Pages:
Author

Topic: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required - page 8. (Read 64179 times)

legendary
Activity: 1330
Merit: 1000
another reason for new investors to avoid bitcoin Sad
legendary
Activity: 2576
Merit: 1186
If you are using the graphical version of 0.9.0 on any platform, you must update immediately.
If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you.
Instead, you must upgrade to a fixed OpenSSL version.
member
Activity: 84
Merit: 14
Did that glibc problem for linux users get auto-fixed with the 0.9.1 release? Yay! I feared we might be still stuck with 0.9.0's glibc headache:

 https://bitcointalksearch.org/topic/m.5795604

... but I just ran the vanilla 0.9.1 in bash in debian wheezy without any trouble at all. Good work devs. Smiley
hero member
Activity: 639
Merit: 500
Bitcoin 0.9.1 in NOT working with russian version of windows!
hero member
Activity: 725
Merit: 503
I think that it's probably more secure to use an old linux at this point...

Running bitcoind.static I got:

Code:
terminate called after throwing an instance of 'std::runtime_error'
  what():  locale::facet::_S_create_c_locale name not valid

Solution https://www.foresightlinux.se/what-localefacet_s_create_c_locale-name-not-valid/
legendary
Activity: 883
Merit: 1005
I bet the CIA was exploiting this bug for years.


Do I sound like a conspiracy nut?
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
Can really the CLIENT KEYs be compromised by this bug?

What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.

Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)

The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?



If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
Bitcoin Core is considered a server / creates what would be considered a server in at least one of the cases highlighted by theymos.

And, even if it acted as a client in the other: This vulnerability also affects clients, which is basically why, if a browser you use uses OpenSSL (Android Browser, for example), the server itself can attack you this way.

So yes, what you say in your final sentence is true (at least for browsers using OpenSSL).
sr. member
Activity: 266
Merit: 250
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.

Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?

I had a quick look at this archive and the executables appear to be there:

bin/32/bitcoin-qt
bin/64/bitcoin-qt

The file I downloaded from your link and the previous link is 47.5 MB. I tried it again with your link, but same result. Bitcoin-qt is not an executable, it is a "shared library (application/x-sharedlib)". I have no program that can execute this file. Fuck. Why didn't they just make an "executable (application/x-executable)" file like version 0.8.5?
full member
Activity: 129
Merit: 119
Can really the CLIENT KEYs be compromised by this bug?

What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.

Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)

The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?



If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
legendary
Activity: 1792
Merit: 1111
Why don't the devs send an update notice with the emergency key?
hero member
Activity: 826
Merit: 1000
So glad my balance is still there, after the update.

legendary
Activity: 1498
Merit: 1000
Armory offline and online are both safe right?

I'm using Armory 0.8.x

Yes because it doesn't bitcoind rpcssl.
hero member
Activity: 658
Merit: 500
Armory offline and online are both safe right?

I'm using Armory 0.8.x
legendary
Activity: 2268
Merit: 1092
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.

Almost sounds like you've downloaded a source archive. Are you sure you've downloaded https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz , 36MB in size?

I had a quick look at this archive and the executables appear to be there:

bin/32/bitcoin-qt
bin/64/bitcoin-qt
sr. member
Activity: 266
Merit: 250
How do I install this for Linux Mint? On the previous version there was just a bitcoin-qt file which I could click on and run. Now the extracted folder contains several files, none of which are executable. I am stupid and know almost nothing about using the terminal, compiling libraries, etc. Can someone give me a simple explanation please?

Please.
sr. member
Activity: 392
Merit: 250
Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys  Grin
The HeartBleed vulnerability has been around ~2 years.
OpenSSL is the program effected. The OpenSSL team has only discovered this vulnerability yesterday.
It is not specific to bitcoin-qt.
Anytime you have bitcoin-qt open you are potentially at risk.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
I hate being forced into new updates. Like MoonShadow once said (and I am paraphrasing): "I like to wait until they have ironed out the bugs with new releases before I update". I've been following that same rule, and only update if it's absolutely necessary. Which is why I never even upgraded to v0.9

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.
How can you tell when you are using rpcssl? What activates/turns it on? I've never manually ran any RPC commands that had to do with SSL. Just importing privkeys.

Even if you are using RPC you would have had to manually create a SSL private key and SSL cert using openssl and then manually install those by setting params in the bitcoin.conf in order to be be exectuing those RPC calls over SSL.

If all of those sounds foreign the simple answer is unless you already knew you were using RPC over SSL you weren't using it.
Sounds good then. Just running with whatever default settings comes when you install it. Minus the "-detachdb" and "-datadir" (to download the blockchain to a different hard drive) commands. I don't even have the "bitcoin.conf" file, so nothing to worry about. Thanks! (off topic: i'm enjoying your RNG thread btw)




I have 0.8.5 version. Should I upgrade too? Backup before upgrade?
As for "backup before upgrade"?  ALWAYS backup before upgrade, every single upgrade and periodically between upgrades.  You never need to ask that question again because there is never a scenario where if you are deciding if you should make a backup that it would be a bad idea to do so.  Always use dates in the names of backups so you don't write over previous versions.
+1
I cannot stress this enough! ALWAYS backup before doing anything with your wallet. Between upgrades, when you import keys, etc... And keep the backups in multiple secure places.
newbie
Activity: 20
Merit: 0
Okay, I'm using (According to the debug screen):

v0.8.6-beta
Which has
OpenSSL 1.0.1c 10 May 2012


Never clicked on any "payment" thingys and I've only received BTC and sent BTC from it.
My bitcoin.conf is empty.

Never heard of this "rpcssl" option so I've never used it.
Am I good? Or must I update to 0.9.1?
Thanks guys  Grin
legendary
Activity: 2912
Merit: 1060
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.

Reusing addresses is bad anyway, I say start fresh. Don't lose old wallets tho.
legendary
Activity: 1554
Merit: 1000
Thanks. I already update my wallet regularly with timestamps. I mean will backup process and old backups affected for this? I use vanity addresses I created. Should I create new normal addresses?
I upgraded to 0.9.1 without a problem.
Pages:
Jump to: