1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
Return-Path: <laanwj@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4DDE03C8
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Oct 2015 17:02:00 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com
[209.85.212.170])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EC29020C
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Oct 2015 17:01:58 +0000 (UTC)
Received: by wicge5 with SMTP id ge5so25657672wic.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Oct 2015 10:01:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=date:from:to:subject:message-id:mime-version:content-type
:content-disposition:content-transfer-encoding;
bh=DYxatt2vyRSP4Zk9zUs80HzrKtCAuJ8CSgMMH89zL2g=;
b=U2KenBngtFn3mmL3VO/iCqidqOrWWzMt+68R4jIaYUM4qaVEBcVTY9IxaZFIuimOs9
SwZfDjkAb9zZTkNmArK6WFxzDZDqbATn8nl93omhJUh8+yoXYi0jSgAJ6LLX8eYJ/pGJ
COYwm+9v9felMWAjn8YyUZ6AcS4fYkh7L1/P6d9xBkqKLdpBpfZZ3Sl8oOlk5LZ1qOe6
Bpyg4I5HJCpCqq+XJApVloZ6P7oVCu85zvNoh/Av+/yNryKmKm1XJF9V5iFHY2UIEQsT
tK2rdv3HItoyu3hz3mIKOVT85PSr2juP4CGCLqhS7L9of7SzX92O78rYx7g1vZgnxQtn
HhLA==
X-Received: by 10.180.12.241 with SMTP id b17mr16999490wic.55.1444669317617;
Mon, 12 Oct 2015 10:01:57 -0700 (PDT)
Received: from amethyst.visucore.com (dhcp-089-098-228-253.chello.nl.
[89.98.228.253]) by smtp.gmail.com with ESMTPSA id
uq5sm20922697wjc.3.2015.10.12.10.01.57
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLS1_2 cipher=AES128-SHA256 bits=128/128);
Mon, 12 Oct 2015 10:01:57 -0700 (PDT)
Date: Mon, 12 Oct 2015 19:01:57 +0200
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20151012170156.GB25231@amethyst.visucore.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] Bitcoin Core 0.10.3 release candidate 2 available
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 17:02:00 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Bitcoin Core version 0.10.3 release candidate 2 is now available from:
<https://bitcoin.org/bin/bitcoin-core-0.10.3/test/>
(release candidate 1 never had binaries available)
This is a release candidate for a new minor version release, bringing security
fixes and translation updates.
Please report bugs using the issue tracker at github:
<https://github.com/bitcoin/bitcoin/issues>
Preliminary releae notes follow:
Upgrading and downgrading
=========================
How to Upgrade
- --------------
If you are running an older version, shut it down. Wait until it has completely
shut down (which might take a few minutes for older versions), then run the
installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or
bitcoind/bitcoin-qt (on Linux).
Downgrade warning
- ------------------
Because release 0.10.0 and later makes use of headers-first synchronization and
parallel block download (see further), the block files and databases are not
backwards-compatible with pre-0.10 versions of Bitcoin Core or other software:
* Blocks will be stored on disk out of order (in the order they are
received, really), which makes it incompatible with some tools or
other programs. Reindexing using earlier versions will also not work
anymore as a result of this.
* The block index database will now hold headers for which no block is
stored on disk, which earlier versions won't support.
If you want to be able to downgrade smoothly, make a backup of your entire data
directory. Without this your node will need start syncing (or importing from
bootstrap.dat) anew afterwards. It is possible that the data from a completely
synchronised 0.10 node may be usable in older versions as-is, but this is not
supported and may break as soon as the older version attempts to reindex.
This does not affect wallet forward or backward compatibility.
Notable changes
===============
Fix buffer overflow in bundled upnp
- ------------------------------------
Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in
the XML parser during initial network discovery.
Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/
This applies to the distributed executables only, not when building from source or
using distribution provided packages.
Additionally, upnp has been disabled by default. This may result in a lower
number of reachable nodes on IPv4, however this prevents future libupnpc
vulnerabilities from being a structural risk to the network
(see https://github.com/bitcoin/bitcoin/pull/6795).
Test for LowS signatures before relaying
- -----------------------------------------
Make the node require the canonical 'low-s' encoding for ECDSA signatures when
relaying or mining. This removes a nuisance malleability vector.
Consensus behavior is unchanged.
If widely deployed this change would eliminate the last remaining known vector
for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side
it will block most transactions made by sufficiently out of date software.
Unlike the other avenues to change txids on transactions this
one was randomly violated by all deployed bitcoin software prior to
its discovery. So, while other malleability vectors where made
non-standard as soon as they were discovered, this one has remained
permitted. Even BIP62 did not propose applying this rule to
old version transactions, but conforming implementations have become
much more common since BIP62 was initially written.
Bitcoin Core has produced compatible signatures since a28fb70e in
September 2013, but this didn't make it into a release until 0.9
in March 2014; Bitcoinj has done so for a similar span of time.
Bitcoinjs and electrum have been more recently updated.
This does not replace the need for BIP62 or similar, as miners can
still cooperate to break transactions. Nor does it replace the
need for wallet software to handle malleability sanely[1]. This
only eliminates the cheap and irritating DOS attack.
[1] On the Malleability of Bitcoin Transactions
Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek
http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf
Minimum relay fee default increase
- -----------------------------------
The default for the `-minrelaytxfee` setting has been increased from `0.00001`
to `0.00005`.
This is necessitated by the current transaction flooding, causing
outrageous memory usage on nodes due to the mempool ballooning. This is a
temporary measure, bridging the time until a dynamic method for determining
this fee is merged (which will be in 0.12).
(see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11.0
release notes, in which this value was suggested)
0.10.3 Change log
=================
Detailed release notes follow. This overview includes changes that affect external
behavior, not code moves, refactors or string updates.
- - #6186 `e4a7d51` Fix two problems in CSubnet parsing
- - #6153 `ebd7d8d` Parameter interaction: disable upnp if -proxy set
- - #6203 `ecc96f5` Remove P2SH coinbase flag, no longer interesting
- - #6226 `181771b` json: fail read_string if string contains trailing garbage
- - #6244 `09334e0` configure: Detect (and reject) LibreSSL
- - #6276 `0fd8464` Fix getbalance * 0
- - #6274 `be64204` Add option `-alerts` to opt out of alert system
- - #6319 `3f55638` doc: update mailing list address
- - #6438 `7e66e9c` openssl: avoid config file load/race
- - #6439 `255eced` Updated URL location of netinstall for Debian
- - #6412 `0739e6e` Test whether created sockets are select()able
- - #6694 `f696ea1` [QT] fix thin space word wrap line brake issue
- - #6704 `743cc9e` Backport bugfixes to 0.10
- - #6769 `1cea6b0` Test LowS in standardness, removes nuisance malleability vector.
- - #6789 `093d7b5` Update miniupnpc to 1.9.20151008
- - #6795 `f2778e0` net: Disable upnp by default
- - #6797 `91ef4d9` Do not store more than 200 timedata samples
- - #6793 `842c48d` Bump minrelaytxfee default
Credits
=======
Thanks to everyone who directly contributed to this release:
- - Adam Weiss
- - Alex Morcos
- - Casey Rodarmor
- - Cory Fields
- - fanquake
- - Gregory Maxwell
- - Jonas Schnelli
- - J Ross Nicoll
- - Luke Dashjr
- - Pavel Vasin
- - Pieter Wuille
- - randy-waterhouse
- - ฿tcDrak
- - Tom Harding
- - Veres Lajos
- - Wladimir J. van der Laan
And all those who contributed additional code review and/or security research:
- - timothy on IRC for reporting the issue
- - Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos
As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJWG+djAAoJEHSBCwEjRsmmYskH/3bvwLnbRYaeAX71/F/VgOqd
N7Ly6ar00I4nbTpOloRd4xdf2TGaeRyu1Ty7lbK21weCxzsC3Uq7s40zDyBbfgZq
3kDupt9naNVmfXlsCHyiFRqgQnbtJTX1UH7Y8rjjnqPuInNdo0S6ZGBZm04Iqccq
qPfncyK95fd+9g1fow0TP+dIFHrEjD9NtEzsiH58RNtDlpadxNYCjbMjnDriS7wd
k7uOkDx+jBG1X4TwMHEf32PkKssZYzDr4xLP4SkmDTYVqzf24bOiO9nXempxUUQp
E9t1pRklZSZ5chBIRMJHhwci8cRVLmv4cAbXx1cUby4P7WJJC/8t8/fhWxgPddk=
=ar+M
-----END PGP SIGNATURE-----
|