From e0adf1389774c802a39715b1de76f0b1115eb77f Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Mon, 27 Aug 2012 10:22:57 -0400 Subject: [PATCH 1/2] Special-case the last alert for alert-key-compromised case Hard-code a special nId=max int alert, to be broadcast if the alert key is ever compromised. It applies to all versions, never expires, cancels all previous alerts, and has a fixed message: URGENT: Alert key compromised, upgrade required Variations are not allowed (ignored), so an attacker with the private key cannot broadcast empty-message nId=max alerts. --- src/main.cpp | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/main.cpp b/src/main.cpp index 1821576dc55..1860f471da3 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1970,6 +1970,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + CRITICAL_BLOCK(cs_mapAlerts) { // Cancel previous alerts From b9b15578bb52a7a7394fd1ef497f186c5c950cb1 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Mon, 27 Aug 2012 19:07:05 +0000 Subject: [PATCH 2/2] Bump version to 0.4.8 --- contrib/Bitcoin.app/Contents/Info.plist | 4 ++-- doc/README | 2 +- doc/README_windows.txt | 2 +- share/setup.nsi | 6 +++--- src/serialize.h | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/Bitcoin.app/Contents/Info.plist b/contrib/Bitcoin.app/Contents/Info.plist index a7efd905f1f..1517aecc046 100644 --- a/contrib/Bitcoin.app/Contents/Info.plist +++ b/contrib/Bitcoin.app/Contents/Info.plist @@ -17,11 +17,11 @@ CFBundlePackageType APPL CFBundleShortVersionString - 0.4.7 + 0.4.8 CFBundleSignature ???? CFBundleVersion - 400 + 408 LSMinimumSystemVersion 10.5 CFBundleIconFile diff --git a/doc/README b/doc/README index 00e24e78195..789cbe37f81 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -Bitcoin 0.4.7 BETA +Bitcoin 0.4.8 BETA Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying diff --git a/doc/README_windows.txt b/doc/README_windows.txt index f611b6acd39..2255a55e750 100644 --- a/doc/README_windows.txt +++ b/doc/README_windows.txt @@ -1,4 +1,4 @@ -Bitcoin 0.4.7 BETA +Bitcoin 0.4.8 BETA Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying diff --git a/share/setup.nsi b/share/setup.nsi index c0440838589..b44446e83f3 100644 --- a/share/setup.nsi +++ b/share/setup.nsi @@ -5,7 +5,7 @@ SetCompressor /SOLID lzma # General Symbol Definitions !define REGKEY "SOFTWARE\$(^Name)" -!define VERSION 0.4.7 +!define VERSION 0.4.8 !define COMPANY "Bitcoin project" !define URL http://www.bitcoin.org/ @@ -45,13 +45,13 @@ Var StartMenuGroup !insertmacro MUI_LANGUAGE English # Installer attributes -OutFile bitcoin-0.4.7-win32-setup.exe +OutFile bitcoin-0.4.8-win32-setup.exe InstallDir $PROGRAMFILES\Bitcoin CRCCheck on XPStyle on BrandingText " " ShowInstDetails show -VIProductVersion 0.4.7.0 +VIProductVersion 0.4.8.0 VIAddVersionKey ProductName Bitcoin VIAddVersionKey ProductVersion "${VERSION}" VIAddVersionKey CompanyName "${COMPANY}" diff --git a/src/serialize.h b/src/serialize.h index c7e64dac768..18aa2a56a33 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -59,7 +59,7 @@ class CDataStream; class CAutoFile; static const unsigned int MAX_SIZE = 0x02000000; -static const int VERSION = 40703; +static const int VERSION = 40800; static const char* pszSubVer = ""; static const bool VERSION_IS_BETA = true;