From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7FB8A273 for ; Thu, 15 Oct 2015 08:19:01 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0958A31 for ; Thu, 15 Oct 2015 08:19:00 +0000 (UTC) Received: by wicgb1 with SMTP id gb1so261369751wic.1 for ; Thu, 15 Oct 2015 01:18:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:content-transfer-encoding; bh=7hS7sRkZIpuhmcyvU88p8S3IyZZ8lLGF7R1cH4AqOCc=; b=dPBMoMGuk6YZTgUao3SGPme4EX7Op6cywdqtRTFE1YdhnfxZ9nH2FxqPbqgPln/j7y 7FqPprniMAtbK+i85w7/WSpI4hxrQtVF46TjDWVQKbYnHyvRd2Iosm7slMR9nV2vIEQY 1ZvreeoXsYEyFNEBe19+/xNuHGXeEAn0q/8RplmcviaCAwa5mymtbVx0tL6+bWTc2w+N QFNaOIoBxhiyRndgFrzjaof7uuoo9Be3A4wLVIo/SpC5YE/CNgXdQei1aaSJMFExFOni KHdYanttP3hcdZhpC6PjPT75DEPA91Bec9cTFvl5B7WMbFjvMts10rCuWfWliixc26dI sycA== X-Received: by 10.180.11.37 with SMTP id n5mr8848155wib.20.1444897138333; Thu, 15 Oct 2015 01:18:58 -0700 (PDT) Received: from amethyst.visucore.com (dhcp-089-098-228-253.chello.nl. [89.98.228.253]) by smtp.gmail.com with ESMTPSA id p4sm22577673wia.15.2015.10.15.01.18.57 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 15 Oct 2015 01:18:58 -0700 (PDT) Date: Thu, 15 Oct 2015 10:18:58 +0200 From: "Wladimir J. van der Laan" To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <20151015081858.GA27194@amethyst.visucore.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Bitcoin Core 0.11.1 released X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2015 08:19:01 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Bitcoin Core version 0.11.1 is now available from: This is a new minor version release, bringing security fixes. It is recommended to upgrade to this version as soon as possible. Torrent magnet link: magnet:?xt=urn:btih:c6dd5f10efd99d9129869bb5fbf9cc53fc07cefa&dn=bitcoin-core-0.11.1&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.ccc.de%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&ws=https%3A%2F%2Fbitcoin.org%2Fbin%2F Please report bugs using the issue tracker at github: Upgrading and downgrading ========================= How to Upgrade - -------------- If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). Downgrade warning - ------------------ Because release 0.10.0 and later makes use of headers-first synchronization and parallel block download (see further), the block files and databases are not backwards-compatible with pre-0.10 versions of Bitcoin Core or other software: * Blocks will be stored on disk out of order (in the order they are received, really), which makes it incompatible with some tools or other programs. Reindexing using earlier versions will also not work anymore as a result of this. * The block index database will now hold headers for which no block is stored on disk, which earlier versions won't support. If you want to be able to downgrade smoothly, make a backup of your entire data directory. Without this your node will need start syncing (or importing from bootstrap.dat) anew afterwards. It is possible that the data from a completely synchronised 0.10 node may be usable in older versions as-is, but this is not supported and may break as soon as the older version attempts to reindex. This does not affect wallet forward or backward compatibility. There are no known problems when downgrading from 0.11.x to 0.10.x. Notable changes =============== Fix buffer overflow in bundled upnp - ------------------------------------ Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in the XML parser during initial network discovery. Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/ This applies to the distributed executables only, not when building from source or using distribution provided packages. Additionally, upnp has been disabled by default. This may result in a lower number of reachable nodes on IPv4, however this prevents future libupnpc vulnerabilities from being a structural risk to the network (see https://github.com/bitcoin/bitcoin/pull/6795). Test for LowS signatures before relaying - ----------------------------------------- Make the node require the canonical 'low-s' encoding for ECDSA signatures when relaying or mining. This removes a nuisance malleability vector. Consensus behavior is unchanged. If widely deployed this change would eliminate the last remaining known vector for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side it will block most transactions made by sufficiently out of date software. Unlike the other avenues to change txids on transactions this one was randomly violated by all deployed bitcoin software prior to its discovery. So, while other malleability vectors where made non-standard as soon as they were discovered, this one has remained permitted. Even BIP62 did not propose applying this rule to old version transactions, but conforming implementations have become much more common since BIP62 was initially written. Bitcoin Core has produced compatible signatures since a28fb70e in September 2013, but this didn't make it into a release until 0.9 in March 2014; Bitcoinj has done so for a similar span of time. Bitcoinjs and electrum have been more recently updated. This does not replace the need for BIP62 or similar, as miners can still cooperate to break transactions. Nor does it replace the need for wallet software to handle malleability sanely[1]. This only eliminates the cheap and irritating DOS attack. [1] On the Malleability of Bitcoin Transactions Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf Minimum relay fee default increase - ----------------------------------- The default for the `-minrelaytxfee` setting has been increased from `0.00001` to `0.00005`. This is necessitated by the current transaction flooding, causing outrageous memory usage on nodes due to the mempool ballooning. This is a temporary measure, bridging the time until a dynamic method for determining this fee is merged (which will be in 0.12). (see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11 release notes, in which this value was suggested) 0.11.1 Change log ================= Detailed release notes follow. This overview includes changes that affect behavior, not code moves, refactors and string updates. For convenience in locating the code changes and accompanying discussion, both the pull request and git merge commit are mentioned. - - #6438 `2531438` openssl: avoid config file load/race - - #6439 `980f820` Updated URL location of netinstall for Debian - - #6384 `8e5a969` qt: Force TLS1.0+ for SSL connections - - #6471 `92401c2` Depends: bump to qt 5.5 - - #6224 `93b606a` Be even stricter in processing unrequested blocks - - #6571 `100ac4e` libbitcoinconsensus: avoid a crash in multi-threaded environments - - #6545 `649f5d9` Do not store more than 200 timedata samples. - - #6694 `834e299` [QT] fix thin space word wrap line break issue - - #6703 `1cd7952` Backport bugfixes to 0.11 - - #6750 `5ed8d0b` Recent rejects backport to v0.11 - - #6769 `71cc9d9` Test LowS in standardness, removes nuisance malleability vector. - - #6789 `b4ad73f` Update miniupnpc to 1.9.20151008 - - #6785 `b4dc33e` Backport to v0.11: In (strCommand == "tx"), return if AlreadyHave() - - #6412 `0095b9a` Test whether created sockets are select()able - - #6795 `4dbcec0` net: Disable upnp by default - - #6793 `e7bcc4a` Bump minrelaytxfee default Credits ======= Thanks to everyone who directly contributed to this release: - - Adam Weiss - - Alex Morcos - - Casey Rodarmor - - Cory Fields - - fanquake - - Gregory Maxwell - - Jonas Schnelli - - J Ross Nicoll - - Luke Dashjr - - Pavel Janík - - Pavel Vasin - - Peter Todd - - Pieter Wuille - - randy-waterhouse - - Ross Nicoll - - Suhas Daftuar - - tailsjoin - - ฿tcDrak - - Tom Harding - - Veres Lajos - - Wladimir J. van der Laan And those who contributed additional code review and/or security research: - - timothy on IRC for reporting the issue - - Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCgAGBQJWH2E6AAoJEHSBCwEjRsmmVMAH/0/u/4it6+MI8LCGFZWJFbTk bZppeUIkGP4oN5XoHrPi++Mqdu+b9i/o5lmwrcZDFuA+DVzzOhTwt4dVzNP9IMey 2G3JfbDWd9lUv4DIR4GkD2CjoGVnZq3pgbHMmsWrcUGEvyl7zDYE51MKTAfljYG+ pfMEdc2LJJJ2GfM3MIXIE70i+5JW+46lqw19qnLpiOW8P9lJ0JMd6xKw6XFi25Z9 ywXloeuEHhsMkBOjhTJizv3CS7s+0LhsHMfXiryIIBWfs8laQh0aQJLELHnsYoFh M2+RmXBMbdgbugmJBIyFnuS3kDCVNEe/uBWU6RZWSwUSwC/V3L5hBHW8R+vrq6M= =20Vu -----END PGP SIGNATURE-----