diff options
Diffstat (limited to 'meta/recipes-connectivity')
202 files changed, 4744 insertions, 9081 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb deleted file mode 100644 index 1c6e46aaba..0000000000 --- a/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb +++ /dev/null @@ -1,54 +0,0 @@ -require avahi.inc - -inherit distro_features_check -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" - -DEPENDS += "avahi" - -AVAHI_GTK = "gtk3" - -S = "${WORKDIR}/avahi-${PV}" - -PACKAGES += "${PN}-utils avahi-discover" - -FILES_${PN} = "${libdir}/libavahi-ui*.so.*" -FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" -FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ - ${datadir}/avahi/interfaces/avahi-discover.ui \ - ${bindir}/avahi-discover-standalone \ - " - -do_install_append () { - rm ${D}${sysconfdir} -rf - if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then - if [ "${nonarch_base_libdir}" != "${base_libdir}" ];then - rm ${D}${nonarch_base_libdir} -rf - fi - else - rm ${D}${base_libdir} -rf - fi - rm ${D}${systemd_unitdir} -rf - # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib, - # but not ${base_libdir} here. And the /lib may not exist - # whithout systemd. - [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty - rm ${D}${bindir}/avahi-b* - rm ${D}${bindir}/avahi-p* - rm ${D}${bindir}/avahi-r* - rm ${D}${bindir}/avahi-s* - rm ${D}${includedir}/avahi-c* -rf - rm ${D}${includedir}/avahi-g* -rf - rm ${D}${libdir}/libavahi-c* - rm ${D}${libdir}/libavahi-g* - rm ${D}${libdir}/pkgconfig/avahi-c* - rm ${D}${libdir}/pkgconfig/avahi-g* - rm ${D}${sbindir} -rf - rm ${D}${datadir}/avahi/a* - rm ${D}${datadir}/locale/ -rf - rm ${D}${datadir}/dbus* -rf - rm ${D}${mandir}/man1/a* - rm ${D}${mandir}/man5 -rf - rm ${D}${mandir}/man8 -rf - rm ${D}${libdir}/girepository-1.0/ -rf - rm ${D}${datadir}/gir-1.0/ -rf -} diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc deleted file mode 100644 index 94fe6a16b6..0000000000 --- a/meta/recipes-connectivity/avahi/avahi.inc +++ /dev/null @@ -1,86 +0,0 @@ -SUMMARY = "Avahi IPv4LL network address configuration daemon" -DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ -allows programs to publish and discover services and hosts running on a local network \ -with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ -IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ -configuration from the link-local 169.254.0.0/16 range without the need for a central \ -server.' -AUTHOR = "Lennart Poettering <lennart@poettering.net>" -HOMEPAGE = "http://avahi.org" -BUGTRACKER = "https://github.com/lathiat/avahi/issues" -SECTION = "network" - -# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and -# python scripts are under GPLv2+ -LICENSE = "GPLv2+ & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ - file://fix-CVE-2017-6519.patch \ - " - -UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" -SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6" -SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804" - -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" - -# For gtk related PACKAGECONFIGs: gtk, gtk3 -AVAHI_GTK ?= "" - -PACKAGECONFIG ??= "dbus ${AVAHI_GTK}" -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" -PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" -PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" - -inherit autotools pkgconfig gettext gobject-introspection - -EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ - --disable-stack-protector \ - --disable-gdbm \ - --disable-mono \ - --disable-monodoc \ - --disable-qt3 \ - --disable-qt4 \ - --disable-python \ - --disable-doxygen-doc \ - --enable-manpages \ - ${EXTRA_OECONF_SYSVINIT} \ - ${EXTRA_OECONF_SYSTEMD} \ - " - -# The distro choice determines what init scripts are installed -EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" - -do_configure_prepend() { - sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac - - # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes - rm "${S}/common/introspection.m4" || true -} - -do_compile_prepend() { - export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" -} - -RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" - -do_install() { - autotools_do_install - rm -rf ${D}/run - rm -rf ${D}${datadir}/dbus-1/interfaces - test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 - rm -rf ${D}${libdir}/avahi -} - -PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" - -FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" - -RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" diff --git a/meta/recipes-connectivity/avahi/avahi_0.7.bb b/meta/recipes-connectivity/avahi/avahi_0.7.bb deleted file mode 100644 index 2e04d304c7..0000000000 --- a/meta/recipes-connectivity/avahi/avahi_0.7.bb +++ /dev/null @@ -1,81 +0,0 @@ -require avahi.inc - -SRC_URI += "file://00avahi-autoipd \ - file://99avahi-autoipd \ - file://initscript.patch \ - file://0001-Fix-opening-etc-resolv.conf-error.patch \ - " - -inherit update-rc.d systemd useradd - -PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils" - -# As avahi doesn't put any files into PN, clear the files list to avoid problems -# if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ - ${sysconfdir}/avahi/avahi-autoipd.action \ - ${sysconfdir}/dhcp/*/avahi-autoipd \ - ${sysconfdir}/udhcpc.d/00avahi-autoipd \ - ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ - ${sysconfdir}/avahi/avahi-daemon.conf \ - ${sysconfdir}/avahi/hosts \ - ${sysconfdir}/avahi/services \ - ${sysconfdir}/dbus-1 \ - ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ - ${datadir}/avahi/avahi-service.dtd \ - ${datadir}/avahi/service-types \ - ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ - ${sysconfdir}/avahi/avahi-dnsconfd.action \ - ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-*" - -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" -RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" - -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" - -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" - -USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ - --no-create-home --shell /bin/false \ - --user-group avahi" - -USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ - --no-create-home --shell /bin/false \ - --user-group \ - -c \"Avahi autoip daemon\" \ - avahi-autoipd" - -INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" - -SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" - -do_install_append() { - install -d ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d -} - -# At the time the postinst runs, dbus might not be setup so only restart if running -# Don't exit early, because update-rc.d needs to run subsequently. -pkg_postinst_avahi-daemon () { -if [ -z "$D" ]; then - killall -q -HUP dbus-daemon || true -fi -} diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb new file mode 100644 index 0000000000..1f18d4491d --- /dev/null +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -0,0 +1,198 @@ +SUMMARY = "Avahi IPv4LL network address configuration daemon" +DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ +allows programs to publish and discover services and hosts running on a local network \ +with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ +IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ +configuration from the link-local 169.254.0.0/16 range without the need for a central \ +server.' +HOMEPAGE = "http://avahi.org" +BUGTRACKER = "https://github.com/avahi/avahi/issues" +SECTION = "network" + +# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and +# python scripts are under GPL-2.0-or-later +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" + +SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ + file://00avahi-autoipd \ + file://99avahi-autoipd \ + file://initscript.patch \ + file://0001-Fix-opening-etc-resolv.conf-error.patch \ + file://handle-hup.patch \ + file://local-ping.patch \ + file://invalid-service.patch \ + file://CVE-2023-1981.patch \ + file://CVE-2023-38469-1.patch \ + file://CVE-2023-38469-2.patch \ + file://CVE-2023-38470-1.patch \ + file://CVE-2023-38470-2.patch \ + file://CVE-2023-38471-1.patch \ + file://CVE-2023-38471-2.patch \ + file://CVE-2023-38472.patch \ + file://CVE-2023-38473.patch \ + " + +GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" +SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" + +CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" + +DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" + +# For gtk related PACKAGECONFIGs: gtk, gtk3 +AVAHI_GTK ?= "" + +PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" +PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" +PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" +PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" +PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" +PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" + +inherit autotools pkgconfig gettext gobject-introspection github-releases + +EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ + --disable-stack-protector \ + --disable-gdbm \ + --disable-dbm \ + --disable-mono \ + --disable-monodoc \ + --disable-qt3 \ + --disable-qt4 \ + --disable-python \ + --disable-doxygen-doc \ + --enable-manpages \ + ${EXTRA_OECONF_SYSVINIT} \ + ${EXTRA_OECONF_SYSTEMD} \ + " + +# The distro choice determines what init scripts are installed +EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" + +do_configure:prepend() { + # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes + rm "${S}/common/introspection.m4" || true +} + +do_compile:prepend() { + export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" +} + +RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" + +do_install() { + autotools_do_install + rm -rf ${D}/run + test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 + rm -rf ${D}${libdir}/avahi + + # Move example service files out of /etc/avahi/services so we don't + # advertise ssh & sftp-ssh by default + install -d ${D}${docdir}/avahi + mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi +} + +PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" + +FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" + +RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" + +inherit update-rc.d systemd useradd + +PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" + +FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" +FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ + ${datadir}/avahi/interfaces/avahi-discover.ui \ + ${bindir}/avahi-discover-standalone \ + " + +LICENSE:libavahi-gobject = "LGPL-2.1-or-later" +LICENSE:avahi-daemon = "LGPL-2.1-or-later" +LICENSE:libavahi-common = "LGPL-2.1-or-later" +LICENSE:libavahi-core = "LGPL-2.1-or-later" +LICENSE:libavahi-client = "LGPL-2.1-or-later" +LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" +LICENSE:libavahi-glib = "LGPL-2.1-or-later" +LICENSE:avahi-autoipd = "LGPL-2.1-or-later" +LICENSE:avahi-utils = "LGPL-2.1-or-later" + +# As avahi doesn't put any files into PN, clear the files list to avoid problems +# if extra libraries appear. +FILES:${PN} = "" +FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ + ${sysconfdir}/avahi/avahi-autoipd.action \ + ${sysconfdir}/dhcp/*/avahi-autoipd \ + ${sysconfdir}/udhcpc.d/00avahi-autoipd \ + ${sysconfdir}/udhcpc.d/99avahi-autoipd" +FILES:libavahi-common = "${libdir}/libavahi-common.so.*" +FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES:avahi-daemon = "${sbindir}/avahi-daemon \ + ${sysconfdir}/avahi/avahi-daemon.conf \ + ${sysconfdir}/avahi/hosts \ + ${sysconfdir}/avahi/services \ + ${sysconfdir}/dbus-1 \ + ${sysconfdir}/init.d/avahi-daemon \ + ${datadir}/dbus-1/interfaces \ + ${datadir}/avahi/avahi-service.dtd \ + ${datadir}/avahi/service-types \ + ${datadir}/dbus-1/system-services" +FILES:libavahi-client = "${libdir}/libavahi-client.so.*" +FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ + ${sysconfdir}/avahi/avahi-dnsconfd.action \ + ${sysconfdir}/init.d/avahi-dnsconfd" +FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" + +DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" +DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" +RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" + +RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns" + +CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" + +USERADD_PACKAGES = "avahi-daemon avahi-autoipd" +USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ + --no-create-home --shell /bin/false \ + --user-group avahi" + +USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ + --no-create-home --shell /bin/false \ + --user-group \ + -c \"Avahi autoip daemon\" \ + avahi-autoipd" + +INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" +INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" + +SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" +SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" + +do_install:append() { + install -d ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d +} + +# At the time the postinst runs, dbus might not be setup so only restart if running +# Don't exit early, because update-rc.d needs to run subsequently. +pkg_postinst:avahi-daemon () { +if [ -z "$D" ]; then + killall -q -HUP dbus-daemon || true +fi +} + diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch @@ -0,0 +1,58 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] +CVE: CVE-2023-1981 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687bc..406d0b441 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..a078f66102 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch @@ -0,0 +1,48 @@ +From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Mon, 23 Oct 2023 20:29:31 +0000 +Subject: [PATCH] avahi: core: reject overly long TXT resource records + +Closes https://github.com/lathiat/avahi/issues/455 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] +CVE: CVE-2023-38469 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/rr.c b/avahi-core/rr.c +index 7fa0bee..b03a24c 100644 +--- a/avahi-core/rr.c ++++ b/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/defs.h> + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch @@ -0,0 +1,65 @@ +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 25 Oct 2023 18:15:42 +0000 +Subject: [PATCH] tests: pass overly long TXT resource records + +to make sure they don't crash avahi any more. +It reproduces https://github.com/lathiat/avahi/issues/455 + +Canonical notes: +nickgalanis> removed first hunk since there is no .github dir in this release + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -22,6 +22,7 @@ + #endif + + #include <stdio.h> ++#include <string.h> + #include <assert.h> + + #include <avahi-client/client.h> +@@ -33,6 +34,8 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/timeval.h> + ++#include <avahi-core/dns.h> ++ + static const AvahiPoll *poll_api = NULL; + static AvahiSimplePoll *simple_poll = NULL; + +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + uint32_t cookie; + struct timeval tv; + AvahiAddress a; ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; ++ AvahiStringList *txt = NULL; ++ int r; + + simple_poll = avahi_simple_poll_new(); + poll_api = avahi_simple_poll_get(simple_poll); +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ memset(rdata, 1, sizeof(rdata)); ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); ++ assert(r >= 0); ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); ++ assert(error == AVAHI_ERR_INVALID_RECORD); ++ avahi_string_list_free(txt); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..91f9e677ac --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch @@ -0,0 +1,59 @@ +From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] avahi: Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] +CVE: CVE-2023-38470 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763ec..3acc1c1 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab68..e66d241 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch @@ -0,0 +1,52 @@ +From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 19 Sep 2023 03:21:25 +0000 +Subject: [PATCH] [common] bail out when escaped labels can't fit into ret + +Fixes: +``` +==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 +READ of size 1110 at 0x7f9e76f14c16 thread T0 + #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) + #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 + #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 +``` +and +``` +fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. +==101571== ERROR: libFuzzer: deadly signal + #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 +``` + +It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security +CVE: CVE-2023-38470 #Follow-up patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s + } else + empty = 0; + +- avahi_escape_label(label, strlen(label), &r, &size); ++ if (!(avahi_escape_label(label, strlen(label), &r, &size))) ++ return NULL; + } + + return ret_s; diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..b3f716495d --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch @@ -0,0 +1,73 @@ +From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Mon, 23 Oct 2023 13:38:35 +0200 +Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() + +Previously we could create invalid escape sequence when we split the +string on dot. For example, from valid host name "foo\\.bar" we have +created invalid name "foo\\" and tried to set that as the host name +which crashed the daemon. + +Fixes #453 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] +CVE: CVE-2023-38471 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index e507750..40f1d68 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); ++ ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch @@ -0,0 +1,52 @@ +From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 24 Oct 2023 22:04:51 +0000 +Subject: [PATCH] core: return errors from avahi_server_set_host_name properly + +It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] +CVE: CVE-2023-38471 #Follow-up Patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + ++ if (!hn) ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); ++ + h = hn; + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { + avahi_free(h); +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + } + + avahi_free(h); +@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ + h = label_escaped; + len = sizeof(label_escaped); + if (!avahi_escape_label(label, strlen(label), &h, &len)) +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ + avahi_free(s->host_name); + s->host_name = avahi_strdup(label_escaped); + if (!s->host_name) +- return AVAHI_ERR_NO_MEMORY; ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + + update_fqdn(s); + diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..85dbded73b --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch @@ -0,0 +1,46 @@ +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Thu, 19 Oct 2023 17:36:44 +0200 +Subject: [PATCH] core: make sure there is rdata to process before parsing it + +Fixes #452 + +CVE-2023-38472 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] +CVE: CVE-2023-38472 +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + assert(error == AVAHI_ERR_INVALID_RECORD); + avahi_string_list_free(txt); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +Index: avahi-0.8/avahi-daemon/dbus-entry-group.c +=================================================================== +--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c ++++ avahi-0.8/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..707acb60fe --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch @@ -0,0 +1,110 @@ +From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 11 Oct 2023 17:45:44 +0200 +Subject: [PATCH] avahi: common: derive alternative host name from its + unescaped version + +Normalization of input makes sure we don't have to deal with special +cases like unescaped dot at the end of label. + +Fixes #451 #487 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] +CVE: CVE-2023-38473 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c +index 9255435..681fc15 100644 +--- a/avahi-common/alternative-test.c ++++ b/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c +index b3d39f0..a094e6d 100644 +--- a/avahi-common/alternative.c ++++ b/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch deleted file mode 100644 index 7461fe193d..0000000000 --- a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch +++ /dev/null @@ -1,48 +0,0 @@ -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def] - -CVE: CVE-2017-6519 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 -From: Trent Lloyd <trent@lloyd.id.au> -Date: Sat, 22 Dec 2018 09:06:07 +0800 -Subject: [PATCH] Drop legacy unicast queries from address not on local link - -When handling legacy unicast queries, ensure that the source IP is -inside a subnet on the local link, otherwise drop the packet. - -Fixes #145 -Fixes #203 -CVE-2017-6519 -CVE-2018-1000845 ---- - avahi-core/server.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/avahi-core/server.c b/avahi-core/server.c -index a2cb19a8..a2580e38 100644 ---- a/avahi-core/server.c -+++ b/avahi-core/server.c -@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - - if (avahi_dns_packet_is_query(p)) { - int legacy_unicast = 0; -+ char t[AVAHI_ADDRESS_STR_MAX]; - - /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the - * AR section completely here, so far. Until the day we add -@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - legacy_unicast = 1; - } - -+ if (!is_mdns_mcast_address(dst_address) && -+ !avahi_interface_address_on_link(i, src_address)) { -+ -+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); -+ return; -+ } -+ - if (legacy_unicast) - reflect_legacy_unicast_query_packet(s, p, i, src_address, port); - diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch new file mode 100644 index 0000000000..8f188aff2c --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/invalid-service.patch @@ -0,0 +1,29 @@ +From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 +From: Asger Hautop Drewsen <asger@princh.com> +Date: Mon, 9 Aug 2021 14:25:08 +0200 +Subject: [PATCH] Fix avahi-browse: Invalid service type + +Invalid service types will stop the browse from completing, or +in simple terms "my washing machine stops me from printing". + +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + avahi-core/browse-service.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 63e0275a..ac3d2ecb 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); +- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); ++ ++ if (!avahi_is_valid_service_type_generic(service_type)) ++ service_type = "_invalid._tcp"; + + if (!domain) + domain = server->domain_name; diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch @@ -0,0 +1,153 @@ +CVE: CVE-2021-36217 +CVE: CVE-2021-3502 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch index 8db96ec049..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch @@ -17,7 +17,7 @@ index b2eec60..6e03936 100644 @@ -57,6 +57,7 @@ case "$1" in modprobe capability >/dev/null 2>&1 || true if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch deleted file mode 100644 index 2fed99e1bb..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch +++ /dev/null @@ -1,64 +0,0 @@ -Backport patch to fix CVE-2019-6471. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2019-6471 - -CVE: CVE-2019-6471 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001 -From: Mark Andrews <marka@isc.org> -Date: Tue, 19 Mar 2019 14:14:21 +1100 -Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext() - -(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712) ---- - lib/dns/dispatch.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c -index 408beda367..3278db4a07 100644 ---- a/lib/dns/dispatch.c -+++ b/lib/dns/dispatch.c -@@ -134,7 +134,7 @@ struct dns_dispentry { - isc_task_t *task; - isc_taskaction_t action; - void *arg; -- bool item_out; -+ bool item_out; - dispsocket_t *dispsocket; - ISC_LIST(dns_dispatchevent_t) items; - ISC_LINK(dns_dispentry_t) link; -@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) { - disp = resp->disp; - REQUIRE(VALID_DISPATCH(disp)); - -- REQUIRE(resp->item_out == true); -- resp->item_out = false; -- - ev = *sockevent; - *sockevent = NULL; - - LOCK(&disp->lock); -+ -+ REQUIRE(resp->item_out == true); -+ resp->item_out = false; -+ - if (ev->buffer.base != NULL) - free_buffer(disp, ev->buffer.base, ev->buffer.length); - free_devent(disp, ev); -@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, - isc_task_send(disp->task[0], &disp->ctlevent); - } - -+/* -+ * disp must be locked. -+ */ - static void - do_cancel(dns_dispatch_t *disp) { - dns_dispatchevent_t *ev; --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch deleted file mode 100644 index 871bb2a5f6..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Mon, 27 Aug 2018 15:00:51 +0800 -Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib' - -Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe, -the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless -and helpful for clean up host build path in isc-config.sh - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.in b/configure.in -index 54efc55..76ac0eb 100644 ---- a/configure.in -+++ b/configure.in -@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl]) - fi - ;; - *) -- DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto" -+ DST_OPENSSL_LIBS="-lcrypto" - ;; - esac - fi --- -2.7.4 - diff --git a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch deleted file mode 100644 index 48ae125f84..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch +++ /dev/null @@ -1,60 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> -Date: Thu, 3 Jan 2019 14:17:43 +0100 -Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1) - -tcp-clients settings could be exceeded in some cases by -creating more and more active TCP clients that are over -the set quota limit, which in the end could lead to a -DoS attack by e.g. exhaustion of file descriptors. - -If TCP client we're closing went over the quota (so it's -not attached to a quota) mark it as mortal - so that it -will be destroyed and not set up to listen for new -connections - unless it's the last client for a specific -interface. - -(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) -(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776) ---- - bin/named/client.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d482da7121..0739dd48af 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) { - isc_socket_detach(&client->tcpsocket); - } - -- if (client->tcpquota != NULL) -+ if (client->tcpquota != NULL) { - isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * We went over quota with this client, we don't -+ * want to restart listening unless this is the -+ * last client on this interface, which is -+ * checked later. -+ */ -+ if (TCP_CLIENT(client)) { -+ client->mortal = true; -+ } -+ } - - if (client->timerset) { - (void)isc_timer_reset(client->timer, --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch deleted file mode 100644 index a8d601dcaa..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Pending - -Subject: gen.c: extend DIRNAMESIZE from 256 to 512 - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - lib/dns/gen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,7 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 --#define DIRNAMESIZE 256 -+#define DIRNAMESIZE 512 - - static struct cc { - struct cc *next; diff --git a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch deleted file mode 100644 index 01874a4407..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Wed, 16 Sep 2015 20:23:47 -0700 -Subject: [PATCH] lib/dns/gen.c: fix too long error - -The 512 is a little short when build in deep dir, and cause "too long" -error, use PATH_MAX if defined. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - lib/dns/gen.c | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: bind-9.11.3/lib/dns/gen.c -=================================================================== ---- bind-9.11.3.orig/lib/dns/gen.c -+++ bind-9.11.3/lib/dns/gen.c -@@ -130,7 +130,11 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 -+#ifdef PATH_MAX -+#define DIRNAMESIZE PATH_MAX -+#else - #define DIRNAMESIZE 512 -+#endif - - static struct cc { - struct cc *next; diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 75908aa638..4c10f33f04 100644 --- a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -1,4 +1,4 @@ -From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 +From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> Date: Mon, 27 Aug 2018 21:24:20 +0800 Subject: [PATCH] `named/lwresd -V' and start log hide build options @@ -12,23 +12,24 @@ $ named -V Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster <akuster@mvista.com> + --- - bin/named/include/named/globals.h | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h -index ba3457e..7741da7 100644 ---- a/bin/named/include/named/globals.h -+++ b/bin/named/include/named/globals.h -@@ -68,7 +68,7 @@ EXTERN const char * ns_g_version INIT(VERSION); - EXTERN const char * ns_g_product INIT(PRODUCT); - EXTERN const char * ns_g_description INIT(DESCRIPTION); - EXTERN const char * ns_g_srcid INIT(SRCID); --EXTERN const char * ns_g_configargs INIT(CONFIGARGS); -+EXTERN const char * ns_g_configargs INIT("*** (options are hidden)"); - EXTERN const char * ns_g_builder INIT(BUILDER); - EXTERN in_port_t ns_g_port INIT(0); - EXTERN isc_dscp_t ns_g_dscp INIT(-1); --- -2.7.4 - +diff --git a/configure.ac b/configure.ac +index bf20690..c5d330f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par + AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) + AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) + +-bind_CONFIGARGS="${ac_configure_args:-default}" ++bind_CONFIGARGS="(removed for reproducibility)" + AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) + + AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch b/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch deleted file mode 100644 index ca4e8b1a66..0000000000 --- a/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch +++ /dev/null @@ -1,670 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> -Date: Fri, 4 Jan 2019 12:50:51 +0100 -Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2) - -the TCP client quota could still be ineffective under some -circumstances. this change: - -- improves quota accounting to ensure that TCP clients are - properly limited, while still guaranteeing that at least one client - is always available to serve TCP connections on each interface. -- uses more descriptive names and removes one (ntcptarget) that - was no longer needed -- adds comments - -(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2) -(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396) ---- - bin/named/client.c | 311 ++++++++++++++++++++----- - bin/named/include/named/client.h | 14 +- - bin/named/include/named/interfacemgr.h | 11 +- - bin/named/interfacemgr.c | 8 +- - 4 files changed, 267 insertions(+), 77 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 0739dd48af..a7b49a0f71 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, -- isc_socket_t *sock); -+ isc_socket_t *sock, ns_client_t *oldclient); - static inline bool --allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr, -- uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl); -+allowed(isc_netaddr_t *addr, dns_name_t *signer, -+ isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -+ uint8_t *ecs_scope, dns_acl_t *acl) - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) { - */ - INSIST(client->recursionquota == NULL); - INSIST(client->newstate <= NS_CLIENTSTATE_READY); -- if (client->nreads > 0) -+ -+ if (client->nreads > 0) { - dns_tcpmsg_cancelread(&client->tcpmsg); -+ } -+ - if (client->nreads != 0) { - /* Still waiting for read cancel completion. */ - return (true); -@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_invalidate(&client->tcpmsg); - client->tcpmsg_valid = false; - } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } - } - - if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } else { - /* -- * We went over quota with this client, we don't -- * want to restart listening unless this is the -- * last client on this interface, which is -- * checked later. -+ * If we are not in a pipeline group, or -+ * we are the last client in the group, detach from -+ * tcpquota; otherwise, transfer the quota to -+ * another client in the same group. - */ -- if (TCP_CLIENT(client)) { -- client->mortal = true; -+ if (!ISC_LINK_LINKED(client, glink) || -+ (client->glink.next == NULL && -+ client->glink.prev == NULL)) -+ { -+ isc_quota_detach(&client->tcpquota); -+ } else if (client->glink.next != NULL) { -+ INSIST(client->glink.next->tcpquota == NULL); -+ client->glink.next->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; -+ } else { -+ INSIST(client->glink.prev->tcpquota == NULL); -+ client->glink.prev->tcpquota = client->tcpquota; -+ client->tcpquota = NULL; - } - } - -+ /* -+ * Unlink from pipeline group. -+ */ -+ if (ISC_LINK_LINKED(client, glink)) { -+ if (client->glink.next != NULL) { -+ client->glink.next->glink.prev = -+ client->glink.prev; -+ } -+ if (client->glink.prev != NULL) { -+ client->glink.prev->glink.next = -+ client->glink.next; -+ } -+ ISC_LINK_INIT(client, glink); -+ } -+ - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) { - * that already. Check whether this client needs to remain - * active and force it to go inactive if not. - * -- * UDP clients go inactive at this point, but TCP clients -- * may remain active if we have fewer active TCP client -- * objects than desired due to an earlier quota exhaustion. -+ * UDP clients go inactive at this point, but a TCP client -+ * will needs to remain active if no other clients are -+ * listening for TCP requests on this interface, to -+ * prevent this interface from going nonresponsive. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpcurrent < -- client->interface->ntcptarget) -+ if (client->interface->ntcpaccepting == 0) { - client->mortal = false; -+ } - UNLOCK(&client->interface->lock); - } - -@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) { - * queue for recycling. - */ - if (client->mortal) { -- if (client->newstate > NS_CLIENTSTATE_INACTIVE) -+ if (client->newstate > NS_CLIENTSTATE_INACTIVE) { - client->newstate = NS_CLIENTSTATE_INACTIVE; -+ } - } - - if (NS_CLIENTSTATE_READY == client->newstate) { - if (TCP_CLIENT(client)) { - client_accept(client); -- } else -+ } else { - client_udprecv(client); -+ } - client->newstate = NS_CLIENTSTATE_MAX; - return (true); - } -@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) { - /* - * We are trying to enter the inactive state. - */ -- if (client->naccepts > 0) -+ if (client->naccepts > 0) { - isc_socket_cancel(client->tcplistener, client->task, - ISC_SOCKCANCEL_ACCEPT); -+ } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) -+ if (! (client->naccepts == 0)) { - return (true); -+ } - - /* Accept cancel is complete. */ -- if (client->nrecvs > 0) -+ if (client->nrecvs > 0) { - isc_socket_cancel(client->udpsocket, client->task, - ISC_SOCKCANCEL_RECV); -+ } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) -+ if (! (client->nrecvs == 0)) { - return (true); -+ } - - /* Still waiting for control event to be delivered */ -- if (client->nctls > 0) -+ if (client->nctls > 0) { - return (true); -- -- /* Deactivate the client. */ -- if (client->interface) -- ns_interface_detach(&client->interface); -+ } - - INSIST(client->naccepts == 0); - INSIST(client->recursionquota == NULL); -- if (client->tcplistener != NULL) -+ if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); - -- if (client->udpsocket != NULL) -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ INSIST(client->interface->ntcpactive > 0); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; -+ } -+ } -+ if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -+ } - -- if (client->dispatch != NULL) -+ /* Deactivate the client. */ -+ if (client->interface != NULL) { -+ ns_interface_detach(&client->interface); -+ } -+ -+ if (client->dispatch != NULL) { - dns_dispatch_detach(&client->dispatch); -+ } - - client->attributes = 0; - client->mortal = false; -@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) { - client->newstate = NS_CLIENTSTATE_MAX; - if (!ns_g_clienttest && manager != NULL && - !manager->exiting) -+ { - ISC_QUEUE_PUSH(manager->inactive, client, - ilink); -- if (client->needshutdown) -+ } -+ if (client->needshutdown) { - isc_task_shutdown(client->task); -+ } - return (true); - } - } -@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) { - } - } - -- - /*% - * The client's task has received a shutdown event. - */ -@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) -+ if (client->message->opcode != dns_opcode_query) { - client->pipelined = false; -+ } - if (TCP_CLIENT(client) && client->pipelined) { -- result = isc_quota_reserve(&ns_g_server->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -+ result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(read): %s", -- isc_result_totext(result)); - client->pipelined = false; - } - } -@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->filter_aaaa = dns_aaaa_ok; - #endif - client->needshutdown = ns_g_clienttest; -+ client->tcpactive = false; - - ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, - NS_EVENT_CLIENTCONTROL, client_start, client, client, -@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -+ ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - - INSIST(client->state == NS_CLIENTSTATE_READY); - -+ /* -+ * The accept() was successful and we're now establishing a new -+ * connection. We need to make note of it in the client and -+ * interface objects so client objects can do the right thing -+ * when going inactive in exit_check() (see comments in -+ * client_accept() for details). -+ */ - INSIST(client->naccepts == 1); - client->naccepts--; - - LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpcurrent > 0); -- client->interface->ntcpcurrent--; -+ INSIST(client->interface->ntcpaccepting > 0); -+ client->interface->ntcpaccepting--; - UNLOCK(&client->interface->lock); - - /* -@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - } - - if (exit_check(client)) -@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * deny service to legitimate TCP clients. - */ - client->pipelined = false; -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -- if (result == ISC_R_SUCCESS) -- result = ns_client_replace(client); -- if (result != ISC_R_SUCCESS) { -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -- "no more TCP clients(accept): %s", -- isc_result_totext(result)); -- } else if (ns_g_server->keepresporder == NULL || -- !allowed(&netaddr, NULL, NULL, 0, NULL, -- ns_g_server->keepresporder)) { -+ result = ns_client_replace(client); -+ if (result == ISC_R_SUCCESS && -+ (client->sctx->keepresporder == NULL || -+ !allowed(&netaddr, NULL, NULL, 0, NULL, -+ ns_g_server->keepresporder))) -+ { - client->pipelined = true; - } - -@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) { - - CTRACE("accept"); - -+ /* -+ * The tcpquota object can only be simultaneously referenced a -+ * pre-defined number of times; this is configured by 'tcp-clients' -+ * in named.conf. If we can't attach to it here, that means the TCP -+ * client quota has been exceeded. -+ */ -+ result = isc_quota_attach(&client->sctx->tcpquota, -+ &client->tcpquota); -+ if (result != ISC_R_SUCCESS) { -+ bool exit; -+ -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -+ "no more TCP clients: %s", -+ isc_result_totext(result)); -+ -+ /* -+ * We have exceeded the system-wide TCP client -+ * quota. But, we can't just block this accept -+ * in all cases, because if we did, a heavy TCP -+ * load on other interfaces might cause this -+ * interface to be starved, with no clients able -+ * to accept new connections. -+ * -+ * So, we check here to see if any other client -+ * is already servicing TCP queries on this -+ * interface (whether accepting, reading, or -+ * processing). -+ * -+ * If so, then it's okay *not* to call -+ * accept - we can let this client to go inactive -+ * and the other one handle the next connection -+ * when it's ready. -+ * -+ * But if not, then we need to be a little bit -+ * flexible about the quota. We allow *one* extra -+ * TCP client through, to ensure we're listening on -+ * every interface. -+ * -+ * (Note: In practice this means that the *real* -+ * TCP client quota is tcp-clients plus the number -+ * of interfaces.) -+ */ -+ LOCK(&client->interface->lock); -+ exit = (client->interface->ntcpactive > 0); -+ UNLOCK(&client->interface->lock); -+ -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } -+ } -+ -+ /* -+ * By incrementing the interface's ntcpactive counter we signal -+ * that there is at least one client servicing TCP queries for the -+ * interface. -+ * -+ * We also make note of the fact in the client itself with the -+ * tcpactive flag. This ensures proper accounting by preventing -+ * us from accidentally incrementing or decrementing ntcpactive -+ * more than once per client object. -+ */ -+ if (!client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ } -+ - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); - if (result != ISC_R_SUCCESS) { -- UNEXPECTED_ERROR(__FILE__, __LINE__, -- "isc_socket_accept() failed: %s", -- isc_result_totext(result)); - /* - * XXXRTH What should we do? We're trying to accept but - * it didn't work. If we just give up, then TCP -@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) { - * - * For now, we just go idle. - */ -+ UNEXPECTED_ERROR(__FILE__, __LINE__, -+ "isc_socket_accept() failed: %s", -+ isc_result_totext(result)); -+ if (client->tcpquota != NULL) { -+ isc_quota_detach(&client->tcpquota); -+ } - return; - } -+ -+ /* -+ * The client's 'naccepts' counter indicates that this client has -+ * called accept() and is waiting for a new connection. It should -+ * never exceed 1. -+ */ - INSIST(client->naccepts == 0); - client->naccepts++; -+ -+ /* -+ * The interface's 'ntcpaccepting' counter is incremented when -+ * any client calls accept(), and decremented in client_newconn() -+ * once the connection is established. -+ * -+ * When the client object is shutting down after handling a TCP -+ * request (see exit_check()), it looks to see whether this value is -+ * non-zero. If so, that means another client has already called -+ * accept() and is waiting to establish the next connection, which -+ * means the first client is free to go inactive. Otherwise, -+ * the first client must come back and call accept() again; this -+ * guarantees there will always be at least one client listening -+ * for new TCP connections on each interface. -+ */ - LOCK(&client->interface->lock); -- client->interface->ntcpcurrent++; -+ client->interface->ntcpaccepting++; - UNLOCK(&client->interface->lock); - } - -@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) { - tcp = TCP_CLIENT(client); - if (tcp && client->pipelined) { - result = get_worker(client->manager, client->interface, -- client->tcpsocket); -+ client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, - client->dispatch, tcp); - } -- if (result != ISC_R_SUCCESS) -+ if (result != ISC_R_SUCCESS) { - return (result); -+ } - - /* - * The responsibility for listening for new requests is hereby -@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -+ - } else { - isc_socket_t *sock; - -@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - } - - static isc_result_t --get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) -+get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, -+ ns_client_t *oldclient) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - MTRACE("get worker"); - - REQUIRE(manager != NULL); -+ REQUIRE(oldclient != NULL); - - if (manager->exiting) - return (ISC_R_SHUTTINGDOWN); -@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -+ -+ /* -+ * Transfer TCP quota to the new client. -+ */ -+ INSIST(client->tcpquota == NULL); -+ INSIST(oldclient->tcpquota != NULL); -+ client->tcpquota = oldclient->tcpquota; -+ oldclient->tcpquota = NULL; -+ -+ /* -+ * Link to a pipeline group, creating it if needed. -+ */ -+ if (!ISC_LINK_LINKED(oldclient, glink)) { -+ oldclient->glink.next = NULL; -+ oldclient->glink.prev = NULL; -+ } -+ client->glink.next = oldclient->glink.next; -+ client->glink.prev = oldclient; -+ if (oldclient->glink.next != NULL) { -+ oldclient->glink.next->glink.prev = client; -+ } -+ oldclient->glink.next = client; - - client->dscp = ifp->dscp; - -@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock) - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ -+ client->tcpactive = true; -+ - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index b23a7b191d..1f7973f9c5 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -94,7 +94,8 @@ struct ns_client { - int nupdates; - int nctls; - int references; -- bool needshutdown; /* -+ bool tcpactive; -+ bool needshutdown; /* - * Used by clienttest to get - * the client to go from - * inactive to free state -@@ -130,9 +131,9 @@ struct ns_client { - isc_stdtime_t now; - isc_time_t tnow; - dns_name_t signername; /*%< [T]SIG key name */ -- dns_name_t * signer; /*%< NULL if not valid sig */ -- bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -+ dns_name_t *signer; /*%< NULL if not valid sig */ -+ bool mortal; /*%< Die after handling request */ -+ bool pipelined; /*%< TCP queries not in sequence */ - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -143,8 +144,8 @@ struct ns_client { - isc_sockaddr_t destsockaddr; - - isc_netaddr_t ecs_addr; /*%< EDNS client subnet */ -- uint8_t ecs_addrlen; -- uint8_t ecs_scope; -+ uint8_t ecs_addrlen; -+ uint8_t ecs_scope; - - struct in6_pktinfo pktinfo; - isc_dscp_t dscp; -@@ -166,6 +167,7 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -+ ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 7d1883e1e8..61b08826a6 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -77,9 +77,14 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcptarget; /*%< Desired number of concurrent -- TCP accepts */ -- int ntcpcurrent; /*%< Current ditto, locked */ -+ int ntcpaccepting; /*%< Number of clients -+ ready to accept new -+ TCP connections on this -+ interface */ -+ int ntcpactive; /*%< Number of clients -+ servicing TCP queries -+ (whether accepting or -+ connected) */ - int nudpdispatch; /*%< Number of UDP dispatches */ - ns_clientmgr_t * clientmgr; /*%< Client manager. */ - ISC_LINK(ns_interface_t) link; -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 419927bf54..955096ef47 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcptarget = 1; -- ifp->ntcpcurrent = 0; -+ ifp->ntcpaccepting = 0; -+ ifp->ntcpactive = 0; - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) { - */ - (void)isc_socket_filter(ifp->tcpsocket, "dataready"); - -- result = ns_clientmgr_createclients(ifp->clientmgr, -- ifp->ntcptarget, ifp, -- true); -+ result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "TCP ns_clientmgr_createclients(): %s", --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch deleted file mode 100644 index 032cfb8c44..0000000000 --- a/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch +++ /dev/null @@ -1,278 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org> -Date: Thu, 17 Jan 2019 15:53:38 +0100 -Subject: [PATCH 3/6] use reference counter for pipeline groups (v3) - -Track pipeline groups using a shared reference counter -instead of a linked list. - -(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91) -(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb) ---- - bin/named/client.c | 171 ++++++++++++++++++++----------- - bin/named/include/named/client.h | 2 +- - 2 files changed, 110 insertions(+), 63 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index a7b49a0f71..277656cef0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - } - -+/*% -+ * Allocate a reference counter that will track the number of client structures -+ * using the TCP connection that 'client' called accept() for. This counter -+ * will be shared between all client structures associated with this TCP -+ * connection. -+ */ -+static void -+pipeline_init(ns_client_t *client) { -+ isc_refcount_t *refs; -+ -+ REQUIRE(client->pipeline_refs == NULL); -+ -+ /* -+ * A global memory context is used for the allocation as different -+ * client structures may have different memory contexts assigned and a -+ * reference counter allocated here might need to be freed by a -+ * different client. The performance impact caused by memory context -+ * contention here is expected to be negligible, given that this code -+ * is only executed for TCP connections. -+ */ -+ refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ isc_refcount_init(refs, 1); -+ client->pipeline_refs = refs; -+} -+ -+/*% -+ * Increase the count of client structures using the TCP connection that -+ * 'source' is associated with and put a pointer to that count in 'target', -+ * thus associating it with the same TCP connection. -+ */ -+static void -+pipeline_attach(ns_client_t *source, ns_client_t *target) { -+ int old_refs; -+ -+ REQUIRE(source->pipeline_refs != NULL); -+ REQUIRE(target->pipeline_refs == NULL); -+ -+ old_refs = isc_refcount_increment(source->pipeline_refs); -+ INSIST(old_refs > 0); -+ target->pipeline_refs = source->pipeline_refs; -+} -+ -+/*% -+ * Decrease the count of client structures using the TCP connection that -+ * 'client' is associated with. If this is the last client using this TCP -+ * connection, free the reference counter and return true; otherwise, return -+ * false. -+ */ -+static bool -+pipeline_detach(ns_client_t *client) { -+ isc_refcount_t *refs; -+ int old_refs; -+ -+ REQUIRE(client->pipeline_refs != NULL); -+ -+ refs = client->pipeline_refs; -+ client->pipeline_refs = NULL; -+ -+ old_refs = isc_refcount_decrement(refs); -+ INSIST(old_refs > 0); -+ -+ if (old_refs == 1) { -+ isc_mem_free(client->sctx->mctx, refs); -+ return (true); -+ } -+ -+ return (false); -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -+ if (client->tcpquota != NULL) { -+ if (client->pipeline_refs == NULL || -+ pipeline_detach(client)) -+ { -+ /* -+ * Only detach from the TCP client quota if -+ * there are no more client structures using -+ * this TCP connection. -+ * -+ * Note that we check 'pipeline_refs' and not -+ * 'pipelined' because in some cases (e.g. -+ * after receiving a request with an opcode -+ * different than QUERY) 'pipelined' is set to -+ * false after the reference counter gets -+ * allocated in pipeline_init() and we must -+ * still drop our reference as failing to do so -+ * would prevent the reference counter itself -+ * from being freed. -+ */ -+ isc_quota_detach(&client->tcpquota); -+ } else { -+ /* -+ * There are other client structures using this -+ * TCP connection, so we cannot detach from the -+ * TCP client quota to prevent excess TCP -+ * connections from being accepted. However, -+ * this client structure might later be reused -+ * for accepting new connections and thus must -+ * have its 'tcpquota' field set to NULL. -+ */ -+ client->tcpquota = NULL; -+ } -+ } -+ - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) { - } - } - -- if (client->tcpquota != NULL) { -- /* -- * If we are not in a pipeline group, or -- * we are the last client in the group, detach from -- * tcpquota; otherwise, transfer the quota to -- * another client in the same group. -- */ -- if (!ISC_LINK_LINKED(client, glink) || -- (client->glink.next == NULL && -- client->glink.prev == NULL)) -- { -- isc_quota_detach(&client->tcpquota); -- } else if (client->glink.next != NULL) { -- INSIST(client->glink.next->tcpquota == NULL); -- client->glink.next->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } else { -- INSIST(client->glink.prev->tcpquota == NULL); -- client->glink.prev->tcpquota = client->tcpquota; -- client->tcpquota = NULL; -- } -- } -- -- /* -- * Unlink from pipeline group. -- */ -- if (ISC_LINK_LINKED(client, glink)) { -- if (client->glink.next != NULL) { -- client->glink.next->glink.prev = -- client->glink.prev; -- } -- if (client->glink.prev != NULL) { -- client->glink.prev->glink.next = -- client->glink.next; -- } -- ISC_LINK_INIT(client, glink); -- } -- - if (client->timerset) { - (void)isc_timer_reset(client->timer, - isc_timertype_inactive, -@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - dns_name_init(&client->signername, NULL); - client->mortal = false; - client->pipelined = false; -+ client->pipeline_refs = NULL; - client->tcpquota = NULL; - client->recursionquota = NULL; - client->interface = NULL; -@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->formerrcache.id = 0; - ISC_LINK_INIT(client, link); - ISC_LINK_INIT(client, rlink); -- ISC_LINK_INIT(client, glink); - ISC_QLINK_INIT(client, ilink); - client->keytag = NULL; - client->keytag_len = 0; -@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -+ pipeline_init(client); - client->pipelined = true; - } - -@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- -- /* -- * Transfer TCP quota to the new client. -- */ -- INSIST(client->tcpquota == NULL); -- INSIST(oldclient->tcpquota != NULL); -- client->tcpquota = oldclient->tcpquota; -- oldclient->tcpquota = NULL; -- -- /* -- * Link to a pipeline group, creating it if needed. -- */ -- if (!ISC_LINK_LINKED(oldclient, glink)) { -- oldclient->glink.next = NULL; -- oldclient->glink.prev = NULL; -- } -- client->glink.next = oldclient->glink.next; -- client->glink.prev = oldclient; -- if (oldclient->glink.next != NULL) { -- oldclient->glink.next->glink.prev = client; -- } -- oldclient->glink.next = client; -+ client->tcpquota = &client->sctx->tcpquota; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; -- client->pipelined = true; - client->mortal = true; - -+ pipeline_attach(oldclient, client); -+ client->pipelined = true; -+ - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); - isc_socket_setname(client->tcpsocket, "worker-tcp", NULL); -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index 1f7973f9c5..aeed9ccdda 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -134,6 +134,7 @@ struct ns_client { - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ - bool pipelined; /*%< TCP queries not in sequence */ -+ isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; - isc_quota_t *recursionquota; - ns_interface_t *interface; -@@ -167,7 +168,6 @@ struct ns_client { - - ISC_LINK(ns_client_t) link; - ISC_LINK(ns_client_t) rlink; -- ISC_LINK(ns_client_t) glink; - ISC_QLINK(ns_client_t) ilink; - unsigned char cookie[8]; - uint32_t expire; --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch b/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch deleted file mode 100644 index 034ab13303..0000000000 --- a/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch +++ /dev/null @@ -1,512 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:12:18 -0700 -Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks - -- ensure that tcpactive is cleaned up correctly when accept() fails. -- set 'client->tcpattached' when the client is attached to the tcpquota. - carry this value on to new clients sharing the same pipeline group. - don't call isc_quota_detach() on the tcpquota unless tcpattached is - set. this way clients that were allowed to accept TCP connections - despite being over quota (and therefore, were never attached to the - quota) will not inadvertently detach from it and mess up the - accounting. -- simplify the code for tcpquota disconnection by using a new function - tcpquota_disconnect(). -- before deciding whether to reject a new connection due to quota - exhaustion, check to see whether there are at least two active - clients. previously, this was "at least one", but that could be - insufficient if there was one other client in READING state (waiting - for messages on an open connection) but none in READY (listening - for new connections). -- before deciding whether a TCP client object can to go inactive, we - must ensure there are enough other clients to maintain service - afterward -- both accepting new connections and reading/processing new - queries. A TCP client can't shut down unless at least one - client is accepting new connections and (in the case of pipelined - clients) at least one additional client is waiting to read. - -(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900) -(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856) -(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3) ---- - bin/named/client.c | 244 +++++++++++++++++++------------ - bin/named/include/named/client.h | 3 +- - 2 files changed, 152 insertions(+), 95 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 277656cef0..61e96dd28c 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp); -+ dns_dispatch_t *disp, ns_client_t *oldclient, -+ bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool - allowed(isc_netaddr_t *addr, dns_name_t *signer, - isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen, -- uint8_t *ecs_scope, dns_acl_t *acl) -+ uint8_t *ecs_scope, dns_acl_t *acl); - static void compute_cookie(ns_client_t *client, uint32_t when, - uint32_t nonce, const unsigned char *secret, - isc_buffer_t *buf); -@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs)); -+ refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); - isc_refcount_init(refs, 1); - client->pipeline_refs = refs; - } -@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) { - */ - static void - pipeline_attach(ns_client_t *source, ns_client_t *target) { -- int old_refs; -+ int refs; - - REQUIRE(source->pipeline_refs != NULL); - REQUIRE(target->pipeline_refs == NULL); - -- old_refs = isc_refcount_increment(source->pipeline_refs); -- INSIST(old_refs > 0); -+ isc_refcount_increment(source->pipeline_refs, &refs); -+ INSIST(refs > 1); - target->pipeline_refs = source->pipeline_refs; - } - -@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) { - */ - static bool - pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refs; -- int old_refs; -+ isc_refcount_t *refcount; -+ int refs; - - REQUIRE(client->pipeline_refs != NULL); - -- refs = client->pipeline_refs; -+ refcount = client->pipeline_refs; - client->pipeline_refs = NULL; - -- old_refs = isc_refcount_decrement(refs); -- INSIST(old_refs > 0); -+ isc_refcount_decrement(refcount, refs); - -- if (old_refs == 1) { -- isc_mem_free(client->sctx->mctx, refs); -+ if (refs == 0) { -+ isc_mem_free(ns_g_mctx, refs); - return (true); - } - - return (false); - } - -+/* -+ * Detach a client from the TCP client quota if appropriate, and set -+ * the quota pointer to NULL. -+ * -+ * Sometimes when the TCP client quota is exhausted but there are no other -+ * clients servicing the interface, a client will be allowed to continue -+ * running despite not having been attached to the quota. In this event, -+ * the TCP quota was never attached to the client, so when the client (or -+ * associated pipeline group) shuts down, the quota must NOT be detached. -+ * -+ * Otherwise, if the quota pointer is set, it should be detached. If not -+ * set at all, we just return without doing anything. -+ */ -+static void -+tcpquota_disconnect(ns_client_t *client) { -+ if (client->tcpquota == NULL) { -+ return; -+ } -+ -+ if (client->tcpattached) { -+ isc_quota_detach(&client->tcpquota); -+ client->tcpattached = false; -+ } else { -+ client->tcpquota = NULL; -+ } -+} -+ - /*% - * Check for a deactivation or shutdown request and take appropriate - * action. Returns true if either is in progress; in this case -@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) { - client->tcpmsg_valid = false; - } - -- if (client->tcpquota != NULL) { -- if (client->pipeline_refs == NULL || -- pipeline_detach(client)) -- { -- /* -- * Only detach from the TCP client quota if -- * there are no more client structures using -- * this TCP connection. -- * -- * Note that we check 'pipeline_refs' and not -- * 'pipelined' because in some cases (e.g. -- * after receiving a request with an opcode -- * different than QUERY) 'pipelined' is set to -- * false after the reference counter gets -- * allocated in pipeline_init() and we must -- * still drop our reference as failing to do so -- * would prevent the reference counter itself -- * from being freed. -- */ -- isc_quota_detach(&client->tcpquota); -- } else { -- /* -- * There are other client structures using this -- * TCP connection, so we cannot detach from the -- * TCP client quota to prevent excess TCP -- * connections from being accepted. However, -- * this client structure might later be reused -- * for accepting new connections and thus must -- * have its 'tcpquota' field set to NULL. -- */ -- client->tcpquota = NULL; -- } -+ /* -+ * Detach from pipeline group and from TCP client quota, -+ * if appropriate. -+ * -+ * - If no pipeline group is active, attempt to -+ * detach from the TCP client quota. -+ * -+ * - If a pipeline group is active, detach from it; -+ * if the return code indicates that there no more -+ * clients left if this pipeline group, we also detach -+ * from the TCP client quota. -+ * -+ * - Otherwise we don't try to detach, we just set the -+ * TCP quota pointer to NULL if it wasn't NULL already. -+ * -+ * tcpquota_disconnect() will set tcpquota to NULL, either -+ * by detaching it or by assignment, depending on the -+ * needs of the client. See the comments on that function -+ * for further information. -+ */ -+ if (client->pipeline_refs == NULL || pipeline_detach(client)) { -+ tcpquota_disconnect(client); -+ } else { -+ client->tcpquota = NULL; -+ client->tcpattached = false; - } - - if (client->tcpsocket != NULL) { -@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) { - client->timerset = false; - } - -- client->pipelined = false; -- - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) { - * active and force it to go inactive if not. - * - * UDP clients go inactive at this point, but a TCP client -- * will needs to remain active if no other clients are -- * listening for TCP requests on this interface, to -- * prevent this interface from going nonresponsive. -+ * may need to remain active and go into ready state if -+ * no other clients are available to listen for TCP -+ * requests on this interface or (in the case of pipelined -+ * clients) to read for additional messages on the current -+ * connection. - */ - if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { - LOCK(&client->interface->lock); -- if (client->interface->ntcpaccepting == 0) { -+ if ((client->interface->ntcpaccepting == 0 || -+ (client->pipelined && -+ client->interface->ntcpactive < 2)) && -+ client->newstate != NS_CLIENTSTATE_FREED) -+ { - client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; - } - UNLOCK(&client->interface->lock); - } - -+ client->pipelined = false; -+ - /* - * We don't need the client; send it to the inactive - * queue for recycling. -@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - } - if (TCP_CLIENT(client) && client->pipelined) { -+ /* -+ * We're pipelining. Replace the client; the -+ * the replacement can read the TCP socket looking -+ * for new messages and this client can process the -+ * current message asynchronously. -+ * -+ * There are now at least three clients using this -+ * TCP socket - one accepting new connections, -+ * one reading an existing connection to get new -+ * messages, and one answering the message already -+ * received. -+ */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { - client->pipelined = false; -@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->pipelined = false; - client->pipeline_refs = NULL; - client->tcpquota = NULL; -+ client->tcpattached = false; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -- } -+ tcpquota_disconnect(client); - } - - if (exit_check(client)) -@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && -- (client->sctx->keepresporder == NULL || -+ (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) { - * in named.conf. If we can't attach to it here, that means the TCP - * client quota has been exceeded. - */ -- result = isc_quota_attach(&client->sctx->tcpquota, -+ result = isc_quota_attach(&ns_g_server->tcpquota, - &client->tcpquota); - if (result != ISC_R_SUCCESS) { - bool exit; -@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) { - * interface to be starved, with no clients able - * to accept new connections. - * -- * So, we check here to see if any other client -- * is already servicing TCP queries on this -+ * So, we check here to see if any other clients -+ * are already servicing TCP queries on this - * interface (whether accepting, reading, or -- * processing). -- * -- * If so, then it's okay *not* to call -- * accept - we can let this client to go inactive -- * and the other one handle the next connection -- * when it's ready. -+ * processing). If there are at least two -+ * (one reading and one processing a request) -+ * then it's okay *not* to call accept - we -+ * can let this client go inactive and another -+ * one will resume accepting when it's done. - * -- * But if not, then we need to be a little bit -- * flexible about the quota. We allow *one* extra -- * TCP client through, to ensure we're listening on -- * every interface. -+ * If there aren't enough active clients on the -+ * interface, then we can be a little bit -+ * flexible about the quota. We'll allow *one* -+ * extra client through to ensure we're listening -+ * on every interface. - * -- * (Note: In practice this means that the *real* -- * TCP client quota is tcp-clients plus the number -- * of interfaces.) -+ * (Note: In practice this means that the real -+ * TCP client quota is tcp-clients plus the -+ * number of listening interfaces plus 2.) - */ - LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 0); -+ exit = (client->interface->ntcpactive > 1); - UNLOCK(&client->interface->lock); - - if (exit) { -@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) { - (void)exit_check(client); - return; - } -+ -+ } else { -+ client->tcpattached = true; - } - - /* -@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_socket_accept() failed: %s", - isc_result_totext(result)); -- if (client->tcpquota != NULL) { -- isc_quota_detach(&client->tcpquota); -+ -+ tcpquota_disconnect(client); -+ -+ if (client->tcpactive) { -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive--; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = false; - } -+ - return; - } - -@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) { - * once the connection is established. - * - * When the client object is shutting down after handling a TCP -- * request (see exit_check()), it looks to see whether this value is -- * non-zero. If so, that means another client has already called -- * accept() and is waiting to establish the next connection, which -- * means the first client is free to go inactive. Otherwise, -- * the first client must come back and call accept() again; this -- * guarantees there will always be at least one client listening -- * for new TCP connections on each interface. -+ * request (see exit_check()), if this value is at least one, that -+ * means another client has called accept() and is waiting to -+ * establish the next connection. That means the client may be -+ * be free to become inactive; otherwise it may need to start -+ * listening for connections itself to prevent the interface -+ * going dead. - */ - LOCK(&client->interface->lock); - client->interface->ntcpaccepting++; -@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) { - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, tcp); -+ client->dispatch, client, tcp); -+ -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; -- - return (ISC_R_SUCCESS); - } - -@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, bool tcp) -+ dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -+ client->tcpattached = false; -+ if (oldclient != NULL) { -+ client->tcpattached = oldclient->tcpattached; -+ } -+ -+ LOCK(&client->interface->lock); -+ client->interface->ntcpactive++; -+ UNLOCK(&client->interface->lock); -+ client->tcpactive = true; -+ - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); -@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &client->sctx->tcpquota; -+ client->tcpquota = &ns_g_server->tcpquota; -+ client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - -@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - LOCK(&client->interface->lock); - client->interface->ntcpactive++; - UNLOCK(&client->interface->lock); -- - client->tcpactive = true; - - INSIST(client->tcpmsg_valid == false); -@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], -+ NULL, tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index aeed9ccdda..e2c40acd28 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */ -- - #ifndef NAMED_CLIENT_H - #define NAMED_CLIENT_H 1 - -@@ -136,6 +134,7 @@ struct ns_client { - bool pipelined; /*%< TCP queries not in sequence */ - isc_refcount_t *pipeline_refs; - isc_quota_t *tcpquota; -+ bool tcpattached; - isc_quota_t *recursionquota; - ns_interface_t *interface; - --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch b/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch deleted file mode 100644 index 987e75bc0e..0000000000 --- a/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch +++ /dev/null @@ -1,911 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:26:05 -0700 -Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case - overrun in isc_quota - -- if the TCP quota has been exceeded but there are no clients listening - for new connections on the interface, we can now force attachment to the - quota using isc_quota_force(), instead of carrying on with the quota not - attached. -- the TCP client quota is now referenced via a reference-counted - 'ns_tcpconn' object, one of which is created whenever a client begins - listening for new connections, and attached to by members of that - client's pipeline group. when the last reference to the tcpconn - object is detached, it is freed and the TCP quota slot is released. -- reduce code duplication by adding mark_tcp_active() function. -- convert counters to atomic. - -(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b) -(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46) -(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9) ---- - bin/named/client.c | 444 +++++++++++-------------- - bin/named/include/named/client.h | 12 +- - bin/named/include/named/interfacemgr.h | 6 +- - bin/named/interfacemgr.c | 1 + - lib/isc/include/isc/quota.h | 7 + - lib/isc/quota.c | 33 +- - lib/isc/win32/libisc.def.in | 1 + - 7 files changed, 236 insertions(+), 268 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 61e96dd28c..d826ab32bf 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event); - static void client_request(isc_task_t *task, isc_event_t *event); - static void ns_client_dumpmessage(ns_client_t *client, const char *reason); - static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, -- bool tcp); -+ dns_dispatch_t *disp, bool tcp); - static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, - isc_socket_t *sock, ns_client_t *oldclient); - static inline bool -@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { - } - - /*% -- * Allocate a reference counter that will track the number of client structures -- * using the TCP connection that 'client' called accept() for. This counter -- * will be shared between all client structures associated with this TCP -- * connection. -+ * Allocate a reference-counted object that will maintain a single pointer to -+ * the (also reference-counted) TCP client quota, shared between all the -+ * clients processing queries on a single TCP connection, so that all -+ * clients sharing the one socket will together consume only one slot in -+ * the 'tcp-clients' quota. - */ --static void --pipeline_init(ns_client_t *client) { -- isc_refcount_t *refs; -+static isc_result_t -+tcpconn_init(ns_client_t *client, bool force) { -+ isc_result_t result; -+ isc_quota_t *quota = NULL; -+ ns_tcpconn_t *tconn = NULL; - -- REQUIRE(client->pipeline_refs == NULL); -+ REQUIRE(client->tcpconn == NULL); -+ -+ /* -+ * Try to attach to the quota first, so we won't pointlessly -+ * allocate memory for a tcpconn object if we can't get one. -+ */ -+ if (force) { -+ result = isc_quota_force(&ns_g_server->tcpquota, "a); -+ } else { -+ result = isc_quota_attach(&ns_g_server->tcpquota, "a); -+ } -+ if (result != ISC_R_SUCCESS) { -+ return (result); -+ } - - /* - * A global memory context is used for the allocation as different -@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) { - * contention here is expected to be negligible, given that this code - * is only executed for TCP connections. - */ -- refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs)); -- isc_refcount_init(refs, 1); -- client->pipeline_refs = refs; -+ tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn)); -+ -+ isc_refcount_init(&tconn->refs, 1); -+ tconn->tcpquota = quota; -+ quota = NULL; -+ tconn->pipelined = false; -+ -+ client->tcpconn = tconn; -+ -+ return (ISC_R_SUCCESS); - } - - /*% -- * Increase the count of client structures using the TCP connection that -- * 'source' is associated with and put a pointer to that count in 'target', -- * thus associating it with the same TCP connection. -+ * Increase the count of client structures sharing the TCP connection -+ * that 'source' is associated with; add a pointer to the same tcpconn -+ * to 'target', thus associating it with the same TCP connection. - */ - static void --pipeline_attach(ns_client_t *source, ns_client_t *target) { -+tcpconn_attach(ns_client_t *source, ns_client_t *target) { - int refs; - -- REQUIRE(source->pipeline_refs != NULL); -- REQUIRE(target->pipeline_refs == NULL); -+ REQUIRE(source->tcpconn != NULL); -+ REQUIRE(target->tcpconn == NULL); -+ REQUIRE(source->tcpconn->pipelined); - -- isc_refcount_increment(source->pipeline_refs, &refs); -+ isc_refcount_increment(&source->tcpconn->refs, &refs); - INSIST(refs > 1); -- target->pipeline_refs = source->pipeline_refs; -+ target->tcpconn = source->tcpconn; - } - - /*% -- * Decrease the count of client structures using the TCP connection that -+ * Decrease the count of client structures sharing the TCP connection that - * 'client' is associated with. If this is the last client using this TCP -- * connection, free the reference counter and return true; otherwise, return -- * false. -+ * connection, we detach from the TCP quota and free the tcpconn -+ * object. Either way, client->tcpconn is set to NULL. - */ --static bool --pipeline_detach(ns_client_t *client) { -- isc_refcount_t *refcount; -+static void -+tcpconn_detach(ns_client_t *client) { -+ ns_tcpconn_t *tconn = NULL; - int refs; - -- REQUIRE(client->pipeline_refs != NULL); -- -- refcount = client->pipeline_refs; -- client->pipeline_refs = NULL; -+ REQUIRE(client->tcpconn != NULL); - -- isc_refcount_decrement(refcount, refs); -+ tconn = client->tcpconn; -+ client->tcpconn = NULL; - -+ isc_refcount_decrement(&tconn->refs, &refs); - if (refs == 0) { -- isc_mem_free(ns_g_mctx, refs); -- return (true); -+ isc_quota_detach(&tconn->tcpquota); -+ isc_mem_free(ns_g_mctx, tconn); - } -- -- return (false); - } - --/* -- * Detach a client from the TCP client quota if appropriate, and set -- * the quota pointer to NULL. -- * -- * Sometimes when the TCP client quota is exhausted but there are no other -- * clients servicing the interface, a client will be allowed to continue -- * running despite not having been attached to the quota. In this event, -- * the TCP quota was never attached to the client, so when the client (or -- * associated pipeline group) shuts down, the quota must NOT be detached. -+/*% -+ * Mark a client as active and increment the interface's 'ntcpactive' -+ * counter, as a signal that there is at least one client servicing -+ * TCP queries for the interface. If we reach the TCP client quota at -+ * some point, this will be used to determine whether a quota overrun -+ * should be permitted. - * -- * Otherwise, if the quota pointer is set, it should be detached. If not -- * set at all, we just return without doing anything. -+ * Marking the client active with the 'tcpactive' flag ensures proper -+ * accounting, by preventing us from incrementing or decrementing -+ * 'ntcpactive' more than once per client. - */ - static void --tcpquota_disconnect(ns_client_t *client) { -- if (client->tcpquota == NULL) { -- return; -- } -- -- if (client->tcpattached) { -- isc_quota_detach(&client->tcpquota); -- client->tcpattached = false; -- } else { -- client->tcpquota = NULL; -+mark_tcp_active(ns_client_t *client, bool active) { -+ if (active && !client->tcpactive) { -+ isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ client->tcpactive = active; -+ } else if (!active && client->tcpactive) { -+ uint32_t old = -+ isc_atomic_xadd(&client->interface->ntcpactive, -1); -+ INSIST(old > 0); -+ client->tcpactive = active; - } - } - -@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - - if (NS_CLIENTSTATE_READING == client->newstate) { -- if (!client->pipelined) { -+ INSIST(client->tcpconn != NULL); -+ if (!client->tcpconn->pipelined) { - client_read(client); - client->newstate = NS_CLIENTSTATE_MAX; - return (true); /* We're done. */ -@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) { - dns_tcpmsg_cancelread(&client->tcpmsg); - } - -- if (client->nreads != 0) { -- /* Still waiting for read cancel completion. */ -+ /* Still waiting for read cancel completion. */ -+ if (client->nreads > 0) { - return (true); - } - -@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) { - } - - /* -- * Detach from pipeline group and from TCP client quota, -- * if appropriate. -+ * Soon the client will be ready to accept a new TCP -+ * connection or UDP request, but we may have enough -+ * clients doing that already. Check whether this client -+ * needs to remain active and allow it go inactive if -+ * not. - * -- * - If no pipeline group is active, attempt to -- * detach from the TCP client quota. -+ * UDP clients always go inactive at this point, but a TCP -+ * client may need to stay active and return to READY -+ * state if no other clients are available to listen -+ * for TCP requests on this interface. - * -- * - If a pipeline group is active, detach from it; -- * if the return code indicates that there no more -- * clients left if this pipeline group, we also detach -- * from the TCP client quota. -- * -- * - Otherwise we don't try to detach, we just set the -- * TCP quota pointer to NULL if it wasn't NULL already. -- * -- * tcpquota_disconnect() will set tcpquota to NULL, either -- * by detaching it or by assignment, depending on the -- * needs of the client. See the comments on that function -- * for further information. -+ * Regardless, if we're going to FREED state, that means -+ * the system is shutting down and we don't need to -+ * retain clients. - */ -- if (client->pipeline_refs == NULL || pipeline_detach(client)) { -- tcpquota_disconnect(client); -- } else { -- client->tcpquota = NULL; -- client->tcpattached = false; -+ if (client->mortal && TCP_CLIENT(client) && -+ client->newstate != NS_CLIENTSTATE_FREED && -+ !ns_g_clienttest && -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ { -+ /* Nobody else is accepting */ -+ client->mortal = false; -+ client->newstate = NS_CLIENTSTATE_READY; -+ } -+ -+ /* -+ * Detach from TCP connection and TCP client quota, -+ * if appropriate. If this is the last reference to -+ * the TCP connection in our pipeline group, the -+ * TCP quota slot will be released. -+ */ -+ if (client->tcpconn) { -+ tcpconn_detach(client); - } - - if (client->tcpsocket != NULL) { - CTRACE("closetcp"); - isc_socket_detach(&client->tcpsocket); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - - if (client->timerset) { -@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) { - client->peeraddr_valid = false; - - client->state = NS_CLIENTSTATE_READY; -- INSIST(client->recursionquota == NULL); -- -- /* -- * Now the client is ready to accept a new TCP connection -- * or UDP request, but we may have enough clients doing -- * that already. Check whether this client needs to remain -- * active and force it to go inactive if not. -- * -- * UDP clients go inactive at this point, but a TCP client -- * may need to remain active and go into ready state if -- * no other clients are available to listen for TCP -- * requests on this interface or (in the case of pipelined -- * clients) to read for additional messages on the current -- * connection. -- */ -- if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) { -- LOCK(&client->interface->lock); -- if ((client->interface->ntcpaccepting == 0 || -- (client->pipelined && -- client->interface->ntcpactive < 2)) && -- client->newstate != NS_CLIENTSTATE_FREED) -- { -- client->mortal = false; -- client->newstate = NS_CLIENTSTATE_READY; -- } -- UNLOCK(&client->interface->lock); -- } -- -- client->pipelined = false; - - /* - * We don't need the client; send it to the inactive -@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for accept cancel completion. */ -- if (! (client->naccepts == 0)) { -+ if (client->naccepts > 0) { - return (true); - } - -@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) { - } - - /* Still waiting for recv cancel completion. */ -- if (! (client->nrecvs == 0)) { -+ if (client->nrecvs > 0) { - return (true); - } - -@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) { - INSIST(client->recursionquota == NULL); - if (client->tcplistener != NULL) { - isc_socket_detach(&client->tcplistener); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpactive > 0); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -+ mark_tcp_active(client, false); - } - if (client->udpsocket != NULL) { - isc_socket_detach(&client->udpsocket); -@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) { - return; - - if (TCP_CLIENT(client)) { -- if (client->pipelined) { -+ if (client->tcpconn != NULL) { - client_read(client); - } else { - client_accept(client); -@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - client->nrecvs--; - } else { - INSIST(TCP_CLIENT(client)); -+ INSIST(client->tcpconn != NULL); - REQUIRE(event->ev_type == DNS_EVENT_TCPMSG); - REQUIRE(event->ev_sender == &client->tcpmsg); - buffer = &client->tcpmsg.buffer; -@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) { - /* - * Pipeline TCP query processing. - */ -- if (client->message->opcode != dns_opcode_query) { -- client->pipelined = false; -+ if (TCP_CLIENT(client) && -+ client->message->opcode != dns_opcode_query) -+ { -+ client->tcpconn->pipelined = false; - } -- if (TCP_CLIENT(client) && client->pipelined) { -+ if (TCP_CLIENT(client) && client->tcpconn->pipelined) { - /* - * We're pipelining. Replace the client; the -- * the replacement can read the TCP socket looking -- * for new messages and this client can process the -+ * replacement can read the TCP socket looking -+ * for new messages and this one can process the - * current message asynchronously. - * -- * There are now at least three clients using this -+ * There will now be at least three clients using this - * TCP socket - one accepting new connections, - * one reading an existing connection to get new - * messages, and one answering the message already -@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) { - */ - result = ns_client_replace(client); - if (result != ISC_R_SUCCESS) { -- client->pipelined = false; -+ client->tcpconn->pipelined = false; - } - } - -@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { - client->signer = NULL; - dns_name_init(&client->signername, NULL); - client->mortal = false; -- client->pipelined = false; -- client->pipeline_refs = NULL; -- client->tcpquota = NULL; -- client->tcpattached = false; -+ client->tcpconn = NULL; - client->recursionquota = NULL; - client->interface = NULL; - client->peeraddr_valid = false; -@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) { - - static void - client_newconn(isc_task_t *task, isc_event_t *event) { -+ isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- isc_result_t result; -+ uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- LOCK(&client->interface->lock); -- INSIST(client->interface->ntcpaccepting > 0); -- client->interface->ntcpaccepting--; -- UNLOCK(&client->interface->lock); -+ old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -+ INSIST(old > 0); - - /* - * We must take ownership of the new socket before the exit -@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "accept failed: %s", - isc_result_totext(nevent->result)); -- tcpquota_disconnect(client); -+ tcpconn_detach(client); - } - - if (exit_check(client)) -@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - * telnetting to port 53 (once per CPU) will - * deny service to legitimate TCP clients. - */ -- client->pipelined = false; - result = ns_client_replace(client); - if (result == ISC_R_SUCCESS && - (ns_g_server->keepresporder == NULL || - !allowed(&netaddr, NULL, NULL, 0, NULL, - ns_g_server->keepresporder))) - { -- pipeline_init(client); -- client->pipelined = true; -+ client->tcpconn->pipelined = true; - } - - client_read(client); -@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) { - CTRACE("accept"); - - /* -- * The tcpquota object can only be simultaneously referenced a -- * pre-defined number of times; this is configured by 'tcp-clients' -- * in named.conf. If we can't attach to it here, that means the TCP -- * client quota has been exceeded. -+ * Set up a new TCP connection. This means try to attach to the -+ * TCP client quota (tcp-clients), but fail if we're over quota. - */ -- result = isc_quota_attach(&ns_g_server->tcpquota, -- &client->tcpquota); -+ result = tcpconn_init(client, false); - if (result != ISC_R_SUCCESS) { -- bool exit; -+ bool exit; - -- ns_client_log(client, NS_LOGCATEGORY_CLIENT, -- NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), -- "no more TCP clients: %s", -- isc_result_totext(result)); -- -- /* -- * We have exceeded the system-wide TCP client -- * quota. But, we can't just block this accept -- * in all cases, because if we did, a heavy TCP -- * load on other interfaces might cause this -- * interface to be starved, with no clients able -- * to accept new connections. -- * -- * So, we check here to see if any other clients -- * are already servicing TCP queries on this -- * interface (whether accepting, reading, or -- * processing). If there are at least two -- * (one reading and one processing a request) -- * then it's okay *not* to call accept - we -- * can let this client go inactive and another -- * one will resume accepting when it's done. -- * -- * If there aren't enough active clients on the -- * interface, then we can be a little bit -- * flexible about the quota. We'll allow *one* -- * extra client through to ensure we're listening -- * on every interface. -- * -- * (Note: In practice this means that the real -- * TCP client quota is tcp-clients plus the -- * number of listening interfaces plus 2.) -- */ -- LOCK(&client->interface->lock); -- exit = (client->interface->ntcpactive > 1); -- UNLOCK(&client->interface->lock); -+ ns_client_log(client, NS_LOGCATEGORY_CLIENT, -+ NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, -+ "TCP client quota reached: %s", -+ isc_result_totext(result)); - -- if (exit) { -- client->newstate = NS_CLIENTSTATE_INACTIVE; -- (void)exit_check(client); -- return; -- } -+ /* -+ * We have exceeded the system-wide TCP client quota. But, -+ * we can't just block this accept in all cases, because if -+ * we did, a heavy TCP load on other interfaces might cause -+ * this interface to be starved, with no clients able to -+ * accept new connections. -+ * -+ * So, we check here to see if any other clients are -+ * already servicing TCP queries on this interface (whether -+ * accepting, reading, or processing). If we find at least -+ * one, then it's okay *not* to call accept - we can let this -+ * client go inactive and another will take over when it's -+ * done. -+ * -+ * If there aren't enough active clients on the interface, -+ * then we can be a little bit flexible about the quota. -+ * We'll allow *one* extra client through to ensure we're -+ * listening on every interface; we do this by setting the -+ * 'force' option to tcpconn_init(). -+ * -+ * (Note: In practice this means that the real TCP client -+ * quota is tcp-clients plus the number of listening -+ * interfaces plus 1.) -+ */ -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ if (exit) { -+ client->newstate = NS_CLIENTSTATE_INACTIVE; -+ (void)exit_check(client); -+ return; -+ } - -- } else { -- client->tcpattached = true; -+ result = tcpconn_init(client, true); -+ RUNTIME_CHECK(result == ISC_R_SUCCESS); - } - - /* -- * By incrementing the interface's ntcpactive counter we signal -- * that there is at least one client servicing TCP queries for the -- * interface. -- * -- * We also make note of the fact in the client itself with the -- * tcpactive flag. This ensures proper accounting by preventing -- * us from accidentally incrementing or decrementing ntcpactive -- * more than once per client object. -+ * If this client was set up using get_client() or get_worker(), -+ * then TCP is already marked active. However, if it was restarted -+ * from exit_check(), it might not be, so we take care of it now. - */ -- if (!client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- } -+ mark_tcp_active(client, true); - - result = isc_socket_accept(client->tcplistener, client->task, - client_newconn, client); -@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) { - "isc_socket_accept() failed: %s", - isc_result_totext(result)); - -- tcpquota_disconnect(client); -- -- if (client->tcpactive) { -- LOCK(&client->interface->lock); -- client->interface->ntcpactive--; -- UNLOCK(&client->interface->lock); -- client->tcpactive = false; -- } -- -+ tcpconn_detach(client); -+ mark_tcp_active(client, false); - return; - } - -@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- LOCK(&client->interface->lock); -- client->interface->ntcpaccepting++; -- UNLOCK(&client->interface->lock); -+ isc_atomic_xadd(&client->interface->ntcpaccepting, 1); - } - - static void -@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) { - REQUIRE(client->manager != NULL); - - tcp = TCP_CLIENT(client); -- if (tcp && client->pipelined) { -+ if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) { - result = get_worker(client->manager, client->interface, - client->tcpsocket, client); - } else { - result = get_client(client->manager, client->interface, -- client->dispatch, client, tcp); -+ client->dispatch, tcp); - -- /* -- * The responsibility for listening for new requests is hereby -- * transferred to the new client. Therefore, the old client -- * should refrain from listening for any more requests. -- */ -- client->mortal = true; - } - if (result != ISC_R_SUCCESS) { - return (result); - } - -+ /* -+ * The responsibility for listening for new requests is hereby -+ * transferred to the new client. Therefore, the old client -+ * should refrain from listening for any more requests. -+ */ -+ client->mortal = true; -+ - return (ISC_R_SUCCESS); - } - -@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) { - - static isc_result_t - get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, -- dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp) -+ dns_dispatch_t *disp, bool tcp) - { - isc_result_t result = ISC_R_SUCCESS; - isc_event_t *ev; -@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, - client->dscp = ifp->dscp; - - if (tcp) { -- client->tcpattached = false; -- if (oldclient != NULL) { -- client->tcpattached = oldclient->tcpattached; -- } -- -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -+ mark_tcp_active(client, true); - - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, -@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - ns_interface_attach(ifp, &client->interface); - client->newstate = client->state = NS_CLIENTSTATE_WORKING; - INSIST(client->recursionquota == NULL); -- client->tcpquota = &ns_g_server->tcpquota; -- client->tcpattached = oldclient->tcpattached; - - client->dscp = ifp->dscp; - - client->attributes |= NS_CLIENTATTR_TCP; - client->mortal = true; - -- pipeline_attach(oldclient, client); -- client->pipelined = true; -+ tcpconn_attach(oldclient, client); -+ mark_tcp_active(client, true); - - isc_socket_attach(ifp->tcpsocket, &client->tcplistener); - isc_socket_attach(sock, &client->tcpsocket); -@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock, - (void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr); - client->peeraddr_valid = true; - -- LOCK(&client->interface->lock); -- client->interface->ntcpactive++; -- UNLOCK(&client->interface->lock); -- client->tcpactive = true; -- - INSIST(client->tcpmsg_valid == false); - dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg); - client->tcpmsg_valid = true; -@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, - MTRACE("createclients"); - - for (disp = 0; disp < n; disp++) { -- result = get_client(manager, ifp, ifp->udpdispatch[disp], -- NULL, tcp); -+ result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp); - if (result != ISC_R_SUCCESS) - break; - } -diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h -index e2c40acd28..969ee4c08f 100644 ---- a/bin/named/include/named/client.h -+++ b/bin/named/include/named/client.h -@@ -78,6 +78,13 @@ - *** Types - ***/ - -+/*% reference-counted TCP connection object */ -+typedef struct ns_tcpconn { -+ isc_refcount_t refs; -+ isc_quota_t *tcpquota; -+ bool pipelined; -+} ns_tcpconn_t; -+ - /*% nameserver client structure */ - struct ns_client { - unsigned int magic; -@@ -131,10 +138,7 @@ struct ns_client { - dns_name_t signername; /*%< [T]SIG key name */ - dns_name_t *signer; /*%< NULL if not valid sig */ - bool mortal; /*%< Die after handling request */ -- bool pipelined; /*%< TCP queries not in sequence */ -- isc_refcount_t *pipeline_refs; -- isc_quota_t *tcpquota; -- bool tcpattached; -+ ns_tcpconn_t *tcpconn; - isc_quota_t *recursionquota; - ns_interface_t *interface; - -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 61b08826a6..3535ef22a8 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -9,8 +9,6 @@ - * information regarding copyright ownership. - */ - --/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */ -- - #ifndef NAMED_INTERFACEMGR_H - #define NAMED_INTERFACEMGR_H 1 - -@@ -77,11 +75,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int ntcpaccepting; /*%< Number of clients -+ int32_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int ntcpactive; /*%< Number of clients -+ int32_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index 955096ef47..d9f6df5802 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - */ - ifp->ntcpaccepting = 0; - ifp->ntcpactive = 0; -+ - ifp->nudpdispatch = 0; - - ifp->dscp = -1; -diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h -index b9bf59877a..36c5830242 100644 ---- a/lib/isc/include/isc/quota.h -+++ b/lib/isc/include/isc/quota.h -@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p); - * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA). - */ - -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p); -+/*%< -+ * Like isc_quota_attach, but will attach '*p' to the quota -+ * even if the hard quota has been exceeded. -+ */ -+ - void - isc_quota_detach(isc_quota_t **p); - /*%< -diff --git a/lib/isc/quota.c b/lib/isc/quota.c -index 3ddff0d875..556a61f21d 100644 ---- a/lib/isc/quota.c -+++ b/lib/isc/quota.c -@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) { - UNLOCK("a->lock); - } - --isc_result_t --isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) --{ -+static isc_result_t -+doattach(isc_quota_t *quota, isc_quota_t **p, bool force) { - isc_result_t result; -- INSIST(p != NULL && *p == NULL); -+ REQUIRE(p != NULL && *p == NULL); -+ - result = isc_quota_reserve(quota); -- if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) -+ if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) { -+ *p = quota; -+ } else if (result == ISC_R_QUOTA && force) { -+ /* attach anyway */ -+ LOCK("a->lock); -+ quota->used++; -+ UNLOCK("a->lock); -+ - *p = quota; -+ result = ISC_R_SUCCESS; -+ } -+ - return (result); - } - -+isc_result_t -+isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, false)); -+} -+ -+isc_result_t -+isc_quota_force(isc_quota_t *quota, isc_quota_t **p) { -+ return (doattach(quota, p, true)); -+} -+ - void --isc_quota_detach(isc_quota_t **p) --{ -+isc_quota_detach(isc_quota_t **p) { - INSIST(p != NULL && *p != NULL); - isc_quota_release(*p); - *p = NULL; -diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in -index a82facec0f..7b9f23d776 100644 ---- a/lib/isc/win32/libisc.def.in -+++ b/lib/isc/win32/libisc.def.in -@@ -519,6 +519,7 @@ isc_portset_removerange - isc_quota_attach - isc_quota_destroy - isc_quota_detach -+isc_quota_force - isc_quota_init - isc_quota_max - isc_quota_release --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch deleted file mode 100644 index 3821d18501..0000000000 --- a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch +++ /dev/null @@ -1,80 +0,0 @@ -Backport patch to fix CVE-2018-5743. - -Ref: -https://security-tracker.debian.org/tracker/CVE-2018-5743 - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001 -From: Evan Hunt <each@isc.org> -Date: Fri, 5 Apr 2019 16:26:19 -0700 -Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces - -in the "refactor tcpquota and pipeline refs" commit, the counting -of active interfaces was tightened in such a way that named could -fail to listen on an interface if there were more interfaces than -tcp-clients. when checking the quota to start accepting on an -interface, if the number of active clients was above zero, then -it was presumed that some other client was able to handle accepting -new connections. this, however, ignored the fact that the current client -could be included in that count, so if the quota was already exceeded -before all the interfaces were listening, some interfaces would never -listen. - -we now check whether the current client has been marked active; if so, -then the number of active clients on the interface must be greater -than 1, not 0. - -(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5) -(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41) ---- - bin/named/client.c | 8 +++++--- - doc/arm/Bv9ARM-book.xml | 3 ++- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index d826ab32bf..845326abc0 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) { - * - * So, we check here to see if any other clients are - * already servicing TCP queries on this interface (whether -- * accepting, reading, or processing). If we find at least -- * one, then it's okay *not* to call accept - we can let this -+ * accepting, reading, or processing). If we find that at -+ * least one client other than this one is active, then -+ * it's okay *not* to call accept - we can let this - * client go inactive and another will take over when it's - * done. - * -@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); -+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -+ (client->tcpactive ? 1 : 0)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 381768d540..9c76d3cd6f 100644 ---- a/doc/arm/Bv9ARM-book.xml -+++ b/doc/arm/Bv9ARM-book.xml -@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - <para> - The number of file descriptors reserved for TCP, stdio, - etc. This needs to be big enough to cover the number of -- interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as -+ interfaces <command>named</command> listens on plus -+ <command>tcp-clients</command>, as well as - to provide room for outgoing TCP queries and incoming zone - transfers. The default is <literal>512</literal>. - The minimum value is <literal>128</literal> and the --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch b/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch deleted file mode 100644 index 1a84eca58a..0000000000 --- a/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch +++ /dev/null @@ -1,140 +0,0 @@ -Backport commit to fix compile error on arm caused by commits which are -to fix CVE-2018-5743. - -CVE: CVE-2018-5743 -Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include <isc/magic.h> - #include <isc/mem.h> - #include <isc/socket.h> -+#include <isc/refcount.h> - - #include <dns/result.h> - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.20.1 - diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 37e210e6da..38d07cae39 100644 --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 +From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -27,20 +27,21 @@ to make use of the combination some day. Upstream-Status: Inappropriate [OE Specific] Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: bind-9.11.3/configure.in -=================================================================== ---- bind-9.11.3.orig/configure.in -+++ bind-9.11.3/configure.in -@@ -2574,7 +2574,7 @@ case "$use_libjson" in - libjson_libs="" - ;; - auto|yes) -- for d in /usr /usr/local /opt/local -+ for d in "${STAGING_INCDIR}" - do - if test -f "${d}/include/json/json.h" - then +diff --git a/configure.ac b/configure.ac +index 2ab8ddd..92fe983 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], + [no],[], + [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], + [ac_lib_lmdb_found=yes], +- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do ++ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do + AX_LIB_LMDB([$ac_lib_lmdb_path], + [ac_lib_lmdb_found=yes + break]) diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind/conf.patch +++ b/meta/recipes-connectivity/bind/bind/conf.patch @@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d + + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ /usr/sbin/rndc-confgen -a -b 512 + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh index ef915c0ae5..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh @@ -2,7 +2,7 @@ if [ ! -s /etc/bind/rndc.key ]; then echo -n "Generating /etc/bind/rndc.key:" - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 chown root:bind /etc/bind/rndc.key chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb deleted file mode 100644 index 3e2412dfa4..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb +++ /dev/null @@ -1,145 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" - -DEPENDS = "openssl libcap zlib" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://named.service \ - file://bind9 \ - file://generate-rndc-key.sh \ - file://make-etc-initd-bind-stop-work.patch \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ - file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ - file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ - file://0001-avoid-start-failure-with-bind-user.patch \ - file://0001-bind-fix-CVE-2019-6471.patch \ - file://0001-fix-enforcement-of-tcp-clients-v1.patch \ - file://0002-tcp-clients-could-still-be-exceeded-v2.patch \ - file://0003-use-reference-counter-for-pipeline-groups-v3.patch \ - file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \ - file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \ - file://0006-restore-allowance-for-tcp-clients-interfaces.patch \ - file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \ -" - -SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960" -SRC_URI[sha256sum] = "7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 -UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/" - -inherit autotools update-rc.d systemd useradd pkgconfig multilib_script - -MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh" - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," -PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \ - --with-lmdb=no \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_DIR_HOST}${prefix} \ - " - -inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} - -# dhcp needs .la so keep them -REMOVE_LIBTOOL_LA = "0" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ - ${D}${sbindir}/dnssec-coverage \ - ${D}${sbindir}/dnssec-checkds \ - ${D}${sbindir}/dnssec-keymgr - fi - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - -ALTERNATIVE_${PN}-utils = "nslookup" -ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" -ALTERNATIVE_PRIORITY = "100" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" - -PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ - ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" diff --git a/meta/recipes-connectivity/bind/bind_9.18.25.bb b/meta/recipes-connectivity/bind/bind_9.18.25.bb new file mode 100644 index 0000000000..cc35604aba --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.18.25.bb @@ -0,0 +1,113 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "https://www.isc.org/bind/" +DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" +SECTION = "console/network" + +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" + +DEPENDS = "openssl libcap zlib libuv" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[sha256sum] = "5a4a70432a33d009f0e6e9dbb328aae7a5e27507e98e28bf3c0c6b250ccb2ab3" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# follow the ESV versions divisible by 2 +UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" + +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=readline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" +PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" + +EXTRA_OECONF = " --disable-auto-validation \ + --with-gssapi=no --with-lmdb=no --with-zlib \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " +LDFLAGS:append = " -lz" + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE:${PN} = "named.service" + +do_install:append() { + + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi +} + +CONFFILES:${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE:${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +# special arrangement below due to +# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 +FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" + +DEV_PKG_DEPENDENCY = "" diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 1702323288..a31d7076ba 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -2,15 +2,16 @@ SUMMARY = "Linux Bluetooth Stack Userland V5" DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." HOMEPAGE = "http://www.bluez.org" SECTION = "libs" -LICENSE = "GPLv2+ & LGPLv2.1+" +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ - file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" + file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" DEPENDS = "dbus glib-2.0" +RDEPENDS:${PN} += "dbus" PROVIDES += "bluez-hcidump" -RPROVIDES_${PN} += "bluez-hcidump" +RPROVIDES:${PN} += "bluez-hcidump" -RCONFLICTS_${PN} = "bluez4" +RCONFLICTS:${PN} = "bluez4" PACKAGECONFIG ??= "obex-profiles \ readline \ @@ -42,36 +43,35 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" -PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell" -PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell" +PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" +PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ - file://out-of-tree.patch \ - file://init \ - file://run-ptest \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ - file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ - file://0001-test-gatt-Fix-hung-issue.patch \ - file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \ - file://CVE-2018-10910.patch \ - file://gcc9-fixes.patch \ - file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ - file://0001-tools-btpclient.c-include-signal.h.patch \ -" +PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" + +SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ + file://init \ + file://run-ptest \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ + file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-test-gatt-Fix-hung-issue.patch \ + file://0004-src-shared-util.c-include-linux-limits.h.patch \ + " S = "${WORKDIR}/bluez-${PV}" CVE_PRODUCT = "bluez" -inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest gobject-introspection-data +inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data EXTRA_OECONF = "\ --enable-test \ --enable-datafiles \ --enable-library \ + --enable-pie \ + --without-zsh-completion-dir \ " +CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\"" + # bluez5 builds a large number of useful utilities but does not # install them. Specify which ones we want put into ${PN}-noinst-tools. NOINST_TOOLS_READLINE ??= "" @@ -83,18 +83,10 @@ NOINST_TOOLS = " \ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ " -do_install_append() { +do_install:append() { install -d ${D}${INIT_D_DIR} install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth - install -d ${D}${sysconfdir}/bluetooth/ - if [ -f ${S}/profiles/network/network.conf ]; then - install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ - fi - if [ -f ${S}/profiles/input/input.conf ]; then - install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ - fi - if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth fi @@ -111,25 +103,25 @@ do_install_append() { PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" -FILES_${PN} += " \ +FILES:${PN} += " \ ${libdir}/bluetooth/plugins/*.so \ ${systemd_unitdir}/ ${datadir}/dbus-1 \ ${libdir}/cups \ " -FILES_${PN}-dev += " \ +FILES:${PN}-dev += " \ ${libdir}/bluetooth/plugins/*.la \ " -FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ +FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ ${exec_prefix}/lib/systemd/user/obex.service \ ${systemd_system_unitdir}/obex.service \ ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ ${datadir}/dbus-1/services/org.bluez.obex.service \ ${sysconfdir}/dbus-1/system.d/obexd.conf \ " -SYSTEMD_SERVICE_${PN}-obex = "obex.service" +SYSTEMD_SERVICE:${PN}-obex = "obex.service" -FILES_${PN}-testtools = "${libdir}/bluez/test/*" +FILES:${PN}-testtools = "${libdir}/bluez/test/*" def get_noinst_tools_paths (d, bb, tools): s = list() @@ -139,14 +131,14 @@ def get_noinst_tools_paths (d, bb, tools): s.append("%s/%s" % (bindir, f)) return "\n".join(s) -FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" +FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" -RDEPENDS_${PN}-testtools += "python3-core python3-dbus" -RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" +RDEPENDS:${PN}-testtools += "python3-core python3-dbus" +RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" +SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "bluetooth" +INITSCRIPT_NAME:${PN} = "bluetooth" do_compile_ptest() { oe_runmake buildtests @@ -157,4 +149,4 @@ do_install_ptest() { rm -f ${D}${PTEST_PATH}/unit/*.o } -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch index da7140922d..618ed734a9 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -1,4 +1,4 @@ -From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001 +From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> Date: Sat, 12 Oct 2013 17:45:25 +0200 Subject: [PATCH] Allow using obexd without systemd in the user session @@ -17,22 +17,22 @@ http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 Signed-off-by: Javier Viguera <javier.viguera@digi.com> --- - Makefile.obexd | 4 ++-- - obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- + Makefile.obexd | 4 ++-- + .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%) diff --git a/Makefile.obexd b/Makefile.obexd -index c462692..0325f66 100644 +index de59d29..73004a3 100644 --- a/Makefile.obexd +++ b/Makefile.obexd @@ -1,12 +1,12 @@ if SYSTEMD - systemduserunitdir = @SYSTEMD_USERUNITDIR@ + systemduserunitdir = $(SYSTEMD_USERUNITDIR) systemduserunit_DATA = obexd/src/obex.service +endif - dbussessionbusdir = @DBUS_SESSIONBUSDIR@ + dbussessionbusdir = $(DBUS_SESSIONBUSDIR) dbussessionbus_DATA = obexd/src/org.bluez.obex.service -endif diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch deleted file mode 100644 index b6cb978393..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 117c41242c01e057295aed80ed973c6dc7e35fe2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 8 Oct 2019 11:01:56 +0100 -Subject: [PATCH BlueZ] Makefile.am: add missing mkdir in rules generation - -In parallel out-of-tree builds it's possible that tools/*.rules are -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index 2ac28b23d..e7bcd2366 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -589,6 +589,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources) - $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ - - tools/%.rules: -+ $(AM_V_at)$(MKDIR_P) tools - $(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@ - - $(lib_libbluetooth_la_OBJECTS): $(local_headers) --- -2.20.1 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch index e90b6a546f..b1e93dbe19 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch @@ -1,4 +1,4 @@ -From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001 +From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001 From: Mingli Yu <Mingli.Yu@windriver.com> Date: Fri, 24 Aug 2018 12:04:03 +0800 Subject: [PATCH] test-gatt: Fix hung issue @@ -21,15 +21,16 @@ no action. Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> + --- unit/test-gatt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index c7e28f8..b57373b 100644 +index 5e06d4e..4864d36 100644 --- a/unit/test-gatt.c +++ b/unit/test-gatt.c -@@ -4463,7 +4463,7 @@ int main(int argc, char *argv[]) +@@ -4546,7 +4546,7 @@ int main(int argc, char *argv[]) test_server, service_db_1, NULL, raw_pdu(0x03, 0x00, 0x02), raw_pdu(0xbf, 0x00), @@ -38,6 +39,3 @@ index c7e28f8..b57373b 100644 define_test_server("/robustness/unkown-command", test_server, service_db_1, NULL, --- -2.7.4 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch index 24ddae6b63..881494a354 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch @@ -1,19 +1,20 @@ -From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 +From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 1 Apr 2016 17:07:34 +0300 Subject: [PATCH] tests: add a target for building tests without running them Upstream-Status: Inappropriate [oe specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 1a48a71..ba3b92f 100644 +index e738eb3..dab17dd 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -425,6 +425,9 @@ endif +@@ -710,6 +710,9 @@ endif TESTS = $(unit_tests) AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 @@ -23,6 +24,3 @@ index 1a48a71..ba3b92f 100644 if DBUS_RUN_SESSION AM_TESTS_ENVIRONMENT += dbus-run-session -- endif --- -2.8.0.rc3 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch deleted file mode 100644 index 9ca20ae53b..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tools-Fix-build-after-y2038-changes-in-glibc.patch +++ /dev/null @@ -1,68 +0,0 @@ -From f36f71f60b1e68c0f12e615b9b128d089ec3dd19 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera <hadess@hadess.net> -Date: Fri, 7 Jun 2019 09:51:33 +0200 -Subject: [PATCH] tools: Fix build after y2038 changes in glibc - -The 32-bit SIOCGSTAMP has been deprecated. Use the deprecated name -to fix the build. - -Upstream-Status: backport commit f36f71f60b1e68c0f12e615b9b128d089ec3dd19 - -Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> - ---- - tools/l2test.c | 6 +++++- - tools/rctest.c | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/tools/l2test.c b/tools/l2test.c -index e755ac881..e787c2ce2 100644 ---- a/tools/l2test.c -+++ b/tools/l2test.c -@@ -55,6 +55,10 @@ - #define BREDR_DEFAULT_PSM 0x1011 - #define LE_DEFAULT_PSM 0x0080 - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -907,7 +911,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { -diff --git a/tools/rctest.c b/tools/rctest.c -index 94490f462..bc8ed875d 100644 ---- a/tools/rctest.c -+++ b/tools/rctest.c -@@ -50,6 +50,10 @@ - - #include "src/shared/util.h" - -+#ifndef SIOCGSTAMP_OLD -+#define SIOCGSTAMP_OLD SIOCGSTAMP -+#endif -+ - /* Test modes */ - enum { - SEND, -@@ -505,7 +509,7 @@ static void recv_mode(int sk) - if (timestamp) { - struct timeval tv; - -- if (ioctl(sk, SIOCGSTAMP, &tv) < 0) { -+ if (ioctl(sk, SIOCGSTAMP_OLD, &tv) < 0) { - timestamp = 0; - memset(ts, 0, sizeof(ts)); - } else { --- -2.19.1 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch deleted file mode 100644 index 620aaabc68..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0b1766514f6847c7367fce07f19a750ec74c11a6 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Thu, 26 Sep 2019 16:19:34 +0800 -Subject: [PATCH] tools/btpclient.c: include signal.h - -Fix compile failure when configure --enable-btpclient: -btpclient.c:2834:7: error: 'SIGINT' undeclared (first use in this function) - -Upstream-Status: Backport [A subset of the full fix that went upstream] - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - tools/btpclient.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/btpclient.c b/tools/btpclient.c -index b217df5..aece7fe 100644 ---- a/tools/btpclient.c -+++ b/tools/btpclient.c -@@ -29,6 +29,7 @@ - #include <stdlib.h> - #include <assert.h> - #include <getopt.h> -+#include <signal.h> - - #include <ell/ell.h> - --- -2.7.4 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch new file mode 100644 index 0000000000..516d859069 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch @@ -0,0 +1,27 @@ +From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 12 Dec 2022 13:10:19 +0100 +Subject: [PATCH] src/shared/util.c: include linux/limits.h + +MAX_INPUT is defined in that file. This matters on non-glibc +systems such as those using musl. + +Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> + +--- + src/shared/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/util.c b/src/shared/util.c +index c0c2c4a..036dc0d 100644 +--- a/src/shared/util.c ++++ b/src/shared/util.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <dirent.h> + #include <limits.h> ++#include <linux/limits.h> + #include <string.h> + + #ifdef HAVE_SYS_RANDOM_H diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch deleted file mode 100644 index 2a78077443..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch +++ /dev/null @@ -1,505 +0,0 @@ -From 977321f2c7f974ea68a3d90df296c66189a3f254 Mon Sep 17 00:00:00 2001 -From: Lei Maohui <leimaohui@cn.fujitsu.com> -Date: Fri, 21 Jun 2019 17:57:35 +0900 -Subject: [PATCH] CVE-2018-10910 - -A bug in Bluez may allow for the Bluetooth Discoverable state being set to on -when no Bluetooth agent is registered with the system. This situation could -lead to the unauthorized pairing of certain Bluetooth devices without any -form of authentication. - -CVE: CVE-2018-10910 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Subject: [PATCH BlueZ 1/4] client: Add discoverable-timeout command -From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com> -Date: 2018-07-25 10:20:32 -Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com -[Download RAW message or body] - -From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> - -This adds discoverable-timeout command which can be used to get/set -DiscoverableTimeout property: - -[bluetooth]# discoverable-timeout 180 -Changing discoverable-timeout 180 succeeded ---- - client/main.c | 82 +++++++++++++++++++++++++++++++++- - doc/adapter-api.txt | 6 +++ - src/adapter.c | 125 ++++++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 198 insertions(+), 15 deletions(-) - -diff --git a/client/main.c b/client/main.c -index 87323d8..1a66a3a 100644 ---- a/client/main.c -+++ b/client/main.c -@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[]) - print_property(proxy, "Class"); - print_property(proxy, "Powered"); - print_property(proxy, "Discoverable"); -+ print_property(proxy, "DiscoverableTimeout"); - print_property(proxy, "Pairable"); - print_uuids(proxy); - print_property(proxy, "Modalias"); -@@ -1061,6 +1062,47 @@ static void cmd_discoverable(int argc, char *argv[]) - return bt_shell_noninteractive_quit(EXIT_FAILURE); - } - -+static void cmd_discoverable_timeout(int argc, char *argv[]) -+{ -+ uint32_t value; -+ char *endptr = NULL; -+ char *str; -+ -+ if (argc < 2) { -+ DBusMessageIter iter; -+ -+ if (!g_dbus_proxy_get_property(default_ctrl->proxy, -+ "DiscoverableTimeout", &iter)) { -+ bt_shell_printf("Unable to get DiscoverableTimeout\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ dbus_message_iter_get_basic(&iter, &value); -+ -+ bt_shell_printf("DiscoverableTimeout: %d seconds\n", value); -+ -+ return; -+ } -+ -+ value = strtol(argv[1], &endptr, 0); -+ if (!endptr || *endptr != '\0' || value > UINT32_MAX) { -+ bt_shell_printf("Invalid argument\n"); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ str = g_strdup_printf("discoverable-timeout %d", value); -+ -+ if (g_dbus_proxy_set_property_basic(default_ctrl->proxy, -+ "DiscoverableTimeout", -+ DBUS_TYPE_UINT32, &value, -+ generic_callback, str, g_free)) -+ return; -+ -+ g_free(str); -+ -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+} -+ - static void cmd_agent(int argc, char *argv[]) - { - dbus_bool_t enable; -@@ -1124,6 +1166,7 @@ static struct set_discovery_filter_args { - char **uuids; - size_t uuids_len; - dbus_bool_t duplicate; -+ dbus_bool_t discoverable; - bool set; - } filter = { - .rssi = DISTANCE_VAL_INVALID, -@@ -1163,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data) - DBUS_TYPE_BOOLEAN, - &args->duplicate); - -+ if (args->discoverable) -+ g_dbus_dict_append_entry(&dict, "Discoverable", -+ DBUS_TYPE_BOOLEAN, -+ &args->discoverable); -+ - dbus_message_iter_close_container(iter, &dict); - } - -@@ -1320,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[]) - filter.set = false; - } - -+static void cmd_scan_filter_discoverable(int argc, char *argv[]) -+{ -+ if (argc < 2 || !strlen(argv[1])) { -+ bt_shell_printf("Discoverable: %s\n", -+ filter.discoverable ? "on" : "off"); -+ return bt_shell_noninteractive_quit(EXIT_SUCCESS); -+ } -+ -+ if (!strcmp(argv[1], "on")) -+ filter.discoverable = true; -+ else if (!strcmp(argv[1], "off")) -+ filter.discoverable = false; -+ else { -+ bt_shell_printf("Invalid option: %s\n", argv[1]); -+ return bt_shell_noninteractive_quit(EXIT_FAILURE); -+ } -+ -+ filter.set = false; -+} -+ - static void filter_clear_uuids(void) - { - g_strfreev(filter.uuids); -@@ -1348,6 +1416,11 @@ static void filter_clear_duplicate(void) - filter.duplicate = false; - } - -+static void filter_clear_discoverable(void) -+{ -+ filter.discoverable = false; -+} -+ - struct clear_entry { - const char *name; - void (*clear) (void); -@@ -1359,6 +1432,7 @@ static const struct clear_entry filter_clear[] = { - { "pathloss", filter_clear_pathloss }, - { "transport", filter_clear_transport }, - { "duplicate-data", filter_clear_duplicate }, -+ { "discoverable", filter_clear_discoverable }, - {} - }; - -@@ -2468,7 +2542,11 @@ static const struct bt_shell_menu scan_menu = { - { "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data, - "Set/Get duplicate data filter", - NULL }, -- { "clear", "[uuids/rssi/pathloss/transport/duplicate-data]", -+ { "discoverable", "[on/off]", cmd_scan_filter_discoverable, -+ "Set/Get discoverable filter", -+ NULL }, -+ { "clear", -+ "[uuids/rssi/pathloss/transport/duplicate-data/discoverable]", - cmd_scan_filter_clear, - "Clears discovery filter.", - filter_clear_generator }, -@@ -2549,6 +2627,8 @@ static const struct bt_shell_menu main_menu = { - { "discoverable", "<on/off>", cmd_discoverable, - "Set controller discoverable mode", - NULL }, -+ { "discoverable-timeout", "[value]", cmd_discoverable_timeout, -+ "Set discoverable timeout", NULL }, - { "agent", "<on/off/capability>", cmd_agent, - "Enable/disable agent with given capability", - capability_generator}, -diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt -index d14d0ca..4791af2 100644 ---- a/doc/adapter-api.txt -+++ b/doc/adapter-api.txt -@@ -113,6 +113,12 @@ Methods void StartDiscovery() - generated for either ManufacturerData and - ServiceData everytime they are discovered. - -+ bool Discoverable (Default: false) -+ -+ Make adapter discoverable while discovering, -+ if the adapter is already discoverable this -+ setting this filter won't do anything. -+ - When discovery filter is set, Device objects will be - created as new devices with matching criteria are - discovered regardless of they are connectable or -diff --git a/src/adapter.c b/src/adapter.c -index af340fd..822bd34 100644 ---- a/src/adapter.c -+++ b/src/adapter.c -@@ -157,6 +157,7 @@ struct discovery_filter { - int16_t rssi; - GSList *uuids; - bool duplicate; -+ bool discoverable; - }; - - struct watch_client { -@@ -196,6 +197,7 @@ struct btd_adapter { - char *name; /* controller device name */ - char *short_name; /* controller short name */ - uint32_t supported_settings; /* controller supported settings */ -+ uint32_t pending_settings; /* pending controller settings */ - uint32_t current_settings; /* current controller settings */ - - char *path; /* adapter object path */ -@@ -213,6 +215,7 @@ struct btd_adapter { - - bool discovering; /* discovering property state */ - bool filtered_discovery; /* we are doing filtered discovery */ -+ bool filtered_discoverable; /* we are doing filtered discovery */ - bool no_scan_restart_delay; /* when this flag is set, restart scan - * without delay */ - uint8_t discovery_type; /* current active discovery type */ -@@ -509,8 +512,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings) - changed_mask = adapter->current_settings ^ settings; - - adapter->current_settings = settings; -+ adapter->pending_settings &= ~changed_mask; - - DBG("Changed settings: 0x%08x", changed_mask); -+ DBG("Pending settings: 0x%08x", adapter->pending_settings); - - if (changed_mask & MGMT_SETTING_POWERED) { - g_dbus_emit_property_changed(dbus_conn, adapter->path, -@@ -596,10 +601,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode, - uint8_t mode) - { - struct mgmt_mode cp; -+ uint32_t setting = 0; - - memset(&cp, 0, sizeof(cp)); - cp.val = mode; - -+ switch (mode) { -+ case MGMT_OP_SET_POWERED: -+ setting = MGMT_SETTING_POWERED; -+ break; -+ case MGMT_OP_SET_CONNECTABLE: -+ setting = MGMT_SETTING_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_FAST_CONNECTABLE: -+ setting = MGMT_SETTING_FAST_CONNECTABLE; -+ break; -+ case MGMT_OP_SET_DISCOVERABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ case MGMT_OP_SET_BONDABLE: -+ setting = MGMT_SETTING_DISCOVERABLE; -+ break; -+ } -+ -+ adapter->pending_settings |= setting; -+ - DBG("sending set mode command for index %u", adapter->dev_id); - - if (mgmt_send(adapter->mgmt, opcode, -@@ -1818,7 +1844,17 @@ static void discovery_free(void *user_data) - g_free(client); - } - --static void discovery_remove(struct watch_client *client) -+static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable) -+{ -+ if (adapter->filtered_discoverable == enable) -+ return true; -+ -+ adapter->filtered_discoverable = enable; -+ -+ return set_discoverable(adapter, enable, 0); -+} -+ -+static void discovery_remove(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - -@@ -1830,7 +1866,27 @@ static void discovery_remove(struct watch_client *client) - adapter->discovery_list = g_slist_remove(adapter->discovery_list, - client); - -- discovery_free(client); -+ if (adapter->filtered_discoverable && -+ client->discovery_filter->discoverable) { -+ GSList *l; -+ -+ for (l = adapter->discovery_list; l; l = g_slist_next(l)) { -+ struct watch_client *client = l->data; -+ -+ if (client->discovery_filter->discoverable) -+ break; -+ } -+ -+ /* Disable filtered discoverable if there are no clients */ -+ if (!l) -+ set_filtered_discoverable(adapter, false); -+ } -+ -+ if (!exit && client->discovery_filter) -+ adapter->set_filter_list = g_slist_prepend( -+ adapter->set_filter_list, client); -+ else -+ discovery_free(client); - - /* - * If there are other client discoveries in progress, then leave -@@ -1859,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - goto done; - } - -- if (client->msg) -+ if (client->msg) { - g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); -+ dbus_message_unref(client->msg); -+ client->msg = NULL; -+ } - - adapter->discovery_type = 0x00; - adapter->discovery_enable = 0x00; -@@ -1873,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, - trigger_passive_scanning(adapter); - - done: -- discovery_remove(client); -+ discovery_remove(client, false); - } - - static int compare_sender(gconstpointer a, gconstpointer b) -@@ -2094,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter) - return -EINPROGRESS; - } - --static int discovery_stop(struct watch_client *client) -+static int discovery_stop(struct watch_client *client, bool exit) - { - struct btd_adapter *adapter = client->adapter; - struct mgmt_cp_stop_discovery cp; - - /* Check if there are more client discovering */ - if (g_slist_next(adapter->discovery_list)) { -- discovery_remove(client); -+ discovery_remove(client, exit); - update_discovery_filter(adapter); - return 0; - } -@@ -2111,7 +2170,7 @@ static int discovery_stop(struct watch_client *client) - * and so it is enough to send out the signal and just return. - */ - if (adapter->discovery_enable == 0x00) { -- discovery_remove(client); -+ discovery_remove(client, exit); - adapter->discovering = false; - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "Discovering"); -@@ -2136,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data) - - DBG("owner %s", client->owner); - -- discovery_stop(client); -+ discovery_stop(client, true); - } - - /* -@@ -2200,6 +2259,15 @@ static DBusMessage *start_discovery(DBusConnection *conn, - adapter->set_filter_list, client); - adapter->discovery_list = g_slist_prepend( - adapter->discovery_list, client); -+ -+ /* Reset discoverable filter if already set */ -+ if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE) -+ goto done; -+ -+ /* Set discoverable if filter requires and it*/ -+ if (client->discovery_filter->discoverable) -+ set_filtered_discoverable(adapter, true); -+ - goto done; - } - -@@ -2324,6 +2392,17 @@ static bool parse_duplicate_data(DBusMessageIter *value, - return true; - } - -+static bool parse_discoverable(DBusMessageIter *value, -+ struct discovery_filter *filter) -+{ -+ if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN) -+ return false; -+ -+ dbus_message_iter_get_basic(value, &filter->discoverable); -+ -+ return true; -+} -+ - struct filter_parser { - const char *name; - bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter); -@@ -2333,6 +2412,7 @@ struct filter_parser { - { "Pathloss", parse_pathloss }, - { "Transport", parse_transport }, - { "DuplicateData", parse_duplicate_data }, -+ { "Discoverable", parse_discoverable }, - { } - }; - -@@ -2372,6 +2452,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - (*filter)->rssi = DISTANCE_VAL_INVALID; - (*filter)->type = get_scan_type(adapter); - (*filter)->duplicate = false; -+ (*filter)->discoverable = false; - - dbus_message_iter_init(msg, &iter); - if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY || -@@ -2417,8 +2498,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter, - goto invalid_args; - - DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d " -- " duplicate data: %s ", (*filter)->type, (*filter)->rssi, -- (*filter)->pathloss, (*filter)->duplicate ? "true" : "false"); -+ " duplicate data: %s discoverable %s", (*filter)->type, -+ (*filter)->rssi, (*filter)->pathloss, -+ (*filter)->duplicate ? "true" : "false", -+ (*filter)->discoverable ? "true" : "false"); - - return true; - -@@ -2510,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn, - if (client->msg) - return btd_error_busy(msg); - -- err = discovery_stop(client); -+ err = discovery_stop(client, false); - switch (err) { - case 0: - return dbus_message_new_method_return(msg); -@@ -2739,13 +2822,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - else - current_enable = FALSE; - -- if (enable == current_enable) { -+ if (enable == current_enable || adapter->pending_settings & setting) { - g_dbus_pending_property_success(id); - return; - } - - mode = (enable == TRUE) ? 0x01 : 0x00; - -+ adapter->pending_settings |= setting; -+ - switch (setting) { - case MGMT_SETTING_POWERED: - opcode = MGMT_OP_SET_POWERED; -@@ -2798,7 +2883,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting, - data->id = id; - - if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param, -- property_set_mode_complete, data, g_free) > 0) -+ property_set_mode_complete, data, g_free) > 0) - return; - - g_free(data); -@@ -2875,6 +2960,7 @@ static void property_set_discoverable_timeout( - GDBusPendingPropertySet id, void *user_data) - { - struct btd_adapter *adapter = user_data; -+ bool enabled; - dbus_uint32_t value; - - dbus_message_iter_get_basic(iter, &value); -@@ -2888,8 +2974,19 @@ static void property_set_discoverable_timeout( - g_dbus_emit_property_changed(dbus_conn, adapter->path, - ADAPTER_INTERFACE, "DiscoverableTimeout"); - -+ if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = false; -+ else -+ enabled = true; -+ } else { -+ if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ enabled = true; -+ else -+ enabled = false; -+ } - -- if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE) -+ if (enabled) - set_discoverable(adapter, 0x01, adapter->discoverable_timeout); - } - --- -2.7.4 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch b/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch deleted file mode 100644 index ca678e601e..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/gcc9-fixes.patch +++ /dev/null @@ -1,301 +0,0 @@ -Backported commit from upstream master branch (post 5.50 release), which -resolves assertion failures in several unit tests. - -https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=0be5246170 - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/unit/test-avctp.c b/unit/test-avctp.c -index 3bc3569..24de663 100644 ---- a/unit/test-avctp.c -+++ b/unit/test-avctp.c -@@ -43,7 +43,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -66,7 +66,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -91,6 +91,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avdtp.c b/unit/test-avdtp.c -index dd8aed7..e2c951a 100644 ---- a/unit/test-avdtp.c -+++ b/unit/test-avdtp.c -@@ -47,7 +47,7 @@ - struct test_pdu { - bool valid; - bool fragmented; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -61,7 +61,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -69,7 +69,7 @@ struct test_data { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -81,7 +81,7 @@ struct test_data { - static struct test_data data; \ - data.test_name = g_strdup(name); \ - data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -- tester_add(name, &data, NULL, function, NULL); \ -+ tester_add(name, &data, NULL, function, NULL); \ - } while (0) - - struct context { -@@ -109,6 +109,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c -index 01307e6..f1aa353 100644 ---- a/unit/test-avrcp.c -+++ b/unit/test-avrcp.c -@@ -49,7 +49,7 @@ struct test_pdu { - bool fragmented; - bool continuing; - bool browse; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -74,7 +74,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -82,7 +82,7 @@ struct context { - { \ - .valid = true, \ - .browse = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -90,7 +90,7 @@ struct context { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -98,7 +98,7 @@ struct context { - { \ - .valid = true, \ - .continuing = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -123,6 +123,11 @@ static void test_debug(const char *str, void *user_data) - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index c7e28f8..d49f7a0 100644 ---- a/unit/test-gatt.c -+++ b/unit/test-gatt.c -@@ -48,7 +48,7 @@ - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - }; - -@@ -86,7 +86,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -306,6 +306,11 @@ static bt_uuid_t uuid_char_128 = { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -@@ -1911,6 +1916,8 @@ static void test_server(gconstpointer data) - g_assert_cmpint(len, ==, pdu.size); - - util_hexdump('<', pdu.data, len, test_debug, "GATT: "); -+ -+ g_free(pdu.data); - } - - static void test_search_primary(gconstpointer data) -diff --git a/unit/test-hfp.c b/unit/test-hfp.c -index f2b9622..890eee6 100644 ---- a/unit/test-hfp.c -+++ b/unit/test-hfp.c -@@ -43,7 +43,7 @@ struct context { - - struct test_pdu { - bool valid; -- const uint8_t *data; -+ uint8_t *data; - size_t size; - enum hfp_gw_cmd_type type; - bool fragmented; -@@ -63,7 +63,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -75,7 +75,7 @@ struct test_data { - #define type_pdu(cmd_type, args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .type = cmd_type, \ - } -@@ -83,7 +83,7 @@ struct test_data { - #define frg_pdu(args...) \ - { \ - .valid = true, \ -- .data = data(args), \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .fragmented = true, \ - } -@@ -119,6 +119,11 @@ struct test_data { - static void test_free(gconstpointer user_data) - { - const struct test_data *data = user_data; -+ struct test_pdu *pdu; -+ int i; -+ -+ for (i = 0; (pdu = &data->pdu_list[i]) && pdu->valid; i++) -+ g_free(pdu->data); - - g_free(data->test_name); - g_free(data->pdu_list); -diff --git a/unit/test-hog.c b/unit/test-hog.c -index d117968..25bdb42 100644 ---- a/unit/test-hog.c -+++ b/unit/test-hog.c -@@ -68,11 +68,11 @@ struct context { - - #define data(args...) ((const unsigned char[]) { args }) - --#define raw_pdu(args...) \ --{ \ -- .valid = true, \ -- .data = data(args), \ -- .size = sizeof(data(args)),\ -+#define raw_pdu(args...) \ -+{ \ -+ .valid = true, \ -+ .data = g_memdup(data(args), sizeof(data(args))), \ -+ .size = sizeof(data(args)), \ - } - - #define false_pdu() \ -diff --git a/unit/test-sdp.c b/unit/test-sdp.c -index ac921a9..c71ee1f 100644 ---- a/unit/test-sdp.c -+++ b/unit/test-sdp.c -@@ -59,14 +59,14 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - } - - #define raw_pdu_cont(cont, args...) \ - { \ - .valid = true, \ -- .raw_data = raw_data(args), \ -+ .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - .cont_len = cont, \ - } -@@ -103,7 +103,7 @@ struct test_data_de { - #define define_test_de_attr(name, input, exp) \ - do { \ - static struct test_data_de data; \ -- data.input_data = input; \ -+ data.input_data = g_memdup(input, sizeof(input)); \ - data.input_size = sizeof(input); \ - data.expected = exp; \ - tester_add("/sdp/DE/ATTR/" name, &data, NULL, \ diff --git a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch deleted file mode 100644 index 76ed779258..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Fri, 22 Apr 2016 15:40:37 +0100 -Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation - -In parallel out-of-tree builds it's possible that obexd/src/builtin.h is -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - Makefile.obexd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc..c8286f0 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h - obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources) -+ $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@ --- -2.8.0.rc3 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest index 21df00c327..0335e68e48 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ b/meta/recipes-connectivity/bluez5/bluez5/run-ptest @@ -6,7 +6,7 @@ failed=0 all=0 for f in test-*; do - "./$f" + "./$f" -q case "$?" in 0) echo "PASS: $f" diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.50.bb b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb index 4e443e5fb0..9fda960ea7 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.50.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb @@ -1,7 +1,8 @@ require bluez5.inc -SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178" -SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911" +SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e" + +CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb index 9a519ec866..a1a0e08faa 100644 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ b/meta/recipes-connectivity/connman/connman-conf.bb @@ -1,36 +1,21 @@ -SUMMARY = "Connman config to setup wired interface on qemu machines" -DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ -network interface for a qemu machine." -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +SUMMARY = "Connman config to ignore wired interface on qemu machines" +DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ +network interface inside qemu machines." +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -inherit systemd -SRC_URI_append_qemuall = " file://wired.config \ - file://wired-setup \ - file://wired-connection.service \ -" -PR = "r2" +SRC_URI = "file://main.conf \ + " S = "${WORKDIR}" PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} = "${localstatedir}/* ${datadir}/*" +FILES:${PN} = "${sysconfdir}/*" -do_install() { - #Configure Wired network interface in case of qemu* machines - if test -e ${WORKDIR}/wired.config && - test -e ${WORKDIR}/wired-setup && - test -e ${WORKDIR}/wired-connection.service; then - install -d ${D}${localstatedir}/lib/connman - install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman - install -d ${D}${datadir}/connman - install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir} - sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service - fi +# Kernel IP-Config is perfectly capable of setting up networking passed in via ip= +do_install:append:qemuall() { + mkdir -p ${D}${sysconfdir}/connman + cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf } - -SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf new file mode 100644 index 0000000000..3c9dd396f6 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman-conf/main.conf @@ -0,0 +1,2 @@ +[General] +NetworkInterfaceBlacklist = eth,en diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service deleted file mode 100644 index 48adfc08ac..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Setup a wired interface -Before=connman.service - -[Service] -Type=oneshot -ExecStart=@SCRIPTDIR@/wired-setup - -[Install] -WantedBy=network.target diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup deleted file mode 100644 index c46899ef32..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -CONFIGF=/var/lib/connman/wired.config - -# Extract wired network config from /proc/cmdline -NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'` - -# Check if eth0 is already set via kernel cmdline -if [ "x$NET_CONF" = "x" ]; then - # Wired interface is not configured via kernel cmdline - # Remove connman config file template - rm -f ${CONFIGF} -else - # Setup a connman config accordingly - sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF} -fi diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config deleted file mode 100644 index 42998ce897..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config +++ /dev/null @@ -1,9 +0,0 @@ -[global] -Name = Wired -Description = Wired network configuration - -[service_ethernet] -Type = ethernet -IPv4 = -MAC = 52:54:00:12:34:56 -Nameservers = 8.8.8.8 diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index a56bd3751f..fcd154b4b0 100644 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -1,7 +1,7 @@ SUMMARY = "GTK+ frontend for the ConnMan network connection manager" HOMEPAGE = "http://connman.net/" SECTION = "libs/network" -LICENSE = "GPLv2 & LGPLv2.1" +LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" @@ -10,21 +10,21 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" # 0.7 tag SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git \ +SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ file://null_check_for_ipv4_config.patch \ - file://images/* \ + file://images/ \ file://connman-gnome-fix-dbus-interface-name.patch \ file://0001-Port-to-Gtk3.patch \ " S = "${WORKDIR}/git" -inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check +inherit autotools-brokensep gtk-icon-cache pkgconfig features_check ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -RDEPENDS_${PN} = "connman" +RDEPENDS:${PN} = "connman" -do_install_append() { +do_install:append() { install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ } diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index fb38ab4fc1..7487ca0d0c 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc @@ -9,15 +9,15 @@ configuration methods, like DHCP and domain name resolving, are \ implemented using plug-ins." HOMEPAGE = "http://connman.net/" BUGTRACKER = "https://01.org/jira/browse/CM" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" inherit autotools pkgconfig systemd update-rc.d update-alternatives -DEPENDS = "dbus glib-2.0 ppp readline" +CVE_PRODUCT = "connman connection_manager" -INC_PR = "r20" +DEPENDS = "dbus glib-2.0 ppp" EXTRA_OECONF += "\ ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ @@ -27,23 +27,29 @@ EXTRA_OECONF += "\ --enable-ethernet \ --enable-tools \ --disable-polkit \ - --enable-client \ + --runstatedir=/run \ " +# For smooth operation it would be best to start only one wireless daemon at a time. +# If wpa-supplicant is running, connman will use it preferentially. +# Select either wpa-supplicant or iwd +WIRELESS_DAEMON ??= "wpa-supplicant" -PACKAGECONFIG ??= "wispr \ - ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ +PACKAGECONFIG ??= "wispr iptables client\ + ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - iptables \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \ " # If you want ConnMan to support VPN, add following statement into # local.conf or distro config -# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" +# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" -PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" +PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" +PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant" +PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd" PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" @@ -51,9 +57,11 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" # WISPr support for logging into hotspots, requires TLS PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," -PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat" +PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat" PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables" PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" +PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" +PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl" INITSCRIPT_NAME = "connman" INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." @@ -66,16 +74,16 @@ python __anonymous () { d.setVar('SYSTEMD_PACKAGES', systemd_packages) } -SYSTEMD_SERVICE_${PN} = "connman.service" -SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" -SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" +SYSTEMD_SERVICE:${PN} = "connman.service" +SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" +SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" +ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman @@ -87,7 +95,6 @@ do_install_append() { if [ -e ${B}/tools/wispr ]; then install -m 0755 ${B}/tools/wispr ${D}${bindir} fi - install -m 0755 ${B}/client/connmanctl ${D}${bindir} # We don't need to package an empty directory rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts @@ -103,7 +110,7 @@ do_install_append() { } # These used to be plugins, but now they are core -RPROVIDES_${PN} = "\ +RPROVIDES:${PN} = "\ connman-plugin-loopback \ connman-plugin-ethernet \ ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ @@ -111,7 +118,7 @@ RPROVIDES_${PN} = "\ ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ " -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ dbus \ " @@ -122,11 +129,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): if plugintype in depmap: rdepends = map(lambda x: multilib_prefix + x, \ depmap[plugintype].split()) - d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) + d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) if add_insane_skip: - d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") + d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") -python populate_packages_prepend() { +python populate_packages:prepend() { depmap = dict(pppd="ppp") multilib_prefix = (d.getVar("MLPREFIX") or "") @@ -147,71 +154,72 @@ python populate_packages_prepend() { PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" -FILES_${PN}-tools = "${bindir}/wispr" -RDEPENDS_${PN}-tools ="${PN}" +FILES:${PN}-tools = "${bindir}/wispr" +RDEPENDS:${PN}-tools ="${PN}" -FILES_${PN}-tests = "${bindir}/*-test" +FILES:${PN}-tests = "${bindir}/*-test" -FILES_${PN}-client = "${bindir}/connmanctl" -RDEPENDS_${PN}-client ="${PN}" +FILES:${PN}-client = "${bindir}/connmanctl" +RDEPENDS:${PN}-client ="${PN}" -FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ +FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ ${libdir}/connman/plugins \ ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ ${datadir}/dbus-1/system-services/* \ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" -FILES_${PN}-dev += "${libdir}/connman/*/*.la" +FILES:${PN}-dev += "${libdir}/connman/*/*.la" PACKAGES =+ "${PN}-vpn ${PN}-wait-online" -SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" -DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ +SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" +DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ managing VPN connections within embedded devices running the Linux \ operating system. The connman-vpnd handles all the VPN connections \ and starts/stops VPN client processes when necessary. The connman-vpnd \ provides a DBus API for managing VPN connections. All the different \ VPN technogies are implemented using plug-ins." -FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ +FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ ${datadir}/dbus-1/system-services/net.connman.vpn.service \ - ${systemd_unitdir}/system/connman-vpn.service" + ${systemd_system_unitdir}/connman-vpn.service" -SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" -DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ +SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" +DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ the system waits until a network connection is established." -FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ - ${systemd_unitdir}/system/connman-wait-online.service" +FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ + ${systemd_system_unitdir}/connman-wait-online.service" -SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ +SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ to create a VPN connection to OpenVPN server." -FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ +FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ ${libdir}/connman/plugins-vpn/openvpn.so" -RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" +RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" -SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ +SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ to create a VPN connection to Cisco3000 VPN Concentrator." -FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ - ${libdir}/connman/plugins-vpn/vpnc.so" -RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" - -SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ +FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ + ${libdir}/connman/plugins-vpn/vpnc.so \ + ${libdir}/connman/scripts/vpn-script" +RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" + +SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ to create a VPN connection to L2TP server." -FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/l2tp.so" -RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" -SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ +SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ to create a VPN connection to PPTP server." -FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/pptp.so" -RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch b/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch deleted file mode 100644 index 30f1432cd3..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f0a8c69971b30ea7ca255bb885fdd1179fa5d298 Mon Sep 17 00:00:00 2001 -From: Nicola Lunghi <nick83ola@gmail.com> -Date: Thu, 23 May 2019 07:55:25 +0100 -Subject: [PATCH] gweb: fix segfault with musl v1.1.21 - -In musl > v1.1.21 freeaddrinfo() implementation changed and -was causing a segmentation fault on recent Yocto using musl. - -See this commit: - - https://git.musl-libc.org/cgit/musl/commit/src/network/freeaddrinfo.c?id=d1395c43c019aec6b855cf3c656bf47c8a719e7f - -Upstream-Status: Submitted ---- - gweb/gweb.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/gweb/gweb.c b/gweb/gweb.c -index 393afe0a..12fcb1d8 100644 ---- a/gweb/gweb.c -+++ b/gweb/gweb.c -@@ -1274,7 +1274,8 @@ static bool is_ip_address(const char *host) - addr = NULL; - - result = getaddrinfo(host, NULL, &hints, &addr); -- freeaddrinfo(addr); -+ if(!result) -+ freeaddrinfo(addr); - - return result == 0; - } --- -2.19.1 - diff --git a/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch new file mode 100644 index 0000000000..8012606db7 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch @@ -0,0 +1,55 @@ +From cbba6638986c2de763981bf6fc59df6a86fed44f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 1 Jan 2024 17:42:21 -0800 +Subject: [PATCH v2] src/log.c: Include libgen.h for basename API + +Use POSIX version of basename. This comes to front with latest musl +which dropped the declaration from string.h [1] it fails to build with +clang-17+ because it treats implicit function declaration as error. + +Fix it by applying the basename on a copy of string since posix version +may modify the input string. + +[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 + +Upstream-Status: Submitted [https://lore.kernel.org/connman/20240102015917.3732089-1-raj.khem@gmail.com/T/#u] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + + src/log.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/log.c b/src/log.c +index 554b046..2df3af7 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -24,6 +24,7 @@ + #endif + + #include <stdio.h> ++#include <libgen.h> + #include <unistd.h> + #include <stdarg.h> + #include <stdlib.h> +@@ -196,6 +197,7 @@ int __connman_log_init(const char *program, const char *debug, + const char *program_name, const char *program_version) + { + static char path[PATH_MAX]; ++ char* tmp = strdup(program); + int option = LOG_NDELAY | LOG_PID; + + program_exec = program; +@@ -212,8 +214,8 @@ int __connman_log_init(const char *program, const char *debug, + if (backtrace) + signal_setup(signal_handler); + +- openlog(basename(program), option, LOG_DAEMON); +- ++ openlog(basename(tmp), option, LOG_DAEMON); ++ free(tmp); + syslog(LOG_INFO, "%s version %s", program_name, program_version); + + return 0; +-- +2.43.0 + diff --git a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch new file mode 100644 index 0000000000..9e5ac8da15 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch @@ -0,0 +1,152 @@ +From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Sat, 25 Mar 2023 20:51:52 +0000 +Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release + +The API has gone through a significant overhaul, and this change fixes any compile issues. +1) Fixes to configure.ac itself +2) Cleanup in pppd plugin itself + +Adding a libppp-compat.h file to mask for any differences in the version. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +--- + scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 127 insertions(+) + create mode 100644 scripts/libppp-compat.h + +diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h +new file mode 100644 +index 0000000..eee1d09 +--- /dev/null ++++ b/scripts/libppp-compat.h +@@ -0,0 +1,127 @@ ++/* Copyright (C) Eivind Naess, eivnaes@yahoo.com */ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++ ++#ifndef __LIBPPP_COMPAT_H__ ++#define __LIBPPP_COMPAT_H__ ++ ++/* Define USE_EAPTLS compile with EAP TLS support against older pppd headers, ++ * pppd >= 2.5.0 use PPP_WITH_EAPTLS and is defined in pppdconf.h */ ++#define USE_EAPTLS 1 ++ ++/* Define INET6 to compile with IPv6 support against older pppd headers, ++ * pppd >= 2.5.0 use PPP_WITH_IPV6CP and is defined in pppdconf.h */ ++#define INET6 1 ++ ++/* PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. ++ * this silly macro magic is to work around that. */ ++#undef VERSION ++#include <pppd/pppd.h> ++ ++#ifndef PPPD_VERSION ++#define PPPD_VERSION VERSION ++#endif ++ ++#include <pppd/fsm.h> ++#include <pppd/ccp.h> ++#include <pppd/eui64.h> ++#include <pppd/ipcp.h> ++#include <pppd/ipv6cp.h> ++#include <pppd/eap.h> ++#include <pppd/upap.h> ++ ++#ifdef HAVE_PPPD_CHAP_H ++#include <pppd/chap.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_NEW_H ++#include <pppd/chap-new.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_MS_H ++#include <pppd/chap_ms.h> ++#endif ++ ++#ifndef PPP_PROTO_CHAP ++#define PPP_PROTO_CHAP 0xc223 ++#endif ++ ++#ifndef PPP_PROTO_EAP ++#define PPP_PROTO_EAP 0xc227 ++#endif ++ ++ ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++ ++static inline bool ++debug_on (void) ++{ ++ return debug; ++} ++ ++static inline const char ++*ppp_ipparam (void) ++{ ++ return ipparam; ++} ++ ++static inline int ++ppp_ifunit (void) ++{ ++ return ifunit; ++} ++ ++static inline const char * ++ppp_ifname (void) ++{ ++ return ifname; ++} ++ ++static inline int ++ppp_get_mtu (int idx) ++{ ++ return netif_get_mtu(idx); ++} ++ ++typedef enum ppp_notify ++{ ++ NF_PID_CHANGE, ++ NF_PHASE_CHANGE, ++ NF_EXIT, ++ NF_SIGNALED, ++ NF_IP_UP, ++ NF_IP_DOWN, ++ NF_IPV6_UP, ++ NF_IPV6_DOWN, ++ NF_AUTH_UP, ++ NF_LINK_DOWN, ++ NF_FORK, ++ NF_MAX_NOTIFY ++} ppp_notify_t; ++ ++typedef void (ppp_notify_fn) (void *ctx, int arg); ++ ++static inline void ++ppp_add_notify (ppp_notify_t type, ppp_notify_fn *func, void *ctx) ++{ ++ struct notifier **list[NF_MAX_NOTIFY] = { ++ [NF_PID_CHANGE ] = &pidchange, ++ [NF_PHASE_CHANGE] = &phasechange, ++ [NF_EXIT ] = &exitnotify, ++ [NF_SIGNALED ] = &sigreceived, ++ [NF_IP_UP ] = &ip_up_notifier, ++ [NF_IP_DOWN ] = &ip_down_notifier, ++ [NF_IPV6_UP ] = &ipv6_up_notifier, ++ [NF_IPV6_DOWN ] = &ipv6_down_notifier, ++ [NF_AUTH_UP ] = &auth_up_notifier, ++ [NF_LINK_DOWN ] = &link_down_notifier, ++ [NF_FORK ] = &fork_notifier, ++ }; ++ ++ struct notifier **notify = list[type]; ++ if (notify) { ++ add_notifier(notify, func, ctx); ++ } ++} ++ ++#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */ ++#endif /* #if__LIBPPP_COMPAT_H__ */ diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 639ccfa2a2..aefdd3aa06 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,7 +1,7 @@ -From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001 +From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 -Subject: [PATCH 2/3] resolve: musl does not implement res_ninit +Subject: [PATCH] resolve: musl does not implement res_ninit ported from http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch @@ -9,23 +9,16 @@ http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - gweb/gresolv.c | 33 ++++++++++++--------------------- - 1 file changed, 12 insertions(+), 21 deletions(-) + gweb/gresolv.c | 34 +++++++++++++--------------------- + 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 5cf7a9a..3ad8e70 100644 +index 954e7cf..2a9bc51 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c -@@ -36,6 +36,7 @@ - #include <arpa/inet.h> - #include <arpa/nameser.h> - #include <net/if.h> -+#include <ctype.h> - - #include "gresolv.h" - -@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index) +@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; @@ -34,7 +27,7 @@ index 5cf7a9a..3ad8e70 100644 return resolv; } -@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); @@ -43,7 +36,7 @@ index 5cf7a9a..3ad8e70 100644 g_free(resolv); } -@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { @@ -80,6 +73,3 @@ index 5cf7a9a..3ad8e70 100644 } if (!resolv->nameserver_list) --- -2.5.1 - diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman index c64fa0d715..a021fd4655 100644 --- a/meta/recipes-connectivity/connman/connman/connman +++ b/meta/recipes-connectivity/connman/connman/connman @@ -10,49 +10,11 @@ fi set -e -nfsroot=0 - -exec 9<&0 < /proc/mounts -while read dev mtpt fstype rest; do - if test $mtpt = "/" ; then - case $fstype in - nfs | nfs4) - nfsroot=1 - break - ;; - *) - ;; - esac - fi -done - do_start() { - EXTRA_PARAM="" - if test $nfsroot -eq 1 ; then - NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'` - NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'` - - if [ ! -z "$NET_ADDR" ]; then - if [ "$NET_ADDR" = dhcp ]; then - ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"` - if [ ! -z "$ethn" ]; then - EXTRA_PARAM="-I $ethn" - fi - else - for i in $NET_DEVS; do - ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'` - if [ "$NET_ADDR" = "$ADDR" ]; then - EXTRA_PARAM="-I $i" - break - fi - done - fi - fi - fi if [ -f @DATADIR@/connman/wired-setup ] ; then . @DATADIR@/connman/wired-setup fi - $DAEMON $EXTRA_PARAM + $DAEMON } do_stop() { diff --git a/meta/recipes-connectivity/connman/connman_1.37.bb b/meta/recipes-connectivity/connman/connman_1.37.bb deleted file mode 100644 index 00852bf0d6..0000000000 --- a/meta/recipes-connectivity/connman/connman_1.37.bb +++ /dev/null @@ -1,17 +0,0 @@ -require connman.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ - file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ - file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \ - file://connman \ - file://no-version-scripts.patch \ -" - -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" - -SRC_URI[md5sum] = "75012084f14fb63a84b116e66c6e94fb" -SRC_URI[sha256sum] = "6ce29b3eb0bb16a7387bc609c39455fd13064bdcde5a4d185fab3a0c71946e16" - -RRECOMMENDS_${PN} = "connman-conf" -RCONFLICTS_${PN} = "networkmanager" diff --git a/meta/recipes-connectivity/connman/connman_1.42.bb b/meta/recipes-connectivity/connman/connman_1.42.bb new file mode 100644 index 0000000000..91ab9895ac --- /dev/null +++ b/meta/recipes-connectivity/connman/connman_1.42.bb @@ -0,0 +1,17 @@ +require connman.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ + file://connman \ + file://no-version-scripts.patch \ + file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \ + file://0001-src-log.c-Include-libgen.h-for-basename-API.patch \ + " + +SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" + +SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa" + +RRECOMMENDS:${PN} = "connman-conf" +RCONFLICTS:${PN} = "networkmanager" diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc deleted file mode 100644 index c4697beaf1..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp.inc +++ /dev/null @@ -1,148 +0,0 @@ -SECTION = "console/network" -SUMMARY = "Internet Software Consortium DHCP package" -DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \ -which allows individual devices on an IP network to get their own \ -network configuration information from a server. DHCP helps make it \ -easier to administer devices." - -HOMEPAGE = "http://www.isc.org/" - -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01" - -DEPENDS = "openssl bind" - -SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ - file://init-relay file://default-relay \ - file://init-server file://default-server \ - file://dhclient.conf file://dhcpd.conf \ - file://dhclient-systemd-wrapper \ - file://dhclient.service \ - file://dhcpd.service file://dhcrelay.service \ - file://dhcpd6.service \ - " -UPSTREAM_CHECK_URI = "http://ftp.isc.org/isc/dhcp/" -UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/" - -inherit autotools-brokensep systemd useradd update-rc.d - -USERADD_PACKAGES = "${PN}-server" -USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}" - -SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client" -SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service" -SYSTEMD_AUTO_ENABLE_${PN}-server = "disable" - -SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service" -SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable" - -SYSTEMD_SERVICE_${PN}-client = "dhclient.service" -SYSTEMD_AUTO_ENABLE_${PN}-client = "disable" - -INITSCRIPT_PACKAGES = "dhcp-server" -INITSCRIPT_NAME_dhcp-server = "dhcp-server" -INITSCRIPT_PARAMS_dhcp-server = "defaults" - -CFLAGS += "-D_GNU_SOURCE" -EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ - --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \ - --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \ - --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ - --enable-paranoia --disable-static \ - --with-randomdev=/dev/random \ - --with-libbind=${STAGING_DIR_HOST} \ - --enable-libtool \ - " - -#Enable shared libs per dhcp README -do_configure_prepend () { - cp configure.ac+lt configure.ac -} - -do_install_append () { - install -d ${D}${sysconfdir}/init.d - install -d ${D}${sysconfdir}/default - install -d ${D}${sysconfdir}/dhcp - install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay - install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay - install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server - install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server - - rm -f ${D}${sysconfdir}/dhclient.conf* - rm -f ${D}${sysconfdir}/dhcpd.conf* - install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf - install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf - - install -d ${D}${base_sbindir}/ - if [ "${sbindir}" != "${base_sbindir}" ]; then - mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/ - fi - install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script - - # Install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service - - install -d ${D}${base_sbindir} - install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper - install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service - sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service -} - -PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" - -PACKAGES_remove = "${PN}" -RDEPENDS_${PN}-dev = "" -RDEPENDS_${PN}-staticdev = "" -FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*" - -FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server" -RRECOMMENDS_${PN}-server = "dhcp-server-config" - -FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf" - -FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay" - -FILES_${PN}-client = "${base_sbindir}/dhclient \ - ${base_sbindir}/dhclient-script \ - ${sysconfdir}/dhcp/dhclient.conf \ - ${base_sbindir}/dhclient-systemd-wrapper \ - " - -FILES_${PN}-omshell = "${bindir}/omshell" - -pkg_postinst_dhcp-server() { - mkdir -p $D/${localstatedir}/lib/dhcp - touch $D/${localstatedir}/lib/dhcp/dhcpd.leases - touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases -} - -pkg_postinst_dhcp-client() { - mkdir -p $D/${localstatedir}/lib/dhcp -} - -pkg_postrm_dhcp-server() { - rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases - rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases - - if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then - echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." - fi -} - -pkg_postrm_dhcp-client() { - rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases - rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases - - if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then - echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." - fi -} diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch deleted file mode 100644 index f12a112fcf..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a59cb98a473caa2afd64d7ae368480b6e9f91b3f Mon Sep 17 00:00:00 2001 -From: Ming Liu <liu.ming50@gmail.com> -Date: Tue, 14 May 2019 11:07:15 +0200 -Subject: [PATCH] Fix a NSUPDATE compiling issue - -Upstream-Status: Pending [Patch sent to: https://gitlab.isc.org/isc-projects/dhcp/issues/16] - -A following error was observed when NSUPDATE is not defined: -| omapip/isclib.c: In function 'dns_client_init': -| omapip/isclib.c:356:18: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| if (dhcp_gbl_ctx.dnsclient == NULL) { -| ^ -| omapip/isclib.c:363:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient' -| &dhcp_gbl_ctx.dnsclient, -| ^ -| omapip/isclib.c:364:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local4' -| (dhcp_gbl_ctx.use_local4 ? -| ^ -| omapip/isclib.c:365:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local4_sockaddr' -| &dhcp_gbl_ctx.local4_sockaddr -| ^ -| omapip/isclib.c:367:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local6' -| (dhcp_gbl_ctx.use_local6 ? -| ^ -| omapip/isclib.c:368:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local6_sockaddr' -| &dhcp_gbl_ctx.local6_sockaddr - -Fix it by adding NSUPDATE conditional checking. - -Signed-off-by: Ming Liu <liu.ming50@gmail.com> ---- - includes/omapip/isclib.h | 2 ++ - omapip/isclib.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 538b927..6c20584 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -141,6 +141,8 @@ void isclib_cleanup(void); - void dhcp_signal_handler(int signal); - extern int shutdown_signal; - -+#if defined (NSUPDATE) - isc_result_t dns_client_init(); -+#endif - - #endif /* ISCLIB_H */ -diff --git a/omapip/isclib.c b/omapip/isclib.c -index db3b895..ce4b4a1 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -351,6 +351,7 @@ void dhcp_signal_handler(int signal) { - } - } - -+#if defined (NSUPDATE) - isc_result_t dns_client_init() { - isc_result_t result; - if (dhcp_gbl_ctx.dnsclient == NULL) { -@@ -387,3 +388,4 @@ isc_result_t dns_client_init() { - - return ISC_R_SUCCESS; - } -+#endif --- -2.7.4 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch deleted file mode 100644 index d1b57f0bb4..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 16:14:22 +0800 -Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF - -Upstream-Status: Inappropriate [OE specific] - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - includes/site.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Index: dhcp-4.4.1/includes/site.h -=================================================================== ---- dhcp-4.4.1.orig/includes/site.h -+++ dhcp-4.4.1/includes/site.h -@@ -148,7 +148,8 @@ - /* Define this if you want the dhcpd.conf file to go somewhere other than - the default location. By default, it goes in /etc/dhcpd.conf. */ - --/* #define _PATH_DHCPD_CONF "/etc/dhcpd.conf" */ -+#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" -+#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" - - /* Network API definitions. You do not need to choose one of these - if - you don't choose, one will be chosen for you in your system's config diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch deleted file mode 100644 index 1bc1422475..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001 -From: Thomas Markwalder <tmark@isc.org> -Date: Fri, 14 Sep 2018 13:41:41 -0400 -Subject: [master] Added includes of new BIND9 compatibility headers - - Merges in rt48072. - -Upstream-Status: Backport -Signed-off-by: Adrian Bunk <bunk@stusta.de> - -diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h -index 75a87ff6..538b927f 100644 ---- a/includes/omapip/isclib.h -+++ b/includes/omapip/isclib.h -@@ -48,6 +48,9 @@ - #include <string.h> - #include <netdb.h> - -+#include <isc/boolean.h> -+#include <isc/int.h> -+ - #include <isc/buffer.h> - #include <isc/lex.h> - #include <isc/lib.h> -diff --git a/includes/omapip/result.h b/includes/omapip/result.h -index 91243e1b..860298f6 100644 ---- a/includes/omapip/result.h -+++ b/includes/omapip/result.h -@@ -26,6 +26,7 @@ - #ifndef DHCP_RESULT_H - #define DHCP_RESULT_H 1 - -+#include <isc/boolean.h> - #include <isc/lang.h> - #include <isc/resultclass.h> - #include <isc/types.h> -diff --git a/server/dhcpv6.c b/server/dhcpv6.c -index a7110f98..cde4f617 100644 ---- a/server/dhcpv6.c -+++ b/server/dhcpv6.c -@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply, - shared_name, - inet_ntop(AF_INET6, &lease->addr, - tmp_addr, sizeof(tmp_addr)), -- used, count); -+ (long long unsigned)(used), -+ (long long unsigned)(count)); - } - return; - } -@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply, - "address: %s; high threshold %d%% %llu/%llu.", - shared_name, - inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)), -- poolhigh, used, count); -+ poolhigh, (long long unsigned)(used), -+ (long long unsigned)(count)); - - /* handle the low threshold now, if we don't - * have one we default to 0. */ -@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply) - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - " 2^64-1 < total, %llu active, %llu abandoned", -- shared_name, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } else { - log_debug("Unable to pick client address: " - "no addresses available - shared network %s: " - "%llu total, %llu active, %llu abandoned", -- shared_name, total, active - abandoned, abandoned); -+ shared_name, (long long unsigned)(total), -+ (long long unsigned)(active - abandoned), -+ (long long unsigned)(abandoned)); - } - - return ISC_R_NORESOURCES; - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch deleted file mode 100644 index 2359381b93..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch +++ /dev/null @@ -1,65 +0,0 @@ -From eec0503cfc36f63d777f5cb3f2719cecedcb8468 Mon Sep 17 00:00:00 2001 -From: Haris Okanovic <haris.okanovic@ni.com> -Date: Mon, 7 Jan 2019 13:22:09 -0600 -Subject: [PATCH] Workaround busybox limitation in Linux dhclient-script - -Busybox is a lightweight implementation of coreutils commonly used on -space-constrained embedded Linux distributions. It's implementation of -chown and chmod doesn't provide a "--reference" option added to -client/scripts/linux as of commit 9261cb14. This change works around -that limitation by using stat to read ownership and permissions flags -and simple chown/chmod calls supported in both coreutils and busybox. - - modified: client/scripts/linux - -Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> -Upstream-Status: Pending [ISC-Bugs #48771] ---- - client/scripts/linux | 17 +++++++++++++---- - 1 file changed, 13 insertions(+), 4 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 0c429697..2435a44b 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -32,6 +32,17 @@ - # if your system holds ip tool in a non-standard location. - ip=/sbin/ip - -+chown_chmod_by_reference() { -+ local reference_file="$1" -+ local target_file="$2" -+ -+ local owner=$(stat -c "%u:%g" "$reference_file") -+ local perm=$(stat -c "%a" "$reference_file") -+ -+ chown "$owner" "$target_file" -+ chmod "$perm" "$target_file" -+} -+ - # update /etc/resolv.conf based on received values - # This updated version mostly follows Debian script by Andrew Pollock et al. - make_resolv_conf() { -@@ -74,8 +85,7 @@ make_resolv_conf() { - fi - - if [ -f /etc/resolv.conf ]; then -- chown --reference=/etc/resolv.conf $new_resolv_conf -- chmod --reference=/etc/resolv.conf $new_resolv_conf -+ chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf - fi - mv -f $new_resolv_conf /etc/resolv.conf - # DHCPv6 -@@ -101,8 +111,7 @@ make_resolv_conf() { - fi - - if [ -f /etc/resolv.conf ]; then -- chown --reference=/etc/resolv.conf $new_resolv_conf -- chmod --reference=/etc/resolv.conf $new_resolv_conf -+ chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf - fi - mv -f $new_resolv_conf /etc/resolv.conf - fi --- -2.20.0 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch deleted file mode 100644 index 101c33f677..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch +++ /dev/null @@ -1,117 +0,0 @@ -From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 14:56:56 +0800 -Subject: [PATCH 02/11] dhclient dbus - -Upstream-Status: Inappropriate [distribution] - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/bsdos | 5 +++++ - client/scripts/freebsd | 5 +++++ - client/scripts/linux | 5 +++++ - client/scripts/netbsd | 5 +++++ - client/scripts/openbsd | 5 +++++ - client/scripts/solaris | 5 +++++ - 6 files changed, 30 insertions(+) - -diff --git a/client/scripts/bsdos b/client/scripts/bsdos -index d69d0d8..095b143 100755 ---- a/client/scripts/bsdos -+++ b/client/scripts/bsdos -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/freebsd b/client/scripts/freebsd -index 8f3e2a2..ad7fb44 100755 ---- a/client/scripts/freebsd -+++ b/client/scripts/freebsd -@@ -89,6 +89,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/linux b/client/scripts/linux -index 5fb1612..3d447b6 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -174,6 +174,11 @@ exit_with_hooks() { - exit_status=$? - fi - -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/netbsd b/client/scripts/netbsd -index 07383b7..aaba8e8 100755 ---- a/client/scripts/netbsd -+++ b/client/scripts/netbsd -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/openbsd b/client/scripts/openbsd -index e7f4746..56b980c 100644 ---- a/client/scripts/openbsd -+++ b/client/scripts/openbsd -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/solaris b/client/scripts/solaris -index af553b9..4a2aa69 100755 ---- a/client/scripts/solaris -+++ b/client/scripts/solaris -@@ -26,6 +26,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch deleted file mode 100644 index 5b35933a54..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch +++ /dev/null @@ -1,35 +0,0 @@ -From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001 -From: Andrei Gherzan <andrei@gherzan.ro> -Date: Tue, 15 Aug 2017 15:05:47 +0800 -Subject: [PATCH 03/11] link with lcrypto - -From 4.2.0 final release, -lcrypto check was removed and we compile -static libraries -from bind that are linked to libcrypto. This is why i added a patch in -order to add --lcrypto to LIBS. - -Upstream-Status: Pending -Signed-off-by: Andrei Gherzan <andrei@gherzan.ro> - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: dhcp-4.4.1/configure.ac -=================================================================== ---- dhcp-4.4.1.orig/configure.ac -+++ dhcp-4.4.1/configure.ac -@@ -612,6 +612,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# find an MD5 library -+AC_SEARCH_LIBS(MD5_Init, [crypto]) -+AC_SEARCH_LIBS(MD5Init, [crypto]) -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) diff --git a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch deleted file mode 100644 index b71c93dd6d..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch +++ /dev/null @@ -1,93 +0,0 @@ -From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 15:08:22 +0800 -Subject: [PATCH 04/11] Fix out of tree builds - -Upstream-Status: Pending - -RP 2013/03/21 - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/Makefile.am | 4 ++-- - common/Makefile.am | 3 ++- - dhcpctl/Makefile.am | 2 ++ - omapip/Makefile.am | 1 + - relay/Makefile.am | 2 +- - server/Makefile.am | 2 +- - 6 files changed, 9 insertions(+), 5 deletions(-) - -Index: dhcp-4.4.1/common/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/common/Makefile.am -+++ dhcp-4.4.1/common/Makefile.am -@@ -1,4 +1,5 @@ --AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -+ - AM_CFLAGS = $(LDAP_CFLAGS) - - lib_LIBRARIES = libdhcp.a -Index: dhcp-4.4.1/dhcpctl/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/dhcpctl/Makefile.am -+++ dhcp-4.4.1/dhcpctl/Makefile.am -@@ -3,6 +3,8 @@ BINDLIBDNSDIR=@BINDLIBDNSDIR@ - BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@ - BINDLIBISCDIR=@BINDLIBISCDIR@ - -+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -+ - bin_PROGRAMS = omshell - lib_LIBRARIES = libdhcpctl.a - noinst_PROGRAMS = cltest -Index: dhcp-4.4.1/server/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/server/Makefile.am -+++ dhcp-4.4.1/server/Makefile.am -@@ -4,7 +4,7 @@ - # production code. Sadly, we are not there yet. - SUBDIRS = . tests - --AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhcpd.conf.example - sbin_PROGRAMS = dhcpd -Index: dhcp-4.4.1/client/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/client/Makefile.am -+++ dhcp-4.4.1/client/Makefile.am -@@ -5,7 +5,7 @@ - SUBDIRS = . tests - - AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' --AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' -+AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhclient.conf.example - sbin_PROGRAMS = dhclient -Index: dhcp-4.4.1/omapip/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/omapip/Makefile.am -+++ dhcp-4.4.1/omapip/Makefile.am -@@ -2,6 +2,7 @@ BINDLIBIRSDIR=@BINDLIBIRSDIR@ - BINDLIBDNSDIR=@BINDLIBDNSDIR@ - BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@ - BINDLIBISCDIR=@BINDLIBISCDIR@ -+AM_CPPFLAGS = -I$(top_srcdir)/includes - - lib_LIBRARIES = libomapi.a - noinst_PROGRAMS = svtest -Index: dhcp-4.4.1/relay/Makefile.am -=================================================================== ---- dhcp-4.4.1.orig/relay/Makefile.am -+++ dhcp-4.4.1/relay/Makefile.am -@@ -1,4 +1,4 @@ --AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c diff --git a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch deleted file mode 100644 index dd56381b1d..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 15:24:14 +0800 -Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on - Read-only file system - -In read-only file system, '/etc' is on the readonly partition, -and '/etc/resolv.conf' is symlinked to a separate writable -partition. - -In this situation, we create temp files 'resolv.conf.dhclient-new' -in /tmp dir. - -Upstream-Status: Pending - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 3d447b6..3122a75 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -40,7 +40,7 @@ make_resolv_conf() { - # DHCPv4 - if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] || - [ -n "$new_domain_name_servers" ]; then -- new_resolv_conf=/etc/resolv.conf.dhclient-new -+ new_resolv_conf=/tmp/resolv.conf.dhclient-new - rm -f $new_resolv_conf - - if [ -n "$new_domain_name" ]; then --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch deleted file mode 100644 index feb0754fff..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001 -From: Christopher Larson <chris_larson@mentor.com> -Date: Tue, 15 Aug 2017 16:17:49 +0800 -Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency - explicit and determinisitic. - -Upstream-Status: Pending - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -Index: dhcp-4.4.1/configure.ac -=================================================================== ---- dhcp-4.4.1.orig/configure.ac -+++ dhcp-4.4.1/configure.ac -@@ -642,6 +642,17 @@ if test "$have_nanosleep" = "rt"; then - LIBS="-lrt $LIBS" - fi - -+AC_ARG_WITH(libxml2, -+ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), -+ with_libxml2="$withval", with_libxml2="no") -+ -+if test x$with_libxml2 != xno; then -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], -+ [if test x$with_libxml2 != xauto; then -+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) -+ fi]) -+fi -+ - # check for /dev/random (declares HAVE_DEV_RANDOM) - AC_MSG_CHECKING(for random device) - AC_ARG_WITH(randomdev, -Index: dhcp-4.4.1/configure.ac+lt -=================================================================== ---- dhcp-4.4.1.orig/configure.ac+lt -+++ dhcp-4.4.1/configure.ac+lt -@@ -909,6 +909,18 @@ elif test "$want_libtool" = "yes" -a "$u - fi - AM_CONDITIONAL(INSTALL_BIND, test "$want_install_bind" = "yes") - -+AC_ARG_WITH(libxml2, -+ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), -+ with_libxml2="$withval", with_libxml2="no") -+ -+if test x$with_libxml2 != xno; then -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],, -+ [if test x$with_libxml2 != xauto; then -+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) -+ fi]) -+fi -+ -+ - # OpenLDAP support. - AC_ARG_WITH(ldap, - AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]), diff --git a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch deleted file mode 100644 index 912b6d6312..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001 -From: Andre McCurdy <armccurdy@gmail.com> -Date: Tue, 15 Aug 2017 15:49:31 +0800 -Subject: [PATCH 09/11] remove dhclient-script bash dependency - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 3122a75..1712d7d 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - # dhclient-script for Linux. Dan Halbert, March, 1997. - # Updated for Linux 2.[12] by Brian J. Murrell, January 1999. - # No guarantees about this. I'm a novice at the details of Linux --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch deleted file mode 100644 index 39ba65fbc4..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001 -From: Awais Belal <awais_belal@mentor.com> -Date: Wed, 25 Oct 2017 21:00:05 +0500 -Subject: [PATCH] dhcp: correct the intention for xml2 lib search - -A missing case breaks the build when libxml2 is -required and found appropriately. The third argument -to the function AC_SEARCH_LIB is action-if-found which -was mistakenly been used for the case where the library -is not found and hence breaks the configure phase -where it shoud actually pass. -We now pass on silently when action-if-found is -executed. - -Upstream-Status: Pending - -Signed-off-by: Awais Belal <awais_belal@mentor.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: dhcp-4.4.1/configure.ac -=================================================================== ---- dhcp-4.4.1.orig/configure.ac -+++ dhcp-4.4.1/configure.ac -@@ -647,7 +647,7 @@ AC_ARG_WITH(libxml2, - with_libxml2="$withval", with_libxml2="no") - - if test x$with_libxml2 != xno; then -- AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],, - [if test x$with_libxml2 != xauto; then - AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) - fi]) diff --git a/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch b/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch deleted file mode 100644 index fcec010bd0..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch +++ /dev/null @@ -1,64 +0,0 @@ -lib and include path is hardcoded for use_libbind - -use libdir and includedir vars - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: dhcp-4.4.1/configure.ac+lt -=================================================================== ---- dhcp-4.4.1.orig/configure.ac+lt -+++ dhcp-4.4.1/configure.ac+lt -@@ -801,22 +801,22 @@ no) - if test ! -d "$use_libbind"; then - AC_MSG_ERROR([Cannot find bind directory at $use_libbind]) - fi -- if test ! -d "$use_libbind/include" -o \ -- ! -f "$use_libbind/include/isc/buffer.h" -+ if test ! -d "$use_libbind/$includedir" -o \ -+ ! -f "$use_libbind/$includedir/isc/buffer.h" - then -- AC_MSG_ERROR([Cannot find bind includes at $use_libbind/include]) -+ AC_MSG_ERROR([Cannot find bind includes at $use_libbind/$includedir]) - fi -- if test ! -d "$use_libbind/lib" -o \ -- \( ! -f "$use_libbind/lib/libisc.a" -a \ -- ! -f "$use_libbind/lib/libisc.la" \) -+ if test ! -d "$use_libbind/$libdir" -o \ -+ \( ! -f "$use_libbind/$libdir/libisc.a" -a \ -+ ! -f "$use_libbind/$libdir/libisc.la" \) - then -- AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/lib]) -+ AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/$libdir]) - fi - BINDDIR="$use_libbind" -- BINDLIBIRSDIR="$BINDDIR/lib" -- BINDLIBDNSDIR="$BINDDIR/lib" -- BINDLIBISCCFGDIR="$BINDDIR/lib" -- BINDLIBISCDIR="$BINDDIR/lib" -+ BINDLIBIRSDIR="$BINDDIR/$libdir" -+ BINDLIBDNSDIR="$BINDDIR/$libdir" -+ BINDLIBISCCFGDIR="$BINDDIR/$libdir" -+ BINDLIBISCDIR="$BINDDIR/$libdir" - DISTCHECK_LIBBIND_CONFIGURE_FLAG="--with-libbind=$use_libbind" - ;; - esac -@@ -856,14 +856,14 @@ AC_ARG_ENABLE(libtool, - - if test "$use_libbind" != "no"; then - if test "$want_libtool" = "yes" -a \ -- ! -f "$use_libbind/lib/libisc.la" -+ ! -f "$use_libbind/$libdir/libisc.la" - then -- AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/lib]) -+ AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/$libdir]) - fi - if test "$want_libtool" = "no" -a \ -- ! -f "$use_libbind/lib/libisc.a" -+ ! -f "$use_libbind/$libdir/libisc.a" - then -- AC_MSG_ERROR([Cannot find static libraries at $use_libbind/lib]) -+ AC_MSG_ERROR([Cannot find static libraries at $use_libbind/$libdir]) - fi - fi - diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb deleted file mode 100644 index 020777b8f2..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ /dev/null @@ -1,23 +0,0 @@ -require dhcp.inc - -SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ - file://0002-dhclient-dbus.patch \ - file://0003-link-with-lcrypto.patch \ - file://0004-Fix-out-of-tree-builds.patch \ - file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ - file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ - file://0009-remove-dhclient-script-bash-dependency.patch \ - file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ - file://0013-fixup_use_libbind.patch \ - file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ - file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ - file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ -" - -SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" -SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608" - -LDFLAGS_append = " -pthread" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/meta/recipes-connectivity/dhcp/files/default-relay b/meta/recipes-connectivity/dhcp/files/default-relay deleted file mode 100644 index 7961f014be..0000000000 --- a/meta/recipes-connectivity/dhcp/files/default-relay +++ /dev/null @@ -1,12 +0,0 @@ -# Defaults for dhcp-relay initscript -# sourced by /etc/init.d/dhcp-relay - -# What servers should the DHCP relay forward requests to? -# e.g: SERVERS="192.168.0.1" -SERVERS="" - -# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests? -INTERFACES="" - -# Additional options that are passed to the DHCP relay daemon? -OPTIONS="" diff --git a/meta/recipes-connectivity/dhcp/files/default-server b/meta/recipes-connectivity/dhcp/files/default-server deleted file mode 100644 index 0385d16992..0000000000 --- a/meta/recipes-connectivity/dhcp/files/default-server +++ /dev/null @@ -1,7 +0,0 @@ -# Defaults for dhcp initscript -# sourced by /etc/init.d/dhcp-server -# installed at /etc/default/dhcp-server by the maintainer scripts - -# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? -# Separate multiple interfaces with spaces, e.g. "eth0 eth1". -INTERFACES="" diff --git a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper deleted file mode 100644 index 7d0e224a1d..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -# In case the interface is used for nfs, skip it. -nfsroot=0 -interfaces="" -exec 9<&0 < /proc/mounts -while read dev mtpt fstype rest; do - if test $mtpt = "/" ; then - case $fstype in - nfs | nfs4) - nfsroot=1 - nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'` - break - ;; - *) - ;; - esac - fi -done -exec 0<&9 9<&- - -if [ $nfsroot -eq 0 ]; then - interfaces="$INTERFACES" -else - if [ -x /bin/ip -o -x /sbin/ip ] ; then - nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'` - fi - for i in $INTERFACES; do - if test "x$i" = "x$nfs_iface"; then - echo "dhclient skipping nfsroot interface $i" - else - interfaces="$interfaces $i" - fi - done -fi - -if test "x$interfaces" != "x"; then - /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces -fi diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.conf b/meta/recipes-connectivity/dhcp/files/dhclient.conf deleted file mode 100644 index 0e6dcf96c2..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient.conf +++ /dev/null @@ -1,50 +0,0 @@ -# Configuration file for /sbin/dhclient, which is included in Debian's -# dhcp3-client package. -# -# This is a sample configuration file for dhclient. See dhclient.conf's -# man page for more information about the syntax of this file -# and a more comprehensive list of the parameters understood by -# dhclient. -# -# Normally, if the DHCP server provides reasonable information and does -# not leave anything out (like the domain name, for example), then -# few changes must be made to this file, if any. -# - -#send host-name "andare.fugue.com"; -#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; -#send dhcp-lease-time 3600; -#supersede domain-name "fugue.com home.vix.com"; -#prepend domain-name-servers 127.0.0.1; -request subnet-mask, broadcast-address, time-offset, routers, - domain-name, domain-name-servers, host-name, - netbios-name-servers, netbios-scope; -#require subnet-mask, domain-name-servers; -#timeout 60; -#retry 60; -#reboot 10; -#select-timeout 5; -#initial-interval 2; -#script "/etc/dhcp3/dhclient-script"; -#media "-link0 -link1 -link2", "link0 link1"; -#reject 192.33.137.209; - -#alias { -# interface "eth0"; -# fixed-address 192.5.5.213; -# option subnet-mask 255.255.255.255; -#} - -#lease { -# interface "eth0"; -# fixed-address 192.33.137.200; -# medium "link0 link1"; -# option host-name "andare.swiftmedia.com"; -# option subnet-mask 255.255.255.0; -# option broadcast-address 192.33.137.255; -# option routers 192.33.137.250; -# option domain-name-servers 127.0.0.1; -# renew 2 2000/1/12 00:00:01; -# rebind 2 2000/1/12 00:00:01; -# expire 2 2000/1/12 00:00:01; -#} diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.service b/meta/recipes-connectivity/dhcp/files/dhclient.service deleted file mode 100644 index 9ddb4d1dfe..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Dynamic Host Configuration Protocol (DHCP) -Wants=network.target -Before=network.target -After=systemd-udevd.service - -[Service] -EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client -ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/meta/recipes-connectivity/dhcp/files/dhcpd.conf deleted file mode 100644 index 0001c0f00e..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd.conf +++ /dev/null @@ -1,108 +0,0 @@ -# -# Sample configuration file for ISC dhcpd for Debian -# -# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ -# - -# The ddns-updates-style parameter controls whether or not the server will -# attempt to do a DNS update when a lease is confirmed. We default to the -# behavior of the version 2 packages ('none', since DHCP v2 didn't -# have support for DDNS.) -ddns-update-style none; - -# option definitions common to all supported networks... -option domain-name "example.org"; -option domain-name-servers ns1.example.org, ns2.example.org; - -default-lease-time 600; -max-lease-time 7200; - -# If this DHCP server is the official DHCP server for the local -# network, the authoritative directive should be uncommented. -#authoritative; - -# Use this to send dhcp log messages to a different log file (you also -# have to hack syslog.conf to complete the redirection). -log-facility local7; - -# No service will be given on this subnet, but declaring it helps the -# DHCP server to understand the network topology. - -#subnet 10.152.187.0 netmask 255.255.255.0 { -#} - -# This is a very basic subnet declaration. - -#subnet 10.254.239.0 netmask 255.255.255.224 { -# range 10.254.239.10 10.254.239.20; -# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; -#} - -# This declaration allows BOOTP clients to get dynamic addresses, -# which we don't really recommend. - -#subnet 10.254.239.32 netmask 255.255.255.224 { -# range dynamic-bootp 10.254.239.40 10.254.239.60; -# option broadcast-address 10.254.239.31; -# option routers rtr-239-32-1.example.org; -#} - -# A slightly different configuration for an internal subnet. -#subnet 10.5.5.0 netmask 255.255.255.224 { -# range 10.5.5.26 10.5.5.30; -# option domain-name-servers ns1.internal.example.org; -# option domain-name "internal.example.org"; -# option routers 10.5.5.1; -# option broadcast-address 10.5.5.31; -# default-lease-time 600; -# max-lease-time 7200; -#} - -# Hosts which require special configuration options can be listed in -# host statements. If no address is specified, the address will be -# allocated dynamically (if possible), but the host-specific information -# will still come from the host declaration. - -#host passacaglia { -# hardware ethernet 0:0:c0:5d:bd:95; -# filename "vmunix.passacaglia"; -# server-name "toccata.fugue.com"; -#} - -# Fixed IP addresses can also be specified for hosts. These addresses -# should not also be listed as being available for dynamic assignment. -# Hosts for which fixed IP addresses have been specified can boot using -# BOOTP or DHCP. Hosts for which no fixed address is specified can only -# be booted with DHCP, unless there is an address range on the subnet -# to which a BOOTP client is connected which has the dynamic-bootp flag -# set. -#host fantasia { -# hardware ethernet 08:00:07:26:c0:a5; -# fixed-address fantasia.fugue.com; -#} - -# You can declare a class of clients and then do address allocation -# based on that. The example below shows a case where all clients -# in a certain class get addresses on the 10.17.224/24 subnet, and all -# other clients get addresses on the 10.0.29/24 subnet. - -#class "foo" { -# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; -#} - -#shared-network 224-29 { -# subnet 10.17.224.0 netmask 255.255.255.0 { -# option routers rtr-224.example.org; -# } -# subnet 10.0.29.0 netmask 255.255.255.0 { -# option routers rtr-29.example.org; -# } -# pool { -# allow members of "foo"; -# range 10.17.224.10 10.17.224.250; -# } -# pool { -# deny members of "foo"; -# range 10.0.29.10 10.0.29.230; -# } -#} diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.service b/meta/recipes-connectivity/dhcp/files/dhcpd.service deleted file mode 100644 index ae4f93eca5..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=DHCPv4 Server Daemon -Documentation=man:dhcpd(8) man:dhcpd.conf(5) -After=network.target -After=time-sync.target - -[Service] -PIDFile=@localstatedir@/run/dhcpd.pid -EnvironmentFile=@SYSCONFDIR@/default/dhcp-server -EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server -ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases -ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/meta/recipes-connectivity/dhcp/files/dhcpd6.service deleted file mode 100644 index 52a6224dc2..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd6.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=DHCPv6 Server Daemon -Documentation=man:dhcpd(8) man:dhcpd.conf(5) -After=network.target -After=time-sync.target - -[Service] -PIDFile=@localstatedir@/run/dhcpd6.pid -EnvironmentFile=@SYSCONFDIR@/default/dhcp-server -EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6 -ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases -ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd6.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/meta/recipes-connectivity/dhcp/files/dhcrelay.service deleted file mode 100644 index 15ff927d34..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcrelay.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=DHCP Relay Agent Daemon -After=network.target - -[Service] -EnvironmentFile=@SYSCONFDIR@/default/dhcp-relay -ExecStart=@SBINDIR@/dhcrelay -d --no-pid -q $SERVERS - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/init-relay b/meta/recipes-connectivity/dhcp/files/init-relay deleted file mode 100644 index 019a7e84cf..0000000000 --- a/meta/recipes-connectivity/dhcp/files/init-relay +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $ -# - -# It is not safe to start if we don't have a default configuration... -if [ ! -f /etc/default/dhcp-relay ]; then - echo "/etc/default/dhcp-relay does not exist! - Aborting..." - echo "create this file to fix the problem." - exit 1 -fi - -# Read init script configuration (interfaces the daemon should listen on -# and the DHCP server we should forward requests to.) -. /etc/default/dhcp-relay - -# Build command line for interfaces (will be passed to dhrelay below.) -IFCMD="" -if test "$INTERFACES" != ""; then - for I in $INTERFACES; do - IFCMD=${IFCMD}"-i "${I}" " - done -fi - -DHCRELAYPID=/var/run/dhcrelay.pid - -case "$1" in - start) - start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS - ;; - stop) - start-stop-daemon -K -x /usr/sbin/dhcrelay - ;; - restart | force-reload) - $0 stop - sleep 2 - $0 start - ;; - *) - echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/dhcp/files/init-server b/meta/recipes-connectivity/dhcp/files/init-server deleted file mode 100644 index 5e693adf78..0000000000 --- a/meta/recipes-connectivity/dhcp/files/init-server +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $ -# - -test -f /usr/sbin/dhcpd || exit 0 - -# It is not safe to start if we don't have a default configuration... -if [ ! -f /etc/default/dhcp-server ]; then - echo "/etc/default/dhcp-server does not exist! - Aborting..." - exit 0 -fi - -# Read init script configuration (so far only interfaces the daemon -# should listen on.) -. /etc/default/dhcp-server - -case "$1" in - start) - echo -n "Starting DHCP server: " - test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/ - test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases - start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES -user dhcp -group dhcp - echo "." - ;; - stop) - echo -n "Stopping DHCP server: dhcpd3" - start-stop-daemon -K -x /usr/sbin/dhcpd - echo "." - ;; - restart | force-reload) - $0 stop - sleep 2 - $0 start - if [ "$?" != "0" ]; then - exit 1 - fi - ;; - *) - echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb new file mode 100644 index 0000000000..6bde9b1f51 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -0,0 +1,61 @@ +SECTION = "console/network" +SUMMARY = "dhcpcd - a DHCP client" +DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ + computer to work on the attached networks without trouble \ + and mostly without configuration." + +HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ba9c7e534853aaf3de76c905b2410ffd" + +SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \ + file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ + file://dhcpcd.service \ + file://dhcpcd@.service \ + file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ + " + +SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" +S = "${WORKDIR}/git" + +inherit pkgconfig autotools-brokensep systemd useradd + +SYSTEMD_SERVICE:${PN} = "dhcpcd.service" + +PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" + +PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" +# ntp conflicts with chrony +PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" +PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" +PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" + +# add option to override DBDIR location +DBDIR ?= "${localstatedir}/lib/${BPN}" + +EXTRA_OECONF = "--enable-ipv4 \ + --dbdir=${DBDIR} \ + --sbindir=${base_sbindir} \ + --runstatedir=/run \ + --enable-privsep \ + --privsepuser=dhcpcd \ + --with-hooks \ + --with-eghooks \ + " + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" + +do_install:append () { + # install systemd unit files + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} + + chmod 700 ${D}${DBDIR} + chown dhcpcd:dhcpcd ${D}${DBDIR} +} + +FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..8d1ed6671a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch @@ -0,0 +1,82 @@ +From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Nov 2022 16:33:18 +0800 +Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd + +systemd's resolvconf implementation ignores the protocol part. +See https://github.com/systemd/systemd/issues/25032. + +When using 'dhcp server + dns server + dhcpcd + systemd', we +get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', +yet systemd's resolvconf treats it as eth0. This will delete the +DNS information set by 'resolvconf -a eth0.dhcp'. + +Fortunately, 20-resolv.conf has the ability to build the resolv.conf +file contents itself. We can just pass the generated contents to +systemd's resolvconf. This way, the DNS information is not incorrectly +deleted. Also, it does not cause behavior regression for dhcpcd +in other cases. + +Upstream-Status: Inappropriate [OE Specific] +This patch has been rejected by dhcpcd upstream. +See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + hooks/20-resolv.conf | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf +index 7c29e276..becc019f 100644 +--- a/hooks/20-resolv.conf ++++ b/hooks/20-resolv.conf +@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" + NL=" + " + : ${resolvconf:=resolvconf} ++resolvconf_from_systemd=false + if command -v "$resolvconf" >/dev/null 2>&1; then + have_resolvconf=true ++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then ++ resolvconf_from_systemd=true ++ fi + else + have_resolvconf=false + fi +@@ -69,8 +73,13 @@ build_resolv_conf() + else + echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" + fi +- if change_file /etc/resolv.conf "$cf"; then +- chmod 644 /etc/resolv.conf ++ if $resolvconf_from_systemd; then ++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" ++ "$resolvconf" -a "$ifname" <"$cf" ++ else ++ if change_file /etc/resolv.conf "$cf"; then ++ chmod 644 /etc/resolv.conf ++ fi + fi + rm -f "$cf" + } +@@ -170,7 +179,7 @@ add_resolv_conf() + for x in ${new_domain_name_servers}; do + conf="${conf}nameserver $x$NL" + done +- if $have_resolvconf; then ++ if $have_resolvconf && ! $resolvconf_from_systemd; then + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" + printf %s "$conf" | "$resolvconf" -a "$ifname" + return $? +@@ -186,7 +195,7 @@ add_resolv_conf() + + remove_resolv_conf() + { +- if $have_resolvconf; then ++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then + "$resolvconf" -d "$ifname" -f + else + if [ -e "$resolv_conf_dir/$ifname" ]; then +-- +2.17.1 + diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch new file mode 100644 index 0000000000..461d04bd1d --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch @@ -0,0 +1,44 @@ +From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Fri, 10 Mar 2023 03:48:46 +0000 +Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. + +Error: Transaction test error: + file /usr/share/man/man8/dhcpcd.8 conflicts between attempted + installs of dhcpcd-doc-9.4.1-r0.cortexa57 and + lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon + +The differences between the two files are as follows: +@@ -821,7 +821,7 @@ + If you always use the same options, put them here. + .It Pa /usr/libexec/dhcpcd-run-hooks + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa /usr/lib64/dhcpcd/dev ++.It Pa /usr/lib/dhcpcd/dev + Linux + .Pa /dev + management modules. + +It is just a man file, there is no necessary to manage multiple +versions. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> + +--- + src/dhcpcd.8.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in +index 93232840..09930a31 100644 +--- a/src/dhcpcd.8.in ++++ b/src/dhcpcd.8.in +@@ -824,7 +824,7 @@ Configuration file for dhcpcd. + If you always use the same options, put them here. + .It Pa @SCRIPT@ + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa @LIBDIR@/dhcpcd/dev ++.It Pa /usr/<libdir>/dhcpcd/dev + Linux + .Pa /dev + management modules. diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch new file mode 100644 index 0000000000..c54942be4b --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch @@ -0,0 +1,43 @@ +From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001 +From: Stefano Cappa <stefano.cappa.ks89@gmail.com> +Date: Sun, 13 Jan 2019 01:50:52 +0100 +Subject: [PATCH] remove INCLUDEDIR to prevent build issues + +Upstream-Status: Pending + +Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> + +--- + configure | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/configure b/configure +index 5237b0e2..7220718b 100755 +--- a/configure ++++ b/configure +@@ -26,7 +26,6 @@ BUILD= + HOST= + HOSTCC= + TARGET= +-INCLUDEDIR= + DEBUG= + FORK= + STATIC= +@@ -86,7 +85,6 @@ for x do + --mandir) MANDIR=$var;; + --datadir) DATADIR=$var;; + --with-ccopts|CFLAGS) CFLAGS=$var;; +- -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";; + CC) CC=$var;; + CPPFLAGS) CPPFLAGS=$var;; + PKG_CONFIG) PKG_CONFIG=$var;; +@@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then + echo "CPPFLAGS=" >>$CONFIG_MK + echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK + fi +-if [ -n "$INCLUDEDIR" ]; then +- echo "CPPFLAGS+= $INCLUDEDIR" >>$CONFIG_MK +-fi + if [ -n "$LDFLAGS" ]; then + echo "LDFLAGS=" >>$CONFIG_MK + echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service new file mode 100644 index 0000000000..6c967ddaf0 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service @@ -0,0 +1,11 @@ +[Unit] +Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support +Wants=network.target +Before=network.target +Conflicts=connman.service + +[Service] +ExecStart=/sbin/dhcpcd -q --nobackground + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service new file mode 100644 index 0000000000..845b83b9e5 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service @@ -0,0 +1,16 @@ +[Unit] +Description=dhcpcd on %I +Wants=network.target +Before=network.target +BindsTo=sys-subsystem-net-devices-%i.device +After=sys-subsystem-net-devices-%i.device +Conflicts=connman.service + +[Service] +Type=forking +PIDFile=/run/dhcpcd/%I.pid +ExecStart=/sbin/dhcpcd -q %I +ExecStop=/sbin/dhcpcd -x %I + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch deleted file mode 100644 index d4764f5867..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch +++ /dev/null @@ -1,31 +0,0 @@ -Upstream-Status: Pending - -Subject: rcp: fix to work with large files - -When we copy file by rcp command, if the file > 2GB, it will fail. -The cause is that it used incorrect data type on file size in sink() of rcp. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/rcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/rcp.c b/src/rcp.c -index 21f55b6..bafa35f 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -876,9 +876,9 @@ sink (int argc, char *argv[]) - enum - { YES, NO, DISPLAYED } wrerr; - BUF *bp; -- off_t i, j; -+ off_t i, j, size; - int amt, count, exists, first, mask, mode, ofd, omode; -- int setimes, size, targisdir, wrerrno; -+ int setimes, targisdir, wrerrno; - char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ]; - const char *why; - --- -1.9.1 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch deleted file mode 100644 index a91913cb51..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch +++ /dev/null @@ -1,25 +0,0 @@ -tftpd: Fix abort on error path - -When trying to fetch a non existent file, the app crashes with: - -*** buffer overflow detected ***: -Aborted - - -Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205] -Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> -diff --git a/src/tftpd.c b/src/tftpd.c -index 56002a0..144012f 100644 ---- a/src/tftpd.c -+++ b/src/tftpd.c -@@ -864,9 +864,8 @@ nak (int error) - pe->e_msg = strerror (error - 100); - tp->th_code = EUNDEF; /* set 'undef' errorcode */ - } -- strcpy (tp->th_msg, pe->e_msg); - length = strlen (pe->e_msg); -- tp->th_msg[length] = '\0'; -+ memcpy(tp->th_msg, pe->e_msg, length + 1); - length += 5; - if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length) - syslog (LOG_ERR, "nak: %m\n"); diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch deleted file mode 100644 index 24c134fcac..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch +++ /dev/null @@ -1,83 +0,0 @@ -Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html - -Upstream-Status: Pending - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - ping/ping_common.h | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/ping/ping_common.h b/ping/ping_common.h -index 1dfd1b5..3bfbd12 100644 ---- a/ping/ping_common.h -+++ b/ping/ping_common.h -@@ -17,10 +17,14 @@ - You should have received a copy of the GNU General Public License - along with this program. If not, see `http://www.gnu.org/licenses/'. */ - -+#include <config.h> -+ - #include <netinet/in_systm.h> - #include <netinet/in.h> - #include <netinet/ip.h> -+#ifdef HAVE_IPV6 - #include <netinet/icmp6.h> -+#endif - #include <icmp.h> - #include <error.h> - #include <progname.h> -@@ -62,7 +66,12 @@ struct ping_stat - want to follow the traditional behaviour of ping. */ - #define DEFAULT_PING_COUNT 0 - -+#ifdef HAVE_IPV6 - #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN) -+#else -+#define PING_HEADER_LEN (ICMP_MINLEN) -+#endif -+ - #define PING_TIMING(s) ((s) >= sizeof (struct timeval)) - #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */ - -@@ -74,13 +83,20 @@ struct ping_stat - (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\ - } while (0) - -+#ifdef HAVE_IPV6 - /* FIXME: Adjust IPv6 case for options and their consumption. */ - #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \ - (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)) - -+#else -+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN) -+#endif -+ -+#ifdef HAVE_IPV6 - typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest, - struct sockaddr_in6 * from, struct icmp6_hdr * icmp, - int datalen); -+#endif - - typedef int (*ping_efp) (int code, - void *closure, -@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code, - struct ip * ip, icmphdr_t * icmp, int datalen); - - union event { -+#ifdef HAVE_IPV6 - ping_efp6 handler6; -+#endif - ping_efp handler; - }; - - union ping_address { - struct sockaddr_in ping_sockaddr; -+#ifdef HAVE_IPV6 - struct sockaddr_in6 ping_sockaddr6; -+#endif - }; - - typedef struct ping_data PING; --- -2.8.3 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch deleted file mode 100644 index 3da4e9f55a..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier at gentoo.org> -Date: Thu, 18 Nov 2010 16:59:14 -0500 -Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__ - -Upstream-Status: Pending - -Signed-off-by: Mike Frysinger <vapier at gentoo.org> ---- - lib/printf-parse.h | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/lib/printf-parse.h b/lib/printf-parse.h -index 67a4a2a..3bd6152 100644 ---- a/lib/printf-parse.h -+++ b/lib/printf-parse.h -@@ -25,6 +25,9 @@ - - #include "printf-args.h" - -+#ifdef HAVE_FEATURES_H -+# include <features.h> /* for __GLIBC__ */ -+#endif - - /* Flags */ - #define FLAG_GROUP 1 /* ' flag */ --- -1.7.3.2 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch deleted file mode 100644 index b13bb9229f..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch +++ /dev/null @@ -1,14 +0,0 @@ -Upstream-Status: Pending - ---- inetutils-1.8/lib/wchar.in.h -+++ inetutils-1.8/lib/wchar.in.h -@@ -70,6 +70,9 @@ - /* The include_next requires a split double-inclusion guard. */ - #if @HAVE_WCHAR_H@ - # @INCLUDE_NEXT@ @NEXT_WCHAR_H@ -+#else -+# include <stddef.h> -+# define MB_CUR_MAX 1 - #endif - - #undef _GL_ALREADY_INCLUDING_WCHAR_H diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch deleted file mode 100644 index 2592989a90..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch +++ /dev/null @@ -1,26 +0,0 @@ -inetutils: define PATH_PROCNET_DEV if not already defined - -this prevents the following compilation error : -system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function) - -this patch comes from : - http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/ - -Upstream-Status: Inappropriate [not author] - -Signed-of-by: Eric Bénard <eric@eukrea.com> ---- -diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c ---- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500 -+++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500 -@@ -49,6 +49,10 @@ - #include "../ifconfig.h" - - -+#ifndef PATH_PROCNET_DEV -+ #define PATH_PROCNET_DEV "/proc/net/dev" -+#endif -+ - /* ARPHRD stuff. */ - - static void diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch deleted file mode 100644 index ff3abd86aa..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch +++ /dev/null @@ -1,40 +0,0 @@ -Only check security/pam_appl.h which is provided by package libpam when pam is -enabled. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/configure.ac b/configure.ac -index b35e672..e78a751 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -195,6 +195,19 @@ fi - - # See if we have libpam.a. Investigate PAM versus Linux-PAM. - if test "$with_pam" = yes ; then -+ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [ -+#include <sys/types.h> -+#ifdef HAVE_NETINET_IN_SYSTM_H -+# include <netinet/in_systm.h> -+#endif -+#include <netinet/in.h> -+#ifdef HAVE_NETINET_IP_H -+# include <netinet/ip.h> -+#endif -+#ifdef HAVE_SYS_PARAM_H -+# include <sys/param.h> -+#endif -+]) - AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) - AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) - if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then -@@ -587,7 +600,7 @@ AC_HEADER_DIRENT - AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \ - glob.h memory.h netinet/ether.h netinet/in_systm.h \ - netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ -- security/pam_appl.h shadow.h \ -+ shadow.h \ - stdarg.h stdlib.h string.h stropts.h sys/tty.h \ - sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ - sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch deleted file mode 100644 index 532a0e5c08..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/version.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -remove m4_esyscmd function - -Signed-off-by: Chunrong Guo <b40290@freescale.com> ---- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800 -+++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800 -@@ -20,8 +20,7 @@ - - AC_PREREQ(2.59) - --AC_INIT([GNU inetutils], -- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']), -+AC_INIT([GNU inetutils],[1.9.4], - [bug-inetutils@gnu.org]) - - AC_CONFIG_SRCDIR([src/inetd.c]) diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb index 684fbe09e1..0f1a0736bd 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb @@ -1,3 +1,4 @@ +SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers." DESCRIPTION = "The GNU inetutils are a collection of common \ networking utilities and servers including ftp, ftpd, rcp, \ rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ @@ -6,34 +7,23 @@ HOMEPAGE = "http://www.gnu.org/software/inetutils" SECTION = "net" DEPENDS = "ncurses netbase readline virtual/crypt" -LICENSE = "GPLv3" +LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ - file://version.patch \ - file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ - file://inetutils-1.8-0003-wchar.patch \ - file://rexec.xinetd.inetutils \ +SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" +SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ + file://rexec.xinetd.inetutils \ file://rlogin.xinetd.inetutils \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ - file://inetutils-1.9-PATH_PROCNET_DEV.patch \ - file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ - file://0001-rcp-fix-to-work-with-large-files.patch \ - file://fix-buffer-fortify-tfpt.patch \ -" - -SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" -SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616" + " inherit autotools gettext update-alternatives texinfo acpaths = "-I ./m4" -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}" - PACKAGECONFIG ??= "ftp uucpd \ ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ @@ -45,24 +35,36 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ - inetutils_cv_path_login=${base_bindir}/login \ --with-libreadline-prefix=${STAGING_LIBDIR} \ --enable-rpath=no \ -" + --with-path-login=${base_bindir}/login \ + --with-path-cp=${base_bindir}/cp \ + --with-path-uucico=${libexecdir}/uuico \ + --with-path-procnet-dev=/proc/net/dev \ + " + +EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx" # These are horrible for security, disable them -EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ +EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" -do_configure_prepend () { +# The configure script guesses many paths in cross builds, check for this happening +do_configure_cross_check() { + if grep "may be incorrect because of cross-compilation" ${B}/config.log; then + bberror Default path values used, these must be set explicitly + fi +} +do_configure[postfuncs] += "do_configure_cross_check" + +# The --with-path options are not actually options, so this check needs to be silenced +ERROR_QA:remove = "unknown-configure-option" + +do_configure:prepend () { export HELP2MAN='true' - cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath - install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} - install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} - rm -f ${S}/glob/configure* } -do_install_append () { +do_install:append () { install -m 0755 -d ${D}${base_sbindir} install -m 0755 -d ${D}${sbindir} install -m 0755 -d ${D}${sysconfdir}/xinetd.d @@ -70,6 +72,7 @@ do_install_append () { install -m 0755 -d ${D}${base_bindir} mv ${D}${bindir}/ping* ${D}${base_bindir}/ mv ${D}${bindir}/hostname ${D}${base_bindir}/ + mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/ fi mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ @@ -117,94 +120,99 @@ PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" NOAUTOPACKAGEDEBUG = "1" ALTERNATIVE_PRIORITY = "79" -ALTERNATIVE_${PN} = "whois" +ALTERNATIVE:${PN} = "whois dnsdomainname" ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" +ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" ALTERNATIVE_PRIORITY_${PN}-logger = "60" -ALTERNATIVE_${PN}-logger = "logger" -ALTERNATIVE_${PN}-syslogd = "syslogd" +ALTERNATIVE:${PN}-logger = "logger" +ALTERNATIVE:${PN}-syslogd = "syslogd" ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" -ALTERNATIVE_${PN}-ftp = "ftp" -ALTERNATIVE_${PN}-ftpd = "ftpd" -ALTERNATIVE_${PN}-tftp = "tftp" -ALTERNATIVE_${PN}-tftpd = "tftpd" +ALTERNATIVE:${PN}-ftp = "ftp" +ALTERNATIVE:${PN}-ftpd = "ftpd" +ALTERNATIVE:${PN}-tftp = "tftp" +ALTERNATIVE:${PN}-tftpd = "tftpd" ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" -ALTERNATIVE_${PN}-telnet = "telnet" -ALTERNATIVE_${PN}-telnetd = "telnetd" +ALTERNATIVE:${PN}-telnet = "telnet" +ALTERNATIVE:${PN}-telnetd = "telnetd" ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" -ALTERNATIVE_${PN}-inetd= "inetd" -ALTERNATIVE_${PN}-traceroute = "traceroute" +ALTERNATIVE:${PN}-inetd= "inetd" +ALTERNATIVE:${PN}-traceroute = "traceroute" -ALTERNATIVE_${PN}-hostname = "hostname" +ALTERNATIVE:${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" -ALTERNATIVE_${PN}-ifconfig = "ifconfig" +ALTERNATIVE:${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" -ALTERNATIVE_${PN}-ping = "ping" +ALTERNATIVE:${PN}-ping = "ping" ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" -ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" +ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" -FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" -FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" -FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" -FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" -FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" -FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" -FILES_${PN}-logger = "${bindir}/logger.${BPN}" +FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" +FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" +FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" +FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" +FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" +FILES:${PN}-logger = "${bindir}/logger.${BPN}" -FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" -RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" +FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" +RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" -FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" +FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" -FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" -FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" +FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" +FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" # We make us of RCONFLICTS / RPROVIDES here rather than using the normal # alternatives method as this leads to packaging QA issues when using # musl as that library does not provide what these applications need to # build. -FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" -RCONFLICTS_${PN}-rsh += "netkit-rsh-client" -RPROVIDES_${PN}-rsh = "rsh" +FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" +RCONFLICTS:${PN}-rsh += "netkit-rsh-client" +RPROVIDES:${PN}-rsh = "rsh" -FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ +FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" -FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" -RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" -RCONFLICTS_${PN}-rshd += "netkit-rshd-server" -RPROVIDES_${PN}-rshd = "rshd" +FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" +RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" +RCONFLICTS:${PN}-rshd += "netkit-rshd-server" +RPROVIDES:${PN}-rshd = "rshd" -FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" -FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" -RDEPENDS_${PN}-ftpd += "xinetd" +FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" +FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" +RDEPENDS:${PN}-ftpd += "xinetd" -FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" -FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" -RCONFLICTS_${PN}-tftpd += "netkit-tftpd" -RDEPENDS_${PN}-tftpd += "xinetd" +FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" +FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" +RCONFLICTS:${PN}-tftpd += "netkit-tftpd" +RDEPENDS:${PN}-tftpd += "xinetd" -FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" -FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" -RCONFLICTS_${PN}-telnetd += "netkit-telnet" -RPROVIDES_${PN}-telnetd = "telnetd" -RDEPENDS_${PN}-telnetd += "xinetd" +FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" +FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" +RCONFLICTS:${PN}-telnetd += "netkit-telnet" +RPROVIDES:${PN}-telnetd = "telnetd" +RDEPENDS:${PN}-telnetd += "xinetd" -FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" +FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" -RDEPENDS_${PN} = "xinetd" +RDEPENDS:${PN} = "xinetd" diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc deleted file mode 100644 index fc31b8444e..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2.inc +++ /dev/null @@ -1,69 +0,0 @@ -SUMMARY = "TCP / IP networking and traffic control utilities" -DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ -TCP / IP networking and traffic control in Linux. Of the utilities ip \ -and tc are the most important. ip controls IPv4 and IPv6 \ -configuration and tc stands for traffic control." -HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" -SECTION = "base" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" - -DEPENDS = "flex-native bison-native iptables libcap" - -inherit update-alternatives bash-completion pkgconfig - -CLEANBROKEN = "1" - -PACKAGECONFIG ??= "tipc elf" -PACKAGECONFIG[tipc] = ",,libmnl," -PACKAGECONFIG[elf] = ",,elfutils," - -EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" - -do_configure_append () { - sh configure ${STAGING_INCDIR} - # Explicitly disable ATM support - sed -i -e '/TC_CONFIG_ATM/d' config.mk -} - -do_install () { - oe_runmake DESTDIR=${D} install - mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 - install -d ${D}${datadir} - mv ${D}/share/* ${D}${datadir}/ || true - rm ${D}/share -rf || true -} - -# The .so files in iproute2-tc are modules, not traditional libraries -INSANE_SKIP_${PN}-tc = "dev-so" - -PACKAGES =+ "${PN}-tc \ - ${PN}-lnstat \ - ${PN}-ifstat \ - ${PN}-genl \ - ${PN}-rtacct \ - ${PN}-nstat \ - ${PN}-ss \ - ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}" -FILES_${PN}-tc = "${base_sbindir}/tc* \ - ${libdir}/tc/*.so" -FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ - ${base_sbindir}/ctstat \ - ${base_sbindir}/rtstat" -FILES_${PN}-ifstat = "${base_sbindir}/ifstat" -FILES_${PN}-genl = "${base_sbindir}/genl" -FILES_${PN}-rtacct = "${base_sbindir}/rtacct" -FILES_${PN}-nstat = "${base_sbindir}/nstat" -FILES_${PN}-ss = "${base_sbindir}/ss" -FILES_${PN}-tipc = "${base_sbindir}/tipc" - -ALTERNATIVE_${PN} = "ip" -ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" -ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" -ALTERNATIVE_PRIORITY = "100" - -ALTERNATIVE_${PN}-tc = "tc" -ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" -ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch index 50c4bfb0f2..74e3de1ce9 100644 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch +++ b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch @@ -1,4 +1,4 @@ -From b7d96340c55afb7023ded0041107c63dbd886196 Mon Sep 17 00:00:00 2001 +From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001 From: Baruch Siach <baruch@tkos.co.il> Date: Thu, 22 Dec 2016 15:26:30 +0200 Subject: [PATCH] libc-compat.h: add musl workaround @@ -14,15 +14,16 @@ https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-work Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Maxin B. John <maxin.john@intel.com> + --- include/uapi/linux/libc-compat.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h -index f38571d..30f0b67 100644 +index a159991..22198fa 100644 --- a/include/uapi/linux/libc-compat.h +++ b/include/uapi/linux/libc-compat.h -@@ -49,10 +49,12 @@ +@@ -50,10 +50,12 @@ #define _LIBC_COMPAT_H /* We have included glibc headers... */ @@ -36,6 +37,3 @@ index f38571d..30f0b67 100644 /* GLIBC headers included first so don't define anything * that would already be defined. */ --- -2.4.0 - diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb deleted file mode 100644 index 8a86cbf78c..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb +++ /dev/null @@ -1,12 +0,0 @@ -require iproute2.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ - file://0001-libc-compat.h-add-musl-workaround.patch \ - " - -SRC_URI[md5sum] = "227404413c8d6db649d6188ead1e5a6e" -SRC_URI[sha256sum] = "cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f" - -# CFLAGS are computed in Makefile and reference CCOPTS -# -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb new file mode 100644 index 0000000000..8c460adf73 --- /dev/null +++ b/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb @@ -0,0 +1,106 @@ +SUMMARY = "TCP / IP networking and traffic control utilities" +DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ +TCP / IP networking and traffic control in Linux. Of the utilities ip \ +and tc are the most important. ip controls IPv4 and IPv6 \ +configuration and tc stands for traffic control." +HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" +SECTION = "base" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + " + +DEPENDS = "flex-native bison-native iptables libcap" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ + file://0001-libc-compat.h-add-musl-workaround.patch \ + " + +SRC_URI[sha256sum] = "ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d" + +inherit update-alternatives bash-completion pkgconfig + +PACKAGECONFIG ??= "tipc elf devlink" +PACKAGECONFIG[tipc] = ",,libmnl," +PACKAGECONFIG[elf] = ",,elfutils," +PACKAGECONFIG[devlink] = ",,libmnl," +PACKAGECONFIG[rdma] = ",,libmnl," +PACKAGECONFIG[selinux] = ",,libselinux" + +IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" + +# CFLAGS are computed in Makefile and reference CCOPTS +# +EXTRA_OEMAKE = "\ + CC='${CC}' \ + KERNEL_INCLUDE=${STAGING_INCDIR} \ + DOCDIR=${docdir}/iproute2 \ + SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ + SBINDIR='${base_sbindir}' \ + CONF_USR_DIR='${libdir}/iproute2' \ + LIBDIR='${libdir}' \ + CCOPTS='${CFLAGS}' \ +" + +do_configure:append () { + sh configure ${STAGING_INCDIR} + # Explicitly disable ATM support + sed -i -e '/TC_CONFIG_ATM/d' config.mk +} + +do_install () { + oe_runmake DESTDIR=${D} install + mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 + install -d ${D}${datadir} + mv ${D}/share/* ${D}${datadir}/ || true + rm ${D}/share -rf || true +} + +# The .so files in iproute2-tc are modules, not traditional libraries +INSANE_SKIP:${PN}-tc = "dev-so" + +IPROUTE2_PACKAGES =+ "\ + ${PN}-bridge \ + ${PN}-devlink \ + ${PN}-genl \ + ${PN}-ifstat \ + ${PN}-ip \ + ${PN}-lnstat \ + ${PN}-nstat \ + ${PN}-routel \ + ${PN}-rtacct \ + ${PN}-ss \ + ${PN}-tc \ + ${PN}-tipc \ + ${PN}-rdma \ +" + +PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" +RDEPENDS:${PN} += "${PN}-ip" + +FILES:${PN}-tc = "${base_sbindir}/tc* \ + ${libdir}/tc/*.so" +FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ + ${base_sbindir}/ctstat \ + ${base_sbindir}/rtstat" +FILES:${PN}-ifstat = "${base_sbindir}/ifstat" +FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2" +FILES:${PN}-genl = "${base_sbindir}/genl" +FILES:${PN}-rtacct = "${base_sbindir}/rtacct" +FILES:${PN}-nstat = "${base_sbindir}/nstat" +FILES:${PN}-ss = "${base_sbindir}/ss" +FILES:${PN}-tipc = "${base_sbindir}/tipc" +FILES:${PN}-devlink = "${base_sbindir}/devlink" +FILES:${PN}-rdma = "${base_sbindir}/rdma" +FILES:${PN}-routel = "${base_sbindir}/routel" +FILES:${PN}-bridge = "${base_sbindir}/bridge" + +RDEPENDS:${PN}-routel = "python3-core" + +ALTERNATIVE:${PN}-ip = "ip" +ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" +ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE:${PN}-tc = "tc" +ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" +ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch index eb01a5a14e..179fd90124 100644 --- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ b/meta/recipes-connectivity/iw/iw/separate-objdir.patch @@ -1,3 +1,6 @@ +From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae <changhyeok.bae@gmail.com> +Date: Mon, 27 Jan 2020 22:48:03 +0100 Subject: [PATCH] Support separation of SRCDIR and OBJDIR Typical use of VPATH to locate the sources. @@ -11,12 +14,12 @@ Signed-off-by: Maxin B. John <maxin.john@intel.com> 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile -index 33aaf6a..9030796 100644 +index 90f2251..714cdb9 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,9 @@ MAKEFLAGS += --no-print-directory - + +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) +OBJDIR ?= $(PWD) +VPATH = $(SRCDIR) @@ -24,19 +27,24 @@ index 33aaf6a..9030796 100644 PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man -@@ -103,11 +107,11 @@ VERSION_OBJS := $(filter-out version.o, $(OBJS)) +@@ -92,7 +96,7 @@ all: $(ALL) version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ $(wildcard .git/index .git/refs/tags) @$(NQ) ' GEN ' $@ - $(Q)./version.sh $@ + $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ - - %.o: %.c iw.h nl80211.h + + nl80211-commands.inc: nl80211.h + @$(NQ) ' GEN ' $@ +@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h + + %.o: %.c iw.h nl80211.h nl80211-commands.inc @$(NQ) ' CC ' $@ - $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< + $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< - + ifeq ($(IW_ANDROID_BUILD),) iw: $(OBJS) --- -2.20.1 (Apple Git-117) +-- +2.23.0 + diff --git a/meta/recipes-connectivity/iw/iw_5.3.bb b/meta/recipes-connectivity/iw/iw_6.7.bb index f7f13f5a30..b46b54bc93 100644 --- a/meta/recipes-connectivity/iw/iw_5.3.bb +++ b/meta/recipes-connectivity/iw/iw_6.7.bb @@ -2,7 +2,7 @@ SUMMARY = "nl80211 based CLI configuration utility for wireless devices" DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ wireless devices. It supports almost all new drivers that have been added \ to the kernel recently. " -HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" +HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" SECTION = "base" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" @@ -14,8 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://separate-objdir.patch \ " -SRC_URI[md5sum] = "6d4d1c0ee34f3a7bda0e6aafcd7aaf31" -SRC_URI[sha256sum] = "175abbfce86348c0b70e778c13a94c0bfc9abc7a506d2bd608261583aeedf64a" +SRC_URI[sha256sum] = "b3ef3fa85fa1177b11d3e97d6d38cdfe10ee250ca31482b581f3bd0fc79cb015" inherit pkgconfig diff --git a/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch b/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch new file mode 100644 index 0000000000..8a5bd00302 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch @@ -0,0 +1,62 @@ +From f9bcfed5a1d44d9211c5f6eba403a9898c8c9057 Mon Sep 17 00:00:00 2001 +From: Sudip Mukherjee <sudipm.mukherjee@gmail.com> +Date: Tue, 8 Aug 2023 19:03:13 +0100 +Subject: [PATCH] kea: fix reproducible build failure + +New version of Kea has started using path of build-dir instead of +src-dir which results in reproducible builds failure. +Use src-dir as is used in v2.2.0 + +Upstream-Status: Pending +https://gitlab.isc.org/isc-projects/kea/-/issues/3007 + +Upstream has confirmed the patch will not be accepted but discussions +with upstream is still going on, we might have a proper solution later. + +Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> +--- + src/bin/admin/kea-admin.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/bin/admin/kea-admin.in b/src/bin/admin/kea-admin.in +index 034a0ee..8ab11ab 100644 +--- a/src/bin/admin/kea-admin.in ++++ b/src/bin/admin/kea-admin.in +@@ -51,14 +51,14 @@ dump_qry="" + if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then + . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh" + else +- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh" ++ . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh" + fi + + # Find the installed kea-lfc if available. Fallback to sources otherwise. + if test -x "@sbindir@/kea-lfc"; then + kea_lfc="@sbindir@/kea-lfc" + else +- kea_lfc="@abs_top_builddir@/src/bin/lfc/kea-lfc" ++ kea_lfc="@abs_top_srcdir@/src/bin/lfc/kea-lfc" + fi + + # Prints out usage version. +@@ -355,7 +355,7 @@ mysql_upgrade() { + # Check if there are any files in it + num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l) + if [ "$num_files" -eq 0 ]; then +- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/mysql ++ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/mysql + + # Check if the scripts directory exists at all. + if [ ! -d ${upgrade_scripts_dir} ]; then +@@ -405,7 +405,7 @@ pgsql_upgrade() { + # Check if there are any files in it + num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l) + if [ "$num_files" -eq 0 ]; then +- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/pgsql ++ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/pgsql + + # Check if the scripts directory exists at all. + if [ ! -d ${upgrade_scripts_dir} ]; then +-- +2.39.2 + diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch new file mode 100644 index 0000000000..94fbd12737 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch @@ -0,0 +1,28 @@ +From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 10 Nov 2020 15:57:03 +0000 +Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build + path into binary + +This breaks reproducibility and is needed only in unit testing. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +--- + src/lib/log/logger_unittest_support.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc +index fc01c6e..f46d17e 100644 +--- a/src/lib/log/logger_unittest_support.cc ++++ b/src/lib/log/logger_unittest_support.cc +@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { + const char* localfile = getenv("KEA_LOGGER_LOCALMSG"); + + // Set a directory for creating lockfiles when running tests +- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); ++ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); + + // Initialize logging + initLogger(root, severity, dbglevel, localfile); diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch new file mode 100644 index 0000000000..5b135b3aee --- /dev/null +++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -0,0 +1,58 @@ +From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 22 Sep 2020 15:02:33 +0800 +Subject: [PATCH] There are conflict of config files between kea and lib32-kea: + +| Error: Transaction test error: +| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of + lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 +| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of + lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 + +Because they are all commented out, replace the expanded libdir path with +'$libdir' in the config files to avoid conflict. + +Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +--- + src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- + src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre +index e6ae8b8..50a3092 100644 +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -51,7 +51,8 @@ + // Agent will fail to start. + "hooks-libraries": [ + // { +-// "library": "@libdir@/kea/hooks/control-agent-commands.so", ++// // Replace $libdir with real library path /usr/lib or /usr/lib64 ++// "library": "$libdir/kea/hooks/control-agent-commands.so", + // "parameters": { + // "param1": "foo" + // } +diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre +index 6edb8a1..b2a7385 100644 +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -255,7 +255,7 @@ + // // of all devices serviced by Kea, including their identifiers + // // (like MAC address), their location in the network, times + // // when they were active etc. +- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", ++ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", + // "parameters": { + // "path": "/var/lib/kea", + // "base-name": "kea-forensic4" +@@ -272,7 +272,7 @@ + // // of specific options or perhaps even a combination of several + // // options and fields to uniquely identify a client. Those scenarios + // // are addressed by the Flexible Identifiers hook application. +- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", ++ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", + // "parameters": { + // "identifier-expression": "relay4[2].hex" + // } diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch new file mode 100644 index 0000000000..63a6a2805b --- /dev/null +++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch @@ -0,0 +1,29 @@ +From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001 +From: Armin kuster <akuster808@gmail.com> +Date: Wed, 14 Oct 2020 22:48:31 -0700 +Subject: [PATCH] Busybox does not support ps -p so use pgrep + +Upstream-Status: Inappropriate [embedded specific] +Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> + +Signed-off-by: Armin kuster <akuster808@gmail.com> + +--- + src/bin/keactrl/keactrl.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in +index 450e997..c353ca9 100644 +--- a/src/bin/keactrl/keactrl.in ++++ b/src/bin/keactrl/keactrl.in +@@ -149,8 +149,8 @@ check_running() { + # Get the PID from the PID file (if it exists) + get_pid_from_file "${proc_name}" + if [ ${_pid} -gt 0 ]; then +- # Use ps to check if PID is alive +- if ps -p ${_pid} 1>/dev/null; then ++ # Use pgrep and grep to check if PID is alive ++ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then + # No error, so PID IS ALIVE + _running=1 + fi diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server new file mode 100644 index 0000000000..50fe40d439 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server @@ -0,0 +1,46 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp-ddns-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp-ddns-server" +NAME=kea-dhcp-ddns +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp_ddns" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service new file mode 100644 index 0000000000..f6059d73cb --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service @@ -0,0 +1,12 @@ +[Unit] +Description=Kea DHCP-DDNS Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server new file mode 100644 index 0000000000..e83e51025d --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp4-server @@ -0,0 +1,46 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp4-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp4-server" +NAME=kea-dhcp4 +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp4" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service new file mode 100644 index 0000000000..b851ea71c5 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service @@ -0,0 +1,13 @@ +[Unit] +Description=Kea DHCPv4 Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea +ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server new file mode 100644 index 0000000000..10f2d22641 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp6-server @@ -0,0 +1,47 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp6-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp6-server" +NAME=kea-dhcp6 +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp6" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service new file mode 100644 index 0000000000..0f9f0ef8d9 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service @@ -0,0 +1,13 @@ +[Unit] +Description=Kea DHCPv6 Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea +ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/kea_2.4.1.bb b/meta/recipes-connectivity/kea/kea_2.4.1.bb new file mode 100644 index 0000000000..c3aa4dc8f0 --- /dev/null +++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb @@ -0,0 +1,78 @@ +SUMMARY = "ISC Kea DHCP Server" +DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." +HOMEPAGE = "http://kea.isc.org" +SECTION = "connectivity" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131" + +DEPENDS = "boost log4cplus openssl" + +SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ + file://kea-dhcp4.service \ + file://kea-dhcp6.service \ + file://kea-dhcp-ddns.service \ + file://kea-dhcp4-server \ + file://kea-dhcp6-server \ + file://kea-dhcp-ddns-server \ + file://fix-multilib-conflict.patch \ + file://fix_pid_keactrl.patch \ + file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ + file://0001-kea-fix-reproducible-build-failure.patch \ + " +SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a" + +inherit autotools systemd update-rc.d upstream-version-is-even + +INITSCRIPT_NAME = "kea-dhcp4-server" +INITSCRIPT_PARAMS = "defaults 30" + +SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" +SYSTEMD_AUTO_ENABLE = "disable" + +DEBUG_OPTIMIZATION:remove:mips = " -Og" +DEBUG_OPTIMIZATION:append:mips = " -O" +BUILD_OPTIMIZATION:remove:mips = " -Og" +BUILD_OPTIMIZATION:append:mips = " -O" + +DEBUG_OPTIMIZATION:remove:mipsel = " -Og" +DEBUG_OPTIMIZATION:append:mipsel = " -O" +BUILD_OPTIMIZATION:remove:mipsel = " -Og" +BUILD_OPTIMIZATION:append:mipsel = " -O" + +EXTRA_OECONF = "--with-boost-libs=-lboost_system \ + --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ + --with-openssl=${STAGING_DIR_TARGET}${prefix}" + +do_configure:prepend() { + # replace abs_top_builddir to avoid introducing the build path + # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target + find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" + sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in +} + +# patch out build host paths for reproducibility +do_compile:prepend:class-target() { + sed -i -e "s,${WORKDIR},,g" ${B}/config.report +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + install -d ${D}${systemd_system_unitdir} + + install -m 0644 ${WORKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir} + install -m 0755 ${WORKDIR}/kea-*-server ${D}${sysconfdir}/init.d + sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl +} + +do_install:append() { + rm -rf "${D}${localstatedir}" +} + +CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" + +FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" +FILES:${PN} += "${libdir}/hooks/*.so" + +PARALLEL_MAKEINST = "" diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb deleted file mode 100644 index 953505971a..0000000000 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb +++ /dev/null @@ -1,46 +0,0 @@ -SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" -HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/" -SECTION = "libs" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" - -DEPENDS = "avahi" -PR = "r7" - -SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \ - " - -SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7" -SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d" - -S = "${WORKDIR}/nss-mdns-${PV}" - -localstatedir = "/" - -inherit autotools - -COMPATIBLE_HOST_libc-musl = 'null' - -EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" - -# suppress warning, but don't bother with autonamer -LEAD_SONAME = "libnss_mdns.so" -DEBIANNAME_${PN} = "libnss-mdns" - -RDEPENDS_${PN} = "avahi-daemon" - -pkg_postinst_${PN} () { - sed ' - /^hosts:/ !b - /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b - s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g - ' -i $D${sysconfdir}/nsswitch.conf -} - -pkg_prerm_${PN} () { - sed ' - /^hosts:/ !b - s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g - ' -i $D${sysconfdir}/nsswitch.conf -} diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb new file mode 100644 index 0000000000..0db609fc47 --- /dev/null +++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb @@ -0,0 +1,39 @@ +SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" +HOMEPAGE = "https://github.com/lathiat/nss-mdns" +DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." +SECTION = "libs" + +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" + +DEPENDS = "avahi" + +SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ + " + +SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +COMPATIBLE_HOST:libc-musl = 'null' + +EXTRA_OECONF = "--libdir=${base_libdir}" + +RDEPENDS:${PN} = "avahi-daemon" + +pkg_postinst:${PN} () { + sed ' + /^hosts:/ !b + /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b + s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g + ' -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm:${PN} () { + sed ' + /^hosts:/ !b + s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g + ' -i $D${sysconfdir}/nsswitch.conf +} diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb index 35bb5650b3..166654e280 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb @@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ - " -SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c" -SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" inherit autotools binconfig-disabled pkgconfig @@ -21,10 +19,11 @@ BINCONFIG = "${bindir}/pcap-config" # Explicitly disable dag support. We don't have recipe for it and if enabled here, # configure script poisons the include dirs with /usr/local/include even when the -# support hasn't been detected. +# support hasn't been detected. Do the same thing for DPDK. EXTRA_OECONF = " \ --with-pcap=linux \ --without-dag \ + --without-dpdk \ " EXTRA_AUTORECONF += "--exclude=aclocal" @@ -36,9 +35,9 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" -do_configure_prepend () { +do_configure:prepend () { #remove hardcoded references to /usr/include sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac } -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/libuv/libuv_1.48.0.bb b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb new file mode 100644 index 0000000000..87a2c22a7c --- /dev/null +++ b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" +HOMEPAGE = "https://github.com/libuv/libuv" +DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." +BUGTRACKER = "https://github.com/libuv/libuv/issues" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ + file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" + +SRCREV = "e9f29cb984231524e3931aa0ae2c5dae1a32884e" +SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +S = "${WORKDIR}/git" + +inherit autotools + +do_configure() { + ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" + oe_runconf +} + +BBCLASSEXTEND = "native" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 0b0bbab168..a4030b7b32 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -1,13 +1,15 @@ SUMMARY = "Mobile Broadband Service Provider Database" HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" +DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228" -PV = "20190618" + +SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe" +PV = "20230416" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.19.bb index 7c124a3c0b..a98f436b98 100644 --- a/meta/recipes-connectivity/neard/neard_0.16.bb +++ b/meta/recipes-connectivity/neard/neard_0.19.bb @@ -1,33 +1,34 @@ SUMMARY = "Linux NFC daemon" DESCRIPTION = "A daemon for the Linux Near Field Communication stack" HOMEPAGE = "http://01.org/linux-nfc" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ + file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ + " -DEPENDS = "dbus glib-2.0 libnl" +DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" -SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \ +SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=https;branch=master \ file://neard.in \ file://Makefile.am-fix-parallel-issue.patch \ file://Makefile.am-do-not-ship-version.h.patch \ file://0001-Add-header-dependency-to-nciattach.o.patch \ " -SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41" -SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36" -LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ - file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ - " +SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7" + +S = "${WORKDIR}/git" inherit autotools pkgconfig systemd update-rc.d PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" EXTRA_OECONF += "--enable-tools" # This would copy neard start-stop shell and test scripts -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/init.d/ sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ @@ -36,10 +37,10 @@ do_install_append() { fi } -RDEPENDS_${PN} = "dbus" +RDEPENDS:${PN} = "dbus" # Bluez & Wifi are not mandatory except for handover -RRECOMMENDS_${PN} = "\ +RRECOMMENDS:${PN} = "\ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ " @@ -47,4 +48,4 @@ RRECOMMENDS_${PN} = "\ INITSCRIPT_NAME = "neard" INITSCRIPT_PARAMS = "defaults 64" -SYSTEMD_SERVICE_${PN} = "neard.service" +SYSTEMD_SERVICE:${PN} = "neard.service" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch deleted file mode 100644 index 23bc3eaf72..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001 -From: Pascal Bach <pascal.bach@siemens.com> -Date: Wed, 13 Feb 2019 09:28:07 +0100 -Subject: [PATCH] Don't build tools with CC_FOR_BUILD - -The tools are intended for the target not for the host. - -Upstream-Status: Pending - -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> ---- - tools/locktest/Makefile.am | 1 - - tools/rpcgen/Makefile.am | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index 3156815..87d0bac 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = testlk -diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am -index 8a9ec89..3e092c9 100644 ---- a/tools/rpcgen/Makefile.am -+++ b/tools/rpcgen/Makefile.am -@@ -1,6 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --CC=$(CC_FOR_BUILD) - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = rpcgen --- -2.11.0 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch deleted file mode 100644 index 7b0f93535f..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 2fbc62e2a13fc22b6ae4910e295a2c10fb790486 Mon Sep 17 00:00:00 2001 -From: Zoltan Karcagi <zkr7432@gmail.com> -Date: Mon, 12 Aug 2019 13:27:16 -0400 -Subject: [PATCH] Fix include order between config.h and stat.h - -At least on Arch linux ARM, the definition of struct stat in stat.h depends -on __USE_FILE_OFFSET64. This symbol comes from config.h when defined, -therefore config.h must always be included before stat.h. Fix all -occurrences where the order is wrong by moving config.h to the top. - -This fixes the client side error "Stale file handle" when mounting from -a server running Arch Linux ARM. - -Signed-off-by: Zoltan Karcagi <zkr7432@gmail.com> -Signed-off-by: Steve Dickson <steved@redhat.com> - -Upstream-Status: Backport -[http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=2fbc62e2a13fc22b6ae4910e295a2c10fb790486] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - support/misc/nfsd_path.c | 5 ++++- - support/misc/xstat.c | 5 ++++- - support/nfs/conffile.c | 8 +++++++- - utils/blkmapd/device-discovery.c | 8 ++++---- - utils/idmapd/idmapd.c | 8 ++++---- - 5 files changed, 23 insertions(+), 11 deletions(-) - -diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c -index 84e4802..f078a66 100644 ---- a/support/misc/nfsd_path.c -+++ b/support/misc/nfsd_path.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include <config.h> -+#endif -+ - #include <errno.h> - #include <sys/types.h> - #include <sys/stat.h> -@@ -5,7 +9,6 @@ - #include <stdlib.h> - #include <unistd.h> - --#include "config.h" - #include "conffile.h" - #include "xmalloc.h" - #include "xlog.h" -diff --git a/support/misc/xstat.c b/support/misc/xstat.c -index fa04788..4c997ee 100644 ---- a/support/misc/xstat.c -+++ b/support/misc/xstat.c -@@ -1,3 +1,7 @@ -+#ifdef HAVE_CONFIG_H -+#include <config.h> -+#endif -+ - #include <errno.h> - #include <sys/types.h> - #include <fcntl.h> -@@ -5,7 +9,6 @@ - #include <sys/sysmacros.h> - #include <unistd.h> - --#include "config.h" - #include "xstat.h" - - #ifdef HAVE_FSTATAT -diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c -index b6400be..6ba8a35 100644 ---- a/support/nfs/conffile.c -+++ b/support/nfs/conffile.c -@@ -500,7 +500,7 @@ conf_readfile(const char *path) - - if ((stat (path, &sb) == 0) || (errno != ENOENT)) { - char *new_conf_addr = NULL; -- size_t sz = sb.st_size; -+ off_t sz; - int fd = open (path, O_RDONLY, 0); - - if (fd == -1) { -@@ -517,6 +517,11 @@ conf_readfile(const char *path) - - /* only after we have the lock, check the file size ready to read it */ - sz = lseek(fd, 0, SEEK_END); -+ if (sz < 0) { -+ xlog_warn("conf_readfile: unable to determine file size: %s", -+ strerror(errno)); -+ goto fail; -+ } - lseek(fd, 0, SEEK_SET); - - new_conf_addr = malloc(sz+1); -@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg, - ret = 0; - - cleanup: -+ flush_outqueue(&inqueue, NULL); - flush_outqueue(&outqueue, NULL); - - if (buff) -diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c -index e811703..f5f9b10 100644 ---- a/utils/blkmapd/device-discovery.c -+++ b/utils/blkmapd/device-discovery.c -@@ -26,6 +26,10 @@ - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include <sys/sysmacros.h> - #include <sys/types.h> - #include <sys/stat.h> -@@ -51,10 +55,6 @@ - #include <errno.h> - #include <libdevmapper.h> - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "device-discovery.h" - #include "xcommon.h" - #include "nfslib.h" -diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c -index 62e37b8..267acea 100644 ---- a/utils/idmapd/idmapd.c -+++ b/utils/idmapd/idmapd.c -@@ -34,6 +34,10 @@ - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif /* HAVE_CONFIG_H */ -+ - #include <sys/types.h> - #include <sys/time.h> - #include <sys/inotify.h> -@@ -62,10 +66,6 @@ - #include <libgen.h> - #include <nfsidmap.h> - --#ifdef HAVE_CONFIG_H --#include "config.h" --#endif /* HAVE_CONFIG_H */ -- - #include "xlog.h" - #include "conffile.h" - #include "queue.h" --- -2.7.4 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index fcb0e99b33..7603eb680d 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -19,7 +19,7 @@ As there is already one source file named file.c as support/nsm/file.c in support/nsm/Makefile.am, so rename ../support/misc/file.c to ../support/misc/misc.c. -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2] Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> @@ -28,10 +28,10 @@ Rebase it. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- support/misc/Makefile.am | 2 +- - support/misc/file.c | 111 --------------------------------------------------------------------------------------------------------------- + support/misc/file.c | 115 --------------------------------------------------------------------------------------------------------------- support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ support/nsm/Makefile.am | 2 +- - 4 files changed, 113 insertions(+), 113 deletions(-) + 4 files changed, 113 insertions(+), 117 deletions(-) diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am index f9993e3..8b0e9db 100644 @@ -48,10 +48,10 @@ index f9993e3..8b0e9db 100644 MAINTAINERCLEANFILES = Makefile.in diff --git a/support/misc/file.c b/support/misc/file.c deleted file mode 100644 -index e7c3819..0000000 +index 06f6bb2..0000000 --- a/support/misc/file.c +++ /dev/null -@@ -1,111 +0,0 @@ +@@ -1,115 +0,0 @@ -/* - * Copyright 2009 Oracle. All rights reserved. - * Copyright 2017 Red Hat, Inc. All rights reserved. @@ -72,6 +72,10 @@ index e7c3819..0000000 - * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>. - */ - +-#ifdef HAVE_CONFIG_H +-#include <config.h> +-#endif +- -#include <sys/stat.h> - -#include <string.h> diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch deleted file mode 100644 index bafff5b9c0..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 1 Dec 2018 10:02:12 -0800 -Subject: [PATCH] cacheio: use intmax_t for formatted IO - -time_t is not same size on x32 ABI (ILP32) - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - support/nfs/cacheio.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c -index 9dc4cf1..2086a95 100644 ---- a/support/nfs/cacheio.c -+++ b/support/nfs/cacheio.c -@@ -17,6 +17,7 @@ - - #include <nfslib.h> - #include <stdio.h> -+#include <inttypes.h> - #include <stdio_ext.h> - #include <string.h> - #include <ctype.h> -@@ -234,7 +235,7 @@ cache_flush(int force) - stb.st_mtime > now) - stb.st_mtime = time(0); - -- sprintf(stime, "%ld\n", stb.st_mtime); -+ sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime); - for (c=0; cachelist[c]; c++) { - int fd; - sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]); --- -2.19.2 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch deleted file mode 100644 index d14f0789ff..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Mon, 17 Dec 2018 15:29:47 +0800 -Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes - -There comes below error when run "make -C tests/nsm_client nsm_client" -| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes] - -It is because rpcgen doesn't generate -Wmissing-prototypes -free code for nlm_sm_inter_svc.c with below logic -in tests/nsm_client/Makefile.am -[snip] -GENFILES_SVC = nlm_sm_inter_svc.c -[snip] -$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN) - test -f $@ && rm -rf $@ || true - $(RPCGEN) -m -o $@ $< - -So add the logic not to fatalize -Wmissing-prototypes. - -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2] - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..aebff01 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,7 +582,7 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -+ -Wmissing-prototypes \ - -Werror=missing-declarations \ - -Werror=format=2 \ - -Werror=undef \ diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch new file mode 100644 index 0000000000..351407ddcd --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch @@ -0,0 +1,36 @@ +From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 24 Jul 2023 20:39:16 -0700 +Subject: [PATCH] locktest: Makefile.am: Do not use build flags + +Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags +when thse flags are speficied different than target flags which +is common when cross-building. It can pass wrong paths to linker +and it would find incompatible libraries during link since they +are from host system and target maybe not same as build host. + +Fixes subtle errors like +| aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64 + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + tools/locktest/Makefile.am | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am +index e8914655..2fd36971 100644 +--- a/tools/locktest/Makefile.am ++++ b/tools/locktest/Makefile.am +@@ -2,8 +2,5 @@ + + noinst_PROGRAMS = testlk + testlk_SOURCES = testlk.c +-testlk_CFLAGS=$(CFLAGS_FOR_BUILD) +-testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD) +-testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD) + + MAINTAINERCLEANFILES = Makefile.in +-- +2.41.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch new file mode 100644 index 0000000000..57d4660571 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch @@ -0,0 +1,34 @@ +From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Sat, 9 Dec 2023 23:34:08 -0800 +Subject: [PATCH] reexport.h: Include unistd.h to compile with musl + +Fixed error when compile with musl +reexport.c: In function 'reexpdb_init': +reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration] + 62 | sleep(1); + + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + support/reexport/reexport.h | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h +index 85fd59c..02f8684 100644 +--- a/support/reexport/reexport.h ++++ b/support/reexport/reexport.h +@@ -1,6 +1,8 @@ + #ifndef REEXPORT_H + #define REEXPORT_H + ++#include <unistd.h> ++ + #include "nfslib.h" + + enum { +-- +2.42.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch new file mode 100644 index 0000000000..7d903e04bc --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch @@ -0,0 +1,53 @@ +From e2e9251dbeb452f5382179023d8ae18b511167a1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 25 Jul 2023 23:47:08 -0700 +Subject: [PATCH] tools/locktest: Use intmax_t to print off_t + +off_t could be 64bit on 32bit architectures which means using %z printf +modifier is not enough to print it and compiler will complain about +format mismatch + +Fixes +| testlk.c:84:66: error: format '%zd' expects argument of type 'signed size_t', but argument 4 has type '__off64_t' {aka 'long long int'} [-Werror=format=] +| 84 | printf("%s: conflicting lock by %d on (%zd;%zd)\n", +| | ~~^ +| | | +| | int +| | %lld +| 85 | fname, fl.l_pid, fl.l_start, fl.l_len); +| | ~~~~~~~~~~ +| | | +| | __off64_t {aka long long int} + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169035457128067&w=2] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + tools/locktest/testlk.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c +index ea51f788..9d4c88c4 100644 +--- a/tools/locktest/testlk.c ++++ b/tools/locktest/testlk.c +@@ -2,6 +2,7 @@ + #include <config.h> + #endif + ++#include <stdint.h> + #include <stdlib.h> + #include <stdio.h> + #include <unistd.h> +@@ -81,8 +82,8 @@ main(int argc, char **argv) + if (fl.l_type == F_UNLCK) { + printf("%s: no conflicting lock\n", fname); + } else { +- printf("%s: conflicting lock by %d on (%zd;%zd)\n", +- fname, fl.l_pid, fl.l_start, fl.l_len); ++ printf("%s: conflicting lock by %d on (%jd;%jd)\n", ++ fname, fl.l_pid, (intmax_t)fl.l_start, (intmax_t)fl.l_len); + } + return 0; + } +-- +2.41.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch deleted file mode 100644 index 1d693e4142..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch +++ /dev/null @@ -1,183 +0,0 @@ -Clang comes up with more printf format warnings -Correcting “format string is not a string literal” warning -requires us to declare that parameter is a printf style -format using the attribute flag - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: nfs-utils-2.3.3/support/include/xcommon.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xcommon.h -+++ nfs-utils-2.3.3/support/include/xcommon.h -@@ -27,7 +27,7 @@ - - /* Functions in sundries.c that are used in mount.c and umount.c */ - char *canonicalize (const char *path); --void nfs_error (const char *fmt, ...); -+void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); - void *xmalloc (size_t size); - void *xrealloc(void *p, size_t size); - void xfree(void *); -@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n); - char *xstrconcat2 (const char *, const char *); - char *xstrconcat3 (const char *, const char *, const char *); - char *xstrconcat4 (const char *, const char *, const char *, const char *); --void die (int errcode, const char *fmt, ...); -+void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - --extern void die(int err, const char *fmt, ...); -+extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); - extern void (*at_die)(void); - - /* exit status - bits below are ORed */ -Index: nfs-utils-2.3.3/support/include/xlog.h -=================================================================== ---- nfs-utils-2.3.3.orig/support/include/xlog.h -+++ nfs-utils-2.3.3/support/include/xlog.h -@@ -43,10 +43,10 @@ void xlog_config(int fac, int on); - void xlog_sconfig(char *, int on); - void xlog_from_conffile(char *); - int xlog_enabled(int fac); --void xlog(int fac, const char *fmt, ...); --void xlog_warn(const char *fmt, ...); --void xlog_err(const char *fmt, ...); --void xlog_errno(int err, const char *fmt, ...); --void xlog_backend(int fac, const char *fmt, va_list args); -+void xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2))); -+void xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3))); -+void xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0))); - - #endif /* XLOG_H */ -Index: nfs-utils-2.3.3/support/nfs/xcommon.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/xcommon.c -+++ nfs-utils-2.3.3/support/nfs/xcommon.c -@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) { - - fmt2 = xstrconcat2 (fmt, "\n"); - va_start (args, fmt); -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wformat-nonliteral" - vfprintf (stderr, fmt2, args); -+#pragma clang diagnostic pop - va_end (args); - free (fmt2); - } -Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c -+++ nfs-utils-2.3.3/utils/exportfs/exportfs.c -@@ -644,6 +644,7 @@ out: - return result; - } - -+__attribute__((__format__ (__printf__, 2, 3))) - static char - dumpopt(char c, char *fmt, ...) - { -Index: nfs-utils-2.3.3/utils/statd/statd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/statd.c -+++ nfs-utils-2.3.3/utils/statd/statd.c -@@ -136,7 +136,7 @@ static void log_modes(void) - strcat(buf, "TI-RPC "); - #endif - -- xlog_warn(buf); -+ xlog_warn("%s", buf); - } - - /* -Index: nfs-utils-2.3.3/support/nfs/svc_create.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nfs/svc_create.c -+++ nfs-utils-2.3.3/support/nfs/svc_create.c -@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s - type = SOCK_STREAM; - break; - default: -- xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u", -+ xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu", - __func__, nconf->nc_semantics); - return -1; - } -Index: nfs-utils-2.3.3/support/nsm/rpc.c -=================================================================== ---- nfs-utils-2.3.3.orig/support/nsm/rpc.c -+++ nfs-utils-2.3.3/support/nsm/rpc.c -@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s - uint32_t xid; - XDR xdr; - -- xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version); -+ xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version); - - nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr); - xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS, -Index: nfs-utils-2.3.3/utils/mountd/cache.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/cache.c -+++ nfs-utils-2.3.3/utils/mountd/cache.c -@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str - } else if (found_type == i && found->m_warned == 0) { - xlog(L_WARNING, "%s exported to both %s and %s, " - "arbitrarily choosing options from first", -- path, found->m_client->m_hostname, exp->m_client->m_hostname, -- dom); -+ path, found->m_client->m_hostname, exp->m_client->m_hostname); - found->m_warned = 1; - } - } -Index: nfs-utils-2.3.3/utils/mountd/mountd.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/mountd/mountd.c -+++ nfs-utils-2.3.3/utils/mountd/mountd.c -@@ -213,7 +213,7 @@ static void - sig_hup (int sig) - { - /* don't exit on SIGHUP */ -- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig); -+ xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig); - return; - } - -Index: nfs-utils-2.3.3/utils/statd/rmtcall.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c -+++ nfs-utils-2.3.3/utils/statd/rmtcall.c -@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds) - xlog_warn("%s: service %d not registered on localhost", - __func__, NL_MY_PROG(lp)); - } else { -- xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded", -+ xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded", - __func__, NL_MY_NAME(lp), NL_MON_NAME(lp)); - } - nlist_free(¬ify, lp); -Index: nfs-utils-2.3.3/utils/statd/svc_run.c -=================================================================== ---- nfs-utils-2.3.3.orig/utils/statd/svc_run.c -+++ nfs-utils-2.3.3/utils/statd/svc_run.c -@@ -53,6 +53,7 @@ - - #include <errno.h> - #include <time.h> -+#include <inttypes.h> - #include "statd.h" - #include "notlist.h" - -@@ -104,8 +105,8 @@ my_svc_run(int sockfd) - - tv.tv_sec = NL_WHEN(notify) - now; - tv.tv_usec = 0; -- xlog(D_GENERAL, "Waiting for reply... (timeo %d)", -- tv.tv_sec); -+ xlog(D_GENERAL, "Waiting for reply... (timeo %jd)", -+ (intmax_t)tv.tv_sec); - selret = select(FD_SETSIZE, &readfds, - (void *) 0, (void *) 0, &tv); - } else { diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch new file mode 100644 index 0000000000..fde99b599e --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch @@ -0,0 +1,36 @@ +From 1ab0c326405c6daa06f1a7eb4b0b60bf4e0584c2 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 31 Dec 2019 08:15:34 -0800 +Subject: [PATCH] Detect warning options during configure + +Certain options maybe compiler specific therefore its better +to detect them before use. + +nfs_error copies the format string and appends newline to it +but compiler can forget that it was format string since its not +same fmt string that was passed. Ignore the warning + +Wdiscarded-qualifiers is gcc specific and this is no longer needed + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + support/nfs/xcommon.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c +index 3989f0b..e080423 100644 +--- a/support/nfs/xcommon.c ++++ b/support/nfs/xcommon.c +@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) { + + fmt2 = xstrconcat2 (fmt, "\n"); + va_start (args, fmt); ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-nonliteral" + vfprintf (stderr, fmt2, args); ++#pragma GCC diagnostic pop + va_end (args); + free (fmt2); + } diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service index c01415de84..ebfe64b9ce 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service @@ -12,6 +12,7 @@ ConditionPathExists=@SYSCONFDIR@/exports EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service index 6481377d80..15ceee04d0 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service @@ -17,8 +17,8 @@ ExecStop=@SBINDIR@/rpc.nfsd 0 ExecStopPost=@SBINDIR@/exportfs -au ExecStopPost=@SBINDIR@/exportfs -f ExecReload=@SBINDIR@/exportfs -r -StandardError=syslog RemainAfterExit=yes +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service index 4fa64e1998..b519194121 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service @@ -4,11 +4,13 @@ DefaultDependencies=no Conflicts=umount.target Requires=nss-lookup.target rpcbind.service After=network.target nss-lookup.target rpcbind.service +ConditionPathExists=@SYSCONFDIR@/exports [Service] EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch deleted file mode 100644 index 921f5edc82..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch +++ /dev/null @@ -1,46 +0,0 @@ -From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Tue, 26 Jun 2018 15:59:00 +0800 -Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1 - -Fixed: -configure: error: res_querydomain needed - -Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch] - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - ---- - configure.ac | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 50002b4..dcadb23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -582,10 +582,10 @@ my_am_cflags="\ - -Wall \ - -Wextra \ - $rpcgen_cflags \ -- -Werror=missing-prototypes \ -- -Werror=missing-declarations \ -+ -Wmissing-prototypes \ -+ -Wmissing-declarations \ - -Werror=format=2 \ -- -Werror=undef \ -+ -Wundef \ - -Werror=missing-include-dirs \ - -Werror=strict-aliasing=2 \ - -Werror=init-self \ -@@ -614,10 +614,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [ - - CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1]) - CHECK_CCSUPPORT([-Werror=int-conversion], [flg2]) --CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3]) - CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4]) - --AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"]) -+AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"]) - - # Make sure that $ACLOCAL_FLAGS are used during a rebuild - AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb index eb32bccb57..2f2644f9a8 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb @@ -4,18 +4,18 @@ NFS server and related tools." HOMEPAGE = "http://nfs.sourceforge.net/" SECTION = "console/network" -LICENSE = "MIT & GPLv2+ & BSD" +LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" # util-linux for libblkid DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client" -RRECOMMENDS_${PN} = "kernel-module-nfsd" +RDEPENDS:${PN} = "${PN}-client" +RRECOMMENDS:${PN} = "kernel-module-nfsd" inherit useradd USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ +USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ --shell /bin/false --user-group rpcuser" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ @@ -28,17 +28,13 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://proc-fs-nfsd.mount \ file://nfs-utils-debianize-start-statd.patch \ file://bugfix-adjust-statd-service-name.patch \ - file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \ - file://clang-format-string.patch \ file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ - file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ - file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ -" -SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" -SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" - -SRC_URI[md5sum] = "161efe469ec1b06f1c750bd87f8ba6dd" -SRC_URI[sha256sum] = "85274ada94479b1beba9f8eeffd19f477c53a6710b9998d1192c807854087736" + file://clang-warnings.patch \ + file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ + file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \ + file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \ + " +SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -46,14 +42,14 @@ SRC_URI[sha256sum] = "85274ada94479b1beba9f8eeffd19f477c53a6710b9998d1192c807854 INITSCRIPT_PACKAGES = "${PN} ${PN}-client" INITSCRIPT_NAME = "nfsserver" INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" +INITSCRIPT_NAME:${PN}-client = "nfscommon" +INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" inherit autotools-brokensep update-rc.d systemd pkgconfig SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" +SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service" # --enable-uuid is need for cross-compiling EXTRA_OECONF = "--with-statduser=rpcuser \ @@ -63,61 +59,68 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ --disable-gss \ --disable-nfsdcltrack \ --with-statdpath=/var/lib/nfs/statd \ + --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ " -CFLAGS += "-Wno-error=format-overflow" +LDFLAGS:append = " -lsqlite3 -levent" PACKAGECONFIG ??= "tcp-wrappers \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" -# keyutils is available in meta-security -PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils" +PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" +# keyutils is available in meta-oe +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" -PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" +PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl" -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ +CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ ${localstatedir}/lib/nfs/rmtab \ ${localstatedir}/lib/nfs/xtab \ ${localstatedir}/lib/nfs/statd/state \ ${sysconfdir}/nfsmount.conf" -FILES_${PN}-client = "${sbindir}/*statd \ +FILES:${PN}-client = "${sbindir}/*statd \ + ${libdir}/libnfsidmap.so.* \ ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ ${sbindir}/showmount ${sbindir}/nfsstat \ ${localstatedir}/lib/nfs \ ${sysconfdir}/nfs-utils.conf \ ${sysconfdir}/nfsmount.conf \ ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + ${systemd_system_unitdir}/nfs-statd.service" +RDEPENDS:${PN}-client = "${PN}-mount rpcbind" + +FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" +FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" +RDEPENDS:${PN}-stats = "python3-core" -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" -RDEPENDS_${PN}-stats = "python3-core" +FILES:${PN}-rpcctl = "${sbindir}/rpcctl" +RDEPENDS:${PN}-rpcctl = "python3-core" -FILES_${PN} += "${systemd_unitdir}" +FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" -do_configure_prepend() { - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/mount/Makefile.am +FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d" + +do_configure:prepend() { + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/mount/Makefile.am } # Make clean needed because the package comes with # precompiled 64-bit objects that break the build -do_compile_prepend() { +do_compile:prepend() { make clean } # Works on systemd only HIGH_RLIMIT_NOFILE ??= "4096" -do_install_append () { +do_install:append () { install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon @@ -125,18 +128,18 @@ do_install_append () { install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/ sed -i -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@SYSCONFDIR@,${sysconfdir},g' \ -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ - ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/*.service if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/ + install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount fi # kernel code as of 3.8 hard-codes this path as a default @@ -146,7 +149,6 @@ do_install_append () { chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state - # Make python tools use python 3 - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat - + # Make python tools use python 3 + sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat } diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch new file mode 100644 index 0000000000..3655b3fd66 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch @@ -0,0 +1,28 @@ +From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Wed, 21 Apr 2021 11:01:34 +0000 +Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro + from ell/util.h + +Upstream-Status: Pending + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + drivers/mbimmodem/mbim-private.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h +index 51693eae..d917312c 100644 +--- a/drivers/mbimmodem/mbim-private.h ++++ b/drivers/mbimmodem/mbim-private.h +@@ -30,6 +30,10 @@ + __result; }) + #endif + ++/* used to be part of ell/util.h before 0.39: ++ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */ ++#define unlikely(x) __builtin_expect(!!(x), 0) ++ + enum mbim_control_message { + MBIM_OPEN_MSG = 0x1, + MBIM_CLOSE_MSG = 0x2, diff --git a/meta/recipes-connectivity/ofono/ofono_1.31.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb index 7d0976ad7f..dae5cc3c25 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.31.bb +++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb @@ -2,7 +2,7 @@ SUMMARY = "open source telephony" DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." HOMEPAGE = "http://www.ofono.org" BUGTRACKER = "https://01.org/jira/browse/OF" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" @@ -11,40 +11,45 @@ SRC_URI = "\ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://ofono \ file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ + file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ " -SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc" -SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b" +SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data INITSCRIPT_NAME = "ofono" INITSCRIPT_PARAMS = "defaults 22" -SYSTEMD_SERVICE_${PN} = "ofono.service" +SYSTEMD_SERVICE:${PN} = "ofono.service" PACKAGECONFIG ??= "\ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ " -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" EXTRA_OECONF += "--enable-test --enable-external-ell" -do_install_append() { - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono +do_configure:prepend() { + bbnote "Removing bundled ell from ${S}/ell to prevent including it" + rm -rf ${S}/ell +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono } PACKAGES =+ "${PN}-tests" -FILES_${PN} += "${systemd_unitdir}" -FILES_${PN}-tests = "${libdir}/${BPN}/test" +FILES:${PN} += "${systemd_unitdir}" +FILES:${PN}-tests = "${libdir}/${BPN}/test" -RDEPENDS_${PN} += "dbus" -RDEPENDS_${PN}-tests = "\ +RDEPENDS:${PN} += "dbus" +RDEPENDS:${PN}-tests = "\ python3-core \ python3-dbus \ ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ " -RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" +RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch new file mode 100644 index 0000000000..8763f30f4b --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch @@ -0,0 +1,61 @@ +From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Mon, 11 Sep 2023 09:55:21 +0100 +Subject: [PATCH] regress/banner.sh: log input and output files on error + +Some test environments like yocto with qemu are seeing these +tests failing. There may be additional error messages in the +stderr of ssh cloent command. busybox cmp shows this error when +first input file has less new line characters then second +input file: + +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in + +Logging the full banner.out will show what other error messages +are captured in addition of the expected banner. + +Full log of a failing banner test runs is: + +run test banner.sh ... +test banner: missing banner file +test banner: size 0 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 0 mismatch +test banner: size 10 +test banner: size 100 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 100 mismatch +test banner: size 1000 +test banner: size 10000 +test banner: size 100000 +test banner: suppress banner (-q) +FAIL: banner +return value: 1 + +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 + +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + regress/banner.sh | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/regress/banner.sh b/regress/banner.sh +index a84feb5a..de84957a 100644 +--- a/regress/banner.sh ++++ b/regress/banner.sh +@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do + verbose "test $tid: size $s" + ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ + cmp $OBJ/banner.in $OBJ/banner.out ) || \ +- fail "banner size $s mismatch" ++ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ ++ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ ++ fail "banner size $s mismatch" ) + done + + trace "test suppress banner (-q)" +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch new file mode 100644 index 0000000000..f079d936a4 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch @@ -0,0 +1,96 @@ +From b02ef7621758f06eb686ef4f620636dbad086eda Mon Sep 17 00:00:00 2001 +From: Matt Jolly <Matt.Jolly@footclan.ninja> +Date: Thu, 2 Feb 2023 21:05:40 +1100 +Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` + +This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org> +patch based on Jakub Jelen's <jjelen@redhat.com> original patch + +Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + configure.ac | 24 ++++++++++++++++++++++++ + sshd.c | 13 +++++++++++++ + 2 files changed, 37 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 82e8bb7..d1145d3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4870,6 +4870,29 @@ AC_SUBST([GSSLIBS]) + AC_SUBST([K5LIBS]) + AC_SUBST([CHANNELLIBS]) + ++# Check whether user wants systemd support ++SYSTEMD_MSG="no" ++AC_ARG_WITH(systemd, ++ [ --with-systemd Enable systemd support], ++ [ if test "x$withval" != "xno" ; then ++ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) ++ if test "$PKGCONFIG" != "no"; then ++ AC_MSG_CHECKING([for libsystemd]) ++ if $PKGCONFIG --exists libsystemd; then ++ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` ++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` ++ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" ++ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) ++ SYSTEMD_MSG="yes" ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ fi ++ fi ] ++) ++ + # Looking for programs, paths and files + + PRIVSEP_PATH=/var/empty +@@ -5688,6 +5711,7 @@ echo " libldns support: $LDNS_MSG" + echo " Solaris process contract support: $SPC_MSG" + echo " Solaris project support: $SP_MSG" + echo " Solaris privilege support: $SPP_MSG" ++echo " systemd support: $SYSTEMD_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" + echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " BSD Auth support: $BSD_AUTH_MSG" +diff --git a/sshd.c b/sshd.c +index b4f2b97..6820a41 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -88,6 +88,10 @@ + #include <prot.h> + #endif + ++#ifdef HAVE_SYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "xmalloc.h" + #include "ssh.h" + #include "ssh2.h" +@@ -308,6 +312,10 @@ static void + sighup_restart(void) + { + logit("Received SIGHUP; restarting."); ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are reloading */ ++ sd_notify(0, "RELOADING=1"); ++#endif + if (options.pid_file != NULL) + unlink(options.pid_file); + platform_pre_restart(); +@@ -2093,6 +2101,11 @@ main(int ac, char **av) + } + } + ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are ready to accept connections */ ++ sd_notify(0, "READY=1"); ++#endif ++ + /* Accept a connection and return in a forked child */ + server_accept_loop(&sock_in, &sock_out, + &newsock, config_s); diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch deleted file mode 100644 index 3265be3485..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2014fad3d28090b59d2f8a0971166c06e5fa6da6 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Fri, 18 Oct 2019 14:56:58 +0800 -Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing. - -Reported by Adam Zabrocki via SecuriTeam's SSH program. - -Note that this code is experimental and not compiled by default. - -ok markus@ - -OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 - -Signed-off-by: "djm@openbsd.org" <djm@openbsd.org> - -Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a] -CVE: CVE-2019-16905 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - sshkey-xmss.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/sshkey-xmss.c b/sshkey-xmss.c -index aaae702..c57681a 100644 ---- a/sshkey-xmss.c -+++ b/sshkey-xmss.c -@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, - goto out; - } - /* check that an appropriate amount of auth data is present */ -- if (sshbuf_len(encoded) < encrypted_len + authlen) { -+ if (sshbuf_len(encoded) < authlen || -+ sshbuf_len(encoded) - authlen < encrypted_len) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest index daf62cca5b..b2244d725a 100755 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -1,10 +1,25 @@ #!/bin/sh export TEST_SHELL=sh +export SKIP_UNIT=1 cd regress + +# copied from openssh-portable/.github/run_test.sh +output_failed_logs() { + for i in failed*.log; do + if [ -f "$i" ]; then + echo ------------------------------------------------------------------------- + echo LOGFILE $i + cat $i + echo ------------------------------------------------------------------------- + fi + done +} +trap output_failed_logs 0 + sed -i "/\t\tagent-ptrace /d" Makefile -make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ +make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \ | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' SSHAGENT=`which ssh-agent` diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index e0d023803e..cb2774a163 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ +# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -17,11 +17,11 @@ # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. -Host * - ForwardAgent yes - ForwardX11 yes -# RhostsRSAAuthentication no -# RSAAuthentication yes +Include /etc/ssh/ssh_config.d/*.conf + +# Host * +# ForwardAgent no +# ForwardX11 no # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no @@ -36,7 +36,6 @@ Host * # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ @@ -46,3 +45,4 @@ Host * # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service new file mode 100644 index 0000000000..2a997b656a --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenSSH server daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service + +[Service] +Environment="SSHD_OPTS=" +EnvironmentFile=-/etc/default/ssh +ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd +ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS +ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartSec=42s + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 12c39b26b5..8d76d62309 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,5 +1,6 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service index 9d83dfb2bb..9d9965e624 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,13 +1,10 @@ [Unit] Description=OpenSSH Per-Connection Daemon -Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] Environment="SSHD_OPTS=" EnvironmentFile=-/etc/default/ssh ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket -StandardError=syslog KillMode=process diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7153..606d1894b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key @@ -56,8 +57,7 @@ while true ; do esac done -HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") -[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" +HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') for key in ${HOST_KEYS} ; do [ -f $key ] && continue diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 15f061b570..e9eaf93157 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -10,6 +10,8 @@ # possible, but leave them commented. Uncommented options override the # default value. +Include /etc/ssh/sshd_config.d/*.conf + #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 @@ -57,9 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no +# Change to yes to enable keyboard-interactive authentication (beware issues +# with some PAM modules and threads) +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -73,13 +75,13 @@ ChallengeResponseAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass +# PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes @@ -92,7 +94,6 @@ ChallengeResponseAuthentication no #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no #PermitUserEnvironment no Compression no ClientAliveInterval 15 diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index 603c33787f..fd81793d51 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -6,3 +6,4 @@ RequiresMountsFor=/var /run ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes +Nice=10 diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb index 2ffbc9a95f..d1468c59fc 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb @@ -5,8 +5,8 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" +LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394" DEPENDS = "zlib openssl virtual/crypt" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -16,6 +16,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://ssh_config \ file://init \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.service \ file://sshd.socket \ file://sshd@.service \ file://sshdgenkeys.service \ @@ -24,25 +25,46 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ - file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ + file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ + file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ " -SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" -SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" +SRC_URI[sha256sum] = "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd" + +CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." + +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ +Red Hat Enterprise Linux 7 and when running in a Kerberos environment" + +CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." PAM_SRC_URI = "file://sshd" -inherit useradd update-rc.d update-alternatives systemd +inherit manpages useradd update-rc.d update-alternatives systemd USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" +INITSCRIPT_NAME:${PN}-sshd = "sshd" +INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" - -inherit autotools-brokensep ptest +SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" + +inherit autotools-brokensep ptest pkgconfig +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +# systemd-sshd-socket-mode means installing sshd.socket +# and systemd-sshd-service-mode corresponding to sshd.service +PACKAGECONFIG ??= "systemd-sshd-socket-mode" +PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" +PACKAGECONFIG[systemd-sshd-socket-mode] = "" +PACKAGECONFIG[systemd-sshd-service-mode] = "" EXTRA_AUTORECONF += "--exclude=aclocal" @@ -54,10 +76,18 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ --sysconfdir=${sysconfdir}/ssh \ --with-xauth=${bindir}/xauth \ --disable-strip \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \ " -# musl doesn't implement wtmp/utmp -EXTRA_OECONF_append_libc-musl = " --disable-wtmp" +# musl doesn't implement wtmp/utmp and logwtmp +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" + +# Work around ICE on mips/mips64 starting in 9.6p1 +EXTRA_OECONF:append:mips = " --without-hardening" +EXTRA_OECONF:append:mips64 = " --without-hardening" + +# Work around ICE on powerpc64le starting in 9.6p1 +EXTRA_OECONF:append:powerpc64le = " --without-hardening" # Since we do not depend on libbsd, we do not want configure to use it # just because it finds libutil.h. But, specifying --disable-libutil @@ -70,20 +100,17 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" # We don't want to depend on libblockfile CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" -do_configure_prepend () { +do_configure:prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ install -m 0644 ${WORKDIR}/ssh_config ${B}/ } do_compile_ptest() { - # skip regress/unittests/ binaries: this will silently skip - # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ - regress/check-perm regress/mkdtemp + oe_runmake regress-binaries regress-unit-binaries } -do_install_append () { +do_install:append () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config @@ -109,15 +136,25 @@ do_install_append () { echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_system_unitdir}/sshd.socket + fi + if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then + install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir} + fi + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/*.service sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ ${D}${sysconfdir}/init.d/sshd @@ -128,38 +165,38 @@ do_install_append () { do_install_ptest () { sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh cp -r regress ${D}${PTEST_PATH} + cp config.h ${D}${PTEST_PATH} } -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" +FILES:${PN}-scp = "${bindir}/scp.${BPN}" +FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" +FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES:${PN}-sftp = "${bindir}/sftp" +FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES:${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" +RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" +RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin" -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" +RPROVIDES:${PN}-ssh = "ssh" +RPROVIDES:${PN}-sshd = "sshd" -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" +RCONFLICTS:${PN} = "dropbear" +RCONFLICTS:${PN}-sshd = "dropbear" -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" +CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" +ALTERNATIVE:${PN}-scp = "scp" +ALTERNATIVE:${PN}-ssh = "ssh" BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index b9cc24a7ac..6f23490c87 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1 +1,5 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" +export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" +export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" +export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" +export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -0,0 +1,374 @@ +From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From: William Lyu <William.Lyu@windriver.com> +Date: Fri, 20 Oct 2023 16:22:37 -0400 +Subject: [PATCH] Added handshake history reporting when test fails + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- + test/helpers/handshake.h | 70 +++++++++++++++++++- + test/ssl_test.c | 44 +++++++++++++ + 3 files changed, 218 insertions(+), 35 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index e0422469e4..ae2ad59dd4 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -24,6 +24,102 @@ + #include <netinet/sctp.h> + #endif + ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++/* Maps string names to various enumeration type */ ++typedef struct { ++ const char *name; ++ int value; ++} enum_name_map; ++ ++static const enum_name_map connect_phase_names[] = { ++ {"Handshake", HANDSHAKE}, ++ {"RenegAppData", RENEG_APPLICATION_DATA}, ++ {"RenegSetup", RENEG_SETUP}, ++ {"RenegHandshake", RENEG_HANDSHAKE}, ++ {"AppData", APPLICATION_DATA}, ++ {"Shutdown", SHUTDOWN}, ++ {"ConnectionDone", CONNECTION_DONE} ++}; ++ ++static const enum_name_map peer_status_names[] = { ++ {"PeerSuccess", PEER_SUCCESS}, ++ {"PeerRetry", PEER_RETRY}, ++ {"PeerError", PEER_ERROR}, ++ {"PeerWaiting", PEER_WAITING}, ++ {"PeerTestFail", PEER_TEST_FAILURE} ++}; ++ ++static const enum_name_map handshake_status_names[] = { ++ {"HandshakeSuccess", HANDSHAKE_SUCCESS}, ++ {"ClientError", CLIENT_ERROR}, ++ {"ServerError", SERVER_ERROR}, ++ {"InternalError", INTERNAL_ERROR}, ++ {"HandshakeRetry", HANDSHAKE_RETRY} ++}; ++ ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++static const char *enum_name(const enum_name_map *enums, size_t num_enums, ++ int value) ++{ ++ size_t i; ++ for (i = 0; i < num_enums; i++) { ++ if (enums[i].value == value) { ++ return enums[i].name; ++ } ++ } ++ return "InvalidValue"; ++} ++ ++const char *handshake_connect_phase_name(connect_phase_t phase) ++{ ++ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), ++ (int)phase); ++} ++ ++const char *handshake_status_name(handshake_status_t handshake_status) ++{ ++ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), ++ (int)handshake_status); ++} ++ ++const char *handshake_peer_status_name(peer_status_t peer_status) ++{ ++ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), ++ (int)peer_status); ++} ++ ++static void save_loop_history(HANDSHAKE_HISTORY *history, ++ connect_phase_t phase, ++ handshake_status_t handshake_status, ++ peer_status_t server_status, ++ peer_status_t client_status, ++ int client_turn_count, ++ int is_client_turn) ++{ ++ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; ++ ++ /* ++ * Create a new history entry for a handshake loop with statuses given in ++ * the arguments. Potentially evicting the oldest entry when the ++ * ring buffer is full. ++ */ ++ ++(history->last_idx); ++ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ ++ new_entry = &((history->entries)[history->last_idx]); ++ new_entry->phase = phase; ++ new_entry->handshake_status = handshake_status; ++ new_entry->server_status = server_status; ++ new_entry->client_status = client_status; ++ new_entry->client_turn_count = client_turn_count; ++ new_entry->is_client_turn = is_client_turn; ++ ++ /* Evict the oldest handshake loop entry when the ring buffer is full. */ ++ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { ++ ++(history->entry_count); ++ } ++} ++ + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) + { + HANDSHAKE_RESULT *ret; +@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, + SSL_set_post_handshake_auth(client, 1); + } + +-/* The status for each connection phase. */ +-typedef enum { +- PEER_SUCCESS, +- PEER_RETRY, +- PEER_ERROR, +- PEER_WAITING, +- PEER_TEST_FAILURE +-} peer_status_t; +- + /* An SSL object and associated read-write buffers. */ + typedef struct peer_st { + SSL *ssl; +@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) + } + } + +-typedef enum { +- HANDSHAKE, +- RENEG_APPLICATION_DATA, +- RENEG_SETUP, +- RENEG_HANDSHAKE, +- APPLICATION_DATA, +- SHUTDOWN, +- CONNECTION_DONE +-} connect_phase_t; +- +- + static int renegotiate_op(const SSL_TEST_CTX *test_ctx) + { + switch (test_ctx->handshake_mode) { +@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + } + } + +-typedef enum { +- /* Both parties succeeded. */ +- HANDSHAKE_SUCCESS, +- /* Client errored. */ +- CLIENT_ERROR, +- /* Server errored. */ +- SERVER_ERROR, +- /* Peers are in inconsistent state. */ +- INTERNAL_ERROR, +- /* One or both peers not done. */ +- HANDSHAKE_RETRY +-} handshake_status_t; +- + /* + * Determine the handshake outcome. + * last_status: the status of the peer to have acted last. +@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + + start = time(NULL); + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + /* + * Half-duplex handshake loop. + * Client and server speak to each other synchronously in the same process. +@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + 0 /* server went last */); + } + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + switch (status) { + case HANDSHAKE_SUCCESS: + client_turn_count = 0; +diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h +index 78b03f9f4b..b9967c2623 100644 +--- a/test/helpers/handshake.h ++++ b/test/helpers/handshake.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -12,6 +12,11 @@ + + #include "ssl_test_ctx.h" + ++#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 ++#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) ++#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ ++ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) ++ + typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; +@@ -22,6 +27,63 @@ typedef struct ctx_data_st { + char *session_ticket_app_data; + } CTX_DATA; + ++typedef enum { ++ HANDSHAKE, ++ RENEG_APPLICATION_DATA, ++ RENEG_SETUP, ++ RENEG_HANDSHAKE, ++ APPLICATION_DATA, ++ SHUTDOWN, ++ CONNECTION_DONE ++} connect_phase_t; ++ ++/* The status for each connection phase. */ ++typedef enum { ++ PEER_SUCCESS, ++ PEER_RETRY, ++ PEER_ERROR, ++ PEER_WAITING, ++ PEER_TEST_FAILURE ++} peer_status_t; ++ ++typedef enum { ++ /* Both parties succeeded. */ ++ HANDSHAKE_SUCCESS, ++ /* Client errored. */ ++ CLIENT_ERROR, ++ /* Server errored. */ ++ SERVER_ERROR, ++ /* Peers are in inconsistent state. */ ++ INTERNAL_ERROR, ++ /* One or both peers not done. */ ++ HANDSHAKE_RETRY ++} handshake_status_t; ++ ++/* Stores the various status information in a handshake loop. */ ++typedef struct handshake_history_entry_st { ++ connect_phase_t phase; ++ handshake_status_t handshake_status; ++ peer_status_t server_status; ++ peer_status_t client_status; ++ int client_turn_count; ++ int is_client_turn; ++} HANDSHAKE_HISTORY_ENTRY; ++ ++typedef struct handshake_history_st { ++ /* Implemented using ring buffer. */ ++ /* ++ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, ++ * ..., etc., going up to |entry_count| number of entries. Note that when ++ * the index into the array |entries| becomes < 0, we wrap around to ++ * the end of |entries|. ++ */ ++ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; ++ /* The number of valid entries in |entries| array. */ ++ size_t entry_count; ++ /* The index of the last valid entry in the |entries| array. */ ++ size_t last_idx; ++} HANDSHAKE_HISTORY; ++ + typedef struct handshake_result { + ssl_test_result_t result; + /* These alerts are in the 2-byte format returned by the info_callback. */ +@@ -77,6 +139,8 @@ typedef struct handshake_result { + char *cipher; + /* session ticket application data */ + char *result_session_ticket_app_data; ++ /* handshake loop history */ ++ HANDSHAKE_HISTORY history; + } HANDSHAKE_RESULT; + + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); +@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); + ++const char *handshake_connect_phase_name(connect_phase_t phase); ++const char *handshake_status_name(handshake_status_t handshake_status); ++const char *handshake_peer_status_name(peer_status_t peer_status); ++ + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ +diff --git a/test/ssl_test.c b/test/ssl_test.c +index ea608518f9..9d6b093c81 100644 +--- a/test/ssl_test.c ++++ b/test/ssl_test.c +@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; + /* Currently the section names are of the form test-<number>, e.g. test-15. */ + #define MAX_TESTCASE_NAME_LENGTH 100 + ++static void print_handshake_history(const HANDSHAKE_HISTORY *history) ++{ ++ size_t first_idx; ++ size_t i; ++ size_t cur_idx; ++ const HANDSHAKE_HISTORY_ENTRY *cur_entry; ++ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; ++ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; ++ ++ TEST_info("The following is the server/client state " ++ "in the most recent %d handshake loops.", ++ MAX_HANDSHAKE_HISTORY_ENTRY); ++ ++ TEST_note("==================================================" ++ "=================================================="); ++ TEST_note(header_template, ++ "phase", "handshake status", "server status", ++ "client status", "client turn count", "is client turn"); ++ TEST_note("+--------------+----------------+----------------" ++ "+----------------+-----------------+--------------+"); ++ ++ first_idx = (history->last_idx - history->entry_count + 1) & ++ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ for (i = 0; i < history->entry_count; ++i) { ++ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ cur_entry = &(history->entries)[cur_idx]; ++ TEST_note(body_template, ++ handshake_connect_phase_name(cur_entry->phase), ++ handshake_status_name(cur_entry->handshake_status), ++ handshake_peer_status_name(cur_entry->server_status), ++ handshake_peer_status_name(cur_entry->client_status), ++ cur_entry->client_turn_count, ++ cur_entry->is_client_turn ? "true" : "false"); ++ } ++ TEST_note("==================================================" ++ "=================================================="); ++} ++ + static const char *print_alert(int alert) + { + return alert ? SSL_alert_desc_string_long(alert) : "no alert"; +@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) + ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); + } ++ ++ /* Print handshake loop history if any check fails. */ ++ if (!ret) { ++ print_handshake_history(&(result->history)); ++ } ++ + return ret; + } + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..502a7aaf32 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -0,0 +1,39 @@ +From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 30 May 2023 09:11:27 -0700 +Subject: [PATCH] Configure: do not tweak mips cflags + +This conflicts with mips machine definitons from yocto, +e.g. +| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> + +Refreshed for openssl-3.1.1 +Signed-off-by: Tim Orling <tim.orling@konsulko.com> +--- + Configure | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/Configure b/Configure +index 4569952..adf019b 100755 +--- a/Configure ++++ b/Configure +@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } + +-if ($target =~ /linux.*-mips/ && !$disabled{asm} +- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +- # minimally required architecture flags for assembly modules +- my $value; +- $value = '-mips2' if ($target =~ /mips32/); +- $value = '-mips3' if ($target =~ /mips64/); +- unshift @{$config{cflags}}, $value; +- unshift @{$config{cxxflags}}, $value if $config{CXX}; +-} +- + # If threads aren't disabled, check how possible they are + unless ($disabled{threads}) { + if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..bafdbaa46f 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -1,4 +1,4 @@ -From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 +From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> Date: Tue, 6 Nov 2018 14:50:47 +0100 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler @@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Martin Hundebøll <martin@geanix.com> - Update to fix buildpaths qa issue for '-fmacro-prefix-map'. Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Update to fix buildpaths qa issue for '-ffile-prefix-map'. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - Configurations/unix-Makefile.tmpl | 10 +++++++++- + Configurations/unix-Makefile.tmpl | 12 +++++++++++- crypto/build.info | 2 +- - 2 files changed, 10 insertions(+), 2 deletions(-) + 2 files changed, 12 insertions(+), 2 deletions(-) -diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 16af4d2087..54c162784c 100644 ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl -@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl ++++ openssl-3.0.4/Configurations/unix-Makefile.tmpl +@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 +CFLAGS_Q={- for (@{$config{CFLAGS}}) { + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; ++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; + } + join(' ', @{$config{CFLAGS}}) -} + @@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644 PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support -diff --git a/crypto/build.info b/crypto/build.info -index b515b7318e..8c9cee2a09 100644 ---- a/crypto/build.info -+++ b/crypto/build.info -@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ - ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl +Index: openssl-3.0.4/crypto/build.info +=================================================================== +--- openssl-3.0.4.orig/crypto/build.info ++++ openssl-3.0.4/crypto/build.info +@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF + DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" - DEPEND[buildinf.h]=../configdata.pm - GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) --- -2.19.1 - + GENERATE[uplink-x86.S]=../ms/uplink-x86.pl + GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null @@ -1,46 +0,0 @@ -From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 2 Oct 2018 23:58:24 +0800 -Subject: [PATCH] skip test_symbol_presence - -We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' -as INSTALL told us the shared libraries will not be built. - -[INSTALL snip] - Notes on shared libraries - ------------------------- - - For most systems the OpenSSL Configure script knows what is needed to - build shared libraries for libcrypto and libssl. On these systems - the shared libraries will be created by default. This can be suppressed and - only static libraries created by using the "no-shared" option. On systems - where OpenSSL does not know how to build shared libraries the "no-shared" - option will be forced and only static libraries will be created. -[INSTALL snip] - -Hence directly modification the case to skip it. - -Upstream-Status: Inappropriate [OE Specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - test/recipes/01-test_symbol_presence.t | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 7f2a2d7..0b93745 100644 ---- a/test/recipes/01-test_symbol_presence.t -+++ b/test/recipes/01-test_symbol_presence.t -@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; - - setup("test_symbol_presence"); - --plan skip_all => "Only useful when building shared libraries" -- if disabled("shared"); -+plan skip_all => "The case needs debug symbols then we just disable it"; - - my @libnames = ("crypto", "ssl"); - my $testcount = scalar @libnames; --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch new file mode 100644 index 0000000000..8772f716d5 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch @@ -0,0 +1,120 @@ +From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 5 Mar 2024 15:43:53 +0000 +Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 + +In TLSv1.3 we create a new session object for each ticket that we send. +We do this by duplicating the original session. If SSL_OP_NO_TICKET is in +use then the new session will be added to the session cache. However, if +early data is not in use (and therefore anti-replay protection is being +used), then multiple threads could be resuming from the same session +simultaneously. If this happens and a problem occurs on one of the threads, +then the original session object could be marked as not_resumable. When we +duplicate the session object this not_resumable status gets copied into the +new session object. The new session object is then added to the session +cache even though it is not_resumable. + +Subsequently, another bug means that the session_id_length is set to 0 for +sessions that are marked as not_resumable - even though that session is +still in the cache. Once this happens the session can never be removed from +the cache. When that object gets to be the session cache tail object the +cache never shrinks again and grows indefinitely. + +CVE-2024-2511 + +Reviewed-by: Neil Horman <nhorman@openssl.org> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/24043) + +CVE: CVE-2024-2511 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + ssl/ssl_lib.c | 5 +++-- + ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ + ssl/statem/statem_srvr.c | 5 ++--- + 3 files changed, 27 insertions(+), 11 deletions(-) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 4afb43bc86e54..c51529ddab5bb 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) + + /* + * If the session_id_length is 0, we are not supposed to cache it, and it +- * would be rather hard to do anyway :-) ++ * would be rather hard to do anyway :-). Also if the session has already ++ * been marked as not_resumable we should not cache it for later reuse. + */ +- if (s->session->session_id_length == 0) ++ if (s->session->session_id_length == 0 || s->session->not_resumable) + return; + + /* +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index 3dcc4d81e5bc6..1fa6d17c46863 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void) + return ss; + } + +-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) +-{ +- return ssl_session_dup(src, 1); +-} +- + /* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) + { + SSL_SESSION *dest; + +@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) + return NULL; + } + ++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) ++{ ++ return ssl_session_dup_intern(src, 1); ++} ++ ++/* ++ * Used internally when duplicating a session which might be already shared. ++ * We will have resumed the original session. Subsequently we might have marked ++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to ++ * resume from. ++ */ ++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++{ ++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); ++ ++ if (sess != NULL) ++ sess->not_resumable = 0; ++ ++ return sess; ++} ++ + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if (len) +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index 853af8c0aa9f9..d5f0ab091dacc 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt) + * so the following won't overwrite an ID that we're supposed + * to send back. + */ +- if (s->session->not_resumable || +- (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) +- && !s->hit)) ++ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER) ++ && !s->hit) + s->session->session_id_length = 0; + + if (usetls13) { diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index b7c0e9697f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null @@ -1,31 +0,0 @@ -Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. - -Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/Configure b/Configure -index 3baa8ce..9ef52ed 100755 ---- a/Configure -+++ b/Configure -@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) - unless ($disabled{afalgeng}) { - $config{afalgeng}=""; - if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { -- my $minver = 4*10000 + 1*100 + 0; -- if ($config{CROSS_COMPILE} eq "") { -- my $verstr = `uname -r`; -- my ($ma, $mi1, $mi2) = split("\\.", $verstr); -- ($mi2) = $mi2 =~ /(\d+)/; -- my $ver = $ma*10000 + $mi1*100 + $mi2; -- if ($ver < $minver) { -- disable('too-old-kernel', 'afalgeng'); -- } else { -- push @{$config{engdirs}}, "afalg"; -- } -- } else { -- disable('cross-compiling', 'afalgeng'); -- } -+ push @{$config{engdirs}}, "afalg"; - } else { - disable('not-linux', 'afalgeng'); - } diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch @@ -0,0 +1,58 @@ +From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Tue, 26 Mar 2024 13:18:00 +0000 +Subject: [PATCH] aarch64: fix BTI in bsaes assembly code + +In Arm systems where BTI is enabled but the Crypto extensions are not (more +likely in FVPs than in real hardware), the bit-sliced assembler code will +be used. However, this wasn't annotated with BTI instructions when BTI was +enabled, so the moment libssl jumps into this code it (correctly) aborts. + +Solve this by adding the missing BTI landing pads. + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/aes/asm/bsaes-armv8.pl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl +index b3c97e439f..c3c5ff3e05 100644 +--- a/crypto/aes/asm/bsaes-armv8.pl ++++ b/crypto/aes/asm/bsaes-armv8.pl +@@ -1018,6 +1018,7 @@ _bsaes_key_convert: + // Initialisation vector overwritten with last quadword of ciphertext + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_cbc_encrypt: ++ AARCH64_VALID_CALL_TARGET + cmp x2, #128 + bhs .Lcbc_do_bsaes + b AES_cbc_encrypt +@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: + // Output text filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_ctr32_encrypt_blocks: +- ++ AARCH64_VALID_CALL_TARGET + cmp x2, #8 // use plain AES for + blo .Lctr_enc_short // small sizes + +@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: + // Output ciphertext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_encrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: + // Output plaintext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_decrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..c89ec5afa1 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -9,4 +9,4 @@ export TOP=. # OPENSSL_ENGINES is relative from the test binaries export OPENSSL_ENGINES=../engines -perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' +{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb deleted file mode 100644 index 8819e19ec4..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ /dev/null @@ -1,204 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" - -inherit lib_package multilib_header multilib_script ptest -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target - perl ${B}/configdata.pm --dump -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb new file mode 100644 index 0000000000..d37b68abbb --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb @@ -0,0 +1,264 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://bti.patch \ + file://CVE-2024-2511.patch \ + " + +SRC_URI:append:class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39" + +inherit lib_package multilib_header multilib_script ptest perlnative manpages +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" +PACKAGECONFIG[manpages] = "" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF:append:libc-musl = " no-async" +EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +# This allows disabling deprecated or undesirable crypto algorithms. +# The default is to trust upstream choices. +DEPRECATED_CRYPTO_FLAGS ?= "" + +do_configure () { + # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make + # the issue really clear that perl isn't functional due to symbol mismatch issues. + cat <<- EOF > ${WORKDIR}/perltest + #!/usr/bin/env perl + use POSIX; + EOF + chmod a+x ${WORKDIR}/perltest + ${WORKDIR}/perltest + + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arc | linux-microblaze*) + target=linux-latomic + ;; + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-loongarch64) + target=linux64-loongarch64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux32-riscv32 + ;; + linux-riscv64) + target=linux64-riscv64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + mingw32-x86_64) + target=mingw64 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" + test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} + + oe_multilib_header openssl/opensslconf.h + oe_multilib_header openssl/configuration.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-3/certs \ + ${D}${libdir}/ssl-3/private \ + ${D}${libdir}/ssl-3/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf +} + +do_install:append:class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-3/certs \ + SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-3 \ + OPENSSL_MODULES=${libdir}/ossl-modules +} + +do_install:append:class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + install -d ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test + + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines + + install -d ${D}${PTEST_PATH}/providers + install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers + + install -d ${D}${PTEST_PATH}/Configurations + cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ + + # seems to be needed with perl 5.32.1 + install -d ${D}${PTEST_PATH}/util/perl/recipes + cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy" + +FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES:libssl = "${libdir}/libssl${SOLIBS}" +FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-3/openssl.cnf* \ + " +FILES:${PN}-engines = "${libdir}/engines-3" +# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) +FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" +FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" +FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" +FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" +RDEPENDS:${PN}-misc = "perl" +RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed" + +RDEPENDS:${PN}-bin += "openssl-conf" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +CVE_VERSION_SUFFIX = "alphabetical" + diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb index b5f68951d7..099c58bfc7 100644 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb @@ -1,8 +1,8 @@ SUMMARY = "Enables PPP dial-in through a serial connection" SECTION = "console/network" +DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." DEPENDS = "ppp" -RDEPENDS_${PN} = "ppp" -PR = "r8" +RDEPENDS:${PN} = "ppp" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" @@ -22,6 +22,6 @@ do_install() { } USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home /dev/null \ +USERADD_PARAM:${PN} = "--system --home /dev/null \ --no-create-home --shell ${sbindir}/ppp-dialin \ --no-user-group --gid nogroup ppp" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch deleted file mode 100644 index 763e374488..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 52a1e41d7541b2c936285844c59bd1be21797860 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 29 May 2015 14:57:05 -0700 -Subject: [PATCH] Fix build with musl - -There are several assumption about glibc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - include/net/ppp_defs.h | 2 ++ - pppd/Makefile.linux | 2 +- - pppd/magic.h | 6 +++--- - pppd/plugins/rp-pppoe/config.h | 5 ++++- - pppd/plugins/rp-pppoe/plugin.c | 1 - - pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++---- - pppd/plugins/rp-pppoe/pppoe.h | 2 +- - pppd/sys-linux.c | 3 ++- - 8 files changed, 17 insertions(+), 12 deletions(-) - -diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h -index b06eda5..dafa36c 100644 ---- a/include/net/ppp_defs.h -+++ b/include/net/ppp_defs.h -@@ -38,6 +38,8 @@ - #ifndef _PPP_DEFS_H_ - #define _PPP_DEFS_H_ - -+#include <sys/time.h> -+ - /* - * The basic PPP frame. - */ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 8ab2102..d7e2564 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -126,7 +126,7 @@ LIBS += -lcrypt - #endif - - ifdef USE_LIBUTIL --CFLAGS += -DHAVE_LOGWTMP=1 -+#CFLAGS += -DHAVE_LOGWTMP=1 - LIBS += -lutil - endif - -diff --git a/pppd/magic.h b/pppd/magic.h -index c81213b..9d399e3 100644 ---- a/pppd/magic.h -+++ b/pppd/magic.h -@@ -42,8 +42,8 @@ - * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ - */ - --void magic_init __P((void)); /* Initialize the magic number generator */ --u_int32_t magic __P((void)); /* Returns the next magic number */ -+void magic_init (void); /* Initialize the magic number generator */ -+u_int32_t magic (void); /* Returns the next magic number */ - - /* Fill buffer with random bytes */ --void random_bytes __P((unsigned char *buf, int len)); -+void random_bytes (unsigned char *buf, int len); -diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h -index 5703087..fff032e 100644 ---- a/pppd/plugins/rp-pppoe/config.h -+++ b/pppd/plugins/rp-pppoe/config.h -@@ -78,8 +78,9 @@ - #define HAVE_NET_IF_ARP_H 1 - - /* Define if you have the <net/ethernet.h> header file. */ -+#ifdef __GLIBC__ - #define HAVE_NET_ETHERNET_H 1 -- -+#endif - /* Define if you have the <net/if.h> header file. */ - #define HAVE_NET_IF_H 1 - -@@ -102,7 +103,9 @@ - #define HAVE_NETPACKET_PACKET_H 1 - - /* Define if you have the <sys/cdefs.h> header file. */ -+#ifdef __GLIBC__ - #define HAVE_SYS_CDEFS_H 1 -+#endif - - /* Define if you have the <sys/dlpi.h> header file. */ - /* #undef HAVE_SYS_DLPI_H */ -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c -index a8c2bb4..ca34d79 100644 ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -46,7 +46,6 @@ static char const RCSID[] = - #include <unistd.h> - #include <fcntl.h> - #include <signal.h> --#include <net/ethernet.h> - #include <net/if_arp.h> - #include <linux/ppp_defs.h> - #include <linux/if_pppox.h> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c -index 3d3bf4e..d42f619 100644 ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -27,10 +27,6 @@ - #include <linux/if_packet.h> - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include <net/ethernet.h> --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include <asm/types.h> - #endif -@@ -47,6 +43,10 @@ - #include <net/if_arp.h> - #endif - -+#ifndef __GLIBC__ -+#define error(x...) fprintf(stderr, x) -+#endif -+ - char *xstrdup(const char *s); - void usage(void); - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..75b9004 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -92,7 +92,7 @@ typedef unsigned long UINT32_t; - #ifdef HAVE_SYS_SOCKET_H - #include <sys/socket.h> - #endif --#ifndef HAVE_SYS_DLPI_H -+#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H - #include <netinet/if_ether.h> - #endif - #endif -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index a105505..49b0273 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -112,7 +112,7 @@ - #include <linux/types.h> - #include <linux/if.h> - #include <linux/if_arp.h> --#include <linux/route.h> -+/* #include <linux/route.h> */ - #include <linux/if_ether.h> - #endif - #include <netinet/in.h> -@@ -145,6 +145,7 @@ - #endif - - #ifdef INET6 -+#include <net/route.h> - #ifndef _LINUX_IN6_H - /* - * This is in linux/include/net/ipv6.h. --- -2.1.4 - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch deleted file mode 100644 index ea4969b366..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001 -From: Lu Chong <Chong.Lu@windriver.com> -Date: Tue, 5 Nov 2013 17:32:56 +0800 -Subject: [PATCH] ppp: Fix compilation errors in Makefile - -Make can't exit while compilation error occurs in subdir for plugins building. - -Upstream-Status: Pending - -Signed-off-by: Lu Chong <Chong.Lu@windriver.com> ---- - pppd/plugins/Makefile.linux | 1 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 0a7ec7b..2a2c15a 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -20,7 +20,7 @@ include .depend - endif - - all: $(PLUGINS) -- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done -+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done - - %.so: %.c - $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch deleted file mode 100644 index a32f89fbc8..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch +++ /dev/null @@ -1,43 +0,0 @@ -commit cd90fd147844a0cfec101f1e2db7a3c59d236621 -Author: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Wed Dec 28 14:11:22 2016 +0200 - -pppol2tp plugin: Remove unneeded include - -The include is not required and will break compile on musl libc with - -| In file included from pppol2tp.c:34:0: -| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant -| IFF_LOWER_UP = 1<<16, /* __volatile__ */ - -Patch originally from Khem Raj. - -Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..458316b 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -47,7 +47,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - #include "l2tp_event.h" -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index 0e28606..4f6d98c 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -46,7 +46,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - /* should be added to system's socket.h... */ ---- - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch deleted file mode 100644 index 9362d12648..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel <lkundrak@v3.sk> -Date: Mon, 9 Jan 2017 13:34:23 +0000 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be -included before <linux/in.h> otherwise the earlier, unaware of the latter, -tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work -alone anymore, since it pulls the headers in the wrong order, so we better -include <netinet/in.h> early. - -Upstream-Status: Backport -[https://github.com/paulusmack/ppp/commit/50a2997b256e0e0ef7a46fae133f56f60fce539c] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - pppd/plugins/rp-pppoe/pppoe.h | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..c4aaa6e 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -47,6 +47,10 @@ - #include <sys/socket.h> - #endif - -+/* This has to be included before Linux 4.8's linux/in.h -+ * gets dragged in. */ -+#include <netinet/in.h> -+ - /* Ugly header files on some Linux boxes... */ - #if defined(HAVE_LINUX_IF_H) - #include <linux/if.h> -@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t; - #include <linux/if_ether.h> - #endif - --#include <netinet/in.h> -- - #ifdef HAVE_NETINET_IF_ETHER_H - #include <sys/types.h> - -@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t; - #endif - - -- - /* Ethernet frame types according to RFC 2516 */ - #define ETH_PPPOE_DISCOVERY 0x8863 - #define ETH_PPPOE_SESSION 0x8864 --- -2.7.4 - diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch deleted file mode 100644 index 7dd69d8f4d..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch +++ /dev/null @@ -1,297 +0,0 @@ -This patch comes from OpenEmbedded. -The original patch is from Debian / SuSE to implement replacedefaultroute -Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [debian/suse patches] - -Index: ppp-2.4.7/pppd/ipcp.c -=================================================================== ---- ppp-2.4.7.orig/pppd/ipcp.c -+++ ppp-2.4.7/pppd/ipcp.c -@@ -198,6 +198,16 @@ static option_t ipcp_option_list[] = { - "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - -+#ifdef __linux__ -+ { "replacedefaultroute", o_bool, -+ &ipcp_wantoptions[0].replace_default_route, -+ "Replace default route", 1 -+ }, -+ { "noreplacedefaultroute", o_bool, -+ &ipcp_allowoptions[0].replace_default_route, -+ "Never replace default route", OPT_A2COPY, -+ &ipcp_wantoptions[0].replace_default_route }, -+#endif - { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, - "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, - { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, -@@ -271,7 +281,7 @@ struct protent ipcp_protent = { - ip_active_pkt - }; - --static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); -+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); - static void ipcp_script __P((char *, int)); /* Run an up/down script */ - static void ipcp_script_done __P((void *)); - -@@ -1761,7 +1771,12 @@ ip_demand_conf(u) - if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) - return 0; - if (wo->default_route) -+#ifndef __linux__ - if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) -+#else -+ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[u] = 1; - if (wo->proxy_arp) - if (sifproxyarp(u, wo->hisaddr)) -@@ -1849,7 +1864,8 @@ ipcp_up(f) - */ - if (demand) { - if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { -- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); -+ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route); - if (go->ouraddr != wo->ouraddr) { - warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); -@@ -1874,7 +1890,12 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -1924,7 +1945,12 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -2002,7 +2028,7 @@ ipcp_down(f) - sifnpmode(f->unit, PPP_IP, NPMODE_DROP); - sifdown(f->unit); - ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, -- ipcp_hisoptions[f->unit].hisaddr); -+ ipcp_hisoptions[f->unit].hisaddr, 0); - } - - /* Execute the ip-down script */ -@@ -2018,12 +2044,21 @@ ipcp_down(f) - * proxy arp entries, etc. - */ - static void --ipcp_clear_addrs(unit, ouraddr, hisaddr) -+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) - int unit; - u_int32_t ouraddr; /* local address */ - u_int32_t hisaddr; /* remote address */ -+ bool replacedefaultroute; - { -- if (proxy_arp_set[unit]) { -+ /* If replacedefaultroute, sifdefaultroute will be called soon -+ * with replacedefaultroute set and that will overwrite the current -+ * default route. This is the case only when doing demand, otherwise -+ * during demand, this cifdefaultroute would restore the old default -+ * route which is not what we want in this case. In the non-demand -+ * case, we'll delete the default route and restore the old if there -+ * is one saved by an sifdefaultroute with replacedefaultroute. -+ */ -+ if (!replacedefaultroute && default_route_set[unit]) { - cifproxyarp(unit, hisaddr); - proxy_arp_set[unit] = 0; - } -Index: ppp-2.4.7/pppd/ipcp.h -=================================================================== ---- ppp-2.4.7.orig/pppd/ipcp.h -+++ ppp-2.4.7/pppd/ipcp.h -@@ -70,6 +70,7 @@ typedef struct ipcp_options { - bool old_addrs; /* Use old (IP-Addresses) option? */ - bool req_addr; /* Ask peer to send IP address? */ - bool default_route; /* Assign default route through interface? */ -+ bool replace_default_route; /* Replace default route through interface? */ - bool proxy_arp; /* Make proxy ARP entry for peer? */ - bool neg_vj; /* Van Jacobson Compression? */ - bool old_vj; /* use old (short) form of VJ option? */ -Index: ppp-2.4.7/pppd/pppd.8 -=================================================================== ---- ppp-2.4.7.orig/pppd/pppd.8 -+++ ppp-2.4.7/pppd/pppd.8 -@@ -121,6 +121,13 @@ the gateway, when IPCP negotiation is su - This entry is removed when the PPP connection is broken. This option - is privileged if the \fInodefaultroute\fR option has been specified. - .TP -+.B replacedefaultroute -+This option is a flag to the defaultroute option. If defaultroute is -+set and this flag is also set, pppd replaces an existing default route -+with the new default route. -+ -+ -+.TP - .B disconnect \fIscript - Execute the command specified by \fIscript\fR, by passing it to a - shell, after -@@ -734,7 +741,12 @@ disable both forms of hardware flow cont - .TP - .B nodefaultroute - Disable the \fIdefaultroute\fR option. The system administrator who --wishes to prevent users from creating default routes with pppd -+wishes to prevent users from adding a default route with pppd -+can do so by placing this option in the /etc/ppp/options file. -+.TP -+.B noreplacedefaultroute -+Disable the \fIreplacedefaultroute\fR option. The system administrator who -+wishes to prevent users from replacing a default route with pppd - can do so by placing this option in the /etc/ppp/options file. - .TP - .B nodeflate -Index: ppp-2.4.7/pppd/pppd.h -=================================================================== ---- ppp-2.4.7.orig/pppd/pppd.h -+++ ppp-2.4.7/pppd/pppd.h -@@ -665,7 +665,11 @@ int sif6addr __P((int, eui64_t, eui64_t - int cif6addr __P((int, eui64_t, eui64_t)); - /* Remove an IPv6 address from i/f */ - #endif -+#ifndef __linux__ - int sifdefaultroute __P((int, u_int32_t, u_int32_t)); -+#else -+int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); -+#endif - /* Create default route through i/f */ - int cifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Delete default route through i/f */ -Index: ppp-2.4.7/pppd/sys-linux.c -=================================================================== ---- ppp-2.4.7.orig/pppd/sys-linux.c -+++ ppp-2.4.7/pppd/sys-linux.c -@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff - static int if_is_up; /* Interface has been marked up */ - static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ - static int have_default_route; /* Gateway for default route added */ -+static struct rtentry old_def_rt; /* Old default route */ -+static int default_rt_repl_rest; /* replace and restore old default rt */ - static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ - static char proxy_arp_dev[16]; /* Device for proxy arp entry */ - static u_int32_t our_old_addr; /* for detecting address changes */ -@@ -1545,6 +1547,9 @@ static int read_route_table(struct rtent - p = NULL; - } - -+ SET_SA_FAMILY (rt->rt_dst, AF_INET); -+ SET_SA_FAMILY (rt->rt_gateway, AF_INET); -+ - SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); - SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); - SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); -@@ -1614,20 +1619,51 @@ int have_route_to(u_int32_t addr) - /******************************************************************** - * - * sifdefaultroute - assign a default route through the address given. -- */ -- --int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) --{ -- struct rtentry rt; -- -- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { -- if (rt.rt_flags & RTF_GATEWAY) -- error("not replacing existing default route via %I", -- SIN_ADDR(rt.rt_gateway)); -- else -- error("not replacing existing default route through %s", -- rt.rt_dev); -- return 0; -+ * -+ * If the global default_rt_repl_rest flag is set, then this function -+ * already replaced the original system defaultroute with some other -+ * route and it should just replace the current defaultroute with -+ * another one, without saving the current route. Use: demand mode, -+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses -+ * and then changes the temporary addresses to the addresses for the real -+ * ppp connection when it has come up. -+ */ -+ -+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) -+{ -+ struct rtentry rt, tmp_rt; -+ struct rtentry *del_rt = NULL; -+ -+ if (default_rt_repl_rest) { -+ /* We have already reclaced the original defaultroute, if we -+ * are called again, we will delete the current default route -+ * and set the new default route in this function. -+ * - this is normally only the case the doing demand: */ -+ if (defaultroute_exists( &tmp_rt )) -+ del_rt = &tmp_rt; -+ } else if ( defaultroute_exists( &old_def_rt ) && -+ strcmp( old_def_rt.rt_dev, ifname ) != 0) { -+ /* We did not yet replace an existing default route, let's -+ * check if we should save and replace a default route: -+ */ -+ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); -+ if (old_gateway != gateway) { -+ if (!replace) { -+ error("not replacing default route to %s [%I]", -+ old_def_rt.rt_dev, old_gateway); -+ return 0; -+ } else { -+ // we need to copy rt_dev because we need it permanent too: -+ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1); -+ strcpy(tmp_dev, old_def_rt.rt_dev); -+ old_def_rt.rt_dev = tmp_dev; -+ -+ notice("replacing old default route to %s [%I]", -+ old_def_rt.rt_dev, old_gateway); -+ default_rt_repl_rest = 1; -+ del_rt = &old_def_rt; -+ } -+ } - } - - memset (&rt, 0, sizeof (rt)); -@@ -1646,6 +1682,12 @@ int sifdefaultroute (int unit, u_int32_t - error("default route ioctl(SIOCADDRT): %m"); - return 0; - } -+ if (default_rt_repl_rest && del_rt) -+ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno); -+ return 0; -+ } - - have_default_route = 1; - return 1; -@@ -1681,6 +1723,16 @@ int cifdefaultroute (int unit, u_int32_t - return 0; - } - } -+ if (default_rt_repl_rest) { -+ notice("restoring old default route to %s [%I]", -+ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); -+ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno); -+ return 0; -+ } -+ default_rt_repl_rest = 0; -+ } - - return 1; - } diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch deleted file mode 100644 index 53ff06e03e..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/copts.patch +++ /dev/null @@ -1,21 +0,0 @@ -ppp: use build system CFLAGS when compiling - -Upstream-Status: Pending - -Override the hard-coded COPTS make variables with -CFLAGS. Add COPTS into one Makefile that did not -use it. - -Signed-off-by: Joe Slater <jslater@windriver.com> - ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch deleted file mode 100644 index c5a0be86f5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch +++ /dev/null @@ -1,30 +0,0 @@ -ppp: Buffer overflow in radius plugin - -From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 - -Upstream-Status: Backport -CVE: CVE-2015-3310 - -On systems with more than 65535 processes running, pppd aborts when -sending a "start" accounting message to the RADIUS server because of a -buffer overflow in rc_mksid. - -The process id is used in rc_mksid to generate a pseudo-unique string, -assuming that the hex representation of the pid will be at most 4 -characters (FFFF). __sprintf_chk(), used when compiling with -optimization levels greater than 0 and FORTIFY_SOURCE, detects the -buffer overflow and makes pppd crash. - -The following patch fixes the problem. - ---- ppp-2.4.6.orig/pppd/plugins/radius/util.c -+++ ppp-2.4.6/pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () % 65535, - cnt & 0xFF); - cnt++; - return buf; diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch deleted file mode 100644 index 8a69396cc7..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch +++ /dev/null @@ -1,38 +0,0 @@ -The patch comes from OpenEmbedded. -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Updated from OE-Classic to include the pcap hunk. -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -Upstream-Status: Inappropriate [configuration] - -Index: ppp-2.4.7/pppd/Makefile.linux -=================================================================== ---- ppp-2.4.7.orig/pppd/Makefile.linux -+++ ppp-2.4.7/pppd/Makefile.linux -@@ -120,10 +120,10 @@ CFLAGS += -DHAS_SHADOW - #LIBS += -lshadow $(LIBS) - endif - --ifneq ($(wildcard /usr/include/crypt.h),) -+#ifneq ($(wildcard /usr/include/crypt.h),) - CFLAGS += -DHAVE_CRYPT_H=1 - LIBS += -lcrypt --endif -+#endif - - ifdef USE_LIBUTIL - CFLAGS += -DHAVE_LOGWTMP=1 -@@ -177,10 +177,10 @@ LIBS += -ldl - endif - - ifdef FILTER --ifneq ($(wildcard /usr/include/pcap-bpf.h),) -+#ifneq ($(wildcard /usr/include/pcap-bpf.h),) - LIBS += -lpcap - CFLAGS += -DPPP_FILTER --endif -+#endif - endif - - ifdef HAVE_INET6 diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch deleted file mode 100644 index 2d09baf5d0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile.patch +++ /dev/null @@ -1,95 +0,0 @@ -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [configuration] - -diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux ---- ppp-2.4.5-orig/chat/Makefile.linux 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/chat/Makefile.linux 2010-06-30 15:51:30.450118446 +0800 -@@ -25,7 +25,7 @@ - - install: chat - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c chat $(BINDIR) -+ $(INSTALL) -c chat $(BINDIR) - $(INSTALL) -c -m 644 chat.8 $(MANDIR) - - clean: -diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux ---- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 15:52:11.214170607 +0800 -@@ -99,7 +99,7 @@ - CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include - LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto - TARGETS += srp-entry --EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry -+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry - MANPAGES += srp-entry.8 - EXTRACLEAN += srp-entry.o - NEEDDES=y -@@ -200,7 +200,7 @@ - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd -+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi - $(INSTALL) -c -m 444 pppd.8 $(MANDIR) -diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux ---- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 -+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux 2010-06-30 15:53:47.750182267 +0800 -@@ -36,11 +36,11 @@ - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) -- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) -- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) -+ $(INSTALL) -c -m 755 radius.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) -+ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR) -+ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a - $(CC) -o radius.so -shared radius.o libradiusclient.a -diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux ---- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 -+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:53:15.454486877 +0800 -@@ -43,9 +43,9 @@ - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) -+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) - - clean: - rm -f *.o *.so pppoe-discovery -diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux ---- ppp-2.4.5-orig/pppdump/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 -+++ ppp-2.4.5/pppdump/Makefile.linux 2010-06-30 15:52:25.762183537 +0800 -@@ -17,5 +17,5 @@ - - install: - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c pppdump $(BINDIR) -+ $(INSTALL) -c pppdump $(BINDIR) - $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) -diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux ---- ppp-2.4.5-orig/pppstats/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 -+++ ppp-2.4.5/pppstats/Makefile.linux 2010-06-30 15:52:42.486341081 +0800 -@@ -22,7 +22,7 @@ - - install: pppstats - -mkdir -p $(MANDIR) -- $(INSTALL) -s -c pppstats $(BINDIR) -+ $(INSTALL) -c pppstats $(BINDIR) - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch deleted file mode 100644 index e53f240543..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch +++ /dev/null @@ -1,84 +0,0 @@ -Used openssl for the DES instead of the libcrypt / glibc - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: ppp-2.4.7/pppd/Makefile.linux -=================================================================== ---- ppp-2.4.7.orig/pppd/Makefile.linux -+++ ppp-2.4.7/pppd/Makefile.linux -@@ -38,7 +38,7 @@ LIBS = - # Uncomment the next 2 lines to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. - CHAPMS=y --USE_CRYPT=y -+#USE_CRYPT=y - # Don't use MSLANMAN unless you really know what you're doing. - #MSLANMAN=y - # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -132,7 +132,7 @@ endif - - ifdef NEEDDES - ifndef USE_CRYPT --LIBS += -ldes $(LIBS) -+LIBS += -lcrypto - else - CFLAGS += -DUSE_CRYPT=1 - endif -Index: ppp-2.4.7/pppd/pppcrypt.c -=================================================================== ---- ppp-2.4.7.orig/pppd/pppcrypt.c -+++ ppp-2.4.7/pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w - des_key[7] = Get7Bits(key, 49); - - #ifndef USE_CRYPT -- des_set_odd_parity((des_cblock *)des_key); -+ DES_set_odd_parity((DES_cblock *)des_key); - #endif - } - -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ - } - - #else /* USE_CRYPT */ --static des_key_schedule key_schedule; -+static DES_key_schedule key_schedule; - - bool - DesSetkey(key) - u_char *key; - { -- des_cblock des_key; -+ DES_cblock des_key; - MakeKey(key, des_key); -- des_set_key(&des_key, key_schedule); -+ DES_set_key(&des_key, &key_schedule); - return (1); - } - - bool --DesEncrypt(clear, key, cipher) -+DesEncrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, -- key_schedule, 1); -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, -+ &key_schedule, 1); - return (1); - } - -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, -- key_schedule, 0); -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, -+ &key_schedule, 0); - return (1); - } - diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch deleted file mode 100644 index a72414ff8a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch +++ /dev/null @@ -1,45 +0,0 @@ -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [embedded specific] - -diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c ---- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800 -@@ -55,6 +55,8 @@ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> -+#include <sys/stat.h> -+#include <unistd.h> - - #include "pppd.h" - #include "fsm.h" -@@ -2095,6 +2097,14 @@ - u_int32_t peerdns1, peerdns2; - { - FILE *f; -+ struct stat dirinfo; -+ -+ if(stat(_PATH_OUTDIR, &dirinfo)) { -+ if(mkdir(_PATH_OUTDIR, 0775)) { -+ error("Failed to create directory %s: %m", _PATH_OUTDIR); -+ return; -+ } -+ } - - f = fopen(_PATH_RESOLV, "w"); - if (f == NULL) { -diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h ---- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800 -@@ -30,7 +30,8 @@ - #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." - #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" - #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" --#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" -+#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp" -+#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf" - - #define _PATH_USEROPT ".ppprc" - #define _PATH_PSEUDONYM ".ppp_pseudonym" diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb deleted file mode 100644 index 644cde4562..0000000000 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ /dev/null @@ -1,106 +0,0 @@ -SUMMARY = "Point-to-Point Protocol (PPP) support" -DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ -the Point-to-Point Protocol (PPP) on Linux and Solaris systems." -SECTION = "console/network" -HOMEPAGE = "http://samba.org/ppp/" -BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" -DEPENDS = "libpcap openssl virtual/crypt" -LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" -LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ - file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ - file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ - file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" - -SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ - file://makefile.patch \ - file://cifdefroute.patch \ - file://pppd-resolv-varrun.patch \ - file://makefile-remove-hard-usr-reference.patch \ - file://pon \ - file://poff \ - file://init \ - file://ip-up \ - file://ip-down \ - file://08setupdns \ - file://92removedns \ - file://copts.patch \ - file://pap \ - file://ppp_on_boot \ - file://provider \ - file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \ - file://ppp@.service \ - file://fix-CVE-2015-3310.patch \ - file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ - file://0001-ppp-Remove-unneeded-include.patch \ - file://ppp-2.4.7-DES-openssl.patch \ -" - -SRC_URI_append_libc-musl = "\ - file://0001-Fix-build-with-musl.patch \ -" -SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a" -SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30" - -inherit autotools-brokensep systemd - -TARGET_CC_ARCH += " ${LDFLAGS}" -EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" -EXTRA_OECONF = "--disable-strip" - -# Package Makefile computes CFLAGS, referencing COPTS. -# Typically hard-coded to '-O2 -g' in the Makefile's. -# -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' - -do_configure () { - oe_runconf -} - -do_install_append () { - make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp - mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d - mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ - mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ - install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon - install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp - install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/ - install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/ - install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ - install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ - mkdir -p ${D}${sysconfdir}/chatscripts - mkdir -p ${D}${sysconfdir}/ppp/peers - install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts - install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot - install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/ppp@.service - rm -rf ${D}/${mandir}/man8/man8 - chmod u+s ${D}${sbindir}/pppd -} - -do_install_append_libc-musl () { - install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h -} - -CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" -PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" -FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" -FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" -FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so" -FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" -FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" -FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" -FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" -FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" -FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" -SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" -SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" -SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" -SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" -SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" -SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" -SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" -SUMMARY_${PN}-tools = "Additional tools for the PPP package" diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb new file mode 100644 index 0000000000..4b052f8ed9 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb @@ -0,0 +1,75 @@ +SUMMARY = "Point-to-Point Protocol (PPP) support" +DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ +the Point-to-Point Protocol (PPP) on Linux and Solaris systems." +SECTION = "console/network" +HOMEPAGE = "http://samba.org/ppp/" +BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" +DEPENDS = "libpcap openssl virtual/crypt" +LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD" +LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ + file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ + file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ + file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" + +SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ + file://pon \ + file://poff \ + file://init \ + file://ip-up \ + file://ip-down \ + file://08setupdns \ + file://92removedns \ + file://pap \ + file://ppp_on_boot \ + file://provider \ + file://ppp@.service \ + " + +SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff" + +inherit autotools systemd + +EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}" + +do_install:append () { + mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d + mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ + mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ + install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon + install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp + install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ + install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ + mkdir -p ${D}${sysconfdir}/chatscripts + mkdir -p ${D}${sysconfdir}/ppp/peers + install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts + install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot + install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/ppp@.service +} + +CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" +PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" +FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" +FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" +FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" +FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" +FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" +FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" +FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" +FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" +FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" +SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" +SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" +SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" +SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" +SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" +SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" +SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" +SUMMARY:${PN}-tools = "Additional tools for the PPP package" + diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch @@ -0,0 +1,37 @@ +From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Nov 2022 17:26:30 +0800 +Subject: [PATCH] avoid using -m option for readlink + +Use a more widely used option '-f' instead of '-m' here to +avoid dependency on coreutils. + +Looking at the git history of the resolvconf repo, the '-m' +is deliberately used. And it wants to depend on coreutils. +But in case of OE, the existence of /etc is ensured, and busybox +readlink provides '-f' option, so we can just use '-f'. In this +way, the coreutils dependency is not necessary any more. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + etc/resolvconf/update.d/libc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc +index 1c4f6bc..f75d22c 100755 +--- a/etc/resolvconf/update.d/libc ++++ b/etc/resolvconf/update.d/libc +@@ -57,7 +57,7 @@ fi + report_warning() { echo "$0: Warning: $*" >&2 ; } + + resolv_conf_is_symlinked_to_dynamic_file() { +- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] ++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] + } + + if ! resolv_conf_is_symlinked_to_dynamic_file ; then +-- +2.17.1 + diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch deleted file mode 100644 index 1aead07869..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch +++ /dev/null @@ -1,20 +0,0 @@ - -busybox installs readlink into /usr/bin, so ensure /usr/bin -is in the path. - -Upstream-Status: Submitted -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: resolvconf-1.76/etc/resolvconf/update.d/libc -=================================================================== ---- resolvconf-1.76.orig/etc/resolvconf/update.d/libc -+++ resolvconf-1.76/etc/resolvconf/update.d/libc -@@ -16,7 +16,7 @@ - # - - set -e --PATH=/sbin:/bin -+PATH=/sbin:/bin:/usr/bin - - [ -x /lib/resolvconf/list-records ] || exit 1 - diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb index 8550177288..226cb7ee77 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb @@ -5,26 +5,24 @@ itself up as the intermediary between programs that supply \ nameserver information and programs that need nameserver \ information." SECTION = "console/network" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" -AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS_${PN} = "bash" +RDEPENDS:${PN} = "bash sed util-linux-flock" -SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \ - file://fix-path-for-busybox.patch \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://99_resolvconf \ - " + file://0001-avoid-using-m-option-for-readlink.patch \ + " -SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300" -SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0" +SRCREV = "86047276c80705c51859a19f0c472102e0822f34" + +S = "${WORKDIR}/git" # the package is taken from snapshots.debian.org; that source is static and goes stale # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" -inherit allarch - do_compile () { : } @@ -39,12 +37,14 @@ do_install () { fi install -d ${D}${base_libdir}/${BPN} install -d ${D}${sysconfdir}/${BPN} + install -d ${D}${nonarch_base_libdir}/${BPN} ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${sysconfdir} ${D}${base_sbindir} install -d ${D}${mandir}/man8 ${D}${docdir}/${P} - cp -pPR etc/* ${D}${sysconfdir}/ + cp -pPR etc/resolvconf ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir}/ install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} install -d ${D}/${sysconfdir}/network/if-up.d install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf @@ -54,7 +54,7 @@ do_install () { install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ } -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { if [ -z "$D" ]; then if command -v systemd-tmpfiles >/dev/null; then systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf @@ -64,4 +64,4 @@ pkg_postinst_${PN} () { fi } -FILES_${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" diff --git a/meta/recipes-connectivity/slirp/libslirp_git.bb b/meta/recipes-connectivity/slirp/libslirp_git.bb new file mode 100644 index 0000000000..334b786b9b --- /dev/null +++ b/meta/recipes-connectivity/slirp/libslirp_git.bb @@ -0,0 +1,18 @@ +SUMMARY = "A general purpose TCP-IP emulator" +DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services." +HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp" +LICENSE = "BSD-3-Clause & MIT" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727" + +SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master" +SRCREV = "3ad1710a96678fe79066b1469cead4058713a1d9" +PV = "4.7.0" +S = "${WORKDIR}/git" + +DEPENDS = " \ + glib-2.0 \ +" + +inherit meson pkgconfig + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch new file mode 100644 index 0000000000..9051ae1abe --- /dev/null +++ b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch @@ -0,0 +1,62 @@ +From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@eng.windriver.com> +Date: Tue, 5 Dec 2023 23:02:22 -0800 +Subject: [PATCH v2] fix compile procan.c failed + +1. Compile socat failed if out of tree build (build dir != source dir) +... +gcc -c -D CC="gcc" -o procan.o procan.c +cc1: fatal error: procan.c: No such file or directory +... +Explicitly add $srcdir to makefile rule + +2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" +... +from ../socat-1.8.0.0/procan.c:10: +../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory + 18 | #include <inttypes.h> /* uint16_t */ +... + +In commit [Procan: print umask, CC, and couple more new infos][1], +it defeines marcro CC in C source, the space in CC will break +C source compile. Use first word of $(CC) to defeine marco CC + +[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 + +Upstream-Status: Submitted [socat@dest-unreach.org] +Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com> +--- + Makefile.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index c01b1a4..48dad69 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES) + socat: socat.o libxio.a + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) + +-procan.o: procan.c +- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c ++procan.o: $(srcdir)/procan.c ++ $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c + + PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o + procan: $(PROCAN_OBJS) +@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 + mkdir -p $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 + ln -sf socat1 $(DESTDIR)$(BINDEST)/socat +- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) + mkdir -p $(DESTDIR)$(MANDEST)/man1 +-- +2.42.0 + diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb index 1dbbe5cd55..912605c95c 100644 --- a/meta/recipes-connectivity/socat/socat_1.7.3.3.bb +++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb @@ -5,17 +5,15 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" SECTION = "console/network" -DEPENDS = "openssl" - LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" + file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f" SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ + file://0001-fix-compile-procan.c-failed.patch \ " -SRC_URI[md5sum] = "b2a032a47b8b89a18485697fa975154f" -SRC_URI[sha256sum] = "0dd63ffe498168a4aac41d307594c5076ff307aa0ac04b141f8f1cec6594d04a" +SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7" inherit autotools @@ -31,20 +29,23 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ sc_cv_sys_tabdly_shift=11 \ sc_cv_sys_csize_shift=4" -TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -PACKAGECONFIG_class-target ??= "tcp-wrappers readline" -PACKAGECONFIG ??= "readline" +PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" +PACKAGECONFIG ??= "readline openssl" PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" + +CFLAGS += "-fcommon" -do_install_prepend () { +do_install:prepend () { mkdir -p ${D}${bindir} install -d ${D}${bindir} ${D}${mandir}/man1 } diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key Binary files differnew file mode 100644 index 0000000000..30443c9438 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key new file mode 100644 index 0000000000..86c2104ec8 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF +rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN +uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30 +07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E +cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw +cwECAw== +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000000..a358aeb88a --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key new file mode 100644 index 0000000000..00ed9adae2 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV +dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw +AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K +awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM= +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000000..cc0e2f43ed --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key new file mode 100644 index 0000000000..a8e4406ba3 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC +i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8 +KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL +EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z +PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz +kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y +59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq +tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2 +EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO +7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf +X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E +nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L +NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM +HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL +NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY +9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U +mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb +N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK +m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+ +ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/ +SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk +b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot +JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA +wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0 +jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM +lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD +8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52 +p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt +cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV +p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J +BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx +WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP +2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49 +tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F +9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..9eb8c3838f --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb new file mode 100644 index 0000000000..ddd10e6eeb --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb @@ -0,0 +1,19 @@ +SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests" + +SRC_URI = "file://dropbear_rsa_host_key \ + file://openssh" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +INHIBIT_DEFAULT_DEPS = "1" + +do_install () { + install -d ${D}${sysconfdir}/dropbear + install ${WORKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ + + install -d ${D}${sysconfdir}/ssh + install ${WORKDIR}/openssh/* ${D}${sysconfdir}/ssh/ + chmod 0600 ${D}${sysconfdir}/ssh/* + chmod 0644 ${D}${sysconfdir}/ssh/*.pub +}
\ No newline at end of file diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch deleted file mode 100644 index 7b0713cf6d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +++ /dev/null @@ -1,82 +0,0 @@ -hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication -of disconnection in certain situations because source address validation is -mishandled. This is a denial of service that should have been prevented by PMF -(aka management frame protection). The attacker must send a crafted 802.11 frame -from a location that is within the 802.11 communications range. - -CVE: CVE-2019-16275 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Thu, 29 Aug 2019 11:52:04 +0300 -Subject: [PATCH] AP: Silently ignore management frame from unexpected source - address - -Do not process any received Management frames with unexpected/invalid SA -so that we do not add any state for unexpected STA addresses or end up -sending out frames to unexpected destination. This prevents unexpected -sequences where an unprotected frame might end up causing the AP to send -out a response to another device and that other device processing the -unexpected response. - -In particular, this prevents some potential denial of service cases -where the unexpected response frame from the AP might result in a -connected station dropping its association. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/drv_callbacks.c | 13 +++++++++++++ - src/ap/ieee802_11.c | 12 ++++++++++++ - 2 files changed, 25 insertions(+) - -diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c -index 31587685fe3b..34ca379edc3d 100644 ---- a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, - "hostapd_notif_assoc: Skip event with no address"); - return -1; - } -+ -+ if (is_multicast_ether_addr(addr) || -+ is_zero_ether_addr(addr) || -+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR -+ " in received indication - ignore this indication silently", -+ __func__, MAC2STR(addr)); -+ return 0; -+ } -+ - random_add_randomness(addr, ETH_ALEN); - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index c85a28db44b7..e7065372e158 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, - fc = le_to_host16(mgmt->frame_control); - stype = WLAN_FC_GET_STYPE(fc); - -+ if (is_multicast_ether_addr(mgmt->sa) || -+ is_zero_ether_addr(mgmt->sa) || -+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR -+ " in received frame - ignore this frame silently", -+ MAC2STR(mgmt->sa)); -+ return 0; -+ } -+ - if (stype == WLAN_FC_STYPE_BEACON) { - handle_beacon(hapd, mgmt, len, fi); - return 1; --- -2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch new file mode 100644 index 0000000000..c04c608bde --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch @@ -0,0 +1,33 @@ +From 57b12a1e43605f71239a21488cb9b541f0751dda Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alexk@zuma.ai> +Date: Thu, 21 Apr 2022 10:15:29 +0100 +Subject: [PATCH] Install wpa_passphrase when not disabled + +As part of fixing CONFIG_NO_WPA_PASSPHRASE, whilst wpa_passphrase gets +built, its not installed during `make install`. + +Fixes: cb41c214b78d ("build: Re-enable options for libwpa_client.so and wpa_passphrase") +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +Upstream-Status: Submitted [http://lists.infradead.org/pipermail/hostap/2022-April/040448.html] +--- + wpa_supplicant/Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index 0bab313f2355..12787c0c7d0f 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -73,6 +73,9 @@ $(DESTDIR)$(BINDIR)/%: % + + install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) + $(MAKE) -C ../src install ++ifndef CONFIG_NO_WPA_PASSPHRASE ++ install -D wpa_passphrase $(DESTDIR)/$(BINDIR)/wpa_passphrase ++endif + ifdef CONFIG_BUILD_WPA_CLIENT_SO + install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so + install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 0000000000..620560d3c7 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch @@ -0,0 +1,213 @@ +From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen <j@w1.fi> + +CVE: CVE-2023-52160 +Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] + +Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> + +--- + src/eap_peer/eap_config.h | 8 ++++++ + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++--- + src/eap_peer/eap_tls_common.c | 6 +++++ + src/eap_peer/eap_tls_common.h | 5 ++++ + wpa_supplicant/wpa_supplicant.conf | 7 ++++++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 3238f74..047eec2 100644 +--- a/src/eap_peer/eap_config.h ++++ b/src/eap_peer/eap_config.h +@@ -469,6 +469,14 @@ struct eap_peer_config { + * 1 = use cryptobinding if server supports it + * 2 = require cryptobinding + * ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * + * EAP-WSC (WPS) uses following options: pin=Device_Password and + * uuid=Device_UUID + * +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df..6080697 100644 +--- a/src/eap_peer/eap_peap.c ++++ b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Do not require Phase 2 authentication"); ++ } else if (os_strstr(phase1, "phase2_auth=1")) { ++ data->phase2_auth = FOR_INITIAL; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); ++ } else if (os_strstr(phase1, "phase2_auth=2")) { ++ data->phase2_auth = ALWAYS; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); ++ } + #ifdef EAP_TNC + if (os_strstr(phase1, "tnc=soh2")) { + data->soh = 2; +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) + data->force_peap_version = -1; + data->peap_outer_success = 2; + data->crypto_binding = OPTIONAL_BINDING; ++ data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_peap_parse_phase1(data, config->phase1); +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, + } + + ++static bool peap_phase2_sufficient(struct eap_sm *sm, ++ struct eap_peap_data *data) ++{ ++ if ((data->phase2_auth == ALWAYS || ++ (data->phase2_auth == FOR_INITIAL && ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && ++ !data->ssl.client_cert_conf) || ++ data->phase2_eap_started) && ++ !data->phase2_eap_success) ++ return false; ++ return true; ++} ++ ++ + /** + * eap_tlv_process - Process a received EAP-TLV message and generate a response + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, + " - force failed Phase 2"); + resp_status = EAP_TLV_RESULT_FAILURE; + ret->decision = DECISION_FAIL; ++ } else if (!peap_phase2_sufficient(sm, data)) { ++ wpa_printf(MSG_INFO, ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); ++ resp_status = EAP_TLV_RESULT_FAILURE; ++ ret->decision = DECISION_FAIL; + } else { + resp_status = EAP_TLV_RESULT_SUCCESS; + ret->decision = DECISION_UNCOND_SUCC; +@@ -887,8 +921,7 @@ continue_req: + /* EAP-Success within TLS tunnel is used to indicate + * shutdown of the TLS channel. The authentication has + * been completed. */ +- if (data->phase2_eap_started && +- !data->phase2_eap_success) { ++ if (!peap_phase2_sufficient(sm, data)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " + "Success used to indicate success, " + "but Phase 2 EAP was not yet " +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) + { + struct eap_peap_data *data = priv; ++ + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && +- data->phase2_success; ++ data->phase2_success && data->phase2_auth != ALWAYS; + } + + +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index c1837db..a53eeb1 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, + + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); + ++ if (!phase2) ++ data->client_cert_conf = params->client_cert || ++ params->client_cert_blob || ++ params->private_key || ++ params->private_key_blob; ++ + return 0; + } + +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h +index 9ac0012..3348634 100644 +--- a/src/eap_peer/eap_tls_common.h ++++ b/src/eap_peer/eap_tls_common.h +@@ -79,6 +79,11 @@ struct eap_ssl_data { + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; ++ ++ /** ++ * client_cert_conf: Whether client certificate has been configured ++ */ ++ bool client_cert_conf; + }; + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index 6619d6b..d63f73c 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1321,6 +1321,13 @@ fast_reauth=1 + # * 0 = do not use cryptobinding (default) + # * 1 = use cryptobinding if server supports it + # * 2 = require cryptobinding ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS ++# tunnel) behavior for PEAP: ++# * 0 = do not require Phase 2 authentication ++# * 1 = require Phase 2 authentication when client certificate ++# (private_key/client_cert) is no used and TLS session resumption was ++# not used (default) ++# * 2 = require Phase 2 authentication in all cases + # EAP-WSC (WPS) uses following options: pin=<Device Password> or + # pbc=1. + # diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch new file mode 100644 index 0000000000..6e930fc98d --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch @@ -0,0 +1,73 @@ +From cb41c214b78d6df187a31950342e48a403dbd769 Mon Sep 17 00:00:00 2001 +From: Sergey Matyukevich <geomatsi@gmail.com> +Date: Tue, 22 Feb 2022 11:52:19 +0300 +Subject: [PATCH 1/2] build: Re-enable options for libwpa_client.so and + wpa_passphrase + +Commit a41a29192e5d ("build: Pull common fragments into a build.rules +file") introduced a regression into wpa_supplicant build process. The +build target libwpa_client.so is not built regardless of whether the +option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because +this config option is used before it is imported from the configuration +file. Moving its use after including build.rules does not help: the +variable ALL is processed by build.rules and further changes are not +applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work +as expected: wpa_passphrase is always built regardless of whether the +option is set or not. + +Re-enable these options by adding both build targets to _all +dependencies. + +Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file") +Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alexk@gmail.com> +--- + wpa_supplicant/Makefile | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index cb66defac7c8..c456825ae75f 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -1,24 +1,29 @@ + BINALL=wpa_supplicant wpa_cli + +-ifndef CONFIG_NO_WPA_PASSPHRASE +-BINALL += wpa_passphrase +-endif +- + ALL = $(BINALL) + ALL += systemd/wpa_supplicant.service + ALL += systemd/wpa_supplicant@.service + ALL += systemd/wpa_supplicant-nl80211@.service + ALL += systemd/wpa_supplicant-wired@.service + ALL += dbus/fi.w1.wpa_supplicant1.service +-ifdef CONFIG_BUILD_WPA_CLIENT_SO +-ALL += libwpa_client.so +-endif + + EXTRA_TARGETS=dynamic_eap_methods + + CONFIG_FILE=.config + include ../src/build.rules + ++ifdef CONFIG_BUILD_WPA_CLIENT_SO ++# add the dependency this way to allow CONFIG_BUILD_WPA_CLIENT_SO ++# being set in the config which is read by build.rules ++_all: libwpa_client.so ++endif ++ ++ifndef CONFIG_NO_WPA_PASSPHRASE ++# add the dependency this way to allow CONFIG_NO_WPA_PASSPHRASE ++# being set in the config which is read by build.rules ++_all: wpa_passphrase ++endif ++ + ifdef LIBS + # If LIBS is set with some global build system defaults, clone those for + # LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well. +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch deleted file mode 100644 index a476cf040e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001 -From: Joshua DeWeese <jdeweese@hennypenny.com> -Date: Wed, 30 Jan 2019 16:19:47 -0500 -Subject: [PATCH] replace systemd install Alias with WantedBy - -According to the systemd documentation "WantedBy=foo.service in a -service bar.service is mostly equivalent to -Alias=foo.service.wants/bar.service in the same file." However, -this is not really the intended purpose of install Aliases. - -Upstream-Status: Submitted [hostap@lists.infradead.org] - -Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> ---- - wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -index 03ac507..da69a87 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -index c8a744d..ca3054b 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service -+WantedBy=multi-user.target -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -index 7788b38..55d2b9c 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -@@ -12,4 +12,4 @@ Type=simple - ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I - - [Install] --Alias=multi-user.target.wants/wpa_supplicant@%i.service -+WantedBy=multi-user.target --- -2.7.4 - diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch new file mode 100644 index 0000000000..53b0fcdf53 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch @@ -0,0 +1,26 @@ +From d001b301ba7987f4b39453a211631b85c48f2ff8 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <quic_jouni@quicinc.com> +Date: Thu, 3 Mar 2022 13:26:42 +0200 +Subject: [PATCH 2/2] Fix removal of wpa_passphrase on 'make clean' + +Fixes: 0430bc8267b4 ("build: Add a common-clean target") +Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com> +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alexk@gmail.com> +--- + wpa_supplicant/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index c456825ae75f..4b4688931b1d 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -2077,3 +2077,4 @@ clean: common-clean + rm -f libwpa_client.a + rm -f libwpa_client.so + rm -f libwpa_test1 libwpa_test2 ++ rm -f wpa_passphrase +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig deleted file mode 100644 index f04e398fdb..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig +++ /dev/null @@ -1,552 +0,0 @@ -# Example wpa_supplicant build time configuration -# -# This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. -# -# This file is included in Makefile, so variables like CFLAGS and LIBS can also -# be modified from here. In most cases, these lines should use += in order not -# to override previous values of the variables. - - -# Uncomment following two lines and fix the paths if you have installed OpenSSL -# or GnuTLS in non-default location -#CFLAGS += -I/usr/local/openssl/include -#LIBS += -L/usr/local/openssl/lib - -# Some Red Hat versions seem to include kerberos header files from OpenSSL, but -# the kerberos files are not in the default include path. Following line can be -# used to fix build issues on such systems (krb5.h not found). -#CFLAGS += -I/usr/include/kerberos - -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for madwifi driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_MADWIFI=y -# Set include directory to the madwifi source tree -#CFLAGS += -I../../madwifi - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -# CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - -# Driver interface for generic Linux wireless extensions -# Note: WEXT is deprecated in the current Linux kernel version and no new -# functionality is added to it. nl80211-based interface is the new -# replacement for WEXT and its use allows wpa_supplicant to properly control -# the driver to improve existing functionality like roaming and to support new -# functionality. -CONFIG_DRIVER_WEXT=y - -# Driver interface for Linux drivers using the nl80211 kernel interface -CONFIG_DRIVER_NL80211=y - -# driver_nl80211.c requires libnl. If you are compiling it yourself -# you may need to point hostapd to your version of libnl. -# -#CFLAGS += -I$<path to libnl include files> -#LIBS += -L$<path to libnl library files> - -# Use libnl v2.0 (or 3.0) libraries. -#CONFIG_LIBNL20=y - -# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) -CONFIG_LIBNL32=y - - -# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -#CONFIG_DRIVER_BSD=y -#CFLAGS += -I/usr/local/include -#LIBS += -L/usr/local/lib -#LIBS_p += -L/usr/local/lib -#LIBS_c += -L/usr/local/lib - -# Driver interface for Windows NDIS -#CONFIG_DRIVER_NDIS=y -#CFLAGS += -I/usr/include/w32api/ddk -#LIBS += -L/usr/local/lib -# For native build using mingw -#CONFIG_NATIVE_WINDOWS=y -# Additional directories for cross-compilation on Linux host for mingw target -#CFLAGS += -I/opt/mingw/mingw32/include/ddk -#LIBS += -L/opt/mingw/mingw32/lib -#CC=mingw32-gcc -# By default, driver_ndis uses WinPcap for low-level operations. This can be -# replaced with the following option which replaces WinPcap calls with NDISUIO. -# However, this requires that WZC is disabled (net stop wzcsvc) before starting -# wpa_supplicant. -# CONFIG_USE_NDISUIO=y - -# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - -# Driver interface for wired Ethernet drivers -CONFIG_DRIVER_WIRED=y - -# Driver interface for the Broadcom RoboSwitch family -#CONFIG_DRIVER_ROBOSWITCH=y - -# Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y - -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) -CONFIG_IEEE8021X_EAPOL=y - -# EAP-MD5 -CONFIG_EAP_MD5=y - -# EAP-MSCHAPv2 -CONFIG_EAP_MSCHAPV2=y - -# EAP-TLS -CONFIG_EAP_TLS=y - -# EAL-PEAP -CONFIG_EAP_PEAP=y - -# EAP-TTLS -CONFIG_EAP_TTLS=y - -# EAP-FAST -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. -#CONFIG_EAP_FAST=y - -# EAP-GTC -CONFIG_EAP_GTC=y - -# EAP-OTP -CONFIG_EAP_OTP=y - -# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) -#CONFIG_EAP_SIM=y - -# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y - -# EAP-pwd (secure authentication using only a password) -#CONFIG_EAP_PWD=y - -# EAP-PAX -#CONFIG_EAP_PAX=y - -# LEAP -CONFIG_EAP_LEAP=y - -# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) -#CONFIG_EAP_AKA=y - -# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). -# This requires CONFIG_EAP_AKA to be enabled, too. -#CONFIG_EAP_AKA_PRIME=y - -# Enable USIM simulator (Milenage) for EAP-AKA -#CONFIG_USIM_SIMULATOR=y - -# EAP-SAKE -#CONFIG_EAP_SAKE=y - -# EAP-GPSK -#CONFIG_EAP_GPSK=y -# Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y - -# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y - -# Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y -# Enable WSC 2.0 support -#CONFIG_WPS2=y -# Enable WPS external registrar functionality -#CONFIG_WPS_ER=y -# Disable credentials for an open network by default when acting as a WPS -# registrar. -#CONFIG_WPS_REG_DISABLE_OPEN=y -# Enable WPS support with NFC config method -#CONFIG_WPS_NFC=y - -# EAP-IKEv2 -#CONFIG_EAP_IKEV2=y - -# EAP-EKE -#CONFIG_EAP_EKE=y - -# PKCS#12 (PFX) support (used to read private key and certificate file from -# a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y - -# Smartcard support (i.e., private key on a smartcard), e.g., with openssl -# engine. -CONFIG_SMARTCARD=y - -# PC/SC interface for smartcards (USIM, GSM SIM) -# Enable this if EAP-SIM or EAP-AKA is included -#CONFIG_PCSC=y - -# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) -#CONFIG_HT_OVERRIDES=y - -# Support VHT overrides (disable VHT, mask MCS rates, etc.) -#CONFIG_VHT_OVERRIDES=y - -# Development testing -#CONFIG_EAPOL_TEST=y - -# Select control interface backend for external programs, e.g, wpa_cli: -# unix = UNIX domain sockets (default for Linux/*BSD) -# udp = UDP sockets using localhost (127.0.0.1) -# named_pipe = Windows Named Pipe (default for Windows) -# udp-remote = UDP sockets with remote access (only for tests systems/purpose) -# y = use default (backwards compatibility) -# If this option is commented out, control interface is not included in the -# build. -CONFIG_CTRL_IFACE=y - -# Include support for GNU Readline and History Libraries in wpa_cli. -# When building a wpa_cli binary for distribution, please note that these -# libraries are licensed under GPL and as such, BSD license may not apply for -# the resulting binary. -#CONFIG_READLINE=y - -# Include internal line edit mode in wpa_cli. This can be used as a replacement -# for GNU Readline to provide limited command line editing and history support. -#CONFIG_WPA_CLI_EDIT=y - -# Remove debugging code that is printing out debug message to stdout. -# This can be used to reduce the size of the wpa_supplicant considerably -# if debugging code is not needed. The size reduction can be around 35% -# (e.g., 90 kB). -#CONFIG_NO_STDOUT_DEBUG=y - -# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save -# 35-50 kB in code size. -#CONFIG_NO_WPA=y - -# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support -# This option can be used to reduce code size by removing support for -# converting ASCII passphrases into PSK. If this functionality is removed, the -# PSK can only be configured as the 64-octet hexstring (e.g., from -# wpa_passphrase). This saves about 0.5 kB in code size. -#CONFIG_NO_WPA_PASSPHRASE=y - -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. -# This can be used if ap_scan=1 mode is never enabled. -#CONFIG_NO_SCAN_PROCESSING=y - -# Select configuration backend: -# file = text file (e.g., wpa_supplicant.conf; note: the configuration file -# path is given on command line, not here; this option is just used to -# select the backend that allows configuration files to be used) -# winreg = Windows registry (see win_example.reg for an example) -CONFIG_BACKEND=file - -# Remove configuration write functionality (i.e., to allow the configuration -# file to be updated based on runtime configuration changes). The runtime -# configuration can still be changed, the changes are just not going to be -# persistent over restarts. This option can be used to reduce code size by -# about 3.5 kB. -#CONFIG_NO_CONFIG_WRITE=y - -# Remove support for configuration blobs to reduce code size by about 1.5 kB. -#CONFIG_NO_CONFIG_BLOBS=y - -# Select program entry point implementation: -# main = UNIX/POSIX like main() function (default) -# main_winsvc = Windows service (read parameters from registry) -# main_none = Very basic example (development use only) -#CONFIG_MAIN=main - -# Select wrapper for operatins system and C library specific functions -# unix = UNIX/POSIX like systems (default) -# win32 = Windows systems -# none = Empty template -#CONFIG_OS=unix - -# Select event loop implementation -# eloop = select() loop (default) -# eloop_win = Windows events and WaitForMultipleObject() loop -#CONFIG_ELOOP=eloop - -# Should we use poll instead of select? Select is used by default. -#CONFIG_ELOOP_POLL=y - -# Select layer 2 packet implementation -# linux = Linux packet socket (default) -# pcap = libpcap/libdnet/WinPcap -# freebsd = FreeBSD libpcap -# winpcap = WinPcap with receive thread -# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) -# none = Empty template -#CONFIG_L2_PACKET=linux - -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - -# Select TLS implementation -# openssl = OpenSSL (default) -# gnutls = GnuTLS -# internal = Internal TLSv1 implementation (experimental) -# none = Empty template -#CONFIG_TLS=openssl - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) -# can be enabled to get a stronger construction of messages when block ciphers -# are used. It should be noted that some existing TLS v1.0 -based -# implementation may not be compatible with TLS v1.1 message (ClientHello is -# sent prior to negotiating which version will be used) -#CONFIG_TLSV11=y - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) -# can be enabled to enable use of stronger crypto algorithms. It should be -# noted that some existing TLS v1.0 -based implementation may not be compatible -# with TLS v1.2 message (ClientHello is sent prior to negotiating which version -# will be used) -#CONFIG_TLSV12=y - -# If CONFIG_TLS=internal is used, additional library and include paths are -# needed for LibTomMath. Alternatively, an integrated, minimal version of -# LibTomMath can be used. See beginning of libtommath.c for details on benefits -# and drawbacks of this option. -#CONFIG_INTERNAL_LIBTOMMATH=y -#ifndef CONFIG_INTERNAL_LIBTOMMATH -#LTM_PATH=/usr/src/libtommath-0.39 -#CFLAGS += -I$(LTM_PATH) -#LIBS += -L$(LTM_PATH) -#LIBS_p += -L$(LTM_PATH) -#endif -# At the cost of about 4 kB of additional binary size, the internal LibTomMath -# can be configured to include faster routines for exptmod, sqr, and div to -# speed up DH and RSA calculation considerably -#CONFIG_INTERNAL_LIBTOMMATH_FAST=y - -# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. -# This is only for Windows builds and requires WMI-related header files and -# WbemUuid.Lib from Platform SDK even when building with MinGW. -#CONFIG_NDIS_EVENTS_INTEGRATED=y -#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" - -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y - -# Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# Add introspection support for new DBus control interface -#CONFIG_CTRL_IFACE_DBUS_INTRO=y - -# Add support for loading EAP methods dynamically as shared libraries. -# When this option is enabled, each EAP method can be either included -# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). -# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to -# be loaded in the beginning of the wpa_supplicant configuration file -# (see load_dynamic_eap parameter in the example file) before being used in -# the network blocks. -# -# Note that some shared parts of EAP methods are included in the main program -# and in order to be able to use dynamic EAP methods using these parts, the -# main program must have been build with the EAP method enabled (=y or =dyn). -# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries -# unless at least one of them was included in the main build to force inclusion -# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included -# in the main build to be able to load these methods dynamically. -# -# Please also note that using dynamic libraries will increase the total binary -# size. Thus, it may not be the best option for targets that have limited -# amount of memory/flash. -#CONFIG_DYNAMIC_EAP_METHODS=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y - -# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y - -# Send debug messages to syslog instead of stdout -#CONFIG_DEBUG_SYSLOG=y -# Set syslog facility for debug messages -#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON - -# Add support for sending all debug messages (regardless of debug verbosity) -# to the Linux kernel tracing facility. This helps debug the entire stack by -# making it easy to record everything happening from the driver up into the -# same file, e.g., using trace-cmd. -#CONFIG_DEBUG_LINUX_TRACING=y - -# Enable privilege separation (see README 'Privilege separation' for details) -#CONFIG_PRIVSEP=y - -# Enable mitigation against certain attacks against TKIP by delaying Michael -# MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y - -# Enable tracing code for developer debugging -# This tracks use of memory allocations and other registrations and reports -# incorrect use with a backtrace of call (or allocation) location. -#CONFIG_WPA_TRACE=y -# For BSD, uncomment these. -#LIBS += -lexecinfo -#LIBS_p += -lexecinfo -#LIBS_c += -lexecinfo - -# Use libbfd to get more details for developer debugging -# This enables use of libbfd to get more detailed symbols for the backtraces -# generated by CONFIG_WPA_TRACE=y. -#CONFIG_WPA_TRACE_BFD=y -# For BSD, uncomment these. -#LIBS += -lbfd -liberty -lz -#LIBS_p += -lbfd -liberty -lz -#LIBS_c += -lbfd -liberty -lz - -CONFIG_TLS = %ssl% -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# wpa_supplicant depends on strong random number generation being available -# from the operating system. os_get_random() function is used to fetch random -# data when needed, e.g., for key generation. On Linux and BSD systems, this -# works by reading /dev/urandom. It should be noted that the OS entropy pool -# needs to be properly initialized before wpa_supplicant is started. This is -# important especially on embedded devices that do not have a hardware random -# number generator and may by default start up with minimal entropy available -# for random number generation. -# -# As a safety net, wpa_supplicant is by default trying to internally collect -# additional entropy for generating random data to mix in with the data fetched -# from the OS. This by itself is not considered to be very strong, but it may -# help in cases where the system pool is not initialized properly. However, it -# is very strongly recommended that the system pool is initialized with enough -# entropy either by using hardware assisted random number generator or by -# storing state over device reboots. -# -# wpa_supplicant can be configured to maintain its own entropy store over -# restarts to enhance random number generation. This is not perfect, but it is -# much more secure than using the same sequence of random numbers after every -# reboot. This can be enabled with -e<entropy file> command line option. The -# specified file needs to be readable and writable by wpa_supplicant. -# -# If the os_get_random() is known to provide strong random data (e.g., on -# Linux/BSD, the board in question is known to have reliable source of random -# data from /dev/urandom), the internal wpa_supplicant random pool can be -# disabled. This will save some in binary size and CPU use. However, this -# should only be considered for builds that are known to be used on devices -# that meet the requirements described above. -#CONFIG_NO_RANDOM_POOL=y - -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - -# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) -#CONFIG_IEEE80211AC=y - -# Wireless Network Management (IEEE Std 802.11v-2011) -# Note: This is experimental and not complete implementation. -#CONFIG_WNM=y - -# Interworking (IEEE 802.11u) -# This can be used to enable functionality to improve interworking with -# external networks (GAS/ANQP to learn more about the networks and network -# selection based on available credentials). -#CONFIG_INTERWORKING=y - -# Hotspot 2.0 -#CONFIG_HS20=y - -# Disable roaming in wpa_supplicant -#CONFIG_NO_ROAMING=y - -# AP mode operations with wpa_supplicant -# This can be used for controlling AP mode operations with wpa_supplicant. It -# should be noted that this is mainly aimed at simple cases like -# WPA2-Personal while more complex configurations like WPA2-Enterprise with an -# external RADIUS server can be supported with hostapd. -CONFIG_AP=y - -CONFIG_BGSCAN_SIMPLE=y - -# P2P (Wi-Fi Direct) -# This can be used to enable P2P support in wpa_supplicant. See README-P2P for -# more information on P2P operations. -#CONFIG_P2P=y - -# Enable TDLS support -#CONFIG_TDLS=y - -# Wi-Fi Direct -# This can be used to enable Wi-Fi Direct extensions for P2P using an external -# program to control the additional information exchanges in the messages. -#CONFIG_WIFI_DISPLAY=y - -# Autoscan -# This can be used to enable automatic scan support in wpa_supplicant. -# See wpa_supplicant.conf for more information on autoscan usage. -# -# Enabling directly a module will enable autoscan support. -# For exponential module: -CONFIG_AUTOSCAN_EXPONENTIAL=y -# For periodic module: -#CONFIG_AUTOSCAN_PERIODIC=y - -# Password (and passphrase, etc.) backend for external storage -# These optional mechanisms can be used to add support for storing passwords -# and other secrets in external (to wpa_supplicant) location. This allows, for -# example, operating system specific key storage to be used -# -# External password backend for testing purposes (developer use) -#CONFIG_EXT_PASSWORD_TEST=y diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb new file mode 100644 index 0000000000..22028ce957 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -0,0 +1,138 @@ +SUMMARY = "Client for Wi-Fi Protected Access (WPA)" +DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." +HOMEPAGE = "http://w1.fi/wpa_supplicant/" +BUGTRACKER = "http://w1.fi/security/" +SECTION = "network" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ + file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \ + file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705" + +DEPENDS = "dbus libnl" + +SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ + file://wpa-supplicant.sh \ + file://wpa_supplicant.conf \ + file://wpa_supplicant.conf-sane \ + file://99_wpa_supplicant \ + file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \ + file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \ + file://0001-Install-wpa_passphrase-when-not-disabled.patch \ + file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \ + " +SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" + +S = "${WORKDIR}/wpa_supplicant-${PV}" + +inherit pkgconfig systemd + +PACKAGECONFIG ?= "openssl" +PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" +PACKAGECONFIG[openssl] = ",,openssl" + +CVE_PRODUCT = "wpa_supplicant" + +EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'" + +do_configure () { + ${MAKE} -C wpa_supplicant clean + sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config + + if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then + echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config + elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then + echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config + sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ + -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ + -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config + fi + + # For rebuild + rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d +} + +do_compile () { + oe_runmake -C wpa_supplicant + if [ -z "${DISABLE_STATIC}" ]; then + oe_runmake -C wpa_supplicant libwpa_client.a + fi +} + +do_install () { + oe_runmake -C wpa_supplicant DESTDIR="${D}" install + + install -d ${D}${docdir}/wpa_supplicant + install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant + + install -d ${D}${sysconfdir} + install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf + + install -d ${D}${sysconfdir}/network/if-pre-up.d/ + install -d ${D}${sysconfdir}/network/if-post-down.d/ + install -d ${D}${sysconfdir}/network/if-down.d/ + install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant + ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant + + install -d ${D}/${sysconfdir}/dbus-1/system.d + install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d + install -d ${D}/${datadir}/dbus-1/system-services + install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} + fi + + install -d ${D}/etc/default/volatiles + install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles + + install -d ${D}${includedir} + install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} + + if [ -z "${DISABLE_STATIC}" ]; then + install -d ${D}${libdir} + install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir} + fi +} + +pkg_postinst:${PN} () { + # If we're offline, we don't need to do this. + if [ "x$D" = "x" ]; then + killall -q -HUP dbus-daemon || true + fi +} + +PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli" +PACKAGES =+ "${PN}-lib" +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY:${PN}-plugins = "1" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase" +FILES:${PN}-cli = "${sbindir}/wpa_cli" +FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}" +FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" +FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug" + +CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" + +RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins" + +SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" +SYSTEMD_AUTO_ENABLE = "disable" + +python split_wpa_supplicant_libs () { + libdir = d.expand('${libdir}/wpa_supplicant') + dbglibdir = os.path.join(libdir, '.debug') + + split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True) + split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) +} +PACKAGESPLITFUNCS += "split_wpa_supplicant_libs" diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb deleted file mode 100644 index 3e92427bb0..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ /dev/null @@ -1,110 +0,0 @@ -SUMMARY = "Client for Wi-Fi Protected Access (WPA)" -HOMEPAGE = "http://w1.fi/wpa_supplicant/" -BUGTRACKER = "http://w1.fi/security/" -SECTION = "network" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \ - file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b" -DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" -PACKAGECONFIG[openssl] = ",,openssl" - -inherit pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" -SYSTEMD_AUTO_ENABLE = "disable" - -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ - file://defconfig \ - file://wpa-supplicant.sh \ - file://wpa_supplicant.conf \ - file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ - file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ - file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ - " -SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" -SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" - -CVE_PRODUCT = "wpa_supplicant" - -S = "${WORKDIR}/wpa_supplicant-${PV}" - -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" - -do_configure () { - ${MAKE} -C wpa_supplicant clean - install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config - - if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then - ssl=openssl - elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then - ssl=gnutls - fi - if [ -n "$ssl" ]; then - sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config - fi - - # For rebuild - rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d -} - -export EXTRA_CFLAGS = "${CFLAGS}" -export BINDIR = "${sbindir}" - -do_compile () { - unset CFLAGS CPPFLAGS CXXFLAGS - sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules - oe_runmake -C wpa_supplicant -} - -do_install () { - install -d ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} - - install -d ${D}${bindir} - install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} - - install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant - - install -d ${D}${sysconfdir} - install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf - - install -d ${D}${sysconfdir}/network/if-pre-up.d/ - install -d ${D}${sysconfdir}/network/if-post-down.d/ - install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant - cd ${D}${sysconfdir}/network/ && \ - ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant - - install -d ${D}/${sysconfdir}/dbus-1/system.d - install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d - install -d ${D}/${datadir}/dbus-1/system-services - install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system - fi - - install -d ${D}/etc/default/volatiles - install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles -} - -pkg_postinst_wpa-supplicant () { - # If we're offline, we don't need to do this. - if [ "x$D" = "x" ]; then - killall -q -HUP dbus-daemon || true - fi - -} |