Browse Source

gitian: upgrade openssl to 1.0.1g for both win and linux

OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
4a811b0053
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 10
      contrib/gitian-descriptors/deps-linux.yml
  2. 10
      contrib/gitian-descriptors/deps-win.yml
  3. 6
      contrib/gitian-descriptors/gitian-linux.yml
  4. 6
      contrib/gitian-descriptors/gitian-win.yml
  5. 6
      contrib/gitian-descriptors/qt-win.yml
  6. 2
      doc/release-process.md

10
contrib/gitian-descriptors/deps-linux.yml

@ -16,7 +16,7 @@ packages:
reference_datetime: "2013-06-01 00:00:00" reference_datetime: "2013-06-01 00:00:00"
remotes: [] remotes: []
files: files:
- "openssl-1.0.1e.tar.gz" - "openssl-1.0.1g.tar.gz"
- "miniupnpc-1.8.tar.gz" - "miniupnpc-1.8.tar.gz"
- "qrencode-3.4.3.tar.bz2" - "qrencode-3.4.3.tar.bz2"
- "protobuf-2.5.0.tar.bz2" - "protobuf-2.5.0.tar.bz2"
@ -30,15 +30,15 @@ script: |
export TZ=UTC export TZ=UTC
export LIBRARY_PATH="$STAGING/lib" export LIBRARY_PATH="$STAGING/lib"
# Integrity Check # Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c
echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
# #
tar xzf openssl-1.0.1e.tar.gz tar xzf openssl-1.0.1g.tar.gz
cd openssl-1.0.1e cd openssl-1.0.1g
# need -fPIC to avoid relocation error in 64 bit builds # need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o # need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
@ -95,4 +95,4 @@ script: |
done done
# #
cd $STAGING cd $STAGING
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r4.zip

10
contrib/gitian-descriptors/deps-win.yml

@ -14,7 +14,7 @@ packages:
reference_datetime: "2011-01-30 00:00:00" reference_datetime: "2011-01-30 00:00:00"
remotes: [] remotes: []
files: files:
- "openssl-1.0.1e.tar.gz" - "openssl-1.0.1g.tar.gz"
- "db-4.8.30.NC.tar.gz" - "db-4.8.30.NC.tar.gz"
- "miniupnpc-1.8.tar.gz" - "miniupnpc-1.8.tar.gz"
- "zlib-1.2.8.tar.gz" - "zlib-1.2.8.tar.gz"
@ -28,7 +28,7 @@ script: |
INDIR=$HOME/build INDIR=$HOME/build
TEMPDIR=$HOME/tmp TEMPDIR=$HOME/tmp
# Input Integrity Check # Input Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c
echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c
@ -48,8 +48,8 @@ script: |
mkdir -p $INSTALLPREFIX $BUILDDIR mkdir -p $INSTALLPREFIX $BUILDDIR
cd $BUILDDIR cd $BUILDDIR
# #
tar xzf $INDIR/openssl-1.0.1e.tar.gz tar xzf $INDIR/openssl-1.0.1g.tar.gz
cd openssl-1.0.1e cd openssl-1.0.1g
if [ "$BITS" == "32" ]; then if [ "$BITS" == "32" ]; then
OPENSSL_TGT=mingw OPENSSL_TGT=mingw
else else
@ -124,5 +124,5 @@ script: |
done done
# #
cd $INSTALLPREFIX cd $INSTALLPREFIX
find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r10.zip find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r11.zip
done # for BITS in done # for BITS in

6
contrib/gitian-descriptors/gitian-linux.yml

@ -21,8 +21,8 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git" - "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin" "dir": "bitcoin"
files: files:
- "bitcoin-deps-linux32-gitian-r3.zip" - "bitcoin-deps-linux32-gitian-r4.zip"
- "bitcoin-deps-linux64-gitian-r3.zip" - "bitcoin-deps-linux64-gitian-r4.zip"
- "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip"
script: | script: |
@ -36,7 +36,7 @@ script: |
# #
mkdir -p $STAGING mkdir -p $STAGING
cd $STAGING cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r4.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
cd ../build cd ../build
# #

6
contrib/gitian-descriptors/gitian-win.yml

@ -26,8 +26,8 @@ files:
- "qt-win64-5.2.0-gitian-r2.zip" - "qt-win64-5.2.0-gitian-r2.zip"
- "boost-win32-1.55.0-gitian-r6.zip" - "boost-win32-1.55.0-gitian-r6.zip"
- "boost-win64-1.55.0-gitian-r6.zip" - "boost-win64-1.55.0-gitian-r6.zip"
- "bitcoin-deps-win32-gitian-r10.zip" - "bitcoin-deps-win32-gitian-r11.zip"
- "bitcoin-deps-win64-gitian-r10.zip" - "bitcoin-deps-win64-gitian-r11.zip"
- "protobuf-win32-2.5.0-gitian-r4.zip" - "protobuf-win32-2.5.0-gitian-r4.zip"
- "protobuf-win64-2.5.0-gitian-r4.zip" - "protobuf-win64-2.5.0-gitian-r4.zip"
script: | script: |
@ -61,7 +61,7 @@ script: |
cd $STAGING cd $STAGING
unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r2.zip unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r2.zip
unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r10.zip unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r11.zip
unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
if [ "$NEEDDIST" == "1" ]; then if [ "$NEEDDIST" == "1" ]; then
# Make source code archive which is architecture independent so it only needs to be done once # Make source code archive which is architecture independent so it only needs to be done once

6
contrib/gitian-descriptors/qt-win.yml

@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00"
remotes: [] remotes: []
files: files:
- "qt-everywhere-opensource-src-5.2.0.tar.gz" - "qt-everywhere-opensource-src-5.2.0.tar.gz"
- "bitcoin-deps-win32-gitian-r10.zip" - "bitcoin-deps-win32-gitian-r11.zip"
- "bitcoin-deps-win64-gitian-r10.zip" - "bitcoin-deps-win64-gitian-r11.zip"
script: | script: |
# Defines # Defines
export TZ=UTC export TZ=UTC
@ -48,7 +48,7 @@ script: |
# #
# Need mingw-compiled openssl from bitcoin-deps: # Need mingw-compiled openssl from bitcoin-deps:
cd $DEPSDIR cd $DEPSDIR
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r10.zip unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r11.zip
# #
cd $BUILDDIR cd $BUILDDIR
# #

2
doc/release-process.md

@ -40,7 +40,7 @@ Release Process
mkdir -p inputs; cd inputs/ mkdir -p inputs; cd inputs/
wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.8.tar.gz' -O miniupnpc-1.8.tar.gz wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.8.tar.gz' -O miniupnpc-1.8.tar.gz
wget 'https://www.openssl.org/source/openssl-1.0.1e.tar.gz' wget 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz' wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz'
wget 'http://zlib.net/zlib-1.2.8.tar.gz' wget 'http://zlib.net/zlib-1.2.8.tar.gz'
wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz' wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz'

Loading…
Cancel
Save