Commit Graph

1907 Commits

Author SHA1 Message Date
Nick Hainke
23a456aef1 expat: update to 2.5.0
Fixes CVE-2022-43680.

Changes:
https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-31 21:27:48 +01:00
Daniel Golle
e3706bf497
tools/mkimage: bring back removed patches
Patches for mtk_image supporting newer SoCs have been dropped in the
process of updating mkimage to U-Boot 2022.10. While it is true that
the patches have been merged upstream a while ago, they were not merged
in time to be part of the U-Boot 2022.10 release.
See also commit 537b423d9f ("uboot-mediatek: update to U-Boot 2022.10")
which explicitly mentions that.

Fixes: 6e245777bd ("tools/mkimage: update to 2022.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-10-23 16:29:59 +01:00
Hauke Mehrtens
2c603ecb55 tools/genext2fs: Add dependency to libtool
This fixes the following build error:
  ./autogen.sh: line 13: aclocal: command not found

Fixes: b6d29af947 ("tools/genext2fs: update to 1.5.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-23 01:45:52 +02:00
Nick Hainke
b6d29af947 tools/genext2fs: update to 1.5.0
Update to latest version.

Remove patches:
- 100-c99_scanf.patch
- 200-autoconf.patch
- 300-blocksize-creator.patch
- 400-byteswap_fix.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:53:24 +02:00
Nick Hainke
f21394c4d1 tools/genext2fs: switch to codeload.github.com
As written on the genext2fs.sourceforge.net page:
"If you want bugfixes and nicer features though, you will have to grab
the source from github and build it yourself."

This commit switches the download from sourceforge to
codeload.github.com.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:53:24 +02:00
Nick Hainke
7179b06898 tools/dwarves: update to 1.24
Release Notes:
https://lwn.net/Articles/905738/

Switch to https "fedorapeople.org"-mirror. Use $(AUTORELEASE).

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:53:24 +02:00
Nick Hainke
d213f27339 tools/bash: update to 5.2
Release Notes:
https://lists.gnu.org/archive/html/bug-bash/2022-09/msg00056.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:53:24 +02:00
Nick Hainke
d1386dd32a tools/zlib: update to 1.2.13
Switch to "https github.com" for downloading source files.

Release Announcements:
https://github.com/madler/zlib/releases/tag/v1.2.13

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:53:24 +02:00
Nick Hainke
a8bbce498e tools/bc: update to 1.07.1
Changes:
  Fixed ibase extension causing problems for read()
  Fixed parallel make problem.

Remove the "003-bc-fix-hang.patch" because the hang is fixed upstream.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:37 +02:00
Nick Hainke
1699ace3a4 tools/mtools: update to 4.0.41
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00011.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:37 +02:00
Nick Hainke
ef51c0150a tools/xz: update to 5.2.7
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:37 +02:00
Nick Hainke
6e245777bd tools/mkimage: update to 2022.10
Remove upstreamed patches:
- 020-tools-mtk_image-split-gfh-header-verification-into-a.patch
- 021-tools-mtk_image-split-the-code-of-generating-NAND-he.patch
- 022-tools-mtk_image-add-support-for-nand-headers-used-by.patch

Refreshed manually:
- 030-allow-to-use-different-magic.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:36 +02:00
Rosen Penev
3268f7b9fa
tools: remove implicit dependencies
Small cleanup.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-10-20 00:33:25 +02:00
Rosen Penev
a63805b25f
tools: add Host/Uninstall where possible
This cleans staging_dir when calling tool/x/clean.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-10-20 00:33:22 +02:00
Daniel Cousens
3bd04767ba
build: prefer HTTPS if available (for packages)
Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq,
fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl,
lua, lua5.3, tcpdump and valgrind, to HTTPS

Signed-off-by: Daniel Cousens <github@dcousens.com>
2022-10-05 17:37:07 +02:00
Nick Hainke
39c8beae32 tools/cmake: update to 3.24.2
Release Notes:
https://www.kitware.com/cmake-3-24-2-is-available-for-download/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:21:55 +02:00
Nick Hainke
107f82292b tools/expat: switch to tar.xz to save bandwidth
The tar.xz download is a bit smaller. Use this download to save traffic.

Suggested-by: hardfalcon
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Nick Hainke
1b3a524e1d tools/expat: update to 2.4.9
Fixes CVE-2022-40674.

Release Notes:
https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Rosen Penev
875e17774b tools/meson: backport WSL2 fix
For some reason, Microsoft's Plan9 driver returns IOError on missing
file.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-10-02 16:05:32 +02:00
Christian Marangi
ebabdff401
tools: add option BUILD_ALL_HOST_TOOLS to compile all host tools
Add option to compile all host tools even if not needed.
This can be useful to prepare a universal precompiled host tools
archive to use in another buildroot and speedup compilation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:26:54 +02:00
Rosen Penev
0e3d51ccae tools/cmake: fix compilation with host libzstd-dev
cmake's find_package looks at host paths first for some reason. Switch
to using pkgconfig for the search, matching other modules.

Fixes: 3848cf458e ("tools/cmake: Build without some included libs")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-30 13:12:42 -07:00
Rosen Penev
3848cf458e
tools/cmake: Build without some included libs
Saves a little bit of time when compiling cmake.

Added patches to fix searching liblzma and zlib. The issue is that
because pkgconfig is not used, the system libraries get used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:17 +02:00
Rosen Penev
89df3589e6
tools/expat: build with autotools again
Allows to set expat as a dependency to cmake and save on compilation
time.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:17 +02:00
Rosen Penev
d602e7a969
tools/zlib: switch to configure script
A future commit will make tools/cmake use this.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:13 +02:00
Rosen Penev
b71affaf8b tools: fix firmware-utils depends
When firmware-utils was converted to use cmake, the dependency was not
updated.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-27 15:35:41 -07:00
Christian Marangi
6e90cb60e4
Revert "tools/zstd: build libraries as static"
This reverts commit e3989094b8.
Require more testing as it does cause compilation error.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-27 23:17:51 +02:00
Rosen Penev
e3989094b8
tools/zstd: build libraries as static
Enables to get rid of rpath hack for all users.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-27 21:28:49 +02:00
Nick Hainke
83ea2e11b4
ccache: update to 4.6.3
Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_3

Refresh patch:
- 100-honour-copts.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-27 18:22:31 +02:00
Nick Hainke
ac61cf596c
tools/ccache: update to 4.6.2
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_2

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-27 18:22:30 +02:00
Nick Hainke
2e87e24e43
tools/ccache: update to 4.6.1
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_1

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-27 18:22:27 +02:00
Michael Pratt
1e726ba015 tools/cmake: fix download url with make variables
Use a make variable pattern for the url
so that only one version number needs to be changed
when version is bumped.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-19 17:30:16 -04:00
Ilya Katsnelson
21dfd7289b
tools/bc: use more compatible shebang
Update the existing patch to use a shebang that works on systems that
don't have a /bin/bash, e.g. NixOS or GuixSD.

Signed-off-by: Ilya Katsnelson <me@0upti.me>
2022-09-14 00:06:15 +02:00
Daniel Golle
b4d8114770 firmware-utils: update to git HEAD
0c92b20 iptime-crc32: add support for A6004MX

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 01:43:49 +01:00
Hauke Mehrtens
600741bf2e firmware-utils: update to git HEAD
71e1db6 tplink-safeloader: add TP-Link Deco S4 v2 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-11 21:54:00 +02:00
Daniel Golle
a99707d14c Revert "tools/meson: update to 0.63.1"
This reverts commit da95084d34.
It was pulled by accident.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-07 04:47:04 +01:00
Nick Hainke
8ad03a2cd7 tools/llvm: update to 14.0.6
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:40 +01:00
Nick Hainke
da95084d34 tools/meson: update to 0.63.1
Release Notes:
- 0.62.0 https://mesonbuild.com/Release-notes-for-0-62-0.html
- 0.63.0 https://mesonbuild.com/Release-notes-for-0-63-0.html
- (other notes are not available)

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:40 +01:00
Nick Hainke
f94b67d893 tools/fakeroot: update to 1.29
Release Notes:
8dd9e34a2e

Refresh patches:
- 400-alpine-libc.musl-fix.patch
- 600-macOS.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:40 +01:00
Nick Hainke
46dc7e63c4 tools/expat: update to 2.4.8
Release Notes:
https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Nick Hainke
7b8f2dc6ec tools/bc: update to 1.07
Update to latest version. Replace mirror with @GNU/bc.

Manually refresh:
- 001-no_doc.patch

Add patch found here:
26f275502d
as 002-fix-libmath.patch to fix compilation.

Add another patch found here:
55b26eda94
as 003-bc-fix-hang.patch to prevent a hang when building the kernel.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Nick Hainke
534e72ea0f tools/pkgconf: update to 1.9.3
Release Notes:
https://github.com/pkgconf/pkgconf/blob/pkgconf-1.9.3/NEWS

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Nick Hainke
e12504a4d0 tools/cmake: refresh patches
Previous commit forgot to refresh the patches.
This commit refreshes the patches:
- 120-curl-fix-libressl-linking.patch
- 130-bootstrap_parallel_make_flag.patch

Fixes: 3b2f19271c ("tools/cmake: update to 3.24.1")

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Nick Hainke
3f6d66d984 tools/bc: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:35:02 +01:00
Petr Štetiar
88c9056a70 tools: remove xxd package
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Daniel Golle
8686a9a085 tools: mkimage: Add support for MediaTek MT798x
Import pending patches for mtk_image to support BootROM headers of
newer MediaTek SoCs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 19:01:55 +01:00
Nick Hainke
3b2f19271c tools/cmake: update to 3.24.1
Update cmake to newest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-20 23:26:36 +02:00
Nick Hainke
ce3e467d61 tools/isl: update to 0.25
Update isl to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-20 23:25:52 +02:00
Nick Hainke
20f8101a26 tools/xz: update to 5.2.6
This update contains a security fix to xzgrep (CVE-2022-1271,
ZDI-CAN-16587). Release notes:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-20 23:25:32 +02:00
Hauke Mehrtens
67efb6a661 tools: mtd-utils: Update to version 2.1.4
Update to most recent version of mtd-utils and sync with version from
package folder.

Use a https download server instead of ftp.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-13 14:05:29 +02:00
Hauke Mehrtens
3efe595df9 tools: elfutils: Update to version 0.187
Update to most recent version of elfutils and sync with version from
package folder.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-13 14:05:29 +02:00
Hauke Mehrtens
d73e11b9c8 tools: e2fsprogs: Update to version 1.46.5
Update to most recent version of e2fsprogs and sync with version from
package folder.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-13 14:05:29 +02:00
Daniel Golle
68cd4dc3ed mkimage: fix validation of legacy images with custom magic
All images generated by mkimage are now always validated.
This change broke our downstream support for setting a custom value for
IH_MAGIC (mkimage -M ...). Make sure also plain legacy kernel images
with custom value set for IH_MAGIC validate correctly.

Fixes: fa9895ee5b ("tools: mkimage: update to U-Boot release 2022.07")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-12 12:02:41 +02:00
Daniel Golle
fa9895ee5b tools: mkimage: update to U-Boot release 2022.07
Removed patch 090-macos-arm64-builing-fix.patch as an equivalent
solution was applied upstream:
 3b142045e8 Support building on macOS/arm64

To not add new host dependencies (libuuid, gnuTLS) don't build the
anyway unused mkeficapsule tool which would otherwise now be built
by default.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-11 17:11:54 +02:00
Leonardo Mörlein
37c0d15a8e pkg-config: always use correct path for pkg-config.real
Before this commit, it was assumed that pkg-config.real is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. The command failed with

    Makefile:15: *** No libnl-tiny development libraries found!.  Stop.
    make[1]: Leaving directory

since pkg-config of the host system was used.

After the commit, the package is built sucessfully.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2022-08-11 12:47:31 +02:00
Michael Pratt
7012f2e18f tools/libressl: disable assembly code for all hosts
This SSL library is for hosts only
and not shipped as a build product,
therefore its performance quality (speed) is not critical.

Assembly code is broken in LibreSSL for some x86_64 hosts (part of git history)
and for some RISC host archs like armv7l, aarch64, powerpc, ppc64, etc...
so let's just disable it for all hosts.

For example, this fixes an instance on ARM hosts
where the host Python 3 builds broken modules which link to LibreSSL,
even with patches that enable LibreSSL support
with the import error "unexpected reloc type 3".

Ref: a395563f6 ("build: fix libressl build on x32 (amd64ilp32) host ")
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-07-31 18:46:23 +02:00
Michael Pratt
b2e2deeb8d tools/libressl: ensure PIC-only object compilation
Line up configure arguments for cleaner git diff and editing and grepping.

LibreSSL must be built with PIC, and has the flags for it already in CFLAGS.
Add the configure option native to LibreSSL to use only PIC in objects,
which further enforces that each object in the library has the PIC flag
to prevent a mixture of PIC / non-PIC objects within it.

Ref: 96a940308 ("tools: libressl: always build as PIC")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-07-31 18:46:23 +02:00
Sander Vanheule
1011904199 tools: bump 7z package to 22.01
Version 22.00 of 7z causes build failures on systems using GCC 12 with
the following error:

    ../../../../C/LzmaEnc.c: In function 'LzmaEnc_CodeOneMemBlock':
    ../../../../C/LzmaEnc.c:2996:19: error: storing the address of local
    variable 'outStream' in '*p.rc.outStream' [-Werror=dangling-pointer=]
     2996 |   p->rc.outStream = &outStream.vt;
          |   ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
    ../../../../C/LzmaEnc.c:2979:28: note: 'outStream' declared here
     2979 |   CLzmaEnc_SeqOutStreamBuf outStream;
          |                            ^~~~~~~~~
    ../../../../C/LzmaEnc.c:2979:28: note: 'pp' declared here

Upgrade to version 22.01 which contains the required fix.

Fixes: 5fcc6f0f19 ("tools: add 7z host package")
Suggested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-07-31 15:29:39 +02:00
Nick Hainke
4538638022 mtools: update to 4.0.40
Changes:
- Remove libbsd dependency
- Better compatibility with legacy platforms such as AT&T UnixPC
- Upgraded to autoconf 2.71

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-30 23:50:44 +02:00
Daniel Golle
aeaa02afac firmware-utils: update to git HEAD
4f8d03d mkh3cimg: add image tool for H3C devices
 2483fe7 mkh3cvfs: add filesystem tool for H3C devices

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-07-28 16:44:50 +02:00
Jan Hoffmann
5fcc6f0f19 tools: add 7z host package
Add the 7zr command line tool, which is a version of the 7z application
that only supports 7z archives.

7z is one of the two compression formats supported in H3C firmware
images (the alternative would be ARJ).

(Alternatively, the 7zr command line tool could also be built from a
current version of the public-domain LZMA SDK. That would require
repackaging the source package, as it is only provided in 7z format.)

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2022-07-28 14:08:56 +02:00
Andre Heider
5451b03b7c tools/libressl: bump to v3.5.3
This includes API additions required for u-boot v2022.07 and Python 3.10.

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-07-20 13:02:57 +02:00
Leonardo Mörlein
ffd9bd7b9b
automake: always use correct path for aclocal.real
Before this commit, it was assumed that aclocal.real is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. The command failed with:

    /home/.../openwrt/staging_dir/host/bin/aclocal: line 2: aclocal.real: command not found
    autoreconf: /home/.../openwrt/staging_dir/host/bin/aclocal failed with exit status: 127

After the commit, the package is built sucessfully.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2022-07-14 12:57:12 +02:00
Felix Fietkau
9dc86d1962 tools/coreutils: enable ginstall utility
For some reason, current coreutils version installed on x86 macOS via homebrew
have a bug, where at least the cc1 binary from gcc gets corrupted during install
to the staging dir.
Using the install utility from tools/coreutils fixes this

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-07-13 17:57:34 +02:00
Sander Vanheule
6445415809 firmware-utils: bump to git HEAD
The support-list partition for the EAP225-V3 board ID became larger than
the allocated size, resulting in factory image generation for the
EAP225-Outdoor v3 and EAP225 v3 to fail. The make directive
Build/tplink-safeloader ignores this failure however, resulting in a
seemingly successful build with empty factory images.

Included changes:
    e609c5d75186 tplink-safeloader: drop unqualified EAP225-V3 IDs

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-27 21:56:20 +02:00
Rosen Penev
d60cfa5a9e tools/meson: update to 0.61.5
Mostly backports by a Red Hat employee as 0.62 and newer demands Python
3.7+. Same reason 0.61 is kept here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-06-27 00:57:15 +02:00
Sander Vanheule
326e109f24 firmware-utils: bump to git HEAD
Fixes the safeloader model identifiers for EAP225-Outdoor v1/v3 devices.

1e3d47292b2e tplink-safeloader: fix EAP225-Outdoor model IDs
9563fe8e78cb tplink-safeloader: add regionless EAP225-V3 IDs

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-26 16:58:05 +02:00
Josef Schlehofer
25534d5cc2 tools/libressl: update to version 3.4.3
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

```
It includes the following security fix:

    * A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-06-19 12:31:02 +02:00
Rosen Penev
a7be143646 tools/ninja: update to 1.11.0
Updated patchset to latest.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-06-13 19:50:25 +02:00
Daniel Golle
3fbf9689b6
tools/mkimage: increase tmpfile name length limit
mkimage limits the length of the file paths in can deal with to 256
characters. Turns out that in automated builds by asu we break this
limit, so increase it to 1024 characters.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-06-05 11:32:58 +01:00
Sander Vanheule
acca36f71f firmware-utils: bump to git HEAD
Fixes an out of bounds issue, adds support for TP-Link safeloader images
with non-default partition names, and adds image generation support for:
  - TP-Link Archer A6 v2 (EU)
  - TP-Link EAP225 v4
  - TP-Link EAP225-Outdoor v3

365458e00ed7 tplink-safeloader: join EAP225-V3 compatible devices
0277810d353d tplink-safeloader: fix chunked support-list prints
a64f89c66318 tplink-safeloader: Patch to handle partitions with alternate names.
07f78f071075 firmware-utils: tplink-safeloader: add support for Archer A6 v2 (EU)
49ea62160d21 tplink-safeloader: fix alphabetical order

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-05-27 10:20:03 +02:00
Stijn Tintel
6eec1a5225 tools/elfutils: drop HOST_BUILD_DEPENDS
This is only effective for host build of normal packages, not tools.

Fixes: ad79b92719 ("elfutils: move host build to tools")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-19 02:37:25 +03:00
Stijn Tintel
f64bd4b6ce tools/elfutils: only build required components
Building all of the components results in strip being installed in
staging_dir/host/bin. This strip binary will take precedence over
binutils strip that is installed in the toolchain directory.

This will not work on host systems that do not have libdw installed, as
we do not set HOST_LDFLAGS to override rpath to staging_dir/host/lib.
However, rather than overriding rpath, we should just avoid using
elfutils strip entirely.

Override the SUBDIRS variable in the Makefile to only build and install
the libraries we require for dwarves and frr.

Fixes the following build failure in toolchain/gdb:
strip: error while loading shared libraries: libdw.so.1: cannot open shared object file: No such file or directory

Fixes: ad79b92719 ("elfutils: move host build to tools")
Reported-by: Dominick Grift <dominick.grift@defensec.nl>
Reported-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-19 02:36:48 +03:00
Stijn Tintel
16e9ccd5fa tools/elfutils: depend on m4
Some buildbots fail to build elfutils due to m4 being missing. Add m4 as
a dependency for elfutils to fix this.

Fixes: ad79b92719 ("elfutils: move host build to tools")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 16:17:35 +03:00
Tony Ambardar
02850d7c9c tools/dwarves: add host package
dwarves is a set of tools that use the debugging information inserted in
ELF binaries by compilers such as GCC. Utilities in the dwarves suite
include pahole, which can be used to find alignment holes in structs and
classes, and also extracts other information such as CPU cacheline
alignment, helping pack those structures to achieve more cache hits.

These tools are also used to encode and read the BTF type information
format used with the bpf syscall, making this a Linux build dependency
when using kernel BTF information.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[bump to 1.23, add elfutils dep, drop host lib usage, drop cmake release
target, use RM macro]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 13:32:06 +03:00
Stijn Tintel
ad79b92719 elfutils: move host build to tools
The upcoming dwarves host package requires elfutils. As dependencies for
tools must exist in tools, we need to move elfutils host build there.

As there is at least one package that depends on this, and there is no
proper way to create such dependency in the build system, build it
unconditionally when not building on macOS.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 13:32:06 +03:00
Sander Vanheule
0f207ade12 firmware-utils: bump to git HEAD
Includes image support for new TP-Link devices:

  ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support
  ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-04-27 20:29:37 +02:00
Hauke Mehrtens
36790ca694 firmware-utils: bump to git HEAD
05fd700 tplink-safeloader: TP-Link RE650 v2 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-04-23 21:58:46 +02:00
Daniel Golle
08ebc3881d
mtools: update to version 4.0.39
Improvements since the 4.0.38 release are:
 - Rename strtoi to strosi (string to signed int). The strtoi
   function on BSD does something else (returns an intmax, not
   an int)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-15 01:18:28 +01:00
Rosen Penev
19f3fcc884 tools/meson: update to 0.61.4
Override python to use the one in host instead of hostpkg. There's no
need to use the latter.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-04-09 15:56:04 +02:00
leo chung
56f091d467 tools/cmake: fix download url
fix the cmake.org download url

Signed-off-by: leo chung <gewalalb@gmail.com>
2022-04-09 15:56:04 +02:00
Paul Spooren
5959c46456 tools: SOURCE_DATE_EPOCH handling for mkfs.fat
Backport upstream patch to have reproducible FAT signatures.
This should enable reproducibility for x86 EFI images.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-31 00:56:34 +01:00
Petr Štetiar
9d8f620679 tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:

 * Fix crc32.c to compile local functions only if used.
 * Check for cc masquerading as gcc or clang in configure.
 * Remove destructive aspects of make distclean.
 * Separate out address sanitizing from warnings in configure.
 * Eliminate use of ULL constants.
 * Add fallthrough comments for gcc.
 * Clean up minizip to reduce warnings for testing.
 * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
 * minizip warning fix if MAXU32 already defined. (gvollant)
 * Replace black/white with allow/block. (theresa-m)
 * Fix indentation in minizip's zip.c.
 * Improve portability of contrib/minizip.
 * Correct typo in blast.c.
 * Change macro name in inflate.c to avoid collision in VxWorks.
 * Clarify gz* function interfaces, referring to parameter names.
 * Fix error in comment on the polynomial representation of a byte.
 * Fix memory leak on error in gzlog.c.
 * Avoid adding empty gzip member after gzflush with Z_FINISH.
 * Explicitly note that the 32-bit check values are 32 bits.
 * Use ARM crc32 instructions if the ARM architecture has them.
 * Add use of the ARMv8 crc32 instructions when requested.
 * Correct comment in crc32.c.
 * Don't bother computing check value after successful inflateSync().
 * Use atomic test and set, if available, for dynamic CRC tables.
 * Speed up software CRC-32 computation by a factor of 1.5 to 3.
 * Add crc32_combine_gen() and crc32_combine_op() for fast combines.
 * Add tables for crc32_combine(), to speed it up by a factor of 200.
 * Fix the zran.c example to work on a multiple-member gzip file.
 * Add gznorm.c example, which normalizes gzip files.
 * Show all the codes for the maximum tables size in enough.c.
 * Clarify that prefix codes are counted in enough.c.
 * Use inline function instead of macro for index in enough.c.
 * Clean up code style in enough.c, update version.
 * Use a macro for the printf format of big_t in enough.c.
 * Use a structure to make globals in enough.c evident.
 * Assure that the number of bits for deflatePrime() is valid.
 * Fix a bug that can crash deflate on some input when using Z_FIXED.
 * Correct the initialization requirements for deflateInit2().
 * Emphasize the need to continue decompressing gzip members.
 * Add legal disclaimer to README.
 * Fix deflateEnd() to not report an error at start of raw deflate.
 * Remove old assembler code in which bugs have manifested.
 * Make the names in functions declarations identical to definitions.
 * Avoid an undefined behavior of memcpy() in _tr_stored_block().
 * Avoid undefined behaviors of memcpy() in gz*printf().
 * Avoid an undefined behavior of memcpy() in gzappend().
 * Avoid the use of ptrdiff_t.
 * Handle case where inflateSync used when header never processed.
 * Don't compute check value for raw inflate if asked to validate.
 * Add address checking in clang to -w option of configure.
 * Return an error if the gzputs string length can't fit in an int.
 * Small speedup to inflate [psumbera].
 * Update use of errno for newer Windows CE versions.
 * Avoid some conversion warnings in gzread.c and gzwrite.c.
 * Have Makefile return non-zero error code on test failure.
 * Avoid a conversion error in gzseek when off_t type too small.
 * Fix CLEAR_HASH macro to be usable as a single statement.
 * Fix bug when window full in deflate_stored().
 * Limit hash table inserts after switch from stored deflate.
 * Permit a deflateParams() parameter change as soon as possible.
 * Cygwin does not have _wopen(), so do not create gzopen_w() there.

Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.

This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.

Fixes: CVE-2018-25032
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-28 09:27:56 +02:00
Petr Štetiar
b3aa2909a7 zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-24 08:15:24 +01:00
Rosen Penev
9c290ad498 tools/ccache: update to 4.6
Full changelog: https://ccache.dev/releasenotes.html#_ccache_4_6

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
9a44bc78b4 tools/fakeroot: update to 1.28
Refreshed patches.

Upstream says there's only a bugfix for GNU Hurd.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
f88a6da020 tools/cmake: update to 3.22.3
Seems to be mostly pthread fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
7f92046dff tools/mtools: update to 4.0.38
No real changelog available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
cca5367f27 tools/expat: enable DTD
Fixes gdb usage, which depends on it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Rosen Penev
3150e8bf3e tools/expat: update to 2.4.7
Mostly a bug fix to the bug fix to CVE-2022-25236

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Sungbo Eo
4f3a565f5d tools: zip: make encrypted archives reproducible
Zip always try to generate new encryption header depending on execution
time and process id, which is far from being reproducible. This commit
changes the zip srand() seed to a predictable value to generate
reproducible random bytes for the encryption header. This will compromise
the goal of secure archive encryption, but it would not be a big problem
for our purpose.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Sungbo Eo
39d06472eb tools: zip: fetch SOURCE_DATE_EPOCH directly
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.

Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Felix Fietkau
545cabee9e tools/fakeroot: restore macos bugfix that was dropped during the last update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-05 16:58:58 +01:00
Josef Schlehofer
495c4f4e19 tools/libressl: update to version 3.4.2
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

```
It includes the following security fix

  * In some situations the X.509 verifier would discard an error on an
    unverified certificate chain, resulting in an authentication bypass.
    Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-01 00:08:08 +01:00
Huangbin Zhan
4a19cf3bc7 tools/mkimage: update to 2022.01
- enable dot config
- enable openwrt verbose
- add bison as dependency to avoid failure
```
  bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y
bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory
```

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
40f91f6a2f tools/fakeroot: update to 1.27
Remove macOS stuff. Upstream has fixed it in the same way.

Add SOL_TCP define. Taken from elsewhere in the code.

Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
4e13229dd1 tools/expat: update to 2.4.6
Switched to CMake for faster compilation and greater parallel
friendliness.

Added CMake options from the packages feed.

This release fixes various CVEs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8fdca4f6f tools/findutils: update to 4.9.0
Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer:

https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
94dd68ff73 tools/zstd: update to 1.5.2
Switched to building with meson as it's faster and does not need a
dependency on cmake, which takes a long time to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
2d5f03205a tools/ccache: add cmake dependency
This will be needed for the next commit as ccache's cmake dependency is
satisfied by zstd currenly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
03f55708cb tools/cmake: update to 3.22.2
Mostly random Python 3.10 fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00