Packages updates

.github/workflows/ci.yml

@@ -124,13 +124,13 @@ jobs:
             dep-opts: ""
             config-opts: "--with-gui=qt5 --disable-tests"
             goal: deploy
-            sdk: 10.8
-            sdk-shasum: "709b84adde0fbd1c15de4c9dadb36b3b8c65f9bb7f8a7152f0cf33ab7c3f57af"
+            sdk: 10.11
+            sdk-shasum: "bec9d089ebf2e2dd59b1a811a38ec78ebd5da18cbbcd6ab39d1e59f64ac5033f"
 
     runs-on: ubuntu-22.04
     container:
       image: ${{ matrix.container }}
-      options: ${{ matrix.container-options == '' && '-e 1ARCH=1ARCH' || matrix.container-options }}
+      options: ${{ matrix.container-options == '' && '-e 1ADVC=1ADVC' || matrix.container-options }}
 
     steps:
       - name: Configure container
@@ -181,22 +181,24 @@ jobs:
 
       - name: Install SDK
         if: ${{ matrix.sdk }}
-        shell: bash
         env:
-          SDK_URL: https://github.com/phracker/MacOSX-SDKs/releases/download/10.15
-          sdk-filename: MacOSX${{ matrix.sdk }}.sdk.tar.xz
+          sdk-filename: MacOSX${{ matrix.sdk }}.sdk.tar.gz
         run: |
-          set -euo pipefail
-          mkdir -p ./depends/sdk-sources ./depends/SDKs
-          echo "📦 Downloading macOS SDK ${{ matrix.sdk }} from phracker…"
-          curl -L --fail \
-            "$SDK_URL/${{ env.sdk-filename }}" \
-            -o "depends/sdk-sources/${{ env.sdk-filename }}"
-          echo "🔐 Verifying checksum…"
-          echo "${{ matrix.sdk-shasum }}  depends/sdk-sources/${{ env.sdk-filename }}" | sha256sum -c
-          echo "📂 Extracting SDK…"
-          tar -C depends/SDKs -xf "depends/sdk-sources/${{ env.sdk-filename }}"
-          echo "✅ SDK installed: depends/SDKs/${{ env.sdk-filename }}"
+          mkdir -p depends/sdk-sources
+          mkdir -p depends/SDKs
+
+          cd depends/sdk-sources
+
+          # First check: does NOT include path
+          echo "${{ matrix.sdk-shasum }}  ${{ env.sdk-filename }}" | sha256sum -c || \
+          curl --location --fail "$SDK_URL/${{ env.sdk-filename }}" -o "${{ env.sdk-filename }}"
+
+          # Second check AFTER download
+          echo "${{ matrix.sdk-shasum }}  ${{ env.sdk-filename }}" | sha256sum -c
+
+          cd ../..
+
+          tar -C depends/SDKs -xf depends/sdk-sources/${{ env.sdk-filename }}
 
       - name: Dependency cache
         uses: actions/cache@v4
@@ -206,105 +208,22 @@ jobs:
           path: ./depends/built
           key: ${{ matrix.name }}-${{ env.cache-name }}-${{ hashFiles('depends/packages/*', '.github/workflows/ci.yml') }}
 
-      # # 🧩 Fix macOS LLVM 10.0.0 mirror (Ubuntu 18.04 build from GitHub)
-      # - name: Patch native_cctools.mk to LLVM 10.0.0 (GitHub, Ubuntu 18.04)
-      #   if: matrix.name == 'x86_64-macos'
-      #   shell: bash
-      #   run: |
-      #     set -euo pipefail
-      #     CCTOOLS="depends/packages/native_cctools.mk"
-
-      #     # ✅ LLVM 10.0.0 toolchain info
-      #     LLVM_VER="10.0.0"
-      #     LLVM_FILE="clang+llvm-${LLVM_VER}-x86_64-linux-gnu-ubuntu-18.04.tar.xz"
-      #     LLVM_URL="https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VER}"
-      #     LLVM_SHA="b25f592a0c00686f03e3b7db68ca6dc87418f681f4ead4df4745a01d9be63843"
-
-      #     # ✅ Corrected cctools-port source (GitHub changed archive path!)
-      #     CCTOOLS_VER="master"
-      #     CCTOOLS_URL="https://github.com/tpoechtrager/cctools-port/archive/refs/heads"
-      #     CCTOOLS_FILE="${CCTOOLS_VER}.tar.gz"
-      #     CCTOOLS_SHA="579c46ce16a269f202de4f4118db00bfdef95e3aa251cc79d4726faef9f4dab2"
-
-      #     echo "🧹 Cleaning old LLVM/cctools artifacts..."
-      #     rm -rf depends/work/download/native_cctools* depends/sources/clang*llvm-* || true
-
-      #     echo "⚙️ Patching native_cctools.mk..."
-      #     # --- cctools source ---
-      #     sed -i "s|^\$(package)_version=.*|\$(package)_version=${CCTOOLS_VER}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_download_path=.*|\$(package)_download_path=${CCTOOLS_URL}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_file_name=.*|\$(package)_file_name=${CCTOOLS_FILE}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_sha256_hash=.*|\$(package)_sha256_hash=${CCTOOLS_SHA}|" "${CCTOOLS}"
-
-      #     # --- LLVM toolchain (hard-coded URL + filename to avoid 404) ---
-      #     sed -i "s|^\$(package)_clang_version=.*|\$(package)_clang_version=${LLVM_VER}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_clang_download_path=.*|\$(package)_clang_download_path=${LLVM_URL}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_clang_download_file=.*|\$(package)_clang_download_file=${LLVM_FILE}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_clang_file_name=.*|\$(package)_clang_file_name=${LLVM_FILE}|" "${CCTOOLS}"
-      #     sed -i "s|^\$(package)_clang_sha256_hash=.*|\$(package)_clang_sha256_hash=${LLVM_SHA}|" "${CCTOOLS}"
-
-      #     echo "🔍 Confirming patched fields..."
-      #     grep -E '^\$\(package\)_(version|download_path|file_name|sha256_hash|clang_download_path|clang_file_name|clang_sha256_hash)=' "${CCTOOLS}" || true
-
-      #     echo "📦 Installing LLVM ${LLVM_VER} toolchain..."
-      #     apt-get update -y
-      #     DEBIAN_FRONTEND=noninteractive apt-get install -y \
-      #       clang-10 llvm-10-dev libxml2-dev libedit-dev libncurses5 libtinfo5 \
-      #       libbz2-dev zlib1g-dev lld make patch autoconf automake libtool cmake gawk
-
-      #     update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 100
-      #     update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-10 100
-
-      #     echo "✅ native_cctools.mk patched with correct GitHub refs/heads/master URL and verified LLVM 10.0.0."
-
-      # - name: Patch dsymutil missing issue
-      #   if: matrix.name == 'x86_64-macos'
-      #   shell: bash
-      #   run: |
-      #     set -euo pipefail
-      #     CCTOOLS_DIR="depends/packages/native_cctools.mk"
-
-      #     echo "⚙️ Disabling dsymutil check (not included in LLVM 10.0.0 Linux build)..."
-      #     sed -i '/llvm-dsymutil/d' "$CCTOOLS_DIR"
-
-      #     # Patch staging rule to tolerate missing dsymutil
-      #     find depends/work/build/x86_64-apple-darwin11/ -type f -name "Makefile" -print0 | \
-      #       xargs -0 sed -i '/llvm-dsymutil/d' || true
-
-      #     echo "✅ dsymutil references removed — build will continue without it."
+      - name: Build depends
+        run: make $MAKEJOBS -C depends HOST=${{ matrix.host }} ${{ matrix.dep-opts }}
 
-      # - name: Fix macOS cross build dependencies
-      #   if: matrix.name == 'x86_64-macos'
+      # - name: Build depends
       #   run: |
-      #     apt-get update
-      #     DEBIAN_FRONTEND=noninteractive apt-get install -y \
-      #       clang llvm-dev libxml2-dev libssl-dev libbz2-dev libtinfo5 \
-      #       libncurses5 zlib1g-dev xz-utils cmake patch make bison flex
-
-      # - name: Patch Boost toolset to prevent version clashes
-      #   if: matrix.name == 'x86_64-macos'
-      #   shell: bash
-      #   run: |
-      #     BOOST_MK="depends/packages/boost.mk"
-      #     USERCFG="depends/sources/boost_1_64_0/tools/build/src/user-config.jam"
-      #     mkdir -p "$(dirname $USERCFG)"
-
-      #     echo "🛠 Removing auto-detected darwin toolsets..."
-      #     sed -i 's/toolset=darwin//g' "$BOOST_MK" || true
-
-      #     echo "🛠 Forcing Boost to use ONLY darwin-10.0.0..."
-      #     sed -i 's#./b2 #./b2 toolset=darwin-10.0.0 #g' "$BOOST_MK"
+      #     set +e
+      #     make $MAKEJOBS -C depends HOST=${{ matrix.host }} ${{ matrix.dep-opts }}
+      #     STATUS=$?
 
-      #     echo "using darwin : 10.0.0 : x86_64-apple-darwin11-clang++ ;" >> "$USERCFG"
+      #     echo "==== Attempting to dump util/domd files found so far ===="
+      #     find depends/work -path "*/openssl*/util/domd" -exec sh -c '
+      #       echo "---- {} ----"
+      #       sed -n "1,200p" "{}"
+      #     ' \;
 
-      #     echo "🔍 Verifying Boost config override:"
-      #     grep -n "darwin-10.0.0" "$BOOST_MK" || true
-      #     grep -n "darwin" "$USERCFG" || true
-
-      #     echo "✅ Boost toolset pinned to darwin-10.0.0 (no conflicts)."
-
-      - name: Build depends
-        run: make $MAKEJOBS -C depends HOST=${{ matrix.host }} ${{ matrix.dep-opts }}
+      #     exit $STATUS
 
       - name: CCache
         uses: actions/cache@v4
@@ -321,14 +240,23 @@ jobs:
           chmod +x autogen.sh
           chmod -R +x depends || true
           chmod +x share/genbuild.sh
+
           SHORT_COMMIT=$(echo "$GIT_COMMIT_ID" | cut -c1-7)
           depends/${{ matrix.host }}/native/bin/ccache --max-size=$CCACHE_SIZE
+
           ./autogen.sh
           chmod +x configure || true
-          ./configure --prefix=`pwd`/depends/${{ matrix.host }} ${{ matrix.config-opts }} --enable-reduce-exports \
-            CFLAGS="-std=c++17 -DGIT_COMMIT_ID=\\\"$SHORT_COMMIT\\\"" \
-            CXXFLAGS="-std=c++17 -DGIT_COMMIT_ID=\\\"$SHORT_COMMIT\\\"" || ( cat config.log && false)
-          make $MAKEJOBS ${{ matrix.goal }} CXXFLAGS="-std=c++17" || (echo "Build failure. Verbose build follows." && make ${{ matrix.goal }} CXXFLAGS="-std=c++17" V=1 ; false)
+
+          ./configure --prefix=`pwd`/depends/${{ matrix.host }} \
+            ${{ matrix.config-opts }} \
+            --enable-reduce-exports \
+            CFLAGS="-pipe -O2 -DGIT_COMMIT_ID=\\\"$SHORT_COMMIT\\\"" \
+            CXXFLAGS="-std=c++17 -pipe -O2 -DGIT_COMMIT_ID=\\\"$SHORT_COMMIT\\\"" \
+            || (cat config.log && false)
+
+          make $MAKEJOBS ${{ matrix.goal }} \
+            CXXFLAGS="-std=c++17" \
+            || (echo "Build failure. Verbose build follows." && make ${{ matrix.goal }} CXXFLAGS="-std=c++17" V=1 ; false)
 
       - name: Run benchmark
         if: ${{ matrix.run-bench }}

.gitignore

@@ -61,7 +61,6 @@ src/qt/bitcoin-qt.includes
 *.pyc
 *.o
 *.o-*
-*.patch
 *.a
 *.pb.cc
 *.pb.h

configure.ac

@@ -3,7 +3,7 @@ AC_PREREQ([2.60])
 define(_CLIENT_VERSION_MAJOR, 5)
 define(_CLIENT_VERSION_MINOR, 0)
 define(_CLIENT_VERSION_REVISION, 0)
-define(_CLIENT_VERSION_BUILD, 2)
+define(_CLIENT_VERSION_BUILD, 3)
 define(_CLIENT_VERSION_IS_RELEASE, true)
 define(_COPYRIGHT_YEAR, 2025)
 define(_COPYRIGHT_HOLDERS,[The %s developers])

contrib/devtools/security-check.py

@@ -177,13 +177,29 @@ def check_PE_NX(executable):
 ]
 }
 
-def identify_executable(executable):
+def identify_executable(filename):
     with open(filename, 'rb') as f:
         magic = f.read(4)
+
+    # Windows PE
     if magic.startswith(b'MZ'):
         return 'PE'
-    elif magic.startswith(b'\x7fELF'):
+
+    # Linux ELF
+    if magic.startswith(b'\x7fELF'):
         return 'ELF'
+
+    # macOS Mach-O (32/64-bit, swapped and unswapped)
+    MACHO_MAGICS = [
+        b'\xfe\xed\xfa\xce', # 32-bit Mach-O
+        b'\xce\xfa\xed\xfe', # 32-bit reverse byte order
+        b'\xfe\xed\xfa\xcf', # 64-bit Mach-O
+        b'\xcf\xfa\xed\xfe', # 64-bit reverse byte order
+    ]
+
+    if magic in MACHO_MAGICS:
+        return 'MACHO'   # <- added type
+
     return None
 
 if __name__ == '__main__':
@@ -196,6 +212,11 @@ def identify_executable(executable):
                 retval = 1
                 continue
 
+            # Skip Mach-O (macOS)
+            if etype == 'MACHO':
+                print('%s: skipping macOS Mach-O binary (no checks available)' % filename)
+                continue
+
             failed = []
             warning = []
             for (name, func) in CHECKS[etype]:

depends/packages/boost.mk

@@ -7,59 +7,65 @@ $(package)_sha256_hash=83bfc1507731a0906e387fc28b7ef5417d591429e51e788417fe9ff02
 define $(package)_set_vars
 $(package)_config_opts_release=variant=release
 $(package)_config_opts_debug=variant=debug
+
+# Common Boost build configuration
 $(package)_config_opts=--layout=tagged --build-type=complete --user-config=user-config.jam
 $(package)_config_opts+=threading=multi link=static -sNO_BZIP2=1 -sNO_ZLIB=1
 
+# Linux native build
 $(package)_config_opts_linux=threadapi=pthread runtime-link=shared
 
-# IMPORTANT: macOS now forced to GCC toolset
+# IMPORTANT: macOS must NOT use darwin toolset!
+# Boost darwin toolset is incompatible with Linux cross-compile.
 $(package)_config_opts_darwin=--toolset=gcc runtime-link=shared
 
+# Windows builds
 $(package)_config_opts_mingw32=binary-format=pe target-os=windows threadapi=win32 runtime-link=static
-
 $(package)_config_opts_x86_64_mingw32=address-model=64
 $(package)_config_opts_i686_mingw32=address-model=32
+
+# 32-bit Linux
 $(package)_config_opts_i686_linux=address-model=32 architecture=x86
 
+# Boost toolset assignments
 $(package)_toolset_$(host_os)=gcc
 $(package)_archiver_$(host_os)=$($(package)_ar)
 
-# These stay defined but DO NOT get used anymore
+# Mac fallback variables (not used but required to exist)
 $(package)_toolset_darwin=gcc
 $(package)_archiver_darwin=$($(package)_ar)
 
 boost_toolset_darwin=$($(package)_toolset_darwin)
 boost_archiver_darwin=$($(package)_archiver_darwin)
 
-$(package)_config_libraries=chrono,filesystem,program_options,system,thread
+$(package)_config_libraries=chrono,filesystem,program_options,system,thread,test
 
 $(package)_cxxflags=-std=c++11 -fvisibility=hidden
 $(package)_cxxflags_linux=-fPIC
 endef
 
-# ==================================================================
-# PREPROCESS: FORCE GCC TOOLSET FOR MACOS + EVERY OTHER HOST
-# macOS cross compile will use gcc toolset with g++ invocation
-# This avoids Boost's broken "darwin" toolset and missing libtool.
-# ==================================================================
+# ==========================================================
+# PREPROCESS: Create Boost user-config.jam
+# IMPORTANT: Always use 'gcc' toolset but inject Clang compiler
+# ==========================================================
 define $(package)_preprocess_cmds
   echo "using gcc : : $($(package)_cxx) \
-    : <cxxflags>\"$($(package)_cxxflags) $($(package)_cppflags)\" \
-      <linkflags>\"$($(package)_ldflags)\" \
-      <archiver>\"$($(package)_ar)\" \
-      <ranlib>\"$(host_RANLIB)\" \
-      <striper>\"$(host_STRIP)\" \
-    ;" > user-config.jam
+      : <cxxflags>\"$($(package)_cxxflags) $($(package)_cppflags)\" \
+        <linkflags>\"$($(package)_ldflags)\" \
+        <archiver>\"$($(package)_ar)\" \
+        <ranlib>\"$(host_RANLIB)\" \
+        <striper>\"$(host_STRIP)\" \
+      ;" > user-config.jam
 endef
 
 define $(package)_config_cmds
   ./bootstrap.sh --without-icu --with-libraries=$(boost_config_libraries)
 endef
 
 define $(package)_build_cmds
-  ./b2 -d2 -j2 -d1 --prefix=$($(package)_staging_prefix_dir) $($(package)_config_opts) stage
+  ./b2 -d2 -j2 --prefix=$($(package)_staging_prefix_dir) $($(package)_config_opts) stage
 endef
 
 define $(package)_stage_cmds
-  ./b2 -d0 -j4 --prefix=$($(package)_staging_prefix_dir) $($(package)_config_opts) install
+  ./b2 -d0 -j2 --prefix=$($(package)_staging_prefix_dir) $($(package)_config_opts) install
 endef