Bitcoin Forum
December 13, 2024, 10:11:08 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Bitcoin-Qt / bitcoind version 0.8.4 released, fixes critical DoS vulnerability  (Read 40437 times)
Gavin Andresen (OP)
Legendary
*
Offline Offline

Activity: 1652
Merit: 2311


Chief Scientist


View Profile WWW
September 04, 2013, 01:22:54 AM
Last edit: September 04, 2013, 01:45:20 AM by theymos
 #1

Bitcoin-Qt version 0.8.4 is now available from:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/

This is a maintenance release to fix a critical bug and three
security issues; we urge all users to upgrade.

Please report bugs using the issue tracker at github:
  https://github.com/bitcoin/bitcoin/issues


How to Upgrade
--------------

If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).

If you are upgrading from version 0.7.2 or earlier, the first time you
run 0.8.4 your blockchain files will be re-indexed, which will take
anywhere from 30 minutes to several hours, depending on the speed of
your machine.

0.8.4 Release notes
===================

Security issues
---------------

An attacker could send a series of messages that resulted in
an integer division-by-zero error in the Bloom Filter handling
code, causing the Bitcoin-Qt or bitcoind process to crash.
Bloom filters were introduced with version 0.8, so versions 0.8.0
through 0.8.3 are vulnerable to this critical denial-of-service attack.

A constant-time algorithm is now used to check RPC password
guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838
(CVE-2013-4165)

Implement a better fix for the fill-memory-with-orphan-transactions
attack that was fixed in 0.8.3. See
https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors-of-attack/
for a description of the weaknesses of the previous fix.
(CVE-2013-4627)

Bugs fixed
----------

Fix multi-block reorg transaction resurrection.

Fix non-standard disconnected transactions causing mempool orphans.
This bug could cause nodes running with the -debug flag to crash.

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Linux: clicking on bitcoin: links was broken if you were using
a Gnome-based desktop.

Fix a hang-at-shutdown bug that only affects users that compile
their own version of Bitcoin against Boost versions 1.50-1.52.

Other changes
-------------

Checkpoint at block 250,000 to speed up initial block downloads
and make the progress indicator when downloading more accurate.


Thanks to everybody who contributed to the 0.8.4 releases!
----------------------------------------------------------

Pieter Wuille
Warren Togami
Patrick Strateman
pakt
Gregory Maxwell
Sergio Demian Lerner
grayleonard
Cory Fields
Matt Corallo
Gavin Andresen

How often do you get the chance to work on a potentially world-changing project?
Fiyasko
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Okey Dokey Lokey


View Profile
September 04, 2013, 02:32:12 AM
Last edit: September 05, 2013, 01:04:01 PM by JackRabiit
 #2

Sad to see that updates are neccessary, but glad to see neccessary updates come out.

http://bitcoin-otc.com/viewratingdetail.php?nick=DingoRabiit&sign=ANY&type=RECV <-My Ratings
https://bitcointalk.org/index.php?topic=857670.0 GAWminers and associated things are not to be trusted, Especially the "mineral" exchange
klaus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1004



View Profile
September 04, 2013, 02:38:23 AM
 #3


thanks alot gavin !

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
threema:HXUAMT96
ninjaboon
Legendary
*
Offline Offline

Activity: 2128
Merit: 1002



View Profile WWW
September 04, 2013, 02:38:36 AM
 #4

thanks for the upgrade post, will do an upgrade later on my linux PC.

freedomno1
Legendary
*
Offline Offline

Activity: 1834
Merit: 1094


Learning the troll avoidance button :)


View Profile
September 04, 2013, 02:41:42 AM
 #5

Roger that upgrading now thanks as always to the devs

Believing in Bitcoins and it's ability to change the world
Coinlogger
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
September 04, 2013, 02:42:29 AM
 #6

Alrighty then upgrading now
LaserHorse
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile
September 04, 2013, 02:53:45 AM
 #7

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

PiMiner - control & monitor your miners with Raspberry Pi   •   BTC: 1AV5JekeEVET5u2jTsLDMRsTtagrBnNTBR
jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1100


View Profile
September 04, 2013, 02:59:22 AM
 #8

My standard, per-version refrain:  If downloading a new block chain, then download the torrent:

     [ANN] Bitcoin blockchain data torrent
     https://bitcointalk.org/index.php?topic=145386.0

Torrent handles bursty behavior such as new releases nicely, without loading the bitcoin P2P network so much.

(if you are upgrading and already have some block chain, this message does not apply to you)


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
September 04, 2013, 03:00:34 AM
 #9

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1
bbit
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


Bitcoin


View Profile
September 04, 2013, 03:04:42 AM
 #10

Thank you Gavin for all your work! +1


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1100


View Profile
September 04, 2013, 03:25:16 AM
 #11

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1

Well... please help us confirm that the OSX issue is fixed.

Note the "hopefully!" tag...


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Vod
Legendary
*
Offline Offline

Activity: 3920
Merit: 3168


Licking my boob since 1970


View Profile WWW
September 04, 2013, 03:25:46 AM
 #12

Thank you Gavin!

I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - profitable/free image sharing - coming early 2025
Seal
Donator
Hero Member
*
Offline Offline

Activity: 848
Merit: 1078


View Profile WWW
September 04, 2013, 03:32:21 AM
 #13

Good work Gavin. Thank you.

DefiDive - Filter the noise
A clean crypto asset management terminal
KonstantinosM
Hero Member
*****
Offline Offline

Activity: 1492
Merit: 763


Life is a taxable event


View Profile
September 04, 2013, 03:36:17 AM
 #14

I'm upgrading now! I did do a wallet backup just in case though.

May this version be mostly free of bugs so I don't have to do this again!

Installing only took a few seconds. I do have a bug through the last two versions though. My bitcoin client will freeze the first time I open it. I have to force close the client and the second time it will open up perfectly fine!

It's verifying blocks now.... 23:30 is the time.... When I checked again at 23:35 everything was working, up to date and synchronized!

Syscoin has the best of Bitcoin and Ethereum in one place, it's merge mined with Bitcoin so it is plugged into Bitcoin's ecosystem and takes full advantage of it's POW while rewarding Bitcoin miners with Syscoin
Joe_Bauers
Hero Member
*****
Offline Offline

Activity: 802
Merit: 1003


GCVMMWH


View Profile
September 04, 2013, 03:41:16 AM
 #15

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Code:
user@debian7:~/bitcoin$ git checkout master
Previous HEAD position was 40809ae... Bump version numbers for 0.8.3 release
Switched to branch 'master'
user@debian7:~/bitcoin$ qmake
Project MESSAGE: Building with UPNP support
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
Removed plural forms as the target language has less forms.
If this sounds wrong, possibly the target language is not set or recognized.
user@debian7:~/bitcoin$ make
cd /home/user/bitcoin/src/leveldb && CC=gcc CXX=g++ make OPT="-m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2" libleveldb.a libmemenv.a
make[1]: Entering directory `/home/user/bitcoin/src/leveldb'
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/dbformat.cc -o db/dbformat.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/db_impl.cc -o db/db_impl.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c db/version_set.cc -o db/version_set.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/block.cc -o table/block.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c table/table.cc -o table/table.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/cache.cc -o util/cache.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/env_posix.cc -o util/env_posix.o
g++ -I. -I./include -fno-builtin-memcmp -pthread -DOS_LINUX -DLEVELDB_PLATFORM_POSIX -m64 -pipe -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -c util/hash.cc -o util/hash.o
rm -f libleveldb.a
ar -rs libleveldb.a db/builder.o db/c.o db/dbformat.o db/db_impl.o db/db_iter.o db/filename.o db/log_reader.o db/log_writer.o db/memtable.o db/repair.o db/table_cache.o db/version_edit.o db/version_set.o db/write_batch.o table/block_builder.o table/block.o table/filter_block.o table/format.o table/iterator.o table/merger.o table/table_builder.o table/table.o table/two_level_iterator.o util/arena.o util/bloom.o util/cache.o util/coding.o util/comparator.o util/crc32c.o util/env.o util/env_posix.o util/env_win.o util/filter_policy.o util/hash.o util/histogram.o util/logging.o util/options.o util/status.o port/port_posix.o
ar: creating libleveldb.a
make[1]: `libmemenv.a' is up to date.
make[1]: Leaving directory `/home/user/bitcoin/src/leveldb'
cd /home/user/bitcoin; /bin/sh share/genbuild.sh build/build.h
/usr/bin/uic-qt4 src/qt/forms/overviewpage.ui -o build/ui_overviewpage.h
/usr/bin/uic-qt4 src/qt/forms/sendcoinsentry.ui -o build/ui_sendcoinsentry.h
/usr/bin/uic-qt4 src/qt/forms/optionsdialog.ui -o build/ui_optionsdialog.h
/usr/bin/uic-qt4 src/qt/forms/intro.ui -o build/ui_intro.h
protoc --cpp_out=build --proto_path=src/qt --proto_path=src/qt src/qt/paymentrequest.proto
make: protoc: Command not found
make: *** [build/paymentrequest.pb.h] Error 127
Daily Anarchist
Hero Member
*****
Offline Offline

Activity: 614
Merit: 500



View Profile WWW
September 04, 2013, 03:41:52 AM
 #16

When will I be able to compile bitcoin on Debian? Last time I tried the instructions were very confusing and I failed.

Discover anarcho-capitalism today!
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
September 04, 2013, 04:11:11 AM
 #17

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

03aba838418b302bf6b5f6b0803856d3ede449ad  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJoDzAAoJECnZ7msfxzDBC8gQAINV3lBWrfH6GvFWj5f0SiBB
LWS4w6B7zc3VrzA2a+hNPDqlHjIMw270Vpsybd1m/6Hgx+SGaknPTAT6LKk9BPfW
7FwHqZqvrMQBSQbCM7ZJ052ldQiW/VKaVt0+7JwdDBTVy9Sa+80WLana8spTRkHC
L+fm7hqSIgF79PEso0FXr6lFjWLgg+xjrRwCEKD8YBuvs2PfeHCpZGLoD33UtKrt
C6txXW4WemP32f/d2gtVxO5EQtYo7u9oDPWU9FUpeMPSjOo6dcT0Tk/VfMttcZMQ
YlxiO/NpGRKdrbJbKjKZm+DKzNhpn8584QVQgkJc4xTev2J0pUEGVmiJWIVi2exC
mkyBFaqoKo68esfmIg5CFKSpuEf7ARnYLd3hjH/trBAb02btUPo/2v+T5O2MYO0v
CD4RU2VgBWCRGhxjwasHkYTESM1uEBaBFwZ/kTm7gcAZ8lnZx9SouDD/q7bj7u97
Mh9ahxWpvsv9lmGC/9rsoLwcV5QpWlyFFrwTrLqfu2HSDp26VdWFqbnSuM2pFGKN
IeUS6GP0dcfHEVffHIXTbfBEmxl/06claCoi+JG1g129ispay378xAWYBfSA7Mwj
ENoM3AK2xRKI1nieU0IDUCfxkwGxtEXA5bF4mqX3C0nQmPP+JM6u1CJV+gC/k0yM
7A9UZuGJux4QKHIFE6Cp
=l9+4
-----END PGP SIGNATURE-----

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a86003bca1461e8d68c36fee75230899640d3613  bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd  bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c  bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087  bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iQIcBAEBAgAGBQJSJq8rAAoJECnZ7msfxzDBJ4MQAM6eVKnb2hr/jIe3wFGmTzGL
lZtEVoxKI/pjErPl7iW2w4PHVv9tvML/+U0DmYcCKCpm2ufJxw1OQ04PwRGGOiE+
7dFwAchjZNlvt1EvHjDZ/sbWb8kXwV3qY6keXP++YUAP52GTaDUi4yN294YJr5fM
JFkyWYrn/OY9iR9sEBiuRNRrgtYM7tlB4i5ngizl6QBMvIvjOPTrp9DNpgASCn0Z
/QpMCf1s4z4EUDme06IxC1J1CxMXCuqY/oiKkxZIkwzZBXh0DClDuGVVSPbz9cjP
XitxKp1ix+agHcrNuD0j1zwhYaBWRXaCiR1fYtW4aFBarWjGoYvRzumxixW1dBkY
jhjFbNHnb3Dk4qfugBpnK7HbFNyV8apeD9U8Wx4dl60KhVyjeIaPdXUpHCTJFdAF
uiFWnx7QM9PdkxNwBpPvIiDUbZKw0e6E6aWVcRBj37JBWe835FSGkzabV9FWYkKG
vTAvGQnDBWJmTBOv40Mo4bjBwABrpyefFPOwlakcUnCKh7SEmIYLPt8sJJON/otM
y5f38AsDGVlB52/Q5elvqvGYNA17+nuz+LiHporkl7Io8+kOqfepU992tActMPsk
JSgcghDX22PZjRHpelZwL26NHN6nW4ZtFH/PsDyn18RcrI3+lHD9WzASfVNHZaVW
eoiJfwxUDNmPS3r6XlKQ
=+eE4
-----END PGP SIGNATURE-----

Both signatures verify to gavin's key ...

Gavin Andresen (OP)
Legendary
*
Offline Offline

Activity: 1652
Merit: 2311


Chief Scientist


View Profile WWW
September 04, 2013, 04:17:31 AM
 #18

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.

How often do you get the chance to work on a potentially world-changing project?
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
September 04, 2013, 04:19:49 AM
 #19

I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on?

My build environment changed and the first -linux.tar.gz contained ._foo files (see http://superuser.com/questions/61185/why-do-i-get-files-like-foo-in-my-tarball-on-os-x ).

So I untarred and re-tarred with the magic "don't be clever, please, OSX" environment variable set and uploaded a new .tar.gz and SHASUMS.


thnx ... i guess i'll go with the foo version for now.

jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1100


View Profile
September 04, 2013, 04:33:36 AM
Last edit: September 04, 2013, 05:17:40 AM by jgarzik
 #20

I am unable to compile 0.8.4 in Debian 7. I checked out 0.8.3 and was able to compile with no issues. When I switch back to 0.8.4 I get the following:

Your paste indicates you are building the development version (master, aka pre-0.9), not 0.8.4 release.

Your 0.9 build fails due to lack of the protobufs compiler, "protoc"

You want to check out the v0.8.4 branch.

Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!