC/9rsoLwcV5QpWlyFFrwTrLqfu2HSDp26VdWFqbnSuM2pFGKN
IeUS6GP0dcfHEVffHIXTbfBEmxl/06claCoi+JG1g129ispay378xAWYBfSA7Mwj
ENoM3AK2xRKI1nieU0IDUCfxkwGxtEXA5bF4mqX3C0nQmPP+JM6u1CJV+gC/k0yM
7A9UZuGJux4QKHIFE6Cp
=l9+4
-----END PGP SIGNATURE-----

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a86003bca1461e8d68c36fee75230899640d3613  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJq8rAAoJECnZ7msfxzDBJ4MQAM6eVKnb2hr/jIe3wFGmTzGL
lZtEVoxKI/pjErPl7iW2w4PHVv9tvML/+U0DmYcCKCpm2ufJxw1OQ04PwRGGOiE+
7dFwAchjZNlvt1EvHjDZ/sbWb8kXwV3qY6keXP++YUAP52GTaDUi4yN294YJr5fM
JFkyWYrn/OY9iR9sEBiuRNRrgtYM7tlB4i5ngizl6QBMvIvjOPTrp9DNpgASCn0Z
/QpMCf1s4z4EUDme06IxC1J1CxMXCuqY/oiKkxZIkwzZBXh0DClDuGVVSPbz9cjP
XitxKp1ix+agHcrNuD0j1zwhYaBWRXaCiR1fYtW4aFBarWjGoYvRzumxixW1dBkY
jhjFbNHnb3Dk4qfugBpnK7HbFNyV8apeD9U8Wx4dl60KhVyjeIaPdXUpHCTJFdAF
uiFWnx7QM9PdkxNwBpPvIiDUbZKw0e6E6aWVcRBj37JBWe835FSGkzabV9FWYkKG
vTAvGQnDBWJmTBOv40Mo4bjBwABrpyefFPOwlakcUnCKh7SEmIYLPt8sJJON/otM
y5f38AsDGVlB52/Q5elvqvGYNA17+nuz+LiHporkl7Io8+kOqfepU992tActMPsk
JSgcghDX22PZjRHpelZwL26NHN6nW4ZtFH/PsDyn18RcrI3+lHD9WzASfVNHZaVW
eoiJfwxUDNmPS3r6XlKQ
=+eE4
-----END PGP SIGNATURE-----

Both signatures verify to gavin's key ...

Monetary Freedom - a basic human right
"Disarming money as a tool for tyranny."
"Disintermediating the State."
Gavin Andresen
Hero Member
*****
Offline Offline

Activity: 1330


Chief Scientist


View Profile WWW

Ignore
September 04, 2013, 04:17:31 AM
 #18

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.

Will I see you in Amsterdam?
  http://bitcoin2014.com/
marcus_of_augustus
Hero Member
*****
Offline Offline

Activity: 1134



View Profile

Ignore
September 04, 2013, 04:19:49 AM
 #19

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.


thnx ... i guess i'll go with the foo version for now.

Monetary Freedom - a basic human right
"Disarming money as a tool for tyranny."
"Disintermediating the State."
jgarzik
Staff
Hero Member
*****
Offline Offline

Activity: 1260


View Profile

Ignore
September 04, 2013, 04:33:36 AM
 #20

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Your paste indicates you are building the development version (master, aka pre-0.9), not 0.8.4 release.

Your 0.9 build fails due to lack of the protobufs compiler, "protoc"

You want to check out the v0.8.4 branch.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: [1] 2 3 4 5  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!