From e5817f44a293bc616c205afad8e4d0730213c683 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Wed, 22 May 2019 07:39:26 -0400 Subject: [PATCH] Merge #16049: depends: switch to secure download of all dependencies d8bc47fde4 depends: switch to secure download of all dependencies (Ulrich Kempken) Pull request description: Even if we potentially check the integrity of the downloaded file via hash comparison, we should make use of SSL since it is available. ACKs for commit d8bc47: jonasschnelli: utACK d8bc47fde46ca0711fa54a0d70ff5d066c708e50 practicalswift: utACK d8bc47fde46ca0711fa54a0d70ff5d066c708e50 dongcarl: tACK d8bc47fde46ca0711fa54a0d70ff5d066c708e50 Tree-SHA512: e47702f6d243ed7f498ca84c193244382f16f08df6a297caa224b4468f501f3da6fe542fcf3a0dd9c24ab1b0b38bbc51478068e6006a92854ded23abf90de3c8 --- depends/packages.md | 5 +++-- depends/packages/bdb.mk | 2 +- depends/packages/fontconfig.mk | 2 +- depends/packages/freetype.mk | 2 +- depends/packages/libXau.mk | 2 +- depends/packages/libxcb.mk | 2 +- depends/packages/miniupnpc.mk | 2 +- depends/packages/xcb_proto.mk | 2 +- depends/packages/xproto.mk | 2 +- depends/packages/zlib.mk | 2 +- 10 files changed, 12 insertions(+), 11 deletions(-) diff --git a/depends/packages.md b/depends/packages.md index 7c80362509..7d2bd4670d 100644 --- a/depends/packages.md +++ b/depends/packages.md @@ -14,8 +14,9 @@ Each package is required to define at least these variables: placeholder such as 1.0 can be used. $(package)_download_path: - Location of the upstream source, without the file-name. Usually http or - ftp. + Location of the upstream source, without the file-name. Usually http, https + or ftp. Secure transmission options like https should be preferred if + available. $(package)_file_name: The upstream source filename available at the download path. diff --git a/depends/packages/bdb.mk b/depends/packages/bdb.mk index 263afbafc1..f11182875e 100644 --- a/depends/packages/bdb.mk +++ b/depends/packages/bdb.mk @@ -1,6 +1,6 @@ package=bdb $(package)_version=4.8.30 -$(package)_download_path=http://download.oracle.com/berkeley-db +$(package)_download_path=https://download.oracle.com/berkeley-db $(package)_file_name=db-$($(package)_version).NC.tar.gz $(package)_sha256_hash=12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef $(package)_build_subdir=build_unix diff --git a/depends/packages/fontconfig.mk b/depends/packages/fontconfig.mk index 60928643dc..5fea0c8fe2 100644 --- a/depends/packages/fontconfig.mk +++ b/depends/packages/fontconfig.mk @@ -1,6 +1,6 @@ package=fontconfig $(package)_version=2.12.1 -$(package)_download_path=http://www.freedesktop.org/software/fontconfig/release/ +$(package)_download_path=https://www.freedesktop.org/software/fontconfig/release/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=b449a3e10c47e1d1c7a6ec6e2016cca73d3bd68fbbd4f0ae5cc6b573f7d6c7f3 $(package)_dependencies=freetype expat diff --git a/depends/packages/freetype.mk b/depends/packages/freetype.mk index 41e02e2030..a98e82ed16 100644 --- a/depends/packages/freetype.mk +++ b/depends/packages/freetype.mk @@ -1,6 +1,6 @@ package=freetype $(package)_version=2.7.1 -$(package)_download_path=http://download.savannah.gnu.org/releases/$(package) +$(package)_download_path=https://download.savannah.gnu.org/releases/$(package) $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=3a3bb2c4e15ffb433f2032f50a5b5a92558206822e22bfe8cbe339af4aa82f88 diff --git a/depends/packages/libXau.mk b/depends/packages/libXau.mk index 12a219722c..a31c4a7481 100644 --- a/depends/packages/libXau.mk +++ b/depends/packages/libXau.mk @@ -1,6 +1,6 @@ package=libXau $(package)_version=1.0.8 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/lib/ +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/lib/ $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=fdd477320aeb5cdd67272838722d6b7d544887dfe7de46e1e7cc0c27c2bea4f2 $(package)_dependencies=xproto diff --git a/depends/packages/libxcb.mk b/depends/packages/libxcb.mk index 2931be6774..bc3a9a0913 100644 --- a/depends/packages/libxcb.mk +++ b/depends/packages/libxcb.mk @@ -1,6 +1,6 @@ package=libxcb $(package)_version=1.10 -$(package)_download_path=http://xcb.freedesktop.org/dist +$(package)_download_path=https://xcb.freedesktop.org/dist $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=98d9ab05b636dd088603b64229dd1ab2d2cc02ab807892e107d674f9c3f2d5b5 $(package)_dependencies=xcb_proto libXau diff --git a/depends/packages/miniupnpc.mk b/depends/packages/miniupnpc.mk index e7d6829873..49a584e462 100644 --- a/depends/packages/miniupnpc.mk +++ b/depends/packages/miniupnpc.mk @@ -1,6 +1,6 @@ package=miniupnpc $(package)_version=2.0.20180203 -$(package)_download_path=https://miniupnp.tuxfamily.org/files +$(package)_download_path=https://miniupnp.tuxfamily.org/files/ $(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_sha256_hash=90dda8c7563ca6cd4a83e23b3c66dbbea89603a1675bfdb852897c2c9cc220b7 $(package)_patches=dont_use_wingen.patch diff --git a/depends/packages/xcb_proto.mk b/depends/packages/xcb_proto.mk index 0c7c958d62..44110394bd 100644 --- a/depends/packages/xcb_proto.mk +++ b/depends/packages/xcb_proto.mk @@ -1,6 +1,6 @@ package=xcb_proto $(package)_version=1.10 -$(package)_download_path=http://xcb.freedesktop.org/dist +$(package)_download_path=https://xcb.freedesktop.org/dist $(package)_file_name=xcb-proto-$($(package)_version).tar.bz2 $(package)_sha256_hash=7ef40ddd855b750bc597d2a435da21e55e502a0fefa85b274f2c922800baaf05 diff --git a/depends/packages/xproto.mk b/depends/packages/xproto.mk index 2739583541..2462f3c647 100644 --- a/depends/packages/xproto.mk +++ b/depends/packages/xproto.mk @@ -1,6 +1,6 @@ package=xproto $(package)_version=7.0.26 -$(package)_download_path=http://xorg.freedesktop.org/releases/individual/proto +$(package)_download_path=https://xorg.freedesktop.org/releases/individual/proto $(package)_file_name=$(package)-$($(package)_version).tar.bz2 $(package)_sha256_hash=636162c1759805a5a0114a369dffdeccb8af8c859ef6e1445f26a4e6e046514f diff --git a/depends/packages/zlib.mk b/depends/packages/zlib.mk index c93c3849b9..168f85e65e 100644 --- a/depends/packages/zlib.mk +++ b/depends/packages/zlib.mk @@ -1,6 +1,6 @@ package=zlib $(package)_version=1.2.11 -$(package)_download_path=http://www.zlib.net +$(package)_download_path=https://www.zlib.net $(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_sha256_hash=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1