From d8bc47fde46ca0711fa54a0d70ff5d066c708e50 Mon Sep 17 00:00:00 2001 From: Ulrich Kempken Date: Sun, 19 May 2019 19:58:29 +0000 Subject: [PATCH] depends: switch to secure download of all dependencies Some dependency sources were downloaded via http, even though https (SSL/TLS) options are available. Even if we potentially check the integrity of the downloaded files via hash comparison, we should make use of this additional security layer. bdb.mk fontconfig.mk freetype.mk libX11.mk libXau.mk libXext.mk libxcb.mk native_cctools.mk native_cdrkit.mk xcb_proto.mk xextproto.mk xproto.mk xtrans.mk zlib.mk miniupnp was switched to official project mirror with SSL support --- depends/packages.md | 5 +++-- depends/packages/bdb.mk | 2 +- depends/packages/fontconfig.mk | 2 +- depends/packages/freetype.mk | 2 +- depends/packages/libX11.mk | 2 +- depends/packages/libXau.mk | 2 +- depends/packages/libXext.mk | 2 +- depends/packages/libxcb.mk | 2 +- depends/packages/miniupnpc.mk | 2 +- depends/packages/native_cctools.mk | 2 +- depends/packages/native_cdrkit.mk | 2 +- depends/packages/xcb_proto.mk | 2 +- depends/packages/xextproto.mk | 2 +- depends/packages/xproto.mk | 2 +- depends/packages/xtrans.mk | 2 +- depends/packages/zlib.mk | 2 +- 16 files changed, 18 insertions(+), 17 deletions(-) diff --git a/depends/packages.md b/depends/packages.md index 7c8036250..7d2bd4670 100644 --- a/depends/packages.md +++ b/depends/packages.md @@ -14,8 +14,9 @@ Each package is required to define at least these variables: placeholder such as 1.0 can be used. $(package)_download_path: - Location of the upstream source, without the file-name. Usually http or - ftp. + Location of the upstream source, without the file-name. Usually http, https + or ftp. Secure transmission options like https should be preferred if + available. $(package)_file_name: The upstream source filename available at the download path. diff --git a/depends/packages/bdb.mk b/depends/packages/bdb.mk index 3cd2e2885..6cdb79592 100644 --- a/depends/packages/bdb.mk +++ b/depends/packages/bdb.mk @@ -1,6 +1,6 @@ package=bdb $(package)_version=4.8.30 -$(package)_download_path=http://download.oracle.com/berkeley-db +$(package)_download_path=https://download.oracle.com/berkeley-db $(package)_file_name=db-$($(package)_version).NC.tar.gz $(package)_sha256_hash=12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef $(package)_build_subdir=build_unix diff --git a/depends/packages/fontconfig.mk b/depends/packages/fontconfig.mk index 12695db4b..d0996b453 100644 --- a/depends/packages/fontconfig.mk +++ b/depends/packages/fontconfig.mk @@ -1,6 +1,6 @@ package=fontconfig $(package)_version=2.12.1 -$(package)_download_path=http://www.freedesktop.org/software/fontconfig/release/ +$(package)_download_path=https://www.freedesktop.org/software/fontconfig/release/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=b449a3e10c47e1d1c7a6ec6e2016cca73d3bd68fbbd4f0ae5cc6b573f7d6c7f3 $(package)_dependencies=freetype expat diff --git a/depends/packages/freetype.mk b/depends/packages/freetype.mk index 41e02e203..a98e82ed1 100644 --- a/depends/packages/freetype.mk +++ b/depends/packages/freetype.mk @@ -1,6 +1,6 @@ package=freetype $(package)_version=2.7.1 -$(package)_download_path=http://download.savannah.gnu.org/releases/$(package) +$(package)_download_path=https://download.savannah.gnu.org/releases/$(package) $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=3a3bb2c4e15ffb433f2032f50a5b5a92558206822e22bfe8cbe339af4aa82f88 diff --git a/depends/packages/libX11.mk b/depends/packages/libX11.mk index 298616bea..a013da519 100644 --- a/depends/packages/libX11.mk +++ b/depends/packages/libX11.mk @@ -1,6 +1,6 @@ package=libX11 $(package)_version=1.6.2 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/lib/ +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/lib/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=2aa027e837231d2eeea90f3a4afe19948a6eb4c8b2bec0241eba7dbc8106bd16 $(package)_dependencies=libxcb xtrans xextproto xproto diff --git a/depends/packages/libXau.mk b/depends/packages/libXau.mk index 304494e3c..ce4214068 100644 --- a/depends/packages/libXau.mk +++ b/depends/packages/libXau.mk @@ -1,6 +1,6 @@ package=libXau $(package)_version=1.0.8 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/lib/ +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/lib/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=fdd477320aeb5cdd67272838722d6b7d544887dfe7de46e1e7cc0c27c2bea4f2 $(package)_dependencies=xproto diff --git a/depends/packages/libXext.mk b/depends/packages/libXext.mk index c0565dd67..458b96778 100644 --- a/depends/packages/libXext.mk +++ b/depends/packages/libXext.mk @@ -1,6 +1,6 @@ package=libXext $(package)_version=1.3.2 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/lib/ +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/lib/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=f829075bc646cdc085fa25d98d5885d83b1759ceb355933127c257e8e50432e0 $(package)_dependencies=xproto xextproto libX11 libXau diff --git a/depends/packages/libxcb.mk b/depends/packages/libxcb.mk index 3f346d972..3ddd5a7dd 100644 --- a/depends/packages/libxcb.mk +++ b/depends/packages/libxcb.mk @@ -1,6 +1,6 @@ package=libxcb $(package)_version=1.10 -$(package)_download_path=http://xcb.freedesktop.org/dist +$(package)_download_path=https://xcb.freedesktop.org/dist $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=98d9ab05b636dd088603b64229dd1ab2d2cc02ab807892e107d674f9c3f2d5b5 $(package)_dependencies=xcb_proto libXau xproto diff --git a/depends/packages/miniupnpc.mk b/depends/packages/miniupnpc.mk index 5ad2b580d..fdbe22cda 100644 --- a/depends/packages/miniupnpc.mk +++ b/depends/packages/miniupnpc.mk @@ -1,6 +1,6 @@ package=miniupnpc $(package)_version=2.0.20180203 -$(package)_download_path=http://miniupnp.free.fr/files +$(package)_download_path=https://miniupnp.tuxfamily.org/files/ $(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_sha256_hash=90dda8c7563ca6cd4a83e23b3c66dbbea89603a1675bfdb852897c2c9cc220b7 diff --git a/depends/packages/native_cctools.mk b/depends/packages/native_cctools.mk index ccd72a99b..a065256c1 100644 --- a/depends/packages/native_cctools.mk +++ b/depends/packages/native_cctools.mk @@ -5,7 +5,7 @@ $(package)_file_name=$($(package)_version).tar.gz $(package)_sha256_hash=a09c9ba4684670a0375e42d9d67e7f12c1f62581a27f28f7c825d6d7032ccc6a $(package)_build_subdir=cctools $(package)_clang_version=3.7.1 -$(package)_clang_download_path=http://llvm.org/releases/$($(package)_clang_version) +$(package)_clang_download_path=https://llvm.org/releases/$($(package)_clang_version) $(package)_clang_download_file=clang+llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz $(package)_clang_file_name=clang-llvm-$($(package)_clang_version)-x86_64-linux-gnu-ubuntu-14.04.tar.xz $(package)_clang_sha256_hash=99b28a6b48e793705228a390471991386daa33a9717cd9ca007fcdde69608fd9 diff --git a/depends/packages/native_cdrkit.mk b/depends/packages/native_cdrkit.mk index cf694edb3..8243458ec 100644 --- a/depends/packages/native_cdrkit.mk +++ b/depends/packages/native_cdrkit.mk @@ -1,6 +1,6 @@ package=native_cdrkit $(package)_version=1.1.11 -$(package)_download_path=http://distro.ibiblio.org/fatdog/source/600/c +$(package)_download_path=https://distro.ibiblio.org/fatdog/source/600/c $(package)_file_name=cdrkit-$($(package)_version).tar.bz2 $(package)_sha256_hash=b50d64c214a65b1a79afe3a964c691931a4233e2ba605d793eb85d0ac3652564 $(package)_patches=cdrkit-deterministic.patch diff --git a/depends/packages/xcb_proto.mk b/depends/packages/xcb_proto.mk index 0c7c958d6..44110394b 100644 --- a/depends/packages/xcb_proto.mk +++ b/depends/packages/xcb_proto.mk @@ -1,6 +1,6 @@ package=xcb_proto $(package)_version=1.10 -$(package)_download_path=http://xcb.freedesktop.org/dist +$(package)_download_path=https://xcb.freedesktop.org/dist $(package)_file_name=xcb-proto-$($(package)_version).tar.bz2 $(package)_sha256_hash=7ef40ddd855b750bc597d2a435da21e55e502a0fefa85b274f2c922800baaf05 diff --git a/depends/packages/xextproto.mk b/depends/packages/xextproto.mk index 7065237bd..157b76edf 100644 --- a/depends/packages/xextproto.mk +++ b/depends/packages/xextproto.mk @@ -1,6 +1,6 @@ package=xextproto $(package)_version=7.3.0 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/proto +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/proto $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=f3f4b23ac8db9c3a9e0d8edb591713f3d70ef9c3b175970dd8823dfc92aa5bb0 diff --git a/depends/packages/xproto.mk b/depends/packages/xproto.mk index 5328ec848..23ad5ffa1 100644 --- a/depends/packages/xproto.mk +++ b/depends/packages/xproto.mk @@ -1,6 +1,6 @@ package=xproto $(package)_version=7.0.26 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/proto +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/proto $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=636162c1759805a5a0114a369dffdeccb8af8c859ef6e1445f26a4e6e046514f diff --git a/depends/packages/xtrans.mk b/depends/packages/xtrans.mk index c313b1f60..67d2d976c 100644 --- a/depends/packages/xtrans.mk +++ b/depends/packages/xtrans.mk @@ -1,6 +1,6 @@ package=xtrans $(package)_version=1.3.4 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/lib/ +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/lib/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=054d4ee3efd52508c753e9f7bc655ef185a29bd2850dd9e2fc2ccc33544f583a $(package)_dependencies= diff --git a/depends/packages/zlib.mk b/depends/packages/zlib.mk index 589490800..1600b11a0 100644 --- a/depends/packages/zlib.mk +++ b/depends/packages/zlib.mk @@ -1,6 +1,6 @@ package=zlib $(package)_version=1.2.11 -$(package)_download_path=http://www.zlib.net +$(package)_download_path=https://www.zlib.net $(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_sha256_hash=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1