Browse Source

gitian: upgrade OpenSSL to 1.0.1i

Upgrade for https://www.openssl.org/news/secadv_20140806.txt

Rebased-From: 074bcdc
Github-Pull: #4648
Michael Ford 11 years ago committed by Wladimir J. van der Laan
parent
commit
bba0175022
  1. 10
      contrib/gitian-descriptors/deps-linux.yml
  2. 10
      contrib/gitian-descriptors/deps-win.yml
  3. 6
      contrib/gitian-descriptors/gitian-linux.yml
  4. 8
      contrib/gitian-descriptors/gitian-osx-bitcoin.yml
  5. 10
      contrib/gitian-descriptors/gitian-osx-depends.yml
  6. 6
      contrib/gitian-descriptors/gitian-osx-qt.yml
  7. 6
      contrib/gitian-descriptors/gitian-win.yml
  8. 6
      contrib/gitian-descriptors/qt-win.yml
  9. 1
      doc/release-notes.md
  10. 2
      doc/release-process.md

10
contrib/gitian-descriptors/deps-linux.yml

@ -16,7 +16,7 @@ packages: @@ -16,7 +16,7 @@ packages:
reference_datetime: "2013-06-01 00:00:00"
remotes: []
files:
- "openssl-1.0.1h.tar.gz"
- "openssl-1.0.1i.tar.gz"
- "miniupnpc-1.9.tar.gz"
- "qrencode-3.4.3.tar.bz2"
- "protobuf-2.5.0.tar.bz2"
@ -30,15 +30,15 @@ script: | @@ -30,15 +30,15 @@ script: |
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
# Integrity Check
echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c
echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c
echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
#
tar xzf openssl-1.0.1h.tar.gz
cd openssl-1.0.1h
tar xzf openssl-1.0.1i.tar.gz
cd openssl-1.0.1i
# need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
@ -95,4 +95,4 @@ script: | @@ -95,4 +95,4 @@ script: |
done
#
cd $STAGING
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r7.zip

10
contrib/gitian-descriptors/deps-win.yml

@ -14,7 +14,7 @@ packages: @@ -14,7 +14,7 @@ packages:
reference_datetime: "2011-01-30 00:00:00"
remotes: []
files:
- "openssl-1.0.1h.tar.gz"
- "openssl-1.0.1i.tar.gz"
- "db-4.8.30.NC.tar.gz"
- "miniupnpc-1.9.tar.gz"
- "zlib-1.2.8.tar.gz"
@ -28,7 +28,7 @@ script: | @@ -28,7 +28,7 @@ script: |
INDIR=$HOME/build
TEMPDIR=$HOME/tmp
# Input Integrity Check
echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c
echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c
echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c
@ -48,8 +48,8 @@ script: | @@ -48,8 +48,8 @@ script: |
mkdir -p $INSTALLPREFIX $BUILDDIR
cd $BUILDDIR
#
tar xzf $INDIR/openssl-1.0.1h.tar.gz
cd openssl-1.0.1h
tar xzf $INDIR/openssl-1.0.1i.tar.gz
cd openssl-1.0.1i
if [ "$BITS" == "32" ]; then
OPENSSL_TGT=mingw
else
@ -124,5 +124,5 @@ script: | @@ -124,5 +124,5 @@ script: |
done
#
cd $INSTALLPREFIX
find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r13.zip
find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r14.zip
done # for BITS in

6
contrib/gitian-descriptors/gitian-linux.yml

@ -25,8 +25,8 @@ remotes: @@ -25,8 +25,8 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "bitcoin-deps-linux32-gitian-r6.zip"
- "bitcoin-deps-linux64-gitian-r6.zip"
- "bitcoin-deps-linux32-gitian-r7.zip"
- "bitcoin-deps-linux64-gitian-r7.zip"
- "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip"
- "qt-linux32-4.6.4-gitian-r1.tar.gz"
@ -43,7 +43,7 @@ script: | @@ -43,7 +43,7 @@ script: |
#
mkdir -p $STAGING
cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r7.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
tar -zxf ../build/qt-linux${GBUILD_BITS}-4.6.4-gitian-r1.tar.gz
cd ../build

8
contrib/gitian-descriptors/gitian-osx-bitcoin.yml

@ -18,8 +18,8 @@ remotes: @@ -18,8 +18,8 @@ remotes:
"dir": "bitcoin"
files:
- "osx-native-depends-r3.tar.gz"
- "osx-depends-r4.tar.gz"
- "osx-depends-qt-5.2.1-r4.tar.gz"
- "osx-depends-r5.tar.gz"
- "osx-depends-qt-5.2.1-r5.tar.gz"
- "MacOSX10.7.sdk.tar.gz"
script: |
@ -37,8 +37,8 @@ script: | @@ -37,8 +37,8 @@ script: |
tar -C osx-cross-depends/SDKs -xf ${SOURCES_PATH}/MacOSX10.7.sdk.tar.gz
tar -C osx-cross-depends -xf osx-native-depends-r3.tar.gz
tar -C osx-cross-depends -xf osx-depends-r4.tar.gz
tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r4.tar.gz
tar -C osx-cross-depends -xf osx-depends-r5.tar.gz
tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r5.tar.gz
export PATH=`pwd`/osx-cross-depends/native-prefix/bin:$PATH
cd bitcoin

10
contrib/gitian-descriptors/gitian-osx-depends.yml

@ -15,7 +15,7 @@ files: @@ -15,7 +15,7 @@ files:
- "boost_1_55_0.tar.bz2"
- "db-4.8.30.NC.tar.gz"
- "miniupnpc-1.9.tar.gz"
- "openssl-1.0.1h.tar.gz"
- "openssl-1.0.1i.tar.gz"
- "protobuf-2.5.0.tar.bz2"
- "qrencode-3.4.3.tar.bz2"
- "MacOSX10.7.sdk.tar.gz"
@ -26,11 +26,11 @@ script: | @@ -26,11 +26,11 @@ script: |
echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c
echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c
echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c
echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
REVISION=r4
REVISION=r5
export SOURCES_PATH=`pwd`
export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME""
export PATH=$HOME:$PATH
@ -88,8 +88,8 @@ script: | @@ -88,8 +88,8 @@ script: |
popd
# openssl
SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1h.tar.gz
BUILD_DIR=${BUILD_BASE}/openssl-1.0.1h
SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1i.tar.gz
BUILD_DIR=${BUILD_BASE}/openssl-1.0.1i
tar -C ${BUILD_BASE} -xf ${SOURCE_FILE}
pushd ${BUILD_DIR}

6
contrib/gitian-descriptors/gitian-osx-qt.yml

@ -14,14 +14,14 @@ remotes: [] @@ -14,14 +14,14 @@ remotes: []
files:
- "qt-everywhere-opensource-src-5.2.1.tar.gz"
- "osx-native-depends-r3.tar.gz"
- "osx-depends-r4.tar.gz"
- "osx-depends-r5.tar.gz"
- "MacOSX10.7.sdk.tar.gz"
script: |
echo "84e924181d4ad6db00239d87250cc89868484a14841f77fb85ab1f1dbdcd7da1 qt-everywhere-opensource-src-5.2.1.tar.gz" | sha256sum -c
REVISION=r4
REVISION=r5
export SOURCES_PATH=`pwd`
export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME""
export ZERO_AR_DATE=1
@ -73,7 +73,7 @@ script: | @@ -73,7 +73,7 @@ script: |
tar xf /home/ubuntu/build/osx-native-depends-r3.tar.gz
export PATH=`pwd`/native-prefix/bin:$PATH
tar xf /home/ubuntu/build/osx-depends-r4.tar.gz
tar xf /home/ubuntu/build/osx-depends-r5.tar.gz
SOURCE_FILE=${SOURCES_PATH}/qt-everywhere-opensource-src-5.2.1.tar.gz
BUILD_DIR=${BUILD_BASE}/qt-everywhere-opensource-src-5.2.1

6
contrib/gitian-descriptors/gitian-win.yml

@ -26,8 +26,8 @@ files: @@ -26,8 +26,8 @@ files:
- "qt-win64-5.2.0-gitian-r3.zip"
- "boost-win32-1.55.0-gitian-r6.zip"
- "boost-win64-1.55.0-gitian-r6.zip"
- "bitcoin-deps-win32-gitian-r13.zip"
- "bitcoin-deps-win64-gitian-r13.zip"
- "bitcoin-deps-win32-gitian-r14.zip"
- "bitcoin-deps-win64-gitian-r14.zip"
- "protobuf-win32-2.5.0-gitian-r4.zip"
- "protobuf-win64-2.5.0-gitian-r4.zip"
script: |
@ -61,7 +61,7 @@ script: | @@ -61,7 +61,7 @@ script: |
cd $STAGING
unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip
unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r14.zip
unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
if [ "$NEEDDIST" == "1" ]; then
# Make source code archive which is architecture independent so it only needs to be done once

6
contrib/gitian-descriptors/qt-win.yml

@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00" @@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00"
remotes: []
files:
- "qt-everywhere-opensource-src-5.2.0.tar.gz"
- "bitcoin-deps-win32-gitian-r13.zip"
- "bitcoin-deps-win64-gitian-r13.zip"
- "bitcoin-deps-win32-gitian-r14.zip"
- "bitcoin-deps-win64-gitian-r14.zip"
script: |
# Defines
export TZ=UTC
@ -48,7 +48,7 @@ script: | @@ -48,7 +48,7 @@ script: |
#
# Need mingw-compiled openssl from bitcoin-deps:
cd $DEPSDIR
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r14.zip
#
cd $BUILDDIR
#

1
doc/release-notes.md

@ -65,6 +65,7 @@ GUI: @@ -65,6 +65,7 @@ GUI:
Miscellaneous:
- key.cpp: fail with a friendlier message on missing ssl EC support
- Remove bignum dependency for scripts
- Upgrade OpenSSL to 1.0.1i (see https://www.openssl.org/news/secadv_20140806.txt - just to be sure, no critical issues for Bitcoin Core)
Credits
--------

2
doc/release-process.md

@ -44,7 +44,7 @@ Release Process @@ -44,7 +44,7 @@ Release Process
Fetch and build inputs: (first time, or when dependency versions change)
wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.9.tar.gz' -O miniupnpc-1.9.tar.gz
wget 'https://www.openssl.org/source/openssl-1.0.1h.tar.gz'
wget 'https://www.openssl.org/source/openssl-1.0.1i.tar.gz'
wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz'
wget 'http://zlib.net/zlib-1.2.8.tar.gz'
wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz'

Loading…
Cancel
Save