Heartbleed: When will bitcoind 0.9.1 be released for Ubuntu 12.04?

I am running bitcoind 9.0 on a server (without GUI) with Ubuntu 12.04 (Precise Pangolin)

When I enter in my shell

bitcoind getinfo

I get

{
    "version" : 90000,
    "protocolversion" : 70002,
    "walletversion" : 10500,
    ...
    "errors" : "URGENT: Upgrade required: see https://www.bitcoin.org/heartbleed"
}

When I go to https://www.bitcoin.org/heartbleed I find a link to the download-page: https://bitcoin.org/en/download. On this page is a link for Ubuntu:

https://launchpad.net/~bitcoin/+archive/bitcoin

There I can read, that I must add this lines to /etc/apt/sources.list

deb http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu precise main 
deb-src http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu precise main

I already had entered this lines some weeks before (to be able to install version 0.9)

But when I enter

bitcoind stop
apt-get update
apt-get upgrade
bitcoind 
bitcoind getinfo

I get exactly the same message:

"version" : 90000,
...
"errors" : "URGENT: Upgrade required: see https://www.bitcoin.org/heartbleed"

What must I do to get a version of bitcoind that is not vulnerable to heartbleed?

ubuntu

Hubert Schölnast

Posted 2014-04-18T11:10:26.073

Reputation: 170

Answers

See my answer here. Short version: if you upgrade your system OpenSSL libraries, it is not necessary to upgrade to Bitcoin Core 0.9.1.

(If someone will upvote the other answer, we can close this question as a duplicate of the other one.)

Nate Eldredge

Posted 2014-04-18T11:10:26.073

Reputation: 21 420

Don't use the Ubuntu PPA for bitcoin as it is outdated.

Instead, downlaod the generic Linux tarball. Don't worry, you don't have to compile anything, it contains binaries as well.

Download link: https://bitcoin.org/en/download

Unpack, and copy the binaries from bin/64 folder to /usr/local/bin

You can just copy&paste this into your terminal:

wget https://bitcoin.org/bin/0.9.1/bitcoin-0.9.1-linux.tar.gz
tar xvzf bitcoin-0.9.1-linux.tar.gz
cd bitcoin-0.9.1-linux/bin/64
sudo cp bitcoind bitcoin-cli bitcoin-qt /usr/local/bin

Jozef

Posted 2014-04-18T11:10:26.073

Reputation: 1 374

Have you actually tried this on Ubuntu 12.04? I suspect it will not work, since Bitcoin Core 0.9.1 adds a dependency on OpenSSL 1.0.1g, which Ubuntu does not ship. (They use an earlier version, but Heartbleed has been patched.) See my answer. So the result will probably just be a bitcoind that does not run. – Nate Eldredge – 2014-04-18T12:32:40.113

For heartbleed, updating bitcoind is not the point; rather, you have to update your system OpenSSL libraries. The Ubuntu PPA does supply Bitcoin Core 0.9.0, which is identical to 0.9.1 except for the OpenSSL dependency (which is wrong in this case anyway), so I wouldn't characterize it as "outdated". – Nate Eldredge – 2014-04-18T12:34:01.103

Oh, I take it back; those binaries appear to have a statically linked OpenSSL. But if you upgraded from source, you'd have a problem. – Nate Eldredge – 2014-04-18T12:38:01.480

I've been watching the PPA for a while and it has always been at least one version behind (even a few days after 0.9 was released). So yes, it is permanently outdated and I don't recommend using it. – Jozef – 2014-04-18T15:21:54.667

I tried what you suggested and ended up with "EXCEPTION: 13leveldb_error". I guess Nate Eldredge is right: It does nor work under Ubuntu 12.04!!! – Hubert Schölnast – 2014-04-18T15:34:04.457

Don't have Ubuntu machine right now, but it's working on Debian Wheezy. You can try to run binaries with .static suffix instead. If that doesn't help, you'll need to install specific versions of libs to your system, or build it from source by yourself. P.S.: you can also try to upgrade Ubuntu to freshly released 14.04. – Jozef – 2014-04-18T18:07:45.263