summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2012-03-03 17:41:03 +0100
committerbitcoindev <bitcoindev@gnusha.org>2012-03-03 16:41:12 +0000
commitcde962a4a281f41499e9b89625ba1e3ec5584942 (patch)
tree0f4f13412e4a0e6717a2ab2c4ed95d5b1ba2ba0b
parent3a6387dabb0ff4dd804975a87485f5aaf124e95f (diff)
downloadpi-bitcoindev-cde962a4a281f41499e9b89625ba1e3ec5584942.tar.gz
pi-bitcoindev-cde962a4a281f41499e9b89625ba1e3ec5584942.zip
Re: [Bitcoin-development] Duplicate transactions vulnerability
-rw-r--r--b5/fa7002f2d9d627dda575a64ec952602d2b32ac97
1 files changed, 97 insertions, 0 deletions
diff --git a/b5/fa7002f2d9d627dda575a64ec952602d2b32ac b/b5/fa7002f2d9d627dda575a64ec952602d2b32ac
new file mode 100644
index 000000000..4b32bbccf
--- /dev/null
+++ b/b5/fa7002f2d9d627dda575a64ec952602d2b32ac
@@ -0,0 +1,97 @@
+Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
+ helo=mx.sourceforge.net)
+ by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+ (envelope-from <pieter.wuille@gmail.com>) id 1S3s1A-0007al-7G
+ for bitcoin-development@lists.sourceforge.net;
+ Sat, 03 Mar 2012 16:41:12 +0000
+Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
+ designates 74.125.82.175 as permitted sender)
+ client-ip=74.125.82.175; envelope-from=pieter.wuille@gmail.com;
+ helo=mail-we0-f175.google.com;
+Received: from mail-we0-f175.google.com ([74.125.82.175])
+ by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
+ (Exim 4.76) id 1S3s17-0002ay-SS
+ for bitcoin-development@lists.sourceforge.net;
+ Sat, 03 Mar 2012 16:41:12 +0000
+Received: by wera1 with SMTP id a1so2338812wer.34
+ for <bitcoin-development@lists.sourceforge.net>;
+ Sat, 03 Mar 2012 08:41:03 -0800 (PST)
+Received-SPF: pass (google.com: domain of pieter.wuille@gmail.com designates
+ 10.180.107.68 as permitted sender) client-ip=10.180.107.68;
+Authentication-Results: mr.google.com; spf=pass (google.com: domain of
+ pieter.wuille@gmail.com designates 10.180.107.68 as permitted
+ sender) smtp.mail=pieter.wuille@gmail.com;
+ dkim=pass header.i=pieter.wuille@gmail.com
+Received: from mr.google.com ([10.180.107.68])
+ by 10.180.107.68 with SMTP id ha4mr4802152wib.9.1330792863791 (num_hops
+ = 1); Sat, 03 Mar 2012 08:41:03 -0800 (PST)
+MIME-Version: 1.0
+Received: by 10.180.107.68 with SMTP id ha4mr3804310wib.9.1330792863726; Sat,
+ 03 Mar 2012 08:41:03 -0800 (PST)
+Received: by 10.223.88.146 with HTTP; Sat, 3 Mar 2012 08:41:03 -0800 (PST)
+In-Reply-To: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com>
+References: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com>
+Date: Sat, 3 Mar 2012 17:41:03 +0100
+Message-ID: <CAPg+sBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g@mail.gmail.com>
+From: Pieter Wuille <pieter.wuille@gmail.com>
+To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Content-Type: text/plain; charset=ISO-8859-1
+X-Spam-Score: -1.6 (-)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+ See http://spamassassin.org/tag/ for more details.
+ -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+ sender-domain
+ 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
+ (pieter.wuille[at]gmail.com)
+ -0.0 SPF_PASS SPF: sender matches SPF record
+ -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
+ author's domain
+ 0.1 DKIM_SIGNED Message has a DKIM or DK signature,
+ not necessarily valid
+ -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
+X-Headers-End: 1S3s17-0002ay-SS
+Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Sat, 03 Mar 2012 16:41:12 -0000
+
+On Tue, Feb 28, 2012 at 17:48, Pieter Wuille <pieter.wuille@gmail.com> wrote:
+> Hello all,
+>
+> I've written about it in BIP30[2]. There is a patch for the reference
+> client, which has been tested and verified to make the attack
+> impossible. The change is backward compatible in the same way BIP16
+> is: if a supermajority of mining power implements it, old clients can
+> continue to function without risk.
+
+After getting responses from Deepbit, bitcoin.cz (slush), MtRed, Bitlc
+and BTCmine, it looks like march 15 is a reasonable deployment date
+for the security update described in BIP 30.
+
+I have created patches for:
+* git master: https://github.com/sipa/bitcoin/tree/nooverwritetx
+* v0.4.0: https://github.com/sipa/bitcoin/tree/nooverwritetx_v0.4.0
+* v0.3.24: https://github.com/sipa/bitcoin/tree/nooverwritetx_v0.3.24
+* v0.3.24+vinced:
+https://github.com/sipa/bitcoin/tree/nooverwritetx_v0.3.24+vinced
+* v0.3.19: https://github.com/sipa/bitcoin/tree/nooverwritetx_v0.3.19
+
+I've asked pool operators to upgrade, and confirm when they have done
+so. If you are a miner or pool operator, and have the ability to
+upgrade, please do so as well.
+
+Thanks,
+
+--
+Pieter
+
+