diff --git a/utils/openocd/Makefile b/utils/openocd/Makefile index 7eeabb6b9..c8a6544b5 100644 --- a/utils/openocd/Makefile +++ b/utils/openocd/Makefile @@ -8,14 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openocd -PKG_SOURCE_VERSION:=0.10.0 -PKG_VERSION:=v$(PKG_SOURCE_VERSION) -PKG_RELEASE:=2 - -PKG_SOURCE_URL:=@SF/openocd -PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.bz2 -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION) -PKG_HASH:=7312e7d680752ac088b8b8f2b5ba3ff0d30e0a78139531847be4b75c101316ae +PKG_SOURCE_VERSION:=v0.10.0-1000-gdb23c13d +PKG_VERSION:=$(PKG_SOURCE_VERSION) +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=git://git.code.sf.net/p/openocd/code +PKG_MIRROR_HASH:=6f8c0ecf240427654ad5e911b44f78996da931209280f4a19c1215802ff14638 + PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING @@ -26,6 +27,8 @@ PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 PKG_FIXUP:=autoreconf +PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_openocd_with_usb + include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk @@ -34,7 +37,18 @@ define Package/openocd CATEGORY:=Utilities TITLE:=OpenOCD Utility URL:=http://openocd.sf.net/ - DEPENDS:=+libusb-1.0 +libusb-compat +libftdi1 +hidapi + DEPENDS:=+PACKAGE_openocd_with_usb:libusb-1.0 \ + +PACKAGE_openocd_with_usb:libusb-compat \ + +PACKAGE_openocd_with_usb:libftdi1 \ + +PACKAGE_openocd_with_usb:hidapi +endef + +define Package/openocd/config + if PACKAGE_openocd + config PACKAGE_openocd_with_usb + bool "Build with support for USB adapters." + default y + endif endef define Package/openocd/description @@ -55,13 +69,21 @@ the GNU GDB program (and the others who talk GDB protocol, e.g. IDA Pro). endef +define Build/Prepare + $(call Build/Prepare/Default) + -$(RM) $(PKG_BUILD_DIR)/guess-rev.sh +endef + CONFIGURE_ARGS += \ --prefix="/usr" \ --disable-werror \ MAKEINFO=true \ + $(if $(CONFIG_PACKAGE_openocd_with_usb),,PKG_CONFIG=false) \ --enable-dummy \ --enable-sysfsgpio +TARGET_CFLAGS += -DRELSTR=\\\"-$(PKG_VERSION)-$(PKG_RELEASE)-OpenWrt\\\" + define Build/Compile +$(MAKE_VARS) \ $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) diff --git a/utils/openocd/patches/100-bind-localhost-only.patch b/utils/openocd/patches/100-bind-localhost-only.patch deleted file mode 100644 index d78f7c84b..000000000 --- a/utils/openocd/patches/100-bind-localhost-only.patch +++ /dev/null @@ -1,45 +0,0 @@ -Subject: Bind to IPv4 localhost by default -Origin: other, http://openocd.zylin.com/#/c/4331/2 -Last-Update: 2018-01-18 - -From f8630b0b15e30dc6c51270006a4e075c79cf466a Mon Sep 17 00:00:00 2001 -From: Paul Fertser -Date: Sat, 13 Jan 2018 16:22:10 +0300 -Subject: [PATCH] server: bind to IPv4 localhost by default - -Since OpenOCD basically allows to perform arbitrary actions on behalf of -the running user, it makes sense to restrict the exposure by default. - -If you need network connectivity and your environment is safe enough, -use "bindto 0.0.0.0" to switch to the old behaviour. - -Change-Id: I4a4044b90d0ecb30118cea96fc92a7bcff0924e0 -Signed-off-by: Paul Fertser ---- - -diff --git a/doc/openocd.texi b/doc/openocd.texi -index 7f5b72e..5c7f465 100644 ---- a/doc/openocd.texi -+++ b/doc/openocd.texi -@@ -7017,7 +7017,7 @@ - - @deffn Command bindto [name] - Specify address by name on which to listen for incoming TCP/IP connections. --By default, OpenOCD will listen on all available interfaces. -+By default, OpenOCD will listen on the loopback interface only. - @end deffn - - @anchor{targetstatehandling} -diff --git a/src/server/server.c b/src/server/server.c -index 1e52e97..ea1e898 100644 ---- a/src/server/server.c -+++ b/src/server/server.c -@@ -259,7 +259,7 @@ - c->sin.sin_family = AF_INET; - - if (bindto_name == NULL) -- c->sin.sin_addr.s_addr = INADDR_ANY; -+ c->sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - else { - hp = gethostbyname(bindto_name); - if (hp == NULL) { diff --git a/utils/openocd/patches/101-cve-2018-5704-css-fix.patch b/utils/openocd/patches/101-cve-2018-5704-css-fix.patch deleted file mode 100644 index 9a0ffbbd1..000000000 --- a/utils/openocd/patches/101-cve-2018-5704-css-fix.patch +++ /dev/null @@ -1,47 +0,0 @@ -Subject: Prevent some forms of Cross Protocol Scripting attacks -Author: Andreas Fritiofson -Origin: other, http://openocd.zylin.com/#/c/4335/ -Bug-Debian: https://bugs.debian.org/887488 -Last-Update: 2018-01-18 - -From 3a223ca3ebc7ac24d7726a0cd58e5695bc813657 Mon Sep 17 00:00:00 2001 -From: Andreas Fritiofson -Date: Sat, 13 Jan 2018 21:00:47 +0100 -Subject: [PATCH] CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks - -OpenOCD can be targeted by a Cross Protocol Scripting attack from -a web browser running malicious code, such as the following PoC: - -var x = new XMLHttpRequest(); -x.open("POST", "http://127.0.0.1:4444", true); -x.send("exec xcalc\r\n"); - -This mitigation should provide some protection from browser-based -attacks and is based on the corresponding fix in Redis: - -https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758 - -Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581 -Signed-off-by: Andreas Fritiofson -Reported-by: Josef Gajdusek ---- - -diff --git a/src/server/startup.tcl b/src/server/startup.tcl -index 64ace40..dd1b31e 100644 ---- a/src/server/startup.tcl -+++ b/src/server/startup.tcl -@@ -8,3 +8,14 @@ - # one target - reset halt - } -+ -+proc prevent_cps {} { -+ echo "Possible SECURITY ATTACK detected." -+ echo "It looks like somebody is sending POST or Host: commands to OpenOCD." -+ echo "This is likely due to an attacker attempting to use Cross Protocol Scripting" -+ echo "to compromise your OpenOCD instance. Connection aborted." -+ exit -+} -+ -+proc POST {args} { prevent_cps } -+proc Host: {args} { prevent_cps }