Help test: version 0.6.3 release candidate 1

[Graet]

We're releasing 0.6.3 to fix two important issues (a serious potential denial-of-service attack, and to improve new-block propagation times for blocks containing lots of transactions).

If you can, please help do some sanity testing-- shutdown bitcoin, then download, install, and run 0.6.3 and let us know "works nicely for me running on 64-bit Ubuntu 10.04" by posting a quick reply to this thread.

Release notes:

Bitcoin version 0.6.3rc1 is now available for download at:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.3/test/

This is a bug-fix release, with no new features.

CHANGE SUMMARY
==============

Fixed a serious denial-of-service attack that could cause the
bitcoin process to become unresponsive. Thanks to Sergio Lerner
for finding and responsibly reporting the problem. (CVE-2012-3789)

Optimized the process of checking transaction signatures, to
speed up processing of new block messages and make propagating
blocks across the network faster.

Fixed an obscure bug that could cause the bitcoin process to get
stuck on an invalid block-chain, if the invalid chain was
hundreds of blocks long.

Bitcoin-Qt no longer automatically selects the first address
in the address book (Issue #1384).

Fixed minimize-to-dock behavior of Bitcon-Qt on the Mac.

Added a block checkpoint at block 185,333 to speed up initial
blockchain download.


Thanks to everybody who contributed to this release:
====================================================

Chris Moore
Christian von Roques
Fordy
Gavin Andresen
Jeff Garzik
Luke Dashjr
Matt Corallo
Michael Hendricks
Peter Todd
Philip Kaufmann
Pieter Wuille
R E Broadley
Sergio Lerner
Wladimir J. van der Laan

Um releasing a testing version and announcing a potential vulnerability in the same thread??
I think you did better here
https://bitcointalk.org/index.php?topic=81749.0

as a pool operator I now feel in a bind, I must update to a RC (that you have asked ppl to test) because you announced a vulnerability
So I risk updating 6 or 7 nodes to find the test crashes or I wait for stable and hope no-one uses the vuln against my pool in meantime.

what can I say....

[Luke-Jr]

as a pool operator I now feel in a bind, I must update to a RC (that you have asked ppl to test) because you announced a vulnerability
So I risk updating 6 or 7 nodes to find the test crashes or I wait for stable and hope no-one uses the vuln against my pool in meantime.

The vulnerability itself is not disclosed still. I've finished tagging stable in git, the formal release is just waiting on binaries.

[check_status]

I experienced a problem with 0.6.2, DB_error. When I noticed this thread I tried it and still received the message below:

Code:

 fatal error occured. Bitcoin can no longer continue safely and will quit.

EXCEPTION: 22DbRunRecoveryException       
DbEnv::open: DB_RUNRECOVERY: Fatal error, run database recovery       
bitcoin in Runaway exception 

I did an:

Code:

$ sudo rm -r .bitcoin

Mod edit: NEVER EVER DO THAT. YOU WILL PERMANENTLY DELETE YOUR BITCOINS!

Not a Fool edit: Why ADD Crud To My Post, Is this Really Necessary? All my coins are paper backups.

Everything is now downloading fine. In hindsight, I probably could've just zipped everything up and set it aside or pass it along to someone that couldv'e poked at it to see why.

[gmaxwell]

Fixed a serious denial-of-service attack that could cause the
bitcoin process to become unresponsive. Thanks to Sergio Lerner
for finding and responsibly reporting the problem. (CVE-2012-3789)

Um releasing a testing version and announcing a potential vulnerability in the same thread??
I think you did better here
https://bitcointalk.org/index.php?topic=81749.0

as a pool operator I now feel in a bind, I must update to a RC (that you have asked ppl to test) because you announced a vulnerability
So I risk updating 6 or 7 nodes to find the test crashes or I wait for stable and hope no-one uses the vuln against my pool in meantime.

what can I say....

Say "thank you for improving bitcoin"?   On IRC you seriously offended me with what I considered to be an entitled attitude and unjustified hostility.  I was particularly torqued after I said that I didn't agree that it was "critical" and wouldn't have personally described it that way and based on that you continued to repeat allegations that there were no standards and that the developers don't agree about vulnerabilities. I think I would know if I didn't agree with what Gavin posted.

I apologize if my willingness to argue back managed to keep us from effectively communicating. For all the trouble you'll have with your nodes keep in mind that we all work hard with Bitcoin too. I maintain more nodes than you do— though I do have the comfort of not handling a large flow of other people's money, I am  constantly dealing with juggling changes on them.

The issue at question is a (set of) DOS attacks, as described in the announcement.  They've been 'disclosed' for a month in git, and have been discussed in the abstract by class as long as a year ago.  We have not historically done embargoed releases and early warnings to major infrastructure on issues which didn't allow the theft of Bitcoin or ~O(1) knockout of the network, and I would stridently oppose beginning such a practice: We do not have the resources to manage that, and it would delay getting fixes into the hands of users.  This release announcement is not the first public mention of these issues, and standard best practices for node operation will generally protect you from DOS attacks.

You should handle this like you'd handle other testing releases: Upgrade one or two of your nodes and report issues. If you do not run testing version the release versions will likely not be of any higher quality. If by some crazy chance someone DOS attacks your other nodes, you at least have some that are working.

[Luke-Jr]

I experienced a problem with 0.6.2, DB_error. When I noticed this thread I tried it and still received the message below:

Code:

 fatal error occured. Bitcoin can no longer continue safely and will quit.

EXCEPTION: 22DbRunRecoveryException       
DbEnv::open: DB_RUNRECOVERY: Fatal error, run database recovery       
bitcoin in Runaway exception 

I did an:

Code:

$ sudo rm -r .bit(seriously, don't do this)coin

Everything is now downloading fine. In hindsight, I probably could've just zipped everything up and set it aside or pass it along to someone that couldv'e poked at it to see why.

DO NOT DO THIS IF YOU HAVE BITCOINS, IT WILL DESTROY THEM IRRECOVERABLY

[gmaxwell]

I did an:

Code:

$ sudo rm -r      DO NOT DO THIS

Everything is now downloading fine. In hindsight, I probably could've just zipped everything up and set it aside or pass it along to someone that couldv'e poked at it to see why.

Doing this will delete your wallet.  Please edit your post to include some kind of warning so that if anyone else hits this they don't just blindly follow your instructions and lose coin.

My best guess on your issue is that you didn't shutdown cleanly before upgrading. Deleting your databases is one way to recover from that, but users with coin should take care to not delete their wallets in the process.

[Mobius]

proxy is not working

my log continues to show:

06/21/2012 03:16:19 ERROR: Proxy error: general failure

This is under both SOCKS4 and SOCKS5

[Graet]

well I am sorry you see it that way gmaxwell
let me look back over the (public) logs from that chanel

<Graet> https://bitcointalk.org/index.php?topic=88734.20
<Graet>
some other conversation
<gmaxwell> Graet: "Meh" on that. It's getting called a serious vulnerability in part because of the preferences of the person who reported it. I wouldn't have called it that on my own, and it's of a class of DOS attacks that have been discussed in public before.
some other stuff not related
<Graet> well gmaxwell we need some (oh god again) standards - so ppls opinions have some meaning
<Graet> if a dev announcves a serious vuln - it shouldnt be a "matter of opinion"

"highly offensive" and "entitled" ?
Public channel logs: bit.ly/iPFi3X

Some people talk about getting standards in place - some don't seem to care so much, for over a year I have been idling in -dev and seen the "standards" topic come up over and again
if I have caused offence by asking for a standard I apologise. Maybe I shouldn't have "(oh god again)" but from an observers point....the topic comes up often.

I may not have said "thank you for improving bitcoin" in as many words, but many times i have told the devs "good work" with a smile or other meaning the same thing, and have said thanks when someone has helped me directly.

If we had some consensus from the devs already as to what is "severe" and a "critical" and a "trivial" rather than them choosing to announce levels based on individual opinion this discussion would never have occurred.

Thank you for the RC I look forward to the release version.

[Luke-Jr]

If we had some consensus from the devs already as to what is "severe" and a "critical" and a "trivial" rather than them choosing to announce levels based on individual opinion this discussion would never have occurred.

I try to gauge each vulnerability in an objective way for the classifications on the Bitcoin CVE list.

[check_status]

I experienced a problem with 0.6.2, DB_error. When I noticed this thread I tried it and still received the message below:

Code:

 fatal error occured. Bitcoin can no longer continue safely and will quit.

EXCEPTION: 22DbRunRecoveryException       
DbEnv::open: DB_RUNRECOVERY: Fatal error, run database recovery       
bitcoin in Runaway exception 

I did an:

Code:

$ sudo rm -r .bit(seriously, don't do this)coin

Everything is now downloading fine. In hindsight, I probably could've just zipped everything up and set it aside or pass it along to someone that couldv'e poked at it to see why.

DO NOT DO THIS IF YOU HAVE BITCOINS, IT WILL DESTROY THEM IRRECOVERABLY

Is their any way I can 'rm -r .bitcoin' and still have access to all of my coins? Yes, of course their is. 1. Back-up wallet.dat 2. Make a paper back-up 3. Import the keys from another existing offline wallet.

[check_status]

My best guess on your issue is that you didn't shutdown cleanly before upgrading. Deleting your databases is one way to recover from that, but users with coin should take care to not delete their wallets in the process.

No I had problems before upgrading, you should check gmail.

[Maged]

Not a Fool edit: Why ADD Crud To My Post, Is this Really Necessary? All my coins are paper backups.

Most people are stupid, and they might not realize what that command does.

[finway]

Working fine on  Windows7 32bit.
btw, just updated zh-CN translations.

[Diapolo]

Working fine on  Windows7 32bit.
btw, just updated zh-CN translations.

Translation updates are no critical fixes, but new translations will be in 0.7.

Dia

[gmaxwell]

"highly offensive" and "entitled" ?

Yes, entitled,— where you expected to be contacted privately in advance of the "announcement". (Never mind that the stuff in question has been public for a while)

Some people talk about getting standards in place - some don't seem to care so much, for over a year I have been idling in -dev and seen the "standards" topic come up over and again

I have no clue what you're talking about there.  My grepfu fails me because I can't find anywhere where people have asked about that.  Also, I still don't understand how you think my personal preferences proves a lack of uniformity— preferences differ.  I also still don't understand your argument about about the classification being unclear since it was described specifically in the announcement instead of just being given a class.  ::shrugs::

[check_status]

It still has not finnished downloading the blockchain, started it 02:30:00 a.m. Thursday June 21, 2012 in GMT, current time 01:32:42 p.m. Thursday June 21, 2012 in GMT, with about a 1000 blocks left.

Computer is slugish, opening a terminal takes 20 seconds.

Some outputs of bitcoin-qt from ps with options -F v X s -l:

Code:

UID        PID  PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
user     25359     1 10 201143 252020 2 Jun ?        01:06:50 /home/user/bitcoin-0.6.3rc1-linux/bin/64/bitcoin-qt

  PID TTY      STAT   TIME  MAJFL   TRS   DRS   RSS %MEM COMMAND
25359 ?        Sl    66:52   2285  7729 796838 251900 24.6 /home/user/bitcoin-0.6.3rc1-linux/bin/64/bitcoin-qt

  PID   STACKP      ESP      EIP TMOUT ALARM STAT TTY        TIME COMMAND
25359 97c861f0 97c85950 db750ae3     -     - Sl   ?         66:53 /home/user/bitcoin-0.6.3rc1-linux/bin/64/bitcoin-qt

F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
0 S  1000 25359     1 10  80   0 - 201142 poll_s ?       01:07:02 bitcoin-qt

  UID   PID          PENDING          BLOCKED          IGNORED           CAUGHT STAT TTY        TIME COMMAND
 1000 25359 0000000000000000 0000000000000000 0000000000301200 0000000180014003 Sl   ?         67:03 /home/user/bitcoin-0.6.3rc1-linux/bin/64/bitcoin-qt

Top:

Code:

top - 08:38:23 up 1 day, 16:24,  5 users,  load average: 2.09, 2.10, 2.13
Tasks: 138 total,   1 running, 137 sleeping,   0 stopped,   0 zombie
Cpu(s):  1.7%us,  1.7%sy,  0.3%ni, 89.0%id,  7.2%wa,  0.0%hi,  0.1%si,  0.0%st
Mem:   1021836k total,  1011456k used,    10380k free,     1680k buffers
Swap:  4192252k total,   150400k used,  4041852k free,   434444k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                         
23896 root      20   0  502m  34m  21m S    7  3.4  71:47.09 cgminer                                         
25359 user      20   0  785m 254m  43m S    3 25.5  65:36.62 bitcoin-qt                                      
  344 root      20   0     0    0    0 D    1  0.0   1:06.77 jbd2/sda1-8                                     
  362 root      20   0     0    0    0 D    1  0.0   1:26.02 flush-8:0                                       
22944 user      20   0 19352 1272  920 R    1  0.1   0:00.03 top

[Diapolo]

The Qt GUI gets sluggish on (slow) machines when initial blockchain download is running, this should be resolved or getting way better with 0.7.

Dia

[Sergio_Demian_Lerner]

well I am sorry you see it that way gmaxwell
<gmaxwell> Graet: "Meh" on that. It's getting called a serious vulnerability in part because of the preferences of the person who reported it. I wouldn't have called it that on my own, and it's of a class of DOS attacks that have been discussed in public before.
some other stuff not related
<Graet> well gmaxwell we need some (oh god again) standards - so ppls opinions have some meaning
<Graet> if a dev announcves a serious vuln - it shouldnt be a "matter of opinion"

Dear gmaxwell, Graet, and all,
 
 The fact that we do not have a standard to describe how severe a vuln is, is the source of the problem. I consider the vulnerability SERIUS (as any other vulnerability) as Gavin posted. But SERIUS is not the same as SEVERE. I don't consider the vuln severe.

I don't remember having pressed anyone to say the vuln had to be called in any way. I just asked for akwnoledgement!

I tried to establish a severity standard in https://bitcointalk.org/index.php?topic=79830.0
But consensus was not reached.
I think I will formalize it to help the next time a vuln is found.

Nevertheless the page https://en.bitcoin.it/wiki/CVEs describes the vuln perfectly: "Attacker can disable some functionality, for example by crashing clients".

No more, no less.


Best regards!
And thanks Gavin and the dev team for fixing the vuln for the good of all of us.

[damnek]

Runs fine on Ubuntu 11.10.

There's one thing that I also noticed in 0.6.2: I can't access the menus (they don't show up when I point my mouse to the gray bar at the top of my screen). So I'm not able to encrypt my wallet..

[Diapolo]

Runs fine on Ubuntu 11.10.

There's one thing that I also noticed in 0.6.2: I can't access the menus (they don't show up when I point my mouse to the gray bar at the top of my screen). So I'm not able to encrypt my wallet..

Can you post a screenshot?

Dia