From 0a6283b1ef1557e183f98a523a853221ed33feff Mon Sep 17 00:00:00 2001 From: SomberNight Date: Wed, 10 Jan 2024 16:38:09 +0000 Subject: [PATCH 1/3] build: bump zbar version in win/mac/android builds - new version (0.23.93) fixes a security issue https://github.com/mchehab/zbar/blob/bb05ec54eec57f8397cb13fb9161372a281a1219/ChangeLog#L5 --- contrib/android/Dockerfile | 1 + contrib/android/p4a_recipes/libzbar/__init__.py | 6 ++++-- contrib/make_zbar.sh | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile index 03a7b5db7..50d0793c2 100644 --- a/contrib/android/Dockerfile +++ b/contrib/android/Dockerfile @@ -127,6 +127,7 @@ RUN apt -y update -qq \ build-essential \ ccache \ autoconf \ + autopoint \ libtool \ pkg-config \ zlib1g-dev \ diff --git a/contrib/android/p4a_recipes/libzbar/__init__.py b/contrib/android/p4a_recipes/libzbar/__init__.py index 531ed598f..2a8fb9b23 100644 --- a/contrib/android/p4a_recipes/libzbar/__init__.py +++ b/contrib/android/p4a_recipes/libzbar/__init__.py @@ -6,13 +6,15 @@ from pythonforandroid.util import load_source util = load_source('util', os.path.join(os.path.dirname(os.path.dirname(__file__)), 'util.py')) -assert LibZBarRecipe._version == "0.10" assert LibZBarRecipe.depends == ['libiconv'] assert LibZBarRecipe.python_depends == [] class LibZBarRecipePinned(util.InheritedRecipeMixin, LibZBarRecipe): - sha512sum = "d624f8ab114bf59c62e364f8b3e334bece48f5c11654739d810ed2b8553b8390a70763b0ae12d83c1472cfeda5d9e1a0b7c9c60228a79bf9f5a6fae4a9f7ccb9" + version = "bb05ec54eec57f8397cb13fb9161372a281a1219" + url = "https://github.com/mchehab/zbar/archive/{version}.zip" + sha512sum = "186312ef0a50404efef79a5fbed34534569fab2873a6bb6d2e3d8ea64fa461c5537ca4fb0e659670d72b021e514f8fd4651b1e85954bf987015d8eb2e6f68375" + patches = [] # werror.patch not needed for modern zbar recipe = LibZBarRecipePinned() diff --git a/contrib/make_zbar.sh b/contrib/make_zbar.sh index 0ea201510..e4cd1845a 100755 --- a/contrib/make_zbar.sh +++ b/contrib/make_zbar.sh @@ -10,7 +10,8 @@ # Or for a Windows x86_64 (64-bit) target, run: # $ GCC_TRIPLET_HOST="x86_64-w64-mingw32" BUILD_TYPE="wine" ./contrib/make_zbar.sh -ZBAR_VERSION="aac86d5f08d64ab4c3da78188eb622fa3cb07182" +ZBAR_VERSION="bb05ec54eec57f8397cb13fb9161372a281a1219" +# ^ tag 0.23.93 set -e From 5369be66da6bdfba9594f9da3a0bdc9618b9ec75 Mon Sep 17 00:00:00 2001 From: SomberNight Date: Wed, 10 Jan 2024 19:06:32 +0000 Subject: [PATCH 2/3] appimage build: build zbar ourselves to be able to package new version, which has security fixes --- contrib/build-linux/appimage/Dockerfile | 4 +++- contrib/build-linux/appimage/make_appimage.sh | 13 +++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/contrib/build-linux/appimage/Dockerfile b/contrib/build-linux/appimage/Dockerfile index c93f73513..30cfd0fb6 100644 --- a/contrib/build-linux/appimage/Dockerfile +++ b/contrib/build-linux/appimage/Dockerfile @@ -41,7 +41,6 @@ RUN apt-get update -q && \ libudev-dev \ libudev1 \ gettext \ - libzbar0 \ libdbus-1-3 \ xutils-dev \ libxkbcommon0 \ @@ -65,6 +64,9 @@ RUN apt-get update -q && \ libc6-dev \ libc6 \ libc-dev-bin \ + libv4l-dev \ + libjpeg62-turbo-dev \ + libx11-dev \ && \ rm -rf /var/lib/apt/lists/* && \ apt-get autoremove -y && \ diff --git a/contrib/build-linux/appimage/make_appimage.sh b/contrib/build-linux/appimage/make_appimage.sh index 1244e64c4..37034d6d1 100755 --- a/contrib/build-linux/appimage/make_appimage.sh +++ b/contrib/build-linux/appimage/make_appimage.sh @@ -87,6 +87,15 @@ fi cp -f "$DLL_TARGET_DIR"/libsecp256k1.so.* "$APPDIR/usr/lib/" || fail "Could not copy libsecp to its destination" +if [ -f "$DLL_TARGET_DIR/libzbar.so.0" ]; then + info "libzbar already built, skipping" +else + # note: could instead just use the libzbar0 pkg from debian/apt, but that is too old and missing fixes for CVE-2023-40889 + "$CONTRIB"/make_zbar.sh || fail "Could not build zbar" +fi +cp -f "$DLL_TARGET_DIR/libzbar.so.0" "$APPDIR/usr/lib/" || fail "Could not copy libzbar to its destination" + + # note: libxcb-util1 is not available in debian 10 (buster), only libxcb-util0. So we build it ourselves. # This pkg is needed on some distros for Qt to launch. (see #8011) info "building libxcb-util1." @@ -176,10 +185,6 @@ info "installing electrum and its dependencies." "$python" -m pip uninstall -y Cython -info "copying zbar" -cp "/usr/lib/x86_64-linux-gnu/libzbar.so.0" "$APPDIR/usr/lib/libzbar.so.0" - - info "desktop integration." cp "$PROJECT_ROOT/electrum.desktop" "$APPDIR/electrum.desktop" cp "$PROJECT_ROOT/electrum/gui/icons/electrum.png" "$APPDIR/electrum.png" From 11764f9a792753e210e24d03077f41fe4e3a9b03 Mon Sep 17 00:00:00 2001 From: SomberNight Date: Wed, 10 Jan 2024 20:39:01 +0000 Subject: [PATCH 3/3] android build: make apt less quiet, for more feedback about progress --- contrib/android/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile index 50d0793c2..fdc6154d6 100644 --- a/contrib/android/Dockerfile +++ b/contrib/android/Dockerfile @@ -108,8 +108,8 @@ RUN curl --location --progress-bar \ # install system/build dependencies # https://github.com/kivy/buildozer/blob/master/docs/source/installation.rst#android-on-ubuntu-2004-64bit -RUN apt -y update -qq \ - && apt -y install -qq --no-install-recommends --allow-downgrades \ +RUN apt -y update -q \ + && apt -y install -q --no-install-recommends --allow-downgrades \ python3 \ python3-dev \ python3-pip \