From 5f06e6ab9cd55adebf35c18aa451526616e2fba9 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Thu, 5 Jun 2014 15:44:35 +0200 Subject: [PATCH 1/2] gitian: upgrade OpenSSL to 1.0.1h Upgrade for https://www.openssl.org/news/secadv_20140605.txt Just in case - there is no vulnerability that affects ecdsa signing or verification. The MITM attack vulnerability (CVE-2014-0224) may have some effect on our usage of SSL/TLS. As long as payment requests are signed (which is the common case), usage of the payment protocol should also not be affected. The TLS usage in RPC may be at risk for MITM attacks. If you have `-rpcssl` enabled, be sure to update OpenSSL as soon as possible. --- contrib/gitian-descriptors/deps-linux.yml | 10 +++++----- contrib/gitian-descriptors/deps-win.yml | 10 +++++----- contrib/gitian-descriptors/gitian-linux.yml | 6 +++--- contrib/gitian-descriptors/gitian-win.yml | 6 +++--- contrib/gitian-descriptors/qt-win.yml | 6 +++--- doc/release-process.md | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/contrib/gitian-descriptors/deps-linux.yml b/contrib/gitian-descriptors/deps-linux.yml index 61a8f23a5..109851acd 100644 --- a/contrib/gitian-descriptors/deps-linux.yml +++ b/contrib/gitian-descriptors/deps-linux.yml @@ -16,7 +16,7 @@ packages: reference_datetime: "2013-06-01 00:00:00" remotes: [] files: -- "openssl-1.0.1g.tar.gz" +- "openssl-1.0.1h.tar.gz" - "miniupnpc-1.8.tar.gz" - "qrencode-3.4.3.tar.bz2" - "protobuf-2.5.0.tar.bz2" @@ -30,15 +30,15 @@ script: | export TZ=UTC export LIBRARY_PATH="$STAGING/lib" # Integrity Check - echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c + echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c echo "08238e59736d1aacdd47cfb8e68684c695516c37f4fbe1b8267dde58dc3a576c db-5.1.29.NC.tar.gz" | sha256sum -c # - tar xzf openssl-1.0.1g.tar.gz - cd openssl-1.0.1g + tar xzf openssl-1.0.1h.tar.gz + cd openssl-1.0.1h # need -fPIC to avoid relocation error in 64 bit builds ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC # need to build OpenSSL with faketime because a timestamp is embedded into cversion.o @@ -95,4 +95,4 @@ script: | done # cd $STAGING - find include lib bin host | sort | zip -X@ $OUTDIR/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4.zip + find include lib bin host | sort | zip -X@ $OUTDIR/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4a.zip diff --git a/contrib/gitian-descriptors/deps-win.yml b/contrib/gitian-descriptors/deps-win.yml index a3aa8e2f5..f4f3f6123 100644 --- a/contrib/gitian-descriptors/deps-win.yml +++ b/contrib/gitian-descriptors/deps-win.yml @@ -14,7 +14,7 @@ packages: reference_datetime: "2011-01-30 00:00:00" remotes: [] files: -- "openssl-1.0.1g.tar.gz" +- "openssl-1.0.1h.tar.gz" - "db-5.1.29.NC.tar.gz" - "miniupnpc-1.8.tar.gz" - "zlib-1.2.8.tar.gz" @@ -28,7 +28,7 @@ script: | INDIR=$HOME/build TEMPDIR=$HOME/tmp # Input Integrity Check - echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c + echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c echo "08238e59736d1aacdd47cfb8e68684c695516c37f4fbe1b8267dde58dc3a576c db-5.1.29.NC.tar.gz" | sha256sum -c echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c @@ -48,8 +48,8 @@ script: | mkdir -p $INSTALLPREFIX $BUILDDIR cd $BUILDDIR # - tar xzf $INDIR/openssl-1.0.1g.tar.gz - cd openssl-1.0.1g + tar xzf $INDIR/openssl-1.0.1h.tar.gz + cd openssl-1.0.1h if [ "$BITS" == "32" ]; then OPENSSL_TGT=mingw else @@ -126,5 +126,5 @@ script: | done # cd $INSTALLPREFIX - find include lib | sort | zip -X@ $OUTDIR/dogecoin-deps-win$BITS-gitian-r11.zip + find include lib | sort | zip -X@ $OUTDIR/dogecoin-deps-win$BITS-gitian-r11a.zip done # for BITS in diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 3bdef293f..74bafa67c 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -21,8 +21,8 @@ remotes: - "url": "https://github.com/dogecoin/dogecoin.git" "dir": "dogecoin" files: -- "dogecoin-deps-linux32-gitian-r4.zip" -- "dogecoin-deps-linux64-gitian-r4.zip" +- "dogecoin-deps-linux32-gitian-r4a.zip" +- "dogecoin-deps-linux64-gitian-r4a.zip" - "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip" script: | @@ -36,7 +36,7 @@ script: | # mkdir -p $STAGING cd $STAGING - unzip ../build/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4.zip + unzip ../build/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4a.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip cd ../build diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index dab0a00d4..0f713961e 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -26,8 +26,8 @@ files: - "qt-win64-5.2.0-gitian-r3.zip" - "boost-win32-1.55.0-gitian-r6.zip" - "boost-win64-1.55.0-gitian-r6.zip" -- "dogecoin-deps-win32-gitian-r11.zip" -- "dogecoin-deps-win64-gitian-r11.zip" +- "dogecoin-deps-win32-gitian-r11a.zip" +- "dogecoin-deps-win64-gitian-r11a.zip" - "protobuf-win32-2.5.0-gitian-r4.zip" - "protobuf-win64-2.5.0-gitian-r4.zip" script: | @@ -61,7 +61,7 @@ script: | cd $STAGING unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip - unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11.zip + unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11a.zip unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip if [ "$NEEDDIST" == "1" ]; then # Make source code archive which is architecture independent so it only needs to be done once diff --git a/contrib/gitian-descriptors/qt-win.yml b/contrib/gitian-descriptors/qt-win.yml index 34ad51ac8..fd375e11e 100644 --- a/contrib/gitian-descriptors/qt-win.yml +++ b/contrib/gitian-descriptors/qt-win.yml @@ -15,8 +15,8 @@ reference_datetime: "2011-01-30 00:00:00" remotes: [] files: - "qt-everywhere-opensource-src-5.2.0.tar.gz" -- "dogecoin-deps-win32-gitian-r11.zip" -- "dogecoin-deps-win64-gitian-r11.zip" +- "dogecoin-deps-win32-gitian-r11a.zip" +- "dogecoin-deps-win64-gitian-r11a.zip" script: | # Defines export TZ=UTC @@ -48,7 +48,7 @@ script: | # # Need mingw-compiled openssl from dogecoin-deps: cd $DEPSDIR - unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11.zip + unzip $INDIR/dogecoin-deps-win${BITS}-gitian-r11a.zip # cd $BUILDDIR # diff --git a/doc/release-process.md b/doc/release-process.md index bbdcfaaed..f436655f3 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -40,7 +40,7 @@ Release Process mkdir -p inputs; cd inputs/ wget 'http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.8.tar.gz' -O miniupnpc-1.8.tar.gz - wget 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz' + wget 'https://www.openssl.org/source/openssl-1.0.1h.tar.gz' wget 'http://download.oracle.com/berkeley-db/db-5.1.29.NC.tar.gz' wget 'http://zlib.net/zlib-1.2.8.tar.gz' wget 'ftp://ftp.simplesystems.org/pub/png/src/history/libpng16/libpng-1.6.8.tar.gz' From cc1af920970a18053f2bee15adc4d80d05c2f46d Mon Sep 17 00:00:00 2001 From: Patrick Lodder Date: Sun, 8 Jun 2014 16:36:35 +0400 Subject: [PATCH 2/2] Bump version revision for 1.7.1 --- configure.ac | 2 +- src/clientversion.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 4e3e0ea8b..2e1d4bbc3 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl require autoconf 2.60 (AS_ECHO/AS_ECHO_N) AC_PREREQ([2.60]) define(_CLIENT_VERSION_MAJOR, 1) define(_CLIENT_VERSION_MINOR, 7) -define(_CLIENT_VERSION_REVISION, 0) +define(_CLIENT_VERSION_REVISION, 1) define(_CLIENT_VERSION_BUILD, 0) define(_CLIENT_VERSION_IS_RELEASE, true) define(_COPYRIGHT_YEAR, 2014) diff --git a/src/clientversion.h b/src/clientversion.h index 3bdfe202f..5ae57eff2 100644 --- a/src/clientversion.h +++ b/src/clientversion.h @@ -11,7 +11,7 @@ // These need to be macros, as version.cpp's and dogecoin-qt.rc's voodoo requires it #define CLIENT_VERSION_MAJOR 1 #define CLIENT_VERSION_MINOR 7 -#define CLIENT_VERSION_REVISION 0 +#define CLIENT_VERSION_REVISION 1 #define CLIENT_VERSION_BUILD 0 // Set to true for release, false for prerelease or test build