Release 2.05.0.2.1: security fix

8 views
Skip to first unread message

Jude Nelson

unread,
Jun 3, 2022, 3:19:43 PM6/3/22
to announce
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

We have released Stacks version 2.05.0.2.1, available here: https://github.com/stacks-network/stacks-blockchain/releases/tag/2.05.0.2.1.

This is a security fix that impacts follower nodes that do _not_ connect to a trusted Bitcoin node.  Such users are encouraged to upgrade as soon as possible.  The fix alters the way in which the node processes Bitcoin SPV headers to validate that the header stream it believes represents the canonical Bitcoin blockchain also has the highest total chainwork of all known header streams.  Moreover, the fix ensures that a node will never accept a header stream with less chainwork than a previously-seen fork, nor will it accept a new header with a timestamp too far in the future or the past.

Node operators who connect to trusted Bitcoin nodes (i.e. on the same host, or on the same private network) are not affected.

Changelog:

## [2.05.0.2.1]

### Fixed
- - Fixed a security bug in the SPV client whereby the chain work was not being
considered at all when determining the canonical Bitcoin fork.  The SPV client
now only accepts a new Bitcoin fork if it has a higher chain work than any other
previously-seen chain (#3152).

Git commit hash: 38aa968d7e81d575453ba5253aa8e64a8ac7cec9
SHA512SUMS:
1a465f427a49b92395e3c330565bd7ec661c8527006979d0602bb9ae6ce714acdcb5faa5767ca918f67047b14b9c1fc42ef6f7f5f82de45ed9b8cbfbc5100619  linux-arm64.zip
c0ec0d3e8bc6ed0b757735ce27568198a6cbe1a8410d59421dbdb9f9438d2d5acb618dd29eacac869fa9a910580e754d290535453a69e973fc6e5a2395d9a488  linux-armv7.zip
cdd77cca5fa9289d9417f187db2dfea0be1547a5752bf4159438b93a8dd352d205f350e3b4538156d2305b1613c1e69e4ce76400c65af7d88145b5dcb368fa71  linux-musl-x64.zip
71cb5e3b9ce9966a06cec7fbb25353608b27d6529528c9b0e008eb41dd1627fc686a23397ab162f8c346ad265c9b0b199a2818d2fa7560d2a19af2939c2dc62b  linux-x64.zip
b5bb34afc183235360a2e89b9f23742da4b03c309628441b81c2e8810ea38edcf2deb4ce19091745c5633011d6b63ebd2b09d976cedd006fef8b6113c9886123  macos-arm64.zip
a2ce2f33f00d4fb7a4dccdfeab9b277c0ce865b14645f129e9077e82c056e53473ed076cb07ae2ef864840430cb4d3705122380a27001d8a2a7c64adf7f15da4  macos-x64.zip
37ed0a9dbfd3b1ba13a95af1b3058b0c49d902743d0655adb743df6c77bff788875a3737cab02c732b02f8eaf190f4a50b0e6d4d0e389f63daa6aadc4ef640b0  stacks-blockchain-2.05.0.2.1.tar.gz
c275a8a5f794dd891e13e6a7b63b24e28357b76c790f51df065a041dec5544453beb74588b544c8a3d9041f93d7ec8954919ebe26f242bc93f52a2f77de55d0a  stacks-blockchain-2.05.0.2.1.zip
1b7e9639861d9c2256396180f04fceb2c8f6d0add102ec283cff8c5ef23316fb22c292f0cfd48d9f47dcdcbabcda73005ea9344a472c0d5988cb790f8150dff5  windows-x64.zip

Best,
Jude Nelson
Research Scientist, Stacks Foundation

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+sxHzEvL+E3rJvk7PXTWiNCCJ4QFAmKaX1EUHGp1ZGVAYmxv
Y2tzdGFjay5jb20ACgkQPXTWiNCCJ4Qi7Q//aAMfJESzagAvTspBIGUdXhQfH1Q8
q3TKFyCxI+A1JafdXoJT/pn6y7MzPQ7VUTNroZABy5217oZTcn0WvQfAe6XWLsP6
efvNhV5+/X186wuVWWk0XyZgf3qiIx1i4Icy9DK4wQJsrexnGAsGngXbUpnugKPs
qlACltrlOfJRm/s6aGbF7BBtGCxvsAOMP5mhlmptcNbYsC630x7I0IbiTTUuGzix
1ffPtCnGgofY75MPtbwKhO+gIWcsQGWJtrTa8zIFTfQUA235hh5F5d9UJIMGF1nb
x7Uqc1+ZzVyjajxLXDivcWF27LRxnvPqp9z92ysVT8efpPq7I+h51ef6az732IZ5
k3HBw9KNXPYrdfR4hEsQ8nJ4L31COcYXiBog9TCOPehiyn3bSiv5VHk8SaOMuBoZ
Qe96dUzQkH0WQGSLVMHLuU/TQ23KmYj2gTxLCn3j79zsQmVTW6HuCst4k6pRR6pS
db9W/LAVWVMJziccBkOR/J8A/0cEpyYd5ELIW66NfxkAQIJLfqviO/G/S4rp3tKq
BmW7l0nuIzvlHOrevn26OFXh/I3tw28ULf2nYpBCtfapMBA1m1KPMd5BedVIWCrm
nvcLYaZr8HXESapv8/wpQ5AelmubyctQ/U2OpnBthtClsllpfZgt+KDZIsZqfqeF
Zfg+onw+mPt+eaU=
=Bu8U
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages