News:

Are you new to Groestlcoin and have questions you are afraid to ask?
Check out the New Users board and post there.
Welcome to all newcomers.

Main Menu

Groestlcoin Core v2.16.3 Released

Started by gruve_p, September 24, 2018, 08:48:07 PM

Previous topic - Next topic

gruve_p


A new major Groestlcoin Core version 2.16.3 is now available for download which includes both a Denial of Service component and a critical inflation vulnerability, so it is recommended to upgrade to it if you are running a full Groestlcoin node or a local Groestlcoin Core wallet.



v2.16.3 is now the official release version of Groestlcoin Core. This is a new major version release with a very important security updates. It is recommended to upgrade to this version as soon as possible. Stop running versions of Groestlcoin Core affected by CVE-2018-17144 asap: These are 2.13.3 and 2.16.0.


What's new in version v2.16.3?
This is a major release of Groestlcoin Core fixing a Denial of Service component and a critical inflation vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2018-17144) exploitable by miners that has been discovered in Groestlcoin Core version 2.13.3 and 2.16.0. It is recommended to upgrade to 2.16.3 as soon as possible.
If you only occasionally run Groestlcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it. If you know anyone who is running an older version, tell them to upgrade it ASAP. Stored funds are not at risk, and never were at risk.
At this time we believe over half of the Groestlcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.
However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.

Technical Details
In Groestlcoin Core 2.13.3, an optimization was added (Bitcoin Core PR #9049) which avoided a costly check during initial pre-relay block validation that multiple inputs within a single transaction did not spend the same input twice which was added in 2012 (Bitcoin Core PR #443). While the UTXO-updating logic has sufficient knowledge to check that such a condition is not violated in 2.13.3 it only did so in a sanity check assertion and not with full error handling (it did, however, fully handle this case twice in prior to 2.1.0.6).
Thus, in Groestlcoin Core 2.13.3, any attempts to double-spend a transaction output within a single transaction inside of a block will result in an assertion failure and a crash, as was originally reported.
In Groestlcoin Core 2.16.0, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists.
Thus, in Groestlcoin Core 2.16.0, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur. However, if the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Groestlcoin as they would be then able to claim the value being spent twice.

Groestlcoin would like to publicly thank Reddit user u/Awemany for finding CVE-2018-17144 and reporting it (https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2018-September/000064.html). You deserve gratitude and appreciation from cryptoworld, and you have ours. If you want to support him for his work, please consider donating to him on his bitcoin cash address: bitcoincash:qr5yuq3q40u7mxwqz6xvamkfj8tg45wyus7fhqzug5


Changelog:
• Fix for CVE-2018-17144 Denial of Service component and a critical inflation vulnerability
• The `-blockmaxsize` option for miners to limit their blocks' sizes has been removed. Miners should use the `-blockmaxweight` option if they want to limit the weight of their blocks' weights.

It is appreciated if feedback of the following is provided:
1. Can you receive coins on a bech32 address? (small amounts to avoid losing them)
2. Can you receive coins on a legacy address? (small amounts to avoid losing them)
3. Can you receive coins on a p2sh-segwit address? (small amounts to avoid losing them)
4. Can you send coins on a bech32 address?
5. Can you send coins on a legacy address?
6. Can you send coins on a p2sh-segwit address?
7. Can you view your transaction on a third party blockexplorer (restart the client after entering the url of the blockexplorer) ?
8. Can you use the wallet with TOR?
9. Are you able to backup your wallet (wallet.dat) file?
10. Are you able to encrypt your wallet (wallet.dat) file?
11. Are you able to use watch-only function?
12. How long does it take to fully synchronize?
13. Are you able to sign/verify messages?
14. Are you able to see you send/receive addresses?
15. Are you able to use the wallet in your local language?

The application may have unfound bugs and problems. Please report using the issue tracker at github:
https://github.com/groestlcoin/groestlcoin/issues

Important:
• There is no warranty and no party shall be made liable to you for damages. If you lose coins due to this app, no compensation will be given. Use this app solely at your own risk.
• Encrypt your wallet. This can be done by clicking the settings menu from inside the wallet. Make sure your password is secure and do not forget it.
• Make a copy your wallet.dat file as a backup and move it to a secure location:
Location Windows: Navigate to C:\Users\Username\AppData\Roaming\groestlcoin\wallet.dat (or open windows explorer and enter %appdata%\Groestlcoin\wallet.dat)
Location Mac: Finder -> Go {Hold Option] -> Library -> groestlcoin -> wallet.dat (~/Library/Application Support/groestlcoin/wallet.dat)

WARNING:
While this branch has been extensively tested to be compatible with the existing Groestlcoin v2.11.0, v2.13.3 and v2.16.0 network there is the possibility that we missed something. ALWAYS BACKUP YOUR GROESTLCOIN WALLET BEFORE UPGRADING.


How to Upgrade?
The first time you run version 2.16.3, your chainstate database may be converted to a new format, which will take anywhere from a few minutes to half an hour, depending on the speed of your machine.
Windows: If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX: If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu users: http://groestlcoin.org/forum/index.php?topic=441.0
Linux users: http://groestlcoin.org/forum/index.php?topic=97.0

Download the Windows Installer (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-win64.msi
Download the Windows Installer (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-win32.msi
Download the Windows binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-w64-mingw32.zip
Download the Windows binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-i686-w64-mingw32.zip
Download the OSX Installer here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-osx.dmg
Download the OSX binaries here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-apple-darwin11.tar.gz
Download the Linux binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-x86_64-linux-gnu.tar.gz
Download the Linux binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-i686-pc-linux-gnu.tar.gz
Download the ARM Linux binaries (64 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-aarch64-linux-gnu.tar.gz
Download the ARM Linux binaries (32 bit) here: https://github.com/Groestlcoin/groestlcoin/releases/download/v2.16.3/groestlcoin-2.16.3-arm-linux-gnueabihf.tar.gz

SHA-256 hashes of the released files for verification:
groestlcoin-2.16.3-x86_64-linux-gnu.tar.gz
f15bd5e38b25a103821f1563cd0e1b2cf7146ec9f9835493a30bd57313d3b86f
groestlcoin-2.16.3-aarch64-linux-gnu.tar.gz
d576c0aa488fa5d88077fd9cb2fec855619ce2512254cb207085f3e9440305c0
groestlcoin-2.16.3-arm-linux-gnueabihf.tar.gz
a7f9f4fcaaeb31c9617cf9711ea14c67cf810bace6e0fb60d208e559e295a65f
groestlcoin-2.16.3-i686-pc-linux-gnu.tar.gz
d8432224a6bafb06f953200f997e29a3925fc21cfe7f4ee8c22080fcc9eb182d
groestlcoin-2.16.3-osx.dmg
3d54c4c3affa2cceaed0942449cbc07b722295b872b4757077f1f076b0d27f53
groestlcoin-2.16.3-win64.msi
dc7aa2e4598f053ebecee77fa6cf888b2024b9a1b03991622556fd91a209e281
groestlcoin-2.16.3-win32.msi
e8318c3599809117cac56182c5684134b54255533faf8adbfb7e0b36dcfbbde2
groestlcoin-2.16.3-x86_64-w64-mingw32.zip
9617e7ec61a1f8850d11613ff3d4f4e1d8caa29e118ec1c29e07ef323b16557d
groestlcoin-2.16.3-i686-w64-mingw32.zip
28785ef0dd70d39ad6a0f68c651e4ce001e69b5b09dded9bde5f7491eaf3d54b
groestlcoin-2.16.3-x86_64-apple-darwin11.tar.gz
4976c8f60105a32bb0d8e230577f60438d5bed45a9aa92c51f0dd79a13c6b89e

Source code:
https://github.com/Groestlcoin/groestlcoin
Build instructions for Linux can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-unix.md
Build instructions for OSX can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-osx.md
Build instructions for Windows can be found here: https://github.com/Groestlcoin/groestlcoin/blob/master/doc/build-windows.md