Pages:
Author

Topic: Bitcoin-Qt / bitcoind version 0.8.4 released, fixes critical DoS vulnerability - page 5. (Read 40396 times)

donator
Activity: 848
Merit: 1078
Good work Gavin. Thank you.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
legendary
Activity: 1596
Merit: 1100
OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1

Well... please help us confirm that the OSX issue is fixed.

Note the "hopefully!" tag...

legendary
Activity: 1330
Merit: 1000
Bitcoin
Thank you Gavin for all your work! +1
legendary
Activity: 1764
Merit: 1002
OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!

+1
legendary
Activity: 1596
Merit: 1100
My standard, per-version refrain:  If downloading a new block chain, then download the torrent:

     [ANN] Bitcoin blockchain data torrent
     https://bitcointalksearch.org/topic/ann-bitcoin-blockchain-data-torrent-145386

Torrent handles bursty behavior such as new releases nicely, without loading the bitcoin P2P network so much.

(if you are upgrading and already have some block chain, this message does not apply to you)

full member
Activity: 140
Merit: 100
OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Thanks very much for addressing this one!
newbie
Activity: 10
Merit: 0
Alrighty then upgrading now
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
Roger that upgrading now thanks as always to the devs
legendary
Activity: 2128
Merit: 1002
thanks for the upgrade post, will do an upgrade later on my linux PC.
legendary
Activity: 1946
Merit: 1004
legendary
Activity: 1428
Merit: 1001
Okey Dokey Lokey
Sad to see that updates are neccessary, but glad to see neccessary updates come out.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
Bitcoin-Qt version 0.8.4 is now available from:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/

This is a maintenance release to fix a critical bug and three
security issues; we urge all users to upgrade.

Please report bugs using the issue tracker at github:
  https://github.com/bitcoin/bitcoin/issues


How to Upgrade
--------------

If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).

If you are upgrading from version 0.7.2 or earlier, the first time you
run 0.8.4 your blockchain files will be re-indexed, which will take
anywhere from 30 minutes to several hours, depending on the speed of
your machine.

0.8.4 Release notes
===================

Security issues
---------------

An attacker could send a series of messages that resulted in
an integer division-by-zero error in the Bloom Filter handling
code, causing the Bitcoin-Qt or bitcoind process to crash.
Bloom filters were introduced with version 0.8, so versions 0.8.0
through 0.8.3 are vulnerable to this critical denial-of-service attack.

A constant-time algorithm is now used to check RPC password
guess attempts; fixes https://github.com/bitcoin/bitcoin/issues/2838
(CVE-2013-4165)

Implement a better fix for the fill-memory-with-orphan-transactions
attack that was fixed in 0.8.3. See
https://bitslog.wordpress.com/2013/07/18/buggy-cve-2013-4627-patch-open-new-vectors-of-attack/
for a description of the weaknesses of the previous fix.
(CVE-2013-4627)

Bugs fixed
----------

Fix multi-block reorg transaction resurrection.

Fix non-standard disconnected transactions causing mempool orphans.
This bug could cause nodes running with the -debug flag to crash.

OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!)
prevent the database corruption issues many people have
experienced on OSX.

Linux: clicking on bitcoin: links was broken if you were using
a Gnome-based desktop.

Fix a hang-at-shutdown bug that only affects users that compile
their own version of Bitcoin against Boost versions 1.50-1.52.

Other changes
-------------

Checkpoint at block 250,000 to speed up initial block downloads
and make the progress indicator when downloading more accurate.


Thanks to everybody who contributed to the 0.8.4 releases!
----------------------------------------------------------

Pieter Wuille
Warren Togami
Patrick Strateman
pakt
Gregory Maxwell
Sergio Demian Lerner
grayleonard
Cory Fields
Matt Corallo
Gavin Andresen
Pages:
Jump to: