openSUSE Security Update: Security update for bitcoin
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0072-1
Rating:             moderate
References:         
Cross-References:   CVE-2021-3195
CVSS scores:
                    CVE-2021-3195 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for bitcoin fixes the following issues:

   Update to version 0.21.2

   * P2P protocol and network code
     * use NetPermissions::HasFlag() in CConnman::Bind()
     * Rate limit the processing of rumoured addresses
   * Wallet
     * Do not iterate a directory if having an error while accessing it
   * RPC
     * Reset scantxoutset progress before inferring descriptors
   * Build System
     * depends: update Qt 5.9 source url
     * Update Windows code signing certificate
     * Use custom MacOS code signing tool
     * Fix build with Boost 1.77.0
   * Tests and QA
     * Build with --enable-werror by default, and document exceptions
     * Fix intermittent feature_taproot issue
     * Fix macOS brew install command
     * add missing ECCVerifyHandle to base_encode_decode
     * Run fuzzer task for the master branch only
   * GUI
     * Do not use QClipboard::Selection on Windows and macOS.
     * Remove user input from URI error message
     * Draw "eye" sign at the beginning of watch-only addresses
   * Miscellaneous
     * Fix crash when parsing command line with -noincludeconf=0
     * util: Properly handle -noincludeconf on command line (take 2)

   Update to version 0.21.1

   * Consensus:
     * Speedy trial support for versionbits
     * Speedy trial activation parameters for Taproot
   * P2P protocol and network code
     * allow CSubNet of non-IP networks
     * Avoid UBSan warning in ProcessMessage
   * Wallet
     * Introduce DeferredSignatureChecker and have SignatureExtractorClass
       subclass it
     * Avoid requesting fee rates multiple times during coin selection
   * RPC and other APIs:
     * Disallow sendtoaddress and sendmany when private keys disabled
       CVE-2021-3195

   Update to version 0.21.0:

   * For full details see release-notes-0.21.0.md

   Update to version 0.20.1

   * Mining
     * Fix GBT: Restore "!segwit" and "csv" to "rules" key
   * P2P protocol and network code
     * Replace automatic bans with discouragement filter
   * Wallet
     * Handle concurrent wallet loading
     * Minimal fix to restore conflicted transaction notifications
   * RPC and other APIs
     * Increment input value sum only once per UTXO in decodepsbt
     * psbt: Increment input value sum only once per UTXO in decodepsbt
     * psbt: Include and allow both non_witness_utxo and witness_utxo for
       segwit inputs
   * GUI
     * Add missing QPainterPath include
     * update Qt base translations for macOS release
   * Misc
     * util: Don't reference errno when pthread fails
     * Fix locking on WSL using flock instead of fcntl

   Update to version 0.20.0:

   * See
   https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-no
     tes-0.20.0.md

   - Do not run bitcoind in daemon mode. Running it not as a background
     process makes it working properly with journald (instead of writing logs
     in /var/log).

   Update to version 0.19.1:

   * Wallet
     * Fix origfee return for bumpfee with feerate arg
     * Fix unique_ptr usage in boost::signals2
     * Fix issue with conflicted mempool tx in listsinceblock
     * Bug: IsUsedDestination shouldn't use key id as script id for ScriptHash
     * IsUsedDestination should count any known single-key address
     * Reset reused transactions cache
   * RPC and other APIs
     * cli: Fix fatal leveldb error when specifying
       -blockfilterindex=basic twice
     * require second argument only for scantxoutset start action
     * zmq: Fix due to invalid argument and multiple notifiers
     * psbt: handle unspendable psbts
     * psbt: check that various indexes and amounts are within bounds
   * GUI
     * Fix missing qRegisterMetaType for size_t
     * disable File->CreateWallet during startup
     * Fix comparison function signature
     * Fix unintialized WalletView::progressDialog
   * Tests and QA
     * Appveyor improvement - text file for vcpkg package list
     * fix "bitcoind already running" warnings on macOS
     * add missing #include to fix compiler errors
   * Platform support
     * Update msvc build for Visual Studio 2019 v16.4
     * Updates to appveyor config for VS2019 and Qt5.9.8 + msvc project fixes
     * bug-fix macos: give free bytes to F_PREALLOCATE
   * Miscellaneous
     * init: Stop indexes on shutdown after ChainStateFlushed callback
     * util: Add missing headers to util/fees.cpp
     * Unbreak build with Boost 1.72.0
     * scripts: Fix symbol-check & security-check argument passing
     * Log to net category for exceptions in ProcessMessages
     * Update univalue subtree


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-72=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):

      bitcoin-qt5-0.21.2-bp153.2.3.1
      bitcoin-test-0.21.2-bp153.2.3.1
      bitcoin-utils-0.21.2-bp153.2.3.1
      bitcoind-0.21.2-bp153.2.3.1
      libbitcoinconsensus-devel-0.21.2-bp153.2.3.1
      libbitcoinconsensus0-0.21.2-bp153.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2021-3195.html