Security update: Nu 2.0.3 and B&C Exchange 3.0.2

Nu 2.0.2 and B&C Exchange 3.0.1 introduced a new flaw. An attacker could make other nodes access invalid memory.

We made new releases to fix this issue. All nodes should upgrade as soon as possible. This release doesn’t change anything besides this security fix.

Nu 2.0.3:
git: build from the 2.0.3-Stable-Release branch or the v2.0.3 tag.

B&C Exchange 3.0.2:
git: build from the 3.0-stable branch or the v3.0.2 tag.


753b8c536861ab8fd38aafa03fb4bab0d44aa1809db3e113627ea8eb6bb481cb  nu-2.0.3-osx.dmg
a3d7abc8bcdd793e296f588eb05609d9dc3c013802a230d16d92f90c1c32ba90  BCExchange-3.0.2-osx.dmg

compiled and running it on Raspberry Pi from git directory

cd nubit/
git fetch origin
git checkout v2.0.3
cd src
sudo dd if=/dev/zero of=/swapfile bs=64M count=16
sudo mkswap /swapfile
sudo swapon /swapfile
make -f makefile.unix
sudo swapoff /swapfile
sudo rm /swapfile
strip nud
chmod 700 nud
mv nud ~/.nu/nud2.0.3
cd ~/.nu
ln -s nud2.0.3 nud

also updated raspberry pi build on

Is this mandatory or no? I don’t see it on the download page of the website.

Yes it is. Users running the previous versions are vulnerable. I’m not sure how to put these new releases on the website.

Nu 2.0.3 for OS X has been uploaded.
753b8c536861ab8fd38aafa03fb4bab0d44aa1809db3e113627ea8eb6bb481cb nu-2.0.3-osx.dmg

I’ve also updated the links on to point to the 2.0.3 release version for all platforms.

B&C Exchange 3.0.2 for OS X has been uploaded

a3d7abc8bcdd793e296f588eb05609d9dc3c013802a230d16d92f90c1c32ba90  BCExchange-3.0.2-osx.dmg

Please be aware that you will need to re-synch the network if you’ve previously run the 3.1.0-RC1 release candidate build on your Mac. Trying to run the application without clearing out the block index first will result in a fatal crash when starting 3.0.2 due to an indexing issue with the genesis block. There isn’t anything wrong with the genesis block, but it appears that there’s a subtle difference between how the index is generated within the 3.1 versions of B&C vs. how 3.0.x stores them.

Removing the block index data file fixed the problem for me, but as always, if you’re going to be messing with the files under the B&C Exchange data directory, always make a backup before proceeding. DO NOT remove your wallet*.dat files, there is no need to clear the whole data directory. has been updated with the new client downloads.

I want to upload binary file for raspberry pi2. Possible to go to homepage?

Already done:

Maybe also include bcexchanged ?

I am afraid it’s only “nud” not “bcexchanged”.

Strongly suggest to add Raspberry binary on homepage.

1 Like

And for the sake of wallet compatibility pretty please compiled with BerkeleyDB 4.8 :wink:

I would appreciate if someone else could maintain an unofficial bcexchanged.

Strongly suggest to add Raspberry binary on homepage.

We can’t because it’s untested software.

I actually never got the time to figure it. I remember we were discussing this some time ago … Apparently I am compiling with 5.1

$ cat /usr/lib/sasl2/berkeley_db.txt

I remember that uninstalling bdb wasn’t streightforward for someone so I was waiting for someone to figure out how to do the downgrade properly before corrupting that machine.

Is there a warning, because using 5.1 renders wallets incompatible with the official clients? has an updated Raspberry Pi section explaining how to get 4.8 on a RaPi2.

I see. We should harmonise the tutorial a bit more. Now we are basically first telling “install libdb+±dev” , and then we say “don’t” . If you can, please edit the tutorial with just one version of dependencies instructions.

Both 4.8 and 5.1 are options and users might choose the one that suits them best.
I wouldn’t dare say that I can decide that for anybody without knowing the requirements.

With 4.8 the wallets stay compatible with the official releases.
With 5.1 users don’t need to worry about compiling their own libdb on RaPi2 (and using it for compiling nud or bcexchanged), because 5.1 is in the official repos.

any particular reason why official nud uses 4.8 ( cc @sigmike ) ?

Mostly because that’s what Bitcoin and Peercoin use and we didn’t change that. The fact the wallet files work on all versions is also interesting.

@mhps @masterOfDisaster
Can you edit a manual of how to mint BKS on Raspberry for those only reading B&C hompages? Then we can put in on B&C website.

It’s almost exactly like – just change nu and nubit to bcexchange and nud to bcexchanged