From db10b426b13d00ecec725110140ff17f7fde910a Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Fri, 10 Jan 2020 12:20:05 +0100
Subject: [PATCH] openocd: update to current master, allow building without USB

The last OpenOCD release was 3 years ago, plenty of new functionality
was added since then. Two security-related patches went in too.

While at it, add a menuconfig option to allow building without any USB
dependencies, useful for devices counting on sysfsgpio to access
targets.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
 utils/openocd/Makefile                        | 38 +++++++++++----
 .../patches/100-bind-localhost-only.patch     | 45 ------------------
 .../patches/101-cve-2018-5704-css-fix.patch   | 47 -------------------
 3 files changed, 30 insertions(+), 100 deletions(-)
 delete mode 100644 utils/openocd/patches/100-bind-localhost-only.patch
 delete mode 100644 utils/openocd/patches/101-cve-2018-5704-css-fix.patch

diff --git a/utils/openocd/Makefile b/utils/openocd/Makefile
index 7eeabb6b95..c8a6544b5e 100644
--- a/utils/openocd/Makefile
+++ b/utils/openocd/Makefile
@@ -8,14 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openocd
-PKG_SOURCE_VERSION:=0.10.0
-PKG_VERSION:=v$(PKG_SOURCE_VERSION)
-PKG_RELEASE:=2
+PKG_SOURCE_VERSION:=v0.10.0-1000-gdb23c13d
+PKG_VERSION:=$(PKG_SOURCE_VERSION)
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=git://git.code.sf.net/p/openocd/code
+PKG_MIRROR_HASH:=6f8c0ecf240427654ad5e911b44f78996da931209280f4a19c1215802ff14638
 
-PKG_SOURCE_URL:=@SF/openocd
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.bz2
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
-PKG_HASH:=7312e7d680752ac088b8b8f2b5ba3ff0d30e0a78139531847be4b75c101316ae
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
 
@@ -26,6 +27,8 @@ PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 PKG_FIXUP:=autoreconf
 
+PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_openocd_with_usb
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk
 
@@ -34,7 +37,18 @@ define Package/openocd
   CATEGORY:=Utilities
   TITLE:=OpenOCD Utility
   URL:=http://openocd.sf.net/
-  DEPENDS:=+libusb-1.0 +libusb-compat +libftdi1 +hidapi
+  DEPENDS:=+PACKAGE_openocd_with_usb:libusb-1.0 \
+	+PACKAGE_openocd_with_usb:libusb-compat \
+	+PACKAGE_openocd_with_usb:libftdi1 \
+	+PACKAGE_openocd_with_usb:hidapi
+endef
+
+define Package/openocd/config
+  if PACKAGE_openocd
+	config PACKAGE_openocd_with_usb
+		bool "Build with support for USB adapters."
+		default y
+  endif
 endef
 
 define Package/openocd/description
@@ -55,13 +69,21 @@ the GNU GDB program (and the others who talk GDB protocol, e.g. IDA
 Pro).
 endef
 
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	-$(RM) $(PKG_BUILD_DIR)/guess-rev.sh
+endef
+
 CONFIGURE_ARGS += \
 	--prefix="/usr" \
 	--disable-werror \
 	MAKEINFO=true \
+	$(if $(CONFIG_PACKAGE_openocd_with_usb),,PKG_CONFIG=false) \
 	--enable-dummy \
 	--enable-sysfsgpio
 
+TARGET_CFLAGS += -DRELSTR=\\\"-$(PKG_VERSION)-$(PKG_RELEASE)-OpenWrt\\\"
+
 define Build/Compile
         +$(MAKE_VARS) \
         $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH)
diff --git a/utils/openocd/patches/100-bind-localhost-only.patch b/utils/openocd/patches/100-bind-localhost-only.patch
deleted file mode 100644
index d78f7c84be..0000000000
--- a/utils/openocd/patches/100-bind-localhost-only.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Subject: Bind to IPv4 localhost by default
-Origin: other, http://openocd.zylin.com/#/c/4331/2
-Last-Update: 2018-01-18
-
-From f8630b0b15e30dc6c51270006a4e075c79cf466a Mon Sep 17 00:00:00 2001
-From: Paul Fertser <fercerpav@gmail.com>
-Date: Sat, 13 Jan 2018 16:22:10 +0300
-Subject: [PATCH] server: bind to IPv4 localhost by default
-
-Since OpenOCD basically allows to perform arbitrary actions on behalf of
-the running user, it makes sense to restrict the exposure by default.
-
-If you need network connectivity and your environment is safe enough,
-use "bindto 0.0.0.0" to switch to the old behaviour.
-
-Change-Id: I4a4044b90d0ecb30118cea96fc92a7bcff0924e0
-Signed-off-by: Paul Fertser <fercerpav@gmail.com>
----
-
-diff --git a/doc/openocd.texi b/doc/openocd.texi
-index 7f5b72e..5c7f465 100644
---- a/doc/openocd.texi
-+++ b/doc/openocd.texi
-@@ -7017,7 +7017,7 @@
- 
- @deffn Command bindto [name]
- Specify address by name on which to listen for incoming TCP/IP connections.
--By default, OpenOCD will listen on all available interfaces.
-+By default, OpenOCD will listen on the loopback interface only.
- @end deffn
- 
- @anchor{targetstatehandling}
-diff --git a/src/server/server.c b/src/server/server.c
-index 1e52e97..ea1e898 100644
---- a/src/server/server.c
-+++ b/src/server/server.c
-@@ -259,7 +259,7 @@
- 		c->sin.sin_family = AF_INET;
- 
- 		if (bindto_name == NULL)
--			c->sin.sin_addr.s_addr = INADDR_ANY;
-+			c->sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- 		else {
- 			hp = gethostbyname(bindto_name);
- 			if (hp == NULL) {
diff --git a/utils/openocd/patches/101-cve-2018-5704-css-fix.patch b/utils/openocd/patches/101-cve-2018-5704-css-fix.patch
deleted file mode 100644
index 9a0ffbbd1e..0000000000
--- a/utils/openocd/patches/101-cve-2018-5704-css-fix.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Subject: Prevent some forms of Cross Protocol Scripting attacks
-Author: Andreas Fritiofson <andreas.fritiofson@gmail.com>
-Origin: other, http://openocd.zylin.com/#/c/4335/
-Bug-Debian: https://bugs.debian.org/887488
-Last-Update: 2018-01-18
-
-From 3a223ca3ebc7ac24d7726a0cd58e5695bc813657 Mon Sep 17 00:00:00 2001
-From: Andreas Fritiofson <andreas.fritiofson@gmail.com>
-Date: Sat, 13 Jan 2018 21:00:47 +0100
-Subject: [PATCH] CVE-2018-5704: Prevent some forms of Cross Protocol Scripting attacks
-
-OpenOCD can be targeted by a Cross Protocol Scripting attack from
-a web browser running malicious code, such as the following PoC:
-
-var x = new XMLHttpRequest();
-x.open("POST", "http://127.0.0.1:4444", true);
-x.send("exec xcalc\r\n");
-
-This mitigation should provide some protection from browser-based
-attacks and is based on the corresponding fix in Redis:
-
-https://github.com/antirez/redis/blob/8075572207b5aebb1385c4f233f5302544439325/src/networking.c#L1758
-
-Change-Id: Ia96ebe19b74b5805dc228bf7364c7971a90a4581
-Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
-Reported-by: Josef Gajdusek <atx@atx.name>
----
-
-diff --git a/src/server/startup.tcl b/src/server/startup.tcl
-index 64ace40..dd1b31e 100644
---- a/src/server/startup.tcl
-+++ b/src/server/startup.tcl
-@@ -8,3 +8,14 @@
- 	# one target
- 	reset halt
- }
-+
-+proc prevent_cps {} {
-+	echo "Possible SECURITY ATTACK detected."
-+	echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
-+	echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
-+	echo "to compromise your OpenOCD instance. Connection aborted."
-+	exit
-+}
-+
-+proc POST {args} { prevent_cps }
-+proc Host: {args} { prevent_cps }