aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* e2fsprogs: Fix CVE-2022-1304Hauke Mehrtens2022-12-062-1/+51
| | | | | | | | | | This fixes CVE-2022-1304: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 60e335b76ea0aeedd9f8e01d247f9aaa617076da)
* tools/patch: apply patch for EACCES on xattr copyThomas Weißschuh2022-11-272-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When compiling OpenWRT on a compressed btrfs volume the build fails in libtool. The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is missing write permissions, therefore patch falls back to copying the file and patching that. During this patch tries to preserve all file attribute on the new copy. However the attribute `btrfs.compression` is privileged and btrfs return EACCES. While patch ignores multiple other error codes during the copy of xattr copy it is not prepared for EACCES and aborts. EACCES should be ignored the same way as the other errors. Build log: ``` ... Applying ./patches/000-relocatable.patch using plaintext: patching file libltdl/config/general.m4sh patching file libtoolize.in patching file libtoolize.m4sh patching file libltdl/m4/libtool.m4 Applying ./patches/100-libdir-fixes.patch using plaintext: patching file libltdl/config/ltmain.m4sh File libltdl/config/ltmain.sh is read-only; trying to patch anyway patching file libltdl/config/ltmain.sh patch: setting attribute btrfs.compression for btrfs.compression: Permission denied Patch failed! Please fix ./patches/100-libdir-fixes.patch! ``` Link: https://lists.gnu.org/archive/html/bug-patch/2022-11/msg00000.html Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de> (cherry picked from commit 0d375de10dac3160c65c264bb91a5137ef4c0817)
* tools/expat: update to 2.5.0Alexander Couzens2022-11-121-3/+3
| | | | | | | | Fixes CVE-2022-43680 CVE-2022-40674. Switch to .xz archive to be closer to master. Changes: https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* tools/meson: backport WSL2 fixRosen Penev2022-10-031-0/+21
| | | | | | | | For some reason, Microsoft's Plan9 driver returns IOError on missing file. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 875e17774bafb132a93d66f1d7b2c6a2deec2030)
* tools: remove xxd packagePetr Štetiar2022-09-162-20/+1
| | | | | | | | | It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which should be self contained and fully compatible `xxd -i` replacement. Fixes: #10555 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 88c9056a70901577489ecdc7a25207a9b7576d6e)
* pkg-config: always use correct path for pkg-config.realLeonardo Mörlein2022-08-141-1/+1
| | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that pkg-config.real is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. The command failed with Makefile:15: *** No libnl-tiny development libraries found!. Stop. make[1]: Leaving directory since pkg-config of the host system was used. After the commit, the package is built sucessfully. Signed-off-by: Leonardo Mörlein <me@irrelefant.net> (cherry picked from commit 37c0d15a8e9eb30920091bff1bf466640bc64dad)
* tools/libressl: update to version 3.4.3Josef Schlehofer2022-06-251-2/+2
| | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt ``` It includes the following security fix: * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 25534d5cc20a807ff776fdb18847344167ce081d)
* tools/mkimage: increase tmpfile name length limitDaniel Golle2022-06-051-0/+11
| | | | | | | | | mkimage limits the length of the file paths in can deal with to 256 characters. Turns out that in automated builds by asu we break this limit, so increase it to 1024 characters. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 3fbf9689b652e230e21bbc7ab2a9b8c936bd6e80)
* firmware-utils: bump to git HEADSander Vanheule2022-05-171-3/+3
| | | | | | | | | | Includes image support for new TP-Link devices: ddc3e00e314d tplink-safeloader: add TP-Link EAP265 HD support ceea1a7fe56e tplink-safeloader: add TP-Link Deco M4R v1 and v2 support Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 0f207ade12fdfffae3554c6a7214aa670a8d6854)
* firmware-utils: bump to git HEADHauke Mehrtens2022-05-171-3/+3
| | | | | | | 05fd700 tplink-safeloader: TP-Link RE650 v2 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 36790ca6940b84dede450c54df9f75500454b92b)
* mtools: update to version 4.0.39Daniel Golle2022-04-151-2/+2
| | | | | | | | | | Improvements since the 4.0.38 release are: - Rename strtoi to strosi (string to signed int). The strtoi function on BSD does something else (returns an intmax, not an int) Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 08ebc3881d3f351d2d4ca9202ca446c96b38a1e1)
* tools/meson: update to 0.61.4Rosen Penev2022-04-103-2/+4
| | | | | | | | Override python to use the one in host instead of hostpkg. There's no need to use the latter. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 19f3fcc884cab348cfba823f1175baf7aa4de15f)
* tools/cmake: fix download urlleo chung2022-04-101-1/+1
| | | | | | | fix the cmake.org download url Signed-off-by: leo chung <gewalalb@gmail.com> (cherry picked from commit 56f091d4677feb693d37959a3fa4af845dcce82e)
* zlib: backport security fix for a reproducible crash in compressorPetr Štetiar2022-03-242-1/+344
| | | | | | | | | | | | | | | Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit b3aa2909a79aeff20d594160b207a89dc807c033)
* tools/ccache: update to 4.6Rosen Penev2022-03-131-2/+2
| | | | | | Full changelog: https://ccache.dev/releasenotes.html#_ccache_4_6 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/fakeroot: update to 1.28Rosen Penev2022-03-132-3/+3
| | | | | | | | Refreshed patches. Upstream says there's only a bugfix for GNU Hurd. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/cmake: update to 3.22.3Rosen Penev2022-03-131-2/+2
| | | | | | Seems to be mostly pthread fixes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mtools: update to 4.0.38Rosen Penev2022-03-131-2/+2
| | | | | | No real changelog available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: enable DTDRosen Penev2022-03-131-1/+1
| | | | | | Fixes gdb usage, which depends on it. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: update to 2.4.7Rosen Penev2022-03-131-2/+2
| | | | | | Mostly a bug fix to the bug fix to CVE-2022-25236 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools: zip: make encrypted archives reproducibleSungbo Eo2022-03-091-0/+75
| | | | | | | | | | | Zip always try to generate new encryption header depending on execution time and process id, which is far from being reproducible. This commit changes the zip srand() seed to a predictable value to generate reproducible random bytes for the encryption header. This will compromise the goal of secure archive encryption, but it would not be a big problem for our purpose. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* tools: zip: fetch SOURCE_DATE_EPOCH directlySungbo Eo2022-03-092-145/+41
| | | | | | | | | Remove "--mtime" option introduced in commit 18c9faa03211 ("tools: zip: add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH environment variable directly in the code. Ref: https://sourceforge.net/p/infozip/patches/25/ Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* tools/fakeroot: restore macos bugfix that was dropped during the last updateFelix Fietkau2022-03-051-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/libressl: update to version 3.4.2Josef Schlehofer2022-03-011-2/+2
| | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt ``` It includes the following security fix * In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* tools/mkimage: update to 2022.01Huangbin Zhan2022-03-013-17/+30
| | | | | | | | | | | | - enable dot config - enable openwrt verbose - add bison as dependency to avoid failure ``` bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory ``` Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* tools/fakeroot: update to 1.27Rosen Penev2022-03-015-134/+17
| | | | | | | | | | Remove macOS stuff. Upstream has fixed it in the same way. Add SOL_TCP define. Taken from elsewhere in the code. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: update to 2.4.6Rosen Penev2022-03-012-11/+16
| | | | | | | | | | | Switched to CMake for faster compilation and greater parallel friendliness. Added CMake options from the packages feed. This release fixes various CVEs. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/findutils: update to 4.9.0Rosen Penev2022-03-012-2/+22
| | | | | | | | Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer: https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/zstd: update to 1.5.2Rosen Penev2022-03-012-11/+21
| | | | | | | Switched to building with meson as it's faster and does not need a dependency on cmake, which takes a long time to build. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/ccache: add cmake dependencyRosen Penev2022-03-011-1/+1
| | | | | | | This will be needed for the next commit as ccache's cmake dependency is satisfied by zstd currenly. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/cmake: update to 3.22.2Rosen Penev2022-03-011-2/+2
| | | | | | Mostly random Python 3.10 fixes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mtools: update to 4.0.37Rosen Penev2022-03-011-2/+2
| | | | | | No changelog is available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mklibs: update to 0.1.45Rosen Penev2022-03-0110-287/+37
| | | | | | | | | | | | | Refresh 2to3 patch. Upstream partially did this against some older python version. This is still needed. Refreshed other patches to be python3 safe. Remove uClibc patches as only musl is present now. Refresh others. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firmware-utils: bump to git HEADStijn Tintel2022-02-281-3/+3
| | | | | | 002cfaf firmware-utils: fix compilation with macOS Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firmware-utils: bump to git HEADStijn Tintel2022-02-271-3/+3
| | | | | | | | | | | 706e9cc tplink-safeloader: support for Archer A6 v3 JP 497726b firmware-utils: support checksum for AVM fritzbox wasp SOCs 2ca6462 iptime-crc32: add support for AX8004M 57d0e31 tplink-safeloader: TP-Link EAP615-Wall v1 support 8a8da19 tplink-safeloader: add TL-WPA8631P v3 support eea4ee7 tplink-safeloader: add TP-Link Archer A9 v6 support Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* tools/meson: update to 0.61.2Rosen Penev2022-02-261-2/+2
| | | | | | Seems to be minor bugfixes with Cygwin and Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/quilt: update to 0.67Rosen Penev2022-02-253-5/+5
| | | | | | | | | | | | | | | | | | | | | | | - Call pager with original LANG environment variable - Consistently complain early if no series file is found - Fix handling of symbolic links by several commands - Tighten the patch format parsing - Reuse the shell (performance) - Document the series file format further - Document that quilt loads /etc/quilt.quiltrc - configure: Make stat configurable - series: Minor optimizations - setup: Don't obey the settings of any englobing .pc - setup: Default to fast mode - quilt.el: Fix documentation of quilt-pc-directory - quilt.el: Load /etc/quilt.quiltrc if ~/.quiltrc doesn't exist - quilt.el: Fix quilt-editable when QUILT_PATCHES_PREFIX is set Refresh patches. Signed-off-by: Rosen Penev <rosenp@gmail.com> [add changelog] Signed-off-by: Paul Spooren <mail@aparcar.org>
* tools: use https for bc mirrorsPaul Spooren2022-02-241-5/+5
| | | | | | All mirrors offer encrypted downloads, use it. Signed-off-by: Paul Spooren <mail@aparcar.org>
* tools/cmake: add MAKE config variableRosen Penev2022-02-111-1/+2
| | | | | | | | | Makes sure that Ninja from staging_dir is used and nowhere else. Reported by reproducible builds project. Builds have been failing ever since tools/cmake started using Ninja. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Revert "tools/zstd: update to 1.5.2"Jo-Philipp Wich2022-02-072-21/+11
| | | | | | | | This reverts commit 8de901ccf7e2b227bd970e9c477f00c15ce6aae9. Apparently this update breaks tools building. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tools/zstd: update to 1.5.2Rosen Penev2022-02-072-11/+21
| | | | | | | Switched to building with meson as it's faster and does not need a dependency on cmake, which takes a long time to build. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/meson: update to 0.61.1Rosen Penev2022-02-031-2/+2
| | | | | | | | | | | | | | | | | | Changelog: backend_startup_project Add a man page backend to refman extract_objects() supports generated sources Python 3.6 support will be dropped in the next release Warning if check kwarg of run_command is missing meson rewrite can modify extra_files meson rewrite target <target> info outputs target's extra_files Visual Studio 2022 backend Support for CMake <3.14 is now deprecated for CMake subprojects Added support for sccache install_symlink function Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firmware-utils: bump to git HEADSungbo Eo2022-01-291-3/+3
| | | | | | | 0c15cad iptime-naspkg: add image header tool for ipTIME NAS series 872c87c iptime-crc32: add image header tool for new ipTIME models Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* firmware-utils: update to git HEAD of 2022-01-28Daniel Golle2022-01-281-3/+3
| | | | | | | 6c95945 ptgen: add Chromium OS kernel partition support 8e7274e cros-vbutil: add Chrome OS vboot kernel-signing utility Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* tools: build bash on macOS and use it for ipkg-buildFelix Fietkau2022-01-272-0/+24
| | | | | | | | | On macOS, system binaries silently drop the environment variables for injecting extra shared libraries (used by fakeroot). This is done for security reasons. Work around this by building bash from source, so that it gets an ad-hoc signature and does not have these restrictions Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/coreutils: build chownFelix Fietkau2022-01-271-1/+1
| | | | | | | On ARM macOS, injecting extra shared libraries does not work for system binaries. This causes fakeroot to fail for chown calls Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/fakeroot: fix unresolved symbols on arm64 macOSFelix Fietkau2022-01-271-10/+43
| | | | | | | The $INODE64 symbol variants are not present, since the base system always uses 64-bit file offsets Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firmware-utils: update to latest masterHauke Mehrtens2022-01-161-3/+3
| | | | | | d885b49 tplink-safeloader: support Archer C6v3.0 (BR) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firmware-utils: update to latest masterMatthias Schiffer2022-01-141-3/+3
| | | | | | 84dbf8ee49f5 tplink-safeloader: fix Archer A7v5 factory flashing from vendor fw > v1.1.x Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* tools/cmake: update to version 3.22.1Josef Schlehofer2021-12-311-2/+2
| | | | Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>