diff options
37 files changed, 1291 insertions, 152 deletions
diff --git a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc index 73c1d0db69..ee10504023 100644 --- a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc +++ b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc @@ -4,7 +4,7 @@ SECTION = "libs/multimedia" LICENSE = "LGPL-2.1" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594" -SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.1.x" +SRC_URI = "git://github.com/FluidSynth/fluidsynth.git" SRCREV = "6776569abe9a885bcec14141692fa93c0568d51c" S = "${WORKDIR}/git" PV = "2.1.5" diff --git a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb index b4f09cdf54..75d0a4a009 100644 --- a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb +++ b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb @@ -53,7 +53,7 @@ RDEPENDS_packagegroup-meta-multimedia = "\ bigbuckbunny-720p \ tearsofsteel-1080p \ schroedinger \ - projucer \ + ${@bb.utils.contains("DISTRO_FEATURES", "x11", "projucer", "", d)} \ libcamera \ ${@bb.utils.contains("LICENSE_FLAGS_WHITELIST", "commercial", "libde265 openh264", "", d)} \ vorbis-tools \ diff --git a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index 08dd532b62..c05d0fd6c6 100644 --- a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -5,7 +5,7 @@ DEPENDS = "ncurses" LICENSE = "BSD-4-Clause" LIC_FILES_CHKSUM = "file://telnet/telnet.cc;beginline=2;endline=3;md5=780868e7b566313e70cb701560ca95ef" -SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/netkit-telnet_${PV}.orig.tar.gz \ file://To-aviod-buffer-overflow-in-telnet.patch \ file://Warning-fix-in-the-step-of-install.patch \ file://telnet-xinetd \ diff --git a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb index 086b408692..d00c8bbfd9 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1096.40.7.bb @@ -27,6 +27,19 @@ SRC_URI[sha256sum] = "b86f4816b4145915198e7c5bf0bc56dbbfd960e9a4518bb6486baa40cd CVE_PRODUCT = "apple:mdnsresponder" +# CVE-2007-0613 is not applicable as it only affects Apple products +# i.e. ichat,mdnsresponder, instant message framework and MacOS. +# Also, https://www.exploit-db.com/exploits/3230 shows the part of code +# affected by CVE-2007-0613 which is not preset in upstream source code. +# Hence, CVE-2007-0613 does not affect other Yocto implementations and +# is not reported for other distros can be marked whitelisted. +# Links: +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +# https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 +# https://security-tracker.debian.org/tracker/CVE-2007-0613 +# https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 +CVE_CHECK_WHITELIST += "CVE-2007-0613" + PARALLEL_MAKE = "" S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc index 6df72427b1..3b7a425bba 100644 --- a/meta-networking/recipes-protocols/quagga/quagga.inc +++ b/meta-networking/recipes-protocols/quagga/quagga.inc @@ -20,7 +20,7 @@ SNMP_CONF="${@bb.utils.contains('DISTRO_FEATURES', 'snmp', '--enable-snmp', '', # the "ip" command from busybox is not sufficient (flush by protocol flushes all routes) RDEPENDS_${PN} += "iproute2" -SRC_URI = "${SAVANNAH_GNU_MIRROR}/quagga/quagga-${PV}.tar.gz; \ +SRC_URI = "https://github.com/Quagga/quagga/releases/download/quagga-${PV}/quagga-${PV}.tar.gz \ file://quagga.init \ file://quagga.default \ file://watchquagga.init \ diff --git a/meta-networking/recipes-support/bridge-utils/bridge-utils_1.6.bb b/meta-networking/recipes-support/bridge-utils/bridge-utils_1.6.bb index 1c87c48bfa..4b195ededa 100644 --- a/meta-networking/recipes-support/bridge-utils/bridge-utils_1.6.bb +++ b/meta-networking/recipes-support/bridge-utils/bridge-utils_1.6.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f9d20a453221a1b7e32ae84694da2c37" SRCREV = "42c1aefc303fdf891fbb099ea51f00dca83ab606" SRC_URI = "\ - git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git \ + git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git;branch=main \ file://kernel-headers.patch \ file://0005-build-don-t-ignore-CFLAGS-from-environment.patch \ file://0006-libbridge-Modifying-the-AR-to-cross-toolchain.patch \ diff --git a/meta-networking/recipes-support/geoip/geoip-perl_1.51.bb b/meta-networking/recipes-support/geoip/geoip-perl_1.51.bb index ed5c3a9799..944c005763 100644 --- a/meta-networking/recipes-support/geoip/geoip-perl_1.51.bb +++ b/meta-networking/recipes-support/geoip/geoip-perl_1.51.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e4f3ea6e9b28af88dc0321190a1f8250" S = "${WORKDIR}/git" SRCREV = "4cdfdc38eca237c19c22a8b90490446ce6d970fa" -SRC_URI = "git://github.com/maxmind/geoip-api-perl.git;protocol=https; \ +SRC_URI = "git://github.com/maxmind/geoip-api-perl.git;branch=main \ file://run-ptest \ " diff --git a/meta-networking/recipes-support/geoip/geoip_1.6.12.bb b/meta-networking/recipes-support/geoip/geoip_1.6.12.bb index 4271c2e155..143100e48e 100644 --- a/meta-networking/recipes-support/geoip/geoip_1.6.12.bb +++ b/meta-networking/recipes-support/geoip/geoip_1.6.12.bb @@ -10,7 +10,7 @@ SECTION = "libdevel" GEOIP_DATABASE_VERSION = "20181205" -SRC_URI = "git://github.com/maxmind/geoip-api-c.git \ +SRC_URI = "git://github.com/maxmind/geoip-api-c.git;branch=main \ http://sources.openembedded.org/GeoIP.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoIP-dat; \ http://sources.openembedded.org/GeoIPv6.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoIPv6-dat; \ http://sources.openembedded.org/GeoLiteCity.dat.${GEOIP_DATABASE_VERSION}.gz;apply=no;name=GeoLiteCity-dat; \ diff --git a/meta-oe/README b/meta-oe/README index 65eea2b320..cdf390c801 100644 --- a/meta-oe/README +++ b/meta-oe/README @@ -14,6 +14,9 @@ e.g. on archlinux based distributions install prerequisites like below pacman -S lib32-gcc-libs lib32-glibc +Ubuntu +sudo apt-get install gcc-multilib + Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe][gatesgarth]' in the subject' When sending single patches, please use something like: diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch new file mode 100644 index 0000000000..9214615d12 --- /dev/null +++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2019-5061.patch @@ -0,0 +1,854 @@ +From 018edec9b2bd3db20605117c32ff79c1e625c432 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Wed, 11 Sep 2019 12:34:28 +0300 +Subject: [PATCH] Remove IAPP functionality from hostapd + +IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been +maintained nor is there any expectation of the withdrawn trial-use +recommended practice to be maintained in the future. Furthermore, +implementation of IAPP in hostapd was not complete, i.e., only parts of +the recommended practice were included. The main item of some real use +long time ago was the Layer 2 Update frame to update bridges when a STA +roams within an ESS, but that functionality has, in practice, been moved +to kernel drivers to provide better integration with the networking +stack. + +CVE: CVE-2019-5061 + +Upstream-Status: Backport + +Signed-off-by: Jouni Malinen <j@w1.fi> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + hostapd/Android.mk | 5 - + hostapd/Makefile | 5 - + hostapd/android.config | 3 - + hostapd/config_file.c | 3 +- + hostapd/defconfig | 3 - + hostapd/hostapd.conf | 6 - + hostapd/main.c | 3 - + src/ap/Makefile | 2 - + src/ap/ap_config.h | 4 - + src/ap/hostapd.c | 14 - + src/ap/hostapd.h | 2 - + src/ap/iapp.c | 542 ---------------------- + src/ap/iapp.h | 39 -- + src/utils/wpa_debug.h | 1 - + 14 files changed, 1 insertion(+), 633 deletions(-) + delete mode 100644 src/ap/iapp.c + delete mode 100644 src/ap/iapp.h + +diff --git a/hostapd/Android.mk b/hostapd/Android.mk +index 3183323ef..a87ac8144 100644 +--- a/hostapd/Android.mk ++++ b/hostapd/Android.mk +@@ -205,11 +205,6 @@ endif + + L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX + +-ifdef CONFIG_IAPP +-L_CFLAGS += -DCONFIG_IAPP +-OBJS += src/ap/iapp.c +-endif +- + ifdef CONFIG_RSN_PREAUTH + L_CFLAGS += -DCONFIG_RSN_PREAUTH + CONFIG_L2_PACKET=y +diff --git a/hostapd/Makefile b/hostapd/Makefile +index f7f4c785b..42bb9e4c8 100644 +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -248,11 +248,6 @@ ifndef CONFIG_NO_CTRL_IFACE + CFLAGS += -DCONFIG_CTRL_IFACE + endif + +-ifdef CONFIG_IAPP +-CFLAGS += -DCONFIG_IAPP +-OBJS += ../src/ap/iapp.o +-endif +- + ifdef CONFIG_RSN_PREAUTH + CFLAGS += -DCONFIG_RSN_PREAUTH + CONFIG_L2_PACKET=y +diff --git a/hostapd/android.config b/hostapd/android.config +index efe252332..e2e6c7821 100644 +--- a/hostapd/android.config ++++ b/hostapd/android.config +@@ -38,9 +38,6 @@ CONFIG_DRIVER_NL80211_QCA=y + # Driver interface for no driver (e.g., RADIUS server only) + #CONFIG_DRIVER_NONE=y + +-# IEEE 802.11F/IAPP +-#CONFIG_IAPP=y +- + # WPA2/IEEE 802.11i RSN pre-authentication + #CONFIG_RSN_PREAUTH=y + +diff --git a/hostapd/config_file.c b/hostapd/config_file.c +index 680f17ee0..0d340d252 100644 +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -2712,8 +2712,7 @@ static int hostapd_config_fill(struct hostapd_config *conf, + bss->eapol_key_index_workaround = atoi(pos); + #ifdef CONFIG_IAPP + } else if (os_strcmp(buf, "iapp_interface") == 0) { +- bss->ieee802_11f = 1; +- os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface)); ++ wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used"); + #endif /* CONFIG_IAPP */ + } else if (os_strcmp(buf, "own_ip_addr") == 0) { + if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) { +diff --git a/hostapd/defconfig b/hostapd/defconfig +index b1fb56c3b..1a3d9f9ba 100644 +--- a/hostapd/defconfig ++++ b/hostapd/defconfig +@@ -44,9 +44,6 @@ CONFIG_LIBNL32=y + # Driver interface for no driver (e.g., RADIUS server only) + #CONFIG_DRIVER_NONE=y + +-# IEEE 802.11F/IAPP +-CONFIG_IAPP=y +- + # WPA2/IEEE 802.11i RSN pre-authentication + CONFIG_RSN_PREAUTH=y + +diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf +index 6c96a760a..a3c698480 100644 +--- a/hostapd/hostapd.conf ++++ b/hostapd/hostapd.conf +@@ -41,7 +41,6 @@ interface=wlan0 + # bit 2 (4) = RADIUS + # bit 3 (8) = WPA + # bit 4 (16) = driver interface +-# bit 5 (32) = IAPP + # bit 6 (64) = MLME + # + # Levels (minimum value for logged events): +@@ -1243,11 +1242,6 @@ eap_server=0 + # Whether to enable ERP on the EAP server. + #eap_server_erp=1 + +-##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### +- +-# Interface to be used for IAPP broadcast packets +-#iapp_interface=eth0 +- + + ##### RADIUS client configuration ############################################# + # for IEEE 802.1X with external Authentication Server, IEEE 802.11 +diff --git a/hostapd/main.c b/hostapd/main.c +index 08896ffe2..8bfe24281 100644 +--- a/hostapd/main.c ++++ b/hostapd/main.c +@@ -81,9 +81,6 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, + case HOSTAPD_MODULE_DRIVER: + module_str = "DRIVER"; + break; +- case HOSTAPD_MODULE_IAPP: +- module_str = "IAPP"; +- break; + case HOSTAPD_MODULE_MLME: + module_str = "MLME"; + break; +diff --git a/src/ap/Makefile b/src/ap/Makefile +index bd3f33b77..54e48a0dd 100644 +--- a/src/ap/Makefile ++++ b/src/ap/Makefile +@@ -18,7 +18,6 @@ CFLAGS += -DCONFIG_IEEE80211R_AP + CFLAGS += -DCONFIG_WPS + CFLAGS += -DCONFIG_PROXYARP + CFLAGS += -DCONFIG_IPV6 +-CFLAGS += -DCONFIG_IAPP + CFLAGS += -DCONFIG_AIRTIME_POLICY + + LIB_OBJS= \ +@@ -41,7 +40,6 @@ LIB_OBJS= \ + hostapd.o \ + hs20.o \ + hw_features.o \ +- iapp.o \ + ieee802_11_auth.o \ + ieee802_11.o \ + ieee802_11_ht.o \ +diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h +index e219160b0..17eb0682b 100644 +--- a/src/ap/ap_config.h ++++ b/src/ap/ap_config.h +@@ -325,10 +325,6 @@ struct hostapd_bss_config { + int erp_send_reauth_start; + char *erp_domain; + +- int ieee802_11f; /* use IEEE 802.11f (IAPP) */ +- char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast +- * frames */ +- + enum macaddr_acl { + ACCEPT_UNLESS_DENIED = 0, + DENY_UNLESS_ACCEPTED = 1, +diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c +index ef988b634..bf7b1f89e 100644 +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -28,7 +28,6 @@ + #include "accounting.h" + #include "ap_list.h" + #include "beacon.h" +-#include "iapp.h" + #include "ieee802_1x.h" + #include "ieee802_11_auth.h" + #include "vlan_init.h" +@@ -361,8 +360,6 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd) + hapd->beacon_set_done = 0; + + wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); +- iapp_deinit(hapd->iapp); +- hapd->iapp = NULL; + accounting_deinit(hapd); + hostapd_deinit_wpa(hapd); + vlan_deinit(hapd); +@@ -1296,13 +1293,6 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first) + return -1; + } + +- if (conf->ieee802_11f && +- (hapd->iapp = iapp_init(hapd, conf->iapp_iface)) == NULL) { +- wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization " +- "failed."); +- return -1; +- } +- + #ifdef CONFIG_INTERWORKING + if (gas_serv_init(hapd)) { + wpa_printf(MSG_ERROR, "GAS server initialization failed"); +@@ -3056,10 +3046,6 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + hostapd_prune_associations(hapd, sta->addr); + ap_sta_clear_disconnect_timeouts(hapd, sta); + +- /* IEEE 802.11F (IAPP) */ +- if (hapd->conf->ieee802_11f) +- iapp_new_station(hapd->iapp, sta); +- + #ifdef CONFIG_P2P + if (sta->p2p_ie == NULL && !sta->no_p2p_set) { + sta->no_p2p_set = 1; +diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h +index 5b859b8a9..2358d1664 100644 +--- a/src/ap/hostapd.h ++++ b/src/ap/hostapd.h +@@ -179,8 +179,6 @@ struct hostapd_data { + u64 acct_session_id; + struct radius_das_data *radius_das; + +- struct iapp_data *iapp; +- + struct hostapd_cached_radius_acl *acl_cache; + struct hostapd_acl_query_data *acl_queries; + +diff --git a/src/ap/iapp.c b/src/ap/iapp.c +deleted file mode 100644 +index 2556da30c..000000000 +--- a/src/ap/iapp.c ++++ /dev/null +@@ -1,542 +0,0 @@ +-/* +- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) +- * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> +- * +- * This software may be distributed under the terms of the BSD license. +- * See README for more details. +- * +- * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired +- * and IEEE has withdrawn it. In other words, it is likely better to look at +- * using some other mechanism for AP-to-AP communication than extending the +- * implementation here. +- */ +- +-/* TODO: +- * Level 1: no administrative or security support +- * (e.g., static BSSID to IP address mapping in each AP) +- * Level 2: support for dynamic mapping of BSSID to IP address +- * Level 3: support for encryption and authentication of IAPP messages +- * - add support for MOVE-notify and MOVE-response (this requires support for +- * finding out IP address for previous AP using RADIUS) +- * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during +- * reassociation to another AP +- * - implement counters etc. for IAPP MIB +- * - verify endianness of fields in IAPP messages; are they big-endian as +- * used here? +- * - RADIUS connection for AP registration and BSSID to IP address mapping +- * - TCP connection for IAPP MOVE, CACHE +- * - broadcast ESP for IAPP ADD-notify +- * - ESP for IAPP MOVE messages +- * - security block sending/processing +- * - IEEE 802.11 context transfer +- */ +- +-#include "utils/includes.h" +-#include <net/if.h> +-#include <sys/ioctl.h> +-#include <netpacket/packet.h> +- +-#include "utils/common.h" +-#include "utils/eloop.h" +-#include "common/ieee802_11_defs.h" +-#include "hostapd.h" +-#include "ap_config.h" +-#include "ieee802_11.h" +-#include "sta_info.h" +-#include "iapp.h" +- +- +-#define IAPP_MULTICAST "224.0.1.178" +-#define IAPP_UDP_PORT 3517 +-#define IAPP_TCP_PORT 3517 +- +-struct iapp_hdr { +- u8 version; +- u8 command; +- be16 identifier; +- be16 length; +- /* followed by length-6 octets of data */ +-} __attribute__ ((packed)); +- +-#define IAPP_VERSION 0 +- +-enum IAPP_COMMAND { +- IAPP_CMD_ADD_notify = 0, +- IAPP_CMD_MOVE_notify = 1, +- IAPP_CMD_MOVE_response = 2, +- IAPP_CMD_Send_Security_Block = 3, +- IAPP_CMD_ACK_Security_Block = 4, +- IAPP_CMD_CACHE_notify = 5, +- IAPP_CMD_CACHE_response = 6, +-}; +- +- +-/* ADD-notify - multicast UDP on the local LAN */ +-struct iapp_add_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- be16 seq_num; +-} __attribute__ ((packed)); +- +- +-/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ +-struct iapp_layer2_update { +- u8 da[ETH_ALEN]; /* broadcast */ +- u8 sa[ETH_ALEN]; /* STA addr */ +- be16 len; /* 6 */ +- u8 dsap; /* null DSAP address */ +- u8 ssap; /* null SSAP address, CR=Response */ +- u8 control; +- u8 xid_info[3]; +-} __attribute__ ((packed)); +- +- +-/* MOVE-notify - unicast TCP */ +-struct iapp_move_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u16 ctx_block_len; +- /* followed by ctx_block_len bytes */ +-} __attribute__ ((packed)); +- +- +-/* MOVE-response - unicast TCP */ +-struct iapp_move_response { +- u8 addr_len; /* ETH_ALEN */ +- u8 status; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u16 ctx_block_len; +- /* followed by ctx_block_len bytes */ +-} __attribute__ ((packed)); +- +-enum { +- IAPP_MOVE_SUCCESSFUL = 0, +- IAPP_MOVE_DENIED = 1, +- IAPP_MOVE_STALE_MOVE = 2, +-}; +- +- +-/* CACHE-notify */ +-struct iapp_cache_notify { +- u8 addr_len; /* ETH_ALEN */ +- u8 reserved; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +- u8 current_ap[ETH_ALEN]; +- u16 ctx_block_len; +- /* ctx_block_len bytes of context block followed by 16-bit context +- * timeout */ +-} __attribute__ ((packed)); +- +- +-/* CACHE-response - unicast TCP */ +-struct iapp_cache_response { +- u8 addr_len; /* ETH_ALEN */ +- u8 status; +- u8 mac_addr[ETH_ALEN]; +- u16 seq_num; +-} __attribute__ ((packed)); +- +-enum { +- IAPP_CACHE_SUCCESSFUL = 0, +- IAPP_CACHE_STALE_CACHE = 1, +-}; +- +- +-/* Send-Security-Block - unicast TCP */ +-struct iapp_send_security_block { +- u8 iv[8]; +- u16 sec_block_len; +- /* followed by sec_block_len bytes of security block */ +-} __attribute__ ((packed)); +- +- +-/* ACK-Security-Block - unicast TCP */ +-struct iapp_ack_security_block { +- u8 iv[8]; +- u8 new_ap_ack_authenticator[48]; +-} __attribute__ ((packed)); +- +- +-struct iapp_data { +- struct hostapd_data *hapd; +- u16 identifier; /* next IAPP identifier */ +- struct in_addr own, multicast; +- int udp_sock; +- int packet_sock; +-}; +- +- +-static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) +-{ +- char buf[128]; +- struct iapp_hdr *hdr; +- struct iapp_add_notify *add; +- struct sockaddr_in addr; +- +- /* Send IAPP ADD-notify to remove possible association from other APs +- */ +- +- hdr = (struct iapp_hdr *) buf; +- hdr->version = IAPP_VERSION; +- hdr->command = IAPP_CMD_ADD_notify; +- hdr->identifier = host_to_be16(iapp->identifier++); +- hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); +- +- add = (struct iapp_add_notify *) (hdr + 1); +- add->addr_len = ETH_ALEN; +- add->reserved = 0; +- os_memcpy(add->mac_addr, mac_addr, ETH_ALEN); +- +- add->seq_num = host_to_be16(seq_num); +- +- os_memset(&addr, 0, sizeof(addr)); +- addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = iapp->multicast.s_addr; +- addr.sin_port = htons(IAPP_UDP_PORT); +- if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, +- (struct sockaddr *) &addr, sizeof(addr)) < 0) +- wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno)); +-} +- +- +-static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) +-{ +- struct iapp_layer2_update msg; +- +- /* Send Level 2 Update Frame to update forwarding tables in layer 2 +- * bridge devices */ +- +- /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) +- * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ +- +- os_memset(msg.da, 0xff, ETH_ALEN); +- os_memcpy(msg.sa, addr, ETH_ALEN); +- msg.len = host_to_be16(6); +- msg.dsap = 0; /* NULL DSAP address */ +- msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ +- msg.control = 0xaf; /* XID response lsb.1111F101. +- * F=0 (no poll command; unsolicited frame) */ +- msg.xid_info[0] = 0x81; /* XID format identifier */ +- msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ +- msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) +- * FIX: what is correct RW with 802.11? */ +- +- if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) +- wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno)); +-} +- +- +-/** +- * iapp_new_station - IAPP processing for a new STA +- * @iapp: IAPP data +- * @sta: The associated station +- */ +-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) +-{ +- u16 seq = 0; /* TODO */ +- +- if (iapp == NULL) +- return; +- +- /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ +- hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); +- iapp_send_layer2_update(iapp, sta->addr); +- iapp_send_add(iapp, sta->addr, seq); +- +- /* TODO: If this was reassociation: +- * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, +- * Context Block, Timeout) +- * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to +- * IP address */ +-} +- +- +-static void iapp_process_add_notify(struct iapp_data *iapp, +- struct sockaddr_in *from, +- struct iapp_hdr *hdr, int len) +-{ +- struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); +- struct sta_info *sta; +- +- if (len != sizeof(*add)) { +- wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)", +- len, (unsigned long) sizeof(*add)); +- return; +- } +- +- sta = ap_get_sta(iapp->hapd, add->mac_addr); +- +- /* IAPP-ADD.indication(MAC Address, Sequence Number) */ +- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_INFO, +- "Received IAPP ADD-notify (seq# %d) from %s:%d%s", +- be_to_host16(add->seq_num), +- inet_ntoa(from->sin_addr), ntohs(from->sin_port), +- sta ? "" : " (STA not found)"); +- +- if (!sta) +- return; +- +- /* TODO: could use seq_num to try to determine whether last association +- * to this AP is newer than the one advertised in IAPP-ADD. Although, +- * this is not really a reliable verification. */ +- +- hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "Removing STA due to IAPP ADD-notify"); +- ap_sta_disconnect(iapp->hapd, sta, NULL, 0); +-} +- +- +-/** +- * iapp_receive_udp - Process IAPP UDP frames +- * @sock: File descriptor for the socket +- * @eloop_ctx: IAPP data (struct iapp_data *) +- * @sock_ctx: Not used +- */ +-static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) +-{ +- struct iapp_data *iapp = eloop_ctx; +- int len, hlen; +- unsigned char buf[128]; +- struct sockaddr_in from; +- socklen_t fromlen; +- struct iapp_hdr *hdr; +- +- /* Handle incoming IAPP frames (over UDP/IP) */ +- +- fromlen = sizeof(from); +- len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, +- (struct sockaddr *) &from, &fromlen); +- if (len < 0) { +- wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s", +- strerror(errno)); +- return; +- } +- +- if (from.sin_addr.s_addr == iapp->own.s_addr) +- return; /* ignore own IAPP messages */ +- +- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "Received %d byte IAPP frame from %s%s\n", +- len, inet_ntoa(from.sin_addr), +- len < (int) sizeof(*hdr) ? " (too short)" : ""); +- +- if (len < (int) sizeof(*hdr)) +- return; +- +- hdr = (struct iapp_hdr *) buf; +- hlen = be_to_host16(hdr->length); +- hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, +- HOSTAPD_LEVEL_DEBUG, +- "RX: version=%d command=%d id=%d len=%d\n", +- hdr->version, hdr->command, +- be_to_host16(hdr->identifier), hlen); +- if (hdr->version != IAPP_VERSION) { +- wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d", +- hdr->version); +- return; +- } +- if (hlen > len) { +- wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)", +- hlen, len); +- return; +- } +- if (hlen < len) { +- wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame", +- len - hlen); +- len = hlen; +- } +- +- switch (hdr->command) { +- case IAPP_CMD_ADD_notify: +- iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr)); +- break; +- case IAPP_CMD_MOVE_notify: +- /* TODO: MOVE is using TCP; so move this to TCP handler once it +- * is implemented.. */ +- /* IAPP-MOVE.indication(MAC Address, New BSSID, +- * Sequence Number, AP Address, Context Block) */ +- /* TODO: process */ +- break; +- default: +- wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command); +- break; +- } +-} +- +- +-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) +-{ +- struct ifreq ifr; +- struct sockaddr_ll addr; +- int ifindex; +- struct sockaddr_in *paddr, uaddr; +- struct iapp_data *iapp; +- struct ip_mreqn mreq; +- int reuseaddr = 1; +- +- iapp = os_zalloc(sizeof(*iapp)); +- if (iapp == NULL) +- return NULL; +- iapp->hapd = hapd; +- iapp->udp_sock = iapp->packet_sock = -1; +- +- /* TODO: +- * open socket for sending and receiving IAPP frames over TCP +- */ +- +- iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); +- if (iapp->udp_sock < 0) { +- wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&ifr, 0, sizeof(ifr)); +- os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); +- if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- ifindex = ifr.ifr_ifindex; +- +- if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- paddr = (struct sockaddr_in *) &ifr.ifr_addr; +- if (paddr->sin_family != AF_INET) { +- wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)", +- paddr->sin_family); +- iapp_deinit(iapp); +- return NULL; +- } +- iapp->own.s_addr = paddr->sin_addr.s_addr; +- +- if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { +- wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- paddr = (struct sockaddr_in *) &ifr.ifr_addr; +- if (paddr->sin_family != AF_INET) { +- wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)", +- paddr->sin_family); +- iapp_deinit(iapp); +- return NULL; +- } +- inet_aton(IAPP_MULTICAST, &iapp->multicast); +- +- os_memset(&uaddr, 0, sizeof(uaddr)); +- uaddr.sin_family = AF_INET; +- uaddr.sin_port = htons(IAPP_UDP_PORT); +- +- if (setsockopt(iapp->udp_sock, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, +- sizeof(reuseaddr)) < 0) { +- wpa_printf(MSG_INFO, +- "iapp_init - setsockopt[UDP,SO_REUSEADDR]: %s", +- strerror(errno)); +- /* +- * Ignore this and try to continue. This is fine for single +- * BSS cases, but may fail if multiple BSSes enable IAPP. +- */ +- } +- +- if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, +- sizeof(uaddr)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&mreq, 0, sizeof(mreq)); +- mreq.imr_multiaddr = iapp->multicast; +- mreq.imr_address.s_addr = INADDR_ANY; +- mreq.imr_ifindex = 0; +- if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, +- sizeof(mreq)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); +- if (iapp->packet_sock < 0) { +- wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- os_memset(&addr, 0, sizeof(addr)); +- addr.sll_family = AF_PACKET; +- addr.sll_ifindex = ifindex; +- if (bind(iapp->packet_sock, (struct sockaddr *) &addr, +- sizeof(addr)) < 0) { +- wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s", +- strerror(errno)); +- iapp_deinit(iapp); +- return NULL; +- } +- +- if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, +- iapp, NULL)) { +- wpa_printf(MSG_INFO, "Could not register read socket for IAPP"); +- iapp_deinit(iapp); +- return NULL; +- } +- +- wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface); +- +- /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive +- * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually +- * be openned only after receiving Initiate-Accept. If Initiate-Reject +- * is received, IAPP is not started. */ +- +- return iapp; +-} +- +- +-void iapp_deinit(struct iapp_data *iapp) +-{ +- struct ip_mreqn mreq; +- +- if (iapp == NULL) +- return; +- +- if (iapp->udp_sock >= 0) { +- os_memset(&mreq, 0, sizeof(mreq)); +- mreq.imr_multiaddr = iapp->multicast; +- mreq.imr_address.s_addr = INADDR_ANY; +- mreq.imr_ifindex = 0; +- if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, +- &mreq, sizeof(mreq)) < 0) { +- wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s", +- strerror(errno)); +- } +- +- eloop_unregister_read_sock(iapp->udp_sock); +- close(iapp->udp_sock); +- } +- if (iapp->packet_sock >= 0) { +- eloop_unregister_read_sock(iapp->packet_sock); +- close(iapp->packet_sock); +- } +- os_free(iapp); +-} +diff --git a/src/ap/iapp.h b/src/ap/iapp.h +deleted file mode 100644 +index c22118342..000000000 +--- a/src/ap/iapp.h ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) +- * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> +- * +- * This software may be distributed under the terms of the BSD license. +- * See README for more details. +- */ +- +-#ifndef IAPP_H +-#define IAPP_H +- +-struct iapp_data; +- +-#ifdef CONFIG_IAPP +- +-void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta); +-struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface); +-void iapp_deinit(struct iapp_data *iapp); +- +-#else /* CONFIG_IAPP */ +- +-static inline void iapp_new_station(struct iapp_data *iapp, +- struct sta_info *sta) +-{ +-} +- +-static inline struct iapp_data * iapp_init(struct hostapd_data *hapd, +- const char *iface) +-{ +- return NULL; +-} +- +-static inline void iapp_deinit(struct iapp_data *iapp) +-{ +-} +- +-#endif /* CONFIG_IAPP */ +- +-#endif /* IAPP_H */ +diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h +index 1fe0b7db7..c94c4391f 100644 +--- a/src/utils/wpa_debug.h ++++ b/src/utils/wpa_debug.h +@@ -305,7 +305,6 @@ void hostapd_logger_register_cb(hostapd_logger_cb_func func); + #define HOSTAPD_MODULE_RADIUS 0x00000004 + #define HOSTAPD_MODULE_WPA 0x00000008 + #define HOSTAPD_MODULE_DRIVER 0x00000010 +-#define HOSTAPD_MODULE_IAPP 0x00000020 + #define HOSTAPD_MODULE_MLME 0x00000040 + + enum hostapd_logger_level { +-- +2.17.1 + diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch new file mode 100644 index 0000000000..54c405b539 --- /dev/null +++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-0326.patch @@ -0,0 +1,43 @@ +From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Mon, 9 Nov 2020 11:43:12 +0200 +Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group + client + +Parsing and copying of WPS secondary device types list was verifying +that the contents is not too long for the internal maximum in the case +of WPS messages, but similar validation was missing from the case of P2P +group information which encodes this information in a different +attribute. This could result in writing beyond the memory area assigned +for these entries and corrupting memory within an instance of struct +p2p_device. This could result in invalid operations and unexpected +behavior when trying to free pointers from that corrupted memory. + +CVE: CVE-2021-0326 + +Upstream-Status: Backport + +Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 +Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/p2p/p2p.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index 74b7b52ae..5cbfc217f 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, + dev->info.config_methods = cli->config_methods; + os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); + dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; ++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) ++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; + os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, + dev->info.wps_sec_dev_type_list_len); + } +-- +2.17.1 + diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch new file mode 100644 index 0000000000..fedff76b18 --- /dev/null +++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-27803.patch @@ -0,0 +1,54 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +CVE: CVE-2021-27803 + +Upstream-Status: Backport + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec03f..05fd59349 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.17.1 + diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch new file mode 100644 index 0000000000..e2540fc26b --- /dev/null +++ b/meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch @@ -0,0 +1,123 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +CVE: CVE-2021-30004 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index 141ac50..e09db07 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index 1bd5aa0..bf2289f 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +2.17.1 + diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb index 68dc123702..e586018685 100644 --- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb +++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.9.bb @@ -12,6 +12,10 @@ SRC_URI = " \ file://init \ file://hostapd.service \ file://CVE-2019-16275.patch \ + file://CVE-2019-5061.patch \ + file://CVE-2021-0326.patch \ + file://CVE-2021-27803.patch \ + file://CVE-2021-30004.patch \ " SRC_URI[md5sum] = "f188fc53a495fe7af3b6d77d3c31dee8" diff --git a/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb b/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb index 2b05c61a0d..4d4e841f62 100644 --- a/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb +++ b/meta-oe/recipes-connectivity/telepathy/telepathy-glib_0.24.1.bb @@ -12,7 +12,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e413d83db6ee8f2c8e6055719096a48e" inherit autotools pkgconfig gettext gobject-introspection vala -EXTRA_OECONF = "--enable-vala-bindings" +# Respect GI_DATA_ENABLED value when enabling vala-bindings: +# configure: error: GObject-Introspection must be enabled for Vala bindings +EXTRA_OECONF = "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '--enable-vala-bindings', '--disable-vala-bindings', d)}" FILES_${PN} += "${datadir}/telepathy \ ${datadir}/dbus-1" diff --git a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb index 4d86ef9775..caa55ffb57 100644 --- a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb +++ b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb @@ -8,12 +8,15 @@ PACKAGES = "\ packagegroup-meta-oe \ packagegroup-meta-oe-benchmarks \ packagegroup-meta-oe-connectivity \ + packagegroup-meta-oe-connectivity-python2 \ packagegroup-meta-oe-core \ packagegroup-meta-oe-crypto \ packagegroup-meta-oe-bsp \ packagegroup-meta-oe-dbs \ + packagegroup-meta-oe-dbs-python2 \ packagegroup-meta-oe-devtools \ packagegroup-meta-oe-extended \ + packagegroup-meta-oe-extended-python2 \ packagegroup-meta-oe-kernel \ packagegroup-meta-oe-multimedia \ packagegroup-meta-oe-navigation \ @@ -21,6 +24,7 @@ PACKAGES = "\ packagegroup-meta-oe-shells \ packagegroup-meta-oe-security \ packagegroup-meta-oe-support \ + packagegroup-meta-oe-support-python2 \ packagegroup-meta-oe-test \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-gnome", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-graphics", "", d)} \ @@ -32,11 +36,14 @@ RDEPENDS_packagegroup-meta-oe = "\ packagegroup-meta-oe-benchmarks \ packagegroup-meta-oe-bsp \ packagegroup-meta-oe-connectivity \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-connectivity-python2", "", d)} \ packagegroup-meta-oe-core \ packagegroup-meta-oe-crypto \ packagegroup-meta-oe-dbs \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-dbs-python2", "", d)} \ packagegroup-meta-oe-devtools \ packagegroup-meta-oe-extended \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-extended-python2", "", d)} \ packagegroup-meta-oe-kernel \ packagegroup-meta-oe-multimedia \ packagegroup-meta-oe-navigation \ @@ -44,6 +51,7 @@ RDEPENDS_packagegroup-meta-oe = "\ packagegroup-meta-oe-security \ packagegroup-meta-oe-shells \ packagegroup-meta-oe-support \ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "packagegroup-meta-oe-support-python2", "", d)} \ packagegroup-meta-oe-test \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-gnome", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-meta-oe-graphics", "", d)} \ @@ -144,7 +152,6 @@ RDEPENDS_packagegroup-meta-oe-connectivity ="\ ser2net \ smstools3 \ telepathy-glib \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "telepathy-idle", "", d)} \ thrift \ usbmuxd \ wifi-test-suite \ @@ -155,6 +162,10 @@ RDEPENDS_packagegroup-meta-oe-connectivity ="\ RDEPENDS_packagegroup-meta-oe-connectivity_append_libc-glibc = " wvstreams wvdial" +RDEPENDS_packagegroup-meta-oe-connectivity-python2 = "\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "telepathy-idle", "", d)} \ +" + # dracut needs dracut RDEPENDS_packagegroup-meta-oe-core = "\ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "dbus-broker", "", d)} \ @@ -179,7 +190,7 @@ RDEPENDS_packagegroup-meta-oe-core = "\ toybox \ usleep \ " -RDEPENDS_packagegroup-meta-oe-core_append_libc-glibc = " glfw" +RDEPENDS_packagegroup-meta-oe-core_append_libc-glibc = " ${@bb.utils.contains("DISTRO_FEATURES", "x11 opengl", "glfw", "", d)}" RDEPENDS_packagegroup-meta-oe-core_remove_riscv64 = "safec" RDEPENDS_packagegroup-meta-oe-core_remove_riscv32 = "safec" @@ -197,7 +208,6 @@ RDEPENDS_packagegroup-meta-oe-dbs ="\ leveldb \ libdbi \ mariadb \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "mysql-python", "", d)} \ postgresql \ psqlodbc \ rocksdb \ @@ -205,6 +215,10 @@ RDEPENDS_packagegroup-meta-oe-dbs ="\ sqlite \ " +RDEPENDS_packagegroup-meta-oe-dbs-python2 ="\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "mysql-python", "", d)} \ +" + RDEPENDS_packagegroup-meta-oe-devtools ="\ abseil-cpp \ apitrace \ @@ -258,7 +272,7 @@ RDEPENDS_packagegroup-meta-oe-devtools ="\ mpich \ msgpack-c \ mercurial \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "nodejs", "", d)} \ + nodejs \ openocd \ pax-utils \ ipc-run \ @@ -335,13 +349,12 @@ RDEPENDS_packagegroup-meta-oe-extended ="\ libuio \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "libwmf", "", d)} \ lprng \ - icewm \ + ${@bb.utils.contains("DISTRO_FEATURES", "x11", "icewm", "", d)} \ md5deep \ indent \ jansson \ nana \ nicstat \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "openlmi-tools", "", d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "openwsman", "", d)} \ p7zip \ isomd5sum \ @@ -418,6 +431,10 @@ RDEPENDS_packagegroup-meta-oe-extended_remove_powerpc64le = "upm mraa" RDEPENDS_packagegroup-meta-oe-extended_remove_riscv64 = "upm mraa sysdig tiptop" RDEPENDS_packagegroup-meta-oe-extended_remove_riscv32 = "upm mraa sysdig tiptop" +RDEPENDS_packagegroup-meta-oe-extended-python2 ="\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "openlmi-tools", "", d)} \ +" + RDEPENDS_packagegroup-meta-oe-gnome ="\ atkmm \ gcab \ @@ -681,7 +698,6 @@ RDEPENDS_packagegroup-meta-oe-support ="\ ace-cloud-editor \ frame \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "geis", "", d)} \ - geis \ grail \ asio \ augeas \ @@ -789,7 +805,6 @@ RDEPENDS_packagegroup-meta-oe-support ="\ libusbg \ libutempter \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "links-x11", "links", d)} \ - ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "lio-utils", "", d)} \ log4c \ log4cpp \ nspr \ @@ -883,6 +898,11 @@ RDEPENDS_packagegroup-meta-oe-support_append_armv7ve = " ne10" RDEPENDS_packagegroup-meta-oe-support_append_aarch64 = " ne10" RDEPENDS_packagegroup-meta-oe-support_append_x86 = " mcelog mce-inject mce-test open-vm-tools vboxguestdrivers" RDEPENDS_packagegroup-meta-oe-support_append_x86-64 = " mcelog mce-inject mce-test open-vm-tools vboxguestdrivers" + +RDEPENDS_packagegroup-meta-oe-support-python2 ="\ + ${@bb.utils.contains("BBFILE_COLLECTIONS", "meta-python2", "lio-utils", "", d)} \ +" + RDEPENDS_packagegroup-meta-oe-support_remove_arm ="numactl" RDEPENDS_packagegroup-meta-oe-support_remove_mipsarch = "gperftools" RDEPENDS_packagegroup-meta-oe-support_remove_riscv64 = "gperftools uim" diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.5.8.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.5.9.bb index 73b2a0980d..73b2a0980d 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.5.8.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.5.9.bb diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 27eede6c30..67cfa54f02 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -20,9 +20,10 @@ SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz file://fix-arm-atomic.patch \ file://0001-Fix-library-LZ4-lookup.patch \ file://0001-innobase-Define-__NR_futex-if-it-does-not-exist.patch \ - file://0001-stacktrace-t.c-make-the-test-conditional.patch \ " -SRC_URI[sha256sum] = "eb4824f6f2c532cd3fc6a6bce7bf78ea7c6b949f8bdd07656b2c84344e757be8" +SRC_URI_append_libc-musl = " file://ppc-remove-glibc-dep.patch" + +SRC_URI[sha256sum] = "40ab19aeb8de141fdc188cf2251213c9e7351bee4d0cd29db704fae68d1068cf" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch deleted file mode 100644 index d8f672d744..0000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 966cbeb309f867ff4ac8e7f4462be4780e421700 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Mon, 25 Jan 2021 19:01:06 -0800 -Subject: [PATCH] stacktrace-t.c: make the test conditional - -Fixes: -/prj/tmp/work/cortexa57-poky-linux-musl/mariadb/10.5.8-r0/recipe-sysroot-native/usr/bin/aarch64-poky-linux-musl/../../libexec/aarch64-poky-linux-musl/gcc/aarch64-poky-linux-musl/10.2.0/ld.bfd: /usr/src/debug/mariadb/10.5.8-r0/mariadb-10.5.8/unittest/mysys/stacktrace-t.c:36: undefined reference to `my_safe_print_str' - -Upstream-Status: Submitted [https://jira.mariadb.org/browse/MDEV-24131] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - unittest/mysys/stacktrace-t.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/unittest/mysys/stacktrace-t.c b/unittest/mysys/stacktrace-t.c -index 8fa0db15b36..d8408f80d76 100644 ---- a/unittest/mysys/stacktrace-t.c -+++ b/unittest/mysys/stacktrace-t.c -@@ -29,6 +29,7 @@ void test_my_safe_print_str() - memcpy(b_stack, "LEGAL", 6); - memcpy(b_bss, "LEGAL", 6); - -+#ifdef HAVE_STACKTRACE - #ifndef __SANITIZE_ADDRESS__ - fprintf(stderr, "\n===== stack =====\n"); - my_safe_print_str(b_stack, 65535); -@@ -48,6 +49,7 @@ void test_my_safe_print_str() - fprintf(stderr, "\n===== (const char*) 1 =====\n"); - my_safe_print_str((const char*)1, 5); - #endif /*__SANITIZE_ADDRESS__*/ -+#endif /*HAVE_STACKTRACE*/ - - free(b_heap); - --- -2.17.1 - diff --git a/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch b/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch index 32c9818ab0..1c76ab3918 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch +++ b/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch @@ -17,10 +17,10 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/configure.cmake b/configure.cmake -index bb3ad43..2ff4f19 100644 +index 4fc324a9..23a2ea91 100644 --- a/configure.cmake +++ b/configure.cmake -@@ -861,7 +861,25 @@ int main() +@@ -862,7 +862,25 @@ int main() long long int *ptr= &var; return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); }" @@ -48,10 +48,10 @@ index bb3ad43..2ff4f19 100644 IF(WITH_VALGRIND) SET(HAVE_valgrind 1) diff --git a/mysys/CMakeLists.txt b/mysys/CMakeLists.txt -index 6a3a1ef..e306ae7 100644 +index 6aab788f..91b9c393 100644 --- a/mysys/CMakeLists.txt +++ b/mysys/CMakeLists.txt -@@ -140,6 +140,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings ${ZLIB_LIBRARY} +@@ -154,6 +154,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings ${ZLIB_LIBRARY} ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO}) DTRACE_INSTRUMENT(mysys) @@ -63,10 +63,10 @@ index 6a3a1ef..e306ae7 100644 TARGET_LINK_LIBRARIES(mysys bfd) ENDIF(HAVE_BFD_H) diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt -index 4978d01..883a930 100644 +index b9cd418f..d42e5017 100644 --- a/sql/CMakeLists.txt +++ b/sql/CMakeLists.txt -@@ -220,6 +220,10 @@ ELSE() +@@ -222,6 +222,10 @@ ELSE() SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL}) ENDIF() @@ -74,9 +74,9 @@ index 4978d01..883a930 100644 + TARGET_LINK_LIBRARIES(sql atomic) +ENDIF() + - IF(MSVC) + IF(MSVC OR CMAKE_SYSTEM_NAME MATCHES AIX) SET(libs_to_export_symbols sql mysys dbug strings) # Create shared library of already compiled object -- -2.17.1 +2.25.1 diff --git a/meta-oe/recipes-dbs/mysql/mariadb/ppc-remove-glibc-dep.patch b/meta-oe/recipes-dbs/mysql/mariadb/ppc-remove-glibc-dep.patch new file mode 100644 index 0000000000..1ca86bcca2 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/ppc-remove-glibc-dep.patch @@ -0,0 +1,50 @@ +Remove glibc specific function dependencies + +Sourced from: https://git.alpinelinux.org/aports/tree/main/mariadb/ppc-remove-glibc-dep.patch +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- a/include/my_cpu.h ++++ b/include/my_cpu.h +@@ -24,17 +24,16 @@ + */ + + #ifdef _ARCH_PWR8 +-#include <sys/platform/ppc.h> + /* Very low priority */ +-#define HMT_very_low() __ppc_set_ppr_very_low() ++#define HMT_very_low() asm volatile("or 31,31,31") + /* Low priority */ +-#define HMT_low() __ppc_set_ppr_low() ++#define HMT_low() asm volatile ("or 1,1,1") + /* Medium low priority */ +-#define HMT_medium_low() __ppc_set_ppr_med_low() ++#define HMT_medium_low() asm volatile ("or 6,6,6") + /* Medium priority */ +-#define HMT_medium() __ppc_set_ppr_med() ++#define HMT_medium() asm volatile ("or 2,2,2") + /* Medium high priority */ +-#define HMT_medium_high() __ppc_set_ppr_med_high() ++#define HMT_medium_high() asm volatile("or 5,5,5") + /* High priority */ + #define HMT_high() asm volatile("or 3,3,3") + #else +@@ -81,7 +80,7 @@ static inline void MY_RELAX_CPU(void) + __asm__ __volatile__ ("pause"); + #endif + #elif defined(_ARCH_PWR8) +- __ppc_get_timebase(); ++ __builtin_ppc_get_timebase(); + #elif defined __GNUC__ && (defined __arm__ || defined __aarch64__) + /* Mainly, prevent the compiler from optimizing away delay loops */ + __asm__ __volatile__ ("":::"memory"); +--- a/storage/tokudb/PerconaFT/portability/toku_time.h ++++ b/storage/tokudb/PerconaFT/portability/toku_time.h +@@ -124,7 +124,7 @@ static inline tokutime_t toku_time_now(v + __asm __volatile__ ("mrs %[rt], cntvct_el0" : [rt] "=r" (result)); + return result; + #elif defined(__powerpc__) +- return __ppc_get_timebase(); ++ return __builtin_ppc_get_timebase(); + #else + #error No timer implementation for this platform + #endif diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.5.8.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.5.9.bb index e6743fe97a..e6743fe97a 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb_10.5.8.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb_10.5.9.bb diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb index 0673a3202d..b9e3821776 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_12.21.0.bb @@ -26,7 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ " -SRC_URI[sha256sum] = "e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853" +SRC_URI[sha256sum] = "052f37ace6f569b513b5a1154b2a45d3c4d8b07d7d7c807b79f1566db61e979d" S = "${WORKDIR}/node-v${PV}" diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson/0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch b/meta-oe/recipes-devtools/rapidjson/rapidjson/0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch deleted file mode 100644 index 745f5d0132..0000000000 --- a/meta-oe/recipes-devtools/rapidjson/rapidjson/0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 8d272e53a4d1dc405e08ce2dd50159c58f4451e9 Mon Sep 17 00:00:00 2001 -From: Ruslan Bilovol <rbilovol@cisco.com> -Date: Thu, 24 Jan 2019 18:11:39 +0200 -Subject: [PATCH] CMake: remove hardcoded CMAKECONFIG_INSTALL_DIR path - -Currently this path is hardcoded to lib/cmake. -Some distributions have different library path (like lib64). -So reuse LIB_INSTALL_DIR for that to make CMAKECONFIG_INSTALL_DIR -configurable and usable in such distros. - -Upstream-Status: Backport [https://github.com/Tencent/rapidjson/commit/8d272e53a4d1dc405e08ce2dd50159c58f4451e9] - -Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> ---- - CMakeLists.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 7c60407..0275672 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -199,9 +199,9 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_NAME}ConfigVersion.cmake.in - ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}ConfigVersion.cmake @ONLY) - - # ... for the install tree --SET( CMAKECONFIG_INSTALL_DIR lib/cmake/${PROJECT_NAME} ) -+SET( CMAKECONFIG_INSTALL_DIR ${LIB_INSTALL_DIR}/cmake/${PROJECT_NAME} ) - FILE( RELATIVE_PATH REL_INCLUDE_DIR -- "${CMAKE_INSTALL_PREFIX}/${CMAKECONFIG_INSTALL_DIR}" -+ "${CMAKECONFIG_INSTALL_DIR}" - "${CMAKE_INSTALL_PREFIX}/include" ) - - SET( ${PROJECT_NAME}_INCLUDE_DIR "\${${PROJECT_NAME}_CMAKE_DIR}/${REL_INCLUDE_DIR}" ) --- -1.9.1 - diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson/remove-march-native-from-CMAKE_CXX_FLAGS.patch b/meta-oe/recipes-devtools/rapidjson/rapidjson/remove-march-native-from-CMAKE_CXX_FLAGS.patch deleted file mode 100644 index cf3e16ea5d..0000000000 --- a/meta-oe/recipes-devtools/rapidjson/rapidjson/remove-march-native-from-CMAKE_CXX_FLAGS.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 827155e5e659b2a5065b00d701bc59b57feab2bf Mon Sep 17 00:00:00 2001 -From: Andre McCurdy <armccurdy@gmail.com> -Date: Mon, 19 Dec 2016 01:37:11 -0800 -Subject: [PATCH] remove -march=native from CMAKE_CXX_FLAGS - -Not appropriate when cross compiling. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> ---- - CMakeLists.txt | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/CMakeLists.txt -=================================================================== ---- git.orig/CMakeLists.txt -+++ git/CMakeLists.txt -@@ -51,10 +51,10 @@ endif(CCACHE_FOUND) - - if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU") - if(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "powerpc" OR ${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64" OR ${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le") -- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=native") -+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - else() - #FIXME: x86 is -march=native, but doesn't mean every arch is this option. To keep original project's compatibility, I leave this except POWER. -- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=native") -+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - endif() - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Werror") - set(EXTRA_CXX_FLAGS -Weffc++ -Wswitch-default -Wfloat-equal -Wconversion -Wsign-conversion) -@@ -84,7 +84,7 @@ elseif (CMAKE_CXX_COMPILER_ID MATCHES "C - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mcpu=native") - else() - #FIXME: x86 is -march=native, but doesn't mean every arch is this option. To keep original project's compatibility, I leave this except POWER. -- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=native") -+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - endif() - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Werror -Wno-missing-field-initializers") - set(EXTRA_CXX_FLAGS -Weffc++ -Wswitch-default -Wfloat-equal -Wconversion -Wimplicit-fallthrough -Weverything) diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb index e3ed9c6a17..5b5c8b2570 100644 --- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb +++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb @@ -4,10 +4,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125" -SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1 \ - file://0001-CMake-remove-hardcoded-CMAKECONFIG_INSTALL_DIR-path.patch" +SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1" -SRCREV = "6a905f9311f82d306da77bd963ec5aa5da07da9c" +SRCREV = "0ccdbf364c577803e2a751f5aededce935314313" PV = "1.1.0+git${SRCPV}" diff --git a/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb b/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb index 8e00cb3ea4..f86b2b912e 100644 --- a/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb +++ b/meta-oe/recipes-extended/uml-utilities/uml-utilities_20040406.bb @@ -18,15 +18,14 @@ S = "${WORKDIR}/tools" inherit update-alternatives do_compile() { - oe_runmake + oe_runmake LIB_DIR=${libdir}/uml } do_install() { oe_runmake install DESTDIR=${D} } -FILES_${PN} += "${exec_prefix}${nonarch_base_libdir}" -FILES_${PN}-dbg += "${exec_prefix}${nonarch_base_libdir}/uml/.debug" +FILES_${PN} += "${libdir}/uml" ALTERNATIVE_${PN} = "tunctl" ALTERNATIVE_LINK_NAME[tunctl] = "${bindir}/tunctl" diff --git a/meta-oe/recipes-graphics/libyui/libyui_3.10.0.bb b/meta-oe/recipes-graphics/libyui/libyui_3.10.0.bb index d7f529e313..286d3ac911 100644 --- a/meta-oe/recipes-graphics/libyui/libyui_3.10.0.bb +++ b/meta-oe/recipes-graphics/libyui/libyui_3.10.0.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING.gpl-3;md5=d32239bcb673463ab874e80d47fae504 \ file://COPYING.lgpl-3;md5=e6a600fd5e1d9cbde2d983680233ad02 \ " -SRC_URI = "git://github.com/libyui/libyui.git \ +SRC_URI = "git://github.com/libyui/libyui-old.git \ file://0001-Fix-build-with-clang.patch \ file://0001-Use-relative-install-paths-for-CMake.patch \ " diff --git a/meta-oe/recipes-navigation/gpsd/gpsd/0001-gpsd-dbusexport.c-Fix-broken-d-bus-message-time.patch b/meta-oe/recipes-navigation/gpsd/gpsd/0001-gpsd-dbusexport.c-Fix-broken-d-bus-message-time.patch new file mode 100644 index 0000000000..659865efe1 --- /dev/null +++ b/meta-oe/recipes-navigation/gpsd/gpsd/0001-gpsd-dbusexport.c-Fix-broken-d-bus-message-time.patch @@ -0,0 +1,36 @@ +From c9cec2a888d4fea8534be78a0f46d920155ceae6 Mon Sep 17 00:00:00 2001 +From: Paul Fertser <fercerpav@gmail.com> +Date: Wed, 4 Nov 2020 12:40:50 -0800 +Subject: [PATCH] gpsd/dbusexport.c: Fix broken d-bus message time. + +Change-Id: I4b9990ce4517a8feb29fc9e090c62f5a0c56ddd5 +--- + dbusexport.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/dbusexport.c b/dbusexport.c +index 40b35739e..5d08a8702 100644 +--- a/dbusexport.c ++++ b/dbusexport.c +@@ -38,6 +38,7 @@ void send_dbus_fix(struct gps_device_t *channel) + /*DBusMessageIter iter; */ + dbus_uint32_t serial; /* collected, but not used */ + char *gpsd_devname; ++ double dtime; // time as a double, loss of precision! + + /* if the connection is non existent, return without doing anything */ + if (connection == NULL) +@@ -51,8 +52,9 @@ void send_dbus_fix(struct gps_device_t *channel) + /* the dbus/locationd doc fails to specify altitude as WGS84 or MSL. + * assume altMSL */ + message = dbus_message_new_signal("/org/gpsd", "org.gpsd", "fix"); ++ dtime = TSTONS(&gpsfix->time); + dbus_message_append_args(message, +- DBUS_TYPE_DOUBLE, &(gpsfix->time), ++ DBUS_TYPE_DOUBLE, &dtime, + DBUS_TYPE_INT32, &(gpsfix->mode), + DBUS_TYPE_DOUBLE, &(gpsfix->ept), + DBUS_TYPE_DOUBLE, &(gpsfix->latitude), +-- +2.20.1 + diff --git a/meta-oe/recipes-navigation/gpsd/gpsd_3.20.bb b/meta-oe/recipes-navigation/gpsd/gpsd_3.20.bb index 3888ad8fa3..0989cc1398 100644 --- a/meta-oe/recipes-navigation/gpsd/gpsd_3.20.bb +++ b/meta-oe/recipes-navigation/gpsd/gpsd_3.20.bb @@ -8,6 +8,7 @@ PROVIDES = "virtual/gpsd" SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://0001-SConstruct-prefix-includepy-with-sysroot-and-drop-sy.patch \ file://0001-Revert-SConstruct-Add-test-for-sizeof-time_t-result-.patch \ + file://0001-gpsd-dbusexport.c-Fix-broken-d-bus-message-time.patch \ file://gpsd.init \ " SRC_URI[md5sum] = "cf7fdec7ce7221d20bee1a7246362b05" diff --git a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb index ac463038aa..105610be5a 100644 --- a/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb +++ b/meta-oe/recipes-support/ceres-solver/ceres-solver_1.14.0.bb @@ -13,6 +13,14 @@ S = "${WORKDIR}/git" inherit cmake +do_configure_prepend() { + # otherwise https://github.com/ceres-solver/ceres-solver/blob/0b748597889f460764f6c980a00c6f502caa3875/cmake/AddGerritCommitHook.cmake#L68 + # will try to fetch https://ceres-solver-review.googlesource.com/tools/hooks/commit-msg durind do_configure + # which sometimes gets stuck (as there is no TIMEOUT set in DOWNLOAD) + # and we really don't need Gerrit's Change-Id tags when just building this + touch ${S}/.git/hooks/commit-msg +} + # We don't want path to eigen3 in ceres-solver RSS to be # used by components which use CeresConfig.cmake from their # own RSS diff --git a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb index 98cc63eb3b..ae76fade73 100644 --- a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb +++ b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb @@ -16,7 +16,7 @@ RDEPENDS_${PN} += "wget" inherit autotools -EXTRA_OECONF = "ac_cv_path_SH=${base_bindir}/sh ac_cv_path_WGET=${bindir}/wget" +EXTRA_OECONF = "ac_cv_path_SH=/bin/sh ac_cv_path_WGET=${bindir}/wget ac_cv_path_AWK=${bindir}/awk" do_install_append () { install -d ${D}${sysconfdir} diff --git a/meta-oe/recipes-support/neon/neon/run-ptest b/meta-oe/recipes-support/neon/neon/run-ptest new file mode 100644 index 0000000000..602084a52c --- /dev/null +++ b/meta-oe/recipes-support/neon/neon/run-ptest @@ -0,0 +1,25 @@ +#!/bin/sh + +set -eux + +rm -f debug.log child.log + +ulimit -c unlimited +ulimit -t 120 + +cd test +echo foobar > foobar.txt + +BASIC_TESTS="auth basic redirect request session socket string-tests \ + stubs uri-tests util-tests" +DAV_TESTS="acl3744 lock oldacl props xml xmlreq" +for t in $BASIC_TESTS $DAV_TESTS +do + echo "Running $t..." + if "./$t" + then + echo "PASS:$t" + else + echo "FAIL:$t" + fi +done diff --git a/meta-oe/recipes-support/neon/neon_0.30.2.bb b/meta-oe/recipes-support/neon/neon_0.30.2.bb index 00b79f6330..7feec41d62 100644 --- a/meta-oe/recipes-support/neon/neon_0.30.2.bb +++ b/meta-oe/recipes-support/neon/neon_0.30.2.bb @@ -7,12 +7,13 @@ LIC_FILES_CHKSUM = "file://src/COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a SRC_URI = "${DEBIAN_MIRROR}/main/n/neon27/neon27_${PV}.orig.tar.gz \ file://pkgconfig.patch \ + file://run-ptest \ " SRC_URI[md5sum] = "e28d77bf14032d7f5046b3930704ef41" SRC_URI[sha256sum] = "db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca" -inherit autotools binconfig-disabled lib_package pkgconfig +inherit autotools binconfig-disabled lib_package pkgconfig ptest # Enable gnutls or openssl, not both PACKAGECONFIG ?= "expat gnutls libproxy webdav zlib" @@ -33,6 +34,18 @@ do_compile_append() { oe_runmake -C test } +do_install_ptest(){ + BASIC_TESTS="auth basic redirect request session socket string-tests \ + stubs uri-tests util-tests" + DAV_TESTS="acl3744 lock oldacl props xml xmlreq" + mkdir "${D}${PTEST_PATH}/test" + for i in ${BASIC_TESTS} ${DAV_TESTS} + do + install -m 0755 "${B}/test/${i}" \ + "${D}${PTEST_PATH}/test" + done +} + BINCONFIG = "${bindir}/neon-config" BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-support/nss/nss_3.57.bb b/meta-oe/recipes-support/nss/nss_3.57.bb index 5d9318a922..411707feca 100644 --- a/meta-oe/recipes-support/nss/nss_3.57.bb +++ b/meta-oe/recipes-support/nss/nss_3.57.bb @@ -68,7 +68,6 @@ do_compile_prepend_class-native() { do_compile() { export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr - export NSS_ENABLE_WERROR=0 export CROSS_COMPILE=1 export NATIVE_CC="${BUILD_CC}" @@ -76,6 +75,10 @@ do_compile() { export NATIVE_FLAGS="${BUILD_CFLAGS} -DLINUX -Dlinux" export BUILD_OPT=1 + # POSIX.1-2001 states that the behaviour of getcwd() when passing a null + # pointer as the buf argument, is unspecified. + export NATIVE_FLAGS="${NATIVE_FLAGS} -DGETCWD_CANT_MALLOC" + export FREEBL_NO_DEPEND=1 export FREEBL_LOWHASH=1 diff --git a/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb b/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb index e3e68582c1..ae337105cb 100644 --- a/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb +++ b/meta-webserver/recipes-core/packagesgroups/packagegroup-meta-webserver.bb @@ -26,7 +26,6 @@ RDEPENDS_packagegroup-meta-webserver-http = "\ monkey \ nginx \ nginx \ - nostromo \ sthttpd \ " diff --git a/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.9.bb b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.9.bb index e726c9ac66..f1cf59355d 100644 --- a/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.9.bb +++ b/meta-webserver/recipes-httpd/nostromo/nostromo_1.9.9.bb @@ -62,3 +62,6 @@ pkg_postinst_${PN} () { fi fi } + +PNBLACKLIST[nostromo] ?= "Host site for URI is dead" +EXCLUDE_FROM_WORLD = "1" |