Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: depends fail to build, bump expat version #3481

Open
wants to merge 1 commit into
base: 1.15.0-dev
Choose a base branch
from
Open

Fix: depends fail to build, bump expat version #3481

wants to merge 1 commit into from

Conversation

Twinky-kms
Copy link

@Twinky-kms Twinky-kms commented Mar 14, 2024
edited

2.5.0 version of expat has a vulnerability in it and it is recommended to use 2.6.2 as seen in the file names on the download page.

https://sourceforge.net/projects/expat/files/expat/2.5.0/

@Twinky-kms
bump expat version
7f089c6 
2.5.0 version of expat has a vulnerability in it and it is recommended to use 2.6.2 as seen in the file names on the download page.
@Twinky-kms Twinky-kms changed the title bump expat version Fix: bump expat version Mar 14, 2024
@Twinky-kms Twinky-kms changed the title Fix: bump expat version Fix: depends fail to build, bump expat version Mar 14, 2024
@patricklodder patricklodder changed the base branch from master to 1.15.0-dev March 14, 2024 13:07
@patricklodder patricklodder requested a review from a team March 14, 2024 13:08
@patricklodder patricklodder added this to the 1.15.0 milestone Mar 14, 2024
@patricklodder patricklodder added the gitian check needed This PR needs a gitian check label Mar 14, 2024
@patricklodder
Copy link
Member

Thank you!

  • I've fixed the immediate issue where expat-2.5.0.tar.bz2 wasn't properly configured for public access on the depends mirror I maintain - this de-escalates this issue for non-release 1.15.0 builds and gitian checks on v1.14.7.
  • I'm still reviewing the commit log from 2.5.0 to 2.6.2 (it's huge, but there's lots of move-only and QA commits making review fast - I expect to get through it all before the weekend.)
  • I'll start a gitian-lxc build in parallel.

@patricklodder patricklodder added this to 🚀 needs review in Review & merge board Mar 14, 2024
@patricklodder
Copy link
Member

shasums from lxc gitian:

36954c6c21188cd214df174148b2bb10e38dac5247d517f6cf596f031ad564b9  dogecoin-1.14.7-aarch64-linux-gnu-debug.tar.gz
942a460bca90fa5641af8b89eeb2dbf1aaa7756a50e0a41176448fee9034bb34  dogecoin-1.14.7-aarch64-linux-gnu.tar.gz
62fa11d527184b6a0ccd3e21fe8cbd48b000d2c851593de4c409fcf4628c6381  dogecoin-1.14.7-arm-linux-gnueabihf-debug.tar.gz
7b17cd66e0cedcb35ca1dd3781481cad3ce8eabefb9137f088876d68fcc0322f  dogecoin-1.14.7-arm-linux-gnueabihf.tar.gz
da36a7c8ecb32f14268a83999f33536ae01ff6de3f1e55167d79f855ec7d02a1  dogecoin-1.14.7-i686-pc-linux-gnu-debug.tar.gz
826e821678cc538f1fb134c1ea03dc1fdd9526ac229e8c6b0e479c79a6f26dbf  dogecoin-1.14.7-i686-pc-linux-gnu.tar.gz
926ebc63d08f502462f36f9a8b3e59954c362fdb29f20ce5a20f3d60e67b495a  dogecoin-1.14.7-osx-unsigned.dmg
1d7dabb22f642558bd742c9198688b54a9848436975eb3537257b4f763510661  dogecoin-1.14.7-osx-unsigned.tar.gz
c754904d0c2bbd79904a799baa00fdef8ccadd24a56070fc3e7ddaa304cd40ab  dogecoin-1.14.7-osx64.tar.gz
85c7309fd2dd7598bbed8347b2f11145ced710dcb3701a63a8f2785c83a4a306  dogecoin-1.14.7-win-unsigned.tar.gz
36f90aba873d62f491e1b91481500ee8d0d357e6614856e1b92e70f5f26ca53d  dogecoin-1.14.7-win32-debug.zip
ca83a9df8f78a924bf173b6db162febc252239c8e785ae5e345bb14528bd1790  dogecoin-1.14.7-win32-setup-unsigned.exe
1cf68b3bad215352e4a0f50eab6e798fe6535ca1b3a39e647e4214566b30ca32  dogecoin-1.14.7-win32.zip
1b0ab33d1806a05177ee32b78f4257867b520ad2b2583d2c4f2d990f202216c9  dogecoin-1.14.7-win64-debug.zip
0df43437747117f2188c76f516a10067b52af2dfbee9c91272bc251e560bd2ad  dogecoin-1.14.7-win64-setup-unsigned.exe
1f8b51d2ce93397f3b7ab40caeea4233f8d9d29bee086a531f51652a6ce14ec5  dogecoin-1.14.7-win64.zip
d551524a8d06b95951802542173a0cbb58fd0a509ec0ed644a64acb26343567a  dogecoin-1.14.7-x86_64-linux-gnu-debug.tar.gz
590fc130b9e51a41c0a15532f2649175c7ab946ceec274874185c9eeeac049ec  dogecoin-1.14.7-x86_64-linux-gnu.tar.gz
c770ee615250bb475aaa8a4157b1a3c2a717fd9a8fdd85739b7efab5e3fac7d5  dogecoin-1.14.7.tar.gz

@georgeartem
Copy link

Great! Is there a way to flag this to discussion #3471 ?

@patricklodder
Copy link
Member

Great! Is there a way to flag this to discussion #3471 ?

It's not related, this affects the depends system only

@edtubbs
Copy link
Contributor

edtubbs commented Apr 3, 2024

Docker gitian

36954c6c21188cd214df174148b2bb10e38dac5247d517f6cf596f031ad564b9  dogecoin-1.14.7-aarch64-linux-gnu-debug.tar.gz
942a460bca90fa5641af8b89eeb2dbf1aaa7756a50e0a41176448fee9034bb34  dogecoin-1.14.7-aarch64-linux-gnu.tar.gz
62fa11d527184b6a0ccd3e21fe8cbd48b000d2c851593de4c409fcf4628c6381  dogecoin-1.14.7-arm-linux-gnueabihf-debug.tar.gz
7b17cd66e0cedcb35ca1dd3781481cad3ce8eabefb9137f088876d68fcc0322f  dogecoin-1.14.7-arm-linux-gnueabihf.tar.gz
da36a7c8ecb32f14268a83999f33536ae01ff6de3f1e55167d79f855ec7d02a1  dogecoin-1.14.7-i686-pc-linux-gnu-debug.tar.gz
826e821678cc538f1fb134c1ea03dc1fdd9526ac229e8c6b0e479c79a6f26dbf  dogecoin-1.14.7-i686-pc-linux-gnu.tar.gz
c754904d0c2bbd79904a799baa00fdef8ccadd24a56070fc3e7ddaa304cd40ab  dogecoin-1.14.7-osx64.tar.gz
926ebc63d08f502462f36f9a8b3e59954c362fdb29f20ce5a20f3d60e67b495a  dogecoin-1.14.7-osx-unsigned.dmg
1d7dabb22f642558bd742c9198688b54a9848436975eb3537257b4f763510661  dogecoin-1.14.7-osx-unsigned.tar.gz
c770ee615250bb475aaa8a4157b1a3c2a717fd9a8fdd85739b7efab5e3fac7d5  dogecoin-1.14.7.tar.gz
36f90aba873d62f491e1b91481500ee8d0d357e6614856e1b92e70f5f26ca53d  dogecoin-1.14.7-win32-debug.zip
ca83a9df8f78a924bf173b6db162febc252239c8e785ae5e345bb14528bd1790  dogecoin-1.14.7-win32-setup-unsigned.exe
1cf68b3bad215352e4a0f50eab6e798fe6535ca1b3a39e647e4214566b30ca32  dogecoin-1.14.7-win32.zip
1b0ab33d1806a05177ee32b78f4257867b520ad2b2583d2c4f2d990f202216c9  dogecoin-1.14.7-win64-debug.zip
0df43437747117f2188c76f516a10067b52af2dfbee9c91272bc251e560bd2ad  dogecoin-1.14.7-win64-setup-unsigned.exe
1f8b51d2ce93397f3b7ab40caeea4233f8d9d29bee086a531f51652a6ce14ec5  dogecoin-1.14.7-win64.zip
85c7309fd2dd7598bbed8347b2f11145ced710dcb3701a63a8f2785c83a4a306  dogecoin-1.14.7-win-unsigned.tar.gz
d551524a8d06b95951802542173a0cbb58fd0a509ec0ed644a64acb26343567a  dogecoin-1.14.7-x86_64-linux-gnu-debug.tar.gz
590fc130b9e51a41c0a15532f2649175c7ab946ceec274874185c9eeeac049ec  dogecoin-1.14.7-x86_64-linux-gnu.tar.gz

@patricklodder patricklodder removed the gitian check needed This PR needs a gitian check label Apr 3, 2024
@patricklodder
Copy link
Member

Gitian match between @edtubbs's docker run and my lxc run ✅

I'll do one last run through the source diff then this should be good to go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gedoxa Gedoxa Gedoxa approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies
Projects
Review & merge board
🚀 needs review
Milestone
1.15.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Twinky-kms @patricklodder @georgeartem @edtubbs @Gedoxa