Commit Graph

1793 Commits

Author SHA1 Message Date
Rosen Penev
d60cfa5a9e tools/meson: update to 0.61.5
Mostly backports by a Red Hat employee as 0.62 and newer demands Python
3.7+. Same reason 0.61 is kept here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-06-27 00:57:15 +02:00
Sander Vanheule
326e109f24 firmware-utils: bump to git HEAD
Fixes the safeloader model identifiers for EAP225-Outdoor v1/v3 devices.

1e3d47292b2e tplink-safeloader: fix EAP225-Outdoor model IDs
9563fe8e78cb tplink-safeloader: add regionless EAP225-V3 IDs

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-26 16:58:05 +02:00
Josef Schlehofer
25534d5cc2 tools/libressl: update to version 3.4.3
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

```
It includes the following security fix:

    * A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-06-19 12:31:02 +02:00
Rosen Penev
a7be143646 tools/ninja: update to 1.11.0
Updated patchset to latest.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-06-13 19:50:25 +02:00
Daniel Golle
3fbf9689b6
tools/mkimage: increase tmpfile name length limit
mkimage limits the length of the file paths in can deal with to 256
characters. Turns out that in automated builds by asu we break this
limit, so increase it to 1024 characters.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-06-05 11:32:58 +01:00
Sander Vanheule
acca36f71f firmware-utils: bump to git HEAD
Fixes an out of bounds issue, adds support for TP-Link safeloader images
with non-default partition names, and adds image generation support for:
  - TP-Link Archer A6 v2 (EU)
  - TP-Link EAP225 v4
  - TP-Link EAP225-Outdoor v3

365458e00ed7 tplink-safeloader: join EAP225-V3 compatible devices
0277810d353d tplink-safeloader: fix chunked support-list prints
a64f89c66318 tplink-safeloader: Patch to handle partitions with alternate names.
07f78f071075 firmware-utils: tplink-safeloader: add support for Archer A6 v2 (EU)
49ea62160d21 tplink-safeloader: fix alphabetical order

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-05-27 10:20:03 +02:00
Stijn Tintel
6eec1a5225 tools/elfutils: drop HOST_BUILD_DEPENDS
This is only effective for host build of normal packages, not tools.

Fixes: ad79b92719 ("elfutils: move host build to tools")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-19 02:37:25 +03:00
Stijn Tintel
f64bd4b6ce tools/elfutils: only build required components
Building all of the components results in strip being installed in
staging_dir/host/bin. This strip binary will take precedence over
binutils strip that is installed in the toolchain directory.

This will not work on host systems that do not have libdw installed, as
we do not set HOST_LDFLAGS to override rpath to staging_dir/host/lib.
However, rather than overriding rpath, we should just avoid using
elfutils strip entirely.

Override the SUBDIRS variable in the Makefile to only build and install
the libraries we require for dwarves and frr.

Fixes the following build failure in toolchain/gdb:
strip: error while loading shared libraries: libdw.so.1: cannot open shared object file: No such file or directory

Fixes: ad79b92719 ("elfutils: move host build to tools")
Reported-by: Dominick Grift <dominick.grift@defensec.nl>
Reported-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-19 02:36:48 +03:00
Stijn Tintel
16e9ccd5fa tools/elfutils: depend on m4
Some buildbots fail to build elfutils due to m4 being missing. Add m4 as
a dependency for elfutils to fix this.

Fixes: ad79b92719 ("elfutils: move host build to tools")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 16:17:35 +03:00
Tony Ambardar
02850d7c9c tools/dwarves: add host package
dwarves is a set of tools that use the debugging information inserted in
ELF binaries by compilers such as GCC. Utilities in the dwarves suite
include pahole, which can be used to find alignment holes in structs and
classes, and also extracts other information such as CPU cacheline
alignment, helping pack those structures to achieve more cache hits.

These tools are also used to encode and read the BTF type information
format used with the bpf syscall, making this a Linux build dependency
when using kernel BTF information.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[bump to 1.23, add elfutils dep, drop host lib usage, drop cmake release
target, use RM macro]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 13:32:06 +03:00
Stijn Tintel
ad79b92719 elfutils: move host build to tools
The upcoming dwarves host package requires elfutils. As dependencies for
tools must exist in tools, we need to move elfutils host build there.

As there is at least one package that depends on this, and there is no
proper way to create such dependency in the build system, build it
unconditionally when not building on macOS.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 13:32:06 +03:00
Sander Vanheule
0f207ade12 firmware-utils: bump to git HEAD
Includes image support for new TP-Link devices:

  ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support
  ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-04-27 20:29:37 +02:00
Hauke Mehrtens
36790ca694 firmware-utils: bump to git HEAD
05fd700 tplink-safeloader: TP-Link RE650 v2 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-04-23 21:58:46 +02:00
Daniel Golle
08ebc3881d
mtools: update to version 4.0.39
Improvements since the 4.0.38 release are:
 - Rename strtoi to strosi (string to signed int). The strtoi
   function on BSD does something else (returns an intmax, not
   an int)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-15 01:18:28 +01:00
Rosen Penev
19f3fcc884 tools/meson: update to 0.61.4
Override python to use the one in host instead of hostpkg. There's no
need to use the latter.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-04-09 15:56:04 +02:00
leo chung
56f091d467 tools/cmake: fix download url
fix the cmake.org download url

Signed-off-by: leo chung <gewalalb@gmail.com>
2022-04-09 15:56:04 +02:00
Paul Spooren
5959c46456 tools: SOURCE_DATE_EPOCH handling for mkfs.fat
Backport upstream patch to have reproducible FAT signatures.
This should enable reproducibility for x86 EFI images.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-31 00:56:34 +01:00
Petr Štetiar
9d8f620679 tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:

 * Fix crc32.c to compile local functions only if used.
 * Check for cc masquerading as gcc or clang in configure.
 * Remove destructive aspects of make distclean.
 * Separate out address sanitizing from warnings in configure.
 * Eliminate use of ULL constants.
 * Add fallthrough comments for gcc.
 * Clean up minizip to reduce warnings for testing.
 * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
 * minizip warning fix if MAXU32 already defined. (gvollant)
 * Replace black/white with allow/block. (theresa-m)
 * Fix indentation in minizip's zip.c.
 * Improve portability of contrib/minizip.
 * Correct typo in blast.c.
 * Change macro name in inflate.c to avoid collision in VxWorks.
 * Clarify gz* function interfaces, referring to parameter names.
 * Fix error in comment on the polynomial representation of a byte.
 * Fix memory leak on error in gzlog.c.
 * Avoid adding empty gzip member after gzflush with Z_FINISH.
 * Explicitly note that the 32-bit check values are 32 bits.
 * Use ARM crc32 instructions if the ARM architecture has them.
 * Add use of the ARMv8 crc32 instructions when requested.
 * Correct comment in crc32.c.
 * Don't bother computing check value after successful inflateSync().
 * Use atomic test and set, if available, for dynamic CRC tables.
 * Speed up software CRC-32 computation by a factor of 1.5 to 3.
 * Add crc32_combine_gen() and crc32_combine_op() for fast combines.
 * Add tables for crc32_combine(), to speed it up by a factor of 200.
 * Fix the zran.c example to work on a multiple-member gzip file.
 * Add gznorm.c example, which normalizes gzip files.
 * Show all the codes for the maximum tables size in enough.c.
 * Clarify that prefix codes are counted in enough.c.
 * Use inline function instead of macro for index in enough.c.
 * Clean up code style in enough.c, update version.
 * Use a macro for the printf format of big_t in enough.c.
 * Use a structure to make globals in enough.c evident.
 * Assure that the number of bits for deflatePrime() is valid.
 * Fix a bug that can crash deflate on some input when using Z_FIXED.
 * Correct the initialization requirements for deflateInit2().
 * Emphasize the need to continue decompressing gzip members.
 * Add legal disclaimer to README.
 * Fix deflateEnd() to not report an error at start of raw deflate.
 * Remove old assembler code in which bugs have manifested.
 * Make the names in functions declarations identical to definitions.
 * Avoid an undefined behavior of memcpy() in _tr_stored_block().
 * Avoid undefined behaviors of memcpy() in gz*printf().
 * Avoid an undefined behavior of memcpy() in gzappend().
 * Avoid the use of ptrdiff_t.
 * Handle case where inflateSync used when header never processed.
 * Don't compute check value for raw inflate if asked to validate.
 * Add address checking in clang to -w option of configure.
 * Return an error if the gzputs string length can't fit in an int.
 * Small speedup to inflate [psumbera].
 * Update use of errno for newer Windows CE versions.
 * Avoid some conversion warnings in gzread.c and gzwrite.c.
 * Have Makefile return non-zero error code on test failure.
 * Avoid a conversion error in gzseek when off_t type too small.
 * Fix CLEAR_HASH macro to be usable as a single statement.
 * Fix bug when window full in deflate_stored().
 * Limit hash table inserts after switch from stored deflate.
 * Permit a deflateParams() parameter change as soon as possible.
 * Cygwin does not have _wopen(), so do not create gzopen_w() there.

Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.

This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.

Fixes: CVE-2018-25032
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-28 09:27:56 +02:00
Petr Štetiar
b3aa2909a7 zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.

Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.

Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-24 08:15:24 +01:00
Rosen Penev
9c290ad498 tools/ccache: update to 4.6
Full changelog: https://ccache.dev/releasenotes.html#_ccache_4_6

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
9a44bc78b4 tools/fakeroot: update to 1.28
Refreshed patches.

Upstream says there's only a bugfix for GNU Hurd.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
f88a6da020 tools/cmake: update to 3.22.3
Seems to be mostly pthread fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
7f92046dff tools/mtools: update to 4.0.38
No real changelog available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 19:24:13 +01:00
Rosen Penev
cca5367f27 tools/expat: enable DTD
Fixes gdb usage, which depends on it.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Rosen Penev
3150e8bf3e tools/expat: update to 2.4.7
Mostly a bug fix to the bug fix to CVE-2022-25236

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-13 10:10:30 +01:00
Sungbo Eo
4f3a565f5d tools: zip: make encrypted archives reproducible
Zip always try to generate new encryption header depending on execution
time and process id, which is far from being reproducible. This commit
changes the zip srand() seed to a predictable value to generate
reproducible random bytes for the encryption header. This will compromise
the goal of secure archive encryption, but it would not be a big problem
for our purpose.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Sungbo Eo
39d06472eb tools: zip: fetch SOURCE_DATE_EPOCH directly
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.

Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Felix Fietkau
545cabee9e tools/fakeroot: restore macos bugfix that was dropped during the last update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-05 16:58:58 +01:00
Josef Schlehofer
495c4f4e19 tools/libressl: update to version 3.4.2
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

```
It includes the following security fix

  * In some situations the X.509 verifier would discard an error on an
    unverified certificate chain, resulting in an authentication bypass.
    Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-01 00:08:08 +01:00
Huangbin Zhan
4a19cf3bc7 tools/mkimage: update to 2022.01
- enable dot config
- enable openwrt verbose
- add bison as dependency to avoid failure
```
  bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y
bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory
```

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
40f91f6a2f tools/fakeroot: update to 1.27
Remove macOS stuff. Upstream has fixed it in the same way.

Add SOL_TCP define. Taken from elsewhere in the code.

Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
4e13229dd1 tools/expat: update to 2.4.6
Switched to CMake for faster compilation and greater parallel
friendliness.

Added CMake options from the packages feed.

This release fixes various CVEs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8fdca4f6f tools/findutils: update to 4.9.0
Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer:

https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
94dd68ff73 tools/zstd: update to 1.5.2
Switched to building with meson as it's faster and does not need a
dependency on cmake, which takes a long time to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
2d5f03205a tools/ccache: add cmake dependency
This will be needed for the next commit as ccache's cmake dependency is
satisfied by zstd currenly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
03f55708cb tools/cmake: update to 3.22.2
Mostly random Python 3.10 fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
63e530a519 tools/mtools: update to 4.0.37
No changelog is available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8b7065f61 tools/mklibs: update to 0.1.45
Refresh 2to3 patch. Upstream partially did this against some older
python version. This is still needed.

Refreshed other patches to be python3 safe.

Remove uClibc patches as only musl is present now.

Refresh others.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Stijn Tintel
0dc3566a3b firmware-utils: bump to git HEAD
002cfaf firmware-utils: fix compilation with macOS

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-28 13:12:00 +02:00
Stijn Tintel
73dfc9e7d9 firmware-utils: bump to git HEAD
706e9cc tplink-safeloader: support for Archer A6 v3 JP
  497726b firmware-utils: support checksum for AVM fritzbox wasp SOCs
  2ca6462 iptime-crc32: add support for AX8004M
  57d0e31 tplink-safeloader: TP-Link EAP615-Wall v1 support
  8a8da19 tplink-safeloader: add TL-WPA8631P v3 support
  eea4ee7 tplink-safeloader: add TP-Link Archer A9 v6 support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-27 12:01:22 +02:00
Rosen Penev
628970a195 tools/meson: update to 0.61.2
Seems to be minor bugfixes with Cygwin and Windows.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-26 13:44:14 +01:00
Rosen Penev
68a20d8631 tools/quilt: update to 0.67
- Call pager with original LANG environment variable
  - Consistently complain early if no series file is found
  - Fix handling of symbolic links by several commands
  - Tighten the patch format parsing
  - Reuse the shell (performance)
  - Document the series file format further
  - Document that quilt loads /etc/quilt.quiltrc
  - configure: Make stat configurable
  - series: Minor optimizations
  - setup: Don't obey the settings of any englobing .pc
  - setup: Default to fast mode
  - quilt.el: Fix documentation of quilt-pc-directory
  - quilt.el: Load /etc/quilt.quiltrc if ~/.quiltrc doesn't exist
  - quilt.el: Fix quilt-editable when QUILT_PATCHES_PREFIX is set

Refresh patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add changelog]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-25 14:12:39 +01:00
Paul Spooren
1e2549045c tools: use https for bc mirrors
All mirrors offer encrypted downloads, use it.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-24 15:36:28 +01:00
Rosen Penev
0d25db7f17 tools/cmake: add MAKE config variable
Makes sure that Ninja from staging_dir is used and nowhere else.

Reported by reproducible builds project. Builds have been failing ever
since tools/cmake started using Ninja.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-11 12:04:09 +01:00
Jo-Philipp Wich
af79853c73 Revert "tools/zstd: update to 1.5.2"
This reverts commit 8de901ccf7.

Apparently this update breaks tools building.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 09:03:19 +01:00
Rosen Penev
8de901ccf7 tools/zstd: update to 1.5.2
Switched to building with meson as it's faster and does not need a
dependency on cmake, which takes a long time to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-07 00:03:27 +01:00
Rosen Penev
fb6cf22866 tools/meson: update to 0.61.1
Changelog:

backend_startup_project
Add a man page backend to refman
extract_objects() supports generated sources
Python 3.6 support will be dropped in the next release
Warning if check kwarg of run_command is missing
meson rewrite can modify extra_files
meson rewrite target <target> info outputs target's extra_files
Visual Studio 2022 backend
Support for CMake <3.14 is now deprecated for CMake subprojects
Added support for sccache
install_symlink function

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-02-03 23:16:00 +01:00
Sungbo Eo
536a8021c3 firmware-utils: bump to git HEAD
0c15cad iptime-naspkg: add image header tool for ipTIME NAS series
872c87c iptime-crc32: add image header tool for new ipTIME models

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-29 23:49:39 +09:00
Daniel Golle
ebeb003470
firmware-utils: update to git HEAD of 2022-01-28
6c95945 ptgen: add Chromium OS kernel partition support
 8e7274e cros-vbutil: add Chrome OS vboot kernel-signing utility

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-28 13:00:25 +00:00
Felix Fietkau
3869ccbcc8 tools: build bash on macOS and use it for ipkg-build
On macOS, system binaries silently drop the environment variables for injecting
extra shared libraries (used by fakeroot). This is done for security reasons.
Work around this by building bash from source, so that it gets an ad-hoc signature
and does not have these restrictions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-27 13:38:48 +01:00