Author Topic: Groestlcoin Core v2.16.3 Released  (Read 2761 times)

Offline gruve_p

  • Administrator
  • Full Member
  • *****
  • Posts: 137
  • Founder Groestlcoin
    • View Profile
    • Official Groestlcoin Website
Groestlcoin Core v2.16.3 Released
« on: September 24, 2018, 08:48:07 pm »

A new major Groestlcoin Core version 2.16.3 is now available for download which includes both a Denial of Service component and a critical inflation vulnerability, so it is recommended to upgrade to it if you are running a full Groestlcoin node or a local Groestlcoin Core wallet.

v2.16.3 is now the official release version of Groestlcoin Core. This is a new major version release with a very important security updates. It is recommended to upgrade to this version as soon as possible. Stop running versions of Groestlcoin Core affected by CVE-2018-17144 asap: These are 2.13.3 and 2.16.0.

What's new in version v2.16.3?
This is a major release of Groestlcoin Core fixing a Denial of Service component and a critical inflation vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2018-17144) exploitable by miners that has been discovered in Groestlcoin Core version 2.13.3 and 2.16.0. It is recommended to upgrade to 2.16.3 as soon as possible.
If you only occasionally run Groestlcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it. If you know anyone who is running an older version, tell them to upgrade it ASAP. Stored funds are not at risk, and never were at risk.
At this time we believe over half of the Groestlcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.
However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.

Technical Details
In Groestlcoin Core 2.13.3, an optimization was added (Bitcoin Core PR #9049) which avoided a costly check during initial pre-relay block validation that multiple inputs within a single transaction did not spend the same input twice which was added in 2012 (Bitcoin Core PR #443). While the UTXO-updating logic has sufficient knowledge to check that such a condition is not violated in 2.13.3 it only did so in a sanity check assertion and not with full error handling (it did, however, fully handle this case twice in prior to
Thus, in Groestlcoin Core 2.13.3, any attempts to double-spend a transaction output within a single transaction inside of a block will result in an assertion failure and a crash, as was originally reported.
In Groestlcoin Core 2.16.0, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists.
Thus, in Groestlcoin Core 2.16.0, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur. However, if the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Groestlcoin as they would be then able to claim the value being spent twice.

Groestlcoin would like to publicly thank Reddit user u/Awemany for finding CVE-2018-17144 and reporting it (https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2018-September/000064.html). You deserve gratitude and appreciation from cryptoworld, and you have ours. If you want to support him for his work, please consider donating to him on his bitcoin cash address: bitcoincash:qr5yuq3q40u7mxwqz6xvamkfj8tg45wyus7fhqzug5

• Fix for CVE-2018-17144 Denial of Service component and a critical inflation vulnerability
• The `-blockmaxsize` option for miners to limit their blocks' sizes has been removed. Miners should use the `-blockmaxweight` option if they want to limit the weight of their blocks' weights.

It is appreciated if feedback of the following is provided:
1. Can you receive coins on a bech32 address? (small amounts to avoid losing them)
2. Can you receive coins on a legacy address? (small amounts to avoid losing them)
3. Can you receive coins on a p2sh-segwit address? (small amounts to avoid losing them)
4. Can you send coins on a bech32 address?
5. Can you send coins on a legacy address?
6. Can you send coins on a p2sh-segwit address?
7. Can you view your transaction on a third party blockexplorer (restart the client after entering the url of the blockexplorer) ?
8. Can you use the wallet with TOR?
9. Are you able to backup your wallet (wallet.dat) file?
10. Are you able to encrypt your wallet (wallet.dat) file?
11. Are you able to use watch-only function?
12. How long does it take to fully synchronize?
13. Are you able to sign/verify messages?
14. Are you able to see you send/receive addresses?
15. Are you able to use the wallet in your local language?

The application may have unfound bugs and problems. Please report using the issue tracker at github:

• There is no warranty and no party shall be made liable to you for damages. If you lose coins due to this app, no compensation will be given. Use this app solely at your own risk.
• Encrypt your wallet. This can be done by clicking the settings menu from inside the wallet. Make sure your password is secure and do not forget it.
• Make a copy your wallet.dat file as a backup and move it to a secure location:
Location Windows: Navigate to C:\Users\Username\AppData\Roaming\groestlcoin\wallet.dat (or open windows explorer and enter %appdata%\Groestlcoin\wallet.dat)
Location Mac: Finder -> Go {Hold Option] -> Library -> groestlcoin -> wallet.dat (~/Library/Application Support/groestlcoin/wallet.dat)

While this branch has been extensively tested to be compatible with the existing Groestlcoin v2.11.0, v2.13.3 and v2.16.0 network there is the possibility that we missed something. ALWAYS BACKUP YOUR GROESTLCOIN WALLET BEFORE UPGRADING.

How to Upgrade?
The first time you run version 2.16.3, your chainstate database may be converted to a new format, which will take anywhere from a few minutes to half an hour, depending on the speed of your machine.
Windows: If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX: If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu users: http://groestlcoin.org/forum/index.php?topic=441.0
Linux users: http://groestlcoin.org/forum/index.php?topic=97.0

Download the Windows Installer (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-win64.msi
Download the Windows Installer (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-win32.msi
Download the Windows binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-w64-mingw32.zip
Download the Windows binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-i686-w64-mingw32.zip
Download the OSX Installer here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-osx.dmg
Download the OSX binaries here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-apple-darwin11.tar.gz
Download the Linux binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-linux-gnu.tar.gz
Download the Linux binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-i686-pc-linux-gnu.tar.gz
Download the ARM Linux binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-aarch64-linux-gnu.tar.gz
Download the ARM Linux binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-arm-linux-gnueabihf.tar.gz

SHA-256 hashes of the released files for verification:

Source code:
Build instructions for Linux can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-unix.md
Build instructions for OSX can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-osx.md
Build instructions for Windows can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-windows.md