Wednesday, September 4, 2013

Litecoin Release Notes

If you appreciate our work please consider a small contribution to the Litecoin Developer Fund.  Follow the Google+ page or Twitter for the latest dev news.

Litecoin is a minor security and bug fix update.  We also include the bloom crash fix that was considered critical in Bitcoin 0.8.4.  However as Litecoin disabled bloom by default in, we believe (but are not 100% certain) that it was not vulnerable under the default configuration to that issue.  This release also contains an important fix for MacOS X users. has been unchanged and in testing since August 22nd.  Everyone should upgrade to Litecoin

    • Equivalent to Bitcoin 0.8.4
      • CVE-2013-5700 Bloom filter crash issue - Litecoin disabled bloom by default so was unaffected by this issue, but we include their patches anyway just in case folks want to enable bloomfilter=1.
      • CVE-2013-4165: RPC password timing guess vulnerability
      • CVE-2013-4627: Better fix for the fill-memory-with-orphaned-tx attack
      • Fix multi-block reorg transaction resurrection.
      • Fix non-standard disconnected transactions causing mempool orphans.  This bug could cause nodes running with the -debug flag to crash, although it was lot less likely on Litecoin as we disabled IsDust() in 0.8.3.x.
      • Mac OSX: use 'FD_FULLSYNC' with LevelDB, which will (hopefully!) prevent the database corruption issues have experienced on OSX.
      • (other fixes were already included in Litecoin
    • Add height parameter to getnetworkhasps - also submitted to Bitcoin in PR #2888
    • Update Norwegian and Swedish translations.  They were actually stemming from broken translations in Bitcoin, which we fixed too for 0.9.
    • Minor efficiency improvement in block peer request handling.
  • [Read More for older notes]
    • Code and security audit complete.
    • Fix Hebrew translation.
    • Add scrypt unit test.
    • Add option for bloom filtering.
    • Pre-release message removed.
Upgrade Safely from Litecoin 0.8.3.x
Backup your wallet.dat then simply install the latest upgrade. is very close to so things should just work.

Upgrade Safely from Litecoin 0.6.x
Backup your wallet.dat from 0.6.x.  That is the only file you will need to restore litecoin-0.6.x if you need to downgrade later.  Follow the steps described on this page on how to find your wallet.dat, except you replace Bitcoin with Litecoin.

Why Alert for
0.6.x has an alert because we cannot vouch for the safety of any 0.6.x node, and the developers have decided to no longer make any updates to the 0.6.x branch because too many things need to be fixed.  0.6.x has several known CVE's from Bitcoin yet unpatched, plus a few other issues not well known to the public.  Although it is likely to remain compatible for a while longer, it is highly not recommended for anyone to continue to use due to the risk of unpatched DoS vulnerabilities.

Faster Block Sync or Reindexing
The first time you run Litecoin 0.8.x it needs to reindex your existing 0.6 blockchain or download all blocks and index it from scratch.  You can make this much faster by running litecoin-qt or litecoind with the -dbcache=X parameter, where X is a number in megabytes you want to dedicate to the dbcache.  The default is 25MB which is fine for normal operation, but your reindexing of the entire blockchain can be much faster if you give it a higher number like 500 or 1000.  Currently Litecoin without -dbcache needs up to 400MB of RAM, so be careful to add dbcache at a level that avoids swapping which will hurt performance.  Remove -dbcache after your 0.8 is fully upgraded and synchronized with the blockchain to reduce your memory requirements.

Download Source Code
v0.8.4.1 GPG signed tag, master-0.8 branch, git hash 4be9f4d40ea4bd40cf1c99649f1d613a28bb33e1

Download Binaries
Warning: Please use GPG to verify the integrity of the binary downloads.  Linux, MacOS or Win32 cygwin command line GPG instructions are available here.  The community wrote a Windows GPG4Win guide with screenshots which is available here.  Please note that the Linux and Win32 builds are signed by the team GPG key C37E4723969276F5 while the MacOS builds are signed by 657EB016521670C0.  The exact binaries for Linux and Win32 are reproducible with the Gitian procedure below.
  • Downloads are available from [] and [mirror]
  • Supported Systems
    • Windows XP+
    • Linux
    • MacOS X 10.6.x+
    • MacOS X 10.5.x might work.  We are not sure.  We are interested in reports of it working or failing.
Gitian Build Integrity Verification
If you have a Linux x86_64 machine (Ubuntu, Fedora or Gentoo) that is not a virtual machine, it is possible for you to help by taking part of the gitian.sigs verification process.  Gitian builds the specified GPG tag from git in a new virtual machine created specially for the purpose of making a clean, deterministic binary build.  The deterministic binaries are meant to guard against any entity inserting hostile code, as anyone is capable of reproducing the official builds that are byte-for-byte identical when built from same source code using the gitian process.  Gitian is not easy to use, and you are also required to have a GPG key.  Random members of the public are invited to follow the step-by-step gitian procedure and to submit a github Pull Request containing your GPG signed files.  The more independent individuals who do this, the greater certainty we can have that the official binaries are good.

Experimental Client Variants tag v0.8.4.1-cc
Coin Control variant, Binary downloads available here.  Verify GPG before using binaries!

Known Bug
RPC can become stuck if you have four concurrent keepalive connections using up all four RPC threads.   Discussion and a known workaround can be found here.  Please submit Issues, code review comments or Pull Requests to the github branch master-0.8.

Litecoin 0.8.x developers: aspect, coblee, face, petertodd, pooler, thrasher, wtogami
Bitcoin 0.8.4: <the people listed here>

Litecoin in this forum thread.  Chat with other Litecoin users in #litecoin

Support Litecoin Development
If you appreciate our work, please consider making a small donation to the Litecoin Dev Fundraiser.  It takes a considerable amount of effort to guard against mistakes while working on this software.  We also use funds to cover regular expenses like server infrastructure, hire a professional security auditor and other contractors, to pay a law firm to protect the project, and to produce an upcoming educational video about Litecoin.  Businesses may be interested in getting their name listed in the sponsor list.

No comments:

Post a Comment

For technical support please go to the forum. Blog comments are a bad place for discussion.