Pages:
Author

Topic: Users of Bitcoin Core on Linux must not upgrade to the latest version of OpenSSL - page 3. (Read 66065 times)

legendary
Activity: 1039
Merit: 1005
Today Ubuntu 14.10 had the new bitcoin-qt and bitcoind binaries. Kudos to the package maintainers!
Now bitcoin-qt reindexes the blocks, it's taking forever  Angry
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...

Onkel Paul
legendary
Activity: 2576
Merit: 1186
Sorry, but what is the actually BC version atm?
0.9.4 is current stable.
0.10.0rc3 is release candidate.
newbie
Activity: 23
Merit: 0
Sorry, but what is the actually BC version atm?
legendary
Activity: 1064
Merit: 1000
Kind of makes me glad I haven't bothered upgrading openssl in some time.

*blank stare*


 Cheesy I guess he's being sarcastic

Well sarcasm is one of those things that doesn't translate well on forums sometimes. [/sarcasm] tags may be appropriate in the future.
uki
legendary
Activity: 1358
Merit: 1000
cryptojunk bag holder
ubuntu 14.04
Quote
affected?
same OS, my version is:
Code:
OpenSSL 1.0.1f 6 Jan 2014
I understand that this version is fine and I only don't need to upgrade to version 1.0.1k, but wait for the following one.
Did I understand that correctly?
well, apparently not.
Version 1.0.1f (6 Jan 2014) seems to be affected, too.
Running reindexing now.
sr. member
Activity: 658
Merit: 250
Run make test and see.
*schnipp schnapp*

It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.

I guess this answers my main question!

If you're compiling Bitcoin Core using the normal configure+make, then it'll link dynamically. I'm not sure how to force this to link statically.

This problem would also affect self-compiled altcoin-wallets for which no altcoin.org-version exist, wouldn't it?
legendary
Activity: 1778
Merit: 1070
*schnipp schnapp*

It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.

I guess this answers my main question!

If you're compiling Bitcoin Core using the normal configure+make, then it'll link dynamically. I'm not sure how to force this to link statically.

This problem would also affect self-compiled altcoin-wallets for which no altcoin.org-version exist, wouldn't it?
legendary
Activity: 4214
Merit: 1313
Somebody knows ETA of a fix coming out ?

I moved to 0.10rc2 this morning and if you are running that branch, the notes include preventive measures.
legendary
Activity: 1974
Merit: 1029
I was thinking about setting up a bitcoin node but i guess i'll wait till all these issues gets resolved

If you use the binaries from bitcoin.org you are safe (regarding this issue). Go on setting up your peer!
hero member
Activity: 774
Merit: 500
Lazy Lurker Reads Alot
I was thinking about setting up a bitcoin node but i guess i'll wait till all these issues gets resolved
But i do not think anyone would have believed a year ago, that the most secure systems on the planet would get hacked.
This far we constant read about super secure systems being infiltrated.
Lets be honest the increase in calculate power and increased usage of the internet does open up doors we never had thought about.
Look at the power which modern graphic cards already have, i guess some people used the tech used for mining to make machines to break code as well.
As they did in the paste with graphics cards as well
cjp
full member
Activity: 210
Merit: 124
Somebody knows ETA of a fix coming out ?

For most people, this will be the answer:

The binaries from Bitcoin.org are not effected, not on any operating system.

Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.

If you did compile your own software, then you can run "make check" in the source tree to see if you're affected. If all tests pass, you're not affected. You might want to check again after you update your system's OpenSSL.

Those who compile their own software can fix their software by applying a patch. The required changes are available on Github; e.g. here for the 0.9 branch.

I created a version of the 0.9 sources that's nearly identical to the official 0.9.3 source code release for Linux, but with the fix applied:
https://github.com/cornwarecjp/bitcoin/tree/b146f97935d6c17927406ea549409d232eb7ce3c

I wouldn't recommend doing development on that branch(*), but since it's nearly identical to the official release source code, it should be OK for compiling your own Bitcoin binary. Check for yourself with a diff tool what the differences are with the 0.9.3 sources and make sure you agree. In Linux desktops, you can e.g. use the "Meld" program for this, and use it to compare directories.

(*) The reason being that it's become quite different from development branches, which might make it more difficult to merge things.
staff
Activity: 4284
Merit: 8808
The binaries from Bitcoin.org are not effected, not on any operating system.

Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.

Unless LibreSSL is guaranteeing bug-for-bug compatibility with old OpenSSL, it cannot safely be used with Bitcoin.
I looked at that a while back and their massive house-keeping makes the _changes_ more or less impossible to review. (Of course, OpenSSL is more or less impossible to review to begin with; so for their purposes I cannot blame them.)

Keep in mind the Bitcoin protocol doesn't use SSL. That we're using a SSL library here is an accident of history, and a bad call in general. As this update demonstrates, our needs are at odds with the needs of a SSL library.
legendary
Activity: 2576
Merit: 1186
Gentoo 0.8.6-r1 and 0.9.3-r1 have the patch to workaround the issue.

LibreSSL isn't reinventing the wheel, but rather repairing a broken wheel. As LibreSSL grows more mature, and since it's a drop-in replacement for OpenSSL, it will with time deprecate OpenSSL and I'm sure the Bitcoin devs are wise enough to make the switch at some point.
Unless LibreSSL is guaranteeing bug-for-bug compatibility with old OpenSSL, it cannot safely be used with Bitcoin.
That means it MUST make sure all bugs in OpenSSL 1.0.1j are still bugs in LibreSSL.
As far as I know, that is not a goal of either OpenSSL nor LibreSSL, and is exactly why the new version of OpenSSL breaks Bitcoin by fixing a bug.
member
Activity: 61
Merit: 18
Developer
Arch Linux users only needs to upgrade to 0.9.3-4 version.
sr. member
Activity: 264
Merit: 250
Appologies if its answered already, does this effect Mac OSX?

It affects all OSes. But unless you plan on updating your OS X-installation's openssl dylib yourself (and something tells me you're not), then you don't need to worry at this point. Everything is fine.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
Somebody knows ETA of a fix coming out ?
hero member
Activity: 765
Merit: 503
Appologies if its answered already, does this effect Mac OSX?
legendary
Activity: 2114
Merit: 1090
=== NODE IS OK! ==
Kind of makes me glad I haven't bothered upgrading openssl in some time.

*blank stare*
[/quote]

 Cheesy I guess he's being sarcastic
cjp
full member
Activity: 210
Merit: 124
...and after applying the patch, Bitcoin passes its test again.  Smiley Good work!
cjp
full member
Activity: 210
Merit: 124
So, on Debian Wheezy, the latest patched 1.0.1e can also cause problems?

I now confirmed this, by first successfully running the Bitcoin 0.9.3 test suite, then upgrading OpenSSL (it still says 1.0.1e), and then getting a failure from the test suite:
http://www.ultimatestunts.nl/bitcoin/bitcoin_openssl_unittest_result.txt
Pages:
Jump to: