diff --git a/contrib/gitian-descriptors/deps-linux.yml b/contrib/gitian-descriptors/deps-linux.yml index c91f8fac8..d1e37833d 100644 --- a/contrib/gitian-descriptors/deps-linux.yml +++ b/contrib/gitian-descriptors/deps-linux.yml @@ -16,7 +16,7 @@ packages: reference_datetime: "2013-06-01 00:00:00" remotes: [] files: -- "openssl-1.0.1i.tar.gz" +- "openssl-1.0.1k.tar.gz" - "miniupnpc-1.9.20140701.tar.gz" - "qrencode-3.4.3.tar.bz2" - "protobuf-2.5.0.tar.bz2" @@ -30,15 +30,15 @@ script: | export TZ=UTC export LIBRARY_PATH="$STAGING/lib" # Integrity Check - echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c + echo "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c openssl-1.0.1k.tar.gz" | sha256sum -c echo "26f3985bad7768b8483b793448ae49414cdc4451d0ec83e7c1944367e15f9f07 miniupnpc-1.9.20140701.tar.gz" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c # - tar xzf openssl-1.0.1i.tar.gz - cd openssl-1.0.1i + tar xzf openssl-1.0.1k.tar.gz + cd openssl-1.0.1k # need -fPIC to avoid relocation error in 64 bit builds ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC # need to build OpenSSL with faketime because a timestamp is embedded into cversion.o @@ -95,4 +95,4 @@ script: | done # cd $STAGING - find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r8.zip + find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r9.zip diff --git a/contrib/gitian-descriptors/deps-win.yml b/contrib/gitian-descriptors/deps-win.yml index 7cd30d569..4e6ac954a 100644 --- a/contrib/gitian-descriptors/deps-win.yml +++ b/contrib/gitian-descriptors/deps-win.yml @@ -14,7 +14,7 @@ packages: reference_datetime: "2011-01-30 00:00:00" remotes: [] files: -- "openssl-1.0.1i.tar.gz" +- "openssl-1.0.1k.tar.gz" - "db-4.8.30.NC.tar.gz" - "miniupnpc-1.9.20140701.tar.gz" - "zlib-1.2.8.tar.gz" @@ -28,7 +28,7 @@ script: | INDIR=$HOME/build TEMPDIR=$HOME/tmp # Input Integrity Check - echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c + echo "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c openssl-1.0.1k.tar.gz" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "26f3985bad7768b8483b793448ae49414cdc4451d0ec83e7c1944367e15f9f07 miniupnpc-1.9.20140701.tar.gz" | sha256sum -c echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c @@ -48,8 +48,8 @@ script: | mkdir -p $INSTALLPREFIX $BUILDDIR cd $BUILDDIR # - tar xzf $INDIR/openssl-1.0.1i.tar.gz - cd openssl-1.0.1i + tar xzf $INDIR/openssl-1.0.1k.tar.gz + cd openssl-1.0.1k if [ "$BITS" == "32" ]; then OPENSSL_TGT=mingw else @@ -124,5 +124,5 @@ script: | done # cd $INSTALLPREFIX - find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r15.zip + find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r16.zip done # for BITS in diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index c283c2a9b..dd8440bb3 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -25,8 +25,8 @@ remotes: - "url": "https://github.com/darkcoin/darkcoin.git" "dir": "darkcoin" files: -- "bitcoin-deps-linux32-gitian-r8.zip" -- "bitcoin-deps-linux64-gitian-r8.zip" +- "bitcoin-deps-linux32-gitian-r9.zip" +- "bitcoin-deps-linux64-gitian-r9.zip" - "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip" - "qt-linux32-4.6.4-gitian-r1.tar.gz" @@ -43,7 +43,7 @@ script: | # mkdir -p $STAGING cd $STAGING - unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r8.zip + unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r9.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip tar -zxf ../build/qt-linux${GBUILD_BITS}-4.6.4-gitian-r1.tar.gz cd ../build diff --git a/contrib/gitian-descriptors/gitian-osx-darkcoin.yml b/contrib/gitian-descriptors/gitian-osx-darkcoin.yml index fb736f3a3..47492f5ca 100644 --- a/contrib/gitian-descriptors/gitian-osx-darkcoin.yml +++ b/contrib/gitian-descriptors/gitian-osx-darkcoin.yml @@ -18,8 +18,8 @@ remotes: "dir": "darkcoin" files: - "osx-native-depends-r3.tar.gz" -- "osx-depends-r6.tar.gz" -- "osx-depends-qt-5.2.1-r5.tar.gz" +- "osx-depends-r7.tar.gz" +- "osx-depends-qt-5.2.1-r6.tar.gz" - "MacOSX10.7.sdk.tar.gz" script: | @@ -37,8 +37,8 @@ script: | tar -C osx-cross-depends/SDKs -xf ${SOURCES_PATH}/MacOSX10.7.sdk.tar.gz tar -C osx-cross-depends -xf osx-native-depends-r3.tar.gz - tar -C osx-cross-depends -xf osx-depends-r6.tar.gz - tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r5.tar.gz + tar -C osx-cross-depends -xf osx-depends-r7.tar.gz + tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r6.tar.gz export PATH=`pwd`/osx-cross-depends/native-prefix/bin:$PATH cd darkcoin diff --git a/contrib/gitian-descriptors/gitian-osx-depends.yml b/contrib/gitian-descriptors/gitian-osx-depends.yml index 3e760939c..83abc08f0 100644 --- a/contrib/gitian-descriptors/gitian-osx-depends.yml +++ b/contrib/gitian-descriptors/gitian-osx-depends.yml @@ -15,7 +15,7 @@ files: - "boost_1_55_0.tar.bz2" - "db-4.8.30.NC.tar.gz" - "miniupnpc-1.9.20140701.tar.gz" -- "openssl-1.0.1i.tar.gz" +- "openssl-1.0.1k.tar.gz" - "protobuf-2.5.0.tar.bz2" - "qrencode-3.4.3.tar.bz2" - "MacOSX10.7.sdk.tar.gz" @@ -26,11 +26,11 @@ script: | echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "26f3985bad7768b8483b793448ae49414cdc4451d0ec83e7c1944367e15f9f07 miniupnpc-1.9.20140701.tar.gz" | sha256sum -c - echo "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 openssl-1.0.1i.tar.gz" | sha256sum -c + echo "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c openssl-1.0.1k.tar.gz" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c - REVISION=r6 + REVISION=r7 export SOURCES_PATH=`pwd` export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export PATH=$HOME:$PATH @@ -88,8 +88,8 @@ script: | popd # openssl - SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1i.tar.gz - BUILD_DIR=${BUILD_BASE}/openssl-1.0.1i + SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1k.tar.gz + BUILD_DIR=${BUILD_BASE}/openssl-1.0.1k tar -C ${BUILD_BASE} -xf ${SOURCE_FILE} pushd ${BUILD_DIR} diff --git a/contrib/gitian-descriptors/gitian-osx-qt.yml b/contrib/gitian-descriptors/gitian-osx-qt.yml index 164d7be0b..8f63e1b09 100644 --- a/contrib/gitian-descriptors/gitian-osx-qt.yml +++ b/contrib/gitian-descriptors/gitian-osx-qt.yml @@ -14,14 +14,14 @@ remotes: [] files: - "qt-everywhere-opensource-src-5.2.1.tar.gz" - "osx-native-depends-r3.tar.gz" -- "osx-depends-r6.tar.gz" +- "osx-depends-r7.tar.gz" - "MacOSX10.7.sdk.tar.gz" script: | echo "84e924181d4ad6db00239d87250cc89868484a14841f77fb85ab1f1dbdcd7da1 qt-everywhere-opensource-src-5.2.1.tar.gz" | sha256sum -c - REVISION=r5 + REVISION=r6 export SOURCES_PATH=`pwd` export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export ZERO_AR_DATE=1 @@ -73,7 +73,7 @@ script: | tar xf /home/ubuntu/build/osx-native-depends-r3.tar.gz export PATH=`pwd`/native-prefix/bin:$PATH - tar xf /home/ubuntu/build/osx-depends-r6.tar.gz + tar xf /home/ubuntu/build/osx-depends-r7.tar.gz SOURCE_FILE=${SOURCES_PATH}/qt-everywhere-opensource-src-5.2.1.tar.gz BUILD_DIR=${BUILD_BASE}/qt-everywhere-opensource-src-5.2.1 diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index e3c917a61..88230b91c 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -26,8 +26,8 @@ files: - "qt-win64-5.2.0-gitian-r3.zip" - "boost-win32-1.55.0-gitian-r6.zip" - "boost-win64-1.55.0-gitian-r6.zip" -- "bitcoin-deps-win32-gitian-r15.zip" -- "bitcoin-deps-win64-gitian-r15.zip" +- "bitcoin-deps-win32-gitian-r16.zip" +- "bitcoin-deps-win64-gitian-r16.zip" - "protobuf-win32-2.5.0-gitian-r4.zip" - "protobuf-win64-2.5.0-gitian-r4.zip" script: | @@ -61,7 +61,7 @@ script: | cd $STAGING unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip - unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r15.zip + unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r16.zip unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip if [ "$NEEDDIST" == "1" ]; then # Make source code archive which is architecture independent so it only needs to be done once diff --git a/contrib/gitian-descriptors/qt-win.yml b/contrib/gitian-descriptors/qt-win.yml index ea2c0f754..6211d721a 100644 --- a/contrib/gitian-descriptors/qt-win.yml +++ b/contrib/gitian-descriptors/qt-win.yml @@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00" remotes: [] files: - "qt-everywhere-opensource-src-5.2.0.tar.gz" -- "bitcoin-deps-win32-gitian-r15.zip" -- "bitcoin-deps-win64-gitian-r15.zip" +- "bitcoin-deps-win32-gitian-r16.zip" +- "bitcoin-deps-win64-gitian-r16.zip" script: | # Defines export TZ=UTC @@ -48,7 +48,7 @@ script: | # # Need mingw-compiled openssl from bitcoin-deps: cd $DEPSDIR - unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r15.zip + unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r16.zip # cd $BUILDDIR # diff --git a/doc/release-process.md b/doc/release-process.md index f8eb810c2..1e17f7328 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -44,7 +44,7 @@ Release Process Fetch and build inputs: (first time, or when dependency versions change) wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.9.20140701.tar.gz' -O miniupnpc-1.9.20140701.tar.gz - wget 'https://www.openssl.org/source/openssl-1.0.1i.tar.gz' + wget 'https://www.openssl.org/source/openssl-1.0.1k.tar.gz' wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz' wget 'http://zlib.net/zlib-1.2.8.tar.gz' wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz' @@ -89,16 +89,16 @@ Release Process The expected SHA256 hashes of the intermediate inputs are: - b66e8374031adf8d5309c046615fe4f561c3a7e3c1f6885675c13083db0c4d3b bitcoin-deps-linux32-gitian-r8.zip - ec83deb4e81bea5ac1fb5e3f1b88cd02ca665306f0c2290ef4f19b974525005e bitcoin-deps-linux64-gitian-r8.zip + b1f6f10148d4c4a1a69a58e703427578dc5a4de86eefd6b925e3abf3c8fbe542 bitcoin-deps-linux32-gitian-r9.zip + 71e03e434af269dcbf3cb685cd1a5d51b8d2c904b67035eb4e5c1a2623b9f0df bitcoin-deps-linux64-gitian-r9.zip f29b7d9577417333fb56e023c2977f5726a7c297f320b175a4108cf7cd4c2d29 boost-linux32-1.55.0-gitian-r1.zip 88232451c4104f7eb16e469ac6474fd1231bd485687253f7b2bdf46c0781d535 boost-linux64-1.55.0-gitian-r1.zip 57e57dbdadc818cd270e7e00500a5e1085b3bcbdef69a885f0fb7573a8d987e1 qt-linux32-4.6.4-gitian-r1.tar.gz 60eb4b9c5779580b7d66529efa5b2836ba1a70edde2a0f3f696d647906a826be qt-linux64-4.6.4-gitian-r1.tar.gz 60dc2d3b61e9c7d5dbe2f90d5955772ad748a47918ff2d8b74e8db9b1b91c909 boost-win32-1.55.0-gitian-r6.zip f65fcaf346bc7b73bc8db3a8614f4f6bee2f61fcbe495e9881133a7c2612a167 boost-win64-1.55.0-gitian-r6.zip - 9c2572b021b3b50dc9441f2e96d672ac1da4cb6c9f88a1711aa0234882f353cf bitcoin-deps-win32-gitian-r15.zip - 94e9f6d861140d9130a15830eba40eba4c8c830440506ac7cc0d1e3217293c25 bitcoin-deps-win64-gitian-r15.zip + 2af17b1968bd7d46b260c8d16474e1f339cde1b9e96265c80f6626ea0c2785a9 bitcoin-deps-win32-gitian-r16.zip + 7608bdf7848101d48ba8a296cb9c29ac68193405f11d8075fb46154ff3476233 bitcoin-deps-win64-gitian-r16.zip 963e3e5e85879010a91143c90a711a5d1d5aba992e38672cdf7b54e42c56b2f1 qt-win32-5.2.0-gitian-r3.zip 751c579830d173ef3e6f194e83d18b92ebef6df03289db13ab77a52b6bc86ef0 qt-win64-5.2.0-gitian-r3.zip e2e403e1a08869c7eed4d4293bce13d51ec6a63592918b90ae215a0eceb44cb4 protobuf-win32-2.5.0-gitian-r4.zip diff --git a/src/key.cpp b/src/key.cpp index 5b261bb28..a845ba13d 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -227,10 +227,23 @@ public: } bool Verify(const uint256 &hash, const std::vector& vchSig) { - // -1 = error, 0 = bad sig, 1 = good - if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) + if (vchSig.empty()) return false; - return true; + + // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. + unsigned char *norm_der = NULL; + ECDSA_SIG *norm_sig = ECDSA_SIG_new(); + const unsigned char* sigptr = &vchSig[0]; + d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()); + int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); + ECDSA_SIG_free(norm_sig); + if (derlen <= 0) + return false; + + // -1 = error, 0 = bad sig, 1 = good + bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; + OPENSSL_free(norm_der); + return ret; } bool SignCompact(const uint256 &hash, unsigned char *p64, int &rec) {