diff --git a/README.md b/README.md index 3915d1c..d238a9e 100644 --- a/README.md +++ b/README.md @@ -4,30 +4,33 @@ The bitcoin-core package. ## Preparing a new update -Perform the following steps to prepare the update to a new version. The sample commands below are performed with version 30.0. +Perform the following steps to prepare the update to a new version. The sample commands below are performed with version 29.0. Generic package update steps: ``` $ rm -f bitcoin-*.tar.gz SHA256SUMS* -$ rpmdev-bumpspec -D -c "Update to 30.0." -n 30.0 bitcoin-core.spec +$ rpmdev-bumpspec -D -c "Update to 29.0." -n 29.0 bitcoin-core.spec $ spectool -g bitcoin-core.spec -Downloading: https://bitcoincore.org/bin/bitcoin-core-30.0/bitcoin-30.0.tar.gz +Downloading: https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0.tar.gz 100% of 10.9 MiB |#######################################################| Elapsed Time: 0:00:01 Time: 0:00:01 -Downloaded: bitcoin-30.0.tar.gz -Downloading: https://bitcoincore.org/bin/bitcoin-core-30.0/SHA256SUMS.asc +Downloaded: bitcoin-29.0.tar.gz +Downloading: https://bitcoincore.org/bin/bitcoin-core-29.0/SHA256SUMS.asc 100% of 10.3 KiB |#######################################################| Elapsed Time: 0:00:00 Time: 0:00:00 Downloaded: SHA256SUMS.asc -Downloading: https://bitcoincore.org/bin/bitcoin-core-30.0/SHA256SUMS +Downloading: https://bitcoincore.org/bin/bitcoin-core-29.0/SHA256SUMS 100% of 2.8 KiB |#######################################################| Elapsed Time: 0:00:00 Time: 0:00:00 Downloaded: SHA256SUMS +Downloading: https://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz +File '/home/slaanesh/workspace/fedora/bitcoin-core/db-4.8.30.NC.tar.gz' already present. ``` -When uploading sources, make sure everything is included even if it has not changed as otherwise will not be available in the Koji build root: +When uploading sources, make sure the DB tarball is included even if it has not changed as otherwise will not be available in the Koji build root: ``` -$ fedpkg new-sources bitcoin-30.0.tar.gz SHA256SUMS SHA256SUMS.asc -Uploading: bitcoin-30.0.tar.gz +$ fedpkg new-sources bitcoin-29.0.tar.gz SHA256SUMS SHA256SUMS.asc db-4.8.30.NC.tar.gz +File already uploaded: db-4.8.30.NC.tar.gz +Uploading: bitcoin-29.0.tar.gz ######################################################################## 100.0% Uploading: SHA256SUMS ######################################################################## 100.0% @@ -39,12 +42,12 @@ After this, based on the list of keys that have signed the release and that are ``` $ ./bitcoin-gpg.sh Prepare official script to verify releases to work offline... done. -Creating GPG keyring with public keys that have signed release 30.0... done. +Creating GPG keyring with public keys that have signed release 29.0... done. ``` After this, it's time to commit and build: ``` $ git add bitcoin-offline-pubring.gpg -$ git commit -a -m "Update to 30.0" +$ git commit -a -m "Update to 29.0" $ git push $ fedpkg build --nowait ``` diff --git a/README.server.redhat b/README.server.redhat index 310888f..7169b2e 100644 --- a/README.server.redhat +++ b/README.server.redhat @@ -49,8 +49,18 @@ group, then these commands should be sufficient: chown -R bitcoin.bitcoin /etc/bitcoin chmod -R u+rw,g+r,o= /etc/bitcoin -Legeacy wallets ---------------- +Berkeley DB +----------- + +On all platforms, including RHEL/CentOS/Fedora and the upstream build, bitcoin +uses Berkeley DB 4.8. +Oracle makes clear that binary compatibility is not guaranteed even between minor +releases of Berkeley DB. This has implications if you move your wallet to and +from a system with a different Berkeley DB version. + +It is strongly recommended that if you change Berkeley DB versions you first +dump your wallet from the old system into a text file, and then import the +wallet into the new system. To dump or import a wallet from a Bitcoin daemon, you will need to use the bitcoin-cli utility. diff --git a/bitcoin-core.spec b/bitcoin-core.spec index 3a3ca07..7fc1e3c 100644 --- a/bitcoin-core.spec +++ b/bitcoin-core.spec @@ -5,16 +5,16 @@ %bcond_with extended_tests Name: bitcoin-core -Version: 30.2 +Version: 29.2 Release: %autorelease Summary: Peer to Peer Cryptographic Currency License: MIT URL: https://bitcoincore.org/ # In .gitignore, so no chance to commit to SCM: -Source0: https://bitcoincore.org/bin/%{name}-%{version}/%{project_name}-%{version}.tar.gz -Source1: https://bitcoincore.org/bin/%{name}-%{version}/SHA256SUMS.asc -Source2: https://bitcoincore.org/bin/%{name}-%{version}/SHA256SUMS +Source0: https://bitcoincore.org/bin/bitcoin-core-%{version}/%{project_name}-%{version}.tar.gz +Source1: https://bitcoincore.org/bin/bitcoin-core-%{version}/SHA256SUMS.asc +Source2: https://bitcoincore.org/bin/bitcoin-core-%{version}/SHA256SUMS # Key verificaton process - Make official verify method work offline # - Keys listed to sign the release are listed in SHA256SUMS.asc. @@ -32,13 +32,20 @@ Source7: %{project_name}.service.system Source8: %{project_name}.service.user Source9: %{project_name}-qt.protocol Source10: %{project_name}-qt.desktop -Source11: %{project_name}.sysusers.conf # Documentation -Source12: %{project_name}.conf.example -Source13: README.gui.redhat -Source14: README.utils.redhat -Source15: README.server.redhat +Source11: %{project_name}.conf.example +Source12: README.gui.redhat +Source13: README.utils.redhat +Source14: README.server.redhat + +# Berkeley DB will be dropped in Bitcoin 30.0! +# https://github.com/bitcoin/bitcoin/issues/20160 + +# Berkeley DB non-strong cryptography variant (NC) +Source15: https://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz +Source16: db-4.8.30.NC-format-security.patch +Source17: db-4.8.30.NC-configure-c99.patch # AppStream metadata Source18: %{project_name}-qt.metainfo.xml @@ -46,15 +53,9 @@ Source18: %{project_name}-qt.metainfo.xml # Patch verify script to use local keyring Patch0: %{project_name}-verify-offline.patch -# Patch to set the shared object version to the main version -Patch1: %{project_name}-shared.patch - BuildRequires: boost-devel >= 1.64.0 -BuildRequires: capnproto -BuildRequires: capnproto-devel BuildRequires: checkpolicy BuildRequires: desktop-file-utils -BuildRequires: doxygen BuildRequires: gnupg2 BuildRequires: libappstream-glib BuildRequires: cmake > 3.22 @@ -65,38 +66,28 @@ BuildRequires: pkgconfig(libevent_pthreads) >= 2.1.8 BuildRequires: pkgconfig(libqrencode) BuildRequires: pkgconfig(libzmq) >= 4 BuildRequires: pkgconfig(sqlite3) >= 3.7.17 -BuildRequires: qt6-qtbase-devel -BuildRequires: qt6-qttools-devel -BuildRequires: systemd-rpm-macros +BuildRequires: qt5-linguist +BuildRequires: qt5-qtbase-devel +BuildRequires: systemd BuildRequires: systemtap-sdt-devel -Requires: %{name}-desktop = %{version}-%{release} -Requires: %{name}-server = %{version}-%{release} -Requires: %{name}-utils = %{version}-%{release} -Requires: lib%{project_name}kernel = %{version}-%{release} +# For Berkeley BDB +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool %description Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. -This package installs the full Bitcoin Core distribution, with utilities, server -and desktop (graphical wallet) components. - -%package -n lib%{project_name}kernel -Summary: Consensus engine and support library - -%description -n lib%{project_name}kernel -Bitcoin Core consensus engine. A stateful library that can spawn threads, do -caching, do I/O, and many other things which one may not normally expect from a -library. - %package desktop Summary: Peer to Peer Cryptographic Currency -Provides: bundled(leveldb) -Provides: bundled(libmultiprocess) -Provides: bundled(secp256k1) -Provides: bundled(univalue) +Conflicts: bitcoin +Provides: bundled(leveldb) = 1.22.0 +Provides: bundled(libdb) = 4.8.30.NC +Provides: bundled(secp256k1) = 0.1 +Provides: bundled(univalue) = 1.1.3 %description desktop Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to @@ -108,7 +99,9 @@ to run a Bitcoin wallet, this is probably the package you want. %package devel Summary: Peer-to-peer digital currency -Requires: lib%{project_name}kernel = %{version}-%{release} +Conflicts: bitcoin-devel +Provides: %{name}-libs = %{version}-%{release} +Obsoletes: %{name}-libs < %{version}-%{release} %description devel This package contains the bitcoin utility tool. @@ -117,6 +110,7 @@ Most people do not need this package installed. %package utils Summary: Peer-to-peer digital currency +Conflicts: bitcoin-utils %description utils Bitcoin is an experimental new digital currency that enables instant payments to @@ -129,21 +123,23 @@ control a Bitcoin server via its RPC protocol, and bitcoin-tx, a utility to create custom Bitcoin transactions. %package server -Summary: Peer-to-peer digital currency -Requires: (%{name}-selinux >= 0.1 if selinux-policy) -Provides: bundled(leveldb) -Provides: bundled(libmultiprocess) -Provides: bundled(secp256k1) -Provides: bundled(univalue) +Summary: Peer-to-peer digital currency +Conflicts: bitcoin-server +Requires(pre): shadow-utils +Requires: (%{name}-selinux if selinux-policy) +Provides: bundled(leveldb) = 1.22.0 +Provides: bundled(libdb) = 4.8.30.NC +Provides: bundled(secp256k1) = 0.1 +Provides: bundled(univalue) = 1.1.3 %description server -This package provides a stand-alone %{name} daemon. For most users, this +This package provides a stand-alone bitcoin-core daemon. For most users, this package is only needed if they need a full-node without the graphical client. Some third party wallet software will want this package to provide the actual -%{name} node they use to connect to the network. +bitcoin-core node they use to connect to the network. -If you use the graphical %{name} client then you almost certainly do not +If you use the graphical bitcoin-core client then you almost certainly do not need this package. %prep @@ -156,13 +152,42 @@ contrib/verify-binaries/verify.py --min-good-sigs 3 bin %{SOURCE2} %{SOURCE0} # Check the hash of the tarball, not in the same folder where we are now: grep -q $(sha256sum %{SOURCE0}) %{SOURCE2} +# No publicly available hash file, check it against what bitcoin-core expects: +export BDB_HASH=$(grep sha256_hash depends/packages/bdb.mk | sed -e "s/.*=//g") +echo $BDB_HASH %{SOURCE15} | sha256sum -c + +# Berkeley DB: +mkdir db4 +tar --strip-components=1 -xzf %{SOURCE15} -C db4 +patch -d db4 -p1 -i ../depends/patches/bdb/clang_cxx_11.patch +patch -d db4 -p1 -i %{SOURCE16} +patch -d db4 -p1 -i %{SOURCE17} +# Avoid any modification timestamp based regeneration of the configure +# script due to patching above: +touch -r db4/dist/configure db4/dist/configure.ac db4/dist/aclocal/*.m4 + # Documentation (sources can not be directly reference with doc) -cp -p %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} . +cp -p %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} . %build +# Build static Berkeley DB reusing all compiler flags / hardening: +pushd db4/build_unix + +%define _configure ../dist/configure +%configure \ + --disable-shared \ + --enable-cxx \ + --disable-replication +%undefine _configure + +%make_build libdb_cxx.a libdb.a +make install_lib install_include DESTDIR=%{_builddir}/%{buildsubdir}/db4 +popd # Bitcoin kernel library used only as part of the testing for now: %cmake \ + -DBerkeleyDB_INCLUDE_DIR=%{_builddir}/%{buildsubdir}/db4%{_includedir}/ \ + -DBerkeleyDB_LIBRARY_RELEASE=%{_builddir}/%{buildsubdir}/db4%{_libdir}/libdb_cxx.a \ -DBUILD_CLI=ON \ -DBUILD_DAEMON=ON \ -DBUILD_GUI=ON \ @@ -171,9 +196,9 @@ cp -p %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} . -DBUILD_TX=ON \ -DBUILD_UTIL=ON \ -DBUILD_UTIL_CHAINSTATE=ON \ - -DENABLE_IPC=ON \ -DENABLE_WALLET=ON \ -DINSTALL_MAN=ON \ + -DWITH_BDB=ON \ -DWITH_DBUS=ON \ -DWITH_QRENCODE=ON \ -DWITH_SQLITE=ON \ @@ -187,6 +212,14 @@ cp -p %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} . find %{buildroot} -name "*.la" -delete +# TODO: Upstream puts bitcoind in the wrong directory. Need to fix the +# upstream Makefiles to install it in the correct place. +mkdir -p -m 755 %{buildroot}%{_sbindir} +mv %{buildroot}%{_bindir}/bitcoind %{buildroot}%{_sbindir}/bitcoind + +# Remove Bitcoin Kernel Library for now (https://github.com/bitcoin/bitcoin/issues/27587) +rm -frv %{buildroot}%{_libdir} + # Temporary files mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/%{project_name}.conf @@ -223,8 +256,6 @@ install -p -m 644 -D %{SOURCE18} %{buildroot}%{_metainfodir}/%{project_name}-qt. # Remove test files so that they aren't shipped. Tests have already been run. rm -f %{buildroot}%{_bindir}/test_* -install -m0644 -D %{SOURCE11} %{buildroot}%{_sysusersdir}/%{name}.conf - %check desktop-file-validate %{buildroot}%{_datadir}/applications/%{project_name}-qt.desktop appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/%{project_name}-qt.metainfo.xml @@ -233,6 +264,13 @@ appstream-util validate-relax --nonet %{buildroot}%{_metainfodir}/%{project_name test/functional/test_runner.py --tmpdirprefix `pwd` --extended %endif +%pre server +getent group %{project_name} >/dev/null || groupadd -r %{project_name} +getent passwd %{project_name} >/dev/null || + useradd -r -g %{project_name} -d /var/lib/%{project_name} -s /sbin/nologin \ + -c "Bitcoin wallet server" %{project_name} +exit 0 + %post server %systemd_post %{project_name}.service @@ -242,19 +280,6 @@ test/functional/test_runner.py --tmpdirprefix `pwd` --extended %postun server %systemd_postun_with_restart %{project_name}.service -%files -%{_bindir}/%{project_name} -%{_libexecdir}/bitcoin-chainstate -%{_libexecdir}/bitcoin-gui -%{_libexecdir}/bitcoin-node -%{_libexecdir}/test_bitcoin -%{_libexecdir}/test_bitcoin-qt -%{_mandir}/man1/bitcoin.1* - -%files -n libbitcoinkernel -%{_libdir}/lib%{project_name}kernel.so.%(echo %{version} | cut -d. -f 1) -%{_libdir}/lib%{project_name}kernel.so.%{version} - %files desktop %license COPYING %doc %{project_name}.conf.example README.gui.redhat README.md SECURITY.md @@ -269,8 +294,6 @@ test/functional/test_runner.py --tmpdirprefix `pwd` --extended %files devel %doc doc/developer-notes.md %{_bindir}/%{project_name}-util -%{_libdir}/pkgconfig/lib%{project_name}kernel.pc -%{_libdir}/lib%{project_name}kernel.so %{_mandir}/man1/%{project_name}-util.1* %files utils @@ -299,11 +322,10 @@ test/functional/test_runner.py --tmpdirprefix `pwd` --extended %config(noreplace) %attr(644,root,root) %{_sysconfdir}/sysconfig/%{project_name} %{_compldir}/%{project_name}d %{_mandir}/man1/%{project_name}d.1* -%{_bindir}/%{project_name}d +%{_sbindir}/%{project_name}d %{_tmpfilesdir}/%{project_name}.conf %{_unitdir}/%{project_name}.service %{_userunitdir}/%{project_name}.service -%{_sysusersdir}/%{name}.conf %changelog %autochangelog diff --git a/bitcoin-offline-pubring.gpg b/bitcoin-offline-pubring.gpg index c104426..3ad550a 100644 Binary files a/bitcoin-offline-pubring.gpg and b/bitcoin-offline-pubring.gpg differ diff --git a/bitcoin-shared.patch b/bitcoin-shared.patch deleted file mode 100644 index 2d76da2..0000000 --- a/bitcoin-shared.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -Naur bitcoin-30.0.old/src/kernel/CMakeLists.txt bitcoin-30.0/src/kernel/CMakeLists.txt ---- bitcoin-30.0.old/src/kernel/CMakeLists.txt 2025-10-16 18:35:05.538795833 +0200 -+++ bitcoin-30.0/src/kernel/CMakeLists.txt 2025-10-16 18:37:54.715894722 +0200 -@@ -124,3 +124,5 @@ - DESTINATION ${CMAKE_INSTALL_LIBDIR} - COMPONENT libbitcoinkernel - ) -+ -+set_target_properties(bitcoinkernel PROPERTIES VERSION ${CLIENT_VERSION_MAJOR}.${CLIENT_VERSION_MINOR} SOVERSION ${CLIENT_VERSION_MAJOR}) diff --git a/bitcoin.service.system b/bitcoin.service.system index 44d109c..003ff32 100644 --- a/bitcoin.service.system +++ b/bitcoin.service.system @@ -4,7 +4,7 @@ Documentation=man:bitcoind(1) After=syslog.target network.target [Service] -ExecStart=/usr/bin/bitcoind -conf=${CONFIG_FILE} -datadir=${DATA_DIR} -pid=${PID_FILE} -debuglogfile=${DEBUG_FILE} $OPTIONS +ExecStart=/usr/sbin/bitcoind -conf=${CONFIG_FILE} -datadir=${DATA_DIR} -pid=${PID_FILE} -debuglogfile=${DEBUG_FILE} $OPTIONS EnvironmentFile=/etc/sysconfig/bitcoin User=bitcoin Group=bitcoin diff --git a/bitcoin.service.user b/bitcoin.service.user index 2abc9fa..4db9378 100644 --- a/bitcoin.service.user +++ b/bitcoin.service.user @@ -3,7 +3,7 @@ Description=Bitcoin daemon Documentation=man:bitcoind(1) [Service] -ExecStart=/usr/bin/bitcoind +ExecStart=/usr/sbin/bitcoind Restart=on-failure TimeoutStopSec=120 diff --git a/bitcoin.sysusers.conf b/bitcoin.sysusers.conf deleted file mode 100644 index 0bd4342..0000000 --- a/bitcoin.sysusers.conf +++ /dev/null @@ -1 +0,0 @@ -u bitcoin - 'Bitcoin wallet server' /var/lib/bitcoin-core - diff --git a/changelog b/changelog index 62b1a76..ee0c629 100644 --- a/changelog +++ b/changelog @@ -1,21 +1,6 @@ * Sun Apr 13 2025 Simone Caronni - 29.0-1 - Update to 29.0. -* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 28.1-6 -- Add sysusers.d config file to allow rpm to create users/groups automatically - -* Fri Feb 07 2025 Simone Caronni - 28.1-5 -- Rebuild for updated dependencies. - -* Tue Jan 28 2025 Simone Caronni - 28.1-4 -- Rebuild for updated dependencies. - -* Tue Jan 28 2025 Simone Caronni - 28.1-3 -- Update for https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin. - -* Thu Jan 16 2025 Fedora Release Engineering - 28.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - * Sat Jan 11 2025 Simone Caronni - 28.1-1 - Update to 28.1. diff --git a/db-4.8.30.NC-configure-c99.patch b/db-4.8.30.NC-configure-c99.patch new file mode 100644 index 0000000..1e2ece2 --- /dev/null +++ b/db-4.8.30.NC-configure-c99.patch @@ -0,0 +1,584 @@ +Berkeley DB 4.8 is currently unmaintained. This is a downstream-only patch: +https://bugzilla.redhat.com/show_bug.cgi?id=2179373 + +diff -Naur db-4.8.30.NC.old/dist/aclocal/clock.m4 db-4.8.30.NC/dist/aclocal/clock.m4 +--- db-4.8.30.NC.old/dist/aclocal/clock.m4 2023-03-16 17:29:41.590391954 +0100 ++++ db-4.8.30.NC/dist/aclocal/clock.m4 2023-03-16 20:25:53.746678514 +0100 +@@ -21,6 +21,8 @@ + AC_CACHE_CHECK([for clock_gettime monotonic clock], db_cv_clock_monotonic, [ + AC_TRY_RUN([ + #include ++#include ++int + main() { + struct timespec t; + return (clock_gettime(CLOCK_MONOTONIC, &t) != 0); +diff -Naur db-4.8.30.NC.old/dist/aclocal/mutex.m4 db-4.8.30.NC/dist/aclocal/mutex.m4 +--- db-4.8.30.NC.old/dist/aclocal/mutex.m4 2023-03-16 17:29:41.591391960 +0100 ++++ db-4.8.30.NC/dist/aclocal/mutex.m4 2023-03-16 20:46:57.039502577 +0100 +@@ -4,6 +4,8 @@ + AC_DEFUN(AM_PTHREADS_SHARED, [ + AC_TRY_RUN([ + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -24,7 +26,8 @@ + pthread_mutexattr_destroy(&mutexattr)); + }], [db_cv_mutex="$1"],, + AC_TRY_LINK([ +-#include ],[ ++#include ++#include ],[ + pthread_cond_t cond; + pthread_mutex_t mutex; + pthread_condattr_t condattr; +@@ -46,6 +49,8 @@ + AC_DEFUN(AM_PTHREADS_PRIVATE, [ + AC_TRY_RUN([ + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -64,7 +69,8 @@ + pthread_mutexattr_destroy(&mutexattr)); + }], [db_cv_mutex="$1"],, + AC_TRY_LINK([ +-#include ],[ ++#include ++#include ],[ + pthread_cond_t cond; + pthread_mutex_t mutex; + pthread_condattr_t condattr; +@@ -158,7 +164,8 @@ + # LWP threads: _lwp_XXX + if test "$db_cv_mutex" = no; then + AC_TRY_LINK([ +- #include ],[ ++ #include ++ #include ],[ + static lwp_mutex_t mi = SHAREDMUTEX; + static lwp_cond_t ci = SHAREDCV; + lwp_mutex_t mutex = mi; +@@ -174,7 +181,8 @@ + LIBS="$LIBS -lthread" + AC_TRY_LINK([ + #include +- #include ],[ ++ #include ++ #include ],[ + mutex_t mutex; + cond_t cond; + int type = USYNC_PROCESS; +@@ -189,7 +197,8 @@ + if test "$db_cv_mutex" = no -o "$db_cv_mutex" = ui_only; then + AC_TRY_LINK([ + #include +- #include ],[ ++ #include ++ #include ],[ + mutex_t mutex; + cond_t cond; + int type = USYNC_PROCESS; +@@ -211,7 +220,8 @@ + # anyway. + # + # x86/gcc: FreeBSD, NetBSD, BSD/OS, Linux +- AC_TRY_COMPILE(,[ ++ AC_TRY_COMPILE([ ++ #include ],[ + #if (defined(i386) || defined(__i386__)) && defined(__GNUC__) + exit(0); + #else +@@ -220,7 +230,8 @@ + ], [db_cv_mutex="$db_cv_mutex/x86/gcc-assembly"]) + + # x86_64/gcc: FreeBSD, NetBSD, BSD/OS, Linux +- AC_TRY_COMPILE(,[ ++ AC_TRY_COMPILE([ ++ #include ],[ + #if (defined(x86_64) || defined(__x86_64__)) && defined(__GNUC__) + exit(0); + #else +@@ -242,7 +253,8 @@ + ], [db_cv_mutex="$db_cv_mutex/Solaris/_lock_try/membar"]) + + # Sparc/gcc: SunOS, Solaris, ultrasparc assembler support +- AC_TRY_COMPILE(,[ ++ AC_TRY_COMPILE([ ++ #include ],[ + #if defined(__sparc__) && defined(__GNUC__) + asm volatile ("membar #StoreStore|#StoreLoad|#LoadStore"); + exit(0); +@@ -280,7 +292,8 @@ + # Try HPPA before general msem test, it needs special alignment. + if test "$db_cv_mutex" = no; then + AC_TRY_LINK([ +-#include ],[ ++#include ++#include ],[ + #if defined(__hppa) + typedef msemaphore tsl_t; + msemaphore x; +@@ -298,7 +311,8 @@ + if test "$db_cv_mutex" = no; then + AC_TRY_LINK([ + #include +-#include ],[ ++#include ++#include ],[ + typedef msemaphore tsl_t; + msemaphore x; + msem_init(&x, 0); +@@ -324,7 +338,8 @@ + + # SCO: UnixWare has threads in libthread, but OpenServer doesn't. + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__USLC__) + exit(0); + #else +@@ -381,7 +396,8 @@ + + # Tru64/cc + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__alpha) && defined(__DECC) + exit(0); + #else +@@ -392,7 +408,8 @@ + + # Alpha/gcc + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__alpha) && defined(__GNUC__) + exit(0); + #else +@@ -403,7 +420,8 @@ + + # ARM/gcc: Linux + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__arm__) && defined(__GNUC__) + exit(0); + #else +@@ -414,7 +432,8 @@ + + # MIPS/gcc: Linux + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if (defined(__mips) || defined(__mips__)) && defined(__GNUC__) + exit(0); + #else +@@ -425,7 +444,8 @@ + + # PaRisc/gcc: HP/UX + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if (defined(__hppa) || defined(__hppa__)) && defined(__GNUC__) + exit(0); + #else +@@ -436,7 +456,8 @@ + + # PPC/gcc: + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if (defined(__powerpc__) || defined(__ppc__)) && defined(__GNUC__) + exit(0); + #else +@@ -447,7 +468,8 @@ + + # 68K/gcc: SunOS + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if (defined(mc68020) || defined(sun3)) && defined(__GNUC__) + exit(0); + #else +@@ -458,7 +480,8 @@ + + # S390/cc: IBM OS/390 Unix + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__MVS__) && defined(__IBMC__) + exit(0); + #else +@@ -469,7 +492,8 @@ + + # S390/gcc: Linux + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__s390__) && defined(__GNUC__) + exit(0); + #else +@@ -480,7 +504,8 @@ + + # ia64/gcc: Linux + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(__ia64) && defined(__GNUC__) + exit(0); + #else +@@ -491,7 +516,8 @@ + + # uts/cc: UTS + if test "$db_cv_mutex" = no; then +-AC_TRY_COMPILE(,[ ++AC_TRY_COMPILE([ ++#include ],[ + #if defined(_UTS) + exit(0); + #else +@@ -812,7 +838,8 @@ + fi + + if test "$db_cv_atomic" = no; then +- AC_TRY_COMPILE(,[ ++ AC_TRY_COMPILE([ ++ #include ],[ + #if ((defined(i386) || defined(__i386__)) && defined(__GNUC__)) + exit(0); + #elif ((defined(x86_64) || defined(__x86_64__)) && defined(__GNUC__)) +@@ -825,7 +852,8 @@ + + if test "$db_cv_atomic" = no; then + AC_TRY_LINK([ +-#include ],[ ++#include ++#include ],[ + volatile unsigned val = 1; + exit (atomic_inc_uint_nv(&val) != 2 || + atomic_dec_uint_nv(&val) != 1 || +diff -Naur db-4.8.30.NC.old/dist/aclocal/sequence.m4 db-4.8.30.NC/dist/aclocal/sequence.m4 +--- db-4.8.30.NC.old/dist/aclocal/sequence.m4 2023-03-16 17:29:41.591391960 +0100 ++++ db-4.8.30.NC/dist/aclocal/sequence.m4 2023-03-16 21:47:07.623110108 +0100 +@@ -43,6 +43,9 @@ + # test, which won't test for the appropriate printf format strings. + if test "$db_cv_build_sequence" = "yes"; then + AC_TRY_RUN([ ++ #include ++ #include ++ int + main() { + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; +@@ -59,7 +62,9 @@ + return (1); + return (0); + }],, [db_cv_build_sequence="no"], +- AC_TRY_LINK(,[ ++ AC_TRY_LINK([ ++ #include ++ #include ],[ + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; + char buf@<:@100@:>@; +diff -Naur db-4.8.30.NC.old/dist/configure db-4.8.30.NC/dist/configure +--- db-4.8.30.NC.old/dist/configure 2023-03-16 17:29:41.587391937 +0100 ++++ db-4.8.30.NC/dist/configure 2023-03-17 15:34:52.507864862 +0100 +@@ -3057,7 +3057,7 @@ + + DB_VERSION_PATCH="30" + +-DB_VERSION_STRING='"Berkeley DB 4.8.30: (April 9, 2010)"' ++DB_VERSION_STRING='"Berkeley DB 4.8.30: (March 17, 2023)"' + + + # Process all options before using them. +@@ -18756,6 +18756,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -18792,6 +18793,8 @@ + /* end confdefs.h. */ + + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -18828,6 +18831,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -18864,6 +18868,8 @@ + /* end confdefs.h. */ + + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -18899,6 +18905,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -18933,6 +18940,8 @@ + /* end confdefs.h. */ + + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -18967,6 +18976,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -19001,6 +19011,8 @@ + /* end confdefs.h. */ + + #include ++#include ++int + main() { + pthread_cond_t cond; + pthread_mutex_t mutex; +@@ -19038,6 +19050,7 @@ + /* end confdefs.h. */ + + #include ++ #include + int + main () + { +@@ -19069,6 +19082,7 @@ + + #include + #include ++ #include + int + main () + { +@@ -19099,6 +19113,7 @@ + + #include + #include ++ #include + int + main () + { +@@ -19136,6 +19151,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include + int + main () + { +@@ -19159,6 +19175,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include + int + main () + { +@@ -19210,6 +19227,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include + int + main () + { +@@ -19277,6 +19295,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -19310,6 +19329,7 @@ + + #include + #include ++#include + int + main () + { +@@ -19366,6 +19386,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19497,6 +19518,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19522,6 +19544,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19547,6 +19570,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19572,6 +19596,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19597,6 +19622,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19622,6 +19648,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19647,6 +19674,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19672,6 +19700,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19697,6 +19726,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19722,6 +19752,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -19747,6 +19778,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + int + main () + { +@@ -20198,6 +20230,7 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include + int + main () + { +@@ -20225,6 +20258,7 @@ + /* end confdefs.h. */ + + #include ++#include + int + main () + { +@@ -20743,6 +20777,8 @@ + /* end confdefs.h. */ + + #include ++#include ++int + main() { + struct timespec t; + return (clock_gettime(CLOCK_MONOTONIC, &t) != 0); +@@ -21600,6 +21636,8 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include ++ #include + int + main () + { +@@ -21634,6 +21672,9 @@ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++ #include ++ #include ++ int + main() { + $db_cv_seq_type l; + unsigned $db_cv_seq_type u; diff --git a/db-4.8.30.NC-format-security.patch b/db-4.8.30.NC-format-security.patch new file mode 100644 index 0000000..0781cbf --- /dev/null +++ b/db-4.8.30.NC-format-security.patch @@ -0,0 +1,42 @@ +diff -Naur db-4.8.30.NC.old/repmgr/repmgr_net.c db-4.8.30.NC/repmgr/repmgr_net.c +--- db-4.8.30.NC.old/repmgr/repmgr_net.c 2021-10-03 10:22:53.391893577 +0200 ++++ db-4.8.30.NC/repmgr/repmgr_net.c 2021-10-03 10:23:03.599070978 +0200 +@@ -1331,7 +1331,7 @@ + } + + ret = net_errno; +- __db_err(env, ret, why); ++ __db_err(env, ret, "%s", why); + clean: if (s != INVALID_SOCKET) + (void)closesocket(s); + return (ret); +diff -Naur db-4.8.30.NC.old/txn/txn.c db-4.8.30.NC/txn/txn.c +--- db-4.8.30.NC.old/txn/txn.c 2021-10-03 10:22:53.445894516 +0200 ++++ db-4.8.30.NC/txn/txn.c 2021-10-03 10:23:03.632071552 +0200 +@@ -113,7 +113,7 @@ + return (ret); + if (parent != NULL && !F_ISSET(parent, TXN_SNAPSHOT) && + LF_ISSET(DB_TXN_SNAPSHOT)) { +- __db_errx(env, ++ __db_errx(env, "%s", + "Child transaction snapshot setting must match parent"); + return (EINVAL); + } +@@ -168,7 +168,7 @@ + + *txnpp = NULL; + if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) { +- __db_errx(env, TxnAlloc); ++ __db_errx(env, "%s", TxnAlloc); + return (ret); + } + +@@ -315,7 +315,7 @@ + int ret; + + if ((ret = __os_calloc(env, 1, sizeof(DB_TXN), &txn)) != 0) { +- __db_errx(env, TxnAlloc); ++ __db_errx(env, "%s", TxnAlloc); + return (ret); + } + diff --git a/sources b/sources index 4680f74..60ad8be 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ -SHA512 (bitcoin-30.2.tar.gz) = 4fcdb70a016f9ad1b44539f19d61d4c9ce06d92f947be156f8d5de29026aa90a17cea8dcd0bd9bf2f7ad959a4b79d851de95a1c0d2ab87862e04c26cf89f493b -SHA512 (SHA256SUMS) = 99df424cfe37197df15c3e12890ba0b3e9fa00d75f4466f36e220d5d9a361c472d140ce9e7e050181e2a41d39f1af6f0c8fe87e1db9bea7a2fc6000b228aed12 -SHA512 (SHA256SUMS.asc) = 1bb28324b7807eaf8bd828039954698cfdbb4ac79ae09a58f84f798ed9da1178ce57459fd7586e51ab514983531045b2a33a28361e4ba302c5527104d0474d53 +SHA512 (bitcoin-29.2.tar.gz) = d858c59029f6256adecd32b26cede3f816d695f8168ddcc1cda2e775f08a90b6f29376d2354020ec8a1264729e06ceb6aa6f86d16e2c3c1a2d8003b4056c8251 +SHA512 (SHA256SUMS) = b1c507992a10fd36a52be83f2dd859551be105d10bf455d8463f0f3a868b8353b6934448bd51fffa5d364bb9e3733b2f0d05721502c670e3dec85d5eedefac66 +SHA512 (SHA256SUMS.asc) = e6e85e75f40d9091e36c80a9a7154dedf62ac363b57e6e24608ef016406c864738a3095057745379d577a10099accdfb05e5f29a109040bd111ca7fb812e1806 +SHA512 (db-4.8.30.NC.tar.gz) = 8d313f1f896e0b0c05cc510c0313324743de3fb660a0bd948c957d5a2d50f1625d8a9a36ec4e6fea09daf1d682dbe1ffccd5c3ec5f066eef72f7525343d0194c