Commit Graph

10 Commits

Author SHA1 Message Date
Wladimir J. van der Laan
6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00
Wladimir J. van der Laan
25d4911e86 gitian: upgrade miniupnpc input to 1.9
Bumps deps-linux, deps-win dependency versions as well.

qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
2014-04-09 14:24:17 +02:00
Wladimir J. van der Laan
4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00
Wladimir J. van der Laan
c13a13efec gitian: add -D flag to ar for deterministic output for linux deps
ar -D: Operate in deterministic mode. When adding files and the archive
index use zero for UIDs, GIDs, timestamps, and use consistent file modes
for all files.  When this option is used, if ar is used with identical
options and identical input files, multiple runs will create identical
output files regardless of the input files' owners, groups, file modes,
or modification times.
2014-02-10 16:20:13 +01:00
Wladimir J. van der Laan
aabcd11ba6 gitian: Make linux boost dependency completely deterministic
It appears that the output was different every time.

This doesn't affect the final bitcoind/bitcoin-qt, but is confusing
nevertheless.

Fix it by using FAKETIME and zipping files in deterministic order.
2014-02-06 19:37:17 +01:00
Wladimir J. van der Laan
aa9348563c gitian: Make linux build of OpenSSL deterministic
OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
2014-02-06 19:37:16 +01:00
Wladimir J. van der Laan
65615a3a78 Gitian fixes for 0.9.0rc1 build
- Add 'g++' package (virtualbox images don't have this by default)
- Workaround for determinism in Qt5 resources
- Pass --disable-maintainer-mode --disable-dependency-tracking to
  configure for libqrencode to avoid random errors about missing m4
  directory
- Fix typo -with-pic -> --with-pic

It is not necessary to rebuild dependencies after this commit.
Fixes #3610 and #3612.
2014-02-03 14:43:51 +01:00
Wladimir J. van der Laan
1cbbeb6a27 gitian: Add openssl to linux deps
Build OpenSSL instead of using distribution-provided
library.
2014-01-16 12:45:04 +01:00
Micha
f4e72bf8d2
Make gitian builds consistent across platforms
Change Linux deps to use a zip archive rather than a gzipped tarball to
match win32
Rename Linux descriptor to gitian-linux.yml to match win32
2014-01-15 22:56:17 +02:00
Wladimir J. van der Laan
04257151b1 gitian: add explicit dependency build for linux
Create a dependency file per architecture:

- bitcoin-deps-linux32-gitian-r1.tar.gz
- bitcoin-deps-linux64-gitian-r1.tar.gz
2014-01-15 12:39:01 +01:00