[vlc-commits] [Git][videolan/vlc][master] 3 commits: extras/tools: use HTTPS for all tool bootstrapping

Rémi Denis-Courmont (@Courmisch) gitlab at videolan.org
Sun Apr 27 08:47:03 UTC 2025 


Rémi Denis-Courmont pushed to branch master at VideoLAN / VLC


Commits:
e02872fb by William Woodruff at 2025-04-27T08:13:51+00:00
extras/tools: use HTTPS for all tool bootstrapping

This patch updates all of the URL prefixes and
templates in packages.mak to use HTTPS instead of
HTTP.

Each of the domains was tested to ensure that
HTTPS was available. One domain, used for
Apache, was updated from an OVH mirror
to the official Apache downloads site, as the
OVH mirror did not support HTTPS.

Signed-off-by: William Woodruff <william at trailofbits.com>

- - - - -
f143a3b1 by William Woodruff at 2025-04-27T08:13:51+00:00
contrib/src: use HTTPS for most contribs

This patch updates the URLs for contrib retrieval from
HTTP to HTTPS, where possible. URls that could not be
moved to HTTPS are marked with an XXX comment.

One domain is additionally changed: libsamplerate is
now retrieved from the libsndfile organization
on GitHub instead of mega-nerd.com, as the latter
does not offer HTTPS. The former was confirmed
for release integrity against the latter and was
cross-checked as the living source for libsamplerate
against Homebrew and Arch Linux, both of which use
theGitHub organization.

Signed-off-by: William Woodruff <william at trailofbits.com>

- - - - -
d6383668 by William Woodruff at 2025-04-27T08:13:51+00:00
misc: use HTTPS for update and key responses

This patch updates the status URLs and
key directory URL to use HTTPS instead of HTTP.

Signed-off-by: William Woodruff <william at trailofbits.com>

- - - - -


16 changed files:

- contrib/src/asdcplib/rules.mak
- contrib/src/basu/rules.mak
- contrib/src/bpg/rules.mak
- contrib/src/daala/rules.mak
- contrib/src/ebml/rules.mak
- contrib/src/gsm/rules.mak
- contrib/src/librist/rules.mak
- contrib/src/live555/rules.mak
- contrib/src/lua/rules.mak
- contrib/src/main.mak
- contrib/src/matroska/rules.mak
- contrib/src/samplerate/rules.mak
- contrib/src/ssh2/rules.mak
- extras/tools/packages.mak
- src/misc/update.c
- src/misc/update_crypto.c


Changes:

=====================================
contrib/src/asdcplib/rules.mak
=====================================
@@ -2,7 +2,7 @@
 
 ASDCPLIB_VERSION := 2.7.19
 
-ASDCPLIB_URL := http://download.cinecert.com/asdcplib/asdcplib-$(ASDCPLIB_VERSION).tar.gz
+ASDCPLIB_URL := https://download.cinecert.com/asdcplib/asdcplib-$(ASDCPLIB_VERSION).tar.gz
 
 # nettle/gmp can't be used with the LGPLv2 license
 ifdef GPL


=====================================
contrib/src/basu/rules.mak
=====================================
@@ -1,6 +1,6 @@
 # basu
 BASU_VERSION := 0.2.1
-BASU_URL := http://git.sr.ht/~emersion/basu/refs/download/v$(BASU_VERSION)/basu-$(BASU_VERSION).tar.gz
+BASU_URL := https://git.sr.ht/~emersion/basu/refs/download/v$(BASU_VERSION)/basu-$(BASU_VERSION).tar.gz
 
 ifneq ($(call need_pkg,"libelogind"),)
 ifneq ($(call need_pkg,"libsystemd"),)


=====================================
contrib/src/bpg/rules.mak
=====================================
@@ -1,6 +1,6 @@
 # BPG
 BPG_VERSION := 0.9.8
-BPG_URL := http://bellard.org/bpg/libbpg-$(BPG_VERSION).tar.gz
+BPG_URL := https://bellard.org/bpg/libbpg-$(BPG_VERSION).tar.gz
 
 # default disabled
 # PKGS += bpg


=====================================
contrib/src/daala/rules.mak
=====================================
@@ -1,5 +1,5 @@
 DAALA_VERSION := e248823a04292a8c2f56aa260f5c0b369d41d64e
-DAALA_GITURL := http://gitlab.xiph.org/xiph/daala.git
+DAALA_GITURL := https://gitlab.xiph.org/xiph/daala.git
 
 # Default disabled for now
 # PKGS += daala


=====================================
contrib/src/ebml/rules.mak
=====================================
@@ -1,7 +1,7 @@
 # ebml
 
 EBML_VERSION := 1.4.3
-EBML_URL := http://dl.matroska.org/downloads/libebml/libebml-$(EBML_VERSION).tar.xz
+EBML_URL := https://dl.matroska.org/downloads/libebml/libebml-$(EBML_VERSION).tar.xz
 
 ifeq ($(call need_pkg,"libebml >= 1.3.8"),)
 PKGS_FOUND += ebml


=====================================
contrib/src/gsm/rules.mak
=====================================
@@ -1,7 +1,7 @@
 # GSM
 GSM_MAJVERSION := 1.0
 GSM_MINVERSION := 22
-GSM_URL := http://www.quut.com/gsm/gsm-$(GSM_MAJVERSION).$(GSM_MINVERSION).tar.gz
+GSM_URL := https://www.quut.com/gsm/gsm-$(GSM_MAJVERSION).$(GSM_MINVERSION).tar.gz
 
 $(TARBALLS)/gsm-$(GSM_MAJVERSION)-pl$(GSM_MINVERSION).tar.gz:
 	$(call download_pkg,$(GSM_URL),gsm)


=====================================
contrib/src/librist/rules.mak
=====================================
@@ -1,7 +1,7 @@
 # librist
 
 LIBRIST_VERSION := v0.2.7
-LIBRIST_URL := http://code.videolan.org/rist/librist/-/archive/$(LIBRIST_VERSION)/librist-$(LIBRIST_VERSION).tar.gz
+LIBRIST_URL := https://code.videolan.org/rist/librist/-/archive/$(LIBRIST_VERSION)/librist-$(LIBRIST_VERSION).tar.gz
 
 ifdef BUILD_NETWORK
 PKGS += librist


=====================================
contrib/src/live555/rules.mak
=====================================
@@ -2,6 +2,7 @@
 
 LIVE555_VERSION := 2022.07.14
 LIVE555_FILE := live.$(LIVE555_VERSION).tar.gz
+# XXX: No HTTPS available.
 LIVEDOTCOM_URL := http://live555.com/liveMedia/public/$(LIVE555_FILE)
 
 ifdef BUILD_NETWORK


=====================================
contrib/src/lua/rules.mak
=====================================
@@ -2,7 +2,7 @@
 
 LUA_SHORTVERSION := 5.4
 LUA_VERSION := $(LUA_SHORTVERSION).4
-LUA_URL := http://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz
+LUA_URL := https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz
 
 # Reverse priority order
 LUA_TARGET := generic


=====================================
contrib/src/main.mak
=====================================
@@ -21,10 +21,10 @@ QTBASE_VERSION_MAJOR := 6.8
 QTBASE_VERSION := $(QTBASE_VERSION_MAJOR).3
 
 # Common download locations
-GNU ?= http://ftp.gnu.org/gnu
+GNU ?= https://ftp.gnu.org/gnu
 SF := https://downloads.sourceforge.net/project
-VIDEOLAN := http://downloads.videolan.org/pub/videolan
-CONTRIB_VIDEOLAN := http://downloads.videolan.org/pub/contrib
+VIDEOLAN := https://downloads.videolan.org/pub/videolan
+CONTRIB_VIDEOLAN := https://downloads.videolan.org/pub/contrib
 VIDEOLAN_GIT := https://git.videolan.org/git
 GITHUB := https://github.com
 GOOGLE_CODE := https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com
@@ -657,7 +657,7 @@ distclean: clean
 	$(RM) config.mak
 	unlink Makefile
 
-PREBUILT_URL=http://download.videolan.org/pub/videolan/contrib/$(HOST)/vlc-contrib-$(HOST)-latest.tar.bz2
+PREBUILT_URL=https://download.videolan.org/pub/videolan/contrib/$(HOST)/vlc-contrib-$(HOST)-latest.tar.bz2
 
 vlc-contrib-$(HOST)-latest.tar.bz2:
 	$(call download,$(PREBUILT_URL))


=====================================
contrib/src/matroska/rules.mak
=====================================
@@ -1,7 +1,7 @@
 # matroska
 
 MATROSKA_VERSION := 1.7.0
-MATROSKA_URL := http://dl.matroska.org/downloads/libmatroska/libmatroska-$(MATROSKA_VERSION).tar.xz
+MATROSKA_URL := https://dl.matroska.org/downloads/libmatroska/libmatroska-$(MATROSKA_VERSION).tar.xz
 
 PKGS += matroska
 


=====================================
contrib/src/samplerate/rules.mak
=====================================
@@ -1,6 +1,6 @@
 # SAMPLERATE
 SAMPLERATE_VERSION := 0.1.9
-SAMPLERATE_URL := http://www.mega-nerd.com/SRC/libsamplerate-$(SAMPLERATE_VERSION).tar.gz
+SAMPLERATE_URL := $(GITHUB)/libsndfile/libsamplerate/releases/download/$(SAMPLERATE_VERSION)/libsamplerate-$(SAMPLERATE_VERSION).tar.gz
 
 ifdef GPL
 PKGS += samplerate


=====================================
contrib/src/ssh2/rules.mak
=====================================
@@ -1,7 +1,7 @@
 # ssh2
 
 LIBSSH2_VERSION := 1.11.0
-LIBSSH2_URL := http://www.libssh2.org/download/libssh2-$(LIBSSH2_VERSION).tar.gz
+LIBSSH2_URL := https://www.libssh2.org/download/libssh2-$(LIBSSH2_VERSION).tar.gz
 
 ifdef BUILD_NETWORK
 PKGS += ssh2


=====================================
extras/tools/packages.mak
=====================================
@@ -1,14 +1,14 @@
-GNU=http://ftp.gnu.org/gnu
-APACHE=http://mir2.ovh.net/ftp.apache.org/dist
-SF= http://downloads.sourceforge.net/project
-VIDEOLAN=http://downloads.videolan.org/pub/contrib
+GNU=https://ftp.gnu.org/gnu
+APACHE=https://downloads.apache.org/
+SF=https://downloads.sourceforge.net/project
+VIDEOLAN=https://downloads.videolan.org/pub/contrib
 
 NASM_VERSION=2.14
-NASM_URL=http://www.nasm.us/pub/nasm/releasebuilds/$(NASM_VERSION)/nasm-$(NASM_VERSION).tar.gz
+NASM_URL=https://www.nasm.us/pub/nasm/releasebuilds/$(NASM_VERSION)/nasm-$(NASM_VERSION).tar.gz
 
 CMAKE_VERSION_MAJ=3.29
 CMAKE_VERSION=$(CMAKE_VERSION_MAJ).5
-CMAKE_URL=http://www.cmake.org/files/v$(CMAKE_VERSION_MAJ)/cmake-$(CMAKE_VERSION).tar.gz
+CMAKE_URL=https://www.cmake.org/files/v$(CMAKE_VERSION_MAJ)/cmake-$(CMAKE_VERSION).tar.gz
 
 LIBTOOL_VERSION=2.5.4
 LIBTOOL_URL=$(GNU)/libtool/libtool-$(LIBTOOL_VERSION).tar.gz
@@ -29,7 +29,7 @@ TAR_VERSION=1.34
 TAR_URL=$(GNU)/tar/tar-$(TAR_VERSION).tar.bz2
 
 XZ_VERSION=5.4.1
-XZ_URL=http://tukaani.org/xz/xz-$(XZ_VERSION).tar.bz2
+XZ_URL=https://tukaani.org/xz/xz-$(XZ_VERSION).tar.bz2
 
 SED_VERSION=4.2.2
 SED_URL=$(GNU)/sed/sed-$(SED_VERSION).tar.bz2


=====================================
src/misc/update.c
=====================================
@@ -74,9 +74,9 @@
  */
 
 #ifndef NDEBUG
-# define UPDATE_VLC_STATUS_URL "http://update-test.videolan.org/vlc/status"
+# define UPDATE_VLC_STATUS_URL "https://update-test.videolan.org/vlc/status"
 #else
-# define UPDATE_VLC_STATUS_URL "http://update.videolan.org/vlc/status"
+# define UPDATE_VLC_STATUS_URL "https://update.videolan.org/vlc/status"
 #endif
 
 #define dialog_FatalWait( p_obj, psz_title, psz_fmt, ... ) \


=====================================
src/misc/update_crypto.c
=====================================
@@ -932,7 +932,7 @@ public_key_t *download_key( vlc_object_t *p_this,
                     const uint8_t *p_longid, const uint8_t *p_signature_issuer )
 {
     char *psz_url;
-    if( asprintf( &psz_url, "http://download.videolan.org/pub/keys/%.2X%.2X%.2X%.2X%.2X%.2X%.2X%.2X.asc",
+    if( asprintf( &psz_url, "https://download.videolan.org/pub/keys/%.2X%.2X%.2X%.2X%.2X%.2X%.2X%.2X.asc",
                     p_longid[0], p_longid[1], p_longid[2], p_longid[3],
                     p_longid[4], p_longid[5], p_longid[6], p_longid[7] ) == -1 )
         return NULL;



View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/25108b481d3ec7106fb5029ee4eed85c2f4e9039...d6383668c0391dfa1a6bad316408f6b244e6096a

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/25108b481d3ec7106fb5029ee4eed85c2f4e9039...d6383668c0391dfa1a6bad316408f6b244e6096a
You're receiving this email because of your account on code.videolan.org.


VideoLAN code repository instance

More information about the vlc-commits mailing list