commit 151bf2706122c61a10f305593137d9bd9352e421 Author: Mike Perry mikeperry-git@torproject.org Date: Tue Jan 14 15:24:55 2014 -0800
Upgrade OpenSSL to 1.0.1f.
Also switch back to using the official dist tarballs, since Nick's timestamp patch was merged. --- gitian/descriptors/linux/gitian-tor.yml | 6 ++--- gitian/descriptors/mac/gitian-tor.yml | 6 ++--- gitian/descriptors/windows/gitian-tor.yml | 6 ++--- gitian/fetch-inputs.sh | 34 ++++++++++++++--------------- gitian/mkbundle-linux.sh | 3 +-- gitian/mkbundle-mac.sh | 3 +-- gitian/mkbundle-windows.sh | 3 +-- gitian/record-inputs.sh | 3 +-- gitian/verify-tags.sh | 1 - gitian/versions | 9 ++++---- gitian/versions.alpha | 17 +++++++-------- 11 files changed, 42 insertions(+), 49 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index df92f37..736e84c 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -22,10 +22,9 @@ remotes: "dir": "tor" - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" -- "url": "https://github.com/nmathewson/openssl.git" - "dir": "openssl" files: - "dzip.sh" +- "openssl.tar.gz" script: | INSTDIR="$HOME/install" export LIBRARY_PATH="$INSTDIR/lib" @@ -55,7 +54,8 @@ script: | cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/ cd .. # - cd openssl + tar xzf openssl.tar.gz + cd openssl-* find -type f | xargs touch --date="$REFERENCE_DATETIME" #./Configure -shared --prefix=$INSTDIR/openssl linux-elf ./config -shared --prefix=$INSTDIR/openssl diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index c0b483b..7707555 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -22,9 +22,8 @@ remotes: "dir": "libevent" - "url": "https://github.com/madler/zlib.git" "dir": "zlib" -- "url": "https://github.com/nmathewson/openssl.git" - "dir": "openssl" files: +- "openssl.tar.gz" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -65,7 +64,8 @@ script: | #cp $INSTDIR/zlib/lib/*.dylib $INSTDIR/Tor/ #cd .. # - cd openssl + tar xzf openssl.tar.gz + cd openssl-* find -type f | xargs touch --date="$REFERENCE_DATETIME" ./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin-i386-cc --prefix=$INSTDIR/openssl make # SHARED_LDFLAGS="-shared -dynamiclib -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/" diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index 836e695..901383e 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -22,11 +22,10 @@ remotes: "dir": "libevent" - "url": "https://github.com/madler/zlib.git" "dir": "zlib" -- "url": "https://github.com/nmathewson/openssl.git" - "dir": "openssl" files: - "binutils.tar.bz2" - "dzip.sh" +- "openssl.tar.gz" script: | INSTDIR="$HOME/install" export LIBRARY_PATH="$INSTDIR/lib" @@ -71,7 +70,8 @@ script: | cp $INSTDIR/libevent/bin/*.dll $INSTDIR/Tor/ cd .. # - cd openssl + tar xzf openssl.tar.gz + cd openssl-* find -type f | xargs touch --date="$REFERENCE_DATETIME" ./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw --prefix=$INSTDIR/openssl make diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 9f54f61..862f8af 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -116,20 +116,20 @@ checkout_mingw() { # Get package files from mirror
# Get+verify sigs that exist -#for i in OPENSSL # OBFSPROXY -#do -# PACKAGE="${i}_PACKAGE" -# URL="${MIRROR_URL}${!PACKAGE}" -# SUFFIX="asc" -# get "${!PACKAGE}" "$URL" -# get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX" -# -# if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then -# echo "$i: GPG signature is broken for ${URL}" -# mv "${!PACKAGE}" "${!PACKAGE}.badgpg" -# exit 1 -# fi -#done +for i in OPENSSL # OBFSPROXY +do + PACKAGE="${i}_PACKAGE" + URL="${MIRROR_URL}${!PACKAGE}" + SUFFIX="asc" + get "${!PACKAGE}" "$URL" + get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX" + + if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then + echo "$i: GPG signature is broken for ${URL}" + mv "${!PACKAGE}" "${!PACKAGE}.badgpg" + exit 1 + fi +done
for i in BINUTILS GCC PYTHON do @@ -164,7 +164,7 @@ done # TOOLCHAIN4 each time. Rely only on SHA256 for now.. mkdir -p verify cd verify -for i in OSXSDK #OPENSSL +for i in OPENSSL OSXSDK do URL="${i}_URL" PACKAGE="${i}_PACKAGE" @@ -200,7 +200,7 @@ fi
# Verify packages with weak or no signatures via direct sha256 check # (OpenSSL is signed with MD5, and OSXSDK is not signed at all) -for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 # OPENSSL +for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 OPENSSL do PACKAGE="${i}_PACKAGE" HASH="${i}_HASH" @@ -236,6 +236,7 @@ done cd ..
ln -sf "$NOSCRIPT_PACKAGE" noscript@noscript.net.xpi +ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2 ln -sf "$GCC_PACKAGE" gcc.tar.bz2 ln -sf "$PYTHON_PACKAGE" python.tar.bz2 @@ -254,7 +255,6 @@ while read dir url tag; do update_git "$dir" "$url" "$tag" done << EOF tbb-windows-installer https://github.com/moba/tbb-windows-installer.git $NSIS_TAG -openssl https://github.com/nmathewson/openssl.git $OPENSSL_TAG zlib https://github.com/madler/zlib.git $ZLIB_TAG libevent https://github.com/libevent/libevent.git $LIBEVENT_TAG tor https://git.torproject.org/tor.git $TOR_TAG diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 182b1b6..7c6bd60 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -66,7 +66,6 @@ then GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG - OPENSSL_TAG=refs/tags/$OPENSSL_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG HTTPSE_TAG=refs/tags/$HTTPSE_TAG @@ -82,7 +81,7 @@ then echo "****** Starting Tor Component of Linux Bundle (1/3 for Linux) ******" echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml + ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml if [ $? -ne 0 ]; then #mv var/build.log ./tor-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index edd3846..531db8f 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -66,7 +66,6 @@ then GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG - OPENSSL_TAG=refs/tags/$OPENSSL_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG HTTPSE_TAG=refs/tags/$HTTPSE_TAG @@ -82,7 +81,7 @@ then echo "****** Starting Tor Component of Mac Bundle (1/3 for Mac) ******" echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml + ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml if [ $? -ne 0 ]; then #mv var/build.log ./tor-fail-mac.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index fd0cf42..183c737 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -67,7 +67,6 @@ then GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG - OPENSSL_TAG=refs/tags/$OPENSSL_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG HTTPSE_TAG=refs/tags/$HTTPSE_TAG @@ -83,7 +82,7 @@ then echo "****** Starting Tor Component of Windows Bundle (1/3 for Windows) ******" echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml + ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml if [ $? -ne 0 ]; then #mv var/build.log ./tor-fail-win32.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index 0d44b1a..bbae06f 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -24,6 +24,7 @@ cd $INPUTS_DIR rm -f bundle.inputs
sha256sum $OSXSDK_PACKAGE >> bundle.inputs +sha256sum $OPENSSL_PACKAGE >> bundle.inputs sha256sum $TOOLCHAIN4_PACKAGE >> bundle.inputs sha256sum mingw-w64-svn-snapshot.zip >> bundle.inputs echo >> bundle.inputs @@ -43,7 +44,6 @@ then HTTPSE_TAG=refs/tags/$HTTPSE_TAG ZLIB_TAG=refs/tags/$ZLIB_TAG LIBEVENT_TAG=refs/tags/$LIBEVENT_TAG - OPENSSL_TAG=refs/tags/$OPENSSL_TAG fi
echo "`cd zlib && git log --format=%H -1 $ZLIB_TAG` zlib.git" >> bundle.inputs @@ -53,7 +53,6 @@ echo "`cd torbutton && git log --format=%H -1 $TORBUTTON_TAG` torbutton.git" >> echo "`cd tor-launcher && git log --format=%H -1 $TORLAUNCHER_TAG` tor-launcher.git" >> bundle.inputs echo "`cd https-everywhere && git log --format=%H -1 $HTTPSE_TAG` https-everywhere.git" >> bundle.inputs echo "`cd tbb-windows-installer && git log --format=%H -1 $NSIS_TAG` tbb-windows-installer.git" >> bundle.inputs -echo "`cd openssl && git log --format=%H -1 $OPENSSL_TAG` openssl.git" >> bundle.inputs echo "`cd $INPUTS_DIR && git log --format=%H -1` gitian-builder.git" >> bundle.inputs echo "`cd $WRAPPER_DIR && git log --format=%H -1` tor-browser-bundle.git" >> bundle.inputs
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 73016a8..055cac5 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -60,7 +60,6 @@ zlib zlib.gpg $ZLIB_TAG libevent libevent.gpg $LIBEVENT_TAG tor tor.gpg $TOR_TAG https-everywhere https-everywhere.gpg $HTTPSE_TAG -openssl tor.gpg $OPENSSL_TAG EOF
cd "$INPUTS_DIR" diff --git a/gitian/versions b/gitian/versions index d109b50..e6fba05 100755 --- a/gitian/versions +++ b/gitian/versions @@ -5,7 +5,6 @@ VERIFY_TAGS=1
TORBROWSER_TAG=tor-browser-24.2.0esr-3.5.1-build1 TOR_TAG=tor-0.2.4.20 -OPENSSL_TAG=openssl-101e-no-gmt-time-v1 TORLAUNCHER_TAG=0.2.4.3 TORBUTTON_TAG=1.6.5.4 HTTPSE_TAG=3.4.4tbb @@ -16,14 +15,14 @@ MINGW_REV=6184
GITIAN_TAG=tor-browser-builder-3.0-4
-# OPENSSL_VER=1.0.1e +OPENSSL_VER=1.0.1f FIREFOX_LANG_VER=24.2.0esr BINUTILS_VER=2.22 GCC_VER=4.6.3 PYTHON_VER=2.7.5
## File names for the source packages -# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz +OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.7-sm+fx+fn.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -34,7 +33,7 @@ GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2 PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs -# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 +OPENSSL_HASH=6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 NOSCRIPT_HASH=5ac1a5c727a5101fd7673ba48179a52ca1804149ed1b67e6172724606355440e @@ -42,7 +41,7 @@ MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
## Non-git package URLs -# OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D +OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D TOOLCHAIN4_URL=https://people.torproject.org/~mikeperry/mirrors/sources/$%7BTOOLCHAIN4_PACK... OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/$%7BOSXSDK_PACKAG... BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/$%7BBINUTILS_PACKAGE%7D diff --git a/gitian/versions.alpha b/gitian/versions.alpha index fc5fa21..ac5894d 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -1,13 +1,12 @@ -TORBROWSER_VERSION=3.5-rc-1 +TORBROWSER_VERSION=4.0-alpha-1 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru vi zh-CN"
VERIFY_TAGS=1
TORBROWSER_TAG=tor-browser-24.2.0esr-3.5rc1-build3 -TOR_TAG=tor-0.2.4.18-rc -OPENSSL_TAG=openssl-101e-no-gmt-time-v1 -TORLAUNCHER_TAG=0.2.4.1 -TORBUTTON_TAG=1.6.5.1 +TOR_TAG=tor-0.2.5.1-alpha +TORLAUNCHER_TAG=0.2.4.3 +TORBUTTON_TAG=1.6.5.4 HTTPSE_TAG=3.4.4tbb NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 @@ -16,14 +15,14 @@ MINGW_REV=6184
GITIAN_TAG=tor-browser-builder-3.0-4
-# OPENSSL_VER=1.0.1e +OPENSSL_VER=1.0.1f FIREFOX_LANG_VER=24.2.0esr BINUTILS_VER=2.22 GCC_VER=4.6.3 PYTHON_VER=2.7.5
## File names for the source packages -# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz +OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.7-sm+fx+fn.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb @@ -34,7 +33,7 @@ GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2 PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs -# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 +OPENSSL_HASH=6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 NOSCRIPT_HASH=5ac1a5c727a5101fd7673ba48179a52ca1804149ed1b67e6172724606355440e @@ -42,7 +41,7 @@ MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
## Non-git package URLs -# OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D +OPENSSL_URL=https://www.openssl.org/source/$%7BOPENSSL_PACKAGE%7D TOOLCHAIN4_URL=https://people.torproject.org/~mikeperry/mirrors/sources/$%7BTOOLCHAIN4_PACK... OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/$%7BOSXSDK_PACKAG... BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/$%7BBINUTILS_PACKAGE%7D
tor-commits@lists.torproject.org
-
mikeperry@torproject.org