summaryrefslogtreecommitdiff
path: root/c9/835437850e550b01ef1d31ee055b8f448132a8
blob: 1abdf0d9d4f9a61b49cbc70b3db2c70b1b181ac5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gavinandresen@gmail.com>) id 1WXdJG-0006Td-06
	for bitcoin-development@lists.sourceforge.net;
	Tue, 08 Apr 2014 21:11:58 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.213.45 as permitted sender)
	client-ip=209.85.213.45; envelope-from=gavinandresen@gmail.com;
	helo=mail-yh0-f45.google.com; 
Received: from mail-yh0-f45.google.com ([209.85.213.45])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WXdJE-0007ui-0O
	for bitcoin-development@lists.sourceforge.net;
	Tue, 08 Apr 2014 21:11:57 +0000
Received: by mail-yh0-f45.google.com with SMTP id a41so1500277yho.32
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 08 Apr 2014 14:11:50 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.84.227 with SMTP id s63mr8940362yhe.26.1396991510530;
	Tue, 08 Apr 2014 14:11:50 -0700 (PDT)
Received: by 10.170.133.195 with HTTP; Tue, 8 Apr 2014 14:11:50 -0700 (PDT)
Date: Tue, 8 Apr 2014 17:11:50 -0400
Message-ID: <CABsx9T3dQa9SpHqJd-AEWeiGUH4zGPWcO7rsgQq53dBV0JqZfw@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=20cf3011dd85bd505404f68e6e45
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gavinandresen[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WXdJE-0007ui-0O
Subject: [Bitcoin-development] 0.9.1 released
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 21:11:58 -0000

--20cf3011dd85bd505404f68e6e45
Content-Type: text/plain; charset=ISO-8859-1

Bitcoin Core version 0.9.1 is now available from:

  https://bitcoin.org/bin/0.9.1/

This is a security update. It is recommended to upgrade to this release
as soon as possible.

It is especially important to upgrade if you currently have version
0.9.0 installed and are using the graphical interface OR you are using
bitcoind from any pre-0.9.1 version, and have enabled SSL for RPC and
have configured allowip to allow rpc connections from potentially
hostile hosts.

Please report bugs using the issue tracker at github:

  https://github.com/bitcoin/bitcoin/issues

How to Upgrade
--------------

If you are running an older version, shut it down. Wait until it has
completely
shut down (which might take a few minutes for older versions), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac)
or
bitcoind/bitcoin-qt (on Linux).

If you are upgrading from version 0.7.2 or earlier, the first time you run
0.9.1 your blockchain files will be re-indexed, which will take anywhere
from
30 minutes to several hours, depending on the speed of your machine.

0.9.1 Release notes
=======================

No code changes were made between 0.9.0 and 0.9.1. Only the dependencies
were changed.

- Upgrade OpenSSL to 1.0.1g. This release fixes the following
vulnerabilities which can
  affect the Bitcoin Core software:

  - CVE-2014-0160 ("heartbleed")
    A missing bounds check in the handling of the TLS heartbeat extension
can
    be used to reveal up to 64k of memory to a connected client or server.

  - CVE-2014-0076
    The Montgomery ladder implementation in OpenSSL does not ensure that
    certain swap operations have a constant-time behavior, which makes it
    easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache
    side-channel attack.

- Add statically built executables to Linux build

Credits
--------

Credits go to the OpenSSL team for fixing the vulnerabilities quickly.

--20cf3011dd85bd505404f68e6e45
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Bitcoin Core version 0.9.1 is now available from:</di=
v><div><br></div><div>=A0 <a href=3D"https://bitcoin.org/bin/0.9.1/">https:=
//bitcoin.org/bin/0.9.1/</a></div><div><br></div><div>This is a security up=
date. It is recommended to upgrade to this release</div>
<div>as soon as possible.</div><div><br></div><div>It is especially importa=
nt to upgrade if you currently have version</div><div>0.9.0 installed and a=
re using the graphical interface OR you are using</div><div>bitcoind from a=
ny pre-0.9.1 version, and have enabled SSL for RPC and</div>
<div>have configured allowip to allow rpc connections from potentially</div=
><div>hostile hosts.</div><div><br></div><div>Please report bugs using the =
issue tracker at github:</div><div><br></div><div>=A0 <a href=3D"https://gi=
thub.com/bitcoin/bitcoin/issues">https://github.com/bitcoin/bitcoin/issues<=
/a></div>
<div><br></div><div>How to Upgrade</div><div>--------------</div><div><br><=
/div><div>If you are running an older version, shut it down. Wait until it =
has completely</div><div>shut down (which might take a few minutes for olde=
r versions), then run the</div>
<div>installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on =
Mac) or</div><div>bitcoind/bitcoin-qt (on Linux).</div><div><br></div><div>=
If you are upgrading from version 0.7.2 or earlier, the first time you run<=
/div>
<div>0.9.1 your blockchain files will be re-indexed, which will take anywhe=
re from=A0</div><div>30 minutes to several hours, depending on the speed of=
 your machine.</div><div><br></div><div>0.9.1 Release notes</div><div>=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div><br></div><div>No code changes were made between 0.9.0 and 0.9.1. Only=
 the dependencies were changed.</div><div><br></div><div>- Upgrade OpenSSL =
to 1.0.1g. This release fixes the following vulnerabilities which can</div>
<div>=A0 affect the Bitcoin Core software:</div><div><br></div><div>=A0 - C=
VE-2014-0160 (&quot;heartbleed&quot;)</div><div>=A0 =A0 A missing bounds ch=
eck in the handling of the TLS heartbeat extension can</div><div>=A0 =A0 be=
 used to reveal up to 64k of memory to a connected client or server.</div>
<div><br></div><div>=A0 - CVE-2014-0076</div><div>=A0 =A0 The Montgomery la=
dder implementation in OpenSSL does not ensure that</div><div>=A0 =A0 certa=
in swap operations have a constant-time behavior, which makes it</div><div>=
=A0 =A0 easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD ca=
che</div>
<div>=A0 =A0 side-channel attack.</div><div><br></div><div>- Add statically=
 built executables to Linux build</div><div><br></div><div>Credits</div><di=
v>--------</div><div><br></div><div>Credits go to the OpenSSL team for fixi=
ng the vulnerabilities quickly.</div>
<div><br></div>
</div>

--20cf3011dd85bd505404f68e6e45--