Bitcoin Forum
March 29, 2024, 11:07:07 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
Author Topic: Users of Bitcoin Core on Linux must not upgrade to the latest version of OpenSSL  (Read 65976 times)
Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
January 13, 2015, 07:47:35 PM
 #61

Sorry, but what is the actually BC version atm?
0.9.4 is current stable.
0.10.0rc3 is release candidate.

1711710427
Hero Member
*
Offline Offline

Posts: 1711710427

View Profile Personal Message (Offline)

Ignore
1711710427
Reply with quote  #2

1711710427
Report to moderator
1711710427
Hero Member
*
Offline Offline

Posts: 1711710427

View Profile Personal Message (Offline)

Ignore
1711710427
Reply with quote  #2

1711710427
Report to moderator
1711710427
Hero Member
*
Offline Offline

Posts: 1711710427

View Profile Personal Message (Offline)

Ignore
1711710427
Reply with quote  #2

1711710427
Report to moderator
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711710427
Hero Member
*
Offline Offline

Posts: 1711710427

View Profile Personal Message (Offline)

Ignore
1711710427
Reply with quote  #2

1711710427
Report to moderator
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1002



View Profile
January 13, 2015, 08:46:59 PM
 #62

Today Ubuntu 14.10 had the new bitcoin-qt and bitcoind binaries. Kudos to the package maintainers!
Now bitcoin-qt reindexes the blocks, it's taking forever  Angry
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...

Onkel Paul

uki
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


cryptojunk bag holder


View Profile
January 13, 2015, 09:12:21 PM
 #63

Today Ubuntu 14.10 had the new bitcoin-qt and bitcoind binaries. Kudos to the package maintainers!
Now bitcoin-qt reindexes the blocks, it's taking forever  Angry
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...

Onkel Paul
Ubuntu 14.04 myself, after the latest repository update of openssl 1.0.1f problems started.
I am reindexing right now, for the last 12+ hours (stacked somewhere in August 2014 with about 30k blocks to go).
Do you know if there is any way to speed it up?

this space is intentionally left blank
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1002



View Profile
January 13, 2015, 09:50:47 PM
 #64

I am reindexing right now, for the last 12+ hours (stacked somewhere in August 2014 with about 30k blocks to go).
Do you know if there is any way to speed it up?

Nope, I guess indexing the blocks just takes its time since it covers all transactions, and there are a lot of transactions by now...
Mine is in May 2014, 33 weeks to go.

Onkel Paul

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
January 13, 2015, 10:54:11 PM
 #65

so i have openssl 1.0.1f but everything seems up to date with the blockchain w/o any obvious problems.  any need to reindex?
Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
January 13, 2015, 10:55:53 PM
 #66

so i have openssl 1.0.1f but everything seems up to date with the blockchain w/o any obvious problems.  any need to reindex?
If you have 0.9.4 or 0.10.0rc3, and your blockchain isn't stuck already, you don't need to reindex.
If you're not on the latest versions, then if your blockchain isn't stuck, it will be eventually.

codyswanson4
Member
**
Offline Offline

Activity: 63
Merit: 10


View Profile
January 13, 2015, 11:03:42 PM
 #67

Damn...Saw this a little too late...oh well...I'm on the school's internet  Grin

Need something done in C??  PM me!!
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
January 14, 2015, 01:05:28 AM
 #68

so i have openssl 1.0.1f but everything seems up to date with the blockchain w/o any obvious problems.  any need to reindex?
If you have 0.9.4 or 0.10.0rc3, and your blockchain isn't stuck already, you don't need to reindex.
If you're not on the latest versions, then if your blockchain isn't stuck, it will be eventually.

so i just upgraded from 0.9.3 to 0.9.4 but left openssl at 1.0.1f.  blockchain is not stuck at this pt.  ok?
davidpbrown
Sr. Member
****
Offline Offline

Activity: 531
Merit: 260


Vires in Numeris


View Profile WWW
January 14, 2015, 09:11:35 AM
 #69

For Linux users not on Ubuntu could we get https://bitcoin.org/en/download updated with the .tgz and/or some suggestion of which repository can be trusted.. and perhaps have the News alert on this site updated with a pointer to downloads, as that was always useful.

฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
milly6
Legendary
*
Offline Offline

Activity: 1632
Merit: 1010



View Profile WWW
January 14, 2015, 04:29:42 PM
 #70

Kind of makes me glad I haven't bothered upgrading openssl in some time.

If you havent upgraded in some time you are likely vulnerable to heartbleed.

Eyes open, No Fear. Be Safe! Trinity: Currency Without Bias
rgenito
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile WWW
January 15, 2015, 01:46:16 AM
 #71

I thought OpenSSL has always been a joke...right?

https://geni.app - Genius – The Crypto Solution to Retirement
fenghush
Sr. Member
****
Offline Offline

Activity: 658
Merit: 250



View Profile
January 15, 2015, 12:50:01 PM
 #72

I thought OpenSSL has always been a joke...right?

A joke on which a lot of the internet relies on.

Cryddit
Legendary
*
Offline Offline

Activity: 924
Merit: 1122


View Profile
January 15, 2015, 10:12:54 PM
 #73

The problem is that we are using the current version of SSL (whatever's on the system/linked) to check the validity of blocks that were accepted with past versions of SSL.  

This is why the makefile for bitcoind specified static linking in the first place.

I am ... upset.  We should be using current versions of SSL for communications, because SSL gets valuable security upgrades.  But we should be using it for protocol only, because checking past blocks with a version that was not the version which governed their acceptance  risks exactly this sort of divergence.  Our need for SSL as a communications protocol does not affect the validity of data already transmitted.  

SSL will continue to change, and those changes cannot be allowed to affect data already transmitted and received, nor our software's opinion about whether that already-accepted data is valid.  Neither our stored blockchain data nor our ability to check our stored data should have anything to do with it.

Our need for cryptographic functions once a block is accepted are different, and absolutely NOT subject to revision.  That is, whatever's required to CHECK blockchain validity absolutely must not be something that can be altered by any change in a system library.  

I presume that SSL will continue to "tighten" its spec - that is, whatever is acceptable to future versions will also be acceptable to past versions. Therefore using routines from a three-year-old version of SSL to check data transmitted and received using the current version of SSL ought never fail, and using the current version for communications should get us the benefit of security fixes.  Updated routines can be compiled into the client NO SOONER THAN they are known to work with the entire current blockchain.


Cryddit


Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1005



View Profile
January 20, 2015, 04:08:05 AM
 #74

I'm using 1.0.1h.

Is this version OK?
It's still finishing up syncing and hasn't stuck yet.

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1005


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2015, 12:44:54 PM
 #75

New versions of OpenSSL such as 1.0.0Q and 1.0.0L came out.

Are they affected by the bug ?

Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
January 21, 2015, 04:42:33 PM
 #76

New versions of OpenSSL such as 1.0.0Q and 1.0.0L came out.

Are they affected by the bug ?
All new versions of OpenSSL for the foreseeable future will be affected.
They don't see it as a bug, as they never guaranteed consensus compatibility.

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1005


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2015, 05:09:43 PM
 #77

New versions of OpenSSL such as 1.0.0Q and 1.0.0L came out.

Are they affected by the bug ?
All new versions of OpenSSL for the foreseeable future will be affected.
They don't see it as a bug, as they never guaranteed consensus compatibility.
Oh, that is just beautiful.

Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
January 21, 2015, 05:22:30 PM
 #78

New versions of OpenSSL such as 1.0.0Q and 1.0.0L came out.

Are they affected by the bug ?
All new versions of OpenSSL for the foreseeable future will be affected.
They don't see it as a bug, as they never guaranteed consensus compatibility.
Oh, that is just beautiful.
We're working on a 0.9.5 (and 0.10 of course) that will softfork to make us independent of OpenSSL so this can never happen again.
See sipa's proposal at http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg06744.html

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1005


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2015, 08:40:59 PM
 #79

New versions of OpenSSL such as 1.0.0Q and 1.0.0L came out.

Are they affected by the bug ?
All new versions of OpenSSL for the foreseeable future will be affected.
They don't see it as a bug, as they never guaranteed consensus compatibility.
Oh, that is just beautiful.
We're working on a 0.9.5 (and 0.10 of course) that will softfork to make us independent of OpenSSL so this can never happen again.
See sipa's proposal at http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg06744.html
Yeah, I already know about this. Good work, guys. (Yes - you too, Luke - even though i really hate your Gentoo patches).

dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1024



View Profile WWW
January 25, 2015, 03:37:01 PM
 #80

ubuntu 14.04
Quote
affected?
same OS, my version is:
Code:
OpenSSL 1.0.1f 6 Jan 2014
I understand that this version is fine and I only don't need to upgrade to version 1.0.1k, but wait for the following one.
Did I understand that correctly?
well, apparently not.
Version 1.0.1f (6 Jan 2014) seems to be affected, too.
Running reindexing now.

I can confirm that Version 1.0.1f (6 Jan 2014) caused 4 test failures here as well.

Pages: « 1 2 3 [4] 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!