Now bitcoin-qt reindexes the blocks, it's taking forever
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...
Onkel Paul
Topic: Users of Bitcoin Core on Linux must not upgrade to the latest version of OpenSSL - page 3. (Read 66065 times)
January 13, 2015, 03:46:59 PM
Today Ubuntu 14.10 had the new bitcoin-qt and bitcoind binaries. Kudos to the package maintainers!
Now bitcoin-qt reindexes the blocks, it's taking forever
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...
Onkel Paul
Now bitcoin-qt reindexes the blocks, it's taking forever
I'm all for using a less volatile EC library (and static linking) to avoid this in the future...
Onkel Paul
January 13, 2015, 02:47:35 PM
Sorry, but what is the actually BC version atm?
0.9.4 is current stable.0.10.0rc3 is release candidate.
January 13, 2015, 02:22:30 PM
Sorry, but what is the actually BC version atm?
January 13, 2015, 09:40:22 AM
Kind of makes me glad I haven't bothered upgrading openssl in some time.
*blank stare*
I guess he's being sarcasticWell sarcasm is one of those things that doesn't translate well on forums sometimes. [/sarcasm] tags may be appropriate in the future.
January 13, 2015, 05:46:49 AM
same OS, my version is:
I understand that this version is fine and I only don't need to upgrade to version 1.0.1k, but wait for the following one.
Did I understand that correctly?
well, apparently not.Code:
OpenSSL 1.0.1f 6 Jan 2014
Did I understand that correctly?
Version 1.0.1f (6 Jan 2014) seems to be affected, too.
Running reindexing now.
January 13, 2015, 04:05:50 AM
Run make test and see.
I guess this answers my main question!
This problem would also affect self-compiled altcoin-wallets for which no altcoin.org-version exist, wouldn't it?
*schnipp schnapp*
It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.
It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.
I guess this answers my main question!
If you're compiling Bitcoin Core using the normal configure+make, then it'll link dynamically. I'm not sure how to force this to link statically.
This problem would also affect self-compiled altcoin-wallets for which no altcoin.org-version exist, wouldn't it?
January 13, 2015, 01:27:13 AM
*schnipp schnapp*
It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.
It's an issue of what Bitcoin Core will use. If it's statically linking an OK version of OpenSSL, then updated your system OpenSSL is OK. If it's dynamically linking, then you'll have problems. The binaries on bitcoin.org statically link OpenSSL. I think that almost all Linux distros distribute versions of bitcoind/bitcoin-qt that dynamically link.
I guess this answers my main question!
If you're compiling Bitcoin Core using the normal configure+make, then it'll link dynamically. I'm not sure how to force this to link statically.
This problem would also affect self-compiled altcoin-wallets for which no altcoin.org-version exist, wouldn't it?
January 12, 2015, 06:52:02 PM
Somebody knows ETA of a fix coming out ?
I moved to 0.10rc2 this morning and if you are running that branch, the notes include preventive measures.
January 12, 2015, 02:56:51 PM
I was thinking about setting up a bitcoin node but i guess i'll wait till all these issues gets resolved
If you use the binaries from bitcoin.org you are safe (regarding this issue). Go on setting up your peer!
January 12, 2015, 02:53:54 PM
I was thinking about setting up a bitcoin node but i guess i'll wait till all these issues gets resolved
But i do not think anyone would have believed a year ago, that the most secure systems on the planet would get hacked.
This far we constant read about super secure systems being infiltrated.
Lets be honest the increase in calculate power and increased usage of the internet does open up doors we never had thought about.
Look at the power which modern graphic cards already have, i guess some people used the tech used for mining to make machines to break code as well.
As they did in the paste with graphics cards as well
But i do not think anyone would have believed a year ago, that the most secure systems on the planet would get hacked.
This far we constant read about super secure systems being infiltrated.
Lets be honest the increase in calculate power and increased usage of the internet does open up doors we never had thought about.
Look at the power which modern graphic cards already have, i guess some people used the tech used for mining to make machines to break code as well.
As they did in the paste with graphics cards as well
January 12, 2015, 01:36:00 PM
Somebody knows ETA of a fix coming out ?
For most people, this will be the answer:
The binaries from Bitcoin.org are not effected, not on any operating system.
Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.
Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.
If you did compile your own software, then you can run "make check" in the source tree to see if you're affected. If all tests pass, you're not affected. You might want to check again after you update your system's OpenSSL.
Those who compile their own software can fix their software by applying a patch. The required changes are available on Github; e.g. here for the 0.9 branch.
I created a version of the 0.9 sources that's nearly identical to the official 0.9.3 source code release for Linux, but with the fix applied:
https://github.com/cornwarecjp/bitcoin/tree/b146f97935d6c17927406ea549409d232eb7ce3c
I wouldn't recommend doing development on that branch(*), but since it's nearly identical to the official release source code, it should be OK for compiling your own Bitcoin binary. Check for yourself with a diff tool what the differences are with the 0.9.3 sources and make sure you agree. In Linux desktops, you can e.g. use the "Meld" program for this, and use it to compare directories.
(*) The reason being that it's become quite different from development branches, which might make it more difficult to merge things.
January 12, 2015, 11:55:37 AM
The binaries from Bitcoin.org are not effected, not on any operating system.
Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.
Keep in mind the Bitcoin protocol doesn't use SSL. That we're using a SSL library here is an accident of history, and a bad call in general. As this update demonstrates, our needs are at odds with the needs of a SSL library.
Virtually all users on Windows and OSX are not impacted, because virtually all of them use provided binaries. The only way you are possibly effected on those platforms is if you built the software for yourself and if you update OpenSSL.
Unless LibreSSL is guaranteeing bug-for-bug compatibility with old OpenSSL, it cannot safely be used with Bitcoin.
I looked at that a while back and their massive house-keeping makes the _changes_ more or less impossible to review. (Of course, OpenSSL is more or less impossible to review to begin with; so for their purposes I cannot blame them.)Keep in mind the Bitcoin protocol doesn't use SSL. That we're using a SSL library here is an accident of history, and a bad call in general. As this update demonstrates, our needs are at odds with the needs of a SSL library.
January 12, 2015, 11:51:32 AM
Gentoo 0.8.6-r1 and 0.9.3-r1 have the patch to workaround the issue.
That means it MUST make sure all bugs in OpenSSL 1.0.1j are still bugs in LibreSSL.
As far as I know, that is not a goal of either OpenSSL nor LibreSSL, and is exactly why the new version of OpenSSL breaks Bitcoin by fixing a bug.
LibreSSL isn't reinventing the wheel, but rather repairing a broken wheel. As LibreSSL grows more mature, and since it's a drop-in replacement for OpenSSL, it will with time deprecate OpenSSL and I'm sure the Bitcoin devs are wise enough to make the switch at some point.
Unless LibreSSL is guaranteeing bug-for-bug compatibility with old OpenSSL, it cannot safely be used with Bitcoin.That means it MUST make sure all bugs in OpenSSL 1.0.1j are still bugs in LibreSSL.
As far as I know, that is not a goal of either OpenSSL nor LibreSSL, and is exactly why the new version of OpenSSL breaks Bitcoin by fixing a bug.
January 12, 2015, 11:46:33 AM
Arch Linux users only needs to upgrade to 0.9.3-4 version.
January 12, 2015, 11:03:10 AM
Appologies if its answered already, does this effect Mac OSX?
It affects all OSes. But unless you plan on updating your OS X-installation's openssl dylib yourself (and something tells me you're not), then you don't need to worry at this point. Everything is fine.
January 12, 2015, 02:44:50 AM
Somebody knows ETA of a fix coming out ?
January 12, 2015, 12:53:43 AM
Appologies if its answered already, does this effect Mac OSX?
January 11, 2015, 07:34:14 PM
Kind of makes me glad I haven't bothered upgrading openssl in some time.
*blank stare*
[/quote]
I guess he's being sarcastic January 11, 2015, 05:47:35 PM
...and after applying the patch, Bitcoin passes its test again. 
Good work!
Good work! January 11, 2015, 03:39:48 PM
So, on Debian Wheezy, the latest patched 1.0.1e can also cause problems?
I now confirmed this, by first successfully running the Bitcoin 0.9.3 test suite, then upgrading OpenSSL (it still says 1.0.1e), and then getting a failure from the test suite:
http://www.ultimatestunts.nl/bitcoin/bitcoin_openssl_unittest_result.txt
Jump to: