update dependency-libs for Gitian builds

[Diapolo]

• Update Boost from 1.50 to 1.53
  -- removes the need to build the Chrono lib
• Update OpenSSL from 1.0.1c to 1.0.1e
  -- fixes for CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166
• Update Qt from 4.8.3 to 4.8.4
• Update libqrencode from 3.2.0 to 3.4.2
  -- Memory leak bug has been fixed and others

Don't merge this yet, this is just to see what pull tester is doing with it :).

Replaces #2108

[Diapolo]

Any comments on this are welcome :).
While I'm on it should I also update or look after zlib, libpng and miniupnpc?

[Diapolo]

Seems libpng also has some security problems in 1.5.9:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386

zlib seems to be safe, but there is also a 1.27.

miniupnpc is up 2 versions:
May 2012 : release of MiniUPnPc-1.7 and MiniUPnPd-1.7. More work on IPv6 and IGDv2. MiniUPnPd now implements WANIPv6FirewallControl.
February 2013 : release of MiniUPnPc-1.8 and MiniUPnPd-1.8. Improvements to UPnP standards compliance, especially when MiniUPnPd is compiled with the UPNP_STRICT config option. For better security, HTTP peer and SSDP source IP are checked to belong to a LAN. It should help to avoid SSDP and SOAP services to be exposed to the internet.

[gavinandresen]

Can one of you please setup a gitian build environment (VirtualBox works nicely now) and test?

[gavinandresen]

Also: it'd be great if we could get people to volunteer to review the changes to our dependencies; after all, it is theoretically possible that somebody could try to slip through a patch in something we depend on intended to compromise bitcoin, since everybody knows our dependencies.

[Diapolo]

@gavinandresen Is there a more recent version of https://github.com/bitcoin/bitcoin/blob/master/contrib/gitian-descriptors/README available or shall I try to use that to setup a Gitian box?

@gavinandresen ping² :)

[BitcoinPullTester]

Automatic sanity-testing: FAILED BUILD/TEST, see http://jenkins.bluematt.me/pull-tester/42895c02a6e0c41890d3d0343d8be2c6bb099864 for binaries and test log.

This could happen for one of several reasons:

1. It chanages paths in makefile.linux-mingw or otherwise changes build scripts in a way that made them incompatible with the automated testing scripts
2. It adds/modifies tests which test network rules (thanks for doing that), which conflicts with a patch applied at test time
3. It does not build on either Linux i386 or Win32 (via MinGW cross compile)
4. The test suite fails on either Linux i386 or Win32
5. The block test-cases failed (lookup the first bNN identifier which failed in https://github.com/TheBlueMatt/test-scripts/blob/master/FullBlockTestGenerator.java)

If you believe this to be in error, please ping BlueMatt on freenode or TheBlueMatt here.

This is an automated test script which runs test cases on each commit every time is updated.
It, however, dies sometimes and fails to test properly, if you are waiting on a test, please check timestamps and if the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/
and contact BlueMatt on freenode if something looks broken.

[luke-jr]

The boost 1.53 update doesn't build: http://luke.dashjr.org/tmp/code/20130412-boost-build.log

[Diapolo]

@luke-jr I have no idea what Error: junk at end of line, first unrecognized character is m'` means, can you help?

[jgarzik]

Closing. Feel free to reopen after verifying that it works across all supported platforms.

[luke-jr]

This will download a file named "download"! When you rebase this, please fix the links to end in the proper filename