Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2023-04-10 🗒️ Summary of this message: Libsecp256k1 ...
📅 Original date posted:2023-04-10
🗒️ Summary of this message: Libsecp256k1 version 0.3.1 has been released, fixing a bug that left applications vulnerable to a side-channel attack when compiled with Clang 14+.
📝 Original message:Hello,
Today we'd like to announce the release of version 0.3.1 of libsecp256k1:
https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.1
This is a bugfix release after 0.3.0 (which was not announced on this list). For the full release notes of 0.3.0 and 0.3.1 see:
https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md
but the impetus for this release is the discovery that Clang 14 and later became smart enough to optimize out a specific timing side-channel protection mechanism in the code that could leave applications vulnerable to a side-channel attack. This has been fixed in 0.3.1.
We strongly recommend any users of the library to upgrade if their code may end up being compiled with Clang 14+. Bitcoin Core release binaries are not affected.
--
Pieter
🗒️ Summary of this message: Libsecp256k1 version 0.3.1 has been released, fixing a bug that left applications vulnerable to a side-channel attack when compiled with Clang 14+.
📝 Original message:Hello,
Today we'd like to announce the release of version 0.3.1 of libsecp256k1:
https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.1
This is a bugfix release after 0.3.0 (which was not announced on this list). For the full release notes of 0.3.0 and 0.3.1 see:
https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md
but the impetus for this release is the discovery that Clang 14 and later became smart enough to optimize out a specific timing side-channel protection mechanism in the code that could leave applications vulnerable to a side-channel attack. This has been fixed in 0.3.1.
We strongly recommend any users of the library to upgrade if their code may end up being compiled with Clang 14+. Bitcoin Core release binaries are not affected.
--
Pieter