treewide: use HTTPS for PKG_SOURCE_URL where possible

Switch http:// (and redundant ftp://) PKG_SOURCE_URL entries to https://
across tools/ and package/. PKG_HASH alone does not protect against an
attacker tampering with insecure downloads when a maintainer regenerates
the hash via `make ... FIXUP=1`: HTTPS authenticates the upstream so the
captured hash reflects real upstream content.

In-place http -> https (HTTPS reachability verified per host):
- tools/elftosb, tools/lzop, tools/liblzo, tools/mpfr, tools/dosfstools,
  tools/libressl, tools/xz
- package/libs/mpfr, package/libs/libmnl, package/libs/libnfnetlink

Replaced with @OPENWRT (HTTPS-only mirror) where the upstream HTTPS host
is dead or has a broken certificate:
- package/libs/popt (ftp.rpm.org cert mismatch)
- package/firmware/ixp4xx-microcode (was http://downloads.openwrt.org)
- package/boot/imx-bootlets (trabant.uid0.hu cert mismatch)
- package/boot/kobs-ng (freescale.com URL is dead, redirects to nxp.com root)

Dropped redundant ftp://ftp.denx.de fallback (https://ftp.denx.de is
already listed):
- package/boot/uboot-tools, tools/mkimage

Signed-off-by: Paul Spooren <mail@aparcar.org>

diff --git a/package/boot/imx-bootlets/Makefile b/package/boot/imx-bootlets/Makefile
index 0ecb0f2dfde605c6236869840ef27d18046bf20c..6e5a4eb1895fc7f97ac34351ed30c7ea6023837a 100644 (file)
--- a/package/boot/imx-bootlets/Makefile
+++ b/package/boot/imx-bootlets/Makefile
@@ -10,7 +10,7 @@ PKG_NAME:=imx-bootlets
 PKG_VERSION:=10.12.01
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://trabant.uid0.hu/openwrt/
+PKG_SOURCE_URL:=@OPENWRT
 PKG_HASH:=f7c98cbc41e15184cad61c56115e840e34ac3ebb4a162fadeea905e5038fd65b
 
 PKG_FLAGS:=nonshared

diff --git a/package/boot/kobs-ng/Makefile b/package/boot/kobs-ng/Makefile
index 261cd92eab1c15ebdaf4f94f86f6fb20fd4a9d1f..9d86c30b6c534b46a747d9e59b2b12e7d67e1d37 100644 (file)
--- a/package/boot/kobs-ng/Makefile
+++ b/package/boot/kobs-ng/Makefile
@@ -12,7 +12,7 @@ PKG_VERSION:=5.4
 PKG_RELEASE:=1
 
 PKG_SOURCE:=imx-kobs-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.freescale.com/lgfiles/NMG/MAD/YOCTO/
+PKG_SOURCE_URL:=@OPENWRT
 PKG_HASH:=85171b46068ac47c42fedb8104167bf9afd33dd9527ed127e1ca2eb29d7a86bf
 PKG_BUILD_DIR:=$(BUILD_DIR)/imx-kobs-$(PKG_VERSION)
 

diff --git a/package/boot/uboot-tools/Makefile b/package/boot/uboot-tools/Makefile
index 85657b351c8fc6deb15711c61af09d673cc54c07..9a1bc79f4825dc34b3f5db781b6d1eddfa5feb43 100644 (file)
--- a/package/boot/uboot-tools/Makefile
+++ b/package/boot/uboot-tools/Makefile
@@ -7,8 +7,7 @@ PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
        https://ftp.denx.de/pub/u-boot \
-       https://mirror.cyberbits.eu/u-boot \
-       ftp://ftp.denx.de/pub/u-boot
+       https://mirror.cyberbits.eu/u-boot
 PKG_URL:=https://docs.u-boot.org/en/latest/
 PKG_HASH:=ac7c04b8b7004923b00a4e5d6699c5df4d21233bac9fda690d8cfbc209fff2fd
 PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION)

diff --git a/package/firmware/ixp4xx-microcode/Makefile b/package/firmware/ixp4xx-microcode/Makefile
index 5ee04a757a2c4a333edd3a03836c87dc4dd82eda..c01de131e409eb50f44b1c2510595bf7183f04c1 100644 (file)
--- a/package/firmware/ixp4xx-microcode/Makefile
+++ b/package/firmware/ixp4xx-microcode/Makefile
@@ -9,7 +9,7 @@ PKG_VERSION:=2.4
 PKG_RELEASE:=1
 
 PKG_SOURCE:=IPL_ixp400NpeLibraryWithCrypto-2_4.zip
-PKG_SOURCE_URL:=http://downloads.openwrt.org/sources
+PKG_SOURCE_URL:=@OPENWRT
 PKG_HASH:=1b1170d0657847248589d946048c0aeaa9cd671966fc5bec5933283309485eaa
 
 PKG_FLAGS:=nonshared

diff --git a/package/libs/libmnl/Makefile b/package/libs/libmnl/Makefile
index 06f79d5384c5898fef3326bb479d64b602b73ee0..f0d106c8ba24f4005287b106a45cce6363c6b6cd 100644 (file)
--- a/package/libs/libmnl/Makefile
+++ b/package/libs/libmnl/Makefile
@@ -13,8 +13,8 @@ PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
-       http://www.netfilter.org/projects/libmnl/files \
-       ftp://ftp.netfilter.org/pub/libmnl
+       https://www.netfilter.org/projects/libmnl/files \
+       https://ftp.netfilter.org/pub/libmnl
 PKG_HASH:=274b9b919ef3152bfb3da3a13c950dd60d6e2bcd54230ffeca298d03b40d0525
 
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>

diff --git a/package/libs/libnfnetlink/Makefile b/package/libs/libnfnetlink/Makefile
index be1eba6517d85231630c76d05e02ad519bfb7737..1a5bf1b08256c623357571276253ba68bb7bfaa4 100644 (file)
--- a/package/libs/libnfnetlink/Makefile
+++ b/package/libs/libnfnetlink/Makefile
@@ -13,8 +13,8 @@ PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
-       http://www.netfilter.org/projects/libnfnetlink/files/ \
-       ftp://ftp.netfilter.org/pub/libnfnetlink/
+       https://www.netfilter.org/projects/libnfnetlink/files/ \
+       https://ftp.netfilter.org/pub/libnfnetlink/
 PKG_HASH:=b064c7c3d426efb4786e60a8e6859b82ee2f2c5e49ffeea640cfe4fe33cbc376
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0+

diff --git a/package/libs/mpfr/Makefile b/package/libs/mpfr/Makefile
index d3880e7c14cb22bcb186c68bcef8660dff57974f..c748677004818847808f27e4baf0f56f13aabb4a 100644 (file)
--- a/package/libs/mpfr/Makefile
+++ b/package/libs/mpfr/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=mpfr
 PKG_VERSION:=4.2.2
 PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=@GNU/mpfr http://www.mpfr.org/mpfr-$(PKG_VERSION)
+PKG_SOURCE_URL:=@GNU/mpfr https://www.mpfr.org/mpfr-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_HASH:=b67ba0383ef7e8a8563734e2e889ef5ec3c3b898a01d00fa0a6869ad81c6ce01
 

diff --git a/package/libs/popt/Makefile b/package/libs/popt/Makefile
index ba9c82349bb5d7c02189a374e8a894565b1291cb..93b496b05b3dda407adcd9c4d6b995dbed4a2302 100644 (file)
--- a/package/libs/popt/Makefile
+++ b/package/libs/popt/Makefile
@@ -12,7 +12,7 @@ PKG_VERSION:=1.19
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://ftp.rpm.org/popt/releases/popt-1.x/
+PKG_SOURCE_URL:=@OPENWRT
 PKG_HASH:=c25a4838fc8e4c1c8aacb8bd620edb3084a3d63bf8987fdad3ca2758c63240f9
 PKG_LICENSE:=MIT
 PKG_CPE_ID:=cpe:/a:popt_project:popt

diff --git a/tools/dosfstools/Makefile b/tools/dosfstools/Makefile
index b332efdb96cab962832225b6b30021351a465511..82221672070f229664fb180127125467bb1344c0 100644 (file)
--- a/tools/dosfstools/Makefile
+++ b/tools/dosfstools/Makefile
@@ -13,7 +13,7 @@ PKG_VERSION:=4.2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/dosfstools/dosfstools/releases/download/v$(PKG_VERSION)/ \
-               http://fossies.org/linux/misc
+               https://fossies.org/linux/misc
 PKG_HASH:=64926eebf90092dca21b14259a5301b7b98e7b1943e8a201c7d726084809b527
 
 HOST_FIXUP:=autoreconf

diff --git a/tools/elftosb/Makefile b/tools/elftosb/Makefile
index 9079ac5803ddeaf59f0b52bab93960d8646452f3..02951d72d8b2f3170ff0ea0cc8bb46c11ac8e6db 100644 (file)
--- a/tools/elftosb/Makefile
+++ b/tools/elftosb/Makefile
@@ -10,7 +10,7 @@ PKG_NAME:=elftosb
 PKG_VERSION:=10.12.01
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://repository.timesys.com/buildsources/e/elftosb/elftosb-10.12.01/
+PKG_SOURCE_URL:=https://repository.timesys.com/buildsources/e/elftosb/elftosb-10.12.01/
 PKG_HASH:=77bb6981620f7575b87d136d94c7daa88dd09195959cc75fc18b138369ecd42b
 
 include $(INCLUDE_DIR)/host-build.mk

diff --git a/tools/liblzo/Makefile b/tools/liblzo/Makefile
index 9f60109135944e22d53cebda95d5e028d4a4e1a3..7651db6965ef1349340b015cc704af75ff7a3014 100644 (file)
--- a/tools/liblzo/Makefile
+++ b/tools/liblzo/Makefile
@@ -12,7 +12,7 @@ PKG_VERSION:=2.10
 PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.oberhumer.com/opensource/lzo/download/
+PKG_SOURCE_URL:=https://www.oberhumer.com/opensource/lzo/download/
 PKG_HASH:=c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072
 
 PKG_LICENSE:=GPL-2.0-or-later

diff --git a/tools/libressl/Makefile b/tools/libressl/Makefile
index 82e92058619bdff6489094d9f547254eab95ce30..91045778a10ca95bf40e06c29e29a42ce5d7f634 100644 (file)
--- a/tools/libressl/Makefile
+++ b/tools/libressl/Makefile
@@ -15,7 +15,7 @@ PKG_CPE_ID:=cpe:/a:openbsd:libressl
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://mirror.ox.ac.uk/pub/OpenBSD/LibreSSL \
-       http://ftp.jaist.ac.jp/pub/OpenBSD/LibreSSL \
+       https://ftp.jaist.ac.jp/pub/OpenBSD/LibreSSL \
        https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
 
 HOST_BUILD_PARALLEL:=1

diff --git a/tools/lzop/Makefile b/tools/lzop/Makefile
index 65bd7fe67c159a1b10758177daa10c483bcdf18c..e354f1472b1853d012c51522aa7d4bed15a2a2df 100644 (file)
--- a/tools/lzop/Makefile
+++ b/tools/lzop/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=lzop
 PKG_VERSION:=1.04
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.lzop.org/download/
+PKG_SOURCE_URL:=https://www.lzop.org/download/
 PKG_HASH:=7e72b62a8a60aff5200a047eea0773a8fb205caf7acbe1774d95147f305a2f41
 
 PKG_LICENSE:=GPL-2.0-or-later

diff --git a/tools/mkimage/Makefile b/tools/mkimage/Makefile
index 7a4b0c1a34b23d77483a637b1c2ebc8afd35bb19..fa39d570508f24fe5a1338528aa5d12c092873b0 100644 (file)
--- a/tools/mkimage/Makefile
+++ b/tools/mkimage/Makefile
@@ -12,8 +12,7 @@ PKG_VERSION:=2026.04
 PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
        https://mirror.cyberbits.eu/u-boot \
-       https://ftp.denx.de/pub/u-boot \
-       ftp://ftp.denx.de/pub/u-boot
+       https://ftp.denx.de/pub/u-boot
 PKG_HASH:=ac7c04b8b7004923b00a4e5d6699c5df4d21233bac9fda690d8cfbc209fff2fd
 
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION)

diff --git a/tools/mpfr/Makefile b/tools/mpfr/Makefile
index 9e9a0ae87975179bafdedb354e52e0211cad88ac..5863d632216bfbf5d3524e4799390411df3ba252 100644 (file)
--- a/tools/mpfr/Makefile
+++ b/tools/mpfr/Makefile
@@ -10,7 +10,7 @@ PKG_NAME:=mpfr
 PKG_VERSION:=4.2.2
 PKG_CPE_ID:=cpe:/a:mpfr:gnu_mpfr
 
-PKG_SOURCE_URL:=@GNU/mpfr http://www.mpfr.org/mpfr-$(PKG_VERSION)
+PKG_SOURCE_URL:=@GNU/mpfr https://www.mpfr.org/mpfr-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_HASH:=826cbb24610bd193f36fde172233fb8c009f3f5c2ad99f644d0dea2e16a20e42
 

diff --git a/tools/xz/Makefile b/tools/xz/Makefile
index 950bff4e1b083ce911bb0436b5ad5774bfc2bc2c..f556236c156bb5629ca436c126a1172fdc35fe97 100644 (file)
--- a/tools/xz/Makefile
+++ b/tools/xz/Makefile
@@ -12,7 +12,7 @@ PKG_VERSION:=5.8.3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION) \
                @SF/lzmautils \
-               http://tukaani.org/xz
+               https://tukaani.org/xz
 PKG_HASH:=33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6
 PKG_CPE_ID:=cpe:/a:tukaani:xz