From d57586f91c6cfe7480ae87b81a041009776a33af Mon Sep 17 00:00:00 2001 From: Micha Date: Wed, 14 Oct 2015 23:05:26 +0300 Subject: [PATCH] Add historical release notes for October 2015 bugfix releases [skip ci] --- doc/release-notes/release-notes-0.10.3.md | 165 +++++++++++++++++++++ doc/release-notes/release-notes-0.11.1.md | 172 ++++++++++++++++++++++ 2 files changed, 337 insertions(+) create mode 100644 doc/release-notes/release-notes-0.10.3.md create mode 100644 doc/release-notes/release-notes-0.11.1.md diff --git a/doc/release-notes/release-notes-0.10.3.md b/doc/release-notes/release-notes-0.10.3.md new file mode 100644 index 0000000000..8a110e562c --- /dev/null +++ b/doc/release-notes/release-notes-0.10.3.md @@ -0,0 +1,165 @@ +Bitcoin Core version 0.10.3 is now available from: + + + +This is a new minor version release, bringing security fixes and translation +updates. It is recommended to upgrade to this version as soon as possible. + +Please report bugs using the issue tracker at github: + + + +Upgrading and downgrading +========================= + +How to Upgrade +-------------- + +If you are running an older version, shut it down. Wait until it has completely +shut down (which might take a few minutes for older versions), then run the +installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or +bitcoind/bitcoin-qt (on Linux). + +Downgrade warning +------------------ + +Because release 0.10.0 and later makes use of headers-first synchronization and +parallel block download (see further), the block files and databases are not +backwards-compatible with pre-0.10 versions of Bitcoin Core or other software: + +* Blocks will be stored on disk out of order (in the order they are +received, really), which makes it incompatible with some tools or +other programs. Reindexing using earlier versions will also not work +anymore as a result of this. + +* The block index database will now hold headers for which no block is +stored on disk, which earlier versions won't support. + +If you want to be able to downgrade smoothly, make a backup of your entire data +directory. Without this your node will need start syncing (or importing from +bootstrap.dat) anew afterwards. It is possible that the data from a completely +synchronised 0.10 node may be usable in older versions as-is, but this is not +supported and may break as soon as the older version attempts to reindex. + +This does not affect wallet forward or backward compatibility. + +Notable changes +=============== + +Fix buffer overflow in bundled upnp +------------------------------------ + +Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in +the XML parser during initial network discovery. + +Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/ + +This applies to the distributed executables only, not when building from source or +using distribution provided packages. + +Additionally, upnp has been disabled by default. This may result in a lower +number of reachable nodes on IPv4, however this prevents future libupnpc +vulnerabilities from being a structural risk to the network +(see https://github.com/bitcoin/bitcoin/pull/6795). + +Test for LowS signatures before relaying +----------------------------------------- + +Make the node require the canonical 'low-s' encoding for ECDSA signatures when +relaying or mining. This removes a nuisance malleability vector. + +Consensus behavior is unchanged. + +If widely deployed this change would eliminate the last remaining known vector +for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side +it will block most transactions made by sufficiently out of date software. + +Unlike the other avenues to change txids on transactions this +one was randomly violated by all deployed bitcoin software prior to +its discovery. So, while other malleability vectors where made +non-standard as soon as they were discovered, this one has remained +permitted. Even BIP62 did not propose applying this rule to +old version transactions, but conforming implementations have become +much more common since BIP62 was initially written. + +Bitcoin Core has produced compatible signatures since a28fb70e in +September 2013, but this didn't make it into a release until 0.9 +in March 2014; Bitcoinj has done so for a similar span of time. +Bitcoinjs and electrum have been more recently updated. + +This does not replace the need for BIP62 or similar, as miners can +still cooperate to break transactions. Nor does it replace the +need for wallet software to handle malleability sanely[1]. This +only eliminates the cheap and irritating DOS attack. + +[1] On the Malleability of Bitcoin Transactions +Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek +http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf + +Minimum relay fee default increase +----------------------------------- + +The default for the `-minrelaytxfee` setting has been increased from `0.00001` +to `0.00005`. + +This is necessitated by the current transaction flooding, causing +outrageous memory usage on nodes due to the mempool ballooning. This is a +temporary measure, bridging the time until a dynamic method for determining +this fee is merged (which will be in 0.12). + +(see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11.0 +release notes, in which this value was suggested) + +0.10.3 Change log +================= + +Detailed release notes follow. This overview includes changes that affect external +behavior, not code moves, refactors or string updates. + +- #6186 `e4a7d51` Fix two problems in CSubnet parsing +- #6153 `ebd7d8d` Parameter interaction: disable upnp if -proxy set +- #6203 `ecc96f5` Remove P2SH coinbase flag, no longer interesting +- #6226 `181771b` json: fail read_string if string contains trailing garbage +- #6244 `09334e0` configure: Detect (and reject) LibreSSL +- #6276 `0fd8464` Fix getbalance * 0 +- #6274 `be64204` Add option `-alerts` to opt out of alert system +- #6319 `3f55638` doc: update mailing list address +- #6438 `7e66e9c` openssl: avoid config file load/race +- #6439 `255eced` Updated URL location of netinstall for Debian +- #6412 `0739e6e` Test whether created sockets are select()able +- #6694 `f696ea1` [QT] fix thin space word wrap line brake issue +- #6704 `743cc9e` Backport bugfixes to 0.10 +- #6769 `1cea6b0` Test LowS in standardness, removes nuisance malleability vector. +- #6789 `093d7b5` Update miniupnpc to 1.9.20151008 +- #6795 `f2778e0` net: Disable upnp by default +- #6797 `91ef4d9` Do not store more than 200 timedata samples +- #6793 `842c48d` Bump minrelaytxfee default + +Credits +======= + +Thanks to everyone who directly contributed to this release: + +- Adam Weiss +- Alex Morcos +- Casey Rodarmor +- Cory Fields +- fanquake +- Gregory Maxwell +- Jonas Schnelli +- J Ross Nicoll +- Luke Dashjr +- Pavel Vasin +- Pieter Wuille +- randy-waterhouse +- ฿tcDrak +- Tom Harding +- Veres Lajos +- Wladimir J. van der Laan + +And all those who contributed additional code review and/or security research: + +- timothy on IRC for reporting the issue +- Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos + +As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). diff --git a/doc/release-notes/release-notes-0.11.1.md b/doc/release-notes/release-notes-0.11.1.md new file mode 100644 index 0000000000..799205691e --- /dev/null +++ b/doc/release-notes/release-notes-0.11.1.md @@ -0,0 +1,172 @@ +Bitcoin Core version 0.11.1 is now available from: + + + +This is a new minor version release, bringing security fixes. It is recommended +to upgrade to this version as soon as possible. + +Please report bugs using the issue tracker at github: + + + +Upgrading and downgrading +========================= + +How to Upgrade +-------------- + +If you are running an older version, shut it down. Wait until it has completely +shut down (which might take a few minutes for older versions), then run the +installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or +bitcoind/bitcoin-qt (on Linux). + +Downgrade warning +------------------ + +Because release 0.10.0 and later makes use of headers-first synchronization and +parallel block download (see further), the block files and databases are not +backwards-compatible with pre-0.10 versions of Bitcoin Core or other software: + +* Blocks will be stored on disk out of order (in the order they are +received, really), which makes it incompatible with some tools or +other programs. Reindexing using earlier versions will also not work +anymore as a result of this. + +* The block index database will now hold headers for which no block is +stored on disk, which earlier versions won't support. + +If you want to be able to downgrade smoothly, make a backup of your entire data +directory. Without this your node will need start syncing (or importing from +bootstrap.dat) anew afterwards. It is possible that the data from a completely +synchronised 0.10 node may be usable in older versions as-is, but this is not +supported and may break as soon as the older version attempts to reindex. + +This does not affect wallet forward or backward compatibility. There are no +known problems when downgrading from 0.11.x to 0.10.x. + +Notable changes +=============== + +Fix buffer overflow in bundled upnp +------------------------------------ + +Bundled miniupnpc was updated to 1.9.20151008. This fixes a buffer overflow in +the XML parser during initial network discovery. + +Details can be found here: http://talosintel.com/reports/TALOS-2015-0035/ + +This applies to the distributed executables only, not when building from source or +using distribution provided packages. + +Additionally, upnp has been disabled by default. This may result in a lower +number of reachable nodes on IPv4, however this prevents future libupnpc +vulnerabilities from being a structural risk to the network +(see https://github.com/bitcoin/bitcoin/pull/6795). + +Test for LowS signatures before relaying +----------------------------------------- + +Make the node require the canonical 'low-s' encoding for ECDSA signatures when +relaying or mining. This removes a nuisance malleability vector. + +Consensus behavior is unchanged. + +If widely deployed this change would eliminate the last remaining known vector +for nuisance malleability on SIGHASH_ALL P2PKH transactions. On the down-side +it will block most transactions made by sufficiently out of date software. + +Unlike the other avenues to change txids on transactions this +one was randomly violated by all deployed bitcoin software prior to +its discovery. So, while other malleability vectors where made +non-standard as soon as they were discovered, this one has remained +permitted. Even BIP62 did not propose applying this rule to +old version transactions, but conforming implementations have become +much more common since BIP62 was initially written. + +Bitcoin Core has produced compatible signatures since a28fb70e in +September 2013, but this didn't make it into a release until 0.9 +in March 2014; Bitcoinj has done so for a similar span of time. +Bitcoinjs and electrum have been more recently updated. + +This does not replace the need for BIP62 or similar, as miners can +still cooperate to break transactions. Nor does it replace the +need for wallet software to handle malleability sanely[1]. This +only eliminates the cheap and irritating DOS attack. + +[1] On the Malleability of Bitcoin Transactions +Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek +http://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf + +Minimum relay fee default increase +----------------------------------- + +The default for the `-minrelaytxfee` setting has been increased from `0.00001` +to `0.00005`. + +This is necessitated by the current transaction flooding, causing +outrageous memory usage on nodes due to the mempool ballooning. This is a +temporary measure, bridging the time until a dynamic method for determining +this fee is merged (which will be in 0.12). + +(see https://github.com/bitcoin/bitcoin/pull/6793, as well as the 0.11 +release notes, in which this value was suggested) + +0.11.1 Change log +================= + +Detailed release notes follow. This overview includes changes that affect +behavior, not code moves, refactors and string updates. For convenience in locating +the code changes and accompanying discussion, both the pull request and +git merge commit are mentioned. + +- #6438 `2531438` openssl: avoid config file load/race +- #6439 `980f820` Updated URL location of netinstall for Debian +- #6384 `8e5a969` qt: Force TLS1.0+ for SSL connections +- #6471 `92401c2` Depends: bump to qt 5.5 +- #6224 `93b606a` Be even stricter in processing unrequested blocks +- #6571 `100ac4e` libbitcoinconsensus: avoid a crash in multi-threaded environments +- #6545 `649f5d9` Do not store more than 200 timedata samples. +- #6694 `834e299` [QT] fix thin space word wrap line break issue +- #6703 `1cd7952` Backport bugfixes to 0.11 +- #6750 `5ed8d0b` Recent rejects backport to v0.11 +- #6769 `71cc9d9` Test LowS in standardness, removes nuisance malleability vector. +- #6789 `b4ad73f` Update miniupnpc to 1.9.20151008 +- #6785 `b4dc33e` Backport to v0.11: In (strCommand == "tx"), return if AlreadyHave() +- #6412 `0095b9a` Test whether created sockets are select()able +- #6795 `4dbcec0` net: Disable upnp by default +- #6793 `e7bcc4a` Bump minrelaytxfee default + +Credits +======= + +Thanks to everyone who directly contributed to this release: + +- Adam Weiss +- Alex Morcos +- Casey Rodarmor +- Cory Fields +- fanquake +- Gregory Maxwell +- Jonas Schnelli +- J Ross Nicoll +- Luke Dashjr +- Pavel Janík +- Pavel Vasin +- Peter Todd +- Pieter Wuille +- randy-waterhouse +- Ross Nicoll +- Suhas Daftuar +- tailsjoin +- ฿tcDrak +- Tom Harding +- Veres Lajos +- Wladimir J. van der Laan + +And those who contributed additional code review and/or security research: + +- timothy on IRC for reporting the issue +- Vulnerability in miniupnp discovered by Aleksandar Nikolic of Cisco Talos + +As well as everyone that helped translating on [Transifex](https://www.transifex.com/projects/p/bitcoin/). +