treewide: use HTTPS for PKG_SOURCE_URL where possible

Switch http:// (and redundant ftp://) PKG_SOURCE_URL entries to https:// across tools/ and package/. PKG_HASH alone does not protect against an attacker tampering with insecure downloads when a maintainer regenerates the hash via `make ... FIXUP=1`: HTTPS authenticates the upstream so the captured hash reflects real upstream content. In-place http -> https (HTTPS reachability verified per host): - tools/elftosb, tools/lzop, tools/liblzo, tools/mpfr, tools/dosfstools, tools/libressl, tools/xz - package/libs/mpfr, package/libs/libmnl, package/libs/libnfnetlink Replaced with @OPENWRT (HTTPS-only mirror) where the upstream HTTPS host is dead or has a broken certificate: - package/libs/popt (ftp.rpm.org cert mismatch) - package/firmware/ixp4xx-microcode (was http://downloads.openwrt.org) - package/boot/imx-bootlets (trabant.uid0.hu cert mismatch) - package/boot/kobs-ng (freescale.com URL is dead, redirects to nxp.com root) Dropped redundant ftp://ftp.denx.de fallback (https://ftp.denx.de is already listed): - package/boot/uboot-tools, tools/mkimage Signed-off-by: Paul Spooren <mail@aparcar.org>
2026-06-17 14:50:15 +04:00 · 2026-04-18 21:26:39 +08:00
parent e591ba4bad
commit 7a991c8d88
16 changed files with 18 additions and 20 deletions
@@ -13,7 +13,7 @@ PKG_VERSION:=4.2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/dosfstools/dosfstools/releases/download/v$(PKG_VERSION)/ \
-		http://fossies.org/linux/misc
+		https://fossies.org/linux/misc
 PKG_HASH:=64926eebf90092dca21b14259a5301b7b98e7b1943e8a201c7d726084809b527

 HOST_FIXUP:=autoreconf
@@ -10,7 +10,7 @@ PKG_NAME:=elftosb
 PKG_VERSION:=10.12.01

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://repository.timesys.com/buildsources/e/elftosb/elftosb-10.12.01/
+PKG_SOURCE_URL:=https://repository.timesys.com/buildsources/e/elftosb/elftosb-10.12.01/
 PKG_HASH:=77bb6981620f7575b87d136d94c7daa88dd09195959cc75fc18b138369ecd42b

 include $(INCLUDE_DIR)/host-build.mk
@@ -12,7 +12,7 @@ PKG_VERSION:=2.10
 PKG_RELEASE:=4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.oberhumer.com/opensource/lzo/download/
+PKG_SOURCE_URL:=https://www.oberhumer.com/opensource/lzo/download/
 PKG_HASH:=c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072

 PKG_LICENSE:=GPL-2.0-or-later
@@ -15,7 +15,7 @@ PKG_CPE_ID:=cpe:/a:openbsd:libressl

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://mirror.ox.ac.uk/pub/OpenBSD/LibreSSL \
-	http://ftp.jaist.ac.jp/pub/OpenBSD/LibreSSL \
+	https://ftp.jaist.ac.jp/pub/OpenBSD/LibreSSL \
 	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL

 HOST_BUILD_PARALLEL:=1
@@ -11,7 +11,7 @@ PKG_NAME:=lzop
 PKG_VERSION:=1.04

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.lzop.org/download/
+PKG_SOURCE_URL:=https://www.lzop.org/download/
 PKG_HASH:=7e72b62a8a60aff5200a047eea0773a8fb205caf7acbe1774d95147f305a2f41

 PKG_LICENSE:=GPL-2.0-or-later
@@ -12,8 +12,7 @@ PKG_VERSION:=2026.04
 PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
 	https://mirror.cyberbits.eu/u-boot \
-	https://ftp.denx.de/pub/u-boot \
-	ftp://ftp.denx.de/pub/u-boot
+	https://ftp.denx.de/pub/u-boot
 PKG_HASH:=ac7c04b8b7004923b00a4e5d6699c5df4d21233bac9fda690d8cfbc209fff2fd

 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION)
@@ -10,7 +10,7 @@ PKG_NAME:=mpfr
 PKG_VERSION:=4.2.2
 PKG_CPE_ID:=cpe:/a:mpfr:gnu_mpfr

-PKG_SOURCE_URL:=@GNU/mpfr http://www.mpfr.org/mpfr-$(PKG_VERSION)
+PKG_SOURCE_URL:=@GNU/mpfr https://www.mpfr.org/mpfr-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_HASH:=826cbb24610bd193f36fde172233fb8c009f3f5c2ad99f644d0dea2e16a20e42

@@ -12,7 +12,7 @@ PKG_VERSION:=5.8.3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://github.com/tukaani-project/xz/releases/download/v$(PKG_VERSION) \
 		@SF/lzmautils \
-		http://tukaani.org/xz
+		https://tukaani.org/xz
 PKG_HASH:=33bf69c0d6c698e83a68f77e6c1f465778e418ca0b3d59860d3ab446f4ac99a6
 PKG_CPE_ID:=cpe:/a:tukaani:xz