update dependency-libs for Gitian builds #2414

pull Diapolo wants to merge 1 commits into bitcoin:master from Diapolo:lib-update changing 12 files +59 −62
  1. Diapolo commented at 7:16 AM on March 27, 2013: none
    • Update Boost from 1.50 to 1.53 -- removes the need to build the Chrono lib
    • Update OpenSSL from 1.0.1c to 1.0.1e -- fixes for CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166
    • Update Qt from 4.8.3 to 4.8.4
    • Update libqrencode from 3.2.0 to 3.4.2 -- Memory leak bug has been fixed and others

    Don't merge this yet, this is just to see what pull tester is doing with it :).

    Replaces #2108

  2. update dependency-libs for Gitian builds
    - Update Boost from 1.50 to 1.53
-- removes the need to build the Chrono lib

- Update OpenSSL from 1.0.1c to 1.0.1e
-- fixes for CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166

- Update Qt from 4.8.3 to 4.8.4

- Update libqrencode from 3.2.0 to 3.4.2
-- Memory leak bug has been fixed and others
    42895c02a6
  3. Diapolo commented at 1:45 PM on March 27, 2013: none

    Any comments on this are welcome :). While I'm on it should I also update or look after zlib, libpng and miniupnpc?

  4. Diapolo commented at 1:56 PM on March 27, 2013: none

    Seems libpng also has some security problems in 1.5.9: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386

    zlib seems to be safe, but there is also a 1.27.

    miniupnpc is up 2 versions: May 2012 : release of MiniUPnPc-1.7 and MiniUPnPd-1.7. More work on IPv6 and IGDv2. MiniUPnPd now implements WANIPv6FirewallControl. February 2013 : release of MiniUPnPc-1.8 and MiniUPnPd-1.8. Improvements to UPnP standards compliance, especially when MiniUPnPd is compiled with the UPNP_STRICT config option. For better security, HTTP peer and SSDP source IP are checked to belong to a LAN. It should help to avoid SSDP and SOAP services to be exposed to the internet.

  5. gavinandresen commented at 4:37 PM on March 27, 2013: contributor

    Can one of you please setup a gitian build environment (VirtualBox works nicely now) and test?

  6. gavinandresen commented at 4:39 PM on March 27, 2013: contributor

    Also: it'd be great if we could get people to volunteer to review the changes to our dependencies; after all, it is theoretically possible that somebody could try to slip through a patch in something we depend on intended to compromise bitcoin, since everybody knows our dependencies.

  7. Diapolo commented at 7:54 AM on March 28, 2013: none

    @gavinandresen Is there a more recent version of https://github.com/bitcoin/bitcoin/blob/master/contrib/gitian-descriptors/README available or shall I try to use that to setup a Gitian box? @gavinandresen pingĀ² :)

  8. BitcoinPullTester commented at 10:54 AM on March 30, 2013: none

    Automatic sanity-testing: FAILED BUILD/TEST, see http://jenkins.bluematt.me/pull-tester/42895c02a6e0c41890d3d0343d8be2c6bb099864 for binaries and test log.

    This could happen for one of several reasons:

    1. It chanages paths in makefile.linux-mingw or otherwise changes build scripts in a way that made them incompatible with the automated testing scripts
    2. It adds/modifies tests which test network rules (thanks for doing that), which conflicts with a patch applied at test time
    3. It does not build on either Linux i386 or Win32 (via MinGW cross compile)
    4. The test suite fails on either Linux i386 or Win32
    5. The block test-cases failed (lookup the first bNN identifier which failed in https://github.com/TheBlueMatt/test-scripts/blob/master/FullBlockTestGenerator.java)

    If you believe this to be in error, please ping BlueMatt on freenode or TheBlueMatt here.

    This is an automated test script which runs test cases on each commit every time is updated. It, however, dies sometimes and fails to test properly, if you are waiting on a test, please check timestamps and if the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ and contact BlueMatt on freenode if something looks broken.

  9. luke-jr commented at 11:17 AM on April 12, 2013: member

    The boost 1.53 update doesn't build: http://luke.dashjr.org/tmp/code/20130412-boost-build.log

  10. Diapolo commented at 3:38 PM on April 13, 2013: none

    @luke-jr I have no idea what Error: junk at end of line, first unrecognized character is m'` means, can you help?

  11. jgarzik commented at 2:57 PM on June 24, 2013: contributor

    Closing. Feel free to reopen after verifying that it works across all supported platforms.

  12. jgarzik closed this on Jun 24, 2013
  13. in contrib/gitian-descriptors/README:None in 42895c02a6 
      35 |      wget 'http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz'
  36 | -    wget 'https://downloads.sourceforge.net/project/libpng/zlib/1.2.6/zlib-1.2.6.tar.gz'
  37 | -    wget 'https://downloads.sourceforge.net/project/libpng/libpng15/older-releases/1.5.9/libpng-1.5.9.tar.gz'
  38 | -    wget 'http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.3.tar.gz'
  39 | +    wget 'https://sourceforge.net/projects/libpng/files/zlib/1.2.6/zlib-1.2.6.tar.gz/download'
  40 | +    wget 'https://sourceforge.net/projects/libpng/files/libpng15/older-releases/1.5.9/libpng-1.5.9.tar.gz/download'
    luke-jr commented at 3:38 PM on July 21, 2013:

    This will download a file named "download"! When you rebase this, please fix the links to end in the proper filename

  14. DrahtBot locked this on Sep 8, 2021
Contributors
DiapologavinandresenBitcoinPullTesterluke-jrjgarzik
Linked (view graph)
#2108 Bitcoin-Qt: upgrade to Qt 4.8.4 for Windows builds
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me