[tor-commits] [tor-browser-bundle/master] Upgrade OpenSSL to 1.0.1f.
mikeperry at torproject.org
mikeperry at torproject.org
Tue Jan 14 23:34:25 UTC 2014
commit 151bf2706122c61a10f305593137d9bd9352e421
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Tue Jan 14 15:24:55 2014 -0800
Upgrade OpenSSL to 1.0.1f.
Also switch back to using the official dist tarballs, since Nick's timestamp
patch was merged.
---
gitian/descriptors/linux/gitian-tor.yml | 6 ++---
gitian/descriptors/mac/gitian-tor.yml | 6 ++---
gitian/descriptors/windows/gitian-tor.yml | 6 ++---
gitian/fetch-inputs.sh | 34 ++++++++++++++---------------
gitian/mkbundle-linux.sh | 3 +--
gitian/mkbundle-mac.sh | 3 +--
gitian/mkbundle-windows.sh | 3 +--
gitian/record-inputs.sh | 3 +--
gitian/verify-tags.sh | 1 -
gitian/versions | 9 ++++----
gitian/versions.alpha | 17 +++++++--------
11 files changed, 42 insertions(+), 49 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index df92f37..736e84c 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -22,10 +22,9 @@ remotes:
"dir": "tor"
- "url": "https://github.com/libevent/libevent.git"
"dir": "libevent"
-- "url": "https://github.com/nmathewson/openssl.git"
- "dir": "openssl"
files:
- "dzip.sh"
+- "openssl.tar.gz"
script: |
INSTDIR="$HOME/install"
export LIBRARY_PATH="$INSTDIR/lib"
@@ -55,7 +54,8 @@ script: |
cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/
cd ..
#
- cd openssl
+ tar xzf openssl.tar.gz
+ cd openssl-*
find -type f | xargs touch --date="$REFERENCE_DATETIME"
#./Configure -shared --prefix=$INSTDIR/openssl linux-elf
./config -shared --prefix=$INSTDIR/openssl
diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml
index c0b483b..7707555 100644
--- a/gitian/descriptors/mac/gitian-tor.yml
+++ b/gitian/descriptors/mac/gitian-tor.yml
@@ -22,9 +22,8 @@ remotes:
"dir": "libevent"
- "url": "https://github.com/madler/zlib.git"
"dir": "zlib"
-- "url": "https://github.com/nmathewson/openssl.git"
- "dir": "openssl"
files:
+- "openssl.tar.gz"
- "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
- "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
- "dzip.sh"
@@ -65,7 +64,8 @@ script: |
#cp $INSTDIR/zlib/lib/*.dylib $INSTDIR/Tor/
#cd ..
#
- cd openssl
+ tar xzf openssl.tar.gz
+ cd openssl-*
find -type f | xargs touch --date="$REFERENCE_DATETIME"
./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin-i386-cc --prefix=$INSTDIR/openssl
make # SHARED_LDFLAGS="-shared -dynamiclib -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/"
diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml
index 836e695..901383e 100644
--- a/gitian/descriptors/windows/gitian-tor.yml
+++ b/gitian/descriptors/windows/gitian-tor.yml
@@ -22,11 +22,10 @@ remotes:
"dir": "libevent"
- "url": "https://github.com/madler/zlib.git"
"dir": "zlib"
-- "url": "https://github.com/nmathewson/openssl.git"
- "dir": "openssl"
files:
- "binutils.tar.bz2"
- "dzip.sh"
+- "openssl.tar.gz"
script: |
INSTDIR="$HOME/install"
export LIBRARY_PATH="$INSTDIR/lib"
@@ -71,7 +70,8 @@ script: |
cp $INSTDIR/libevent/bin/*.dll $INSTDIR/Tor/
cd ..
#
- cd openssl
+ tar xzf openssl.tar.gz
+ cd openssl-*
find -type f | xargs touch --date="$REFERENCE_DATETIME"
./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw --prefix=$INSTDIR/openssl
make
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 9f54f61..862f8af 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -116,20 +116,20 @@ checkout_mingw() {
# Get package files from mirror
# Get+verify sigs that exist
-#for i in OPENSSL # OBFSPROXY
-#do
-# PACKAGE="${i}_PACKAGE"
-# URL="${MIRROR_URL}${!PACKAGE}"
-# SUFFIX="asc"
-# get "${!PACKAGE}" "$URL"
-# get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
-#
-# if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
-# echo "$i: GPG signature is broken for ${URL}"
-# mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
-# exit 1
-# fi
-#done
+for i in OPENSSL # OBFSPROXY
+do
+ PACKAGE="${i}_PACKAGE"
+ URL="${MIRROR_URL}${!PACKAGE}"
+ SUFFIX="asc"
+ get "${!PACKAGE}" "$URL"
+ get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
+
+ if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
+ echo "$i: GPG signature is broken for ${URL}"
+ mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
+ exit 1
+ fi
+done
for i in BINUTILS GCC PYTHON
do
@@ -164,7 +164,7 @@ done
# TOOLCHAIN4 each time. Rely only on SHA256 for now..
mkdir -p verify
cd verify
-for i in OSXSDK #OPENSSL
+for i in OPENSSL OSXSDK
do
URL="${i}_URL"
PACKAGE="${i}_PACKAGE"
@@ -200,7 +200,7 @@ fi
# Verify packages with weak or no signatures via direct sha256 check
# (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 # OPENSSL
+for i in OSXSDK TOOLCHAIN4 NOSCRIPT MINGW MSVCR100 OPENSSL
do
PACKAGE="${i}_PACKAGE"
HASH="${i}_HASH"
@@ -236,6 +236,7 @@ done
cd ..
ln -sf "$NOSCRIPT_PACKAGE" noscript at noscript.net.xpi
+ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz
ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2
ln -sf "$GCC_PACKAGE" gcc.tar.bz2
ln -sf "$PYTHON_PACKAGE" python.tar.bz2
@@ -254,7 +255,6 @@ while read dir url tag; do
update_git "$dir" "$url" "$tag"
done << EOF
tbb-windows-installer https://github.com/moba/tbb-windows-installer.git $NSIS_TAG
-openssl https://github.com/nmathewson/openssl.git $OPENSSL_TAG
zlib https://github.com/madler/zlib.git $ZLIB_TAG
libevent https://github.com/libevent/libevent.git $LIBEVENT_TAG
tor https://git.torproject.org/tor.git $TOR_TAG
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 182b1b6..7c6bd60 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -66,7 +66,6 @@ then
GITIAN_TAG=refs/tags/$GITIAN_TAG
TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
- OPENSSL_TAG=refs/tags/$OPENSSL_TAG
TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
TOR_TAG=refs/tags/$TOR_TAG
HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -82,7 +81,7 @@ then
echo "****** Starting Tor Component of Linux Bundle (1/3 for Linux) ******"
echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
+ ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./tor-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh
index edd3846..531db8f 100755
--- a/gitian/mkbundle-mac.sh
+++ b/gitian/mkbundle-mac.sh
@@ -66,7 +66,6 @@ then
GITIAN_TAG=refs/tags/$GITIAN_TAG
TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
- OPENSSL_TAG=refs/tags/$OPENSSL_TAG
TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
TOR_TAG=refs/tags/$TOR_TAG
HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -82,7 +81,7 @@ then
echo "****** Starting Tor Component of Mac Bundle (1/3 for Mac) ******"
echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml
+ ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./tor-fail-mac.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh
index fd0cf42..183c737 100755
--- a/gitian/mkbundle-windows.sh
+++ b/gitian/mkbundle-windows.sh
@@ -67,7 +67,6 @@ then
GITIAN_TAG=refs/tags/$GITIAN_TAG
TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
- OPENSSL_TAG=refs/tags/$OPENSSL_TAG
TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
TOR_TAG=refs/tags/$TOR_TAG
HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -83,7 +82,7 @@ then
echo "****** Starting Tor Component of Windows Bundle (1/3 for Windows) ******"
echo
- ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml
+ ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./tor-fail-win32.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh
index 0d44b1a..bbae06f 100755
--- a/gitian/record-inputs.sh
+++ b/gitian/record-inputs.sh
@@ -24,6 +24,7 @@ cd $INPUTS_DIR
rm -f bundle.inputs
sha256sum $OSXSDK_PACKAGE >> bundle.inputs
+sha256sum $OPENSSL_PACKAGE >> bundle.inputs
sha256sum $TOOLCHAIN4_PACKAGE >> bundle.inputs
sha256sum mingw-w64-svn-snapshot.zip >> bundle.inputs
echo >> bundle.inputs
@@ -43,7 +44,6 @@ then
HTTPSE_TAG=refs/tags/$HTTPSE_TAG
ZLIB_TAG=refs/tags/$ZLIB_TAG
LIBEVENT_TAG=refs/tags/$LIBEVENT_TAG
- OPENSSL_TAG=refs/tags/$OPENSSL_TAG
fi
echo "`cd zlib && git log --format=%H -1 $ZLIB_TAG` zlib.git" >> bundle.inputs
@@ -53,7 +53,6 @@ echo "`cd torbutton && git log --format=%H -1 $TORBUTTON_TAG` torbutton.git" >>
echo "`cd tor-launcher && git log --format=%H -1 $TORLAUNCHER_TAG` tor-launcher.git" >> bundle.inputs
echo "`cd https-everywhere && git log --format=%H -1 $HTTPSE_TAG` https-everywhere.git" >> bundle.inputs
echo "`cd tbb-windows-installer && git log --format=%H -1 $NSIS_TAG` tbb-windows-installer.git" >> bundle.inputs
-echo "`cd openssl && git log --format=%H -1 $OPENSSL_TAG` openssl.git" >> bundle.inputs
echo "`cd $INPUTS_DIR && git log --format=%H -1` gitian-builder.git" >> bundle.inputs
echo "`cd $WRAPPER_DIR && git log --format=%H -1` tor-browser-bundle.git" >> bundle.inputs
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index 73016a8..055cac5 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -60,7 +60,6 @@ zlib zlib.gpg $ZLIB_TAG
libevent libevent.gpg $LIBEVENT_TAG
tor tor.gpg $TOR_TAG
https-everywhere https-everywhere.gpg $HTTPSE_TAG
-openssl tor.gpg $OPENSSL_TAG
EOF
cd "$INPUTS_DIR"
diff --git a/gitian/versions b/gitian/versions
index d109b50..e6fba05 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -5,7 +5,6 @@ VERIFY_TAGS=1
TORBROWSER_TAG=tor-browser-24.2.0esr-3.5.1-build1
TOR_TAG=tor-0.2.4.20
-OPENSSL_TAG=openssl-101e-no-gmt-time-v1
TORLAUNCHER_TAG=0.2.4.3
TORBUTTON_TAG=1.6.5.4
HTTPSE_TAG=3.4.4tbb
@@ -16,14 +15,14 @@ MINGW_REV=6184
GITIAN_TAG=tor-browser-builder-3.0-4
-# OPENSSL_VER=1.0.1e
+OPENSSL_VER=1.0.1f
FIREFOX_LANG_VER=24.2.0esr
BINUTILS_VER=2.22
GCC_VER=4.6.3
PYTHON_VER=2.7.5
## File names for the source packages
-# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
+OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.7-sm+fx+fn.xpi
TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
@@ -34,7 +33,7 @@ GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2
PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs
-# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+OPENSSL_HASH=6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
NOSCRIPT_HASH=5ac1a5c727a5101fd7673ba48179a52ca1804149ed1b67e6172724606355440e
@@ -42,7 +41,7 @@ MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f
MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
## Non-git package URLs
-# OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
+OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
TOOLCHAIN4_URL=https://people.torproject.org/~mikeperry/mirrors/sources/${TOOLCHAIN4_PACKAGE}
OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_PACKAGE}
BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE}
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index fc5fa21..ac5894d 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -1,13 +1,12 @@
-TORBROWSER_VERSION=3.5-rc-1
+TORBROWSER_VERSION=4.0-alpha-1
BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru vi zh-CN"
VERIFY_TAGS=1
TORBROWSER_TAG=tor-browser-24.2.0esr-3.5rc1-build3
-TOR_TAG=tor-0.2.4.18-rc
-OPENSSL_TAG=openssl-101e-no-gmt-time-v1
-TORLAUNCHER_TAG=0.2.4.1
-TORBUTTON_TAG=1.6.5.1
+TOR_TAG=tor-0.2.5.1-alpha
+TORLAUNCHER_TAG=0.2.4.3
+TORBUTTON_TAG=1.6.5.4
HTTPSE_TAG=3.4.4tbb
NSIS_TAG=v0.1
ZLIB_TAG=v1.2.8
@@ -16,14 +15,14 @@ MINGW_REV=6184
GITIAN_TAG=tor-browser-builder-3.0-4
-# OPENSSL_VER=1.0.1e
+OPENSSL_VER=1.0.1f
FIREFOX_LANG_VER=24.2.0esr
BINUTILS_VER=2.22
GCC_VER=4.6.3
PYTHON_VER=2.7.5
## File names for the source packages
-# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
+OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.7-sm+fx+fn.xpi
TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb
@@ -34,7 +33,7 @@ GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2
PYTHON_PACKAGE=Python-${PYTHON_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs
-# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+OPENSSL_HASH=6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
NOSCRIPT_HASH=5ac1a5c727a5101fd7673ba48179a52ca1804149ed1b67e6172724606355440e
@@ -42,7 +41,7 @@ MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f
MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
## Non-git package URLs
-# OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
+OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
TOOLCHAIN4_URL=https://people.torproject.org/~mikeperry/mirrors/sources/${TOOLCHAIN4_PACKAGE}
OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_PACKAGE}
BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE}
More information about the tor-commits
mailing list