diff options
Diffstat (limited to 'meta/recipes-connectivity')
76 files changed, 1436 insertions, 1249 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index c8a3f876aa..4b15d11b61 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -24,16 +24,21 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://99avahi-autoipd \ file://initscript.patch \ file://0001-Fix-opening-etc-resolv.conf-error.patch \ + file://handle-hup.patch \ + file://local-ping.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" -DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" +# Issue only affects Debian/SUSE, not us +CVE_CHECK_WHITELIST += "CVE-2021-26720" + +DEPENDS = "expat libcap libdaemon glib-2.0" # For gtk related PACKAGECONFIGs: gtk, gtk3 -AVAHI_GTK ?= "gtk3" +AVAHI_GTK ?= "" PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" @@ -62,18 +67,18 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ # The distro choice determines what init scripts are installed EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" -EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" +EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" -do_configure_prepend() { +do_configure:prepend() { # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes rm "${S}/common/introspection.m4" || true } -do_compile_prepend() { +do_compile:prepend() { export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" } -RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" +RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" do_install() { autotools_do_install @@ -90,41 +95,41 @@ do_install() { PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" -FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" +FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" -RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" +RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" inherit update-rc.d systemd useradd PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" -FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*" -FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ +FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" +FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ ${datadir}/avahi/interfaces/avahi-discover.ui \ ${bindir}/avahi-discover-standalone \ " -LICENSE_libavahi-gobject = "LGPLv2.1+" -LICENSE_avahi-daemon = "LGPLv2.1+" -LICENSE_libavahi-common = "LGPLv2.1+" -LICENSE_libavahi-core = "LGPLv2.1+" -LICENSE_libavahi-client = "LGPLv2.1+" -LICENSE_avahi-dnsconfd = "LGPLv2.1+" -LICENSE_libavahi-glib = "LGPLv2.1+" -LICENSE_avahi-autoipd = "LGPLv2.1+" -LICENSE_avahi-utils = "LGPLv2.1+" +LICENSE:libavahi-gobject = "LGPLv2.1+" +LICENSE:avahi-daemon = "LGPLv2.1+" +LICENSE:libavahi-common = "LGPLv2.1+" +LICENSE:libavahi-core = "LGPLv2.1+" +LICENSE:libavahi-client = "LGPLv2.1+" +LICENSE:avahi-dnsconfd = "LGPLv2.1+" +LICENSE:libavahi-glib = "LGPLv2.1+" +LICENSE:avahi-autoipd = "LGPLv2.1+" +LICENSE:avahi-utils = "LGPLv2.1+" # As avahi doesn't put any files into PN, clear the files list to avoid problems # if extra libraries appear. -FILES_${PN} = "" -FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ +FILES:${PN} = "" +FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ ${sysconfdir}/avahi/avahi-autoipd.action \ ${sysconfdir}/dhcp/*/avahi-autoipd \ ${sysconfdir}/udhcpc.d/00avahi-autoipd \ ${sysconfdir}/udhcpc.d/99avahi-autoipd" -FILES_libavahi-common = "${libdir}/libavahi-common.so.*" -FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" -FILES_avahi-daemon = "${sbindir}/avahi-daemon \ +FILES:libavahi-common = "${libdir}/libavahi-common.so.*" +FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" +FILES:avahi-daemon = "${sbindir}/avahi-daemon \ ${sysconfdir}/avahi/avahi-daemon.conf \ ${sysconfdir}/avahi/hosts \ ${sysconfdir}/avahi/services \ @@ -134,44 +139,44 @@ FILES_avahi-daemon = "${sbindir}/avahi-daemon \ ${datadir}/avahi/avahi-service.dtd \ ${datadir}/avahi/service-types \ ${datadir}/dbus-1/system-services" -FILES_libavahi-client = "${libdir}/libavahi-client.so.*" -FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ +FILES:libavahi-client = "${libdir}/libavahi-client.so.*" +FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ ${sysconfdir}/avahi/avahi-dnsconfd.action \ ${sysconfdir}/init.d/avahi-dnsconfd" -FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" -FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" -FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" +FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" +FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" +FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" -RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" -RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" -RDEPENDS_${PN}-dnsconfd = "${PN}-daemon" +RDEPENDS:${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" +RDEPENDS:${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" +RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" -RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" +RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns" -CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" +CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" USERADD_PACKAGES = "avahi-daemon avahi-autoipd" -USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ +USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ --no-create-home --shell /bin/false \ --user-group avahi" -USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ +USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ --no-create-home --shell /bin/false \ --user-group \ -c \"Avahi autoip daemon\" \ avahi-autoipd" INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" -INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" -INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" -INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" -INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" +INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" +INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" +INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" +INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" -SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" -SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" +SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" +SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" -do_install_append() { +do_install:append() { install -d ${D}${sysconfdir}/udhcpc.d install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d @@ -179,7 +184,7 @@ do_install_append() { # At the time the postinst runs, dbus might not be setup so only restart if running # Don't exit early, because update-rc.d needs to run subsequently. -pkg_postinst_avahi-daemon () { +pkg_postinst:avahi-daemon () { if [ -z "$D" ]; then killall -q -HUP dbus-daemon || true fi diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch @@ -0,0 +1,153 @@ +CVE: CVE-2021-36217 +CVE: CVE-2021-3502 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.16.23/0001-avoid-start-failure-with-bind-user.patch index 8db96ec049..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.23/0001-avoid-start-failure-with-bind-user.patch @@ -17,7 +17,7 @@ index b2eec60..6e03936 100644 @@ -57,6 +57,7 @@ case "$1" in modprobe capability >/dev/null 2>&1 || true if [ ! -f /etc/bind/rndc.key ]; then - /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + /usr/sbin/rndc-confgen -a -b 512 + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true chmod 0640 /etc/bind/rndc.key fi diff --git a/meta/recipes-connectivity/bind/bind-9.16.23/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.23/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4dc6a5a2ae --- /dev/null +++ b/meta/recipes-connectivity/bind/bind-9.16.23/0001-named-lwresd-V-and-start-log-hide-build-options.patch @@ -0,0 +1,37 @@ +From f5761bbaf743d291f3e7e859e69ebe61a1718cbf Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 27 Aug 2018 21:24:20 +0800 +Subject: [PATCH] `named/lwresd -V' and start log hide build options + +The build options expose build path directories, so hide them. +[snip] +$ named -V +|built by make with *** (options are hidden) +[snip] + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +Refreshed for 9.16.0 +Signed-off-by: Armin Kuster <akuster@mvista.com> +--- + bin/named/include/named/globals.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h +index 0572154..3147e04 100644 +--- a/bin/named/include/named/globals.h ++++ b/bin/named/include/named/globals.h +@@ -69,7 +69,7 @@ EXTERN const char *named_g_version INIT(VERSION); + EXTERN const char *named_g_product INIT(PRODUCT); + EXTERN const char *named_g_description INIT(DESCRIPTION); + EXTERN const char *named_g_srcid INIT(SRCID); +-EXTERN const char *named_g_configargs INIT(CONFIGARGS); ++EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); + EXTERN const char *named_g_builder INIT(BUILDER); + EXTERN in_port_t named_g_port INIT(0); + EXTERN isc_dscp_t named_g_dscp INIT(-1); +-- +2.20.1 + diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.16.23/bind-ensure-searching-for-json-headers-searches-sysr.patch index f9cdc7ca4d..f9cdc7ca4d 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.23/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/bind9 b/meta/recipes-connectivity/bind/bind-9.16.23/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/bind9 +++ b/meta/recipes-connectivity/bind/bind-9.16.23/bind9 diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch b/meta/recipes-connectivity/bind/bind-9.16.23/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.23/conf.patch @@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d + + modprobe capability >/dev/null 2>&1 || true + if [ ! -f /etc/bind/rndc.key ]; then -+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom ++ /usr/sbin/rndc-confgen -a -b 512 + chmod 0640 /etc/bind/rndc.key + fi + if [ -f /var/run/named/named.pid ]; then diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.23/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind-9.16.23/generate-rndc-key.sh diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.16.23/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.23/init.d-add-support-for-read-only-rootfs.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.16.23/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind-9.16.23/make-etc-initd-bind-stop-work.patch diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/named.service b/meta/recipes-connectivity/bind/bind-9.16.23/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.7/named.service +++ b/meta/recipes-connectivity/bind/bind-9.16.23/named.service diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5bcc16c9b2..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Mon, 27 Aug 2018 21:24:20 +0800 -Subject: [PATCH] `named/lwresd -V' and start log hide build options - -The build options expose build path directories, so hide them. -[snip] -$ named -V -|built by make with *** (options are hidden) -[snip] - -Upstream-Status: Inappropriate [oe-core specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - -Refreshed for 9.16.0 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - bin/named/include/named/globals.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: bind-9.16.0/bin/named/include/named/globals.h -=================================================================== ---- bind-9.16.0.orig/bin/named/include/named/globals.h -+++ bind-9.16.0/bin/named/include/named/globals.h -@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I - EXTERN const char *named_g_product INIT(PRODUCT); - EXTERN const char *named_g_description INIT(DESCRIPTION); - EXTERN const char *named_g_srcid INIT(SRCID); --EXTERN const char *named_g_configargs INIT(CONFIGARGS); -+EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); - EXTERN const char *named_g_builder INIT(BUILDER); - EXTERN in_port_t named_g_port INIT(0); - EXTERN isc_dscp_t named_g_dscp INIT(-1); diff --git a/meta/recipes-connectivity/bind/bind_9.16.7.bb b/meta/recipes-connectivity/bind/bind_9.16.23.bb index fbe3de63cb..c1bf250c26 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.7.bb +++ b/meta/recipes-connectivity/bind/bind_9.16.23.bb @@ -1,9 +1,10 @@ SUMMARY = "ISC Internet Domain Name Server" HOMEPAGE = "https://www.isc.org/bind/" +DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" SECTION = "console/network" LICENSE = "MPL-2.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=188b8d0644bd6835df43b84e3f180be1" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ef10b4de6371115dcecdc38ca2af4561" DEPENDS = "openssl libcap zlib libuv" @@ -19,12 +20,16 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "9f7d1812ebbd26a699f62b6fa8522d5dec57e4bf43af0042a0d60d39ed8314d1" +SRC_URI[sha256sum] = "dedb5e27aa9cb6a9ce3e872845887ff837b99e4e9a91a5e2fcd67cf6e1ef173c" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.16 follow the ESV versions divisible by 4 UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/" +# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore +# so the issue doesn't affect us. +CVE_CHECK_WHITELIST += "CVE-2019-6470" + inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives # PACKAGECONFIGs readline and libedit should NOT be set at same time @@ -39,7 +44,7 @@ EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --en --sysconfdir=${sysconfdir}/bind \ --with-openssl=${STAGING_DIR_HOST}${prefix} \ " -LDFLAGS_append = " -lz" +LDFLAGS:append = " -lz" inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} @@ -47,18 +52,16 @@ inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutil REMOVE_LIBTOOL_LA = "0" USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ --user-group bind" INITSCRIPT_NAME = "bind" INITSCRIPT_PARAMS = "defaults" -SYSTEMD_SERVICE_${PN} = "named.service" +SYSTEMD_SERVICE:${PN} = "named.service" -do_install_append() { +do_install:append() { - rmdir "${D}${localstatedir}/run" - rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" install -d -o bind "${D}${localstatedir}/cache/bind" install -d "${D}${sysconfdir}/bind" install -d "${D}${sysconfdir}/init.d" @@ -74,11 +77,11 @@ do_install_append() { # Install systemd related files install -d ${D}${sbindir} install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/named.service + ${D}${systemd_system_unitdir}/named.service install -d ${D}${sysconfdir}/default install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default @@ -91,7 +94,7 @@ do_install_append() { oe_multilib_header isc/platform.h } -CONFFILES_${PN} = " \ +CONFFILES:${PN} = " \ ${sysconfdir}/bind/named.conf \ ${sysconfdir}/bind/named.conf.local \ ${sysconfdir}/bind/named.conf.options \ @@ -102,22 +105,25 @@ CONFFILES_${PN} = " \ ${sysconfdir}/bind/db.root \ " -ALTERNATIVE_${PN}-utils = "nslookup" +ALTERNATIVE:${PN}-utils = "nslookup" ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" ALTERNATIVE_PRIORITY = "100" PACKAGE_BEFORE_PN += "${PN}-utils" -FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" -FILES_${PN}-dev += "${bindir}/isc-config.h" -FILES_${PN} += "${sbindir}/generate-rndc-key.sh" +FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" +FILES:${PN}-dev += "${bindir}/isc-config.h" +FILES:${PN} += "${sbindir}/generate-rndc-key.sh" PACKAGE_BEFORE_PN += "${PN}-libs" -FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*" -FILES_${PN}-staticdev += "${libdir}/*.la" +# special arrangement below due to +# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 +FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" +FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" +FILES:${PN}-staticdev += "${libdir}/*.la" PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" -FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ +FILES:python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" -RDEPENDS_${PN}-dev = "" -RDEPENDS_python3-bind = "python3-core python3-ply" +RDEPENDS:${PN}-dev = "" +RDEPENDS:python3-bind = "python3-core python3-ply" diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 4c1156c67c..0a5fc9d4b8 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -5,12 +5,12 @@ SECTION = "libs" LICENSE = "GPLv2+ & LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ - file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" + file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" DEPENDS = "dbus glib-2.0" PROVIDES += "bluez-hcidump" -RPROVIDES_${PN} += "bluez-hcidump" +RPROVIDES:${PN} += "bluez-hcidump" -RCONFLICTS_${PN} = "bluez4" +RCONFLICTS:${PN} = "bluez4" PACKAGECONFIG ??= "obex-profiles \ readline \ @@ -45,6 +45,7 @@ PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" +PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ file://init \ @@ -77,7 +78,7 @@ NOINST_TOOLS = " \ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ " -do_install_append() { +do_install:append() { install -d ${D}${INIT_D_DIR} install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth @@ -105,25 +106,25 @@ do_install_append() { PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" -FILES_${PN} += " \ +FILES:${PN} += " \ ${libdir}/bluetooth/plugins/*.so \ ${systemd_unitdir}/ ${datadir}/dbus-1 \ ${libdir}/cups \ " -FILES_${PN}-dev += " \ +FILES:${PN}-dev += " \ ${libdir}/bluetooth/plugins/*.la \ " -FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ +FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ ${exec_prefix}/lib/systemd/user/obex.service \ ${systemd_system_unitdir}/obex.service \ ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ ${datadir}/dbus-1/services/org.bluez.obex.service \ ${sysconfdir}/dbus-1/system.d/obexd.conf \ " -SYSTEMD_SERVICE_${PN}-obex = "obex.service" +SYSTEMD_SERVICE:${PN}-obex = "obex.service" -FILES_${PN}-testtools = "${libdir}/bluez/test/*" +FILES:${PN}-testtools = "${libdir}/bluez/test/*" def get_noinst_tools_paths (d, bb, tools): s = list() @@ -133,14 +134,14 @@ def get_noinst_tools_paths (d, bb, tools): s.append("%s/%s" % (bindir, f)) return "\n".join(s) -FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" +FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" -RDEPENDS_${PN}-testtools += "python3-core python3-dbus" -RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" +RDEPENDS:${PN}-testtools += "python3-core python3-dbus" +RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" +SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME_${PN} = "bluetooth" +INITSCRIPT_NAME:${PN} = "bluetooth" do_compile_ptest() { oe_runmake buildtests @@ -151,4 +152,4 @@ do_install_ptest() { rm -f ${D}${PTEST_PATH}/unit/*.o } -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.62.bb index 8190924562..411ac8b5a3 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.62.bb @@ -1,7 +1,9 @@ require bluez5.inc -SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a" -SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88" +SRC_URI[sha256sum] = "38090a5b750e17fc08d3e52178ed8d3254c5f4bd2c48830d5c1955b88e3bc0c2" + +# These issues have kernel fixes rather than bluez fixes so exclude here +CVE_CHECK_WHITELIST += "CVE-2020-12352 CVE-2020-24490" # noinst programs in Makefile.tools that are conditional on READLINE # support diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb index 9a519ec866..006f976997 100644 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ b/meta/recipes-connectivity/connman/connman-conf.bb @@ -2,11 +2,11 @@ SUMMARY = "Connman config to setup wired interface on qemu machines" DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ network interface for a qemu machine." LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" inherit systemd -SRC_URI_append_qemuall = " file://wired.config \ +SRC_URI:append:qemuall = " file://wired.config \ file://wired-setup \ file://wired-connection.service \ " @@ -16,7 +16,7 @@ S = "${WORKDIR}" PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} = "${localstatedir}/* ${datadir}/*" +FILES:${PN} = "${localstatedir}/* ${datadir}/*" do_install() { #Configure Wired network interface in case of qemu* machines @@ -33,4 +33,4 @@ do_install() { fi } -SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" +SYSTEMD_SERVICE:${PN}:qemuall = "wired-connection.service" diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index af986c4eab..7e1619aab2 100644 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb @@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" # 0.7 tag SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" -SRC_URI = "git://github.com/connectivity/connman-gnome.git \ +SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ file://null_check_for_ipv4_config.patch \ file://images/ \ @@ -23,8 +23,8 @@ S = "${WORKDIR}/git" inherit autotools-brokensep gtk-icon-cache pkgconfig features_check ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -RDEPENDS_${PN} = "connman" +RDEPENDS:${PN} = "connman" -do_install_append() { +do_install:append() { install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ } diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index 776bbfbff2..748eefa748 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ inherit autotools pkgconfig systemd update-rc.d update-alternatives +CVE_PRODUCT = "connman connection_manager" + DEPENDS = "dbus glib-2.0 ppp" EXTRA_OECONF += "\ @@ -34,9 +36,9 @@ PACKAGECONFIG ??= "wispr iptables client\ # If you want ConnMan to support VPN, add following statement into # local.conf or distro config -# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" +# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" @@ -64,16 +66,16 @@ python __anonymous () { d.setVar('SYSTEMD_PACKAGES', systemd_packages) } -SYSTEMD_SERVICE_${PN} = "connman.service" -SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" -SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" +SYSTEMD_SERVICE:${PN} = "connman.service" +SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" +SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" +ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman @@ -100,7 +102,7 @@ do_install_append() { } # These used to be plugins, but now they are core -RPROVIDES_${PN} = "\ +RPROVIDES:${PN} = "\ connman-plugin-loopback \ connman-plugin-ethernet \ ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ @@ -108,7 +110,7 @@ RPROVIDES_${PN} = "\ ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ " -RDEPENDS_${PN} = "\ +RDEPENDS:${PN} = "\ dbus \ " @@ -119,11 +121,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): if plugintype in depmap: rdepends = map(lambda x: multilib_prefix + x, \ depmap[plugintype].split()) - d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) + d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) if add_insane_skip: - d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") + d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") -python populate_packages_prepend() { +python populate_packages:prepend() { depmap = dict(pppd="ppp") multilib_prefix = (d.getVar("MLPREFIX") or "") @@ -144,72 +146,72 @@ python populate_packages_prepend() { PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" -FILES_${PN}-tools = "${bindir}/wispr" -RDEPENDS_${PN}-tools ="${PN}" +FILES:${PN}-tools = "${bindir}/wispr" +RDEPENDS:${PN}-tools ="${PN}" -FILES_${PN}-tests = "${bindir}/*-test" +FILES:${PN}-tests = "${bindir}/*-test" -FILES_${PN}-client = "${bindir}/connmanctl" -RDEPENDS_${PN}-client ="${PN}" +FILES:${PN}-client = "${bindir}/connmanctl" +RDEPENDS:${PN}-client ="${PN}" -FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ +FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ ${libdir}/connman/plugins \ ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ ${datadir}/dbus-1/system-services/* \ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" -FILES_${PN}-dev += "${libdir}/connman/*/*.la" +FILES:${PN}-dev += "${libdir}/connman/*/*.la" PACKAGES =+ "${PN}-vpn ${PN}-wait-online" -SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" -DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ +SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" +DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ managing VPN connections within embedded devices running the Linux \ operating system. The connman-vpnd handles all the VPN connections \ and starts/stops VPN client processes when necessary. The connman-vpnd \ provides a DBus API for managing VPN connections. All the different \ VPN technogies are implemented using plug-ins." -FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ +FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ ${datadir}/dbus-1/system-services/net.connman.vpn.service \ - ${systemd_unitdir}/system/connman-vpn.service" + ${systemd_system_unitdir}/connman-vpn.service" -SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" -DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ +SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" +DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ the system waits until a network connection is established." -FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ - ${systemd_unitdir}/system/connman-wait-online.service" +FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ + ${systemd_system_unitdir}/connman-wait-online.service" -SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ +SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ to create a VPN connection to OpenVPN server." -FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ +FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ ${libdir}/connman/plugins-vpn/openvpn.so" -RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" +RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" -SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ +SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ to create a VPN connection to Cisco3000 VPN Concentrator." -FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ +FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ ${libdir}/connman/plugins-vpn/vpnc.so \ ${libdir}/connman/scripts/vpn-script" -RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" +RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" -SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ +SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ to create a VPN connection to L2TP server." -FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/l2tp.so" -RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" -SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" -DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ +SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" +DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ to create a VPN connection to PPTP server." -FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ +FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ ${libdir}/connman/plugins-vpn/pptp.so" -RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" -RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" +RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" +RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" diff --git a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch deleted file mode 100644 index dd012750a4..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9fea099d0a3ece37d80ad70d32ebb8a93f8f3280 Mon Sep 17 00:00:00 2001 -From: Yi Zhao <yi.zhao@windriver.com> -Date: Fri, 30 Oct 2020 13:48:45 +0800 -Subject: [PATCH] connman.service: stop systemd-networkd when using connman - -Stop systemd-networkd service when we use connman as network manager. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - src/connman.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/connman.service.in b/src/connman.service.in -index 79e75d6..014eafe 100644 ---- a/src/connman.service.in -+++ b/src/connman.service.in -@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman - After=dbus.service network-pre.target systemd-sysusers.service - Before=network.target multi-user.target shutdown.target - Wants=network.target -+Conflicts=systemd-networkd.service systemd-networkd.socket - Conflicts=systemd-resolved.service - - [Service] --- -2.17.1 - diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 942b9c97b6..9dca21a02f 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,4 +1,4 @@ -From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 +From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 Subject: [PATCH] resolve: musl does not implement res_ninit @@ -15,7 +15,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 38a554e..a9e8740 100644 +index 954e7cf..2a9bc51 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c @@ -36,6 +36,7 @@ @@ -26,7 +26,7 @@ index 38a554e..a9e8740 100644 #include "gresolv.h" -@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index) +@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; @@ -35,7 +35,7 @@ index 38a554e..a9e8740 100644 return resolv; } -@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); @@ -44,7 +44,7 @@ index 38a554e..a9e8740 100644 g_free(resolv); } -@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb b/meta/recipes-connectivity/connman/connman_1.40.bb index 45c2934dec..edb23a1267 100644 --- a/meta/recipes-connectivity/connman/connman_1.38.bb +++ b/meta/recipes-connectivity/connman/connman_1.40.bb @@ -3,15 +3,13 @@ require connman.inc SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ - file://0001-connman.service-stop-systemd-networkd-when-using-con.patch \ file://connman \ file://no-version-scripts.patch \ " -SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" +SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" -SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94" -SRC_URI[sha256sum] = "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b" +SRC_URI[sha256sum] = "1a57ae7ce234aa3a1744aac3be5c2121d98dce999440ef8ab9cc4edfd5edcb12" -RRECOMMENDS_${PN} = "connman-conf" -RCONFLICTS_${PN} = "networkmanager" +RRECOMMENDS:${PN} = "connman-conf" +RCONFLICTS:${PN} = "networkmanager" diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.3.2.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index cca60ddae2..4007a4bd2d 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.3.2.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -7,7 +7,7 @@ DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d" UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" @@ -17,11 +17,11 @@ SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://dhcpcd@.service \ " -SRC_URI[sha256sum] = "6d49af5e766a2515e6366e4f669663df04ecdf90a1a60ddb1d7a2feb4b5d2566" +SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" inherit pkgconfig autotools-brokensep systemd useradd -SYSTEMD_SERVICE_${PN} = "dhcpcd.service" +SYSTEMD_SERVICE:${PN} = "dhcpcd.service" PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" @@ -43,15 +43,15 @@ EXTRA_OECONF = "--enable-ipv4 \ " USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd" +USERADD_PARAM:${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd" -do_install_append () { +do_install:append () { # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} chmod 700 ${D}${localstatedir}/lib/${BPN} chown dhcpcd:dhcpcd ${D}${localstatedir}/lib/${BPN} } -FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" +FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch deleted file mode 100644 index d4764f5867..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch +++ /dev/null @@ -1,31 +0,0 @@ -Upstream-Status: Pending - -Subject: rcp: fix to work with large files - -When we copy file by rcp command, if the file > 2GB, it will fail. -The cause is that it used incorrect data type on file size in sink() of rcp. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/rcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/rcp.c b/src/rcp.c -index 21f55b6..bafa35f 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -876,9 +876,9 @@ sink (int argc, char *argv[]) - enum - { YES, NO, DISPLAYED } wrerr; - BUF *bp; -- off_t i, j; -+ off_t i, j, size; - int amt, count, exists, first, mask, mode, ofd, omode; -- int setimes, size, targisdir, wrerrno; -+ int setimes, targisdir, wrerrno; - char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ]; - const char *why; - --- -1.9.1 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch index 24c134fcac..603d2baf9d 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch @@ -1,17 +1,22 @@ -Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html +From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001 +From: Jackie Huang <jackie.huang@windriver.com> +Date: Wed, 6 Mar 2019 09:36:11 -0500 +Subject: [PATCH] Upstream: + http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html Upstream-Status: Pending Signed-off-by: Jackie Huang <jackie.huang@windriver.com> + --- ping/ping_common.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ping/ping_common.h b/ping/ping_common.h -index 1dfd1b5..3bfbd12 100644 +index 65e3e60..3e84db0 100644 --- a/ping/ping_common.h +++ b/ping/ping_common.h -@@ -17,10 +17,14 @@ +@@ -18,10 +18,14 @@ You should have received a copy of the GNU General Public License along with this program. If not, see `http://www.gnu.org/licenses/'. */ @@ -26,7 +31,7 @@ index 1dfd1b5..3bfbd12 100644 #include <icmp.h> #include <error.h> #include <progname.h> -@@ -62,7 +66,12 @@ struct ping_stat +@@ -63,7 +67,12 @@ struct ping_stat want to follow the traditional behaviour of ping. */ #define DEFAULT_PING_COUNT 0 @@ -39,9 +44,9 @@ index 1dfd1b5..3bfbd12 100644 #define PING_TIMING(s) ((s) >= sizeof (struct timeval)) #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */ -@@ -74,13 +83,20 @@ struct ping_stat - (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\ - } while (0) +@@ -78,13 +87,20 @@ struct ping_stat + + #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION) +#ifdef HAVE_IPV6 /* FIXME: Adjust IPv6 case for options and their consumption. */ @@ -60,7 +65,7 @@ index 1dfd1b5..3bfbd12 100644 typedef int (*ping_efp) (int code, void *closure, -@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code, +@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code, struct ip * ip, icmphdr_t * icmp, int datalen); union event { @@ -78,6 +83,3 @@ index 1dfd1b5..3bfbd12 100644 }; typedef struct ping_data PING; --- -2.8.3 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch index 3da4e9f55a..2974bd4f94 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch @@ -1,20 +1,21 @@ -From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001 +From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001 From: Mike Frysinger <vapier at gentoo.org> Date: Thu, 18 Nov 2010 16:59:14 -0500 -Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__ +Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__ Upstream-Status: Pending Signed-off-by: Mike Frysinger <vapier at gentoo.org> + --- - lib/printf-parse.h | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) + lib/printf-parse.h | 3 +++ + 1 file changed, 3 insertions(+) diff --git a/lib/printf-parse.h b/lib/printf-parse.h -index 67a4a2a..3bd6152 100644 +index e7d0f82..d7b4534 100644 --- a/lib/printf-parse.h +++ b/lib/printf-parse.h -@@ -25,6 +25,9 @@ +@@ -28,6 +28,9 @@ #include "printf-args.h" @@ -24,6 +25,3 @@ index 67a4a2a..3bd6152 100644 /* Flags */ #define FLAG_GROUP 1 /* ' flag */ --- -1.7.3.2 - diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch index b13bb9229f..1ef7e21073 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch @@ -1,8 +1,19 @@ +From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <martin.jansa@gmail.com> +Date: Wed, 6 Mar 2019 09:36:11 -0500 +Subject: [PATCH] inetutils: Import version 1.9.4 + Upstream-Status: Pending ---- inetutils-1.8/lib/wchar.in.h -+++ inetutils-1.8/lib/wchar.in.h -@@ -70,6 +70,9 @@ +--- + lib/wchar.in.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/wchar.in.h b/lib/wchar.in.h +index cdda680..043866a 100644 +--- a/lib/wchar.in.h ++++ b/lib/wchar.in.h +@@ -77,6 +77,9 @@ /* The include_next requires a split double-inclusion guard. */ #if @HAVE_WCHAR_H@ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@ diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch index 2592989a90..460ddf9830 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch @@ -1,4 +1,10 @@ -inetutils: define PATH_PROCNET_DEV if not already defined +From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001 +From: Martin Jansa <martin.jansa@gmail.com> +Date: Wed, 6 Mar 2019 09:36:11 -0500 +Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit this prevents the following compilation error : system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function) @@ -9,11 +15,16 @@ this patch comes from : Upstream-Status: Inappropriate [not author] Signed-of-by: Eric Bénard <eric@eukrea.com> + --- -diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c ---- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500 -+++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500 -@@ -49,6 +49,10 @@ + ifconfig/system/linux.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c +index e453b46..4268ca9 100644 +--- a/ifconfig/system/linux.c ++++ b/ifconfig/system/linux.c +@@ -53,6 +53,10 @@ #include "../ifconfig.h" diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch index ff3abd86aa..2343c03cb4 100644 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch +++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch @@ -1,15 +1,24 @@ +From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Wed, 6 Mar 2019 09:36:11 -0500 +Subject: [PATCH] inetutils: Import version 1.9.4 + Only check security/pam_appl.h which is provided by package libpam when pam is enabled. Upstream-Status: Pending Signed-off-by: Kai Kang <kai.kang@windriver.com> + --- + configure.ac | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + diff --git a/configure.ac b/configure.ac -index b35e672..e78a751 100644 +index 5e16c3a..18510a8 100644 --- a/configure.ac +++ b/configure.ac -@@ -195,6 +195,19 @@ fi +@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL) # See if we have libpam.a. Investigate PAM versus Linux-PAM. if test "$with_pam" = yes ; then @@ -29,12 +38,12 @@ index b35e672..e78a751 100644 AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then -@@ -587,7 +600,7 @@ AC_HEADER_DIRENT - AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \ +@@ -617,7 +630,7 @@ AC_HEADER_DIRENT + AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \ glob.h memory.h netinet/ether.h netinet/in_systm.h \ netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ - security/pam_appl.h shadow.h \ + shadow.h \ - stdarg.h stdlib.h string.h stropts.h sys/tty.h \ + stropts.h sys/tty.h \ sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch deleted file mode 100644 index 532a0e5c08..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/version.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -remove m4_esyscmd function - -Signed-off-by: Chunrong Guo <b40290@freescale.com> ---- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800 -+++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800 -@@ -20,8 +20,7 @@ - - AC_PREREQ(2.59) - --AC_INIT([GNU inetutils], -- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']), -+AC_INIT([GNU inetutils],[1.9.4], - [bug-inetutils@gnu.org]) - - AC_CONFIG_SRCDIR([src/inetd.c]) diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index adf6d4414e..3bab137eb4 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -10,8 +10,8 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ - file://version.patch \ +SRC_URI[sha256sum] = "d547f69172df73afef691a0f7886280fd781acea28def4ff4b4b212086a89d80" +SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ file://inetutils-1.8-0003-wchar.patch \ file://rexec.xinetd.inetutils \ @@ -21,14 +21,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ file://tftpd.xinetd.inetutils \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ - file://0001-rcp-fix-to-work-with-large-files.patch \ - file://fix-buffer-fortify-tfpt.patch \ - file://0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch \ " -SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" -SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616" - inherit autotools gettext update-alternatives texinfo acpaths = "-I ./m4" @@ -52,10 +46,10 @@ EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ " # These are horrible for security, disable them -EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ +EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" -do_configure_prepend () { +do_configure:prepend () { export HELP2MAN='true' cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} @@ -63,7 +57,7 @@ do_configure_prepend () { rm -f ${S}/glob/configure* } -do_install_append () { +do_install:append () { install -m 0755 -d ${D}${base_sbindir} install -m 0755 -d ${D}${sbindir} install -m 0755 -d ${D}${sysconfdir}/xinetd.d @@ -71,6 +65,7 @@ do_install_append () { install -m 0755 -d ${D}${base_bindir} mv ${D}${bindir}/ping* ${D}${base_bindir}/ mv ${D}${bindir}/hostname ${D}${base_bindir}/ + mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/ fi mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ @@ -118,33 +113,34 @@ PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" NOAUTOPACKAGEDEBUG = "1" ALTERNATIVE_PRIORITY = "79" -ALTERNATIVE_${PN} = "whois" +ALTERNATIVE:${PN} = "whois dnsdomainname" ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" +ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" ALTERNATIVE_PRIORITY_${PN}-logger = "60" -ALTERNATIVE_${PN}-logger = "logger" -ALTERNATIVE_${PN}-syslogd = "syslogd" +ALTERNATIVE:${PN}-logger = "logger" +ALTERNATIVE:${PN}-syslogd = "syslogd" ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" -ALTERNATIVE_${PN}-ftp = "ftp" -ALTERNATIVE_${PN}-ftpd = "ftpd" -ALTERNATIVE_${PN}-tftp = "tftp" -ALTERNATIVE_${PN}-tftpd = "tftpd" +ALTERNATIVE:${PN}-ftp = "ftp" +ALTERNATIVE:${PN}-ftpd = "ftpd" +ALTERNATIVE:${PN}-tftp = "tftp" +ALTERNATIVE:${PN}-tftpd = "tftpd" ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" -ALTERNATIVE_${PN}-telnet = "telnet" -ALTERNATIVE_${PN}-telnetd = "telnetd" +ALTERNATIVE:${PN}-telnet = "telnet" +ALTERNATIVE:${PN}-telnetd = "telnetd" ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" -ALTERNATIVE_${PN}-inetd= "inetd" -ALTERNATIVE_${PN}-traceroute = "traceroute" +ALTERNATIVE:${PN}-inetd= "inetd" +ALTERNATIVE:${PN}-traceroute = "traceroute" -ALTERNATIVE_${PN}-hostname = "hostname" +ALTERNATIVE:${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ +ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" @@ -154,62 +150,62 @@ ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" -ALTERNATIVE_${PN}-ifconfig = "ifconfig" +ALTERNATIVE:${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" -ALTERNATIVE_${PN}-ping = "ping" +ALTERNATIVE:${PN}-ping = "ping" ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" -ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" +ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" -FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" -FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" -FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" -FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" -FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" -FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" -FILES_${PN}-logger = "${bindir}/logger.${BPN}" +FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" +FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" +FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" +FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" +FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" +FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" +FILES:${PN}-logger = "${bindir}/logger.${BPN}" -FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" -RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" +FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" +RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" -FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" +FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" -FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" -FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" +FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" +FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" # We make us of RCONFLICTS / RPROVIDES here rather than using the normal # alternatives method as this leads to packaging QA issues when using # musl as that library does not provide what these applications need to # build. -FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" -RCONFLICTS_${PN}-rsh += "netkit-rsh-client" -RPROVIDES_${PN}-rsh = "rsh" +FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" +RCONFLICTS:${PN}-rsh += "netkit-rsh-client" +RPROVIDES:${PN}-rsh = "rsh" -FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ +FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" -FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" -RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" -RCONFLICTS_${PN}-rshd += "netkit-rshd-server" -RPROVIDES_${PN}-rshd = "rshd" +FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" +RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" +RCONFLICTS:${PN}-rshd += "netkit-rshd-server" +RPROVIDES:${PN}-rshd = "rshd" -FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" -FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" -RDEPENDS_${PN}-ftpd += "xinetd" +FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" +FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" +RDEPENDS:${PN}-ftpd += "xinetd" -FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" -FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" -RCONFLICTS_${PN}-tftpd += "netkit-tftpd" -RDEPENDS_${PN}-tftpd += "xinetd" +FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" +FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" +RCONFLICTS:${PN}-tftpd += "netkit-tftpd" +RDEPENDS:${PN}-tftpd += "xinetd" -FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" -FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" -RCONFLICTS_${PN}-telnetd += "netkit-telnet" -RPROVIDES_${PN}-telnetd = "telnetd" -RDEPENDS_${PN}-telnetd += "xinetd" +FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" +FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" +RCONFLICTS:${PN}-telnetd += "netkit-telnet" +RPROVIDES:${PN}-telnetd = "telnetd" +RDEPENDS:${PN}-telnetd += "xinetd" -FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" +FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" -RDEPENDS_${PN} = "xinetd" +RDEPENDS:${PN} = "xinetd" diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc index 403d264308..3f070d6799 100644 --- a/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/meta/recipes-connectivity/iproute2/iproute2.inc @@ -19,17 +19,20 @@ PACKAGECONFIG ??= "tipc elf devlink" PACKAGECONFIG[tipc] = ",,libmnl," PACKAGECONFIG[elf] = ",,elfutils," PACKAGECONFIG[devlink] = ",,libmnl," +PACKAGECONFIG[rdma] = ",,libmnl," + +IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" EXTRA_OEMAKE = "\ CC='${CC}' \ KERNEL_INCLUDE=${STAGING_INCDIR} \ DOCDIR=${docdir}/iproute2 \ - SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \ + SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ SBINDIR='${base_sbindir}' \ LIBDIR='${libdir}' \ " -do_configure_append () { +do_configure:append () { sh configure ${STAGING_INCDIR} # Explicitly disable ATM support sed -i -e '/TC_CONFIG_ATM/d' config.mk @@ -44,38 +47,45 @@ do_install () { } # The .so files in iproute2-tc are modules, not traditional libraries -INSANE_SKIP_${PN}-tc = "dev-so" +INSANE_SKIP:${PN}-tc = "dev-so" -PACKAGES =+ "\ +IPROUTE2_PACKAGES =+ "\ ${PN}-devlink \ ${PN}-genl \ ${PN}-ifstat \ + ${PN}-ip \ ${PN}-lnstat \ ${PN}-nstat \ ${PN}-rtacct \ ${PN}-ss \ ${PN}-tc \ ${PN}-tipc \ + ${PN}-rdma \ " -FILES_${PN}-tc = "${base_sbindir}/tc* \ +PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" +RDEPENDS:${PN} += "${PN}-ip" + +FILES:${PN}-tc = "${base_sbindir}/tc* \ ${libdir}/tc/*.so" -FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ +FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ ${base_sbindir}/ctstat \ ${base_sbindir}/rtstat" -FILES_${PN}-ifstat = "${base_sbindir}/ifstat" -FILES_${PN}-genl = "${base_sbindir}/genl" -FILES_${PN}-rtacct = "${base_sbindir}/rtacct" -FILES_${PN}-nstat = "${base_sbindir}/nstat" -FILES_${PN}-ss = "${base_sbindir}/ss" -FILES_${PN}-tipc = "${base_sbindir}/tipc" -FILES_${PN}-devlink = "${base_sbindir}/devlink" +FILES:${PN}-ifstat = "${base_sbindir}/ifstat" +FILES:${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2" +FILES:${PN}-genl = "${base_sbindir}/genl" +FILES:${PN}-rtacct = "${base_sbindir}/rtacct" +FILES:${PN}-nstat = "${base_sbindir}/nstat" +FILES:${PN}-ss = "${base_sbindir}/ss" +FILES:${PN}-tipc = "${base_sbindir}/tipc" +FILES:${PN}-devlink = "${base_sbindir}/devlink" +FILES:${PN}-rdma = "${base_sbindir}/rdma" -ALTERNATIVE_${PN} = "ip" +ALTERNATIVE:${PN}-ip = "ip" ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN}-tc = "tc" +ALTERNATIVE:${PN}-tc = "tc" ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" ALTERNATIVE_PRIORITY_${PN}-tc = "100" diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.15.0.bb index 0e6a53e6a4..99a743391a 100644 --- a/meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb +++ b/meta/recipes-connectivity/iproute2/iproute2_5.15.0.bb @@ -4,8 +4,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ file://0001-libc-compat.h-add-musl-workaround.patch \ " -SRC_URI[sha256sum] = "a25dac94bcdcf2f73316c7f812115ea7a5710580bad892b08a83d00c6b33dacf" +SRC_URI[sha256sum] = "38e3e4a5f9a7f5575c015027a10df097c149111eeb739993128e5b2b35b291ff" # CFLAGS are computed in Makefile and reference CCOPTS # -EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" +EXTRA_OEMAKE:append = " CCOPTS='${CFLAGS}'" diff --git a/meta/recipes-connectivity/iw/iw_5.9.bb b/meta/recipes-connectivity/iw/iw_5.16.bb index 3d1e1c7e79..cf176a349f 100644 --- a/meta/recipes-connectivity/iw/iw_5.9.bb +++ b/meta/recipes-connectivity/iw/iw_5.16.bb @@ -14,7 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ file://separate-objdir.patch \ " -SRC_URI[sha256sum] = "6e7d3c9f8b4ee68e412f20fe229c9854c2dba383e3e650ce6af8eb8dbd12efc3" +SRC_URI[sha256sum] = "9c91f2560b258d9660e656ad37fa5bd100ac255865dcfb26076a576b10d8f3a7" inherit pkgconfig diff --git a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch deleted file mode 100644 index ab3fd83946..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 639dc25cdabc9d1846000a542c8cc19158b69994 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <mingli.yu@windriver.com> -Date: Fri, 18 Sep 2020 08:18:08 +0000 -Subject: [PATCH] keactrl.in: create /var/lib/kea and /var/run/kea folder - -Create /var/lib/kea and /var/run/kea folder to fix below error: - # keactrl start - INFO/keactrl: Starting /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf - INFO/keactrl: Starting /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf - INFO/keactrl: Starting /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf - Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile - Service failed: Launch failed: Unable to open PID file '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write - [snip] - ERROR [kea-dhcp4.dhcp4/615.140641792751488] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv' - [snip] - -Upstream-Status: Inappropriate [config specific] - -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - src/bin/keactrl/keactrl.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in -index 12b2b3f..47cf6f9 100644 ---- a/src/bin/keactrl/keactrl.in -+++ b/src/bin/keactrl/keactrl.in -@@ -482,6 +482,8 @@ case ${command} in - # The variables (dhcp4_srv, dhcp6_serv, dhcp_ddns_srv etc) are set in the - # keactrl.conf file that shellcheck is unable to read. - # shellcheck disable=SC2154 -+ [ -d @LOCALSTATEDIR@/run/kea ] || mkdir -p @LOCALSTATEDIR@/run/kea -+ [ -d @LOCALSTATEDIR@/lib/kea ] || mkdir -p @LOCALSTATEDIR@/lib/kea - run_conditional "dhcp4" "start_server ${dhcp4_srv} -c ${kea_dhcp4_config_file} ${args}" 1 - run_conditional "dhcp6" "start_server ${dhcp6_srv} -c ${kea_dhcp6_config_file} ${args}" 1 - # shellcheck disable=SC2154 --- -2.26.2 - diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch new file mode 100644 index 0000000000..94fbd12737 --- /dev/null +++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch @@ -0,0 +1,28 @@ +From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 10 Nov 2020 15:57:03 +0000 +Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build + path into binary + +This breaks reproducibility and is needed only in unit testing. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +--- + src/lib/log/logger_unittest_support.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc +index fc01c6e..f46d17e 100644 +--- a/src/lib/log/logger_unittest_support.cc ++++ b/src/lib/log/logger_unittest_support.cc +@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { + const char* localfile = getenv("KEA_LOGGER_LOCALMSG"); + + // Set a directory for creating lockfiles when running tests +- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); ++ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); + + // Initialize logging + initLogger(root, severity, dbglevel, localfile); diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 733adf5536..78f475a495 100644 --- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch @@ -1,4 +1,7 @@ -There are conflict of config files between kea and lib32-kea: +From d027b1d85a8c1a0193b6e4a00083d3038d699a59 Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Tue, 22 Sep 2020 15:02:33 +0800 +Subject: [PATCH] There are conflict of config files between kea and lib32-kea: | Error: Transaction test error: | file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of @@ -9,17 +12,19 @@ There are conflict of config files between kea and lib32-kea: Because they are all commented out, replace the expanded libdir path with '$libdir' in the config files to avoid conflict. +Upstream-Status: Pending Signed-off-by: Kai Kang <kai.kang@windriver.com> + --- src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- - src/bin/keactrl/kea-dhcp4.conf.pre | 6 ++++-- - 2 files changed, 6 insertions(+), 3 deletions(-) + src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre -index 211b7ff..d710ec7 100644 +index e6ae8b8..50a3092 100644 --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre +++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre -@@ -45,7 +45,8 @@ +@@ -51,7 +51,8 @@ // Agent will fail to start. "hooks-libraries": [ // { @@ -30,26 +35,24 @@ index 211b7ff..d710ec7 100644 // "param1": "foo" // } diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre -index 5f77a32..70ae3d9 100644 +index 26bf163..49ddb0a 100644 --- a/src/bin/keactrl/kea-dhcp4.conf.pre +++ b/src/bin/keactrl/kea-dhcp4.conf.pre -@@ -252,7 +252,8 @@ - // // of all devices serviced by Kea, including their identifiers - // // (like MAC address), their location in the network, times - // // when they were active etc. -- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so" -+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 -+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so" - // "parameters": { - // "path": "/var/lib/kea", - // "base-name": "kea-forensic4" -@@ -269,7 +270,8 @@ - // // of specific options or perhaps even a combination of several - // // options and fields to uniquely identify a client. Those scenarios - // // are addressed by the Flexible Identifiers hook application. -- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", -+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 -+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", - // "parameters": { - // "identifier-expression": "substring(relay6[0].option[18],0,8)" - // } +@@ -252,7 +252,7 @@ + // // of all devices serviced by Kea, including their identifiers + // // (like MAC address), their location in the network, times + // // when they were active etc. +- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", ++ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", + // "parameters": { + // "path": "/var/lib/kea", + // "base-name": "kea-forensic4" +@@ -269,7 +269,7 @@ + // // of specific options or perhaps even a combination of several + // // options and fields to uniquely identify a client. Those scenarios + // // are addressed by the Flexible Identifiers hook application. +- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", ++ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", + // "parameters": { + // "identifier-expression": "relay4[2].hex" + // } diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch index eeeb89942b..b7c2fd4f0d 100644 --- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch @@ -1,22 +1,29 @@ -Busybox does not support ps -p so use pgrep +From 18f4f6206c248d6169aa67b3ecf16bf54e9292e8 Mon Sep 17 00:00:00 2001 +From: Armin kuster <akuster808@gmail.com> +Date: Wed, 14 Oct 2020 22:48:31 -0700 +Subject: [PATCH] Busybox does not support ps -p so use pgrep Upstream-Status: Inappropriate [embedded specific] Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> Signed-off-by: Armin kuster <akuster808@gmail.com> -Index: kea-1.7.10/src/bin/keactrl/keactrl.in -=================================================================== ---- kea-1.7.10.orig/src/bin/keactrl/keactrl.in -+++ kea-1.7.10/src/bin/keactrl/keactrl.in -@@ -137,8 +137,8 @@ check_running() { +--- + src/bin/keactrl/keactrl.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in +index ae5bd8e..e9f9b73 100644 +--- a/src/bin/keactrl/keactrl.in ++++ b/src/bin/keactrl/keactrl.in +@@ -151,8 +151,8 @@ check_running() { # Get the PID from the PID file (if it exists) get_pid_from_file "${proc_name}" if [ ${_pid} -gt 0 ]; then - # Use ps to check if PID is alive -- ps -p ${_pid} 1>/dev/null +- if ps -p ${_pid} 1>/dev/null; then + # Use pgrep and grep to check if PID is alive -+ pgrep -v 1 | grep ${_pid} 1>/dev/null - retcode=$? - if [ $retcode -eq 0 ]; then ++ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then # No error, so PID IS ALIVE + _running=1 + fi diff --git a/meta/recipes-connectivity/kea/kea_1.7.10.bb b/meta/recipes-connectivity/kea/kea_2.0.0.bb index 1d011ace78..9f33c325bd 100644 --- a/meta/recipes-connectivity/kea/kea_1.7.10.bb +++ b/meta/recipes-connectivity/kea/kea_2.0.0.bb @@ -3,54 +3,58 @@ DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It HOMEPAGE = "http://kea.isc.org" SECTION = "connectivity" LICENSE = "MPL-2.0 & Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa" +LIC_FILES_CHKSUM = "file://COPYING;md5=07b7477a1d815a4aacab73b1531f577a" DEPENDS = "boost log4cplus openssl" -SRC_URI = "\ - http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ - file://0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch \ - file://kea-dhcp4.service \ - file://kea-dhcp6.service \ - file://kea-dhcp-ddns.service \ - file://kea-dhcp4-server \ - file://kea-dhcp6-server \ - file://kea-dhcp-ddns-server \ - file://fix-multilib-conflict.patch \ - file://fix_pid_keactrl.patch \ -" -SRC_URI[sha256sum] = "4e121f0e58b175a827581c69cb1d60778647049fa47f142940dddc9ce58f3c82" +SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ + file://kea-dhcp4.service \ + file://kea-dhcp6.service \ + file://kea-dhcp-ddns.service \ + file://kea-dhcp4-server \ + file://kea-dhcp6-server \ + file://kea-dhcp-ddns-server \ + file://fix-multilib-conflict.patch \ + file://fix_pid_keactrl.patch \ + file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ + " +SRC_URI[sha256sum] = "05854e0c3871b452edace18eccc6ab618940e0249fbe7c232a36d06ae59bf41d" inherit autotools systemd update-rc.d upstream-version-is-even INITSCRIPT_NAME = "kea-dhcp4-server" INITSCRIPT_PARAMS = "defaults 30" -SYSTEMD_SERVICE_${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" +SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" SYSTEMD_AUTO_ENABLE = "disable" -DEBUG_OPTIMIZATION_remove_mips = " -Og" -DEBUG_OPTIMIZATION_append_mips = " -O" -BUILD_OPTIMIZATION_remove_mips = " -Og" -BUILD_OPTIMIZATION_append_mips = " -O" +DEBUG_OPTIMIZATION:remove:mips = " -Og" +DEBUG_OPTIMIZATION:append:mips = " -O" +BUILD_OPTIMIZATION:remove:mips = " -Og" +BUILD_OPTIMIZATION:append:mips = " -O" -DEBUG_OPTIMIZATION_remove_mipsel = " -Og" -DEBUG_OPTIMIZATION_append_mipsel = " -O" -BUILD_OPTIMIZATION_remove_mipsel = " -Og" -BUILD_OPTIMIZATION_append_mipsel = " -O" +DEBUG_OPTIMIZATION:remove:mipsel = " -Og" +DEBUG_OPTIMIZATION:append:mipsel = " -O" +BUILD_OPTIMIZATION:remove:mipsel = " -Og" +BUILD_OPTIMIZATION:append:mipsel = " -O" EXTRA_OECONF = "--with-boost-libs=-lboost_system \ --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ --with-openssl=${STAGING_DIR_TARGET}${prefix}" -do_configure_prepend() { +do_configure:prepend() { # replace abs_top_builddir to avoid introducing the build path # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in } -do_install_append() { +# patch out build host paths for reproducibility +do_compile:prepend:class-target() { + sed -i -e "s,${WORKDIR},,g" ${B}/config.report +} + +do_install:append() { install -d ${D}${sysconfdir}/init.d install -d ${D}${systemd_system_unitdir} @@ -61,13 +65,13 @@ do_install_append() { ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl } -do_install_append() { +do_install:append() { rm -rf "${D}${localstatedir}" } -CONFFILES_${PN} = "${sysconfdir}/kea/keactrl.conf" +CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" -FILES_${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" -FILES_${PN} += "${libdir}/hooks/*.so" +FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" +FILES:${PN} += "${libdir}/hooks/*.so" PARALLEL_MAKEINST = "" diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb index 5e4460045b..f5c87f7291 100644 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb +++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb @@ -1,5 +1,6 @@ SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" HOMEPAGE = "https://github.com/lathiat/nss-mdns" +DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." SECTION = "libs" LICENSE = "LGPLv2.1+" @@ -7,22 +8,22 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "avahi" -SRC_URI = "git://github.com/lathiat/nss-mdns \ +SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ " -SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" +SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" S = "${WORKDIR}/git" inherit autotools pkgconfig -COMPATIBLE_HOST_libc-musl = 'null' +COMPATIBLE_HOST:libc-musl = 'null' EXTRA_OECONF = "--libdir=${base_libdir}" -RDEPENDS_${PN} = "avahi-daemon" +RDEPENDS:${PN} = "avahi-daemon" -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { sed ' /^hosts:/ !b /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b @@ -30,7 +31,7 @@ pkg_postinst_${PN} () { ' -i $D${sysconfdir}/nsswitch.conf } -pkg_prerm_${PN} () { +pkg_prerm:${PN} () { sed ' /^hosts:/ !b s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index 35bb5650b3..9a8c46e0ef 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ - " -SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c" -SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" inherit autotools binconfig-disabled pkgconfig @@ -36,7 +34,7 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" -do_configure_prepend () { +do_configure:prepend () { #remove hardcoded references to /usr/include sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac } diff --git a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb b/meta/recipes-connectivity/libuv/libuv_1.42.0.bb index f793db09be..2dfbb8b895 100644 --- a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb +++ b/meta/recipes-connectivity/libuv/libuv_1.42.0.bb @@ -1,11 +1,12 @@ SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" HOMEPAGE = "https://github.com/libuv/libuv" +DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." BUGTRACKER = "https://github.com/libuv/libuv/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" -SRCREV = "4e69e333252693bd82d6338d6124f0416538dbfc" -SRC_URI = "git://github.com/libuv/libuv;branch=v1.x" +SRCREV = "6ce14710da7079eb248868171f6343bc409ea3a4" +SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https" S = "${WORKDIR}/git" diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 0b0bbab168..4246f4dcbd 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -1,13 +1,14 @@ SUMMARY = "Mobile Broadband Service Provider Database" HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" +DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228" -PV = "20190618" +SRCREV = "11f2247eccd3c161b8fd9b41143862e9fb81193c" +PV = "20210805" PE = "1" -SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" +SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master" S = "${WORKDIR}/git" inherit autotools diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.16.bb index 7c124a3c0b..b6cc1d6ced 100644 --- a/meta/recipes-connectivity/neard/neard_0.16.bb +++ b/meta/recipes-connectivity/neard/neard_0.16.bb @@ -22,12 +22,12 @@ inherit autotools pkgconfig systemd update-rc.d PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" EXTRA_OECONF += "--enable-tools" # This would copy neard start-stop shell and test scripts -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/init.d/ sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ @@ -36,10 +36,10 @@ do_install_append() { fi } -RDEPENDS_${PN} = "dbus" +RDEPENDS:${PN} = "dbus" # Bluez & Wifi are not mandatory except for handover -RRECOMMENDS_${PN} = "\ +RRECOMMENDS:${PN} = "\ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ " @@ -47,4 +47,4 @@ RRECOMMENDS_${PN} = "\ INITSCRIPT_NAME = "neard" INITSCRIPT_PARAMS = "defaults 64" -SYSTEMD_SERVICE_${PN} = "neard.service" +SYSTEMD_SERVICE:${PN} = "neard.service" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index bd350144e3..7603eb680d 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch @@ -19,7 +19,7 @@ As there is already one source file named file.c as support/nsm/file.c in support/nsm/Makefile.am, so rename ../support/misc/file.c to ../support/misc/misc.c. -Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] +Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2] Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb index c7ac67cf31..459f68f05e 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb @@ -4,18 +4,18 @@ NFS server and related tools." HOMEPAGE = "http://nfs.sourceforge.net/" SECTION = "console/network" -LICENSE = "MIT & GPLv2+ & BSD" +LICENSE = "MIT & GPLv2+ & BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" # util-linux for libblkid DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" -RDEPENDS_${PN} = "${PN}-client" -RRECOMMENDS_${PN} = "kernel-module-nfsd" +RDEPENDS:${PN} = "${PN}-client" +RRECOMMENDS:${PN} = "kernel-module-nfsd" inherit useradd USERADD_PACKAGES = "${PN}-client" -USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ +USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ --shell /bin/false --user-group rpcuser" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ @@ -31,7 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://clang-warnings.patch \ " -SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea65d9de" +SRC_URI[sha256sum] = "51997d94e4c8bcef5456dd36a9ccc38e231207c4e9b6a9a2c108841e6aebe3dd" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. @@ -39,14 +39,14 @@ SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea INITSCRIPT_PACKAGES = "${PN} ${PN}-client" INITSCRIPT_NAME = "nfsserver" INITSCRIPT_PARAMS = "defaults" -INITSCRIPT_NAME_${PN}-client = "nfscommon" -INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" +INITSCRIPT_NAME:${PN}-client = "nfscommon" +INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" inherit autotools-brokensep update-rc.d systemd pkgconfig SYSTEMD_PACKAGES = "${PN} ${PN}-client" -SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" -SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" +SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service" +SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service" # --enable-uuid is need for cross-compiling EXTRA_OECONF = "--with-statduser=rpcuser \ @@ -62,7 +62,7 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ PACKAGECONFIG ??= "tcp-wrappers \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" +PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libdevmapper is available in meta-oe @@ -72,46 +72,46 @@ PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" -CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ +CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ ${localstatedir}/lib/nfs/rmtab \ ${localstatedir}/lib/nfs/xtab \ ${localstatedir}/lib/nfs/statd/state \ ${sysconfdir}/nfsmount.conf" -FILES_${PN}-client = "${sbindir}/*statd \ +FILES:${PN}-client = "${sbindir}/*statd \ ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ ${sbindir}/showmount ${sbindir}/nfsstat \ ${localstatedir}/lib/nfs \ ${sysconfdir}/nfs-utils.conf \ ${sysconfdir}/nfsmount.conf \ ${sysconfdir}/init.d/nfscommon \ - ${systemd_unitdir}/system/nfs-statd.service" -RDEPENDS_${PN}-client = "${PN}-mount rpcbind" + ${systemd_system_unitdir}/nfs-statd.service" +RDEPENDS:${PN}-client = "${PN}-mount rpcbind" -FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" +FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" -FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" -RDEPENDS_${PN}-stats = "python3-core" +FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" +RDEPENDS:${PN}-stats = "python3-core" -FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" +FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" -FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" +FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" -do_configure_prepend() { +do_configure:prepend() { sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ ${S}/utils/mount/Makefile.am } # Make clean needed because the package comes with # precompiled 64-bit objects that break the build -do_compile_prepend() { +do_compile:prepend() { make clean } # Works on systemd only HIGH_RLIMIT_NOFILE ??= "4096" -do_install_append () { +do_install:append () { install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon @@ -119,18 +119,18 @@ do_install_append () { install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/ sed -i -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@SYSCONFDIR@,${sysconfdir},g' \ -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ - ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/*.service if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ - ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount + install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/ + install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/ + ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount fi # kernel code as of 3.8 hard-codes this path as a default diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch new file mode 100644 index 0000000000..3655b3fd66 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch @@ -0,0 +1,28 @@ +From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Wed, 21 Apr 2021 11:01:34 +0000 +Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro + from ell/util.h + +Upstream-Status: Pending + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + drivers/mbimmodem/mbim-private.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h +index 51693eae..d917312c 100644 +--- a/drivers/mbimmodem/mbim-private.h ++++ b/drivers/mbimmodem/mbim-private.h +@@ -30,6 +30,10 @@ + __result; }) + #endif + ++/* used to be part of ell/util.h before 0.39: ++ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */ ++#define unlikely(x) __builtin_expect(!!(x), 0) ++ + enum mbim_control_message { + MBIM_OPEN_MSG = 0x1, + MBIM_CLOSE_MSG = 0x2, diff --git a/meta/recipes-connectivity/ofono/ofono_1.31.bb b/meta/recipes-connectivity/ofono/ofono_1.33.bb index 7d0976ad7f..1fab90c08e 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.31.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.33.bb @@ -11,40 +11,45 @@ SRC_URI = "\ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://ofono \ file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ + file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ " -SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc" -SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b" +SRC_URI[sha256sum] = "e4591c5353ad2069cb9c0861fad3f1bf655137f9785fc5f16151d509e49ba708" inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data INITSCRIPT_NAME = "ofono" INITSCRIPT_PARAMS = "defaults 22" -SYSTEMD_SERVICE_${PN} = "ofono.service" +SYSTEMD_SERVICE:${PN} = "ofono.service" PACKAGECONFIG ??= "\ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ " -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" EXTRA_OECONF += "--enable-test --enable-external-ell" -do_install_append() { - install -d ${D}${sysconfdir}/init.d/ - install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono +do_configure:prepend() { + bbnote "Removing bundled ell from ${S}/ell to prevent including it" + rm -rf ${S}/ell +} + +do_install:append() { + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono } PACKAGES =+ "${PN}-tests" -FILES_${PN} += "${systemd_unitdir}" -FILES_${PN}-tests = "${libdir}/${BPN}/test" +FILES:${PN} += "${systemd_unitdir}" +FILES:${PN}-tests = "${libdir}/${BPN}/test" -RDEPENDS_${PN} += "dbus" -RDEPENDS_${PN}-tests = "\ +RDEPENDS:${PN} += "dbus" +RDEPENDS:${PN}-tests = "\ python3-core \ python3-dbus \ ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ " -RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" +RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7153..ef117de897 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys @@ -6,6 +6,7 @@ generate_key() { local DIR="$(dirname "$FILE")" mkdir -p "$DIR" + rm -f ${FILE}.tmp ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE # Atomically rename file public key diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_8.8p1.bb index 676a8a6533..ee86bb92ab 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.8p1.bb @@ -5,8 +5,8 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" +LICENSE = "BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=d9d2753bdef9f19466dc7bc959114b11" DEPENDS = "zlib openssl virtual/crypt" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -25,24 +25,30 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ " -SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" +SRC_URI[sha256sum] = "4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9" + +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here +CVE_CHECK_WHITELIST += "CVE-2007-2768" # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded CVE_CHECK_WHITELIST += "CVE-2014-9278" +# CVE only applies to some distributed RHEL binaries +CVE_CHECK_WHITELIST += "CVE-2008-3844" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME_${PN}-sshd = "sshd" -INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" +INITSCRIPT_NAME:${PN}-sshd = "sshd" +INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" +SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest @@ -67,8 +73,8 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ --disable-strip \ " -# musl doesn't implement wtmp/utmp -EXTRA_OECONF_append_libc-musl = " --disable-wtmp" +# musl doesn't implement wtmp/utmp and logwtmp +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" # Since we do not depend on libbsd, we do not want configure to use it # just because it finds libutil.h. But, specifying --disable-libutil @@ -81,7 +87,7 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" # We don't want to depend on libblockfile CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" -do_configure_prepend () { +do_configure:prepend () { export LD="${CC}" install -m 0644 ${WORKDIR}/sshd_config ${B}/ install -m 0644 ${WORKDIR}/ssh_config ${B}/ @@ -94,7 +100,7 @@ do_compile_ptest() { regress/check-perm regress/mkdtemp } -do_install_append () { +do_install:append () { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config @@ -120,15 +126,15 @@ do_install_append () { echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - install -d ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ -e 's,@SBINDIR@,${sbindir},g' \ -e 's,@BINDIR@,${bindir},g' \ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service + ${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ ${D}${sysconfdir}/init.d/sshd @@ -141,39 +147,39 @@ do_install_ptest () { cp -r regress ${D}${PTEST_PATH} } -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES_${PN}-scp = "${bindir}/scp.${BPN}" -FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES_${PN}-sftp = "${bindir}/sftp" -FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES_${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = "\ +FILES:${PN}-scp = "${bindir}/scp.${BPN}" +FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" +FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES:${PN}-sftp = "${bindir}/sftp" +FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES:${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS:${PN}-sshd:append:class-target = "\ ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ " # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" +RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" -RPROVIDES_${PN}-ssh = "ssh" -RPROVIDES_${PN}-sshd = "sshd" +RPROVIDES:${PN}-ssh = "ssh" +RPROVIDES:${PN}-sshd = "sshd" -RCONFLICTS_${PN} = "dropbear" -RCONFLICTS_${PN}-sshd = "dropbear" +RCONFLICTS:${PN} = "dropbear" +RCONFLICTS:${PN}-sshd = "dropbear" -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" +CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE_${PN}-scp = "scp" -ALTERNATIVE_${PN}-ssh = "ssh" +ALTERNATIVE:${PN}-scp = "scp" +ALTERNATIVE:${PN}-ssh = "ssh" BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..5effa6c6f6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -0,0 +1,36 @@ +From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 14 Sep 2021 12:18:25 +0200 +Subject: [PATCH] Configure: do not tweak mips cflags + +This conflicts with mips machine definitons from yocto, +e.g. +| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + Configure | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/Configure b/Configure +index 821e680..0387a74 100755 +--- a/Configure ++++ b/Configure +@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } + +-if ($target =~ /linux.*-mips/ && !$disabled{asm} +- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +- # minimally required architecture flags for assembly modules +- my $value; +- $value = '-mips2' if ($target =~ /mips32/); +- $value = '-mips3' if ($target =~ /mips64/); +- unshift @{$config{cflags}}, $value; +- unshift @{$config{cxxflags}}, $value if $config{CXX}; +-} +- + # If threads aren't disabled, check how possible they are + unless ($disabled{threads}) { + if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch new file mode 100644 index 0000000000..b85a3ad7d2 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch @@ -0,0 +1,108 @@ +Fix EVP_PKEY_CTX_get_rsa_pss_saltlen, and also disable the tests in non-default +context (required when backporting, not needed with 3.0.1). + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 6b5c02f6173e5fd46a3685e676fcb5eee9ac43ea Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Thu, 25 Nov 2021 15:49:26 +0000 +Subject: [PATCH] Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value + +When an integer value was specified, it was not being passed back via +the orig_p2 weirdness. + +Regression test included. + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Paul Dale <pauli@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/17136) +--- + crypto/evp/ctrl_params_translate.c | 12 +++++++----- + test/evp_extra_test.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 37 insertions(+), 5 deletions(-) + +diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c +index 88945e13e6..6638209a8d 100644 +--- a/crypto/evp/ctrl_params_translate.c ++++ b/crypto/evp/ctrl_params_translate.c +@@ -1379,21 +1379,23 @@ static int fix_rsa_pss_saltlen(enum state state, + if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL) + || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) { + size_t i; ++ int val; + + for (i = 0; i < OSSL_NELEM(str_value_map); i++) { + if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) + break; + } +- if (i == OSSL_NELEM(str_value_map)) { +- ctx->p1 = atoi(ctx->p2); +- } else if (state == POST_CTRL_TO_PARAMS) { ++ ++ val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2) ++ : (int)str_value_map[i].id; ++ if (state == POST_CTRL_TO_PARAMS) { + /* + * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further + * up + */ +- *(int *)ctx->orig_p2 = str_value_map[i].id; ++ *(int *)ctx->orig_p2 = val; + } else { +- ctx->p1 = (int)str_value_map[i].id; ++ ctx->p1 = val; + } + ctx->p2 = NULL; + } +diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c +index 83f8902d24..9ad37a2bce 100644 +--- a/test/evp_extra_test.c ++++ b/test/evp_extra_test.c +@@ -3049,6 +3049,35 @@ static int test_EVP_rsa_pss_with_keygen_bits(void) + return ret; + } + ++static int test_EVP_rsa_pss_set_saltlen(void) ++{ ++ int ret = 0; ++ EVP_PKEY *pkey = NULL; ++ EVP_PKEY_CTX *pkey_ctx = NULL; ++ EVP_MD *sha256 = NULL; ++ EVP_MD_CTX *sha256_ctx = NULL; ++ int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ ++ const int test_value = 32; ++ ++ if (nullprov != NULL) ++ return TEST_skip("Test does not support a non-default library context"); ++ ++ ret = TEST_ptr(pkey = load_example_rsa_key()) ++ && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) ++ && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) ++ && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) ++ && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) ++ && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value)) ++ && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen)) ++ && TEST_int_eq(saltlen, test_value); ++ ++ EVP_MD_CTX_free(sha256_ctx); ++ EVP_PKEY_free(pkey); ++ EVP_MD_free(sha256); ++ ++ return ret; ++} ++ + static int success = 1; + static void md_names(const char *name, void *vctx) + { +@@ -3966,6 +3995,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_evp_iv_des, 6); + #endif + ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); ++ ADD_TEST(test_EVP_rsa_pss_set_saltlen); + #ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); + #endif +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..60890c666d 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -1,4 +1,4 @@ -From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 +From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> Date: Tue, 6 Nov 2018 14:50:47 +0100 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler @@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ Upstream-Status: Inappropriate [OE specific] Signed-off-by: Martin Hundebøll <martin@geanix.com> - Update to fix buildpaths qa issue for '-fmacro-prefix-map'. Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Update to fix buildpaths qa issue for '-ffile-prefix-map'. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- - Configurations/unix-Makefile.tmpl | 10 +++++++++- + Configurations/unix-Makefile.tmpl | 12 +++++++++++- crypto/build.info | 2 +- - 2 files changed, 10 insertions(+), 2 deletions(-) + 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 16af4d2087..54c162784c 100644 +index f88a70f..528cdef 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +@@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 +CFLAGS_Q={- for (@{$config{CFLAGS}}) { + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; ++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; + } + join(' ', @{$config{CFLAGS}}) -} + @@ -59,18 +64,15 @@ index 16af4d2087..54c162784c 100644 # For x86 assembler: Set PROCESSOR to 386 if you want to support diff --git a/crypto/build.info b/crypto/build.info -index b515b7318e..8c9cee2a09 100644 +index efca6cc..eda433e 100644 --- a/crypto/build.info +++ b/crypto/build.info -@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ - ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl +@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF + DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" - DEPEND[buildinf.h]=../configdata.pm - GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) --- -2.19.1 - + GENERATE[uplink-x86.s]=../ms/uplink-x86.pl + GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null @@ -1,46 +0,0 @@ -From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Tue, 2 Oct 2018 23:58:24 +0800 -Subject: [PATCH] skip test_symbol_presence - -We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' -as INSTALL told us the shared libraries will not be built. - -[INSTALL snip] - Notes on shared libraries - ------------------------- - - For most systems the OpenSSL Configure script knows what is needed to - build shared libraries for libcrypto and libssl. On these systems - the shared libraries will be created by default. This can be suppressed and - only static libraries created by using the "no-shared" option. On systems - where OpenSSL does not know how to build shared libraries the "no-shared" - option will be forced and only static libraries will be created. -[INSTALL snip] - -Hence directly modification the case to skip it. - -Upstream-Status: Inappropriate [OE Specific] - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - test/recipes/01-test_symbol_presence.t | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 7f2a2d7..0b93745 100644 ---- a/test/recipes/01-test_symbol_presence.t -+++ b/test/recipes/01-test_symbol_presence.t -@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; - - setup("test_symbol_presence"); - --plan skip_all => "Only useful when building shared libraries" -- if disabled("shared"); -+plan skip_all => "The case needs debug symbols then we just disable it"; - - my @libnames = ("crypto", "ssl"); - my $testcount = scalar @libnames; --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch b/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch new file mode 100644 index 0000000000..1935651be0 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch @@ -0,0 +1,29 @@ +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/16951] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 5118e96a3dbedde2523e7726fa34af30923a9add Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Tue, 2 Nov 2021 15:26:21 +0000 +Subject: [PATCH] Fix builds on Armv8 systems without AArch64 + +This fixes "undefined reference to `aes_gcm_dec_128_kernel' in function +`armv8_aes_gcm_decrypt'" and similar + +Fixes #16949 +--- + include/crypto/aes_platform.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h +index 015c3bd4ab91..e95ad5aa5de6 100644 +--- a/include/crypto/aes_platform.h ++++ b/include/crypto/aes_platform.h +@@ -100,7 +100,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, + # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) + # define AES_GCM_ENC_BYTES 512 + # define AES_GCM_DEC_BYTES 512 +-# if __ARM_MAX_ARCH__>=8 ++# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) + # define AES_gcm_encrypt armv8_aes_gcm_encrypt + # define AES_gcm_decrypt armv8_aes_gcm_decrypt + # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch deleted file mode 100644 index a24260c95d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch +++ /dev/null @@ -1,32 +0,0 @@ -The value for perl_archname can vary depending on the host, e.g. -x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which -makes the ptest package non-reproducible. Its unused other than -these references so drop it. - -RP 2020/2/6 - -Upstream-Status: Pending -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Index: openssl-1.1.1d/Configure -=================================================================== ---- openssl-1.1.1d.orig/Configure -+++ openssl-1.1.1d/Configure -@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) - # Save away perl command information - $config{perl_cmd} = $^X; - $config{perl_version} = $Config{version}; --$config{perl_archname} = $Config{archname}; -+#$config{perl_archname} = $Config{archname}; - - $config{prefix}=""; - $config{openssldir}=""; -@@ -2517,7 +2517,7 @@ _____ - @{$config{perlargv}}), "\n"; - print "\nPerl information:\n\n"; - print ' ',$config{perl_cmd},"\n"; -- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; -+ print ' ',$config{perl_version},"\n"; - } - if ($dump || $options) { - my $longest = 0; diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..8dff79101f 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -9,4 +9,4 @@ export TOP=. # OPENSSL_ENGINES is relative from the test binaries export OPENSSL_ENGINES=../engines -perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' +perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb index 1827167201..da73ed6bc3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb @@ -4,35 +4,34 @@ HOMEPAGE = "http://www.openssl.org/" BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" SECTION = "libs/network" -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://reproducible.patch \ + file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://armv8-32bit.patch \ + file://0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch \ " -SRC_URI_append_class-nativesdk = " \ +SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9" +SRC_URI[sha256sum] = "59eedfcb46c25214c9bd37ed6078297b4df01d012267fe9e9eee31f61bc70536" -inherit lib_package multilib_header multilib_script ptest +inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" @@ -40,17 +39,21 @@ do_configure[cleandirs] = "${B}" #| ./libcrypto.so: undefined reference to `getcontext' #| ./libcrypto.so: undefined reference to `setcontext' #| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" +EXTRA_OECONF:append:libc-musl = " no-async" +EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +# This allows disabling deprecated or undesirable crypto algorithms. +# The default is to trust upstream choices. +DEPRECATED_CRYPTO_FLAGS ?= "" do_configure () { os=${HOST_OS} @@ -67,6 +70,9 @@ do_configure () { esac target="$os-${HOST_ARCH}" case $target in + linux-arc) + target=linux-latomic + ;; linux-arm*) target=linux-armv4 ;; @@ -113,6 +119,9 @@ do_configure () { linux-sparc | linux-supersparc) target=linux-sparcv9 ;; + mingw32-x86_64) + target=mingw64 + ;; esac useprefix=${prefix} @@ -122,7 +131,7 @@ do_configure () { # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -130,43 +139,49 @@ do_install () { oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install oe_multilib_header openssl/opensslconf.h + oe_multilib_header openssl/configuration.h # Create SSL structure for packages such as ca-certificates which # contain hard-coded paths to /etc/ssl. Debian does the same. install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ + mv ${D}${libdir}/ssl-3/certs \ + ${D}${libdir}/ssl-3/private \ + ${D}${libdir}/ssl-3/openssl.cnf \ ${D}${sysconfdir}/ssl/ # Although absolute symlinks would be OK for the target, they become # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf } -do_install_append_class-native () { +do_install:append:class-native () { create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 + OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-3/certs \ + SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-3 } -do_install_append_class-nativesdk () { +do_install:append:class-nativesdk () { mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh } PTEST_BUILD_HOST_FILES += "configdata.pm" PTEST_BUILD_HOST_PATTERN = "perl_version =" do_install_ptest () { + install -d ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test + # Prune the build tree rm -f ${B}/fuzz/*.* ${B}/test/*.* cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} # For test_shlibload @@ -180,6 +195,20 @@ do_install_ptest () { install -d ${D}${PTEST_PATH}/engines install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines + + install -d ${D}${PTEST_PATH}/providers + install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers + + install -d ${D}${PTEST_PATH}/Configurations + cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ + + # seems to be needed with perl 5.32.1 + install -d ${D}${PTEST_PATH}/util/perl/recipes + cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl + } # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto @@ -189,28 +218,32 @@ do_install_ptest () { PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ - ${libdir}/ssl-1.1/openssl.cnf* \ +FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES:libssl = "${libdir}/libssl${SOLIBS}" +FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-3/openssl.cnf* \ " -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" +FILES:${PN}-engines = "${libdir}/engines-3" +# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) +FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" +FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" +FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-misc = "perl" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" +RRECOMMENDS:libcrypto += "openssl-conf" +RDEPENDS:${PN}-misc = "perl" +RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash" -RDEPENDS_${PN}-bin += "openssl-conf" +RDEPENDS:${PN}-bin += "openssl-conf" BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" +CVE_VERSION_SUFFIX = "alphabetical" + # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb index b5f68951d7..8a6c297cb0 100644 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb @@ -1,7 +1,8 @@ SUMMARY = "Enables PPP dial-in through a serial connection" SECTION = "console/network" +DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." DEPENDS = "ppp" -RDEPENDS_${PN} = "ppp" +RDEPENDS:${PN} = "ppp" PR = "r8" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" @@ -22,6 +23,6 @@ do_install() { } USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home /dev/null \ +USERADD_PARAM:${PN} = "--system --home /dev/null \ --no-create-home --shell ${sbindir}/ppp-dialin \ --no-user-group --gid nogroup ppp" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch deleted file mode 100644 index 65291368bd..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch +++ /dev/null @@ -1,124 +0,0 @@ -From e50cdaed07e51f2508f94eb1f34fe43776e4ca78 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Fri, 29 May 2015 14:57:05 -0700 -Subject: [PATCH] Fix build with musl - -There are several assumption about glibc - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Pending ---- - include/net/ppp_defs.h | 2 ++ - pppd/Makefile.linux | 2 +- - pppd/plugins/rp-pppoe/config.h | 3 ++- - pppd/plugins/rp-pppoe/plugin.c | 1 - - pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++---- - pppd/plugins/rp-pppoe/pppoe.h | 2 +- - pppd/sys-linux.c | 3 ++- - 7 files changed, 12 insertions(+), 9 deletions(-) - -diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h -index b06eda5..dafa36c 100644 ---- a/include/net/ppp_defs.h -+++ b/include/net/ppp_defs.h -@@ -38,6 +38,8 @@ - #ifndef _PPP_DEFS_H_ - #define _PPP_DEFS_H_ - -+#include <sys/time.h> -+ - /* - * The basic PPP frame. - */ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 4e485a1..76411bc 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -131,7 +131,7 @@ LIBS += -lcrypt - endif - - ifdef USE_LIBUTIL --CFLAGS += -DHAVE_LOGWTMP=1 -+#CFLAGS += -DHAVE_LOGWTMP=1 - LIBS += -lutil - endif - -diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h -index a708859..4a16a88 100644 ---- a/pppd/plugins/rp-pppoe/config.h -+++ b/pppd/plugins/rp-pppoe/config.h -@@ -78,8 +78,9 @@ - #define HAVE_NET_IF_ARP_H 1 - - /* Define if you have the <net/ethernet.h> header file. */ -+#ifdef __GLIBC__ - #define HAVE_NET_ETHERNET_H 1 -- -+#endif - /* Define if you have the <net/if.h> header file. */ - #define HAVE_NET_IF_H 1 - -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c -index 44e0c31..93c0906 100644 ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -46,7 +46,6 @@ static char const RCSID[] = - #include <unistd.h> - #include <fcntl.h> - #include <signal.h> --#include <net/ethernet.h> - #include <net/if_arp.h> - #include <linux/ppp_defs.h> - #include <linux/if_pppox.h> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c -index f19c6d8..f45df2c 100644 ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -29,10 +29,6 @@ - #include <linux/if_packet.h> - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include <net/ethernet.h> --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include <asm/types.h> - #endif -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index a4e7d5c..de191c8 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -90,7 +90,7 @@ typedef unsigned long UINT32_t; - #ifdef HAVE_SYS_SOCKET_H - #include <sys/socket.h> - #endif --#ifndef HAVE_SYS_DLPI_H -+#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H - #include <netinet/if_ether.h> - #endif - #endif -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index a0531e9..84ee394 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -112,7 +112,7 @@ - #include <linux/types.h> - #include <linux/if.h> - #include <linux/if_arp.h> --#include <linux/route.h> -+/* #include <linux/route.h> */ - #include <linux/if_ether.h> - #endif - #include <netinet/in.h> -@@ -145,6 +145,7 @@ - #endif - - #ifdef INET6 -+#include <net/route.h> - #ifndef _LINUX_IN6_H - /* - * This is in linux/include/net/ipv6.h. --- -2.17.1 - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch deleted file mode 100644 index a32f89fbc8..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch +++ /dev/null @@ -1,43 +0,0 @@ -commit cd90fd147844a0cfec101f1e2db7a3c59d236621 -Author: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Wed Dec 28 14:11:22 2016 +0200 - -pppol2tp plugin: Remove unneeded include - -The include is not required and will break compile on musl libc with - -| In file included from pppol2tp.c:34:0: -| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant -| IFF_LOWER_UP = 1<<16, /* __volatile__ */ - -Patch originally from Khem Raj. - -Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73] -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> - -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..458316b 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -47,7 +47,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - #include "l2tp_event.h" -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index 0e28606..4f6d98c 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -46,7 +46,6 @@ - #include <linux/if_ether.h> - #include <linux/ppp_defs.h> - #include <linux/if_ppp.h> --#include <linux/if_pppox.h> - #include <linux/if_pppol2tp.h> - - /* should be added to system's socket.h... */ ---- - diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch new file mode 100644 index 0000000000..c91246dbf5 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch @@ -0,0 +1,36 @@ +From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Fri, 5 Nov 2021 12:41:35 -0400 +Subject: [PATCH] ppp: fix build against 5.15 headers + +The 5.15 kernel has removed ipx support, along with the userspace +visible header. + +This support wasn't used previously (as it hasn't been very well +maintained in the kernel for several years), so we can simply +disable it in our build and wait for upstream to do a release that +drops the support. + +Upstream-Status: Inappropriate [OE-specific configuration/headers] + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + pppd/Makefile.linux | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 22837c5..23b9b22 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -91,7 +91,7 @@ MAXOCTETS=y + + INCLUDE_DIRS= -I../include + +-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe ++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe + + CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch deleted file mode 100644 index b7ba7ba643..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 -From: Paul Mackerras <paulus@ozlabs.org> -Date: Mon, 3 Feb 2020 15:53:28 +1100 -Subject: [PATCH] pppd: Fix bounds check in EAP code - -Given that we have just checked vallen < len, it can never be the case -that vallen >= len + sizeof(rhostname). This fixes the check so we -actually avoid overflowing the rhostname array. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Paul Mackerras <paulus@ozlabs.org> - -Upstream-Status: Backport -[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] - -CVE: CVE-2020-8597 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - pppd/eap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 94407f5..1b93db0 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; --- -2.17.1 - diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch deleted file mode 100644 index 53ff06e03e..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/copts.patch +++ /dev/null @@ -1,21 +0,0 @@ -ppp: use build system CFLAGS when compiling - -Upstream-Status: Pending - -Override the hard-coded COPTS make variables with -CFLAGS. Add COPTS into one Makefile that did not -use it. - -Signed-off-by: Joe Slater <jslater@windriver.com> - ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch deleted file mode 100644 index c5a0be86f5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch +++ /dev/null @@ -1,30 +0,0 @@ -ppp: Buffer overflow in radius plugin - -From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 - -Upstream-Status: Backport -CVE: CVE-2015-3310 - -On systems with more than 65535 processes running, pppd aborts when -sending a "start" accounting message to the RADIUS server because of a -buffer overflow in rc_mksid. - -The process id is used in rc_mksid to generate a pseudo-unique string, -assuming that the hex representation of the pid will be at most 4 -characters (FFFF). __sprintf_chk(), used when compiling with -optimization levels greater than 0 and FORTIFY_SOURCE, detects the -buffer overflow and makes pppd crash. - -The following patch fixes the problem. - ---- ppp-2.4.6.orig/pppd/plugins/radius/util.c -+++ ppp-2.4.6/pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () % 65535, - cnt & 0xFF); - cnt++; - return buf; diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch deleted file mode 100644 index 614a474c37..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 505705d0e1b55ce3fdc10d0e5eab5488f869adb6 Mon Sep 17 00:00:00 2001 -From: Andreas Oberritter <obi@opendreambox.org> -Date: Thu, 1 Jul 2010 14:34:12 +0800 -Subject: [PATCH] ppp: Upgraded to version 2.4.5 - -The patch comes from OpenEmbedded. -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Updated from OE-Classic to include the pcap hunk. -Signed-off-by: Andreas Oberritter <obi@opendreambox.org> - -Upstream-Status: Inappropriate [configuration] - ---- - pppd/Makefile.linux | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 4e485a1..44c4193 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -188,10 +188,10 @@ LIBS += -ldl - endif - - ifdef FILTER --ifneq ($(wildcard /usr/include/pcap-bpf.h),) -+#ifneq ($(wildcard /usr/include/pcap-bpf.h),) - LIBS += -lpcap - CFLAGS += -DPPP_FILTER --endif -+#endif - endif - - ifdef HAVE_INET6 diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch deleted file mode 100644 index 25b8ded441..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefile.patch +++ /dev/null @@ -1,115 +0,0 @@ -From f7fb1d1abfa6d208fb40fca1602e0c488108f1b5 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard@openedhand.com> -Date: Wed, 31 Aug 2005 10:45:47 +0000 -Subject: [PATCH] Initial population - -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [configuration] - ---- - chat/Makefile.linux | 2 +- - pppd/Makefile.linux | 4 ++-- - pppd/plugins/radius/Makefile.linux | 10 +++++----- - pppd/plugins/rp-pppoe/Makefile.linux | 4 ++-- - pppdump/Makefile.linux | 2 +- - pppstats/Makefile.linux | 2 +- - 6 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/chat/Makefile.linux b/chat/Makefile.linux -index 0732ec8..f082dab 100644 ---- a/chat/Makefile.linux -+++ b/chat/Makefile.linux -@@ -25,7 +25,7 @@ chat.o: chat.c - - install: chat - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c chat $(BINDIR) -+ $(INSTALL) -c chat $(BINDIR) - $(INSTALL) -c -m 644 chat.8 $(MANDIR) - - clean: -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 9664f70..4e485a1 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -107,7 +107,7 @@ ifdef USE_SRP - CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include - LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto - TARGETS += srp-entry --EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry -+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry - MANPAGES += srp-entry.8 - EXTRACLEAN += srp-entry.o - NEEDDES=y -@@ -219,7 +219,7 @@ all: $(TARGETS) - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd -+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi - $(INSTALL) -c -m 444 pppd.8 $(MANDIR) -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux -index e702263..af57ae3 100644 ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -36,11 +36,11 @@ all: $(PLUGIN) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) -- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) -- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) -+ $(INSTALL) -c -m 755 radius.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) -+ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR) -+ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a - $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux -index 749ccc2..2c93f4a 100644 ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) -+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) - - clean: - rm -f *.o *.so pppoe-discovery -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux -index cdf7ac4..0457561 100644 ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -17,5 +17,5 @@ clean: - - install: - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c pppdump $(BINDIR) -+ $(INSTALL) -c pppdump $(BINDIR) - $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux -index 71afbe6..1819370 100644 ---- a/pppstats/Makefile.linux -+++ b/pppstats/Makefile.linux -@@ -22,7 +22,7 @@ all: pppstats - - install: pppstats - -mkdir -p $(MANDIR) -- $(INSTALL) -s -c pppstats $(BINDIR) -+ $(INSTALL) -c pppstats $(BINDIR) - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch new file mode 100644 index 0000000000..fce068cae0 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/makefix.patch @@ -0,0 +1,40 @@ +We were seeing reproducibility issues where one host would use the internal +logwtmp wrapper, another would use the one in libutil. The issue was that in +some cases the "\#include" was making it to CC, in others, "#include". The +issue seems to be related to shell escaping. + +The root cause looks to be: +http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4 + +Instead of relying on shell quoting, use make to indirect the variable +and avoid the problem. + +See https://github.com/paulusmack/ppp/issues/233 + +Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: ppp-2.4.9/pppd/Makefile.linux +=================================================================== +--- ppp-2.4.9.orig/pppd/Makefile.linux ++++ ppp-2.4.9/pppd/Makefile.linux +@@ -80,7 +80,8 @@ PLUGIN=y + #USE_SRP=y + + # Use libutil; test if logwtmp is declared in <utmp.h> to detect +-ifeq ($(shell echo '\#include <utmp.h>' | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes) ++UTMPHEADER = "\#include <utmp.h>" ++ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes) + USE_LIBUTIL=y + endif + +@@ -143,7 +144,8 @@ CFLAGS += -DHAS_SHADOW + #LIBS += -lshadow $(LIBS) + endif + +-ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) ++CRYPTHEADER = "\#include <crypt.h>" ++ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) + CFLAGS += -DHAVE_CRYPT_H=1 + LIBS += -lcrypt + endif diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch deleted file mode 100644 index a72414ff8a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch +++ /dev/null @@ -1,45 +0,0 @@ -The patch comes from OpenEmbedded -Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com> - -Upstream-Status: Inappropriate [embedded specific] - -diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c ---- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800 -+++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800 -@@ -55,6 +55,8 @@ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> -+#include <sys/stat.h> -+#include <unistd.h> - - #include "pppd.h" - #include "fsm.h" -@@ -2095,6 +2097,14 @@ - u_int32_t peerdns1, peerdns2; - { - FILE *f; -+ struct stat dirinfo; -+ -+ if(stat(_PATH_OUTDIR, &dirinfo)) { -+ if(mkdir(_PATH_OUTDIR, 0775)) { -+ error("Failed to create directory %s: %m", _PATH_OUTDIR); -+ return; -+ } -+ } - - f = fopen(_PATH_RESOLV, "w"); - if (f == NULL) { -diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h ---- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800 -+++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800 -@@ -30,7 +30,8 @@ - #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." - #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" - #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" --#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" -+#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp" -+#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf" - - #define _PATH_USEROPT ".ppprc" - #define _PATH_PSEUDONYM ".ppp_pseudonym" diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.8.bb b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb index f9c60d6bad..bd6435e69c 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.8.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb @@ -5,16 +5,14 @@ SECTION = "console/network" HOMEPAGE = "http://samba.org/ppp/" BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" DEPENDS = "libpcap openssl virtual/crypt" -LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" +LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPLv2+ & LGPLv2+ & PD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ - file://makefile.patch \ - file://pppd-resolv-varrun.patch \ - file://makefile-remove-hard-usr-reference.patch \ + file://makefix.patch \ file://pon \ file://poff \ file://init \ @@ -22,26 +20,19 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://ip-down \ file://08setupdns \ file://92removedns \ - file://copts.patch \ file://pap \ file://ppp_on_boot \ file://provider \ file://ppp@.service \ - file://fix-CVE-2015-3310.patch \ - file://0001-ppp-Remove-unneeded-include.patch \ - file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ + file://0001-ppp-fix-build-against-5.15-headers.patch \ " -SRC_URI_append_libc-musl = "\ - file://0001-Fix-build-with-musl.patch \ -" -SRC_URI[md5sum] = "2ca8342b9804be15103fd3f687af701c" -SRC_URI[sha256sum] = "f6bf89beae26b2943dff8f1003533d6a5a4909a0fa6edfbec44fe039bbe61bc6" +SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" inherit autotools-brokensep systemd TARGET_CC_ARCH += " ${LDFLAGS}" -EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" +EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" EXTRA_OECONF = "--disable-strip" # Package Makefile computes CFLAGS, referencing COPTS. @@ -49,11 +40,13 @@ EXTRA_OECONF = "--disable-strip" # EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' +EXTRA_OECONF:append:libc-musl = " --disable-ipxcp" + do_configure () { oe_runconf } -do_install_append () { +do_install:append () { make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ @@ -70,34 +63,37 @@ do_install_append () { install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} sed -i -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_unitdir}/system/ppp@.service + ${D}${systemd_system_unitdir}/ppp@.service rm -rf ${D}/${mandir}/man8/man8 chmod u+s ${D}${sbindir}/pppd } -do_install_append_libc-musl () { +do_install:append:libc-musl () { install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h } -CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" +CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" -FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" -FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" -FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so" -FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" -FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" -FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" -FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" -FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" -FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" -SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" -SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" -SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" -SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" -SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" -SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" -SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" -SUMMARY_${PN}-tools = "Additional tools for the PPP package" +FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" +FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" +FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" +FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" +FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" +FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" +FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" +FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" +FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" +SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" +SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" +SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" +SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" +SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" +SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" +SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" +SUMMARY:${PN}-tools = "Additional tools for the PPP package" + +# Ignore compatibility symlink rp-pppoe.so->pppoe.so +INSANE_SKIP:${PN}-oe += "dev-so" diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.87.bb index 33ee553d19..f57abe3619 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.87.bb @@ -9,14 +9,14 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" -RDEPENDS_${PN} = "bash" +RDEPENDS:${PN} = "bash" -SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://fix-path-for-busybox.patch \ file://99_resolvconf \ - " + " -SRCREV = "d001dd2b7ce4c854eaa29e46b9640ab66c6e70bb" +SRCREV = "1dda36d8465e335c60190c41e7185d782da1bd7b" S = "${WORKDIR}/git" @@ -55,7 +55,7 @@ do_install () { install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ } -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { if [ -z "$D" ]; then if command -v systemd-tmpfiles >/dev/null; then systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf @@ -65,4 +65,4 @@ pkg_postinst_${PN} () { fi } -FILES_${PN} += "${base_libdir}/${BPN}" +FILES:${PN} += "${base_libdir}/${BPN}" diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/meta/recipes-connectivity/socat/socat_1.7.4.2.bb index f3f569d262..0edde6a2e4 100644 --- a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb +++ b/meta/recipes-connectivity/socat/socat_1.7.4.2.bb @@ -7,13 +7,12 @@ SECTION = "console/network" LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" + file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ " -SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9" -SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc" +SRC_URI[sha256sum] = "6690a9f9990457b505097a272bbf2cbf4cc35576176f76646e3524b0e91c1763" inherit autotools @@ -29,15 +28,15 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ sc_cv_sys_tabdly_shift=11 \ sc_cv_sys_csize_shift=4" -TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ +TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ sc_cv_sys_tabdly_shift=10 \ sc_cv_sys_csize_shift=8" -PACKAGECONFIG_class-target ??= "tcp-wrappers readline openssl" +PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" PACKAGECONFIG ??= "readline openssl" PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" @@ -45,7 +44,7 @@ PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" CFLAGS += "-fcommon" -do_install_prepend () { +do_install:prepend () { mkdir -p ${D}${bindir} install -d ${D}${bindir} ${D}${mandir}/man1 } diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch new file mode 100644 index 0000000000..8c90fa3421 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch @@ -0,0 +1,45 @@ +From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Mon, 9 Nov 2020 11:43:12 +0200 +Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group + client + +Parsing and copying of WPS secondary device types list was verifying +that the contents is not too long for the internal maximum in the case +of WPS messages, but similar validation was missing from the case of P2P +group information which encodes this information in a different +attribute. This could result in writing beyond the memory area assigned +for these entries and corrupting memory within an instance of struct +p2p_device. This could result in invalid operations and unexpected +behavior when trying to free pointers from that corrupted memory. + +Upstream-Status: Backport +CVE: CVE-2021-0326 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e] + +Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269 +Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/p2p/p2p.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c +index a08ba02..079270f 100644 +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev, + dev->info.config_methods = cli->config_methods; + os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8); + dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types; ++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN) ++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN; + os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types, + dev->info.wps_sec_dev_type_list_len); + } +-- +2.17.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch new file mode 100644 index 0000000000..004b1dbd19 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch @@ -0,0 +1,58 @@ +From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Tue, 8 Dec 2020 23:52:50 +0200 +Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request + +p2p_add_device() may remove the oldest entry if there is no room in the +peer table for a new peer. This would result in any pointer to that +removed entry becoming stale. A corner case with an invalid PD Request +frame could result in such a case ending up using (read+write) freed +memory. This could only by triggered when the peer table has reached its +maximum size and the PD Request frame is received from the P2P Device +Address of the oldest remaining entry and the frame has incorrect P2P +Device Address in the payload. + +Fix this by fetching the dev pointer again after having called +p2p_add_device() so that the stale pointer cannot be used. + +Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> + +Upstream-Status: Backport +CVE: CVE-2021-27803 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/p2p/p2p_pd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c +index 3994ec0..05fd593 100644 +--- a/src/p2p/p2p_pd.c ++++ b/src/p2p/p2p_pd.c +@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa, + goto out; + } + ++ dev = p2p_get_device(p2p, sa); + if (!dev) { +- dev = p2p_get_device(p2p, sa); +- if (!dev) { +- p2p_dbg(p2p, +- "Provision Discovery device not found " +- MACSTR, MAC2STR(sa)); +- goto out; +- } ++ p2p_dbg(p2p, ++ "Provision Discovery device not found " ++ MACSTR, MAC2STR(sa)); ++ goto out; + } + } else if (msg.wfd_subelems) { + wpabuf_free(dev->info.wfd_subelems); +-- +2.17.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch new file mode 100644 index 0000000000..e2540fc26b --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch @@ -0,0 +1,123 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen <j@w1.fi> + +Upstream-Status: Backport +CVE: CVE-2021-30004 + +Reference to upstream patch: +[https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15] + +Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index 141ac50..e09db07 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -240,6 +240,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -261,6 +263,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -269,6 +273,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index 1bd5aa0..bf2289f 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1834,6 +1834,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1855,6 +1856,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1862,6 +1865,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +2.17.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index 7cc03fef7d..25cd8ef82c 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -1,5 +1,6 @@ SUMMARY = "Client for Wi-Fi Protected Access (WPA)" HOMEPAGE = "http://w1.fi/wpa_supplicant/" +DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." BUGTRACKER = "http://w1.fi/security/" SECTION = "network" LICENSE = "BSD-3-Clause" @@ -7,15 +8,15 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \ file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \ file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b" DEPENDS = "dbus libnl" -RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" +RRECOMMENDS:${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" -PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG ??= "openssl" PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" PACKAGECONFIG[openssl] = ",,openssl" inherit pkgconfig systemd -SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service" +SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" SYSTEMD_AUTO_ENABLE = "disable" SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ @@ -29,6 +30,9 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ + file://CVE-2021-0326.patch \ + file://CVE-2021-27803.patch \ + file://CVE-2021-30004.patch \ " SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" @@ -37,11 +41,11 @@ CVE_PRODUCT = "wpa_supplicant" S = "${WORKDIR}/wpa_supplicant-${PV}" -PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " -FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" -FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" -FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" -CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" +PACKAGES:prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " +FILES:wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" +FILES:wpa-supplicant-cli = "${sbindir}/wpa_cli" +FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" +CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" do_configure () { ${MAKE} -C wpa_supplicant clean @@ -96,15 +100,15 @@ do_install () { install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} fi install -d ${D}/etc/default/volatiles install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles } -pkg_postinst_wpa-supplicant () { +pkg_postinst:${PN} () { # If we're offline, we don't need to do this. if [ "x$D" = "x" ]; then killall -q -HUP dbus-daemon || true |