The macos binaries in release v0.14.1.0 were compiled with the buggy
hidapi-0.8.0-rc1 version. This resulted in users not being able to use
their Ledger with the latest cli wallet. After the patch depends now
fetches the source from the libusb hidapi repository that has taken over
maintenance of hidapi.
Before this commit the icu4c repo was fetched from TheCharlatan's
repository. This step was made, because up until recently the source
code was hosted on sourceforge and their downloads proved very
unreliable. The origin is now the official icu4c repository.
Also remove some commented lines left over from development.
To speedup the depends cached builds, remove some some clutter from the package
files. This mainly incldues removing all the shared libraries and .la
linker files. It also gives stronger guarantees that monero only links
the static libs without any external rvalues.
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.
Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.
The above (1.1) is patched in openssl, where it was marked as low severity. Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
Further speedups to icu compilation, it is faster to run the
pre-generated configure scripts.
Ensure that the native protobuf installation only generates the required
libraries and binaries.
Disable qt compilation when running travis on windows. Qt is used for
lrelease, the travis recipe instead usese the a local installation of
lrelease.
Remove various packages and options from the travis recipe.
Update Readline to version 8.0. The previously used url 404'd sometimes,
use the official gnu ftp server instead.
Remove unused cmake config.
This includes more fine grained configure options and skipping the
openssl and zlib dependencies when compiling qt. The zlib and libevent
packages are removed.
- docker protobuf dependencies, cross-compilation
- device/trezor protobuf build fixes, try_compile
- libusb built under all platforms, used by trezor for direct connect
Depends still contained some leftovers, like the `wallet` target that
included bdb from bitcoin. This commit removes these unneeded targets,
the miniupnpc package and the berkeley db package. Reflect the changes
in the README as well.
- webusb transport based on libusb added. Provides direct access to Trezor via USB, no need for Trezor bridge.
- trezor protocol message handler improved, no recursion used. Ready for upcoming integration tests.
- libusb (for docker) bumped from v1.0.9 to v1.0.22, newer version required for webusb transport, for device enumeration.
- cmake improvements and fixes. Cmake Trezor checks are moved to a dedicated CheckTrezor.cmake file. In case of a problem Trezor is excluded from build.
- ifdefs made consistent to Ledger.
- UDP Transport enumeration disabled by default in release mode
The configure script in hidapi and libsodium tried to find clang in /usr/bin,
even though the correct prefix was passed in. This sets the correct CC flag.
This was previously undetected, because clang and the sdk where
installed in the global environment.
This also fixes a subsequent error, where IOKIT and CoreFoundation are
not found, again for the reason stated above.
Clang needs to get its cctools path passed directly for the hid build to
succeed.
Make gperf a permanent external dependency.
Remove pcsc from depends.
Drop miniupnp and unbound depends builds. Make sure that build variables are propageted properly to unbound and miniupnp.
Rebase to after the v0.12 release