diff options
Diffstat (limited to 'meta/recipes-connectivity')
261 files changed, 5710 insertions, 19590 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb deleted file mode 100644 index ac364618e4..0000000000 --- a/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb +++ /dev/null @@ -1,64 +0,0 @@ -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -require avahi.inc - -inherit distro_features_check -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" - -SRC_URI += "file://0001-configure.ac-install-GtkBuilder-interface-files-for-.patch" -SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013" -SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454" - -DEPENDS += "avahi" - -AVAHI_GTK = "gtk3" - -S = "${WORKDIR}/avahi-${PV}" - -PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc avahi-discover" - -FILES_${PN} = "${libdir}/libavahi-ui*.so.*" -FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}" -FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a" - -FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" - -FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ - ${datadir}/avahi/interfaces/avahi-discover.ui \ - ${bindir}/avahi-discover-standalone \ - " - -do_install_append () { - rm ${D}${sysconfdir} -rf - rm ${D}${base_libdir} -rf - rm ${D}${systemd_unitdir} -rf - # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib, - # but not ${base_libdir} here. And the /lib may not exist - # whithout systemd. - [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty - rm ${D}${bindir}/avahi-b* - rm ${D}${bindir}/avahi-p* - rm ${D}${bindir}/avahi-r* - rm ${D}${bindir}/avahi-s* - rm ${D}${includedir}/avahi-c* -rf - rm ${D}${includedir}/avahi-g* -rf - rm ${D}${libdir}/libavahi-c* - rm ${D}${libdir}/libavahi-g* - rm ${D}${libdir}/pkgconfig/avahi-c* - rm ${D}${libdir}/pkgconfig/avahi-g* - rm ${D}${sbindir} -rf - rm ${D}${datadir}/avahi/a* - rm ${D}${datadir}/avahi/s* - rm ${D}${datadir}/locale/ -rf - rm ${D}${datadir}/dbus* -rf - rm ${D}${mandir}/man1/a* - rm ${D}${mandir}/man5 -rf - rm ${D}${mandir}/man8 -rf - rm ${D}${libdir}/girepository-1.0/ -rf - rm ${D}${datadir}/gir-1.0/ -rf -} - diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc deleted file mode 100644 index 7814464940..0000000000 --- a/meta/recipes-connectivity/avahi/avahi.inc +++ /dev/null @@ -1,150 +0,0 @@ -SUMMARY = "Avahi IPv4LL network address configuration daemon" -DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ -allows programs to publish and discover services and hosts running on a local network \ -with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ -IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ -configuration from the link-local 169.254.0.0/16 range without the need for a central \ -server.' -AUTHOR = "Lennart Poettering <lennart@poettering.net>" -HOMEPAGE = "http://avahi.org" -BUGTRACKER = "https://github.com/lathiat/avahi/issues" -SECTION = "network" - -# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and -# python scripts are under GPLv2+ -LICENSE = "GPLv2+ & LGPLv2.1+" - -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" - -SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ - file://00avahi-autoipd \ - file://99avahi-autoipd \ - file://initscript.patch \ - " -UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" - -# For gtk related PACKAGECONFIGs: gtk, gtk3 and pygtk -AVAHI_GTK ?= "" - -PACKAGECONFIG ??= "dbus ${AVAHI_GTK}" -PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" -PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" -PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" -PACKAGECONFIG[pygtk] = "--enable-pygtk,--disable-pygtk," - -USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \ - --no-create-home --shell /bin/false \ - --user-group avahi" - -USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \ - --no-create-home --shell /bin/false \ - --user-group \ - -c \"Avahi autoip daemon\" \ - avahi-autoipd" - -inherit autotools pkgconfig update-rc.d gettext useradd gobject-introspection - -EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ - --disable-stack-protector \ - --disable-gdbm \ - --disable-mono \ - --disable-monodoc \ - --disable-qt3 \ - --disable-qt4 \ - --disable-python \ - --disable-doxygen-doc \ - --enable-manpages \ - ${EXTRA_OECONF_SYSVINIT} \ - ${EXTRA_OECONF_SYSTEMD} \ - " - -# The distro choice determines what init scripts are installed -EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" - -do_configure_prepend() { - sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac - - # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes - rm "${S}/common/introspection.m4" || true -} - -do_compile_prepend() { - export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" -} - -PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils" - -# As avahi doesn't put any files into PN, clear the files list to avoid problems -# if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ - ${sysconfdir}/avahi/avahi-autoipd.action \ - ${sysconfdir}/dhcp/*/avahi-autoipd \ - ${sysconfdir}/udhcpc.d/00avahi-autoipd \ - ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ - ${sysconfdir}/avahi/avahi-daemon.conf \ - ${sysconfdir}/avahi/hosts \ - ${sysconfdir}/avahi/services \ - ${sysconfdir}/dbus-1 \ - ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ - ${datadir}/avahi/avahi-service.dtd \ - ${datadir}/avahi/service-types \ - ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ - ${sysconfdir}/avahi/avahi-dnsconfd.action \ - ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-*" - -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" - -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" -RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" - -RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev" -RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev" - -RRECOMMENDS_avahi-dev[nodeprrecs] = "1" - -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" - -INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" - -do_install() { - autotools_do_install - - # don't install /var/run when populating rootfs. Do it through volatile - # /var/run of current version is empty, so just remove it. - # if /var/run become non-empty in the future, need to install it via volatile - rm -rf ${D}${localstatedir}/run - rmdir --ignore-fail-on-non-empty ${D}${localstatedir} - rm -rf ${D}${datadir}/dbus-1/interfaces - test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 - rm -rf ${D}${libdir}/avahi - - install -d ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d - install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d -} - -# At the time the postinst runs, dbus might not be setup so only restart if running -# Don't exit early, because update-rc.d needs to run subsequently. - -pkg_postinst_avahi-daemon () { -if [ -z "$D" ]; then - killall -q -HUP dbus-daemon || true -fi -} diff --git a/meta/recipes-connectivity/avahi/avahi_0.6.32.bb b/meta/recipes-connectivity/avahi/avahi_0.6.32.bb deleted file mode 100644 index bfa63044ea..0000000000 --- a/meta/recipes-connectivity/avahi/avahi_0.6.32.bb +++ /dev/null @@ -1,22 +0,0 @@ -require avahi.inc - -inherit systemd - -SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ - file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ - file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ - file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ - file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" - -SRC_URI += "file://avahi-fix-resource-unavaiable.patch" - -SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013" -SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454" - -DEPENDS += "intltool-native" - -PACKAGES =+ "libavahi-gobject" diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb new file mode 100644 index 0000000000..1f18d4491d --- /dev/null +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -0,0 +1,198 @@ +SUMMARY = "Avahi IPv4LL network address configuration daemon" +DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ +allows programs to publish and discover services and hosts running on a local network \ +with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ +IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ +configuration from the link-local 169.254.0.0/16 range without the need for a central \ +server.' +HOMEPAGE = "http://avahi.org" +BUGTRACKER = "https://github.com/avahi/avahi/issues" +SECTION = "network" + +# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and +# python scripts are under GPL-2.0-or-later +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ + file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ + file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ + file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ + file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" + +SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ + file://00avahi-autoipd \ + file://99avahi-autoipd \ + file://initscript.patch \ + file://0001-Fix-opening-etc-resolv.conf-error.patch \ + file://handle-hup.patch \ + file://local-ping.patch \ + file://invalid-service.patch \ + file://CVE-2023-1981.patch \ + file://CVE-2023-38469-1.patch \ + file://CVE-2023-38469-2.patch \ + file://CVE-2023-38470-1.patch \ + file://CVE-2023-38470-2.patch \ + file://CVE-2023-38471-1.patch \ + file://CVE-2023-38471-2.patch \ + file://CVE-2023-38472.patch \ + file://CVE-2023-38473.patch \ + " + +GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" +SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" + +CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" + +DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" + +# For gtk related PACKAGECONFIGs: gtk, gtk3 +AVAHI_GTK ?= "" + +PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" +PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" +PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" +PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" +PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" +PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" +PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" + +inherit autotools pkgconfig gettext gobject-introspection github-releases + +EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ + --disable-stack-protector \ + --disable-gdbm \ + --disable-dbm \ + --disable-mono \ + --disable-monodoc \ + --disable-qt3 \ + --disable-qt4 \ + --disable-python \ + --disable-doxygen-doc \ + --enable-manpages \ + ${EXTRA_OECONF_SYSVINIT} \ + ${EXTRA_OECONF_SYSTEMD} \ + " + +# The distro choice determines what init scripts are installed +EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" + +do_configure:prepend() { + # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes + rm "${S}/common/introspection.m4" || true +} + +do_compile:prepend() { + export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" +} + +RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" + +do_install() { + autotools_do_install + rm -rf ${D}/run + test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 + rm -rf ${D}${libdir}/avahi + + # Move example service files out of /etc/avahi/services so we don't + # advertise ssh & sftp-ssh by default + install -d ${D}${docdir}/avahi + mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi +} + +PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" + +FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" + +RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" + +inherit update-rc.d systemd useradd + +PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" + +FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" +FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ + ${datadir}/avahi/interfaces/avahi-discover.ui \ + ${bindir}/avahi-discover-standalone \ + " + +LICENSE:libavahi-gobject = "LGPL-2.1-or-later" +LICENSE:avahi-daemon = "LGPL-2.1-or-later" +LICENSE:libavahi-common = "LGPL-2.1-or-later" +LICENSE:libavahi-core = "LGPL-2.1-or-later" +LICENSE:libavahi-client = "LGPL-2.1-or-later" +LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" +LICENSE:libavahi-glib = "LGPL-2.1-or-later" +LICENSE:avahi-autoipd = "LGPL-2.1-or-later" +LICENSE:avahi-utils = "LGPL-2.1-or-later" + +# As avahi doesn't put any files into PN, clear the files list to avoid problems +# if extra libraries appear. +FILES:${PN} = "" +FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ + ${sysconfdir}/avahi/avahi-autoipd.action \ + ${sysconfdir}/dhcp/*/avahi-autoipd \ + ${sysconfdir}/udhcpc.d/00avahi-autoipd \ + ${sysconfdir}/udhcpc.d/99avahi-autoipd" +FILES:libavahi-common = "${libdir}/libavahi-common.so.*" +FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES:avahi-daemon = "${sbindir}/avahi-daemon \ + ${sysconfdir}/avahi/avahi-daemon.conf \ + ${sysconfdir}/avahi/hosts \ + ${sysconfdir}/avahi/services \ + ${sysconfdir}/dbus-1 \ + ${sysconfdir}/init.d/avahi-daemon \ + ${datadir}/dbus-1/interfaces \ + ${datadir}/avahi/avahi-service.dtd \ + ${datadir}/avahi/service-types \ + ${datadir}/dbus-1/system-services" +FILES:libavahi-client = "${libdir}/libavahi-client.so.*" +FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ + ${sysconfdir}/avahi/avahi-dnsconfd.action \ + ${sysconfdir}/init.d/avahi-dnsconfd" +FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" + +DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" +DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" +RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" + +RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns" + +CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" + +USERADD_PACKAGES = "avahi-daemon avahi-autoipd" +USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ + --no-create-home --shell /bin/false \ + --user-group avahi" + +USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ + --no-create-home --shell /bin/false \ + --user-group \ + -c \"Avahi autoip daemon\" \ + avahi-autoipd" + +INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" +INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" + +SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" +SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" + +do_install:append() { + install -d ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d + install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d +} + +# At the time the postinst runs, dbus might not be setup so only restart if running +# Don't exit early, because update-rc.d needs to run subsequently. +pkg_postinst:avahi-daemon () { +if [ -z "$D" ]; then + killall -q -HUP dbus-daemon || true +fi +} + diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch new file mode 100644 index 0000000000..cb8b83fd23 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch @@ -0,0 +1,45 @@ +From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 20 Jun 2018 13:57:35 +0800 +Subject: [PATCH] Fix opening /etc/resolv.conf error + +Fix to start avahi-daemon after systemd-resolved.service. This is because +/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is +a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf +is created by systemd-resolved.service by default in current OE's systemd +based systems. + +This fixes errro like below. + + Failed to open /etc/resolv.conf: Invalid argument + +In fact, handling of /etc/resolv.conf is quite distro specific. So this patch +is marked as OE specific. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +When connman installed to image, /etc/resolv.conf is link to +/etc/resolv-conf.connman. So launch avahi-daemon after connman too. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + avahi-daemon/avahi-daemon.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in +index 548c834..63e28e4 100644 +--- a/avahi-daemon/avahi-daemon.service.in ++++ b/avahi-daemon/avahi-daemon.service.in +@@ -18,6 +18,7 @@ + [Unit] + Description=Avahi mDNS/DNS-SD Stack + Requires=avahi-daemon.socket ++After=systemd-resolved.service connman.service + + [Service] + Type=dbus +-- +2.11.0 + diff --git a/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch b/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch deleted file mode 100644 index 942607a846..0000000000 --- a/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 6ff255eff4fea6350b5e0462fee176fadc26fc1c Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Sun, 12 Jun 2016 18:32:49 +0300 -Subject: [PATCH] configure.ac: install GtkBuilder interface files for GTK+3 - too - -Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/130] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> -Signed-off-by: Dengke Du <dengke.du@windriver.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 87a9a17..9860dcc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -965,7 +965,7 @@ AC_SUBST(avahi_socket) - # - # Avahi interfaces dir - # --if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes"; then -+if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes" -o "x$HAVE_GTK3" = "xyes"; then - interfacesdir="${datadir}/${PACKAGE}/interfaces/" - AC_SUBST(interfacesdir) - fi --- -2.8.1 - diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch @@ -0,0 +1,58 @@ +From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Thu, 17 Nov 2022 01:51:53 +0100 +Subject: [PATCH] Emit error if requested service is not found + +It currently just crashes instead of replying with error. Check return +value and emit error instead of passing NULL pointer to reply. + +Fixes #375 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] +CVE: CVE-2023-1981 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c +index 70d7687bc..406d0b441 100644 +--- a/avahi-daemon/dbus-protocol.c ++++ b/avahi-daemon/dbus-protocol.c +@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM + } + + t = avahi_alternative_host_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); ++ } + } + + static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { +@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB + } + + t = avahi_alternative_service_name(n); +- avahi_dbus_respond_string(c, m, t); +- avahi_free(t); ++ if (t) { ++ avahi_dbus_respond_string(c, m, t); ++ avahi_free(t); + +- return DBUS_HANDLER_RESULT_HANDLED; ++ return DBUS_HANDLER_RESULT_HANDLED; ++ } else { ++ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); ++ } + } + + static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..a078f66102 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch @@ -0,0 +1,48 @@ +From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Mon, 23 Oct 2023 20:29:31 +0000 +Subject: [PATCH] avahi: core: reject overly long TXT resource records + +Closes https://github.com/lathiat/avahi/issues/455 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] +CVE: CVE-2023-38469 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-core/rr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/rr.c b/avahi-core/rr.c +index 7fa0bee..b03a24c 100644 +--- a/avahi-core/rr.c ++++ b/avahi-core/rr.c +@@ -32,6 +32,7 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/defs.h> + ++#include "dns.h" + #include "rr.h" + #include "log.h" + #include "util.h" +@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { + case AVAHI_DNS_TYPE_TXT: { + + AvahiStringList *strlst; ++ size_t used = 0; + +- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) ++ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { + if (strlst->size > 255 || strlst->size <= 0) + return 0; + ++ used += 1+strlst->size; ++ if (used > AVAHI_DNS_RDATA_MAX) ++ return 0; ++ } ++ + return 1; + } + } +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch @@ -0,0 +1,65 @@ +From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Wed, 25 Oct 2023 18:15:42 +0000 +Subject: [PATCH] tests: pass overly long TXT resource records + +to make sure they don't crash avahi any more. +It reproduces https://github.com/lathiat/avahi/issues/455 + +Canonical notes: +nickgalanis> removed first hunk since there is no .github dir in this release + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] +CVE: CVE-2023-38469 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 14 ++++++++++++++ + 1 files changed, 14 insertions(+) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -22,6 +22,7 @@ + #endif + + #include <stdio.h> ++#include <string.h> + #include <assert.h> + + #include <avahi-client/client.h> +@@ -33,6 +34,8 @@ + #include <avahi-common/malloc.h> + #include <avahi-common/timeval.h> + ++#include <avahi-core/dns.h> ++ + static const AvahiPoll *poll_api = NULL; + static AvahiSimplePoll *simple_poll = NULL; + +@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + uint32_t cookie; + struct timeval tv; + AvahiAddress a; ++ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; ++ AvahiStringList *txt = NULL; ++ int r; + + simple_poll = avahi_simple_poll_new(); + poll_api = avahi_simple_poll_get(simple_poll); +@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); + printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); + ++ memset(rdata, 1, sizeof(rdata)); ++ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); ++ assert(r >= 0); ++ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); ++ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); ++ assert(error == AVAHI_ERR_INVALID_RECORD); ++ avahi_string_list_free(txt); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..91f9e677ac --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch @@ -0,0 +1,59 @@ +From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> +Date: Tue, 11 Apr 2023 15:29:59 +0200 +Subject: [PATCH] avahi: Ensure each label is at least one byte long + +The only allowed exception is single dot, where it should return empty +string. + +Fixes #454. + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] +CVE: CVE-2023-38470 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-common/domain-test.c | 14 ++++++++++++++ + avahi-common/domain.c | 2 +- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c +index cf763ec..3acc1c1 100644 +--- a/avahi-common/domain-test.c ++++ b/avahi-common/domain-test.c +@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); + avahi_free(s); + ++ printf("%s\n", s = avahi_normalize_name_strdup(".")); ++ avahi_free(s); ++ ++ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." ++ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" ++ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" ++ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." ++ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." ++ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" ++ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." ++ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." ++ "}.?.?.?.}.=.?.?.}"); ++ assert(s == NULL); ++ + printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); + printf("%i\n", avahi_domain_equal("A", "a")); + +diff --git a/avahi-common/domain.c b/avahi-common/domain.c +index 3b1ab68..e66d241 100644 +--- a/avahi-common/domain.c ++++ b/avahi-common/domain.c +@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { + } + + if (!empty) { +- if (size < 1) ++ if (size < 2) + return NULL; + + *(r++) = '.'; +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch @@ -0,0 +1,52 @@ +From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 19 Sep 2023 03:21:25 +0000 +Subject: [PATCH] [common] bail out when escaped labels can't fit into ret + +Fixes: +``` +==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 +READ of size 1110 at 0x7f9e76f14c16 thread T0 + #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) + #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 + #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 +``` +and +``` +fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. +==101571== ERROR: libFuzzer: deadly signal + #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) + #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) + #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 +``` + +It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security +CVE: CVE-2023-38470 #Follow-up patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-common/domain.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-common/domain.c +=================================================================== +--- avahi-0.8.orig/avahi-common/domain.c ++++ avahi-0.8/avahi-common/domain.c +@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s + } else + empty = 0; + +- avahi_escape_label(label, strlen(label), &r, &size); ++ if (!(avahi_escape_label(label, strlen(label), &r, &size))) ++ return NULL; + } + + return ret_s; diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..b3f716495d --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch @@ -0,0 +1,73 @@ +From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Mon, 23 Oct 2023 13:38:35 +0200 +Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() + +Previously we could create invalid escape sequence when we split the +string on dot. For example, from valid host name "foo\\.bar" we have +created invalid name "foo\\" and tried to set that as the host name +which crashed the daemon. + +Fixes #453 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] +CVE: CVE-2023-38471 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-core/server.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index e507750..40f1d68 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { + } + + int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { +- char *hn = NULL; ++ char label_escaped[AVAHI_LABEL_MAX*4+1]; ++ char label[AVAHI_LABEL_MAX]; ++ char *hn = NULL, *h; ++ size_t len; ++ + assert(s); + + AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); +@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { + else + hn = avahi_normalize_name_strdup(host_name); + +- hn[strcspn(hn, ".")] = 0; ++ h = hn; ++ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { ++ avahi_free(h); ++ return AVAHI_ERR_INVALID_HOST_NAME; ++ } ++ ++ avahi_free(h); ++ ++ h = label_escaped; ++ len = sizeof(label_escaped); ++ if (!avahi_escape_label(label, strlen(label), &h, &len)) ++ return AVAHI_ERR_INVALID_HOST_NAME; + +- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { +- avahi_free(hn); ++ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +- } + + withdraw_host_rrs(s); + + avahi_free(s->host_name); +- s->host_name = hn; ++ s->host_name = avahi_strdup(label_escaped); ++ if (!s->host_name) ++ return AVAHI_ERR_NO_MEMORY; + + update_fqdn(s); + +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch @@ -0,0 +1,52 @@ +From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Tue, 24 Oct 2023 22:04:51 +0000 +Subject: [PATCH] core: return errors from avahi_server_set_host_name properly + +It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] +CVE: CVE-2023-38471 #Follow-up Patch +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-core/server.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: avahi-0.8/avahi-core/server.c +=================================================================== +--- avahi-0.8.orig/avahi-core/server.c ++++ avahi-0.8/avahi-core/server.c +@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ + else + hn = avahi_normalize_name_strdup(host_name); + ++ if (!hn) ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); ++ + h = hn; + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { + avahi_free(h); +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + } + + avahi_free(h); +@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ + h = label_escaped; + len = sizeof(label_escaped); + if (!avahi_escape_label(label, strlen(label), &h, &len)) +- return AVAHI_ERR_INVALID_HOST_NAME; ++ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); + + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) + return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); +@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ + avahi_free(s->host_name); + s->host_name = avahi_strdup(label_escaped); + if (!s->host_name) +- return AVAHI_ERR_NO_MEMORY; ++ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); + + update_fqdn(s); + diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..85dbded73b --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch @@ -0,0 +1,46 @@ +From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Thu, 19 Oct 2023 17:36:44 +0200 +Subject: [PATCH] core: make sure there is rdata to process before parsing it + +Fixes #452 + +CVE-2023-38472 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security +Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] +CVE: CVE-2023-38472 +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + avahi-client/client-test.c | 3 +++ + avahi-daemon/dbus-entry-group.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: avahi-0.8/avahi-client/client-test.c +=================================================================== +--- avahi-0.8.orig/avahi-client/client-test.c ++++ avahi-0.8/avahi-client/client-test.c +@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA + assert(error == AVAHI_ERR_INVALID_RECORD); + avahi_string_list_free(txt); + ++ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); ++ assert(error != AVAHI_OK); ++ + avahi_entry_group_commit (group); + + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); +Index: avahi-0.8/avahi-daemon/dbus-entry-group.c +=================================================================== +--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c ++++ avahi-0.8/avahi-daemon/dbus-entry-group.c +@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g + if (!(r = avahi_record_new_full (name, clazz, type, ttl))) + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); + +- if (avahi_rdata_parse (r, rdata, size) < 0) { ++ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { + avahi_record_unref (r); + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); + } diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..707acb60fe --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch @@ -0,0 +1,110 @@ +From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 11 Oct 2023 17:45:44 +0200 +Subject: [PATCH] avahi: common: derive alternative host name from its + unescaped version + +Normalization of input makes sure we don't have to deal with special +cases like unescaped dot at the end of label. + +Fixes #451 #487 + +Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] +CVE: CVE-2023-38473 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + avahi-common/alternative-test.c | 3 +++ + avahi-common/alternative.c | 27 +++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c +index 9255435..681fc15 100644 +--- a/avahi-common/alternative-test.c ++++ b/avahi-common/alternative-test.c +@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { + const char* const test_strings[] = { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", ++ ").", ++ "\\.", ++ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", + "gurke", + "-", + " #", +diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c +index b3d39f0..a094e6d 100644 +--- a/avahi-common/alternative.c ++++ b/avahi-common/alternative.c +@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { + } + + char *avahi_alternative_host_name(const char *s) { ++ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; ++ char *alt, *r, *ret; + const char *e; +- char *r; ++ size_t len; + + assert(s); + + if (!avahi_is_valid_host_name(s)) + return NULL; + +- if ((e = strrchr(s, '-'))) { ++ if (!avahi_unescape_label(&s, label, sizeof(label))) ++ return NULL; ++ ++ if ((e = strrchr(label, '-'))) { + const char *p; + + e++; +@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { + + if (e) { + char *c, *m; +- size_t l; + int n; + + n = atoi(e)+1; + if (!(m = avahi_strdup_printf("%i", n))) + return NULL; + +- l = e-s-1; ++ len = e-label-1; + +- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) +- l = AVAHI_LABEL_MAX-1-strlen(m)-1; ++ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) ++ len = AVAHI_LABEL_MAX-1-strlen(m)-1; + +- if (!(c = avahi_strndup(s, l))) { ++ if (!(c = avahi_strndup(label, len))) { + avahi_free(m); + return NULL; + } +@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { + } else { + char *c; + +- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) ++ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) + return NULL; + + drop_incomplete_utf8(c); +@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { + avahi_free(c); + } + ++ alt = alternative; ++ len = sizeof(alternative); ++ ret = avahi_escape_label(r, strlen(r), &alt, &len); ++ ++ avahi_free(r); ++ r = avahi_strdup(ret); ++ + assert(avahi_is_valid_host_name(r)); + + return r; +-- +2.40.0 diff --git a/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch b/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch deleted file mode 100644 index 5a2fd75f55..0000000000 --- a/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Backport - -Backport from: -https://github.com/experimental-platform/platform-hostname-avahi/pull/9 - -It sometimes fails to run avahi with error: "Could not receive return value -from daemon process". It has same root cause with -https://github.com/lxc/lxc/issues/25. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -From 5150983102ad5ad43f0dae203cb332c168eb5a71 Mon Sep 17 00:00:00 2001 -From: Hinnerk Haardt <haardt@information-control.de> -Date: Thu, 17 Dec 2015 11:52:19 +0100 -Subject: [PATCH] Fix `chroot.c: fork() failed: Resource temporarily - unavailable` as per https://github.com/lxc/lxc/issues/25. - ---- - avahi-daemon/avahi-daemon.conf | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/avahi-daemon/avahi-daemon.conf b/avahi-daemon/avahi-daemon.conf -index 95166f8..3d5b7a6 100644 ---- a/avahi-daemon/avahi-daemon.conf -+++ b/avahi-daemon/avahi-daemon.conf -@@ -65,4 +65,3 @@ rlimit-data=4194304 - rlimit-fsize=0 - rlimit-nofile=768 - rlimit-stack=4194304 --rlimit-nproc=3 diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch index 193889eb5c..c856c3df04 100644 --- a/meta/recipes-connectivity/avahi/files/initscript.patch +++ b/meta/recipes-connectivity/avahi/files/initscript.patch @@ -1,10 +1,10 @@ Upstream-Status: Pending -diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in -index 30a2c2f..b5848a8 100755 ---- a/initscript/debian/avahi-daemon.in -+++ b/initscript/debian/avahi-daemon.in -@@ -1,2 +1,14 @@ +Index: avahi-0.7/initscript/debian/avahi-daemon.in +=================================================================== +--- avahi-0.7.orig/initscript/debian/avahi-daemon.in ++++ avahi-0.7/initscript/debian/avahi-daemon.in +@@ -1,5 +1,17 @@ #!/bin/sh - +### BEGIN INIT INFO @@ -20,11 +20,14 @@ index 30a2c2f..b5848a8 100755 +# automatically +### END INIT INFO +# -diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in -index ac34804..f95c340 100755 ---- a/initscript/debian/avahi-dnsconfd.in -+++ b/initscript/debian/avahi-dnsconfd.in -@@ -1,1 +1,14 @@ + # This file is part of avahi. + # + # avahi is free software; you can redistribute it and/or modify it +Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in +=================================================================== +--- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in ++++ avahi-0.7/initscript/debian/avahi-dnsconfd.in +@@ -1,4 +1,17 @@ #!/bin/sh +### BEGIN INIT INFO +# Provides: avahi-dnsconfd @@ -39,3 +42,6 @@ index ac34804..f95c340 100755 +# automatically +### END INIT INFO +# + + # This file is part of avahi. + # diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch new file mode 100644 index 0000000000..8f188aff2c --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/invalid-service.patch @@ -0,0 +1,29 @@ +From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 +From: Asger Hautop Drewsen <asger@princh.com> +Date: Mon, 9 Aug 2021 14:25:08 +0200 +Subject: [PATCH] Fix avahi-browse: Invalid service type + +Invalid service types will stop the browse from completing, or +in simple terms "my washing machine stops me from printing". + +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + avahi-core/browse-service.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 63e0275a..ac3d2ecb 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); +- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); ++ ++ if (!avahi_is_valid_service_type_generic(service_type)) ++ service_type = "_invalid._tcp"; + + if (!domain) + domain = server->domain_name; diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch @@ -0,0 +1,153 @@ +CVE: CVE-2021-36217 +CVE: CVE-2021-3502 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch new file mode 100644 index 0000000000..ec1bc7b567 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch @@ -0,0 +1,27 @@ +From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Mon, 15 Oct 2018 16:55:09 +0800 +Subject: [PATCH] avoid start failure with bind user + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + init.d | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/init.d b/init.d +index b2eec60..6e03936 100644 +--- a/init.d ++++ b/init.d +@@ -57,6 +57,7 @@ case "$1" in + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then + /usr/sbin/rndc-confgen -a -b 512 ++ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then +-- +2.7.4 + diff --git a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch deleted file mode 100644 index 1e23c0f56b..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch +++ /dev/null @@ -1,54 +0,0 @@ -xml2-config is disabled, so change the configure script to use pkgconfig to find -libxml2. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Update context for version 9.10.3-P2. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Update context for version 9.10.5-P3. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- - configure.in | 23 +++-------------------- - 1 file changed, 3 insertions(+), 20 deletions(-) - -diff --git a/configure.in b/configure.in -index 4da73a4..6f2a754 100644 ---- a/configure.in -+++ b/configure.in -@@ -2282,26 +2282,9 @@ case "$use_libxml2" in - DST_LIBXML2_INC="" - ;; - auto|yes) -- case X`(xml2-config --version) 2>/dev/null` in -- X2.[[6789]].*) -- libxml2_libs=`xml2-config --libs` -- libxml2_cflags=`xml2-config --cflags` -- ;; -- *) -- if test "yes" = "$use_libxml2" ; then -- AC_MSG_RESULT(no) -- AC_MSG_ERROR(required libxml2 version not available) -- else -- libxml2_libs= -- libxml2_cflags= -- fi -- ;; -- esac -- ;; -- *) -- if test -f "$use_libxml2/bin/xml2-config" ; then -- libxml2_libs=`$use_libxml2/bin/xml2-config --libs` -- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags` -+ if pkg-config --exists libxml-2.0 ; then -+ libxml2_libs=`pkg-config libxml-2.0 --libs` -+ libxml2_cflags=`pkg-config libxml-2.0 --cflags` - fi - ;; - esac --- -2.1.4 - diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch deleted file mode 100644 index 1215093716..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch +++ /dev/null @@ -1,25 +0,0 @@ -Upstream-Status: Pending - -Subject: gen.c: extend DIRNAMESIZE from 256 to 512 - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - lib/dns/gen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 7a7dafb..51a0435 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,7 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 --#define DIRNAMESIZE 256 -+#define DIRNAMESIZE 512 - - static struct cc { - struct cc *next; --- -1.9.1 - diff --git a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch deleted file mode 100644 index 1ed858cd3f..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Wed, 16 Sep 2015 20:23:47 -0700 -Subject: [PATCH] lib/dns/gen.c: fix too long error - -The 512 is a little short when build in deep dir, and cause "too long" -error, use PATH_MAX if defined. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - lib/dns/gen.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 51a0435..3d7214f 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -148,7 +148,11 @@ static const char copyright[] = - #define TYPECLASSBUF (TYPECLASSLEN + 1) - #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" - #define ATTRIBUTESIZE 256 -+#ifdef PATH_MAX -+#define DIRNAMESIZE PATH_MAX -+#else - #define DIRNAMESIZE 512 -+#endif - - static struct cc { - struct cc *next; --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4c10f33f04 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,35 @@ +From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index bf20690..c5d330f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par + AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) + AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) + +-bind_CONFIGARGS="${ac_configure_args:-default}" ++bind_CONFIGARGS="(removed for reproducibility)" + AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) + + AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) diff --git a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch deleted file mode 100644 index 8bc4ea30f8..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Mon, 16 Feb 2015 00:50:01 -0800 -Subject: [PATCH] confgen: don't build unix.o twice - -Fixed: -unix/os.o: file not recognized: File truncated -collect2: error: ld returned 1 exit status - -This is because os.o was built twice: -* The implicity rule (depends on unix/os.o) -* The "make all" in unix subdir (depends on unix/os.o) - -Depend on subdirs which is unix only rather than unix/os.o will fix the -problem. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Update context(trailing whitespace) for version 9.10.5-P3. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- - bin/confgen/Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index dca272f..02becce 100644 ---- a/bin/confgen/Makefile.in -+++ b/bin/confgen/Makefile.in -@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c - ddns-confgen.@O@: ddns-confgen.c - ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c - --rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} -+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS) - export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \ - ${FINALBUILDCMD} - --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index 13df3bb0e9..38d07cae39 100644 --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch @@ -1,4 +1,4 @@ -From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001 +From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker <paul.gortmaker@windriver.com> Date: Tue, 9 Jun 2015 11:22:00 -0400 Subject: [PATCH] bind: ensure searching for json headers searches sysroot @@ -27,23 +27,21 @@ to make use of the combination some day. Upstream-Status: Inappropriate [OE Specific] Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + --- - configure.in | 2 +- + configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/configure.in b/configure.in -index c9ef3a601343..17a1f613e9ac 100644 ---- a/configure.in -+++ b/configure.in -@@ -2139,7 +2139,7 @@ case "$use_libjson" in - libjson_libs="" - ;; - auto|yes) -- for d in /usr /usr/local /opt/local -+ for d in "${STAGING_INCDIR}" - do - if test -f "${d}/include/json/json.h" - then --- -2.4.2 - +diff --git a/configure.ac b/configure.ac +index 2ab8ddd..92fe983 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], + [no],[], + [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], + [ac_lib_lmdb_found=yes], +- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do ++ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do + AX_LIB_LMDB([$ac_lib_lmdb_path], + [ac_lib_lmdb_found=yes + break]) diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind/conf.patch +++ b/meta/recipes-connectivity/bind/bind/conf.patch @@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d + + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ /usr/sbin/rndc-confgen -a -b 512 + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch deleted file mode 100644 index b02ecb1061..0000000000 --- a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: bind-9.9.5/bin/Makefile.in -=================================================================== ---- bind-9.9.5.orig/bin/Makefile.in -+++ bind-9.9.5/bin/Makefile.in -@@ -19,7 +19,7 @@ srcdir = @srcdir@ - VPATH = @srcdir@ - top_srcdir = @top_srcdir@ - --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named rndc dig delv dnssec tools nsupdate \ - check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh index ef915c0ae5..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh @@ -2,7 +2,7 @@ if [ ! -s /etc/bind/rndc.key ]; then echo -n "Generating /etc/bind/rndc.key:" - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 chown root:bind /etc/bind/rndc.key chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch deleted file mode 100644 index 9829f15881..0000000000 --- a/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch +++ /dev/null @@ -1,36 +0,0 @@ -Use python3 rather default python which maybe links to python2 for oe. And add -option for setup.py to install files to right directory. - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in -index a43a3c1..2e727f2 100644 ---- a/bin/python/Makefile.in -+++ b/bin/python/Makefile.in -@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs - ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8 - if test -n "${PYTHON}" ; then \ - if test -n "${DESTDIR}" ; then \ -- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - else \ -- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \ -+ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \ - fi \ - fi - -diff --git a/configure.in b/configure.in -index 314bb90..867923e 100644 ---- a/configure.in -+++ b/configure.in -@@ -227,7 +227,7 @@ AC_ARG_WITH(python, - [ --with-python=PATH specify path to python interpreter], - use_python="$withval", use_python="unspec") - --python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" -+python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7" - - testargparse='try: import argparse - except: exit(1)' diff --git a/meta/recipes-connectivity/bind/bind_9.10.6.bb b/meta/recipes-connectivity/bind/bind_9.10.6.bb deleted file mode 100644 index 8b8835ba80..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.10.6.bb +++ /dev/null @@ -1,123 +0,0 @@ -SUMMARY = "ISC Internet Domain Name Server" -HOMEPAGE = "http://www.isc.org/sw/bind/" -SECTION = "console/network" - -LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43" - -DEPENDS = "openssl libcap" - -SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ - file://conf.patch \ - file://make-etc-initd-bind-stop-work.patch \ - file://dont-test-on-host.patch \ - file://generate-rndc-key.sh \ - file://named.service \ - file://bind9 \ - file://init.d-add-support-for-read-only-rootfs.patch \ - file://bind-confgen-build-unix.o-once.patch \ - file://0001-build-use-pkg-config-to-find-libxml2.patch \ - file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ - file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \ - file://0001-lib-dns-gen.c-fix-too-long-error.patch \ - file://use-python3-and-fix-install-lib-path.patch \ - " - -SRC_URI[md5sum] = "84e663284b17aee0df1ce6f248b137d7" -SRC_URI[sha256sum] = "17bbcd2bd7b1d32f5ba4b30d5dbe8a39bce200079048073d1e0d050fdf47e69d" - -UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" -UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/" - - -ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" -EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ - --disable-devpoll --enable-epoll --with-gost=no \ - --with-gssapi=no --with-ecdsa=yes \ - --sysconfdir=${sysconfdir}/bind \ - --with-openssl=${STAGING_LIBDIR}/.. \ - " - -inherit autotools update-rc.d systemd useradd pkgconfig python3-dir - -export PYTHON_SITEPACKAGES_DIR - -# PACKAGECONFIGs readline and libedit should NOT be set at same time -PACKAGECONFIG ?= "readline" -PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" -PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" -PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" -PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,," - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ - --user-group bind" - -INITSCRIPT_NAME = "bind" -INITSCRIPT_PARAMS = "defaults" - -SYSTEMD_SERVICE_${PN} = "named.service" - -PARALLEL_MAKE = "" - -RDEPENDS_${PN} = "python3-core" -RDEPENDS_${PN}-dev = "" - -PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}" - -PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so*" - -do_install_prepend() { - # clean host path in isc-config.sh before the hardlink created - # by "make install": - # bind9-config -> isc-config.sh - sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh -} - -do_install_append() { - rm "${D}${bindir}/nslookup" - rm "${D}${mandir}/man1/nslookup.1" - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" - install -d -o bind "${D}${localstatedir}/cache/bind" - install -d "${D}${sysconfdir}/bind" - install -d "${D}${sysconfdir}/init.d" - install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" - install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" - sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds - - # Install systemd related files - install -d ${D}${sbindir} - install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service - - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf - fi - - rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc -} - -CONFFILES_${PN} = " \ - ${sysconfdir}/bind/named.conf \ - ${sysconfdir}/bind/named.conf.local \ - ${sysconfdir}/bind/named.conf.options \ - ${sysconfdir}/bind/db.0 \ - ${sysconfdir}/bind/db.127 \ - ${sysconfdir}/bind/db.empty \ - ${sysconfdir}/bind/db.local \ - ${sysconfdir}/bind/db.root \ - " - diff --git a/meta/recipes-connectivity/bind/bind_9.18.26.bb b/meta/recipes-connectivity/bind/bind_9.18.26.bb new file mode 100644 index 0000000000..2784f3bdd9 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.18.26.bb @@ -0,0 +1,113 @@ +SUMMARY = "ISC Internet Domain Name Server" +HOMEPAGE = "https://www.isc.org/bind/" +DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" +SECTION = "console/network" + +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" + +DEPENDS = "openssl libcap zlib libuv" + +SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ + file://conf.patch \ + file://named.service \ + file://bind9 \ + file://generate-rndc-key.sh \ + file://make-etc-initd-bind-stop-work.patch \ + file://init.d-add-support-for-read-only-rootfs.patch \ + file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ + file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ + file://0001-avoid-start-failure-with-bind-user.patch \ + " + +SRC_URI[sha256sum] = "75ffee52731e9604c849b658df29e927f1c4f01d5a71ea3ebcbeb63702cb6651" + +UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" +# follow the ESV versions divisible by 2 +UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" + +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." + +inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives + +# PACKAGECONFIGs readline and libedit should NOT be set at same time +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" +PACKAGECONFIG[readline] = "--with-readline=readline,,readline" +PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" +PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" + +EXTRA_OECONF = " --disable-auto-validation \ + --with-gssapi=no --with-lmdb=no --with-zlib \ + --sysconfdir=${sysconfdir}/bind \ + --with-openssl=${STAGING_DIR_HOST}${prefix} \ + " +LDFLAGS:append = " -lz" + +# dhcp needs .la so keep them +REMOVE_LIBTOOL_LA = "0" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ + --user-group bind" + +INITSCRIPT_NAME = "bind" +INITSCRIPT_PARAMS = "defaults" + +SYSTEMD_SERVICE:${PN} = "named.service" + +do_install:append() { + + install -d -o bind "${D}${localstatedir}/cache/bind" + install -d "${D}${sysconfdir}/bind" + install -d "${D}${sysconfdir}/init.d" + install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" + install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" + + # Install systemd related files + install -d ${D}${sbindir} + install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/named.service + + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf + fi +} + +CONFFILES:${PN} = " \ + ${sysconfdir}/bind/named.conf \ + ${sysconfdir}/bind/named.conf.local \ + ${sysconfdir}/bind/named.conf.options \ + ${sysconfdir}/bind/db.0 \ + ${sysconfdir}/bind/db.127 \ + ${sysconfdir}/bind/db.empty \ + ${sysconfdir}/bind/db.local \ + ${sysconfdir}/bind/db.root \ + " + +ALTERNATIVE:${PN}-utils = "nslookup" +ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" +ALTERNATIVE_PRIORITY = "100" + +PACKAGE_BEFORE_PN += "${PN}-utils" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" + +PACKAGE_BEFORE_PN += "${PN}-libs" +# special arrangement below due to +# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 +FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" + +DEV_PKG_DEPENDENCY = "" diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index e78f174c5c..a31d7076ba 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -2,15 +2,16 @@ SUMMARY = "Linux Bluetooth Stack Userland V5" DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." HOMEPAGE = "http://www.bluez.org" SECTION = "libs" -LICENSE = "GPLv2+ & LGPLv2.1+" +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ - file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" -DEPENDS = "udev dbus-glib glib-2.0 libcheck" + file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" +DEPENDS = "dbus glib-2.0" +RDEPENDS:${PN} += "dbus" PROVIDES += "bluez-hcidump" -RPROVIDES_${PN} += "bluez-hcidump" +RPROVIDES:${PN} += "bluez-hcidump" -RCONFLICTS_${PN} = "bluez4" +RCONFLICTS:${PN} = "bluez4" PACKAGECONFIG ??= "obex-profiles \ readline \ @@ -22,6 +23,7 @@ PACKAGECONFIG ??= "obex-profiles \ hog-profiles \ tools \ deprecated \ + udev \ " PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical" PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline," @@ -41,28 +43,35 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" -PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c" - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ - file://out-of-tree.patch \ - file://init \ - file://run-ptest \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ - file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ -" +PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" +PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" +PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" + +SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ + file://init \ + file://run-ptest \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ + file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ + file://0001-test-gatt-Fix-hung-issue.patch \ + file://0004-src-shared-util.c-include-linux-limits.h.patch \ + " S = "${WORKDIR}/bluez-${PV}" CVE_PRODUCT = "bluez" -inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest +inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data EXTRA_OECONF = "\ --enable-test \ --enable-datafiles \ --enable-library \ + --enable-pie \ + --without-zsh-completion-dir \ " +CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\"" + # bluez5 builds a large number of useful utilities but does not # install them. Specify which ones we want put into ${PN}-noinst-tools. NOINST_TOOLS_READLINE ??= "" @@ -74,18 +83,10 @@ NOINST_TOOLS = " \ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ " -do_install_append() { +do_install:append() { install -d ${D}${INIT_D_DIR} install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth - install -d ${D}${sysconfdir}/bluetooth/ - if [ -f ${S}/profiles/network/network.conf ]; then - install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ - fi - if [ -f ${S}/profiles/input/input.conf ]; then - install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ - fi - if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth fi @@ -102,22 +103,25 @@ do_install_append() { PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" -FILES_${PN} += " \ +FILES:${PN} += " \ ${libdir}/bluetooth/plugins/*.so \ ${systemd_unitdir}/ ${datadir}/dbus-1 \ ${libdir}/cups \ " -FILES_${PN}-dev += " \ +FILES:${PN}-dev += " \ ${libdir}/bluetooth/plugins/*.la \ " -FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ +FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ ${exec_prefix}/lib/systemd/user/obex.service \ + ${systemd_system_unitdir}/obex.service \ + ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ ${datadir}/dbus-1/services/org.bluez.obex.service \ + ${sysconfdir}/dbus-1/system.d/obexd.conf \ " -SYSTEMD_SERVICE_${PN}-obex = "obex.service" +SYSTEMD_SERVICE:${PN}-obex = "obex.service" -FILES_${PN}-testtools = "${libdir}/bluez/test/*" +FILES:${PN}-testtools = "${libdir}/bluez/test/*" def get_noinst_tools_paths (d, bb, tools): s = list() @@ -127,15 +131,14 @@ def get_noinst_tools_paths (d, bb, tools): s.append("%s/%s" % (bindir, f)) return "\n".join(s) -FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" +FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" -RDEPENDS_${PN}-testtools += "python3 python3-dbus python3-pygobject" +RDEPENDS:${PN}-testtools += "python3-core python3-dbus" +RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" +SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "bluetooth" - -EXCLUDE_FROM_WORLD = "1" +INITSCRIPT_NAME:${PN} = "bluetooth" do_compile_ptest() { oe_runmake buildtests @@ -145,3 +148,5 @@ do_install_ptest() { cp -r ${B}/unit/ ${D}${PTEST_PATH} rm -f ${D}${PTEST_PATH}/unit/*.o } + +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch index 2fde7bc069..618ed734a9 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch @@ -1,3 +1,4 @@ +From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> Date: Sat, 12 Oct 2013 17:45:25 +0200 Subject: [PATCH] Allow using obexd without systemd in the user session @@ -14,50 +15,42 @@ configuration. See thread: http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843 Signed-off-by: Javier Viguera <javier.viguera@digi.com> + --- - Makefile.obexd | 4 ++-- - obexd/src/org.bluez.obex.service | 4 ---- - obexd/src/org.bluez.obex.service.in | 4 ++++ - 3 files changed, 6 insertions(+), 6 deletions(-) - delete mode 100644 obexd/src/org.bluez.obex.service - create mode 100644 obexd/src/org.bluez.obex.service.in + Makefile.obexd | 4 ++-- + .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%) diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc72f2b..d5d858c857b4 100644 +index de59d29..73004a3 100644 --- a/Makefile.obexd +++ b/Makefile.obexd -@@ -2,12 +2,12 @@ +@@ -1,12 +1,12 @@ if SYSTEMD - systemduserunitdir = @SYSTEMD_USERUNITDIR@ + systemduserunitdir = $(SYSTEMD_USERUNITDIR) systemduserunit_DATA = obexd/src/obex.service +endif - dbussessionbusdir = @DBUS_SESSIONBUSDIR@ + dbussessionbusdir = $(DBUS_SESSIONBUSDIR) dbussessionbus_DATA = obexd/src/org.bluez.obex.service -endif -EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service +EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in - obex_plugindir = $(libdir)/obex/plugins + if OBEX -diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service -deleted file mode 100644 -index a53808884554..000000000000 +diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service.in +similarity index 76% +rename from obexd/src/org.bluez.obex.service +rename to obexd/src/org.bluez.obex.service.in +index a538088..9c815f2 100644 --- a/obexd/src/org.bluez.obex.service -+++ /dev/null -@@ -1,4 +0,0 @@ --[D-BUS Service] --Name=org.bluez.obex --Exec=/bin/false --SystemdService=dbus-org.bluez.obex.service -diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in -new file mode 100644 -index 000000000000..9c815f246b77 ---- /dev/null +++ b/obexd/src/org.bluez.obex.service.in -@@ -0,0 +1,4 @@ -+[D-BUS Service] -+Name=org.bluez.obex +@@ -1,4 +1,4 @@ + [D-BUS Service] + Name=org.bluez.obex +-Exec=/bin/false +Exec=@libexecdir@/obexd -+SystemdService=dbus-org.bluez.obex.service + SystemdService=dbus-org.bluez.obex.service diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch new file mode 100644 index 0000000000..b1e93dbe19 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch @@ -0,0 +1,41 @@ +From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <Mingli.Yu@windriver.com> +Date: Fri, 24 Aug 2018 12:04:03 +0800 +Subject: [PATCH] test-gatt: Fix hung issue + +The below test hangs infinitely +$ unit/test-gatt -p /robustness/unkown-request -d +/robustness/unkown-request - init +/robustness/unkown-request - setup +/robustness/unkown-request - setup complete +/robustness/unkown-request - run + GATT: < 02 17 00 ... + bt_gatt_server:MTU exchange complete, with MTU: 23 + GATT: > 03 00 02 ... + PDU: = 03 00 02 ... + GATT: < bf 00 + +Actually, the /robustness/unkown-request test does +no action. + +Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> + +--- + unit/test-gatt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unit/test-gatt.c b/unit/test-gatt.c +index 5e06d4e..4864d36 100644 +--- a/unit/test-gatt.c ++++ b/unit/test-gatt.c +@@ -4546,7 +4546,7 @@ int main(int argc, char *argv[]) + test_server, service_db_1, NULL, + raw_pdu(0x03, 0x00, 0x02), + raw_pdu(0xbf, 0x00), +- raw_pdu(0x01, 0xbf, 0x00, 0x00, 0x06)); ++ raw_pdu()); + + define_test_server("/robustness/unkown-command", + test_server, service_db_1, NULL, diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch index 24ddae6b63..881494a354 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch @@ -1,19 +1,20 @@ -From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 +From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 1 Apr 2016 17:07:34 +0300 Subject: [PATCH] tests: add a target for building tests without running them Upstream-Status: Inappropriate [oe specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 1a48a71..ba3b92f 100644 +index e738eb3..dab17dd 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -425,6 +425,9 @@ endif +@@ -710,6 +710,9 @@ endif TESTS = $(unit_tests) AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 @@ -23,6 +24,3 @@ index 1a48a71..ba3b92f 100644 if DBUS_RUN_SESSION AM_TESTS_ENVIRONMENT += dbus-run-session -- endif --- -2.8.0.rc3 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch new file mode 100644 index 0000000000..516d859069 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch @@ -0,0 +1,27 @@ +From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Mon, 12 Dec 2022 13:10:19 +0100 +Subject: [PATCH] src/shared/util.c: include linux/limits.h + +MAX_INPUT is defined in that file. This matters on non-glibc +systems such as those using musl. + +Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> + +--- + src/shared/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/util.c b/src/shared/util.c +index c0c2c4a..036dc0d 100644 +--- a/src/shared/util.c ++++ b/src/shared/util.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <dirent.h> + #include <limits.h> ++#include <linux/limits.h> + #include <string.h> + + #ifdef HAVE_SYS_RANDOM_H diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init index d7972f2d95..ca9fa18549 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/init +++ b/meta/recipes-connectivity/bluez5/bluez5/init @@ -1,5 +1,8 @@ #!/bin/sh +# Source function library +. /etc/init.d/functions + PATH=/sbin:/bin:/usr/sbin:/usr/bin DESC=bluetooth @@ -44,14 +47,7 @@ case $1 in $0 start ;; status) - pidof ${DAEMON} >/dev/null - status=$? - if [ $status -eq 0 ]; then - echo "bluetooth is running." - else - echo "bluetooth is not running" - fi - exit $status + status ${DAEMON} || exit $? ;; *) N=/etc/init.d/bluetooth diff --git a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch deleted file mode 100644 index 3ee79d7047..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Fri, 22 Apr 2016 15:40:37 +0100 -Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation - -In parallel out-of-tree builds it's possible that obexd/src/builtin.h is -generated before the target directory has been implicitly created. Solve this by -creating the directory before writing into it. - -Upstream-Status: Submitted -Signed-off-by: Ross Burton <ross.burton@intel.com> ---- - Makefile.obexd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.obexd b/Makefile.obexd -index 2e33cbc..c8286f0 100644 ---- a/Makefile.obexd -+++ b/Makefile.obexd -@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h - obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources) -+ $(AM_V_at)$(MKDIR_P) $(dir $@) - $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@ --- -2.8.0.rc3 - diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest index 21df00c327..0335e68e48 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ b/meta/recipes-connectivity/bluez5/bluez5/run-ptest @@ -6,7 +6,7 @@ failed=0 all=0 for f in test-*; do - "./$f" + "./$f" -q case "$?" in 0) echo "PASS: $f" diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.47.bb b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb index 49666f226c..9fda960ea7 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.47.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb @@ -1,9 +1,8 @@ require bluez5.inc -REQUIRED_DISTRO_FEATURES = "bluez5" +SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e" -SRC_URI[md5sum] = "783e15f65e70cdb8f721c659e140dd56" -SRC_URI[sha256sum] = "cf75bf7cd5d564f21cc4a2bd01d5c39ce425397335fd47d9bbe43af0a58342c8" +CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" # noinst programs in Makefile.tools that are conditional on READLINE # support @@ -66,4 +65,5 @@ NOINST_TOOLS_BT ?= " \ tools/check-selftest \ tools/gatt-service \ profiles/iap/iapd \ + ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \ " diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb index 9a519ec866..a1a0e08faa 100644 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ b/meta/recipes-connectivity/connman/connman-conf.bb @@ -1,36 +1,21 @@ -SUMMARY = "Connman config to setup wired interface on qemu machines" -DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ -network interface for a qemu machine." -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +SUMMARY = "Connman config to ignore wired interface on qemu machines" +DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ +network interface inside qemu machines." +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" -inherit systemd -SRC_URI_append_qemuall = " file://wired.config \ - file://wired-setup \ - file://wired-connection.service \ -" -PR = "r2" +SRC_URI = "file://main.conf \ + " S = "${WORKDIR}" PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} = "${localstatedir}/* ${datadir}/*" +FILES:${PN} = "${sysconfdir}/*" -do_install() { - #Configure Wired network interface in case of qemu* machines - if test -e ${WORKDIR}/wired.config && - test -e ${WORKDIR}/wired-setup && - test -e ${WORKDIR}/wired-connection.service; then - install -d ${D}${localstatedir}/lib/connman - install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman - install -d ${D}${datadir}/connman - install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir} - sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service - fi +# Kernel IP-Config is perfectly capable of setting up networking passed in via ip= +do_install:append:qemuall() { + mkdir -p ${D}${sysconfdir}/connman + cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf } - -SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf new file mode 100644 index 0000000000..3c9dd396f6 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman-conf/main.conf @@ -0,0 +1,2 @@ +[General] +NetworkInterfaceBlacklist = eth,en diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service deleted file mode 100644 index 48adfc08ac..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Setup a wired interface -Before=connman.service - -[Service] -Type=oneshot -ExecStart=@SCRIPTDIR@/wired-setup - -[Install] -WantedBy=network.target diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup deleted file mode 100644 index c46899ef32..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -CONFIGF=/var/lib/connman/wired.config - -# Extract wired network config from /proc/cmdline -NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'` - -# Check if eth0 is already set via kernel cmdline -if [ "x$NET_CONF" = "x" ]; then - # Wired interface is not configured via kernel cmdline - # Remove connman config file template - rm -f ${CONFIGF} -else - # Setup a connman config accordingly - sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF} -fi diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config deleted file mode 100644 index 42998ce897..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config +++ /dev/null @@ -1,9 +0,0 @@ -[global] -Name = Wired -Description = Wired network configuration - -[service_ethernet] -Type = ethernet -IPv4 = -MAC = 52:54:00:12:34:56 -Nameservers = 8.8.8.8 diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index a56bd3751f..fcd154b4b0 100644 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -1,7 +1,7 @@ SUMMARY = "GTK+ frontend for the ConnMan network connection manager" HOMEPAGE = "http://connman.net/" SECTION = "libs/network" -LICENSE = "GPLv2 & LGPLv2.1" +LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" @@ -10,21 +10,21 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" # 0.7 tag SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git \ +SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ file://null_check_for_ipv4_config.patch \ - file://images/* \ + file://images/ \ file://connman-gnome-fix-dbus-interface-name.patch \ file://0001-Port-to-Gtk3.patch \ " S = "${WORKDIR}/git" -inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check +inherit autotools-brokensep gtk-icon-cache pkgconfig features_check ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -RDEPENDS_${PN} = "connman" +RDEPENDS:${PN} = "connman" -do_install_append() { +do_install:append() { install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ } diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index 6c8f405a8a..7487ca0d0c 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc @@ -9,15 +9,15 @@ configuration methods, like DHCP and domain name resolving, are \ implemented using plug-ins." HOMEPAGE = "http://connman.net/" BUGTRACKER = "https://01.org/jira/browse/CM" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" -inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives +inherit autotools pkgconfig systemd update-rc.d update-alternatives -DEPENDS = "dbus glib-2.0 ppp readline" +CVE_PRODUCT = "connman connection_manager" -INC_PR = "r20" +DEPENDS = "dbus glib-2.0 ppp" EXTRA_OECONF += "\ ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ @@ -27,23 +27,29 @@ EXTRA_OECONF += "\ --enable-ethernet \ --enable-tools \ --disable-polkit \ - --enable-client \ + --runstatedir=/run \ " +# For smooth operation it would be best to start only one wireless daemon at a time. +# If wpa-supplicant is running, connman will use it preferentially. +# Select either wpa-supplicant or iwd +WIRELESS_DAEMON ??= "wpa-supplicant" -PACKAGECONFIG ??= "wispr \ - ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ +PACKAGECONFIG ??= "wispr iptables client\ + ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - iptables \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \ " # If you want ConnMan to support VPN, add following statement into # local.conf or distro config -# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" +# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" -PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" -PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" +PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi" +PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" +PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant" +PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd" PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" @@ -51,30 +57,33 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux" # WISPr support for logging into hotspots, requires TLS PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," -PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat" +PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat" PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables" +PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" +PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" +PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl" INITSCRIPT_NAME = "connman" INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." python __anonymous () { - systemd_packages = "${PN}" + systemd_packages = "${PN} ${PN}-wait-online" pkgconfig = d.getVar('PACKAGECONFIG') if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split(): systemd_packages += " ${PN}-vpn" d.setVar('SYSTEMD_PACKAGES', systemd_packages) } -SYSTEMD_SERVICE_${PN} = "connman.service" -SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" -SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" +SYSTEMD_SERVICE:${PN} = "connman.service" +SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" +SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" +ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman @@ -86,7 +95,6 @@ do_install_append() { if [ -e ${B}/tools/wispr ]; then install -m 0755 ${B}/tools/wispr ${D}${bindir} fi - install -m 0755 ${B}/client/connmanctl ${D}${bindir} # We don't need to package an empty directory rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts @@ -97,15 +105,12 @@ do_install_append() { # For read-only filesystem, do not create links during bootup if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - if ${@bb.utils.contains('IMAGE_FEATURES','read-only-rootfs','true','false',d)}; then - echo "d /var/run/connman - - - -" > ${D}${sysconfdir}/tmpfiles.d/connman_resolvconf.conf - fi ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman fi } # These used to be plugins, but now they are core -RPROVIDES_${PN} = "\ +RPROVIDES:${PN} = "\ connman-plugin-loopback \ connman-plugin-ethernet \ ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ @@ -113,7 +118,7 @@ RPROVIDES_${PN} = "\ ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ " -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ dbus \ " @@ -124,11 +129,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): if plugintype in depmap: rdepends = map(lambda x: multilib_prefix + x, \ depmap[plugintype].split()) - d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) + d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) if add_insane_skip: - d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") + d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") -python populate_packages_prepend() { +python populate_packages:prepend() { depmap = dict(pppd="ppp") multilib_prefix = (d.getVar("MLPREFIX") or "") @@ -136,84 +141,85 @@ python populate_packages_prepend() { add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False) plugin_dir = d.expand('${libdir}/connman/plugins/') plugin_name = d.expand('${PN}-plugin-%s') - do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True ) hook = lambda file,pkg,x,y,z: \ add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True) plugin_dir = d.expand('${libdir}/connman/plugins-vpn/') plugin_name = d.expand('${PN}-plugin-vpn-%s') - do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \ + do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True ) } PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" -FILES_${PN}-tools = "${bindir}/wispr" -RDEPENDS_${PN}-tools ="${PN}" +FILES:${PN}-tools = "${bindir}/wispr" +RDEPENDS:${PN}-tools ="${PN}" -FILES_${PN}-tests = "${bindir}/*-test" +FILES:${PN}-tests = "${bindir}/*-test" -FILES_${PN}-client = "${bindir}/connmanctl" -RDEPENDS_${PN}-client ="${PN}" +FILES:${PN}-client = "${bindir}/connmanctl" +RDEPENDS:${PN}-client ="${PN}" -FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ +FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ ${libdir}/connman/plugins \ - ${sysconfdir} ${sharedstatedir} ${localstatedir} \ + ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ ${datadir}/dbus-1/system-services/* \ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" -FILES_${PN}-dev += "${libdir}/connman/*/*.la" +FILES:${PN}-dev += "${libdir}/connman/*/*.la" PACKAGES =+ "${PN}-vpn ${PN}-wait-online" -SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" -DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ +SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" +DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ managing VPN connections within embedded devices running the Linux \ operating system. The connman-vpnd handles all the VPN connections \ and starts/stops VPN client processes when necessary. The connman-vpnd \ provides a DBus API for managing VPN connections. All the different \ VPN technogies are implemented using plug-ins." -FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ +FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ ${datadir}/dbus-1/system-services/net.connman.vpn.service \ - ${systemd_unitdir}/system/connman-vpn.service" + ${systemd_system_unitdir}/connman-vpn.service" -SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" -DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ +SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" +DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ the system waits until a network connection is established." -FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ - ${systemd_unitdir}/system/connman-wait-online.service" +FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ + ${systemd_system_unitdir}/connman-wait-online.service" -SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ +SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ to create a VPN connection to OpenVPN server." -FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ +FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ ${libdir}/connman/plugins-vpn/openvpn.so" -RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" +RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" -SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ +SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ to create a VPN connection to Cisco3000 VPN Concentrator." -FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ - ${libdir}/connman/plugins-vpn/vpnc.so" -RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" - -SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ +FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ + ${libdir}/connman/plugins-vpn/vpnc.so \ + ${libdir}/connman/scripts/vpn-script" +RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" + +SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ to create a VPN connection to L2TP server." -FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/l2tp.so" -RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" -SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ +SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ to create a VPN connection to PPTP server." -FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/pptp.so" -RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch new file mode 100644 index 0000000000..8012606db7 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch @@ -0,0 +1,55 @@ +From cbba6638986c2de763981bf6fc59df6a86fed44f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 1 Jan 2024 17:42:21 -0800 +Subject: [PATCH v2] src/log.c: Include libgen.h for basename API + +Use POSIX version of basename. This comes to front with latest musl +which dropped the declaration from string.h [1] it fails to build with +clang-17+ because it treats implicit function declaration as error. + +Fix it by applying the basename on a copy of string since posix version +may modify the input string. + +[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 + +Upstream-Status: Submitted [https://lore.kernel.org/connman/20240102015917.3732089-1-raj.khem@gmail.com/T/#u] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + + src/log.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/log.c b/src/log.c +index 554b046..2df3af7 100644 +--- a/src/log.c ++++ b/src/log.c +@@ -24,6 +24,7 @@ + #endif + + #include <stdio.h> ++#include <libgen.h> + #include <unistd.h> + #include <stdarg.h> + #include <stdlib.h> +@@ -196,6 +197,7 @@ int __connman_log_init(const char *program, const char *debug, + const char *program_name, const char *program_version) + { + static char path[PATH_MAX]; ++ char* tmp = strdup(program); + int option = LOG_NDELAY | LOG_PID; + + program_exec = program; +@@ -212,8 +214,8 @@ int __connman_log_init(const char *program, const char *debug, + if (backtrace) + signal_setup(signal_handler); + +- openlog(basename(program), option, LOG_DAEMON); +- ++ openlog(basename(tmp), option, LOG_DAEMON); ++ free(tmp); + syslog(LOG_INFO, "%s version %s", program_name, program_version); + + return 0; +-- +2.43.0 + diff --git a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch new file mode 100644 index 0000000000..9e5ac8da15 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch @@ -0,0 +1,152 @@ +From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> +Date: Sat, 25 Mar 2023 20:51:52 +0000 +Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release + +The API has gone through a significant overhaul, and this change fixes any compile issues. +1) Fixes to configure.ac itself +2) Cleanup in pppd plugin itself + +Adding a libppp-compat.h file to mask for any differences in the version. + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> + +--- + scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 127 insertions(+) + create mode 100644 scripts/libppp-compat.h + +diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h +new file mode 100644 +index 0000000..eee1d09 +--- /dev/null ++++ b/scripts/libppp-compat.h +@@ -0,0 +1,127 @@ ++/* Copyright (C) Eivind Naess, eivnaes@yahoo.com */ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++ ++#ifndef __LIBPPP_COMPAT_H__ ++#define __LIBPPP_COMPAT_H__ ++ ++/* Define USE_EAPTLS compile with EAP TLS support against older pppd headers, ++ * pppd >= 2.5.0 use PPP_WITH_EAPTLS and is defined in pppdconf.h */ ++#define USE_EAPTLS 1 ++ ++/* Define INET6 to compile with IPv6 support against older pppd headers, ++ * pppd >= 2.5.0 use PPP_WITH_IPV6CP and is defined in pppdconf.h */ ++#define INET6 1 ++ ++/* PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. ++ * this silly macro magic is to work around that. */ ++#undef VERSION ++#include <pppd/pppd.h> ++ ++#ifndef PPPD_VERSION ++#define PPPD_VERSION VERSION ++#endif ++ ++#include <pppd/fsm.h> ++#include <pppd/ccp.h> ++#include <pppd/eui64.h> ++#include <pppd/ipcp.h> ++#include <pppd/ipv6cp.h> ++#include <pppd/eap.h> ++#include <pppd/upap.h> ++ ++#ifdef HAVE_PPPD_CHAP_H ++#include <pppd/chap.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_NEW_H ++#include <pppd/chap-new.h> ++#endif ++ ++#ifdef HAVE_PPPD_CHAP_MS_H ++#include <pppd/chap_ms.h> ++#endif ++ ++#ifndef PPP_PROTO_CHAP ++#define PPP_PROTO_CHAP 0xc223 ++#endif ++ ++#ifndef PPP_PROTO_EAP ++#define PPP_PROTO_EAP 0xc227 ++#endif ++ ++ ++#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) ++ ++static inline bool ++debug_on (void) ++{ ++ return debug; ++} ++ ++static inline const char ++*ppp_ipparam (void) ++{ ++ return ipparam; ++} ++ ++static inline int ++ppp_ifunit (void) ++{ ++ return ifunit; ++} ++ ++static inline const char * ++ppp_ifname (void) ++{ ++ return ifname; ++} ++ ++static inline int ++ppp_get_mtu (int idx) ++{ ++ return netif_get_mtu(idx); ++} ++ ++typedef enum ppp_notify ++{ ++ NF_PID_CHANGE, ++ NF_PHASE_CHANGE, ++ NF_EXIT, ++ NF_SIGNALED, ++ NF_IP_UP, ++ NF_IP_DOWN, ++ NF_IPV6_UP, ++ NF_IPV6_DOWN, ++ NF_AUTH_UP, ++ NF_LINK_DOWN, ++ NF_FORK, ++ NF_MAX_NOTIFY ++} ppp_notify_t; ++ ++typedef void (ppp_notify_fn) (void *ctx, int arg); ++ ++static inline void ++ppp_add_notify (ppp_notify_t type, ppp_notify_fn *func, void *ctx) ++{ ++ struct notifier **list[NF_MAX_NOTIFY] = { ++ [NF_PID_CHANGE ] = &pidchange, ++ [NF_PHASE_CHANGE] = &phasechange, ++ [NF_EXIT ] = &exitnotify, ++ [NF_SIGNALED ] = &sigreceived, ++ [NF_IP_UP ] = &ip_up_notifier, ++ [NF_IP_DOWN ] = &ip_down_notifier, ++ [NF_IPV6_UP ] = &ipv6_up_notifier, ++ [NF_IPV6_DOWN ] = &ipv6_down_notifier, ++ [NF_AUTH_UP ] = &auth_up_notifier, ++ [NF_LINK_DOWN ] = &link_down_notifier, ++ [NF_FORK ] = &fork_notifier, ++ }; ++ ++ struct notifier **notify = list[type]; ++ if (notify) { ++ add_notifier(notify, func, ctx); ++ } ++} ++ ++#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */ ++#endif /* #if__LIBPPP_COMPAT_H__ */ diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 0593427710..9e2cc34995 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,77 +1,88 @@ -From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001 +From 60783f0d885c9a0db8b6f1d528786321e53f1512 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 -Subject: [PATCH 2/3] resolve: musl does not implement res_ninit +Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to + __RES -ported from +Not all libc implementation have those functions, and the way to determine +if they do is to check __RES which is explained in resolv.h thusly: + +/* + * Revision information. This is the release date in YYYYMMDD format. + * It can change every day so the right thing to do with it is use it + * in preprocessor commands such as "#if (__RES > 19931104)". Do not + * compare for equality; rather, use it to determine whether your resolver + * is new enough to contain a certain feature. + */ + +Indeed, it needs to be at least 19991006. + +The portion of the patch that implements a fallback is ported from +Alpine Linux: http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch -Upstream-Status: Pending +Upstream-Status: Submitted [to connman@lists.linux.dev,marcel@holtmann.org] Signed-off-by: Khem Raj <raj.khem@gmail.com> --- - gweb/gresolv.c | 33 ++++++++++++--------------------- - 1 file changed, 12 insertions(+), 21 deletions(-) + gweb/gresolv.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 5cf7a9a..3ad8e70 100644 +index 8101d71..9f1477c 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c -@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index) +@@ -879,7 +879,9 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; -- res_ninit(&resolv->res); -- ++#if (__RES >= 19991006) + res_ninit(&resolv->res); ++#endif + return resolv; } - -@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -920,7 +922,9 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); -- res_nclose(&resolv->res); -- ++#if (__RES >= 19991006) + res_nclose(&resolv->res); ++#endif + g_free(resolv); } - -@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1024,6 +1028,7 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { -- int i; -- -- for (i = 0; i < resolv->res.nscount; i++) { -- char buf[100]; -- int family = resolv->res.nsaddr_list[i].sin_family; -- void *sa_addr = &resolv->res.nsaddr_list[i].sin_addr; -- -- if (family != AF_INET && -- resolv->res._u._ext.nsaddrs[i]) { -- family = AF_INET6; -- sa_addr = &resolv->res._u._ext.nsaddrs[i]->sin6_addr; -+ FILE *f = fopen("/etc/resolv.conf", "r"); -+ if (f) { -+ char line[256], *s; -+ int i; -+ while (fgets(line, sizeof(line), f)) { -+ if (strncmp(line, "nameserver", 10) || !isspace(line[10])) -+ continue; -+ for (s = &line[11]; isspace(s[0]); s++); -+ for (i = 0; s[i] && !isspace(s[i]); i++); -+ s[i] = 0; -+ g_resolv_add_nameserver(resolv, s, 53, 0); - } -- -- if (family != AF_INET && family != AF_INET6) -- continue; -- -- if (inet_ntop(family, sa_addr, buf, sizeof(buf))) -- g_resolv_add_nameserver(resolv, buf, 53, 0); -+ fclose(f); ++#if (__RES >= 19991006) + int i; + + for (i = 0; i < resolv->res.nscount; i++) { +@@ -1043,6 +1048,22 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, + if (inet_ntop(family, sa_addr, buf, sizeof(buf))) + g_resolv_add_nameserver(resolv, buf, 53, 0); } ++#else ++ FILE *f = fopen("/etc/resolv.conf", "r"); ++ if (f) { ++ char line[256], *s; ++ int i; ++ while (fgets(line, sizeof(line), f)) { ++ if (strncmp(line, "nameserver", 10) || !isspace(line[10])) ++ continue; ++ for (s = &line[11]; isspace(s[0]); s++); ++ for (i = 0; s[i] && !isspace(s[i]); i++); ++ s[i] = 0; ++ g_resolv_add_nameserver(resolv, s, 53, 0); ++ } ++ fclose(f); ++ } ++#endif if (!resolv->nameserver_list) + g_resolv_add_nameserver(resolv, "127.0.0.1", 53, 0); -- -2.5.1 +2.39.2 diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman index c64fa0d715..a021fd4655 100644 --- a/meta/recipes-connectivity/connman/connman/connman +++ b/meta/recipes-connectivity/connman/connman/connman @@ -10,49 +10,11 @@ fi set -e -nfsroot=0 - -exec 9<&0 < /proc/mounts -while read dev mtpt fstype rest; do - if test $mtpt = "/" ; then - case $fstype in - nfs | nfs4) - nfsroot=1 - break - ;; - *) - ;; - esac - fi -done - do_start() { - EXTRA_PARAM="" - if test $nfsroot -eq 1 ; then - NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'` - NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'` - - if [ ! -z "$NET_ADDR" ]; then - if [ "$NET_ADDR" = dhcp ]; then - ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"` - if [ ! -z "$ethn" ]; then - EXTRA_PARAM="-I $ethn" - fi - else - for i in $NET_DEVS; do - ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'` - if [ "$NET_ADDR" = "$ADDR" ]; then - EXTRA_PARAM="-I $i" - break - fi - done - fi - fi - fi if [ -f @DATADIR@/connman/wired-setup ] ; then . @DATADIR@/connman/wired-setup fi - $DAEMON $EXTRA_PARAM + $DAEMON } do_stop() { diff --git a/meta/recipes-connectivity/connman/connman/includes.patch b/meta/recipes-connectivity/connman/connman/includes.patch deleted file mode 100644 index 55cb187931..0000000000 --- a/meta/recipes-connectivity/connman/connman/includes.patch +++ /dev/null @@ -1,423 +0,0 @@ -Fix various issues which cause problems under musl. - -Upstream-Status: Submitted -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 9 Aug 2016 16:22:36 +0100 -Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS - -Instead of using #define _GNU_SOURCE in some source files which causes problems -when building with musl as more files need the define, simply use -AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally. ---- - configure.ac | 1 + - gdhcp/client.c | 1 - - plugins/tist.c | 1 - - src/backtrace.c | 1 - - src/inet.c | 1 - - src/log.c | 1 - - src/ntp.c | 1 - - src/resolver.c | 1 - - src/rfkill.c | 1 - - src/stats.c | 1 - - src/timezone.c | 1 - - tools/stats-tool.c | 1 - - tools/tap-test.c | 1 - - tools/wispr.c | 1 - - vpn/plugins/vpn.c | 1 - - 15 files changed, 1 insertion(+), 14 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 6e66ab3..bacf5ec 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir) - AC_SUBST(abs_top_builddir) - - AC_LANG_C -+AC_USE_SYSTEM_EXTENSIONS - - AC_PROG_CC - AM_PROG_CC_C_O -diff --git a/gdhcp/client.c b/gdhcp/client.c -index fbb40ab..3aeb089 100644 ---- a/gdhcp/client.c -+++ b/gdhcp/client.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <errno.h> - #include <unistd.h> -diff --git a/plugins/tist.c b/plugins/tist.c -index ad5ef79..cc2800a 100644 ---- a/plugins/tist.c -+++ b/plugins/tist.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <stdbool.h> - #include <stdlib.h> -diff --git a/src/backtrace.c b/src/backtrace.c -index 6a66c0a..4dbdda8 100644 ---- a/src/backtrace.c -+++ b/src/backtrace.c -@@ -24,7 +24,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <unistd.h> - #include <stdlib.h> -diff --git a/src/inet.c b/src/inet.c -index 69ded19..81d92c2 100644 ---- a/src/inet.c -+++ b/src/inet.c -@@ -25,7 +25,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <errno.h> - #include <unistd.h> -diff --git a/src/log.c b/src/log.c -index 9bae4a3..f7e82e5 100644 ---- a/src/log.c -+++ b/src/log.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <unistd.h> - #include <stdarg.h> -diff --git a/src/ntp.c b/src/ntp.c -index dd246eb..db8ae96 100644 ---- a/src/ntp.c -+++ b/src/ntp.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <errno.h> - #include <fcntl.h> - #include <unistd.h> -diff --git a/src/resolver.c b/src/resolver.c -index fbe4be7..ef61f92 100644 ---- a/src/resolver.c -+++ b/src/resolver.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <errno.h> - #include <fcntl.h> -diff --git a/src/rfkill.c b/src/rfkill.c -index 2bfb092..af49d12 100644 ---- a/src/rfkill.c -+++ b/src/rfkill.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <errno.h> - #include <fcntl.h> -diff --git a/src/stats.c b/src/stats.c -index 26343b1..cfcdc94 100644 ---- a/src/stats.c -+++ b/src/stats.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <errno.h> - #include <sys/mman.h> - #include <sys/types.h> -diff --git a/src/timezone.c b/src/timezone.c -index e346b11..8e91267 100644 ---- a/src/timezone.c -+++ b/src/timezone.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <errno.h> - #include <stdio.h> - #include <fcntl.h> -diff --git a/tools/stats-tool.c b/tools/stats-tool.c -index b076478..428d94b 100644 ---- a/tools/stats-tool.c -+++ b/tools/stats-tool.c -@@ -22,7 +22,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <sys/mman.h> - #include <sys/types.h> - #include <sys/stat.h> -diff --git a/tools/tap-test.c b/tools/tap-test.c -index fdc098a..57917f5 100644 ---- a/tools/tap-test.c -+++ b/tools/tap-test.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <errno.h> - #include <fcntl.h> -diff --git a/tools/wispr.c b/tools/wispr.c -index d5f9341..e56dfc1 100644 ---- a/tools/wispr.c -+++ b/tools/wispr.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <stdio.h> - #include <fcntl.h> - #include <unistd.h> -diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c -index 9a42385..479c3a7 100644 ---- a/vpn/plugins/vpn.c -+++ b/vpn/plugins/vpn.c -@@ -23,7 +23,6 @@ - #include <config.h> - #endif - --#define _GNU_SOURCE - #include <string.h> - #include <fcntl.h> - #include <unistd.h> --- -2.8.1 - - -From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 9 Aug 2016 15:37:50 +0100 -Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly - -Instead of assuming that just glibc has this structure, check for it at -configure as musl also has it. - -Based on work by Khem Raj <raj.khem@gmail.com>. ---- - configure.ac | 2 ++ - gdhcp/common.h | 5 +++-- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index bacf5ec..ad00456 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [ - AC_CHECK_HEADERS([execinfo.h]) - AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"]) - -+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]]) -+ - AC_CHECK_FUNC(signalfd, dummy=yes, - AC_MSG_ERROR(signalfd support is required)) - -diff --git a/gdhcp/common.h b/gdhcp/common.h -index 75abc18..6899499 100644 ---- a/gdhcp/common.h -+++ b/gdhcp/common.h -@@ -19,6 +19,7 @@ - * - */ - -+#include <config.h> - #include <netinet/udp.h> - #include <netinet/ip.h> - -@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = { - [OPTION_U32] = 4, - }; - --/* already defined within netinet/in.h if using GNU compiler */ --#ifndef __USE_GNU -+/* already defined within netinet/in.h if using glibc or musl */ -+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR - struct in6_pktinfo { - struct in6_addr ipi6_addr; /* src/dst IPv6 address */ - unsigned int ipi6_ifindex; /* send/recv interface index */ --- -2.8.1 - - -From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 9 Aug 2016 15:19:23 +0100 -Subject: [PATCH 3/3] Rationalise includes - -gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and -ctype.h. - -tools/dnsproxy-test uses functions from stdio.h. - -musl warns when sys/ headers are included when the non-sys form should be used, -so switch sys/errno.h and so on to errno.h. - -musl also causes redefinition errors when pieces of the networking headers are -included, so remove the redundant includes. - -Based on work by Khem Raj <raj.khem@gmail.com>. ---- - gweb/gresolv.c | 2 ++ - plugins/wifi.c | 3 +-- - src/ippool.c | 1 - - src/iptables.c | 2 +- - src/tethering.c | 2 -- - tools/dhcp-test.c | 1 - - tools/dnsproxy-test.c | 1 + - tools/private-network-test.c | 2 +- - tools/tap-test.c | 2 +- - 9 files changed, 7 insertions(+), 9 deletions(-) - -diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 8a51a9f..d55027c 100644 ---- a/gweb/gresolv.c -+++ b/gweb/gresolv.c -@@ -23,11 +23,13 @@ - #include <config.h> - #endif - -+#include <ctype.h> - #include <errno.h> - #include <unistd.h> - #include <stdarg.h> - #include <string.h> - #include <stdlib.h> -+#include <stdio.h> - #include <resolv.h> - #include <sys/types.h> - #include <sys/socket.h> -diff --git a/plugins/wifi.c b/plugins/wifi.c -index 9d56671..148131d 100644 ---- a/plugins/wifi.c -+++ b/plugins/wifi.c -@@ -30,9 +30,8 @@ - #include <string.h> - #include <sys/ioctl.h> - #include <sys/socket.h> --#include <linux/if_arp.h> --#include <linux/wireless.h> - #include <net/ethernet.h> -+#include <linux/wireless.h> - - #ifndef IFF_LOWER_UP - #define IFF_LOWER_UP 0x10000 -diff --git a/src/ippool.c b/src/ippool.c -index cea1dcc..8a645da 100644 ---- a/src/ippool.c -+++ b/src/ippool.c -@@ -28,7 +28,6 @@ - #include <stdio.h> - #include <string.h> - #include <unistd.h> --#include <sys/errno.h> - #include <sys/socket.h> - - #include "connman.h" -diff --git a/src/iptables.c b/src/iptables.c -index 5ef757a..82e3ac4 100644 ---- a/src/iptables.c -+++ b/src/iptables.c -@@ -28,7 +28,7 @@ - #include <stdio.h> - #include <string.h> - #include <unistd.h> --#include <sys/errno.h> -+#include <errno.h> - #include <sys/socket.h> - #include <xtables.h> - #include <inttypes.h> -diff --git a/src/tethering.c b/src/tethering.c -index 3153349..ad062d5 100644 ---- a/src/tethering.c -+++ b/src/tethering.c -@@ -31,10 +31,8 @@ - #include <stdio.h> - #include <sys/ioctl.h> - #include <net/if.h> --#include <linux/sockios.h> - #include <string.h> - #include <fcntl.h> --#include <linux/if_tun.h> - #include <netinet/in.h> - #include <linux/if_bridge.h> - -diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c -index c34e10a..eae66fc 100644 ---- a/tools/dhcp-test.c -+++ b/tools/dhcp-test.c -@@ -33,7 +33,6 @@ - #include <arpa/inet.h> - #include <net/route.h> - #include <net/ethernet.h> --#include <linux/if_arp.h> - - #include <gdhcp/gdhcp.h> - -diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c -index 551cae9..371e2e2 100644 ---- a/tools/dnsproxy-test.c -+++ b/tools/dnsproxy-test.c -@@ -24,6 +24,7 @@ - #endif - - #include <errno.h> -+#include <stdio.h> - #include <stdlib.h> - #include <string.h> - #include <unistd.h> -diff --git a/tools/private-network-test.c b/tools/private-network-test.c -index 3dd115b..2828bb3 100644 ---- a/tools/private-network-test.c -+++ b/tools/private-network-test.c -@@ -32,7 +32,7 @@ - #include <stdlib.h> - #include <string.h> - #include <signal.h> --#include <sys/poll.h> -+#include <poll.h> - #include <sys/signalfd.h> - #include <unistd.h> - -diff --git a/tools/tap-test.c b/tools/tap-test.c -index 57917f5..cb3ee62 100644 ---- a/tools/tap-test.c -+++ b/tools/tap-test.c -@@ -28,7 +28,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <string.h> --#include <sys/poll.h> -+#include <poll.h> - #include <sys/ioctl.h> - - #include <netinet/in.h> --- -2.8.1 diff --git a/meta/recipes-connectivity/connman/connman_1.35.bb b/meta/recipes-connectivity/connman/connman_1.35.bb deleted file mode 100644 index 950946fe76..0000000000 --- a/meta/recipes-connectivity/connman/connman_1.35.bb +++ /dev/null @@ -1,16 +0,0 @@ -require connman.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ - file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ - file://connman \ - file://no-version-scripts.patch \ - file://includes.patch \ - " -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - " - -SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652" -SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa" - -RRECOMMENDS_${PN} = "connman-conf" diff --git a/meta/recipes-connectivity/connman/connman_1.42.bb b/meta/recipes-connectivity/connman/connman_1.42.bb new file mode 100644 index 0000000000..5c60b9cb83 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman_1.42.bb @@ -0,0 +1,17 @@ +require connman.inc + +SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ + file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ + file://connman \ + file://no-version-scripts.patch \ + file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \ + file://0001-src-log.c-Include-libgen.h-for-basename-API.patch \ + file://0002-resolve-musl-does-not-implement-res_ninit.patch \ + " + + +SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa" + +RRECOMMENDS:${PN} = "connman-conf" +RCONFLICTS:${PN} = "networkmanager" diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc deleted file mode 100644 index e94370786a..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp.inc +++ /dev/null @@ -1,143 +0,0 @@ -SECTION = "console/network" -SUMMARY = "Internet Software Consortium DHCP package" -DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \ -which allows individual devices on an IP network to get their own \ -network configuration information from a server. DHCP helps make it \ -easier to administer devices." - -HOMEPAGE = "http://www.isc.org/" - -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753" - -DEPENDS = "openssl bind" - -SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ - file://init-relay file://default-relay \ - file://init-server file://default-server \ - file://dhclient.conf file://dhcpd.conf \ - file://dhclient-systemd-wrapper \ - file://dhclient.service \ - file://dhcpd.service file://dhcrelay.service \ - file://dhcpd6.service \ - " -UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/" -UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/" - -inherit autotools systemd useradd update-rc.d - -USERADD_PACKAGES = "${PN}-server" -USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}" - -SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client" -SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service" -SYSTEMD_AUTO_ENABLE_${PN}-server = "disable" - -SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service" -SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable" - -SYSTEMD_SERVICE_${PN}-client = "dhclient.service" -SYSTEMD_AUTO_ENABLE_${PN}-client = "disable" - -INITSCRIPT_PACKAGES = "dhcp-server" -INITSCRIPT_NAME_dhcp-server = "dhcp-server" -INITSCRIPT_PARAMS_dhcp-server = "defaults" - -TARGET_CFLAGS += "-D_GNU_SOURCE" -EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \ - --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \ - --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \ - --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \ - --with-libbind=${STAGING_LIBDIR}/ \ - --enable-paranoia --disable-static \ - --with-randomdev=/dev/random \ - " - -do_install_append () { - install -d ${D}${sysconfdir}/init.d - install -d ${D}${sysconfdir}/default - install -d ${D}${sysconfdir}/dhcp - install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay - install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay - install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server - install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server - - rm -f ${D}${sysconfdir}/dhclient.conf* - rm -f ${D}${sysconfdir}/dhcpd.conf* - install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf - install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf - - install -d ${D}${base_sbindir}/ - if [ "${sbindir}" != "${base_sbindir}" ]; then - mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/ - fi - install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script - - # Install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service - - install -d ${D}${base_sbindir} - install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper - install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service - sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service -} - -PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell" - -PACKAGES_remove = "${PN}" -RDEPENDS_${PN}-dev = "" -RDEPENDS_${PN}-staticdev = "" - -FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0*" - -FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server" -RRECOMMENDS_${PN}-server = "dhcp-server-config" - -FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf" - -FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay" - -FILES_${PN}-client = "${base_sbindir}/dhclient \ - ${base_sbindir}/dhclient-script \ - ${sysconfdir}/dhcp/dhclient.conf \ - ${base_sbindir}/dhclient-systemd-wrapper \ - " - -FILES_${PN}-omshell = "${bindir}/omshell" - -pkg_postinst_dhcp-server() { - mkdir -p $D/${localstatedir}/lib/dhcp - touch $D/${localstatedir}/lib/dhcp/dhcpd.leases - touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases -} - -pkg_postinst_dhcp-client() { - mkdir -p $D/${localstatedir}/lib/dhcp -} - -pkg_postrm_dhcp-server() { - rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases - rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases - - if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then - echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." - fi -} - -pkg_postrm_dhcp-client() { - rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases - rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases - - if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then - echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty." - fi -} diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch deleted file mode 100644 index e5b3cf9bc5..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 16:14:22 +0800 -Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF - -Upstream-Status: Inappropriate [OE specific] - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - includes/site.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/includes/site.h b/includes/site.h -index b2f7fd7..280fbb9 100644 ---- a/includes/site.h -+++ b/includes/site.h -@@ -149,7 +149,8 @@ - /* Define this if you want the dhcpd.conf file to go somewhere other than - the default location. By default, it goes in /etc/dhcpd.conf. */ - --/* #define _PATH_DHCPD_CONF "/etc/dhcpd.conf" */ -+#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf" -+#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf" - - /* Network API definitions. You do not need to choose one of these - if - you don't choose, one will be chosen for you in your system's config --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch deleted file mode 100644 index 6459dc0090..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch +++ /dev/null @@ -1,117 +0,0 @@ -From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 14:56:56 +0800 -Subject: [PATCH 02/11] dhclient dbus - -upstream-Status: Inappropriate [distribution] - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/bsdos | 5 +++++ - client/scripts/freebsd | 5 +++++ - client/scripts/linux | 5 +++++ - client/scripts/netbsd | 5 +++++ - client/scripts/openbsd | 5 +++++ - client/scripts/solaris | 5 +++++ - 6 files changed, 30 insertions(+) - -diff --git a/client/scripts/bsdos b/client/scripts/bsdos -index d69d0d8..095b143 100755 ---- a/client/scripts/bsdos -+++ b/client/scripts/bsdos -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/freebsd b/client/scripts/freebsd -index 8f3e2a2..ad7fb44 100755 ---- a/client/scripts/freebsd -+++ b/client/scripts/freebsd -@@ -89,6 +89,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/linux b/client/scripts/linux -index 5fb1612..3d447b6 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -174,6 +174,11 @@ exit_with_hooks() { - exit_status=$? - fi - -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/netbsd b/client/scripts/netbsd -index 07383b7..aaba8e8 100755 ---- a/client/scripts/netbsd -+++ b/client/scripts/netbsd -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/openbsd b/client/scripts/openbsd -index e7f4746..56b980c 100644 ---- a/client/scripts/openbsd -+++ b/client/scripts/openbsd -@@ -45,6 +45,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - -diff --git a/client/scripts/solaris b/client/scripts/solaris -index af553b9..4a2aa69 100755 ---- a/client/scripts/solaris -+++ b/client/scripts/solaris -@@ -26,6 +26,11 @@ exit_with_hooks() { - . /etc/dhclient-exit-hooks - fi - # probably should do something with exit status of the local script -+ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then -+ dbus-send --system --dest=com.redhat.dhcp \ -+ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \ -+ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`" -+ fi - exit $exit_status - } - --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch deleted file mode 100644 index 810c7b6dad..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch +++ /dev/null @@ -1,38 +0,0 @@ -From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001 -From: Andrei Gherzan <andrei@gherzan.ro> -Date: Tue, 15 Aug 2017 15:05:47 +0800 -Subject: [PATCH 03/11] link with lcrypto - -From 4.2.0 final release, -lcrypto check was removed and we compile -static libraries -from bind that are linked to libcrypto. This is why i added a patch in -order to add --lcrypto to LIBS. - -Upstream-Status: Pending -Signed-off-by: Andrei Gherzan <andrei@gherzan.ro> - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/configure.ac b/configure.ac -index cdfa352..44fb57e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -591,6 +591,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn)); - # Look for optional headers. - AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) - -+# find an MD5 library -+AC_SEARCH_LIBS(MD5_Init, [crypto]) -+AC_SEARCH_LIBS(MD5Init, [crypto]) -+ - # Solaris needs some libraries for functions - AC_SEARCH_LIBS(socket, [socket]) - AC_SEARCH_LIBS(inet_ntoa, [nsl]) --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch deleted file mode 100644 index 7d1d867986..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch +++ /dev/null @@ -1,100 +0,0 @@ -From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 15:08:22 +0800 -Subject: [PATCH 04/11] Fix out of tree builds - -Upstream-Status: Pending - -RP 2013/03/21 - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/Makefile.am | 4 ++-- - common/Makefile.am | 3 ++- - dhcpctl/Makefile.am | 2 ++ - omapip/Makefile.am | 1 + - relay/Makefile.am | 2 +- - server/Makefile.am | 2 +- - 6 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/client/Makefile.am b/client/Makefile.am -index 2cb83d8..4730bb3 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -7,11 +7,11 @@ SUBDIRS = . tests - BINDLIBDIR = @BINDDIR@/lib - - AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ -- -DLOCALSTATEDIR='"$(localstatedir)"' -+ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhclient.conf.example - sbin_PROGRAMS = dhclient --dhclient_SOURCES = clparse.c dhclient.c dhc6.c \ -+dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \ - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt -diff --git a/common/Makefile.am b/common/Makefile.am -index 113aee8..0f24fbb 100644 ---- a/common/Makefile.am -+++ b/common/Makefile.am -@@ -1,4 +1,5 @@ --AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -+ - AM_CFLAGS = $(LDAP_CFLAGS) - - noinst_LIBRARIES = libdhcp.a -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index ceb0de1..ba8dd8b 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -1,5 +1,7 @@ - BINDLIBDIR = @BINDDIR@/lib - -+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -+ - bin_PROGRAMS = omshell - lib_LIBRARIES = libdhcpctl.a - noinst_PROGRAMS = cltest -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index 446a594..dd1afa0 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -1,4 +1,5 @@ - BINDLIBDIR = @BINDDIR@/lib -+AM_CPPFLAGS = -I$(top_srcdir)/includes - - lib_LIBRARIES = libomapi.a - noinst_PROGRAMS = svtest -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 3060eca..6d652f6 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -1,6 +1,6 @@ - BINDLIBDIR = @BINDDIR@/lib - --AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c -diff --git a/server/Makefile.am b/server/Makefile.am -index 54feedf..3990b9c 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -6,7 +6,7 @@ SUBDIRS = . tests - - BINDLIBDIR = @BINDDIR@/lib - --AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"' -+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - dist_sysconf_DATA = dhcpd.conf.example - sbin_PROGRAMS = dhcpd --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch deleted file mode 100644 index dd56381b1d..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 15 Aug 2017 15:24:14 +0800 -Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on - Read-only file system - -In read-only file system, '/etc' is on the readonly partition, -and '/etc/resolv.conf' is symlinked to a separate writable -partition. - -In this situation, we create temp files 'resolv.conf.dhclient-new' -in /tmp dir. - -Upstream-Status: Pending - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 3d447b6..3122a75 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -40,7 +40,7 @@ make_resolv_conf() { - # DHCPv4 - if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] || - [ -n "$new_domain_name_servers" ]; then -- new_resolv_conf=/etc/resolv.conf.dhclient-new -+ new_resolv_conf=/tmp/resolv.conf.dhclient-new - rm -f $new_resolv_conf - - if [ -n "$new_domain_name" ]; then --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch b/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch deleted file mode 100644 index c62b283d50..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Tue, 15 Aug 2017 15:37:49 +0800 -Subject: [PATCH 06/11] site.h: enable gentle shutdown - -Upstream-Status: Inappropriate [configuration] -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - includes/site.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/includes/site.h b/includes/site.h -index 280fbb9..e6c2972 100644 ---- a/includes/site.h -+++ b/includes/site.h -@@ -296,7 +296,7 @@ - situations. We plan to revisit this feature and may - make non-backwards compatible changes including the - removal of this define. Use at your own risk. */ --/* #define ENABLE_GENTLE_SHUTDOWN */ -+#define ENABLE_GENTLE_SHUTDOWN - - /* Include old error codes. This is provided in case you - are building an external program similar to omshell for --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch deleted file mode 100644 index 43c26ea21c..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001 -From: Christopher Larson <chris_larson@mentor.com> -Date: Tue, 15 Aug 2017 16:17:49 +0800 -Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency - explicit and determinisitic. - -Upstream-Status: Pending - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 44fb57e..8e9f509 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -611,6 +611,17 @@ AC_CHECK_FUNCS(strlcat) - # For HP/UX we need -lipv6 for if_nametoindex, perhaps others. - AC_SEARCH_LIBS(if_nametoindex, [ipv6]) - -+AC_ARG_WITH(libxml2, -+ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]), -+ with_libxml2="$withval", with_libxml2="no") -+ -+if test x$with_libxml2 != xno; then -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], -+ [if test x$with_libxml2 != xauto; then -+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) -+ fi]) -+fi -+ - # check for /dev/random (declares HAVE_DEV_RANDOM) - AC_MSG_CHECKING(for random device) - AC_ARG_WITH(randomdev, --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch deleted file mode 100644 index 006d18ae7f..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 11 Jun 2016 22:51:44 -0400 -Subject: [PATCH 08/11] tweak to support external bind - -Tweak the external bind to oe-core's sysroot rather than -external bind source build. - -Upstream-Status: Inappropriate <oe-core specific> - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/Makefile.am | 2 +- - client/tests/Makefile.am | 2 +- - common/tests/Makefile.am | 2 +- - dhcpctl/Makefile.am | 2 +- - omapip/Makefile.am | 2 +- - relay/Makefile.am | 2 +- - server/Makefile.am | 2 +- - server/tests/Makefile.am | 2 +- - 8 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/client/Makefile.am b/client/Makefile.am -index 4730bb3..84d8131 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -4,7 +4,7 @@ - # production code. Sadly, we are not there yet. - SUBDIRS = . tests - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \ - -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes -diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am -index 5031d0c..a8dfd26 100644 ---- a/client/tests/Makefile.am -+++ b/client/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes - AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) -diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index f6a43e4..2f98d22 100644 ---- a/common/tests/Makefile.am -+++ b/common/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes - -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index ba8dd8b..9b2486e 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) - -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index dd1afa0..e4a8599 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - AM_CPPFLAGS = -I$(top_srcdir)/includes - - lib_LIBRARIES = libomapi.a -diff --git a/relay/Makefile.am b/relay/Makefile.am -index 6d652f6..b3bf578 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -1,4 +1,4 @@ --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - -diff --git a/server/Makefile.am b/server/Makefile.am -index 3990b9c..b5d8c2d 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -4,7 +4,7 @@ - # production code. Sadly, we are not there yet. - SUBDIRS = . tests - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - -diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index a87c5e7..9821081 100644 ---- a/server/tests/Makefile.am -+++ b/server/tests/Makefile.am -@@ -1,6 +1,6 @@ - SUBDIRS = . - --BINDLIBDIR = @BINDDIR@/lib -+BINDLIBDIR = @BINDDIR@ - - AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes - AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir) --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch deleted file mode 100644 index 912b6d6312..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001 -From: Andre McCurdy <armccurdy@gmail.com> -Date: Tue, 15 Aug 2017 15:49:31 +0800 -Subject: [PATCH 09/11] remove dhclient-script bash dependency - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> - -Rebase to 4.3.6 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/scripts/linux | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 3122a75..1712d7d 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - # dhclient-script for Linux. Dan Halbert, March, 1997. - # Updated for Linux 2.[12] by Brian J. Murrell, January 1999. - # No guarantees about this. I'm a novice at the details of Linux --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch deleted file mode 100644 index f128731c64..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch +++ /dev/null @@ -1,208 +0,0 @@ -From 76c370a929e5ab5dbc81c2fbcf4e50f4fbc08ce9 Mon Sep 17 00:00:00 2001 -From: Kai Kang <kai.kang@windriver.com> -Date: Tue, 15 Aug 2017 15:53:37 +0800 -Subject: [PATCH 10/11] build shared libs - -Upstream-Status: Pending - -Port patches from Fedora to build shared libs rather than static libs. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Rebase to 4.3.6 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - client/Makefile.am | 4 ++-- - common/tests/Makefile.am | 13 +++++-------- - configure.ac | 12 ++---------- - dhcpctl/Makefile.am | 14 ++++++-------- - omapip/Makefile.am | 7 +++---- - relay/Makefile.am | 5 ++--- - server/Makefile.am | 7 +++---- - server/tests/Makefile.am | 7 +++---- - 8 files changed, 26 insertions(+), 43 deletions(-) - -diff --git a/client/Makefile.am b/client/Makefile.am -index 84d8131..e776bf0 100644 ---- a/client/Makefile.am -+++ b/client/Makefile.am -@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \ - scripts/bsdos scripts/freebsd scripts/linux scripts/macos \ - scripts/netbsd scripts/nextstep scripts/openbsd \ - scripts/solaris scripts/openwrt --dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 - EXTRA_DIST = $(man_MANS) -diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am -index 2f98d22..8745e88 100644 ---- a/common/tests/Makefile.am -+++ b/common/tests/Makefile.am -@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest - alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c - alloc_unittest_LDADD = $(ATF_LDFLAGS) - alloc_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c - dns_unittest_LDADD = $(ATF_LDFLAGS) - dns_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c - misc_unittest_LDADD = $(ATF_LDFLAGS) - misc_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc - - ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c - ns_name_unittest_LDADD = $(ATF_LDFLAGS) - ns_name_unittest_LDADD += ../libdhcp.a \ -- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+ ../../omapip/libomapi.a -L$(BINDLIBDIR) \ -+ -ldns -lisccfg -lisc - - check: $(ATF_TESTS) - @if test $(top_srcdir) != ${top_builddir}; then \ -diff --git a/configure.ac b/configure.ac -index 8e9f509..bfe988a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes") - # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. - AC_USE_SYSTEM_EXTENSIONS - --AC_PROG_RANLIB -- --AC_PATH_PROG(AR, ar) --AC_SUBST(AR) -- --if test "X$AR" = "X"; then -- AC_MSG_ERROR([ --ar program not found. Please fix your PATH to include the directory in --which ar resides, or set AR in the environment with the full path to ar.]) --fi -+# Use libtool to simplify building of shared libraries -+AC_PROG_LIBTOOL - - AC_CONFIG_HEADERS([includes/config.h]) - -diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am -index 9b2486e..784cdf7 100644 ---- a/dhcpctl/Makefile.am -+++ b/dhcpctl/Makefile.am -@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@ - AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) - - bin_PROGRAMS = omshell --lib_LIBRARIES = libdhcpctl.a -+lib_LTLIBRARIES = libdhcpctl.la - noinst_PROGRAMS = cltest - man_MANS = omshell.1 dhcpctl.3 - EXTRA_DIST = $(man_MANS) - - omshell_SOURCES = omshell.c --omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - --libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c -+libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c - - cltest_SOURCES = cltest.c --cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc -diff --git a/omapip/Makefile.am b/omapip/Makefile.am -index e4a8599..c0c7a1e 100644 ---- a/omapip/Makefile.am -+++ b/omapip/Makefile.am -@@ -1,10 +1,10 @@ - BINDLIBDIR = @BINDDIR@ - AM_CPPFLAGS = -I$(top_srcdir)/includes - --lib_LIBRARIES = libomapi.a -+lib_LTLIBRARIES = libomapi.la - noinst_PROGRAMS = svtest - --libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ -+libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \ - errwarn.c listener.c dispatch.c generic.c support.c \ - handle.c message.c convert.c hash.c auth.c inet_addr.c \ - array.c trace.c toisc.c iscprint.c isclib.c -@@ -13,6 +13,5 @@ man_MANS = omapi.3 - EXTRA_DIST = $(man_MANS) - - svtest_SOURCES = test.c --svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - -diff --git a/relay/Makefile.am b/relay/Makefile.am -index b3bf578..f47009f 100644 ---- a/relay/Makefile.am -+++ b/relay/Makefile.am -@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes - - sbin_PROGRAMS = dhcrelay - dhcrelay_SOURCES = dhcrelay.c --dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \ -- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a -+dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - man_MANS = dhcrelay.8 - EXTRA_DIST = $(man_MANS) - -diff --git a/server/Makefile.am b/server/Makefile.am -index b5d8c2d..d7f876d 100644 ---- a/server/Makefile.am -+++ b/server/Makefile.am -@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \ - dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c - - dhcpd_CFLAGS = $(LDAP_CFLAGS) --dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ -- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ -- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS) -+dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \ -+ ../dhcpctl/libdhcpctl.la -L$(BINDLIBDIR) \ -+ -lirs -ldns -lisccfg -lisc $(LDAP_LIBS) - - man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 - EXTRA_DIST = $(man_MANS) -diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am -index 9821081..de95872 100644 ---- a/server/tests/Makefile.am -+++ b/server/tests/Makefile.am -@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \ - ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \ - ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c - --DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \ -- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \ -- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \ -- $(BINDLIBDIR)/libisc.a -+DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \ -+ $(top_builddir)/dhcpctl/libdhcpctl.la \ -+ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc - - ATF_TESTS = - if HAVE_ATF --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch b/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch deleted file mode 100644 index 67bb4631ae..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 37725f3e22edb50e0ca2d1fff971321a5a4d5112 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Wed, 12 Jul 2017 03:05:13 -0400 -Subject: [PATCH 11/11] Moved the call to isc_app_ctxstart() to not get signal - block by all threads - -Signed-off-by: Francis Dupont <fdupont@isc.org> - -In https://source.isc.org/git/bind9.git, since the following -commit applied: -... -commit b99bfa184bc9375421b5df915eea7dfac6a68a99 -Author: Evan Hunt <each@isc.org> -Date: Wed Apr 10 13:49:57 2013 -0700 - - [master] unify internal and export libraries - - 3550. [func] Unified the internal and export versions of the - BIND libraries, allowing external clients to use - the same libraries as BIND. [RT #33131] -... -(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c) - -In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS), -it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart. -Which caused dhclient/dhcpd could not be stopped by SIGTERM. - -It caused systemd's reboot hung which send SIGTERM by default. - -Upstream-Status: Backport [https://source.isc.org/git/dhcp.git] -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - omapip/isclib.c | 25 +++++++++++++++---------- - 1 file changed, 15 insertions(+), 10 deletions(-) - -diff --git a/omapip/isclib.c b/omapip/isclib.c -index ce86490..6a04345 100644 ---- a/omapip/isclib.c -+++ b/omapip/isclib.c -@@ -185,16 +185,6 @@ dhcp_context_create(int flags, - if (result != ISC_R_SUCCESS) - goto cleanup; - -- result = isc_app_ctxstart(dhcp_gbl_ctx.actx); -- if (result != ISC_R_SUCCESS) -- return (result); -- dhcp_gbl_ctx.actx_started = ISC_TRUE; -- -- /* Not all OSs support suppressing SIGPIPE through socket -- * options, so set the sigal action to be ignore. This allows -- * broken connections to fail gracefully with EPIPE on writes */ -- handle_signal(SIGPIPE, SIG_IGN); -- - result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx, - dhcp_gbl_ctx.actx, - 1, 0, -@@ -217,6 +207,21 @@ dhcp_context_create(int flags, - result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); - if (result != ISC_R_SUCCESS) - goto cleanup; -+ -+ result = isc_app_ctxstart(dhcp_gbl_ctx.actx); -+ if (result != ISC_R_SUCCESS) -+ return (result); -+ dhcp_gbl_ctx.actx_started = ISC_TRUE; -+ -+ /* Not all OSs support suppressing SIGPIPE through socket -+ * options, so set the sigal action to be ignore. This allows -+ * broken connections to fail gracefully with EPIPE on writes */ -+ handle_signal(SIGPIPE, SIG_IGN); -+ -+ /* Reset handlers installed by isc_app_ctxstart() -+ * to default for control-c and kill */ -+ handle_signal(SIGINT, SIG_DFL); -+ handle_signal(SIGTERM, SIG_DFL); - } - - #if defined (NSUPDATE) --- -1.8.3.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch deleted file mode 100644 index 2d3af9db0b..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001 -From: Awais Belal <awais_belal@mentor.com> -Date: Wed, 25 Oct 2017 21:00:05 +0500 -Subject: [PATCH] dhcp: correct the intention for xml2 lib search - -A missing case breaks the build when libxml2 is -required and found appropriately. The third argument -to the function AC_SEARCH_LIB is action-if-found which -was mistakenly been used for the case where the library -is not found and hence breaks the configure phase -where it shoud actually pass. -We now pass on silently when action-if-found is -executed. - -Upstream-Status: Pending - -Signed-off-by: Awais Belal <awais_belal@mentor.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index bfe988a..f0459e6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -608,7 +608,7 @@ AC_ARG_WITH(libxml2, - with_libxml2="$withval", with_libxml2="no") - - if test x$with_libxml2 != xno; then -- AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2], -+ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],, - [if test x$with_libxml2 != xauto; then - AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested]) - fi]) --- -2.11.1 - diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb deleted file mode 100644 index 6615ae2555..0000000000 --- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb +++ /dev/null @@ -1,21 +0,0 @@ -require dhcp.inc - -SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \ - file://0002-dhclient-dbus.patch \ - file://0003-link-with-lcrypto.patch \ - file://0004-Fix-out-of-tree-builds.patch \ - file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \ - file://0006-site.h-enable-gentle-shutdown.patch \ - file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \ - file://0008-tweak-to-support-external-bind.patch \ - file://0009-remove-dhclient-script-bash-dependency.patch \ - file://0010-build-shared-libs.patch \ - file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \ - file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ - " - -SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc" -SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b" - -PACKAGECONFIG ?= "" -PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2" diff --git a/meta/recipes-connectivity/dhcp/files/default-relay b/meta/recipes-connectivity/dhcp/files/default-relay deleted file mode 100644 index 7961f014be..0000000000 --- a/meta/recipes-connectivity/dhcp/files/default-relay +++ /dev/null @@ -1,12 +0,0 @@ -# Defaults for dhcp-relay initscript -# sourced by /etc/init.d/dhcp-relay - -# What servers should the DHCP relay forward requests to? -# e.g: SERVERS="192.168.0.1" -SERVERS="" - -# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests? -INTERFACES="" - -# Additional options that are passed to the DHCP relay daemon? -OPTIONS="" diff --git a/meta/recipes-connectivity/dhcp/files/default-server b/meta/recipes-connectivity/dhcp/files/default-server deleted file mode 100644 index 0385d16992..0000000000 --- a/meta/recipes-connectivity/dhcp/files/default-server +++ /dev/null @@ -1,7 +0,0 @@ -# Defaults for dhcp initscript -# sourced by /etc/init.d/dhcp-server -# installed at /etc/default/dhcp-server by the maintainer scripts - -# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? -# Separate multiple interfaces with spaces, e.g. "eth0 eth1". -INTERFACES="" diff --git a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper deleted file mode 100644 index 7d0e224a1d..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -# In case the interface is used for nfs, skip it. -nfsroot=0 -interfaces="" -exec 9<&0 < /proc/mounts -while read dev mtpt fstype rest; do - if test $mtpt = "/" ; then - case $fstype in - nfs | nfs4) - nfsroot=1 - nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'` - break - ;; - *) - ;; - esac - fi -done -exec 0<&9 9<&- - -if [ $nfsroot -eq 0 ]; then - interfaces="$INTERFACES" -else - if [ -x /bin/ip -o -x /sbin/ip ] ; then - nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'` - fi - for i in $INTERFACES; do - if test "x$i" = "x$nfs_iface"; then - echo "dhclient skipping nfsroot interface $i" - else - interfaces="$interfaces $i" - fi - done -fi - -if test "x$interfaces" != "x"; then - /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces -fi diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.conf b/meta/recipes-connectivity/dhcp/files/dhclient.conf deleted file mode 100644 index 0e6dcf96c2..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient.conf +++ /dev/null @@ -1,50 +0,0 @@ -# Configuration file for /sbin/dhclient, which is included in Debian's -# dhcp3-client package. -# -# This is a sample configuration file for dhclient. See dhclient.conf's -# man page for more information about the syntax of this file -# and a more comprehensive list of the parameters understood by -# dhclient. -# -# Normally, if the DHCP server provides reasonable information and does -# not leave anything out (like the domain name, for example), then -# few changes must be made to this file, if any. -# - -#send host-name "andare.fugue.com"; -#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; -#send dhcp-lease-time 3600; -#supersede domain-name "fugue.com home.vix.com"; -#prepend domain-name-servers 127.0.0.1; -request subnet-mask, broadcast-address, time-offset, routers, - domain-name, domain-name-servers, host-name, - netbios-name-servers, netbios-scope; -#require subnet-mask, domain-name-servers; -#timeout 60; -#retry 60; -#reboot 10; -#select-timeout 5; -#initial-interval 2; -#script "/etc/dhcp3/dhclient-script"; -#media "-link0 -link1 -link2", "link0 link1"; -#reject 192.33.137.209; - -#alias { -# interface "eth0"; -# fixed-address 192.5.5.213; -# option subnet-mask 255.255.255.255; -#} - -#lease { -# interface "eth0"; -# fixed-address 192.33.137.200; -# medium "link0 link1"; -# option host-name "andare.swiftmedia.com"; -# option subnet-mask 255.255.255.0; -# option broadcast-address 192.33.137.255; -# option routers 192.33.137.250; -# option domain-name-servers 127.0.0.1; -# renew 2 2000/1/12 00:00:01; -# rebind 2 2000/1/12 00:00:01; -# expire 2 2000/1/12 00:00:01; -#} diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.service b/meta/recipes-connectivity/dhcp/files/dhclient.service deleted file mode 100644 index 9ddb4d1dfe..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhclient.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Dynamic Host Configuration Protocol (DHCP) -Wants=network.target -Before=network.target -After=systemd-udevd.service - -[Service] -EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client -ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/meta/recipes-connectivity/dhcp/files/dhcpd.conf deleted file mode 100644 index 0001c0f00e..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd.conf +++ /dev/null @@ -1,108 +0,0 @@ -# -# Sample configuration file for ISC dhcpd for Debian -# -# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ -# - -# The ddns-updates-style parameter controls whether or not the server will -# attempt to do a DNS update when a lease is confirmed. We default to the -# behavior of the version 2 packages ('none', since DHCP v2 didn't -# have support for DDNS.) -ddns-update-style none; - -# option definitions common to all supported networks... -option domain-name "example.org"; -option domain-name-servers ns1.example.org, ns2.example.org; - -default-lease-time 600; -max-lease-time 7200; - -# If this DHCP server is the official DHCP server for the local -# network, the authoritative directive should be uncommented. -#authoritative; - -# Use this to send dhcp log messages to a different log file (you also -# have to hack syslog.conf to complete the redirection). -log-facility local7; - -# No service will be given on this subnet, but declaring it helps the -# DHCP server to understand the network topology. - -#subnet 10.152.187.0 netmask 255.255.255.0 { -#} - -# This is a very basic subnet declaration. - -#subnet 10.254.239.0 netmask 255.255.255.224 { -# range 10.254.239.10 10.254.239.20; -# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; -#} - -# This declaration allows BOOTP clients to get dynamic addresses, -# which we don't really recommend. - -#subnet 10.254.239.32 netmask 255.255.255.224 { -# range dynamic-bootp 10.254.239.40 10.254.239.60; -# option broadcast-address 10.254.239.31; -# option routers rtr-239-32-1.example.org; -#} - -# A slightly different configuration for an internal subnet. -#subnet 10.5.5.0 netmask 255.255.255.224 { -# range 10.5.5.26 10.5.5.30; -# option domain-name-servers ns1.internal.example.org; -# option domain-name "internal.example.org"; -# option routers 10.5.5.1; -# option broadcast-address 10.5.5.31; -# default-lease-time 600; -# max-lease-time 7200; -#} - -# Hosts which require special configuration options can be listed in -# host statements. If no address is specified, the address will be -# allocated dynamically (if possible), but the host-specific information -# will still come from the host declaration. - -#host passacaglia { -# hardware ethernet 0:0:c0:5d:bd:95; -# filename "vmunix.passacaglia"; -# server-name "toccata.fugue.com"; -#} - -# Fixed IP addresses can also be specified for hosts. These addresses -# should not also be listed as being available for dynamic assignment. -# Hosts for which fixed IP addresses have been specified can boot using -# BOOTP or DHCP. Hosts for which no fixed address is specified can only -# be booted with DHCP, unless there is an address range on the subnet -# to which a BOOTP client is connected which has the dynamic-bootp flag -# set. -#host fantasia { -# hardware ethernet 08:00:07:26:c0:a5; -# fixed-address fantasia.fugue.com; -#} - -# You can declare a class of clients and then do address allocation -# based on that. The example below shows a case where all clients -# in a certain class get addresses on the 10.17.224/24 subnet, and all -# other clients get addresses on the 10.0.29/24 subnet. - -#class "foo" { -# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; -#} - -#shared-network 224-29 { -# subnet 10.17.224.0 netmask 255.255.255.0 { -# option routers rtr-224.example.org; -# } -# subnet 10.0.29.0 netmask 255.255.255.0 { -# option routers rtr-29.example.org; -# } -# pool { -# allow members of "foo"; -# range 10.17.224.10 10.17.224.250; -# } -# pool { -# deny members of "foo"; -# range 10.0.29.10 10.0.29.230; -# } -#} diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.service b/meta/recipes-connectivity/dhcp/files/dhcpd.service deleted file mode 100644 index ae4f93eca5..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=DHCPv4 Server Daemon -Documentation=man:dhcpd(8) man:dhcpd.conf(5) -After=network.target -After=time-sync.target - -[Service] -PIDFile=@localstatedir@/run/dhcpd.pid -EnvironmentFile=@SYSCONFDIR@/default/dhcp-server -EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server -ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases -ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/meta/recipes-connectivity/dhcp/files/dhcpd6.service deleted file mode 100644 index ca96abb838..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcpd6.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=DHCPv6 Server Daemon -Documentation=man:dhcpd(8) man:dhcpd.conf(5) -After=network.target -After=time-sync.target - -[Service] -PIDFile=@localstatedir@/run/dhcpd6.pid -EnvironmentFile=@SYSCONFDIR@/default/dhcp-server -EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6 -ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases -ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/meta/recipes-connectivity/dhcp/files/dhcrelay.service deleted file mode 100644 index 15ff927d34..0000000000 --- a/meta/recipes-connectivity/dhcp/files/dhcrelay.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=DHCP Relay Agent Daemon -After=network.target - -[Service] -EnvironmentFile=@SYSCONFDIR@/default/dhcp-relay -ExecStart=@SBINDIR@/dhcrelay -d --no-pid -q $SERVERS - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcp/files/init-relay b/meta/recipes-connectivity/dhcp/files/init-relay deleted file mode 100644 index 019a7e84cf..0000000000 --- a/meta/recipes-connectivity/dhcp/files/init-relay +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $ -# - -# It is not safe to start if we don't have a default configuration... -if [ ! -f /etc/default/dhcp-relay ]; then - echo "/etc/default/dhcp-relay does not exist! - Aborting..." - echo "create this file to fix the problem." - exit 1 -fi - -# Read init script configuration (interfaces the daemon should listen on -# and the DHCP server we should forward requests to.) -. /etc/default/dhcp-relay - -# Build command line for interfaces (will be passed to dhrelay below.) -IFCMD="" -if test "$INTERFACES" != ""; then - for I in $INTERFACES; do - IFCMD=${IFCMD}"-i "${I}" " - done -fi - -DHCRELAYPID=/var/run/dhcrelay.pid - -case "$1" in - start) - start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS - ;; - stop) - start-stop-daemon -K -x /usr/sbin/dhcrelay - ;; - restart | force-reload) - $0 stop - sleep 2 - $0 start - ;; - *) - echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/dhcp/files/init-server b/meta/recipes-connectivity/dhcp/files/init-server deleted file mode 100644 index 5e693adf78..0000000000 --- a/meta/recipes-connectivity/dhcp/files/init-server +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $ -# - -test -f /usr/sbin/dhcpd || exit 0 - -# It is not safe to start if we don't have a default configuration... -if [ ! -f /etc/default/dhcp-server ]; then - echo "/etc/default/dhcp-server does not exist! - Aborting..." - exit 0 -fi - -# Read init script configuration (so far only interfaces the daemon -# should listen on.) -. /etc/default/dhcp-server - -case "$1" in - start) - echo -n "Starting DHCP server: " - test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/ - test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases - start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES -user dhcp -group dhcp - echo "." - ;; - stop) - echo -n "Stopping DHCP server: dhcpd3" - start-stop-daemon -K -x /usr/sbin/dhcpd - echo "." - ;; - restart | force-reload) - $0 stop - sleep 2 - $0 start - if [ "$?" != "0" ]; then - exit 1 - fi - ;; - *) - echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb new file mode 100644 index 0000000000..6bde9b1f51 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -0,0 +1,61 @@ +SECTION = "console/network" +SUMMARY = "dhcpcd - a DHCP client" +DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ + computer to work on the attached networks without trouble \ + and mostly without configuration." + +HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ba9c7e534853aaf3de76c905b2410ffd" + +SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \ + file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ + file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ + file://dhcpcd.service \ + file://dhcpcd@.service \ + file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ + " + +SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" +S = "${WORKDIR}/git" + +inherit pkgconfig autotools-brokensep systemd useradd + +SYSTEMD_SERVICE:${PN} = "dhcpcd.service" + +PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" + +PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" +# ntp conflicts with chrony +PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" +PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" +PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" + +# add option to override DBDIR location +DBDIR ?= "${localstatedir}/lib/${BPN}" + +EXTRA_OECONF = "--enable-ipv4 \ + --dbdir=${DBDIR} \ + --sbindir=${base_sbindir} \ + --runstatedir=/run \ + --enable-privsep \ + --privsepuser=dhcpcd \ + --with-hooks \ + --with-eghooks \ + " + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" + +do_install:append () { + # install systemd unit files + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} + + chmod 700 ${D}${DBDIR} + chown dhcpcd:dhcpcd ${D}${DBDIR} +} + +FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..8d1ed6671a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch @@ -0,0 +1,82 @@ +From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Wed, 9 Nov 2022 16:33:18 +0800 +Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd + +systemd's resolvconf implementation ignores the protocol part. +See https://github.com/systemd/systemd/issues/25032. + +When using 'dhcp server + dns server + dhcpcd + systemd', we +get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', +yet systemd's resolvconf treats it as eth0. This will delete the +DNS information set by 'resolvconf -a eth0.dhcp'. + +Fortunately, 20-resolv.conf has the ability to build the resolv.conf +file contents itself. We can just pass the generated contents to +systemd's resolvconf. This way, the DNS information is not incorrectly +deleted. Also, it does not cause behavior regression for dhcpcd +in other cases. + +Upstream-Status: Inappropriate [OE Specific] +This patch has been rejected by dhcpcd upstream. +See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + hooks/20-resolv.conf | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf +index 7c29e276..becc019f 100644 +--- a/hooks/20-resolv.conf ++++ b/hooks/20-resolv.conf +@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" + NL=" + " + : ${resolvconf:=resolvconf} ++resolvconf_from_systemd=false + if command -v "$resolvconf" >/dev/null 2>&1; then + have_resolvconf=true ++ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then ++ resolvconf_from_systemd=true ++ fi + else + have_resolvconf=false + fi +@@ -69,8 +73,13 @@ build_resolv_conf() + else + echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" + fi +- if change_file /etc/resolv.conf "$cf"; then +- chmod 644 /etc/resolv.conf ++ if $resolvconf_from_systemd; then ++ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" ++ "$resolvconf" -a "$ifname" <"$cf" ++ else ++ if change_file /etc/resolv.conf "$cf"; then ++ chmod 644 /etc/resolv.conf ++ fi + fi + rm -f "$cf" + } +@@ -170,7 +179,7 @@ add_resolv_conf() + for x in ${new_domain_name_servers}; do + conf="${conf}nameserver $x$NL" + done +- if $have_resolvconf; then ++ if $have_resolvconf && ! $resolvconf_from_systemd; then + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" + printf %s "$conf" | "$resolvconf" -a "$ifname" + return $? +@@ -186,7 +195,7 @@ add_resolv_conf() + + remove_resolv_conf() + { +- if $have_resolvconf; then ++ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then + "$resolvconf" -d "$ifname" -f + else + if [ -e "$resolv_conf_dir/$ifname" ]; then +-- +2.17.1 + diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch new file mode 100644 index 0000000000..461d04bd1d --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch @@ -0,0 +1,44 @@ +From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Fri, 10 Mar 2023 03:48:46 +0000 +Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. + +Error: Transaction test error: + file /usr/share/man/man8/dhcpcd.8 conflicts between attempted + installs of dhcpcd-doc-9.4.1-r0.cortexa57 and + lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon + +The differences between the two files are as follows: +@@ -821,7 +821,7 @@ + If you always use the same options, put them here. + .It Pa /usr/libexec/dhcpcd-run-hooks + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa /usr/lib64/dhcpcd/dev ++.It Pa /usr/lib/dhcpcd/dev + Linux + .Pa /dev + management modules. + +It is just a man file, there is no necessary to manage multiple +versions. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> + +--- + src/dhcpcd.8.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in +index 93232840..09930a31 100644 +--- a/src/dhcpcd.8.in ++++ b/src/dhcpcd.8.in +@@ -824,7 +824,7 @@ Configuration file for dhcpcd. + If you always use the same options, put them here. + .It Pa @SCRIPT@ + Bourne shell script that is run to configure or de-configure an interface. +-.It Pa @LIBDIR@/dhcpcd/dev ++.It Pa /usr/<libdir>/dhcpcd/dev + Linux + .Pa /dev + management modules. diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch new file mode 100644 index 0000000000..c54942be4b --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch @@ -0,0 +1,43 @@ +From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001 +From: Stefano Cappa <stefano.cappa.ks89@gmail.com> +Date: Sun, 13 Jan 2019 01:50:52 +0100 +Subject: [PATCH] remove INCLUDEDIR to prevent build issues + +Upstream-Status: Pending + +Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> + +--- + configure | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/configure b/configure +index 5237b0e2..7220718b 100755 +--- a/configure ++++ b/configure +@@ -26,7 +26,6 @@ BUILD= + HOST= + HOSTCC= + TARGET= +-INCLUDEDIR= + DEBUG= + FORK= + STATIC= +@@ -86,7 +85,6 @@ for x do + --mandir) MANDIR=$var;; + --datadir) DATADIR=$var;; + --with-ccopts|CFLAGS) CFLAGS=$var;; +- -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";; + CC) CC=$var;; + CPPFLAGS) CPPFLAGS=$var;; + PKG_CONFIG) PKG_CONFIG=$var;; +@@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then + echo "CPPFLAGS=" >>$CONFIG_MK + echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK + fi +-if [ -n "$INCLUDEDIR" ]; then +- echo "CPPFLAGS+= $INCLUDEDIR" >>$CONFIG_MK +-fi + if [ -n "$LDFLAGS" ]; then + echo "LDFLAGS=" >>$CONFIG_MK + echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service new file mode 100644 index 0000000000..6c967ddaf0 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service @@ -0,0 +1,11 @@ +[Unit] +Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support +Wants=network.target +Before=network.target +Conflicts=connman.service + +[Service] +ExecStart=/sbin/dhcpcd -q --nobackground + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service new file mode 100644 index 0000000000..845b83b9e5 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service @@ -0,0 +1,16 @@ +[Unit] +Description=dhcpcd on %I +Wants=network.target +Before=network.target +BindsTo=sys-subsystem-net-devices-%i.device +After=sys-subsystem-net-devices-%i.device +Conflicts=connman.service + +[Service] +Type=forking +PIDFile=/run/dhcpcd/%I.pid +ExecStart=/sbin/dhcpcd -q %I +ExecStop=/sbin/dhcpcd -x %I + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils new file mode 100644 index 0000000000..30e81ef450 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils @@ -0,0 +1,20 @@ +# default: off +# description: +# Rexecd is the server for the rexec program. The server provides remote +# execution facilities with authentication based on user names and +# passwords. +# +service exec +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rexecd + disable = yes +} diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils new file mode 100644 index 0000000000..21b55da9a9 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils @@ -0,0 +1,23 @@ +# default: off +# description: +# Rlogind is a server for the rlogin program. The server provides remote +# execution with authentication based on privileged port numbers from trusted +# host +# +service login +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rlogind -a + disable = yes +} + + + diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils new file mode 100644 index 0000000000..2b894a74bd --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils @@ -0,0 +1,21 @@ +# default: off +# description: +# The rshd server is a server for the rcmd(3) routine and, +# consequently, for the rsh(1) program. The server provides +# remote execution facilities with authentication based on +# privileged port numbers from trusted hosts. +# +service shell +{ + socket_type = stream + protocol = tcp + flags = NAMEINARGS + wait = no + user = root + group = root + log_on_success += USERID + log_on_failure += USERID + server = @SBINDIR@/tcpd + server_args = @SBINDIR@/in.rshd -aL + disable = yes +} diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils new file mode 100644 index 0000000000..2d9a0408c0 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils @@ -0,0 +1,13 @@ +# default: on +# description: The telnet server serves telnet sessions; it uses \ +# unencrypted username/password pairs for authentication. +service telnet +{ + disable = no + flags = REUSE + socket_type = stream + wait = no + user = root + server = @SBINDIR@/in.telnetd + log_on_failure += USERID +} diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils new file mode 100644 index 0000000000..67b44c43e8 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils @@ -0,0 +1,19 @@ +# default: off +# description: +# Tftpd is a server which supports the Internet Trivial File Transfer +# Pro-tocol (RFC 783). The TFTP server operates at the port indicated +# in the tftp service description; see services(5). +# +service tftp +{ + disable = yes + socket_type = dgram + protocol = udp + flags = IPv6 + wait = yes + user = root + group = root + server = @SBINDIR@/in.tftpd + server_args = /tftpboot +} + diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.5.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb new file mode 100644 index 0000000000..0f1a0736bd --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb @@ -0,0 +1,218 @@ +SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers." +DESCRIPTION = "The GNU inetutils are a collection of common \ +networking utilities and servers including ftp, ftpd, rcp, \ +rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ +talkd, telnet, telnetd, tftp, tftpd, and uucpd." +HOMEPAGE = "http://www.gnu.org/software/inetutils" +SECTION = "net" +DEPENDS = "ncurses netbase readline virtual/crypt" + +LICENSE = "GPL-3.0-only" + +LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" + +SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" +SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ + file://rexec.xinetd.inetutils \ + file://rlogin.xinetd.inetutils \ + file://rsh.xinetd.inetutils \ + file://telnet.xinetd.inetutils \ + file://tftpd.xinetd.inetutils \ + " + +inherit autotools gettext update-alternatives texinfo + +acpaths = "-I ./m4" + +PACKAGECONFIG ??= "ftp uucpd \ + ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ + " +PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline" +PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline" +PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," +PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," + +EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ + --with-libreadline-prefix=${STAGING_LIBDIR} \ + --enable-rpath=no \ + --with-path-login=${base_bindir}/login \ + --with-path-cp=${base_bindir}/cp \ + --with-path-uucico=${libexecdir}/uuico \ + --with-path-procnet-dev=/proc/net/dev \ + " + +EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx" + +# These are horrible for security, disable them +EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ + --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" + +# The configure script guesses many paths in cross builds, check for this happening +do_configure_cross_check() { + if grep "may be incorrect because of cross-compilation" ${B}/config.log; then + bberror Default path values used, these must be set explicitly + fi +} +do_configure[postfuncs] += "do_configure_cross_check" + +# The --with-path options are not actually options, so this check needs to be silenced +ERROR_QA:remove = "unknown-configure-option" + +do_configure:prepend () { + export HELP2MAN='true' +} + +do_install:append () { + install -m 0755 -d ${D}${base_sbindir} + install -m 0755 -d ${D}${sbindir} + install -m 0755 -d ${D}${sysconfdir}/xinetd.d + if [ "${base_bindir}" != "${bindir}" ] ; then + install -m 0755 -d ${D}${base_bindir} + mv ${D}${bindir}/ping* ${D}${base_bindir}/ + mv ${D}${bindir}/hostname ${D}${base_bindir}/ + mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/ + fi + mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ + mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ + mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd + mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd + if [ -e ${D}${libexecdir}/rexecd ]; then + mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd + cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec + fi + if [ -e ${D}${libexecdir}/rlogind ]; then + mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind + cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin + fi + if [ -e ${D}${libexecdir}/rshd ]; then + mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd + cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh + fi + if [ -e ${D}${libexecdir}/talkd ]; then + mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd + fi + mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd + mv ${D}${libexecdir}/* ${D}${bindir}/ + cp ${WORKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet + cp ${WORKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd + + sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/* + if [ -e ${D}${libdir}/charset.alias ]; then + rm -rf ${D}${libdir}/charset.alias + fi + rm -rf ${D}${libexecdir}/ + # remove usr/lib if empty + rmdir ${D}${libdir} || true +} + +PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \ +${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \ +${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \ +${PN}-rsh ${PN}-rshd" + +# The packages tftpd, telnetd and rshd conflict with the ones +# provided by netkit, so add the corresponding -dbg packages +# for them to avoid the confliction between the dbg package +# of inetutils and netkit. +PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" +NOAUTOPACKAGEDEBUG = "1" + +ALTERNATIVE_PRIORITY = "79" +ALTERNATIVE:${PN} = "whois dnsdomainname" +ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" +ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" + +ALTERNATIVE_PRIORITY_${PN}-logger = "60" +ALTERNATIVE:${PN}-logger = "logger" +ALTERNATIVE:${PN}-syslogd = "syslogd" +ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" + +ALTERNATIVE:${PN}-ftp = "ftp" +ALTERNATIVE:${PN}-ftpd = "ftpd" +ALTERNATIVE:${PN}-tftp = "tftp" +ALTERNATIVE:${PN}-tftpd = "tftpd" +ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" +ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" + +ALTERNATIVE:${PN}-telnet = "telnet" +ALTERNATIVE:${PN}-telnetd = "telnetd" +ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" +ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" + +ALTERNATIVE:${PN}-inetd= "inetd" +ALTERNATIVE:${PN}-traceroute = "traceroute" + +ALTERNATIVE:${PN}-hostname = "hostname" +ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" + +ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" +ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" +ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" +ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" +ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" + +ALTERNATIVE:${PN}-ifconfig = "ifconfig" +ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" + +ALTERNATIVE:${PN}-ping = "ping" +ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" + +ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" +ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" + + +FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" +FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" +FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" +FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" +FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" +FILES:${PN}-logger = "${bindir}/logger.${BPN}" + +FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" +RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" + +FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" + +FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" +FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" + +# We make us of RCONFLICTS / RPROVIDES here rather than using the normal +# alternatives method as this leads to packaging QA issues when using +# musl as that library does not provide what these applications need to +# build. +FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" +RCONFLICTS:${PN}-rsh += "netkit-rsh-client" +RPROVIDES:${PN}-rsh = "rsh" + +FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ + ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" +FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" +RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" +RCONFLICTS:${PN}-rshd += "netkit-rshd-server" +RPROVIDES:${PN}-rshd = "rshd" + +FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" +FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" +RDEPENDS:${PN}-ftpd += "xinetd" + +FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" +FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" +RCONFLICTS:${PN}-tftpd += "netkit-tftpd" +RDEPENDS:${PN}-tftpd += "xinetd" + +FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" +FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" +RCONFLICTS:${PN}-telnetd += "netkit-telnet" +RPROVIDES:${PN}-telnetd = "telnetd" +RDEPENDS:${PN}-telnetd += "xinetd" + +FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" + +RDEPENDS:${PN} = "xinetd" diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc deleted file mode 100644 index a578eb3afa..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2.inc +++ /dev/null @@ -1,52 +0,0 @@ -SUMMARY = "TCP / IP networking and traffic control utilities" -DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ -TCP / IP networking and traffic control in Linux. Of the utilities ip \ -and tc are the most important. ip controls IPv4 and IPv6 \ -configuration and tc stands for traffic control." -HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" -SECTION = "base" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" - -DEPENDS = "flex-native bison-native iptables elfutils" - -inherit update-alternatives bash-completion pkgconfig - -PACKAGECONFIG ??= "tipc" -PACKAGECONFIG[tipc] = ",,libmnl," - -EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'" - -do_configure_append () { - sh configure ${STAGING_INCDIR} - # Explicitly disable ATM support - sed -i -e '/TC_CONFIG_ATM/d' Config -} - -do_install () { - oe_runmake DESTDIR=${D} install - mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 - install -d ${D}${datadir} - mv ${D}/share/* ${D}${datadir}/ || true - rm ${D}/share -rf || true -} - -# The .so files in iproute2-tc are modules, not traditional libraries -INSANE_SKIP_${PN}-tc = "dev-so" - -PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}" -FILES_${PN}-tc = "${base_sbindir}/tc* \ - ${libdir}/tc/*.so" -FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat" -FILES_${PN}-ifstat = "${base_sbindir}/ifstat" -FILES_${PN}-genl = "${base_sbindir}/genl" -FILES_${PN}-rtacct = "${base_sbindir}/rtacct" -FILES_${PN}-nstat = "${base_sbindir}/nstat" -FILES_${PN}-ss = "${base_sbindir}/ss" -FILES_${PN}-tipc = "${base_sbindir}/tipc" - -ALTERNATIVE_${PN} = "ip" -ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" -ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" -ALTERNATIVE_PRIORITY = "100" diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch deleted file mode 100644 index a9027c5b58..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 02ed10fc5215c4a32e6740b0a0c2439659be6801 Mon Sep 17 00:00:00 2001 -From: Changhyeok Bae <changhyeok.bae@gmail.com> -Date: Mon, 13 Nov 2017 15:59:35 +0000 -Subject: [PATCH] ip: Remove unneed header - -Fix redefinition of struct ethhdr with a suitably patched musl libc -that suppresses the kernel if_ether.h. - -Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> - -Upstream-Status: Pending [netdev@vger.kernel.org] ---- - ip/iplink_bridge.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c -index cccdec1..f065b22 100644 ---- a/ip/iplink_bridge.c -+++ b/ip/iplink_bridge.c -@@ -13,7 +13,6 @@ - #include <stdlib.h> - #include <string.h> - #include <netinet/in.h> --#include <netinet/ether.h> - #include <linux/if_link.h> - #include <linux/if_bridge.h> - #include <net/if.h> --- -2.7.4 - diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch deleted file mode 100644 index c3d3fea9c2..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch +++ /dev/null @@ -1,63 +0,0 @@ -Subject: [PATCH] iproute2: de-bash scripts - -de-bash these two scripts to make iproute2 not depend on bash. - -Upstream-Status: Pending - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - ip/ifcfg | 15 ++++++++------- - ip/rtpr | 2 +- - 2 files changed, 9 insertions(+), 8 deletions(-) - -diff --git a/ip/ifcfg b/ip/ifcfg -index 30a2dc4..8677b2e 100644 ---- a/ip/ifcfg -+++ b/ip/ifcfg -@@ -1,12 +1,13 @@ --#! /bin/bash -+#! /bin/sh - - CheckForwarding () { -- local sbase fwd -+ local sbase fwd forwarding - sbase=/proc/sys/net/ipv4/conf - fwd=0 - if [ -d $sbase ]; then - for dir in $sbase/*/forwarding; do -- fwd=$[$fwd + `cat $dir`] -+ forwarding=`cat $dir` -+ fwd=$(($fwd+$forwarding)) - done - else - fwd=2 -@@ -127,12 +128,12 @@ fi - arping -q -A -c 1 -I $dev $ipaddr - noarp=$? - ( sleep 2 ; -- arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null & -+ arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null & - --ip route add unreachable 224.0.0.0/24 >& /dev/null --ip route add unreachable 255.255.255.255 >& /dev/null -+ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1 -+ip route add unreachable 255.255.255.255 > /dev/null 2>&1 - if [ "`ip link ls $dev | grep -c MULTICAST`" -ge 1 ]; then -- ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null -+ ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1 - fi - - if [ $fwd -eq 0 ]; then -diff --git a/ip/rtpr b/ip/rtpr -index c3629fd..674198d 100644 ---- a/ip/rtpr -+++ b/ip/rtpr -@@ -1,4 +1,4 @@ --#! /bin/bash -+#! /bin/sh - - exec tr "[\\\\]" "[ - ]" --- -2.7.4 - diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch deleted file mode 100644 index 3d324c96da..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch +++ /dev/null @@ -1,41 +0,0 @@ -From b7d96340c55afb7023ded0041107c63dbd886196 Mon Sep 17 00:00:00 2001 -From: Baruch Siach <baruch@tkos.co.il> -Date: Thu, 22 Dec 2016 15:26:30 +0200 -Subject: [PATCH] libc-compat.h: add musl workaround - -The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and -__USE_MISC) to solve conflicts with libc provided headers. This patch makes -libc-compat.h work for musl libc as well. - -Upstream-Status: Pending - -Taken From: -https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch - -Signed-off-by: Baruch Siach <baruch@tkos.co.il> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - include/linux/libc-compat.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/include/linux/libc-compat.h b/include/linux/libc-compat.h -index f38571d..30f0b67 100644 ---- a/include/linux/libc-compat.h -+++ b/include/linux/libc-compat.h -@@ -49,10 +49,12 @@ - #define _LIBC_COMPAT_H - - /* We have included glibc headers... */ --#if defined(__GLIBC__) -+#if 1 -+#define __USE_MISC - - /* Coordinate with glibc net/if.h header. */ - #if defined(_NET_IF_H) && defined(__USE_MISC) -+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 - - /* GLIBC headers included first so don't define anything - * that would already be defined. */ --- -2.4.0 - diff --git a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch deleted file mode 100644 index 866609ca99..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001 -From: Koen Kooi <koen@dominion.thruhere.net> -Date: Thu, 3 Nov 2011 10:46:16 +0100 -Subject: [PATCH] make configure cross compile safe - -According to Kevin Tian: -Upstream-Status: Pending - -Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> -Signed-off-by: Shane Wang <shane.wang@intel.com> - -Index: iproute2-3.7.0/configure -=================================================================== ---- iproute2-3.7.0.orig/configure -+++ iproute2-3.7.0/configure -@@ -2,6 +2,7 @@ - # This is not an autconf generated configure - # - INCLUDE=${1:-"$PWD/include"} -+SYSROOT=$1 - - # Make a temp directory in build tree. - TMPDIR=$(mktemp -d config.XXXXXX) -@@ -158,7 +159,7 @@ check_ipt_lib_dir() - return - fi - -- for dir in /lib /usr/lib /usr/local/lib -+ for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib - do - for file in $dir/{xtables,iptables}/lib*t_*so ; do - if [ -f $file ]; then diff --git a/meta/recipes-connectivity/iproute2/iproute2_4.13.0.bb b/meta/recipes-connectivity/iproute2/iproute2_4.13.0.bb deleted file mode 100644 index 32bf0d52f1..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2_4.13.0.bb +++ /dev/null @@ -1,15 +0,0 @@ -require iproute2.inc - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ - file://configure-cross.patch \ - file://0001-iproute2-de-bash-scripts.patch \ - file://0001-libc-compat.h-add-musl-workaround.patch \ - file://0001-ip-Remove-unneed-header.patch \ - " - -SRC_URI[md5sum] = "69dc9e3ece3296890278f0de478330c8" -SRC_URI[sha256sum] = "9cfb81edf8c8509e03daa77cf62aead01c4a827132f6c506578f94cc19415c50" - -# CFLAGS are computed in Makefile and reference CCOPTS -# -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb new file mode 100644 index 0000000000..68f7611943 --- /dev/null +++ b/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb @@ -0,0 +1,107 @@ +SUMMARY = "TCP / IP networking and traffic control utilities" +DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ +TCP / IP networking and traffic control in Linux. Of the utilities ip \ +and tc are the most important. ip controls IPv4 and IPv6 \ +configuration and tc stands for traffic control." +HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" +SECTION = "base" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + " + +DEPENDS = "flex-native bison-native iptables libcap" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz" + +SRC_URI[sha256sum] = "03a6cca3d71a908d1f15f7b495be2b8fe851f941458dc4664900d7f45fcf68ce" + +inherit update-alternatives bash-completion pkgconfig + +PACKAGECONFIG ??= "tipc elf devlink" +PACKAGECONFIG[tipc] = ",,libmnl," +PACKAGECONFIG[elf] = ",,elfutils," +PACKAGECONFIG[devlink] = ",,libmnl," +PACKAGECONFIG[rdma] = ",,libmnl," +PACKAGECONFIG[selinux] = ",,libselinux" + +IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" + +# CFLAGS are computed in Makefile and reference CCOPTS +# +EXTRA_OEMAKE = "\ + CC='${CC}' \ + KERNEL_INCLUDE=${STAGING_INCDIR} \ + DOCDIR=${docdir}/iproute2 \ + SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ + SBINDIR='${base_sbindir}' \ + CONF_USR_DIR='${libdir}/iproute2' \ + LIBDIR='${libdir}' \ + CCOPTS='${CFLAGS}' \ +" + +do_configure:append () { + sh configure ${STAGING_INCDIR} + # Explicitly disable ATM support + sed -i -e '/TC_CONFIG_ATM/d' config.mk +} + +do_install () { + oe_runmake DESTDIR=${D} install + mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 + install -d ${D}${datadir} + mv ${D}/share/* ${D}${datadir}/ || true + rm ${D}/share -rf || true + + # Remove support fot ipt and xt in tc. So tc library directory is not needed. + rm ${D}${libdir}/tc -rf +} + +# The .so files in iproute2-tc are modules, not traditional libraries +INSANE_SKIP:${PN}-tc = "dev-so" + +IPROUTE2_PACKAGES =+ "\ + ${PN}-bridge \ + ${PN}-devlink \ + ${PN}-genl \ + ${PN}-ifstat \ + ${PN}-ip \ + ${PN}-lnstat \ + ${PN}-nstat \ + ${PN}-routel \ + ${PN}-rtacct \ + ${PN}-ss \ + ${PN}-tc \ + ${PN}-tipc \ + ${PN}-rdma \ +" + +PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" +RDEPENDS:${PN} += "${PN}-ip" + +FILES:${PN}-tc = "${base_sbindir}/tc* \ + ${libdir}/tc/*.so" +FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ + ${base_sbindir}/ctstat \ + ${base_sbindir}/rtstat" +FILES:${PN}-ifstat = "${base_sbindir}/ifstat" +FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2" +FILES:${PN}-genl = "${base_sbindir}/genl" +FILES:${PN}-rtacct = "${base_sbindir}/rtacct" +FILES:${PN}-nstat = "${base_sbindir}/nstat" +FILES:${PN}-ss = "${base_sbindir}/ss" +FILES:${PN}-tipc = "${base_sbindir}/tipc" +FILES:${PN}-devlink = "${base_sbindir}/devlink" +FILES:${PN}-rdma = "${base_sbindir}/rdma" +FILES:${PN}-routel = "${base_sbindir}/routel" +FILES:${PN}-bridge = "${base_sbindir}/bridge" + +RDEPENDS:${PN}-routel = "python3-core" + +ALTERNATIVE:${PN}-ip = "ip" +ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" +ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE:${PN}-tc = "tc" +ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" +ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init deleted file mode 100755 index 6f29e9c6ed..0000000000 --- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init +++ /dev/null @@ -1,78 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: irda -# Required-Start: $network $remote_fs -# Required-Stop: $network $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Infrared port support -### END INIT INFO - -NAME="irattach" -test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach -test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid - -# Source function library. -. /etc/init.d/functions - -module_id() { - awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo -} - -if [ ! -f /etc/sysconfig/irda ]; then - case `module_id` in - "HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal") - IRDA=yes - DEVICE=/dev/ttyS2 - DONGLE= - DISCOVERY= - ;; - *) - IRDA=yes - DEVICE=/dev/ttyS1 - DONGLE= - DISCOVERY= - ;; - esac -else - . /etc/sysconfig/irda -fi - -# Check that irda is up. -[ ${IRDA} = "no" ] && exit 0 - -[ -f /usr/sbin/irattach ] || exit 0 - -ARGS= -if [ $DONGLE ]; then - ARGS="$ARGS -d $DONGLE" -fi -if [ "$DISCOVERY" = "yes" ];then - ARGS="$ARGS -s" -fi - -case "$1" in - start) - echo -n "Starting IrDA: $NAME" - start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID" - sleep 1 - [ -f /var/run/irattach.pid ] && echo " done" || echo " fail" - ;; - stop) - echo "Stopping IrDA: $NAME" - start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID" - ;; - restart|force-reload) - $0 stop - $0 start - ;; - status) - status irattach - exit $? - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch deleted file mode 100644 index e95fe35f8f..0000000000 --- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch +++ /dev/null @@ -1,75 +0,0 @@ -Obey LDFLAGS - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> -Upstream-Status: Pending - ---- irda-utils-0.9.18.orig/findchip/Makefile -+++ irda-utils-0.9.18/findchip/Makefile -@@ -65,5 +65,5 @@ install: findchip - - gfindchip: gfindchip.c - $(prn_cc) -- $(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs` -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs` - ---- irda-utils-0.9.18.orig/irattach/Makefile -+++ irda-utils-0.9.18/irattach/Makefile -@@ -49,13 +49,13 @@ all: $(TARGETS) - - irattach: irattach.o util.o - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@ -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@ - - - - dongle_attach: dongle_attach.o - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@ -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@ - - - install: $(TARGETS) ---- irda-utils-0.9.18.orig/irdadump/Makefile -+++ irda-utils-0.9.18/irdadump/Makefile -@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS) - - irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET) - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET) -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET) - - - .c.o: ---- irda-utils-0.9.18.orig/irdaping/Makefile -+++ irda-utils-0.9.18/irdaping/Makefile -@@ -56,7 +56,7 @@ all: $(TARGETS) - - irdaping: $(OBJS) - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@ -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ - - - .c.o: ---- irda-utils-0.9.18.orig/irnetd/Makefile -+++ irda-utils-0.9.18/irnetd/Makefile -@@ -50,7 +50,7 @@ all: $(TARGETS) - - irnetd: $(OBJS) - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@ -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ - - - install: irnetd ---- irda-utils-0.9.18.orig/psion/Makefile -+++ irda-utils-0.9.18/psion/Makefile -@@ -25,4 +25,4 @@ install: $(PSION_TARGETS) - CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS) - irpsion5: - $(prn_cc_o) -- $(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@ -\ No newline at end of file -+ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@ -\ No newline at end of file diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch deleted file mode 100644 index 97eb975023..0000000000 --- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch +++ /dev/null @@ -1,29 +0,0 @@ -Replace use of <net/if_packet.h> with <linux/if_packet.h>. - -kernel headers <linux/if_packet.h> already provides the -needed definitions, moreover not all libc implementations -provide if_packet.h e.g. musl - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Pending - -Index: irda-utils-0.9.18/irdaping/irdaping.c -=================================================================== ---- irda-utils-0.9.18.orig/irdaping/irdaping.c -+++ irda-utils-0.9.18/irdaping/irdaping.c -@@ -33,7 +33,6 @@ - #include <sys/socket.h> - #include <sys/ioctl.h> - #include <net/if.h> /* For struct ifreq */ --#include <net/if_packet.h> /* For struct sockaddr_pkt */ - #include <net/if_arp.h> /* For ARPHRD_IRDA */ - #include <netinet/if_ether.h> /* For ETH_P_ALL */ - #include <netinet/in.h> /* For htons */ -@@ -46,6 +45,7 @@ - #include <asm/byteorder.h> /* __cpu_to_le32 and co. */ - - #include <linux/types.h> /* For __u8 and co. */ -+#include <linux/if_packet.h> /* For struct sockaddr_pkt */ - #include <irda.h> - - #ifndef AF_IRDA diff --git a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb deleted file mode 100644 index 11b2ee9117..0000000000 --- a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb +++ /dev/null @@ -1,51 +0,0 @@ -SUMMARY = "Common files for IrDA" -DESCRIPTION = "Provides common files needed to use IrDA. \ -IrDA allows communication over Infrared with other devices \ -such as phones and laptops." -HOMEPAGE = "http://irda.sourceforge.net/" -BUGTRACKER = "http://sourceforge.net/p/irda/bugs/" -SECTION = "base" -LICENSE = "GPLv2+" -LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ - file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178" - -SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \ - file://ldflags.patch \ - file://musl.patch \ - file://init" - -SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb" -SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6" - -inherit update-rc.d - -EXTRA_OEMAKE = "\ - 'CC=${CC}' \ - 'LD=${LD}' \ - 'CFLAGS=${CFLAGS}' \ - 'LDFLAGS=${LDFLAGS}' \ - 'SYS_INCLUDES=' \ - 'V=1' \ -" - -INITSCRIPT_NAME = "irattach" -INITSCRIPT_PARAMS = "defaults 20" - -TARGETS ??= "irattach irdaping" -do_compile () { - for t in ${TARGETS}; do - oe_runmake -C $t - done -} - -do_install () { - install -d ${D}${sbindir} - for t in ${TARGETS}; do - oe_runmake -C $t ROOT="${D}" install - done - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} -} diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch index 0ea6a52789..179fd90124 100644 --- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ b/meta/recipes-connectivity/iw/iw/separate-objdir.patch @@ -1,3 +1,6 @@ +From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 +From: Changhyeok Bae <changhyeok.bae@gmail.com> +Date: Mon, 27 Jan 2020 22:48:03 +0100 Subject: [PATCH] Support separation of SRCDIR and OBJDIR Typical use of VPATH to locate the sources. @@ -7,29 +10,41 @@ Upstream-Status: Pending Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Maxin B. John <maxin.john@intel.com> --- -diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile ---- iw-4.3-origin/Makefile 2015-11-20 16:37:58.752077287 +0200 -+++ iw-4.3/Makefile 2015-11-20 16:57:15.510615815 +0200 -@@ -1,5 +1,7 @@ + Makefile | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 90f2251..714cdb9 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,5 +1,9 @@ MAKEFLAGS += --no-print-directory -- + +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) +OBJDIR ?= $(PWD) +VPATH = $(SRCDIR) ++ PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man -@@ -95,11 +97,11 @@ +@@ -92,7 +96,7 @@ all: $(ALL) version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ $(wildcard .git/index .git/refs/tags) @$(NQ) ' GEN ' $@ - $(Q)./version.sh $@ + $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ - %.o: %.c iw.h nl80211.h + nl80211-commands.inc: nl80211.h + @$(NQ) ' GEN ' $@ +@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h + + %.o: %.c iw.h nl80211.h nl80211-commands.inc @$(NQ) ' CC ' $@ -- $(Q)$(CC) $(CFLAGS) -c -o $@ $< -+ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $< +- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< ++ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< ifeq ($(IW_ANDROID_BUILD),) iw: $(OBJS) +-- +2.23.0 + diff --git a/meta/recipes-connectivity/iw/iw_4.9.bb b/meta/recipes-connectivity/iw/iw_6.7.bb index 6daeb07b70..b46b54bc93 100644 --- a/meta/recipes-connectivity/iw/iw_4.9.bb +++ b/meta/recipes-connectivity/iw/iw_6.7.bb @@ -2,9 +2,9 @@ SUMMARY = "nl80211 based CLI configuration utility for wireless devices" DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ wireless devices. It supports almost all new drivers that have been added \ to the kernel recently. " -HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw" +HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" SECTION = "base" -LICENSE = "BSD" +LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" DEPENDS = "libnl" @@ -14,8 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://separate-objdir.patch \ " -SRC_URI[md5sum] = "06e96ab7a5c652f8eaed6f71533a9e0f" -SRC_URI[sha256sum] = "12f921f3dbe0f33c309f5f2891cccf5325c94bd48dceeb102de183f5f048a9e2" +SRC_URI[sha256sum] = "b3ef3fa85fa1177b11d3e97d6d38cdfe10ee250ca31482b581f3bd0fc79cb015" inherit pkgconfig @@ -26,7 +25,6 @@ EXTRA_OEMAKE = "\ 'SBINDIR=${sbindir}' \ 'MANDIR=${mandir}' \ " -B = "${WORKDIR}/build" do_install() { oe_runmake 'DESTDIR=${D}' install diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch new file mode 100644 index 0000000000..94fbd12737 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch @@ -0,0 +1,28 @@ +From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 10 Nov 2020 15:57:03 +0000 +Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build + path into binary + +This breaks reproducibility and is needed only in unit testing. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +--- + src/lib/log/logger_unittest_support.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc +index fc01c6e..f46d17e 100644 +--- a/src/lib/log/logger_unittest_support.cc ++++ b/src/lib/log/logger_unittest_support.cc +@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { + const char* localfile = getenv("KEA_LOGGER_LOCALMSG"); + + // Set a directory for creating lockfiles when running tests +- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); ++ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); + + // Initialize logging + initLogger(root, severity, dbglevel, localfile); diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch new file mode 100644 index 0000000000..5b135b3aee --- /dev/null +++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -0,0 +1,58 @@ +From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 22 Sep 2020 15:02:33 +0800 +Subject: [PATCH] There are conflict of config files between kea and lib32-kea: + +| Error: Transaction test error: +| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of + lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 +| file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of + lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 + +Because they are all commented out, replace the expanded libdir path with +'$libdir' in the config files to avoid conflict. + +Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +--- + src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- + src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre +index e6ae8b8..50a3092 100644 +--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre ++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre +@@ -51,7 +51,8 @@ + // Agent will fail to start. + "hooks-libraries": [ + // { +-// "library": "@libdir@/kea/hooks/control-agent-commands.so", ++// // Replace $libdir with real library path /usr/lib or /usr/lib64 ++// "library": "$libdir/kea/hooks/control-agent-commands.so", + // "parameters": { + // "param1": "foo" + // } +diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre +index 6edb8a1..b2a7385 100644 +--- a/src/bin/keactrl/kea-dhcp4.conf.pre ++++ b/src/bin/keactrl/kea-dhcp4.conf.pre +@@ -255,7 +255,7 @@ + // // of all devices serviced by Kea, including their identifiers + // // (like MAC address), their location in the network, times + // // when they were active etc. +- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", ++ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", + // "parameters": { + // "path": "/var/lib/kea", + // "base-name": "kea-forensic4" +@@ -272,7 +272,7 @@ + // // of specific options or perhaps even a combination of several + // // options and fields to uniquely identify a client. Those scenarios + // // are addressed by the Flexible Identifiers hook application. +- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", ++ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", + // "parameters": { + // "identifier-expression": "relay4[2].hex" + // } diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch new file mode 100644 index 0000000000..63a6a2805b --- /dev/null +++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch @@ -0,0 +1,29 @@ +From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001 +From: Armin kuster <akuster808@gmail.com> +Date: Wed, 14 Oct 2020 22:48:31 -0700 +Subject: [PATCH] Busybox does not support ps -p so use pgrep + +Upstream-Status: Inappropriate [embedded specific] +Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> + +Signed-off-by: Armin kuster <akuster808@gmail.com> + +--- + src/bin/keactrl/keactrl.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in +index 450e997..c353ca9 100644 +--- a/src/bin/keactrl/keactrl.in ++++ b/src/bin/keactrl/keactrl.in +@@ -149,8 +149,8 @@ check_running() { + # Get the PID from the PID file (if it exists) + get_pid_from_file "${proc_name}" + if [ ${_pid} -gt 0 ]; then +- # Use ps to check if PID is alive +- if ps -p ${_pid} 1>/dev/null; then ++ # Use pgrep and grep to check if PID is alive ++ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then + # No error, so PID IS ALIVE + _running=1 + fi diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server new file mode 100644 index 0000000000..50fe40d439 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server @@ -0,0 +1,46 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp-ddns-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp-ddns-server" +NAME=kea-dhcp-ddns +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp_ddns" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service new file mode 100644 index 0000000000..f6059d73cb --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service @@ -0,0 +1,12 @@ +[Unit] +Description=Kea DHCP-DDNS Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server new file mode 100644 index 0000000000..e83e51025d --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp4-server @@ -0,0 +1,46 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp4-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp4-server" +NAME=kea-dhcp4 +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp4" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service new file mode 100644 index 0000000000..b851ea71c5 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service @@ -0,0 +1,13 @@ +[Unit] +Description=Kea DHCPv4 Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea +ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server new file mode 100644 index 0000000000..10f2d22641 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp6-server @@ -0,0 +1,47 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: kea-dhcp6-server +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ISC KEA DHCP IPv6 Server +### END INIT INFO + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="kea-dhcp6-server" +NAME=kea-dhcp6 +DAEMON=/usr/sbin/keactrl +DAEMON_ARGS=" -s dhcp6" + +set -e + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Source function library. +. /etc/init.d/functions + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + kpid=`pidof $NAME` + kill $kpid + echo "done." + ;; + restart|force-reload) + # + $0 stop + $0 start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service new file mode 100644 index 0000000000..0f9f0ef8d9 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service @@ -0,0 +1,13 @@ +[Unit] +Description=Kea DHCPv6 Server +Wants=network-online.target +After=network-online.target +After=time-sync.target + +[Service] +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ +ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea +ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/kea/kea_2.4.1.bb b/meta/recipes-connectivity/kea/kea_2.4.1.bb new file mode 100644 index 0000000000..9f8758f379 --- /dev/null +++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb @@ -0,0 +1,77 @@ +SUMMARY = "ISC Kea DHCP Server" +DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." +HOMEPAGE = "http://kea.isc.org" +SECTION = "connectivity" +LICENSE = "MPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131" + +DEPENDS = "boost log4cplus openssl" + +SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ + file://kea-dhcp4.service \ + file://kea-dhcp6.service \ + file://kea-dhcp-ddns.service \ + file://kea-dhcp4-server \ + file://kea-dhcp6-server \ + file://kea-dhcp-ddns-server \ + file://fix-multilib-conflict.patch \ + file://fix_pid_keactrl.patch \ + file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ + " +SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a" + +inherit autotools systemd update-rc.d upstream-version-is-even + +INITSCRIPT_NAME = "kea-dhcp4-server" +INITSCRIPT_PARAMS = "defaults 30" + +SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" +SYSTEMD_AUTO_ENABLE = "disable" + +DEBUG_OPTIMIZATION:remove:mips = " -Og" +DEBUG_OPTIMIZATION:append:mips = " -O" +BUILD_OPTIMIZATION:remove:mips = " -Og" +BUILD_OPTIMIZATION:append:mips = " -O" + +DEBUG_OPTIMIZATION:remove:mipsel = " -Og" +DEBUG_OPTIMIZATION:append:mipsel = " -O" +BUILD_OPTIMIZATION:remove:mipsel = " -Og" +BUILD_OPTIMIZATION:append:mipsel = " -O" + +EXTRA_OECONF = "--with-boost-libs=-lboost_system \ + --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ + --with-openssl=${STAGING_DIR_TARGET}${prefix}" + +do_configure:prepend() { + # replace abs_top_builddir to avoid introducing the build path + # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target + find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" + sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in +} + +# patch out build host paths for reproducibility +do_compile:prepend:class-target() { + sed -i -e "s,${WORKDIR},,g" ${B}/config.report +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + install -d ${D}${systemd_system_unitdir} + + install -m 0644 ${WORKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir} + install -m 0755 ${WORKDIR}/kea-*-server ${D}${sysconfdir}/init.d + sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl +} + +do_install:append() { + rm -rf "${D}${localstatedir}" +} + +CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" + +FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" +FILES:${PN} += "${libdir}/hooks/*.so" + +PARALLEL_MAKEINST = "" diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch deleted file mode 100644 index f63eb90cdc..0000000000 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch +++ /dev/null @@ -1,56 +0,0 @@ -From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 30 Jan 2016 19:29:45 +0000 -Subject: [PATCH] check for nss.h - -nss.h may not available on all libc implementations, e.g. musl does not -have this header, this patch detects nss.h presence and defines the data -types that are required if nss.h is missing on platform - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - configure.ac | 2 +- - src/nss.c | 11 +++++++++++ - 2 files changed, 12 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index aa66bc6..ce19b07 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL - - # Checks for header files. - AC_HEADER_STDC --AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h]) -+AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h]) - - # Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST -diff --git a/src/nss.c b/src/nss.c -index e48e315..406733b 100644 ---- a/src/nss.c -+++ b/src/nss.c -@@ -29,7 +29,18 @@ - #include <assert.h> - #include <netdb.h> - #include <sys/socket.h> -+#ifdef HAVE_NSS_H - #include <nss.h> -+#else -+enum nss_status { -+ NSS_STATUS_TRYAGAIN = -2, -+ NSS_STATUS_UNAVAIL, -+ NSS_STATUS_NOTFOUND, -+ NSS_STATUS_SUCCESS, -+ NSS_STATUS_RETURN -+}; -+#endif -+ - #include <stdio.h> - #include <stdlib.h> - --- -2.7.0 - diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb deleted file mode 100644 index 8d2feec769..0000000000 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb +++ /dev/null @@ -1,40 +0,0 @@ -SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" -HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/" -SECTION = "libs" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" - -DEPENDS = "avahi" -PR = "r7" - -SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \ - file://0001-check-for-nss.h.patch \ - " - -SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7" -SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d" - -S = "${WORKDIR}/nss-mdns-${PV}" - -inherit autotools - -EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi" - -# suppress warning, but don't bother with autonamer -LEAD_SONAME = "libnss_mdns.so" -DEBIANNAME_${PN} = "libnss-mdns" - -RDEPENDS_${PN} = "avahi-daemon" - -pkg_postinst_${PN} () { - sed -e '/^hosts:/s/\s*\<mdns\>//' \ - -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \ - -i $D${sysconfdir}/nsswitch.conf -} - -pkg_prerm_${PN} () { - sed -e '/^hosts:/s/\s*\<mdns\>//' \ - -e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \ - -i $D${sysconfdir}/nsswitch.conf -} diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb new file mode 100644 index 0000000000..0db609fc47 --- /dev/null +++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb @@ -0,0 +1,39 @@ +SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" +HOMEPAGE = "https://github.com/lathiat/nss-mdns" +DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." +SECTION = "libs" + +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" + +DEPENDS = "avahi" + +SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ + " + +SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +COMPATIBLE_HOST:libc-musl = 'null' + +EXTRA_OECONF = "--libdir=${base_libdir}" + +RDEPENDS:${PN} = "avahi-daemon" + +pkg_postinst:${PN} () { + sed ' + /^hosts:/ !b + /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b + s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g + ' -i $D${sysconfdir}/nsswitch.conf +} + +pkg_prerm:${PN} () { + sed ' + /^hosts:/ !b + s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g + ' -i $D${sysconfdir}/nsswitch.conf +} diff --git a/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch deleted file mode 100644 index edb6ae5667..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001 -From: Fabio Berton <fabio.berton@ossystems.com.br> -Date: Thu, 17 Nov 2016 09:44:42 -0200 -Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined -Organization: O.S. Systems Software LTDA. - -Fix error: - -/ -| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile': -| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t -| {aka struct _compiler_state}' has no member named 'ai' -| cstate.ai = NULL; -\ - -Upstream-Status: Submitted [1] - -[1] https://github.com/the-tcpdump-group/libpcap/pull/541 - -Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> ---- - gencode.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/gencode.c b/gencode.c -index a887f27..e103c70 100644 ---- a/gencode.c -+++ b/gencode.c -@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program, - } - initchunks(&cstate); - cstate.no_optimize = 0; -+#ifdef INET6 - cstate.ai = NULL; -+#endif - cstate.ic.root = NULL; - cstate.ic.cur_mark = 0; - cstate.bpf_pcap = p; --- -2.1.4 - diff --git a/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch deleted file mode 100644 index 032b265f05..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001 -From: Fabio Berton <fabio.berton@ossystems.com.br> -Date: Thu, 17 Nov 2016 09:47:29 -0200 -Subject: [PATCH 2/2] Add missing compiler_state_t parameter -Organization: O.S. Systems Software LTDA. - -Fix error: - -/ -|../libpcap-1.8.1/gencode.c: In function 'gen_gateway': -|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared -| (first use in this function) -| bpf_error(cstate, "direction applied to 'gateway'"); -\ - -Upstream-Status: Submitted [1] - -[1] https://github.com/the-tcpdump-group/libpcap/pull/541 - -Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> ---- - gencode.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/gencode.c b/gencode.c -index e103c70..f07c0be 100644 ---- a/gencode.c -+++ b/gencode.c -@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *, - struct in6_addr *, int, int, int); - #endif - #ifndef INET6 --static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); -+static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int); - #endif - static struct block *gen_ipfrag(compiler_state_t *); - static struct block *gen_portatom(compiler_state_t *, int, bpf_int32); -@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr, - - #ifndef INET6 - static struct block * --gen_gateway(eaddr, alist, proto, dir) -- const u_char *eaddr; -- bpf_u_int32 **alist; -- int proto; -- int dir; -+gen_gateway(cstate, eaddr, alist, proto, dir) -+ compiler_state_t *cstate; -+ const u_char *eaddr; -+ bpf_u_int32 **alist; -+ int proto; -+ int dir; - { - struct block *b0, *b1, *tmp; - -@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q) - alist = pcap_nametoaddr(name); - if (alist == NULL || *alist == NULL) - bpf_error(cstate, "unknown host '%s'", name); -- b = gen_gateway(eaddr, alist, proto, dir); -+ b = gen_gateway(cstate, eaddr, alist, proto, dir); - free(eaddr); - return b; - #else --- -2.1.4 - diff --git a/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch deleted file mode 100644 index 7e1eea6b1e..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch +++ /dev/null @@ -1,36 +0,0 @@ -Disable bits of remote capture support inherited from the WinPCAP merge -which cause applications to FTBFS if they define HAVE_REMOTE. - -Patch from: -https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/? -id=f35949969269dfdcc3549b12fade604755e1e326 - -Upstream-Status: Pending - ---- a/pcap/pcap.h -+++ b/pcap/pcap.h -@@ -506,6 +506,11 @@ - #define MODE_STAT 1 - #define MODE_MON 2 - -+#ifdef HAVE_REMOTE -+ /* Includes most of the public stuff that is needed for the remote capture */ -+ #include <remote-ext.h> -+#endif /* HAVE_REMOTE */ -+ - #elif defined(MSDOS) - - /* -@@ -526,11 +531,6 @@ - - #endif /* _WIN32/MSDOS/UN*X */ - --#ifdef HAVE_REMOTE -- /* Includes most of the public stuff that is needed for the remote capture */ -- #include <remote-ext.h> --#endif /* HAVE_REMOTE */ -- - #ifdef __cplusplus - } - #endif - diff --git a/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch deleted file mode 100644 index f40e655c44..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fix a missing dependency that can result in: - -../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001 -From: Alfredo Alvarez Fernandez <alfredoalvarezernandez@gmail.com> -Date: Tue, 21 Feb 2017 11:41:43 +0100 -Subject: [PATCH] Makefile.in: Fix missing dependency - ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index 7044f043..f5d443ae 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -465,7 +465,7 @@ grammar.h: grammar.c - $(MAKE) $(MAKEFLAGS) grammar.c; \ - fi - --grammar.o: grammar.c -+grammar.o: grammar.c scanner.h - $(CC) $(FULL_CFLAGS) -c grammar.c - - gencode.o: $(srcdir)/gencode.c grammar.h scanner.h diff --git a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch deleted file mode 100644 index afaa3bea9b..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001 -From: Fabio Berton <fabio.berton@ossystems.com.br> -Date: Thu, 3 Nov 2016 17:56:29 -0200 -Subject: [PATCH] libpcap: pkgconfig support -Organization: O.S. Systems Software LTDA. - -Adding basic structure to support pkg-config. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> -Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> ---- - Makefile.in | 5 +++++ - configure.ac | 1 + - libpcap.pc.in | 10 ++++++++++ - 3 files changed, 16 insertions(+) - create mode 100644 libpcap.pc.in - -diff --git a/Makefile.in b/Makefile.in -index e71d973..d7004ed 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@ - DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ - PROG=libpcap - -+# pkgconfig support -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = libpcap.pc -+ - # Standard CFLAGS - FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS) - -@@ -286,6 +290,7 @@ EXTRA_DIST = \ - lbl/os-solaris2.h \ - lbl/os-sunos4.h \ - lbl/os-ultrix4.h \ -+ libpcap.pc \ - missing/getopt.c \ - missing/getopt.h \ - missing/snprintf.c \ -diff --git a/configure.ac b/configure.ac -index da2f940..4fc67bf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1805,6 +1805,7 @@ fi - AC_PROG_INSTALL - - AC_CONFIG_HEADER(config.h) -+AC_CONFIG_FILES([libpcap.pc]) - - AC_OUTPUT_COMMANDS([if test -f .devel; then - echo timestamp > stamp-h -diff --git a/libpcap.pc.in b/libpcap.pc.in -new file mode 100644 -index 0000000..4f78ad8 ---- /dev/null -+++ b/libpcap.pc.in -@@ -0,0 +1,10 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+Name: libpcap -+Description: System-independent interface for user-level packet capture. -+Version: @VERSION@ -+Libs: -L${libdir} -lpcap -+Cflags: -I${includedir} --- -2.1.4 - diff --git a/meta/recipes-connectivity/libpcap/libpcap.inc b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb index e57ea87b37..166654e280 100644 --- a/meta/recipes-connectivity/libpcap/libpcap.inc +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb @@ -5,38 +5,39 @@ security monitoring and network debugging." HOMEPAGE = "http://www.tcpdump.org/" BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" SECTION = "libs/network" -LICENSE = "BSD" +LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -INC_PR = "r5" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" -SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz" +inherit autotools binconfig-disabled pkgconfig BINCONFIG = "${bindir}/pcap-config" -inherit autotools binconfig-disabled pkgconfig bluetooth - -EXTRA_OECONF = "--with-pcap=linux" +# Explicitly disable dag support. We don't have recipe for it and if enabled here, +# configure script poisons the include dirs with /usr/local/include even when the +# support hasn't been detected. Do the same thing for DPDK. +EXTRA_OECONF = " \ + --with-pcap=linux \ + --without-dag \ + --without-dpdk \ + " EXTRA_AUTORECONF += "--exclude=aclocal" -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \ +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4" -# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap. -PACKAGECONFIG[bluez5] = ",," +PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5" PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" -CPPFLAGS_prepend = "-I${S} " -CFLAGS_prepend = "-I${S} " -CXXFLAGS_prepend = "-I${S} " - -do_configure_prepend () { - sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in +do_configure:prepend () { + #remove hardcoded references to /usr/include + sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac } -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb deleted file mode 100644 index 13dfbd67a8..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb +++ /dev/null @@ -1,31 +0,0 @@ -require libpcap.inc - -SRC_URI += " \ - file://libpcap-pkgconfig-support.patch \ - file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \ - file://0002-Add-missing-compiler_state_t-parameter.patch \ - file://disable-remote.patch \ - file://fix-grammar-deps.patch \ -" - -SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447" -SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e" - -# -# make install doesn't cover the shared lib -# make install-shared is just broken (no symlinks) -# - -do_configure_prepend () { - #remove hardcoded references to /usr/include - sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac -} - -do_install_prepend () { - install -d ${D}${libdir} - install -d ${D}${bindir} - oe_runmake install-shared DESTDIR=${D} - oe_libinstall -a -so libpcap ${D}${libdir} - sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc - install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc -} diff --git a/meta/recipes-connectivity/libuv/libuv_1.48.0.bb b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb new file mode 100644 index 0000000000..87a2c22a7c --- /dev/null +++ b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" +HOMEPAGE = "https://github.com/libuv/libuv" +DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." +BUGTRACKER = "https://github.com/libuv/libuv/issues" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ + file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" + +SRCREV = "e9f29cb984231524e3931aa0ae2c5dae1a32884e" +SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +S = "${WORKDIR}/git" + +inherit autotools + +do_configure() { + ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" + oe_runconf +} + +BBCLASSEXTEND = "native" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index dbc578e2d8..a4030b7b32 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -1,13 +1,17 @@ SUMMARY = "Mobile Broadband Service Provider Database" HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" +DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c" -PV = "20170310" + +SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe" +PV = "20230416" PE = "1" -SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" S = "${WORKDIR}/git" inherit autotools + +DEPENDS += "libxslt-native" diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch index 466067693d..6e864079a9 100644 --- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch +++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch @@ -16,18 +16,15 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Makefile.am | 1 + 1 file changed, 1 insertion(+) -diff --git a/Makefile.am b/Makefile.am -index 3241311..a43eaa2 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \ +Index: neard-0.16/Makefile.am +=================================================================== +--- neard-0.16.orig/Makefile.am ++++ neard-0.16/Makefile.am +@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di src/plugin.$(OBJEXT): src/builtin.h src/builtin.h: src/genbuiltin $(builtin_sources) + $(AM_V_at)$(MKDIR_P) src $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ - $(src_neard_OBJECTS) \ --- -1.7.9.5 - + se/plugin.$(OBJEXT): se/builtin.h diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.19.bb index cc6af4e1ca..a98f436b98 100644 --- a/meta/recipes-connectivity/neard/neard_0.16.bb +++ b/meta/recipes-connectivity/neard/neard_0.19.bb @@ -1,33 +1,34 @@ SUMMARY = "Linux NFC daemon" DESCRIPTION = "A daemon for the Linux Near Field Communication stack" HOMEPAGE = "http://01.org/linux-nfc" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ + file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ + " -DEPENDS = "dbus glib-2.0 libnl" +DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" -SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \ +SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=https;branch=master \ file://neard.in \ file://Makefile.am-fix-parallel-issue.patch \ file://Makefile.am-do-not-ship-version.h.patch \ file://0001-Add-header-dependency-to-nciattach.o.patch \ " -SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41" -SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36" -LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ - file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ - " +SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7" + +S = "${WORKDIR}/git" -inherit autotools pkgconfig systemd update-rc.d bluetooth +inherit autotools pkgconfig systemd update-rc.d PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" EXTRA_OECONF += "--enable-tools" # This would copy neard start-stop shell and test scripts -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/init.d/ sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ @@ -36,15 +37,15 @@ do_install_append() { fi } -RDEPENDS_${PN} = "dbus" +RDEPENDS:${PN} = "dbus" # Bluez & Wifi are not mandatory except for handover -RRECOMMENDS_${PN} = "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \ +RRECOMMENDS:${PN} = "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ " INITSCRIPT_NAME = "neard" INITSCRIPT_PARAMS = "defaults 64" -SYSTEMD_SERVICE_${PN} = "neard.service" +SYSTEMD_SERVICE:${PN} = "neard.service" diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch deleted file mode 100644 index 4ac5290440..0000000000 --- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 14 Apr 2015 07:22:47 -0700 -Subject: [PATCH] include sys/types.h for getting u_* typedefs - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - cfg.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/cfg.h b/cfg.h -index d4d4cab..fe49e8f 100644 ---- a/cfg.h -+++ b/cfg.h -@@ -33,6 +33,7 @@ - #ifndef _CONF_H_ - #define _CONF_H_ - -+#include <sys/types.h> - #include "queue.h" - - struct conf_list_node { --- -2.1.4 - diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch deleted file mode 100644 index 4633da919e..0000000000 --- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch +++ /dev/null @@ -1,18 +0,0 @@ -Set nobody user and group - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Roy.Li <rongqing.li@windriver.com> ---- a/idmapd.conf -+++ b/idmapd.conf -@@ -17,8 +17,8 @@ - - [Mapping] - --#Nobody-User = nobody --#Nobody-Group = nobody -+Nobody-User = nobody -+Nobody-Group = nogroup - - [Translation] - diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch deleted file mode 100644 index d81c7c5f32..0000000000 --- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch +++ /dev/null @@ -1,13 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - ---- a/configure.in -+++ b/configure.in -@@ -1,7 +1,7 @@ - # -*- Autoconf -*- - # Process this file with autoconf to produce a configure script. - --AC_PREREQ([2.68]) -+AC_PREREQ([2.65]) - AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org]) - AC_CONFIG_SRCDIR([nfsidmap.h]) - AC_CONFIG_MACRO_DIR([m4]) diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb deleted file mode 100644 index 2565771006..0000000000 --- a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "NFS id mapping library" -HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/" -SECTION = "libs" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37" - -SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \ - file://fix-ac-prereq.patch \ - file://Set_nobody_user_group.patch \ - file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \ - " - -SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab" -SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf" - -UPSTREAM_CHECK_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/" - -inherit autotools - -EXTRA_OECONF = "--disable-ldap" - -do_install_append () { - install -d ${D}${sysconfdir}/ - install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf -} - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch new file mode 100644 index 0000000000..7603eb680d --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -0,0 +1,299 @@ +From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <Mingli.Yu@windriver.com> +Date: Fri, 14 Dec 2018 17:44:32 +0800 +Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a + +The source file of libnsm.a uses some function +in ../support/misc/file.c, add ../support/misc/file.c +to libnsm_a_SOURCES to fix build error when run +"make -C tests statdb_dump": +| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname': +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname' +| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames': +| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir' +| collect2: error: ld returned 1 exit status + +As there is already one source file named file.c +as support/nsm/file.c in support/nsm/Makefile.am, +so rename ../support/misc/file.c to ../support/misc/misc.c. + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2] + +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> + +Rebase it. + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + support/misc/Makefile.am | 2 +- + support/misc/file.c | 115 --------------------------------------------------------------------------------------------------------------- + support/misc/misc.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + support/nsm/Makefile.am | 2 +- + 4 files changed, 113 insertions(+), 117 deletions(-) + +diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am +index f9993e3..8b0e9db 100644 +--- a/support/misc/Makefile.am ++++ b/support/misc/Makefile.am +@@ -1,7 +1,7 @@ + ## Process this file with automake to produce Makefile.in + + noinst_LIBRARIES = libmisc.a +-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \ ++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c \ + nfsd_path.c workqueue.c xstat.c + + MAINTAINERCLEANFILES = Makefile.in +diff --git a/support/misc/file.c b/support/misc/file.c +deleted file mode 100644 +index 06f6bb2..0000000 +--- a/support/misc/file.c ++++ /dev/null +@@ -1,115 +0,0 @@ +-/* +- * Copyright 2009 Oracle. All rights reserved. +- * Copyright 2017 Red Hat, Inc. All rights reserved. +- * +- * This file is part of nfs-utils. +- * +- * nfs-utils is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; either version 2 of the License, or +- * (at your option) any later version. +- * +- * nfs-utils is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>. +- */ +- +-#ifdef HAVE_CONFIG_H +-#include <config.h> +-#endif +- +-#include <sys/stat.h> +- +-#include <string.h> +-#include <libgen.h> +-#include <stdio.h> +-#include <errno.h> +-#include <dirent.h> +-#include <stdlib.h> +-#include <stdbool.h> +-#include <limits.h> +- +-#include "xlog.h" +-#include "misc.h" +- +-/* +- * Returns a dynamically allocated, '\0'-terminated buffer +- * containing an appropriate pathname, or NULL if an error +- * occurs. Caller must free the returned result with free(3). +- */ +-__attribute__((__malloc__)) +-char * +-generic_make_pathname(const char *base, const char *leaf) +-{ +- size_t size; +- char *path; +- int len; +- +- size = strlen(base) + strlen(leaf) + 2; +- if (size > PATH_MAX) +- return NULL; +- +- path = malloc(size); +- if (path == NULL) +- return NULL; +- +- len = snprintf(path, size, "%s/%s", base, leaf); +- if ((len < 0) || ((size_t)len >= size)) { +- free(path); +- return NULL; +- } +- +- return path; +-} +- +- +-/** +- * generic_setup_basedir - set up basedir +- * @progname: C string containing name of program, for error messages +- * @parentdir: C string containing pathname to on-disk state, or NULL +- * @base: character buffer to contain the basedir that is set up +- * @baselen: size of @base in bytes +- * +- * This runs before logging is set up, so error messages are directed +- * to stderr. +- * +- * Returns true and sets up our basedir, if @parentdir was valid +- * and usable; otherwise false is returned. +- */ +-_Bool +-generic_setup_basedir(const char *progname, const char *parentdir, char *base, +- const size_t baselen) +-{ +- static char buf[PATH_MAX]; +- struct stat st; +- char *path; +- +- /* First: test length of name and whether it exists */ +- if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) { +- (void)fprintf(stderr, "%s: Directory name too long: %s", +- progname, parentdir); +- return false; +- } +- if (lstat(parentdir, &st) == -1) { +- (void)fprintf(stderr, "%s: Failed to stat %s: %s", +- progname, parentdir, strerror(errno)); +- return false; +- } +- +- /* Ensure we have a clean directory pathname */ +- strncpy(buf, parentdir, sizeof(buf)-1); +- path = dirname(buf); +- if (*path == '.') { +- (void)fprintf(stderr, "%s: Unusable directory %s", +- progname, parentdir); +- return false; +- } +- +- xlog(D_CALL, "Using %s as the state directory", parentdir); +- strcpy(base, parentdir); +- return true; +-} +diff --git a/support/misc/misc.c b/support/misc/misc.c +new file mode 100644 +index 0000000..e7c3819 +--- /dev/null ++++ b/support/misc/misc.c +@@ -0,0 +1,111 @@ ++/* ++ * Copyright 2009 Oracle. All rights reserved. ++ * Copyright 2017 Red Hat, Inc. All rights reserved. ++ * ++ * This file is part of nfs-utils. ++ * ++ * nfs-utils is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * nfs-utils is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with nfs-utils. If not, see <http://www.gnu.org/licenses/>. ++ */ ++ ++#include <sys/stat.h> ++ ++#include <string.h> ++#include <libgen.h> ++#include <stdio.h> ++#include <errno.h> ++#include <dirent.h> ++#include <stdlib.h> ++#include <stdbool.h> ++#include <limits.h> ++ ++#include "xlog.h" ++#include "misc.h" ++ ++/* ++ * Returns a dynamically allocated, '\0'-terminated buffer ++ * containing an appropriate pathname, or NULL if an error ++ * occurs. Caller must free the returned result with free(3). ++ */ ++__attribute__((__malloc__)) ++char * ++generic_make_pathname(const char *base, const char *leaf) ++{ ++ size_t size; ++ char *path; ++ int len; ++ ++ size = strlen(base) + strlen(leaf) + 2; ++ if (size > PATH_MAX) ++ return NULL; ++ ++ path = malloc(size); ++ if (path == NULL) ++ return NULL; ++ ++ len = snprintf(path, size, "%s/%s", base, leaf); ++ if ((len < 0) || ((size_t)len >= size)) { ++ free(path); ++ return NULL; ++ } ++ ++ return path; ++} ++ ++ ++/** ++ * generic_setup_basedir - set up basedir ++ * @progname: C string containing name of program, for error messages ++ * @parentdir: C string containing pathname to on-disk state, or NULL ++ * @base: character buffer to contain the basedir that is set up ++ * @baselen: size of @base in bytes ++ * ++ * This runs before logging is set up, so error messages are directed ++ * to stderr. ++ * ++ * Returns true and sets up our basedir, if @parentdir was valid ++ * and usable; otherwise false is returned. ++ */ ++_Bool ++generic_setup_basedir(const char *progname, const char *parentdir, char *base, ++ const size_t baselen) ++{ ++ static char buf[PATH_MAX]; ++ struct stat st; ++ char *path; ++ ++ /* First: test length of name and whether it exists */ ++ if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) { ++ (void)fprintf(stderr, "%s: Directory name too long: %s", ++ progname, parentdir); ++ return false; ++ } ++ if (lstat(parentdir, &st) == -1) { ++ (void)fprintf(stderr, "%s: Failed to stat %s: %s", ++ progname, parentdir, strerror(errno)); ++ return false; ++ } ++ ++ /* Ensure we have a clean directory pathname */ ++ strncpy(buf, parentdir, sizeof(buf)-1); ++ path = dirname(buf); ++ if (*path == '.') { ++ (void)fprintf(stderr, "%s: Unusable directory %s", ++ progname, parentdir); ++ return false; ++ } ++ ++ xlog(D_CALL, "Using %s as the state directory", parentdir); ++ strcpy(base, parentdir); ++ return true; ++} +diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am +index 8f5874e..68f1a46 100644 +--- a/support/nsm/Makefile.am ++++ b/support/nsm/Makefile.am +@@ -10,7 +10,7 @@ GENFILES = $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H) + EXTRA_DIST = sm_inter.x + + noinst_LIBRARIES = libnsm.a +-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c ++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c + + BUILT_SOURCES = $(GENFILES) + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch deleted file mode 100644 index 7025fb555c..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001 -From: Martin Jansa <Martin.Jansa@gmail.com> -Date: Fri, 15 Nov 2013 23:21:35 +0100 -Subject: [PATCH] configure: Allow to explicitly disable nfsidmap - -* keyutils availability is autodetected and builds aren't reproducible - -Upstream-Status: Pending - -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> ---- - configure.ac | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index bf433d6..28a8f62 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -69,6 +69,12 @@ AC_ARG_ENABLE(nfsv4, - AC_SUBST(enable_nfsv4) - AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"]) - -+AC_ARG_ENABLE(nfsidmap, -+ [AC_HELP_STRING([--enable-nfsidmap], -+ [enable support for NFSv4 idmapper @<:@default=yes@:>@])], -+ enable_nfsidmap=$enableval, -+ enable_nfsidmap=yes) -+ - AC_ARG_ENABLE(nfsv41, - [AC_HELP_STRING([--enable-nfsv41], - [enable support for NFSv41 @<:@default=yes@:>@])], -@@ -296,7 +302,7 @@ fi - - dnl enable nfsidmap when its support by libnfsidmap - AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ]) --AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"]) -+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"]) - - - if test "$knfsd_cv_glibc2" = no; then --- -1.8.4.3 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch deleted file mode 100644 index 235a2c76fc..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 36b48057bce76dced335d67a2894a420967811c9 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 20 May 2017 14:07:53 -0700 -Subject: [PATCH] include stdint.h for UINT16_MAX definition - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - support/nsm/rpc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/support/nsm/rpc.c b/support/nsm/rpc.c -index 4e5f40e..d91c6ea 100644 ---- a/support/nsm/rpc.c -+++ b/support/nsm/rpc.c -@@ -40,6 +40,7 @@ - - #include <time.h> - #include <stdbool.h> -+#include <stdint.h> - #include <string.h> - #include <unistd.h> - #include <fcntl.h> --- -2.13.0 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch new file mode 100644 index 0000000000..351407ddcd --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch @@ -0,0 +1,36 @@ +From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 24 Jul 2023 20:39:16 -0700 +Subject: [PATCH] locktest: Makefile.am: Do not use build flags + +Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags +when thse flags are speficied different than target flags which +is common when cross-building. It can pass wrong paths to linker +and it would find incompatible libraries during link since they +are from host system and target maybe not same as build host. + +Fixes subtle errors like +| aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64 + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + tools/locktest/Makefile.am | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am +index e8914655..2fd36971 100644 +--- a/tools/locktest/Makefile.am ++++ b/tools/locktest/Makefile.am +@@ -2,8 +2,5 @@ + + noinst_PROGRAMS = testlk + testlk_SOURCES = testlk.c +-testlk_CFLAGS=$(CFLAGS_FOR_BUILD) +-testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD) +-testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD) + + MAINTAINERCLEANFILES = Makefile.in +-- +2.41.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch new file mode 100644 index 0000000000..57d4660571 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch @@ -0,0 +1,34 @@ +From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001 +From: Robert Yang <liezhi.yang@windriver.com> +Date: Sat, 9 Dec 2023 23:34:08 -0800 +Subject: [PATCH] reexport.h: Include unistd.h to compile with musl + +Fixed error when compile with musl +reexport.c: In function 'reexpdb_init': +reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration] + 62 | sleep(1); + + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2] + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + support/reexport/reexport.h | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h +index 85fd59c..02f8684 100644 +--- a/support/reexport/reexport.h ++++ b/support/reexport/reexport.h +@@ -1,6 +1,8 @@ + #ifndef REEXPORT_H + #define REEXPORT_H + ++#include <unistd.h> ++ + #include "nfslib.h" + + enum { +-- +2.42.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch new file mode 100644 index 0000000000..7d903e04bc --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch @@ -0,0 +1,53 @@ +From e2e9251dbeb452f5382179023d8ae18b511167a1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 25 Jul 2023 23:47:08 -0700 +Subject: [PATCH] tools/locktest: Use intmax_t to print off_t + +off_t could be 64bit on 32bit architectures which means using %z printf +modifier is not enough to print it and compiler will complain about +format mismatch + +Fixes +| testlk.c:84:66: error: format '%zd' expects argument of type 'signed size_t', but argument 4 has type '__off64_t' {aka 'long long int'} [-Werror=format=] +| 84 | printf("%s: conflicting lock by %d on (%zd;%zd)\n", +| | ~~^ +| | | +| | int +| | %lld +| 85 | fname, fl.l_pid, fl.l_start, fl.l_len); +| | ~~~~~~~~~~ +| | | +| | __off64_t {aka long long int} + +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169035457128067&w=2] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + tools/locktest/testlk.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c +index ea51f788..9d4c88c4 100644 +--- a/tools/locktest/testlk.c ++++ b/tools/locktest/testlk.c +@@ -2,6 +2,7 @@ + #include <config.h> + #endif + ++#include <stdint.h> + #include <stdlib.h> + #include <stdio.h> + #include <unistd.h> +@@ -81,8 +82,8 @@ main(int argc, char **argv) + if (fl.l_type == F_UNLCK) { + printf("%s: no conflicting lock\n", fname); + } else { +- printf("%s: conflicting lock by %d on (%zd;%zd)\n", +- fname, fl.l_pid, fl.l_start, fl.l_len); ++ printf("%s: conflicting lock by %d on (%jd;%jd)\n", ++ fname, fl.l_pid, (intmax_t)fl.l_start, (intmax_t)fl.l_len); + } + return 0; + } +-- +2.41.0 + diff --git a/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch index 14bd4036af..f13d7b380c 100644 --- a/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch @@ -12,23 +12,28 @@ instead but forgot to update the mount.nfs helper 'start-statd' accordingly. Upstream-Status: Inappropriate [other] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> + +Rebase it. + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> --- - utils/statd/start-statd | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + utils/statd/start-statd | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/statd/start-statd b/utils/statd/start-statd -index 8211a90..3c2aa6f 100755 +index af5c950..df9b9be 100755 --- a/utils/statd/start-statd +++ b/utils/statd/start-statd -@@ -16,7 +16,7 @@ fi +@@ -28,10 +28,10 @@ fi # First try systemd if it's installed. if [ -d /run/systemd/system ]; then # Quit only if the call worked. -- systemctl start rpc-statd.service && exit -+ systemctl start nfs-statd.service && exit +- if systemctl start rpc-statd.service; then ++ if systemctl start nfs-statd.service; then + # Ensure systemd knows not to stop rpc.statd or its dependencies + # on 'systemctl isolate ..' +- systemctl add-wants --runtime remote-fs.target rpc-statd.service ++ systemctl add-wants --runtime remote-fs.target nfs-statd.service + exit 0 + fi fi - - # Fall back to launching it ourselves. --- -2.1.4 - diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch new file mode 100644 index 0000000000..fde99b599e --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch @@ -0,0 +1,36 @@ +From 1ab0c326405c6daa06f1a7eb4b0b60bf4e0584c2 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 31 Dec 2019 08:15:34 -0800 +Subject: [PATCH] Detect warning options during configure + +Certain options maybe compiler specific therefore its better +to detect them before use. + +nfs_error copies the format string and appends newline to it +but compiler can forget that it was format string since its not +same fmt string that was passed. Ignore the warning + +Wdiscarded-qualifiers is gcc specific and this is no longer needed + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + support/nfs/xcommon.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c +index 3989f0b..e080423 100644 +--- a/support/nfs/xcommon.c ++++ b/support/nfs/xcommon.c +@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) { + + fmt2 = xstrconcat2 (fmt, "\n"); + va_start (args, fmt); ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-nonliteral" + vfprintf (stderr, fmt2, args); ++#pragma GCC diagnostic pop + va_end (args); + free (fmt2); + } diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service index 27ea58d366..ebfe64b9ce 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service @@ -1,6 +1,7 @@ [Unit] Description=NFS Mount Daemon DefaultDependencies=no +After=rpcbind.socket Requires=proc-fs-nfsd.mount After=proc-fs-nfsd.mount After=network.target local-fs.target @@ -10,6 +11,8 @@ ConditionPathExists=@SYSCONFDIR@/exports [Service] EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service index 6481377d80..15ceee04d0 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service @@ -17,8 +17,8 @@ ExecStop=@SBINDIR@/rpc.nfsd 0 ExecStopPost=@SBINDIR@/exportfs -au ExecStopPost=@SBINDIR@/exportfs -f ExecReload=@SBINDIR@/exportfs -r -StandardError=syslog RemainAfterExit=yes +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service index 6e196b8c8c..b519194121 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service @@ -4,10 +4,13 @@ DefaultDependencies=no Conflicts=umount.target Requires=nss-lookup.target rpcbind.service After=network.target nss-lookup.target rpcbind.service +ConditionPathExists=@SYSCONFDIR@/exports [Service] EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS +LimitNOFILE=@HIGH_RLIMIT_NOFILE@ +StateDirectory=nfs [Install] WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch deleted file mode 100644 index d8f8181670..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fixes errors like -sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later -This error will occur anytime sm-notify is run before the network if fully up, -which is happening more and more with parallel startup systems. -The res_init() call is simple, safe, quick, and a patch to use it should be -able to go upstream. Presumably the whole reason sm-notify tries several -times is to wait for possible changes to the network configuration, but without -calling res_init() it will never be aware of those changes - -Backported drom Fedora - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - - -diff -up nfs-utils-1.2.3/utils/statd/sm-notify.c.orig nfs-utils-1.2.3/utils/statd/sm-notify.c ---- nfs-utils-1.2.3/utils/statd/sm-notify.c.orig 2010-09-28 08:24:16.000000000 -0400 -+++ nfs-utils-1.2.3/utils/statd/sm-notify.c 2010-10-15 16:44:43.487119601 -0400 -@@ -28,6 +28,9 @@ - #include <netdb.h> - #include <errno.h> - #include <grp.h> -+#include <netinet/in.h> -+#include <arpa/nameser.h> -+#include <resolv.h> - - #include "sockaddr.h" - #include "xlog.h" -@@ -84,6 +87,7 @@ smn_lookup(const char *name) - }; - int error; - -+ res_init(); - error = getaddrinfo(name, NULL, &hint, &ai); - if (error != 0) { - xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error)); diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch deleted file mode 100644 index 993f1e5ea5..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch +++ /dev/null @@ -1,42 +0,0 @@ -nfs-utils: Do not pass CFLAGS to gcc while building - -Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has -been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD). - -Upstream-Status: Pending - -Signed-off-by: Chong Lu <Chong.Lu@windriver.com> ---- - tools/locktest/Makefile.am | 2 ++ - tools/rpcgen/Makefile.am | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am -index 3156815..1729fd1 100644 ---- a/tools/locktest/Makefile.am -+++ b/tools/locktest/Makefile.am -@@ -1,6 +1,8 @@ - ## Process this file with automake to produce Makefile.in - - CC=$(CC_FOR_BUILD) -+CFLAGS= -+LDFLAGS= - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = testlk -diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am -index 8a9ec89..8bacdaa 100644 ---- a/tools/rpcgen/Makefile.am -+++ b/tools/rpcgen/Makefile.am -@@ -1,6 +1,8 @@ - ## Process this file with automake to produce Makefile.in - - CC=$(CC_FOR_BUILD) -+CFLAGS= -+LDFLAGS= - LIBTOOL = @LIBTOOL@ --tag=CC - - noinst_PROGRAMS = rpcgen --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch index ede0dcefc4..ede0dcefc4 100644 --- a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver index d5e9c38a9c..0f5747cc6d 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver @@ -107,7 +107,7 @@ stop_nfsd(){ #FIXME: need to create the /var/lib/nfs/... directories case "$1" in start) - exportfs -r + test -r /etc/exports && exportfs -r start_nfsd "$NFS_SERVERS" start_mountd test -r /etc/exports && exportfs -a;; diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb index 79453ad20c..2f2644f9a8 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb @@ -4,23 +4,21 @@ NFS server and related tools." HOMEPAGE = "http://nfs.sourceforge.net/" SECTION = "console/network" -LICENSE = "MIT & GPLv2+ & BSD" +LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" # util-linux for libblkid -DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client bash" -RRECOMMENDS_${PN} = "kernel-module-nfsd" +DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" +RDEPENDS:${PN} = "${PN}-client" +RRECOMMENDS:${PN} = "kernel-module-nfsd" inherit useradd USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ +USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ --shell /bin/false --user-group rpcuser" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ - file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \ - file://nfs-utils-1.2.3-sm-notify-res_init.patch \ file://nfsserver \ file://nfscommon \ file://nfs-utils.conf \ @@ -28,14 +26,15 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://nfs-mountd.service \ file://nfs-statd.service \ file://proc-fs-nfsd.mount \ - file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ file://nfs-utils-debianize-start-statd.patch \ file://bugfix-adjust-statd-service-name.patch \ - file://0001-include-stdint.h-for-UINT16_MAX-definition.patch \ -" - -SRC_URI[md5sum] = "59dfcb2e6254b129f901f40c86086b13" -SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef" + file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ + file://clang-warnings.patch \ + file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ + file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \ + file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \ + " +SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -43,14 +42,14 @@ SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0 INITSCRIPT_PACKAGES = "${PN} ${PN}-client" INITSCRIPT_NAME = "nfsserver" INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" +INITSCRIPT_NAME:${PN}-client = "nfscommon" +INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" inherit autotools-brokensep update-rc.d systemd pkgconfig SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" +SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service" # --enable-uuid is need for cross-compiling EXTRA_OECONF = "--with-statduser=rpcuser \ @@ -60,58 +59,68 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ --disable-gss \ --disable-nfsdcltrack \ --with-statdpath=/var/lib/nfs/statd \ + --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ " +LDFLAGS:append = " -lsqlite3 -levent" + PACKAGECONFIG ??= "tcp-wrappers \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" -PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe -PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper" +PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" +# keyutils is available in meta-oe +PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" -PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" +PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl" -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ +CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ ${localstatedir}/lib/nfs/rmtab \ ${localstatedir}/lib/nfs/xtab \ ${localstatedir}/lib/nfs/statd/state \ ${sysconfdir}/nfsmount.conf" -FILES_${PN}-client = "${sbindir}/*statd \ +FILES:${PN}-client = "${sbindir}/*statd \ + ${libdir}/libnfsidmap.so.* \ ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ ${sbindir}/showmount ${sbindir}/nfsstat \ ${localstatedir}/lib/nfs \ ${sysconfdir}/nfs-utils.conf \ ${sysconfdir}/nfsmount.conf \ ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + ${systemd_system_unitdir}/nfs-statd.service" +RDEPENDS:${PN}-client = "${PN}-mount rpcbind" + +FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" +FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" +RDEPENDS:${PN}-stats = "python3-core" -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat" -RDEPENDS_${PN}-stats = "python3-core" +FILES:${PN}-rpcctl = "${sbindir}/rpcctl" +RDEPENDS:${PN}-rpcctl = "python3-core" -FILES_${PN} += "${systemd_unitdir}" +FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" -do_configure_prepend() { - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/mount/Makefile.am +FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d" - sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ - ${S}/utils/osd_login/Makefile.am +do_configure:prepend() { + sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ + ${S}/utils/mount/Makefile.am } # Make clean needed because the package comes with # precompiled 64-bit objects that break the build -do_compile_prepend() { +do_compile:prepend() { make clean } -do_install_append () { +# Works on systemd only +HIGH_RLIMIT_NOFILE ??= "4096" + +do_install:append () { install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon @@ -119,17 +128,18 @@ do_install_append () { install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/ sed -i -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - ${D}${systemd_unitdir}/system/*.service + -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ + ${D}${systemd_system_unitdir}/*.service if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/ + install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount fi # kernel code as of 3.8 hard-codes this path as a default @@ -139,12 +149,6 @@ do_install_append () { chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state - # the following are built by CC_FOR_BUILD - rm -f ${D}${sbindir}/rpcdebug - rm -f ${D}${sbindir}/rpcgen - rm -f ${D}${sbindir}/locktest - - # Make python tools use python 3 - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat - + # Make python tools use python 3 + sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat } diff --git a/meta/recipes-connectivity/ofono/ofono.inc b/meta/recipes-connectivity/ofono/ofono.inc deleted file mode 100644 index 676a0c0042..0000000000 --- a/meta/recipes-connectivity/ofono/ofono.inc +++ /dev/null @@ -1,42 +0,0 @@ -HOMEPAGE = "http://www.ofono.org" -SUMMARY = "open source telephony" -DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ - file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" - -inherit autotools pkgconfig update-rc.d systemd bluetooth - -DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info" - -INITSCRIPT_NAME = "ofono" -INITSCRIPT_PARAMS = "defaults 22" - -PACKAGECONFIG ??= "\ - ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ - " -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" -PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}" - -EXTRA_OECONF += "--enable-test" - -SYSTEMD_SERVICE_${PN} = "ofono.service" - -do_install_append() { - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono - - # Ofono still has one test tool that refers to Python 2 in the shebang - sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/ofono/test/set-ddr - -} - -PACKAGES =+ "${PN}-tests" - -RDEPENDS_${PN} += "dbus" -RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" - -FILES_${PN} += "${systemd_unitdir}" -FILES_${PN}-tests = "${libdir}/${BPN}/test" -RDEPENDS_${PN}-tests = "python3 python3-pygobject python3-dbus" diff --git a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch new file mode 100644 index 0000000000..8a5a300adc --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch @@ -0,0 +1,36 @@ +From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 23 May 2019 18:11:22 -0700 +Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy + +Fixes build on musl which does not provide this macro + +Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + drivers/mbimmodem/mbim-private.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h +index e159235..51693ea 100644 +--- a/drivers/mbimmodem/mbim-private.h ++++ b/drivers/mbimmodem/mbim-private.h +@@ -21,6 +21,15 @@ + + #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1)) + ++#ifndef TEMP_FAILURE_RETRY ++#define TEMP_FAILURE_RETRY(expression) ({ \ ++ __typeof(expression) __result; \ ++ do { \ ++ __result = (expression); \ ++ } while (__result == -1 && errno == EINTR); \ ++ __result; }) ++#endif ++ + enum mbim_control_message { + MBIM_OPEN_MSG = 0x1, + MBIM_CLOSE_MSG = 0x2, +-- +2.21.0 + diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch new file mode 100644 index 0000000000..3655b3fd66 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch @@ -0,0 +1,28 @@ +From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Wed, 21 Apr 2021 11:01:34 +0000 +Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro + from ell/util.h + +Upstream-Status: Pending + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + drivers/mbimmodem/mbim-private.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h +index 51693eae..d917312c 100644 +--- a/drivers/mbimmodem/mbim-private.h ++++ b/drivers/mbimmodem/mbim-private.h +@@ -30,6 +30,10 @@ + __result; }) + #endif + ++/* used to be part of ell/util.h before 0.39: ++ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */ ++#define unlikely(x) __builtin_expect(!!(x), 0) ++ + enum mbim_control_message { + MBIM_OPEN_MSG = 0x1, + MBIM_CLOSE_MSG = 0x2, diff --git a/meta/recipes-connectivity/ofono/ofono_1.21.bb b/meta/recipes-connectivity/ofono/ofono_1.21.bb deleted file mode 100644 index 1f0e31da47..0000000000 --- a/meta/recipes-connectivity/ofono/ofono_1.21.bb +++ /dev/null @@ -1,8 +0,0 @@ -require ofono.inc - -SRC_URI = "\ - ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ - file://ofono \ -" -SRC_URI[md5sum] = "bc2b818f6fe5725d0dd8591aff6640d7" -SRC_URI[sha256sum] = "a6b021cda0b444b772897cd637d5f455857fb5819b62c279a8302b44f9c7f2c3" diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb new file mode 100644 index 0000000000..dae5cc3c25 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb @@ -0,0 +1,55 @@ +SUMMARY = "open source telephony" +DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." +HOMEPAGE = "http://www.ofono.org" +BUGTRACKER = "https://01.org/jira/browse/OF" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ + file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" +DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" + +SRC_URI = "\ + ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ + file://ofono \ + file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ + file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ +" +SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" + +inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data + +INITSCRIPT_NAME = "ofono" +INITSCRIPT_PARAMS = "defaults 22" +SYSTEMD_SERVICE:${PN} = "ofono.service" + +PACKAGECONFIG ??= "\ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ +" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" +PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" + +EXTRA_OECONF += "--enable-test --enable-external-ell" + +do_configure:prepend() { + bbnote "Removing bundled ell from ${S}/ell to prevent including it" + rm -rf ${S}/ell +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono +} + +PACKAGES =+ "${PN}-tests" + +FILES:${PN} += "${systemd_unitdir}" +FILES:${PN}-tests = "${libdir}/${BPN}/test" + +RDEPENDS:${PN} += "dbus" +RDEPENDS:${PN}-tests = "\ + python3-core \ + python3-dbus \ + ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ +" + +RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch b/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch deleted file mode 100644 index ce9e200d78..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-openssh-Fix-syntax-error-on-x32.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a7e359d4ba345aa2a13c07f1057184e9b4e598a2 Mon Sep 17 00:00:00 2001 -From: sweeaun <swee.aun.khor@intel.com> -Date: Tue, 22 Aug 2017 11:19:48 -0700 -Subject: [PATCH] openssh: Fix syntax error on x32 - -Upstream-Status: Backport -This bug has been fixed in v_7.5 branch https://github.com/openssh/ -openssh-portable/tree/V_7_5 and master branch https://github.com/ -openssh/openssh-portable/tree/master. - -Fix compilation error during openssh x32 build due to syntax error. - -Signed-off-by: sweeaun <swee.aun.khor@intel.com> ---- - sandbox-seccomp-filter.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index 3a1aedc..a8d472a 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = { - * x86-64 syscall under some circumstances, e.g. - * https://bugs.debian.org/849923 - */ -- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); -+ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT), - #endif - - /* Default deny */ --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch new file mode 100644 index 0000000000..8763f30f4b --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch @@ -0,0 +1,61 @@ +From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Mon, 11 Sep 2023 09:55:21 +0100 +Subject: [PATCH] regress/banner.sh: log input and output files on error + +Some test environments like yocto with qemu are seeing these +tests failing. There may be additional error messages in the +stderr of ssh cloent command. busybox cmp shows this error when +first input file has less new line characters then second +input file: + +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in + +Logging the full banner.out will show what other error messages +are captured in addition of the expected banner. + +Full log of a failing banner test runs is: + +run test banner.sh ... +test banner: missing banner file +test banner: size 0 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 0 mismatch +test banner: size 10 +test banner: size 100 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 100 mismatch +test banner: size 1000 +test banner: size 10000 +test banner: size 100000 +test banner: suppress banner (-q) +FAIL: banner +return value: 1 + +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 + +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + regress/banner.sh | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/regress/banner.sh b/regress/banner.sh +index a84feb5a..de84957a 100644 +--- a/regress/banner.sh ++++ b/regress/banner.sh +@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do + verbose "test $tid: size $s" + ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ + cmp $OBJ/banner.in $OBJ/banner.out ) || \ +- fail "banner size $s mismatch" ++ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ ++ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ ++ fail "banner size $s mismatch" ) + done + + trace "test suppress banner (-q)" +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch new file mode 100644 index 0000000000..f079d936a4 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch @@ -0,0 +1,96 @@ +From b02ef7621758f06eb686ef4f620636dbad086eda Mon Sep 17 00:00:00 2001 +From: Matt Jolly <Matt.Jolly@footclan.ninja> +Date: Thu, 2 Feb 2023 21:05:40 +1100 +Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` + +This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org> +patch based on Jakub Jelen's <jjelen@redhat.com> original patch + +Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] + +Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> +--- + configure.ac | 24 ++++++++++++++++++++++++ + sshd.c | 13 +++++++++++++ + 2 files changed, 37 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 82e8bb7..d1145d3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4870,6 +4870,29 @@ AC_SUBST([GSSLIBS]) + AC_SUBST([K5LIBS]) + AC_SUBST([CHANNELLIBS]) + ++# Check whether user wants systemd support ++SYSTEMD_MSG="no" ++AC_ARG_WITH(systemd, ++ [ --with-systemd Enable systemd support], ++ [ if test "x$withval" != "xno" ; then ++ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) ++ if test "$PKGCONFIG" != "no"; then ++ AC_MSG_CHECKING([for libsystemd]) ++ if $PKGCONFIG --exists libsystemd; then ++ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` ++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` ++ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" ++ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) ++ SYSTEMD_MSG="yes" ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ fi ++ fi ] ++) ++ + # Looking for programs, paths and files + + PRIVSEP_PATH=/var/empty +@@ -5688,6 +5711,7 @@ echo " libldns support: $LDNS_MSG" + echo " Solaris process contract support: $SPC_MSG" + echo " Solaris project support: $SP_MSG" + echo " Solaris privilege support: $SPP_MSG" ++echo " systemd support: $SYSTEMD_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" + echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " BSD Auth support: $BSD_AUTH_MSG" +diff --git a/sshd.c b/sshd.c +index b4f2b97..6820a41 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -88,6 +88,10 @@ + #include <prot.h> + #endif + ++#ifdef HAVE_SYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "xmalloc.h" + #include "ssh.h" + #include "ssh2.h" +@@ -308,6 +312,10 @@ static void + sighup_restart(void) + { + logit("Received SIGHUP; restarting."); ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are reloading */ ++ sd_notify(0, "RELOADING=1"); ++#endif + if (options.pid_file != NULL) + unlink(options.pid_file); + platform_pre_restart(); +@@ -2093,6 +2101,11 @@ main(int ac, char **av) + } + } + ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are ready to accept connections */ ++ sd_notify(0, "READY=1"); ++#endif ++ + /* Accept a connection and return in a forked child */ + server_accept_loop(&sock_in, &sock_out, + &newsock, config_s); diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch index 7e043a2db1..20036da931 100644 --- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch @@ -11,14 +11,17 @@ would lead to program abort. Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> + +Complete the fix +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- - openbsd-compat/strlcat.c | 8 ++++++-- - openbsd-compat/strlcpy.c | 8 ++++++-- - openbsd-compat/strnlen.c | 8 ++++++-- - 3 files changed, 18 insertions(+), 6 deletions(-) + openbsd-compat/strlcat.c | 10 +++++++--- + openbsd-compat/strlcpy.c | 8 ++++++-- + openbsd-compat/strnlen.c | 8 ++++++-- + 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c -index bcc1b61..e758ebf 100644 +index bcc1b61..124e1e3 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c @@ -23,6 +23,7 @@ @@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644 /* * Appends src to string dst of size siz (unlike strncat, siz is the +@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz) + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; +- dlen = d - dst; ++ dlen = (uintptr_t)d - (uintptr_t)dst; + n = siz - dlen; + + if (n == 0) @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) s++; } @@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644 #endif /* !HAVE_STRLCPY */ diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c -index 93d5155..9b8de5d 100644 +index 7ad3573..7040f1f 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -23,6 +23,7 @@ @@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644 } #endif -- -1.9.1 +2.17.1 diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init index 34ba0f8460..8887e3af13 100644 --- a/meta/recipes-connectivity/openssh/openssh/init +++ b/meta/recipes-connectivity/openssh/openssh/init @@ -36,7 +36,7 @@ check_privsep_dir() { } check_config() { - /usr/sbin/sshd -t $SSHD_OPTS || exit 1 + /usr/sbin/sshd $SSHD_OPTS -t || exit 1 } export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" @@ -48,19 +48,19 @@ case "$1" in @LIBEXECDIR@/sshd_check_keys check_privsep_dir start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS - echo "done." + echo "done." ;; stop) - echo -n "Stopping OpenBSD Secure Shell server: sshd" + echo -n "Stopping OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd - echo "." + echo "." ;; reload|force-reload) check_for_no_start @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Reloading OpenBSD Secure Shell server's configuration" + echo -n "Reloading OpenBSD Secure Shell server's configuration" start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd echo "." ;; @@ -68,7 +68,7 @@ case "$1" in restart) @LIBEXECDIR@/sshd_check_keys check_config - echo -n "Restarting OpenBSD Secure Shell server: sshd" + echo -n "Restarting OpenBSD Secure Shell server: sshd" start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd check_for_no_start check_privsep_dir diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest index 36a3d2a7b7..b2244d725a 100755 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/meta/recipes-connectivity/openssh/openssh/run-ptest @@ -1,11 +1,26 @@ #!/bin/sh export TEST_SHELL=sh +export SKIP_UNIT=1 cd regress + +# copied from openssh-portable/.github/run_test.sh +output_failed_logs() { + for i in failed*.log; do + if [ -f "$i" ]; then + echo ------------------------------------------------------------------------- + echo LOGFILE $i + cat $i + echo ------------------------------------------------------------------------- + fi + done +} +trap output_failed_logs 0 + sed -i "/\t\tagent-ptrace /d" Makefile -make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ - | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' +make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \ + | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' SSHAGENT=`which ssh-agent` GDB=`which gdb` diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index 9e919156d3..cb2774a163 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ +# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -17,11 +17,11 @@ # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. -Host * - ForwardAgent yes - ForwardX11 yes -# RhostsRSAAuthentication no -# RSAAuthentication yes +Include /etc/ssh/ssh_config.d/*.conf + +# Host * +# ForwardAgent no +# ForwardX11 no # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no @@ -31,14 +31,13 @@ Host * # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any @@ -46,3 +45,4 @@ Host * # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service new file mode 100644 index 0000000000..3e570ab1e5 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service @@ -0,0 +1,18 @@ +[Unit] +Description=OpenSSH server daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service +After=nss-user-lookup.target + +[Service] +Environment="SSHD_OPTS=" +EnvironmentFile=-/etc/default/ssh +ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd +ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS +ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartSec=42s + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 12c39b26b5..7dd2ed0626 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,5 +1,7 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service +After=nss-user-lookup.target [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service index 9d83dfb2bb..9d9965e624 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service @@ -1,13 +1,10 @@ [Unit] Description=OpenSSH Per-Connection Daemon -Wants=sshdgenkeys.service After=sshdgenkeys.service [Service] Environment="SSHD_OPTS=" EnvironmentFile=-/etc/default/ssh ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID StandardInput=socket -StandardError=syslog KillMode=process diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 5463b1a4cb..606d1894b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key @@ -56,35 +57,22 @@ while true ; do esac done -# parse location of keys -HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key -HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key -HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key -HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ') -[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key - -# create keys if necessary -if [ ! -f $HOST_KEY_RSA ]; then - echo " generating ssh RSA key..." - generate_key $HOST_KEY_RSA rsa -fi -if [ ! -f $HOST_KEY_ECDSA ]; then - echo " generating ssh ECDSA key..." - generate_key $HOST_KEY_ECDSA ecdsa -fi -if [ ! -f $HOST_KEY_DSA ]; then - echo " generating ssh DSA key..." - generate_key $HOST_KEY_DSA dsa -fi -if [ ! -f $HOST_KEY_ED25519 ]; then - echo " generating ssh ED25519 key..." - generate_key $HOST_KEY_ED25519 ed25519 -fi +HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') +for key in ${HOST_KEYS} ; do + [ -f $key ] && continue + case $key in + *_rsa_key) + echo " generating ssh RSA host key..." + generate_key $key rsa + ;; + *_ecdsa_key) + echo " generating ssh ECDSA host key..." + generate_key $key ecdsa + ;; + *_ed25519_key) + echo " generating ssh ED25519 host key..." + generate_key $key ed25519 + ;; + esac +done diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 31fe5d924e..e9eaf93157 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -7,51 +7,40 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. +Include /etc/ssh/sshd_config.d/*.conf + #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +#PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -59,11 +48,9 @@ AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -72,8 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords -ChallengeResponseAuthentication no +# Change to yes to enable keyboard-interactive authentication (beware issues +# with some PAM modules and threads) +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -87,13 +75,13 @@ ChallengeResponseAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass +# PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes @@ -106,12 +94,11 @@ ChallengeResponseAuthentication no #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no #PermitUserEnvironment no Compression no ClientAliveInterval 15 ClientAliveCountMax 4 -#UseDNS yes +#UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service index 603c33787f..fd81793d51 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -6,3 +6,4 @@ RequiresMountsFor=/var /run ExecStart=@LIBEXECDIR@/sshd_check_keys Type=oneshot RemainAfterExit=yes +Nice=10 diff --git a/meta/recipes-connectivity/openssh/openssh_7.6p1.bb b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb deleted file mode 100644 index ebb9a5734d..0000000000 --- a/meta/recipes-connectivity/openssh/openssh_7.6p1.bb +++ /dev/null @@ -1,165 +0,0 @@ -SUMMARY = "A suite of security-related network utilities based on \ -the SSH protocol including the ssh client and sshd server" -DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ -Ssh (Secure Shell) is a program for logging into a remote machine \ -and for executing commands on a remote machine." -HOMEPAGE = "http://www.openssh.com/" -SECTION = "console/network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" - -# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 -DEPENDS = "zlib openssl10" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ - file://sshd_config \ - file://ssh_config \ - file://init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://sshd.socket \ - file://sshd@.service \ - file://sshdgenkeys.service \ - file://volatiles.99_sshd \ - file://run-ptest \ - file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ - file://sshd_check_keys \ - file://add-test-support-for-busybox.patch \ - " - -PAM_SRC_URI = "file://sshd" - -SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63" -SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723" - -inherit useradd update-rc.d update-alternatives systemd - -USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" -INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" - -inherit autotools-brokensep ptest - -# LFS support: -CFLAGS += "-D__FILE_OFFSET_BITS=64" - -# login path is hardcoded in sshd -EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - --without-zlib-version-check \ - --with-privsep-path=/var/run/sshd \ - --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=/usr/bin/xauth \ - --disable-strip \ - " - -# Since we do not depend on libbsd, we do not want configure to use it -# just because it finds libutil.h. But, specifying --disable-libutil -# causes compile errors, so... -CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" - -# passwd path is hardcoded in sshd -CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" - -# We don't want to depend on libblockfile -CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" - -do_configure_prepend () { - export LD="${CC}" - install -m 0644 ${WORKDIR}/sshd_config ${B}/ - install -m 0644 ${WORKDIR}/ssh_config ${B}/ - if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then - cp aclocal.m4 acinclude.m4 - fi -} - -do_compile_ptest() { - # skip regress/unittests/ binaries: this will silently skip - # unittests in run-ptests which is good because they are so slow. - oe_runmake regress/modpipe regress/setuid-allowed regress/netcat -} - -do_install_append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd - rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin - rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} - install -d ${D}/${sysconfdir}/default/volatiles - install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} - - # Create config files for read-only rootfs - install -d ${D}${sysconfdir}/ssh - install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service - - sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${sysconfdir}/init.d/sshd - - install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys -} - -do_install_ptest () { - sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh - cp -r regress ${D}${PTEST_PATH} -} - -ALLOW_EMPTY_${PN} = "1" - -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make" - -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" - -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" -RCONFLICTS_${PN}-keygen = "ssh-keygen" - -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" - -ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" - diff --git a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb new file mode 100644 index 0000000000..d1468c59fc --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb @@ -0,0 +1,202 @@ +SUMMARY = "A suite of security-related network utilities based on \ +the SSH protocol including the ssh client and sshd server" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine." +HOMEPAGE = "http://www.openssh.com/" +SECTION = "console/network" +LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394" + +DEPENDS = "zlib openssl virtual/crypt" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://sshd_config \ + file://ssh_config \ + file://init \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.service \ + file://sshd.socket \ + file://sshd@.service \ + file://sshdgenkeys.service \ + file://volatiles.99_sshd \ + file://run-ptest \ + file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://sshd_check_keys \ + file://add-test-support-for-busybox.patch \ + file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ + file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ + " +SRC_URI[sha256sum] = "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd" + +CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." + +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ +Red Hat Enterprise Linux 7 and when running in a Kerberos environment" + +CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." + +PAM_SRC_URI = "file://sshd" + +inherit manpages useradd update-rc.d update-alternatives systemd + +USERADD_PACKAGES = "${PN}-sshd" +USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +INITSCRIPT_PACKAGES = "${PN}-sshd" +INITSCRIPT_NAME:${PN}-sshd = "sshd" +INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}-sshd" +SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" + +inherit autotools-brokensep ptest pkgconfig +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +# systemd-sshd-socket-mode means installing sshd.socket +# and systemd-sshd-service-mode corresponding to sshd.service +PACKAGECONFIG ??= "systemd-sshd-socket-mode" +PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" +PACKAGECONFIG[systemd-sshd-socket-mode] = "" +PACKAGECONFIG[systemd-sshd-service-mode] = "" + +EXTRA_AUTORECONF += "--exclude=aclocal" + +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + --without-zlib-version-check \ + --with-privsep-path=${localstatedir}/run/sshd \ + --sysconfdir=${sysconfdir}/ssh \ + --with-xauth=${bindir}/xauth \ + --disable-strip \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \ + " + +# musl doesn't implement wtmp/utmp and logwtmp +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" + +# Work around ICE on mips/mips64 starting in 9.6p1 +EXTRA_OECONF:append:mips = " --without-hardening" +EXTRA_OECONF:append:mips64 = " --without-hardening" + +# Work around ICE on powerpc64le starting in 9.6p1 +EXTRA_OECONF:append:powerpc64le = " --without-hardening" + +# Since we do not depend on libbsd, we do not want configure to use it +# just because it finds libutil.h. But, specifying --disable-libutil +# causes compile errors, so... +CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" + +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + +# We don't want to depend on libblockfile +CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" + +do_configure:prepend () { + export LD="${CC}" + install -m 0644 ${WORKDIR}/sshd_config ${B}/ + install -m 0644 ${WORKDIR}/ssh_config ${B}/ +} + +do_compile_ptest() { + oe_runmake regress-binaries regress-unit-binaries +} + +do_install:append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd + rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin + rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} + install -d ${D}/${sysconfdir}/default/volatiles + install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd + install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} + + # Create config files for read-only rootfs + install -d ${D}${sysconfdir}/ssh + install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly + sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + + install -d ${D}${systemd_system_unitdir} + if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_system_unitdir}/sshd.socket + fi + if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then + install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir} + fi + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_system_unitdir}/*.service + + sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${sysconfdir}/init.d/sshd + + install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys +} + +do_install_ptest () { + sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh + cp -r regress ${D}${PTEST_PATH} + cp config.h ${D}${PTEST_PATH} +} + +ALLOW_EMPTY:${PN} = "1" + +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" +FILES:${PN}-scp = "${bindir}/scp.${BPN}" +FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" +FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES:${PN}-sftp = "${bindir}/sftp" +FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES:${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" +RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies +RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin" + +RPROVIDES:${PN}-ssh = "ssh" +RPROVIDES:${PN}-sshd = "sshd" + +RCONFLICTS:${PN} = "dropbear" +RCONFLICTS:${PN}-sshd = "dropbear" + +CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" + +ALTERNATIVE_PRIORITY = "90" +ALTERNATIVE:${PN}-scp = "scp" +ALTERNATIVE:${PN}-ssh = "ssh" + +BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh new file mode 100644 index 0000000000..6f23490c87 --- /dev/null +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -0,0 +1,5 @@ +export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" +export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" +export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" +export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" +export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-Fix-build-with-clang-using-external-assembler.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-Fix-build-with-clang-using-external-assembler.patch deleted file mode 100644 index 2270962a6f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-Fix-build-with-clang-using-external-assembler.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 2f6026cb8b16cf00726e3c5625c023f196680f07 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 17 Mar 2017 12:52:08 -0700 -Subject: [PATCH] Fix build with clang using external assembler - -Cherry-picked from -https://github.com/openssl/openssl/commit/11208dcfb9105e8afa37233185decefd45e89e17 -https://github.com/openssl/openssl/commit/fbab8baddef8d3346ae40ff068871e2ddaf10270 -https://github.com/openssl/openssl/commit/6cf412c473d8145562b76219ce3da73b201b3255 - -Fixes - -| ghash-armv4.S: Assembler messages: -| ghash-armv4.S:81: Error: bad instruction `ldrbpl r12,[r2,r3]' -| ghash-armv4.S:91: Error: bad instruction `ldrbpl r8,[r0,r3]' -| ghash-armv4.S:137: Error: bad instruction `ldrbne r12,[r2,#15]' -| ghash-armv4.S:224: Error: bad instruction `ldrbpl r12,[r0,r3]' -| clang-4.0: error: assembler command failed with exit code 1 (use -v to see invocation) -| make[2]: *** [<builtin>: ghash-armv4.o] Error 1 - -Upstream-Status: Backport - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - crypto/modes/asm/ghash-armv4.pl | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl -index 8ccc963ef..442fed4da 100644 ---- a/crypto/modes/asm/ghash-armv4.pl -+++ b/crypto/modes/asm/ghash-armv4.pl -@@ -124,7 +124,10 @@ $code=<<___; - #include "arm_arch.h" - - .text -+#if defined(__thumb2__) || defined(__clang__) -+.syntax unified -+#endif - .code 32 - - #ifdef __clang__ - #define ldrplb ldrbpl --- -2.12.0 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch deleted file mode 100644 index 2ce0320c49..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch +++ /dev/null @@ -1,100 +0,0 @@ -From d1d6c69b6fd25e71dbae67fad17b2c7737f6b2dc Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Sun, 5 Nov 2017 17:08:16 +0100 -Subject: [PATCH] {aes-armv4|bsaes-armv7|sha256-armv4}.pl: make it work with - binutils-2.29 - -It's not clear if it's a feature or bug, but binutils-2.29[.1] -interprets 'adr' instruction with Thumb2 code reference differently, -in a way that affects calculation of addresses of constants' tables. - -Upstream-Status: Backport - -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Reviewed-by: Kurt Roeckx <kurt@roeckx.be> -Signed-off-by: Stefan Agner <stefan.agner@toradex.com> -(Merged from https://github.com/openssl/openssl/pull/4673) ---- - crypto/aes/asm/aes-armv4.pl | 6 +++--- - crypto/aes/asm/bsaes-armv7.pl | 6 +++--- - crypto/sha/asm/sha256-armv4.pl | 2 +- - 3 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl -index 4f8917089f..c1b5e352d7 100644 ---- a/crypto/aes/asm/aes-armv4.pl -+++ b/crypto/aes/asm/aes-armv4.pl -@@ -184,7 +184,7 @@ AES_encrypt: - #if __ARM_ARCH__<7 - sub r3,pc,#8 @ AES_encrypt - #else -- adr r3,AES_encrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - mov $rounds,r0 @ inp -@@ -430,7 +430,7 @@ _armv4_AES_set_encrypt_key: - #if __ARM_ARCH__<7 - sub r3,pc,#8 @ AES_set_encrypt_key - #else -- adr r3,private_AES_set_encrypt_key -+ adr r3,. - #endif - teq r0,#0 - #if __ARM_ARCH__>=7 -@@ -952,7 +952,7 @@ AES_decrypt: - #if __ARM_ARCH__<7 - sub r3,pc,#8 @ AES_decrypt - #else -- adr r3,AES_decrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - mov $rounds,r0 @ inp -diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl -index 70b3f9656f..ec66b0502a 100644 ---- a/crypto/aes/asm/bsaes-armv7.pl -+++ b/crypto/aes/asm/bsaes-armv7.pl -@@ -724,7 +724,7 @@ $code.=<<___; - .type _bsaes_decrypt8,%function - .align 4 - _bsaes_decrypt8: -- adr $const,_bsaes_decrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - add $const,$const,#.LM0ISR-_bsaes_decrypt8 - -@@ -819,7 +819,7 @@ _bsaes_const: - .type _bsaes_encrypt8,%function - .align 4 - _bsaes_encrypt8: -- adr $const,_bsaes_encrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - sub $const,$const,#_bsaes_encrypt8-.LM0SR - -@@ -923,7 +923,7 @@ $code.=<<___; - .type _bsaes_key_convert,%function - .align 4 - _bsaes_key_convert: -- adr $const,_bsaes_key_convert -+ adr $const,. - vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key - sub $const,$const,#_bsaes_key_convert-.LM0 - vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key -diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl -index 4fee74d832..750216eb42 100644 ---- a/crypto/sha/asm/sha256-armv4.pl -+++ b/crypto/sha/asm/sha256-armv4.pl -@@ -205,7 +205,7 @@ sha256_block_data_order: - #if __ARM_ARCH__<7 - sub r3,pc,#8 @ sha256_block_data_order - #else -- adr r3,sha256_block_data_order -+ adr r3,. - #endif - #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - ldr r12,.LOPENSSL_armcap --- -2.15.0 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-openssl-force-soft-link-to-avoid-rare-race.patch deleted file mode 100644 index dd1a9b1dd2..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-openssl-force-soft-link-to-avoid-rare-race.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001 -From: Randy MacLeod <Randy.MacLeod@windriver.com> -Date: Tue, 20 Jun 2017 15:32:08 -0400 -Subject: [PATCH] openssl: Force soft link to avoid rare race - -This patch works around a rare parallel build race condition. -The error seen is: - -ln: failed to create symbolic link 'libssl.so': File exists -make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 -make[4]: Leaving directory -'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' - -The openssl team is rewriting their build files so it's not -appropriate for openssl upstream and fixing the root cause of -the Makefile race condition was also not pursued. - -Upstream-Status: Inappropriate [build rules rewrite in progress] -Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> ---- - Makefile.shared | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.shared b/Makefile.shared -index e8d222a..1bff92f 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -118,14 +118,14 @@ - if [ -n "$$SHLIB_COMPAT" ]; then \ - for x in $$SHLIB_COMPAT; do \ - ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ -- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ -+ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ - prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ - [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ -- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ -+ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ - fi - --- -2.9.3 diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/Makefiles-ptest.patch deleted file mode 100644 index 249446a5bd..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/Makefiles-ptest.patch +++ /dev/null @@ -1,77 +0,0 @@ -Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests -cross-compiled. - -Signed-off-by: Anders Roxell <anders.roxell@enea.com> -Signed-off-by: Maxin B. John <maxin.john@enea.com> -Upstream-Status: Pending ---- -Index: openssl-1.0.2/Makefile.org -=================================================================== ---- openssl-1.0.2.orig/Makefile.org -+++ openssl-1.0.2/Makefile.org -@@ -451,8 +451,16 @@ rehash.time: certs apps - test: tests - - tests: rehash -+ $(MAKE) buildtest -+ $(MAKE) runtest -+ -+buildtest: -+ @(cd test && \ -+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps); -+ -+runtest: - @(cd test && echo "testing..." && \ -- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); -+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests ); - OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a - - report: -Index: openssl-1.0.2/test/Makefile -=================================================================== ---- openssl-1.0.2.orig/test/Makefile -+++ openssl-1.0.2/test/Makefile -@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) - apps: - @(cd ..; $(MAKE) DIRS=apps all) - --alltests: \ -+all-tests= \ - test_des test_idea test_sha test_md4 test_md5 test_hmac \ - test_md2 test_mdc2 test_wp \ - test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ -@@ -148,6 +148,11 @@ alltests: \ - test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time - -+alltests: -+ @(for i in $(all-tests); do \ -+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ -+ done) -+ - test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt - ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt - -@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 - echo test second x509v3 certificate - sh ./tx509 v3-cert2.pem 2>/dev/null - --test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem -+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem - @sh ./trsa 2>/dev/null - ../util/shlib_wrap.sh ./$(RSATEST) - -@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test - sh ./testtsa; \ - fi - --test_ige: $(IGETEST)$(EXE_EXT) -+test_ige: - @echo "Test IGE mode" - ../util/shlib_wrap.sh ./$(IGETEST) - --test_jpake: $(JPAKETEST)$(EXE_EXT) -+test_jpake: - @echo "Test JPAKE" - ../util/shlib_wrap.sh ./$(JPAKETEST) - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/Use-SHA256-not-MD5-as-default-digest.patch deleted file mode 100644 index 58c9ee7844..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/Use-SHA256-not-MD5-as-default-digest.patch +++ /dev/null @@ -1,69 +0,0 @@ -From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001 -From: Rich Salz <rsalz@akamai.com> -Date: Sat, 13 Jun 2015 17:03:39 -0400 -Subject: [PATCH] Use SHA256 not MD5 as default digest. - -Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream. - -Upstream-Status: Backport -Backport from OpenSSL 2.0 to OpenSSL 1.0.2 -Commit f8547f62c212837dbf44fb7e2755e5774a59a57b - -CVE: CVE-2004-2761 - - The MD5 Message-Digest Algorithm is not collision resistant, - which makes it easier for context-dependent attackers to - conduct spoofing attacks, as demonstrated by attacks on the - use of MD5 in the signature algorithm of an X.509 certificate. - -Reviewed-by: Viktor Dukhovni <viktor@openssl.org> -Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> -Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> ---- - apps/ca.c | 2 +- - apps/dgst.c | 2 +- - apps/enc.c | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/apps/ca.c b/apps/ca.c -index 3b7336c..8f3a84b 100644 ---- a/apps/ca.c -+++ b/apps/ca.c -@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - } else - BIO_printf(bio_err, "Signature ok\n"); - -- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL) -+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL) - goto err; - - ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, -diff --git a/apps/dgst.c b/apps/dgst.c -index 95e5fa3..0d1529f 100644 ---- a/apps/dgst.c -+++ b/apps/dgst.c -@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv) - goto end; - } - if (md == NULL) -- md = EVP_md5(); -+ md = EVP_sha256(); - if (!EVP_DigestInit_ex(mctx, md, impl)) { - BIO_printf(bio_err, "Error setting digest %s\n", pname); - ERR_print_errors(bio_err); -diff --git a/apps/enc.c b/apps/enc.c -index 7b7c70b..a7d944c 100644 ---- a/apps/enc.c -+++ b/apps/enc.c -@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv) - } - - if (dgst == NULL) { -- dgst = EVP_md5(); -+ dgst = EVP_sha256(); - } - - if (bufsize != NULL) { --- -1.9.1 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-musl-target.patch deleted file mode 100644 index f357b3f59f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-musl-target.patch +++ /dev/null @@ -1,25 +0,0 @@ -Add musl triplet support - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: openssl-1.0.2a/Configure -=================================================================== ---- openssl-1.0.2a.orig/Configure -+++ openssl-1.0.2a/Configure -@@ -431,7 +431,7 @@ my %table=( - # - # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 - # --"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # Configure script adds minimally required -march for assembly support, - # if no -march was specified at command line. mips32 and mips64 below -@@ -504,4 +504,6 @@ my %table=( - "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - - "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-targets.patch deleted file mode 100644 index 1e01589722..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-targets.patch +++ /dev/null @@ -1,35 +0,0 @@ -Upstream-Status: Inappropriate [embedded specific] - -The number of colons are important :) - - ---- - Configure | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -Index: openssl-1.0.2a/Configure -=================================================================== ---- openssl-1.0.2a.orig/Configure -+++ openssl-1.0.2a/Configure -@@ -443,6 +443,21 @@ my %table=( - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -+ -+# Linux on ARM -+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ -+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", -+ -+#### Linux on MIPS/MIPS64 -+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ - # Android: linux-* but without pointers to headers and libs. - "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/c_rehash-compat.patch deleted file mode 100644 index 68e54d561e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/c_rehash-compat.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel <ludwig.nussel@suse.de> -Date: Wed, 21 Apr 2010 15:52:10 +0200 -Subject: [PATCH] also create old hash for compatibility - -Upstream-Status: Backport [debian] - -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index b086ff9..b777d79 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -8,8 +8,6 @@ my $prefix; - - my $openssl = $ENV{OPENSSL} || "openssl"; - my $pwd; --my $x509hash = "-subject_hash"; --my $crlhash = "-hash"; - my $verbose = 0; - my $symlink_exists=eval {symlink("",""); 1}; - my $removelinks = 1; -@@ -18,10 +16,7 @@ my $removelinks = 1; - while ( $ARGV[0] =~ /^-/ ) { - my $flag = shift @ARGV; - last if ( $flag eq '--'); -- if ( $flag eq '-old') { -- $x509hash = "-subject_hash_old"; -- $crlhash = "-hash_old"; -- } elsif ( $flag eq '-h') { -+ if ( $flag eq '-h') { - help(); - } elsif ( $flag eq '-n' ) { - $removelinks = 0; -@@ -113,7 +108,9 @@ sub hash_dir { - next; - } - link_hash_cert($fname) if($cert); -+ link_hash_cert_old($fname) if($cert); - link_hash_crl($fname) if($crl); -+ link_hash_crl_old($fname) if($crl); - } - } - -@@ -146,6 +143,7 @@ sub check_file { - - sub link_hash_cert { - my $fname = $_[0]; -+ my $x509hash = $_[1] || '-subject_hash'; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; - chomp $hash; -@@ -176,11 +174,21 @@ sub link_hash_cert { - $hashlist{$hash} = $fprint; - } - -+sub link_hash_cert_old { -+ link_hash_cert($_[0], '-subject_hash_old'); -+} -+ -+sub link_hash_crl_old { -+ link_hash_crl($_[0], '-hash_old'); -+} -+ -+ - # Same as above except for a CRL. CRL links are of the form <hash>.r<n> - - sub link_hash_crl { - my $fname = $_[0]; -+ my $crlhash = $_[1] || "-hash"; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; - chomp $hash; diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/ca.patch deleted file mode 100644 index fb745e4394..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/ca.patch +++ /dev/null @@ -1,22 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-0.9.8m/apps/CA.pl.in -=================================================================== ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 -@@ -65,6 +65,7 @@ - foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate -@@ -165,6 +166,7 @@ - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 1; - } - } diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/debian-targets.patch deleted file mode 100644 index 39d4328184..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/debian-targets.patch +++ /dev/null @@ -1,73 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.2/Configure -=================================================================== ---- openssl-1.0.2.orig/Configure -+++ openssl-1.0.2/Configure -@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic - - my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; - -+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+$debian_cflags =~ s/\n/ /g; -+ - my $strict_warnings = 0; - - my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -343,6 +347,55 @@ my %table=( - "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", - "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -+# Debian GNU/* (various architectures) -+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -+ - #### - #### Variety of LINUX:-) - #### diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-dir.patch deleted file mode 100644 index 4085e3b1d7..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-dir.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -@@ -131,7 +131,7 @@ - - MAKEFILE= Makefile - --MANDIR=$(OPENSSLDIR)/man -+MANDIR=/usr/share/man - MAN1=1 - MAN3=3 - MANSUFFIX= diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-section.patch deleted file mode 100644 index 21c1d1a4eb..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-section.patch +++ /dev/null @@ -1,34 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 -@@ -160,7 +160,8 @@ - MANDIR=/usr/share/man - MAN1=1 - MAN3=3 --MANSUFFIX= -+MANSUFFIX=ssl -+MANSECTION=SSL - HTMLSUFFIX=html - HTMLDIR=$(OPENSSLDIR)/html - SHELL=/bin/sh -@@ -651,7 +652,7 @@ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ -- --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ -@@ -668,7 +669,7 @@ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ -- --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-rpath.patch deleted file mode 100644 index 1ccb3b86ee..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-rpath.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-symbolic.patch deleted file mode 100644 index cc4408ab7d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-symbolic.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 -@@ -151,7 +151,7 @@ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/pic.patch deleted file mode 100644 index bfda3888bf..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/pic.patch +++ /dev/null @@ -1,177 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1c/crypto/des/asm/desboth.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 -+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -16,6 +16,11 @@ - - &push("edi"); - -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebp"); -+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); -Index: openssl-1.0.1c/crypto/perlasm/cbc.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 -+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -122,7 +122,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point1")); -+ &set_label("pic_point1"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point2")); -+ &set_label("pic_point2"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point3")); -+ &set_label("pic_point3"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 -+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -161,6 +161,7 @@ - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } -+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } - } - push(@out,$initseg) if ($initseg); - } -@@ -218,8 +219,23 @@ - elsif ($::elf) - { $initseg.=<<___; - .section .init -+___ -+ if ($::pic) -+ { $initseg.=<<___; -+ pushl %ebx -+ call .pic_point0 -+.pic_point0: -+ popl %ebx -+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx -+ call $f\@PLT -+ popl %ebx -+___ -+ } -+ else -+ { $initseg.=<<___; - call $f - ___ -+ } - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -Index: openssl-1.0.1c/crypto/x86cpuid.pl -=================================================================== ---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 -+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -8,6 +8,8 @@ - - for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -+push(@out, ".hidden OPENSSL_ia32cap_P\n"); -+ - &function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); -@@ -139,9 +141,7 @@ - &set_label("nocpuid"); - &function_end("OPENSSL_ia32_cpuid"); - --&external_label("OPENSSL_ia32cap_P"); -- --&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_rdtsc"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -155,7 +155,7 @@ - # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], - # but it's safe to call it on any [supported] 32-bit platform... - # Just check for [non-]zero return value... --&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_instrument_halt"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC -@@ -222,7 +222,7 @@ - &ret (); - &function_end_B("OPENSSL_far_spin"); - --&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_wipe_cpu"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch deleted file mode 100644 index 557434fcb5..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch +++ /dev/null @@ -1,4666 +0,0 @@ - -Upstream-Status: Inappropriate - -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure -=================================================================== ---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 -@@ -1651,6 +1651,8 @@ - } - } - -+$shared_ldflag .= " -Wl,--version-script=openssl.ld"; -+ - open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; - unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; - open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 -@@ -0,0 +1,4615 @@ -+OPENSSL_1.0.0 { -+ global: -+ BIO_f_ssl; -+ BIO_new_buffer_ssl_connect; -+ BIO_new_ssl; -+ BIO_new_ssl_connect; -+ BIO_proxy_ssl_copy_session_id; -+ BIO_ssl_copy_session_id; -+ BIO_ssl_shutdown; -+ d2i_SSL_SESSION; -+ DTLSv1_client_method; -+ DTLSv1_method; -+ DTLSv1_server_method; -+ ERR_load_SSL_strings; -+ i2d_SSL_SESSION; -+ kssl_build_principal_2; -+ kssl_cget_tkt; -+ kssl_check_authent; -+ kssl_ctx_free; -+ kssl_ctx_new; -+ kssl_ctx_setkey; -+ kssl_ctx_setprinc; -+ kssl_ctx_setstring; -+ kssl_ctx_show; -+ kssl_err_set; -+ kssl_krb5_free_data_contents; -+ kssl_sget_tkt; -+ kssl_skip_confound; -+ kssl_validate_times; -+ PEM_read_bio_SSL_SESSION; -+ PEM_read_SSL_SESSION; -+ PEM_write_bio_SSL_SESSION; -+ PEM_write_SSL_SESSION; -+ SSL_accept; -+ SSL_add_client_CA; -+ SSL_add_dir_cert_subjects_to_stack; -+ SSL_add_dir_cert_subjs_to_stk; -+ SSL_add_file_cert_subjects_to_stack; -+ SSL_add_file_cert_subjs_to_stk; -+ SSL_alert_desc_string; -+ SSL_alert_desc_string_long; -+ SSL_alert_type_string; -+ SSL_alert_type_string_long; -+ SSL_callback_ctrl; -+ SSL_check_private_key; -+ SSL_CIPHER_description; -+ SSL_CIPHER_get_bits; -+ SSL_CIPHER_get_name; -+ SSL_CIPHER_get_version; -+ SSL_clear; -+ SSL_COMP_add_compression_method; -+ SSL_COMP_get_compression_methods; -+ SSL_COMP_get_compress_methods; -+ SSL_COMP_get_name; -+ SSL_connect; -+ SSL_copy_session_id; -+ SSL_ctrl; -+ SSL_CTX_add_client_CA; -+ SSL_CTX_add_session; -+ SSL_CTX_callback_ctrl; -+ SSL_CTX_check_private_key; -+ SSL_CTX_ctrl; -+ SSL_CTX_flush_sessions; -+ SSL_CTX_free; -+ SSL_CTX_get_cert_store; -+ SSL_CTX_get_client_CA_list; -+ SSL_CTX_get_client_cert_cb; -+ SSL_CTX_get_ex_data; -+ SSL_CTX_get_ex_new_index; -+ SSL_CTX_get_info_callback; -+ SSL_CTX_get_quiet_shutdown; -+ SSL_CTX_get_timeout; -+ SSL_CTX_get_verify_callback; -+ SSL_CTX_get_verify_depth; -+ SSL_CTX_get_verify_mode; -+ SSL_CTX_load_verify_locations; -+ SSL_CTX_new; -+ SSL_CTX_remove_session; -+ SSL_CTX_sess_get_get_cb; -+ SSL_CTX_sess_get_new_cb; -+ SSL_CTX_sess_get_remove_cb; -+ SSL_CTX_sessions; -+ SSL_CTX_sess_set_get_cb; -+ SSL_CTX_sess_set_new_cb; -+ SSL_CTX_sess_set_remove_cb; -+ SSL_CTX_set1_param; -+ SSL_CTX_set_cert_store; -+ SSL_CTX_set_cert_verify_callback; -+ SSL_CTX_set_cert_verify_cb; -+ SSL_CTX_set_cipher_list; -+ SSL_CTX_set_client_CA_list; -+ SSL_CTX_set_client_cert_cb; -+ SSL_CTX_set_client_cert_engine; -+ SSL_CTX_set_cookie_generate_cb; -+ SSL_CTX_set_cookie_verify_cb; -+ SSL_CTX_set_default_passwd_cb; -+ SSL_CTX_set_default_passwd_cb_userdata; -+ SSL_CTX_set_default_verify_paths; -+ SSL_CTX_set_def_passwd_cb_ud; -+ SSL_CTX_set_def_verify_paths; -+ SSL_CTX_set_ex_data; -+ SSL_CTX_set_generate_session_id; -+ SSL_CTX_set_info_callback; -+ SSL_CTX_set_msg_callback; -+ SSL_CTX_set_psk_client_callback; -+ SSL_CTX_set_psk_server_callback; -+ SSL_CTX_set_purpose; -+ SSL_CTX_set_quiet_shutdown; -+ SSL_CTX_set_session_id_context; -+ SSL_CTX_set_ssl_version; -+ SSL_CTX_set_timeout; -+ SSL_CTX_set_tmp_dh_callback; -+ SSL_CTX_set_tmp_ecdh_callback; -+ SSL_CTX_set_tmp_rsa_callback; -+ SSL_CTX_set_trust; -+ SSL_CTX_set_verify; -+ SSL_CTX_set_verify_depth; -+ SSL_CTX_use_cert_chain_file; -+ SSL_CTX_use_certificate; -+ SSL_CTX_use_certificate_ASN1; -+ SSL_CTX_use_certificate_chain_file; -+ SSL_CTX_use_certificate_file; -+ SSL_CTX_use_PrivateKey; -+ SSL_CTX_use_PrivateKey_ASN1; -+ SSL_CTX_use_PrivateKey_file; -+ SSL_CTX_use_psk_identity_hint; -+ SSL_CTX_use_RSAPrivateKey; -+ SSL_CTX_use_RSAPrivateKey_ASN1; -+ SSL_CTX_use_RSAPrivateKey_file; -+ SSL_do_handshake; -+ SSL_dup; -+ SSL_dup_CA_list; -+ SSLeay_add_ssl_algorithms; -+ SSL_free; -+ SSL_get1_session; -+ SSL_get_certificate; -+ SSL_get_cipher_list; -+ SSL_get_ciphers; -+ SSL_get_client_CA_list; -+ SSL_get_current_cipher; -+ SSL_get_current_compression; -+ SSL_get_current_expansion; -+ SSL_get_default_timeout; -+ SSL_get_error; -+ SSL_get_ex_data; -+ SSL_get_ex_data_X509_STORE_CTX_idx; -+ SSL_get_ex_d_X509_STORE_CTX_idx; -+ SSL_get_ex_new_index; -+ SSL_get_fd; -+ SSL_get_finished; -+ SSL_get_info_callback; -+ SSL_get_peer_cert_chain; -+ SSL_get_peer_certificate; -+ SSL_get_peer_finished; -+ SSL_get_privatekey; -+ SSL_get_psk_identity; -+ SSL_get_psk_identity_hint; -+ SSL_get_quiet_shutdown; -+ SSL_get_rbio; -+ SSL_get_read_ahead; -+ SSL_get_rfd; -+ SSL_get_servername; -+ SSL_get_servername_type; -+ SSL_get_session; -+ SSL_get_shared_ciphers; -+ SSL_get_shutdown; -+ SSL_get_SSL_CTX; -+ SSL_get_ssl_method; -+ SSL_get_verify_callback; -+ SSL_get_verify_depth; -+ SSL_get_verify_mode; -+ SSL_get_verify_result; -+ SSL_get_version; -+ SSL_get_wbio; -+ SSL_get_wfd; -+ SSL_has_matching_session_id; -+ SSL_library_init; -+ SSL_load_client_CA_file; -+ SSL_load_error_strings; -+ SSL_new; -+ SSL_peek; -+ SSL_pending; -+ SSL_read; -+ SSL_renegotiate; -+ SSL_renegotiate_pending; -+ SSL_rstate_string; -+ SSL_rstate_string_long; -+ SSL_SESSION_cmp; -+ SSL_SESSION_free; -+ SSL_SESSION_get_ex_data; -+ SSL_SESSION_get_ex_new_index; -+ SSL_SESSION_get_id; -+ SSL_SESSION_get_time; -+ SSL_SESSION_get_timeout; -+ SSL_SESSION_hash; -+ SSL_SESSION_new; -+ SSL_SESSION_print; -+ SSL_SESSION_print_fp; -+ SSL_SESSION_set_ex_data; -+ SSL_SESSION_set_time; -+ SSL_SESSION_set_timeout; -+ SSL_set1_param; -+ SSL_set_accept_state; -+ SSL_set_bio; -+ SSL_set_cipher_list; -+ SSL_set_client_CA_list; -+ SSL_set_connect_state; -+ SSL_set_ex_data; -+ SSL_set_fd; -+ SSL_set_generate_session_id; -+ SSL_set_info_callback; -+ SSL_set_msg_callback; -+ SSL_set_psk_client_callback; -+ SSL_set_psk_server_callback; -+ SSL_set_purpose; -+ SSL_set_quiet_shutdown; -+ SSL_set_read_ahead; -+ SSL_set_rfd; -+ SSL_set_session; -+ SSL_set_session_id_context; -+ SSL_set_session_secret_cb; -+ SSL_set_session_ticket_ext; -+ SSL_set_session_ticket_ext_cb; -+ SSL_set_shutdown; -+ SSL_set_SSL_CTX; -+ SSL_set_ssl_method; -+ SSL_set_tmp_dh_callback; -+ SSL_set_tmp_ecdh_callback; -+ SSL_set_tmp_rsa_callback; -+ SSL_set_trust; -+ SSL_set_verify; -+ SSL_set_verify_depth; -+ SSL_set_verify_result; -+ SSL_set_wfd; -+ SSL_shutdown; -+ SSL_state; -+ SSL_state_string; -+ SSL_state_string_long; -+ SSL_use_certificate; -+ SSL_use_certificate_ASN1; -+ SSL_use_certificate_file; -+ SSL_use_PrivateKey; -+ SSL_use_PrivateKey_ASN1; -+ SSL_use_PrivateKey_file; -+ SSL_use_psk_identity_hint; -+ SSL_use_RSAPrivateKey; -+ SSL_use_RSAPrivateKey_ASN1; -+ SSL_use_RSAPrivateKey_file; -+ SSLv23_client_method; -+ SSLv23_method; -+ SSLv23_server_method; -+ SSLv2_client_method; -+ SSLv2_method; -+ SSLv2_server_method; -+ SSLv3_client_method; -+ SSLv3_method; -+ SSLv3_server_method; -+ SSL_version; -+ SSL_want; -+ SSL_write; -+ TLSv1_client_method; -+ TLSv1_method; -+ TLSv1_server_method; -+ -+ -+ SSLeay; -+ SSLeay_version; -+ ASN1_BIT_STRING_asn1_meth; -+ ASN1_HEADER_free; -+ ASN1_HEADER_new; -+ ASN1_IA5STRING_asn1_meth; -+ ASN1_INTEGER_get; -+ ASN1_INTEGER_set; -+ ASN1_INTEGER_to_BN; -+ ASN1_OBJECT_create; -+ ASN1_OBJECT_free; -+ ASN1_OBJECT_new; -+ ASN1_PRINTABLE_type; -+ ASN1_STRING_cmp; -+ ASN1_STRING_dup; -+ ASN1_STRING_free; -+ ASN1_STRING_new; -+ ASN1_STRING_print; -+ ASN1_STRING_set; -+ ASN1_STRING_type_new; -+ ASN1_TYPE_free; -+ ASN1_TYPE_new; -+ ASN1_UNIVERSALSTRING_to_string; -+ ASN1_UTCTIME_check; -+ ASN1_UTCTIME_print; -+ ASN1_UTCTIME_set; -+ ASN1_check_infinite_end; -+ ASN1_d2i_bio; -+ ASN1_d2i_fp; -+ ASN1_digest; -+ ASN1_dup; -+ ASN1_get_object; -+ ASN1_i2d_bio; -+ ASN1_i2d_fp; -+ ASN1_object_size; -+ ASN1_parse; -+ ASN1_put_object; -+ ASN1_sign; -+ ASN1_verify; -+ BF_cbc_encrypt; -+ BF_cfb64_encrypt; -+ BF_ecb_encrypt; -+ BF_encrypt; -+ BF_ofb64_encrypt; -+ BF_options; -+ BF_set_key; -+ BIO_CONNECT_free; -+ BIO_CONNECT_new; -+ BIO_accept; -+ BIO_ctrl; -+ BIO_int_ctrl; -+ BIO_debug_callback; -+ BIO_dump; -+ BIO_dup_chain; -+ BIO_f_base64; -+ BIO_f_buffer; -+ BIO_f_cipher; -+ BIO_f_md; -+ BIO_f_null; -+ BIO_f_proxy_server; -+ BIO_fd_non_fatal_error; -+ BIO_fd_should_retry; -+ BIO_find_type; -+ BIO_free; -+ BIO_free_all; -+ BIO_get_accept_socket; -+ BIO_get_filter_bio; -+ BIO_get_host_ip; -+ BIO_get_port; -+ BIO_get_retry_BIO; -+ BIO_get_retry_reason; -+ BIO_gethostbyname; -+ BIO_gets; -+ BIO_new; -+ BIO_new_accept; -+ BIO_new_connect; -+ BIO_new_fd; -+ BIO_new_file; -+ BIO_new_fp; -+ BIO_new_socket; -+ BIO_pop; -+ BIO_printf; -+ BIO_push; -+ BIO_puts; -+ BIO_read; -+ BIO_s_accept; -+ BIO_s_connect; -+ BIO_s_fd; -+ BIO_s_file; -+ BIO_s_mem; -+ BIO_s_null; -+ BIO_s_proxy_client; -+ BIO_s_socket; -+ BIO_set; -+ BIO_set_cipher; -+ BIO_set_tcp_ndelay; -+ BIO_sock_cleanup; -+ BIO_sock_error; -+ BIO_sock_init; -+ BIO_sock_non_fatal_error; -+ BIO_sock_should_retry; -+ BIO_socket_ioctl; -+ BIO_write; -+ BN_CTX_free; -+ BN_CTX_new; -+ BN_MONT_CTX_free; -+ BN_MONT_CTX_new; -+ BN_MONT_CTX_set; -+ BN_add; -+ BN_add_word; -+ BN_hex2bn; -+ BN_bin2bn; -+ BN_bn2hex; -+ BN_bn2bin; -+ BN_clear; -+ BN_clear_bit; -+ BN_clear_free; -+ BN_cmp; -+ BN_copy; -+ BN_div; -+ BN_div_word; -+ BN_dup; -+ BN_free; -+ BN_from_montgomery; -+ BN_gcd; -+ BN_generate_prime; -+ BN_get_word; -+ BN_is_bit_set; -+ BN_is_prime; -+ BN_lshift; -+ BN_lshift1; -+ BN_mask_bits; -+ BN_mod; -+ BN_mod_exp; -+ BN_mod_exp_mont; -+ BN_mod_exp_simple; -+ BN_mod_inverse; -+ BN_mod_mul; -+ BN_mod_mul_montgomery; -+ BN_mod_word; -+ BN_mul; -+ BN_new; -+ BN_num_bits; -+ BN_num_bits_word; -+ BN_options; -+ BN_print; -+ BN_print_fp; -+ BN_rand; -+ BN_reciprocal; -+ BN_rshift; -+ BN_rshift1; -+ BN_set_bit; -+ BN_set_word; -+ BN_sqr; -+ BN_sub; -+ BN_to_ASN1_INTEGER; -+ BN_ucmp; -+ BN_value_one; -+ BUF_MEM_free; -+ BUF_MEM_grow; -+ BUF_MEM_new; -+ BUF_strdup; -+ CONF_free; -+ CONF_get_number; -+ CONF_get_section; -+ CONF_get_string; -+ CONF_load; -+ CRYPTO_add_lock; -+ CRYPTO_dbg_free; -+ CRYPTO_dbg_malloc; -+ CRYPTO_dbg_realloc; -+ CRYPTO_dbg_remalloc; -+ CRYPTO_free; -+ CRYPTO_get_add_lock_callback; -+ CRYPTO_get_id_callback; -+ CRYPTO_get_lock_name; -+ CRYPTO_get_locking_callback; -+ CRYPTO_get_mem_functions; -+ CRYPTO_lock; -+ CRYPTO_malloc; -+ CRYPTO_mem_ctrl; -+ CRYPTO_mem_leaks; -+ CRYPTO_mem_leaks_cb; -+ CRYPTO_mem_leaks_fp; -+ CRYPTO_realloc; -+ CRYPTO_remalloc; -+ CRYPTO_set_add_lock_callback; -+ CRYPTO_set_id_callback; -+ CRYPTO_set_locking_callback; -+ CRYPTO_set_mem_functions; -+ CRYPTO_thread_id; -+ DH_check; -+ DH_compute_key; -+ DH_free; -+ DH_generate_key; -+ DH_generate_parameters; -+ DH_new; -+ DH_size; -+ DHparams_print; -+ DHparams_print_fp; -+ DSA_free; -+ DSA_generate_key; -+ DSA_generate_parameters; -+ DSA_is_prime; -+ DSA_new; -+ DSA_print; -+ DSA_print_fp; -+ DSA_sign; -+ DSA_sign_setup; -+ DSA_size; -+ DSA_verify; -+ DSAparams_print; -+ DSAparams_print_fp; -+ ERR_clear_error; -+ ERR_error_string; -+ ERR_free_strings; -+ ERR_func_error_string; -+ ERR_get_err_state_table; -+ ERR_get_error; -+ ERR_get_error_line; -+ ERR_get_state; -+ ERR_get_string_table; -+ ERR_lib_error_string; -+ ERR_load_ASN1_strings; -+ ERR_load_BIO_strings; -+ ERR_load_BN_strings; -+ ERR_load_BUF_strings; -+ ERR_load_CONF_strings; -+ ERR_load_DH_strings; -+ ERR_load_DSA_strings; -+ ERR_load_ERR_strings; -+ ERR_load_EVP_strings; -+ ERR_load_OBJ_strings; -+ ERR_load_PEM_strings; -+ ERR_load_PROXY_strings; -+ ERR_load_RSA_strings; -+ ERR_load_X509_strings; -+ ERR_load_crypto_strings; -+ ERR_load_strings; -+ ERR_peek_error; -+ ERR_peek_error_line; -+ ERR_print_errors; -+ ERR_print_errors_fp; -+ ERR_put_error; -+ ERR_reason_error_string; -+ ERR_remove_state; -+ EVP_BytesToKey; -+ EVP_CIPHER_CTX_cleanup; -+ EVP_CipherFinal; -+ EVP_CipherInit; -+ EVP_CipherUpdate; -+ EVP_DecodeBlock; -+ EVP_DecodeFinal; -+ EVP_DecodeInit; -+ EVP_DecodeUpdate; -+ EVP_DecryptFinal; -+ EVP_DecryptInit; -+ EVP_DecryptUpdate; -+ EVP_DigestFinal; -+ EVP_DigestInit; -+ EVP_DigestUpdate; -+ EVP_EncodeBlock; -+ EVP_EncodeFinal; -+ EVP_EncodeInit; -+ EVP_EncodeUpdate; -+ EVP_EncryptFinal; -+ EVP_EncryptInit; -+ EVP_EncryptUpdate; -+ EVP_OpenFinal; -+ EVP_OpenInit; -+ EVP_PKEY_assign; -+ EVP_PKEY_copy_parameters; -+ EVP_PKEY_free; -+ EVP_PKEY_missing_parameters; -+ EVP_PKEY_new; -+ EVP_PKEY_save_parameters; -+ EVP_PKEY_size; -+ EVP_PKEY_type; -+ EVP_SealFinal; -+ EVP_SealInit; -+ EVP_SignFinal; -+ EVP_VerifyFinal; -+ EVP_add_alias; -+ EVP_add_cipher; -+ EVP_add_digest; -+ EVP_bf_cbc; -+ EVP_bf_cfb64; -+ EVP_bf_ecb; -+ EVP_bf_ofb; -+ EVP_cleanup; -+ EVP_des_cbc; -+ EVP_des_cfb64; -+ EVP_des_ecb; -+ EVP_des_ede; -+ EVP_des_ede3; -+ EVP_des_ede3_cbc; -+ EVP_des_ede3_cfb64; -+ EVP_des_ede3_ofb; -+ EVP_des_ede_cbc; -+ EVP_des_ede_cfb64; -+ EVP_des_ede_ofb; -+ EVP_des_ofb; -+ EVP_desx_cbc; -+ EVP_dss; -+ EVP_dss1; -+ EVP_enc_null; -+ EVP_get_cipherbyname; -+ EVP_get_digestbyname; -+ EVP_get_pw_prompt; -+ EVP_idea_cbc; -+ EVP_idea_cfb64; -+ EVP_idea_ecb; -+ EVP_idea_ofb; -+ EVP_md2; -+ EVP_md5; -+ EVP_md_null; -+ EVP_rc2_cbc; -+ EVP_rc2_cfb64; -+ EVP_rc2_ecb; -+ EVP_rc2_ofb; -+ EVP_rc4; -+ EVP_read_pw_string; -+ EVP_set_pw_prompt; -+ EVP_sha; -+ EVP_sha1; -+ MD2; -+ MD2_Final; -+ MD2_Init; -+ MD2_Update; -+ MD2_options; -+ MD5; -+ MD5_Final; -+ MD5_Init; -+ MD5_Update; -+ MDC2; -+ MDC2_Final; -+ MDC2_Init; -+ MDC2_Update; -+ NETSCAPE_SPKAC_free; -+ NETSCAPE_SPKAC_new; -+ NETSCAPE_SPKI_free; -+ NETSCAPE_SPKI_new; -+ NETSCAPE_SPKI_sign; -+ NETSCAPE_SPKI_verify; -+ OBJ_add_object; -+ OBJ_bsearch; -+ OBJ_cleanup; -+ OBJ_cmp; -+ OBJ_create; -+ OBJ_dup; -+ OBJ_ln2nid; -+ OBJ_new_nid; -+ OBJ_nid2ln; -+ OBJ_nid2obj; -+ OBJ_nid2sn; -+ OBJ_obj2nid; -+ OBJ_sn2nid; -+ OBJ_txt2nid; -+ PEM_ASN1_read; -+ PEM_ASN1_read_bio; -+ PEM_ASN1_write; -+ PEM_ASN1_write_bio; -+ PEM_SealFinal; -+ PEM_SealInit; -+ PEM_SealUpdate; -+ PEM_SignFinal; -+ PEM_SignInit; -+ PEM_SignUpdate; -+ PEM_X509_INFO_read; -+ PEM_X509_INFO_read_bio; -+ PEM_X509_INFO_write_bio; -+ PEM_dek_info; -+ PEM_do_header; -+ PEM_get_EVP_CIPHER_INFO; -+ PEM_proc_type; -+ PEM_read; -+ PEM_read_DHparams; -+ PEM_read_DSAPrivateKey; -+ PEM_read_DSAparams; -+ PEM_read_PKCS7; -+ PEM_read_PrivateKey; -+ PEM_read_RSAPrivateKey; -+ PEM_read_X509; -+ PEM_read_X509_CRL; -+ PEM_read_X509_REQ; -+ PEM_read_bio; -+ PEM_read_bio_DHparams; -+ PEM_read_bio_DSAPrivateKey; -+ PEM_read_bio_DSAparams; -+ PEM_read_bio_PKCS7; -+ PEM_read_bio_PrivateKey; -+ PEM_read_bio_RSAPrivateKey; -+ PEM_read_bio_X509; -+ PEM_read_bio_X509_CRL; -+ PEM_read_bio_X509_REQ; -+ PEM_write; -+ PEM_write_DHparams; -+ PEM_write_DSAPrivateKey; -+ PEM_write_DSAparams; -+ PEM_write_PKCS7; -+ PEM_write_PrivateKey; -+ PEM_write_RSAPrivateKey; -+ PEM_write_X509; -+ PEM_write_X509_CRL; -+ PEM_write_X509_REQ; -+ PEM_write_bio; -+ PEM_write_bio_DHparams; -+ PEM_write_bio_DSAPrivateKey; -+ PEM_write_bio_DSAparams; -+ PEM_write_bio_PKCS7; -+ PEM_write_bio_PrivateKey; -+ PEM_write_bio_RSAPrivateKey; -+ PEM_write_bio_X509; -+ PEM_write_bio_X509_CRL; -+ PEM_write_bio_X509_REQ; -+ PKCS7_DIGEST_free; -+ PKCS7_DIGEST_new; -+ PKCS7_ENCRYPT_free; -+ PKCS7_ENCRYPT_new; -+ PKCS7_ENC_CONTENT_free; -+ PKCS7_ENC_CONTENT_new; -+ PKCS7_ENVELOPE_free; -+ PKCS7_ENVELOPE_new; -+ PKCS7_ISSUER_AND_SERIAL_digest; -+ PKCS7_ISSUER_AND_SERIAL_free; -+ PKCS7_ISSUER_AND_SERIAL_new; -+ PKCS7_RECIP_INFO_free; -+ PKCS7_RECIP_INFO_new; -+ PKCS7_SIGNED_free; -+ PKCS7_SIGNED_new; -+ PKCS7_SIGNER_INFO_free; -+ PKCS7_SIGNER_INFO_new; -+ PKCS7_SIGN_ENVELOPE_free; -+ PKCS7_SIGN_ENVELOPE_new; -+ PKCS7_dup; -+ PKCS7_free; -+ PKCS7_new; -+ PROXY_ENTRY_add_noproxy; -+ PROXY_ENTRY_clear_noproxy; -+ PROXY_ENTRY_free; -+ PROXY_ENTRY_get_noproxy; -+ PROXY_ENTRY_new; -+ PROXY_ENTRY_set_server; -+ PROXY_add_noproxy; -+ PROXY_add_server; -+ PROXY_check_by_host; -+ PROXY_check_url; -+ PROXY_clear_noproxy; -+ PROXY_free; -+ PROXY_get_noproxy; -+ PROXY_get_proxies; -+ PROXY_get_proxy_entry; -+ PROXY_load_conf; -+ PROXY_new; -+ PROXY_print; -+ RAND_bytes; -+ RAND_cleanup; -+ RAND_file_name; -+ RAND_load_file; -+ RAND_screen; -+ RAND_seed; -+ RAND_write_file; -+ RC2_cbc_encrypt; -+ RC2_cfb64_encrypt; -+ RC2_ecb_encrypt; -+ RC2_encrypt; -+ RC2_ofb64_encrypt; -+ RC2_set_key; -+ RC4; -+ RC4_options; -+ RC4_set_key; -+ RSAPrivateKey_asn1_meth; -+ RSAPrivateKey_dup; -+ RSAPublicKey_dup; -+ RSA_PKCS1_SSLeay; -+ RSA_free; -+ RSA_generate_key; -+ RSA_new; -+ RSA_new_method; -+ RSA_print; -+ RSA_print_fp; -+ RSA_private_decrypt; -+ RSA_private_encrypt; -+ RSA_public_decrypt; -+ RSA_public_encrypt; -+ RSA_set_default_method; -+ RSA_sign; -+ RSA_sign_ASN1_OCTET_STRING; -+ RSA_size; -+ RSA_verify; -+ RSA_verify_ASN1_OCTET_STRING; -+ SHA; -+ SHA1; -+ SHA1_Final; -+ SHA1_Init; -+ SHA1_Update; -+ SHA_Final; -+ SHA_Init; -+ SHA_Update; -+ OpenSSL_add_all_algorithms; -+ OpenSSL_add_all_ciphers; -+ OpenSSL_add_all_digests; -+ TXT_DB_create_index; -+ TXT_DB_free; -+ TXT_DB_get_by_index; -+ TXT_DB_insert; -+ TXT_DB_read; -+ TXT_DB_write; -+ X509_ALGOR_free; -+ X509_ALGOR_new; -+ X509_ATTRIBUTE_free; -+ X509_ATTRIBUTE_new; -+ X509_CINF_free; -+ X509_CINF_new; -+ X509_CRL_INFO_free; -+ X509_CRL_INFO_new; -+ X509_CRL_add_ext; -+ X509_CRL_cmp; -+ X509_CRL_delete_ext; -+ X509_CRL_dup; -+ X509_CRL_free; -+ X509_CRL_get_ext; -+ X509_CRL_get_ext_by_NID; -+ X509_CRL_get_ext_by_OBJ; -+ X509_CRL_get_ext_by_critical; -+ X509_CRL_get_ext_count; -+ X509_CRL_new; -+ X509_CRL_sign; -+ X509_CRL_verify; -+ X509_EXTENSION_create_by_NID; -+ X509_EXTENSION_create_by_OBJ; -+ X509_EXTENSION_dup; -+ X509_EXTENSION_free; -+ X509_EXTENSION_get_critical; -+ X509_EXTENSION_get_data; -+ X509_EXTENSION_get_object; -+ X509_EXTENSION_new; -+ X509_EXTENSION_set_critical; -+ X509_EXTENSION_set_data; -+ X509_EXTENSION_set_object; -+ X509_INFO_free; -+ X509_INFO_new; -+ X509_LOOKUP_by_alias; -+ X509_LOOKUP_by_fingerprint; -+ X509_LOOKUP_by_issuer_serial; -+ X509_LOOKUP_by_subject; -+ X509_LOOKUP_ctrl; -+ X509_LOOKUP_file; -+ X509_LOOKUP_free; -+ X509_LOOKUP_hash_dir; -+ X509_LOOKUP_init; -+ X509_LOOKUP_new; -+ X509_LOOKUP_shutdown; -+ X509_NAME_ENTRY_create_by_NID; -+ X509_NAME_ENTRY_create_by_OBJ; -+ X509_NAME_ENTRY_dup; -+ X509_NAME_ENTRY_free; -+ X509_NAME_ENTRY_get_data; -+ X509_NAME_ENTRY_get_object; -+ X509_NAME_ENTRY_new; -+ X509_NAME_ENTRY_set_data; -+ X509_NAME_ENTRY_set_object; -+ X509_NAME_add_entry; -+ X509_NAME_cmp; -+ X509_NAME_delete_entry; -+ X509_NAME_digest; -+ X509_NAME_dup; -+ X509_NAME_entry_count; -+ X509_NAME_free; -+ X509_NAME_get_entry; -+ X509_NAME_get_index_by_NID; -+ X509_NAME_get_index_by_OBJ; -+ X509_NAME_get_text_by_NID; -+ X509_NAME_get_text_by_OBJ; -+ X509_NAME_hash; -+ X509_NAME_new; -+ X509_NAME_oneline; -+ X509_NAME_print; -+ X509_NAME_set; -+ X509_OBJECT_free_contents; -+ X509_OBJECT_retrieve_by_subject; -+ X509_OBJECT_up_ref_count; -+ X509_PKEY_free; -+ X509_PKEY_new; -+ X509_PUBKEY_free; -+ X509_PUBKEY_get; -+ X509_PUBKEY_new; -+ X509_PUBKEY_set; -+ X509_REQ_INFO_free; -+ X509_REQ_INFO_new; -+ X509_REQ_dup; -+ X509_REQ_free; -+ X509_REQ_get_pubkey; -+ X509_REQ_new; -+ X509_REQ_print; -+ X509_REQ_print_fp; -+ X509_REQ_set_pubkey; -+ X509_REQ_set_subject_name; -+ X509_REQ_set_version; -+ X509_REQ_sign; -+ X509_REQ_to_X509; -+ X509_REQ_verify; -+ X509_REVOKED_add_ext; -+ X509_REVOKED_delete_ext; -+ X509_REVOKED_free; -+ X509_REVOKED_get_ext; -+ X509_REVOKED_get_ext_by_NID; -+ X509_REVOKED_get_ext_by_OBJ; -+ X509_REVOKED_get_ext_by_critical; -+ X509_REVOKED_get_ext_by_critic; -+ X509_REVOKED_get_ext_count; -+ X509_REVOKED_new; -+ X509_SIG_free; -+ X509_SIG_new; -+ X509_STORE_CTX_cleanup; -+ X509_STORE_CTX_init; -+ X509_STORE_add_cert; -+ X509_STORE_add_lookup; -+ X509_STORE_free; -+ X509_STORE_get_by_subject; -+ X509_STORE_load_locations; -+ X509_STORE_new; -+ X509_STORE_set_default_paths; -+ X509_VAL_free; -+ X509_VAL_new; -+ X509_add_ext; -+ X509_asn1_meth; -+ X509_certificate_type; -+ X509_check_private_key; -+ X509_cmp_current_time; -+ X509_delete_ext; -+ X509_digest; -+ X509_dup; -+ X509_free; -+ X509_get_default_cert_area; -+ X509_get_default_cert_dir; -+ X509_get_default_cert_dir_env; -+ X509_get_default_cert_file; -+ X509_get_default_cert_file_env; -+ X509_get_default_private_dir; -+ X509_get_ext; -+ X509_get_ext_by_NID; -+ X509_get_ext_by_OBJ; -+ X509_get_ext_by_critical; -+ X509_get_ext_count; -+ X509_get_issuer_name; -+ X509_get_pubkey; -+ X509_get_pubkey_parameters; -+ X509_get_serialNumber; -+ X509_get_subject_name; -+ X509_gmtime_adj; -+ X509_issuer_and_serial_cmp; -+ X509_issuer_and_serial_hash; -+ X509_issuer_name_cmp; -+ X509_issuer_name_hash; -+ X509_load_cert_file; -+ X509_new; -+ X509_print; -+ X509_print_fp; -+ X509_set_issuer_name; -+ X509_set_notAfter; -+ X509_set_notBefore; -+ X509_set_pubkey; -+ X509_set_serialNumber; -+ X509_set_subject_name; -+ X509_set_version; -+ X509_sign; -+ X509_subject_name_cmp; -+ X509_subject_name_hash; -+ X509_to_X509_REQ; -+ X509_verify; -+ X509_verify_cert; -+ X509_verify_cert_error_string; -+ X509v3_add_ext; -+ X509v3_add_extension; -+ X509v3_add_netscape_extensions; -+ X509v3_add_standard_extensions; -+ X509v3_cleanup_extensions; -+ X509v3_data_type_by_NID; -+ X509v3_data_type_by_OBJ; -+ X509v3_delete_ext; -+ X509v3_get_ext; -+ X509v3_get_ext_by_NID; -+ X509v3_get_ext_by_OBJ; -+ X509v3_get_ext_by_critical; -+ X509v3_get_ext_count; -+ X509v3_pack_string; -+ X509v3_pack_type_by_NID; -+ X509v3_pack_type_by_OBJ; -+ X509v3_unpack_string; -+ _des_crypt; -+ a2d_ASN1_OBJECT; -+ a2i_ASN1_INTEGER; -+ a2i_ASN1_STRING; -+ asn1_Finish; -+ asn1_GetSequence; -+ bn_div_words; -+ bn_expand2; -+ bn_mul_add_words; -+ bn_mul_words; -+ BN_uadd; -+ BN_usub; -+ bn_sqr_words; -+ _ossl_old_crypt; -+ d2i_ASN1_BIT_STRING; -+ d2i_ASN1_BOOLEAN; -+ d2i_ASN1_HEADER; -+ d2i_ASN1_IA5STRING; -+ d2i_ASN1_INTEGER; -+ d2i_ASN1_OBJECT; -+ d2i_ASN1_OCTET_STRING; -+ d2i_ASN1_PRINTABLE; -+ d2i_ASN1_PRINTABLESTRING; -+ d2i_ASN1_SET; -+ d2i_ASN1_T61STRING; -+ d2i_ASN1_TYPE; -+ d2i_ASN1_UTCTIME; -+ d2i_ASN1_bytes; -+ d2i_ASN1_type_bytes; -+ d2i_DHparams; -+ d2i_DSAPrivateKey; -+ d2i_DSAPrivateKey_bio; -+ d2i_DSAPrivateKey_fp; -+ d2i_DSAPublicKey; -+ d2i_DSAparams; -+ d2i_NETSCAPE_SPKAC; -+ d2i_NETSCAPE_SPKI; -+ d2i_Netscape_RSA; -+ d2i_PKCS7; -+ d2i_PKCS7_DIGEST; -+ d2i_PKCS7_ENCRYPT; -+ d2i_PKCS7_ENC_CONTENT; -+ d2i_PKCS7_ENVELOPE; -+ d2i_PKCS7_ISSUER_AND_SERIAL; -+ d2i_PKCS7_RECIP_INFO; -+ d2i_PKCS7_SIGNED; -+ d2i_PKCS7_SIGNER_INFO; -+ d2i_PKCS7_SIGN_ENVELOPE; -+ d2i_PKCS7_bio; -+ d2i_PKCS7_fp; -+ d2i_PrivateKey; -+ d2i_PublicKey; -+ d2i_RSAPrivateKey; -+ d2i_RSAPrivateKey_bio; -+ d2i_RSAPrivateKey_fp; -+ d2i_RSAPublicKey; -+ d2i_X509; -+ d2i_X509_ALGOR; -+ d2i_X509_ATTRIBUTE; -+ d2i_X509_CINF; -+ d2i_X509_CRL; -+ d2i_X509_CRL_INFO; -+ d2i_X509_CRL_bio; -+ d2i_X509_CRL_fp; -+ d2i_X509_EXTENSION; -+ d2i_X509_NAME; -+ d2i_X509_NAME_ENTRY; -+ d2i_X509_PKEY; -+ d2i_X509_PUBKEY; -+ d2i_X509_REQ; -+ d2i_X509_REQ_INFO; -+ d2i_X509_REQ_bio; -+ d2i_X509_REQ_fp; -+ d2i_X509_REVOKED; -+ d2i_X509_SIG; -+ d2i_X509_VAL; -+ d2i_X509_bio; -+ d2i_X509_fp; -+ DES_cbc_cksum; -+ DES_cbc_encrypt; -+ DES_cblock_print_file; -+ DES_cfb64_encrypt; -+ DES_cfb_encrypt; -+ DES_decrypt3; -+ DES_ecb3_encrypt; -+ DES_ecb_encrypt; -+ DES_ede3_cbc_encrypt; -+ DES_ede3_cfb64_encrypt; -+ DES_ede3_ofb64_encrypt; -+ DES_enc_read; -+ DES_enc_write; -+ DES_encrypt1; -+ DES_encrypt2; -+ DES_encrypt3; -+ DES_fcrypt; -+ DES_is_weak_key; -+ DES_key_sched; -+ DES_ncbc_encrypt; -+ DES_ofb64_encrypt; -+ DES_ofb_encrypt; -+ DES_options; -+ DES_pcbc_encrypt; -+ DES_quad_cksum; -+ DES_random_key; -+ _ossl_old_des_random_seed; -+ _ossl_old_des_read_2passwords; -+ _ossl_old_des_read_password; -+ _ossl_old_des_read_pw; -+ _ossl_old_des_read_pw_string; -+ DES_set_key; -+ DES_set_odd_parity; -+ DES_string_to_2keys; -+ DES_string_to_key; -+ DES_xcbc_encrypt; -+ DES_xwhite_in2out; -+ fcrypt_body; -+ i2a_ASN1_INTEGER; -+ i2a_ASN1_OBJECT; -+ i2a_ASN1_STRING; -+ i2d_ASN1_BIT_STRING; -+ i2d_ASN1_BOOLEAN; -+ i2d_ASN1_HEADER; -+ i2d_ASN1_IA5STRING; -+ i2d_ASN1_INTEGER; -+ i2d_ASN1_OBJECT; -+ i2d_ASN1_OCTET_STRING; -+ i2d_ASN1_PRINTABLE; -+ i2d_ASN1_SET; -+ i2d_ASN1_TYPE; -+ i2d_ASN1_UTCTIME; -+ i2d_ASN1_bytes; -+ i2d_DHparams; -+ i2d_DSAPrivateKey; -+ i2d_DSAPrivateKey_bio; -+ i2d_DSAPrivateKey_fp; -+ i2d_DSAPublicKey; -+ i2d_DSAparams; -+ i2d_NETSCAPE_SPKAC; -+ i2d_NETSCAPE_SPKI; -+ i2d_Netscape_RSA; -+ i2d_PKCS7; -+ i2d_PKCS7_DIGEST; -+ i2d_PKCS7_ENCRYPT; -+ i2d_PKCS7_ENC_CONTENT; -+ i2d_PKCS7_ENVELOPE; -+ i2d_PKCS7_ISSUER_AND_SERIAL; -+ i2d_PKCS7_RECIP_INFO; -+ i2d_PKCS7_SIGNED; -+ i2d_PKCS7_SIGNER_INFO; -+ i2d_PKCS7_SIGN_ENVELOPE; -+ i2d_PKCS7_bio; -+ i2d_PKCS7_fp; -+ i2d_PrivateKey; -+ i2d_PublicKey; -+ i2d_RSAPrivateKey; -+ i2d_RSAPrivateKey_bio; -+ i2d_RSAPrivateKey_fp; -+ i2d_RSAPublicKey; -+ i2d_X509; -+ i2d_X509_ALGOR; -+ i2d_X509_ATTRIBUTE; -+ i2d_X509_CINF; -+ i2d_X509_CRL; -+ i2d_X509_CRL_INFO; -+ i2d_X509_CRL_bio; -+ i2d_X509_CRL_fp; -+ i2d_X509_EXTENSION; -+ i2d_X509_NAME; -+ i2d_X509_NAME_ENTRY; -+ i2d_X509_PKEY; -+ i2d_X509_PUBKEY; -+ i2d_X509_REQ; -+ i2d_X509_REQ_INFO; -+ i2d_X509_REQ_bio; -+ i2d_X509_REQ_fp; -+ i2d_X509_REVOKED; -+ i2d_X509_SIG; -+ i2d_X509_VAL; -+ i2d_X509_bio; -+ i2d_X509_fp; -+ idea_cbc_encrypt; -+ idea_cfb64_encrypt; -+ idea_ecb_encrypt; -+ idea_encrypt; -+ idea_ofb64_encrypt; -+ idea_options; -+ idea_set_decrypt_key; -+ idea_set_encrypt_key; -+ lh_delete; -+ lh_doall; -+ lh_doall_arg; -+ lh_free; -+ lh_insert; -+ lh_new; -+ lh_node_stats; -+ lh_node_stats_bio; -+ lh_node_usage_stats; -+ lh_node_usage_stats_bio; -+ lh_retrieve; -+ lh_stats; -+ lh_stats_bio; -+ lh_strhash; -+ sk_delete; -+ sk_delete_ptr; -+ sk_dup; -+ sk_find; -+ sk_free; -+ sk_insert; -+ sk_new; -+ sk_pop; -+ sk_pop_free; -+ sk_push; -+ sk_set_cmp_func; -+ sk_shift; -+ sk_unshift; -+ sk_zero; -+ BIO_f_nbio_test; -+ ASN1_TYPE_get; -+ ASN1_TYPE_set; -+ PKCS7_content_free; -+ ERR_load_PKCS7_strings; -+ X509_find_by_issuer_and_serial; -+ X509_find_by_subject; -+ PKCS7_ctrl; -+ PKCS7_set_type; -+ PKCS7_set_content; -+ PKCS7_SIGNER_INFO_set; -+ PKCS7_add_signer; -+ PKCS7_add_certificate; -+ PKCS7_add_crl; -+ PKCS7_content_new; -+ PKCS7_dataSign; -+ PKCS7_dataVerify; -+ PKCS7_dataInit; -+ PKCS7_add_signature; -+ PKCS7_cert_from_signer_info; -+ PKCS7_get_signer_info; -+ EVP_delete_alias; -+ EVP_mdc2; -+ PEM_read_bio_RSAPublicKey; -+ PEM_write_bio_RSAPublicKey; -+ d2i_RSAPublicKey_bio; -+ i2d_RSAPublicKey_bio; -+ PEM_read_RSAPublicKey; -+ PEM_write_RSAPublicKey; -+ d2i_RSAPublicKey_fp; -+ i2d_RSAPublicKey_fp; -+ BIO_copy_next_retry; -+ RSA_flags; -+ X509_STORE_add_crl; -+ X509_load_crl_file; -+ EVP_rc2_40_cbc; -+ EVP_rc4_40; -+ EVP_CIPHER_CTX_init; -+ HMAC; -+ HMAC_Init; -+ HMAC_Update; -+ HMAC_Final; -+ ERR_get_next_error_library; -+ EVP_PKEY_cmp_parameters; -+ HMAC_cleanup; -+ BIO_ptr_ctrl; -+ BIO_new_file_internal; -+ BIO_new_fp_internal; -+ BIO_s_file_internal; -+ BN_BLINDING_convert; -+ BN_BLINDING_invert; -+ BN_BLINDING_update; -+ RSA_blinding_on; -+ RSA_blinding_off; -+ i2t_ASN1_OBJECT; -+ BN_BLINDING_new; -+ BN_BLINDING_free; -+ EVP_cast5_cbc; -+ EVP_cast5_cfb64; -+ EVP_cast5_ecb; -+ EVP_cast5_ofb; -+ BF_decrypt; -+ CAST_set_key; -+ CAST_encrypt; -+ CAST_decrypt; -+ CAST_ecb_encrypt; -+ CAST_cbc_encrypt; -+ CAST_cfb64_encrypt; -+ CAST_ofb64_encrypt; -+ RC2_decrypt; -+ OBJ_create_objects; -+ BN_exp; -+ BN_mul_word; -+ BN_sub_word; -+ BN_dec2bn; -+ BN_bn2dec; -+ BIO_ghbn_ctrl; -+ CRYPTO_free_ex_data; -+ CRYPTO_get_ex_data; -+ CRYPTO_set_ex_data; -+ ERR_load_CRYPTO_strings; -+ ERR_load_CRYPTOlib_strings; -+ EVP_PKEY_bits; -+ MD5_Transform; -+ SHA1_Transform; -+ SHA_Transform; -+ X509_STORE_CTX_get_chain; -+ X509_STORE_CTX_get_current_cert; -+ X509_STORE_CTX_get_error; -+ X509_STORE_CTX_get_error_depth; -+ X509_STORE_CTX_get_ex_data; -+ X509_STORE_CTX_set_cert; -+ X509_STORE_CTX_set_chain; -+ X509_STORE_CTX_set_error; -+ X509_STORE_CTX_set_ex_data; -+ CRYPTO_dup_ex_data; -+ CRYPTO_get_new_lockid; -+ CRYPTO_new_ex_data; -+ RSA_set_ex_data; -+ RSA_get_ex_data; -+ RSA_get_ex_new_index; -+ RSA_padding_add_PKCS1_type_1; -+ RSA_padding_add_PKCS1_type_2; -+ RSA_padding_add_SSLv23; -+ RSA_padding_add_none; -+ RSA_padding_check_PKCS1_type_1; -+ RSA_padding_check_PKCS1_type_2; -+ RSA_padding_check_SSLv23; -+ RSA_padding_check_none; -+ bn_add_words; -+ d2i_Netscape_RSA_2; -+ CRYPTO_get_ex_new_index; -+ RIPEMD160_Init; -+ RIPEMD160_Update; -+ RIPEMD160_Final; -+ RIPEMD160; -+ RIPEMD160_Transform; -+ RC5_32_set_key; -+ RC5_32_ecb_encrypt; -+ RC5_32_encrypt; -+ RC5_32_decrypt; -+ RC5_32_cbc_encrypt; -+ RC5_32_cfb64_encrypt; -+ RC5_32_ofb64_encrypt; -+ BN_bn2mpi; -+ BN_mpi2bn; -+ ASN1_BIT_STRING_get_bit; -+ ASN1_BIT_STRING_set_bit; -+ BIO_get_ex_data; -+ BIO_get_ex_new_index; -+ BIO_set_ex_data; -+ X509v3_get_key_usage; -+ X509v3_set_key_usage; -+ a2i_X509v3_key_usage; -+ i2a_X509v3_key_usage; -+ EVP_PKEY_decrypt; -+ EVP_PKEY_encrypt; -+ PKCS7_RECIP_INFO_set; -+ PKCS7_add_recipient; -+ PKCS7_add_recipient_info; -+ PKCS7_set_cipher; -+ ASN1_TYPE_get_int_octetstring; -+ ASN1_TYPE_get_octetstring; -+ ASN1_TYPE_set_int_octetstring; -+ ASN1_TYPE_set_octetstring; -+ ASN1_UTCTIME_set_string; -+ ERR_add_error_data; -+ ERR_set_error_data; -+ EVP_CIPHER_asn1_to_param; -+ EVP_CIPHER_param_to_asn1; -+ EVP_CIPHER_get_asn1_iv; -+ EVP_CIPHER_set_asn1_iv; -+ EVP_rc5_32_12_16_cbc; -+ EVP_rc5_32_12_16_cfb64; -+ EVP_rc5_32_12_16_ecb; -+ EVP_rc5_32_12_16_ofb; -+ asn1_add_error; -+ d2i_ASN1_BMPSTRING; -+ i2d_ASN1_BMPSTRING; -+ BIO_f_ber; -+ BN_init; -+ COMP_CTX_new; -+ COMP_CTX_free; -+ COMP_CTX_compress_block; -+ COMP_CTX_expand_block; -+ X509_STORE_CTX_get_ex_new_index; -+ OBJ_NAME_add; -+ BIO_socket_nbio; -+ EVP_rc2_64_cbc; -+ OBJ_NAME_cleanup; -+ OBJ_NAME_get; -+ OBJ_NAME_init; -+ OBJ_NAME_new_index; -+ OBJ_NAME_remove; -+ BN_MONT_CTX_copy; -+ BIO_new_socks4a_connect; -+ BIO_s_socks4a_connect; -+ PROXY_set_connect_mode; -+ RAND_SSLeay; -+ RAND_set_rand_method; -+ RSA_memory_lock; -+ bn_sub_words; -+ bn_mul_normal; -+ bn_mul_comba8; -+ bn_mul_comba4; -+ bn_sqr_normal; -+ bn_sqr_comba8; -+ bn_sqr_comba4; -+ bn_cmp_words; -+ bn_mul_recursive; -+ bn_mul_part_recursive; -+ bn_sqr_recursive; -+ bn_mul_low_normal; -+ BN_RECP_CTX_init; -+ BN_RECP_CTX_new; -+ BN_RECP_CTX_free; -+ BN_RECP_CTX_set; -+ BN_mod_mul_reciprocal; -+ BN_mod_exp_recp; -+ BN_div_recp; -+ BN_CTX_init; -+ BN_MONT_CTX_init; -+ RAND_get_rand_method; -+ PKCS7_add_attribute; -+ PKCS7_add_signed_attribute; -+ PKCS7_digest_from_attributes; -+ PKCS7_get_attribute; -+ PKCS7_get_issuer_and_serial; -+ PKCS7_get_signed_attribute; -+ COMP_compress_block; -+ COMP_expand_block; -+ COMP_rle; -+ COMP_zlib; -+ ms_time_diff; -+ ms_time_new; -+ ms_time_free; -+ ms_time_cmp; -+ ms_time_get; -+ PKCS7_set_attributes; -+ PKCS7_set_signed_attributes; -+ X509_ATTRIBUTE_create; -+ X509_ATTRIBUTE_dup; -+ ASN1_GENERALIZEDTIME_check; -+ ASN1_GENERALIZEDTIME_print; -+ ASN1_GENERALIZEDTIME_set; -+ ASN1_GENERALIZEDTIME_set_string; -+ ASN1_TIME_print; -+ BASIC_CONSTRAINTS_free; -+ BASIC_CONSTRAINTS_new; -+ ERR_load_X509V3_strings; -+ NETSCAPE_CERT_SEQUENCE_free; -+ NETSCAPE_CERT_SEQUENCE_new; -+ OBJ_txt2obj; -+ PEM_read_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_NS_CERT_SEQ; -+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_bio_NS_CERT_SEQ; -+ PEM_write_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_NS_CERT_SEQ; -+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_bio_NS_CERT_SEQ; -+ X509V3_EXT_add; -+ X509V3_EXT_add_alias; -+ X509V3_EXT_add_conf; -+ X509V3_EXT_cleanup; -+ X509V3_EXT_conf; -+ X509V3_EXT_conf_nid; -+ X509V3_EXT_get; -+ X509V3_EXT_get_nid; -+ X509V3_EXT_print; -+ X509V3_EXT_print_fp; -+ X509V3_add_standard_extensions; -+ X509V3_add_value; -+ X509V3_add_value_bool; -+ X509V3_add_value_int; -+ X509V3_conf_free; -+ X509V3_get_value_bool; -+ X509V3_get_value_int; -+ X509V3_parse_list; -+ d2i_ASN1_GENERALIZEDTIME; -+ d2i_ASN1_TIME; -+ d2i_BASIC_CONSTRAINTS; -+ d2i_NETSCAPE_CERT_SEQUENCE; -+ d2i_ext_ku; -+ ext_ku_free; -+ ext_ku_new; -+ i2d_ASN1_GENERALIZEDTIME; -+ i2d_ASN1_TIME; -+ i2d_BASIC_CONSTRAINTS; -+ i2d_NETSCAPE_CERT_SEQUENCE; -+ i2d_ext_ku; -+ EVP_MD_CTX_copy; -+ i2d_ASN1_ENUMERATED; -+ d2i_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_set; -+ ASN1_ENUMERATED_get; -+ BN_to_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_to_BN; -+ i2a_ASN1_ENUMERATED; -+ a2i_ASN1_ENUMERATED; -+ i2d_GENERAL_NAME; -+ d2i_GENERAL_NAME; -+ GENERAL_NAME_new; -+ GENERAL_NAME_free; -+ GENERAL_NAMES_new; -+ GENERAL_NAMES_free; -+ d2i_GENERAL_NAMES; -+ i2d_GENERAL_NAMES; -+ i2v_GENERAL_NAMES; -+ i2s_ASN1_OCTET_STRING; -+ s2i_ASN1_OCTET_STRING; -+ X509V3_EXT_check_conf; -+ hex_to_string; -+ string_to_hex; -+ DES_ede3_cbcm_encrypt; -+ RSA_padding_add_PKCS1_OAEP; -+ RSA_padding_check_PKCS1_OAEP; -+ X509_CRL_print_fp; -+ X509_CRL_print; -+ i2v_GENERAL_NAME; -+ v2i_GENERAL_NAME; -+ i2d_PKEY_USAGE_PERIOD; -+ d2i_PKEY_USAGE_PERIOD; -+ PKEY_USAGE_PERIOD_new; -+ PKEY_USAGE_PERIOD_free; -+ v2i_GENERAL_NAMES; -+ i2s_ASN1_INTEGER; -+ X509V3_EXT_d2i; -+ name_cmp; -+ str_dup; -+ i2s_ASN1_ENUMERATED; -+ i2s_ASN1_ENUMERATED_TABLE; -+ BIO_s_log; -+ BIO_f_reliable; -+ PKCS7_dataFinal; -+ PKCS7_dataDecode; -+ X509V3_EXT_CRL_add_conf; -+ BN_set_params; -+ BN_get_params; -+ BIO_get_ex_num; -+ BIO_set_ex_free_func; -+ EVP_ripemd160; -+ ASN1_TIME_set; -+ i2d_AUTHORITY_KEYID; -+ d2i_AUTHORITY_KEYID; -+ AUTHORITY_KEYID_new; -+ AUTHORITY_KEYID_free; -+ ASN1_seq_unpack; -+ ASN1_seq_pack; -+ ASN1_unpack_string; -+ ASN1_pack_string; -+ PKCS12_pack_safebag; -+ PKCS12_MAKE_KEYBAG; -+ PKCS8_encrypt; -+ PKCS12_MAKE_SHKEYBAG; -+ PKCS12_pack_p7data; -+ PKCS12_pack_p7encdata; -+ PKCS12_add_localkeyid; -+ PKCS12_add_friendlyname_asc; -+ PKCS12_add_friendlyname_uni; -+ PKCS12_get_friendlyname; -+ PKCS12_pbe_crypt; -+ PKCS12_decrypt_d2i; -+ PKCS12_i2d_encrypt; -+ PKCS12_init; -+ PKCS12_key_gen_asc; -+ PKCS12_key_gen_uni; -+ PKCS12_gen_mac; -+ PKCS12_verify_mac; -+ PKCS12_set_mac; -+ PKCS12_setup_mac; -+ OPENSSL_asc2uni; -+ OPENSSL_uni2asc; -+ i2d_PKCS12_BAGS; -+ PKCS12_BAGS_new; -+ d2i_PKCS12_BAGS; -+ PKCS12_BAGS_free; -+ i2d_PKCS12; -+ d2i_PKCS12; -+ PKCS12_new; -+ PKCS12_free; -+ i2d_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_new; -+ d2i_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_free; -+ i2d_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_new; -+ d2i_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_free; -+ ERR_load_PKCS12_strings; -+ PKCS12_PBE_add; -+ PKCS8_add_keyusage; -+ PKCS12_get_attr_gen; -+ PKCS12_parse; -+ PKCS12_create; -+ i2d_PKCS12_bio; -+ i2d_PKCS12_fp; -+ d2i_PKCS12_bio; -+ d2i_PKCS12_fp; -+ i2d_PBEPARAM; -+ PBEPARAM_new; -+ d2i_PBEPARAM; -+ PBEPARAM_free; -+ i2d_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_new; -+ d2i_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_free; -+ EVP_PKCS82PKEY; -+ EVP_PKEY2PKCS8; -+ PKCS8_set_broken; -+ EVP_PBE_ALGOR_CipherInit; -+ EVP_PBE_alg_add; -+ PKCS5_pbe_set; -+ EVP_PBE_cleanup; -+ i2d_SXNET; -+ d2i_SXNET; -+ SXNET_new; -+ SXNET_free; -+ i2d_SXNETID; -+ d2i_SXNETID; -+ SXNETID_new; -+ SXNETID_free; -+ DSA_SIG_new; -+ DSA_SIG_free; -+ DSA_do_sign; -+ DSA_do_verify; -+ d2i_DSA_SIG; -+ i2d_DSA_SIG; -+ i2d_ASN1_VISIBLESTRING; -+ d2i_ASN1_VISIBLESTRING; -+ i2d_ASN1_UTF8STRING; -+ d2i_ASN1_UTF8STRING; -+ i2d_DIRECTORYSTRING; -+ d2i_DIRECTORYSTRING; -+ i2d_DISPLAYTEXT; -+ d2i_DISPLAYTEXT; -+ d2i_ASN1_SET_OF_X509; -+ i2d_ASN1_SET_OF_X509; -+ i2d_PBKDF2PARAM; -+ PBKDF2PARAM_new; -+ d2i_PBKDF2PARAM; -+ PBKDF2PARAM_free; -+ i2d_PBE2PARAM; -+ PBE2PARAM_new; -+ d2i_PBE2PARAM; -+ PBE2PARAM_free; -+ d2i_ASN1_SET_OF_GENERAL_NAME; -+ i2d_ASN1_SET_OF_GENERAL_NAME; -+ d2i_ASN1_SET_OF_SXNETID; -+ i2d_ASN1_SET_OF_SXNETID; -+ d2i_ASN1_SET_OF_POLICYQUALINFO; -+ i2d_ASN1_SET_OF_POLICYQUALINFO; -+ d2i_ASN1_SET_OF_POLICYINFO; -+ i2d_ASN1_SET_OF_POLICYINFO; -+ SXNET_add_id_asc; -+ SXNET_add_id_ulong; -+ SXNET_add_id_INTEGER; -+ SXNET_get_id_asc; -+ SXNET_get_id_ulong; -+ SXNET_get_id_INTEGER; -+ X509V3_set_conf_lhash; -+ i2d_CERTIFICATEPOLICIES; -+ CERTIFICATEPOLICIES_new; -+ CERTIFICATEPOLICIES_free; -+ d2i_CERTIFICATEPOLICIES; -+ i2d_POLICYINFO; -+ POLICYINFO_new; -+ d2i_POLICYINFO; -+ POLICYINFO_free; -+ i2d_POLICYQUALINFO; -+ POLICYQUALINFO_new; -+ d2i_POLICYQUALINFO; -+ POLICYQUALINFO_free; -+ i2d_USERNOTICE; -+ USERNOTICE_new; -+ d2i_USERNOTICE; -+ USERNOTICE_free; -+ i2d_NOTICEREF; -+ NOTICEREF_new; -+ d2i_NOTICEREF; -+ NOTICEREF_free; -+ X509V3_get_string; -+ X509V3_get_section; -+ X509V3_string_free; -+ X509V3_section_free; -+ X509V3_set_ctx; -+ s2i_ASN1_INTEGER; -+ CRYPTO_set_locked_mem_functions; -+ CRYPTO_get_locked_mem_functions; -+ CRYPTO_malloc_locked; -+ CRYPTO_free_locked; -+ BN_mod_exp2_mont; -+ ERR_get_error_line_data; -+ ERR_peek_error_line_data; -+ PKCS12_PBE_keyivgen; -+ X509_ALGOR_dup; -+ d2i_ASN1_SET_OF_DIST_POINT; -+ i2d_ASN1_SET_OF_DIST_POINT; -+ i2d_CRL_DIST_POINTS; -+ CRL_DIST_POINTS_new; -+ CRL_DIST_POINTS_free; -+ d2i_CRL_DIST_POINTS; -+ i2d_DIST_POINT; -+ DIST_POINT_new; -+ d2i_DIST_POINT; -+ DIST_POINT_free; -+ i2d_DIST_POINT_NAME; -+ DIST_POINT_NAME_new; -+ DIST_POINT_NAME_free; -+ d2i_DIST_POINT_NAME; -+ X509V3_add_value_uchar; -+ d2i_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_ASN1_TYPE; -+ d2i_ASN1_SET_OF_X509_EXTENSION; -+ d2i_ASN1_SET_OF_X509_NAME_ENTRY; -+ d2i_ASN1_SET_OF_ASN1_TYPE; -+ i2d_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_X509_EXTENSION; -+ i2d_ASN1_SET_OF_X509_NAME_ENTRY; -+ X509V3_EXT_i2d; -+ X509V3_EXT_val_prn; -+ X509V3_EXT_add_list; -+ EVP_CIPHER_type; -+ EVP_PBE_CipherInit; -+ X509V3_add_value_bool_nf; -+ d2i_ASN1_UINTEGER; -+ sk_value; -+ sk_num; -+ sk_set; -+ i2d_ASN1_SET_OF_X509_REVOKED; -+ sk_sort; -+ d2i_ASN1_SET_OF_X509_REVOKED; -+ i2d_ASN1_SET_OF_X509_ALGOR; -+ i2d_ASN1_SET_OF_X509_CRL; -+ d2i_ASN1_SET_OF_X509_ALGOR; -+ d2i_ASN1_SET_OF_X509_CRL; -+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ PKCS5_PBE_add; -+ PEM_write_bio_PKCS8; -+ i2d_PKCS8_fp; -+ PEM_read_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_read_bio_P8_PRIV_KEY_INFO; -+ d2i_PKCS8_bio; -+ d2i_PKCS8_PRIV_KEY_INFO_fp; -+ PEM_write_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_write_bio_P8_PRIV_KEY_INFO; -+ PEM_read_PKCS8; -+ d2i_PKCS8_PRIV_KEY_INFO_bio; -+ d2i_PKCS8_fp; -+ PEM_write_PKCS8; -+ PEM_read_PKCS8_PRIV_KEY_INFO; -+ PEM_read_P8_PRIV_KEY_INFO; -+ PEM_read_bio_PKCS8; -+ PEM_write_PKCS8_PRIV_KEY_INFO; -+ PEM_write_P8_PRIV_KEY_INFO; -+ PKCS5_PBE_keyivgen; -+ i2d_PKCS8_bio; -+ i2d_PKCS8_PRIV_KEY_INFO_fp; -+ i2d_PKCS8_PRIV_KEY_INFO_bio; -+ BIO_s_bio; -+ PKCS5_pbe2_set; -+ PKCS5_PBKDF2_HMAC_SHA1; -+ PKCS5_v2_PBE_keyivgen; -+ PEM_write_bio_PKCS8PrivateKey; -+ PEM_write_PKCS8PrivateKey; -+ BIO_ctrl_get_read_request; -+ BIO_ctrl_pending; -+ BIO_ctrl_wpending; -+ BIO_new_bio_pair; -+ BIO_ctrl_get_write_guarantee; -+ CRYPTO_num_locks; -+ CONF_load_bio; -+ CONF_load_fp; -+ i2d_ASN1_SET_OF_ASN1_OBJECT; -+ d2i_ASN1_SET_OF_ASN1_OBJECT; -+ PKCS7_signatureVerify; -+ RSA_set_method; -+ RSA_get_method; -+ RSA_get_default_method; -+ RSA_check_key; -+ OBJ_obj2txt; -+ DSA_dup_DH; -+ X509_REQ_get_extensions; -+ X509_REQ_set_extension_nids; -+ BIO_nwrite; -+ X509_REQ_extension_nid; -+ BIO_nread; -+ X509_REQ_get_extension_nids; -+ BIO_nwrite0; -+ X509_REQ_add_extensions_nid; -+ BIO_nread0; -+ X509_REQ_add_extensions; -+ BIO_new_mem_buf; -+ DH_set_ex_data; -+ DH_set_method; -+ DSA_OpenSSL; -+ DH_get_ex_data; -+ DH_get_ex_new_index; -+ DSA_new_method; -+ DH_new_method; -+ DH_OpenSSL; -+ DSA_get_ex_new_index; -+ DH_get_default_method; -+ DSA_set_ex_data; -+ DH_set_default_method; -+ DSA_get_ex_data; -+ X509V3_EXT_REQ_add_conf; -+ NETSCAPE_SPKI_print; -+ NETSCAPE_SPKI_set_pubkey; -+ NETSCAPE_SPKI_b64_encode; -+ NETSCAPE_SPKI_get_pubkey; -+ NETSCAPE_SPKI_b64_decode; -+ UTF8_putc; -+ UTF8_getc; -+ RSA_null_method; -+ ASN1_tag2str; -+ BIO_ctrl_reset_read_request; -+ DISPLAYTEXT_new; -+ ASN1_GENERALIZEDTIME_free; -+ X509_REVOKED_get_ext_d2i; -+ X509_set_ex_data; -+ X509_reject_set_bit_asc; -+ X509_NAME_add_entry_by_txt; -+ X509_NAME_add_entry_by_NID; -+ X509_PURPOSE_get0; -+ PEM_read_X509_AUX; -+ d2i_AUTHORITY_INFO_ACCESS; -+ PEM_write_PUBKEY; -+ ACCESS_DESCRIPTION_new; -+ X509_CERT_AUX_free; -+ d2i_ACCESS_DESCRIPTION; -+ X509_trust_clear; -+ X509_TRUST_add; -+ ASN1_VISIBLESTRING_new; -+ X509_alias_set1; -+ ASN1_PRINTABLESTRING_free; -+ EVP_PKEY_get1_DSA; -+ ASN1_BMPSTRING_new; -+ ASN1_mbstring_copy; -+ ASN1_UTF8STRING_new; -+ DSA_get_default_method; -+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_T61STRING_free; -+ DSA_set_method; -+ X509_get_ex_data; -+ ASN1_STRING_type; -+ X509_PURPOSE_get_by_sname; -+ ASN1_TIME_free; -+ ASN1_OCTET_STRING_cmp; -+ ASN1_BIT_STRING_new; -+ X509_get_ext_d2i; -+ PEM_read_bio_X509_AUX; -+ ASN1_STRING_set_default_mask_asc; -+ ASN1_STRING_set_def_mask_asc; -+ PEM_write_bio_RSA_PUBKEY; -+ ASN1_INTEGER_cmp; -+ d2i_RSA_PUBKEY_fp; -+ X509_trust_set_bit_asc; -+ PEM_write_bio_DSA_PUBKEY; -+ X509_STORE_CTX_free; -+ EVP_PKEY_set1_DSA; -+ i2d_DSA_PUBKEY_fp; -+ X509_load_cert_crl_file; -+ ASN1_TIME_new; -+ i2d_RSA_PUBKEY; -+ X509_STORE_CTX_purpose_inherit; -+ PEM_read_RSA_PUBKEY; -+ d2i_X509_AUX; -+ i2d_DSA_PUBKEY; -+ X509_CERT_AUX_print; -+ PEM_read_DSA_PUBKEY; -+ i2d_RSA_PUBKEY_bio; -+ ASN1_BIT_STRING_num_asc; -+ i2d_PUBKEY; -+ ASN1_UTCTIME_free; -+ DSA_set_default_method; -+ X509_PURPOSE_get_by_id; -+ ACCESS_DESCRIPTION_free; -+ PEM_read_bio_PUBKEY; -+ ASN1_STRING_set_by_NID; -+ X509_PURPOSE_get_id; -+ DISPLAYTEXT_free; -+ OTHERNAME_new; -+ X509_CERT_AUX_new; -+ X509_TRUST_cleanup; -+ X509_NAME_add_entry_by_OBJ; -+ X509_CRL_get_ext_d2i; -+ X509_PURPOSE_get0_name; -+ PEM_read_PUBKEY; -+ i2d_DSA_PUBKEY_bio; -+ i2d_OTHERNAME; -+ ASN1_OCTET_STRING_free; -+ ASN1_BIT_STRING_set_asc; -+ X509_get_ex_new_index; -+ ASN1_STRING_TABLE_cleanup; -+ X509_TRUST_get_by_id; -+ X509_PURPOSE_get_trust; -+ ASN1_STRING_length; -+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_PRINTABLESTRING_new; -+ X509V3_get_d2i; -+ ASN1_ENUMERATED_free; -+ i2d_X509_CERT_AUX; -+ X509_STORE_CTX_set_trust; -+ ASN1_STRING_set_default_mask; -+ X509_STORE_CTX_new; -+ EVP_PKEY_get1_RSA; -+ DIRECTORYSTRING_free; -+ PEM_write_X509_AUX; -+ ASN1_OCTET_STRING_set; -+ d2i_DSA_PUBKEY_fp; -+ d2i_RSA_PUBKEY; -+ X509_TRUST_get0_name; -+ X509_TRUST_get0; -+ AUTHORITY_INFO_ACCESS_free; -+ ASN1_IA5STRING_new; -+ d2i_DSA_PUBKEY; -+ X509_check_purpose; -+ ASN1_ENUMERATED_new; -+ d2i_RSA_PUBKEY_bio; -+ d2i_PUBKEY; -+ X509_TRUST_get_trust; -+ X509_TRUST_get_flags; -+ ASN1_BMPSTRING_free; -+ ASN1_T61STRING_new; -+ ASN1_UTCTIME_new; -+ i2d_AUTHORITY_INFO_ACCESS; -+ EVP_PKEY_set1_RSA; -+ X509_STORE_CTX_set_purpose; -+ ASN1_IA5STRING_free; -+ PEM_write_bio_X509_AUX; -+ X509_PURPOSE_get_count; -+ CRYPTO_add_info; -+ X509_NAME_ENTRY_create_by_txt; -+ ASN1_STRING_get_default_mask; -+ X509_alias_get0; -+ ASN1_STRING_data; -+ i2d_ACCESS_DESCRIPTION; -+ X509_trust_set_bit; -+ ASN1_BIT_STRING_free; -+ PEM_read_bio_RSA_PUBKEY; -+ X509_add1_reject_object; -+ X509_check_trust; -+ PEM_read_bio_DSA_PUBKEY; -+ X509_PURPOSE_add; -+ ASN1_STRING_TABLE_get; -+ ASN1_UTF8STRING_free; -+ d2i_DSA_PUBKEY_bio; -+ PEM_write_RSA_PUBKEY; -+ d2i_OTHERNAME; -+ X509_reject_set_bit; -+ PEM_write_DSA_PUBKEY; -+ X509_PURPOSE_get0_sname; -+ EVP_PKEY_set1_DH; -+ ASN1_OCTET_STRING_dup; -+ ASN1_BIT_STRING_set; -+ X509_TRUST_get_count; -+ ASN1_INTEGER_free; -+ OTHERNAME_free; -+ i2d_RSA_PUBKEY_fp; -+ ASN1_INTEGER_dup; -+ d2i_X509_CERT_AUX; -+ PEM_write_bio_PUBKEY; -+ ASN1_VISIBLESTRING_free; -+ X509_PURPOSE_cleanup; -+ ASN1_mbstring_ncopy; -+ ASN1_GENERALIZEDTIME_new; -+ EVP_PKEY_get1_DH; -+ ASN1_OCTET_STRING_new; -+ ASN1_INTEGER_new; -+ i2d_X509_AUX; -+ ASN1_BIT_STRING_name_print; -+ X509_cmp; -+ ASN1_STRING_length_set; -+ DIRECTORYSTRING_new; -+ X509_add1_trust_object; -+ PKCS12_newpass; -+ SMIME_write_PKCS7; -+ SMIME_read_PKCS7; -+ DES_set_key_checked; -+ PKCS7_verify; -+ PKCS7_encrypt; -+ DES_set_key_unchecked; -+ SMIME_crlf_copy; -+ i2d_ASN1_PRINTABLESTRING; -+ PKCS7_get0_signers; -+ PKCS7_decrypt; -+ SMIME_text; -+ PKCS7_simple_smimecap; -+ PKCS7_get_smimecap; -+ PKCS7_sign; -+ PKCS7_add_attrib_smimecap; -+ CRYPTO_dbg_set_options; -+ CRYPTO_remove_all_info; -+ CRYPTO_get_mem_debug_functions; -+ CRYPTO_is_mem_check_on; -+ CRYPTO_set_mem_debug_functions; -+ CRYPTO_pop_info; -+ CRYPTO_push_info_; -+ CRYPTO_set_mem_debug_options; -+ PEM_write_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivKey_nid; -+ d2i_PKCS8PrivateKey_bio; -+ ASN1_NULL_free; -+ d2i_ASN1_NULL; -+ ASN1_NULL_new; -+ i2d_PKCS8PrivateKey_bio; -+ i2d_PKCS8PrivateKey_fp; -+ i2d_ASN1_NULL; -+ i2d_PKCS8PrivateKey_nid_fp; -+ d2i_PKCS8PrivateKey_fp; -+ i2d_PKCS8PrivateKey_nid_bio; -+ i2d_PKCS8PrivateKeyInfo_fp; -+ i2d_PKCS8PrivateKeyInfo_bio; -+ PEM_cb; -+ i2d_PrivateKey_fp; -+ d2i_PrivateKey_bio; -+ d2i_PrivateKey_fp; -+ i2d_PrivateKey_bio; -+ X509_reject_clear; -+ X509_TRUST_set_default; -+ d2i_AutoPrivateKey; -+ X509_ATTRIBUTE_get0_type; -+ X509_ATTRIBUTE_set1_data; -+ X509at_get_attr; -+ X509at_get_attr_count; -+ X509_ATTRIBUTE_create_by_NID; -+ X509_ATTRIBUTE_set1_object; -+ X509_ATTRIBUTE_count; -+ X509_ATTRIBUTE_create_by_OBJ; -+ X509_ATTRIBUTE_get0_object; -+ X509at_get_attr_by_NID; -+ X509at_add1_attr; -+ X509_ATTRIBUTE_get0_data; -+ X509at_delete_attr; -+ X509at_get_attr_by_OBJ; -+ RAND_add; -+ BIO_number_written; -+ BIO_number_read; -+ X509_STORE_CTX_get1_chain; -+ ERR_load_RAND_strings; -+ RAND_pseudo_bytes; -+ X509_REQ_get_attr_by_NID; -+ X509_REQ_get_attr; -+ X509_REQ_add1_attr_by_NID; -+ X509_REQ_get_attr_by_OBJ; -+ X509at_add1_attr_by_NID; -+ X509_REQ_add1_attr_by_OBJ; -+ X509_REQ_get_attr_count; -+ X509_REQ_add1_attr; -+ X509_REQ_delete_attr; -+ X509at_add1_attr_by_OBJ; -+ X509_REQ_add1_attr_by_txt; -+ X509_ATTRIBUTE_create_by_txt; -+ X509at_add1_attr_by_txt; -+ BN_pseudo_rand; -+ BN_is_prime_fasttest; -+ BN_CTX_end; -+ BN_CTX_start; -+ BN_CTX_get; -+ EVP_PKEY2PKCS8_broken; -+ ASN1_STRING_TABLE_add; -+ CRYPTO_dbg_get_options; -+ AUTHORITY_INFO_ACCESS_new; -+ CRYPTO_get_mem_debug_options; -+ DES_crypt; -+ PEM_write_bio_X509_REQ_NEW; -+ PEM_write_X509_REQ_NEW; -+ BIO_callback_ctrl; -+ RAND_egd; -+ RAND_status; -+ bn_dump1; -+ DES_check_key_parity; -+ lh_num_items; -+ RAND_event; -+ DSO_new; -+ DSO_new_method; -+ DSO_free; -+ DSO_flags; -+ DSO_up; -+ DSO_set_default_method; -+ DSO_get_default_method; -+ DSO_get_method; -+ DSO_set_method; -+ DSO_load; -+ DSO_bind_var; -+ DSO_METHOD_null; -+ DSO_METHOD_openssl; -+ DSO_METHOD_dlfcn; -+ DSO_METHOD_win32; -+ ERR_load_DSO_strings; -+ DSO_METHOD_dl; -+ NCONF_load; -+ NCONF_load_fp; -+ NCONF_new; -+ NCONF_get_string; -+ NCONF_free; -+ NCONF_get_number; -+ CONF_dump_fp; -+ NCONF_load_bio; -+ NCONF_dump_fp; -+ NCONF_get_section; -+ NCONF_dump_bio; -+ CONF_dump_bio; -+ NCONF_free_data; -+ CONF_set_default_method; -+ ERR_error_string_n; -+ BIO_snprintf; -+ DSO_ctrl; -+ i2d_ASN1_SET_OF_ASN1_INTEGER; -+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; -+ i2d_ASN1_SET_OF_PKCS7; -+ BIO_vfree; -+ d2i_ASN1_SET_OF_ASN1_INTEGER; -+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; -+ ASN1_UTCTIME_get; -+ X509_REQ_digest; -+ X509_CRL_digest; -+ d2i_ASN1_SET_OF_PKCS7; -+ EVP_CIPHER_CTX_set_key_length; -+ EVP_CIPHER_CTX_ctrl; -+ BN_mod_exp_mont_word; -+ RAND_egd_bytes; -+ X509_REQ_get1_email; -+ X509_get1_email; -+ X509_email_free; -+ i2d_RSA_NET; -+ d2i_RSA_NET_2; -+ d2i_RSA_NET; -+ DSO_bind_func; -+ CRYPTO_get_new_dynlockid; -+ sk_new_null; -+ CRYPTO_set_dynlock_destroy_callback; -+ CRYPTO_set_dynlock_destroy_cb; -+ CRYPTO_destroy_dynlockid; -+ CRYPTO_set_dynlock_size; -+ CRYPTO_set_dynlock_create_callback; -+ CRYPTO_set_dynlock_create_cb; -+ CRYPTO_set_dynlock_lock_callback; -+ CRYPTO_set_dynlock_lock_cb; -+ CRYPTO_get_dynlock_lock_callback; -+ CRYPTO_get_dynlock_lock_cb; -+ CRYPTO_get_dynlock_destroy_callback; -+ CRYPTO_get_dynlock_destroy_cb; -+ CRYPTO_get_dynlock_value; -+ CRYPTO_get_dynlock_create_callback; -+ CRYPTO_get_dynlock_create_cb; -+ c2i_ASN1_BIT_STRING; -+ i2c_ASN1_BIT_STRING; -+ RAND_poll; -+ c2i_ASN1_INTEGER; -+ i2c_ASN1_INTEGER; -+ BIO_dump_indent; -+ ASN1_parse_dump; -+ c2i_ASN1_OBJECT; -+ X509_NAME_print_ex_fp; -+ ASN1_STRING_print_ex_fp; -+ X509_NAME_print_ex; -+ ASN1_STRING_print_ex; -+ MD4; -+ MD4_Transform; -+ MD4_Final; -+ MD4_Update; -+ MD4_Init; -+ EVP_md4; -+ i2d_PUBKEY_bio; -+ i2d_PUBKEY_fp; -+ d2i_PUBKEY_bio; -+ ASN1_STRING_to_UTF8; -+ BIO_vprintf; -+ BIO_vsnprintf; -+ d2i_PUBKEY_fp; -+ X509_cmp_time; -+ X509_STORE_CTX_set_time; -+ X509_STORE_CTX_get1_issuer; -+ X509_OBJECT_retrieve_match; -+ X509_OBJECT_idx_by_subject; -+ X509_STORE_CTX_set_flags; -+ X509_STORE_CTX_trusted_stack; -+ X509_time_adj; -+ X509_check_issued; -+ ASN1_UTCTIME_cmp_time_t; -+ DES_set_weak_key_flag; -+ DES_check_key; -+ DES_rw_mode; -+ RSA_PKCS1_RSAref; -+ X509_keyid_set1; -+ BIO_next; -+ DSO_METHOD_vms; -+ BIO_f_linebuffer; -+ BN_bntest_rand; -+ OPENSSL_issetugid; -+ BN_rand_range; -+ ERR_load_ENGINE_strings; -+ ENGINE_set_DSA; -+ ENGINE_get_finish_function; -+ ENGINE_get_default_RSA; -+ ENGINE_get_BN_mod_exp; -+ DSA_get_default_openssl_method; -+ ENGINE_set_DH; -+ ENGINE_set_def_BN_mod_exp_crt; -+ ENGINE_set_default_BN_mod_exp_crt; -+ ENGINE_init; -+ DH_get_default_openssl_method; -+ RSA_set_default_openssl_method; -+ ENGINE_finish; -+ ENGINE_load_public_key; -+ ENGINE_get_DH; -+ ENGINE_ctrl; -+ ENGINE_get_init_function; -+ ENGINE_set_init_function; -+ ENGINE_set_default_DSA; -+ ENGINE_get_name; -+ ENGINE_get_last; -+ ENGINE_get_prev; -+ ENGINE_get_default_DH; -+ ENGINE_get_RSA; -+ ENGINE_set_default; -+ ENGINE_get_RAND; -+ ENGINE_get_first; -+ ENGINE_by_id; -+ ENGINE_set_finish_function; -+ ENGINE_get_def_BN_mod_exp_crt; -+ ENGINE_get_default_BN_mod_exp_crt; -+ RSA_get_default_openssl_method; -+ ENGINE_set_RSA; -+ ENGINE_load_private_key; -+ ENGINE_set_default_RAND; -+ ENGINE_set_BN_mod_exp; -+ ENGINE_remove; -+ ENGINE_free; -+ ENGINE_get_BN_mod_exp_crt; -+ ENGINE_get_next; -+ ENGINE_set_name; -+ ENGINE_get_default_DSA; -+ ENGINE_set_default_BN_mod_exp; -+ ENGINE_set_default_RSA; -+ ENGINE_get_default_RAND; -+ ENGINE_get_default_BN_mod_exp; -+ ENGINE_set_RAND; -+ ENGINE_set_id; -+ ENGINE_set_BN_mod_exp_crt; -+ ENGINE_set_default_DH; -+ ENGINE_new; -+ ENGINE_get_id; -+ DSA_set_default_openssl_method; -+ ENGINE_add; -+ DH_set_default_openssl_method; -+ ENGINE_get_DSA; -+ ENGINE_get_ctrl_function; -+ ENGINE_set_ctrl_function; -+ BN_pseudo_rand_range; -+ X509_STORE_CTX_set_verify_cb; -+ ERR_load_COMP_strings; -+ PKCS12_item_decrypt_d2i; -+ ASN1_UTF8STRING_it; -+ ENGINE_unregister_ciphers; -+ ENGINE_get_ciphers; -+ d2i_OCSP_BASICRESP; -+ KRB5_CHECKSUM_it; -+ EC_POINT_add; -+ ASN1_item_ex_i2d; -+ OCSP_CERTID_it; -+ d2i_OCSP_RESPBYTES; -+ X509V3_add1_i2d; -+ PKCS7_ENVELOPE_it; -+ UI_add_input_boolean; -+ ENGINE_unregister_RSA; -+ X509V3_EXT_nconf; -+ ASN1_GENERALSTRING_free; -+ d2i_OCSP_CERTSTATUS; -+ X509_REVOKED_set_serialNumber; -+ X509_print_ex; -+ OCSP_ONEREQ_get1_ext_d2i; -+ ENGINE_register_all_RAND; -+ ENGINE_load_dynamic; -+ PBKDF2PARAM_it; -+ EXTENDED_KEY_USAGE_new; -+ EC_GROUP_clear_free; -+ OCSP_sendreq_bio; -+ ASN1_item_digest; -+ OCSP_BASICRESP_delete_ext; -+ OCSP_SIGNATURE_it; -+ X509_CRL_it; -+ OCSP_BASICRESP_add_ext; -+ KRB5_ENCKEY_it; -+ UI_method_set_closer; -+ X509_STORE_set_purpose; -+ i2d_ASN1_GENERALSTRING; -+ OCSP_response_status; -+ i2d_OCSP_SERVICELOC; -+ ENGINE_get_digest_engine; -+ EC_GROUP_set_curve_GFp; -+ OCSP_REQUEST_get_ext_by_OBJ; -+ _ossl_old_des_random_key; -+ ASN1_T61STRING_it; -+ EC_GROUP_method_of; -+ i2d_KRB5_APREQ; -+ _ossl_old_des_encrypt; -+ ASN1_PRINTABLE_new; -+ HMAC_Init_ex; -+ d2i_KRB5_AUTHENT; -+ OCSP_archive_cutoff_new; -+ EC_POINT_set_Jprojective_coordinates_GFp; -+ EC_POINT_set_Jproj_coords_GFp; -+ _ossl_old_des_is_weak_key; -+ OCSP_BASICRESP_get_ext_by_OBJ; -+ EC_POINT_oct2point; -+ OCSP_SINGLERESP_get_ext_count; -+ UI_ctrl; -+ _shadow_DES_rw_mode; -+ asn1_do_adb; -+ ASN1_template_i2d; -+ ENGINE_register_DH; -+ UI_construct_prompt; -+ X509_STORE_set_trust; -+ UI_dup_input_string; -+ d2i_KRB5_APREQ; -+ EVP_MD_CTX_copy_ex; -+ OCSP_request_is_signed; -+ i2d_OCSP_REQINFO; -+ KRB5_ENCKEY_free; -+ OCSP_resp_get0; -+ GENERAL_NAME_it; -+ ASN1_GENERALIZEDTIME_it; -+ X509_STORE_set_flags; -+ EC_POINT_set_compressed_coordinates_GFp; -+ EC_POINT_set_compr_coords_GFp; -+ OCSP_response_status_str; -+ d2i_OCSP_REVOKEDINFO; -+ OCSP_basic_add1_cert; -+ ERR_get_implementation; -+ EVP_CipherFinal_ex; -+ OCSP_CERTSTATUS_new; -+ CRYPTO_cleanup_all_ex_data; -+ OCSP_resp_find; -+ BN_nnmod; -+ X509_CRL_sort; -+ X509_REVOKED_set_revocationDate; -+ ENGINE_register_RAND; -+ OCSP_SERVICELOC_new; -+ EC_POINT_set_affine_coordinates_GFp; -+ EC_POINT_set_affine_coords_GFp; -+ _ossl_old_des_options; -+ SXNET_it; -+ UI_dup_input_boolean; -+ PKCS12_add_CSPName_asc; -+ EC_POINT_is_at_infinity; -+ ENGINE_load_cryptodev; -+ DSO_convert_filename; -+ POLICYQUALINFO_it; -+ ENGINE_register_ciphers; -+ BN_mod_lshift_quick; -+ DSO_set_filename; -+ ASN1_item_free; -+ KRB5_TKTBODY_free; -+ AUTHORITY_KEYID_it; -+ KRB5_APREQBODY_new; -+ X509V3_EXT_REQ_add_nconf; -+ ENGINE_ctrl_cmd_string; -+ i2d_OCSP_RESPDATA; -+ EVP_MD_CTX_init; -+ EXTENDED_KEY_USAGE_free; -+ PKCS7_ATTR_SIGN_it; -+ UI_add_error_string; -+ KRB5_CHECKSUM_free; -+ OCSP_REQUEST_get_ext; -+ ENGINE_load_ubsec; -+ ENGINE_register_all_digests; -+ PKEY_USAGE_PERIOD_it; -+ PKCS12_unpack_authsafes; -+ ASN1_item_unpack; -+ NETSCAPE_SPKAC_it; -+ X509_REVOKED_it; -+ ASN1_STRING_encode; -+ EVP_aes_128_ecb; -+ KRB5_AUTHENT_free; -+ OCSP_BASICRESP_get_ext_by_critical; -+ OCSP_BASICRESP_get_ext_by_crit; -+ OCSP_cert_status_str; -+ d2i_OCSP_REQUEST; -+ UI_dup_info_string; -+ _ossl_old_des_xwhite_in2out; -+ PKCS12_it; -+ OCSP_SINGLERESP_get_ext_by_critical; -+ OCSP_SINGLERESP_get_ext_by_crit; -+ OCSP_CERTSTATUS_free; -+ _ossl_old_des_crypt; -+ ASN1_item_i2d; -+ EVP_DecryptFinal_ex; -+ ENGINE_load_openssl; -+ ENGINE_get_cmd_defns; -+ ENGINE_set_load_privkey_function; -+ ENGINE_set_load_privkey_fn; -+ EVP_EncryptFinal_ex; -+ ENGINE_set_default_digests; -+ X509_get0_pubkey_bitstr; -+ asn1_ex_i2c; -+ ENGINE_register_RSA; -+ ENGINE_unregister_DSA; -+ _ossl_old_des_key_sched; -+ X509_EXTENSION_it; -+ i2d_KRB5_AUTHENT; -+ SXNETID_it; -+ d2i_OCSP_SINGLERESP; -+ EDIPARTYNAME_new; -+ PKCS12_certbag2x509; -+ _ossl_old_des_ofb64_encrypt; -+ d2i_EXTENDED_KEY_USAGE; -+ ERR_print_errors_cb; -+ ENGINE_set_ciphers; -+ d2i_KRB5_APREQBODY; -+ UI_method_get_flusher; -+ X509_PUBKEY_it; -+ _ossl_old_des_enc_read; -+ PKCS7_ENCRYPT_it; -+ i2d_OCSP_RESPONSE; -+ EC_GROUP_get_cofactor; -+ PKCS12_unpack_p7data; -+ d2i_KRB5_AUTHDATA; -+ OCSP_copy_nonce; -+ KRB5_AUTHDATA_new; -+ OCSP_RESPDATA_new; -+ EC_GFp_mont_method; -+ OCSP_REVOKEDINFO_free; -+ UI_get_ex_data; -+ KRB5_APREQBODY_free; -+ EC_GROUP_get0_generator; -+ UI_get_default_method; -+ X509V3_set_nconf; -+ PKCS12_item_i2d_encrypt; -+ X509_add1_ext_i2d; -+ PKCS7_SIGNER_INFO_it; -+ KRB5_PRINCNAME_new; -+ PKCS12_SAFEBAG_it; -+ EC_GROUP_get_order; -+ d2i_OCSP_RESPID; -+ OCSP_request_verify; -+ NCONF_get_number_e; -+ _ossl_old_des_decrypt3; -+ X509_signature_print; -+ OCSP_SINGLERESP_free; -+ ENGINE_load_builtin_engines; -+ i2d_OCSP_ONEREQ; -+ OCSP_REQUEST_add_ext; -+ OCSP_RESPBYTES_new; -+ EVP_MD_CTX_create; -+ OCSP_resp_find_status; -+ X509_ALGOR_it; -+ ASN1_TIME_it; -+ OCSP_request_set1_name; -+ OCSP_ONEREQ_get_ext_count; -+ UI_get0_result; -+ PKCS12_AUTHSAFES_it; -+ EVP_aes_256_ecb; -+ PKCS12_pack_authsafes; -+ ASN1_IA5STRING_it; -+ UI_get_input_flags; -+ EC_GROUP_set_generator; -+ _ossl_old_des_string_to_2keys; -+ OCSP_CERTID_free; -+ X509_CERT_AUX_it; -+ CERTIFICATEPOLICIES_it; -+ _ossl_old_des_ede3_cbc_encrypt; -+ RAND_set_rand_engine; -+ DSO_get_loaded_filename; -+ X509_ATTRIBUTE_it; -+ OCSP_ONEREQ_get_ext_by_NID; -+ PKCS12_decrypt_skey; -+ KRB5_AUTHENT_it; -+ UI_dup_error_string; -+ RSAPublicKey_it; -+ i2d_OCSP_REQUEST; -+ PKCS12_x509crl2certbag; -+ OCSP_SERVICELOC_it; -+ ASN1_item_sign; -+ X509_CRL_set_issuer_name; -+ OBJ_NAME_do_all_sorted; -+ i2d_OCSP_BASICRESP; -+ i2d_OCSP_RESPBYTES; -+ PKCS12_unpack_p7encdata; -+ HMAC_CTX_init; -+ ENGINE_get_digest; -+ OCSP_RESPONSE_print; -+ KRB5_TKTBODY_it; -+ ACCESS_DESCRIPTION_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PBE2PARAM_it; -+ PKCS12_certbag2x509crl; -+ PKCS7_SIGNED_it; -+ ENGINE_get_cipher; -+ i2d_OCSP_CRLID; -+ OCSP_SINGLERESP_new; -+ ENGINE_cmd_is_executable; -+ RSA_up_ref; -+ ASN1_GENERALSTRING_it; -+ ENGINE_register_DSA; -+ X509V3_EXT_add_nconf_sk; -+ ENGINE_set_load_pubkey_function; -+ PKCS8_decrypt; -+ PEM_bytes_read_bio; -+ DIRECTORYSTRING_it; -+ d2i_OCSP_CRLID; -+ EC_POINT_is_on_curve; -+ CRYPTO_set_locked_mem_ex_functions; -+ CRYPTO_set_locked_mem_ex_funcs; -+ d2i_KRB5_CHECKSUM; -+ ASN1_item_dup; -+ X509_it; -+ BN_mod_add; -+ KRB5_AUTHDATA_free; -+ _ossl_old_des_cbc_cksum; -+ ASN1_item_verify; -+ CRYPTO_set_mem_ex_functions; -+ EC_POINT_get_Jprojective_coordinates_GFp; -+ EC_POINT_get_Jproj_coords_GFp; -+ ZLONG_it; -+ CRYPTO_get_locked_mem_ex_functions; -+ CRYPTO_get_locked_mem_ex_funcs; -+ ASN1_TIME_check; -+ UI_get0_user_data; -+ HMAC_CTX_cleanup; -+ DSA_up_ref; -+ _ossl_old_des_ede3_cfb64_encrypt; -+ _ossl_odes_ede3_cfb64_encrypt; -+ ASN1_BMPSTRING_it; -+ ASN1_tag2bit; -+ UI_method_set_flusher; -+ X509_ocspid_print; -+ KRB5_ENCDATA_it; -+ ENGINE_get_load_pubkey_function; -+ UI_add_user_data; -+ OCSP_REQUEST_delete_ext; -+ UI_get_method; -+ OCSP_ONEREQ_free; -+ ASN1_PRINTABLESTRING_it; -+ X509_CRL_set_nextUpdate; -+ OCSP_REQUEST_it; -+ OCSP_BASICRESP_it; -+ AES_ecb_encrypt; -+ BN_mod_sqr; -+ NETSCAPE_CERT_SEQUENCE_it; -+ GENERAL_NAMES_it; -+ AUTHORITY_INFO_ACCESS_it; -+ ASN1_FBOOLEAN_it; -+ UI_set_ex_data; -+ _ossl_old_des_string_to_key; -+ ENGINE_register_all_RSA; -+ d2i_KRB5_PRINCNAME; -+ OCSP_RESPBYTES_it; -+ X509_CINF_it; -+ ENGINE_unregister_digests; -+ d2i_EDIPARTYNAME; -+ d2i_OCSP_SERVICELOC; -+ ENGINE_get_digests; -+ _ossl_old_des_set_odd_parity; -+ OCSP_RESPDATA_free; -+ d2i_KRB5_TICKET; -+ OTHERNAME_it; -+ EVP_MD_CTX_cleanup; -+ d2i_ASN1_GENERALSTRING; -+ X509_CRL_set_version; -+ BN_mod_sub; -+ OCSP_SINGLERESP_get_ext_by_NID; -+ ENGINE_get_ex_new_index; -+ OCSP_REQUEST_free; -+ OCSP_REQUEST_add1_ext_i2d; -+ X509_VAL_it; -+ EC_POINTs_make_affine; -+ EC_POINT_mul; -+ X509V3_EXT_add_nconf; -+ X509_TRUST_set; -+ X509_CRL_add1_ext_i2d; -+ _ossl_old_des_fcrypt; -+ DISPLAYTEXT_it; -+ X509_CRL_set_lastUpdate; -+ OCSP_BASICRESP_free; -+ OCSP_BASICRESP_add1_ext_i2d; -+ d2i_KRB5_AUTHENTBODY; -+ CRYPTO_set_ex_data_implementation; -+ CRYPTO_set_ex_data_impl; -+ KRB5_ENCDATA_new; -+ DSO_up_ref; -+ OCSP_crl_reason_str; -+ UI_get0_result_string; -+ ASN1_GENERALSTRING_new; -+ X509_SIG_it; -+ ERR_set_implementation; -+ ERR_load_EC_strings; -+ UI_get0_action_string; -+ OCSP_ONEREQ_get_ext; -+ EC_POINT_method_of; -+ i2d_KRB5_APREQBODY; -+ _ossl_old_des_ecb3_encrypt; -+ CRYPTO_get_mem_ex_functions; -+ ENGINE_get_ex_data; -+ UI_destroy_method; -+ ASN1_item_i2d_bio; -+ OCSP_ONEREQ_get_ext_by_OBJ; -+ ASN1_primitive_new; -+ ASN1_PRINTABLE_it; -+ EVP_aes_192_ecb; -+ OCSP_SIGNATURE_new; -+ LONG_it; -+ ASN1_VISIBLESTRING_it; -+ OCSP_SINGLERESP_add1_ext_i2d; -+ d2i_OCSP_CERTID; -+ ASN1_item_d2i_fp; -+ CRL_DIST_POINTS_it; -+ GENERAL_NAME_print; -+ OCSP_SINGLERESP_delete_ext; -+ PKCS12_SAFEBAGS_it; -+ d2i_OCSP_SIGNATURE; -+ OCSP_request_add1_nonce; -+ ENGINE_set_cmd_defns; -+ OCSP_SERVICELOC_free; -+ EC_GROUP_free; -+ ASN1_BIT_STRING_it; -+ X509_REQ_it; -+ _ossl_old_des_cbc_encrypt; -+ ERR_unload_strings; -+ PKCS7_SIGN_ENVELOPE_it; -+ EDIPARTYNAME_free; -+ OCSP_REQINFO_free; -+ EC_GROUP_new_curve_GFp; -+ OCSP_REQUEST_get1_ext_d2i; -+ PKCS12_item_pack_safebag; -+ asn1_ex_c2i; -+ ENGINE_register_digests; -+ i2d_OCSP_REVOKEDINFO; -+ asn1_enc_restore; -+ UI_free; -+ UI_new_method; -+ EVP_EncryptInit_ex; -+ X509_pubkey_digest; -+ EC_POINT_invert; -+ OCSP_basic_sign; -+ i2d_OCSP_RESPID; -+ OCSP_check_nonce; -+ ENGINE_ctrl_cmd; -+ d2i_KRB5_ENCKEY; -+ OCSP_parse_url; -+ OCSP_SINGLERESP_get_ext; -+ OCSP_CRLID_free; -+ OCSP_BASICRESP_get1_ext_d2i; -+ RSAPrivateKey_it; -+ ENGINE_register_all_DH; -+ i2d_EDIPARTYNAME; -+ EC_POINT_get_affine_coordinates_GFp; -+ EC_POINT_get_affine_coords_GFp; -+ OCSP_CRLID_new; -+ ENGINE_get_flags; -+ OCSP_ONEREQ_it; -+ UI_process; -+ ASN1_INTEGER_it; -+ EVP_CipherInit_ex; -+ UI_get_string_type; -+ ENGINE_unregister_DH; -+ ENGINE_register_all_DSA; -+ OCSP_ONEREQ_get_ext_by_critical; -+ bn_dup_expand; -+ OCSP_cert_id_new; -+ BASIC_CONSTRAINTS_it; -+ BN_mod_add_quick; -+ EC_POINT_new; -+ EVP_MD_CTX_destroy; -+ OCSP_RESPBYTES_free; -+ EVP_aes_128_cbc; -+ OCSP_SINGLERESP_get1_ext_d2i; -+ EC_POINT_free; -+ DH_up_ref; -+ X509_NAME_ENTRY_it; -+ UI_get_ex_new_index; -+ BN_mod_sub_quick; -+ OCSP_ONEREQ_add_ext; -+ OCSP_request_sign; -+ EVP_DigestFinal_ex; -+ ENGINE_set_digests; -+ OCSP_id_issuer_cmp; -+ OBJ_NAME_do_all; -+ EC_POINTs_mul; -+ ENGINE_register_complete; -+ X509V3_EXT_nconf_nid; -+ ASN1_SEQUENCE_it; -+ UI_set_default_method; -+ RAND_query_egd_bytes; -+ UI_method_get_writer; -+ UI_OpenSSL; -+ PEM_def_callback; -+ ENGINE_cleanup; -+ DIST_POINT_it; -+ OCSP_SINGLERESP_it; -+ d2i_KRB5_TKTBODY; -+ EC_POINT_cmp; -+ OCSP_REVOKEDINFO_new; -+ i2d_OCSP_CERTSTATUS; -+ OCSP_basic_add1_nonce; -+ ASN1_item_ex_d2i; -+ BN_mod_lshift1_quick; -+ UI_set_method; -+ OCSP_id_get0_info; -+ BN_mod_sqrt; -+ EC_GROUP_copy; -+ KRB5_ENCDATA_free; -+ _ossl_old_des_cfb_encrypt; -+ OCSP_SINGLERESP_get_ext_by_OBJ; -+ OCSP_cert_to_id; -+ OCSP_RESPID_new; -+ OCSP_RESPDATA_it; -+ d2i_OCSP_RESPDATA; -+ ENGINE_register_all_complete; -+ OCSP_check_validity; -+ PKCS12_BAGS_it; -+ OCSP_url_svcloc_new; -+ ASN1_template_free; -+ OCSP_SINGLERESP_add_ext; -+ KRB5_AUTHENTBODY_it; -+ X509_supported_extension; -+ i2d_KRB5_AUTHDATA; -+ UI_method_get_opener; -+ ENGINE_set_ex_data; -+ OCSP_REQUEST_print; -+ CBIGNUM_it; -+ KRB5_TICKET_new; -+ KRB5_APREQ_new; -+ EC_GROUP_get_curve_GFp; -+ KRB5_ENCKEY_new; -+ ASN1_template_d2i; -+ _ossl_old_des_quad_cksum; -+ OCSP_single_get0_status; -+ BN_swap; -+ POLICYINFO_it; -+ ENGINE_set_destroy_function; -+ asn1_enc_free; -+ OCSP_RESPID_it; -+ EC_GROUP_new; -+ EVP_aes_256_cbc; -+ i2d_KRB5_PRINCNAME; -+ _ossl_old_des_encrypt2; -+ _ossl_old_des_encrypt3; -+ PKCS8_PRIV_KEY_INFO_it; -+ OCSP_REQINFO_it; -+ PBEPARAM_it; -+ KRB5_AUTHENTBODY_new; -+ X509_CRL_add0_revoked; -+ EDIPARTYNAME_it; -+ NETSCAPE_SPKI_it; -+ UI_get0_test_string; -+ ENGINE_get_cipher_engine; -+ ENGINE_register_all_ciphers; -+ EC_POINT_copy; -+ BN_kronecker; -+ _ossl_old_des_ede3_ofb64_encrypt; -+ _ossl_odes_ede3_ofb64_encrypt; -+ UI_method_get_reader; -+ OCSP_BASICRESP_get_ext_count; -+ ASN1_ENUMERATED_it; -+ UI_set_result; -+ i2d_KRB5_TICKET; -+ X509_print_ex_fp; -+ EVP_CIPHER_CTX_set_padding; -+ d2i_OCSP_RESPONSE; -+ ASN1_UTCTIME_it; -+ _ossl_old_des_enc_write; -+ OCSP_RESPONSE_new; -+ AES_set_encrypt_key; -+ OCSP_resp_count; -+ KRB5_CHECKSUM_new; -+ ENGINE_load_cswift; -+ OCSP_onereq_get0_id; -+ ENGINE_set_default_ciphers; -+ NOTICEREF_it; -+ X509V3_EXT_CRL_add_nconf; -+ OCSP_REVOKEDINFO_it; -+ AES_encrypt; -+ OCSP_REQUEST_new; -+ ASN1_ANY_it; -+ CRYPTO_ex_data_new_class; -+ _ossl_old_des_ncbc_encrypt; -+ i2d_KRB5_TKTBODY; -+ EC_POINT_clear_free; -+ AES_decrypt; -+ asn1_enc_init; -+ UI_get_result_maxsize; -+ OCSP_CERTID_new; -+ ENGINE_unregister_RAND; -+ UI_method_get_closer; -+ d2i_KRB5_ENCDATA; -+ OCSP_request_onereq_count; -+ OCSP_basic_verify; -+ KRB5_AUTHENTBODY_free; -+ ASN1_item_d2i; -+ ASN1_primitive_free; -+ i2d_EXTENDED_KEY_USAGE; -+ i2d_OCSP_SIGNATURE; -+ asn1_enc_save; -+ ENGINE_load_nuron; -+ _ossl_old_des_pcbc_encrypt; -+ PKCS12_MAC_DATA_it; -+ OCSP_accept_responses_new; -+ asn1_do_lock; -+ PKCS7_ATTR_VERIFY_it; -+ KRB5_APREQBODY_it; -+ i2d_OCSP_SINGLERESP; -+ ASN1_item_ex_new; -+ UI_add_verify_string; -+ _ossl_old_des_set_key; -+ KRB5_PRINCNAME_it; -+ EVP_DecryptInit_ex; -+ i2d_OCSP_CERTID; -+ ASN1_item_d2i_bio; -+ EC_POINT_dbl; -+ asn1_get_choice_selector; -+ i2d_KRB5_CHECKSUM; -+ ENGINE_set_table_flags; -+ AES_options; -+ ENGINE_load_chil; -+ OCSP_id_cmp; -+ OCSP_BASICRESP_new; -+ OCSP_REQUEST_get_ext_by_NID; -+ KRB5_APREQ_it; -+ ENGINE_get_destroy_function; -+ CONF_set_nconf; -+ ASN1_PRINTABLE_free; -+ OCSP_BASICRESP_get_ext_by_NID; -+ DIST_POINT_NAME_it; -+ X509V3_extensions_print; -+ _ossl_old_des_cfb64_encrypt; -+ X509_REVOKED_add1_ext_i2d; -+ _ossl_old_des_ofb_encrypt; -+ KRB5_TKTBODY_new; -+ ASN1_OCTET_STRING_it; -+ ERR_load_UI_strings; -+ i2d_KRB5_ENCKEY; -+ ASN1_template_new; -+ OCSP_SIGNATURE_free; -+ ASN1_item_i2d_fp; -+ KRB5_PRINCNAME_free; -+ PKCS7_RECIP_INFO_it; -+ EXTENDED_KEY_USAGE_it; -+ EC_GFp_simple_method; -+ EC_GROUP_precompute_mult; -+ OCSP_request_onereq_get0; -+ UI_method_set_writer; -+ KRB5_AUTHENT_new; -+ X509_CRL_INFO_it; -+ DSO_set_name_converter; -+ AES_set_decrypt_key; -+ PKCS7_DIGEST_it; -+ PKCS12_x5092certbag; -+ EVP_DigestInit_ex; -+ i2a_ACCESS_DESCRIPTION; -+ OCSP_RESPONSE_it; -+ PKCS7_ENC_CONTENT_it; -+ OCSP_request_add0_id; -+ EC_POINT_make_affine; -+ DSO_get_filename; -+ OCSP_CERTSTATUS_it; -+ OCSP_request_add1_cert; -+ UI_get0_output_string; -+ UI_dup_verify_string; -+ BN_mod_lshift; -+ KRB5_AUTHDATA_it; -+ asn1_set_choice_selector; -+ OCSP_basic_add1_status; -+ OCSP_RESPID_free; -+ asn1_get_field_ptr; -+ UI_add_input_string; -+ OCSP_CRLID_it; -+ i2d_KRB5_AUTHENTBODY; -+ OCSP_REQUEST_get_ext_count; -+ ENGINE_load_atalla; -+ X509_NAME_it; -+ USERNOTICE_it; -+ OCSP_REQINFO_new; -+ OCSP_BASICRESP_get_ext; -+ CRYPTO_get_ex_data_implementation; -+ CRYPTO_get_ex_data_impl; -+ ASN1_item_pack; -+ i2d_KRB5_ENCDATA; -+ X509_PURPOSE_set; -+ X509_REQ_INFO_it; -+ UI_method_set_opener; -+ ASN1_item_ex_free; -+ ASN1_BOOLEAN_it; -+ ENGINE_get_table_flags; -+ UI_create_method; -+ OCSP_ONEREQ_add1_ext_i2d; -+ _shadow_DES_check_key; -+ d2i_OCSP_REQINFO; -+ UI_add_info_string; -+ UI_get_result_minsize; -+ ASN1_NULL_it; -+ BN_mod_lshift1; -+ d2i_OCSP_ONEREQ; -+ OCSP_ONEREQ_new; -+ KRB5_TICKET_it; -+ EVP_aes_192_cbc; -+ KRB5_TICKET_free; -+ UI_new; -+ OCSP_response_create; -+ _ossl_old_des_xcbc_encrypt; -+ PKCS7_it; -+ OCSP_REQUEST_get_ext_by_critical; -+ OCSP_REQUEST_get_ext_by_crit; -+ ENGINE_set_flags; -+ _ossl_old_des_ecb_encrypt; -+ OCSP_response_get1_basic; -+ EVP_Digest; -+ OCSP_ONEREQ_delete_ext; -+ ASN1_TBOOLEAN_it; -+ ASN1_item_new; -+ ASN1_TIME_to_generalizedtime; -+ BIGNUM_it; -+ AES_cbc_encrypt; -+ ENGINE_get_load_privkey_function; -+ ENGINE_get_load_privkey_fn; -+ OCSP_RESPONSE_free; -+ UI_method_set_reader; -+ i2d_ASN1_T61STRING; -+ EC_POINT_set_to_infinity; -+ ERR_load_OCSP_strings; -+ EC_POINT_point2oct; -+ KRB5_APREQ_free; -+ ASN1_OBJECT_it; -+ OCSP_crlID_new; -+ OCSP_crlID2_new; -+ CONF_modules_load_file; -+ CONF_imodule_set_usr_data; -+ ENGINE_set_default_string; -+ CONF_module_get_usr_data; -+ ASN1_add_oid_module; -+ CONF_modules_finish; -+ OPENSSL_config; -+ CONF_modules_unload; -+ CONF_imodule_get_value; -+ CONF_module_set_usr_data; -+ CONF_parse_list; -+ CONF_module_add; -+ CONF_get1_default_config_file; -+ CONF_imodule_get_flags; -+ CONF_imodule_get_module; -+ CONF_modules_load; -+ CONF_imodule_get_name; -+ ERR_peek_top_error; -+ CONF_imodule_get_usr_data; -+ CONF_imodule_set_flags; -+ ENGINE_add_conf_module; -+ ERR_peek_last_error_line; -+ ERR_peek_last_error_line_data; -+ ERR_peek_last_error; -+ DES_read_2passwords; -+ DES_read_password; -+ UI_UTIL_read_pw; -+ UI_UTIL_read_pw_string; -+ ENGINE_load_aep; -+ ENGINE_load_sureware; -+ OPENSSL_add_all_algorithms_noconf; -+ OPENSSL_add_all_algo_noconf; -+ OPENSSL_add_all_algorithms_conf; -+ OPENSSL_add_all_algo_conf; -+ OPENSSL_load_builtin_modules; -+ AES_ofb128_encrypt; -+ AES_ctr128_encrypt; -+ AES_cfb128_encrypt; -+ ENGINE_load_4758cca; -+ _ossl_096_des_random_seed; -+ EVP_aes_256_ofb; -+ EVP_aes_192_ofb; -+ EVP_aes_128_cfb128; -+ EVP_aes_256_cfb128; -+ EVP_aes_128_ofb; -+ EVP_aes_192_cfb128; -+ CONF_modules_free; -+ NCONF_default; -+ OPENSSL_no_config; -+ NCONF_WIN32; -+ ASN1_UNIVERSALSTRING_new; -+ EVP_des_ede_ecb; -+ i2d_ASN1_UNIVERSALSTRING; -+ ASN1_UNIVERSALSTRING_free; -+ ASN1_UNIVERSALSTRING_it; -+ d2i_ASN1_UNIVERSALSTRING; -+ EVP_des_ede3_ecb; -+ X509_REQ_print_ex; -+ ENGINE_up_ref; -+ BUF_MEM_grow_clean; -+ CRYPTO_realloc_clean; -+ BUF_strlcat; -+ BIO_indent; -+ BUF_strlcpy; -+ OpenSSLDie; -+ OPENSSL_cleanse; -+ ENGINE_setup_bsd_cryptodev; -+ ERR_release_err_state_table; -+ EVP_aes_128_cfb8; -+ FIPS_corrupt_rsa; -+ FIPS_selftest_des; -+ EVP_aes_128_cfb1; -+ EVP_aes_192_cfb8; -+ FIPS_mode_set; -+ FIPS_selftest_dsa; -+ EVP_aes_256_cfb8; -+ FIPS_allow_md5; -+ DES_ede3_cfb_encrypt; -+ EVP_des_ede3_cfb8; -+ FIPS_rand_seeded; -+ AES_cfbr_encrypt_block; -+ AES_cfb8_encrypt; -+ FIPS_rand_seed; -+ FIPS_corrupt_des; -+ EVP_aes_192_cfb1; -+ FIPS_selftest_aes; -+ FIPS_set_prng_key; -+ EVP_des_cfb8; -+ FIPS_corrupt_dsa; -+ FIPS_test_mode; -+ FIPS_rand_method; -+ EVP_aes_256_cfb1; -+ ERR_load_FIPS_strings; -+ FIPS_corrupt_aes; -+ FIPS_selftest_sha1; -+ FIPS_selftest_rsa; -+ FIPS_corrupt_sha1; -+ EVP_des_cfb1; -+ FIPS_dsa_check; -+ AES_cfb1_encrypt; -+ EVP_des_ede3_cfb1; -+ FIPS_rand_check; -+ FIPS_md5_allowed; -+ FIPS_mode; -+ FIPS_selftest_failed; -+ sk_is_sorted; -+ X509_check_ca; -+ HMAC_CTX_set_flags; -+ d2i_PROXY_CERT_INFO_EXTENSION; -+ PROXY_POLICY_it; -+ i2d_PROXY_POLICY; -+ i2d_PROXY_CERT_INFO_EXTENSION; -+ d2i_PROXY_POLICY; -+ PROXY_CERT_INFO_EXTENSION_new; -+ PROXY_CERT_INFO_EXTENSION_free; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_POLICY_free; -+ PROXY_POLICY_new; -+ BN_MONT_CTX_set_locked; -+ FIPS_selftest_rng; -+ EVP_sha384; -+ EVP_sha512; -+ EVP_sha224; -+ EVP_sha256; -+ FIPS_selftest_hmac; -+ FIPS_corrupt_rng; -+ BN_mod_exp_mont_consttime; -+ RSA_X931_hash_id; -+ RSA_padding_check_X931; -+ RSA_verify_PKCS1_PSS; -+ RSA_padding_add_X931; -+ RSA_padding_add_PKCS1_PSS; -+ PKCS1_MGF1; -+ BN_X931_generate_Xpq; -+ RSA_X931_generate_key; -+ BN_X931_derive_prime; -+ BN_X931_generate_prime; -+ RSA_X931_derive; -+ BIO_new_dgram; -+ BN_get0_nist_prime_384; -+ ERR_set_mark; -+ X509_STORE_CTX_set0_crls; -+ ENGINE_set_STORE; -+ ENGINE_register_ECDSA; -+ STORE_meth_set_list_start_fn; -+ STORE_method_set_list_start_function; -+ BN_BLINDING_invert_ex; -+ NAME_CONSTRAINTS_free; -+ STORE_ATTR_INFO_set_number; -+ BN_BLINDING_get_thread_id; -+ X509_STORE_CTX_set0_param; -+ POLICY_MAPPING_it; -+ STORE_parse_attrs_start; -+ POLICY_CONSTRAINTS_free; -+ EVP_PKEY_add1_attr_by_NID; -+ BN_nist_mod_192; -+ EC_GROUP_get_trinomial_basis; -+ STORE_set_method; -+ GENERAL_SUBTREE_free; -+ NAME_CONSTRAINTS_it; -+ ECDH_get_default_method; -+ PKCS12_add_safe; -+ EC_KEY_new_by_curve_name; -+ STORE_meth_get_update_store_fn; -+ STORE_method_get_update_store_function; -+ ENGINE_register_ECDH; -+ SHA512_Update; -+ i2d_ECPrivateKey; -+ BN_get0_nist_prime_192; -+ STORE_modify_certificate; -+ EC_POINT_set_affine_coordinates_GF2m; -+ EC_POINT_set_affine_coords_GF2m; -+ BN_GF2m_mod_exp_arr; -+ STORE_ATTR_INFO_modify_number; -+ X509_keyid_get0; -+ ENGINE_load_gmp; -+ pitem_new; -+ BN_GF2m_mod_mul_arr; -+ STORE_list_public_key_endp; -+ o2i_ECPublicKey; -+ EC_KEY_copy; -+ BIO_dump_fp; -+ X509_policy_node_get0_parent; -+ EC_GROUP_check_discriminant; -+ i2o_ECPublicKey; -+ EC_KEY_precompute_mult; -+ a2i_IPADDRESS; -+ STORE_meth_set_initialise_fn; -+ STORE_method_set_initialise_function; -+ X509_STORE_CTX_set_depth; -+ X509_VERIFY_PARAM_inherit; -+ EC_POINT_point2bn; -+ STORE_ATTR_INFO_set_dn; -+ X509_policy_tree_get0_policies; -+ EC_GROUP_new_curve_GF2m; -+ STORE_destroy_method; -+ ENGINE_unregister_STORE; -+ EVP_PKEY_get1_EC_KEY; -+ STORE_ATTR_INFO_get0_number; -+ ENGINE_get_default_ECDH; -+ EC_KEY_get_conv_form; -+ ASN1_OCTET_STRING_NDEF_it; -+ STORE_delete_public_key; -+ STORE_get_public_key; -+ STORE_modify_arbitrary; -+ ENGINE_get_static_state; -+ pqueue_iterator; -+ ECDSA_SIG_new; -+ OPENSSL_DIR_end; -+ BN_GF2m_mod_sqr; -+ EC_POINT_bn2point; -+ X509_VERIFY_PARAM_set_depth; -+ EC_KEY_set_asn1_flag; -+ STORE_get_method; -+ EC_KEY_get_key_method_data; -+ ECDSA_sign_ex; -+ STORE_parse_attrs_end; -+ EC_GROUP_get_point_conversion_form; -+ EC_GROUP_get_point_conv_form; -+ STORE_method_set_store_function; -+ STORE_ATTR_INFO_in; -+ PEM_read_bio_ECPKParameters; -+ EC_GROUP_get_pentanomial_basis; -+ EVP_PKEY_add1_attr_by_txt; -+ BN_BLINDING_set_flags; -+ X509_VERIFY_PARAM_set1_policies; -+ X509_VERIFY_PARAM_set1_name; -+ X509_VERIFY_PARAM_set_purpose; -+ STORE_get_number; -+ ECDSA_sign_setup; -+ BN_GF2m_mod_solve_quad_arr; -+ EC_KEY_up_ref; -+ POLICY_MAPPING_free; -+ BN_GF2m_mod_div; -+ X509_VERIFY_PARAM_set_flags; -+ EC_KEY_free; -+ STORE_meth_set_list_next_fn; -+ STORE_method_set_list_next_function; -+ PEM_write_bio_ECPrivateKey; -+ d2i_EC_PUBKEY; -+ STORE_meth_get_generate_fn; -+ STORE_method_get_generate_function; -+ STORE_meth_set_list_end_fn; -+ STORE_method_set_list_end_function; -+ pqueue_print; -+ EC_GROUP_have_precompute_mult; -+ EC_KEY_print_fp; -+ BN_GF2m_mod_arr; -+ PEM_write_bio_X509_CERT_PAIR; -+ EVP_PKEY_cmp; -+ X509_policy_level_node_count; -+ STORE_new_engine; -+ STORE_list_public_key_start; -+ X509_VERIFY_PARAM_new; -+ ECDH_get_ex_data; -+ EVP_PKEY_get_attr; -+ ECDSA_do_sign; -+ ENGINE_unregister_ECDH; -+ ECDH_OpenSSL; -+ EC_KEY_set_conv_form; -+ EC_POINT_dup; -+ GENERAL_SUBTREE_new; -+ STORE_list_crl_endp; -+ EC_get_builtin_curves; -+ X509_policy_node_get0_qualifiers; -+ X509_pcy_node_get0_qualifiers; -+ STORE_list_crl_end; -+ EVP_PKEY_set1_EC_KEY; -+ BN_GF2m_mod_sqrt_arr; -+ i2d_ECPrivateKey_bio; -+ ECPKParameters_print_fp; -+ pqueue_find; -+ ECDSA_SIG_free; -+ PEM_write_bio_ECPKParameters; -+ STORE_method_set_ctrl_function; -+ STORE_list_public_key_end; -+ EC_KEY_set_private_key; -+ pqueue_peek; -+ STORE_get_arbitrary; -+ STORE_store_crl; -+ X509_policy_node_get0_policy; -+ PKCS12_add_safes; -+ BN_BLINDING_convert_ex; -+ X509_policy_tree_free; -+ OPENSSL_ia32cap_loc; -+ BN_GF2m_poly2arr; -+ STORE_ctrl; -+ STORE_ATTR_INFO_compare; -+ BN_get0_nist_prime_224; -+ i2d_ECParameters; -+ i2d_ECPKParameters; -+ BN_GENCB_call; -+ d2i_ECPKParameters; -+ STORE_meth_set_generate_fn; -+ STORE_method_set_generate_function; -+ ENGINE_set_ECDH; -+ NAME_CONSTRAINTS_new; -+ SHA256_Init; -+ EC_KEY_get0_public_key; -+ PEM_write_bio_EC_PUBKEY; -+ STORE_ATTR_INFO_set_cstr; -+ STORE_list_crl_next; -+ STORE_ATTR_INFO_in_range; -+ ECParameters_print; -+ STORE_meth_set_delete_fn; -+ STORE_method_set_delete_function; -+ STORE_list_certificate_next; -+ ASN1_generate_nconf; -+ BUF_memdup; -+ BN_GF2m_mod_mul; -+ STORE_meth_get_list_next_fn; -+ STORE_method_get_list_next_function; -+ STORE_ATTR_INFO_get0_dn; -+ STORE_list_private_key_next; -+ EC_GROUP_set_seed; -+ X509_VERIFY_PARAM_set_trust; -+ STORE_ATTR_INFO_free; -+ STORE_get_private_key; -+ EVP_PKEY_get_attr_count; -+ STORE_ATTR_INFO_new; -+ EC_GROUP_get_curve_GF2m; -+ STORE_meth_set_revoke_fn; -+ STORE_method_set_revoke_function; -+ STORE_store_number; -+ BN_is_prime_ex; -+ STORE_revoke_public_key; -+ X509_STORE_CTX_get0_param; -+ STORE_delete_arbitrary; -+ PEM_read_X509_CERT_PAIR; -+ X509_STORE_set_depth; -+ ECDSA_get_ex_data; -+ SHA224; -+ BIO_dump_indent_fp; -+ EC_KEY_set_group; -+ BUF_strndup; -+ STORE_list_certificate_start; -+ BN_GF2m_mod; -+ X509_REQ_check_private_key; -+ EC_GROUP_get_seed_len; -+ ERR_load_STORE_strings; -+ PEM_read_bio_EC_PUBKEY; -+ STORE_list_private_key_end; -+ i2d_EC_PUBKEY; -+ ECDSA_get_default_method; -+ ASN1_put_eoc; -+ X509_STORE_CTX_get_explicit_policy; -+ X509_STORE_CTX_get_expl_policy; -+ X509_VERIFY_PARAM_table_cleanup; -+ STORE_modify_private_key; -+ X509_VERIFY_PARAM_free; -+ EC_METHOD_get_field_type; -+ EC_GFp_nist_method; -+ STORE_meth_set_modify_fn; -+ STORE_method_set_modify_function; -+ STORE_parse_attrs_next; -+ ENGINE_load_padlock; -+ EC_GROUP_set_curve_name; -+ X509_CERT_PAIR_it; -+ STORE_meth_get_revoke_fn; -+ STORE_method_get_revoke_function; -+ STORE_method_set_get_function; -+ STORE_modify_number; -+ STORE_method_get_store_function; -+ STORE_store_private_key; -+ BN_GF2m_mod_sqr_arr; -+ RSA_setup_blinding; -+ BIO_s_datagram; -+ STORE_Memory; -+ sk_find_ex; -+ EC_GROUP_set_curve_GF2m; -+ ENGINE_set_default_ECDSA; -+ POLICY_CONSTRAINTS_new; -+ BN_GF2m_mod_sqrt; -+ ECDH_set_default_method; -+ EC_KEY_generate_key; -+ SHA384_Update; -+ BN_GF2m_arr2poly; -+ STORE_method_get_get_function; -+ STORE_meth_set_cleanup_fn; -+ STORE_method_set_cleanup_function; -+ EC_GROUP_check; -+ d2i_ECPrivateKey_bio; -+ EC_KEY_insert_key_method_data; -+ STORE_meth_get_lock_store_fn; -+ STORE_method_get_lock_store_function; -+ X509_VERIFY_PARAM_get_depth; -+ SHA224_Final; -+ STORE_meth_set_update_store_fn; -+ STORE_method_set_update_store_function; -+ SHA224_Update; -+ d2i_ECPrivateKey; -+ ASN1_item_ndef_i2d; -+ STORE_delete_private_key; -+ ERR_pop_to_mark; -+ ENGINE_register_all_STORE; -+ X509_policy_level_get0_node; -+ i2d_PKCS7_NDEF; -+ EC_GROUP_get_degree; -+ ASN1_generate_v3; -+ STORE_ATTR_INFO_modify_cstr; -+ X509_policy_tree_level_count; -+ BN_GF2m_add; -+ EC_KEY_get0_group; -+ STORE_generate_crl; -+ STORE_store_public_key; -+ X509_CERT_PAIR_free; -+ STORE_revoke_private_key; -+ BN_nist_mod_224; -+ SHA512_Final; -+ STORE_ATTR_INFO_modify_dn; -+ STORE_meth_get_initialise_fn; -+ STORE_method_get_initialise_function; -+ STORE_delete_number; -+ i2d_EC_PUBKEY_bio; -+ BIO_dgram_non_fatal_error; -+ EC_GROUP_get_asn1_flag; -+ STORE_ATTR_INFO_in_ex; -+ STORE_list_crl_start; -+ ECDH_get_ex_new_index; -+ STORE_meth_get_modify_fn; -+ STORE_method_get_modify_function; -+ v2i_ASN1_BIT_STRING; -+ STORE_store_certificate; -+ OBJ_bsearch_ex; -+ X509_STORE_CTX_set_default; -+ STORE_ATTR_INFO_set_sha1str; -+ BN_GF2m_mod_inv; -+ BN_GF2m_mod_exp; -+ STORE_modify_public_key; -+ STORE_meth_get_list_start_fn; -+ STORE_method_get_list_start_function; -+ EC_GROUP_get0_seed; -+ STORE_store_arbitrary; -+ STORE_meth_set_unlock_store_fn; -+ STORE_method_set_unlock_store_function; -+ BN_GF2m_mod_div_arr; -+ ENGINE_set_ECDSA; -+ STORE_create_method; -+ ECPKParameters_print; -+ EC_KEY_get0_private_key; -+ PEM_write_EC_PUBKEY; -+ X509_VERIFY_PARAM_set1; -+ ECDH_set_method; -+ v2i_GENERAL_NAME_ex; -+ ECDH_set_ex_data; -+ STORE_generate_key; -+ BN_nist_mod_521; -+ X509_policy_tree_get0_level; -+ EC_GROUP_set_point_conversion_form; -+ EC_GROUP_set_point_conv_form; -+ PEM_read_EC_PUBKEY; -+ i2d_ECDSA_SIG; -+ ECDSA_OpenSSL; -+ STORE_delete_crl; -+ EC_KEY_get_enc_flags; -+ ASN1_const_check_infinite_end; -+ EVP_PKEY_delete_attr; -+ ECDSA_set_default_method; -+ EC_POINT_set_compressed_coordinates_GF2m; -+ EC_POINT_set_compr_coords_GF2m; -+ EC_GROUP_cmp; -+ STORE_revoke_certificate; -+ BN_get0_nist_prime_256; -+ STORE_meth_get_delete_fn; -+ STORE_method_get_delete_function; -+ SHA224_Init; -+ PEM_read_ECPrivateKey; -+ SHA512_Init; -+ STORE_parse_attrs_endp; -+ BN_set_negative; -+ ERR_load_ECDSA_strings; -+ EC_GROUP_get_basis_type; -+ STORE_list_public_key_next; -+ i2v_ASN1_BIT_STRING; -+ STORE_OBJECT_free; -+ BN_nist_mod_384; -+ i2d_X509_CERT_PAIR; -+ PEM_write_ECPKParameters; -+ ECDH_compute_key; -+ STORE_ATTR_INFO_get0_sha1str; -+ ENGINE_register_all_ECDH; -+ pqueue_pop; -+ STORE_ATTR_INFO_get0_cstr; -+ POLICY_CONSTRAINTS_it; -+ STORE_get_ex_new_index; -+ EVP_PKEY_get_attr_by_OBJ; -+ X509_VERIFY_PARAM_add0_policy; -+ BN_GF2m_mod_solve_quad; -+ SHA256; -+ i2d_ECPrivateKey_fp; -+ X509_policy_tree_get0_user_policies; -+ X509_pcy_tree_get0_usr_policies; -+ OPENSSL_DIR_read; -+ ENGINE_register_all_ECDSA; -+ X509_VERIFY_PARAM_lookup; -+ EC_POINT_get_affine_coordinates_GF2m; -+ EC_POINT_get_affine_coords_GF2m; -+ EC_GROUP_dup; -+ ENGINE_get_default_ECDSA; -+ EC_KEY_new; -+ SHA256_Transform; -+ EC_KEY_set_enc_flags; -+ ECDSA_verify; -+ EC_POINT_point2hex; -+ ENGINE_get_STORE; -+ SHA512; -+ STORE_get_certificate; -+ ECDSA_do_sign_ex; -+ ECDSA_do_verify; -+ d2i_ECPrivateKey_fp; -+ STORE_delete_certificate; -+ SHA512_Transform; -+ X509_STORE_set1_param; -+ STORE_method_get_ctrl_function; -+ STORE_free; -+ PEM_write_ECPrivateKey; -+ STORE_meth_get_unlock_store_fn; -+ STORE_method_get_unlock_store_function; -+ STORE_get_ex_data; -+ EC_KEY_set_public_key; -+ PEM_read_ECPKParameters; -+ X509_CERT_PAIR_new; -+ ENGINE_register_STORE; -+ RSA_generate_key_ex; -+ DSA_generate_parameters_ex; -+ ECParameters_print_fp; -+ X509V3_NAME_from_section; -+ EVP_PKEY_add1_attr; -+ STORE_modify_crl; -+ STORE_list_private_key_start; -+ POLICY_MAPPINGS_it; -+ GENERAL_SUBTREE_it; -+ EC_GROUP_get_curve_name; -+ PEM_write_X509_CERT_PAIR; -+ BIO_dump_indent_cb; -+ d2i_X509_CERT_PAIR; -+ STORE_list_private_key_endp; -+ asn1_const_Finish; -+ i2d_EC_PUBKEY_fp; -+ BN_nist_mod_256; -+ X509_VERIFY_PARAM_add0_table; -+ pqueue_free; -+ BN_BLINDING_create_param; -+ ECDSA_size; -+ d2i_EC_PUBKEY_bio; -+ BN_get0_nist_prime_521; -+ STORE_ATTR_INFO_modify_sha1str; -+ BN_generate_prime_ex; -+ EC_GROUP_new_by_curve_name; -+ SHA256_Final; -+ DH_generate_parameters_ex; -+ PEM_read_bio_ECPrivateKey; -+ STORE_meth_get_cleanup_fn; -+ STORE_method_get_cleanup_function; -+ ENGINE_get_ECDH; -+ d2i_ECDSA_SIG; -+ BN_is_prime_fasttest_ex; -+ ECDSA_sign; -+ X509_policy_check; -+ EVP_PKEY_get_attr_by_NID; -+ STORE_set_ex_data; -+ ENGINE_get_ECDSA; -+ EVP_ecdsa; -+ BN_BLINDING_get_flags; -+ PKCS12_add_cert; -+ STORE_OBJECT_new; -+ ERR_load_ECDH_strings; -+ EC_KEY_dup; -+ EVP_CIPHER_CTX_rand_key; -+ ECDSA_set_method; -+ a2i_IPADDRESS_NC; -+ d2i_ECParameters; -+ STORE_list_certificate_end; -+ STORE_get_crl; -+ X509_POLICY_NODE_print; -+ SHA384_Init; -+ EC_GF2m_simple_method; -+ ECDSA_set_ex_data; -+ SHA384_Final; -+ PKCS7_set_digest; -+ EC_KEY_print; -+ STORE_meth_set_lock_store_fn; -+ STORE_method_set_lock_store_function; -+ ECDSA_get_ex_new_index; -+ SHA384; -+ POLICY_MAPPING_new; -+ STORE_list_certificate_endp; -+ X509_STORE_CTX_get0_policy_tree; -+ EC_GROUP_set_asn1_flag; -+ EC_KEY_check_key; -+ d2i_EC_PUBKEY_fp; -+ PKCS7_set0_type_other; -+ PEM_read_bio_X509_CERT_PAIR; -+ pqueue_next; -+ STORE_meth_get_list_end_fn; -+ STORE_method_get_list_end_function; -+ EVP_PKEY_add1_attr_by_OBJ; -+ X509_VERIFY_PARAM_set_time; -+ pqueue_new; -+ ENGINE_set_default_ECDH; -+ STORE_new_method; -+ PKCS12_add_key; -+ DSO_merge; -+ EC_POINT_hex2point; -+ BIO_dump_cb; -+ SHA256_Update; -+ pqueue_insert; -+ pitem_free; -+ BN_GF2m_mod_inv_arr; -+ ENGINE_unregister_ECDSA; -+ BN_BLINDING_set_thread_id; -+ get_rfc3526_prime_8192; -+ X509_VERIFY_PARAM_clear_flags; -+ get_rfc2409_prime_1024; -+ DH_check_pub_key; -+ get_rfc3526_prime_2048; -+ get_rfc3526_prime_6144; -+ get_rfc3526_prime_1536; -+ get_rfc3526_prime_3072; -+ get_rfc3526_prime_4096; -+ get_rfc2409_prime_768; -+ X509_VERIFY_PARAM_get_flags; -+ EVP_CIPHER_CTX_new; -+ EVP_CIPHER_CTX_free; -+ Camellia_cbc_encrypt; -+ Camellia_cfb128_encrypt; -+ Camellia_cfb1_encrypt; -+ Camellia_cfb8_encrypt; -+ Camellia_ctr128_encrypt; -+ Camellia_cfbr_encrypt_block; -+ Camellia_decrypt; -+ Camellia_ecb_encrypt; -+ Camellia_encrypt; -+ Camellia_ofb128_encrypt; -+ Camellia_set_key; -+ EVP_camellia_128_cbc; -+ EVP_camellia_128_cfb128; -+ EVP_camellia_128_cfb1; -+ EVP_camellia_128_cfb8; -+ EVP_camellia_128_ecb; -+ EVP_camellia_128_ofb; -+ EVP_camellia_192_cbc; -+ EVP_camellia_192_cfb128; -+ EVP_camellia_192_cfb1; -+ EVP_camellia_192_cfb8; -+ EVP_camellia_192_ecb; -+ EVP_camellia_192_ofb; -+ EVP_camellia_256_cbc; -+ EVP_camellia_256_cfb128; -+ EVP_camellia_256_cfb1; -+ EVP_camellia_256_cfb8; -+ EVP_camellia_256_ecb; -+ EVP_camellia_256_ofb; -+ a2i_ipadd; -+ ASIdentifiers_free; -+ i2d_ASIdOrRange; -+ EVP_CIPHER_block_size; -+ v3_asid_is_canonical; -+ IPAddressChoice_free; -+ EVP_CIPHER_CTX_set_app_data; -+ BIO_set_callback_arg; -+ v3_addr_add_prefix; -+ IPAddressOrRange_it; -+ BIO_set_flags; -+ ASIdentifiers_it; -+ v3_addr_get_range; -+ BIO_method_type; -+ v3_addr_inherits; -+ IPAddressChoice_it; -+ AES_ige_encrypt; -+ v3_addr_add_range; -+ EVP_CIPHER_CTX_nid; -+ d2i_ASRange; -+ v3_addr_add_inherit; -+ v3_asid_add_id_or_range; -+ v3_addr_validate_resource_set; -+ EVP_CIPHER_iv_length; -+ EVP_MD_type; -+ v3_asid_canonize; -+ IPAddressRange_free; -+ v3_asid_add_inherit; -+ EVP_CIPHER_CTX_key_length; -+ IPAddressRange_new; -+ ASIdOrRange_new; -+ EVP_MD_size; -+ EVP_MD_CTX_test_flags; -+ BIO_clear_flags; -+ i2d_ASRange; -+ IPAddressRange_it; -+ IPAddressChoice_new; -+ ASIdentifierChoice_new; -+ ASRange_free; -+ EVP_MD_pkey_type; -+ EVP_MD_CTX_clear_flags; -+ IPAddressFamily_free; -+ i2d_IPAddressFamily; -+ IPAddressOrRange_new; -+ EVP_CIPHER_flags; -+ v3_asid_validate_resource_set; -+ d2i_IPAddressRange; -+ AES_bi_ige_encrypt; -+ BIO_get_callback; -+ IPAddressOrRange_free; -+ v3_addr_subset; -+ d2i_IPAddressFamily; -+ v3_asid_subset; -+ BIO_test_flags; -+ i2d_ASIdentifierChoice; -+ ASRange_it; -+ d2i_ASIdentifiers; -+ ASRange_new; -+ d2i_IPAddressChoice; -+ v3_addr_get_afi; -+ EVP_CIPHER_key_length; -+ EVP_Cipher; -+ i2d_IPAddressOrRange; -+ ASIdOrRange_it; -+ EVP_CIPHER_nid; -+ i2d_IPAddressChoice; -+ EVP_CIPHER_CTX_block_size; -+ ASIdentifiers_new; -+ v3_addr_validate_path; -+ IPAddressFamily_new; -+ EVP_MD_CTX_set_flags; -+ v3_addr_is_canonical; -+ i2d_IPAddressRange; -+ IPAddressFamily_it; -+ v3_asid_inherits; -+ EVP_CIPHER_CTX_cipher; -+ EVP_CIPHER_CTX_get_app_data; -+ EVP_MD_block_size; -+ EVP_CIPHER_CTX_flags; -+ v3_asid_validate_path; -+ d2i_IPAddressOrRange; -+ v3_addr_canonize; -+ ASIdentifierChoice_it; -+ EVP_MD_CTX_md; -+ d2i_ASIdentifierChoice; -+ BIO_method_name; -+ EVP_CIPHER_CTX_iv_length; -+ ASIdOrRange_free; -+ ASIdentifierChoice_free; -+ BIO_get_callback_arg; -+ BIO_set_callback; -+ d2i_ASIdOrRange; -+ i2d_ASIdentifiers; -+ SEED_decrypt; -+ SEED_encrypt; -+ SEED_cbc_encrypt; -+ EVP_seed_ofb; -+ SEED_cfb128_encrypt; -+ SEED_ofb128_encrypt; -+ EVP_seed_cbc; -+ SEED_ecb_encrypt; -+ EVP_seed_ecb; -+ SEED_set_key; -+ EVP_seed_cfb128; -+ X509_EXTENSIONS_it; -+ X509_get1_ocsp; -+ OCSP_REQ_CTX_free; -+ i2d_X509_EXTENSIONS; -+ OCSP_sendreq_nbio; -+ OCSP_sendreq_new; -+ d2i_X509_EXTENSIONS; -+ X509_ALGORS_it; -+ X509_ALGOR_get0; -+ X509_ALGOR_set0; -+ AES_unwrap_key; -+ AES_wrap_key; -+ X509at_get0_data_by_OBJ; -+ ASN1_TYPE_set1; -+ ASN1_STRING_set0; -+ i2d_X509_ALGORS; -+ BIO_f_zlib; -+ COMP_zlib_cleanup; -+ d2i_X509_ALGORS; -+ CMS_ReceiptRequest_free; -+ PEM_write_CMS; -+ CMS_add0_CertificateChoices; -+ CMS_unsigned_add1_attr_by_OBJ; -+ ERR_load_CMS_strings; -+ CMS_sign_receipt; -+ i2d_CMS_ContentInfo; -+ CMS_signed_delete_attr; -+ d2i_CMS_bio; -+ CMS_unsigned_get_attr_by_NID; -+ CMS_verify; -+ SMIME_read_CMS; -+ CMS_decrypt_set1_key; -+ CMS_SignerInfo_get0_algs; -+ CMS_add1_cert; -+ CMS_set_detached; -+ CMS_encrypt; -+ CMS_EnvelopedData_create; -+ CMS_uncompress; -+ CMS_add0_crl; -+ CMS_SignerInfo_verify_content; -+ CMS_unsigned_get0_data_by_OBJ; -+ PEM_write_bio_CMS; -+ CMS_unsigned_get_attr; -+ CMS_RecipientInfo_ktri_cert_cmp; -+ CMS_RecipientInfo_ktri_get0_algs; -+ CMS_RecipInfo_ktri_get0_algs; -+ CMS_ContentInfo_free; -+ CMS_final; -+ CMS_add_simple_smimecap; -+ CMS_SignerInfo_verify; -+ CMS_data; -+ CMS_ContentInfo_it; -+ d2i_CMS_ReceiptRequest; -+ CMS_compress; -+ CMS_digest_create; -+ CMS_SignerInfo_cert_cmp; -+ CMS_SignerInfo_sign; -+ CMS_data_create; -+ i2d_CMS_bio; -+ CMS_EncryptedData_set1_key; -+ CMS_decrypt; -+ int_smime_write_ASN1; -+ CMS_unsigned_delete_attr; -+ CMS_unsigned_get_attr_count; -+ CMS_add_smimecap; -+ PEM_read_CMS; -+ CMS_signed_get_attr_by_OBJ; -+ d2i_CMS_ContentInfo; -+ CMS_add_standard_smimecap; -+ CMS_ContentInfo_new; -+ CMS_RecipientInfo_type; -+ CMS_get0_type; -+ CMS_is_detached; -+ CMS_sign; -+ CMS_signed_add1_attr; -+ CMS_unsigned_get_attr_by_OBJ; -+ SMIME_write_CMS; -+ CMS_EncryptedData_decrypt; -+ CMS_get0_RecipientInfos; -+ CMS_add0_RevocationInfoChoice; -+ CMS_decrypt_set1_pkey; -+ CMS_SignerInfo_set1_signer_cert; -+ CMS_get0_signers; -+ CMS_ReceiptRequest_get0_values; -+ CMS_signed_get0_data_by_OBJ; -+ CMS_get0_SignerInfos; -+ CMS_add0_cert; -+ CMS_EncryptedData_encrypt; -+ CMS_digest_verify; -+ CMS_set1_signers_certs; -+ CMS_signed_get_attr; -+ CMS_RecipientInfo_set0_key; -+ CMS_SignedData_init; -+ CMS_RecipientInfo_kekri_get0_id; -+ CMS_verify_receipt; -+ CMS_ReceiptRequest_it; -+ PEM_read_bio_CMS; -+ CMS_get1_crls; -+ CMS_add0_recipient_key; -+ SMIME_read_ASN1; -+ CMS_ReceiptRequest_new; -+ CMS_get0_content; -+ CMS_get1_ReceiptRequest; -+ CMS_signed_add1_attr_by_OBJ; -+ CMS_RecipientInfo_kekri_id_cmp; -+ CMS_add1_ReceiptRequest; -+ CMS_SignerInfo_get0_signer_id; -+ CMS_unsigned_add1_attr_by_NID; -+ CMS_unsigned_add1_attr; -+ CMS_signed_get_attr_by_NID; -+ CMS_get1_certs; -+ CMS_signed_add1_attr_by_NID; -+ CMS_unsigned_add1_attr_by_txt; -+ CMS_dataFinal; -+ CMS_RecipientInfo_ktri_get0_signer_id; -+ CMS_RecipInfo_ktri_get0_sigr_id; -+ i2d_CMS_ReceiptRequest; -+ CMS_add1_recipient_cert; -+ CMS_dataInit; -+ CMS_signed_add1_attr_by_txt; -+ CMS_RecipientInfo_decrypt; -+ CMS_signed_get_attr_count; -+ CMS_get0_eContentType; -+ CMS_set1_eContentType; -+ CMS_ReceiptRequest_create0; -+ CMS_add1_signer; -+ CMS_RecipientInfo_set0_pkey; -+ ENGINE_set_load_ssl_client_cert_function; -+ ENGINE_set_ld_ssl_clnt_cert_fn; -+ ENGINE_get_ssl_client_cert_function; -+ ENGINE_get_ssl_client_cert_fn; -+ ENGINE_load_ssl_client_cert; -+ ENGINE_load_capi; -+ OPENSSL_isservice; -+ FIPS_dsa_sig_decode; -+ EVP_CIPHER_CTX_clear_flags; -+ FIPS_rand_status; -+ FIPS_rand_set_key; -+ CRYPTO_set_mem_info_functions; -+ RSA_X931_generate_key_ex; -+ int_ERR_set_state_func; -+ int_EVP_MD_set_engine_callbacks; -+ int_CRYPTO_set_do_dynlock_callback; -+ FIPS_rng_stick; -+ EVP_CIPHER_CTX_set_flags; -+ BN_X931_generate_prime_ex; -+ FIPS_selftest_check; -+ FIPS_rand_set_dt; -+ CRYPTO_dbg_pop_info; -+ FIPS_dsa_free; -+ RSA_X931_derive_ex; -+ FIPS_rsa_new; -+ FIPS_rand_bytes; -+ fips_cipher_test; -+ EVP_CIPHER_CTX_test_flags; -+ CRYPTO_malloc_debug_init; -+ CRYPTO_dbg_push_info; -+ FIPS_corrupt_rsa_keygen; -+ FIPS_dh_new; -+ FIPS_corrupt_dsa_keygen; -+ FIPS_dh_free; -+ fips_pkey_signature_test; -+ EVP_add_alg_module; -+ int_RAND_init_engine_callbacks; -+ int_EVP_CIPHER_set_engine_callbacks; -+ int_EVP_MD_init_engine_callbacks; -+ FIPS_rand_test_mode; -+ FIPS_rand_reset; -+ FIPS_dsa_new; -+ int_RAND_set_callbacks; -+ BN_X931_derive_prime_ex; -+ int_ERR_lib_init; -+ int_EVP_CIPHER_init_engine_callbacks; -+ FIPS_rsa_free; -+ FIPS_dsa_sig_encode; -+ CRYPTO_dbg_remove_all_info; -+ OPENSSL_init; -+ CRYPTO_strdup; -+ JPAKE_STEP3A_process; -+ JPAKE_STEP1_release; -+ JPAKE_get_shared_key; -+ JPAKE_STEP3B_init; -+ JPAKE_STEP1_generate; -+ JPAKE_STEP1_init; -+ JPAKE_STEP3B_process; -+ JPAKE_STEP2_generate; -+ JPAKE_CTX_new; -+ JPAKE_CTX_free; -+ JPAKE_STEP3B_release; -+ JPAKE_STEP3A_release; -+ JPAKE_STEP2_process; -+ JPAKE_STEP3B_generate; -+ JPAKE_STEP1_process; -+ JPAKE_STEP3A_generate; -+ JPAKE_STEP2_release; -+ JPAKE_STEP3A_init; -+ ERR_load_JPAKE_strings; -+ JPAKE_STEP2_init; -+ pqueue_size; -+ i2d_TS_ACCURACY; -+ i2d_TS_MSG_IMPRINT_fp; -+ i2d_TS_MSG_IMPRINT; -+ EVP_PKEY_print_public; -+ EVP_PKEY_CTX_new; -+ i2d_TS_TST_INFO; -+ EVP_PKEY_asn1_find; -+ DSO_METHOD_beos; -+ TS_CONF_load_cert; -+ TS_REQ_get_ext; -+ EVP_PKEY_sign_init; -+ ASN1_item_print; -+ TS_TST_INFO_set_nonce; -+ TS_RESP_dup; -+ ENGINE_register_pkey_meths; -+ EVP_PKEY_asn1_add0; -+ PKCS7_add0_attrib_signing_time; -+ i2d_TS_TST_INFO_fp; -+ BIO_asn1_get_prefix; -+ TS_TST_INFO_set_time; -+ EVP_PKEY_meth_set_decrypt; -+ EVP_PKEY_set_type_str; -+ EVP_PKEY_CTX_get_keygen_info; -+ TS_REQ_set_policy_id; -+ d2i_TS_RESP_fp; -+ ENGINE_get_pkey_asn1_meth_engine; -+ ENGINE_get_pkey_asn1_meth_eng; -+ WHIRLPOOL_Init; -+ TS_RESP_set_status_info; -+ EVP_PKEY_keygen; -+ EVP_DigestSignInit; -+ TS_ACCURACY_set_millis; -+ TS_REQ_dup; -+ GENERAL_NAME_dup; -+ ASN1_SEQUENCE_ANY_it; -+ WHIRLPOOL; -+ X509_STORE_get1_crls; -+ ENGINE_get_pkey_asn1_meth; -+ EVP_PKEY_asn1_new; -+ BIO_new_NDEF; -+ ENGINE_get_pkey_meth; -+ TS_MSG_IMPRINT_set_algo; -+ i2d_TS_TST_INFO_bio; -+ TS_TST_INFO_set_ordering; -+ TS_TST_INFO_get_ext_by_OBJ; -+ CRYPTO_THREADID_set_pointer; -+ TS_CONF_get_tsa_section; -+ SMIME_write_ASN1; -+ TS_RESP_CTX_set_signer_key; -+ EVP_PKEY_encrypt_old; -+ EVP_PKEY_encrypt_init; -+ CRYPTO_THREADID_cpy; -+ ASN1_PCTX_get_cert_flags; -+ i2d_ESS_SIGNING_CERT; -+ TS_CONF_load_key; -+ i2d_ASN1_SEQUENCE_ANY; -+ d2i_TS_MSG_IMPRINT_bio; -+ EVP_PKEY_asn1_set_public; -+ b2i_PublicKey_bio; -+ BIO_asn1_set_prefix; -+ EVP_PKEY_new_mac_key; -+ BIO_new_CMS; -+ CRYPTO_THREADID_cmp; -+ TS_REQ_ext_free; -+ EVP_PKEY_asn1_set_free; -+ EVP_PKEY_get0_asn1; -+ d2i_NETSCAPE_X509; -+ EVP_PKEY_verify_recover_init; -+ EVP_PKEY_CTX_set_data; -+ EVP_PKEY_keygen_init; -+ TS_RESP_CTX_set_status_info; -+ TS_MSG_IMPRINT_get_algo; -+ TS_REQ_print_bio; -+ EVP_PKEY_CTX_ctrl_str; -+ EVP_PKEY_get_default_digest_nid; -+ PEM_write_bio_PKCS7_stream; -+ TS_MSG_IMPRINT_print_bio; -+ BN_asc2bn; -+ TS_REQ_get_policy_id; -+ ENGINE_set_default_pkey_asn1_meths; -+ ENGINE_set_def_pkey_asn1_meths; -+ d2i_TS_ACCURACY; -+ DSO_global_lookup; -+ TS_CONF_set_tsa_name; -+ i2d_ASN1_SET_ANY; -+ ENGINE_load_gost; -+ WHIRLPOOL_BitUpdate; -+ ASN1_PCTX_get_flags; -+ TS_TST_INFO_get_ext_by_NID; -+ TS_RESP_new; -+ ESS_CERT_ID_dup; -+ TS_STATUS_INFO_dup; -+ TS_REQ_delete_ext; -+ EVP_DigestVerifyFinal; -+ EVP_PKEY_print_params; -+ i2d_CMS_bio_stream; -+ TS_REQ_get_msg_imprint; -+ OBJ_find_sigid_by_algs; -+ TS_TST_INFO_get_serial; -+ TS_REQ_get_nonce; -+ X509_PUBKEY_set0_param; -+ EVP_PKEY_CTX_set0_keygen_info; -+ DIST_POINT_set_dpname; -+ i2d_ISSUING_DIST_POINT; -+ ASN1_SET_ANY_it; -+ EVP_PKEY_CTX_get_data; -+ TS_STATUS_INFO_print_bio; -+ EVP_PKEY_derive_init; -+ d2i_TS_TST_INFO; -+ EVP_PKEY_asn1_add_alias; -+ d2i_TS_RESP_bio; -+ OTHERNAME_cmp; -+ GENERAL_NAME_set0_value; -+ PKCS7_RECIP_INFO_get0_alg; -+ TS_RESP_CTX_new; -+ TS_RESP_set_tst_info; -+ PKCS7_final; -+ EVP_PKEY_base_id; -+ TS_RESP_CTX_set_signer_cert; -+ TS_REQ_set_msg_imprint; -+ EVP_PKEY_CTX_ctrl; -+ TS_CONF_set_digests; -+ d2i_TS_MSG_IMPRINT; -+ EVP_PKEY_meth_set_ctrl; -+ TS_REQ_get_ext_by_NID; -+ PKCS5_pbe_set0_algor; -+ BN_BLINDING_thread_id; -+ TS_ACCURACY_new; -+ X509_CRL_METHOD_free; -+ ASN1_PCTX_get_nm_flags; -+ EVP_PKEY_meth_set_sign; -+ CRYPTO_THREADID_current; -+ EVP_PKEY_decrypt_init; -+ NETSCAPE_X509_free; -+ i2b_PVK_bio; -+ EVP_PKEY_print_private; -+ GENERAL_NAME_get0_value; -+ b2i_PVK_bio; -+ ASN1_UTCTIME_adj; -+ TS_TST_INFO_new; -+ EVP_MD_do_all_sorted; -+ TS_CONF_set_default_engine; -+ TS_ACCURACY_set_seconds; -+ TS_TST_INFO_get_time; -+ PKCS8_pkey_get0; -+ EVP_PKEY_asn1_get0; -+ OBJ_add_sigid; -+ PKCS7_SIGNER_INFO_sign; -+ EVP_PKEY_paramgen_init; -+ EVP_PKEY_sign; -+ OBJ_sigid_free; -+ EVP_PKEY_meth_set_init; -+ d2i_ESS_ISSUER_SERIAL; -+ ISSUING_DIST_POINT_new; -+ ASN1_TIME_adj; -+ TS_OBJ_print_bio; -+ EVP_PKEY_meth_set_verify_recover; -+ EVP_PKEY_meth_set_vrfy_recover; -+ TS_RESP_get_status_info; -+ CMS_stream; -+ EVP_PKEY_CTX_set_cb; -+ PKCS7_to_TS_TST_INFO; -+ ASN1_PCTX_get_oid_flags; -+ TS_TST_INFO_add_ext; -+ EVP_PKEY_meth_set_derive; -+ i2d_TS_RESP_fp; -+ i2d_TS_MSG_IMPRINT_bio; -+ TS_RESP_CTX_set_accuracy; -+ TS_REQ_set_nonce; -+ ESS_CERT_ID_new; -+ ENGINE_pkey_asn1_find_str; -+ TS_REQ_get_ext_count; -+ BUF_reverse; -+ TS_TST_INFO_print_bio; -+ d2i_ISSUING_DIST_POINT; -+ ENGINE_get_pkey_meths; -+ i2b_PrivateKey_bio; -+ i2d_TS_RESP; -+ b2i_PublicKey; -+ TS_VERIFY_CTX_cleanup; -+ TS_STATUS_INFO_free; -+ TS_RESP_verify_token; -+ OBJ_bsearch_ex_; -+ ASN1_bn_print; -+ EVP_PKEY_asn1_get_count; -+ ENGINE_register_pkey_asn1_meths; -+ ASN1_PCTX_set_nm_flags; -+ EVP_DigestVerifyInit; -+ ENGINE_set_default_pkey_meths; -+ TS_TST_INFO_get_policy_id; -+ TS_REQ_get_cert_req; -+ X509_CRL_set_meth_data; -+ PKCS8_pkey_set0; -+ ASN1_STRING_copy; -+ d2i_TS_TST_INFO_fp; -+ X509_CRL_match; -+ EVP_PKEY_asn1_set_private; -+ TS_TST_INFO_get_ext_d2i; -+ TS_RESP_CTX_add_policy; -+ d2i_TS_RESP; -+ TS_CONF_load_certs; -+ TS_TST_INFO_get_msg_imprint; -+ ERR_load_TS_strings; -+ TS_TST_INFO_get_version; -+ EVP_PKEY_CTX_dup; -+ EVP_PKEY_meth_set_verify; -+ i2b_PublicKey_bio; -+ TS_CONF_set_certs; -+ EVP_PKEY_asn1_get0_info; -+ TS_VERIFY_CTX_free; -+ TS_REQ_get_ext_by_critical; -+ TS_RESP_CTX_set_serial_cb; -+ X509_CRL_get_meth_data; -+ TS_RESP_CTX_set_time_cb; -+ TS_MSG_IMPRINT_get_msg; -+ TS_TST_INFO_ext_free; -+ TS_REQ_get_version; -+ TS_REQ_add_ext; -+ EVP_PKEY_CTX_set_app_data; -+ OBJ_bsearch_; -+ EVP_PKEY_meth_set_verifyctx; -+ i2d_PKCS7_bio_stream; -+ CRYPTO_THREADID_set_numeric; -+ PKCS7_sign_add_signer; -+ d2i_TS_TST_INFO_bio; -+ TS_TST_INFO_get_ordering; -+ TS_RESP_print_bio; -+ TS_TST_INFO_get_exts; -+ HMAC_CTX_copy; -+ PKCS5_pbe2_set_iv; -+ ENGINE_get_pkey_asn1_meths; -+ b2i_PrivateKey; -+ EVP_PKEY_CTX_get_app_data; -+ TS_REQ_set_cert_req; -+ CRYPTO_THREADID_set_callback; -+ TS_CONF_set_serial; -+ TS_TST_INFO_free; -+ d2i_TS_REQ_fp; -+ TS_RESP_verify_response; -+ i2d_ESS_ISSUER_SERIAL; -+ TS_ACCURACY_get_seconds; -+ EVP_CIPHER_do_all; -+ b2i_PrivateKey_bio; -+ OCSP_CERTID_dup; -+ X509_PUBKEY_get0_param; -+ TS_MSG_IMPRINT_dup; -+ PKCS7_print_ctx; -+ i2d_TS_REQ_bio; -+ EVP_whirlpool; -+ EVP_PKEY_asn1_set_param; -+ EVP_PKEY_meth_set_encrypt; -+ ASN1_PCTX_set_flags; -+ i2d_ESS_CERT_ID; -+ TS_VERIFY_CTX_new; -+ TS_RESP_CTX_set_extension_cb; -+ ENGINE_register_all_pkey_meths; -+ TS_RESP_CTX_set_status_info_cond; -+ TS_RESP_CTX_set_stat_info_cond; -+ EVP_PKEY_verify; -+ WHIRLPOOL_Final; -+ X509_CRL_METHOD_new; -+ EVP_DigestSignFinal; -+ TS_RESP_CTX_set_def_policy; -+ NETSCAPE_X509_it; -+ TS_RESP_create_response; -+ PKCS7_SIGNER_INFO_get0_algs; -+ TS_TST_INFO_get_nonce; -+ EVP_PKEY_decrypt_old; -+ TS_TST_INFO_set_policy_id; -+ TS_CONF_set_ess_cert_id_chain; -+ EVP_PKEY_CTX_get0_pkey; -+ d2i_TS_REQ; -+ EVP_PKEY_asn1_find_str; -+ BIO_f_asn1; -+ ESS_SIGNING_CERT_new; -+ EVP_PBE_find; -+ X509_CRL_get0_by_cert; -+ EVP_PKEY_derive; -+ i2d_TS_REQ; -+ TS_TST_INFO_delete_ext; -+ ESS_ISSUER_SERIAL_free; -+ ASN1_PCTX_set_str_flags; -+ ENGINE_get_pkey_asn1_meth_str; -+ TS_CONF_set_signer_key; -+ TS_ACCURACY_get_millis; -+ TS_RESP_get_token; -+ TS_ACCURACY_dup; -+ ENGINE_register_all_pkey_asn1_meths; -+ ENGINE_reg_all_pkey_asn1_meths; -+ X509_CRL_set_default_method; -+ CRYPTO_THREADID_hash; -+ CMS_ContentInfo_print_ctx; -+ TS_RESP_free; -+ ISSUING_DIST_POINT_free; -+ ESS_ISSUER_SERIAL_new; -+ CMS_add1_crl; -+ PKCS7_add1_attrib_digest; -+ TS_RESP_CTX_add_md; -+ TS_TST_INFO_dup; -+ ENGINE_set_pkey_asn1_meths; -+ PEM_write_bio_Parameters; -+ TS_TST_INFO_get_accuracy; -+ X509_CRL_get0_by_serial; -+ TS_TST_INFO_set_version; -+ TS_RESP_CTX_get_tst_info; -+ TS_RESP_verify_signature; -+ CRYPTO_THREADID_get_callback; -+ TS_TST_INFO_get_tsa; -+ TS_STATUS_INFO_new; -+ EVP_PKEY_CTX_get_cb; -+ TS_REQ_get_ext_d2i; -+ GENERAL_NAME_set0_othername; -+ TS_TST_INFO_get_ext_count; -+ TS_RESP_CTX_get_request; -+ i2d_NETSCAPE_X509; -+ ENGINE_get_pkey_meth_engine; -+ EVP_PKEY_meth_set_signctx; -+ EVP_PKEY_asn1_copy; -+ ASN1_TYPE_cmp; -+ EVP_CIPHER_do_all_sorted; -+ EVP_PKEY_CTX_free; -+ ISSUING_DIST_POINT_it; -+ d2i_TS_MSG_IMPRINT_fp; -+ X509_STORE_get1_certs; -+ EVP_PKEY_CTX_get_operation; -+ d2i_ESS_SIGNING_CERT; -+ TS_CONF_set_ordering; -+ EVP_PBE_alg_add_type; -+ TS_REQ_set_version; -+ EVP_PKEY_get0; -+ BIO_asn1_set_suffix; -+ i2d_TS_STATUS_INFO; -+ EVP_MD_do_all; -+ TS_TST_INFO_set_accuracy; -+ PKCS7_add_attrib_content_type; -+ ERR_remove_thread_state; -+ EVP_PKEY_meth_add0; -+ TS_TST_INFO_set_tsa; -+ EVP_PKEY_meth_new; -+ WHIRLPOOL_Update; -+ TS_CONF_set_accuracy; -+ ASN1_PCTX_set_oid_flags; -+ ESS_SIGNING_CERT_dup; -+ d2i_TS_REQ_bio; -+ X509_time_adj_ex; -+ TS_RESP_CTX_add_flags; -+ d2i_TS_STATUS_INFO; -+ TS_MSG_IMPRINT_set_msg; -+ BIO_asn1_get_suffix; -+ TS_REQ_free; -+ EVP_PKEY_meth_free; -+ TS_REQ_get_exts; -+ TS_RESP_CTX_set_clock_precision_digits; -+ TS_RESP_CTX_set_clk_prec_digits; -+ TS_RESP_CTX_add_failure_info; -+ i2d_TS_RESP_bio; -+ EVP_PKEY_CTX_get0_peerkey; -+ PEM_write_bio_CMS_stream; -+ TS_REQ_new; -+ TS_MSG_IMPRINT_new; -+ EVP_PKEY_meth_find; -+ EVP_PKEY_id; -+ TS_TST_INFO_set_serial; -+ a2i_GENERAL_NAME; -+ TS_CONF_set_crypto_device; -+ EVP_PKEY_verify_init; -+ TS_CONF_set_policies; -+ ASN1_PCTX_new; -+ ESS_CERT_ID_free; -+ ENGINE_unregister_pkey_meths; -+ TS_MSG_IMPRINT_free; -+ TS_VERIFY_CTX_init; -+ PKCS7_stream; -+ TS_RESP_CTX_set_certs; -+ TS_CONF_set_def_policy; -+ ASN1_GENERALIZEDTIME_adj; -+ NETSCAPE_X509_new; -+ TS_ACCURACY_free; -+ TS_RESP_get_tst_info; -+ EVP_PKEY_derive_set_peer; -+ PEM_read_bio_Parameters; -+ TS_CONF_set_clock_precision_digits; -+ TS_CONF_set_clk_prec_digits; -+ ESS_ISSUER_SERIAL_dup; -+ TS_ACCURACY_get_micros; -+ ASN1_PCTX_get_str_flags; -+ NAME_CONSTRAINTS_check; -+ ASN1_BIT_STRING_check; -+ X509_check_akid; -+ ENGINE_unregister_pkey_asn1_meths; -+ ENGINE_unreg_pkey_asn1_meths; -+ ASN1_PCTX_free; -+ PEM_write_bio_ASN1_stream; -+ i2d_ASN1_bio_stream; -+ TS_X509_ALGOR_print_bio; -+ EVP_PKEY_meth_set_cleanup; -+ EVP_PKEY_asn1_free; -+ ESS_SIGNING_CERT_free; -+ TS_TST_INFO_set_msg_imprint; -+ GENERAL_NAME_cmp; -+ d2i_ASN1_SET_ANY; -+ ENGINE_set_pkey_meths; -+ i2d_TS_REQ_fp; -+ d2i_ASN1_SEQUENCE_ANY; -+ GENERAL_NAME_get0_otherName; -+ d2i_ESS_CERT_ID; -+ OBJ_find_sigid_algs; -+ EVP_PKEY_meth_set_keygen; -+ PKCS5_PBKDF2_HMAC; -+ EVP_PKEY_paramgen; -+ EVP_PKEY_meth_set_paramgen; -+ BIO_new_PKCS7; -+ EVP_PKEY_verify_recover; -+ TS_ext_print_bio; -+ TS_ASN1_INTEGER_print_bio; -+ check_defer; -+ DSO_pathbyaddr; -+ EVP_PKEY_set_type; -+ TS_ACCURACY_set_micros; -+ TS_REQ_to_TS_VERIFY_CTX; -+ EVP_PKEY_meth_set_copy; -+ ASN1_PCTX_set_cert_flags; -+ TS_TST_INFO_get_ext; -+ EVP_PKEY_asn1_set_ctrl; -+ TS_TST_INFO_get_ext_by_critical; -+ EVP_PKEY_CTX_new_id; -+ TS_REQ_get_ext_by_OBJ; -+ TS_CONF_set_signer_cert; -+ X509_NAME_hash_old; -+ ASN1_TIME_set_string; -+ EVP_MD_flags; -+ TS_RESP_CTX_free; -+ DSAparams_dup; -+ DHparams_dup; -+ OCSP_REQ_CTX_add1_header; -+ OCSP_REQ_CTX_set1_req; -+ X509_STORE_set_verify_cb; -+ X509_STORE_CTX_get0_current_crl; -+ X509_STORE_CTX_get0_parent_ctx; -+ X509_STORE_CTX_get0_current_issuer; -+ X509_STORE_CTX_get0_cur_issuer; -+ X509_issuer_name_hash_old; -+ X509_subject_name_hash_old; -+ EVP_CIPHER_CTX_copy; -+ UI_method_get_prompt_constructor; -+ UI_method_get_prompt_constructr; -+ UI_method_set_prompt_constructor; -+ UI_method_set_prompt_constructr; -+ EVP_read_pw_string_min; -+ CRYPTO_cts128_encrypt; -+ CRYPTO_cts128_decrypt_block; -+ CRYPTO_cfb128_1_encrypt; -+ CRYPTO_cbc128_encrypt; -+ CRYPTO_ctr128_encrypt; -+ CRYPTO_ofb128_encrypt; -+ CRYPTO_cts128_decrypt; -+ CRYPTO_cts128_encrypt_block; -+ CRYPTO_cbc128_decrypt; -+ CRYPTO_cfb128_encrypt; -+ CRYPTO_cfb128_8_encrypt; -+ -+ local: -+ *; -+}; -+ -+ -+OPENSSL_1.0.1 { -+ global: -+ SSL_renegotiate_abbreviated; -+ TLSv1_1_method; -+ TLSv1_1_client_method; -+ TLSv1_1_server_method; -+ SSL_CTX_set_srp_client_pwd_callback; -+ SSL_CTX_set_srp_client_pwd_cb; -+ SSL_get_srp_g; -+ SSL_CTX_set_srp_username_callback; -+ SSL_CTX_set_srp_un_cb; -+ SSL_get_srp_userinfo; -+ SSL_set_srp_server_param; -+ SSL_set_srp_server_param_pw; -+ SSL_get_srp_N; -+ SSL_get_srp_username; -+ SSL_CTX_set_srp_password; -+ SSL_CTX_set_srp_strength; -+ SSL_CTX_set_srp_verify_param_callback; -+ SSL_CTX_set_srp_vfy_param_cb; -+ SSL_CTX_set_srp_cb_arg; -+ SSL_CTX_set_srp_username; -+ SSL_CTX_SRP_CTX_init; -+ SSL_SRP_CTX_init; -+ SRP_Calc_A_param; -+ SRP_generate_server_master_secret; -+ SRP_gen_server_master_secret; -+ SSL_CTX_SRP_CTX_free; -+ SRP_generate_client_master_secret; -+ SRP_gen_client_master_secret; -+ SSL_srp_server_param_with_username; -+ SSL_srp_server_param_with_un; -+ SSL_SRP_CTX_free; -+ SSL_set_debug; -+ SSL_SESSION_get0_peer; -+ TLSv1_2_client_method; -+ SSL_SESSION_set1_id_context; -+ TLSv1_2_server_method; -+ SSL_cache_hit; -+ SSL_get0_kssl_ctx; -+ SSL_set0_kssl_ctx; -+ SSL_set_state; -+ SSL_CIPHER_get_id; -+ TLSv1_2_method; -+ kssl_ctx_get0_client_princ; -+ SSL_export_keying_material; -+ SSL_set_tlsext_use_srtp; -+ SSL_CTX_set_next_protos_advertised_cb; -+ SSL_CTX_set_next_protos_adv_cb; -+ SSL_get0_next_proto_negotiated; -+ SSL_get_selected_srtp_profile; -+ SSL_CTX_set_tlsext_use_srtp; -+ SSL_select_next_proto; -+ SSL_get_srtp_profiles; -+ SSL_CTX_set_next_proto_select_cb; -+ SSL_CTX_set_next_proto_sel_cb; -+ SSL_SESSION_get_compress_id; -+ -+ SRP_VBASE_get_by_user; -+ SRP_Calc_server_key; -+ SRP_create_verifier; -+ SRP_create_verifier_BN; -+ SRP_Calc_u; -+ SRP_VBASE_free; -+ SRP_Calc_client_key; -+ SRP_get_default_gN; -+ SRP_Calc_x; -+ SRP_Calc_B; -+ SRP_VBASE_new; -+ SRP_check_known_gN_param; -+ SRP_Calc_A; -+ SRP_Verify_A_mod_N; -+ SRP_VBASE_init; -+ SRP_Verify_B_mod_N; -+ EC_KEY_set_public_key_affine_coordinates; -+ EC_KEY_set_pub_key_aff_coords; -+ EVP_aes_192_ctr; -+ EVP_PKEY_meth_get0_info; -+ EVP_PKEY_meth_copy; -+ ERR_add_error_vdata; -+ EVP_aes_128_ctr; -+ EVP_aes_256_ctr; -+ EC_GFp_nistp224_method; -+ EC_KEY_get_flags; -+ RSA_padding_add_PKCS1_PSS_mgf1; -+ EVP_aes_128_xts; -+ EVP_aes_256_xts; -+ EVP_aes_128_gcm; -+ EC_KEY_clear_flags; -+ EC_KEY_set_flags; -+ EVP_aes_256_ccm; -+ RSA_verify_PKCS1_PSS_mgf1; -+ EVP_aes_128_ccm; -+ EVP_aes_192_gcm; -+ X509_ALGOR_set_md; -+ RAND_init_fips; -+ EVP_aes_256_gcm; -+ EVP_aes_192_ccm; -+ CMAC_CTX_copy; -+ CMAC_CTX_free; -+ CMAC_CTX_get0_cipher_ctx; -+ CMAC_CTX_cleanup; -+ CMAC_Init; -+ CMAC_Update; -+ CMAC_resume; -+ CMAC_CTX_new; -+ CMAC_Final; -+ CRYPTO_ctr128_encrypt_ctr32; -+ CRYPTO_gcm128_release; -+ CRYPTO_ccm128_decrypt_ccm64; -+ CRYPTO_ccm128_encrypt; -+ CRYPTO_gcm128_encrypt; -+ CRYPTO_xts128_encrypt; -+ EVP_rc4_hmac_md5; -+ CRYPTO_nistcts128_decrypt_block; -+ CRYPTO_gcm128_setiv; -+ CRYPTO_nistcts128_encrypt; -+ EVP_aes_128_cbc_hmac_sha1; -+ CRYPTO_gcm128_tag; -+ CRYPTO_ccm128_encrypt_ccm64; -+ ENGINE_load_rdrand; -+ CRYPTO_ccm128_setiv; -+ CRYPTO_nistcts128_encrypt_block; -+ CRYPTO_gcm128_aad; -+ CRYPTO_ccm128_init; -+ CRYPTO_nistcts128_decrypt; -+ CRYPTO_gcm128_new; -+ CRYPTO_ccm128_tag; -+ CRYPTO_ccm128_decrypt; -+ CRYPTO_ccm128_aad; -+ CRYPTO_gcm128_init; -+ CRYPTO_gcm128_decrypt; -+ ENGINE_load_rsax; -+ CRYPTO_gcm128_decrypt_ctr32; -+ CRYPTO_gcm128_encrypt_ctr32; -+ CRYPTO_gcm128_finish; -+ EVP_aes_256_cbc_hmac_sha1; -+ PKCS5_pbkdf2_set; -+ CMS_add0_recipient_password; -+ CMS_decrypt_set1_password; -+ CMS_RecipientInfo_set0_password; -+ RAND_set_fips_drbg_type; -+ X509_REQ_sign_ctx; -+ RSA_PSS_PARAMS_new; -+ X509_CRL_sign_ctx; -+ X509_signature_dump; -+ d2i_RSA_PSS_PARAMS; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_free; -+ X509_sign_ctx; -+ i2d_RSA_PSS_PARAMS; -+ ASN1_item_sign_ctx; -+ EC_GFp_nistp521_method; -+ EC_GFp_nistp256_method; -+ OPENSSL_stderr; -+ OPENSSL_cpuid_setup; -+ OPENSSL_showfatal; -+ BIO_new_dgram_sctp; -+ BIO_dgram_sctp_msg_waiting; -+ BIO_dgram_sctp_wait_for_dry; -+ BIO_s_datagram_sctp; -+ BIO_dgram_is_sctp; -+ BIO_dgram_sctp_notification_cb; -+} OPENSSL_1.0.0; -+ -+OPENSSL_1.0.1d { -+ global: -+ CRYPTO_memcmp; -+} OPENSSL_1.0.1; -+ -+OPENSSL_1.0.2 { -+ global: -+ SSL_CTX_set_alpn_protos; -+ SSL_set_alpn_protos; -+ SSL_CTX_set_alpn_select_cb; -+ SSL_get0_alpn_selected; -+ SSL_CTX_set_custom_cli_ext; -+ SSL_CTX_set_custom_srv_ext; -+ SSL_CTX_set_srv_supp_data; -+ SSL_CTX_set_cli_supp_data; -+ SSL_set_cert_cb; -+ SSL_CTX_use_serverinfo; -+ SSL_CTX_use_serverinfo_file; -+ SSL_CTX_set_cert_cb; -+ SSL_CTX_get0_param; -+ SSL_get0_param; -+ SSL_certs_clear; -+ DTLSv1_2_method; -+ DTLSv1_2_server_method; -+ DTLSv1_2_client_method; -+ DTLS_method; -+ DTLS_server_method; -+ DTLS_client_method; -+ SSL_CTX_get_ssl_method; -+ SSL_CTX_get0_certificate; -+ SSL_CTX_get0_privatekey; -+ SSL_COMP_set0_compression_methods; -+ SSL_COMP_free_compression_methods; -+ SSL_CIPHER_find; -+ SSL_is_server; -+ SSL_CONF_CTX_new; -+ SSL_CONF_CTX_finish; -+ SSL_CONF_CTX_free; -+ SSL_CONF_CTX_set_flags; -+ SSL_CONF_CTX_clear_flags; -+ SSL_CONF_CTX_set1_prefix; -+ SSL_CONF_CTX_set_ssl; -+ SSL_CONF_CTX_set_ssl_ctx; -+ SSL_CONF_cmd; -+ SSL_CONF_cmd_argv; -+ SSL_CONF_cmd_value_type; -+ SSL_trace; -+ SSL_CIPHER_standard_name; -+ SSL_get_tlsa_record_byname; -+ ASN1_TIME_diff; -+ BIO_hex_string; -+ CMS_RecipientInfo_get0_pkey_ctx; -+ CMS_RecipientInfo_encrypt; -+ CMS_SignerInfo_get0_pkey_ctx; -+ CMS_SignerInfo_get0_md_ctx; -+ CMS_SignerInfo_get0_signature; -+ CMS_RecipientInfo_kari_get0_alg; -+ CMS_RecipientInfo_kari_get0_reks; -+ CMS_RecipientInfo_kari_get0_orig_id; -+ CMS_RecipientInfo_kari_orig_id_cmp; -+ CMS_RecipientEncryptedKey_get0_id; -+ CMS_RecipientEncryptedKey_cert_cmp; -+ CMS_RecipientInfo_kari_set0_pkey; -+ CMS_RecipientInfo_kari_get0_ctx; -+ CMS_RecipientInfo_kari_decrypt; -+ CMS_SharedInfo_encode; -+ DH_compute_key_padded; -+ d2i_DHxparams; -+ i2d_DHxparams; -+ DH_get_1024_160; -+ DH_get_2048_224; -+ DH_get_2048_256; -+ DH_KDF_X9_42; -+ ECDH_KDF_X9_62; -+ ECDSA_METHOD_new; -+ ECDSA_METHOD_free; -+ ECDSA_METHOD_set_app_data; -+ ECDSA_METHOD_get_app_data; -+ ECDSA_METHOD_set_sign; -+ ECDSA_METHOD_set_sign_setup; -+ ECDSA_METHOD_set_verify; -+ ECDSA_METHOD_set_flags; -+ ECDSA_METHOD_set_name; -+ EVP_des_ede3_wrap; -+ EVP_aes_128_wrap; -+ EVP_aes_192_wrap; -+ EVP_aes_256_wrap; -+ EVP_aes_128_cbc_hmac_sha256; -+ EVP_aes_256_cbc_hmac_sha256; -+ CRYPTO_128_wrap; -+ CRYPTO_128_unwrap; -+ OCSP_REQ_CTX_nbio; -+ OCSP_REQ_CTX_new; -+ OCSP_set_max_response_length; -+ OCSP_REQ_CTX_i2d; -+ OCSP_REQ_CTX_nbio_d2i; -+ OCSP_REQ_CTX_get0_mem_bio; -+ OCSP_REQ_CTX_http; -+ RSA_padding_add_PKCS1_OAEP_mgf1; -+ RSA_padding_check_PKCS1_OAEP_mgf1; -+ RSA_OAEP_PARAMS_free; -+ RSA_OAEP_PARAMS_it; -+ RSA_OAEP_PARAMS_new; -+ SSL_get_sigalgs; -+ SSL_get_shared_sigalgs; -+ SSL_check_chain; -+ X509_chain_up_ref; -+ X509_http_nbio; -+ X509_CRL_http_nbio; -+ X509_REVOKED_dup; -+ i2d_re_X509_tbs; -+ X509_get0_signature; -+ X509_get_signature_nid; -+ X509_CRL_diff; -+ X509_chain_check_suiteb; -+ X509_CRL_check_suiteb; -+ X509_check_host; -+ X509_check_email; -+ X509_check_ip; -+ X509_check_ip_asc; -+ X509_STORE_set_lookup_crls_cb; -+ X509_STORE_CTX_get0_store; -+ X509_VERIFY_PARAM_set1_host; -+ X509_VERIFY_PARAM_add1_host; -+ X509_VERIFY_PARAM_set_hostflags; -+ X509_VERIFY_PARAM_get0_peername; -+ X509_VERIFY_PARAM_set1_email; -+ X509_VERIFY_PARAM_set1_ip; -+ X509_VERIFY_PARAM_set1_ip_asc; -+ X509_VERIFY_PARAM_get0_name; -+ X509_VERIFY_PARAM_get_count; -+ X509_VERIFY_PARAM_get0; -+ X509V3_EXT_free; -+ EC_GROUP_get_mont_data; -+ EC_curve_nid2nist; -+ EC_curve_nist2nid; -+ PEM_write_bio_DHxparams; -+ PEM_write_DHxparams; -+ SSL_CTX_add_client_custom_ext; -+ SSL_CTX_add_server_custom_ext; -+ SSL_extension_supported; -+ BUF_strnlen; -+ sk_deep_copy; -+ SSL_test_functions; -+} OPENSSL_1.0.1d; -+ -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_digicert_malaysia.patch deleted file mode 100644 index c43bcd1c77..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_digicert_malaysia.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Raphael Geissert <geissert@debian.org> -Description: make X509_verify_cert indicate that any certificate whose - name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. -Forwarded: not-needed -Origin: vendor -Last-Update: 2011-11-05 - -Upstream-Status: Backport [debian] - - -Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c -=================================================================== ---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 -+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 -@@ -964,10 +964,11 @@ - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) - { - x = sk_X509_value(ctx->chain, i); -- /* Mark DigiNotar certificates as revoked, no matter -- * where in the chain they are. -+ /* Mark certificates containing the following names as -+ * revoked, no matter where in the chain they are. - */ -- if (x->name && strstr(x->name, "DigiNotar")) -+ if (x->name && (strstr(x->name, "DigiNotar") || -+ strstr(x->name, "Digicert Sdn. Bhd."))) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ctx->error_depth = i; diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_diginotar.patch deleted file mode 100644 index d81e22cd8d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_diginotar.patch +++ /dev/null @@ -1,68 +0,0 @@ -From: Raphael Geissert <geissert@debian.org> -Description: make X509_verify_cert indicate that any certificate whose - name contains "DigiNotar" is revoked. -Forwarded: not-needed -Origin: vendor -Last-Update: 2011-09-08 -Bug: http://bugs.debian.org/639744 -Reviewed-by: Kurt Roeckx <kurt@roeckx.be> -Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> - -This is not meant as final patch. - -Upstream-Status: Backport [debian] - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: openssl-1.0.2g/crypto/x509/x509_vfy.c -=================================================================== ---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c -+++ openssl-1.0.2g/crypto/x509/x509_vfy.c -@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c - static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); -+static int check_ca_blacklist(X509_STORE_CTX *ctx); - - static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x); -@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx - if (!ok) - goto err; - -+ ok = check_ca_blacklist(ctx); -+ if(!ok) goto err; -+ - #ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); -@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX - return 1; - } - -+static int check_ca_blacklist(X509_STORE_CTX *ctx) -+ { -+ X509 *x; -+ int i; -+ /* Check all certificates against the blacklist */ -+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ /* Mark DigiNotar certificates as revoked, no matter -+ * where in the chain they are. -+ */ -+ if (x->name && strstr(x->name, "DigiNotar")) -+ { -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0,ctx)) -+ return 0; -+ } -+ } -+ return 1; -+ } -+ - static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/soname.patch deleted file mode 100644 index 09dd9eaf86..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/soname.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Inappropriate - -Index: openssl-1.0.2d/crypto/opensslv.h -=================================================================== ---- openssl-1.0.2d.orig/crypto/opensslv.h -+++ openssl-1.0.2d/crypto/opensslv.h -@@ -88,7 +88,7 @@ extern "C" { - * should only keep the versions that are binary compatible with the current. - */ - # define SHLIB_VERSION_HISTORY "" --# define SHLIB_VERSION_NUMBER "1.0.0" -+# define SHLIB_VERSION_NUMBER "1.0.2" - - - #ifdef __cplusplus diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/version-script.patch deleted file mode 100644 index e404ee3312..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/version-script.patch +++ /dev/null @@ -1,4658 +0,0 @@ -Upstream-Status: Inappropriate - -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure -=================================================================== ---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 -@@ -1651,6 +1651,8 @@ - } - } - -+$shared_ldflag .= " -Wl,--version-script=openssl.ld"; -+ - open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; - unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; - open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 -@@ -0,0 +1,4608 @@ -+OPENSSL_1.0.2d { -+ global: -+ BIO_f_ssl; -+ BIO_new_buffer_ssl_connect; -+ BIO_new_ssl; -+ BIO_new_ssl_connect; -+ BIO_proxy_ssl_copy_session_id; -+ BIO_ssl_copy_session_id; -+ BIO_ssl_shutdown; -+ d2i_SSL_SESSION; -+ DTLSv1_client_method; -+ DTLSv1_method; -+ DTLSv1_server_method; -+ ERR_load_SSL_strings; -+ i2d_SSL_SESSION; -+ kssl_build_principal_2; -+ kssl_cget_tkt; -+ kssl_check_authent; -+ kssl_ctx_free; -+ kssl_ctx_new; -+ kssl_ctx_setkey; -+ kssl_ctx_setprinc; -+ kssl_ctx_setstring; -+ kssl_ctx_show; -+ kssl_err_set; -+ kssl_krb5_free_data_contents; -+ kssl_sget_tkt; -+ kssl_skip_confound; -+ kssl_validate_times; -+ PEM_read_bio_SSL_SESSION; -+ PEM_read_SSL_SESSION; -+ PEM_write_bio_SSL_SESSION; -+ PEM_write_SSL_SESSION; -+ SSL_accept; -+ SSL_add_client_CA; -+ SSL_add_dir_cert_subjects_to_stack; -+ SSL_add_dir_cert_subjs_to_stk; -+ SSL_add_file_cert_subjects_to_stack; -+ SSL_add_file_cert_subjs_to_stk; -+ SSL_alert_desc_string; -+ SSL_alert_desc_string_long; -+ SSL_alert_type_string; -+ SSL_alert_type_string_long; -+ SSL_callback_ctrl; -+ SSL_check_private_key; -+ SSL_CIPHER_description; -+ SSL_CIPHER_get_bits; -+ SSL_CIPHER_get_name; -+ SSL_CIPHER_get_version; -+ SSL_clear; -+ SSL_COMP_add_compression_method; -+ SSL_COMP_get_compression_methods; -+ SSL_COMP_get_compress_methods; -+ SSL_COMP_get_name; -+ SSL_connect; -+ SSL_copy_session_id; -+ SSL_ctrl; -+ SSL_CTX_add_client_CA; -+ SSL_CTX_add_session; -+ SSL_CTX_callback_ctrl; -+ SSL_CTX_check_private_key; -+ SSL_CTX_ctrl; -+ SSL_CTX_flush_sessions; -+ SSL_CTX_free; -+ SSL_CTX_get_cert_store; -+ SSL_CTX_get_client_CA_list; -+ SSL_CTX_get_client_cert_cb; -+ SSL_CTX_get_ex_data; -+ SSL_CTX_get_ex_new_index; -+ SSL_CTX_get_info_callback; -+ SSL_CTX_get_quiet_shutdown; -+ SSL_CTX_get_timeout; -+ SSL_CTX_get_verify_callback; -+ SSL_CTX_get_verify_depth; -+ SSL_CTX_get_verify_mode; -+ SSL_CTX_load_verify_locations; -+ SSL_CTX_new; -+ SSL_CTX_remove_session; -+ SSL_CTX_sess_get_get_cb; -+ SSL_CTX_sess_get_new_cb; -+ SSL_CTX_sess_get_remove_cb; -+ SSL_CTX_sessions; -+ SSL_CTX_sess_set_get_cb; -+ SSL_CTX_sess_set_new_cb; -+ SSL_CTX_sess_set_remove_cb; -+ SSL_CTX_set1_param; -+ SSL_CTX_set_cert_store; -+ SSL_CTX_set_cert_verify_callback; -+ SSL_CTX_set_cert_verify_cb; -+ SSL_CTX_set_cipher_list; -+ SSL_CTX_set_client_CA_list; -+ SSL_CTX_set_client_cert_cb; -+ SSL_CTX_set_client_cert_engine; -+ SSL_CTX_set_cookie_generate_cb; -+ SSL_CTX_set_cookie_verify_cb; -+ SSL_CTX_set_default_passwd_cb; -+ SSL_CTX_set_default_passwd_cb_userdata; -+ SSL_CTX_set_default_verify_paths; -+ SSL_CTX_set_def_passwd_cb_ud; -+ SSL_CTX_set_def_verify_paths; -+ SSL_CTX_set_ex_data; -+ SSL_CTX_set_generate_session_id; -+ SSL_CTX_set_info_callback; -+ SSL_CTX_set_msg_callback; -+ SSL_CTX_set_psk_client_callback; -+ SSL_CTX_set_psk_server_callback; -+ SSL_CTX_set_purpose; -+ SSL_CTX_set_quiet_shutdown; -+ SSL_CTX_set_session_id_context; -+ SSL_CTX_set_ssl_version; -+ SSL_CTX_set_timeout; -+ SSL_CTX_set_tmp_dh_callback; -+ SSL_CTX_set_tmp_ecdh_callback; -+ SSL_CTX_set_tmp_rsa_callback; -+ SSL_CTX_set_trust; -+ SSL_CTX_set_verify; -+ SSL_CTX_set_verify_depth; -+ SSL_CTX_use_cert_chain_file; -+ SSL_CTX_use_certificate; -+ SSL_CTX_use_certificate_ASN1; -+ SSL_CTX_use_certificate_chain_file; -+ SSL_CTX_use_certificate_file; -+ SSL_CTX_use_PrivateKey; -+ SSL_CTX_use_PrivateKey_ASN1; -+ SSL_CTX_use_PrivateKey_file; -+ SSL_CTX_use_psk_identity_hint; -+ SSL_CTX_use_RSAPrivateKey; -+ SSL_CTX_use_RSAPrivateKey_ASN1; -+ SSL_CTX_use_RSAPrivateKey_file; -+ SSL_do_handshake; -+ SSL_dup; -+ SSL_dup_CA_list; -+ SSLeay_add_ssl_algorithms; -+ SSL_free; -+ SSL_get1_session; -+ SSL_get_certificate; -+ SSL_get_cipher_list; -+ SSL_get_ciphers; -+ SSL_get_client_CA_list; -+ SSL_get_current_cipher; -+ SSL_get_current_compression; -+ SSL_get_current_expansion; -+ SSL_get_default_timeout; -+ SSL_get_error; -+ SSL_get_ex_data; -+ SSL_get_ex_data_X509_STORE_CTX_idx; -+ SSL_get_ex_d_X509_STORE_CTX_idx; -+ SSL_get_ex_new_index; -+ SSL_get_fd; -+ SSL_get_finished; -+ SSL_get_info_callback; -+ SSL_get_peer_cert_chain; -+ SSL_get_peer_certificate; -+ SSL_get_peer_finished; -+ SSL_get_privatekey; -+ SSL_get_psk_identity; -+ SSL_get_psk_identity_hint; -+ SSL_get_quiet_shutdown; -+ SSL_get_rbio; -+ SSL_get_read_ahead; -+ SSL_get_rfd; -+ SSL_get_servername; -+ SSL_get_servername_type; -+ SSL_get_session; -+ SSL_get_shared_ciphers; -+ SSL_get_shutdown; -+ SSL_get_SSL_CTX; -+ SSL_get_ssl_method; -+ SSL_get_verify_callback; -+ SSL_get_verify_depth; -+ SSL_get_verify_mode; -+ SSL_get_verify_result; -+ SSL_get_version; -+ SSL_get_wbio; -+ SSL_get_wfd; -+ SSL_has_matching_session_id; -+ SSL_library_init; -+ SSL_load_client_CA_file; -+ SSL_load_error_strings; -+ SSL_new; -+ SSL_peek; -+ SSL_pending; -+ SSL_read; -+ SSL_renegotiate; -+ SSL_renegotiate_pending; -+ SSL_rstate_string; -+ SSL_rstate_string_long; -+ SSL_SESSION_cmp; -+ SSL_SESSION_free; -+ SSL_SESSION_get_ex_data; -+ SSL_SESSION_get_ex_new_index; -+ SSL_SESSION_get_id; -+ SSL_SESSION_get_time; -+ SSL_SESSION_get_timeout; -+ SSL_SESSION_hash; -+ SSL_SESSION_new; -+ SSL_SESSION_print; -+ SSL_SESSION_print_fp; -+ SSL_SESSION_set_ex_data; -+ SSL_SESSION_set_time; -+ SSL_SESSION_set_timeout; -+ SSL_set1_param; -+ SSL_set_accept_state; -+ SSL_set_bio; -+ SSL_set_cipher_list; -+ SSL_set_client_CA_list; -+ SSL_set_connect_state; -+ SSL_set_ex_data; -+ SSL_set_fd; -+ SSL_set_generate_session_id; -+ SSL_set_info_callback; -+ SSL_set_msg_callback; -+ SSL_set_psk_client_callback; -+ SSL_set_psk_server_callback; -+ SSL_set_purpose; -+ SSL_set_quiet_shutdown; -+ SSL_set_read_ahead; -+ SSL_set_rfd; -+ SSL_set_session; -+ SSL_set_session_id_context; -+ SSL_set_session_secret_cb; -+ SSL_set_session_ticket_ext; -+ SSL_set_session_ticket_ext_cb; -+ SSL_set_shutdown; -+ SSL_set_SSL_CTX; -+ SSL_set_ssl_method; -+ SSL_set_tmp_dh_callback; -+ SSL_set_tmp_ecdh_callback; -+ SSL_set_tmp_rsa_callback; -+ SSL_set_trust; -+ SSL_set_verify; -+ SSL_set_verify_depth; -+ SSL_set_verify_result; -+ SSL_set_wfd; -+ SSL_shutdown; -+ SSL_state; -+ SSL_state_string; -+ SSL_state_string_long; -+ SSL_use_certificate; -+ SSL_use_certificate_ASN1; -+ SSL_use_certificate_file; -+ SSL_use_PrivateKey; -+ SSL_use_PrivateKey_ASN1; -+ SSL_use_PrivateKey_file; -+ SSL_use_psk_identity_hint; -+ SSL_use_RSAPrivateKey; -+ SSL_use_RSAPrivateKey_ASN1; -+ SSL_use_RSAPrivateKey_file; -+ SSLv23_client_method; -+ SSLv23_method; -+ SSLv23_server_method; -+ SSLv2_client_method; -+ SSLv2_method; -+ SSLv2_server_method; -+ SSLv3_client_method; -+ SSLv3_method; -+ SSLv3_server_method; -+ SSL_version; -+ SSL_want; -+ SSL_write; -+ TLSv1_client_method; -+ TLSv1_method; -+ TLSv1_server_method; -+ -+ -+ SSLeay; -+ SSLeay_version; -+ ASN1_BIT_STRING_asn1_meth; -+ ASN1_HEADER_free; -+ ASN1_HEADER_new; -+ ASN1_IA5STRING_asn1_meth; -+ ASN1_INTEGER_get; -+ ASN1_INTEGER_set; -+ ASN1_INTEGER_to_BN; -+ ASN1_OBJECT_create; -+ ASN1_OBJECT_free; -+ ASN1_OBJECT_new; -+ ASN1_PRINTABLE_type; -+ ASN1_STRING_cmp; -+ ASN1_STRING_dup; -+ ASN1_STRING_free; -+ ASN1_STRING_new; -+ ASN1_STRING_print; -+ ASN1_STRING_set; -+ ASN1_STRING_type_new; -+ ASN1_TYPE_free; -+ ASN1_TYPE_new; -+ ASN1_UNIVERSALSTRING_to_string; -+ ASN1_UTCTIME_check; -+ ASN1_UTCTIME_print; -+ ASN1_UTCTIME_set; -+ ASN1_check_infinite_end; -+ ASN1_d2i_bio; -+ ASN1_d2i_fp; -+ ASN1_digest; -+ ASN1_dup; -+ ASN1_get_object; -+ ASN1_i2d_bio; -+ ASN1_i2d_fp; -+ ASN1_object_size; -+ ASN1_parse; -+ ASN1_put_object; -+ ASN1_sign; -+ ASN1_verify; -+ BF_cbc_encrypt; -+ BF_cfb64_encrypt; -+ BF_ecb_encrypt; -+ BF_encrypt; -+ BF_ofb64_encrypt; -+ BF_options; -+ BF_set_key; -+ BIO_CONNECT_free; -+ BIO_CONNECT_new; -+ BIO_accept; -+ BIO_ctrl; -+ BIO_int_ctrl; -+ BIO_debug_callback; -+ BIO_dump; -+ BIO_dup_chain; -+ BIO_f_base64; -+ BIO_f_buffer; -+ BIO_f_cipher; -+ BIO_f_md; -+ BIO_f_null; -+ BIO_f_proxy_server; -+ BIO_fd_non_fatal_error; -+ BIO_fd_should_retry; -+ BIO_find_type; -+ BIO_free; -+ BIO_free_all; -+ BIO_get_accept_socket; -+ BIO_get_filter_bio; -+ BIO_get_host_ip; -+ BIO_get_port; -+ BIO_get_retry_BIO; -+ BIO_get_retry_reason; -+ BIO_gethostbyname; -+ BIO_gets; -+ BIO_new; -+ BIO_new_accept; -+ BIO_new_connect; -+ BIO_new_fd; -+ BIO_new_file; -+ BIO_new_fp; -+ BIO_new_socket; -+ BIO_pop; -+ BIO_printf; -+ BIO_push; -+ BIO_puts; -+ BIO_read; -+ BIO_s_accept; -+ BIO_s_connect; -+ BIO_s_fd; -+ BIO_s_file; -+ BIO_s_mem; -+ BIO_s_null; -+ BIO_s_proxy_client; -+ BIO_s_socket; -+ BIO_set; -+ BIO_set_cipher; -+ BIO_set_tcp_ndelay; -+ BIO_sock_cleanup; -+ BIO_sock_error; -+ BIO_sock_init; -+ BIO_sock_non_fatal_error; -+ BIO_sock_should_retry; -+ BIO_socket_ioctl; -+ BIO_write; -+ BN_CTX_free; -+ BN_CTX_new; -+ BN_MONT_CTX_free; -+ BN_MONT_CTX_new; -+ BN_MONT_CTX_set; -+ BN_add; -+ BN_add_word; -+ BN_hex2bn; -+ BN_bin2bn; -+ BN_bn2hex; -+ BN_bn2bin; -+ BN_clear; -+ BN_clear_bit; -+ BN_clear_free; -+ BN_cmp; -+ BN_copy; -+ BN_div; -+ BN_div_word; -+ BN_dup; -+ BN_free; -+ BN_from_montgomery; -+ BN_gcd; -+ BN_generate_prime; -+ BN_get_word; -+ BN_is_bit_set; -+ BN_is_prime; -+ BN_lshift; -+ BN_lshift1; -+ BN_mask_bits; -+ BN_mod; -+ BN_mod_exp; -+ BN_mod_exp_mont; -+ BN_mod_exp_simple; -+ BN_mod_inverse; -+ BN_mod_mul; -+ BN_mod_mul_montgomery; -+ BN_mod_word; -+ BN_mul; -+ BN_new; -+ BN_num_bits; -+ BN_num_bits_word; -+ BN_options; -+ BN_print; -+ BN_print_fp; -+ BN_rand; -+ BN_reciprocal; -+ BN_rshift; -+ BN_rshift1; -+ BN_set_bit; -+ BN_set_word; -+ BN_sqr; -+ BN_sub; -+ BN_to_ASN1_INTEGER; -+ BN_ucmp; -+ BN_value_one; -+ BUF_MEM_free; -+ BUF_MEM_grow; -+ BUF_MEM_new; -+ BUF_strdup; -+ CONF_free; -+ CONF_get_number; -+ CONF_get_section; -+ CONF_get_string; -+ CONF_load; -+ CRYPTO_add_lock; -+ CRYPTO_dbg_free; -+ CRYPTO_dbg_malloc; -+ CRYPTO_dbg_realloc; -+ CRYPTO_dbg_remalloc; -+ CRYPTO_free; -+ CRYPTO_get_add_lock_callback; -+ CRYPTO_get_id_callback; -+ CRYPTO_get_lock_name; -+ CRYPTO_get_locking_callback; -+ CRYPTO_get_mem_functions; -+ CRYPTO_lock; -+ CRYPTO_malloc; -+ CRYPTO_mem_ctrl; -+ CRYPTO_mem_leaks; -+ CRYPTO_mem_leaks_cb; -+ CRYPTO_mem_leaks_fp; -+ CRYPTO_realloc; -+ CRYPTO_remalloc; -+ CRYPTO_set_add_lock_callback; -+ CRYPTO_set_id_callback; -+ CRYPTO_set_locking_callback; -+ CRYPTO_set_mem_functions; -+ CRYPTO_thread_id; -+ DH_check; -+ DH_compute_key; -+ DH_free; -+ DH_generate_key; -+ DH_generate_parameters; -+ DH_new; -+ DH_size; -+ DHparams_print; -+ DHparams_print_fp; -+ DSA_free; -+ DSA_generate_key; -+ DSA_generate_parameters; -+ DSA_is_prime; -+ DSA_new; -+ DSA_print; -+ DSA_print_fp; -+ DSA_sign; -+ DSA_sign_setup; -+ DSA_size; -+ DSA_verify; -+ DSAparams_print; -+ DSAparams_print_fp; -+ ERR_clear_error; -+ ERR_error_string; -+ ERR_free_strings; -+ ERR_func_error_string; -+ ERR_get_err_state_table; -+ ERR_get_error; -+ ERR_get_error_line; -+ ERR_get_state; -+ ERR_get_string_table; -+ ERR_lib_error_string; -+ ERR_load_ASN1_strings; -+ ERR_load_BIO_strings; -+ ERR_load_BN_strings; -+ ERR_load_BUF_strings; -+ ERR_load_CONF_strings; -+ ERR_load_DH_strings; -+ ERR_load_DSA_strings; -+ ERR_load_ERR_strings; -+ ERR_load_EVP_strings; -+ ERR_load_OBJ_strings; -+ ERR_load_PEM_strings; -+ ERR_load_PROXY_strings; -+ ERR_load_RSA_strings; -+ ERR_load_X509_strings; -+ ERR_load_crypto_strings; -+ ERR_load_strings; -+ ERR_peek_error; -+ ERR_peek_error_line; -+ ERR_print_errors; -+ ERR_print_errors_fp; -+ ERR_put_error; -+ ERR_reason_error_string; -+ ERR_remove_state; -+ EVP_BytesToKey; -+ EVP_CIPHER_CTX_cleanup; -+ EVP_CipherFinal; -+ EVP_CipherInit; -+ EVP_CipherUpdate; -+ EVP_DecodeBlock; -+ EVP_DecodeFinal; -+ EVP_DecodeInit; -+ EVP_DecodeUpdate; -+ EVP_DecryptFinal; -+ EVP_DecryptInit; -+ EVP_DecryptUpdate; -+ EVP_DigestFinal; -+ EVP_DigestInit; -+ EVP_DigestUpdate; -+ EVP_EncodeBlock; -+ EVP_EncodeFinal; -+ EVP_EncodeInit; -+ EVP_EncodeUpdate; -+ EVP_EncryptFinal; -+ EVP_EncryptInit; -+ EVP_EncryptUpdate; -+ EVP_OpenFinal; -+ EVP_OpenInit; -+ EVP_PKEY_assign; -+ EVP_PKEY_copy_parameters; -+ EVP_PKEY_free; -+ EVP_PKEY_missing_parameters; -+ EVP_PKEY_new; -+ EVP_PKEY_save_parameters; -+ EVP_PKEY_size; -+ EVP_PKEY_type; -+ EVP_SealFinal; -+ EVP_SealInit; -+ EVP_SignFinal; -+ EVP_VerifyFinal; -+ EVP_add_alias; -+ EVP_add_cipher; -+ EVP_add_digest; -+ EVP_bf_cbc; -+ EVP_bf_cfb64; -+ EVP_bf_ecb; -+ EVP_bf_ofb; -+ EVP_cleanup; -+ EVP_des_cbc; -+ EVP_des_cfb64; -+ EVP_des_ecb; -+ EVP_des_ede; -+ EVP_des_ede3; -+ EVP_des_ede3_cbc; -+ EVP_des_ede3_cfb64; -+ EVP_des_ede3_ofb; -+ EVP_des_ede_cbc; -+ EVP_des_ede_cfb64; -+ EVP_des_ede_ofb; -+ EVP_des_ofb; -+ EVP_desx_cbc; -+ EVP_dss; -+ EVP_dss1; -+ EVP_enc_null; -+ EVP_get_cipherbyname; -+ EVP_get_digestbyname; -+ EVP_get_pw_prompt; -+ EVP_idea_cbc; -+ EVP_idea_cfb64; -+ EVP_idea_ecb; -+ EVP_idea_ofb; -+ EVP_md2; -+ EVP_md5; -+ EVP_md_null; -+ EVP_rc2_cbc; -+ EVP_rc2_cfb64; -+ EVP_rc2_ecb; -+ EVP_rc2_ofb; -+ EVP_rc4; -+ EVP_read_pw_string; -+ EVP_set_pw_prompt; -+ EVP_sha; -+ EVP_sha1; -+ MD2; -+ MD2_Final; -+ MD2_Init; -+ MD2_Update; -+ MD2_options; -+ MD5; -+ MD5_Final; -+ MD5_Init; -+ MD5_Update; -+ MDC2; -+ MDC2_Final; -+ MDC2_Init; -+ MDC2_Update; -+ NETSCAPE_SPKAC_free; -+ NETSCAPE_SPKAC_new; -+ NETSCAPE_SPKI_free; -+ NETSCAPE_SPKI_new; -+ NETSCAPE_SPKI_sign; -+ NETSCAPE_SPKI_verify; -+ OBJ_add_object; -+ OBJ_bsearch; -+ OBJ_cleanup; -+ OBJ_cmp; -+ OBJ_create; -+ OBJ_dup; -+ OBJ_ln2nid; -+ OBJ_new_nid; -+ OBJ_nid2ln; -+ OBJ_nid2obj; -+ OBJ_nid2sn; -+ OBJ_obj2nid; -+ OBJ_sn2nid; -+ OBJ_txt2nid; -+ PEM_ASN1_read; -+ PEM_ASN1_read_bio; -+ PEM_ASN1_write; -+ PEM_ASN1_write_bio; -+ PEM_SealFinal; -+ PEM_SealInit; -+ PEM_SealUpdate; -+ PEM_SignFinal; -+ PEM_SignInit; -+ PEM_SignUpdate; -+ PEM_X509_INFO_read; -+ PEM_X509_INFO_read_bio; -+ PEM_X509_INFO_write_bio; -+ PEM_dek_info; -+ PEM_do_header; -+ PEM_get_EVP_CIPHER_INFO; -+ PEM_proc_type; -+ PEM_read; -+ PEM_read_DHparams; -+ PEM_read_DSAPrivateKey; -+ PEM_read_DSAparams; -+ PEM_read_PKCS7; -+ PEM_read_PrivateKey; -+ PEM_read_RSAPrivateKey; -+ PEM_read_X509; -+ PEM_read_X509_CRL; -+ PEM_read_X509_REQ; -+ PEM_read_bio; -+ PEM_read_bio_DHparams; -+ PEM_read_bio_DSAPrivateKey; -+ PEM_read_bio_DSAparams; -+ PEM_read_bio_PKCS7; -+ PEM_read_bio_PrivateKey; -+ PEM_read_bio_RSAPrivateKey; -+ PEM_read_bio_X509; -+ PEM_read_bio_X509_CRL; -+ PEM_read_bio_X509_REQ; -+ PEM_write; -+ PEM_write_DHparams; -+ PEM_write_DSAPrivateKey; -+ PEM_write_DSAparams; -+ PEM_write_PKCS7; -+ PEM_write_PrivateKey; -+ PEM_write_RSAPrivateKey; -+ PEM_write_X509; -+ PEM_write_X509_CRL; -+ PEM_write_X509_REQ; -+ PEM_write_bio; -+ PEM_write_bio_DHparams; -+ PEM_write_bio_DSAPrivateKey; -+ PEM_write_bio_DSAparams; -+ PEM_write_bio_PKCS7; -+ PEM_write_bio_PrivateKey; -+ PEM_write_bio_RSAPrivateKey; -+ PEM_write_bio_X509; -+ PEM_write_bio_X509_CRL; -+ PEM_write_bio_X509_REQ; -+ PKCS7_DIGEST_free; -+ PKCS7_DIGEST_new; -+ PKCS7_ENCRYPT_free; -+ PKCS7_ENCRYPT_new; -+ PKCS7_ENC_CONTENT_free; -+ PKCS7_ENC_CONTENT_new; -+ PKCS7_ENVELOPE_free; -+ PKCS7_ENVELOPE_new; -+ PKCS7_ISSUER_AND_SERIAL_digest; -+ PKCS7_ISSUER_AND_SERIAL_free; -+ PKCS7_ISSUER_AND_SERIAL_new; -+ PKCS7_RECIP_INFO_free; -+ PKCS7_RECIP_INFO_new; -+ PKCS7_SIGNED_free; -+ PKCS7_SIGNED_new; -+ PKCS7_SIGNER_INFO_free; -+ PKCS7_SIGNER_INFO_new; -+ PKCS7_SIGN_ENVELOPE_free; -+ PKCS7_SIGN_ENVELOPE_new; -+ PKCS7_dup; -+ PKCS7_free; -+ PKCS7_new; -+ PROXY_ENTRY_add_noproxy; -+ PROXY_ENTRY_clear_noproxy; -+ PROXY_ENTRY_free; -+ PROXY_ENTRY_get_noproxy; -+ PROXY_ENTRY_new; -+ PROXY_ENTRY_set_server; -+ PROXY_add_noproxy; -+ PROXY_add_server; -+ PROXY_check_by_host; -+ PROXY_check_url; -+ PROXY_clear_noproxy; -+ PROXY_free; -+ PROXY_get_noproxy; -+ PROXY_get_proxies; -+ PROXY_get_proxy_entry; -+ PROXY_load_conf; -+ PROXY_new; -+ PROXY_print; -+ RAND_bytes; -+ RAND_cleanup; -+ RAND_file_name; -+ RAND_load_file; -+ RAND_screen; -+ RAND_seed; -+ RAND_write_file; -+ RC2_cbc_encrypt; -+ RC2_cfb64_encrypt; -+ RC2_ecb_encrypt; -+ RC2_encrypt; -+ RC2_ofb64_encrypt; -+ RC2_set_key; -+ RC4; -+ RC4_options; -+ RC4_set_key; -+ RSAPrivateKey_asn1_meth; -+ RSAPrivateKey_dup; -+ RSAPublicKey_dup; -+ RSA_PKCS1_SSLeay; -+ RSA_free; -+ RSA_generate_key; -+ RSA_new; -+ RSA_new_method; -+ RSA_print; -+ RSA_print_fp; -+ RSA_private_decrypt; -+ RSA_private_encrypt; -+ RSA_public_decrypt; -+ RSA_public_encrypt; -+ RSA_set_default_method; -+ RSA_sign; -+ RSA_sign_ASN1_OCTET_STRING; -+ RSA_size; -+ RSA_verify; -+ RSA_verify_ASN1_OCTET_STRING; -+ SHA; -+ SHA1; -+ SHA1_Final; -+ SHA1_Init; -+ SHA1_Update; -+ SHA_Final; -+ SHA_Init; -+ SHA_Update; -+ OpenSSL_add_all_algorithms; -+ OpenSSL_add_all_ciphers; -+ OpenSSL_add_all_digests; -+ TXT_DB_create_index; -+ TXT_DB_free; -+ TXT_DB_get_by_index; -+ TXT_DB_insert; -+ TXT_DB_read; -+ TXT_DB_write; -+ X509_ALGOR_free; -+ X509_ALGOR_new; -+ X509_ATTRIBUTE_free; -+ X509_ATTRIBUTE_new; -+ X509_CINF_free; -+ X509_CINF_new; -+ X509_CRL_INFO_free; -+ X509_CRL_INFO_new; -+ X509_CRL_add_ext; -+ X509_CRL_cmp; -+ X509_CRL_delete_ext; -+ X509_CRL_dup; -+ X509_CRL_free; -+ X509_CRL_get_ext; -+ X509_CRL_get_ext_by_NID; -+ X509_CRL_get_ext_by_OBJ; -+ X509_CRL_get_ext_by_critical; -+ X509_CRL_get_ext_count; -+ X509_CRL_new; -+ X509_CRL_sign; -+ X509_CRL_verify; -+ X509_EXTENSION_create_by_NID; -+ X509_EXTENSION_create_by_OBJ; -+ X509_EXTENSION_dup; -+ X509_EXTENSION_free; -+ X509_EXTENSION_get_critical; -+ X509_EXTENSION_get_data; -+ X509_EXTENSION_get_object; -+ X509_EXTENSION_new; -+ X509_EXTENSION_set_critical; -+ X509_EXTENSION_set_data; -+ X509_EXTENSION_set_object; -+ X509_INFO_free; -+ X509_INFO_new; -+ X509_LOOKUP_by_alias; -+ X509_LOOKUP_by_fingerprint; -+ X509_LOOKUP_by_issuer_serial; -+ X509_LOOKUP_by_subject; -+ X509_LOOKUP_ctrl; -+ X509_LOOKUP_file; -+ X509_LOOKUP_free; -+ X509_LOOKUP_hash_dir; -+ X509_LOOKUP_init; -+ X509_LOOKUP_new; -+ X509_LOOKUP_shutdown; -+ X509_NAME_ENTRY_create_by_NID; -+ X509_NAME_ENTRY_create_by_OBJ; -+ X509_NAME_ENTRY_dup; -+ X509_NAME_ENTRY_free; -+ X509_NAME_ENTRY_get_data; -+ X509_NAME_ENTRY_get_object; -+ X509_NAME_ENTRY_new; -+ X509_NAME_ENTRY_set_data; -+ X509_NAME_ENTRY_set_object; -+ X509_NAME_add_entry; -+ X509_NAME_cmp; -+ X509_NAME_delete_entry; -+ X509_NAME_digest; -+ X509_NAME_dup; -+ X509_NAME_entry_count; -+ X509_NAME_free; -+ X509_NAME_get_entry; -+ X509_NAME_get_index_by_NID; -+ X509_NAME_get_index_by_OBJ; -+ X509_NAME_get_text_by_NID; -+ X509_NAME_get_text_by_OBJ; -+ X509_NAME_hash; -+ X509_NAME_new; -+ X509_NAME_oneline; -+ X509_NAME_print; -+ X509_NAME_set; -+ X509_OBJECT_free_contents; -+ X509_OBJECT_retrieve_by_subject; -+ X509_OBJECT_up_ref_count; -+ X509_PKEY_free; -+ X509_PKEY_new; -+ X509_PUBKEY_free; -+ X509_PUBKEY_get; -+ X509_PUBKEY_new; -+ X509_PUBKEY_set; -+ X509_REQ_INFO_free; -+ X509_REQ_INFO_new; -+ X509_REQ_dup; -+ X509_REQ_free; -+ X509_REQ_get_pubkey; -+ X509_REQ_new; -+ X509_REQ_print; -+ X509_REQ_print_fp; -+ X509_REQ_set_pubkey; -+ X509_REQ_set_subject_name; -+ X509_REQ_set_version; -+ X509_REQ_sign; -+ X509_REQ_to_X509; -+ X509_REQ_verify; -+ X509_REVOKED_add_ext; -+ X509_REVOKED_delete_ext; -+ X509_REVOKED_free; -+ X509_REVOKED_get_ext; -+ X509_REVOKED_get_ext_by_NID; -+ X509_REVOKED_get_ext_by_OBJ; -+ X509_REVOKED_get_ext_by_critical; -+ X509_REVOKED_get_ext_by_critic; -+ X509_REVOKED_get_ext_count; -+ X509_REVOKED_new; -+ X509_SIG_free; -+ X509_SIG_new; -+ X509_STORE_CTX_cleanup; -+ X509_STORE_CTX_init; -+ X509_STORE_add_cert; -+ X509_STORE_add_lookup; -+ X509_STORE_free; -+ X509_STORE_get_by_subject; -+ X509_STORE_load_locations; -+ X509_STORE_new; -+ X509_STORE_set_default_paths; -+ X509_VAL_free; -+ X509_VAL_new; -+ X509_add_ext; -+ X509_asn1_meth; -+ X509_certificate_type; -+ X509_check_private_key; -+ X509_cmp_current_time; -+ X509_delete_ext; -+ X509_digest; -+ X509_dup; -+ X509_free; -+ X509_get_default_cert_area; -+ X509_get_default_cert_dir; -+ X509_get_default_cert_dir_env; -+ X509_get_default_cert_file; -+ X509_get_default_cert_file_env; -+ X509_get_default_private_dir; -+ X509_get_ext; -+ X509_get_ext_by_NID; -+ X509_get_ext_by_OBJ; -+ X509_get_ext_by_critical; -+ X509_get_ext_count; -+ X509_get_issuer_name; -+ X509_get_pubkey; -+ X509_get_pubkey_parameters; -+ X509_get_serialNumber; -+ X509_get_subject_name; -+ X509_gmtime_adj; -+ X509_issuer_and_serial_cmp; -+ X509_issuer_and_serial_hash; -+ X509_issuer_name_cmp; -+ X509_issuer_name_hash; -+ X509_load_cert_file; -+ X509_new; -+ X509_print; -+ X509_print_fp; -+ X509_set_issuer_name; -+ X509_set_notAfter; -+ X509_set_notBefore; -+ X509_set_pubkey; -+ X509_set_serialNumber; -+ X509_set_subject_name; -+ X509_set_version; -+ X509_sign; -+ X509_subject_name_cmp; -+ X509_subject_name_hash; -+ X509_to_X509_REQ; -+ X509_verify; -+ X509_verify_cert; -+ X509_verify_cert_error_string; -+ X509v3_add_ext; -+ X509v3_add_extension; -+ X509v3_add_netscape_extensions; -+ X509v3_add_standard_extensions; -+ X509v3_cleanup_extensions; -+ X509v3_data_type_by_NID; -+ X509v3_data_type_by_OBJ; -+ X509v3_delete_ext; -+ X509v3_get_ext; -+ X509v3_get_ext_by_NID; -+ X509v3_get_ext_by_OBJ; -+ X509v3_get_ext_by_critical; -+ X509v3_get_ext_count; -+ X509v3_pack_string; -+ X509v3_pack_type_by_NID; -+ X509v3_pack_type_by_OBJ; -+ X509v3_unpack_string; -+ _des_crypt; -+ a2d_ASN1_OBJECT; -+ a2i_ASN1_INTEGER; -+ a2i_ASN1_STRING; -+ asn1_Finish; -+ asn1_GetSequence; -+ bn_div_words; -+ bn_expand2; -+ bn_mul_add_words; -+ bn_mul_words; -+ BN_uadd; -+ BN_usub; -+ bn_sqr_words; -+ _ossl_old_crypt; -+ d2i_ASN1_BIT_STRING; -+ d2i_ASN1_BOOLEAN; -+ d2i_ASN1_HEADER; -+ d2i_ASN1_IA5STRING; -+ d2i_ASN1_INTEGER; -+ d2i_ASN1_OBJECT; -+ d2i_ASN1_OCTET_STRING; -+ d2i_ASN1_PRINTABLE; -+ d2i_ASN1_PRINTABLESTRING; -+ d2i_ASN1_SET; -+ d2i_ASN1_T61STRING; -+ d2i_ASN1_TYPE; -+ d2i_ASN1_UTCTIME; -+ d2i_ASN1_bytes; -+ d2i_ASN1_type_bytes; -+ d2i_DHparams; -+ d2i_DSAPrivateKey; -+ d2i_DSAPrivateKey_bio; -+ d2i_DSAPrivateKey_fp; -+ d2i_DSAPublicKey; -+ d2i_DSAparams; -+ d2i_NETSCAPE_SPKAC; -+ d2i_NETSCAPE_SPKI; -+ d2i_Netscape_RSA; -+ d2i_PKCS7; -+ d2i_PKCS7_DIGEST; -+ d2i_PKCS7_ENCRYPT; -+ d2i_PKCS7_ENC_CONTENT; -+ d2i_PKCS7_ENVELOPE; -+ d2i_PKCS7_ISSUER_AND_SERIAL; -+ d2i_PKCS7_RECIP_INFO; -+ d2i_PKCS7_SIGNED; -+ d2i_PKCS7_SIGNER_INFO; -+ d2i_PKCS7_SIGN_ENVELOPE; -+ d2i_PKCS7_bio; -+ d2i_PKCS7_fp; -+ d2i_PrivateKey; -+ d2i_PublicKey; -+ d2i_RSAPrivateKey; -+ d2i_RSAPrivateKey_bio; -+ d2i_RSAPrivateKey_fp; -+ d2i_RSAPublicKey; -+ d2i_X509; -+ d2i_X509_ALGOR; -+ d2i_X509_ATTRIBUTE; -+ d2i_X509_CINF; -+ d2i_X509_CRL; -+ d2i_X509_CRL_INFO; -+ d2i_X509_CRL_bio; -+ d2i_X509_CRL_fp; -+ d2i_X509_EXTENSION; -+ d2i_X509_NAME; -+ d2i_X509_NAME_ENTRY; -+ d2i_X509_PKEY; -+ d2i_X509_PUBKEY; -+ d2i_X509_REQ; -+ d2i_X509_REQ_INFO; -+ d2i_X509_REQ_bio; -+ d2i_X509_REQ_fp; -+ d2i_X509_REVOKED; -+ d2i_X509_SIG; -+ d2i_X509_VAL; -+ d2i_X509_bio; -+ d2i_X509_fp; -+ DES_cbc_cksum; -+ DES_cbc_encrypt; -+ DES_cblock_print_file; -+ DES_cfb64_encrypt; -+ DES_cfb_encrypt; -+ DES_decrypt3; -+ DES_ecb3_encrypt; -+ DES_ecb_encrypt; -+ DES_ede3_cbc_encrypt; -+ DES_ede3_cfb64_encrypt; -+ DES_ede3_ofb64_encrypt; -+ DES_enc_read; -+ DES_enc_write; -+ DES_encrypt1; -+ DES_encrypt2; -+ DES_encrypt3; -+ DES_fcrypt; -+ DES_is_weak_key; -+ DES_key_sched; -+ DES_ncbc_encrypt; -+ DES_ofb64_encrypt; -+ DES_ofb_encrypt; -+ DES_options; -+ DES_pcbc_encrypt; -+ DES_quad_cksum; -+ DES_random_key; -+ _ossl_old_des_random_seed; -+ _ossl_old_des_read_2passwords; -+ _ossl_old_des_read_password; -+ _ossl_old_des_read_pw; -+ _ossl_old_des_read_pw_string; -+ DES_set_key; -+ DES_set_odd_parity; -+ DES_string_to_2keys; -+ DES_string_to_key; -+ DES_xcbc_encrypt; -+ DES_xwhite_in2out; -+ fcrypt_body; -+ i2a_ASN1_INTEGER; -+ i2a_ASN1_OBJECT; -+ i2a_ASN1_STRING; -+ i2d_ASN1_BIT_STRING; -+ i2d_ASN1_BOOLEAN; -+ i2d_ASN1_HEADER; -+ i2d_ASN1_IA5STRING; -+ i2d_ASN1_INTEGER; -+ i2d_ASN1_OBJECT; -+ i2d_ASN1_OCTET_STRING; -+ i2d_ASN1_PRINTABLE; -+ i2d_ASN1_SET; -+ i2d_ASN1_TYPE; -+ i2d_ASN1_UTCTIME; -+ i2d_ASN1_bytes; -+ i2d_DHparams; -+ i2d_DSAPrivateKey; -+ i2d_DSAPrivateKey_bio; -+ i2d_DSAPrivateKey_fp; -+ i2d_DSAPublicKey; -+ i2d_DSAparams; -+ i2d_NETSCAPE_SPKAC; -+ i2d_NETSCAPE_SPKI; -+ i2d_Netscape_RSA; -+ i2d_PKCS7; -+ i2d_PKCS7_DIGEST; -+ i2d_PKCS7_ENCRYPT; -+ i2d_PKCS7_ENC_CONTENT; -+ i2d_PKCS7_ENVELOPE; -+ i2d_PKCS7_ISSUER_AND_SERIAL; -+ i2d_PKCS7_RECIP_INFO; -+ i2d_PKCS7_SIGNED; -+ i2d_PKCS7_SIGNER_INFO; -+ i2d_PKCS7_SIGN_ENVELOPE; -+ i2d_PKCS7_bio; -+ i2d_PKCS7_fp; -+ i2d_PrivateKey; -+ i2d_PublicKey; -+ i2d_RSAPrivateKey; -+ i2d_RSAPrivateKey_bio; -+ i2d_RSAPrivateKey_fp; -+ i2d_RSAPublicKey; -+ i2d_X509; -+ i2d_X509_ALGOR; -+ i2d_X509_ATTRIBUTE; -+ i2d_X509_CINF; -+ i2d_X509_CRL; -+ i2d_X509_CRL_INFO; -+ i2d_X509_CRL_bio; -+ i2d_X509_CRL_fp; -+ i2d_X509_EXTENSION; -+ i2d_X509_NAME; -+ i2d_X509_NAME_ENTRY; -+ i2d_X509_PKEY; -+ i2d_X509_PUBKEY; -+ i2d_X509_REQ; -+ i2d_X509_REQ_INFO; -+ i2d_X509_REQ_bio; -+ i2d_X509_REQ_fp; -+ i2d_X509_REVOKED; -+ i2d_X509_SIG; -+ i2d_X509_VAL; -+ i2d_X509_bio; -+ i2d_X509_fp; -+ idea_cbc_encrypt; -+ idea_cfb64_encrypt; -+ idea_ecb_encrypt; -+ idea_encrypt; -+ idea_ofb64_encrypt; -+ idea_options; -+ idea_set_decrypt_key; -+ idea_set_encrypt_key; -+ lh_delete; -+ lh_doall; -+ lh_doall_arg; -+ lh_free; -+ lh_insert; -+ lh_new; -+ lh_node_stats; -+ lh_node_stats_bio; -+ lh_node_usage_stats; -+ lh_node_usage_stats_bio; -+ lh_retrieve; -+ lh_stats; -+ lh_stats_bio; -+ lh_strhash; -+ sk_delete; -+ sk_delete_ptr; -+ sk_dup; -+ sk_find; -+ sk_free; -+ sk_insert; -+ sk_new; -+ sk_pop; -+ sk_pop_free; -+ sk_push; -+ sk_set_cmp_func; -+ sk_shift; -+ sk_unshift; -+ sk_zero; -+ BIO_f_nbio_test; -+ ASN1_TYPE_get; -+ ASN1_TYPE_set; -+ PKCS7_content_free; -+ ERR_load_PKCS7_strings; -+ X509_find_by_issuer_and_serial; -+ X509_find_by_subject; -+ PKCS7_ctrl; -+ PKCS7_set_type; -+ PKCS7_set_content; -+ PKCS7_SIGNER_INFO_set; -+ PKCS7_add_signer; -+ PKCS7_add_certificate; -+ PKCS7_add_crl; -+ PKCS7_content_new; -+ PKCS7_dataSign; -+ PKCS7_dataVerify; -+ PKCS7_dataInit; -+ PKCS7_add_signature; -+ PKCS7_cert_from_signer_info; -+ PKCS7_get_signer_info; -+ EVP_delete_alias; -+ EVP_mdc2; -+ PEM_read_bio_RSAPublicKey; -+ PEM_write_bio_RSAPublicKey; -+ d2i_RSAPublicKey_bio; -+ i2d_RSAPublicKey_bio; -+ PEM_read_RSAPublicKey; -+ PEM_write_RSAPublicKey; -+ d2i_RSAPublicKey_fp; -+ i2d_RSAPublicKey_fp; -+ BIO_copy_next_retry; -+ RSA_flags; -+ X509_STORE_add_crl; -+ X509_load_crl_file; -+ EVP_rc2_40_cbc; -+ EVP_rc4_40; -+ EVP_CIPHER_CTX_init; -+ HMAC; -+ HMAC_Init; -+ HMAC_Update; -+ HMAC_Final; -+ ERR_get_next_error_library; -+ EVP_PKEY_cmp_parameters; -+ HMAC_cleanup; -+ BIO_ptr_ctrl; -+ BIO_new_file_internal; -+ BIO_new_fp_internal; -+ BIO_s_file_internal; -+ BN_BLINDING_convert; -+ BN_BLINDING_invert; -+ BN_BLINDING_update; -+ RSA_blinding_on; -+ RSA_blinding_off; -+ i2t_ASN1_OBJECT; -+ BN_BLINDING_new; -+ BN_BLINDING_free; -+ EVP_cast5_cbc; -+ EVP_cast5_cfb64; -+ EVP_cast5_ecb; -+ EVP_cast5_ofb; -+ BF_decrypt; -+ CAST_set_key; -+ CAST_encrypt; -+ CAST_decrypt; -+ CAST_ecb_encrypt; -+ CAST_cbc_encrypt; -+ CAST_cfb64_encrypt; -+ CAST_ofb64_encrypt; -+ RC2_decrypt; -+ OBJ_create_objects; -+ BN_exp; -+ BN_mul_word; -+ BN_sub_word; -+ BN_dec2bn; -+ BN_bn2dec; -+ BIO_ghbn_ctrl; -+ CRYPTO_free_ex_data; -+ CRYPTO_get_ex_data; -+ CRYPTO_set_ex_data; -+ ERR_load_CRYPTO_strings; -+ ERR_load_CRYPTOlib_strings; -+ EVP_PKEY_bits; -+ MD5_Transform; -+ SHA1_Transform; -+ SHA_Transform; -+ X509_STORE_CTX_get_chain; -+ X509_STORE_CTX_get_current_cert; -+ X509_STORE_CTX_get_error; -+ X509_STORE_CTX_get_error_depth; -+ X509_STORE_CTX_get_ex_data; -+ X509_STORE_CTX_set_cert; -+ X509_STORE_CTX_set_chain; -+ X509_STORE_CTX_set_error; -+ X509_STORE_CTX_set_ex_data; -+ CRYPTO_dup_ex_data; -+ CRYPTO_get_new_lockid; -+ CRYPTO_new_ex_data; -+ RSA_set_ex_data; -+ RSA_get_ex_data; -+ RSA_get_ex_new_index; -+ RSA_padding_add_PKCS1_type_1; -+ RSA_padding_add_PKCS1_type_2; -+ RSA_padding_add_SSLv23; -+ RSA_padding_add_none; -+ RSA_padding_check_PKCS1_type_1; -+ RSA_padding_check_PKCS1_type_2; -+ RSA_padding_check_SSLv23; -+ RSA_padding_check_none; -+ bn_add_words; -+ d2i_Netscape_RSA_2; -+ CRYPTO_get_ex_new_index; -+ RIPEMD160_Init; -+ RIPEMD160_Update; -+ RIPEMD160_Final; -+ RIPEMD160; -+ RIPEMD160_Transform; -+ RC5_32_set_key; -+ RC5_32_ecb_encrypt; -+ RC5_32_encrypt; -+ RC5_32_decrypt; -+ RC5_32_cbc_encrypt; -+ RC5_32_cfb64_encrypt; -+ RC5_32_ofb64_encrypt; -+ BN_bn2mpi; -+ BN_mpi2bn; -+ ASN1_BIT_STRING_get_bit; -+ ASN1_BIT_STRING_set_bit; -+ BIO_get_ex_data; -+ BIO_get_ex_new_index; -+ BIO_set_ex_data; -+ X509v3_get_key_usage; -+ X509v3_set_key_usage; -+ a2i_X509v3_key_usage; -+ i2a_X509v3_key_usage; -+ EVP_PKEY_decrypt; -+ EVP_PKEY_encrypt; -+ PKCS7_RECIP_INFO_set; -+ PKCS7_add_recipient; -+ PKCS7_add_recipient_info; -+ PKCS7_set_cipher; -+ ASN1_TYPE_get_int_octetstring; -+ ASN1_TYPE_get_octetstring; -+ ASN1_TYPE_set_int_octetstring; -+ ASN1_TYPE_set_octetstring; -+ ASN1_UTCTIME_set_string; -+ ERR_add_error_data; -+ ERR_set_error_data; -+ EVP_CIPHER_asn1_to_param; -+ EVP_CIPHER_param_to_asn1; -+ EVP_CIPHER_get_asn1_iv; -+ EVP_CIPHER_set_asn1_iv; -+ EVP_rc5_32_12_16_cbc; -+ EVP_rc5_32_12_16_cfb64; -+ EVP_rc5_32_12_16_ecb; -+ EVP_rc5_32_12_16_ofb; -+ asn1_add_error; -+ d2i_ASN1_BMPSTRING; -+ i2d_ASN1_BMPSTRING; -+ BIO_f_ber; -+ BN_init; -+ COMP_CTX_new; -+ COMP_CTX_free; -+ COMP_CTX_compress_block; -+ COMP_CTX_expand_block; -+ X509_STORE_CTX_get_ex_new_index; -+ OBJ_NAME_add; -+ BIO_socket_nbio; -+ EVP_rc2_64_cbc; -+ OBJ_NAME_cleanup; -+ OBJ_NAME_get; -+ OBJ_NAME_init; -+ OBJ_NAME_new_index; -+ OBJ_NAME_remove; -+ BN_MONT_CTX_copy; -+ BIO_new_socks4a_connect; -+ BIO_s_socks4a_connect; -+ PROXY_set_connect_mode; -+ RAND_SSLeay; -+ RAND_set_rand_method; -+ RSA_memory_lock; -+ bn_sub_words; -+ bn_mul_normal; -+ bn_mul_comba8; -+ bn_mul_comba4; -+ bn_sqr_normal; -+ bn_sqr_comba8; -+ bn_sqr_comba4; -+ bn_cmp_words; -+ bn_mul_recursive; -+ bn_mul_part_recursive; -+ bn_sqr_recursive; -+ bn_mul_low_normal; -+ BN_RECP_CTX_init; -+ BN_RECP_CTX_new; -+ BN_RECP_CTX_free; -+ BN_RECP_CTX_set; -+ BN_mod_mul_reciprocal; -+ BN_mod_exp_recp; -+ BN_div_recp; -+ BN_CTX_init; -+ BN_MONT_CTX_init; -+ RAND_get_rand_method; -+ PKCS7_add_attribute; -+ PKCS7_add_signed_attribute; -+ PKCS7_digest_from_attributes; -+ PKCS7_get_attribute; -+ PKCS7_get_issuer_and_serial; -+ PKCS7_get_signed_attribute; -+ COMP_compress_block; -+ COMP_expand_block; -+ COMP_rle; -+ COMP_zlib; -+ ms_time_diff; -+ ms_time_new; -+ ms_time_free; -+ ms_time_cmp; -+ ms_time_get; -+ PKCS7_set_attributes; -+ PKCS7_set_signed_attributes; -+ X509_ATTRIBUTE_create; -+ X509_ATTRIBUTE_dup; -+ ASN1_GENERALIZEDTIME_check; -+ ASN1_GENERALIZEDTIME_print; -+ ASN1_GENERALIZEDTIME_set; -+ ASN1_GENERALIZEDTIME_set_string; -+ ASN1_TIME_print; -+ BASIC_CONSTRAINTS_free; -+ BASIC_CONSTRAINTS_new; -+ ERR_load_X509V3_strings; -+ NETSCAPE_CERT_SEQUENCE_free; -+ NETSCAPE_CERT_SEQUENCE_new; -+ OBJ_txt2obj; -+ PEM_read_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_NS_CERT_SEQ; -+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_read_bio_NS_CERT_SEQ; -+ PEM_write_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_NS_CERT_SEQ; -+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE; -+ PEM_write_bio_NS_CERT_SEQ; -+ X509V3_EXT_add; -+ X509V3_EXT_add_alias; -+ X509V3_EXT_add_conf; -+ X509V3_EXT_cleanup; -+ X509V3_EXT_conf; -+ X509V3_EXT_conf_nid; -+ X509V3_EXT_get; -+ X509V3_EXT_get_nid; -+ X509V3_EXT_print; -+ X509V3_EXT_print_fp; -+ X509V3_add_standard_extensions; -+ X509V3_add_value; -+ X509V3_add_value_bool; -+ X509V3_add_value_int; -+ X509V3_conf_free; -+ X509V3_get_value_bool; -+ X509V3_get_value_int; -+ X509V3_parse_list; -+ d2i_ASN1_GENERALIZEDTIME; -+ d2i_ASN1_TIME; -+ d2i_BASIC_CONSTRAINTS; -+ d2i_NETSCAPE_CERT_SEQUENCE; -+ d2i_ext_ku; -+ ext_ku_free; -+ ext_ku_new; -+ i2d_ASN1_GENERALIZEDTIME; -+ i2d_ASN1_TIME; -+ i2d_BASIC_CONSTRAINTS; -+ i2d_NETSCAPE_CERT_SEQUENCE; -+ i2d_ext_ku; -+ EVP_MD_CTX_copy; -+ i2d_ASN1_ENUMERATED; -+ d2i_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_set; -+ ASN1_ENUMERATED_get; -+ BN_to_ASN1_ENUMERATED; -+ ASN1_ENUMERATED_to_BN; -+ i2a_ASN1_ENUMERATED; -+ a2i_ASN1_ENUMERATED; -+ i2d_GENERAL_NAME; -+ d2i_GENERAL_NAME; -+ GENERAL_NAME_new; -+ GENERAL_NAME_free; -+ GENERAL_NAMES_new; -+ GENERAL_NAMES_free; -+ d2i_GENERAL_NAMES; -+ i2d_GENERAL_NAMES; -+ i2v_GENERAL_NAMES; -+ i2s_ASN1_OCTET_STRING; -+ s2i_ASN1_OCTET_STRING; -+ X509V3_EXT_check_conf; -+ hex_to_string; -+ string_to_hex; -+ DES_ede3_cbcm_encrypt; -+ RSA_padding_add_PKCS1_OAEP; -+ RSA_padding_check_PKCS1_OAEP; -+ X509_CRL_print_fp; -+ X509_CRL_print; -+ i2v_GENERAL_NAME; -+ v2i_GENERAL_NAME; -+ i2d_PKEY_USAGE_PERIOD; -+ d2i_PKEY_USAGE_PERIOD; -+ PKEY_USAGE_PERIOD_new; -+ PKEY_USAGE_PERIOD_free; -+ v2i_GENERAL_NAMES; -+ i2s_ASN1_INTEGER; -+ X509V3_EXT_d2i; -+ name_cmp; -+ str_dup; -+ i2s_ASN1_ENUMERATED; -+ i2s_ASN1_ENUMERATED_TABLE; -+ BIO_s_log; -+ BIO_f_reliable; -+ PKCS7_dataFinal; -+ PKCS7_dataDecode; -+ X509V3_EXT_CRL_add_conf; -+ BN_set_params; -+ BN_get_params; -+ BIO_get_ex_num; -+ BIO_set_ex_free_func; -+ EVP_ripemd160; -+ ASN1_TIME_set; -+ i2d_AUTHORITY_KEYID; -+ d2i_AUTHORITY_KEYID; -+ AUTHORITY_KEYID_new; -+ AUTHORITY_KEYID_free; -+ ASN1_seq_unpack; -+ ASN1_seq_pack; -+ ASN1_unpack_string; -+ ASN1_pack_string; -+ PKCS12_pack_safebag; -+ PKCS12_MAKE_KEYBAG; -+ PKCS8_encrypt; -+ PKCS12_MAKE_SHKEYBAG; -+ PKCS12_pack_p7data; -+ PKCS12_pack_p7encdata; -+ PKCS12_add_localkeyid; -+ PKCS12_add_friendlyname_asc; -+ PKCS12_add_friendlyname_uni; -+ PKCS12_get_friendlyname; -+ PKCS12_pbe_crypt; -+ PKCS12_decrypt_d2i; -+ PKCS12_i2d_encrypt; -+ PKCS12_init; -+ PKCS12_key_gen_asc; -+ PKCS12_key_gen_uni; -+ PKCS12_gen_mac; -+ PKCS12_verify_mac; -+ PKCS12_set_mac; -+ PKCS12_setup_mac; -+ OPENSSL_asc2uni; -+ OPENSSL_uni2asc; -+ i2d_PKCS12_BAGS; -+ PKCS12_BAGS_new; -+ d2i_PKCS12_BAGS; -+ PKCS12_BAGS_free; -+ i2d_PKCS12; -+ d2i_PKCS12; -+ PKCS12_new; -+ PKCS12_free; -+ i2d_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_new; -+ d2i_PKCS12_MAC_DATA; -+ PKCS12_MAC_DATA_free; -+ i2d_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_new; -+ d2i_PKCS12_SAFEBAG; -+ PKCS12_SAFEBAG_free; -+ ERR_load_PKCS12_strings; -+ PKCS12_PBE_add; -+ PKCS8_add_keyusage; -+ PKCS12_get_attr_gen; -+ PKCS12_parse; -+ PKCS12_create; -+ i2d_PKCS12_bio; -+ i2d_PKCS12_fp; -+ d2i_PKCS12_bio; -+ d2i_PKCS12_fp; -+ i2d_PBEPARAM; -+ PBEPARAM_new; -+ d2i_PBEPARAM; -+ PBEPARAM_free; -+ i2d_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_new; -+ d2i_PKCS8_PRIV_KEY_INFO; -+ PKCS8_PRIV_KEY_INFO_free; -+ EVP_PKCS82PKEY; -+ EVP_PKEY2PKCS8; -+ PKCS8_set_broken; -+ EVP_PBE_ALGOR_CipherInit; -+ EVP_PBE_alg_add; -+ PKCS5_pbe_set; -+ EVP_PBE_cleanup; -+ i2d_SXNET; -+ d2i_SXNET; -+ SXNET_new; -+ SXNET_free; -+ i2d_SXNETID; -+ d2i_SXNETID; -+ SXNETID_new; -+ SXNETID_free; -+ DSA_SIG_new; -+ DSA_SIG_free; -+ DSA_do_sign; -+ DSA_do_verify; -+ d2i_DSA_SIG; -+ i2d_DSA_SIG; -+ i2d_ASN1_VISIBLESTRING; -+ d2i_ASN1_VISIBLESTRING; -+ i2d_ASN1_UTF8STRING; -+ d2i_ASN1_UTF8STRING; -+ i2d_DIRECTORYSTRING; -+ d2i_DIRECTORYSTRING; -+ i2d_DISPLAYTEXT; -+ d2i_DISPLAYTEXT; -+ d2i_ASN1_SET_OF_X509; -+ i2d_ASN1_SET_OF_X509; -+ i2d_PBKDF2PARAM; -+ PBKDF2PARAM_new; -+ d2i_PBKDF2PARAM; -+ PBKDF2PARAM_free; -+ i2d_PBE2PARAM; -+ PBE2PARAM_new; -+ d2i_PBE2PARAM; -+ PBE2PARAM_free; -+ d2i_ASN1_SET_OF_GENERAL_NAME; -+ i2d_ASN1_SET_OF_GENERAL_NAME; -+ d2i_ASN1_SET_OF_SXNETID; -+ i2d_ASN1_SET_OF_SXNETID; -+ d2i_ASN1_SET_OF_POLICYQUALINFO; -+ i2d_ASN1_SET_OF_POLICYQUALINFO; -+ d2i_ASN1_SET_OF_POLICYINFO; -+ i2d_ASN1_SET_OF_POLICYINFO; -+ SXNET_add_id_asc; -+ SXNET_add_id_ulong; -+ SXNET_add_id_INTEGER; -+ SXNET_get_id_asc; -+ SXNET_get_id_ulong; -+ SXNET_get_id_INTEGER; -+ X509V3_set_conf_lhash; -+ i2d_CERTIFICATEPOLICIES; -+ CERTIFICATEPOLICIES_new; -+ CERTIFICATEPOLICIES_free; -+ d2i_CERTIFICATEPOLICIES; -+ i2d_POLICYINFO; -+ POLICYINFO_new; -+ d2i_POLICYINFO; -+ POLICYINFO_free; -+ i2d_POLICYQUALINFO; -+ POLICYQUALINFO_new; -+ d2i_POLICYQUALINFO; -+ POLICYQUALINFO_free; -+ i2d_USERNOTICE; -+ USERNOTICE_new; -+ d2i_USERNOTICE; -+ USERNOTICE_free; -+ i2d_NOTICEREF; -+ NOTICEREF_new; -+ d2i_NOTICEREF; -+ NOTICEREF_free; -+ X509V3_get_string; -+ X509V3_get_section; -+ X509V3_string_free; -+ X509V3_section_free; -+ X509V3_set_ctx; -+ s2i_ASN1_INTEGER; -+ CRYPTO_set_locked_mem_functions; -+ CRYPTO_get_locked_mem_functions; -+ CRYPTO_malloc_locked; -+ CRYPTO_free_locked; -+ BN_mod_exp2_mont; -+ ERR_get_error_line_data; -+ ERR_peek_error_line_data; -+ PKCS12_PBE_keyivgen; -+ X509_ALGOR_dup; -+ d2i_ASN1_SET_OF_DIST_POINT; -+ i2d_ASN1_SET_OF_DIST_POINT; -+ i2d_CRL_DIST_POINTS; -+ CRL_DIST_POINTS_new; -+ CRL_DIST_POINTS_free; -+ d2i_CRL_DIST_POINTS; -+ i2d_DIST_POINT; -+ DIST_POINT_new; -+ d2i_DIST_POINT; -+ DIST_POINT_free; -+ i2d_DIST_POINT_NAME; -+ DIST_POINT_NAME_new; -+ DIST_POINT_NAME_free; -+ d2i_DIST_POINT_NAME; -+ X509V3_add_value_uchar; -+ d2i_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_ASN1_TYPE; -+ d2i_ASN1_SET_OF_X509_EXTENSION; -+ d2i_ASN1_SET_OF_X509_NAME_ENTRY; -+ d2i_ASN1_SET_OF_ASN1_TYPE; -+ i2d_ASN1_SET_OF_X509_ATTRIBUTE; -+ i2d_ASN1_SET_OF_X509_EXTENSION; -+ i2d_ASN1_SET_OF_X509_NAME_ENTRY; -+ X509V3_EXT_i2d; -+ X509V3_EXT_val_prn; -+ X509V3_EXT_add_list; -+ EVP_CIPHER_type; -+ EVP_PBE_CipherInit; -+ X509V3_add_value_bool_nf; -+ d2i_ASN1_UINTEGER; -+ sk_value; -+ sk_num; -+ sk_set; -+ i2d_ASN1_SET_OF_X509_REVOKED; -+ sk_sort; -+ d2i_ASN1_SET_OF_X509_REVOKED; -+ i2d_ASN1_SET_OF_X509_ALGOR; -+ i2d_ASN1_SET_OF_X509_CRL; -+ d2i_ASN1_SET_OF_X509_ALGOR; -+ d2i_ASN1_SET_OF_X509_CRL; -+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; -+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; -+ PKCS5_PBE_add; -+ PEM_write_bio_PKCS8; -+ i2d_PKCS8_fp; -+ PEM_read_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_read_bio_P8_PRIV_KEY_INFO; -+ d2i_PKCS8_bio; -+ d2i_PKCS8_PRIV_KEY_INFO_fp; -+ PEM_write_bio_PKCS8_PRIV_KEY_INFO; -+ PEM_write_bio_P8_PRIV_KEY_INFO; -+ PEM_read_PKCS8; -+ d2i_PKCS8_PRIV_KEY_INFO_bio; -+ d2i_PKCS8_fp; -+ PEM_write_PKCS8; -+ PEM_read_PKCS8_PRIV_KEY_INFO; -+ PEM_read_P8_PRIV_KEY_INFO; -+ PEM_read_bio_PKCS8; -+ PEM_write_PKCS8_PRIV_KEY_INFO; -+ PEM_write_P8_PRIV_KEY_INFO; -+ PKCS5_PBE_keyivgen; -+ i2d_PKCS8_bio; -+ i2d_PKCS8_PRIV_KEY_INFO_fp; -+ i2d_PKCS8_PRIV_KEY_INFO_bio; -+ BIO_s_bio; -+ PKCS5_pbe2_set; -+ PKCS5_PBKDF2_HMAC_SHA1; -+ PKCS5_v2_PBE_keyivgen; -+ PEM_write_bio_PKCS8PrivateKey; -+ PEM_write_PKCS8PrivateKey; -+ BIO_ctrl_get_read_request; -+ BIO_ctrl_pending; -+ BIO_ctrl_wpending; -+ BIO_new_bio_pair; -+ BIO_ctrl_get_write_guarantee; -+ CRYPTO_num_locks; -+ CONF_load_bio; -+ CONF_load_fp; -+ i2d_ASN1_SET_OF_ASN1_OBJECT; -+ d2i_ASN1_SET_OF_ASN1_OBJECT; -+ PKCS7_signatureVerify; -+ RSA_set_method; -+ RSA_get_method; -+ RSA_get_default_method; -+ RSA_check_key; -+ OBJ_obj2txt; -+ DSA_dup_DH; -+ X509_REQ_get_extensions; -+ X509_REQ_set_extension_nids; -+ BIO_nwrite; -+ X509_REQ_extension_nid; -+ BIO_nread; -+ X509_REQ_get_extension_nids; -+ BIO_nwrite0; -+ X509_REQ_add_extensions_nid; -+ BIO_nread0; -+ X509_REQ_add_extensions; -+ BIO_new_mem_buf; -+ DH_set_ex_data; -+ DH_set_method; -+ DSA_OpenSSL; -+ DH_get_ex_data; -+ DH_get_ex_new_index; -+ DSA_new_method; -+ DH_new_method; -+ DH_OpenSSL; -+ DSA_get_ex_new_index; -+ DH_get_default_method; -+ DSA_set_ex_data; -+ DH_set_default_method; -+ DSA_get_ex_data; -+ X509V3_EXT_REQ_add_conf; -+ NETSCAPE_SPKI_print; -+ NETSCAPE_SPKI_set_pubkey; -+ NETSCAPE_SPKI_b64_encode; -+ NETSCAPE_SPKI_get_pubkey; -+ NETSCAPE_SPKI_b64_decode; -+ UTF8_putc; -+ UTF8_getc; -+ RSA_null_method; -+ ASN1_tag2str; -+ BIO_ctrl_reset_read_request; -+ DISPLAYTEXT_new; -+ ASN1_GENERALIZEDTIME_free; -+ X509_REVOKED_get_ext_d2i; -+ X509_set_ex_data; -+ X509_reject_set_bit_asc; -+ X509_NAME_add_entry_by_txt; -+ X509_NAME_add_entry_by_NID; -+ X509_PURPOSE_get0; -+ PEM_read_X509_AUX; -+ d2i_AUTHORITY_INFO_ACCESS; -+ PEM_write_PUBKEY; -+ ACCESS_DESCRIPTION_new; -+ X509_CERT_AUX_free; -+ d2i_ACCESS_DESCRIPTION; -+ X509_trust_clear; -+ X509_TRUST_add; -+ ASN1_VISIBLESTRING_new; -+ X509_alias_set1; -+ ASN1_PRINTABLESTRING_free; -+ EVP_PKEY_get1_DSA; -+ ASN1_BMPSTRING_new; -+ ASN1_mbstring_copy; -+ ASN1_UTF8STRING_new; -+ DSA_get_default_method; -+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_T61STRING_free; -+ DSA_set_method; -+ X509_get_ex_data; -+ ASN1_STRING_type; -+ X509_PURPOSE_get_by_sname; -+ ASN1_TIME_free; -+ ASN1_OCTET_STRING_cmp; -+ ASN1_BIT_STRING_new; -+ X509_get_ext_d2i; -+ PEM_read_bio_X509_AUX; -+ ASN1_STRING_set_default_mask_asc; -+ ASN1_STRING_set_def_mask_asc; -+ PEM_write_bio_RSA_PUBKEY; -+ ASN1_INTEGER_cmp; -+ d2i_RSA_PUBKEY_fp; -+ X509_trust_set_bit_asc; -+ PEM_write_bio_DSA_PUBKEY; -+ X509_STORE_CTX_free; -+ EVP_PKEY_set1_DSA; -+ i2d_DSA_PUBKEY_fp; -+ X509_load_cert_crl_file; -+ ASN1_TIME_new; -+ i2d_RSA_PUBKEY; -+ X509_STORE_CTX_purpose_inherit; -+ PEM_read_RSA_PUBKEY; -+ d2i_X509_AUX; -+ i2d_DSA_PUBKEY; -+ X509_CERT_AUX_print; -+ PEM_read_DSA_PUBKEY; -+ i2d_RSA_PUBKEY_bio; -+ ASN1_BIT_STRING_num_asc; -+ i2d_PUBKEY; -+ ASN1_UTCTIME_free; -+ DSA_set_default_method; -+ X509_PURPOSE_get_by_id; -+ ACCESS_DESCRIPTION_free; -+ PEM_read_bio_PUBKEY; -+ ASN1_STRING_set_by_NID; -+ X509_PURPOSE_get_id; -+ DISPLAYTEXT_free; -+ OTHERNAME_new; -+ X509_CERT_AUX_new; -+ X509_TRUST_cleanup; -+ X509_NAME_add_entry_by_OBJ; -+ X509_CRL_get_ext_d2i; -+ X509_PURPOSE_get0_name; -+ PEM_read_PUBKEY; -+ i2d_DSA_PUBKEY_bio; -+ i2d_OTHERNAME; -+ ASN1_OCTET_STRING_free; -+ ASN1_BIT_STRING_set_asc; -+ X509_get_ex_new_index; -+ ASN1_STRING_TABLE_cleanup; -+ X509_TRUST_get_by_id; -+ X509_PURPOSE_get_trust; -+ ASN1_STRING_length; -+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; -+ ASN1_PRINTABLESTRING_new; -+ X509V3_get_d2i; -+ ASN1_ENUMERATED_free; -+ i2d_X509_CERT_AUX; -+ X509_STORE_CTX_set_trust; -+ ASN1_STRING_set_default_mask; -+ X509_STORE_CTX_new; -+ EVP_PKEY_get1_RSA; -+ DIRECTORYSTRING_free; -+ PEM_write_X509_AUX; -+ ASN1_OCTET_STRING_set; -+ d2i_DSA_PUBKEY_fp; -+ d2i_RSA_PUBKEY; -+ X509_TRUST_get0_name; -+ X509_TRUST_get0; -+ AUTHORITY_INFO_ACCESS_free; -+ ASN1_IA5STRING_new; -+ d2i_DSA_PUBKEY; -+ X509_check_purpose; -+ ASN1_ENUMERATED_new; -+ d2i_RSA_PUBKEY_bio; -+ d2i_PUBKEY; -+ X509_TRUST_get_trust; -+ X509_TRUST_get_flags; -+ ASN1_BMPSTRING_free; -+ ASN1_T61STRING_new; -+ ASN1_UTCTIME_new; -+ i2d_AUTHORITY_INFO_ACCESS; -+ EVP_PKEY_set1_RSA; -+ X509_STORE_CTX_set_purpose; -+ ASN1_IA5STRING_free; -+ PEM_write_bio_X509_AUX; -+ X509_PURPOSE_get_count; -+ CRYPTO_add_info; -+ X509_NAME_ENTRY_create_by_txt; -+ ASN1_STRING_get_default_mask; -+ X509_alias_get0; -+ ASN1_STRING_data; -+ i2d_ACCESS_DESCRIPTION; -+ X509_trust_set_bit; -+ ASN1_BIT_STRING_free; -+ PEM_read_bio_RSA_PUBKEY; -+ X509_add1_reject_object; -+ X509_check_trust; -+ PEM_read_bio_DSA_PUBKEY; -+ X509_PURPOSE_add; -+ ASN1_STRING_TABLE_get; -+ ASN1_UTF8STRING_free; -+ d2i_DSA_PUBKEY_bio; -+ PEM_write_RSA_PUBKEY; -+ d2i_OTHERNAME; -+ X509_reject_set_bit; -+ PEM_write_DSA_PUBKEY; -+ X509_PURPOSE_get0_sname; -+ EVP_PKEY_set1_DH; -+ ASN1_OCTET_STRING_dup; -+ ASN1_BIT_STRING_set; -+ X509_TRUST_get_count; -+ ASN1_INTEGER_free; -+ OTHERNAME_free; -+ i2d_RSA_PUBKEY_fp; -+ ASN1_INTEGER_dup; -+ d2i_X509_CERT_AUX; -+ PEM_write_bio_PUBKEY; -+ ASN1_VISIBLESTRING_free; -+ X509_PURPOSE_cleanup; -+ ASN1_mbstring_ncopy; -+ ASN1_GENERALIZEDTIME_new; -+ EVP_PKEY_get1_DH; -+ ASN1_OCTET_STRING_new; -+ ASN1_INTEGER_new; -+ i2d_X509_AUX; -+ ASN1_BIT_STRING_name_print; -+ X509_cmp; -+ ASN1_STRING_length_set; -+ DIRECTORYSTRING_new; -+ X509_add1_trust_object; -+ PKCS12_newpass; -+ SMIME_write_PKCS7; -+ SMIME_read_PKCS7; -+ DES_set_key_checked; -+ PKCS7_verify; -+ PKCS7_encrypt; -+ DES_set_key_unchecked; -+ SMIME_crlf_copy; -+ i2d_ASN1_PRINTABLESTRING; -+ PKCS7_get0_signers; -+ PKCS7_decrypt; -+ SMIME_text; -+ PKCS7_simple_smimecap; -+ PKCS7_get_smimecap; -+ PKCS7_sign; -+ PKCS7_add_attrib_smimecap; -+ CRYPTO_dbg_set_options; -+ CRYPTO_remove_all_info; -+ CRYPTO_get_mem_debug_functions; -+ CRYPTO_is_mem_check_on; -+ CRYPTO_set_mem_debug_functions; -+ CRYPTO_pop_info; -+ CRYPTO_push_info_; -+ CRYPTO_set_mem_debug_options; -+ PEM_write_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivateKey_nid; -+ PEM_write_bio_PKCS8PrivKey_nid; -+ d2i_PKCS8PrivateKey_bio; -+ ASN1_NULL_free; -+ d2i_ASN1_NULL; -+ ASN1_NULL_new; -+ i2d_PKCS8PrivateKey_bio; -+ i2d_PKCS8PrivateKey_fp; -+ i2d_ASN1_NULL; -+ i2d_PKCS8PrivateKey_nid_fp; -+ d2i_PKCS8PrivateKey_fp; -+ i2d_PKCS8PrivateKey_nid_bio; -+ i2d_PKCS8PrivateKeyInfo_fp; -+ i2d_PKCS8PrivateKeyInfo_bio; -+ PEM_cb; -+ i2d_PrivateKey_fp; -+ d2i_PrivateKey_bio; -+ d2i_PrivateKey_fp; -+ i2d_PrivateKey_bio; -+ X509_reject_clear; -+ X509_TRUST_set_default; -+ d2i_AutoPrivateKey; -+ X509_ATTRIBUTE_get0_type; -+ X509_ATTRIBUTE_set1_data; -+ X509at_get_attr; -+ X509at_get_attr_count; -+ X509_ATTRIBUTE_create_by_NID; -+ X509_ATTRIBUTE_set1_object; -+ X509_ATTRIBUTE_count; -+ X509_ATTRIBUTE_create_by_OBJ; -+ X509_ATTRIBUTE_get0_object; -+ X509at_get_attr_by_NID; -+ X509at_add1_attr; -+ X509_ATTRIBUTE_get0_data; -+ X509at_delete_attr; -+ X509at_get_attr_by_OBJ; -+ RAND_add; -+ BIO_number_written; -+ BIO_number_read; -+ X509_STORE_CTX_get1_chain; -+ ERR_load_RAND_strings; -+ RAND_pseudo_bytes; -+ X509_REQ_get_attr_by_NID; -+ X509_REQ_get_attr; -+ X509_REQ_add1_attr_by_NID; -+ X509_REQ_get_attr_by_OBJ; -+ X509at_add1_attr_by_NID; -+ X509_REQ_add1_attr_by_OBJ; -+ X509_REQ_get_attr_count; -+ X509_REQ_add1_attr; -+ X509_REQ_delete_attr; -+ X509at_add1_attr_by_OBJ; -+ X509_REQ_add1_attr_by_txt; -+ X509_ATTRIBUTE_create_by_txt; -+ X509at_add1_attr_by_txt; -+ BN_pseudo_rand; -+ BN_is_prime_fasttest; -+ BN_CTX_end; -+ BN_CTX_start; -+ BN_CTX_get; -+ EVP_PKEY2PKCS8_broken; -+ ASN1_STRING_TABLE_add; -+ CRYPTO_dbg_get_options; -+ AUTHORITY_INFO_ACCESS_new; -+ CRYPTO_get_mem_debug_options; -+ DES_crypt; -+ PEM_write_bio_X509_REQ_NEW; -+ PEM_write_X509_REQ_NEW; -+ BIO_callback_ctrl; -+ RAND_egd; -+ RAND_status; -+ bn_dump1; -+ DES_check_key_parity; -+ lh_num_items; -+ RAND_event; -+ DSO_new; -+ DSO_new_method; -+ DSO_free; -+ DSO_flags; -+ DSO_up; -+ DSO_set_default_method; -+ DSO_get_default_method; -+ DSO_get_method; -+ DSO_set_method; -+ DSO_load; -+ DSO_bind_var; -+ DSO_METHOD_null; -+ DSO_METHOD_openssl; -+ DSO_METHOD_dlfcn; -+ DSO_METHOD_win32; -+ ERR_load_DSO_strings; -+ DSO_METHOD_dl; -+ NCONF_load; -+ NCONF_load_fp; -+ NCONF_new; -+ NCONF_get_string; -+ NCONF_free; -+ NCONF_get_number; -+ CONF_dump_fp; -+ NCONF_load_bio; -+ NCONF_dump_fp; -+ NCONF_get_section; -+ NCONF_dump_bio; -+ CONF_dump_bio; -+ NCONF_free_data; -+ CONF_set_default_method; -+ ERR_error_string_n; -+ BIO_snprintf; -+ DSO_ctrl; -+ i2d_ASN1_SET_OF_ASN1_INTEGER; -+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG; -+ i2d_ASN1_SET_OF_PKCS7; -+ BIO_vfree; -+ d2i_ASN1_SET_OF_ASN1_INTEGER; -+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG; -+ ASN1_UTCTIME_get; -+ X509_REQ_digest; -+ X509_CRL_digest; -+ d2i_ASN1_SET_OF_PKCS7; -+ EVP_CIPHER_CTX_set_key_length; -+ EVP_CIPHER_CTX_ctrl; -+ BN_mod_exp_mont_word; -+ RAND_egd_bytes; -+ X509_REQ_get1_email; -+ X509_get1_email; -+ X509_email_free; -+ i2d_RSA_NET; -+ d2i_RSA_NET_2; -+ d2i_RSA_NET; -+ DSO_bind_func; -+ CRYPTO_get_new_dynlockid; -+ sk_new_null; -+ CRYPTO_set_dynlock_destroy_callback; -+ CRYPTO_set_dynlock_destroy_cb; -+ CRYPTO_destroy_dynlockid; -+ CRYPTO_set_dynlock_size; -+ CRYPTO_set_dynlock_create_callback; -+ CRYPTO_set_dynlock_create_cb; -+ CRYPTO_set_dynlock_lock_callback; -+ CRYPTO_set_dynlock_lock_cb; -+ CRYPTO_get_dynlock_lock_callback; -+ CRYPTO_get_dynlock_lock_cb; -+ CRYPTO_get_dynlock_destroy_callback; -+ CRYPTO_get_dynlock_destroy_cb; -+ CRYPTO_get_dynlock_value; -+ CRYPTO_get_dynlock_create_callback; -+ CRYPTO_get_dynlock_create_cb; -+ c2i_ASN1_BIT_STRING; -+ i2c_ASN1_BIT_STRING; -+ RAND_poll; -+ c2i_ASN1_INTEGER; -+ i2c_ASN1_INTEGER; -+ BIO_dump_indent; -+ ASN1_parse_dump; -+ c2i_ASN1_OBJECT; -+ X509_NAME_print_ex_fp; -+ ASN1_STRING_print_ex_fp; -+ X509_NAME_print_ex; -+ ASN1_STRING_print_ex; -+ MD4; -+ MD4_Transform; -+ MD4_Final; -+ MD4_Update; -+ MD4_Init; -+ EVP_md4; -+ i2d_PUBKEY_bio; -+ i2d_PUBKEY_fp; -+ d2i_PUBKEY_bio; -+ ASN1_STRING_to_UTF8; -+ BIO_vprintf; -+ BIO_vsnprintf; -+ d2i_PUBKEY_fp; -+ X509_cmp_time; -+ X509_STORE_CTX_set_time; -+ X509_STORE_CTX_get1_issuer; -+ X509_OBJECT_retrieve_match; -+ X509_OBJECT_idx_by_subject; -+ X509_STORE_CTX_set_flags; -+ X509_STORE_CTX_trusted_stack; -+ X509_time_adj; -+ X509_check_issued; -+ ASN1_UTCTIME_cmp_time_t; -+ DES_set_weak_key_flag; -+ DES_check_key; -+ DES_rw_mode; -+ RSA_PKCS1_RSAref; -+ X509_keyid_set1; -+ BIO_next; -+ DSO_METHOD_vms; -+ BIO_f_linebuffer; -+ BN_bntest_rand; -+ OPENSSL_issetugid; -+ BN_rand_range; -+ ERR_load_ENGINE_strings; -+ ENGINE_set_DSA; -+ ENGINE_get_finish_function; -+ ENGINE_get_default_RSA; -+ ENGINE_get_BN_mod_exp; -+ DSA_get_default_openssl_method; -+ ENGINE_set_DH; -+ ENGINE_set_def_BN_mod_exp_crt; -+ ENGINE_set_default_BN_mod_exp_crt; -+ ENGINE_init; -+ DH_get_default_openssl_method; -+ RSA_set_default_openssl_method; -+ ENGINE_finish; -+ ENGINE_load_public_key; -+ ENGINE_get_DH; -+ ENGINE_ctrl; -+ ENGINE_get_init_function; -+ ENGINE_set_init_function; -+ ENGINE_set_default_DSA; -+ ENGINE_get_name; -+ ENGINE_get_last; -+ ENGINE_get_prev; -+ ENGINE_get_default_DH; -+ ENGINE_get_RSA; -+ ENGINE_set_default; -+ ENGINE_get_RAND; -+ ENGINE_get_first; -+ ENGINE_by_id; -+ ENGINE_set_finish_function; -+ ENGINE_get_def_BN_mod_exp_crt; -+ ENGINE_get_default_BN_mod_exp_crt; -+ RSA_get_default_openssl_method; -+ ENGINE_set_RSA; -+ ENGINE_load_private_key; -+ ENGINE_set_default_RAND; -+ ENGINE_set_BN_mod_exp; -+ ENGINE_remove; -+ ENGINE_free; -+ ENGINE_get_BN_mod_exp_crt; -+ ENGINE_get_next; -+ ENGINE_set_name; -+ ENGINE_get_default_DSA; -+ ENGINE_set_default_BN_mod_exp; -+ ENGINE_set_default_RSA; -+ ENGINE_get_default_RAND; -+ ENGINE_get_default_BN_mod_exp; -+ ENGINE_set_RAND; -+ ENGINE_set_id; -+ ENGINE_set_BN_mod_exp_crt; -+ ENGINE_set_default_DH; -+ ENGINE_new; -+ ENGINE_get_id; -+ DSA_set_default_openssl_method; -+ ENGINE_add; -+ DH_set_default_openssl_method; -+ ENGINE_get_DSA; -+ ENGINE_get_ctrl_function; -+ ENGINE_set_ctrl_function; -+ BN_pseudo_rand_range; -+ X509_STORE_CTX_set_verify_cb; -+ ERR_load_COMP_strings; -+ PKCS12_item_decrypt_d2i; -+ ASN1_UTF8STRING_it; -+ ENGINE_unregister_ciphers; -+ ENGINE_get_ciphers; -+ d2i_OCSP_BASICRESP; -+ KRB5_CHECKSUM_it; -+ EC_POINT_add; -+ ASN1_item_ex_i2d; -+ OCSP_CERTID_it; -+ d2i_OCSP_RESPBYTES; -+ X509V3_add1_i2d; -+ PKCS7_ENVELOPE_it; -+ UI_add_input_boolean; -+ ENGINE_unregister_RSA; -+ X509V3_EXT_nconf; -+ ASN1_GENERALSTRING_free; -+ d2i_OCSP_CERTSTATUS; -+ X509_REVOKED_set_serialNumber; -+ X509_print_ex; -+ OCSP_ONEREQ_get1_ext_d2i; -+ ENGINE_register_all_RAND; -+ ENGINE_load_dynamic; -+ PBKDF2PARAM_it; -+ EXTENDED_KEY_USAGE_new; -+ EC_GROUP_clear_free; -+ OCSP_sendreq_bio; -+ ASN1_item_digest; -+ OCSP_BASICRESP_delete_ext; -+ OCSP_SIGNATURE_it; -+ X509_CRL_it; -+ OCSP_BASICRESP_add_ext; -+ KRB5_ENCKEY_it; -+ UI_method_set_closer; -+ X509_STORE_set_purpose; -+ i2d_ASN1_GENERALSTRING; -+ OCSP_response_status; -+ i2d_OCSP_SERVICELOC; -+ ENGINE_get_digest_engine; -+ EC_GROUP_set_curve_GFp; -+ OCSP_REQUEST_get_ext_by_OBJ; -+ _ossl_old_des_random_key; -+ ASN1_T61STRING_it; -+ EC_GROUP_method_of; -+ i2d_KRB5_APREQ; -+ _ossl_old_des_encrypt; -+ ASN1_PRINTABLE_new; -+ HMAC_Init_ex; -+ d2i_KRB5_AUTHENT; -+ OCSP_archive_cutoff_new; -+ EC_POINT_set_Jprojective_coordinates_GFp; -+ EC_POINT_set_Jproj_coords_GFp; -+ _ossl_old_des_is_weak_key; -+ OCSP_BASICRESP_get_ext_by_OBJ; -+ EC_POINT_oct2point; -+ OCSP_SINGLERESP_get_ext_count; -+ UI_ctrl; -+ _shadow_DES_rw_mode; -+ asn1_do_adb; -+ ASN1_template_i2d; -+ ENGINE_register_DH; -+ UI_construct_prompt; -+ X509_STORE_set_trust; -+ UI_dup_input_string; -+ d2i_KRB5_APREQ; -+ EVP_MD_CTX_copy_ex; -+ OCSP_request_is_signed; -+ i2d_OCSP_REQINFO; -+ KRB5_ENCKEY_free; -+ OCSP_resp_get0; -+ GENERAL_NAME_it; -+ ASN1_GENERALIZEDTIME_it; -+ X509_STORE_set_flags; -+ EC_POINT_set_compressed_coordinates_GFp; -+ EC_POINT_set_compr_coords_GFp; -+ OCSP_response_status_str; -+ d2i_OCSP_REVOKEDINFO; -+ OCSP_basic_add1_cert; -+ ERR_get_implementation; -+ EVP_CipherFinal_ex; -+ OCSP_CERTSTATUS_new; -+ CRYPTO_cleanup_all_ex_data; -+ OCSP_resp_find; -+ BN_nnmod; -+ X509_CRL_sort; -+ X509_REVOKED_set_revocationDate; -+ ENGINE_register_RAND; -+ OCSP_SERVICELOC_new; -+ EC_POINT_set_affine_coordinates_GFp; -+ EC_POINT_set_affine_coords_GFp; -+ _ossl_old_des_options; -+ SXNET_it; -+ UI_dup_input_boolean; -+ PKCS12_add_CSPName_asc; -+ EC_POINT_is_at_infinity; -+ ENGINE_load_cryptodev; -+ DSO_convert_filename; -+ POLICYQUALINFO_it; -+ ENGINE_register_ciphers; -+ BN_mod_lshift_quick; -+ DSO_set_filename; -+ ASN1_item_free; -+ KRB5_TKTBODY_free; -+ AUTHORITY_KEYID_it; -+ KRB5_APREQBODY_new; -+ X509V3_EXT_REQ_add_nconf; -+ ENGINE_ctrl_cmd_string; -+ i2d_OCSP_RESPDATA; -+ EVP_MD_CTX_init; -+ EXTENDED_KEY_USAGE_free; -+ PKCS7_ATTR_SIGN_it; -+ UI_add_error_string; -+ KRB5_CHECKSUM_free; -+ OCSP_REQUEST_get_ext; -+ ENGINE_load_ubsec; -+ ENGINE_register_all_digests; -+ PKEY_USAGE_PERIOD_it; -+ PKCS12_unpack_authsafes; -+ ASN1_item_unpack; -+ NETSCAPE_SPKAC_it; -+ X509_REVOKED_it; -+ ASN1_STRING_encode; -+ EVP_aes_128_ecb; -+ KRB5_AUTHENT_free; -+ OCSP_BASICRESP_get_ext_by_critical; -+ OCSP_BASICRESP_get_ext_by_crit; -+ OCSP_cert_status_str; -+ d2i_OCSP_REQUEST; -+ UI_dup_info_string; -+ _ossl_old_des_xwhite_in2out; -+ PKCS12_it; -+ OCSP_SINGLERESP_get_ext_by_critical; -+ OCSP_SINGLERESP_get_ext_by_crit; -+ OCSP_CERTSTATUS_free; -+ _ossl_old_des_crypt; -+ ASN1_item_i2d; -+ EVP_DecryptFinal_ex; -+ ENGINE_load_openssl; -+ ENGINE_get_cmd_defns; -+ ENGINE_set_load_privkey_function; -+ ENGINE_set_load_privkey_fn; -+ EVP_EncryptFinal_ex; -+ ENGINE_set_default_digests; -+ X509_get0_pubkey_bitstr; -+ asn1_ex_i2c; -+ ENGINE_register_RSA; -+ ENGINE_unregister_DSA; -+ _ossl_old_des_key_sched; -+ X509_EXTENSION_it; -+ i2d_KRB5_AUTHENT; -+ SXNETID_it; -+ d2i_OCSP_SINGLERESP; -+ EDIPARTYNAME_new; -+ PKCS12_certbag2x509; -+ _ossl_old_des_ofb64_encrypt; -+ d2i_EXTENDED_KEY_USAGE; -+ ERR_print_errors_cb; -+ ENGINE_set_ciphers; -+ d2i_KRB5_APREQBODY; -+ UI_method_get_flusher; -+ X509_PUBKEY_it; -+ _ossl_old_des_enc_read; -+ PKCS7_ENCRYPT_it; -+ i2d_OCSP_RESPONSE; -+ EC_GROUP_get_cofactor; -+ PKCS12_unpack_p7data; -+ d2i_KRB5_AUTHDATA; -+ OCSP_copy_nonce; -+ KRB5_AUTHDATA_new; -+ OCSP_RESPDATA_new; -+ EC_GFp_mont_method; -+ OCSP_REVOKEDINFO_free; -+ UI_get_ex_data; -+ KRB5_APREQBODY_free; -+ EC_GROUP_get0_generator; -+ UI_get_default_method; -+ X509V3_set_nconf; -+ PKCS12_item_i2d_encrypt; -+ X509_add1_ext_i2d; -+ PKCS7_SIGNER_INFO_it; -+ KRB5_PRINCNAME_new; -+ PKCS12_SAFEBAG_it; -+ EC_GROUP_get_order; -+ d2i_OCSP_RESPID; -+ OCSP_request_verify; -+ NCONF_get_number_e; -+ _ossl_old_des_decrypt3; -+ X509_signature_print; -+ OCSP_SINGLERESP_free; -+ ENGINE_load_builtin_engines; -+ i2d_OCSP_ONEREQ; -+ OCSP_REQUEST_add_ext; -+ OCSP_RESPBYTES_new; -+ EVP_MD_CTX_create; -+ OCSP_resp_find_status; -+ X509_ALGOR_it; -+ ASN1_TIME_it; -+ OCSP_request_set1_name; -+ OCSP_ONEREQ_get_ext_count; -+ UI_get0_result; -+ PKCS12_AUTHSAFES_it; -+ EVP_aes_256_ecb; -+ PKCS12_pack_authsafes; -+ ASN1_IA5STRING_it; -+ UI_get_input_flags; -+ EC_GROUP_set_generator; -+ _ossl_old_des_string_to_2keys; -+ OCSP_CERTID_free; -+ X509_CERT_AUX_it; -+ CERTIFICATEPOLICIES_it; -+ _ossl_old_des_ede3_cbc_encrypt; -+ RAND_set_rand_engine; -+ DSO_get_loaded_filename; -+ X509_ATTRIBUTE_it; -+ OCSP_ONEREQ_get_ext_by_NID; -+ PKCS12_decrypt_skey; -+ KRB5_AUTHENT_it; -+ UI_dup_error_string; -+ RSAPublicKey_it; -+ i2d_OCSP_REQUEST; -+ PKCS12_x509crl2certbag; -+ OCSP_SERVICELOC_it; -+ ASN1_item_sign; -+ X509_CRL_set_issuer_name; -+ OBJ_NAME_do_all_sorted; -+ i2d_OCSP_BASICRESP; -+ i2d_OCSP_RESPBYTES; -+ PKCS12_unpack_p7encdata; -+ HMAC_CTX_init; -+ ENGINE_get_digest; -+ OCSP_RESPONSE_print; -+ KRB5_TKTBODY_it; -+ ACCESS_DESCRIPTION_it; -+ PKCS7_ISSUER_AND_SERIAL_it; -+ PBE2PARAM_it; -+ PKCS12_certbag2x509crl; -+ PKCS7_SIGNED_it; -+ ENGINE_get_cipher; -+ i2d_OCSP_CRLID; -+ OCSP_SINGLERESP_new; -+ ENGINE_cmd_is_executable; -+ RSA_up_ref; -+ ASN1_GENERALSTRING_it; -+ ENGINE_register_DSA; -+ X509V3_EXT_add_nconf_sk; -+ ENGINE_set_load_pubkey_function; -+ PKCS8_decrypt; -+ PEM_bytes_read_bio; -+ DIRECTORYSTRING_it; -+ d2i_OCSP_CRLID; -+ EC_POINT_is_on_curve; -+ CRYPTO_set_locked_mem_ex_functions; -+ CRYPTO_set_locked_mem_ex_funcs; -+ d2i_KRB5_CHECKSUM; -+ ASN1_item_dup; -+ X509_it; -+ BN_mod_add; -+ KRB5_AUTHDATA_free; -+ _ossl_old_des_cbc_cksum; -+ ASN1_item_verify; -+ CRYPTO_set_mem_ex_functions; -+ EC_POINT_get_Jprojective_coordinates_GFp; -+ EC_POINT_get_Jproj_coords_GFp; -+ ZLONG_it; -+ CRYPTO_get_locked_mem_ex_functions; -+ CRYPTO_get_locked_mem_ex_funcs; -+ ASN1_TIME_check; -+ UI_get0_user_data; -+ HMAC_CTX_cleanup; -+ DSA_up_ref; -+ _ossl_old_des_ede3_cfb64_encrypt; -+ _ossl_odes_ede3_cfb64_encrypt; -+ ASN1_BMPSTRING_it; -+ ASN1_tag2bit; -+ UI_method_set_flusher; -+ X509_ocspid_print; -+ KRB5_ENCDATA_it; -+ ENGINE_get_load_pubkey_function; -+ UI_add_user_data; -+ OCSP_REQUEST_delete_ext; -+ UI_get_method; -+ OCSP_ONEREQ_free; -+ ASN1_PRINTABLESTRING_it; -+ X509_CRL_set_nextUpdate; -+ OCSP_REQUEST_it; -+ OCSP_BASICRESP_it; -+ AES_ecb_encrypt; -+ BN_mod_sqr; -+ NETSCAPE_CERT_SEQUENCE_it; -+ GENERAL_NAMES_it; -+ AUTHORITY_INFO_ACCESS_it; -+ ASN1_FBOOLEAN_it; -+ UI_set_ex_data; -+ _ossl_old_des_string_to_key; -+ ENGINE_register_all_RSA; -+ d2i_KRB5_PRINCNAME; -+ OCSP_RESPBYTES_it; -+ X509_CINF_it; -+ ENGINE_unregister_digests; -+ d2i_EDIPARTYNAME; -+ d2i_OCSP_SERVICELOC; -+ ENGINE_get_digests; -+ _ossl_old_des_set_odd_parity; -+ OCSP_RESPDATA_free; -+ d2i_KRB5_TICKET; -+ OTHERNAME_it; -+ EVP_MD_CTX_cleanup; -+ d2i_ASN1_GENERALSTRING; -+ X509_CRL_set_version; -+ BN_mod_sub; -+ OCSP_SINGLERESP_get_ext_by_NID; -+ ENGINE_get_ex_new_index; -+ OCSP_REQUEST_free; -+ OCSP_REQUEST_add1_ext_i2d; -+ X509_VAL_it; -+ EC_POINTs_make_affine; -+ EC_POINT_mul; -+ X509V3_EXT_add_nconf; -+ X509_TRUST_set; -+ X509_CRL_add1_ext_i2d; -+ _ossl_old_des_fcrypt; -+ DISPLAYTEXT_it; -+ X509_CRL_set_lastUpdate; -+ OCSP_BASICRESP_free; -+ OCSP_BASICRESP_add1_ext_i2d; -+ d2i_KRB5_AUTHENTBODY; -+ CRYPTO_set_ex_data_implementation; -+ CRYPTO_set_ex_data_impl; -+ KRB5_ENCDATA_new; -+ DSO_up_ref; -+ OCSP_crl_reason_str; -+ UI_get0_result_string; -+ ASN1_GENERALSTRING_new; -+ X509_SIG_it; -+ ERR_set_implementation; -+ ERR_load_EC_strings; -+ UI_get0_action_string; -+ OCSP_ONEREQ_get_ext; -+ EC_POINT_method_of; -+ i2d_KRB5_APREQBODY; -+ _ossl_old_des_ecb3_encrypt; -+ CRYPTO_get_mem_ex_functions; -+ ENGINE_get_ex_data; -+ UI_destroy_method; -+ ASN1_item_i2d_bio; -+ OCSP_ONEREQ_get_ext_by_OBJ; -+ ASN1_primitive_new; -+ ASN1_PRINTABLE_it; -+ EVP_aes_192_ecb; -+ OCSP_SIGNATURE_new; -+ LONG_it; -+ ASN1_VISIBLESTRING_it; -+ OCSP_SINGLERESP_add1_ext_i2d; -+ d2i_OCSP_CERTID; -+ ASN1_item_d2i_fp; -+ CRL_DIST_POINTS_it; -+ GENERAL_NAME_print; -+ OCSP_SINGLERESP_delete_ext; -+ PKCS12_SAFEBAGS_it; -+ d2i_OCSP_SIGNATURE; -+ OCSP_request_add1_nonce; -+ ENGINE_set_cmd_defns; -+ OCSP_SERVICELOC_free; -+ EC_GROUP_free; -+ ASN1_BIT_STRING_it; -+ X509_REQ_it; -+ _ossl_old_des_cbc_encrypt; -+ ERR_unload_strings; -+ PKCS7_SIGN_ENVELOPE_it; -+ EDIPARTYNAME_free; -+ OCSP_REQINFO_free; -+ EC_GROUP_new_curve_GFp; -+ OCSP_REQUEST_get1_ext_d2i; -+ PKCS12_item_pack_safebag; -+ asn1_ex_c2i; -+ ENGINE_register_digests; -+ i2d_OCSP_REVOKEDINFO; -+ asn1_enc_restore; -+ UI_free; -+ UI_new_method; -+ EVP_EncryptInit_ex; -+ X509_pubkey_digest; -+ EC_POINT_invert; -+ OCSP_basic_sign; -+ i2d_OCSP_RESPID; -+ OCSP_check_nonce; -+ ENGINE_ctrl_cmd; -+ d2i_KRB5_ENCKEY; -+ OCSP_parse_url; -+ OCSP_SINGLERESP_get_ext; -+ OCSP_CRLID_free; -+ OCSP_BASICRESP_get1_ext_d2i; -+ RSAPrivateKey_it; -+ ENGINE_register_all_DH; -+ i2d_EDIPARTYNAME; -+ EC_POINT_get_affine_coordinates_GFp; -+ EC_POINT_get_affine_coords_GFp; -+ OCSP_CRLID_new; -+ ENGINE_get_flags; -+ OCSP_ONEREQ_it; -+ UI_process; -+ ASN1_INTEGER_it; -+ EVP_CipherInit_ex; -+ UI_get_string_type; -+ ENGINE_unregister_DH; -+ ENGINE_register_all_DSA; -+ OCSP_ONEREQ_get_ext_by_critical; -+ bn_dup_expand; -+ OCSP_cert_id_new; -+ BASIC_CONSTRAINTS_it; -+ BN_mod_add_quick; -+ EC_POINT_new; -+ EVP_MD_CTX_destroy; -+ OCSP_RESPBYTES_free; -+ EVP_aes_128_cbc; -+ OCSP_SINGLERESP_get1_ext_d2i; -+ EC_POINT_free; -+ DH_up_ref; -+ X509_NAME_ENTRY_it; -+ UI_get_ex_new_index; -+ BN_mod_sub_quick; -+ OCSP_ONEREQ_add_ext; -+ OCSP_request_sign; -+ EVP_DigestFinal_ex; -+ ENGINE_set_digests; -+ OCSP_id_issuer_cmp; -+ OBJ_NAME_do_all; -+ EC_POINTs_mul; -+ ENGINE_register_complete; -+ X509V3_EXT_nconf_nid; -+ ASN1_SEQUENCE_it; -+ UI_set_default_method; -+ RAND_query_egd_bytes; -+ UI_method_get_writer; -+ UI_OpenSSL; -+ PEM_def_callback; -+ ENGINE_cleanup; -+ DIST_POINT_it; -+ OCSP_SINGLERESP_it; -+ d2i_KRB5_TKTBODY; -+ EC_POINT_cmp; -+ OCSP_REVOKEDINFO_new; -+ i2d_OCSP_CERTSTATUS; -+ OCSP_basic_add1_nonce; -+ ASN1_item_ex_d2i; -+ BN_mod_lshift1_quick; -+ UI_set_method; -+ OCSP_id_get0_info; -+ BN_mod_sqrt; -+ EC_GROUP_copy; -+ KRB5_ENCDATA_free; -+ _ossl_old_des_cfb_encrypt; -+ OCSP_SINGLERESP_get_ext_by_OBJ; -+ OCSP_cert_to_id; -+ OCSP_RESPID_new; -+ OCSP_RESPDATA_it; -+ d2i_OCSP_RESPDATA; -+ ENGINE_register_all_complete; -+ OCSP_check_validity; -+ PKCS12_BAGS_it; -+ OCSP_url_svcloc_new; -+ ASN1_template_free; -+ OCSP_SINGLERESP_add_ext; -+ KRB5_AUTHENTBODY_it; -+ X509_supported_extension; -+ i2d_KRB5_AUTHDATA; -+ UI_method_get_opener; -+ ENGINE_set_ex_data; -+ OCSP_REQUEST_print; -+ CBIGNUM_it; -+ KRB5_TICKET_new; -+ KRB5_APREQ_new; -+ EC_GROUP_get_curve_GFp; -+ KRB5_ENCKEY_new; -+ ASN1_template_d2i; -+ _ossl_old_des_quad_cksum; -+ OCSP_single_get0_status; -+ BN_swap; -+ POLICYINFO_it; -+ ENGINE_set_destroy_function; -+ asn1_enc_free; -+ OCSP_RESPID_it; -+ EC_GROUP_new; -+ EVP_aes_256_cbc; -+ i2d_KRB5_PRINCNAME; -+ _ossl_old_des_encrypt2; -+ _ossl_old_des_encrypt3; -+ PKCS8_PRIV_KEY_INFO_it; -+ OCSP_REQINFO_it; -+ PBEPARAM_it; -+ KRB5_AUTHENTBODY_new; -+ X509_CRL_add0_revoked; -+ EDIPARTYNAME_it; -+ NETSCAPE_SPKI_it; -+ UI_get0_test_string; -+ ENGINE_get_cipher_engine; -+ ENGINE_register_all_ciphers; -+ EC_POINT_copy; -+ BN_kronecker; -+ _ossl_old_des_ede3_ofb64_encrypt; -+ _ossl_odes_ede3_ofb64_encrypt; -+ UI_method_get_reader; -+ OCSP_BASICRESP_get_ext_count; -+ ASN1_ENUMERATED_it; -+ UI_set_result; -+ i2d_KRB5_TICKET; -+ X509_print_ex_fp; -+ EVP_CIPHER_CTX_set_padding; -+ d2i_OCSP_RESPONSE; -+ ASN1_UTCTIME_it; -+ _ossl_old_des_enc_write; -+ OCSP_RESPONSE_new; -+ AES_set_encrypt_key; -+ OCSP_resp_count; -+ KRB5_CHECKSUM_new; -+ ENGINE_load_cswift; -+ OCSP_onereq_get0_id; -+ ENGINE_set_default_ciphers; -+ NOTICEREF_it; -+ X509V3_EXT_CRL_add_nconf; -+ OCSP_REVOKEDINFO_it; -+ AES_encrypt; -+ OCSP_REQUEST_new; -+ ASN1_ANY_it; -+ CRYPTO_ex_data_new_class; -+ _ossl_old_des_ncbc_encrypt; -+ i2d_KRB5_TKTBODY; -+ EC_POINT_clear_free; -+ AES_decrypt; -+ asn1_enc_init; -+ UI_get_result_maxsize; -+ OCSP_CERTID_new; -+ ENGINE_unregister_RAND; -+ UI_method_get_closer; -+ d2i_KRB5_ENCDATA; -+ OCSP_request_onereq_count; -+ OCSP_basic_verify; -+ KRB5_AUTHENTBODY_free; -+ ASN1_item_d2i; -+ ASN1_primitive_free; -+ i2d_EXTENDED_KEY_USAGE; -+ i2d_OCSP_SIGNATURE; -+ asn1_enc_save; -+ ENGINE_load_nuron; -+ _ossl_old_des_pcbc_encrypt; -+ PKCS12_MAC_DATA_it; -+ OCSP_accept_responses_new; -+ asn1_do_lock; -+ PKCS7_ATTR_VERIFY_it; -+ KRB5_APREQBODY_it; -+ i2d_OCSP_SINGLERESP; -+ ASN1_item_ex_new; -+ UI_add_verify_string; -+ _ossl_old_des_set_key; -+ KRB5_PRINCNAME_it; -+ EVP_DecryptInit_ex; -+ i2d_OCSP_CERTID; -+ ASN1_item_d2i_bio; -+ EC_POINT_dbl; -+ asn1_get_choice_selector; -+ i2d_KRB5_CHECKSUM; -+ ENGINE_set_table_flags; -+ AES_options; -+ ENGINE_load_chil; -+ OCSP_id_cmp; -+ OCSP_BASICRESP_new; -+ OCSP_REQUEST_get_ext_by_NID; -+ KRB5_APREQ_it; -+ ENGINE_get_destroy_function; -+ CONF_set_nconf; -+ ASN1_PRINTABLE_free; -+ OCSP_BASICRESP_get_ext_by_NID; -+ DIST_POINT_NAME_it; -+ X509V3_extensions_print; -+ _ossl_old_des_cfb64_encrypt; -+ X509_REVOKED_add1_ext_i2d; -+ _ossl_old_des_ofb_encrypt; -+ KRB5_TKTBODY_new; -+ ASN1_OCTET_STRING_it; -+ ERR_load_UI_strings; -+ i2d_KRB5_ENCKEY; -+ ASN1_template_new; -+ OCSP_SIGNATURE_free; -+ ASN1_item_i2d_fp; -+ KRB5_PRINCNAME_free; -+ PKCS7_RECIP_INFO_it; -+ EXTENDED_KEY_USAGE_it; -+ EC_GFp_simple_method; -+ EC_GROUP_precompute_mult; -+ OCSP_request_onereq_get0; -+ UI_method_set_writer; -+ KRB5_AUTHENT_new; -+ X509_CRL_INFO_it; -+ DSO_set_name_converter; -+ AES_set_decrypt_key; -+ PKCS7_DIGEST_it; -+ PKCS12_x5092certbag; -+ EVP_DigestInit_ex; -+ i2a_ACCESS_DESCRIPTION; -+ OCSP_RESPONSE_it; -+ PKCS7_ENC_CONTENT_it; -+ OCSP_request_add0_id; -+ EC_POINT_make_affine; -+ DSO_get_filename; -+ OCSP_CERTSTATUS_it; -+ OCSP_request_add1_cert; -+ UI_get0_output_string; -+ UI_dup_verify_string; -+ BN_mod_lshift; -+ KRB5_AUTHDATA_it; -+ asn1_set_choice_selector; -+ OCSP_basic_add1_status; -+ OCSP_RESPID_free; -+ asn1_get_field_ptr; -+ UI_add_input_string; -+ OCSP_CRLID_it; -+ i2d_KRB5_AUTHENTBODY; -+ OCSP_REQUEST_get_ext_count; -+ ENGINE_load_atalla; -+ X509_NAME_it; -+ USERNOTICE_it; -+ OCSP_REQINFO_new; -+ OCSP_BASICRESP_get_ext; -+ CRYPTO_get_ex_data_implementation; -+ CRYPTO_get_ex_data_impl; -+ ASN1_item_pack; -+ i2d_KRB5_ENCDATA; -+ X509_PURPOSE_set; -+ X509_REQ_INFO_it; -+ UI_method_set_opener; -+ ASN1_item_ex_free; -+ ASN1_BOOLEAN_it; -+ ENGINE_get_table_flags; -+ UI_create_method; -+ OCSP_ONEREQ_add1_ext_i2d; -+ _shadow_DES_check_key; -+ d2i_OCSP_REQINFO; -+ UI_add_info_string; -+ UI_get_result_minsize; -+ ASN1_NULL_it; -+ BN_mod_lshift1; -+ d2i_OCSP_ONEREQ; -+ OCSP_ONEREQ_new; -+ KRB5_TICKET_it; -+ EVP_aes_192_cbc; -+ KRB5_TICKET_free; -+ UI_new; -+ OCSP_response_create; -+ _ossl_old_des_xcbc_encrypt; -+ PKCS7_it; -+ OCSP_REQUEST_get_ext_by_critical; -+ OCSP_REQUEST_get_ext_by_crit; -+ ENGINE_set_flags; -+ _ossl_old_des_ecb_encrypt; -+ OCSP_response_get1_basic; -+ EVP_Digest; -+ OCSP_ONEREQ_delete_ext; -+ ASN1_TBOOLEAN_it; -+ ASN1_item_new; -+ ASN1_TIME_to_generalizedtime; -+ BIGNUM_it; -+ AES_cbc_encrypt; -+ ENGINE_get_load_privkey_function; -+ ENGINE_get_load_privkey_fn; -+ OCSP_RESPONSE_free; -+ UI_method_set_reader; -+ i2d_ASN1_T61STRING; -+ EC_POINT_set_to_infinity; -+ ERR_load_OCSP_strings; -+ EC_POINT_point2oct; -+ KRB5_APREQ_free; -+ ASN1_OBJECT_it; -+ OCSP_crlID_new; -+ OCSP_crlID2_new; -+ CONF_modules_load_file; -+ CONF_imodule_set_usr_data; -+ ENGINE_set_default_string; -+ CONF_module_get_usr_data; -+ ASN1_add_oid_module; -+ CONF_modules_finish; -+ OPENSSL_config; -+ CONF_modules_unload; -+ CONF_imodule_get_value; -+ CONF_module_set_usr_data; -+ CONF_parse_list; -+ CONF_module_add; -+ CONF_get1_default_config_file; -+ CONF_imodule_get_flags; -+ CONF_imodule_get_module; -+ CONF_modules_load; -+ CONF_imodule_get_name; -+ ERR_peek_top_error; -+ CONF_imodule_get_usr_data; -+ CONF_imodule_set_flags; -+ ENGINE_add_conf_module; -+ ERR_peek_last_error_line; -+ ERR_peek_last_error_line_data; -+ ERR_peek_last_error; -+ DES_read_2passwords; -+ DES_read_password; -+ UI_UTIL_read_pw; -+ UI_UTIL_read_pw_string; -+ ENGINE_load_aep; -+ ENGINE_load_sureware; -+ OPENSSL_add_all_algorithms_noconf; -+ OPENSSL_add_all_algo_noconf; -+ OPENSSL_add_all_algorithms_conf; -+ OPENSSL_add_all_algo_conf; -+ OPENSSL_load_builtin_modules; -+ AES_ofb128_encrypt; -+ AES_ctr128_encrypt; -+ AES_cfb128_encrypt; -+ ENGINE_load_4758cca; -+ _ossl_096_des_random_seed; -+ EVP_aes_256_ofb; -+ EVP_aes_192_ofb; -+ EVP_aes_128_cfb128; -+ EVP_aes_256_cfb128; -+ EVP_aes_128_ofb; -+ EVP_aes_192_cfb128; -+ CONF_modules_free; -+ NCONF_default; -+ OPENSSL_no_config; -+ NCONF_WIN32; -+ ASN1_UNIVERSALSTRING_new; -+ EVP_des_ede_ecb; -+ i2d_ASN1_UNIVERSALSTRING; -+ ASN1_UNIVERSALSTRING_free; -+ ASN1_UNIVERSALSTRING_it; -+ d2i_ASN1_UNIVERSALSTRING; -+ EVP_des_ede3_ecb; -+ X509_REQ_print_ex; -+ ENGINE_up_ref; -+ BUF_MEM_grow_clean; -+ CRYPTO_realloc_clean; -+ BUF_strlcat; -+ BIO_indent; -+ BUF_strlcpy; -+ OpenSSLDie; -+ OPENSSL_cleanse; -+ ENGINE_setup_bsd_cryptodev; -+ ERR_release_err_state_table; -+ EVP_aes_128_cfb8; -+ FIPS_corrupt_rsa; -+ FIPS_selftest_des; -+ EVP_aes_128_cfb1; -+ EVP_aes_192_cfb8; -+ FIPS_mode_set; -+ FIPS_selftest_dsa; -+ EVP_aes_256_cfb8; -+ FIPS_allow_md5; -+ DES_ede3_cfb_encrypt; -+ EVP_des_ede3_cfb8; -+ FIPS_rand_seeded; -+ AES_cfbr_encrypt_block; -+ AES_cfb8_encrypt; -+ FIPS_rand_seed; -+ FIPS_corrupt_des; -+ EVP_aes_192_cfb1; -+ FIPS_selftest_aes; -+ FIPS_set_prng_key; -+ EVP_des_cfb8; -+ FIPS_corrupt_dsa; -+ FIPS_test_mode; -+ FIPS_rand_method; -+ EVP_aes_256_cfb1; -+ ERR_load_FIPS_strings; -+ FIPS_corrupt_aes; -+ FIPS_selftest_sha1; -+ FIPS_selftest_rsa; -+ FIPS_corrupt_sha1; -+ EVP_des_cfb1; -+ FIPS_dsa_check; -+ AES_cfb1_encrypt; -+ EVP_des_ede3_cfb1; -+ FIPS_rand_check; -+ FIPS_md5_allowed; -+ FIPS_mode; -+ FIPS_selftest_failed; -+ sk_is_sorted; -+ X509_check_ca; -+ HMAC_CTX_set_flags; -+ d2i_PROXY_CERT_INFO_EXTENSION; -+ PROXY_POLICY_it; -+ i2d_PROXY_POLICY; -+ i2d_PROXY_CERT_INFO_EXTENSION; -+ d2i_PROXY_POLICY; -+ PROXY_CERT_INFO_EXTENSION_new; -+ PROXY_CERT_INFO_EXTENSION_free; -+ PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_POLICY_free; -+ PROXY_POLICY_new; -+ BN_MONT_CTX_set_locked; -+ FIPS_selftest_rng; -+ EVP_sha384; -+ EVP_sha512; -+ EVP_sha224; -+ EVP_sha256; -+ FIPS_selftest_hmac; -+ FIPS_corrupt_rng; -+ BN_mod_exp_mont_consttime; -+ RSA_X931_hash_id; -+ RSA_padding_check_X931; -+ RSA_verify_PKCS1_PSS; -+ RSA_padding_add_X931; -+ RSA_padding_add_PKCS1_PSS; -+ PKCS1_MGF1; -+ BN_X931_generate_Xpq; -+ RSA_X931_generate_key; -+ BN_X931_derive_prime; -+ BN_X931_generate_prime; -+ RSA_X931_derive; -+ BIO_new_dgram; -+ BN_get0_nist_prime_384; -+ ERR_set_mark; -+ X509_STORE_CTX_set0_crls; -+ ENGINE_set_STORE; -+ ENGINE_register_ECDSA; -+ STORE_meth_set_list_start_fn; -+ STORE_method_set_list_start_function; -+ BN_BLINDING_invert_ex; -+ NAME_CONSTRAINTS_free; -+ STORE_ATTR_INFO_set_number; -+ BN_BLINDING_get_thread_id; -+ X509_STORE_CTX_set0_param; -+ POLICY_MAPPING_it; -+ STORE_parse_attrs_start; -+ POLICY_CONSTRAINTS_free; -+ EVP_PKEY_add1_attr_by_NID; -+ BN_nist_mod_192; -+ EC_GROUP_get_trinomial_basis; -+ STORE_set_method; -+ GENERAL_SUBTREE_free; -+ NAME_CONSTRAINTS_it; -+ ECDH_get_default_method; -+ PKCS12_add_safe; -+ EC_KEY_new_by_curve_name; -+ STORE_meth_get_update_store_fn; -+ STORE_method_get_update_store_function; -+ ENGINE_register_ECDH; -+ SHA512_Update; -+ i2d_ECPrivateKey; -+ BN_get0_nist_prime_192; -+ STORE_modify_certificate; -+ EC_POINT_set_affine_coordinates_GF2m; -+ EC_POINT_set_affine_coords_GF2m; -+ BN_GF2m_mod_exp_arr; -+ STORE_ATTR_INFO_modify_number; -+ X509_keyid_get0; -+ ENGINE_load_gmp; -+ pitem_new; -+ BN_GF2m_mod_mul_arr; -+ STORE_list_public_key_endp; -+ o2i_ECPublicKey; -+ EC_KEY_copy; -+ BIO_dump_fp; -+ X509_policy_node_get0_parent; -+ EC_GROUP_check_discriminant; -+ i2o_ECPublicKey; -+ EC_KEY_precompute_mult; -+ a2i_IPADDRESS; -+ STORE_meth_set_initialise_fn; -+ STORE_method_set_initialise_function; -+ X509_STORE_CTX_set_depth; -+ X509_VERIFY_PARAM_inherit; -+ EC_POINT_point2bn; -+ STORE_ATTR_INFO_set_dn; -+ X509_policy_tree_get0_policies; -+ EC_GROUP_new_curve_GF2m; -+ STORE_destroy_method; -+ ENGINE_unregister_STORE; -+ EVP_PKEY_get1_EC_KEY; -+ STORE_ATTR_INFO_get0_number; -+ ENGINE_get_default_ECDH; -+ EC_KEY_get_conv_form; -+ ASN1_OCTET_STRING_NDEF_it; -+ STORE_delete_public_key; -+ STORE_get_public_key; -+ STORE_modify_arbitrary; -+ ENGINE_get_static_state; -+ pqueue_iterator; -+ ECDSA_SIG_new; -+ OPENSSL_DIR_end; -+ BN_GF2m_mod_sqr; -+ EC_POINT_bn2point; -+ X509_VERIFY_PARAM_set_depth; -+ EC_KEY_set_asn1_flag; -+ STORE_get_method; -+ EC_KEY_get_key_method_data; -+ ECDSA_sign_ex; -+ STORE_parse_attrs_end; -+ EC_GROUP_get_point_conversion_form; -+ EC_GROUP_get_point_conv_form; -+ STORE_method_set_store_function; -+ STORE_ATTR_INFO_in; -+ PEM_read_bio_ECPKParameters; -+ EC_GROUP_get_pentanomial_basis; -+ EVP_PKEY_add1_attr_by_txt; -+ BN_BLINDING_set_flags; -+ X509_VERIFY_PARAM_set1_policies; -+ X509_VERIFY_PARAM_set1_name; -+ X509_VERIFY_PARAM_set_purpose; -+ STORE_get_number; -+ ECDSA_sign_setup; -+ BN_GF2m_mod_solve_quad_arr; -+ EC_KEY_up_ref; -+ POLICY_MAPPING_free; -+ BN_GF2m_mod_div; -+ X509_VERIFY_PARAM_set_flags; -+ EC_KEY_free; -+ STORE_meth_set_list_next_fn; -+ STORE_method_set_list_next_function; -+ PEM_write_bio_ECPrivateKey; -+ d2i_EC_PUBKEY; -+ STORE_meth_get_generate_fn; -+ STORE_method_get_generate_function; -+ STORE_meth_set_list_end_fn; -+ STORE_method_set_list_end_function; -+ pqueue_print; -+ EC_GROUP_have_precompute_mult; -+ EC_KEY_print_fp; -+ BN_GF2m_mod_arr; -+ PEM_write_bio_X509_CERT_PAIR; -+ EVP_PKEY_cmp; -+ X509_policy_level_node_count; -+ STORE_new_engine; -+ STORE_list_public_key_start; -+ X509_VERIFY_PARAM_new; -+ ECDH_get_ex_data; -+ EVP_PKEY_get_attr; -+ ECDSA_do_sign; -+ ENGINE_unregister_ECDH; -+ ECDH_OpenSSL; -+ EC_KEY_set_conv_form; -+ EC_POINT_dup; -+ GENERAL_SUBTREE_new; -+ STORE_list_crl_endp; -+ EC_get_builtin_curves; -+ X509_policy_node_get0_qualifiers; -+ X509_pcy_node_get0_qualifiers; -+ STORE_list_crl_end; -+ EVP_PKEY_set1_EC_KEY; -+ BN_GF2m_mod_sqrt_arr; -+ i2d_ECPrivateKey_bio; -+ ECPKParameters_print_fp; -+ pqueue_find; -+ ECDSA_SIG_free; -+ PEM_write_bio_ECPKParameters; -+ STORE_method_set_ctrl_function; -+ STORE_list_public_key_end; -+ EC_KEY_set_private_key; -+ pqueue_peek; -+ STORE_get_arbitrary; -+ STORE_store_crl; -+ X509_policy_node_get0_policy; -+ PKCS12_add_safes; -+ BN_BLINDING_convert_ex; -+ X509_policy_tree_free; -+ OPENSSL_ia32cap_loc; -+ BN_GF2m_poly2arr; -+ STORE_ctrl; -+ STORE_ATTR_INFO_compare; -+ BN_get0_nist_prime_224; -+ i2d_ECParameters; -+ i2d_ECPKParameters; -+ BN_GENCB_call; -+ d2i_ECPKParameters; -+ STORE_meth_set_generate_fn; -+ STORE_method_set_generate_function; -+ ENGINE_set_ECDH; -+ NAME_CONSTRAINTS_new; -+ SHA256_Init; -+ EC_KEY_get0_public_key; -+ PEM_write_bio_EC_PUBKEY; -+ STORE_ATTR_INFO_set_cstr; -+ STORE_list_crl_next; -+ STORE_ATTR_INFO_in_range; -+ ECParameters_print; -+ STORE_meth_set_delete_fn; -+ STORE_method_set_delete_function; -+ STORE_list_certificate_next; -+ ASN1_generate_nconf; -+ BUF_memdup; -+ BN_GF2m_mod_mul; -+ STORE_meth_get_list_next_fn; -+ STORE_method_get_list_next_function; -+ STORE_ATTR_INFO_get0_dn; -+ STORE_list_private_key_next; -+ EC_GROUP_set_seed; -+ X509_VERIFY_PARAM_set_trust; -+ STORE_ATTR_INFO_free; -+ STORE_get_private_key; -+ EVP_PKEY_get_attr_count; -+ STORE_ATTR_INFO_new; -+ EC_GROUP_get_curve_GF2m; -+ STORE_meth_set_revoke_fn; -+ STORE_method_set_revoke_function; -+ STORE_store_number; -+ BN_is_prime_ex; -+ STORE_revoke_public_key; -+ X509_STORE_CTX_get0_param; -+ STORE_delete_arbitrary; -+ PEM_read_X509_CERT_PAIR; -+ X509_STORE_set_depth; -+ ECDSA_get_ex_data; -+ SHA224; -+ BIO_dump_indent_fp; -+ EC_KEY_set_group; -+ BUF_strndup; -+ STORE_list_certificate_start; -+ BN_GF2m_mod; -+ X509_REQ_check_private_key; -+ EC_GROUP_get_seed_len; -+ ERR_load_STORE_strings; -+ PEM_read_bio_EC_PUBKEY; -+ STORE_list_private_key_end; -+ i2d_EC_PUBKEY; -+ ECDSA_get_default_method; -+ ASN1_put_eoc; -+ X509_STORE_CTX_get_explicit_policy; -+ X509_STORE_CTX_get_expl_policy; -+ X509_VERIFY_PARAM_table_cleanup; -+ STORE_modify_private_key; -+ X509_VERIFY_PARAM_free; -+ EC_METHOD_get_field_type; -+ EC_GFp_nist_method; -+ STORE_meth_set_modify_fn; -+ STORE_method_set_modify_function; -+ STORE_parse_attrs_next; -+ ENGINE_load_padlock; -+ EC_GROUP_set_curve_name; -+ X509_CERT_PAIR_it; -+ STORE_meth_get_revoke_fn; -+ STORE_method_get_revoke_function; -+ STORE_method_set_get_function; -+ STORE_modify_number; -+ STORE_method_get_store_function; -+ STORE_store_private_key; -+ BN_GF2m_mod_sqr_arr; -+ RSA_setup_blinding; -+ BIO_s_datagram; -+ STORE_Memory; -+ sk_find_ex; -+ EC_GROUP_set_curve_GF2m; -+ ENGINE_set_default_ECDSA; -+ POLICY_CONSTRAINTS_new; -+ BN_GF2m_mod_sqrt; -+ ECDH_set_default_method; -+ EC_KEY_generate_key; -+ SHA384_Update; -+ BN_GF2m_arr2poly; -+ STORE_method_get_get_function; -+ STORE_meth_set_cleanup_fn; -+ STORE_method_set_cleanup_function; -+ EC_GROUP_check; -+ d2i_ECPrivateKey_bio; -+ EC_KEY_insert_key_method_data; -+ STORE_meth_get_lock_store_fn; -+ STORE_method_get_lock_store_function; -+ X509_VERIFY_PARAM_get_depth; -+ SHA224_Final; -+ STORE_meth_set_update_store_fn; -+ STORE_method_set_update_store_function; -+ SHA224_Update; -+ d2i_ECPrivateKey; -+ ASN1_item_ndef_i2d; -+ STORE_delete_private_key; -+ ERR_pop_to_mark; -+ ENGINE_register_all_STORE; -+ X509_policy_level_get0_node; -+ i2d_PKCS7_NDEF; -+ EC_GROUP_get_degree; -+ ASN1_generate_v3; -+ STORE_ATTR_INFO_modify_cstr; -+ X509_policy_tree_level_count; -+ BN_GF2m_add; -+ EC_KEY_get0_group; -+ STORE_generate_crl; -+ STORE_store_public_key; -+ X509_CERT_PAIR_free; -+ STORE_revoke_private_key; -+ BN_nist_mod_224; -+ SHA512_Final; -+ STORE_ATTR_INFO_modify_dn; -+ STORE_meth_get_initialise_fn; -+ STORE_method_get_initialise_function; -+ STORE_delete_number; -+ i2d_EC_PUBKEY_bio; -+ BIO_dgram_non_fatal_error; -+ EC_GROUP_get_asn1_flag; -+ STORE_ATTR_INFO_in_ex; -+ STORE_list_crl_start; -+ ECDH_get_ex_new_index; -+ STORE_meth_get_modify_fn; -+ STORE_method_get_modify_function; -+ v2i_ASN1_BIT_STRING; -+ STORE_store_certificate; -+ OBJ_bsearch_ex; -+ X509_STORE_CTX_set_default; -+ STORE_ATTR_INFO_set_sha1str; -+ BN_GF2m_mod_inv; -+ BN_GF2m_mod_exp; -+ STORE_modify_public_key; -+ STORE_meth_get_list_start_fn; -+ STORE_method_get_list_start_function; -+ EC_GROUP_get0_seed; -+ STORE_store_arbitrary; -+ STORE_meth_set_unlock_store_fn; -+ STORE_method_set_unlock_store_function; -+ BN_GF2m_mod_div_arr; -+ ENGINE_set_ECDSA; -+ STORE_create_method; -+ ECPKParameters_print; -+ EC_KEY_get0_private_key; -+ PEM_write_EC_PUBKEY; -+ X509_VERIFY_PARAM_set1; -+ ECDH_set_method; -+ v2i_GENERAL_NAME_ex; -+ ECDH_set_ex_data; -+ STORE_generate_key; -+ BN_nist_mod_521; -+ X509_policy_tree_get0_level; -+ EC_GROUP_set_point_conversion_form; -+ EC_GROUP_set_point_conv_form; -+ PEM_read_EC_PUBKEY; -+ i2d_ECDSA_SIG; -+ ECDSA_OpenSSL; -+ STORE_delete_crl; -+ EC_KEY_get_enc_flags; -+ ASN1_const_check_infinite_end; -+ EVP_PKEY_delete_attr; -+ ECDSA_set_default_method; -+ EC_POINT_set_compressed_coordinates_GF2m; -+ EC_POINT_set_compr_coords_GF2m; -+ EC_GROUP_cmp; -+ STORE_revoke_certificate; -+ BN_get0_nist_prime_256; -+ STORE_meth_get_delete_fn; -+ STORE_method_get_delete_function; -+ SHA224_Init; -+ PEM_read_ECPrivateKey; -+ SHA512_Init; -+ STORE_parse_attrs_endp; -+ BN_set_negative; -+ ERR_load_ECDSA_strings; -+ EC_GROUP_get_basis_type; -+ STORE_list_public_key_next; -+ i2v_ASN1_BIT_STRING; -+ STORE_OBJECT_free; -+ BN_nist_mod_384; -+ i2d_X509_CERT_PAIR; -+ PEM_write_ECPKParameters; -+ ECDH_compute_key; -+ STORE_ATTR_INFO_get0_sha1str; -+ ENGINE_register_all_ECDH; -+ pqueue_pop; -+ STORE_ATTR_INFO_get0_cstr; -+ POLICY_CONSTRAINTS_it; -+ STORE_get_ex_new_index; -+ EVP_PKEY_get_attr_by_OBJ; -+ X509_VERIFY_PARAM_add0_policy; -+ BN_GF2m_mod_solve_quad; -+ SHA256; -+ i2d_ECPrivateKey_fp; -+ X509_policy_tree_get0_user_policies; -+ X509_pcy_tree_get0_usr_policies; -+ OPENSSL_DIR_read; -+ ENGINE_register_all_ECDSA; -+ X509_VERIFY_PARAM_lookup; -+ EC_POINT_get_affine_coordinates_GF2m; -+ EC_POINT_get_affine_coords_GF2m; -+ EC_GROUP_dup; -+ ENGINE_get_default_ECDSA; -+ EC_KEY_new; -+ SHA256_Transform; -+ EC_KEY_set_enc_flags; -+ ECDSA_verify; -+ EC_POINT_point2hex; -+ ENGINE_get_STORE; -+ SHA512; -+ STORE_get_certificate; -+ ECDSA_do_sign_ex; -+ ECDSA_do_verify; -+ d2i_ECPrivateKey_fp; -+ STORE_delete_certificate; -+ SHA512_Transform; -+ X509_STORE_set1_param; -+ STORE_method_get_ctrl_function; -+ STORE_free; -+ PEM_write_ECPrivateKey; -+ STORE_meth_get_unlock_store_fn; -+ STORE_method_get_unlock_store_function; -+ STORE_get_ex_data; -+ EC_KEY_set_public_key; -+ PEM_read_ECPKParameters; -+ X509_CERT_PAIR_new; -+ ENGINE_register_STORE; -+ RSA_generate_key_ex; -+ DSA_generate_parameters_ex; -+ ECParameters_print_fp; -+ X509V3_NAME_from_section; -+ EVP_PKEY_add1_attr; -+ STORE_modify_crl; -+ STORE_list_private_key_start; -+ POLICY_MAPPINGS_it; -+ GENERAL_SUBTREE_it; -+ EC_GROUP_get_curve_name; -+ PEM_write_X509_CERT_PAIR; -+ BIO_dump_indent_cb; -+ d2i_X509_CERT_PAIR; -+ STORE_list_private_key_endp; -+ asn1_const_Finish; -+ i2d_EC_PUBKEY_fp; -+ BN_nist_mod_256; -+ X509_VERIFY_PARAM_add0_table; -+ pqueue_free; -+ BN_BLINDING_create_param; -+ ECDSA_size; -+ d2i_EC_PUBKEY_bio; -+ BN_get0_nist_prime_521; -+ STORE_ATTR_INFO_modify_sha1str; -+ BN_generate_prime_ex; -+ EC_GROUP_new_by_curve_name; -+ SHA256_Final; -+ DH_generate_parameters_ex; -+ PEM_read_bio_ECPrivateKey; -+ STORE_meth_get_cleanup_fn; -+ STORE_method_get_cleanup_function; -+ ENGINE_get_ECDH; -+ d2i_ECDSA_SIG; -+ BN_is_prime_fasttest_ex; -+ ECDSA_sign; -+ X509_policy_check; -+ EVP_PKEY_get_attr_by_NID; -+ STORE_set_ex_data; -+ ENGINE_get_ECDSA; -+ EVP_ecdsa; -+ BN_BLINDING_get_flags; -+ PKCS12_add_cert; -+ STORE_OBJECT_new; -+ ERR_load_ECDH_strings; -+ EC_KEY_dup; -+ EVP_CIPHER_CTX_rand_key; -+ ECDSA_set_method; -+ a2i_IPADDRESS_NC; -+ d2i_ECParameters; -+ STORE_list_certificate_end; -+ STORE_get_crl; -+ X509_POLICY_NODE_print; -+ SHA384_Init; -+ EC_GF2m_simple_method; -+ ECDSA_set_ex_data; -+ SHA384_Final; -+ PKCS7_set_digest; -+ EC_KEY_print; -+ STORE_meth_set_lock_store_fn; -+ STORE_method_set_lock_store_function; -+ ECDSA_get_ex_new_index; -+ SHA384; -+ POLICY_MAPPING_new; -+ STORE_list_certificate_endp; -+ X509_STORE_CTX_get0_policy_tree; -+ EC_GROUP_set_asn1_flag; -+ EC_KEY_check_key; -+ d2i_EC_PUBKEY_fp; -+ PKCS7_set0_type_other; -+ PEM_read_bio_X509_CERT_PAIR; -+ pqueue_next; -+ STORE_meth_get_list_end_fn; -+ STORE_method_get_list_end_function; -+ EVP_PKEY_add1_attr_by_OBJ; -+ X509_VERIFY_PARAM_set_time; -+ pqueue_new; -+ ENGINE_set_default_ECDH; -+ STORE_new_method; -+ PKCS12_add_key; -+ DSO_merge; -+ EC_POINT_hex2point; -+ BIO_dump_cb; -+ SHA256_Update; -+ pqueue_insert; -+ pitem_free; -+ BN_GF2m_mod_inv_arr; -+ ENGINE_unregister_ECDSA; -+ BN_BLINDING_set_thread_id; -+ get_rfc3526_prime_8192; -+ X509_VERIFY_PARAM_clear_flags; -+ get_rfc2409_prime_1024; -+ DH_check_pub_key; -+ get_rfc3526_prime_2048; -+ get_rfc3526_prime_6144; -+ get_rfc3526_prime_1536; -+ get_rfc3526_prime_3072; -+ get_rfc3526_prime_4096; -+ get_rfc2409_prime_768; -+ X509_VERIFY_PARAM_get_flags; -+ EVP_CIPHER_CTX_new; -+ EVP_CIPHER_CTX_free; -+ Camellia_cbc_encrypt; -+ Camellia_cfb128_encrypt; -+ Camellia_cfb1_encrypt; -+ Camellia_cfb8_encrypt; -+ Camellia_ctr128_encrypt; -+ Camellia_cfbr_encrypt_block; -+ Camellia_decrypt; -+ Camellia_ecb_encrypt; -+ Camellia_encrypt; -+ Camellia_ofb128_encrypt; -+ Camellia_set_key; -+ EVP_camellia_128_cbc; -+ EVP_camellia_128_cfb128; -+ EVP_camellia_128_cfb1; -+ EVP_camellia_128_cfb8; -+ EVP_camellia_128_ecb; -+ EVP_camellia_128_ofb; -+ EVP_camellia_192_cbc; -+ EVP_camellia_192_cfb128; -+ EVP_camellia_192_cfb1; -+ EVP_camellia_192_cfb8; -+ EVP_camellia_192_ecb; -+ EVP_camellia_192_ofb; -+ EVP_camellia_256_cbc; -+ EVP_camellia_256_cfb128; -+ EVP_camellia_256_cfb1; -+ EVP_camellia_256_cfb8; -+ EVP_camellia_256_ecb; -+ EVP_camellia_256_ofb; -+ a2i_ipadd; -+ ASIdentifiers_free; -+ i2d_ASIdOrRange; -+ EVP_CIPHER_block_size; -+ v3_asid_is_canonical; -+ IPAddressChoice_free; -+ EVP_CIPHER_CTX_set_app_data; -+ BIO_set_callback_arg; -+ v3_addr_add_prefix; -+ IPAddressOrRange_it; -+ BIO_set_flags; -+ ASIdentifiers_it; -+ v3_addr_get_range; -+ BIO_method_type; -+ v3_addr_inherits; -+ IPAddressChoice_it; -+ AES_ige_encrypt; -+ v3_addr_add_range; -+ EVP_CIPHER_CTX_nid; -+ d2i_ASRange; -+ v3_addr_add_inherit; -+ v3_asid_add_id_or_range; -+ v3_addr_validate_resource_set; -+ EVP_CIPHER_iv_length; -+ EVP_MD_type; -+ v3_asid_canonize; -+ IPAddressRange_free; -+ v3_asid_add_inherit; -+ EVP_CIPHER_CTX_key_length; -+ IPAddressRange_new; -+ ASIdOrRange_new; -+ EVP_MD_size; -+ EVP_MD_CTX_test_flags; -+ BIO_clear_flags; -+ i2d_ASRange; -+ IPAddressRange_it; -+ IPAddressChoice_new; -+ ASIdentifierChoice_new; -+ ASRange_free; -+ EVP_MD_pkey_type; -+ EVP_MD_CTX_clear_flags; -+ IPAddressFamily_free; -+ i2d_IPAddressFamily; -+ IPAddressOrRange_new; -+ EVP_CIPHER_flags; -+ v3_asid_validate_resource_set; -+ d2i_IPAddressRange; -+ AES_bi_ige_encrypt; -+ BIO_get_callback; -+ IPAddressOrRange_free; -+ v3_addr_subset; -+ d2i_IPAddressFamily; -+ v3_asid_subset; -+ BIO_test_flags; -+ i2d_ASIdentifierChoice; -+ ASRange_it; -+ d2i_ASIdentifiers; -+ ASRange_new; -+ d2i_IPAddressChoice; -+ v3_addr_get_afi; -+ EVP_CIPHER_key_length; -+ EVP_Cipher; -+ i2d_IPAddressOrRange; -+ ASIdOrRange_it; -+ EVP_CIPHER_nid; -+ i2d_IPAddressChoice; -+ EVP_CIPHER_CTX_block_size; -+ ASIdentifiers_new; -+ v3_addr_validate_path; -+ IPAddressFamily_new; -+ EVP_MD_CTX_set_flags; -+ v3_addr_is_canonical; -+ i2d_IPAddressRange; -+ IPAddressFamily_it; -+ v3_asid_inherits; -+ EVP_CIPHER_CTX_cipher; -+ EVP_CIPHER_CTX_get_app_data; -+ EVP_MD_block_size; -+ EVP_CIPHER_CTX_flags; -+ v3_asid_validate_path; -+ d2i_IPAddressOrRange; -+ v3_addr_canonize; -+ ASIdentifierChoice_it; -+ EVP_MD_CTX_md; -+ d2i_ASIdentifierChoice; -+ BIO_method_name; -+ EVP_CIPHER_CTX_iv_length; -+ ASIdOrRange_free; -+ ASIdentifierChoice_free; -+ BIO_get_callback_arg; -+ BIO_set_callback; -+ d2i_ASIdOrRange; -+ i2d_ASIdentifiers; -+ SEED_decrypt; -+ SEED_encrypt; -+ SEED_cbc_encrypt; -+ EVP_seed_ofb; -+ SEED_cfb128_encrypt; -+ SEED_ofb128_encrypt; -+ EVP_seed_cbc; -+ SEED_ecb_encrypt; -+ EVP_seed_ecb; -+ SEED_set_key; -+ EVP_seed_cfb128; -+ X509_EXTENSIONS_it; -+ X509_get1_ocsp; -+ OCSP_REQ_CTX_free; -+ i2d_X509_EXTENSIONS; -+ OCSP_sendreq_nbio; -+ OCSP_sendreq_new; -+ d2i_X509_EXTENSIONS; -+ X509_ALGORS_it; -+ X509_ALGOR_get0; -+ X509_ALGOR_set0; -+ AES_unwrap_key; -+ AES_wrap_key; -+ X509at_get0_data_by_OBJ; -+ ASN1_TYPE_set1; -+ ASN1_STRING_set0; -+ i2d_X509_ALGORS; -+ BIO_f_zlib; -+ COMP_zlib_cleanup; -+ d2i_X509_ALGORS; -+ CMS_ReceiptRequest_free; -+ PEM_write_CMS; -+ CMS_add0_CertificateChoices; -+ CMS_unsigned_add1_attr_by_OBJ; -+ ERR_load_CMS_strings; -+ CMS_sign_receipt; -+ i2d_CMS_ContentInfo; -+ CMS_signed_delete_attr; -+ d2i_CMS_bio; -+ CMS_unsigned_get_attr_by_NID; -+ CMS_verify; -+ SMIME_read_CMS; -+ CMS_decrypt_set1_key; -+ CMS_SignerInfo_get0_algs; -+ CMS_add1_cert; -+ CMS_set_detached; -+ CMS_encrypt; -+ CMS_EnvelopedData_create; -+ CMS_uncompress; -+ CMS_add0_crl; -+ CMS_SignerInfo_verify_content; -+ CMS_unsigned_get0_data_by_OBJ; -+ PEM_write_bio_CMS; -+ CMS_unsigned_get_attr; -+ CMS_RecipientInfo_ktri_cert_cmp; -+ CMS_RecipientInfo_ktri_get0_algs; -+ CMS_RecipInfo_ktri_get0_algs; -+ CMS_ContentInfo_free; -+ CMS_final; -+ CMS_add_simple_smimecap; -+ CMS_SignerInfo_verify; -+ CMS_data; -+ CMS_ContentInfo_it; -+ d2i_CMS_ReceiptRequest; -+ CMS_compress; -+ CMS_digest_create; -+ CMS_SignerInfo_cert_cmp; -+ CMS_SignerInfo_sign; -+ CMS_data_create; -+ i2d_CMS_bio; -+ CMS_EncryptedData_set1_key; -+ CMS_decrypt; -+ int_smime_write_ASN1; -+ CMS_unsigned_delete_attr; -+ CMS_unsigned_get_attr_count; -+ CMS_add_smimecap; -+ PEM_read_CMS; -+ CMS_signed_get_attr_by_OBJ; -+ d2i_CMS_ContentInfo; -+ CMS_add_standard_smimecap; -+ CMS_ContentInfo_new; -+ CMS_RecipientInfo_type; -+ CMS_get0_type; -+ CMS_is_detached; -+ CMS_sign; -+ CMS_signed_add1_attr; -+ CMS_unsigned_get_attr_by_OBJ; -+ SMIME_write_CMS; -+ CMS_EncryptedData_decrypt; -+ CMS_get0_RecipientInfos; -+ CMS_add0_RevocationInfoChoice; -+ CMS_decrypt_set1_pkey; -+ CMS_SignerInfo_set1_signer_cert; -+ CMS_get0_signers; -+ CMS_ReceiptRequest_get0_values; -+ CMS_signed_get0_data_by_OBJ; -+ CMS_get0_SignerInfos; -+ CMS_add0_cert; -+ CMS_EncryptedData_encrypt; -+ CMS_digest_verify; -+ CMS_set1_signers_certs; -+ CMS_signed_get_attr; -+ CMS_RecipientInfo_set0_key; -+ CMS_SignedData_init; -+ CMS_RecipientInfo_kekri_get0_id; -+ CMS_verify_receipt; -+ CMS_ReceiptRequest_it; -+ PEM_read_bio_CMS; -+ CMS_get1_crls; -+ CMS_add0_recipient_key; -+ SMIME_read_ASN1; -+ CMS_ReceiptRequest_new; -+ CMS_get0_content; -+ CMS_get1_ReceiptRequest; -+ CMS_signed_add1_attr_by_OBJ; -+ CMS_RecipientInfo_kekri_id_cmp; -+ CMS_add1_ReceiptRequest; -+ CMS_SignerInfo_get0_signer_id; -+ CMS_unsigned_add1_attr_by_NID; -+ CMS_unsigned_add1_attr; -+ CMS_signed_get_attr_by_NID; -+ CMS_get1_certs; -+ CMS_signed_add1_attr_by_NID; -+ CMS_unsigned_add1_attr_by_txt; -+ CMS_dataFinal; -+ CMS_RecipientInfo_ktri_get0_signer_id; -+ CMS_RecipInfo_ktri_get0_sigr_id; -+ i2d_CMS_ReceiptRequest; -+ CMS_add1_recipient_cert; -+ CMS_dataInit; -+ CMS_signed_add1_attr_by_txt; -+ CMS_RecipientInfo_decrypt; -+ CMS_signed_get_attr_count; -+ CMS_get0_eContentType; -+ CMS_set1_eContentType; -+ CMS_ReceiptRequest_create0; -+ CMS_add1_signer; -+ CMS_RecipientInfo_set0_pkey; -+ ENGINE_set_load_ssl_client_cert_function; -+ ENGINE_set_ld_ssl_clnt_cert_fn; -+ ENGINE_get_ssl_client_cert_function; -+ ENGINE_get_ssl_client_cert_fn; -+ ENGINE_load_ssl_client_cert; -+ ENGINE_load_capi; -+ OPENSSL_isservice; -+ FIPS_dsa_sig_decode; -+ EVP_CIPHER_CTX_clear_flags; -+ FIPS_rand_status; -+ FIPS_rand_set_key; -+ CRYPTO_set_mem_info_functions; -+ RSA_X931_generate_key_ex; -+ int_ERR_set_state_func; -+ int_EVP_MD_set_engine_callbacks; -+ int_CRYPTO_set_do_dynlock_callback; -+ FIPS_rng_stick; -+ EVP_CIPHER_CTX_set_flags; -+ BN_X931_generate_prime_ex; -+ FIPS_selftest_check; -+ FIPS_rand_set_dt; -+ CRYPTO_dbg_pop_info; -+ FIPS_dsa_free; -+ RSA_X931_derive_ex; -+ FIPS_rsa_new; -+ FIPS_rand_bytes; -+ fips_cipher_test; -+ EVP_CIPHER_CTX_test_flags; -+ CRYPTO_malloc_debug_init; -+ CRYPTO_dbg_push_info; -+ FIPS_corrupt_rsa_keygen; -+ FIPS_dh_new; -+ FIPS_corrupt_dsa_keygen; -+ FIPS_dh_free; -+ fips_pkey_signature_test; -+ EVP_add_alg_module; -+ int_RAND_init_engine_callbacks; -+ int_EVP_CIPHER_set_engine_callbacks; -+ int_EVP_MD_init_engine_callbacks; -+ FIPS_rand_test_mode; -+ FIPS_rand_reset; -+ FIPS_dsa_new; -+ int_RAND_set_callbacks; -+ BN_X931_derive_prime_ex; -+ int_ERR_lib_init; -+ int_EVP_CIPHER_init_engine_callbacks; -+ FIPS_rsa_free; -+ FIPS_dsa_sig_encode; -+ CRYPTO_dbg_remove_all_info; -+ OPENSSL_init; -+ CRYPTO_strdup; -+ JPAKE_STEP3A_process; -+ JPAKE_STEP1_release; -+ JPAKE_get_shared_key; -+ JPAKE_STEP3B_init; -+ JPAKE_STEP1_generate; -+ JPAKE_STEP1_init; -+ JPAKE_STEP3B_process; -+ JPAKE_STEP2_generate; -+ JPAKE_CTX_new; -+ JPAKE_CTX_free; -+ JPAKE_STEP3B_release; -+ JPAKE_STEP3A_release; -+ JPAKE_STEP2_process; -+ JPAKE_STEP3B_generate; -+ JPAKE_STEP1_process; -+ JPAKE_STEP3A_generate; -+ JPAKE_STEP2_release; -+ JPAKE_STEP3A_init; -+ ERR_load_JPAKE_strings; -+ JPAKE_STEP2_init; -+ pqueue_size; -+ i2d_TS_ACCURACY; -+ i2d_TS_MSG_IMPRINT_fp; -+ i2d_TS_MSG_IMPRINT; -+ EVP_PKEY_print_public; -+ EVP_PKEY_CTX_new; -+ i2d_TS_TST_INFO; -+ EVP_PKEY_asn1_find; -+ DSO_METHOD_beos; -+ TS_CONF_load_cert; -+ TS_REQ_get_ext; -+ EVP_PKEY_sign_init; -+ ASN1_item_print; -+ TS_TST_INFO_set_nonce; -+ TS_RESP_dup; -+ ENGINE_register_pkey_meths; -+ EVP_PKEY_asn1_add0; -+ PKCS7_add0_attrib_signing_time; -+ i2d_TS_TST_INFO_fp; -+ BIO_asn1_get_prefix; -+ TS_TST_INFO_set_time; -+ EVP_PKEY_meth_set_decrypt; -+ EVP_PKEY_set_type_str; -+ EVP_PKEY_CTX_get_keygen_info; -+ TS_REQ_set_policy_id; -+ d2i_TS_RESP_fp; -+ ENGINE_get_pkey_asn1_meth_engine; -+ ENGINE_get_pkey_asn1_meth_eng; -+ WHIRLPOOL_Init; -+ TS_RESP_set_status_info; -+ EVP_PKEY_keygen; -+ EVP_DigestSignInit; -+ TS_ACCURACY_set_millis; -+ TS_REQ_dup; -+ GENERAL_NAME_dup; -+ ASN1_SEQUENCE_ANY_it; -+ WHIRLPOOL; -+ X509_STORE_get1_crls; -+ ENGINE_get_pkey_asn1_meth; -+ EVP_PKEY_asn1_new; -+ BIO_new_NDEF; -+ ENGINE_get_pkey_meth; -+ TS_MSG_IMPRINT_set_algo; -+ i2d_TS_TST_INFO_bio; -+ TS_TST_INFO_set_ordering; -+ TS_TST_INFO_get_ext_by_OBJ; -+ CRYPTO_THREADID_set_pointer; -+ TS_CONF_get_tsa_section; -+ SMIME_write_ASN1; -+ TS_RESP_CTX_set_signer_key; -+ EVP_PKEY_encrypt_old; -+ EVP_PKEY_encrypt_init; -+ CRYPTO_THREADID_cpy; -+ ASN1_PCTX_get_cert_flags; -+ i2d_ESS_SIGNING_CERT; -+ TS_CONF_load_key; -+ i2d_ASN1_SEQUENCE_ANY; -+ d2i_TS_MSG_IMPRINT_bio; -+ EVP_PKEY_asn1_set_public; -+ b2i_PublicKey_bio; -+ BIO_asn1_set_prefix; -+ EVP_PKEY_new_mac_key; -+ BIO_new_CMS; -+ CRYPTO_THREADID_cmp; -+ TS_REQ_ext_free; -+ EVP_PKEY_asn1_set_free; -+ EVP_PKEY_get0_asn1; -+ d2i_NETSCAPE_X509; -+ EVP_PKEY_verify_recover_init; -+ EVP_PKEY_CTX_set_data; -+ EVP_PKEY_keygen_init; -+ TS_RESP_CTX_set_status_info; -+ TS_MSG_IMPRINT_get_algo; -+ TS_REQ_print_bio; -+ EVP_PKEY_CTX_ctrl_str; -+ EVP_PKEY_get_default_digest_nid; -+ PEM_write_bio_PKCS7_stream; -+ TS_MSG_IMPRINT_print_bio; -+ BN_asc2bn; -+ TS_REQ_get_policy_id; -+ ENGINE_set_default_pkey_asn1_meths; -+ ENGINE_set_def_pkey_asn1_meths; -+ d2i_TS_ACCURACY; -+ DSO_global_lookup; -+ TS_CONF_set_tsa_name; -+ i2d_ASN1_SET_ANY; -+ ENGINE_load_gost; -+ WHIRLPOOL_BitUpdate; -+ ASN1_PCTX_get_flags; -+ TS_TST_INFO_get_ext_by_NID; -+ TS_RESP_new; -+ ESS_CERT_ID_dup; -+ TS_STATUS_INFO_dup; -+ TS_REQ_delete_ext; -+ EVP_DigestVerifyFinal; -+ EVP_PKEY_print_params; -+ i2d_CMS_bio_stream; -+ TS_REQ_get_msg_imprint; -+ OBJ_find_sigid_by_algs; -+ TS_TST_INFO_get_serial; -+ TS_REQ_get_nonce; -+ X509_PUBKEY_set0_param; -+ EVP_PKEY_CTX_set0_keygen_info; -+ DIST_POINT_set_dpname; -+ i2d_ISSUING_DIST_POINT; -+ ASN1_SET_ANY_it; -+ EVP_PKEY_CTX_get_data; -+ TS_STATUS_INFO_print_bio; -+ EVP_PKEY_derive_init; -+ d2i_TS_TST_INFO; -+ EVP_PKEY_asn1_add_alias; -+ d2i_TS_RESP_bio; -+ OTHERNAME_cmp; -+ GENERAL_NAME_set0_value; -+ PKCS7_RECIP_INFO_get0_alg; -+ TS_RESP_CTX_new; -+ TS_RESP_set_tst_info; -+ PKCS7_final; -+ EVP_PKEY_base_id; -+ TS_RESP_CTX_set_signer_cert; -+ TS_REQ_set_msg_imprint; -+ EVP_PKEY_CTX_ctrl; -+ TS_CONF_set_digests; -+ d2i_TS_MSG_IMPRINT; -+ EVP_PKEY_meth_set_ctrl; -+ TS_REQ_get_ext_by_NID; -+ PKCS5_pbe_set0_algor; -+ BN_BLINDING_thread_id; -+ TS_ACCURACY_new; -+ X509_CRL_METHOD_free; -+ ASN1_PCTX_get_nm_flags; -+ EVP_PKEY_meth_set_sign; -+ CRYPTO_THREADID_current; -+ EVP_PKEY_decrypt_init; -+ NETSCAPE_X509_free; -+ i2b_PVK_bio; -+ EVP_PKEY_print_private; -+ GENERAL_NAME_get0_value; -+ b2i_PVK_bio; -+ ASN1_UTCTIME_adj; -+ TS_TST_INFO_new; -+ EVP_MD_do_all_sorted; -+ TS_CONF_set_default_engine; -+ TS_ACCURACY_set_seconds; -+ TS_TST_INFO_get_time; -+ PKCS8_pkey_get0; -+ EVP_PKEY_asn1_get0; -+ OBJ_add_sigid; -+ PKCS7_SIGNER_INFO_sign; -+ EVP_PKEY_paramgen_init; -+ EVP_PKEY_sign; -+ OBJ_sigid_free; -+ EVP_PKEY_meth_set_init; -+ d2i_ESS_ISSUER_SERIAL; -+ ISSUING_DIST_POINT_new; -+ ASN1_TIME_adj; -+ TS_OBJ_print_bio; -+ EVP_PKEY_meth_set_verify_recover; -+ EVP_PKEY_meth_set_vrfy_recover; -+ TS_RESP_get_status_info; -+ CMS_stream; -+ EVP_PKEY_CTX_set_cb; -+ PKCS7_to_TS_TST_INFO; -+ ASN1_PCTX_get_oid_flags; -+ TS_TST_INFO_add_ext; -+ EVP_PKEY_meth_set_derive; -+ i2d_TS_RESP_fp; -+ i2d_TS_MSG_IMPRINT_bio; -+ TS_RESP_CTX_set_accuracy; -+ TS_REQ_set_nonce; -+ ESS_CERT_ID_new; -+ ENGINE_pkey_asn1_find_str; -+ TS_REQ_get_ext_count; -+ BUF_reverse; -+ TS_TST_INFO_print_bio; -+ d2i_ISSUING_DIST_POINT; -+ ENGINE_get_pkey_meths; -+ i2b_PrivateKey_bio; -+ i2d_TS_RESP; -+ b2i_PublicKey; -+ TS_VERIFY_CTX_cleanup; -+ TS_STATUS_INFO_free; -+ TS_RESP_verify_token; -+ OBJ_bsearch_ex_; -+ ASN1_bn_print; -+ EVP_PKEY_asn1_get_count; -+ ENGINE_register_pkey_asn1_meths; -+ ASN1_PCTX_set_nm_flags; -+ EVP_DigestVerifyInit; -+ ENGINE_set_default_pkey_meths; -+ TS_TST_INFO_get_policy_id; -+ TS_REQ_get_cert_req; -+ X509_CRL_set_meth_data; -+ PKCS8_pkey_set0; -+ ASN1_STRING_copy; -+ d2i_TS_TST_INFO_fp; -+ X509_CRL_match; -+ EVP_PKEY_asn1_set_private; -+ TS_TST_INFO_get_ext_d2i; -+ TS_RESP_CTX_add_policy; -+ d2i_TS_RESP; -+ TS_CONF_load_certs; -+ TS_TST_INFO_get_msg_imprint; -+ ERR_load_TS_strings; -+ TS_TST_INFO_get_version; -+ EVP_PKEY_CTX_dup; -+ EVP_PKEY_meth_set_verify; -+ i2b_PublicKey_bio; -+ TS_CONF_set_certs; -+ EVP_PKEY_asn1_get0_info; -+ TS_VERIFY_CTX_free; -+ TS_REQ_get_ext_by_critical; -+ TS_RESP_CTX_set_serial_cb; -+ X509_CRL_get_meth_data; -+ TS_RESP_CTX_set_time_cb; -+ TS_MSG_IMPRINT_get_msg; -+ TS_TST_INFO_ext_free; -+ TS_REQ_get_version; -+ TS_REQ_add_ext; -+ EVP_PKEY_CTX_set_app_data; -+ OBJ_bsearch_; -+ EVP_PKEY_meth_set_verifyctx; -+ i2d_PKCS7_bio_stream; -+ CRYPTO_THREADID_set_numeric; -+ PKCS7_sign_add_signer; -+ d2i_TS_TST_INFO_bio; -+ TS_TST_INFO_get_ordering; -+ TS_RESP_print_bio; -+ TS_TST_INFO_get_exts; -+ HMAC_CTX_copy; -+ PKCS5_pbe2_set_iv; -+ ENGINE_get_pkey_asn1_meths; -+ b2i_PrivateKey; -+ EVP_PKEY_CTX_get_app_data; -+ TS_REQ_set_cert_req; -+ CRYPTO_THREADID_set_callback; -+ TS_CONF_set_serial; -+ TS_TST_INFO_free; -+ d2i_TS_REQ_fp; -+ TS_RESP_verify_response; -+ i2d_ESS_ISSUER_SERIAL; -+ TS_ACCURACY_get_seconds; -+ EVP_CIPHER_do_all; -+ b2i_PrivateKey_bio; -+ OCSP_CERTID_dup; -+ X509_PUBKEY_get0_param; -+ TS_MSG_IMPRINT_dup; -+ PKCS7_print_ctx; -+ i2d_TS_REQ_bio; -+ EVP_whirlpool; -+ EVP_PKEY_asn1_set_param; -+ EVP_PKEY_meth_set_encrypt; -+ ASN1_PCTX_set_flags; -+ i2d_ESS_CERT_ID; -+ TS_VERIFY_CTX_new; -+ TS_RESP_CTX_set_extension_cb; -+ ENGINE_register_all_pkey_meths; -+ TS_RESP_CTX_set_status_info_cond; -+ TS_RESP_CTX_set_stat_info_cond; -+ EVP_PKEY_verify; -+ WHIRLPOOL_Final; -+ X509_CRL_METHOD_new; -+ EVP_DigestSignFinal; -+ TS_RESP_CTX_set_def_policy; -+ NETSCAPE_X509_it; -+ TS_RESP_create_response; -+ PKCS7_SIGNER_INFO_get0_algs; -+ TS_TST_INFO_get_nonce; -+ EVP_PKEY_decrypt_old; -+ TS_TST_INFO_set_policy_id; -+ TS_CONF_set_ess_cert_id_chain; -+ EVP_PKEY_CTX_get0_pkey; -+ d2i_TS_REQ; -+ EVP_PKEY_asn1_find_str; -+ BIO_f_asn1; -+ ESS_SIGNING_CERT_new; -+ EVP_PBE_find; -+ X509_CRL_get0_by_cert; -+ EVP_PKEY_derive; -+ i2d_TS_REQ; -+ TS_TST_INFO_delete_ext; -+ ESS_ISSUER_SERIAL_free; -+ ASN1_PCTX_set_str_flags; -+ ENGINE_get_pkey_asn1_meth_str; -+ TS_CONF_set_signer_key; -+ TS_ACCURACY_get_millis; -+ TS_RESP_get_token; -+ TS_ACCURACY_dup; -+ ENGINE_register_all_pkey_asn1_meths; -+ ENGINE_reg_all_pkey_asn1_meths; -+ X509_CRL_set_default_method; -+ CRYPTO_THREADID_hash; -+ CMS_ContentInfo_print_ctx; -+ TS_RESP_free; -+ ISSUING_DIST_POINT_free; -+ ESS_ISSUER_SERIAL_new; -+ CMS_add1_crl; -+ PKCS7_add1_attrib_digest; -+ TS_RESP_CTX_add_md; -+ TS_TST_INFO_dup; -+ ENGINE_set_pkey_asn1_meths; -+ PEM_write_bio_Parameters; -+ TS_TST_INFO_get_accuracy; -+ X509_CRL_get0_by_serial; -+ TS_TST_INFO_set_version; -+ TS_RESP_CTX_get_tst_info; -+ TS_RESP_verify_signature; -+ CRYPTO_THREADID_get_callback; -+ TS_TST_INFO_get_tsa; -+ TS_STATUS_INFO_new; -+ EVP_PKEY_CTX_get_cb; -+ TS_REQ_get_ext_d2i; -+ GENERAL_NAME_set0_othername; -+ TS_TST_INFO_get_ext_count; -+ TS_RESP_CTX_get_request; -+ i2d_NETSCAPE_X509; -+ ENGINE_get_pkey_meth_engine; -+ EVP_PKEY_meth_set_signctx; -+ EVP_PKEY_asn1_copy; -+ ASN1_TYPE_cmp; -+ EVP_CIPHER_do_all_sorted; -+ EVP_PKEY_CTX_free; -+ ISSUING_DIST_POINT_it; -+ d2i_TS_MSG_IMPRINT_fp; -+ X509_STORE_get1_certs; -+ EVP_PKEY_CTX_get_operation; -+ d2i_ESS_SIGNING_CERT; -+ TS_CONF_set_ordering; -+ EVP_PBE_alg_add_type; -+ TS_REQ_set_version; -+ EVP_PKEY_get0; -+ BIO_asn1_set_suffix; -+ i2d_TS_STATUS_INFO; -+ EVP_MD_do_all; -+ TS_TST_INFO_set_accuracy; -+ PKCS7_add_attrib_content_type; -+ ERR_remove_thread_state; -+ EVP_PKEY_meth_add0; -+ TS_TST_INFO_set_tsa; -+ EVP_PKEY_meth_new; -+ WHIRLPOOL_Update; -+ TS_CONF_set_accuracy; -+ ASN1_PCTX_set_oid_flags; -+ ESS_SIGNING_CERT_dup; -+ d2i_TS_REQ_bio; -+ X509_time_adj_ex; -+ TS_RESP_CTX_add_flags; -+ d2i_TS_STATUS_INFO; -+ TS_MSG_IMPRINT_set_msg; -+ BIO_asn1_get_suffix; -+ TS_REQ_free; -+ EVP_PKEY_meth_free; -+ TS_REQ_get_exts; -+ TS_RESP_CTX_set_clock_precision_digits; -+ TS_RESP_CTX_set_clk_prec_digits; -+ TS_RESP_CTX_add_failure_info; -+ i2d_TS_RESP_bio; -+ EVP_PKEY_CTX_get0_peerkey; -+ PEM_write_bio_CMS_stream; -+ TS_REQ_new; -+ TS_MSG_IMPRINT_new; -+ EVP_PKEY_meth_find; -+ EVP_PKEY_id; -+ TS_TST_INFO_set_serial; -+ a2i_GENERAL_NAME; -+ TS_CONF_set_crypto_device; -+ EVP_PKEY_verify_init; -+ TS_CONF_set_policies; -+ ASN1_PCTX_new; -+ ESS_CERT_ID_free; -+ ENGINE_unregister_pkey_meths; -+ TS_MSG_IMPRINT_free; -+ TS_VERIFY_CTX_init; -+ PKCS7_stream; -+ TS_RESP_CTX_set_certs; -+ TS_CONF_set_def_policy; -+ ASN1_GENERALIZEDTIME_adj; -+ NETSCAPE_X509_new; -+ TS_ACCURACY_free; -+ TS_RESP_get_tst_info; -+ EVP_PKEY_derive_set_peer; -+ PEM_read_bio_Parameters; -+ TS_CONF_set_clock_precision_digits; -+ TS_CONF_set_clk_prec_digits; -+ ESS_ISSUER_SERIAL_dup; -+ TS_ACCURACY_get_micros; -+ ASN1_PCTX_get_str_flags; -+ NAME_CONSTRAINTS_check; -+ ASN1_BIT_STRING_check; -+ X509_check_akid; -+ ENGINE_unregister_pkey_asn1_meths; -+ ENGINE_unreg_pkey_asn1_meths; -+ ASN1_PCTX_free; -+ PEM_write_bio_ASN1_stream; -+ i2d_ASN1_bio_stream; -+ TS_X509_ALGOR_print_bio; -+ EVP_PKEY_meth_set_cleanup; -+ EVP_PKEY_asn1_free; -+ ESS_SIGNING_CERT_free; -+ TS_TST_INFO_set_msg_imprint; -+ GENERAL_NAME_cmp; -+ d2i_ASN1_SET_ANY; -+ ENGINE_set_pkey_meths; -+ i2d_TS_REQ_fp; -+ d2i_ASN1_SEQUENCE_ANY; -+ GENERAL_NAME_get0_otherName; -+ d2i_ESS_CERT_ID; -+ OBJ_find_sigid_algs; -+ EVP_PKEY_meth_set_keygen; -+ PKCS5_PBKDF2_HMAC; -+ EVP_PKEY_paramgen; -+ EVP_PKEY_meth_set_paramgen; -+ BIO_new_PKCS7; -+ EVP_PKEY_verify_recover; -+ TS_ext_print_bio; -+ TS_ASN1_INTEGER_print_bio; -+ check_defer; -+ DSO_pathbyaddr; -+ EVP_PKEY_set_type; -+ TS_ACCURACY_set_micros; -+ TS_REQ_to_TS_VERIFY_CTX; -+ EVP_PKEY_meth_set_copy; -+ ASN1_PCTX_set_cert_flags; -+ TS_TST_INFO_get_ext; -+ EVP_PKEY_asn1_set_ctrl; -+ TS_TST_INFO_get_ext_by_critical; -+ EVP_PKEY_CTX_new_id; -+ TS_REQ_get_ext_by_OBJ; -+ TS_CONF_set_signer_cert; -+ X509_NAME_hash_old; -+ ASN1_TIME_set_string; -+ EVP_MD_flags; -+ TS_RESP_CTX_free; -+ DSAparams_dup; -+ DHparams_dup; -+ OCSP_REQ_CTX_add1_header; -+ OCSP_REQ_CTX_set1_req; -+ X509_STORE_set_verify_cb; -+ X509_STORE_CTX_get0_current_crl; -+ X509_STORE_CTX_get0_parent_ctx; -+ X509_STORE_CTX_get0_current_issuer; -+ X509_STORE_CTX_get0_cur_issuer; -+ X509_issuer_name_hash_old; -+ X509_subject_name_hash_old; -+ EVP_CIPHER_CTX_copy; -+ UI_method_get_prompt_constructor; -+ UI_method_get_prompt_constructr; -+ UI_method_set_prompt_constructor; -+ UI_method_set_prompt_constructr; -+ EVP_read_pw_string_min; -+ CRYPTO_cts128_encrypt; -+ CRYPTO_cts128_decrypt_block; -+ CRYPTO_cfb128_1_encrypt; -+ CRYPTO_cbc128_encrypt; -+ CRYPTO_ctr128_encrypt; -+ CRYPTO_ofb128_encrypt; -+ CRYPTO_cts128_decrypt; -+ CRYPTO_cts128_encrypt_block; -+ CRYPTO_cbc128_decrypt; -+ CRYPTO_cfb128_encrypt; -+ CRYPTO_cfb128_8_encrypt; -+ SSL_renegotiate_abbreviated; -+ TLSv1_1_method; -+ TLSv1_1_client_method; -+ TLSv1_1_server_method; -+ SSL_CTX_set_srp_client_pwd_callback; -+ SSL_CTX_set_srp_client_pwd_cb; -+ SSL_get_srp_g; -+ SSL_CTX_set_srp_username_callback; -+ SSL_CTX_set_srp_un_cb; -+ SSL_get_srp_userinfo; -+ SSL_set_srp_server_param; -+ SSL_set_srp_server_param_pw; -+ SSL_get_srp_N; -+ SSL_get_srp_username; -+ SSL_CTX_set_srp_password; -+ SSL_CTX_set_srp_strength; -+ SSL_CTX_set_srp_verify_param_callback; -+ SSL_CTX_set_srp_vfy_param_cb; -+ SSL_CTX_set_srp_cb_arg; -+ SSL_CTX_set_srp_username; -+ SSL_CTX_SRP_CTX_init; -+ SSL_SRP_CTX_init; -+ SRP_Calc_A_param; -+ SRP_generate_server_master_secret; -+ SRP_gen_server_master_secret; -+ SSL_CTX_SRP_CTX_free; -+ SRP_generate_client_master_secret; -+ SRP_gen_client_master_secret; -+ SSL_srp_server_param_with_username; -+ SSL_srp_server_param_with_un; -+ SSL_SRP_CTX_free; -+ SSL_set_debug; -+ SSL_SESSION_get0_peer; -+ TLSv1_2_client_method; -+ SSL_SESSION_set1_id_context; -+ TLSv1_2_server_method; -+ SSL_cache_hit; -+ SSL_get0_kssl_ctx; -+ SSL_set0_kssl_ctx; -+ SSL_set_state; -+ SSL_CIPHER_get_id; -+ TLSv1_2_method; -+ kssl_ctx_get0_client_princ; -+ SSL_export_keying_material; -+ SSL_set_tlsext_use_srtp; -+ SSL_CTX_set_next_protos_advertised_cb; -+ SSL_CTX_set_next_protos_adv_cb; -+ SSL_get0_next_proto_negotiated; -+ SSL_get_selected_srtp_profile; -+ SSL_CTX_set_tlsext_use_srtp; -+ SSL_select_next_proto; -+ SSL_get_srtp_profiles; -+ SSL_CTX_set_next_proto_select_cb; -+ SSL_CTX_set_next_proto_sel_cb; -+ SSL_SESSION_get_compress_id; -+ -+ SRP_VBASE_get_by_user; -+ SRP_Calc_server_key; -+ SRP_create_verifier; -+ SRP_create_verifier_BN; -+ SRP_Calc_u; -+ SRP_VBASE_free; -+ SRP_Calc_client_key; -+ SRP_get_default_gN; -+ SRP_Calc_x; -+ SRP_Calc_B; -+ SRP_VBASE_new; -+ SRP_check_known_gN_param; -+ SRP_Calc_A; -+ SRP_Verify_A_mod_N; -+ SRP_VBASE_init; -+ SRP_Verify_B_mod_N; -+ EC_KEY_set_public_key_affine_coordinates; -+ EC_KEY_set_pub_key_aff_coords; -+ EVP_aes_192_ctr; -+ EVP_PKEY_meth_get0_info; -+ EVP_PKEY_meth_copy; -+ ERR_add_error_vdata; -+ EVP_aes_128_ctr; -+ EVP_aes_256_ctr; -+ EC_GFp_nistp224_method; -+ EC_KEY_get_flags; -+ RSA_padding_add_PKCS1_PSS_mgf1; -+ EVP_aes_128_xts; -+ EVP_aes_256_xts; -+ EVP_aes_128_gcm; -+ EC_KEY_clear_flags; -+ EC_KEY_set_flags; -+ EVP_aes_256_ccm; -+ RSA_verify_PKCS1_PSS_mgf1; -+ EVP_aes_128_ccm; -+ EVP_aes_192_gcm; -+ X509_ALGOR_set_md; -+ RAND_init_fips; -+ EVP_aes_256_gcm; -+ EVP_aes_192_ccm; -+ CMAC_CTX_copy; -+ CMAC_CTX_free; -+ CMAC_CTX_get0_cipher_ctx; -+ CMAC_CTX_cleanup; -+ CMAC_Init; -+ CMAC_Update; -+ CMAC_resume; -+ CMAC_CTX_new; -+ CMAC_Final; -+ CRYPTO_ctr128_encrypt_ctr32; -+ CRYPTO_gcm128_release; -+ CRYPTO_ccm128_decrypt_ccm64; -+ CRYPTO_ccm128_encrypt; -+ CRYPTO_gcm128_encrypt; -+ CRYPTO_xts128_encrypt; -+ EVP_rc4_hmac_md5; -+ CRYPTO_nistcts128_decrypt_block; -+ CRYPTO_gcm128_setiv; -+ CRYPTO_nistcts128_encrypt; -+ EVP_aes_128_cbc_hmac_sha1; -+ CRYPTO_gcm128_tag; -+ CRYPTO_ccm128_encrypt_ccm64; -+ ENGINE_load_rdrand; -+ CRYPTO_ccm128_setiv; -+ CRYPTO_nistcts128_encrypt_block; -+ CRYPTO_gcm128_aad; -+ CRYPTO_ccm128_init; -+ CRYPTO_nistcts128_decrypt; -+ CRYPTO_gcm128_new; -+ CRYPTO_ccm128_tag; -+ CRYPTO_ccm128_decrypt; -+ CRYPTO_ccm128_aad; -+ CRYPTO_gcm128_init; -+ CRYPTO_gcm128_decrypt; -+ ENGINE_load_rsax; -+ CRYPTO_gcm128_decrypt_ctr32; -+ CRYPTO_gcm128_encrypt_ctr32; -+ CRYPTO_gcm128_finish; -+ EVP_aes_256_cbc_hmac_sha1; -+ PKCS5_pbkdf2_set; -+ CMS_add0_recipient_password; -+ CMS_decrypt_set1_password; -+ CMS_RecipientInfo_set0_password; -+ RAND_set_fips_drbg_type; -+ X509_REQ_sign_ctx; -+ RSA_PSS_PARAMS_new; -+ X509_CRL_sign_ctx; -+ X509_signature_dump; -+ d2i_RSA_PSS_PARAMS; -+ RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_free; -+ X509_sign_ctx; -+ i2d_RSA_PSS_PARAMS; -+ ASN1_item_sign_ctx; -+ EC_GFp_nistp521_method; -+ EC_GFp_nistp256_method; -+ OPENSSL_stderr; -+ OPENSSL_cpuid_setup; -+ OPENSSL_showfatal; -+ BIO_new_dgram_sctp; -+ BIO_dgram_sctp_msg_waiting; -+ BIO_dgram_sctp_wait_for_dry; -+ BIO_s_datagram_sctp; -+ BIO_dgram_is_sctp; -+ BIO_dgram_sctp_notification_cb; -+ CRYPTO_memcmp; -+ SSL_CTX_set_alpn_protos; -+ SSL_set_alpn_protos; -+ SSL_CTX_set_alpn_select_cb; -+ SSL_get0_alpn_selected; -+ SSL_CTX_set_custom_cli_ext; -+ SSL_CTX_set_custom_srv_ext; -+ SSL_CTX_set_srv_supp_data; -+ SSL_CTX_set_cli_supp_data; -+ SSL_set_cert_cb; -+ SSL_CTX_use_serverinfo; -+ SSL_CTX_use_serverinfo_file; -+ SSL_CTX_set_cert_cb; -+ SSL_CTX_get0_param; -+ SSL_get0_param; -+ SSL_certs_clear; -+ DTLSv1_2_method; -+ DTLSv1_2_server_method; -+ DTLSv1_2_client_method; -+ DTLS_method; -+ DTLS_server_method; -+ DTLS_client_method; -+ SSL_CTX_get_ssl_method; -+ SSL_CTX_get0_certificate; -+ SSL_CTX_get0_privatekey; -+ SSL_COMP_set0_compression_methods; -+ SSL_COMP_free_compression_methods; -+ SSL_CIPHER_find; -+ SSL_is_server; -+ SSL_CONF_CTX_new; -+ SSL_CONF_CTX_finish; -+ SSL_CONF_CTX_free; -+ SSL_CONF_CTX_set_flags; -+ SSL_CONF_CTX_clear_flags; -+ SSL_CONF_CTX_set1_prefix; -+ SSL_CONF_CTX_set_ssl; -+ SSL_CONF_CTX_set_ssl_ctx; -+ SSL_CONF_cmd; -+ SSL_CONF_cmd_argv; -+ SSL_CONF_cmd_value_type; -+ SSL_trace; -+ SSL_CIPHER_standard_name; -+ SSL_get_tlsa_record_byname; -+ ASN1_TIME_diff; -+ BIO_hex_string; -+ CMS_RecipientInfo_get0_pkey_ctx; -+ CMS_RecipientInfo_encrypt; -+ CMS_SignerInfo_get0_pkey_ctx; -+ CMS_SignerInfo_get0_md_ctx; -+ CMS_SignerInfo_get0_signature; -+ CMS_RecipientInfo_kari_get0_alg; -+ CMS_RecipientInfo_kari_get0_reks; -+ CMS_RecipientInfo_kari_get0_orig_id; -+ CMS_RecipientInfo_kari_orig_id_cmp; -+ CMS_RecipientEncryptedKey_get0_id; -+ CMS_RecipientEncryptedKey_cert_cmp; -+ CMS_RecipientInfo_kari_set0_pkey; -+ CMS_RecipientInfo_kari_get0_ctx; -+ CMS_RecipientInfo_kari_decrypt; -+ CMS_SharedInfo_encode; -+ DH_compute_key_padded; -+ d2i_DHxparams; -+ i2d_DHxparams; -+ DH_get_1024_160; -+ DH_get_2048_224; -+ DH_get_2048_256; -+ DH_KDF_X9_42; -+ ECDH_KDF_X9_62; -+ ECDSA_METHOD_new; -+ ECDSA_METHOD_free; -+ ECDSA_METHOD_set_app_data; -+ ECDSA_METHOD_get_app_data; -+ ECDSA_METHOD_set_sign; -+ ECDSA_METHOD_set_sign_setup; -+ ECDSA_METHOD_set_verify; -+ ECDSA_METHOD_set_flags; -+ ECDSA_METHOD_set_name; -+ EVP_des_ede3_wrap; -+ EVP_aes_128_wrap; -+ EVP_aes_192_wrap; -+ EVP_aes_256_wrap; -+ EVP_aes_128_cbc_hmac_sha256; -+ EVP_aes_256_cbc_hmac_sha256; -+ CRYPTO_128_wrap; -+ CRYPTO_128_unwrap; -+ OCSP_REQ_CTX_nbio; -+ OCSP_REQ_CTX_new; -+ OCSP_set_max_response_length; -+ OCSP_REQ_CTX_i2d; -+ OCSP_REQ_CTX_nbio_d2i; -+ OCSP_REQ_CTX_get0_mem_bio; -+ OCSP_REQ_CTX_http; -+ RSA_padding_add_PKCS1_OAEP_mgf1; -+ RSA_padding_check_PKCS1_OAEP_mgf1; -+ RSA_OAEP_PARAMS_free; -+ RSA_OAEP_PARAMS_it; -+ RSA_OAEP_PARAMS_new; -+ SSL_get_sigalgs; -+ SSL_get_shared_sigalgs; -+ SSL_check_chain; -+ X509_chain_up_ref; -+ X509_http_nbio; -+ X509_CRL_http_nbio; -+ X509_REVOKED_dup; -+ i2d_re_X509_tbs; -+ X509_get0_signature; -+ X509_get_signature_nid; -+ X509_CRL_diff; -+ X509_chain_check_suiteb; -+ X509_CRL_check_suiteb; -+ X509_check_host; -+ X509_check_email; -+ X509_check_ip; -+ X509_check_ip_asc; -+ X509_STORE_set_lookup_crls_cb; -+ X509_STORE_CTX_get0_store; -+ X509_VERIFY_PARAM_set1_host; -+ X509_VERIFY_PARAM_add1_host; -+ X509_VERIFY_PARAM_set_hostflags; -+ X509_VERIFY_PARAM_get0_peername; -+ X509_VERIFY_PARAM_set1_email; -+ X509_VERIFY_PARAM_set1_ip; -+ X509_VERIFY_PARAM_set1_ip_asc; -+ X509_VERIFY_PARAM_get0_name; -+ X509_VERIFY_PARAM_get_count; -+ X509_VERIFY_PARAM_get0; -+ X509V3_EXT_free; -+ EC_GROUP_get_mont_data; -+ EC_curve_nid2nist; -+ EC_curve_nist2nid; -+ PEM_write_bio_DHxparams; -+ PEM_write_DHxparams; -+ SSL_CTX_add_client_custom_ext; -+ SSL_CTX_add_server_custom_ext; -+ SSL_extension_supported; -+ BUF_strnlen; -+ sk_deep_copy; -+ SSL_test_functions; -+ -+ local: -+ *; -+}; -+ -+OPENSSL_1.0.2g { -+ global: -+ SRP_VBASE_get1_by_user; -+ SRP_user_pwd_free; -+} OPENSSL_1.0.2d; -+ -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.2 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.2 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/engines-install-in-libdir-ssl.patch deleted file mode 100644 index a5746483e6..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/engines-install-in-libdir-ssl.patch +++ /dev/null @@ -1,64 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - - -Index: openssl-1.0.2/engines/Makefile -=================================================================== ---- openssl-1.0.2.orig/engines/Makefile -+++ openssl-1.0.2/engines/Makefile -@@ -107,13 +107,13 @@ install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ -- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ -@@ -122,10 +122,10 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ - done; \ - fi - @target=install; $(RECURSIVE_MAKE) -Index: openssl-1.0.2/engines/ccgost/Makefile -=================================================================== ---- openssl-1.0.2.orig/engines/ccgost/Makefile -+++ openssl-1.0.2/engines/ccgost/Makefile -@@ -47,7 +47,7 @@ install: - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ -@@ -56,10 +56,10 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - - links: diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.2m/find.pl deleted file mode 100644 index 8e1b42c88a..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/find.pl +++ /dev/null @@ -1,54 +0,0 @@ -warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n"; - -# This library is deprecated and unmaintained. It is included for -# compatibility with Perl 4 scripts which may use it, but it will be -# removed in a future version of Perl. Please use the File::Find module -# instead. - -# Usage: -# require "find.pl"; -# -# &find('/foo','/bar'); -# -# sub wanted { ... } -# where wanted does whatever you want. $dir contains the -# current directory name, and $_ the current filename within -# that directory. $name contains "$dir/$_". You are cd'ed -# to $dir when the function is called. The function may -# set $prune to prune the tree. -# -# For example, -# -# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune -# -# corresponds to this -# -# sub wanted { -# /^\.nfs.*$/ && -# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) && -# int(-M _) > 7 && -# unlink($_) -# || -# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) && -# $dev < 0 && -# ($prune = 1); -# } -# -# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats. - -use File::Find (); - -*name = *File::Find::name; -*prune = *File::Find::prune; -*dir = *File::Find::dir; -*topdir = *File::Find::topdir; -*topdev = *File::Find::topdev; -*topino = *File::Find::topino; -*topmode = *File::Find::topmode; -*topnlink = *File::Find::topnlink; - -sub find { - &File::Find::find(\&wanted, @_); -} - -1; diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/oe-ldflags.patch deleted file mode 100644 index 292e13dc5f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/oe-ldflags.patch +++ /dev/null @@ -1,24 +0,0 @@ -Upstream-Status: Inappropriate [open-embedded] - -Index: openssl-1.0.0/Makefile.shared -=================================================================== ---- openssl-1.0.0.orig/Makefile.shared -+++ openssl-1.0.0/Makefile.shared -@@ -92,7 +92,7 @@ - LINK_APP= \ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ -- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ -+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ -@@ -102,7 +102,7 @@ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ -- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ -+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-1.0.2a-x32-asm.patch deleted file mode 100644 index 1e5bfa17d6..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-1.0.2a-x32-asm.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl - -Upstream-Status: Pending -Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> - -When building on x32 systems where the default type is 32bit, make sure -we can transparently represent 64bit integers. Otherwise we end up with -build errors like: -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. -... -ghash-x86_64.s: Assembler messages: -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression - -We don't enable this globally as there are some cases where we'd get -32bit values interpreted as unsigned when we need them as signed. - -Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> -URL: https://bugs.gentoo.org/542618 ---- - crypto/perlasm/x86_64-xlate.pl | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 ---- a/crypto/perlasm/x86_64-xlate.pl -+++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; - -+ # When building on x32 ABIs, the expanded hex value might be too -+ # big to fit into 32bits. Enable transparent 64bit support here -+ # so we can safely print it out. -+ use bigint; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} --- -2.3.3 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-c_rehash.sh deleted file mode 100644 index 6620fdcb53..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-c_rehash.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/sh -# -# Ben Secrest <blsecres@gmail.com> -# -# sh c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. -# -# based on the c_rehash perl script distributed with openssl -# -# LICENSE: See OpenSSL license -# ^^acceptable?^^ -# - -# default certificate location -DIR=/etc/openssl - -# for filetype bitfield -IS_CERT=$(( 1 << 0 )) -IS_CRL=$(( 1 << 1 )) - - -# check to see if a file is a certificate file or a CRL file -# arguments: -# 1. the filename to be scanned -# returns: -# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} -# -check_file() -{ - local IS_TYPE=0 - - # make IFS a newline so we can process grep output line by line - local OLDIFS=${IFS} - IFS=$( printf "\n" ) - - # XXX: could be more efficient to have two 'grep -m' but is -m portable? - for LINE in $( grep '^-----BEGIN .*-----' ${1} ) - do - if echo ${LINE} \ - | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) - - if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] - then - break - fi - elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) - - if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] - then - break - fi - fi - done - - # restore IFS - IFS=${OLDIFS} - - return ${IS_TYPE} -} - - -# -# use openssl to fingerprint a file -# arguments: -# 1. the filename to fingerprint -# 2. the method to use (x509, crl) -# returns: -# none -# assumptions: -# user will capture output from last stage of pipeline -# -fingerprint() -{ - ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' -} - - -# -# link_hash - create links to certificate files -# arguments: -# 1. the filename to create a link for -# 2. the type of certificate being linked (x509, crl) -# returns: -# 0 on success, 1 otherwise -# -link_hash() -{ - local FINGERPRINT=$( fingerprint ${1} ${2} ) - local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) - local SUFFIX=0 - local LINKFILE='' - local TAG='' - - if [ ${2} = "crl" ] - then - TAG='r' - fi - - LINKFILE=${HASH}.${TAG}${SUFFIX} - - while [ -f ${LINKFILE} ] - do - if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] - then - echo "NOTE: Skipping duplicate file ${1}" >&2 - return 1 - fi - - SUFFIX=$(( ${SUFFIX} + 1 )) - LINKFILE=${HASH}.${TAG}${SUFFIX} - done - - echo "${3} => ${LINKFILE}" - - # assume any system with a POSIX shell will either support symlinks or - # do something to handle this gracefully - ln -s ${3} ${LINKFILE} - - return 0 -} - - -# hash_dir create hash links in a given directory -hash_dir() -{ - echo "Doing ${1}" - - cd ${1} - - ls -1 * 2>/dev/null | while read FILE - do - if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ - && [ -h "${FILE}" ] - then - rm ${FILE} - fi - done - - ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE - do - REAL_FILE=${FILE} - # if we run on build host then get to the real files in rootfs - if [ -n "${SYSROOT}" -a -h ${FILE} ] - then - FILE=$( readlink ${FILE} ) - # check the symlink is absolute (or dangling in other word) - if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] - then - REAL_FILE=${SYSROOT}/${FILE} - fi - fi - - check_file ${REAL_FILE} - local FILE_TYPE=${?} - local TYPE_STR='' - - if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] - then - TYPE_STR='x509' - elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] - then - TYPE_STR='crl' - else - echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 - continue - fi - - link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} - done -} - - -# choose the name of an ssl application -if [ -n "${OPENSSL}" ] -then - SSL_CMD=$(which ${OPENSSL} 2>/dev/null) -else - SSL_CMD=/usr/bin/openssl - OPENSSL=${SSL_CMD} - export OPENSSL -fi - -# fix paths -PATH=${PATH}:${DIR}/bin -export PATH - -# confirm existance/executability of ssl command -if ! [ -x ${SSL_CMD} ] -then - echo "${0}: rehashing skipped ('openssl' program not available)" >&2 - exit 0 -fi - -# determine which directories to process -old_IFS=$IFS -if [ ${#} -gt 0 ] -then - IFS=':' - DIRLIST=${*} -elif [ -n "${SSL_CERT_DIR}" ] -then - DIRLIST=$SSL_CERT_DIR -else - DIRLIST=${DIR}/certs -fi - -IFS=':' - -# process directories -for CERT_DIR in ${DIRLIST} -do - if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] - then - IFS=$old_IFS - hash_dir ${CERT_DIR} - IFS=':' - fi -done diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-fix-des.pod-error.patch deleted file mode 100644 index de49729e5e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-fix-des.pod-error.patch +++ /dev/null @@ -1,19 +0,0 @@ -openssl: Fix pod2man des.pod error on Ubuntu 12.04 - -This is a formatting fix, '=back' is required before -'=head1' on Ubuntu 12.04. - -Upstream-Status: Pending -Signed-off-by: Baogen Shang <baogen.shang@windriver.com> -diff -urpN a_origin/des.pod b_modify/des.pod ---- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800 -+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800 -@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin - output. If there is no name specified after the B<-u>, the name text.des - will be embedded in the header. - -+=back -+ - =head1 SEE ALSO - - ps(1), diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-util-perlpath.pl-cwd.patch deleted file mode 100644 index 065b9b122a..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-util-perlpath.pl-cwd.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Mon, 19 Sep 2016 22:06:28 -0700 -Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC - -Fixed when building on Debian-testing: -| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7. - -The find.pl is added by oe-core, so once openssl/find.pl is removed, -then this patch can be dropped. - -Upstream-Status: Inappropriate [OE-Specific] - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - util/perlpath.pl | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/perlpath.pl b/util/perlpath.pl -index a1f236b..5599892 100755 ---- a/util/perlpath.pl -+++ b/util/perlpath.pl -@@ -4,6 +4,8 @@ - # line in all scripts that rely on perl. - # - -+BEGIN { unshift @INC, "."; } -+ - require "find.pl"; - - $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; --- -2.9.0 - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch deleted file mode 100644 index 0f08a642f6..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch +++ /dev/null @@ -1,39 +0,0 @@ -Upstream-Status: Pending - -Received from H J Liu @ Intel -Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. -Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 - -ported the patch to the 1.0.0e version -Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 -Index: openssl-1.0.2/crypto/bn/bn.h -=================================================================== ---- openssl-1.0.2.orig/crypto/bn/bn.h -+++ openssl-1.0.2/crypto/bn/bn.h -@@ -173,6 +173,13 @@ extern "C" { - # endif - # endif - -+/* Address type. */ -+#ifdef _WIN64 -+#define BN_ADDR unsigned long long -+#else -+#define BN_ADDR unsigned long -+#endif -+ - /* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha -Index: openssl-1.0.2/crypto/bn/bn_exp.c -=================================================================== ---- openssl-1.0.2.orig/crypto/bn/bn_exp.c -+++ openssl-1.0.2/crypto/bn/bn_exp.c -@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU - * multiple. - */ - #define MOD_EXP_CTIME_ALIGN(x_) \ -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) -+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - - /* - * This variant of BN_mod_exp_mont() uses fixed windows and the special diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/parallel.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/parallel.patch deleted file mode 100644 index f3f4c99888..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/parallel.patch +++ /dev/null @@ -1,337 +0,0 @@ -Fix the parallel races in the Makefiles. - -This patch was taken from the Gentoo packaging: -https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch - -Upstream-Status: Pending -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Refreshed for 1.0.2i -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- openssl-1.0.2g/crypto/Makefile -+++ openssl-1.0.2g/crypto/Makefile -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.2g/engines/Makefile -+++ openssl-1.0.2g/engines/Makefile -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- openssl-1.0.2g/Makefile.org -+++ openssl-1.0.2g/Makefile.org -@@ -279,17 +279,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -544,7 +544,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ ---- openssl-1.0.2g/Makefile.shared -+++ openssl-1.0.2g/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.2g/test/Makefile -+++ openssl-1.0.2g/test/Makefile -@@ -144,7 +144,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -438,136 +438,136 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) -- @target=$(V3NAMETEST); $(BUILD_CMD) -+ +@target=$(V3NAMETEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o -- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) -+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) - - $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o -- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) -+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) - - $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o -- @target=$(BADDTLSTEST) $(BUILD_CMD) -+ +@target=$(BADDTLSTEST) $(BUILD_CMD) - - $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o -- @target=$(SSLV2CONFTEST) $(BUILD_CMD) -+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) - - $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) -+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -580,6 +580,6 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. -
\ No newline at end of file diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest-deps.patch deleted file mode 100644 index ef6d17934d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest-deps.patch +++ /dev/null @@ -1,34 +0,0 @@ -Remove Makefile dependencies for test targets - -These are probably here because the executables aren't always built for -other platforms (e.g. Windows); however we can safely assume they'll -always be there. None of the other test targets have such dependencies -and if we don't remove them, make tries to rebuild the executables and -fails during run-ptest. - -Upstream-Status: Inappropriate [config] - -Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> - -Index: openssl-1.0.2/test/Makefile -=================================================================== ---- openssl-1.0.2.orig/test/Makefile -+++ openssl-1.0.2/test/Makefile -@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms- - @echo "CMS consistency test" - $(PERL) cms-test.pl - --test_srp: $(SRPTEST)$(EXE_EXT) -+test_srp: - @echo "Test SRP" - ../util/shlib_wrap.sh ./srptest - -@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT) - @echo "Test X509v3_check_*" - ../util/shlib_wrap.sh ./$(V3NAMETEST) - --test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) -+test_heartbeat: - ../util/shlib_wrap.sh ./$(HEARTBEATTEST) - - test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest_makefile_deps.patch deleted file mode 100644 index 4202e61d1e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest_makefile_deps.patch +++ /dev/null @@ -1,248 +0,0 @@ -Additional Makefile dependencies removal for test targets - -Removing the dependency check for test targets as these tests are -causing a number of failures and "noise" during ptest execution. - -Upstream-Status: Inappropriate [config] - -Signed-off-by: Maxin B. John <maxin.john@intel.com> - -diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile ---- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300 -+++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300 -@@ -155,67 +155,67 @@ - ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ - done) - --test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt -+test_evp: - ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt - --test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) -+test_evp_extra: - ../util/shlib_wrap.sh ./$(EVPEXTRATEST) - --test_des: $(DESTEST)$(EXE_EXT) -+test_des: - ../util/shlib_wrap.sh ./$(DESTEST) - --test_idea: $(IDEATEST)$(EXE_EXT) -+test_idea: - ../util/shlib_wrap.sh ./$(IDEATEST) - --test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) -+test_sha: - ../util/shlib_wrap.sh ./$(SHATEST) - ../util/shlib_wrap.sh ./$(SHA1TEST) - ../util/shlib_wrap.sh ./$(SHA256TEST) - ../util/shlib_wrap.sh ./$(SHA512TEST) - --test_mdc2: $(MDC2TEST)$(EXE_EXT) -+test_mdc2: - ../util/shlib_wrap.sh ./$(MDC2TEST) - --test_md5: $(MD5TEST)$(EXE_EXT) -+test_md5: - ../util/shlib_wrap.sh ./$(MD5TEST) - --test_md4: $(MD4TEST)$(EXE_EXT) -+test_md4: - ../util/shlib_wrap.sh ./$(MD4TEST) - --test_hmac: $(HMACTEST)$(EXE_EXT) -+test_hmac: - ../util/shlib_wrap.sh ./$(HMACTEST) - --test_wp: $(WPTEST)$(EXE_EXT) -+test_wp: - ../util/shlib_wrap.sh ./$(WPTEST) - --test_md2: $(MD2TEST)$(EXE_EXT) -+test_md2: - ../util/shlib_wrap.sh ./$(MD2TEST) - --test_rmd: $(RMDTEST)$(EXE_EXT) -+test_rmd: - ../util/shlib_wrap.sh ./$(RMDTEST) - --test_bf: $(BFTEST)$(EXE_EXT) -+test_bf: - ../util/shlib_wrap.sh ./$(BFTEST) - --test_cast: $(CASTTEST)$(EXE_EXT) -+test_cast: - ../util/shlib_wrap.sh ./$(CASTTEST) - --test_rc2: $(RC2TEST)$(EXE_EXT) -+test_rc2: - ../util/shlib_wrap.sh ./$(RC2TEST) - --test_rc4: $(RC4TEST)$(EXE_EXT) -+test_rc4: - ../util/shlib_wrap.sh ./$(RC4TEST) - --test_rc5: $(RC5TEST)$(EXE_EXT) -+test_rc5: - ../util/shlib_wrap.sh ./$(RC5TEST) - --test_rand: $(RANDTEST)$(EXE_EXT) -+test_rand: - ../util/shlib_wrap.sh ./$(RANDTEST) - --test_enc: ../apps/openssl$(EXE_EXT) testenc -+test_enc: - @sh ./testenc - --test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem -+test_x509: - echo test normal x509v1 certificate - sh ./tx509 2>/dev/null - echo test first x509v3 certificate -@@ -223,25 +223,25 @@ - echo test second x509v3 certificate - sh ./tx509 v3-cert2.pem 2>/dev/null - --test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem -+test_rsa: - @sh ./trsa 2>/dev/null - ../util/shlib_wrap.sh ./$(RSATEST) - --test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem -+test_crl: - @sh ./tcrl 2>/dev/null - --test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem -+test_sid: - @sh ./tsid 2>/dev/null - --test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem -+test_req: - @sh ./treq 2>/dev/null - @sh ./treq testreq2.pem 2>/dev/null - --test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem -+test_pkcs7: - @sh ./tpkcs7 2>/dev/null - @sh ./tpkcs7d 2>/dev/null - --test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest -+test_bn: - @echo starting big number library test, could take a while... - @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest - @echo quit >>tmp.bntest -@@ -250,33 +250,33 @@ - @echo 'test a^b%c implementations' - ../util/shlib_wrap.sh ./$(EXPTEST) - --test_ec: $(ECTEST)$(EXE_EXT) -+test_ec: - @echo 'test elliptic curves' - ../util/shlib_wrap.sh ./$(ECTEST) - --test_ecdsa: $(ECDSATEST)$(EXE_EXT) -+test_ecdsa: - @echo 'test ecdsa' - ../util/shlib_wrap.sh ./$(ECDSATEST) - --test_ecdh: $(ECDHTEST)$(EXE_EXT) -+test_ecdh: - @echo 'test ecdh' - ../util/shlib_wrap.sh ./$(ECDHTEST) - --test_verify: ../apps/openssl$(EXE_EXT) -+test_verify: - @echo "The following command should have some OK's and some failures" - @echo "There are definitly a few expired certificates" - ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem - --test_dh: $(DHTEST)$(EXE_EXT) -+test_dh: - @echo "Generate a set of DH parameters" - ../util/shlib_wrap.sh ./$(DHTEST) - --test_dsa: $(DSATEST)$(EXE_EXT) -+test_dsa: - @echo "Generate a set of DSA parameters" - ../util/shlib_wrap.sh ./$(DSATEST) - ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 - --test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf -+test_gen testreq.pem: - @echo "Generate and verify a certificate request" - @sh ./testgen - -@@ -288,13 +288,11 @@ - @cat certCA.ss certU.ss > intP1.ss - @cat certCA.ss certU.ss certP1.ss > intP2.ss - --test_engine: $(ENGINETEST)$(EXE_EXT) -+test_engine: - @echo "Manipulate the ENGINE structures" - ../util/shlib_wrap.sh ./$(ENGINETEST) - --test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ -- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \ -- ../apps/server2.pem serverinfo.pem -+test_ssl: - @echo "test SSL protocol" - @if [ -n "$(FIPSCANLIB)" ]; then \ - sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ -@@ -304,7 +302,7 @@ - @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss - @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss - --test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf -+test_ca: - @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ - echo "skipping CA.sh test -- requires RSA"; \ - else \ -@@ -312,11 +310,11 @@ - sh ./testca; \ - fi - --test_aes: #$(AESTEST) -+test_aes: - # @echo "test Rijndael" - # ../util/shlib_wrap.sh ./$(AESTEST) - --test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh -+test_tsa: - @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ - echo "skipping testtsa test -- requires RSA"; \ - else \ -@@ -331,7 +329,7 @@ - @echo "Test JPAKE" - ../util/shlib_wrap.sh ./$(JPAKETEST) - --test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt -+test_cms: - @echo "CMS consistency test" - $(PERL) cms-test.pl - -@@ -339,22 +337,22 @@ - @echo "Test SRP" - ../util/shlib_wrap.sh ./srptest - --test_ocsp: ../apps/openssl$(EXE_EXT) tocsp -+test_ocsp: - @echo "Test OCSP" - @sh ./tocsp - --test_v3name: $(V3NAMETEST)$(EXE_EXT) -+test_v3name: - @echo "Test X509v3_check_*" - ../util/shlib_wrap.sh ./$(V3NAMETEST) - - test_heartbeat: - ../util/shlib_wrap.sh ./$(HEARTBEATTEST) - --test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) -+test_constant_time: - @echo "Test constant time utilites" - ../util/shlib_wrap.sh ./$(CONSTTIMETEST) - --test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) -+test_verify_extra: - @echo $(START) $@ - ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) - diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/run-ptest b/meta/recipes-connectivity/openssl/openssl-1.0.2m/run-ptest deleted file mode 100755 index 3b20fce1ee..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/run-ptest +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -make -k runtest diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch deleted file mode 100644 index a7ca0a3078..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch +++ /dev/null @@ -1,41 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -Index: openssl-1.0.1e/crypto/Makefile -=================================================================== ---- openssl-1.0.1e.orig/crypto/Makefile -+++ openssl-1.0.1e/crypto/Makefile -@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ) - - shared: buildinf.h lib subdirs - if [ -n "$(SHARED_LIBS)" ]; then \ -- (cd ..; $(MAKE) $(SHARED_LIB)); \ -+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ - fi - - libs: -Index: openssl-1.0.1e/Makefile.org -=================================================================== ---- openssl-1.0.1e.orig/Makefile.org -+++ openssl-1.0.1e/Makefile.org -@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ - - libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ -- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ -+ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ -Index: openssl-1.0.1e/ssl/Makefile -=================================================================== ---- openssl-1.0.1e.orig/ssl/Makefile -+++ openssl-1.0.1e/ssl/Makefile -@@ -62,7 +62,7 @@ lib: $(LIBOBJ) - - shared: lib - if [ -n "$(SHARED_LIBS)" ]; then \ -- (cd ..; $(MAKE) $(SHARED_LIB)); \ -+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \ - fi - - files: diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -0,0 +1,374 @@ +From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From: William Lyu <William.Lyu@windriver.com> +Date: Fri, 20 Oct 2023 16:22:37 -0400 +Subject: [PATCH] Added handshake history reporting when test fails + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] + +Signed-off-by: William Lyu <William.Lyu@windriver.com> +--- + test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- + test/helpers/handshake.h | 70 +++++++++++++++++++- + test/ssl_test.c | 44 +++++++++++++ + 3 files changed, 218 insertions(+), 35 deletions(-) + +diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c +index e0422469e4..ae2ad59dd4 100644 +--- a/test/helpers/handshake.c ++++ b/test/helpers/handshake.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -24,6 +24,102 @@ + #include <netinet/sctp.h> + #endif + ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++/* Maps string names to various enumeration type */ ++typedef struct { ++ const char *name; ++ int value; ++} enum_name_map; ++ ++static const enum_name_map connect_phase_names[] = { ++ {"Handshake", HANDSHAKE}, ++ {"RenegAppData", RENEG_APPLICATION_DATA}, ++ {"RenegSetup", RENEG_SETUP}, ++ {"RenegHandshake", RENEG_HANDSHAKE}, ++ {"AppData", APPLICATION_DATA}, ++ {"Shutdown", SHUTDOWN}, ++ {"ConnectionDone", CONNECTION_DONE} ++}; ++ ++static const enum_name_map peer_status_names[] = { ++ {"PeerSuccess", PEER_SUCCESS}, ++ {"PeerRetry", PEER_RETRY}, ++ {"PeerError", PEER_ERROR}, ++ {"PeerWaiting", PEER_WAITING}, ++ {"PeerTestFail", PEER_TEST_FAILURE} ++}; ++ ++static const enum_name_map handshake_status_names[] = { ++ {"HandshakeSuccess", HANDSHAKE_SUCCESS}, ++ {"ClientError", CLIENT_ERROR}, ++ {"ServerError", SERVER_ERROR}, ++ {"InternalError", INTERNAL_ERROR}, ++ {"HandshakeRetry", HANDSHAKE_RETRY} ++}; ++ ++/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ ++static const char *enum_name(const enum_name_map *enums, size_t num_enums, ++ int value) ++{ ++ size_t i; ++ for (i = 0; i < num_enums; i++) { ++ if (enums[i].value == value) { ++ return enums[i].name; ++ } ++ } ++ return "InvalidValue"; ++} ++ ++const char *handshake_connect_phase_name(connect_phase_t phase) ++{ ++ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), ++ (int)phase); ++} ++ ++const char *handshake_status_name(handshake_status_t handshake_status) ++{ ++ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), ++ (int)handshake_status); ++} ++ ++const char *handshake_peer_status_name(peer_status_t peer_status) ++{ ++ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), ++ (int)peer_status); ++} ++ ++static void save_loop_history(HANDSHAKE_HISTORY *history, ++ connect_phase_t phase, ++ handshake_status_t handshake_status, ++ peer_status_t server_status, ++ peer_status_t client_status, ++ int client_turn_count, ++ int is_client_turn) ++{ ++ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; ++ ++ /* ++ * Create a new history entry for a handshake loop with statuses given in ++ * the arguments. Potentially evicting the oldest entry when the ++ * ring buffer is full. ++ */ ++ ++(history->last_idx); ++ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ ++ new_entry = &((history->entries)[history->last_idx]); ++ new_entry->phase = phase; ++ new_entry->handshake_status = handshake_status; ++ new_entry->server_status = server_status; ++ new_entry->client_status = client_status; ++ new_entry->client_turn_count = client_turn_count; ++ new_entry->is_client_turn = is_client_turn; ++ ++ /* Evict the oldest handshake loop entry when the ring buffer is full. */ ++ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { ++ ++(history->entry_count); ++ } ++} ++ + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) + { + HANDSHAKE_RESULT *ret; +@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, + SSL_set_post_handshake_auth(client, 1); + } + +-/* The status for each connection phase. */ +-typedef enum { +- PEER_SUCCESS, +- PEER_RETRY, +- PEER_ERROR, +- PEER_WAITING, +- PEER_TEST_FAILURE +-} peer_status_t; +- + /* An SSL object and associated read-write buffers. */ + typedef struct peer_st { + SSL *ssl; +@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) + } + } + +-typedef enum { +- HANDSHAKE, +- RENEG_APPLICATION_DATA, +- RENEG_SETUP, +- RENEG_HANDSHAKE, +- APPLICATION_DATA, +- SHUTDOWN, +- CONNECTION_DONE +-} connect_phase_t; +- +- + static int renegotiate_op(const SSL_TEST_CTX *test_ctx) + { + switch (test_ctx->handshake_mode) { +@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, + } + } + +-typedef enum { +- /* Both parties succeeded. */ +- HANDSHAKE_SUCCESS, +- /* Client errored. */ +- CLIENT_ERROR, +- /* Server errored. */ +- SERVER_ERROR, +- /* Peers are in inconsistent state. */ +- INTERNAL_ERROR, +- /* One or both peers not done. */ +- HANDSHAKE_RETRY +-} handshake_status_t; +- + /* + * Determine the handshake outcome. + * last_status: the status of the peer to have acted last. +@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + + start = time(NULL); + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + /* + * Half-duplex handshake loop. + * Client and server speak to each other synchronously in the same process. +@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( + 0 /* server went last */); + } + ++ save_loop_history(&(ret->history), ++ phase, status, server.status, client.status, ++ client_turn_count, client_turn); ++ + switch (status) { + case HANDSHAKE_SUCCESS: + client_turn_count = 0; +diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h +index 78b03f9f4b..b9967c2623 100644 +--- a/test/helpers/handshake.h ++++ b/test/helpers/handshake.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -12,6 +12,11 @@ + + #include "ssl_test_ctx.h" + ++#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 ++#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) ++#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ ++ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) ++ + typedef struct ctx_data_st { + unsigned char *npn_protocols; + size_t npn_protocols_len; +@@ -22,6 +27,63 @@ typedef struct ctx_data_st { + char *session_ticket_app_data; + } CTX_DATA; + ++typedef enum { ++ HANDSHAKE, ++ RENEG_APPLICATION_DATA, ++ RENEG_SETUP, ++ RENEG_HANDSHAKE, ++ APPLICATION_DATA, ++ SHUTDOWN, ++ CONNECTION_DONE ++} connect_phase_t; ++ ++/* The status for each connection phase. */ ++typedef enum { ++ PEER_SUCCESS, ++ PEER_RETRY, ++ PEER_ERROR, ++ PEER_WAITING, ++ PEER_TEST_FAILURE ++} peer_status_t; ++ ++typedef enum { ++ /* Both parties succeeded. */ ++ HANDSHAKE_SUCCESS, ++ /* Client errored. */ ++ CLIENT_ERROR, ++ /* Server errored. */ ++ SERVER_ERROR, ++ /* Peers are in inconsistent state. */ ++ INTERNAL_ERROR, ++ /* One or both peers not done. */ ++ HANDSHAKE_RETRY ++} handshake_status_t; ++ ++/* Stores the various status information in a handshake loop. */ ++typedef struct handshake_history_entry_st { ++ connect_phase_t phase; ++ handshake_status_t handshake_status; ++ peer_status_t server_status; ++ peer_status_t client_status; ++ int client_turn_count; ++ int is_client_turn; ++} HANDSHAKE_HISTORY_ENTRY; ++ ++typedef struct handshake_history_st { ++ /* Implemented using ring buffer. */ ++ /* ++ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, ++ * ..., etc., going up to |entry_count| number of entries. Note that when ++ * the index into the array |entries| becomes < 0, we wrap around to ++ * the end of |entries|. ++ */ ++ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; ++ /* The number of valid entries in |entries| array. */ ++ size_t entry_count; ++ /* The index of the last valid entry in the |entries| array. */ ++ size_t last_idx; ++} HANDSHAKE_HISTORY; ++ + typedef struct handshake_result { + ssl_test_result_t result; + /* These alerts are in the 2-byte format returned by the info_callback. */ +@@ -77,6 +139,8 @@ typedef struct handshake_result { + char *cipher; + /* session ticket application data */ + char *result_session_ticket_app_data; ++ /* handshake loop history */ ++ HANDSHAKE_HISTORY history; + } HANDSHAKE_RESULT; + + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); +@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data); + ++const char *handshake_connect_phase_name(connect_phase_t phase); ++const char *handshake_status_name(handshake_status_t handshake_status); ++const char *handshake_peer_status_name(peer_status_t peer_status); ++ + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ +diff --git a/test/ssl_test.c b/test/ssl_test.c +index ea608518f9..9d6b093c81 100644 +--- a/test/ssl_test.c ++++ b/test/ssl_test.c +@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; + /* Currently the section names are of the form test-<number>, e.g. test-15. */ + #define MAX_TESTCASE_NAME_LENGTH 100 + ++static void print_handshake_history(const HANDSHAKE_HISTORY *history) ++{ ++ size_t first_idx; ++ size_t i; ++ size_t cur_idx; ++ const HANDSHAKE_HISTORY_ENTRY *cur_entry; ++ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; ++ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; ++ ++ TEST_info("The following is the server/client state " ++ "in the most recent %d handshake loops.", ++ MAX_HANDSHAKE_HISTORY_ENTRY); ++ ++ TEST_note("==================================================" ++ "=================================================="); ++ TEST_note(header_template, ++ "phase", "handshake status", "server status", ++ "client status", "client turn count", "is client turn"); ++ TEST_note("+--------------+----------------+----------------" ++ "+----------------+-----------------+--------------+"); ++ ++ first_idx = (history->last_idx - history->entry_count + 1) & ++ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ for (i = 0; i < history->entry_count; ++i) { ++ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; ++ cur_entry = &(history->entries)[cur_idx]; ++ TEST_note(body_template, ++ handshake_connect_phase_name(cur_entry->phase), ++ handshake_status_name(cur_entry->handshake_status), ++ handshake_peer_status_name(cur_entry->server_status), ++ handshake_peer_status_name(cur_entry->client_status), ++ cur_entry->client_turn_count, ++ cur_entry->is_client_turn ? "true" : "false"); ++ } ++ TEST_note("==================================================" ++ "=================================================="); ++} ++ + static const char *print_alert(int alert) + { + return alert ? SSL_alert_desc_string_long(alert) : "no alert"; +@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) + ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); + } ++ ++ /* Print handshake loop history if any check fails. */ ++ if (!ret) { ++ print_handshake_history(&(result->history)); ++ } ++ + return ret; + } + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..502a7aaf32 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -0,0 +1,39 @@ +From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 30 May 2023 09:11:27 -0700 +Subject: [PATCH] Configure: do not tweak mips cflags + +This conflicts with mips machine definitons from yocto, +e.g. +| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> + +Refreshed for openssl-3.1.1 +Signed-off-by: Tim Orling <tim.orling@konsulko.com> +--- + Configure | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/Configure b/Configure +index 4569952..adf019b 100755 +--- a/Configure ++++ b/Configure +@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } + +-if ($target =~ /linux.*-mips/ && !$disabled{asm} +- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +- # minimally required architecture flags for assembly modules +- my $value; +- $value = '-mips2' if ($target =~ /mips32/); +- $value = '-mips3' if ($target =~ /mips64/); +- unshift @{$config{cflags}}, $value; +- unshift @{$config{cxxflags}}, $value if $config{CXX}; +-} +- + # If threads aren't disabled, check how possible they are + unless ($disabled{threads}) { + if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch deleted file mode 100644 index 736bb39acd..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Fri, 7 Apr 2017 18:01:52 +0300 -Subject: [PATCH] Remove test that requires running as non-root - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - test/recipes/40-test_rehash.t | 17 +---------------- - 1 file changed, 1 insertion(+), 16 deletions(-) - -diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t -index f902c23..c7567c1 100644 ---- a/test/recipes/40-test_rehash.t -+++ b/test/recipes/40-test_rehash.t -@@ -23,7 +23,7 @@ setup("test_rehash"); - plan skip_all => "test_rehash is not available on this platform" - unless run(app(["openssl", "rehash", "-help"])); - --plan tests => 5; -+plan tests => 3; - - indir "rehash.$$" => sub { - prepare(); -@@ -42,21 +42,6 @@ indir "rehash.$$" => sub { - 'Testing rehash operations on empty directory'); - }, create => 1, cleanup => 1; - --indir "rehash.$$" => sub { -- prepare(); -- chmod 0500, curdir(); -- SKIP: { -- if (!ok(!open(FOO, ">unwritable.txt"), -- "Testing that we aren't running as a privileged user, such as root")) { -- close FOO; -- skip "It's pointless to run the next test as root", 1; -- } -- isnt(run(app(["openssl", "rehash", curdir()])), 1, -- 'Testing rehash operations on readonly directory'); -- } -- chmod 0700, curdir(); # make it writable again, so cleanup works --}, create => 1, cleanup => 1; -- - sub prepare { - my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); - my @destfiles = (); --- -2.11.0 - diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch deleted file mode 100644 index 6ce4e47d71..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 28 Mar 2017 16:40:12 +0300 -Subject: [PATCH] Take linking flags from LDFLAGS env var - -This fixes "No GNU_HASH in the elf binary" issues. - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - Configurations/unix-Makefile.tmpl | 2 +- - Configure | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index c029817..43b769b 100644 ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl -@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -} - CC= $(CROSS_COMPILE){- $target{cc} -} - CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} - CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} --LDFLAGS= {- $target{lflags} -} -+LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} - PLIB_LDFLAGS= {- $target{plib_lflags} -} - EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} - LIB_CFLAGS={- $target{shared_cflag} || "" -} -diff --git a/Configure b/Configure -index aee7cc3..274d236 100755 ---- a/Configure -+++ b/Configure -@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file}; - $config{defines} = []; - $config{cflags} = ""; - $config{ex_libs} = ""; --$config{shared_ldflag} = ""; -+$config{shared_ldflag} = $ENV{'LDFLAGS'}; - - # Make sure build_scheme is consistent. - $target{build_scheme} = [ $target{build_scheme} ] --- -2.11.0 - diff --git a/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch deleted file mode 100644 index bb0a1689ed..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch +++ /dev/null @@ -1,88 +0,0 @@ -From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Fri, 3 Nov 2017 23:30:01 +0100 -Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with - binutils-2.29. - -It's not clear if it's a feature or bug, but binutils-2.29[.1] -interprets 'adr' instruction with Thumb2 code reference differently, -in a way that affects calculation of addresses of constants' tables. - -Upstream-Status: Backport - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Signed-off-by: Stefan Agner <stefan.agner@toradex.com> -(Merged from https://github.com/openssl/openssl/pull/4669) - -(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda) ---- - crypto/aes/asm/aes-armv4.pl | 6 +++--- - crypto/aes/asm/bsaes-armv7.pl | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl -index 16d79aae53..c6474b8aad 100644 ---- a/crypto/aes/asm/aes-armv4.pl -+++ b/crypto/aes/asm/aes-armv4.pl -@@ -200,7 +200,7 @@ AES_encrypt: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_encrypt - #else -- adr r3,AES_encrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - #ifdef __APPLE__ -@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_set_encrypt_key - #else -- adr r3,AES_set_encrypt_key -+ adr r3,. - #endif - teq r0,#0 - #ifdef __thumb2__ -@@ -976,7 +976,7 @@ AES_decrypt: - #ifndef __thumb2__ - sub r3,pc,#8 @ AES_decrypt - #else -- adr r3,AES_decrypt -+ adr r3,. - #endif - stmdb sp!,{r1,r4-r12,lr} - #ifdef __APPLE__ -diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl -index 9f288660ef..a27bb4a179 100644 ---- a/crypto/aes/asm/bsaes-armv7.pl -+++ b/crypto/aes/asm/bsaes-armv7.pl -@@ -744,7 +744,7 @@ $code.=<<___; - .type _bsaes_decrypt8,%function - .align 4 - _bsaes_decrypt8: -- adr $const,_bsaes_decrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - #ifdef __APPLE__ - adr $const,.LM0ISR -@@ -843,7 +843,7 @@ _bsaes_const: - .type _bsaes_encrypt8,%function - .align 4 - _bsaes_encrypt8: -- adr $const,_bsaes_encrypt8 -+ adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key - #ifdef __APPLE__ - adr $const,.LM0SR -@@ -951,7 +951,7 @@ $code.=<<___; - .type _bsaes_key_convert,%function - .align 4 - _bsaes_key_convert: -- adr $const,_bsaes_key_convert -+ adr $const,. - vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key - #ifdef __APPLE__ - adr $const,.LM0 --- -2.15.0 - diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch new file mode 100644 index 0000000000..bafdbaa46f --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -0,0 +1,78 @@ +From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> +Date: Tue, 6 Nov 2018 14:50:47 +0100 +Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler + info +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The openssl build system generates buildinf.h containing the full +compiler command line used to compile objects. This breaks +reproducibility, as the compile command is baked into libcrypto, where +it is used when running `openssl version -f`. + +Add stripped build variables for the compiler and cflags lines, and use +those when generating buildinfo.h. + +This is based on a similar patch for older openssl versions: +https://patchwork.openembedded.org/patch/147229/ + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Martin Hundebøll <martin@geanix.com> + +Update to fix buildpaths qa issue for '-fmacro-prefix-map'. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Update to fix buildpaths qa issue for '-ffile-prefix-map'. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + Configurations/unix-Makefile.tmpl | 12 +++++++++++- + crypto/build.info | 2 +- + 2 files changed, 12 insertions(+), 2 deletions(-) + +Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl ++++ openssl-3.0.4/Configurations/unix-Makefile.tmpl +@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} + BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) + +-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h ++# *_Q variables are used for one thing only: to build up buildinf.h + CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; + $cppflags2 =~ s|([\\"])|\\$1|g; + $lib_cppflags =~ s|([\\"])|\\$1|g; + join(' ', $lib_cppflags || (), $cppflags2 || (), + $cppflags1 || ()) -} + ++CFLAGS_Q={- for (@{$config{CFLAGS}}) { ++ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; ++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; ++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; ++ } ++ join(' ', @{$config{CFLAGS}}) -} ++ ++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g; ++ join(' ', $config{CC}) -} ++ + PERLASM_SCHEME= {- $target{perlasm_scheme} -} + + # For x86 assembler: Set PROCESSOR to 386 if you want to support +Index: openssl-3.0.4/crypto/build.info +=================================================================== +--- openssl-3.0.4.orig/crypto/build.info ++++ openssl-3.0.4/crypto/build.info +@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF + + DEPEND[info.o]=buildinf.h + DEPEND[cversion.o]=buildinf.h +-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" ++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" + + GENERATE[uplink-x86.S]=../ms/uplink-x86.pl + GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch @@ -0,0 +1,58 @@ +From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Tue, 26 Mar 2024 13:18:00 +0000 +Subject: [PATCH] aarch64: fix BTI in bsaes assembly code + +In Arm systems where BTI is enabled but the Crypto extensions are not (more +likely in FVPs than in real hardware), the bit-sliced assembler code will +be used. However, this wasn't annotated with BTI instructions when BTI was +enabled, so the moment libssl jumps into this code it (correctly) aborts. + +Solve this by adding the missing BTI landing pads. + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/aes/asm/bsaes-armv8.pl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl +index b3c97e439f..c3c5ff3e05 100644 +--- a/crypto/aes/asm/bsaes-armv8.pl ++++ b/crypto/aes/asm/bsaes-armv8.pl +@@ -1018,6 +1018,7 @@ _bsaes_key_convert: + // Initialisation vector overwritten with last quadword of ciphertext + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_cbc_encrypt: ++ AARCH64_VALID_CALL_TARGET + cmp x2, #128 + bhs .Lcbc_do_bsaes + b AES_cbc_encrypt +@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: + // Output text filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_ctr32_encrypt_blocks: +- ++ AARCH64_VALID_CALL_TARGET + cmp x2, #8 // use plain AES for + blo .Lctr_enc_short // small sizes + +@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: + // Output ciphertext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_encrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: + // Output plaintext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_decrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh deleted file mode 100644 index 6620fdcb53..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/sh -# -# Ben Secrest <blsecres@gmail.com> -# -# sh c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. -# -# based on the c_rehash perl script distributed with openssl -# -# LICENSE: See OpenSSL license -# ^^acceptable?^^ -# - -# default certificate location -DIR=/etc/openssl - -# for filetype bitfield -IS_CERT=$(( 1 << 0 )) -IS_CRL=$(( 1 << 1 )) - - -# check to see if a file is a certificate file or a CRL file -# arguments: -# 1. the filename to be scanned -# returns: -# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} -# -check_file() -{ - local IS_TYPE=0 - - # make IFS a newline so we can process grep output line by line - local OLDIFS=${IFS} - IFS=$( printf "\n" ) - - # XXX: could be more efficient to have two 'grep -m' but is -m portable? - for LINE in $( grep '^-----BEGIN .*-----' ${1} ) - do - if echo ${LINE} \ - | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) - - if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] - then - break - fi - elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' - then - IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) - - if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] - then - break - fi - fi - done - - # restore IFS - IFS=${OLDIFS} - - return ${IS_TYPE} -} - - -# -# use openssl to fingerprint a file -# arguments: -# 1. the filename to fingerprint -# 2. the method to use (x509, crl) -# returns: -# none -# assumptions: -# user will capture output from last stage of pipeline -# -fingerprint() -{ - ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' -} - - -# -# link_hash - create links to certificate files -# arguments: -# 1. the filename to create a link for -# 2. the type of certificate being linked (x509, crl) -# returns: -# 0 on success, 1 otherwise -# -link_hash() -{ - local FINGERPRINT=$( fingerprint ${1} ${2} ) - local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) - local SUFFIX=0 - local LINKFILE='' - local TAG='' - - if [ ${2} = "crl" ] - then - TAG='r' - fi - - LINKFILE=${HASH}.${TAG}${SUFFIX} - - while [ -f ${LINKFILE} ] - do - if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] - then - echo "NOTE: Skipping duplicate file ${1}" >&2 - return 1 - fi - - SUFFIX=$(( ${SUFFIX} + 1 )) - LINKFILE=${HASH}.${TAG}${SUFFIX} - done - - echo "${3} => ${LINKFILE}" - - # assume any system with a POSIX shell will either support symlinks or - # do something to handle this gracefully - ln -s ${3} ${LINKFILE} - - return 0 -} - - -# hash_dir create hash links in a given directory -hash_dir() -{ - echo "Doing ${1}" - - cd ${1} - - ls -1 * 2>/dev/null | while read FILE - do - if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ - && [ -h "${FILE}" ] - then - rm ${FILE} - fi - done - - ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE - do - REAL_FILE=${FILE} - # if we run on build host then get to the real files in rootfs - if [ -n "${SYSROOT}" -a -h ${FILE} ] - then - FILE=$( readlink ${FILE} ) - # check the symlink is absolute (or dangling in other word) - if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] - then - REAL_FILE=${SYSROOT}/${FILE} - fi - fi - - check_file ${REAL_FILE} - local FILE_TYPE=${?} - local TYPE_STR='' - - if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] - then - TYPE_STR='x509' - elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] - then - TYPE_STR='crl' - else - echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 - continue - fi - - link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} - done -} - - -# choose the name of an ssl application -if [ -n "${OPENSSL}" ] -then - SSL_CMD=$(which ${OPENSSL} 2>/dev/null) -else - SSL_CMD=/usr/bin/openssl - OPENSSL=${SSL_CMD} - export OPENSSL -fi - -# fix paths -PATH=${PATH}:${DIR}/bin -export PATH - -# confirm existance/executability of ssl command -if ! [ -x ${SSL_CMD} ] -then - echo "${0}: rehashing skipped ('openssl' program not available)" >&2 - exit 0 -fi - -# determine which directories to process -old_IFS=$IFS -if [ ${#} -gt 0 ] -then - IFS=':' - DIRLIST=${*} -elif [ -n "${SSL_CERT_DIR}" ] -then - DIRLIST=$SSL_CERT_DIR -else - DIRLIST=${DIR}/certs -fi - -IFS=':' - -# process directories -for CERT_DIR in ${DIRLIST} -do - if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] - then - IFS=$old_IFS - hash_dir ${CERT_DIR} - IFS=':' - fi -done diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 65c6cc7b86..c89ec5afa1 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -1,4 +1,12 @@ #!/bin/sh -cd test -OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl -cd .. + +set -e + +# Optional arguments are 'list' to lists all tests, or the test name (base name +# ie test_evp, not 03_test_evp.t). + +export TOP=. +# OPENSSL_ENGINES is relative from the test binaries +export OPENSSL_ENGINES=../engines + +{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc deleted file mode 100644 index 469775582b..0000000000 --- a/meta/recipes-connectivity/openssl/openssl10.inc +++ /dev/null @@ -1,275 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -DEPENDS = "makedepend-native hostperl-runtime-native" -DEPENDS_append_class-target = " openssl-native" - -PROVIDES += "openssl10" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - " -S = "${WORKDIR}/openssl-${PV}" - -PACKAGECONFIG ?= "cryptodev-linux" -PACKAGECONFIG[perl] = ",,," -PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" - -TERMIO_libc-musl = "-DTERMIOS" -TERMIO ?= "-DTERMIO" -# Avoid binaries being marked as requiring an executable stack since it -# doesn't(which causes and this causes issues with SELinux -CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ - ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" - -export DIRS = "crypto ssl apps" -export EX_LIBS = "-lgcc -ldl" -export AS = "${CC} -c" - -inherit pkgconfig siteinfo multilib_header ptest relative_symlinks - -PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_${PN} =+ " ${libdir}/ssl/*" -FILES_${PN}-misc = "${libdir}/ssl/misc" -RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the base openssl package and the libcrypto -# package since the base openssl package depends on the libcrypto package. -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" - -# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE -# vulnerability -EXTRA_OECONF = " -no-ssl3" - -do_configure_prepend_darwin () { - sed -i -e '/version-script=openssl\.ld/d' Configure -} - -do_configure () { - cd util - perl perlpath.pl ${STAGING_BINDIR_NATIVE} - cd .. - ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ - - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-elf-armeb - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-sh3) - target=debian-sh3 - ;; - linux-sh4) - target=debian-sh4 - ;; - linux-i486) - target=debian-i386-i486 - ;; - linux-i586 | linux-viac3) - target=debian-i386-i586 - ;; - linux-i686) - target=debian-i386-i686/cmov - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-gnun32-mips*el) - target=debian-mipsn32el - ;; - linux-gnun32-mips*) - target=debian-mipsn32 - ;; - linux-mips*64*el) - target=debian-mips64el - ;; - linux-mips*64*) - target=debian-mips64 - ;; - linux-mips*el) - target=debian-mipsel - ;; - linux-mips*) - target=debian-mips - ;; - linux-microblaze*|linux-nios2*|linux-gnu*ilp32**) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-supersparc) - target=linux-sparcv8 - ;; - linux-sparc) - target=linux-sparcv8 - ;; - darwin-i386) - target=darwin-i386-cc - ;; - esac - # inject machine-specific flags - sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target -} - -do_compile_prepend_class-target () { - sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile -} - -do_compile () { - oe_runmake depend - oe_runmake -} - -do_compile_ptest () { - # build dependencies for test directory too - export DIRS="$DIRS test" - oe_runmake depend - oe_runmake buildtest -} - -do_install () { - # Create ${D}/${prefix} to fix parallel issues - mkdir -p ${D}/${prefix}/ - - oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install - - oe_libinstall -so libcrypto ${D}${libdir} - oe_libinstall -so libssl ${D}${libdir} - - install -d ${D}${includedir} - cp --dereference -R include/openssl ${D}${includedir} - - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash - - oe_multilib_header openssl/opensslconf.h - if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl - sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget - else - rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget - fi - - # Create SSL structure - install -d ${D}${sysconfdir}/ssl/ - mv ${D}${libdir}/ssl/openssl.cnf \ - ${D}${libdir}/ssl/certs \ - ${D}${libdir}/ssl/private \ - \ - ${D}${sysconfdir}/ssl/ - ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs - ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private - ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf - - # Rename man pages to prefix openssl10-* - for f in `find ${D}${mandir} -type f`; do - mv $f $(dirname $f)/openssl10-$(basename $f) - done - for f in `find ${D}${mandir} -type l`; do - ln_f=`readlink $f` - rm -f $f - ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) - done -} - -do_install_ptest () { - cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} - - # Replace the path to native perl with the path to target perl - sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile - - cp Configure config e_os.h ${D}${PTEST_PATH} - cp -r -L include ${D}${PTEST_PATH} - ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} - ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} - mkdir -p ${D}${PTEST_PATH}/crypto - cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto - cp -r certs ${D}${PTEST_PATH} - mkdir -p ${D}${PTEST_PATH}/apps - ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps - ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps - ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps - cp apps/server.pem ${D}${PTEST_PATH}/apps - cp apps/server2.pem ${D}${PTEST_PATH}/apps - mkdir -p ${D}${PTEST_PATH}/util - install util/opensslwrap.sh ${D}${PTEST_PATH}/util - install util/shlib_wrap.sh ${D}${PTEST_PATH}/util - # Time stamps are relevant for "make alltests", otherwise - # make may try to recompile binaries. Not only must the - # binary files be newer than the sources, they also must - # be more recent than the header files in /usr/include. - # - # Using "cp -a" is not sufficient, because do_install - # does not preserve the original time stamps. - # - # So instead of using the original file stamps, we set - # the current time for all files. Binaries will get - # modified again later when stripping them, but that's okay. - touch ${D}${PTEST_PATH} - find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} - - # exclude binary files or the package won't install - for d in ssltest_old v3ext x509aux; do - rm -rf ${D}${libdir}/${BPN}/ptest/test/$d - done -} - -do_install_append_class-native() { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl/certs \ - SSL_CERT_FILE=${libdir}/ssl/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl/engines -} - -BBCLASSEXTEND = "native nativesdk" - diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb deleted file mode 100644 index 9270f52bc6..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb +++ /dev/null @@ -1,61 +0,0 @@ -require openssl10.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -CFLAG_append_class-native = " -fPIC" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://debian1.0.2/soname.patch \ - file://openssl_fix_for_x32.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://openssl-util-perlpath.pl-cwd.patch \ - file://Use-SHA256-not-MD5-as-default-digest.patch \ - file://0001-Fix-build-with-clang-using-external-assembler.patch \ - file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ - file://0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch \ - " -SRC_URI[md5sum] = "10e9e37f492094b9ef296f68f24a7666" -SRC_URI[sha256sum] = "8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb deleted file mode 100644 index 53f397a3e0..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb +++ /dev/null @@ -1,162 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32" - -BBCLASSEXTEND = "native nativesdk" - -SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6" -SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ - file://0001-Remove-test-that-requires-running-as-non-root.patch \ - file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \ - " - -S = "${WORKDIR}/openssl-${PV}" - -inherit lib_package multilib_header ptest - -do_configure () { - os=${HOST_OS} - case $os in - linux-uclibc |\ - linux-uclibceabi |\ - linux-gnueabi |\ - linux-uclibcspe |\ - linux-gnuspe |\ - linux-musl*) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-sh3) - target=linux-generic32 - ;; - linux-sh4) - target=linux-generic32 - ;; - linux-i486) - target=linux-elf - ;; - linux-i586 | linux-viac3) - target=linux-elf - ;; - linux-i686) - target=linux-elf - ;; - linux-gnux32-x86_64) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-mipsel) - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64) - target=linux64-mips64 - ;; - linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze*|linux-nios2*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-supersparc) - target=linux-sparcv9 - ;; - linux-sparc) - target=linux-sparcv9 - ;; - darwin-i386) - target=darwin-i386-cc - ;; - esac - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target -} - -#| engines/afalg/e_afalg.c: In function 'eventfd': -#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) -#| return syscall(__NR_eventfd, n); -#| ^~~~~~~~~~~~ -EXTRA_OECONF_aarch64 += "no-afalgeng" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC" - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - oe_multilib_header openssl/opensslconf.h -} - -do_install_append_class-native () { - # Install a custom version of c_rehash that can handle sysroots properly. - # This version is used for example when installing ca-certificates during - # image creation. - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash -} - -do_install_ptest() { - cp -r * ${D}${PTEST_PATH} - - # Putting .so files in ptest package will mess up the dependencies of the main openssl package - # so we rename them to .so.ptest and patch the test accordingly - mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest - mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest - sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t -} - -RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" - -FILES_${PN} =+ " ${libdir}/ssl-1.1/*" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/engines-1.1" - diff --git a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb new file mode 100644 index 0000000000..2cdaf4c75d --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb @@ -0,0 +1,263 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://bti.patch \ + " + +SRC_URI:append:class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" + +inherit lib_package multilib_header multilib_script ptest perlnative manpages +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" +PACKAGECONFIG[manpages] = "" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF:append:libc-musl = " no-async" +EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +# This allows disabling deprecated or undesirable crypto algorithms. +# The default is to trust upstream choices. +DEPRECATED_CRYPTO_FLAGS ?= "" + +do_configure () { + # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make + # the issue really clear that perl isn't functional due to symbol mismatch issues. + cat <<- EOF > ${WORKDIR}/perltest + #!/usr/bin/env perl + use POSIX; + EOF + chmod a+x ${WORKDIR}/perltest + ${WORKDIR}/perltest + + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arc | linux-microblaze*) + target=linux-latomic + ;; + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-loongarch64) + target=linux64-loongarch64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux32-riscv32 + ;; + linux-riscv64) + target=linux64-riscv64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + mingw32-x86_64) + target=mingw64 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" + test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} + + oe_multilib_header openssl/opensslconf.h + oe_multilib_header openssl/configuration.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-3/certs \ + ${D}${libdir}/ssl-3/private \ + ${D}${libdir}/ssl-3/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf +} + +do_install:append:class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-3/certs \ + SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-3 \ + OPENSSL_MODULES=${libdir}/ossl-modules +} + +do_install:append:class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + install -d ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test + + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines + + install -d ${D}${PTEST_PATH}/providers + install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers + + install -d ${D}${PTEST_PATH}/Configurations + cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ + + # seems to be needed with perl 5.32.1 + install -d ${D}${PTEST_PATH}/util/perl/recipes + cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy" + +FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES:libssl = "${libdir}/libssl${SOLIBS}" +FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-3/openssl.cnf* \ + " +FILES:${PN}-engines = "${libdir}/engines-3" +# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) +FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" +FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" +FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" +FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" +RDEPENDS:${PN}-misc = "perl" +RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed" + +RDEPENDS:${PN}-bin += "openssl-conf" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +CVE_VERSION_SUFFIX = "alphabetical" + diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb index b5f68951d7..099c58bfc7 100644 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb @@ -1,8 +1,8 @@ SUMMARY = "Enables PPP dial-in through a serial connection" SECTION = "console/network" +DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." DEPENDS = "ppp" -RDEPENDS_${PN} = "ppp" -PR = "r8" +RDEPENDS:${PN} = "ppp" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" @@ -22,6 +22,6 @@ do_install() { } USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home /dev/null \ +USERADD_PARAM:${PN} = "--system --home /dev/null \ --no-create-home --shell ${sbindir}/ppp-dialin \ --no-user-group --gid nogroup ppp" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch deleted file mode 100644 index 763e374488..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 52a1e41d7541b2c936285844c59bd1be21797860 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 29 May 2015 14:57:05 -0700 -Subject: [PATCH] Fix build with musl - -There are several assumption about glibc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - include/net/ppp_defs.h | 2 ++ - pppd/Makefile.linux | 2 +- - pppd/magic.h | 6 +++--- - pppd/plugins/rp-pppoe/config.h | 5 ++++- - pppd/plugins/rp-pppoe/plugin.c | 1 - - pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++---- - pppd/plugins/rp-pppoe/pppoe.h | 2 +- - pppd/sys-linux.c | 3 ++- - 8 files changed, 17 insertions(+), 12 deletions(-) - -diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h -index b06eda5..dafa36c 100644 ---- a/include/net/ppp_defs.h -+++ b/include/net/ppp_defs.h -@@ -38,6 +38,8 @@ - #ifndef _PPP_DEFS_H_ - #define _PPP_DEFS_H_ - -+#include <sys/time.h> -+ - /* - * The basic PPP frame. - */ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 8ab2102..d7e2564 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -126,7 +126,7 @@ LIBS += -lcrypt - #endif - - ifdef USE_LIBUTIL --CFLAGS += -DHAVE_LOGWTMP=1 -+#CFLAGS += -DHAVE_LOGWTMP=1 - LIBS += -lutil - endif - -diff --git a/pppd/magic.h b/pppd/magic.h -index c81213b..9d399e3 100644 ---- a/pppd/magic.h -+++ b/pppd/magic.h -@@ -42,8 +42,8 @@ - * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ - */ - --void magic_init __P((void)); /* Initialize the magic number generator */ --u_int32_t magic __P((void)); /* Returns the next magic number */ -+void magic_init (void); /* Initialize the magic number generator */ -+u_int32_t magic (void); /* Returns the next magic number */ - - /* Fill buffer with random bytes */ --void random_bytes __P((unsigned char *buf, int len)); -+void random_bytes (unsigned char *buf, int len); -diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h -index 5703087..fff032e 100644 ---- a/pppd/plugins/rp-pppoe/config.h -+++ b/pppd/plugins/rp-pppoe/config.h -@@ -78,8 +78,9 @@ - #define HAVE_NET_IF_ARP_H 1 - - /* Define if you have the <net/ethernet.h> header file. */ -+#ifdef __GLIBC__ - #define HAVE_NET_ETHERNET_H 1 -- -+#endif - /* Define if you have the <net/if.h> header file. */ - #define HAVE_NET_IF_H 1 - -@@ -102,7 +103,9 @@ - #define HAVE_NETPACKET_PACKET_H 1 - - /* Define if you have the <sys/cdefs.h> header file. */ -+#ifdef __GLIBC__ - #define HAVE_SYS_CDEFS_H 1 -+#endif - - /* Define if you have the <sys/dlpi.h> header file. */ - /* #undef HAVE_SYS_DLPI_H */ -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c -index a8c2bb4..ca34d79 100644 ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -46,7 +46,6 @@ static char const RCSID[] = - #include <unistd.h> - #include <fcntl.h> - #include <signal.h> --#include <net/ethernet.h> - #include <net/if_arp.h> - #include <linux/ppp_defs.h> - #include <linux/if_pppox.h> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c -index 3d3bf4e..d42f619 100644 ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -27,10 +27,6 @@ - #include <linux/if_packet.h> - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include <net/ethernet.h> --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include <asm/types.h> - #endif -@@ -47,6 +43,10 @@ - #include <net/if_arp.h> - #endif - -+#ifndef __GLIBC__ -+#define error(x...) fprintf(stderr, x) -+#endif -+ - char *xstrdup(const char *s); - void usage(void); - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..75b9004 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -92,7 +92,7 @@ typedef unsigned long UINT32_t; - #ifdef HAVE_SYS_SOCKET_H - #include <sys/socket.h> - #endif --#ifndef HAVE_SYS_DLPI_H -+#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H - #include <netinet/if_ether.h> - #endif - #endif -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index a105505..49b0273 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -112,7 +112,7 @@ - #include <linux/types.h> - #include <linux/if.h> - #include <linux/if_arp.h> --#include <linux/route.h> -+/* #include <linux/route.h> */ - #include <linux/if_ether.h> - #endif - #include <netinet/in.h> -@@ -145,6 +145,7 @@ - #endif - - #ifdef INET6 -+#include <net/route.h> - #ifndef _LINUX_IN6_H - /* - * This is in linux/include/net/ipv6.h. --- -2.1.4 - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch deleted file mode 100644 index ea4969b366..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001 -From: Lu Chong <Chong.Lu@windriver.com> -Date: Tue, 5 Nov 2013 17:32:56 +0800 -Subject: [PATCH] ppp: Fix compilation errors in Makefile - -Make can't exit while compilation error occurs in subdir for plugins building. - -Upstream-Status: Pending - -Signed-off-by: Lu Chong <Chong.Lu@windriver.com> ---- - pppd/plugins/Makefile.linux | 1 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 0a7ec7b..2a2c15a 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -20,7 +20,7 @@ include .depend - endif - - all: $(PLUGINS) -- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done -+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done - - %.so: %.c - $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch deleted file mode 100644 index a32f89fbc8..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch +++ /dev/null @@ -1,43 +0,0 @@ -commit cd90fd147844a0cfec101f1e2db7a3c59d236621 -Author: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Wed Dec 28 14:11:22 2016 +0200 - -pppol2tp plugin: Remove unneeded include - -The include is not required and will break compile on musl libc with - -| In file included from pppol2tp.c:34:0: -| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant -| IFF_LOWER_UP = 1<<16, /* __volatile__ */ - -Patch originally from Khem Raj. - -Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..458316b 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -47,7 +47,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - #include "l2tp_event.h" -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index 0e28606..4f6d98c 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -46,7 +46,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - /* should be added to system's socket.h... */ ---- - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch deleted file mode 100644 index 9362d12648..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel <lkundrak@v3.sk> -Date: Mon, 9 Jan 2017 13:34:23 +0000 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be -included before <linux/in.h> otherwise the earlier, unaware of the latter, -tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work -alone anymore, since it pulls the headers in the wrong order, so we better -include <netinet/in.h> early. - -Upstream-Status: Backport -[https://github.com/paulusmack/ppp/commit/50a2997b256e0e0ef7a46fae133f56f60fce539c] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - pppd/plugins/rp-pppoe/pppoe.h | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..c4aaa6e 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -47,6 +47,10 @@ - #include <sys/socket.h> - #endif - -+/* This has to be included before Linux 4.8's linux/in.h -+ * gets dragged in. */ -+#include <netinet/in.h> -+ - /* Ugly header files on some Linux boxes... */ - #if defined(HAVE_LINUX_IF_H) - #include <linux/if.h> -@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t; - #include <linux/if_ether.h> - #endif - --#include <netinet/in.h> -- - #ifdef HAVE_NETINET_IF_ETHER_H - #include <sys/types.h> - -@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t; - #endif - - -- - /* Ethernet frame types according to RFC 2516 */ - #define ETH_PPPOE_DISCOVERY 0x8863 - #define ETH_PPPOE_SESSION 0x8864 --- -2.7.4 - diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch deleted file mode 100644 index db4dbc27a9..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch +++ /dev/null @@ -1,292 +0,0 @@ -This patch comes from OpenEmbedded. -The original patch is from Debian / SuSE to implement replacedefaultroute -Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [debian/suse patches] - -diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c ---- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 16:40:00.478716855 +0800 -@@ -198,6 +198,16 @@ - "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - -+#ifdef __linux__ -+ { "replacedefaultroute", o_bool, -+ &ipcp_wantoptions[0].replace_default_route, -+ "Replace default route", 1 -+ }, -+ { "noreplacedefaultroute", o_bool, -+ &ipcp_allowoptions[0].replace_default_route, -+ "Never replace default route", OPT_A2COPY, -+ &ipcp_wantoptions[0].replace_default_route }, -+#endif - { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, - "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, - { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, -@@ -271,7 +281,7 @@ - ip_active_pkt - }; - --static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); -+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); - static void ipcp_script __P((char *, int)); /* Run an up/down script */ - static void ipcp_script_done __P((void *)); - -@@ -1742,7 +1752,12 @@ - if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) - return 0; - if (wo->default_route) -+#ifndef __linux__ - if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) -+#else -+ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[u] = 1; - if (wo->proxy_arp) - if (sifproxyarp(u, wo->hisaddr)) -@@ -1830,7 +1845,8 @@ - */ - if (demand) { - if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { -- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); -+ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route); - if (go->ouraddr != wo->ouraddr) { - warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); -@@ -1855,7 +1871,12 @@ - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -1905,7 +1926,12 @@ - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -1983,7 +2009,7 @@ - sifnpmode(f->unit, PPP_IP, NPMODE_DROP); - sifdown(f->unit); - ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, -- ipcp_hisoptions[f->unit].hisaddr); -+ ipcp_hisoptions[f->unit].hisaddr, 0); - } - - /* Execute the ip-down script */ -@@ -1999,12 +2025,21 @@ - * proxy arp entries, etc. - */ - static void --ipcp_clear_addrs(unit, ouraddr, hisaddr) -+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) - int unit; - u_int32_t ouraddr; /* local address */ - u_int32_t hisaddr; /* remote address */ -+ bool replacedefaultroute; - { -- if (proxy_arp_set[unit]) { -+ /* If replacedefaultroute, sifdefaultroute will be called soon -+ * with replacedefaultroute set and that will overwrite the current -+ * default route. This is the case only when doing demand, otherwise -+ * during demand, this cifdefaultroute would restore the old default -+ * route which is not what we want in this case. In the non-demand -+ * case, we'll delete the default route and restore the old if there -+ * is one saved by an sifdefaultroute with replacedefaultroute. -+ */ -+ if (!replacedefaultroute && default_route_set[unit]) { - cifproxyarp(unit, hisaddr); - proxy_arp_set[unit] = 0; - } -diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h ---- ppp-2.4.5-orig/pppd/ipcp.h 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/ipcp.h 2010-06-30 16:40:49.586203129 +0800 -@@ -70,6 +70,7 @@ - bool old_addrs; /* Use old (IP-Addresses) option? */ - bool req_addr; /* Ask peer to send IP address? */ - bool default_route; /* Assign default route through interface? */ -+ bool replace_default_route; /* Replace default route through interface? */ - bool proxy_arp; /* Make proxy ARP entry for peer? */ - bool neg_vj; /* Van Jacobson Compression? */ - bool old_vj; /* use old (short) form of VJ option? */ -diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8 ---- ppp-2.4.5-orig/pppd/pppd.8 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/pppd.8 2010-06-30 16:42:47.102413859 +0800 -@@ -121,6 +121,13 @@ - This entry is removed when the PPP connection is broken. This option - is privileged if the \fInodefaultroute\fR option has been specified. - .TP -+.B replacedefaultroute -+This option is a flag to the defaultroute option. If defaultroute is -+set and this flag is also set, pppd replaces an existing default route -+with the new default route. -+ -+ -+.TP - .B disconnect \fIscript - Execute the command specified by \fIscript\fR, by passing it to a - shell, after -@@ -717,7 +724,12 @@ - .TP - .B nodefaultroute - Disable the \fIdefaultroute\fR option. The system administrator who --wishes to prevent users from creating default routes with pppd -+wishes to prevent users from adding a default route with pppd -+can do so by placing this option in the /etc/ppp/options file. -+.TP -+.B noreplacedefaultroute -+Disable the \fIreplacedefaultroute\fR option. The system administrator who -+wishes to prevent users from replacing a default route with pppd - can do so by placing this option in the /etc/ppp/options file. - .TP - .B nodeflate -diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h ---- ppp-2.4.5-orig/pppd/pppd.h 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/pppd.h 2010-06-30 16:43:36.514148327 +0800 -@@ -643,7 +643,11 @@ - int cif6addr __P((int, eui64_t, eui64_t)); - /* Remove an IPv6 address from i/f */ - #endif -+#ifndef __linux__ - int sifdefaultroute __P((int, u_int32_t, u_int32_t)); -+#else -+int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); -+#endif - /* Create default route through i/f */ - int cifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Delete default route through i/f */ -diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c ---- ppp-2.4.5-orig/pppd/sys-linux.c 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/sys-linux.c 2010-06-30 16:54:00.362716231 +0800 -@@ -206,6 +206,8 @@ - - static int if_is_up; /* Interface has been marked up */ - static int have_default_route; /* Gateway for default route added */ -+static struct rtentry old_def_rt; /* Old default route */ -+static int default_rt_repl_rest; /* replace and restore old default rt */ - static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ - static char proxy_arp_dev[16]; /* Device for proxy arp entry */ - static u_int32_t our_old_addr; /* for detecting address changes */ -@@ -1537,6 +1539,9 @@ - p = NULL; - } - -+ SET_SA_FAMILY (rt->rt_dst, AF_INET); -+ SET_SA_FAMILY (rt->rt_gateway, AF_INET); -+ - SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); - SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); - SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); -@@ -1606,20 +1611,51 @@ - /******************************************************************** - * - * sifdefaultroute - assign a default route through the address given. -- */ -- --int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) --{ -- struct rtentry rt; -- -- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { -- if (rt.rt_flags & RTF_GATEWAY) -- error("not replacing existing default route via %I", -- SIN_ADDR(rt.rt_gateway)); -- else -- error("not replacing existing default route through %s", -- rt.rt_dev); -- return 0; -+ * -+ * If the global default_rt_repl_rest flag is set, then this function -+ * already replaced the original system defaultroute with some other -+ * route and it should just replace the current defaultroute with -+ * another one, without saving the current route. Use: demand mode, -+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses -+ * and then changes the temporary addresses to the addresses for the real -+ * ppp connection when it has come up. -+ */ -+ -+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) -+{ -+ struct rtentry rt, tmp_rt; -+ struct rtentry *del_rt = NULL; -+ -+ if (default_rt_repl_rest) { -+ /* We have already reclaced the original defaultroute, if we -+ * are called again, we will delete the current default route -+ * and set the new default route in this function. -+ * - this is normally only the case the doing demand: */ -+ if (defaultroute_exists( &tmp_rt )) -+ del_rt = &tmp_rt; -+ } else if ( defaultroute_exists( &old_def_rt ) && -+ strcmp( old_def_rt.rt_dev, ifname ) != 0) { -+ /* We did not yet replace an existing default route, let's -+ * check if we should save and replace a default route: -+ */ -+ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); -+ if (old_gateway != gateway) { -+ if (!replace) { -+ error("not replacing default route to %s [%I]", -+ old_def_rt.rt_dev, old_gateway); -+ return 0; -+ } else { -+ // we need to copy rt_dev because we need it permanent too: -+ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1); -+ strcpy(tmp_dev, old_def_rt.rt_dev); -+ old_def_rt.rt_dev = tmp_dev; -+ -+ notice("replacing old default route to %s [%I]", -+ old_def_rt.rt_dev, old_gateway); -+ default_rt_repl_rest = 1; -+ del_rt = &old_def_rt; -+ } -+ } - } - - memset (&rt, 0, sizeof (rt)); -@@ -1638,6 +1674,12 @@ - error("default route ioctl(SIOCADDRT): %m"); - return 0; - } -+ if (default_rt_repl_rest && del_rt) -+ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno); -+ return 0; -+ } - - have_default_route = 1; - return 1; -@@ -1673,6 +1715,16 @@ - return 0; - } - } -+ if (default_rt_repl_rest) { -+ notice("restoring old default route to %s [%I]", -+ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); -+ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno); -+ return 0; -+ } -+ default_rt_repl_rest = 0; -+ } - - return 1; - } diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch deleted file mode 100644 index 53ff06e03e..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/copts.patch +++ /dev/null @@ -1,21 +0,0 @@ -ppp: use build system CFLAGS when compiling - -Upstream-Status: Pending - -Override the hard-coded COPTS make variables with -CFLAGS. Add COPTS into one Makefile that did not -use it. - -Signed-off-by: Joe Slater <jslater@windriver.com> - ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch deleted file mode 100644 index c5a0be86f5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch +++ /dev/null @@ -1,30 +0,0 @@ -ppp: Buffer overflow in radius plugin - -From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 - -Upstream-Status: Backport -CVE: CVE-2015-3310 - -On systems with more than 65535 processes running, pppd aborts when -sending a "start" accounting message to the RADIUS server because of a -buffer overflow in rc_mksid. - -The process id is used in rc_mksid to generate a pseudo-unique string, -assuming that the hex representation of the pid will be at most 4 -characters (FFFF). __sprintf_chk(), used when compiling with -optimization levels greater than 0 and FORTIFY_SOURCE, detects the -buffer overflow and makes pppd crash. - -The following patch fixes the problem. - ---- ppp-2.4.6.orig/pppd/plugins/radius/util.c -+++ ppp-2.4.6/pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () % 65535, - cnt & 0xFF); - cnt++; - return buf; diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch deleted file mode 100644 index d59717ebd3..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch +++ /dev/null @@ -1,37 +0,0 @@ -The patch comes from OpenEmbedded. -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Updated from OE-Classic to include the pcap hunk. -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -Upstream-Status: Inappropriate [configuration] - -diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux ---- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 17:08:21.806363042 +0800 -@@ -117,10 +117,10 @@ - #LIBS += -lshadow $(LIBS) - endif - --ifneq ($(wildcard /usr/include/crypt.h),) -+#ifneq ($(wildcard /usr/include/crypt.h),) - CFLAGS += -DHAVE_CRYPT_H=1 - LIBS += -lcrypt --endif -+#endif - - ifdef NEEDDES - ifndef USE_CRYPT -@@ -169,10 +169,10 @@ - endif - - ifdef FILTER --ifneq ($(wildcard /usr/include/pcap-bpf.h),) -+#ifneq ($(wildcard /usr/include/pcap-bpf.h),) - LIBS += -lpcap - CFLAGS += -DPPP_FILTER --endif -+#endif - endif - - ifdef HAVE_INET6 diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch deleted file mode 100644 index 2d09baf5d0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile.patch +++ /dev/null @@ -1,95 +0,0 @@ -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [configuration] - -diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux ---- ppp-2.4.5-orig/chat/Makefile.linux 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/chat/Makefile.linux 2010-06-30 15:51:30.450118446 +0800 -@@ -25,7 +25,7 @@ - - install: chat - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c chat $(BINDIR) -+ $(INSTALL) -c chat $(BINDIR) - $(INSTALL) -c -m 644 chat.8 $(MANDIR) - - clean: -diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux ---- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 15:52:11.214170607 +0800 -@@ -99,7 +99,7 @@ - CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include - LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto - TARGETS += srp-entry --EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry -+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry - MANPAGES += srp-entry.8 - EXTRACLEAN += srp-entry.o - NEEDDES=y -@@ -200,7 +200,7 @@ - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd -+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi - $(INSTALL) -c -m 444 pppd.8 $(MANDIR) -diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux ---- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 -+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux 2010-06-30 15:53:47.750182267 +0800 -@@ -36,11 +36,11 @@ - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) -- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) -- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) -+ $(INSTALL) -c -m 755 radius.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) -+ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR) -+ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a - $(CC) -o radius.so -shared radius.o libradiusclient.a -diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux ---- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:51:12.047676187 +0800 -+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:53:15.454486877 +0800 -@@ -43,9 +43,9 @@ - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) -+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) - - clean: - rm -f *.o *.so pppoe-discovery -diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux ---- ppp-2.4.5-orig/pppdump/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 -+++ ppp-2.4.5/pppdump/Makefile.linux 2010-06-30 15:52:25.762183537 +0800 -@@ -17,5 +17,5 @@ - - install: - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c pppdump $(BINDIR) -+ $(INSTALL) -c pppdump $(BINDIR) - $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) -diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux ---- ppp-2.4.5-orig/pppstats/Makefile.linux 2010-06-30 15:51:12.058183383 +0800 -+++ ppp-2.4.5/pppstats/Makefile.linux 2010-06-30 15:52:42.486341081 +0800 -@@ -22,7 +22,7 @@ - - install: pppstats - -mkdir -p $(MANDIR) -- $(INSTALL) -s -c pppstats $(BINDIR) -+ $(INSTALL) -c pppstats $(BINDIR) - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch deleted file mode 100644 index a72414ff8a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch +++ /dev/null @@ -1,45 +0,0 @@ -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [embedded specific] - -diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c ---- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800 -@@ -55,6 +55,8 @@ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> -+#include <sys/stat.h> -+#include <unistd.h> - - #include "pppd.h" - #include "fsm.h" -@@ -2095,6 +2097,14 @@ - u_int32_t peerdns1, peerdns2; - { - FILE *f; -+ struct stat dirinfo; -+ -+ if(stat(_PATH_OUTDIR, &dirinfo)) { -+ if(mkdir(_PATH_OUTDIR, 0775)) { -+ error("Failed to create directory %s: %m", _PATH_OUTDIR); -+ return; -+ } -+ } - - f = fopen(_PATH_RESOLV, "w"); - if (f == NULL) { -diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h ---- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800 -@@ -30,7 +30,8 @@ - #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." - #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" - #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" --#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" -+#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp" -+#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf" - - #define _PATH_USEROPT ".ppprc" - #define _PATH_PSEUDONYM ".ppp_pseudonym" diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb deleted file mode 100644 index a5f764f6ec..0000000000 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ /dev/null @@ -1,101 +0,0 @@ -SUMMARY = "Point-to-Point Protocol (PPP) support" -DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ -the Point-to-Point Protocol (PPP) on Linux and Solaris systems." -SECTION = "console/network" -HOMEPAGE = "http://samba.org/ppp/" -BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" -DEPENDS = "libpcap" -LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" -LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ - file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ - file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ - file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" - -SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ - file://makefile.patch \ - file://cifdefroute.patch \ - file://pppd-resolv-varrun.patch \ - file://makefile-remove-hard-usr-reference.patch \ - file://pon \ - file://poff \ - file://init \ - file://ip-up \ - file://ip-down \ - file://08setupdns \ - file://92removedns \ - file://copts.patch \ - file://pap \ - file://ppp_on_boot \ - file://provider \ - file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \ - file://ppp@.service \ - file://fix-CVE-2015-3310.patch \ - file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ - file://0001-ppp-Remove-unneeded-include.patch \ -" - -SRC_URI_append_libc-musl = "\ - file://0001-Fix-build-with-musl.patch \ -" -SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a" -SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30" - -inherit autotools-brokensep systemd - -TARGET_CC_ARCH += " ${LDFLAGS}" -EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" -EXTRA_OECONF = "--disable-strip" - -# Package Makefile computes CFLAGS, referencing COPTS. -# Typically hard-coded to '-O2 -g' in the Makefile's. -# -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' - -do_configure () { - oe_runconf -} - -do_install_append () { - make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp - mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d - mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ - mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ - install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon - install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp - install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/ - install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/ - install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ - install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ - mkdir -p ${D}${sysconfdir}/chatscripts - mkdir -p ${D}${sysconfdir}/ppp/peers - install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts - install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot - install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/ppp@.service - rm -rf ${D}/${mandir}/man8/man8 - chmod u+s ${D}${sbindir}/pppd -} - -CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" -PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" -FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" -FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" -FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so" -FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" -FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" -FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" -FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" -FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" -FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" -SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" -SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" -SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" -SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" -SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" -SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" -SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" -SUMMARY_${PN}-tools = "Additional tools for the PPP package" diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb new file mode 100644 index 0000000000..5f0c75de83 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb @@ -0,0 +1,75 @@ +SUMMARY = "Point-to-Point Protocol (PPP) support" +DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ +the Point-to-Point Protocol (PPP) on Linux and Solaris systems." +SECTION = "console/network" +HOMEPAGE = "http://samba.org/ppp/" +BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" +DEPENDS = "libpcap openssl virtual/crypt" +LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD" +LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ + file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ + file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ + file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" + +SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ + file://pon \ + file://poff \ + file://init \ + file://ip-up \ + file://ip-down \ + file://08setupdns \ + file://92removedns \ + file://pap \ + file://ppp_on_boot \ + file://provider \ + file://ppp@.service \ + " + +SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff" + +inherit autotools systemd + +EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}" + +do_install:append () { + mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d + mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ + mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ + install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon + install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp + install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/ + install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ + install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ + mkdir -p ${D}${sysconfdir}/chatscripts + mkdir -p ${D}${sysconfdir}/ppp/peers + install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts + install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot + install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} + sed -i -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/ppp@.service +} + +CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" +PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" +FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" +FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" +FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" +FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" +FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" +FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" +FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" +FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" +FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" +SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" +SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" +SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" +SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" +SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" +SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" +SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" +SUMMARY:${PN}-tools = "Additional tools for the PPP package" + diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch @@ -0,0 +1,37 @@ +From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Nov 2022 17:26:30 +0800 +Subject: [PATCH] avoid using -m option for readlink + +Use a more widely used option '-f' instead of '-m' here to +avoid dependency on coreutils. + +Looking at the git history of the resolvconf repo, the '-m' +is deliberately used. And it wants to depend on coreutils. +But in case of OE, the existence of /etc is ensured, and busybox +readlink provides '-f' option, so we can just use '-f'. In this +way, the coreutils dependency is not necessary any more. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + etc/resolvconf/update.d/libc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc +index 1c4f6bc..f75d22c 100755 +--- a/etc/resolvconf/update.d/libc ++++ b/etc/resolvconf/update.d/libc +@@ -57,7 +57,7 @@ fi + report_warning() { echo "$0: Warning: $*" >&2 ; } + + resolv_conf_is_symlinked_to_dynamic_file() { +- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] ++ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] + } + + if ! resolv_conf_is_symlinked_to_dynamic_file ; then +-- +2.17.1 + diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch deleted file mode 100644 index 1aead07869..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch +++ /dev/null @@ -1,20 +0,0 @@ - -busybox installs readlink into /usr/bin, so ensure /usr/bin -is in the path. - -Upstream-Status: Submitted -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: resolvconf-1.76/etc/resolvconf/update.d/libc -=================================================================== ---- resolvconf-1.76.orig/etc/resolvconf/update.d/libc -+++ resolvconf-1.76/etc/resolvconf/update.d/libc -@@ -16,7 +16,7 @@ - # - - set -e --PATH=/sbin:/bin -+PATH=/sbin:/bin:/usr/bin - - [ -x /lib/resolvconf/list-records ] || exit 1 - diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb index 8550177288..226cb7ee77 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb @@ -5,26 +5,24 @@ itself up as the intermediary between programs that supply \ nameserver information and programs that need nameserver \ information." SECTION = "console/network" -LICENSE = "GPLv2+" +LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" -AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS_${PN} = "bash" +RDEPENDS:${PN} = "bash sed util-linux-flock" -SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \ - file://fix-path-for-busybox.patch \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://99_resolvconf \ - " + file://0001-avoid-using-m-option-for-readlink.patch \ + " -SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300" -SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0" +SRCREV = "86047276c80705c51859a19f0c472102e0822f34" + +S = "${WORKDIR}/git" # the package is taken from snapshots.debian.org; that source is static and goes stale # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" -inherit allarch - do_compile () { : } @@ -39,12 +37,14 @@ do_install () { fi install -d ${D}${base_libdir}/${BPN} install -d ${D}${sysconfdir}/${BPN} + install -d ${D}${nonarch_base_libdir}/${BPN} ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run install -d ${D}${sysconfdir} ${D}${base_sbindir} install -d ${D}${mandir}/man8 ${D}${docdir}/${P} - cp -pPR etc/* ${D}${sysconfdir}/ + cp -pPR etc/resolvconf ${D}${sysconfdir}/ chown -R root:root ${D}${sysconfdir}/ install -m 0755 bin/resolvconf ${D}${base_sbindir}/ + install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} install -d ${D}/${sysconfdir}/network/if-up.d install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf @@ -54,7 +54,7 @@ do_install () { install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ } -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { if [ -z "$D" ]; then if command -v systemd-tmpfiles >/dev/null; then systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf @@ -64,4 +64,4 @@ pkg_postinst_${PN} () { fi } -FILES_${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" diff --git a/meta/recipes-connectivity/slirp/libslirp_git.bb b/meta/recipes-connectivity/slirp/libslirp_git.bb new file mode 100644 index 0000000000..334b786b9b --- /dev/null +++ b/meta/recipes-connectivity/slirp/libslirp_git.bb @@ -0,0 +1,18 @@ +SUMMARY = "A general purpose TCP-IP emulator" +DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services." +HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp" +LICENSE = "BSD-3-Clause & MIT" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727" + +SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master" +SRCREV = "3ad1710a96678fe79066b1469cead4058713a1d9" +PV = "4.7.0" +S = "${WORKDIR}/git" + +DEPENDS = " \ + glib-2.0 \ +" + +inherit meson pkgconfig + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch new file mode 100644 index 0000000000..9051ae1abe --- /dev/null +++ b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch @@ -0,0 +1,62 @@ +From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@eng.windriver.com> +Date: Tue, 5 Dec 2023 23:02:22 -0800 +Subject: [PATCH v2] fix compile procan.c failed + +1. Compile socat failed if out of tree build (build dir != source dir) +... +gcc -c -D CC="gcc" -o procan.o procan.c +cc1: fatal error: procan.c: No such file or directory +... +Explicitly add $srcdir to makefile rule + +2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" +... +from ../socat-1.8.0.0/procan.c:10: +../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory + 18 | #include <inttypes.h> /* uint16_t */ +... + +In commit [Procan: print umask, CC, and couple more new infos][1], +it defeines marcro CC in C source, the space in CC will break +C source compile. Use first word of $(CC) to defeine marco CC + +[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 + +Upstream-Status: Submitted [socat@dest-unreach.org] +Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com> +--- + Makefile.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index c01b1a4..48dad69 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES) + socat: socat.o libxio.a + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) + +-procan.o: procan.c +- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c ++procan.o: $(srcdir)/procan.c ++ $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c + + PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o + procan: $(PROCAN_OBJS) +@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 + mkdir -p $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 + ln -sf socat1 $(DESTDIR)$(BINDEST)/socat +- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) + $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) + mkdir -p $(DESTDIR)$(MANDEST)/man1 +-- +2.42.0 + diff --git a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch deleted file mode 100644 index c0e27f3d78..0000000000 --- a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch +++ /dev/null @@ -1,52 +0,0 @@ -From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 15 Mar 2016 21:36:02 +0000 -Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl - -Original intention of these asserts is to find if termios structure -is mapped correctly to locally define union, the get* APIs for -baudrate would not do the right thing since they do not return the -value from c_ospeed/c_ispeed but the value which is stored in iflag -for baudrate. - -So we check if we are on Linux but not using glibc then we use -__c_ispeed and __c_ospeed as defined in musl, however these are -internal elements of structs it should not have been used this -way. - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- -Upstream-Status: Pending - - xioinitialize.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/xioinitialize.c b/xioinitialize.c -index 9f50155..8fb2e4c 100644 ---- a/xioinitialize.c -+++ b/xioinitialize.c -@@ -65,6 +65,12 @@ int xioinitialize(void) { - #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1) - #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1) - #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1) -+#if defined(__linux__) && !defined(__GLIBC__) -+ tdata.termarg.__c_ispeed = 0x56789abc; -+ tdata.termarg.__c_ospeed = 0x6789abcd; -+ assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]); -+ assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]); -+#else - tdata.termarg.c_ispeed = 0x56789abc; - tdata.termarg.c_ospeed = 0x6789abcd; - assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]); -@@ -72,6 +78,7 @@ int xioinitialize(void) { - #endif - #endif - #endif -+#endif - } - #endif - --- -2.8.0 - diff --git a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch deleted file mode 100644 index 4bbd36766d..0000000000 --- a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 15 Feb 2016 20:25:34 +0000 -Subject: [PATCH] define NETDB_INTERNAL to -1 if not available - -helps build with musl - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - compat.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/compat.h b/compat.h -index c8bee4d..bfb013a 100644 ---- a/compat.h -+++ b/compat.h -@@ -666,6 +666,10 @@ typedef int sig_atomic_t; - # define NETDB_INTERNAL h_NETDB_INTERNAL - #endif - -+#if !defined(NETDB_INTERNAL) -+# define NETDB_INTERNAL (-1) -+#endif -+ - #ifndef INET_ADDRSTRLEN - # define INET_ADDRSTRLEN sizeof(struct sockaddr_in) - #endif --- -2.7.1 - diff --git a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch deleted file mode 100644 index aa4db65a79..0000000000 --- a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001 -From: Robert Yang <liezhi.yang@windriver.com> -Date: Mon, 4 May 2015 00:58:47 -0700 -Subject: [PATCH] Makefile.in: fix for parallel build - -Fixed: -vsnprintf_r.o: file not recognized: File truncated -collect2: error: ld returned 3 exit status -Makefile:122: recipe for target 'filan' failed - -Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue. - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index f2a6edb..88b784b 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut - procan: $(PROCAN_OBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS) - --filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o -+filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS) - - libxio.a: $(XIOOBJS) $(UTLOBJS) --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.2.bb b/meta/recipes-connectivity/socat/socat_1.7.3.2.bb deleted file mode 100644 index 4dcb7b4adc..0000000000 --- a/meta/recipes-connectivity/socat/socat_1.7.3.2.bb +++ /dev/null @@ -1,41 +0,0 @@ -SUMMARY = "Multipurpose relay for bidirectional data transfer" -DESCRIPTION = "Socat is a relay for bidirectional data \ -transfer between two independent data channels." -HOMEPAGE = "http://www.dest-unreach.org/socat/" - -SECTION = "console/network" - -DEPENDS = "openssl readline" - -LICENSE = "GPL-2.0+-with-OpenSSL-exception" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" - - -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ - file://Makefile.in-fix-for-parallel-build.patch \ - file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \ - file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \ -" - -SRC_URI[md5sum] = "607a24c15bd2cb54e9328bfbbd3a1ae9" -SRC_URI[sha256sum] = "e3561f808739383eb10fada1e5d4f26883f0311b34fd0af7837d0c95ef379251" - -inherit autotools - -EXTRA_AUTORECONF += "--exclude=autoheader" - -EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ - ac_cv_header_bsd_libutil_h=no \ -" - -PACKAGECONFIG_class-target ??= "tcp-wrappers" -PACKAGECONFIG ??= "" -PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" - -do_install_prepend () { - mkdir -p ${D}${bindir} - install -d ${D}${bindir} ${D}${mandir}/man1 -} - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb new file mode 100644 index 0000000000..912605c95c --- /dev/null +++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb @@ -0,0 +1,53 @@ +SUMMARY = "Multipurpose relay for bidirectional data transfer" +DESCRIPTION = "Socat is a relay for bidirectional data \ +transfer between two independent data channels." +HOMEPAGE = "http://www.dest-unreach.org/socat/" + +SECTION = "console/network" + +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f" + +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ + file://0001-fix-compile-procan.c-failed.patch \ +" + +SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7" + +inherit autotools + +EXTRA_AUTORECONF += "--exclude=autoheader" + +EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ + ac_cv_header_bsd_libutil_h=no \ + sc_cv_termios_ispeed=no \ + ${TERMBITS_SHIFTS} \ +" + +TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ + sc_cv_sys_tabdly_shift=11 \ + sc_cv_sys_csize_shift=4" + +TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + +TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ + sc_cv_sys_tabdly_shift=10 \ + sc_cv_sys_csize_shift=8" + +PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" +PACKAGECONFIG ??= "readline openssl" +PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" +PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" + +CFLAGS += "-fcommon" + +do_install:prepend () { + mkdir -p ${D}${bindir} + install -d ${D}${bindir} ${D}${mandir}/man1 +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key Binary files differnew file mode 100644 index 0000000000..30443c9438 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key new file mode 100644 index 0000000000..86c2104ec8 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF +rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN +uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30 +07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E +cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw +cwECAw== +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000000..a358aeb88a --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key new file mode 100644 index 0000000000..00ed9adae2 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV +dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw +AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K +awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM= +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000000..cc0e2f43ed --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key new file mode 100644 index 0000000000..a8e4406ba3 --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC +i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8 +KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL +EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z +PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz +kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y +59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq +tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2 +EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO +7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf +X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E +nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L +NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM +HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL +NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY +9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U +mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb +N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK +m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+ +ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/ +SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk +b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot +JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA +wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0 +jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM +lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD +8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52 +p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt +cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV +p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J +BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx +WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP +2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49 +tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F +9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..9eb8c3838f --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb new file mode 100644 index 0000000000..ddd10e6eeb --- /dev/null +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb @@ -0,0 +1,19 @@ +SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests" + +SRC_URI = "file://dropbear_rsa_host_key \ + file://openssh" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +INHIBIT_DEFAULT_DEPS = "1" + +do_install () { + install -d ${D}${sysconfdir}/dropbear + install ${WORKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ + + install -d ${D}${sysconfdir}/ssh + install ${WORKDIR}/openssh/* ${D}${sysconfdir}/ssh/ + chmod 0600 ${D}${sysconfdir}/ssh/* + chmod 0644 ${D}${sysconfdir}/ssh/*.pub +}
\ No newline at end of file diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch deleted file mode 100644 index f34e243de9..0000000000 --- a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch +++ /dev/null @@ -1,21 +0,0 @@ -wireless_tools: Avoid stripping iwmulticall - -Upstream-Status: Inappropriate [other] - The removed code was from upstream. - -Signed-off-by: Mark Hatle <mark.hatle@windriver.com> - -diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile ---- wireless_tools.29.orig/Makefile 2011-06-18 11:35:12.183907453 -0500 -+++ wireless_tools.29/Makefile 2011-06-18 11:38:09.995907985 -0500 -@@ -135,9 +135,8 @@ - - macaddr: macaddr.o $(IWLIB) - --# Always do symbol stripping here - iwmulticall: iwmulticall.o -- $(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS) -+ $(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS) - - # It's a kind of magic... - wireless.h: diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch deleted file mode 100644 index 6c0d8cbd2e..0000000000 --- a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch +++ /dev/null @@ -1,22 +0,0 @@ -wireless-tools: Remove QA warning: No GNU_HASH in the elf binary - -Upstream-Status: Inappropriate [other] - Useful within bitbake environment only. - -Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- wireless_tools.29.orig/Makefile -+++ wireless_tools.29/Makefile -@@ -144,7 +144,7 @@ wireless.h: - - # Compilation of the dynamic library - $(DYNAMIC): $(OBJS:.o=.so) -- $(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^ -+ $(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^ - - # Compilation of the static library - $(STATIC): $(OBJS:.o=.so) diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch deleted file mode 100644 index 6a757dae76..0000000000 --- a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Inappropriate [configuration] - -Index: wireless_tools.30/Makefile -=================================================================== ---- wireless_tools.30.orig/Makefile 2014-02-01 00:21:04.148463382 -0800 -+++ wireless_tools.30/Makefile 2014-02-01 00:23:35.448072279 -0800 -@@ -76,7 +76,7 @@ - INSTALL_DIR= $(PREFIX)/sbin - INSTALL_LIB= $(PREFIX)/lib - INSTALL_INC= $(PREFIX)/include --INSTALL_MAN= $(PREFIX)/man -+INSTALL_MAN= $(PREFIX)/share/man - - # Various commands - RM = rm -f diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch deleted file mode 100644 index 3a22c3f1e7..0000000000 --- a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch +++ /dev/null @@ -1,19 +0,0 @@ -When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache -(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call -touch */libstdc++.so && /sbin/ldconfig to fix it. - -So remove ldconfig call from make install-libs - -Upstream-Status: Inappropriate [disable feature] - -diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile ---- wireless_tools.29.orig/Makefile 2007-09-18 01:56:46.000000000 +0200 -+++ wireless_tools.29/Makefile 2012-02-15 20:46:41.780763514 +0100 -@@ -163,7 +163,6 @@ - install -m 755 $(DYNAMIC) $(INSTALL_LIB) - ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK) - @echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***" -- @$(LDCONFIG) || echo "*** Could not run ldconfig ! ***" - - # Install the static library - install-static:: $(STATIC) diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb deleted file mode 100644 index 0a342071e0..0000000000 --- a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb +++ /dev/null @@ -1,50 +0,0 @@ -SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem" -HOMEPAGE = "https://hewlettpackard.github.io/wireless-tools/Tools.html" -LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ - file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \ - file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \ - file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6" -SECTION = "base" -PE = "1" - -SRC_URI = "https://hewlettpackard.github.io/wireless-tools/wireless_tools.${PV}.tar.gz \ - file://remove.ldconfig.call.patch \ - file://man.patch \ - file://avoid_strip.patch \ - file://ldflags.patch \ - " -SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d" -SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63" - -UPSTREAM_CHECK_URI = "https://hewlettpackard.github.io/wireless-tools/Tools.html" -UPSTREAM_CHECK_REGEX = "wireless_tools\.(?P<pver>(\d+)(\..*|))\.tar\.gz" - -S = "${WORKDIR}/wireless_tools.30" - -CFLAGS =+ "-I${S}" -EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \ - 'INSTALL_DIR=${D}${base_sbindir}' \ - 'INSTALL_LIB=${D}${libdir}' \ - 'INSTALL_INC=${D}${includedir}' \ - 'INSTALL_MAN=${D}${mandir}'" - -do_compile() { - oe_runmake all libiw.a -} - -do_install() { - oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr - install -d ${D}${sbindir} - install -m 0755 ifrename ${D}${sbindir}/ifrename -} - -PACKAGES = "libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc ${PN}-dbg" - -FILES_libiw = "${libdir}/*.so.*" -FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}" -FILES_libiw-doc = "${mandir}/man7" -FILES_ifrename = "${sbindir}/ifrename" -FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5" -FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network" -FILES_${PN}-doc = "${mandir}" diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch new file mode 100644 index 0000000000..c04c608bde --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch @@ -0,0 +1,33 @@ +From 57b12a1e43605f71239a21488cb9b541f0751dda Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alexk@zuma.ai> +Date: Thu, 21 Apr 2022 10:15:29 +0100 +Subject: [PATCH] Install wpa_passphrase when not disabled + +As part of fixing CONFIG_NO_WPA_PASSPHRASE, whilst wpa_passphrase gets +built, its not installed during `make install`. + +Fixes: cb41c214b78d ("build: Re-enable options for libwpa_client.so and wpa_passphrase") +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +Upstream-Status: Submitted [http://lists.infradead.org/pipermail/hostap/2022-April/040448.html] +--- + wpa_supplicant/Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index 0bab313f2355..12787c0c7d0f 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -73,6 +73,9 @@ $(DESTDIR)$(BINDIR)/%: % + + install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) + $(MAKE) -C ../src install ++ifndef CONFIG_NO_WPA_PASSPHRASE ++ install -D wpa_passphrase $(DESTDIR)/$(BINDIR)/wpa_passphrase ++endif + ifdef CONFIG_BUILD_WPA_CLIENT_SO + install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so + install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 0000000000..620560d3c7 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch @@ -0,0 +1,213 @@ +From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen <j@w1.fi> + +CVE: CVE-2023-52160 +Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] + +Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> + +--- + src/eap_peer/eap_config.h | 8 ++++++ + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++--- + src/eap_peer/eap_tls_common.c | 6 +++++ + src/eap_peer/eap_tls_common.h | 5 ++++ + wpa_supplicant/wpa_supplicant.conf | 7 ++++++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 3238f74..047eec2 100644 +--- a/src/eap_peer/eap_config.h ++++ b/src/eap_peer/eap_config.h +@@ -469,6 +469,14 @@ struct eap_peer_config { + * 1 = use cryptobinding if server supports it + * 2 = require cryptobinding + * ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * + * EAP-WSC (WPS) uses following options: pin=Device_Password and + * uuid=Device_UUID + * +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df..6080697 100644 +--- a/src/eap_peer/eap_peap.c ++++ b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Do not require Phase 2 authentication"); ++ } else if (os_strstr(phase1, "phase2_auth=1")) { ++ data->phase2_auth = FOR_INITIAL; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); ++ } else if (os_strstr(phase1, "phase2_auth=2")) { ++ data->phase2_auth = ALWAYS; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); ++ } + #ifdef EAP_TNC + if (os_strstr(phase1, "tnc=soh2")) { + data->soh = 2; +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) + data->force_peap_version = -1; + data->peap_outer_success = 2; + data->crypto_binding = OPTIONAL_BINDING; ++ data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_peap_parse_phase1(data, config->phase1); +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, + } + + ++static bool peap_phase2_sufficient(struct eap_sm *sm, ++ struct eap_peap_data *data) ++{ ++ if ((data->phase2_auth == ALWAYS || ++ (data->phase2_auth == FOR_INITIAL && ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && ++ !data->ssl.client_cert_conf) || ++ data->phase2_eap_started) && ++ !data->phase2_eap_success) ++ return false; ++ return true; ++} ++ ++ + /** + * eap_tlv_process - Process a received EAP-TLV message and generate a response + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, + " - force failed Phase 2"); + resp_status = EAP_TLV_RESULT_FAILURE; + ret->decision = DECISION_FAIL; ++ } else if (!peap_phase2_sufficient(sm, data)) { ++ wpa_printf(MSG_INFO, ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); ++ resp_status = EAP_TLV_RESULT_FAILURE; ++ ret->decision = DECISION_FAIL; + } else { + resp_status = EAP_TLV_RESULT_SUCCESS; + ret->decision = DECISION_UNCOND_SUCC; +@@ -887,8 +921,7 @@ continue_req: + /* EAP-Success within TLS tunnel is used to indicate + * shutdown of the TLS channel. The authentication has + * been completed. */ +- if (data->phase2_eap_started && +- !data->phase2_eap_success) { ++ if (!peap_phase2_sufficient(sm, data)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " + "Success used to indicate success, " + "but Phase 2 EAP was not yet " +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) + { + struct eap_peap_data *data = priv; ++ + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && +- data->phase2_success; ++ data->phase2_success && data->phase2_auth != ALWAYS; + } + + +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index c1837db..a53eeb1 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, + + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); + ++ if (!phase2) ++ data->client_cert_conf = params->client_cert || ++ params->client_cert_blob || ++ params->private_key || ++ params->private_key_blob; ++ + return 0; + } + +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h +index 9ac0012..3348634 100644 +--- a/src/eap_peer/eap_tls_common.h ++++ b/src/eap_peer/eap_tls_common.h +@@ -79,6 +79,11 @@ struct eap_ssl_data { + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; ++ ++ /** ++ * client_cert_conf: Whether client certificate has been configured ++ */ ++ bool client_cert_conf; + }; + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index 6619d6b..d63f73c 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1321,6 +1321,13 @@ fast_reauth=1 + # * 0 = do not use cryptobinding (default) + # * 1 = use cryptobinding if server supports it + # * 2 = require cryptobinding ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS ++# tunnel) behavior for PEAP: ++# * 0 = do not require Phase 2 authentication ++# * 1 = require Phase 2 authentication when client certificate ++# (private_key/client_cert) is no used and TLS session resumption was ++# not used (default) ++# * 2 = require Phase 2 authentication in all cases + # EAP-WSC (WPS) uses following options: pin=<Device Password> or + # pbc=1. + # diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch new file mode 100644 index 0000000000..6e930fc98d --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch @@ -0,0 +1,73 @@ +From cb41c214b78d6df187a31950342e48a403dbd769 Mon Sep 17 00:00:00 2001 +From: Sergey Matyukevich <geomatsi@gmail.com> +Date: Tue, 22 Feb 2022 11:52:19 +0300 +Subject: [PATCH 1/2] build: Re-enable options for libwpa_client.so and + wpa_passphrase + +Commit a41a29192e5d ("build: Pull common fragments into a build.rules +file") introduced a regression into wpa_supplicant build process. The +build target libwpa_client.so is not built regardless of whether the +option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because +this config option is used before it is imported from the configuration +file. Moving its use after including build.rules does not help: the +variable ALL is processed by build.rules and further changes are not +applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work +as expected: wpa_passphrase is always built regardless of whether the +option is set or not. + +Re-enable these options by adding both build targets to _all +dependencies. + +Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file") +Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alexk@gmail.com> +--- + wpa_supplicant/Makefile | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index cb66defac7c8..c456825ae75f 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -1,24 +1,29 @@ + BINALL=wpa_supplicant wpa_cli + +-ifndef CONFIG_NO_WPA_PASSPHRASE +-BINALL += wpa_passphrase +-endif +- + ALL = $(BINALL) + ALL += systemd/wpa_supplicant.service + ALL += systemd/wpa_supplicant@.service + ALL += systemd/wpa_supplicant-nl80211@.service + ALL += systemd/wpa_supplicant-wired@.service + ALL += dbus/fi.w1.wpa_supplicant1.service +-ifdef CONFIG_BUILD_WPA_CLIENT_SO +-ALL += libwpa_client.so +-endif + + EXTRA_TARGETS=dynamic_eap_methods + + CONFIG_FILE=.config + include ../src/build.rules + ++ifdef CONFIG_BUILD_WPA_CLIENT_SO ++# add the dependency this way to allow CONFIG_BUILD_WPA_CLIENT_SO ++# being set in the config which is read by build.rules ++_all: libwpa_client.so ++endif ++ ++ifndef CONFIG_NO_WPA_PASSPHRASE ++# add the dependency this way to allow CONFIG_NO_WPA_PASSPHRASE ++# being set in the config which is read by build.rules ++_all: wpa_passphrase ++endif ++ + ifdef LIBS + # If LIBS is set with some global build system defaults, clone those for + # LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well. +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch new file mode 100644 index 0000000000..53b0fcdf53 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch @@ -0,0 +1,26 @@ +From d001b301ba7987f4b39453a211631b85c48f2ff8 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <quic_jouni@quicinc.com> +Date: Thu, 3 Mar 2022 13:26:42 +0200 +Subject: [PATCH 2/2] Fix removal of wpa_passphrase on 'make clean' + +Fixes: 0430bc8267b4 ("build: Add a common-clean target") +Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com> +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +Signed-off-by: Alex Kiernan <alexk@gmail.com> +--- + wpa_supplicant/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile +index c456825ae75f..4b4688931b1d 100644 +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -2077,3 +2077,4 @@ clean: common-clean + rm -f libwpa_client.a + rm -f libwpa_client.so + rm -f libwpa_test1 libwpa_test2 ++ rm -f wpa_passphrase +-- +2.35.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig deleted file mode 100644 index f04e398fdb..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig +++ /dev/null @@ -1,552 +0,0 @@ -# Example wpa_supplicant build time configuration -# -# This file lists the configuration options that are used when building the -# hostapd binary. All lines starting with # are ignored. Configuration option -# lines must be commented out complete, if they are not to be included, i.e., -# just setting VARIABLE=n is not disabling that variable. -# -# This file is included in Makefile, so variables like CFLAGS and LIBS can also -# be modified from here. In most cases, these lines should use += in order not -# to override previous values of the variables. - - -# Uncomment following two lines and fix the paths if you have installed OpenSSL -# or GnuTLS in non-default location -#CFLAGS += -I/usr/local/openssl/include -#LIBS += -L/usr/local/openssl/lib - -# Some Red Hat versions seem to include kerberos header files from OpenSSL, but -# the kerberos files are not in the default include path. Following line can be -# used to fix build issues on such systems (krb5.h not found). -#CFLAGS += -I/usr/include/kerberos - -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for madwifi driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_MADWIFI=y -# Set include directory to the madwifi source tree -#CFLAGS += -I../../madwifi - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -# CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - -# Driver interface for generic Linux wireless extensions -# Note: WEXT is deprecated in the current Linux kernel version and no new -# functionality is added to it. nl80211-based interface is the new -# replacement for WEXT and its use allows wpa_supplicant to properly control -# the driver to improve existing functionality like roaming and to support new -# functionality. -CONFIG_DRIVER_WEXT=y - -# Driver interface for Linux drivers using the nl80211 kernel interface -CONFIG_DRIVER_NL80211=y - -# driver_nl80211.c requires libnl. If you are compiling it yourself -# you may need to point hostapd to your version of libnl. -# -#CFLAGS += -I$<path to libnl include files> -#LIBS += -L$<path to libnl library files> - -# Use libnl v2.0 (or 3.0) libraries. -#CONFIG_LIBNL20=y - -# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) -CONFIG_LIBNL32=y - - -# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) -#CONFIG_DRIVER_BSD=y -#CFLAGS += -I/usr/local/include -#LIBS += -L/usr/local/lib -#LIBS_p += -L/usr/local/lib -#LIBS_c += -L/usr/local/lib - -# Driver interface for Windows NDIS -#CONFIG_DRIVER_NDIS=y -#CFLAGS += -I/usr/include/w32api/ddk -#LIBS += -L/usr/local/lib -# For native build using mingw -#CONFIG_NATIVE_WINDOWS=y -# Additional directories for cross-compilation on Linux host for mingw target -#CFLAGS += -I/opt/mingw/mingw32/include/ddk -#LIBS += -L/opt/mingw/mingw32/lib -#CC=mingw32-gcc -# By default, driver_ndis uses WinPcap for low-level operations. This can be -# replaced with the following option which replaces WinPcap calls with NDISUIO. -# However, this requires that WZC is disabled (net stop wzcsvc) before starting -# wpa_supplicant. -# CONFIG_USE_NDISUIO=y - -# Driver interface for development testing -#CONFIG_DRIVER_TEST=y - -# Driver interface for wired Ethernet drivers -CONFIG_DRIVER_WIRED=y - -# Driver interface for the Broadcom RoboSwitch family -#CONFIG_DRIVER_ROBOSWITCH=y - -# Driver interface for no driver (e.g., WPS ER only) -#CONFIG_DRIVER_NONE=y - -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) -CONFIG_IEEE8021X_EAPOL=y - -# EAP-MD5 -CONFIG_EAP_MD5=y - -# EAP-MSCHAPv2 -CONFIG_EAP_MSCHAPV2=y - -# EAP-TLS -CONFIG_EAP_TLS=y - -# EAL-PEAP -CONFIG_EAP_PEAP=y - -# EAP-TTLS -CONFIG_EAP_TTLS=y - -# EAP-FAST -# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed -# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., -# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. -#CONFIG_EAP_FAST=y - -# EAP-GTC -CONFIG_EAP_GTC=y - -# EAP-OTP -CONFIG_EAP_OTP=y - -# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) -#CONFIG_EAP_SIM=y - -# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) -#CONFIG_EAP_PSK=y - -# EAP-pwd (secure authentication using only a password) -#CONFIG_EAP_PWD=y - -# EAP-PAX -#CONFIG_EAP_PAX=y - -# LEAP -CONFIG_EAP_LEAP=y - -# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) -#CONFIG_EAP_AKA=y - -# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). -# This requires CONFIG_EAP_AKA to be enabled, too. -#CONFIG_EAP_AKA_PRIME=y - -# Enable USIM simulator (Milenage) for EAP-AKA -#CONFIG_USIM_SIMULATOR=y - -# EAP-SAKE -#CONFIG_EAP_SAKE=y - -# EAP-GPSK -#CONFIG_EAP_GPSK=y -# Include support for optional SHA256 cipher suite in EAP-GPSK -#CONFIG_EAP_GPSK_SHA256=y - -# EAP-TNC and related Trusted Network Connect support (experimental) -#CONFIG_EAP_TNC=y - -# Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y -# Enable WSC 2.0 support -#CONFIG_WPS2=y -# Enable WPS external registrar functionality -#CONFIG_WPS_ER=y -# Disable credentials for an open network by default when acting as a WPS -# registrar. -#CONFIG_WPS_REG_DISABLE_OPEN=y -# Enable WPS support with NFC config method -#CONFIG_WPS_NFC=y - -# EAP-IKEv2 -#CONFIG_EAP_IKEV2=y - -# EAP-EKE -#CONFIG_EAP_EKE=y - -# PKCS#12 (PFX) support (used to read private key and certificate file from -# a file that usually has extension .p12 or .pfx) -CONFIG_PKCS12=y - -# Smartcard support (i.e., private key on a smartcard), e.g., with openssl -# engine. -CONFIG_SMARTCARD=y - -# PC/SC interface for smartcards (USIM, GSM SIM) -# Enable this if EAP-SIM or EAP-AKA is included -#CONFIG_PCSC=y - -# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) -#CONFIG_HT_OVERRIDES=y - -# Support VHT overrides (disable VHT, mask MCS rates, etc.) -#CONFIG_VHT_OVERRIDES=y - -# Development testing -#CONFIG_EAPOL_TEST=y - -# Select control interface backend for external programs, e.g, wpa_cli: -# unix = UNIX domain sockets (default for Linux/*BSD) -# udp = UDP sockets using localhost (127.0.0.1) -# named_pipe = Windows Named Pipe (default for Windows) -# udp-remote = UDP sockets with remote access (only for tests systems/purpose) -# y = use default (backwards compatibility) -# If this option is commented out, control interface is not included in the -# build. -CONFIG_CTRL_IFACE=y - -# Include support for GNU Readline and History Libraries in wpa_cli. -# When building a wpa_cli binary for distribution, please note that these -# libraries are licensed under GPL and as such, BSD license may not apply for -# the resulting binary. -#CONFIG_READLINE=y - -# Include internal line edit mode in wpa_cli. This can be used as a replacement -# for GNU Readline to provide limited command line editing and history support. -#CONFIG_WPA_CLI_EDIT=y - -# Remove debugging code that is printing out debug message to stdout. -# This can be used to reduce the size of the wpa_supplicant considerably -# if debugging code is not needed. The size reduction can be around 35% -# (e.g., 90 kB). -#CONFIG_NO_STDOUT_DEBUG=y - -# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save -# 35-50 kB in code size. -#CONFIG_NO_WPA=y - -# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support -# This option can be used to reduce code size by removing support for -# converting ASCII passphrases into PSK. If this functionality is removed, the -# PSK can only be configured as the 64-octet hexstring (e.g., from -# wpa_passphrase). This saves about 0.5 kB in code size. -#CONFIG_NO_WPA_PASSPHRASE=y - -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. -# This can be used if ap_scan=1 mode is never enabled. -#CONFIG_NO_SCAN_PROCESSING=y - -# Select configuration backend: -# file = text file (e.g., wpa_supplicant.conf; note: the configuration file -# path is given on command line, not here; this option is just used to -# select the backend that allows configuration files to be used) -# winreg = Windows registry (see win_example.reg for an example) -CONFIG_BACKEND=file - -# Remove configuration write functionality (i.e., to allow the configuration -# file to be updated based on runtime configuration changes). The runtime -# configuration can still be changed, the changes are just not going to be -# persistent over restarts. This option can be used to reduce code size by -# about 3.5 kB. -#CONFIG_NO_CONFIG_WRITE=y - -# Remove support for configuration blobs to reduce code size by about 1.5 kB. -#CONFIG_NO_CONFIG_BLOBS=y - -# Select program entry point implementation: -# main = UNIX/POSIX like main() function (default) -# main_winsvc = Windows service (read parameters from registry) -# main_none = Very basic example (development use only) -#CONFIG_MAIN=main - -# Select wrapper for operatins system and C library specific functions -# unix = UNIX/POSIX like systems (default) -# win32 = Windows systems -# none = Empty template -#CONFIG_OS=unix - -# Select event loop implementation -# eloop = select() loop (default) -# eloop_win = Windows events and WaitForMultipleObject() loop -#CONFIG_ELOOP=eloop - -# Should we use poll instead of select? Select is used by default. -#CONFIG_ELOOP_POLL=y - -# Select layer 2 packet implementation -# linux = Linux packet socket (default) -# pcap = libpcap/libdnet/WinPcap -# freebsd = FreeBSD libpcap -# winpcap = WinPcap with receive thread -# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) -# none = Empty template -#CONFIG_L2_PACKET=linux - -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - -# Select TLS implementation -# openssl = OpenSSL (default) -# gnutls = GnuTLS -# internal = Internal TLSv1 implementation (experimental) -# none = Empty template -#CONFIG_TLS=openssl - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) -# can be enabled to get a stronger construction of messages when block ciphers -# are used. It should be noted that some existing TLS v1.0 -based -# implementation may not be compatible with TLS v1.1 message (ClientHello is -# sent prior to negotiating which version will be used) -#CONFIG_TLSV11=y - -# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) -# can be enabled to enable use of stronger crypto algorithms. It should be -# noted that some existing TLS v1.0 -based implementation may not be compatible -# with TLS v1.2 message (ClientHello is sent prior to negotiating which version -# will be used) -#CONFIG_TLSV12=y - -# If CONFIG_TLS=internal is used, additional library and include paths are -# needed for LibTomMath. Alternatively, an integrated, minimal version of -# LibTomMath can be used. See beginning of libtommath.c for details on benefits -# and drawbacks of this option. -#CONFIG_INTERNAL_LIBTOMMATH=y -#ifndef CONFIG_INTERNAL_LIBTOMMATH -#LTM_PATH=/usr/src/libtommath-0.39 -#CFLAGS += -I$(LTM_PATH) -#LIBS += -L$(LTM_PATH) -#LIBS_p += -L$(LTM_PATH) -#endif -# At the cost of about 4 kB of additional binary size, the internal LibTomMath -# can be configured to include faster routines for exptmod, sqr, and div to -# speed up DH and RSA calculation considerably -#CONFIG_INTERNAL_LIBTOMMATH_FAST=y - -# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. -# This is only for Windows builds and requires WMI-related header files and -# WbemUuid.Lib from Platform SDK even when building with MinGW. -#CONFIG_NDIS_EVENTS_INTEGRATED=y -#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" - -# Add support for old DBus control interface -# (fi.epitest.hostap.WPASupplicant) -#CONFIG_CTRL_IFACE_DBUS=y - -# Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# Add introspection support for new DBus control interface -#CONFIG_CTRL_IFACE_DBUS_INTRO=y - -# Add support for loading EAP methods dynamically as shared libraries. -# When this option is enabled, each EAP method can be either included -# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). -# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to -# be loaded in the beginning of the wpa_supplicant configuration file -# (see load_dynamic_eap parameter in the example file) before being used in -# the network blocks. -# -# Note that some shared parts of EAP methods are included in the main program -# and in order to be able to use dynamic EAP methods using these parts, the -# main program must have been build with the EAP method enabled (=y or =dyn). -# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries -# unless at least one of them was included in the main build to force inclusion -# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included -# in the main build to be able to load these methods dynamically. -# -# Please also note that using dynamic libraries will increase the total binary -# size. Thus, it may not be the best option for targets that have limited -# amount of memory/flash. -#CONFIG_DYNAMIC_EAP_METHODS=y - -# IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y - -# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) -#CONFIG_DEBUG_FILE=y - -# Send debug messages to syslog instead of stdout -#CONFIG_DEBUG_SYSLOG=y -# Set syslog facility for debug messages -#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON - -# Add support for sending all debug messages (regardless of debug verbosity) -# to the Linux kernel tracing facility. This helps debug the entire stack by -# making it easy to record everything happening from the driver up into the -# same file, e.g., using trace-cmd. -#CONFIG_DEBUG_LINUX_TRACING=y - -# Enable privilege separation (see README 'Privilege separation' for details) -#CONFIG_PRIVSEP=y - -# Enable mitigation against certain attacks against TKIP by delaying Michael -# MIC error reports by a random amount of time between 0 and 60 seconds -#CONFIG_DELAYED_MIC_ERROR_REPORT=y - -# Enable tracing code for developer debugging -# This tracks use of memory allocations and other registrations and reports -# incorrect use with a backtrace of call (or allocation) location. -#CONFIG_WPA_TRACE=y -# For BSD, uncomment these. -#LIBS += -lexecinfo -#LIBS_p += -lexecinfo -#LIBS_c += -lexecinfo - -# Use libbfd to get more details for developer debugging -# This enables use of libbfd to get more detailed symbols for the backtraces -# generated by CONFIG_WPA_TRACE=y. -#CONFIG_WPA_TRACE_BFD=y -# For BSD, uncomment these. -#LIBS += -lbfd -liberty -lz -#LIBS_p += -lbfd -liberty -lz -#LIBS_c += -lbfd -liberty -lz - -CONFIG_TLS = %ssl% -CONFIG_CTRL_IFACE_DBUS=y -CONFIG_CTRL_IFACE_DBUS_NEW=y - -# wpa_supplicant depends on strong random number generation being available -# from the operating system. os_get_random() function is used to fetch random -# data when needed, e.g., for key generation. On Linux and BSD systems, this -# works by reading /dev/urandom. It should be noted that the OS entropy pool -# needs to be properly initialized before wpa_supplicant is started. This is -# important especially on embedded devices that do not have a hardware random -# number generator and may by default start up with minimal entropy available -# for random number generation. -# -# As a safety net, wpa_supplicant is by default trying to internally collect -# additional entropy for generating random data to mix in with the data fetched -# from the OS. This by itself is not considered to be very strong, but it may -# help in cases where the system pool is not initialized properly. However, it -# is very strongly recommended that the system pool is initialized with enough -# entropy either by using hardware assisted random number generator or by -# storing state over device reboots. -# -# wpa_supplicant can be configured to maintain its own entropy store over -# restarts to enhance random number generation. This is not perfect, but it is -# much more secure than using the same sequence of random numbers after every -# reboot. This can be enabled with -e<entropy file> command line option. The -# specified file needs to be readable and writable by wpa_supplicant. -# -# If the os_get_random() is known to provide strong random data (e.g., on -# Linux/BSD, the board in question is known to have reliable source of random -# data from /dev/urandom), the internal wpa_supplicant random pool can be -# disabled. This will save some in binary size and CPU use. However, this -# should only be considered for builds that are known to be used on devices -# that meet the requirements described above. -#CONFIG_NO_RANDOM_POOL=y - -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - -# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) -#CONFIG_IEEE80211AC=y - -# Wireless Network Management (IEEE Std 802.11v-2011) -# Note: This is experimental and not complete implementation. -#CONFIG_WNM=y - -# Interworking (IEEE 802.11u) -# This can be used to enable functionality to improve interworking with -# external networks (GAS/ANQP to learn more about the networks and network -# selection based on available credentials). -#CONFIG_INTERWORKING=y - -# Hotspot 2.0 -#CONFIG_HS20=y - -# Disable roaming in wpa_supplicant -#CONFIG_NO_ROAMING=y - -# AP mode operations with wpa_supplicant -# This can be used for controlling AP mode operations with wpa_supplicant. It -# should be noted that this is mainly aimed at simple cases like -# WPA2-Personal while more complex configurations like WPA2-Enterprise with an -# external RADIUS server can be supported with hostapd. -CONFIG_AP=y - -CONFIG_BGSCAN_SIMPLE=y - -# P2P (Wi-Fi Direct) -# This can be used to enable P2P support in wpa_supplicant. See README-P2P for -# more information on P2P operations. -#CONFIG_P2P=y - -# Enable TDLS support -#CONFIG_TDLS=y - -# Wi-Fi Direct -# This can be used to enable Wi-Fi Direct extensions for P2P using an external -# program to control the additional information exchanges in the messages. -#CONFIG_WIFI_DISPLAY=y - -# Autoscan -# This can be used to enable automatic scan support in wpa_supplicant. -# See wpa_supplicant.conf for more information on autoscan usage. -# -# Enabling directly a module will enable autoscan support. -# For exponential module: -CONFIG_AUTOSCAN_EXPONENTIAL=y -# For periodic module: -#CONFIG_AUTOSCAN_PERIODIC=y - -# Password (and passphrase, etc.) backend for external storage -# These optional mechanisms can be used to add support for storing passwords -# and other secrets in external (to wpa_supplicant) location. This allows, for -# example, operating system specific key storage to be used -# -# External password backend for testing purposes (developer use) -#CONFIG_EXT_PASSWORD_TEST=y diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch deleted file mode 100644 index 436520fe64..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch +++ /dev/null @@ -1,1025 +0,0 @@ -The WPA2 four-way handshake protocol is vulnerable to replay attacks which can -result in unauthenticated clients gaining access to the network. - -Backport a number of patches from upstream to fix this. - -CVE: CVE-2017-13077 -CVE: CVE-2017-13078 -CVE: CVE-2017-13079 -CVE: CVE-2017-13080 -CVE: CVE-2017-13081 -CVE: CVE-2017-13082 -CVE: CVE-2017-13086 -CVE: CVE-2017-13087 -CVE: CVE-2017-13088 - -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/ap/ieee802_11.c | 16 +++++++++++++--- - src/ap/wpa_auth.c | 11 +++++++++++ - src/ap/wpa_auth.h | 3 ++- - src/ap/wpa_auth_ft.c | 10 ++++++++++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* - * Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, - * FT-over-the-DS, where a station re-associates back to the same AP but - * skips the authentication flow, or if working with a driver that - * does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. - */ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+ set = 0; -+ } - - #ifdef CONFIG_IEEE80211N - if (sta->flags & WLAN_STA_HT) -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, - sta->vht_opmode, sta->p2p_ie ? 1 : 0, -- sta->added_unassoc)) { -+ set)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, - "Could not %s STA to kernel driver", -- sta->added_unassoc ? "set" : "add"); -+ set ? "set" : "add"); - - if (sta->added_unassoc) { - hostapd_drv_sta_remove(hapd, sta->addr); -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 3587086..707971d 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) - #else /* CONFIG_IEEE80211R */ - break; - #endif /* CONFIG_IEEE80211R */ -+ case WPA_DRV_STA_REMOVED: -+ sm->tk_already_set = FALSE; -+ return 0; - } - - #ifdef CONFIG_IEEE80211R -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) - } - - -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) -+{ -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) -+ return 0; -+ return sm->tk_already_set; -+} -+ -+ - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry) - { -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h -index 0de8d97..97461b0 100644 ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, - u8 *data, size_t data_len); - enum wpa_event { - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED - }; - void wpa_remove_ptk(struct wpa_state_machine *sm); - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry); - struct rsn_pmksa_cache_entry * -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c -index 42242a5..e63b99a 100644 ---- a/src/ap/wpa_auth_ft.c -+++ b/src/ap/wpa_auth_ft.c -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - return; - } - -+ if (sm->tk_already_set) { -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX -+ * PN in the driver */ -+ wpa_printf(MSG_DEBUG, -+ "FT: Do not re-install same PTK to the driver"); -+ return; -+ } -+ - /* FIX: add STA entry to kernel/driver here? The set_key will fail - * most likely without this.. At the moment, STA entry is added only - * after association has been completed. This function will be called -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ - sm->pairwise_set = TRUE; -+ sm->tk_already_set = TRUE; - } - - -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, - - sm->pairwise = pairwise; - sm->PTK_valid = TRUE; -+ sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); - - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h -index 72b7eb3..7fd8f05 100644 ---- a/src/ap/wpa_auth_i.h -+++ b/src/ap/wpa_auth_i.h -@@ -65,6 +65,7 @@ struct wpa_state_machine { - struct wpa_ptk PTK; - Boolean PTK_valid; - Boolean pairwise_set; -+ Boolean tk_already_set; - int keycount; - Boolean Pair; - struct wpa_key_replay_counter { --- -2.7.4 - -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Wed, 12 Jul 2017 16:03:24 +0200 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key - -Track the current GTK and IGTK that is in use and when receiving a -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do -not install the given key if it is already in use. This prevents an -attacker from trying to trick the client into resetting or lowering the -sequence counter associated to the group key. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 11 +++++ - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ - src/rsn_supp/wpa_i.h | 4 ++ - 3 files changed, 87 insertions(+), 44 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index af1d0f0..d200285 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -217,6 +217,17 @@ struct wpa_ptk { - size_t tk_len; - }; - -+struct wpa_gtk { -+ u8 gtk[WPA_GTK_MAX_LEN]; -+ size_t gtk_len; -+}; -+ -+#ifdef CONFIG_IEEE80211W -+struct wpa_igtk { -+ u8 igtk[WPA_IGTK_MAX_LEN]; -+ size_t igtk_len; -+}; -+#endif /* CONFIG_IEEE80211W */ - - /* WPA IE version 1 - * 00-50-f2:1 (OUI:OUI type) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 3c47879..95bd7be 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - -+ /* Detect possible key reinstallation */ -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", -+ gd->keyidx, gd->tx, gd->gtk_len); -+ return 0; -+ } -+ - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ - return 0; - } - -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - } - - -+#ifdef CONFIG_IEEE80211W -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -+ const struct wpa_igtk_kde *igtk) -+{ -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); -+ -+ /* Detect possible key reinstallation */ -+ if (sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", -+ keyidx); -+ return 0; -+ } -+ -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", -+ keyidx, MAC2STR(igtk->pn)); -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); -+ if (keyidx > 4095) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Invalid IGTK KeyID %d", keyidx); -+ return -1; -+ } -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -+ broadcast_ether_addr, -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), -+ igtk->igtk, len) < 0) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Failed to configure IGTK to the driver"); -+ return -1; -+ } -+ -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ -+ return 0; -+} -+#endif /* CONFIG_IEEE80211W */ -+ -+ - static int ieee80211w_set_keys(struct wpa_sm *sm, - struct wpa_eapol_ie_parse *ie) - { -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - if (ie->igtk) { - size_t len; - const struct wpa_igtk_kde *igtk; -- u16 keyidx; -+ - len = wpa_cipher_key_len(sm->mgmt_group_cipher); - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) - return -1; -+ - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- keyidx = WPA_GET_LE16(igtk->keyid); -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " -- "pn %02x%02x%02x%02x%02x%02x", -- keyidx, MAC2STR(igtk->pn)); -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", -- igtk->igtk, len); -- if (keyidx > 4095) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Invalid IGTK KeyID %d", keyidx); -- return -1; -- } -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igtk->pn, sizeof(igtk->pn), -- igtk->igtk, len) < 0) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Failed to configure IGTK to the driver"); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } - } - - return 0; -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) - */ - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - { -- int clear_ptk = 1; -+ int clear_keys = 1; - - if (sm == NULL) - return; -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - /* Prepare for the next transition */ - wpa_ft_prepare_auth_request(sm, NULL); - -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_IEEE80211R */ - -- if (clear_ptk) { -+ if (clear_keys) { - /* - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if - * this is not part of a Fast BSS Transition. -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - } - - #ifdef CONFIG_TDLS -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(sm->pmk, 0, sizeof(sm->pmk)); - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - os_memset(&gd, 0, sizeof(gd)); - #ifdef CONFIG_IEEE80211W - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { -- struct wpa_igtk_kde igd; -- u16 keyidx; -- -- os_memset(&igd, 0, sizeof(igd)); -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); -- os_memcpy(igd.keyid, buf + 2, 2); -- os_memcpy(igd.pn, buf + 4, 6); -- -- keyidx = WPA_GET_LE16(igd.keyid); -- os_memcpy(igd.igtk, buf + 10, keylen); -- -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", -- igd.igtk, keylen); -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igd.pn, sizeof(igd.pn), -- igd.igtk, keylen) < 0) { -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " -- "WNM mode"); -- os_memset(&igd, 0, sizeof(igd)); -+ const struct wpa_igtk_kde *igtk; -+ -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- os_memset(&igd, 0, sizeof(igd)); - #endif /* CONFIG_IEEE80211W */ - } else { - wpa_printf(MSG_DEBUG, "Unknown element id"); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index f653ba6..afc9e37 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -31,6 +31,10 @@ struct wpa_sm { - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; -+ struct wpa_gtk gtk; -+#ifdef CONFIG_IEEE80211W -+ struct wpa_igtk igtk; -+#endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ - --- -2.7.4 - -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:12:24 +0300 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep - Mode cases - -This extends the protection to track last configured GTK/IGTK value -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a -corner case where these two different mechanisms may get used when the -GTK/IGTK has changed and tracking a single value is not sufficient to -detect a possible key reconfiguration. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- - src/rsn_supp/wpa_i.h | 2 ++ - 2 files changed, 40 insertions(+), 15 deletions(-) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 95bd7be..7a2c68d 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -709,14 +709,17 @@ struct wpa_gtk_data { - - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const struct wpa_gtk_data *gd, -- const u8 *key_rsc) -+ const u8 *key_rsc, int wnm_sleep) - { - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - - /* Detect possible key reinstallation */ -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", - gd->keyidx, gd->tx, gd->gtk_len); -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -- sm->gtk.gtk_len = gd->gtk_len; -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ if (wnm_sleep) { -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len); -+ } else { -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ } - - return 0; - } -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, gtk_len, - &gd.key_rsc_len, &gd.alg) || -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "RSN: Failed to install GTK"); - os_memset(&gd, 0, sizeof(gd)); -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - - #ifdef CONFIG_IEEE80211W - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -- const struct wpa_igtk_kde *igtk) -+ const struct wpa_igtk_kde *igtk, -+ int wnm_sleep) - { - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); - u16 keyidx = WPA_GET_LE16(igtk->keyid); - - /* Detect possible key reinstallation */ -- if (sm->igtk.igtk_len == len && -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ if ((sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || -+ (sm->igtk_wnm_sleep.igtk_len == len && -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", - keyidx); -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, - return -1; - } - -- sm->igtk.igtk_len = len; -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ if (wnm_sleep) { -+ sm->igtk_wnm_sleep.igtk_len = len; -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len); -+ } else { -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ } - - return 0; - } -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - return -1; - - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) - return -1; - } - -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) - key_rsc = null_rsc; - -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) - goto failed; - os_memset(&gd, 0, sizeof(gd)); -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - } - -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", - gd.gtk, gd.gtk_len); -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { - os_memset(&gd, 0, sizeof(gd)); - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " - "WNM mode"); -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - const struct wpa_igtk_kde *igtk; - - igtk = (const struct wpa_igtk_kde *) (buf + 2); -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) - return -1; - #endif /* CONFIG_IEEE80211W */ - } else { -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index afc9e37..9a54631 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -32,8 +32,10 @@ struct wpa_sm { - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; - struct wpa_gtk gtk; -+ struct wpa_gtk gtk_wnm_sleep; - #ifdef CONFIG_IEEE80211W - struct wpa_igtk igtk; -+ struct wpa_igtk igtk_wnm_sleep; - #endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ --- -2.7.4 - -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 1 + - src/rsn_supp/wpa.c | 5 ++--- - src/rsn_supp/wpa_i.h | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index d200285..1021ccb 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -215,6 +215,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 7a2c68d..0550a41 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 9a54631..41f371f 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; --- -2.7.4 - -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:32:57 +0300 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce - -The Authenticator state machine path for PTK rekeying ended up bypassing -the AUTHENTICATION2 state where a new ANonce is generated when going -directly to the PTKSTART state since there is no need to try to -determine the PMK again in such a case. This is far from ideal since the -new PTK would depend on a new nonce only from the supplicant. - -Fix this by generating a new ANonce when moving to the PTKSTART state -for the purpose of starting new 4-way handshake to rekey PTK. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 707971d..bf10cc1 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) - } - - -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) -+{ -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { -+ wpa_printf(MSG_ERROR, -+ "WPA: Failed to get random data for ANonce"); -+ sm->Disconnect = TRUE; -+ return -1; -+ } -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, -+ WPA_NONCE_LEN); -+ sm->TimeoutCtr = 0; -+ return 0; -+} -+ -+ - SM_STATE(WPA_PTK, INITPMK) - { - u8 msk[2 * PMK_LEN]; -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) - SM_ENTER(WPA_PTK, AUTHENTICATION); - else if (sm->ReAuthenticationRequest) - SM_ENTER(WPA_PTK, AUTHENTICATION2); -- else if (sm->PTKRequest) -- SM_ENTER(WPA_PTK, PTKSTART); -- else switch (sm->wpa_ptk_state) { -+ else if (sm->PTKRequest) { -+ if (wpa_auth_sm_ptk_update(sm) < 0) -+ SM_ENTER(WPA_PTK, DISCONNECTED); -+ else -+ SM_ENTER(WPA_PTK, PTKSTART); -+ } else switch (sm->wpa_ptk_state) { - case WPA_PTK_INITIALIZE: - break; - case WPA_PTK_DISCONNECT: --- -2.7.4 - -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:03:15 +0300 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration - -Do not try to reconfigure the same TPK-TK to the driver after it has -been successfully configured. This is an explicit check to avoid issues -related to resetting the TX/RX packet number. There was already a check -for this for TPK M2 (retries of that message are ignored completely), so -that behavior does not get modified. - -For TPK M3, the TPK-TK could have been reconfigured, but that was -followed by immediate teardown of the link due to an issue in updating -the STA entry. Furthermore, for TDLS with any real security (i.e., -ignoring open/WEP), the TPK message exchange is protected on the AP path -and simple replay attacks are not feasible. - -As an additional corner case, make sure the local nonce gets updated if -the peer uses a very unlikely "random nonce" of all zeros. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- - 1 file changed, 36 insertions(+), 2 deletions(-) - -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c -index e424168..9eb9738 100644 ---- a/src/rsn_supp/tdls.c -+++ b/src/rsn_supp/tdls.c -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ - } tpk; - int tpk_set; -+ int tk_set; /* TPK-TK configured to the driver */ - int tpk_success; - int tpk_in_progress; - -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - u8 rsc[6]; - enum wpa_alg alg; - -+ if (peer->tk_set) { -+ /* -+ * This same TPK-TK has already been configured to the driver -+ * and this new configuration attempt (likely due to an -+ * unexpected retransmitted frame) would result in clearing -+ * the TX/RX sequence number which can break security, so must -+ * not allow that to happen. -+ */ -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR -+ " has already been configured to the driver - do not reconfigure", -+ MAC2STR(peer->addr)); -+ return -1; -+ } -+ - os_memset(rsc, 0, 6); - - switch (peer->cipher) { -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - return -1; - } - -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, -+ MAC2STR(peer->addr)); - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " - "driver"); - return -1; - } -+ peer->tk_set = 1; - return 0; - } - -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - peer->cipher = 0; - peer->qos_info = 0; - peer->wmm_capable = 0; -- peer->tpk_set = peer->tpk_success = 0; -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; - peer->chan_switch_enabled = 0; - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); - os_memset(peer->inonce, 0, WPA_NONCE_LEN); -@@ -1159,6 +1177,7 @@ skip_rsnie: - wpa_tdls_peer_free(sm, peer); - return -1; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", - peer->inonce, WPA_NONCE_LEN); - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, - } - - -+static int tdls_nonce_set(const u8 *nonce) -+{ -+ int i; -+ -+ for (i = 0; i < WPA_NONCE_LEN; i++) { -+ if (nonce[i]) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, - const u8 *buf, size_t len) - { -@@ -2004,7 +2036,8 @@ skip_rsn: - peer->rsnie_i_len = kde.rsn_ie_len; - peer->cipher = cipher; - -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || -+ !tdls_nonce_set(peer->inonce)) { - /* - * There is no point in updating the RNonce for every obtained - * TPK M1 frame (e.g., retransmission due to timeout) with the -@@ -2020,6 +2053,7 @@ skip_rsn: - "TDLS: Failed to get random data for responder nonce"); - goto error; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - } - - #if 0 --- -2.7.4 - -From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:25:02 +0300 -Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending - request - -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep -Mode Response if WNM-Sleep Mode has not been used') started ignoring the -response when no WNM-Sleep Mode Request had been used during the -association. This can be made tighter by clearing the used flag when -successfully processing a response. This adds an additional layer of -protection against unexpected retransmissions of the response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - wpa_supplicant/wnm_sta.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c -index 1b3409c..67a07ff 100644 ---- a/wpa_supplicant/wnm_sta.c -+++ b/wpa_supplicant/wnm_sta.c -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, - - if (!wpa_s->wnmsleep_used) { - wpa_printf(MSG_DEBUG, -- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); -+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); - return; - } - -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, - return; - } - -+ wpa_s->wnmsleep_used = 0; -+ - if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || - wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { - wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " --- -2.7.4 - -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 12:06:37 +0300 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames - -The driver is expected to not report a second association event without -the station having explicitly request a new association. As such, this -case should not be reachable. However, since reconfiguring the same -pairwise or group keys to the driver could result in nonce reuse issues, -be extra careful here and do an additional state check to avoid this -even if the local driver ends up somehow accepting an unexpected -Reassociation Response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 3 +++ - src/rsn_supp/wpa_ft.c | 8 ++++++++ - src/rsn_supp/wpa_i.h | 1 + - 3 files changed, 12 insertions(+) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 0550a41..2a53c6f 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) - #ifdef CONFIG_TDLS - wpa_tdls_disassoc(sm); - #endif /* CONFIG_TDLS */ -+#ifdef CONFIG_IEEE80211R -+ sm->ft_reassoc_completed = 0; -+#endif /* CONFIG_IEEE80211R */ - - /* Keys are not needed in the WPA state machine anymore */ - wpa_sm_drop_sa(sm); -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c -index 205793e..d45bb45 100644 ---- a/src/rsn_supp/wpa_ft.c -+++ b/src/rsn_supp/wpa_ft.c -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, - u16 capab; - - sm->ft_completed = 0; -+ sm->ft_reassoc_completed = 0; - - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + - 2 + sm->r0kh_id_len + ric_ies_len + 100; -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ if (sm->ft_reassoc_completed) { -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); -+ return 0; -+ } -+ - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); - return -1; -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ sm->ft_reassoc_completed = 1; -+ - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) - return -1; - -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 41f371f..56f88dc 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -128,6 +128,7 @@ struct wpa_sm { - size_t r0kh_id_len; - u8 r1kh_id[FT_R1KH_ID_LEN]; - int ft_completed; -+ int ft_reassoc_completed; - int over_the_ds_in_progress; - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ - int set_ptk_after_assoc; --- -2.7.4 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb new file mode 100644 index 0000000000..22028ce957 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb @@ -0,0 +1,138 @@ +SUMMARY = "Client for Wi-Fi Protected Access (WPA)" +DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." +HOMEPAGE = "http://w1.fi/wpa_supplicant/" +BUGTRACKER = "http://w1.fi/security/" +SECTION = "network" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ + file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \ + file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705" + +DEPENDS = "dbus libnl" + +SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ + file://wpa-supplicant.sh \ + file://wpa_supplicant.conf \ + file://wpa_supplicant.conf-sane \ + file://99_wpa_supplicant \ + file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \ + file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \ + file://0001-Install-wpa_passphrase-when-not-disabled.patch \ + file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \ + " +SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" + +S = "${WORKDIR}/wpa_supplicant-${PV}" + +inherit pkgconfig systemd + +PACKAGECONFIG ?= "openssl" +PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" +PACKAGECONFIG[openssl] = ",,openssl" + +CVE_PRODUCT = "wpa_supplicant" + +EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'" + +do_configure () { + ${MAKE} -C wpa_supplicant clean + sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config + + if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then + echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config + elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then + echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config + sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ + -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ + -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config + fi + + # For rebuild + rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d +} + +do_compile () { + oe_runmake -C wpa_supplicant + if [ -z "${DISABLE_STATIC}" ]; then + oe_runmake -C wpa_supplicant libwpa_client.a + fi +} + +do_install () { + oe_runmake -C wpa_supplicant DESTDIR="${D}" install + + install -d ${D}${docdir}/wpa_supplicant + install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant + + install -d ${D}${sysconfdir} + install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf + + install -d ${D}${sysconfdir}/network/if-pre-up.d/ + install -d ${D}${sysconfdir}/network/if-post-down.d/ + install -d ${D}${sysconfdir}/network/if-down.d/ + install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant + ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant + + install -d ${D}/${sysconfdir}/dbus-1/system.d + install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d + install -d ${D}/${datadir}/dbus-1/system-services + install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} + fi + + install -d ${D}/etc/default/volatiles + install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles + + install -d ${D}${includedir} + install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} + + if [ -z "${DISABLE_STATIC}" ]; then + install -d ${D}${libdir} + install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir} + fi +} + +pkg_postinst:${PN} () { + # If we're offline, we don't need to do this. + if [ "x$D" = "x" ]; then + killall -q -HUP dbus-daemon || true + fi +} + +PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli" +PACKAGES =+ "${PN}-lib" +PACKAGES += "${PN}-plugins" +ALLOW_EMPTY:${PN}-plugins = "1" + +PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" +NOAUTOPACKAGEDEBUG = "1" + +FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase" +FILES:${PN}-cli = "${sbindir}/wpa_cli" +FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}" +FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" +FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug" + +CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" + +RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins" + +SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" +SYSTEMD_AUTO_ENABLE = "disable" + +python split_wpa_supplicant_libs () { + libdir = d.expand('${libdir}/wpa_supplicant') + dbglibdir = os.path.join(libdir, '.debug') + + split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True) + split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + + if split_packages: + pn = d.getVar('PN') + d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) + d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) +} +PACKAGESPLITFUNCS += "split_wpa_supplicant_libs" diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb deleted file mode 100644 index d6d4206a58..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb +++ /dev/null @@ -1,111 +0,0 @@ -SUMMARY = "Client for Wi-Fi Protected Access (WPA)" -HOMEPAGE = "http://w1.fi/wpa_supplicant/" -BUGTRACKER = "http://w1.fi/security/" -SECTION = "network" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \ - file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \ - file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba" -DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" -PACKAGECONFIG[openssl] = ",,openssl" - -inherit pkgconfig systemd - -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service" -SYSTEMD_AUTO_ENABLE = "disable" - -SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ - file://defconfig \ - file://wpa-supplicant.sh \ - file://wpa_supplicant.conf \ - file://wpa_supplicant.conf-sane \ - file://99_wpa_supplicant \ - file://key-replay-cve-multiple.patch \ - " -SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c" -SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450" - -CVE_PRODUCT = "wpa_supplicant" - -S = "${WORKDIR}/wpa_supplicant-${PV}" - -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" - -do_configure () { - ${MAKE} -C wpa_supplicant clean - install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config - echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config - echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config - - if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then - ssl=openssl - elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then - ssl=gnutls - fi - if [ -n "$ssl" ]; then - sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config - fi - - # For rebuild - rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d -} - -export EXTRA_CFLAGS = "${CFLAGS}" -export BINDIR = "${sbindir}" - -do_compile () { - unset CFLAGS CPPFLAGS CXXFLAGS - sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules - oe_runmake -C wpa_supplicant -} - -do_install () { - install -d ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} - install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} - - install -d ${D}${bindir} - install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} - - install -d ${D}${docdir}/wpa_supplicant - install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant - - install -d ${D}${sysconfdir} - install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf - - install -d ${D}${sysconfdir}/network/if-pre-up.d/ - install -d ${D}${sysconfdir}/network/if-post-down.d/ - install -d ${D}${sysconfdir}/network/if-down.d/ - install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant - cd ${D}${sysconfdir}/network/ && \ - ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant - - install -d ${D}/${sysconfdir}/dbus-1/system.d - install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d - install -d ${D}/${datadir}/dbus-1/system-services - install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system - fi - - install -d ${D}/etc/default/volatiles - install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles -} - -pkg_postinst_wpa-supplicant () { - # If we're offline, we don't need to do this. - if [ "x$D" = "x" ]; then - killall -q -HUP dbus-daemon || true - fi - -} |