[bitcoin-dev] Bitcoin Core 0.11.2 released

Sat Nov 14 02:10:29 UTC 2015

I decided to try to certify Wladimir's PGP keys (the old one (2346C9A6)
first, and then the new one (36C2E964), since it was signed with the old
one).

I visited
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/009045.html
to see that the new key was referenced in a message signed by the old one.
I figure it's safe to assume that if the old key actually signed that
message, then the core dev using <laanwj at gmail.com
<https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>> is an
actual core dev (that's all I'd be worried about).  So I copied the text
from ------BEGIN PGP SIGNED MESSAGE----- to -----END PGP SIGNATURE----- to
my clipboard and asked Kleopatra (on Windows) to verify it.  It says the
signature is bad.  If I alter the text of the email (so the signature would
be have to be different to be valid), it says exactly the same thing.  So
maybe something is wrong with Kleopatra on Windows.

However, the SHA256SUMS.asc file I got from the magnet link posted in the
email (below)  verifies just fine using the new key (36C2E964).  So I
figure Kleopatra is not broken.  It recognizes that the old key was used to
create the signature in that old email, but it says it's invalid.  Has
Wladimir been secretly replaced by someone who doesn't have access to the
private key for 2346C9A6?  Can you make a (bad) signature look like it was
made using a key you don't have? The whole reason for signing is so that we
will know if something like that happened.  So did I do something wrong?
(I mean, besides using Windows).

I believe this is the expected result if someone took something Wladimir
signed and ripped off the signature and pasted it below this new message to
make everyone think the new message was genuine.  Maybe Wladimir made an
edit after the signature was attached.  Or maybe it got changed when it
went through the email system.  It would be nice to know.  Anyway, I fell
back on Windows security and ran the install because it said it verified
that the publisher was "The Bitcoin Foundation".

On Fri, Nov 13, 2015 at 5:13 AM, Wladimir J. van der Laan via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Bitcoin Core version 0.11.2 is now available from:
>
>   <https://bitcoin.org/bin/bitcoin-core-0.11.2/>
>
> Alternatively, through bittorrent:
>
>
> magnet:?xt=urn:btih:d6d3387160f7e14f6f27dc40ae84cf566ebf631b&dn=bitcoin-core-0.11.2&tr=udp%3A%2F%
> 2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%3A%2F%
> 2Ftracker.publicbt.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.ccc.de
> %3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk
> %3A6969&tr=udp%3A%2F%2Fopen.demonii.com
> %3A1337&ws=https%3A%2F%2Fbitcoin.org%2Fbin%2F
>
> This is a new minor version release, bringing bug fixes, the BIP65
> (CLTV) consensus change, and relay policy preparation for BIP113. It is
> recommended to upgrade to this version as soon as possible.
>
> Please report bugs using the issue tracker at github:
>
>   <https://github.com/bitcoin/bitcoin/issues>
>
> Upgrading and downgrading
> =========================
>
> How to Upgrade
> - --------------
>
> If you are running an older version, shut it down. Wait until it has
> completely
> shut down (which might take a few minutes for older versions), then run the
> installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac)
> or
> bitcoind/bitcoin-qt (on Linux).
>
> Downgrade warning
> - ------------------
>
> Because release 0.10.0 and later makes use of headers-first
> synchronization and
> parallel block download (see further), the block files and databases are
> not
> backwards-compatible with pre-0.10 versions of Bitcoin Core or other
> software:
>
> * Blocks will be stored on disk out of order (in the order they are
> received, really), which makes it incompatible with some tools or
> other programs. Reindexing using earlier versions will also not work
> anymore as a result of this.
>
> * The block index database will now hold headers for which no block is
> stored on disk, which earlier versions won't support.
>
> If you want to be able to downgrade smoothly, make a backup of your entire
> data
> directory. Without this your node will need start syncing (or importing
> from
> bootstrap.dat) anew afterwards. It is possible that the data from a
> completely
> synchronised 0.10 node may be usable in older versions as-is, but this is
> not
> supported and may break as soon as the older version attempts to reindex.
>
> This does not affect wallet forward or backward compatibility. There are no
> known problems when downgrading from 0.11.x to 0.10.x.
>
> Notable changes since 0.11.1
> ============================
>
> BIP65 soft fork to enforce OP_CHECKLOCKTIMEVERIFY opcode
> - --------------------------------------------------------
>
> This release includes several changes related to the [BIP65][] soft fork
> which redefines the existing OP_NOP2 opcode as OP_CHECKLOCKTIMEVERIFY
> (CLTV) so that a transaction output can be made unspendable until a
> specified point in the future.
>
> 1. This release will only relay and mine transactions spending a CLTV
>    output if they comply with the BIP65 rules as provided in code.
>
> 2. This release will produce version 4 blocks by default. Please see the
>    *notice to miners* below.
>
> 3. Once 951 out of a sequence of 1,001 blocks on the local node's best
> block
>    chain contain version 4 (or higher) blocks, this release will no
>    longer accept new version 3 blocks and it will only accept version 4
>    blocks if they comply with the BIP65 rules for CLTV.
>
> For more information about the soft-forking change, please see
> <https://github.com/bitcoin/bitcoin/pull/6351>
>
> Graphs showing the progress towards block version 4 adoption may be
> found at the URLs below:
>
> - - Block versions over the last 50,000 blocks as progress towards BIP65
>   consensus enforcement: <http://bitcoin.sipa.be/ver-50k.png>
>
> - - Block versions over the last 2,000 blocks showing the days to the
>   earliest possible BIP65 consensus-enforced block: <
> http://bitcoin.sipa.be/ver-2k.png>
>
> **Notice to miners:** Bitcoin Core’s block templates are now for
> version 4 blocks only, and any mining software relying on its
> getblocktemplate must be updated in parallel to use libblkmaker either
> version 0.4.3 or any version from 0.5.2 onward.
>
> - - If you are solo mining, this will affect you the moment you upgrade
>   Bitcoin Core, which must be done prior to BIP65 achieving its 951/1001
>   status.
>
> - - If you are mining with the stratum mining protocol: this does not
>   affect you.
>
> - - If you are mining with the getblocktemplate protocol to a pool: this
>   will affect you at the pool operator’s discretion, which must be no
>   later than BIP65 achieving its 951/1001 status.
>
> [BIP65]: https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki
>
> BIP113 mempool-only locktime enforcement using GetMedianTimePast()
> - ----------------------------------------------------------------
>
> Bitcoin transactions currently may specify a locktime indicating when
> they may be added to a valid block.  Current consensus rules require
> that blocks have a block header time greater than the locktime specified
> in any transaction in that block.
>
> Miners get to choose what time they use for their header time, with the
> consensus rule being that no node will accept a block whose time is more
> than two hours in the future.  This creates a incentive for miners to
> set their header times to future values in order to include locktimed
> transactions which weren't supposed to be included for up to two more
> hours.
>
> The consensus rules also specify that valid blocks may have a header
> time greater than that of the median of the 11 previous blocks.  This
> GetMedianTimePast() time has a key feature we generally associate with
> time: it can't go backwards.
>
> [BIP113][] specifies a soft fork (**not enforced in this release**) that
> weakens this perverse incentive for individual miners to use a future
> time by requiring that valid blocks have a computed GetMedianTimePast()
> greater than the locktime specified in any transaction in that block.
>
> Mempool inclusion rules currently require transactions to be valid for
> immediate inclusion in a block in order to be accepted into the mempool.
> This release begins applying the BIP113 rule to received transactions,
> so transaction whose time is greater than the GetMedianTimePast() will
> no longer be accepted into the mempool.
>
> **Implication for miners:** you will begin rejecting transactions that
> would not be valid under BIP113, which will prevent you from producing
> invalid blocks if/when BIP113 is enforced on the network. Any
> transactions which are valid under the current rules but not yet valid
> under the BIP113 rules will either be mined by other miners or delayed
> until they are valid under BIP113. Note, however, that time-based
> locktime transactions are more or less unseen on the network currently.
>
> **Implication for users:** GetMedianTimePast() always trails behind the
> current time, so a transaction locktime set to the present time will be
> rejected by nodes running this release until the median time moves
> forward. To compensate, subtract one hour (3,600 seconds) from your
> locktimes to allow those transactions to be included in mempools at
> approximately the expected time.
>
> [BIP113]: https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki
>
> Windows bug fix for corrupted UTXO database on unclean shutdowns
> - ----------------------------------------------------------------
>
> Several Windows users reported that they often need to reindex the
> entire blockchain after an unclean shutdown of Bitcoin Core on Windows
> (or an unclean shutdown of Windows itself). Although unclean shutdowns
> remain unsafe, this release no longer relies on memory-mapped files for
> the UTXO database, which significantly reduced the frequency of unclean
> shutdowns leading to required reindexes during testing.
>
> For more information, see: <https://github.com/bitcoin/bitcoin/pull/6917>
>
> Other fixes for database corruption on Windows are expected in the
> next major release.
>
> 0.11.2 Change log
> =================
>
> Detailed release notes follow. This overview includes changes that affect
> behavior, not code moves, refactors and string updates. For convenience in
> locating
> the code changes and accompanying discussion, both the pull request and
> git merge commit are mentioned.
>
> - - #6124 `684636b` Make CScriptNum() take nMaxNumSize as an argument
> - - #6124 `4fa7a04` Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65)
> - - #6124 `6ea5ca4` Enable CHECKLOCKTIMEVERIFY as a standard script verify
> flag
> - - #6351 `5e82e1c` Add CHECKLOCKTIMEVERIFY (BIP65) soft-fork logic
> - - #6353 `ba1da90` Show softfork status in getblockchaininfo
> - - #6351 `6af25b0` Add BIP65 to getblockchaininfo softforks list
> - - #6688 `01878c9` Fix locking in GetTransaction
> - - #6653 `b3eaa30` [Qt] Raise debug window when requested
> - - #6600 `1e672ae` Debian/Ubuntu: Include bitcoin-tx binary
> - - #6600 `2394f4d` Debian/Ubuntu: Split bitcoin-tx into its own package
> - - #5987 `33d6825` Bugfix: Allow mining on top of old tip blocks for
> testnet
> - - #6852 `21e58b8` build: make sure OpenSSL heeds noexecstack
> - - #6846 `af6edac` alias `-h` for `--help`
> - - #6867 `95a5039` Set TCP_NODELAY on P2P sockets.
> - - #6856 `dfe55bd` Do not allow blockfile pruning during reindex.
> - - #6566 `a1d3c6f` Add rules--presently disabled--for using
> GetMedianTimePast as end point for lock-time calculations
> - - #6566 `f720c5f` Enable policy enforcing GetMedianTimePast as the end
> point of lock-time constraints
> - - #6917 `0af5b8e` leveldb: Win32WritableFile without memory mapping
> - - #6948 `4e895b0` Always flush block and undo when switching to new file
>
> Credits
> =======
>
> Thanks to everyone who directly contributed to this release:
>
> - - Alex Morcos
> - - ฿tcDrak
> - - Chris Kleeschulte
> - - Daniel Cousens
> - - Diego Viola
> - - Eric Lombrozo
> - - Esteban Ordano
> - - Gregory Maxwell
> - - Luke Dashjr
> - - Marco Falke
> - - Mark Friedenbach
> - - Matt Corallo
> - - Micha
> - - Mitchell Cash
> - - Peter Todd
> - - Pieter Wuille
> - - Wladimir J. van der Laan
> - - Zak Wilcox
>
> And those who contributed additional code review and/or security research.
>
> As well as everyone that helped translating on [Transifex](
> https://www.transifex.com/projects/p/bitcoin/).
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBCgAGBQJWReHOAAoJEHSBCwEjRsmmTAAH/iZQGklLHLIM6a2tTOj4d/O6
> xHg5bJhXGjtzO284Uy3phTzvk+e4mqBTjI8BrSr4D+Vw7mJrfWihdTLlgZYCwso3
> AyAk8ud1H42QanAfUvciY5uXd7cyzr8tCnCIBkvwJT5O8tI3FFhSMM5Fs86WnsP1
> Y10+93sxaVJUave2xm1bmgiwApFZKQ2MNU1IVgFaW8agB59fuqtPRnBdKiK/j+AO
> Jn1LKsObsINYhjtkAFiC66mUOBZ2N3rdhbN3LFl+u7EriTLoYk1OtZZhlC+rOueo
> nxl1H5SHStjrD27vE9Hv2qD5Ckrwo3zib8hZNIVs6MJjFnWUCwNtNg0nqDEvpn4=
> =xXdY
> -----END PGP SIGNATURE-----
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

-- 
I like to provide some work at no charge to prove my value. Do you need a
techie?
I own Litmocracy <http://www.litmocracy.com> and Meme Racing
<http://www.memeracing.net> (in alpha).
I'm the webmaster for The Voluntaryist <http://www.voluntaryist.com> which
now accepts Bitcoin.
I also code for The Dollar Vigilante <http://dollarvigilante.com/>.
"He ought to find it more profitable to play by the rules" - Satoshi
Nakamoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151113/debf1563/attachment-0001.html>