V1.0.0 rc1 gitian
Removes indeterminism from gitian builds: underlying processor instruction set variant of x86_64 was being detected by the libgmp autoconf process, which caused differences in libgmp and libsnark
bdb 6.X was released under the AGPL, which is incompatible with MIT-licensed
software (the result must be licensed under AGPL). bdb 5.X uses the same license
as bdb 4.8, and thus retains the same compatibility as in upstream Bitcoin.
Thanks to Luke-Jr for raising this issue.
These flags are potentially risky, because they require that the app explicitly
initialize stuff that it wouldn't otherwise need to initialize, and we don't
have time for the necessary review.
Some specifics on consensus changes:
* Transactions must be anchored to a real anchor in the chain.
* Anchors are pushed and popped during ConnectBlock/DisconnectBlock as appropriate.
* DisconnectTip triggers evictions, under some circumstances, of transactions in the
mempool which are anchored to roots that are no longer valid.
* Commitments append to the tree at the current best root during ConnectBlock.
This passes `-Wa,--noexecstack` to the assembler when building
platform-specific assembly files, to signal that a non-executable stack
can be used. This is the same approach as used by Debian
(see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430583)
Rebased-From: bfcdc21a5da25ec1aa4aecc4cd8960dfa1c11781
Github-Pull: #6852
This version of miniupnpc fixes a buffer overflow in the XML (ugh)
parser during initial network discovery.
http://talosintel.com/reports/TALOS-2015-0035/
The commit fixing the vulnerability is:
79cca974a4
Reported by timothy on IRC.
Github-Pull: 6789
Rebased-From: 0cca0248f030ea32bd8de778b5a2782e0d191978
Boost assumes variadic templates are always available in GCC 4.4+, but
they aren't since we don't build with -std=c++11.
This applies the patch that fixed the issue in boost 1.57:
eec8085549
See also: https://svn.boost.org/trac/boost/ticket/10500
Github-Pull: #6280
Rebased-From: b19a88b2a0e7bd9ef603055bc8e1ef058673025d
In some cases (Travis), sources and build caches may be moved around in-between
builds, and we can't necessarily trust that everything is still intact.
This introduces pre-build checks that verify against stashed checksums.
Note that this will cause all sources to be re-downloaded, since cached sources
weren't trustworthy before this.
