diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-05 15:44:35 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-05 17:24:38 +0200 |
commit | 6e7c4d17d8abb4b1c8b91504699ce6970e01a1fb (patch) | |
tree | 34a079cb2bad4e0906d3b92333c3fae7f1258cd0 /contrib/gitian-descriptors | |
parent | a92aded70ec2346c3f07ff1cf8eb97101a76912f (diff) |
gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt
Just in case - there is no vulnerability that affects ecdsa signing or
verification.
The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.
As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.
The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
Diffstat (limited to 'contrib/gitian-descriptors')
-rw-r--r-- | contrib/gitian-descriptors/deps-linux.yml | 10 | ||||
-rw-r--r-- | contrib/gitian-descriptors/deps-win.yml | 10 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-linux.yml | 6 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-osx-bitcoin.yml | 8 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-osx-depends.yml | 10 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-osx-qt.yml | 6 | ||||
-rw-r--r-- | contrib/gitian-descriptors/gitian-win.yml | 6 | ||||
-rw-r--r-- | contrib/gitian-descriptors/qt-win.yml | 6 |
8 files changed, 31 insertions, 31 deletions
diff --git a/contrib/gitian-descriptors/deps-linux.yml b/contrib/gitian-descriptors/deps-linux.yml index af10461b83..8221222133 100644 --- a/contrib/gitian-descriptors/deps-linux.yml +++ b/contrib/gitian-descriptors/deps-linux.yml @@ -16,7 +16,7 @@ packages: reference_datetime: "2013-06-01 00:00:00" remotes: [] files: -- "openssl-1.0.1g.tar.gz" +- "openssl-1.0.1h.tar.gz" - "miniupnpc-1.9.tar.gz" - "qrencode-3.4.3.tar.bz2" - "protobuf-2.5.0.tar.bz2" @@ -30,15 +30,15 @@ script: | export TZ=UTC export LIBRARY_PATH="$STAGING/lib" # Integrity Check - echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c + echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c # - tar xzf openssl-1.0.1g.tar.gz - cd openssl-1.0.1g + tar xzf openssl-1.0.1h.tar.gz + cd openssl-1.0.1h # need -fPIC to avoid relocation error in 64 bit builds ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC # need to build OpenSSL with faketime because a timestamp is embedded into cversion.o @@ -95,4 +95,4 @@ script: | done # cd $STAGING - find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r5.zip + find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip diff --git a/contrib/gitian-descriptors/deps-win.yml b/contrib/gitian-descriptors/deps-win.yml index 17ac413d80..fabc2949eb 100644 --- a/contrib/gitian-descriptors/deps-win.yml +++ b/contrib/gitian-descriptors/deps-win.yml @@ -14,7 +14,7 @@ packages: reference_datetime: "2011-01-30 00:00:00" remotes: [] files: -- "openssl-1.0.1g.tar.gz" +- "openssl-1.0.1h.tar.gz" - "db-4.8.30.NC.tar.gz" - "miniupnpc-1.9.tar.gz" - "zlib-1.2.8.tar.gz" @@ -28,7 +28,7 @@ script: | INDIR=$HOME/build TEMPDIR=$HOME/tmp # Input Integrity Check - echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c + echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c @@ -48,8 +48,8 @@ script: | mkdir -p $INSTALLPREFIX $BUILDDIR cd $BUILDDIR # - tar xzf $INDIR/openssl-1.0.1g.tar.gz - cd openssl-1.0.1g + tar xzf $INDIR/openssl-1.0.1h.tar.gz + cd openssl-1.0.1h if [ "$BITS" == "32" ]; then OPENSSL_TGT=mingw else @@ -124,5 +124,5 @@ script: | done # cd $INSTALLPREFIX - find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r12.zip + find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r13.zip done # for BITS in diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index bb59e1cecb..65a6c3c1e9 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -25,8 +25,8 @@ remotes: - "url": "https://github.com/bitcoin/bitcoin.git" "dir": "bitcoin" files: -- "bitcoin-deps-linux32-gitian-r5.zip" -- "bitcoin-deps-linux64-gitian-r5.zip" +- "bitcoin-deps-linux32-gitian-r6.zip" +- "bitcoin-deps-linux64-gitian-r6.zip" - "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip" - "qt-linux32-4.6.4-gitian-r1.tar.gz" @@ -43,7 +43,7 @@ script: | # mkdir -p $STAGING cd $STAGING - unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r5.zip + unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip tar -zxf ../build/qt-linux${GBUILD_BITS}-4.6.4-gitian-r1.tar.gz cd ../build diff --git a/contrib/gitian-descriptors/gitian-osx-bitcoin.yml b/contrib/gitian-descriptors/gitian-osx-bitcoin.yml index e29047d610..44b5de9be3 100644 --- a/contrib/gitian-descriptors/gitian-osx-bitcoin.yml +++ b/contrib/gitian-descriptors/gitian-osx-bitcoin.yml @@ -18,8 +18,8 @@ remotes: "dir": "bitcoin" files: - "osx-native-depends-r3.tar.gz" -- "osx-depends-r3.tar.gz" -- "osx-depends-qt-5.2.1-r3.tar.gz" +- "osx-depends-r4.tar.gz" +- "osx-depends-qt-5.2.1-r4.tar.gz" - "MacOSX10.7.sdk.tar.gz" script: | @@ -37,8 +37,8 @@ script: | tar -C osx-cross-depends/SDKs -xf ${SOURCES_PATH}/MacOSX10.7.sdk.tar.gz tar -C osx-cross-depends -xf osx-native-depends-r3.tar.gz - tar -C osx-cross-depends -xf osx-depends-r3.tar.gz - tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r3.tar.gz + tar -C osx-cross-depends -xf osx-depends-r4.tar.gz + tar -C osx-cross-depends -xf osx-depends-qt-5.2.1-r4.tar.gz export PATH=`pwd`/osx-cross-depends/native-prefix/bin:$PATH cd bitcoin diff --git a/contrib/gitian-descriptors/gitian-osx-depends.yml b/contrib/gitian-descriptors/gitian-osx-depends.yml index adc86e5cb4..07a021cf0c 100644 --- a/contrib/gitian-descriptors/gitian-osx-depends.yml +++ b/contrib/gitian-descriptors/gitian-osx-depends.yml @@ -15,7 +15,7 @@ files: - "boost_1_55_0.tar.bz2" - "db-4.8.30.NC.tar.gz" - "miniupnpc-1.9.tar.gz" -- "openssl-1.0.1g.tar.gz" +- "openssl-1.0.1h.tar.gz" - "protobuf-2.5.0.tar.bz2" - "qrencode-3.4.3.tar.bz2" - "MacOSX10.7.sdk.tar.gz" @@ -26,11 +26,11 @@ script: | echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | sha256sum -c echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c - echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c + echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c - REVISION=r3 + REVISION=r4 export SOURCES_PATH=`pwd` export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export PATH=$HOME:$PATH @@ -88,8 +88,8 @@ script: | popd # openssl - SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1g.tar.gz - BUILD_DIR=${BUILD_BASE}/openssl-1.0.1g + SOURCE_FILE=${SOURCES_PATH}/openssl-1.0.1h.tar.gz + BUILD_DIR=${BUILD_BASE}/openssl-1.0.1h tar -C ${BUILD_BASE} -xf ${SOURCE_FILE} pushd ${BUILD_DIR} diff --git a/contrib/gitian-descriptors/gitian-osx-qt.yml b/contrib/gitian-descriptors/gitian-osx-qt.yml index b57908dbd9..5e0ad9222a 100644 --- a/contrib/gitian-descriptors/gitian-osx-qt.yml +++ b/contrib/gitian-descriptors/gitian-osx-qt.yml @@ -14,14 +14,14 @@ remotes: [] files: - "qt-everywhere-opensource-src-5.2.1.tar.gz" - "osx-native-depends-r3.tar.gz" -- "osx-depends-r3.tar.gz" +- "osx-depends-r4.tar.gz" - "MacOSX10.7.sdk.tar.gz" script: | echo "84e924181d4ad6db00239d87250cc89868484a14841f77fb85ab1f1dbdcd7da1 qt-everywhere-opensource-src-5.2.1.tar.gz" | sha256sum -c - REVISION=r3 + REVISION=r4 export SOURCES_PATH=`pwd` export TAR_OPTIONS="-m --mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export ZERO_AR_DATE=1 @@ -73,7 +73,7 @@ script: | tar xf /home/ubuntu/build/osx-native-depends-r3.tar.gz export PATH=`pwd`/native-prefix/bin:$PATH - tar xf /home/ubuntu/build/osx-depends-r3.tar.gz + tar xf /home/ubuntu/build/osx-depends-r4.tar.gz SOURCE_FILE=${SOURCES_PATH}/qt-everywhere-opensource-src-5.2.1.tar.gz BUILD_DIR=${BUILD_BASE}/qt-everywhere-opensource-src-5.2.1 diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 2191fb36c7..245f15ccab 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -26,8 +26,8 @@ files: - "qt-win64-5.2.0-gitian-r3.zip" - "boost-win32-1.55.0-gitian-r6.zip" - "boost-win64-1.55.0-gitian-r6.zip" -- "bitcoin-deps-win32-gitian-r12.zip" -- "bitcoin-deps-win64-gitian-r12.zip" +- "bitcoin-deps-win32-gitian-r13.zip" +- "bitcoin-deps-win64-gitian-r13.zip" - "protobuf-win32-2.5.0-gitian-r4.zip" - "protobuf-win64-2.5.0-gitian-r4.zip" script: | @@ -61,7 +61,7 @@ script: | cd $STAGING unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip - unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r12.zip + unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip if [ "$NEEDDIST" == "1" ]; then # Make source code archive which is architecture independent so it only needs to be done once diff --git a/contrib/gitian-descriptors/qt-win.yml b/contrib/gitian-descriptors/qt-win.yml index 8f24492b53..7000c70051 100644 --- a/contrib/gitian-descriptors/qt-win.yml +++ b/contrib/gitian-descriptors/qt-win.yml @@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00" remotes: [] files: - "qt-everywhere-opensource-src-5.2.0.tar.gz" -- "bitcoin-deps-win32-gitian-r12.zip" -- "bitcoin-deps-win64-gitian-r12.zip" +- "bitcoin-deps-win32-gitian-r13.zip" +- "bitcoin-deps-win64-gitian-r13.zip" script: | # Defines export TZ=UTC @@ -48,7 +48,7 @@ script: | # # Need mingw-compiled openssl from bitcoin-deps: cd $DEPSDIR - unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r12.zip + unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip # cd $BUILDDIR # |