Commit Graph

1798 Commits

Author SHA1 Message Date
Alexander Couzens
9d71dc94d3 tools: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-27 17:30:45 +02:00
Nick Hainke
c1ccae54ce ccache: update to 4.6.3
Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_3

Refresh patch:
- 100-honour-copts.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 83ea2e11b4)
2023-04-27 21:02:10 +02:00
Nick Hainke
80653f0c07 tools/ccache: update to 4.6.2
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_2

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ac61cf596c)
2023-04-27 20:57:58 +02:00
Nick Hainke
eeff8b3be1 tools/ccache: update to 4.6.1
Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_1

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2e87e24e43)
2023-04-27 20:52:55 +02:00
David Bauer
c58959dc45 firmware-utils: tplink-safeloader: add Mercusys MR70X
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-24 16:04:38 +01:00
David Bauer
a507243bfe firmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1
Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-15 01:22:20 +01:00
Christian Marangi
28e1770a3b
tools/mkimage: build uboot with NO_SDL=1
From uboot Documentation for uboot-2022.01 for tools-only we can build
with NO_SDL=1 to skip installing the sdl2 package.

Follow this to fix compilation error on macos

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-22 01:35:16 +01:00
David Bauer
807483d336 dosfstools: switch to AC_CHECK_LIB
This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9300a20dcc)
2023-01-16 23:58:16 +01:00
Stijn Tintel
3bc6d2af76 tools/dosfstools: fix PKG_SOURCE
Both mirrors provided in the Makefile only serve gzipped tarballs.

Fixes: #10871
Fixes: 9edfe7dd13 ("source: Switch to xz for packages and tools where possible")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b4538)
2023-01-16 23:58:16 +01:00
Michal Vasilek
3de4572ed3 tools/ccache: fix build with musl and gcc 12
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2022-12-19 23:10:22 +01:00
Hauke Mehrtens
1a0f2c3a3e e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 60e335b76e)
2022-12-06 23:29:14 +01:00
Thomas Weißschuh
8040f74f8d tools/patch: apply patch for EACCES on xattr copy
When compiling OpenWRT on a compressed btrfs volume the build fails in
libtool.
The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is
missing write permissions, therefore patch falls back to copying the
file and patching that. During this patch tries to preserve all file
attribute on the new copy.
However the attribute `btrfs.compression` is privileged and btrfs return
EACCES.
While patch ignores multiple other error codes during the copy of xattr
copy it is not prepared for EACCES and aborts.

EACCES should be ignored the same way as the other errors.

Build log:
```
...
Applying ./patches/000-relocatable.patch using plaintext:
patching file libltdl/config/general.m4sh
patching file libtoolize.in
patching file libtoolize.m4sh
patching file libltdl/m4/libtool.m4

Applying ./patches/100-libdir-fixes.patch using plaintext:
patching file libltdl/config/ltmain.m4sh
File libltdl/config/ltmain.sh is read-only; trying to patch anyway
patching file libltdl/config/ltmain.sh
patch: setting attribute btrfs.compression for btrfs.compression: Permission denied
Patch failed!  Please fix ./patches/100-libdir-fixes.patch!
```

Link: https://lists.gnu.org/archive/html/bug-patch/2022-11/msg00000.html
Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
(cherry picked from commit 0d375de10d)
2022-11-27 15:43:08 +01:00
Alexander Couzens
7fa6351310
tools/expat: update to 2.5.0
Fixes CVE-2022-43680 CVE-2022-40674.
Switch to .xz archive to be closer to master.

Changes: https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2022-11-12 20:28:46 +00:00
Rosen Penev
ed905fce58 tools/meson: backport WSL2 fix
For some reason, Microsoft's Plan9 driver returns IOError on missing
file.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 875e17774b)
2022-10-03 19:51:50 +02:00
Petr Štetiar
b5e39355e4 tools: remove xxd package
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 88c9056a70)
2022-09-16 18:50:46 +02:00
Leonardo Mörlein
6a638c134d pkg-config: always use correct path for pkg-config.real
Before this commit, it was assumed that pkg-config.real is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. The command failed with

    Makefile:15: *** No libnl-tiny development libraries found!.  Stop.
    make[1]: Leaving directory

since pkg-config of the host system was used.

After the commit, the package is built sucessfully.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
(cherry picked from commit 37c0d15a8e)
2022-08-14 00:29:20 +02:00
Josef Schlehofer
c1868ef656 tools/libressl: update to version 3.4.3
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

```
It includes the following security fix:

    * A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25534d5cc2)
2022-06-25 00:05:21 +02:00
Daniel Golle
f77d77e726
tools/mkimage: increase tmpfile name length limit
mkimage limits the length of the file paths in can deal with to 256
characters. Turns out that in automated builds by asu we break this
limit, so increase it to 1024 characters.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3fbf9689b6)
2022-06-05 11:38:28 +01:00
Sander Vanheule
9c2ed54aa2 firmware-utils: bump to git HEAD
Includes image support for new TP-Link devices:

  ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support
  ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support

Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 0f207ade12)
2022-05-17 21:14:23 +02:00
Hauke Mehrtens
87f9dd665a firmware-utils: bump to git HEAD
05fd700 tplink-safeloader: TP-Link RE650 v2 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 36790ca694)
2022-05-17 21:14:23 +02:00
Daniel Golle
3c3d1e2da0
mtools: update to version 4.0.39
Improvements since the 4.0.38 release are:
 - Rename strtoi to strosi (string to signed int). The strtoi
   function on BSD does something else (returns an intmax, not
   an int)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 08ebc3881d)
2022-04-15 14:12:18 +01:00
Rosen Penev
0db5044f51 tools/meson: update to 0.61.4
Override python to use the one in host instead of hostpkg. There's no
need to use the latter.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 19f3fcc884)
2022-04-10 16:26:01 +01:00
leo chung
a650f4abfb tools/cmake: fix download url
fix the cmake.org download url

Signed-off-by: leo chung <gewalalb@gmail.com>
(cherry picked from commit 56f091d467)
2022-04-10 16:26:01 +01:00
Petr Štetiar
3965dda0fa zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a7)
2022-03-24 08:18:21 +01:00
Rosen Penev
9c290ad498 tools/ccache: update to 4.6
Full changelog: https://ccache.dev/releasenotes.html#_ccache_4_6

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
9a44bc78b4 tools/fakeroot: update to 1.28
Refreshed patches.

Upstream says there's only a bugfix for GNU Hurd.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
f88a6da020 tools/cmake: update to 3.22.3
Seems to be mostly pthread fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
7f92046dff tools/mtools: update to 4.0.38
No real changelog available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
cca5367f27 tools/expat: enable DTD
Fixes gdb usage, which depends on it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Rosen Penev
3150e8bf3e tools/expat: update to 2.4.7
Mostly a bug fix to the bug fix to CVE-2022-25236

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Sungbo Eo
4f3a565f5d tools: zip: make encrypted archives reproducible
Zip always try to generate new encryption header depending on execution
time and process id, which is far from being reproducible. This commit
changes the zip srand() seed to a predictable value to generate
reproducible random bytes for the encryption header. This will compromise
the goal of secure archive encryption, but it would not be a big problem
for our purpose.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Sungbo Eo
39d06472eb tools: zip: fetch SOURCE_DATE_EPOCH directly
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.

Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Felix Fietkau
545cabee9e tools/fakeroot: restore macos bugfix that was dropped during the last update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-05 16:58:58 +01:00
Josef Schlehofer
495c4f4e19 tools/libressl: update to version 3.4.2
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

```
It includes the following security fix

  * In some situations the X.509 verifier would discard an error on an
    unverified certificate chain, resulting in an authentication bypass.
    Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-01 00:08:08 +01:00
Huangbin Zhan
4a19cf3bc7 tools/mkimage: update to 2022.01
- enable dot config
- enable openwrt verbose
- add bison as dependency to avoid failure
```
  bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y
bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory
```

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
40f91f6a2f tools/fakeroot: update to 1.27
Remove macOS stuff. Upstream has fixed it in the same way.

Add SOL_TCP define. Taken from elsewhere in the code.

Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
4e13229dd1 tools/expat: update to 2.4.6
Switched to CMake for faster compilation and greater parallel
friendliness.

Added CMake options from the packages feed.

This release fixes various CVEs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8fdca4f6f tools/findutils: update to 4.9.0
Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer:

https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
94dd68ff73 tools/zstd: update to 1.5.2
Switched to building with meson as it's faster and does not need a
dependency on cmake, which takes a long time to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
2d5f03205a tools/ccache: add cmake dependency
This will be needed for the next commit as ccache's cmake dependency is
satisfied by zstd currenly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
03f55708cb tools/cmake: update to 3.22.2
Mostly random Python 3.10 fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
63e530a519 tools/mtools: update to 4.0.37
No changelog is available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8b7065f61 tools/mklibs: update to 0.1.45
Refresh 2to3 patch. Upstream partially did this against some older
python version. This is still needed.

Refreshed other patches to be python3 safe.

Remove uClibc patches as only musl is present now.

Refresh others.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Stijn Tintel
0dc3566a3b firmware-utils: bump to git HEAD
002cfaf firmware-utils: fix compilation with macOS

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-28 13:12:00 +02:00
Stijn Tintel
73dfc9e7d9 firmware-utils: bump to git HEAD
706e9cc tplink-safeloader: support for Archer A6 v3 JP
  497726b firmware-utils: support checksum for AVM fritzbox wasp SOCs
  2ca6462 iptime-crc32: add support for AX8004M
  57d0e31 tplink-safeloader: TP-Link EAP615-Wall v1 support
  8a8da19 tplink-safeloader: add TL-WPA8631P v3 support
  eea4ee7 tplink-safeloader: add TP-Link Archer A9 v6 support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-27 12:01:22 +02:00
Rosen Penev
628970a195 tools/meson: update to 0.61.2
Seems to be minor bugfixes with Cygwin and Windows.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-26 13:44:14 +01:00
Rosen Penev
68a20d8631 tools/quilt: update to 0.67
- Call pager with original LANG environment variable
  - Consistently complain early if no series file is found
  - Fix handling of symbolic links by several commands
  - Tighten the patch format parsing
  - Reuse the shell (performance)
  - Document the series file format further
  - Document that quilt loads /etc/quilt.quiltrc
  - configure: Make stat configurable
  - series: Minor optimizations
  - setup: Don't obey the settings of any englobing .pc
  - setup: Default to fast mode
  - quilt.el: Fix documentation of quilt-pc-directory
  - quilt.el: Load /etc/quilt.quiltrc if ~/.quiltrc doesn't exist
  - quilt.el: Fix quilt-editable when QUILT_PATCHES_PREFIX is set

Refresh patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add changelog]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-25 14:12:39 +01:00
Paul Spooren
1e2549045c tools: use https for bc mirrors
All mirrors offer encrypted downloads, use it.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-24 15:36:28 +01:00
Rosen Penev
0d25db7f17 tools/cmake: add MAKE config variable
Makes sure that Ninja from staging_dir is used and nowhere else.

Reported by reproducible builds project. Builds have been failing ever
since tools/cmake started using Ninja.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-11 12:04:09 +01:00
Jo-Philipp Wich
af79853c73 Revert "tools/zstd: update to 1.5.2"
This reverts commit 8de901ccf7.

Apparently this update breaks tools building.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 09:03:19 +01:00