Summary: | net-p2p/bitcoin{d,-qt}-0.9.2 version bump | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eric Chatellier <eric.chatellier> |
Component: | Vulnerabilities | Assignee: | Anthony Basile <blueness> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | alex_y_xu, fturco, gentoo, gentoo, hanno, luke-jr+gentoobugs, proxy-maint, security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.9.0.md | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 505320, 506184 | ||
Bug Blocks: |
Description
Eric Chatellier
2014-03-19 16:21:59 UTC
Isn't there a policy of waiting at least a week before filing a bug for bumps? :P It's a stupid policy, and I've gotten yelled at for warning people, not warning people, and filing such bugs. I just don't bother at this point. And it's never been a policy, just that a certain subset (relatively small) of maintainers go all up in arms about it. This should probably go to security, as it fixes an important vulnerability. From release notes: Transaction malleability-related fixes This release contains a few fixes for transaction ID (TXID) malleability issues: -nospendzeroconfchange command-line option, to avoid spending zero-confirmation change IsStandard() transaction rules tightened to prevent relaying and mining of mutated transactions Additional information in listtransactions/gettransaction output to report wallet transactions that conflict with each other because they spend the same outputs. Bug fixes to the getbalance/listaccounts RPC commands, which would report incorrect balances for double-spent (or mutated) transactions. New option: -zapwallettxes to rebuild the wallet's transaction information Um, there are/were no vulnerabilities in net-p2p/bitcoin* related to transaction malleability. 0.9.1 is out: https://bitcoin.org/en/release/v0.9.1 (In reply to Francesco Turco from comment #6) > 0.9.1 is out: https://bitcoin.org/en/release/v0.9.1 With zero changes. Though maybe we should bump the version just to avoid alerts. Three days ago version 0.9.2 has been released: https://bitcoin.org/en/release/v0.9.2 (In reply to Francesco Turco from comment #8) > Three days ago version 0.9.2 has been released: > https://bitcoin.org/en/release/v0.9.2 Luke-jr bump? (In reply to Anthony Basile from comment #9) > (In reply to Francesco Turco from comment #8) > > Three days ago version 0.9.2 has been released: > > https://bitcoin.org/en/release/v0.9.2 > > Luke-jr bump? Bumped in overlay, still waiting on LevelDB for main tree.. :/ P.S. There's a 0.9.2.1 coming through the pipeline too. (In reply to Luke-Jr from comment #10) > (In reply to Anthony Basile from comment #9) > > (In reply to Francesco Turco from comment #8) > > > Three days ago version 0.9.2 has been released: > > > https://bitcoin.org/en/release/v0.9.2 > > > > Luke-jr bump? > > Bumped in overlay, still waiting on LevelDB for main tree.. :/ bug? Bug 506184 and bug 505320. blueness, is there even a vulnerability applicable to net-p2p/*? (In reply to Alex Xu (Hello71) from comment #13) > blueness, is there even a vulnerability applicable to net-p2p/*? I'm putting some pressure on leveldb to get those patches in. *** Bug 505530 has been marked as a duplicate of this bug. *** I added bitcoin{d,-qt}-0.9.2.1 from the bitcoin overlay, master branch. I also added the virtual/bitcoin-leveldb although I really think that might be overkill. Was there no other way to do that by a DEPEND string? Note bitcoin-qt-0.9.2.1 added the following locales which are not in profiles/desc/linguas.desc. I was not able to identify them to add them. Please let me know what these linguas are. Some of them look wrong so please give me a source: linguas_ach linguas_cmn linguas_es_DO linguas_es_UY linguas_kk_KZ linguas_pam linguas_sah linguas_uz@Cyrl (In reply to Anthony Basile from comment #16) > I added bitcoin{d,-qt}-0.9.2.1 from the bitcoin overlay, master branch. I > also added the virtual/bitcoin-leveldb although I really think that might be > overkill. Was there no other way to do that by a DEPEND string? It's easier to update this way... > Note bitcoin-qt-0.9.2.1 added the following locales which are not in > profiles/desc/linguas.desc. I was not able to identify them to add them. > Please let me know what these linguas are. Some of them look wrong so > please give me a source: > > linguas_ach > linguas_cmn > linguas_es_DO > linguas_es_UY > linguas_kk_KZ > linguas_pam > linguas_sah > linguas_uz@Cyrl ach = Acoli cmn = Chinese (Mandarin) es_DO = Spanish (Dominican Republic) es_UY = Spanish (Uruguay) kk_KZ = Kazakh (Kazakhstan) pam = Kapampangan sah = Sakha (Yakut) uz@Cyrl = Uzbek (Cyrillic) (In reply to Luke-Jr from comment #17) > (In reply to Anthony Basile from comment #16) > > I added bitcoin{d,-qt}-0.9.2.1 from the bitcoin overlay, master branch. I > > also added the virtual/bitcoin-leveldb although I really think that might be > > overkill. Was there no other way to do that by a DEPEND string? > > It's easier to update this way... > > > Note bitcoin-qt-0.9.2.1 added the following locales which are not in > > profiles/desc/linguas.desc. I was not able to identify them to add them. > > Please let me know what these linguas are. Some of them look wrong so > > please give me a source: > > > > linguas_ach > > linguas_cmn > > linguas_es_DO > > linguas_es_UY > > linguas_kk_KZ > > linguas_pam > > linguas_sah > > linguas_uz@Cyrl > > ach = Acoli > cmn = Chinese (Mandarin) > es_DO = Spanish (Dominican Republic) > es_UY = Spanish (Uruguay) > kk_KZ = Kazakh (Kazakhstan) > pam = Kapampangan > sah = Sakha (Yakut) > uz@Cyrl = Uzbek (Cyrillic) Thanks! We're done. |