Upgrade for https://www.openssl.org/news/secadv_20140605.txt
Just in case - there is no vulnerability that affects ecdsa signing or
verification.
The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.
As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.
The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
A qt installation date snuck into the host utils (lrelease etc)
This doesn't affect the end product, so no dependency version bump.
It also doesn't explain why gavin's and mine build is different
If the `libqt4-dev` package is installed it picks the moc executable
from the system instead of our custom-built one. This results in
compatibility errors.
This commit convinces configure to pick the right one.
Run this script from the root of the repository to update all translations from transifex.
It will do the following automatically:
- create a transifex configuration file
- fetch all translations
- post-process them into valid and committable format
This avoids conflicts between the libraries statically linked into bitcoin and any
libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094
An error occurred
).
It also avoids start-up overhead to not export any unnecessary symbols.
To do this, build a linker script that marks all symbols as local.
Should make it possible to run the resulting GUI executable on
Linux distributions that use Qt 4.6, such as Debian Wheezy and Tails.
Builds a mini-SDK for building against Qt 4.6. This includes the headers
as well as host utilities such as `lrelease`, `qrc` and `moc`.
This speeds up the gitian build a bit - libqt4-dev pulled in a lot of packages,
and is no longer needed as this provides a replacement of our own.
Note: This does not replace the Qt build with at static library. After this
commit we still build dynamically against the system Qt library. The only
difference is that compatibility with an older version is maintained. This
loses minor GUI functionality (such as setPlaceholderText) but still
allows integration into the window management of the host OS, unlike
when statically linking.
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols. This
makes sure they are still compatible with the minimum supported Linux
distribution versions.
Bumps deps-linux, deps-win dependency versions as well.
qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
For qt5.2 on osx, the qcocoa plugin is mandatory. However, it fails to load
when qt.conf specifies the "plugin" path instead of the expected "Plugin". This
is in line with the documentation:
https://qt-project.org/doc/qt-5.0/qtdoc/qt-conf.html
I'm not sure how the plugins were loading before, unless the case-sensitivity
for OSX is new.
IIRC this was the case with 0.8.6, so let's keep this to avoid the risk
of losing connectable nodes with 0.9 release.
Also our miniupnpc library was recently updated and I've heard
reports that it works better than before now.
While building protobuf in different environments we noticed that
the host tool protoc was slightly different between builds (a symbol table
sorting issue).
Add a deterministic seed as well as disable zlib support.
Exected output is now:
e2e403e1a08869c7eed4d4293bce13d51ec6a63592918b90ae215a0eceb44cb4 protobuf-win32-2.5.0-gitian-r4.zip
a0999037e8b0ef9ade13efd88fee261ba401f5ca910068b7e0cd3262ba667db0 protobuf-win64-2.5.0-gitian-r4.zip
No effect on final executables so no version bump.
Boost iostreams was picking up libz-dev in VirtualBox, as the recommended
way to build is now to make a VM with all dependency packages installed.
This caused a divergence between KVM/LXC build and VirtualBox
build results.
Fix this in the simplest possible way: add the libz-dev package.
ar -D: Operate in deterministic mode. When adding files and the archive
index use zero for UIDs, GIDs, timestamps, and use consistent file modes
for all files. When this option is used, if ar is used with identical
options and identical input files, multiple runs will create identical
output files regardless of the input files' owners, groups, file modes,
or modification times.
contrib/devtools/fix-copyright-headers.py script to be able to perform this maintenance task with ease during the rest of the year, every year. Modifications to contrib/devtools/README.md to document what fix-copyright-headers.py does.
It appears that the output was different every time.
This doesn't affect the final bitcoind/bitcoin-qt, but is confusing
nevertheless.
Fix it by using FAKETIME and zipping files in deterministic order.
OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
- Add 'g++' package (virtualbox images don't have this by default)
- Workaround for determinism in Qt5 resources
- Pass --disable-maintainer-mode --disable-dependency-tracking to
configure for libqrencode to avoid random errors about missing m4
directory
- Fix typo -with-pic -> --with-pic
It is not necessary to rebuild dependencies after this commit.
Fixes#3610