Create dependencies.md #10779

pull flack wants to merge 1 commits into bitcoin:master from flack:patch-2 changing 6 files +40 −3
  1. flack commented at 11:18 AM on July 9, 2017: contributor

    As @fanquake mentioned in #8639, this should probably be a file in doc/, so I went ahead and pulled the issue text via the github API and dumped it into a file. No modifications made, except one spelling fix. This makes the info easier to find, and it will get a proper version history, too.

  2. fanquake added the label Docs and Output on Jul 9, 2017
  3. in doc/dependencies.md:4 in 781347f5a3 outdated 
       0 | @@ -0,0 +1,36 @@
   1 | +Dependencies
   2 | +============
   3 | +
   4 | +| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
    laanwj commented at 4:11 PM on July 10, 2017:

    Would be useful to have somewhat of an introduction here - what is this document, what should it be used for, when is it to be updated, etc. Also that instructions for installing dependencies are in the appropriate build-*.md.

  4. laanwj commented at 4:11 PM on July 10, 2017: member

    Concept ACK Needs an entry in doc/README.md

  5. flack commented at 5:45 PM on July 10, 2017: contributor

    @laanwj where would you put it in README, under "Building" or under "Development"?

    An introduction seems like a good idea, and I could write some small blurb, but it would probably better if this is done by someone who knows what he's talking about :-)

    Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder build docs) should be changed to point to the new file?

  6. laanwj commented at 4:16 PM on July 13, 2017: member

    where would you put it in README, under "Building" or under "Development"?

    Building, I guess. People look there sooner I think, and it's relevant to both.

    Also, do you think the link in the last line of this paragraph https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#dependencies (and corresponding lines in the oder build docs) should be changed to point to the new file?

    Yes, such a overall overview can better go into dependencies.md. Do keep the instructions for installing the dependencies in the appropriate build instructions though.

  7. flack commented at 5:54 PM on July 14, 2017: contributor

    I've added links from README and the build-* files & a small intro sentence as requested. Let me know if there's anything else I should change

  8. in doc/dependencies.md:6 in f5dcfb63ea outdated 
       0 | @@ -0,0 +1,38 @@
   1 | +Dependencies
   2 | +============
   3 | +
   4 | +These are the dependencies currently used by Bitcoin Core. You can find instructions for installing them in the `build-*.md` file for your platform.
   5 | +
   6 | +| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
    luke-jr commented at 8:54 AM on July 26, 2017:

    Let's not try to track latest available here...

    For CVEs, rather than yes/no, it'd be more useful to link where to check for exploits.

  9. in doc/dependencies.md:9 in f5dcfb63ea outdated 
       0 | @@ -0,0 +1,38 @@
   1 | +Dependencies
   2 | +============
   3 | +
   4 | +These are the dependencies currently used by Bitcoin Core. You can find instructions for installing them in the `build-*.md` file for your platform.
   5 | +
   6 | +| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
   7 | +| --- | --- | --- | --- | --- | --- | --- |
   8 | +| openssl | 1.0.1k |  | [1.0.1u](https://www.openssl.org/source) | Yes |  |  |
   9 | +| ccache | 3.3.4 |  | [3.3.4](https://ccache.samba.org/download.html) | No |  |  |
    luke-jr commented at 8:55 AM on July 26, 2017:

    No indication on which dependencies are optional?

    flack commented at 10:02 AM on July 26, 2017:

    wouldn't that info have to be in the platform-specific files?

  10. in doc/dependencies.md:11 in f5dcfb63ea outdated 
       6 | +| Dependency | Version used | Minimum Required | Latest available | CVEs? | Shared | [Bundled Qt Library](https://doc.qt.io/qt-5/configure-options.html) |
   7 | +| --- | --- | --- | --- | --- | --- | --- |
   8 | +| openssl | 1.0.1k |  | [1.0.1u](https://www.openssl.org/source) | Yes |  |  |
   9 | +| ccache | 3.3.4 |  | [3.3.4](https://ccache.samba.org/download.html) | No |  |  |
  10 | +| libevent | 2.1.8-stable | 2.0.22 | [2.1.8-stable](https://github.com/libevent/libevent/releases) | No |  |  |
  11 | +| Qt | 5.7.1 | 4.7+ | [5.9.1](https://download.qt.io/official_releases/qt/) | No |  |  |
    luke-jr commented at 8:55 AM on July 26, 2017:

    Qt is typically considered as individual components. We don't need all of it.

  11. in doc/dependencies.md:38 in f5dcfb63ea outdated 
      33 | +
  34 | +### CVEs
  35 | +
  36 | +#### OpenSSL 1.0.1k
  37 | +
  38 | +[CVE-2015-0286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286), [CVE-2015-0287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287), [CVE-2015-0289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289), [CVE-2015-0293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293), [CVE-2015-0209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209), [CVE-2015-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288), [CVE-2015-1788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788), [CVE-2015-1789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789), [CVE-2015-1790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790), [CVE-2015-1792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792), [CVE-2015-1791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791), [CVE-2015-1793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793), [CVE-2015-3196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196), [CVE-2015-3194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194), [CVE-2015-3195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195), [CVE-2015-3197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197), [CVE-2016-0800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800), [CVE-2016-0705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705), [CVE-2016-0798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798), [CVE-2016-0797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797), [CVE-2016-0799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799), [CVE-2016-0702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702), [CVE-2016-2107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107), [CVE-2016-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105), [CVE-2016-2106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106), [CVE-2016-2108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108), [CVE-2016-2109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109), [CVE-2016-2176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176), [CVE-2016-2177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177), [CVE-2016-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178), [CVE-2016-2179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179), [CVE-2016-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180), [CVE-2016-2181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181), [CVE-2016-2182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182), [CVE-2016-6302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302), [CVE-2016-6303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303), [CVE-2016-6304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304), [CVE-2016-6306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306)
    luke-jr commented at 8:56 AM on July 26, 2017:

    This doesn't seem to belong here.

    flack commented at 10:04 AM on July 26, 2017:

    like I've written in the original PR description, for now I just took the text verbatim from #8639, but I can ofc adapt it

  12. flack commented at 6:41 PM on July 26, 2017: contributor

    I've removed the "latest available" column now as requested by @luke-jr . I can also remove the listed CVEs, since they will probably get outdated pretty quickly, too. I also like the idea of putting in links to check for vulnerabilities, but I don't really know where they should link to.

  13. fanquake commented at 1:23 AM on September 6, 2017: member

    @flack Can you update this to remove the CVEs list, and pull in the latest data from #8639 ?

  14. flack commented at 5:05 PM on September 6, 2017: contributor

    @fanquake I've removed the CVEs, and compared the data with #8639, but everything still seems to be in sync

  15. laanwj commented at 10:09 PM on September 6, 2017: member

    ACK after squashing into one commit

  16. Create dependencies.md, and link dependencies file from README & build docs e91b961923
  17. flack commented at 10:36 PM on September 6, 2017: contributor

    squashed

  18. laanwj merged this on Sep 7, 2017
  19. laanwj closed this on Sep 7, 2017
  20. laanwj referenced this in commit f65614726d on Sep 7, 2017
  21. attilaaf referenced this in commit c075107209 on May 25, 2019
  22. DrahtBot locked this on Sep 8, 2021
Contributors
flacklaanwjluke-jrfanquake
Labels
Docs
Linked (view graph)
#8639 Docs: Minimum required dependencies and current CVEs
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me