Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required

[smoothrunnings]

How do you compile this on openSUSE? There are no instructions inside this build that explain how to compile/make Bitcoin-Qt/Bitcoind on any version of Linux and what dependencies are needed too. There seems to be a lot of assumptions being made...

Thanks,

If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here. If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.

If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.

This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.

If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.

Download 0.9.1
Announcement

Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.

[Hyena]

Maybe that's how all the darkweb marketplaces and forums got shut down? Utopia was butchered at birth, Black Market Reloaded Forum was also shut down by police.

[MysteryMiner]

Maybe that's how all the darkweb marketplaces and forums got shut down? Utopia was butchered at birth, Black Market Reloaded Forum was also shut down by police.

It is only speculation. The exploit cannot deanonymize hidden service. I can be used to steal private key for .onion address and then impersonate the service. I think the black markets got shut down because of different security issues.

[tuvok007]

What if I have my blockchain on f drive? How do I update?

[theymos]

How do you compile this on openSUSE? There are no instructions inside this build that explain how to compile/make Bitcoin-Qt/Bitcoind on any version of Linux and what dependencies are needed too. There seems to be a lot of assumptions being made...

The instructions are in src/doc/build-unix.md. For bitcoind, you only need OpenSSL (the fixed version), Boost, and Berkeley DB.

[Corelianer]

I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.

It exists. It just wasn't used for 0.9.1.

So if the possibility exists, but was not used. For what do you use it then?
I like to get infos about a new client-version before the last "Sorry all your Bitcoins are stolen" message...

If you talk about the "Alert" function, then Gavin is responsable for the lack of not using it.

I understand that you don't wana use it for bullshit rumors, but the Hardbleed bug is a serious one.

I recommend to use it for all new Bitcoin Core releases. If you don't call it URGENT, then it's just a feature upgrade.
But in this case I think URGENT would have been the right naming for it.

[DeathAndTaxes]

I'm not very happy about the information system. A notification integration that there is a new version available would be the least in the Bitcoin Core.
I wouldn't force the users to upgrade their Bitcoin Core, but at least an Integrated Info-System would be highly apreciated.

That I have to go to the Bitcointalk Forum to read about it, is terrible in my eyes.

It exists. It just wasn't used for 0.9.1.

So if the possibility exists, but was not used. For what do you use it then?
I like to get infos about a new client-version before the last "Sorry all your Bitcoins are stolen" message...

If you talk about the "Alert" function, then Gavin is responsable for the lack of not using it.

I understand that you don't wana use it for bullshit rumors, but the Hardbleed bug is a serious one.

I recommend to use it for all new Bitcoin Core releases. If you don't call it URGENT, then it's just a feature upgrade.
But in this case I think URGENT would have been the right naming for it.

IMHO the risk is being overstated and it probably doesn't warrant the use of the alert key. 

[Sahtor]

Is Ubuntu ppa:bitcoin/bitcoin going to get updated soon?

Are you going to release ~trusty debs anytime soon?

[huggybear]

1. Use instructions from this link: http://xmodulo.com/2013/11/create-desktop-shortcut-launcher-linux.html (or google linux+desktop+shortcut)
2. In the “command” field put the correct path to your “bitcoin-qt” file, i.e. “/home/user/bitcoin-0.9.1-linux/bin/64/bitcoin-qt” (without quotes) for example.
3. Uncheck “run in terminal” and check “is executable”, if those checkboxes exist.
4. Use new shortcut (or launcher).

Thanks a lot. I will try.

[Rawted]

Rawted,

Have you tried running bitcoin-qt with -rescan flag?

right click on bitcoin icon. go to properties, and where it says C:\Windows\Program Files(x86)\Bitcoin\bitcoin-blahblahblah.exe (or whatever yours says) add -rescan, run it, and let the blockchain resync.

then go back and remove the flag because you wont want to resync after everytime you run the client.

Yes sir, and thanks for your help. I replied to your PM. It seems to be almost 2.7btc I am missing now, however only 1.3 btc is showing as unconfirmed in 0.8.6-0.8.9, whereas it's showing as conflicted in 0.9.1. Nothing to the address in question, and none of the tx ids pop up on blockchain.info.

[cypherdoc]

we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz

[Comrade Capitalist]

we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz

Luke-Jr has already addressed this issue:

If you are using the graphical version of 0.9.0 on any platform, you must update immediately.

If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.

So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?   

Just be sure it's updated to a fixed version.

And bitcoin-0.9.1-linux.tar.gz is compiled. A little uncooperative maybe but compiled.

[vectisitch]

what does this heartbleed thing do. i ask because i updated my bitcoin wallet to 0.0.1 and on the same day i was not able to unlock my blackcoin wallet anymore. it says incorrect password. even though i know it's the right one

[chek2fire]

we need the Bitcoin PPA to be updated to 0.9.1.

unless someone could publish a clear, coherent way to compile the Bitcoin tar.gz

I hope that they dont drop ppa support for bitcoin and they will update the package asap.

[windpath]

I hope that they dont drop ppa support for bitcoin and they will update the package asap.

There is no reason to update the PPA, you need to update OpenSSL on your server, the Bitcoin PPA relies on it....

[chek2fire]

ubuntu has update OpenSSL with the latest bug free version.

[Nubarius]

Bitcoin 0.9.1 in NOT working with russian version of windows!

The Windows version of Bitcoin Core 0.9.0 introduced a bug which affects data paths that contain non-ASCII characters. These are no longer recognised correctly (it's a new bug, Bitcoin-qt 0.8.* was fine with non-ASCII characters in paths). Since the data directory in Windows is C:\Users\[username]\AppData\Roaming\Bitcoin, the problem on a Russian system is likely to be the user name. My guess is that you have a Russian user name and the program is choking on the data path. Try copying the data directory to a path that contains only Latin letters and then change the path in the options accordingly, and it will probably work.

[pinger]

the new client crashes pretty nasty
ok found its my antivirus trying to avoid another bitcoin virus
people who use windows make sure when the program crashes to set any antivirus to allow the data
its a false positive

I get the same issue with Avast AV.

[pinger]

Paper wallets generated before 0.9 are also vulnerable if they found the public key?

Greetings.

[DeathAndTaxes]

Paper wallets generated before 0.9 are also vulnerable if they found the public key?

Greetings.

Public Key? No.  Private Key probably although the risk of getting private key this way is academic at best.  Still if the paper wallet is funded and nobody stole the coins that is a very good canary in the coal mine.  If you have unfunded paper wallets well although the risk is very low I would just trash them and print new ones.