openSUSE-SU-2022:0072-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0072-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:0072-1
Related
Published
2022-03-03T19:01:19Z
Modified
2022-03-03T19:01:19Z
Summary
Security update for bitcoin
Details

This update for bitcoin fixes the following issues:

Update to version 0.21.2

  • P2P protocol and network code
    • use NetPermissions::HasFlag() in CConnman::Bind()
    • Rate limit the processing of rumoured addresses
  • Wallet
    • Do not iterate a directory if having an error while accessing it
  • RPC
    • Reset scantxoutset progress before inferring descriptors
  • Build System
    • depends: update Qt 5.9 source url
    • Update Windows code signing certificate
    • Use custom MacOS code signing tool
    • Fix build with Boost 1.77.0
  • Tests and QA
    • Build with --enable-werror by default, and document exceptions
    • Fix intermittent feature_taproot issue
    • Fix macOS brew install command
    • add missing ECCVerifyHandle to baseencodedecode
    • Run fuzzer task for the master branch only
  • GUI
    • Do not use QClipboard::Selection on Windows and macOS.
    • Remove user input from URI error message
    • Draw 'eye' sign at the beginning of watch-only addresses
  • Miscellaneous
    • Fix crash when parsing command line with -noincludeconf=0
    • util: Properly handle -noincludeconf on command line (take 2)

Update to version 0.21.1

  • Consensus:
    • Speedy trial support for versionbits
    • Speedy trial activation parameters for Taproot
  • P2P protocol and network code
    • allow CSubNet of non-IP networks
    • Avoid UBSan warning in ProcessMessage
  • Wallet
    • Introduce DeferredSignatureChecker and have SignatureExtractorClass subclass it
    • Avoid requesting fee rates multiple times during coin selection
  • RPC and other APIs:
    • Disallow sendtoaddress and sendmany when private keys disabled CVE-2021-3195

Update to version 0.21.0:

  • For full details see release-notes-0.21.0.md

Update to version 0.20.1

  • Mining
    • Fix GBT: Restore '!segwit' and 'csv' to 'rules' key
  • P2P protocol and network code
    • Replace automatic bans with discouragement filter
  • Wallet
    • Handle concurrent wallet loading
    • Minimal fix to restore conflicted transaction notifications
  • RPC and other APIs
    • Increment input value sum only once per UTXO in decodepsbt
    • psbt: Increment input value sum only once per UTXO in decodepsbt
    • psbt: Include and allow both nonwitnessutxo and witness_utxo for segwit inputs
  • GUI
    • Add missing QPainterPath include
    • update Qt base translations for macOS release
  • Misc
    • util: Don't reference errno when pthread fails
    • Fix locking on WSL using flock instead of fcntl

Update to version 0.20.0:

  • See https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.20.0.md

  • Do not run bitcoind in daemon mode. Running it not as a background process makes it working properly with journald (instead of writing logs in /var/log).

Update to version 0.19.1:

  • Wallet
    • Fix origfee return for bumpfee with feerate arg
    • Fix unique_ptr usage in boost::signals2
    • Fix issue with conflicted mempool tx in listsinceblock
    • Bug: IsUsedDestination shouldn't use key id as script id for ScriptHash
    • IsUsedDestination should count any known single-key address
    • Reset reused transactions cache
  • RPC and other APIs
    • cli: Fix fatal leveldb error when specifying -blockfilterindex=basic twice
    • require second argument only for scantxoutset start action
    • zmq: Fix due to invalid argument and multiple notifiers
    • psbt: handle unspendable psbts
    • psbt: check that various indexes and amounts are within bounds
  • GUI
    • Fix missing qRegisterMetaType for size_t
    • disable File->CreateWallet during startup
    • Fix comparison function signature
    • Fix unintialized WalletView::progressDialog
  • Tests and QA
    • Appveyor improvement - text file for vcpkg package list
    • fix 'bitcoind already running' warnings on macOS
    • add missing #include to fix compiler errors
  • Platform support
    • Update msvc build for Visual Studio 2019 v16.4
    • Updates to appveyor config for VS2019 and Qt5.9.8 + msvc project fixes
    • bug-fix macos: give free bytes to F_PREALLOCATE
  • Miscellaneous
    • init: Stop indexes on shutdown after ChainStateFlushed callback
    • util: Add missing headers to util/fees.cpp
    • Unbreak build with Boost 1.72.0
    • scripts: Fix symbol-check & security-check argument passing
    • Log to net category for exceptions in ProcessMessages
    • Update univalue subtree
References

Affected packages

SUSE:Package Hub 15 SP3 / bitcoin

Package

Name
bitcoin
Purl
pkg:rpm/suse/bitcoin&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.2-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "bitcoin-utils": "0.21.2-bp153.2.3.1",
            "libbitcoinconsensus-devel": "0.21.2-bp153.2.3.1",
            "libbitcoinconsensus0": "0.21.2-bp153.2.3.1",
            "bitcoind": "0.21.2-bp153.2.3.1",
            "bitcoin-test": "0.21.2-bp153.2.3.1",
            "bitcoin-qt5": "0.21.2-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / bitcoin

Package

Name
bitcoin
Purl
pkg:rpm/opensuse/bitcoin&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.2-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "bitcoin-utils": "0.21.2-bp153.2.3.1",
            "libbitcoinconsensus-devel": "0.21.2-bp153.2.3.1",
            "libbitcoinconsensus0": "0.21.2-bp153.2.3.1",
            "bitcoind": "0.21.2-bp153.2.3.1",
            "bitcoin-test": "0.21.2-bp153.2.3.1",
            "bitcoin-qt5": "0.21.2-bp153.2.3.1"
        }
    ]
}