Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2022:0072-1

Опубликовано: 03 мар. 2022
Источник: suse-cvrf

Описание

Security update for bitcoin

This update for bitcoin fixes the following issues:

Update to version 0.21.2

  • P2P protocol and network code
    • use NetPermissions::HasFlag() in CConnman::Bind()
    • Rate limit the processing of rumoured addresses
  • Wallet
    • Do not iterate a directory if having an error while accessing it
  • RPC
    • Reset scantxoutset progress before inferring descriptors
  • Build System
    • depends: update Qt 5.9 source url
    • Update Windows code signing certificate
    • Use custom MacOS code signing tool
    • Fix build with Boost 1.77.0
  • Tests and QA
    • Build with --enable-werror by default, and document exceptions
    • Fix intermittent feature_taproot issue
    • Fix macOS brew install command
    • add missing ECCVerifyHandle to base_encode_decode
    • Run fuzzer task for the master branch only
  • GUI
    • Do not use QClipboard::Selection on Windows and macOS.
    • Remove user input from URI error message
    • Draw 'eye' sign at the beginning of watch-only addresses
  • Miscellaneous
    • Fix crash when parsing command line with -noincludeconf=0
    • util: Properly handle -noincludeconf on command line (take 2)

Update to version 0.21.1

  • Consensus:
    • Speedy trial support for versionbits
    • Speedy trial activation parameters for Taproot
  • P2P protocol and network code
    • allow CSubNet of non-IP networks
    • Avoid UBSan warning in ProcessMessage
  • Wallet
    • Introduce DeferredSignatureChecker and have SignatureExtractorClass subclass it
    • Avoid requesting fee rates multiple times during coin selection
  • RPC and other APIs:
    • Disallow sendtoaddress and sendmany when private keys disabled CVE-2021-3195

Update to version 0.21.0:

  • For full details see release-notes-0.21.0.md

Update to version 0.20.1

  • Mining
    • Fix GBT: Restore '!segwit' and 'csv' to 'rules' key
  • P2P protocol and network code
    • Replace automatic bans with discouragement filter
  • Wallet
    • Handle concurrent wallet loading
    • Minimal fix to restore conflicted transaction notifications
  • RPC and other APIs
    • Increment input value sum only once per UTXO in decodepsbt
    • psbt: Increment input value sum only once per UTXO in decodepsbt
    • psbt: Include and allow both non_witness_utxo and witness_utxo for segwit inputs
  • GUI
    • Add missing QPainterPath include
    • update Qt base translations for macOS release
  • Misc
    • util: Don't reference errno when pthread fails
    • Fix locking on WSL using flock instead of fcntl

Update to version 0.20.0:

  • Do not run bitcoind in daemon mode. Running it not as a background process makes it working properly with journald (instead of writing logs in /var/log).

Update to version 0.19.1:

  • Wallet
    • Fix origfee return for bumpfee with feerate arg
    • Fix unique_ptr usage in boost::signals2
    • Fix issue with conflicted mempool tx in listsinceblock
    • Bug: IsUsedDestination shouldn't use key id as script id for ScriptHash
    • IsUsedDestination should count any known single-key address
    • Reset reused transactions cache
  • RPC and other APIs
    • cli: Fix fatal leveldb error when specifying -blockfilterindex=basic twice
    • require second argument only for scantxoutset start action
    • zmq: Fix due to invalid argument and multiple notifiers
    • psbt: handle unspendable psbts
    • psbt: check that various indexes and amounts are within bounds
  • GUI
    • Fix missing qRegisterMetaType for size_t
    • disable File->CreateWallet during startup
    • Fix comparison function signature
    • Fix unintialized WalletView::progressDialog
  • Tests and QA
    • Appveyor improvement - text file for vcpkg package list
    • fix 'bitcoind already running' warnings on macOS
    • add missing #include to fix compiler errors
  • Platform support
    • Update msvc build for Visual Studio 2019 v16.4
    • Updates to appveyor config for VS2019 and Qt5.9.8 + msvc project fixes
    • bug-fix macos: give free bytes to F_PREALLOCATE
  • Miscellaneous
    • init: Stop indexes on shutdown after ChainStateFlushed callback
    • util: Add missing headers to util/fees.cpp
    • Unbreak build with Boost 1.72.0
    • scripts: Fix symbol-check & security-check argument passing
    • Log to net category for exceptions in ProcessMessages
    • Update univalue subtree

Список пакетов

SUSE Package Hub 15 SP3
bitcoin-qt5-0.21.2-bp153.2.3.1
bitcoin-test-0.21.2-bp153.2.3.1
bitcoin-utils-0.21.2-bp153.2.3.1
bitcoind-0.21.2-bp153.2.3.1
libbitcoinconsensus-devel-0.21.2-bp153.2.3.1
libbitcoinconsensus0-0.21.2-bp153.2.3.1
openSUSE Leap 15.3
bitcoin-qt5-0.21.2-bp153.2.3.1
bitcoin-test-0.21.2-bp153.2.3.1
bitcoin-utils-0.21.2-bp153.2.3.1
bitcoind-0.21.2-bp153.2.3.1
libbitcoinconsensus-devel-0.21.2-bp153.2.3.1
libbitcoinconsensus0-0.21.2-bp153.2.3.1

Ссылки

Описание

** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions.

Затронутые продукты
SUSE Package Hub 15 SP3:bitcoin-qt5-0.21.2-bp153.2.3.1
SUSE Package Hub 15 SP3:bitcoin-test-0.21.2-bp153.2.3.1
SUSE Package Hub 15 SP3:bitcoin-utils-0.21.2-bp153.2.3.1
SUSE Package Hub 15 SP3:bitcoind-0.21.2-bp153.2.3.1
Ссылки
Уязвимость openSUSE-SU-2022:0072-1