aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)Petr Štetiar2022-03-282-348/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | List of changes since previous release from 2018 is quite long: * Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there. Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release. This release is not available on @SF (yet?) so the sources are now pulled from GitHub. Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: backport security fix for a reproducible crash in compressorPetr Štetiar2022-03-242-1/+344
| | | | | | | | | | | | | | Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* tools/ccache: update to 4.6Rosen Penev2022-03-131-2/+2
| | | | | | Full changelog: https://ccache.dev/releasenotes.html#_ccache_4_6 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/fakeroot: update to 1.28Rosen Penev2022-03-132-3/+3
| | | | | | | | Refreshed patches. Upstream says there's only a bugfix for GNU Hurd. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/cmake: update to 3.22.3Rosen Penev2022-03-131-2/+2
| | | | | | Seems to be mostly pthread fixes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mtools: update to 4.0.38Rosen Penev2022-03-131-2/+2
| | | | | | No real changelog available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: enable DTDRosen Penev2022-03-131-1/+1
| | | | | | Fixes gdb usage, which depends on it. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: update to 2.4.7Rosen Penev2022-03-131-2/+2
| | | | | | Mostly a bug fix to the bug fix to CVE-2022-25236 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools: zip: make encrypted archives reproducibleSungbo Eo2022-03-091-0/+75
| | | | | | | | | | | Zip always try to generate new encryption header depending on execution time and process id, which is far from being reproducible. This commit changes the zip srand() seed to a predictable value to generate reproducible random bytes for the encryption header. This will compromise the goal of secure archive encryption, but it would not be a big problem for our purpose. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* tools: zip: fetch SOURCE_DATE_EPOCH directlySungbo Eo2022-03-092-145/+41
| | | | | | | | | Remove "--mtime" option introduced in commit 18c9faa03211 ("tools: zip: add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH environment variable directly in the code. Ref: https://sourceforge.net/p/infozip/patches/25/ Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* tools/fakeroot: restore macos bugfix that was dropped during the last updateFelix Fietkau2022-03-051-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/libressl: update to version 3.4.2Josef Schlehofer2022-03-011-2/+2
| | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt ``` It includes the following security fix * In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* tools/mkimage: update to 2022.01Huangbin Zhan2022-03-013-17/+30
| | | | | | | | | | | | - enable dot config - enable openwrt verbose - add bison as dependency to avoid failure ``` bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory ``` Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* tools/fakeroot: update to 1.27Rosen Penev2022-03-015-134/+17
| | | | | | | | | | Remove macOS stuff. Upstream has fixed it in the same way. Add SOL_TCP define. Taken from elsewhere in the code. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/expat: update to 2.4.6Rosen Penev2022-03-012-11/+16
| | | | | | | | | | | Switched to CMake for faster compilation and greater parallel friendliness. Added CMake options from the packages feed. This release fixes various CVEs. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/findutils: update to 4.9.0Rosen Penev2022-03-012-2/+22
| | | | | | | | Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer: https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/zstd: update to 1.5.2Rosen Penev2022-03-012-11/+21
| | | | | | | Switched to building with meson as it's faster and does not need a dependency on cmake, which takes a long time to build. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/ccache: add cmake dependencyRosen Penev2022-03-011-1/+1
| | | | | | | This will be needed for the next commit as ccache's cmake dependency is satisfied by zstd currenly. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/cmake: update to 3.22.2Rosen Penev2022-03-011-2/+2
| | | | | | Mostly random Python 3.10 fixes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mtools: update to 4.0.37Rosen Penev2022-03-011-2/+2
| | | | | | No changelog is available. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/mklibs: update to 0.1.45Rosen Penev2022-03-0110-287/+37
| | | | | | | | | | | | | Refresh 2to3 patch. Upstream partially did this against some older python version. This is still needed. Refreshed other patches to be python3 safe. Remove uClibc patches as only musl is present now. Refresh others. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firmware-utils: bump to git HEADStijn Tintel2022-02-281-3/+3
| | | | | | 002cfaf firmware-utils: fix compilation with macOS Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firmware-utils: bump to git HEADStijn Tintel2022-02-271-3/+3
| | | | | | | | | | | 706e9cc tplink-safeloader: support for Archer A6 v3 JP 497726b firmware-utils: support checksum for AVM fritzbox wasp SOCs 2ca6462 iptime-crc32: add support for AX8004M 57d0e31 tplink-safeloader: TP-Link EAP615-Wall v1 support 8a8da19 tplink-safeloader: add TL-WPA8631P v3 support eea4ee7 tplink-safeloader: add TP-Link Archer A9 v6 support Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* tools/meson: update to 0.61.2Rosen Penev2022-02-261-2/+2
| | | | | | Seems to be minor bugfixes with Cygwin and Windows. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/quilt: update to 0.67Rosen Penev2022-02-253-5/+5
| | | | | | | | | | | | | | | | | | | | | | | - Call pager with original LANG environment variable - Consistently complain early if no series file is found - Fix handling of symbolic links by several commands - Tighten the patch format parsing - Reuse the shell (performance) - Document the series file format further - Document that quilt loads /etc/quilt.quiltrc - configure: Make stat configurable - series: Minor optimizations - setup: Don't obey the settings of any englobing .pc - setup: Default to fast mode - quilt.el: Fix documentation of quilt-pc-directory - quilt.el: Load /etc/quilt.quiltrc if ~/.quiltrc doesn't exist - quilt.el: Fix quilt-editable when QUILT_PATCHES_PREFIX is set Refresh patches. Signed-off-by: Rosen Penev <rosenp@gmail.com> [add changelog] Signed-off-by: Paul Spooren <mail@aparcar.org>
* tools: use https for bc mirrorsPaul Spooren2022-02-241-5/+5
| | | | | | All mirrors offer encrypted downloads, use it. Signed-off-by: Paul Spooren <mail@aparcar.org>
* tools/cmake: add MAKE config variableRosen Penev2022-02-111-1/+2
| | | | | | | | | Makes sure that Ninja from staging_dir is used and nowhere else. Reported by reproducible builds project. Builds have been failing ever since tools/cmake started using Ninja. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Revert "tools/zstd: update to 1.5.2"Jo-Philipp Wich2022-02-072-21/+11
| | | | | | | | This reverts commit 8de901ccf7e2b227bd970e9c477f00c15ce6aae9. Apparently this update breaks tools building. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tools/zstd: update to 1.5.2Rosen Penev2022-02-072-11/+21
| | | | | | | Switched to building with meson as it's faster and does not need a dependency on cmake, which takes a long time to build. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/meson: update to 0.61.1Rosen Penev2022-02-031-2/+2
| | | | | | | | | | | | | | | | | | Changelog: backend_startup_project Add a man page backend to refman extract_objects() supports generated sources Python 3.6 support will be dropped in the next release Warning if check kwarg of run_command is missing meson rewrite can modify extra_files meson rewrite target <target> info outputs target's extra_files Visual Studio 2022 backend Support for CMake <3.14 is now deprecated for CMake subprojects Added support for sccache install_symlink function Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firmware-utils: bump to git HEADSungbo Eo2022-01-291-3/+3
| | | | | | | 0c15cad iptime-naspkg: add image header tool for ipTIME NAS series 872c87c iptime-crc32: add image header tool for new ipTIME models Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* firmware-utils: update to git HEAD of 2022-01-28Daniel Golle2022-01-281-3/+3
| | | | | | | 6c95945 ptgen: add Chromium OS kernel partition support 8e7274e cros-vbutil: add Chrome OS vboot kernel-signing utility Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* tools: build bash on macOS and use it for ipkg-buildFelix Fietkau2022-01-272-0/+24
| | | | | | | | | On macOS, system binaries silently drop the environment variables for injecting extra shared libraries (used by fakeroot). This is done for security reasons. Work around this by building bash from source, so that it gets an ad-hoc signature and does not have these restrictions Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/coreutils: build chownFelix Fietkau2022-01-271-1/+1
| | | | | | | On ARM macOS, injecting extra shared libraries does not work for system binaries. This causes fakeroot to fail for chown calls Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/fakeroot: fix unresolved symbols on arm64 macOSFelix Fietkau2022-01-271-10/+43
| | | | | | | The $INODE64 symbol variants are not present, since the base system always uses 64-bit file offsets Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firmware-utils: update to latest masterHauke Mehrtens2022-01-161-3/+3
| | | | | | d885b49 tplink-safeloader: support Archer C6v3.0 (BR) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firmware-utils: update to latest masterMatthias Schiffer2022-01-141-3/+3
| | | | | | 84dbf8ee49f5 tplink-safeloader: fix Archer A7v5 factory flashing from vendor fw > v1.1.x Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* tools/cmake: update to version 3.22.1Josef Schlehofer2021-12-311-2/+2
| | | | Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* tools/mkimage: update to 2021.10Huangbin Zhan2021-12-276-399/+12
| | | | | | | | | | | | | | Changelog: - upstream now needs OpenSSL in order to be able to sign FITs. See: commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") - removes upstream patches. Link: https://github.com/u-boot/u-boot/commit/cb9faa6f98ae56d70d59505dad290dd3d381cb7b Tested-by: Sergey V. Lobanov <sergey@lobanov.in> Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* tools/mkimage: fix build on MacOS arm64Sergey V. Lobanov2021-12-061-0/+47
| | | | | | | | | | | | Fixed -no-pie compilation warning on MacOS Fixed errors related to using absolute addressing on MacOS arm64 Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar Link to original patch and discussion: https://github.com/u-boot/u-boot/commit/3b142045e8a7f0ab17b6099e9226296af45967d0 Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* tools/meson: update to 0.60.1Rosen Penev2021-12-051-3/+3
| | | | | | | | | | | | change meson binary to use py extension. Fixes issue with meson's symbolextractor using the host python instead of the system one. We intentionally use a .py extension here so that meson launches additional python scripts with the same build host python interpreter as itself is running under (and not the host package one once it becomes available) Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/fakeroot: fix build on MacOS arm64Sergey V. Lobanov2021-12-021-0/+86
| | | | | | | | | Added patch for MacOS without 32 bit inodes support (__DARWIN_ONLY_64_BIT_INO_T is true) This patch based on discussion https://github.com/archmac/bootstrap/issues/4 Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* firmware-utils: bump to the latest masterRafał Miłecki2021-12-021-3/+3
| | | | | | | | | | | | | | | 56e8e19 otrx: support TRX from stdin when extracting a37ccaf otrx: support unsorted partitions offsets 1fa145e otrx: extract shared code opening & parsing TRX format 0fbc135 oseama: support extracting entity to stdout 58c9d5d oseama: allow reading from stdin 4ecefda otrx: allow validating TRX from stdin cf01e69 otrx: avoid unneeded fseek() when calculating CRC32 fa35379 tplink-safeloader: add EAP225 v1 support f4d1263 build, cmake: switch OPENSSL_CRYPTO_LIBRARY -> OPENSSL_CRYPTO_LIBRARIES cd3f6ee build, cmake: add quotes for FW_UTIL variable arguments Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* tools/ccache: update to 4.5.1Rosen Penev2021-11-261-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/cmake: update to 3.22.0Rosen Penev2021-11-263-4/+4
| | | | | | Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/llvm-bpf: move tarball packing to target/llvm-bpfFelix Fietkau2021-11-222-14/+3
| | | | | | | This ensures that the tarball is regenerated after make clean or after switching to a different target Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/llvm-bpf: include host os/arch in tarball nameFelix Fietkau2021-11-211-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/llvm-bpf: make sure llvm-bpf.tar.gz is createdHuangbin Zhan2021-11-211-5/+6
| | | | | | | The llvm-bpf-$version.tar.xz might be absent. For example `make clean` executed, CONFIG_TARGET changed. This commit can only guarantee that the target file can be built when tools/compile is explicitly called rather than $(tools/stamp-compile). Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* tools: include the value of CONFIG_SDK_LLVM_BPF in the stampfileFelix Fietkau2021-11-211-1/+2
| | | | | | tools/llvm-bpf needs to be checked if the value changes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/cpio: fix compilation with clangRosen Penev2021-11-202-2/+11
| | | | | | | | | A define dealing with builtin type is wrong. A gnulib update fixes this, but that requires a new cpio version. Refresh other patch. Signed-off-by: Rosen Penev <rosenp@gmail.com>