gitian: upgrade OpenSSL to 1.0.1h

Upgrade for https://www.openssl.org/news/secadv_20140605.txt Just in case - there is no vulnerability that affects ecdsa signing or verification. The MITM attack vulnerability (CVE-2014-0224) may have some effect on our usage of SSL/TLS. As long as payment requests are signed (which is the common case), usage of the payment protocol should also not be affected. The TLS usage in RPC may be at risk for MITM attacks. If you have `-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 15:44:35 +02:00 · 2014-06-05 15:44:35 +02:00 · 5f06e6ab9c
parent 20c2a7ecbb
commit 5f06e6ab9c
6 changed files with 20 additions and 20 deletions
--- a/contrib/gitian-descriptors/deps-linux.yml
+++ b/contrib/gitian-descriptors/deps-linux.yml
@ -16,7 +16,7 @@ packages:
 reference_datetime: "2013-06-01 00:00:00"
 remotes: []
 files:
- "openssl-1.0.1g.tar.gz"
+- "openssl-1.0.1h.tar.gz"
 - "miniupnpc-1.8.tar.gz"
 - "qrencode-3.4.3.tar.bz2"
 - "protobuf-2.5.0.tar.bz2"
@ -30,15 +30,15 @@ script: |
  export TZ=UTC
  export LIBRARY_PATH="$STAGING/lib"
  # Integrity Check
-  echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028  openssl-1.0.1g.tar.gz"  | sha256sum -c
+  echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093  openssl-1.0.1h.tar.gz"  | sha256sum -c
  echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c  miniupnpc-1.8.tar.gz"   | sha256sum -c
  echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98  qrencode-3.4.3.tar.bz2" | sha256sum -c
  echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677  protobuf-2.5.0.tar.bz2" | sha256sum -c
  echo "08238e59736d1aacdd47cfb8e68684c695516c37f4fbe1b8267dde58dc3a576c  db-5.1.29.NC.tar.gz"    | sha256sum -c

  #
-  tar xzf openssl-1.0.1g.tar.gz
-  cd openssl-1.0.1g
+  tar xzf openssl-1.0.1h.tar.gz
+  cd openssl-1.0.1h
  #   need -fPIC to avoid relocation error in 64 bit builds
  ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
  #   need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
@ -95,4 +95,4 @@ script: |
  done
  #
  cd $STAGING
-  find include lib bin host | sort | zip -X@ $OUTDIR/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4.zip
+  find include lib bin host | sort | zip -X@ $OUTDIR/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4a.zip
--- a/contrib/gitian-descriptors/deps-win.yml
+++ b/contrib/gitian-descriptors/deps-win.yml
@ -14,7 +14,7 @@ packages:
 reference_datetime: "2011-01-30 00:00:00"
 remotes: []
 files:
- "openssl-1.0.1g.tar.gz"
+- "openssl-1.0.1h.tar.gz"
 - "db-5.1.29.NC.tar.gz"
 - "miniupnpc-1.8.tar.gz"
 - "zlib-1.2.8.tar.gz"
@ -28,7 +28,7 @@ script: |
  INDIR=$HOME/build
  TEMPDIR=$HOME/tmp
  # Input Integrity Check
-  echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028  openssl-1.0.1g.tar.gz"  | sha256sum -c
+  echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093  openssl-1.0.1h.tar.gz"  | sha256sum -c
  echo "08238e59736d1aacdd47cfb8e68684c695516c37f4fbe1b8267dde58dc3a576c  db-5.1.29.NC.tar.gz"    | sha256sum -c
  echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c  miniupnpc-1.8.tar.gz"   | sha256sum -c
  echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d  zlib-1.2.8.tar.gz"      | sha256sum -c
@ -48,8 +48,8 @@ script: |
    mkdir -p $INSTALLPREFIX $BUILDDIR
    cd $BUILDDIR
    #
-    tar xzf $INDIR/openssl-1.0.1g.tar.gz
-    cd openssl-1.0.1g
+    tar xzf $INDIR/openssl-1.0.1h.tar.gz
+    cd openssl-1.0.1h
    if [ "$BITS" == "32" ]; then
      OPENSSL_TGT=mingw
    else
@ -126,5 +126,5 @@ script: |
    done
    #
    cd $INSTALLPREFIX
-    find include lib | sort | zip -X@ $OUTDIR/dogecoin-deps-win$BITS-gitian-r11.zip
+    find include lib | sort | zip -X@ $OUTDIR/dogecoin-deps-win$BITS-gitian-r11a.zip
  done # for BITS in
--- a/contrib/gitian-descriptors/gitian-linux.yml
+++ b/contrib/gitian-descriptors/gitian-linux.yml
@ -21,8 +21,8 @@ remotes:
 - "url": "https://github.com/dogecoin/dogecoin.git"
  "dir": "dogecoin"
 files:
- "dogecoin-deps-linux32-gitian-r4.zip"
- "dogecoin-deps-linux64-gitian-r4.zip"
+- "dogecoin-deps-linux32-gitian-r4a.zip"
+- "dogecoin-deps-linux64-gitian-r4a.zip"
 - "boost-linux32-1.55.0-gitian-r1.zip"
 - "boost-linux64-1.55.0-gitian-r1.zip"
 script: |
@ -36,7 +36,7 @@ script: |
  #
  mkdir -p $STAGING
  cd $STAGING
-  unzip ../build/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4.zip
+  unzip ../build/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4a.zip
  unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
  cd ../build

--- a/contrib/gitian-descriptors/gitian-win.yml
+++ b/contrib/gitian-descriptors/gitian-win.yml
@ -26,8 +26,8 @@ files:
 - "qt-win64-5.2.0-gitian-r3.zip"
 - "boost-win32-1.55.0-gitian-r6.zip"
 - "boost-win64-1.55.0-gitian-r6.zip"
- "dogecoin-deps-win32-gitian-r11.zip"
- "dogecoin-deps-win64-gitian-r11.zip"
+- "dogecoin-deps-win32-gitian-r11a.zip"
+- "dogecoin-deps-win64-gitian-r11a.zip"
 - "protobuf-win32-2.5.0-gitian-r4.zip"
 - "protobuf-win64-2.5.0-gitian-r4.zip"
 script: |
@ -61,7 +61,7 @@ script: |
    cd $STAGING
    unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip
    unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
-    unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11.zip
+    unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11a.zip
    unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
    if [ "$NEEDDIST" == "1" ]; then
      # Make source code archive which is architecture independent so it only needs to be done once
--- a/contrib/gitian-descriptors/qt-win.yml
+++ b/contrib/gitian-descriptors/qt-win.yml
@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00"
 remotes: []
 files:
 - "qt-everywhere-opensource-src-5.2.0.tar.gz"
- "dogecoin-deps-win32-gitian-r11.zip"
- "dogecoin-deps-win64-gitian-r11.zip"
+- "dogecoin-deps-win32-gitian-r11a.zip"
+- "dogecoin-deps-win64-gitian-r11a.zip"
 script: |
  # Defines
  export TZ=UTC
@ -48,7 +48,7 @@ script: |
    #
    # Need mingw-compiled openssl from dogecoin-deps:
    cd $DEPSDIR
-    unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11.zip
+    unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11a.zip
    #
    cd $BUILDDIR
    #
--- a/doc/release-process.md
+++ b/doc/release-process.md
@ -40,7 +40,7 @@ Release Process

 	mkdir -p inputs; cd inputs/
 	wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.8.tar.gz' -O miniupnpc-1.8.tar.gz
-	wget 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
+	wget 'https://www.openssl.org/source/openssl-1.0.1h.tar.gz'
 	wget 'http://download.oracle.com/berkeley-db/db-5.1.29.NC.tar.gz'
 	wget 'http://zlib.net/zlib-1.2.8.tar.gz'
 	wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz'