From 2b65ac06480d35f8297582554f8d011cffeb778f Mon Sep 17 00:00:00 2001 From: goatpig Date: Thu, 21 Sep 2017 21:51:57 +0200 Subject: [PATCH] changelog and version bump --- armoryengine/ArmoryUtils.py | 2 +- changelog.txt | 26 ++++++++++++++++++++++++++ configure.ac | 2 +- cppForSwig/BitcoinP2P.cpp | 2 +- 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/armoryengine/ArmoryUtils.py b/armoryengine/ArmoryUtils.py index ec597210d..415ec6f69 100644 --- a/armoryengine/ArmoryUtils.py +++ b/armoryengine/ArmoryUtils.py @@ -68,7 +68,7 @@ LEVELDB_HEADERS = 'leveldb_headers' # Version Numbers -BTCARMORY_VERSION = (0, 96, 2, 0) # (Major, Minor, Bugfix, AutoIncrement) +BTCARMORY_VERSION = (0, 96, 3, 0) # (Major, Minor, Bugfix, AutoIncrement) PYBTCWALLET_VERSION = (1, 35, 0, 0) # (Major, Minor, Bugfix, AutoIncrement) # ARMORY_DONATION_ADDR = '1ArmoryXcfq7TnCSuZa9fQjRYwJ4bkRKfv' diff --git a/changelog.txt b/changelog.txt index 2aa9ca94c..f63bf92cf 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,29 @@ +v0.96.3 released September 21st 2017 +== Vulnerability Fix == + - Fragmented backups were using a faulty implementation of Shamir's Secret Sharing (SSS). + One of the requirement of SSS security parameters is that the coefficients of the curve are chozen randomly. The implementation + up to this point was deriving these coefficients deterministically. + + - While it is hard to determine how far the deterministic coefficient generation erodes the security of SSS, and how exploitable + the vulnerability is, the recommendation for users of fragmented backups is to treat the wallets backed up in this fashion as + compromised and to migrate all funds to a new wallet. + + - The fragmented backup code now properly randomizes the SSS coefficients. Fragmented backups created with version 0.96.3 and later + are safe to use. + + - The result of this change is that fragmented backups will no longer be deterministic. The previous behavior guaranteed a given + wallet will always return the same set of fragments for a given M-of-N scheme. Since it deteriorates SSS security properties, + the behavior has to be rolled back. + - Fragment sets are now generated randomly, therefor an unique ID has been added to each set to identify them. You cannot mix + and match sets. + - While Armory can no longer generate deterministic fragments, it can still restore wallets from deterministic fragments. + + - Many thanks to Gregory Maxwell (greg@xiph.org) for identifying and reporting the vulnerability as well as reviewing the fix. + +== Fixed == + - Fixed faulty version packet deserialization revealed by Core 0.15.0.1 + + v0.96.2, released August 27th 2017 == Added == - Enabled SegWit on the mainnet. Running against a node with WITNESS service bit flagged will allow you to create SegWit addresses. diff --git a/configure.ac b/configure.ac index ecbeeb944..220ed80d2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ(2.60) -AC_INIT([BitcoinArmory], [0.96.1], [moothecowlord@gmail.com]) +AC_INIT([BitcoinArmory], [0.96.3], [moothecowlord@gmail.com]) AM_INIT_AUTOMAKE([1.10 subdir-objects foreign -Wall -Werror]) diff --git a/cppForSwig/BitcoinP2P.cpp b/cppForSwig/BitcoinP2P.cpp index f3ab3058b..e8a4830b1 100644 --- a/cppForSwig/BitcoinP2P.cpp +++ b/cppForSwig/BitcoinP2P.cpp @@ -936,7 +936,7 @@ void BitcoinP2P::connectLoop(void) version.setVersionHeaderIPv4(70012, services, timestamp, node_addr_, clientsocketaddr); - version.userAgent_ = "Armory:0.96.2"; + version.userAgent_ = "Armory:0.96.3"; version.startHeight_ = -1; sendMessage(move(version));