diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 20:59:03 (GMT) |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-10-09 20:59:03 (GMT) |
commit | 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch) | |
tree | 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-connectivity | |
download | poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz |
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-connectivity')
221 files changed, 18102 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb new file mode 100644 index 0000000..eea4d70 --- /dev/null +++ b/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb | |||
@@ -0,0 +1,72 @@ | |||
1 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | ||
2 | file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ | ||
3 | file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ | ||
4 | file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ | ||
5 | file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" | ||
6 | |||
7 | require avahi.inc | ||
8 | |||
9 | inherit python-dir pythonnative | ||
10 | |||
11 | PACKAGECONFIG ??= "python" | ||
12 | PACKAGECONFIG[python] = "--enable-python,--disable-python,python-native python" | ||
13 | |||
14 | PR = "${INC_PR}.0" | ||
15 | |||
16 | SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d" | ||
17 | SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48" | ||
18 | |||
19 | DEPENDS += "avahi gtk+ libglade" | ||
20 | |||
21 | AVAHI_GTK = "--enable-gtk --disable-gtk3" | ||
22 | |||
23 | S = "${WORKDIR}/avahi-${PV}" | ||
24 | |||
25 | PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc python-avahi avahi-discover avahi-discover-standalone" | ||
26 | |||
27 | FILES_${PN} = "${libdir}/libavahi-ui*.so.*" | ||
28 | FILES_${PN}-dbg += "${libdir}/.debug/libavah-ui*" | ||
29 | FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}" | ||
30 | FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a" | ||
31 | |||
32 | FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*" | ||
33 | |||
34 | FILES_python-avahi = "${PYTHON_SITEPACKAGES_DIR}/avahi ${PYTHON_SITEPACKAGES_DIR}/avahi_discover" | ||
35 | FILES_avahi-discover = "${bindir}/avahi-discover \ | ||
36 | ${datadir}/applications/avahi-discover.desktop \ | ||
37 | ${datadir}/avahi/interfaces/avahi-discover*" | ||
38 | FILES_avahi-discover-standalone = "${bindir}/avahi-discover-standalone \ | ||
39 | ${datadir}/avahi/interfaces/avahi-discover.glade" | ||
40 | |||
41 | RDEPENDS_avahi-discover = "python-avahi python-pygtk" | ||
42 | RDEPENDS_python-avahi = "python-core python-dbus" | ||
43 | |||
44 | |||
45 | do_install_append () { | ||
46 | rm ${D}${sysconfdir} -rf | ||
47 | rm ${D}${base_libdir} -rf | ||
48 | rm ${D}${systemd_unitdir} -rf | ||
49 | # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib, | ||
50 | # but not ${base_libdir} here. And the /lib may not exist | ||
51 | # whithout systemd. | ||
52 | [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty | ||
53 | rm ${D}${bindir}/avahi-b* | ||
54 | rm ${D}${bindir}/avahi-p* | ||
55 | rm ${D}${bindir}/avahi-r* | ||
56 | rm ${D}${bindir}/avahi-s* | ||
57 | rm ${D}${includedir}/avahi-c* -rf | ||
58 | rm ${D}${includedir}/avahi-g* -rf | ||
59 | rm ${D}${libdir}/libavahi-c* | ||
60 | rm ${D}${libdir}/libavahi-g* | ||
61 | rm ${D}${libdir}/pkgconfig/avahi-c* | ||
62 | rm ${D}${libdir}/pkgconfig/avahi-g* | ||
63 | rm ${D}${sbindir} -rf | ||
64 | rm ${D}${datadir}/avahi/a* | ||
65 | rm ${D}${datadir}/avahi/s* | ||
66 | rm ${D}${datadir}/locale/ -rf | ||
67 | rm ${D}${datadir}/dbus* -rf | ||
68 | rm ${D}${mandir}/man1/a* | ||
69 | rm ${D}${mandir}/man5 -rf | ||
70 | rm ${D}${mandir}/man8 -rf | ||
71 | } | ||
72 | |||
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc new file mode 100644 index 0000000..b060437 --- /dev/null +++ b/meta/recipes-connectivity/avahi/avahi.inc | |||
@@ -0,0 +1,158 @@ | |||
1 | SUMMARY = "Avahi IPv4LL network address configuration daemon" | ||
2 | DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ | ||
3 | allows programs to publish and discover services and hosts running on a local network \ | ||
4 | with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ | ||
5 | IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ | ||
6 | configuration from the link-local 169.254.0.0/16 range without the need for a central \ | ||
7 | server.' | ||
8 | AUTHOR = "Lennart Poettering <lennart@poettering.net>" | ||
9 | HOMEPAGE = "http://avahi.org" | ||
10 | BUGTRACKER = "http://avahi.org/report" | ||
11 | SECTION = "network" | ||
12 | |||
13 | # major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and | ||
14 | # python scripts are under GPLv2+ | ||
15 | LICENSE = "GPLv2+ & LGPLv2.1+" | ||
16 | |||
17 | INC_PR = "r11" | ||
18 | |||
19 | DEPENDS = "expat libcap libdaemon dbus glib-2.0" | ||
20 | |||
21 | SRC_URI = "http://avahi.org/download/avahi-${PV}.tar.gz \ | ||
22 | file://00avahi-autoipd \ | ||
23 | file://99avahi-autoipd \ | ||
24 | file://initscript.patch \ | ||
25 | file://avahi_fix_install_issue.patch \ | ||
26 | file://fix_for_automake_1.12.x.patch \ | ||
27 | file://out-of-tree.patch \ | ||
28 | file://0001-avahi-fix-avahi-status-command-error-prompt.patch \ | ||
29 | file://reuseport-check.patch \ | ||
30 | " | ||
31 | |||
32 | USERADD_PACKAGES = "avahi-daemon avahi-autoipd" | ||
33 | USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \ | ||
34 | --no-create-home --shell /bin/false \ | ||
35 | --user-group avahi" | ||
36 | |||
37 | USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \ | ||
38 | --no-create-home --shell /bin/false \ | ||
39 | --user-group \ | ||
40 | -c \"Avahi autoip daemon\" \ | ||
41 | avahi-autoipd" | ||
42 | |||
43 | inherit autotools pkgconfig update-rc.d gettext useradd | ||
44 | |||
45 | EXTRA_OECONF = "--disable-introspection \ | ||
46 | --with-avahi-priv-access-group=adm \ | ||
47 | --disable-stack-protector \ | ||
48 | --disable-gdbm \ | ||
49 | --disable-mono \ | ||
50 | --disable-monodoc \ | ||
51 | --disable-qt3 \ | ||
52 | --disable-qt4 \ | ||
53 | --disable-python \ | ||
54 | --disable-doxygen-doc \ | ||
55 | ${EXTRA_OECONF_SYSVINIT} \ | ||
56 | ${EXTRA_OECONF_SYSTEMD} \ | ||
57 | ${AVAHI_GTK} \ | ||
58 | " | ||
59 | |||
60 | # The distro choice determines what init scripts are installed | ||
61 | EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" | ||
62 | EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" | ||
63 | |||
64 | AVAHI_GTK ?= "--disable-gtk --disable-gtk3" | ||
65 | |||
66 | LDFLAGS_append_libc-uclibc = " -lintl" | ||
67 | LDFLAGS_append_uclinux-uclibc = " -lintl" | ||
68 | |||
69 | do_configure_prepend() { | ||
70 | sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac | ||
71 | } | ||
72 | |||
73 | |||
74 | PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils" | ||
75 | |||
76 | # As avahi doesn't put any files into PN, clear the files list to avoid problems | ||
77 | # if extra libraries appear. | ||
78 | FILES_avahi = "" | ||
79 | FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ | ||
80 | ${sysconfdir}/avahi/avahi-autoipd.action \ | ||
81 | ${sysconfdir}/dhcp/*/avahi-autoipd \ | ||
82 | ${sysconfdir}/udhcpc.d/00avahi-autoipd \ | ||
83 | ${sysconfdir}/udhcpc.d/99avahi-autoipd" | ||
84 | FILES_libavahi-common = "${libdir}/libavahi-common.so.*" | ||
85 | FILES_libavahi-core = "${libdir}/libavahi-core.so.*" | ||
86 | FILES_avahi-daemon = "${sbindir}/avahi-daemon \ | ||
87 | ${sysconfdir}/avahi/avahi-daemon.conf \ | ||
88 | ${sysconfdir}/avahi/hosts \ | ||
89 | ${sysconfdir}/avahi/services \ | ||
90 | ${sysconfdir}/dbus-1 \ | ||
91 | ${sysconfdir}/init.d/avahi-daemon \ | ||
92 | ${datadir}/avahi/introspection/*.introspect \ | ||
93 | ${datadir}/avahi/avahi-service.dtd \ | ||
94 | ${datadir}/avahi/service-types \ | ||
95 | ${datadir}/dbus-1/system-services" | ||
96 | FILES_libavahi-client = "${libdir}/libavahi-client.so.*" | ||
97 | FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*" | ||
98 | FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ | ||
99 | ${sysconfdir}/avahi/avahi-dnsconfd.action \ | ||
100 | ${sysconfdir}/init.d/avahi-dnsconfd" | ||
101 | FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" | ||
102 | FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*" | ||
103 | FILES_avahi-utils = "${bindir}/avahi-*" | ||
104 | |||
105 | RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})" | ||
106 | |||
107 | # uclibc has no nss | ||
108 | RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" | ||
109 | RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" | ||
110 | |||
111 | RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev" | ||
112 | RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev" | ||
113 | |||
114 | RRECOMMENDS_avahi-dev[nodeprrecs] = "1" | ||
115 | |||
116 | CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" | ||
117 | |||
118 | INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" | ||
119 | INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" | ||
120 | INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" | ||
121 | INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" | ||
122 | INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" | ||
123 | |||
124 | do_install() { | ||
125 | autotools_do_install | ||
126 | |||
127 | # don't install /var/run when populating rootfs. Do it through volatile | ||
128 | # /var/run of current version is empty, so just remove it. | ||
129 | # if /var/run become non-empty in the future, need to install it via volatile | ||
130 | rm -rf ${D}${localstatedir}/run | ||
131 | rmdir --ignore-fail-on-non-empty ${D}${localstatedir} | ||
132 | rm -rf ${D}${datadir}/dbus-1/interfaces | ||
133 | rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 | ||
134 | rm -rf ${D}${libdir}/avahi | ||
135 | |||
136 | install -d ${D}${sysconfdir}/udhcpc.d | ||
137 | install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d | ||
138 | install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d | ||
139 | } | ||
140 | |||
141 | # At the time the postinst runs, dbus might not be setup so only restart if running | ||
142 | # Don't exit early, because update-rc.d needs to run subsequently. | ||
143 | |||
144 | pkg_postinst_avahi-daemon () { | ||
145 | if [ -z "$D" ]; then | ||
146 | killall -q -HUP dbus-daemon || true | ||
147 | fi | ||
148 | } | ||
149 | |||
150 | pkg_postrm_avahi-daemon () { | ||
151 | deluser avahi || true | ||
152 | delgroup avahi || true | ||
153 | } | ||
154 | |||
155 | pkg_postrm_avahi-autoipd () { | ||
156 | deluser avahi-autoipd || true | ||
157 | delgroup avahi-autoipd || true | ||
158 | } | ||
diff --git a/meta/recipes-connectivity/avahi/avahi_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi_0.6.31.bb new file mode 100644 index 0000000..5d796a2 --- /dev/null +++ b/meta/recipes-connectivity/avahi/avahi_0.6.31.bb | |||
@@ -0,0 +1,22 @@ | |||
1 | require avahi.inc | ||
2 | |||
3 | inherit systemd | ||
4 | |||
5 | SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" | ||
6 | SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" | ||
7 | SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" | ||
8 | |||
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | ||
10 | file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ | ||
11 | file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ | ||
12 | file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ | ||
13 | file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" | ||
14 | |||
15 | PR = "${INC_PR}.1" | ||
16 | |||
17 | SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d" | ||
18 | SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48" | ||
19 | |||
20 | DEPENDS += "intltool-native" | ||
21 | |||
22 | PACKAGES =+ "libavahi-gobject" | ||
diff --git a/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch b/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch new file mode 100644 index 0000000..7590df7 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From f774ac25f436a782ccccc4dbe68378a684596799 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lu Chong <Chong.Lu@windriver.com> | ||
3 | Date: Thu, 7 Nov 2013 14:36:28 +0800 | ||
4 | Subject: [PATCH] avahi: fix avahi status command error prompt | ||
5 | |||
6 | service --status-all command will display wrong status for avahi-daemon. | ||
7 | This commit fix this error prompt and make service display right status | ||
8 | for avahi-daemon. | ||
9 | |||
10 | Upstream-Status: Pending | ||
11 | |||
12 | Signed-off-by: Lu Chong <Chong.Lu@windriver.com> | ||
13 | --- | ||
14 | initscript/debian/avahi-daemon.in | 14 +++++++++++--- | ||
15 | 1 file changed, 11 insertions(+), 3 deletions(-) | ||
16 | |||
17 | diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in | ||
18 | index 4793b46..49ec358 100755 | ||
19 | --- a/initscript/debian/avahi-daemon.in | ||
20 | +++ b/initscript/debian/avahi-daemon.in | ||
21 | @@ -153,7 +153,15 @@ d_reload() { | ||
22 | # Function that check the status of the daemon/service. | ||
23 | # | ||
24 | d_status() { | ||
25 | - $DAEMON -c && echo "$DESC is running" || echo "$DESC is not running" | ||
26 | + $DAEMON -c | ||
27 | + status=$? | ||
28 | + if [ $status = 0 ]; then | ||
29 | + echo "$DESC is running" | ||
30 | + return 0 | ||
31 | + else | ||
32 | + echo "$DESC is not running" | ||
33 | + return 3 | ||
34 | + fi | ||
35 | } | ||
36 | |||
37 | case "$1" in | ||
38 | @@ -182,9 +190,9 @@ case "$1" in | ||
39 | d_status | ||
40 | ;; | ||
41 | *) | ||
42 | - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload}" >&2 | ||
43 | + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload|status}" >&2 | ||
44 | exit 1 | ||
45 | ;; | ||
46 | esac | ||
47 | |||
48 | -exit 0 | ||
49 | +exit $? | ||
50 | -- | ||
51 | 1.7.9.5 | ||
52 | |||
diff --git a/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/meta/recipes-connectivity/avahi/files/00avahi-autoipd new file mode 100644 index 0000000..a0ab814 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/00avahi-autoipd | |||
@@ -0,0 +1,10 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | [ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 | ||
4 | |||
5 | case "$1" in | ||
6 | |||
7 | deconfig|renew|bound) | ||
8 | /usr/sbin/avahi-autoipd -k $interface 2> /dev/null | ||
9 | ;; | ||
10 | esac | ||
diff --git a/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/meta/recipes-connectivity/avahi/files/99avahi-autoipd new file mode 100644 index 0000000..234cdaa --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/99avahi-autoipd | |||
@@ -0,0 +1,10 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | [ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 | ||
4 | |||
5 | case "$1" in | ||
6 | |||
7 | leasefail) | ||
8 | /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null | ||
9 | ;; | ||
10 | esac | ||
diff --git a/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch b/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch new file mode 100644 index 0000000..32f20ec --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Fixes this install issue | ||
4 | #| /bin/sh: line 0: cd: /srv/home/nitin/builds/build-gcc47/tmp/work/i586-poky-linux/avahi-0.6.31-r3.0/image//usr/bin: No such file or directory | ||
5 | |||
6 | Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> | ||
7 | 2012/05/03 | ||
8 | |||
9 | Index: avahi-0.6.31/avahi-utils/Makefile.am | ||
10 | =================================================================== | ||
11 | --- avahi-0.6.31.orig/avahi-utils/Makefile.am | ||
12 | +++ avahi-0.6.31/avahi-utils/Makefile.am | ||
13 | @@ -54,6 +54,7 @@ avahi_set_host_name_CFLAGS = $(AM_CFLAGS | ||
14 | avahi_set_host_name_LDADD = $(AM_LDADD) ../avahi-client/libavahi-client.la ../avahi-common/libavahi-common.la | ||
15 | |||
16 | install-exec-local: | ||
17 | + $(MKDIR_P) $(DESTDIR)/$(bindir) && \ | ||
18 | cd $(DESTDIR)/$(bindir) && \ | ||
19 | rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \ | ||
20 | $(LN_S) avahi-resolve avahi-resolve-host-name && \ | ||
21 | Index: avahi-0.6.31/avahi-utils/Makefile.in | ||
22 | =================================================================== | ||
23 | --- avahi-0.6.31.orig/avahi-utils/Makefile.in | ||
24 | +++ avahi-0.6.31/avahi-utils/Makefile.in | ||
25 | @@ -906,6 +906,7 @@ uninstall-am: uninstall-binPROGRAMS | ||
26 | |||
27 | |||
28 | @HAVE_DBUS_TRUE@install-exec-local: | ||
29 | +@HAVE_DBUS_TRUE@ $(MKDIR_P) $(DESTDIR)/$(bindir) && \ | ||
30 | @HAVE_DBUS_TRUE@ cd $(DESTDIR)/$(bindir) && \ | ||
31 | @HAVE_DBUS_TRUE@ rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \ | ||
32 | @HAVE_DBUS_TRUE@ $(LN_S) avahi-resolve avahi-resolve-host-name && \ | ||
diff --git a/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch b/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch new file mode 100644 index 0000000..0fc4c29 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | autoamke 1.12.x has depricated use of mkdir_p , and recommends use of MKDIR_P | ||
4 | instead. Fixed the automake files accordingly to avoid warning-errors. | ||
5 | Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> | ||
6 | 2012/07/09 | ||
7 | |||
8 | |||
9 | Index: avahi-0.6.31/avahi-daemon/Makefile.am | ||
10 | =================================================================== | ||
11 | --- avahi-0.6.31.orig/avahi-daemon/Makefile.am | ||
12 | +++ avahi-0.6.31/avahi-daemon/Makefile.am | ||
13 | @@ -169,7 +169,7 @@ xmllint: | ||
14 | done | ||
15 | |||
16 | install-data-local: | ||
17 | - test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run" | ||
18 | + test -z "$(localstatedir)/run" || $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run" | ||
19 | |||
20 | update-systemd: | ||
21 | curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c | ||
22 | Index: avahi-0.6.31/avahi-autoipd/Makefile.am | ||
23 | =================================================================== | ||
24 | --- avahi-0.6.31.orig/avahi-autoipd/Makefile.am | ||
25 | +++ avahi-0.6.31/avahi-autoipd/Makefile.am | ||
26 | @@ -76,7 +76,7 @@ dhcliententerdir = $(sysconfdir)/dhcp/dh | ||
27 | dhclientexitdir = $(sysconfdir)/dhcp/dhclient-exit-hooks.d | ||
28 | |||
29 | install-exec-hook: dhclient-exit-hook dhclient-enter-hook | ||
30 | - $(mkdir_p) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir) | ||
31 | + $(MKDIR_P) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir) | ||
32 | $(INSTALL) dhclient-enter-hook $(DESTDIR)$(dhcliententerdir)/avahi-autoipd | ||
33 | $(INSTALL) dhclient-exit-hook $(DESTDIR)$(dhclientexitdir)/avahi-autoipd | ||
34 | |||
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch new file mode 100644 index 0000000..193889e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/initscript.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in | ||
4 | index 30a2c2f..b5848a8 100755 | ||
5 | --- a/initscript/debian/avahi-daemon.in | ||
6 | +++ b/initscript/debian/avahi-daemon.in | ||
7 | @@ -1,2 +1,14 @@ | ||
8 | #!/bin/sh | ||
9 | - | ||
10 | +### BEGIN INIT INFO | ||
11 | +# Provides: avahi | ||
12 | +# Required-Start: $remote_fs dbus | ||
13 | +# Required-Stop: $remote_fs dbus | ||
14 | +# Should-Start: $syslog | ||
15 | +# Should-Stop: $syslog | ||
16 | +# Default-Start: 2 3 4 5 | ||
17 | +# Default-Stop: 0 1 6 | ||
18 | +# Short-Description: Avahi mDNS/DNS-SD Daemon | ||
19 | +# Description: Zeroconf daemon for configuring your network | ||
20 | +# automatically | ||
21 | +### END INIT INFO | ||
22 | +# | ||
23 | diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in | ||
24 | index ac34804..f95c340 100755 | ||
25 | --- a/initscript/debian/avahi-dnsconfd.in | ||
26 | +++ b/initscript/debian/avahi-dnsconfd.in | ||
27 | @@ -1,1 +1,14 @@ | ||
28 | #!/bin/sh | ||
29 | +### BEGIN INIT INFO | ||
30 | +# Provides: avahi-dnsconfd | ||
31 | +# Required-Start: $remote_fs avahi | ||
32 | +# Required-Stop: $remote_fs avahi | ||
33 | +# Should-Start: $syslog | ||
34 | +# Should-Stop: $syslog | ||
35 | +# Default-Start: 2 3 4 5 | ||
36 | +# Default-Stop: 0 1 6 | ||
37 | +# Short-Description: Avahi mDNS/DNS-SD DNS configuration | ||
38 | +# Description: Zeroconf daemon for configuring your network | ||
39 | +# automatically | ||
40 | +### END INIT INFO | ||
41 | +# | ||
diff --git a/meta/recipes-connectivity/avahi/files/out-of-tree.patch b/meta/recipes-connectivity/avahi/files/out-of-tree.patch new file mode 100644 index 0000000..43476cd --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/out-of-tree.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | Upstream-Status: Pending | ||
2 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
3 | |||
4 | From a62dc95d75691ea4aefa86d8bbe54c62afd78ff6 Mon Sep 17 00:00:00 2001 | ||
5 | From: Ross Burton <ross.burton@intel.com> | ||
6 | Date: Tue, 17 Sep 2013 12:27:36 +0100 | ||
7 | Subject: [PATCH] build-sys: fix out-of-tree builds without xmltoman | ||
8 | |||
9 | If manpages are enabled but xmltoman isn't present, out-of-tree builds fail | ||
10 | because it checks inside the build directory for the pre-generated manpages. | ||
11 | |||
12 | Fix this by using $srcdir when looking for files inside the source directory. | ||
13 | --- | ||
14 | configure.ac | 2 +- | ||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/configure.ac b/configure.ac | ||
18 | index 9debce2..047c7ae 100644 | ||
19 | --- a/configure.ac | ||
20 | +++ b/configure.ac | ||
21 | @@ -1021,7 +1021,7 @@ if test x$manpages = xyes ; then | ||
22 | fi | ||
23 | |||
24 | if test x$have_xmltoman = xno -o x$xmltoman = xno; then | ||
25 | - if ! test -e man/avahi-daemon.8 ; then | ||
26 | + if ! test -e $srcdir/man/avahi-daemon.8 ; then | ||
27 | AC_MSG_ERROR([*** xmltoman was not found or was disabled, it is required to build the manpages as they have not been pre-built, install xmltoman, pass --disable-manpages or dont pass --disable-xmltoman]) | ||
28 | exit 1 | ||
29 | fi | ||
30 | -- | ||
31 | 1.7.10.4 | ||
32 | |||
diff --git a/meta/recipes-connectivity/avahi/files/reuseport-check.patch b/meta/recipes-connectivity/avahi/files/reuseport-check.patch new file mode 100644 index 0000000..bb81c2c --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/reuseport-check.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | Fix avahi-daemon when running on kernel < 3.9 (patch taken from Ubuntu). | ||
2 | |||
3 | Upstream-Status: Pending (unmaintained upstream) | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | Description: SO_REUSEPORT may not exist in running kernel | ||
7 | When userspace defines SO_REUSEPORT we will attempt to enable socket | ||
8 | port number reuse. However if the running kernel does not support | ||
9 | this call it will fail preventing daemon startup. If this call is | ||
10 | present but fails ENOPROTOOPT then we know that actually the kernel | ||
11 | does not support it and we should continue as if we did not have the | ||
12 | call at all. (LP: #1228204) | ||
13 | . | ||
14 | This patch could be removed from the debian package after jessie release. | ||
15 | Author: Andy Whitcroft <apw@canonical.com> | ||
16 | |||
17 | Index: avahi-0.6.31/avahi-core/socket.c | ||
18 | =================================================================== | ||
19 | --- avahi-0.6.31.orig/avahi-core/socket.c 2013-09-20 16:36:50.000000000 +0100 | ||
20 | +++ avahi-0.6.31/avahi-core/socket.c 2013-09-20 16:38:23.781863644 +0100 | ||
21 | @@ -177,7 +177,8 @@ | ||
22 | yes = 1; | ||
23 | if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &yes, sizeof(yes)) < 0) { | ||
24 | avahi_log_warn("SO_REUSEPORT failed: %s", strerror(errno)); | ||
25 | - return -1; | ||
26 | + if (errno != ENOPROTOOPT) | ||
27 | + return -1; | ||
28 | } | ||
29 | #endif | ||
30 | |||
diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch new file mode 100644 index 0000000..0abb475 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch | |||
@@ -0,0 +1,119 @@ | |||
1 | bind_Fix_for_CVE-2012-5166 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg | ||
6 | -1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz | ||
7 | |||
8 | ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before | ||
9 | 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows | ||
10 | remote attackers to cause a denial of service (named daemon hang) | ||
11 | via unspecified combinations of resource records. | ||
12 | |||
13 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166 | ||
14 | |||
15 | Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> | ||
16 | diff -urpN a/bin/named/query.c b/bin/named/query.c | ||
17 | --- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800 | ||
18 | +++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800 | ||
19 | @@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d | ||
20 | mname = NULL; | ||
21 | } | ||
22 | |||
23 | - /* | ||
24 | - * If the dns_name_t we're looking up is already in the message, | ||
25 | - * we don't want to trigger the caller's name replacement logic. | ||
26 | - */ | ||
27 | - if (name == mname) | ||
28 | - mname = NULL; | ||
29 | - | ||
30 | *mnamep = mname; | ||
31 | |||
32 | CTRACE("query_isduplicate: false: done"); | ||
33 | @@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_ | ||
34 | if (dns_rdataset_isassociated(rdataset) && | ||
35 | !query_isduplicate(client, fname, type, &mname)) { | ||
36 | if (mname != NULL) { | ||
37 | + INSIST(mname != fname); | ||
38 | query_releasename(client, &fname); | ||
39 | fname = mname; | ||
40 | } else | ||
41 | @@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_ | ||
42 | mname = NULL; | ||
43 | if (!query_isduplicate(client, fname, | ||
44 | dns_rdatatype_a, &mname)) { | ||
45 | - if (mname != NULL) { | ||
46 | - query_releasename(client, &fname); | ||
47 | - fname = mname; | ||
48 | - } else | ||
49 | - need_addname = ISC_TRUE; | ||
50 | + if (mname != fname) { | ||
51 | + if (mname != NULL) { | ||
52 | + query_releasename(client, &fname); | ||
53 | + fname = mname; | ||
54 | + } else | ||
55 | + need_addname = ISC_TRUE; | ||
56 | + } | ||
57 | ISC_LIST_APPEND(fname->list, rdataset, link); | ||
58 | added_something = ISC_TRUE; | ||
59 | if (sigrdataset != NULL && | ||
60 | @@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_ | ||
61 | mname = NULL; | ||
62 | if (!query_isduplicate(client, fname, | ||
63 | dns_rdatatype_aaaa, &mname)) { | ||
64 | - if (mname != NULL) { | ||
65 | - query_releasename(client, &fname); | ||
66 | - fname = mname; | ||
67 | - } else | ||
68 | - need_addname = ISC_TRUE; | ||
69 | + if (mname != fname) { | ||
70 | + if (mname != NULL) { | ||
71 | + query_releasename(client, &fname); | ||
72 | + fname = mname; | ||
73 | + } else | ||
74 | + need_addname = ISC_TRUE; | ||
75 | + } | ||
76 | ISC_LIST_APPEND(fname->list, rdataset, link); | ||
77 | added_something = ISC_TRUE; | ||
78 | if (sigrdataset != NULL && | ||
79 | @@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name | ||
80 | crdataset->type == dns_rdatatype_aaaa) { | ||
81 | if (!query_isduplicate(client, fname, crdataset->type, | ||
82 | &mname)) { | ||
83 | - if (mname != NULL) { | ||
84 | - /* | ||
85 | - * A different type of this name is | ||
86 | - * already stored in the additional | ||
87 | - * section. We'll reuse the name. | ||
88 | - * Note that this should happen at most | ||
89 | - * once. Otherwise, fname->link could | ||
90 | - * leak below. | ||
91 | - */ | ||
92 | - INSIST(mname0 == NULL); | ||
93 | - | ||
94 | - query_releasename(client, &fname); | ||
95 | - fname = mname; | ||
96 | - mname0 = mname; | ||
97 | - } else | ||
98 | - need_addname = ISC_TRUE; | ||
99 | + if (mname != fname) { | ||
100 | + if (mname != NULL) { | ||
101 | + /* | ||
102 | + * A different type of this name is | ||
103 | + * already stored in the additional | ||
104 | + * section. We'll reuse the name. | ||
105 | + * Note that this should happen at most | ||
106 | + * once. Otherwise, fname->link could | ||
107 | + * leak below. | ||
108 | + */ | ||
109 | + INSIST(mname0 == NULL); | ||
110 | + | ||
111 | + query_releasename(client, &fname); | ||
112 | + fname = mname; | ||
113 | + mname0 = mname; | ||
114 | + } else | ||
115 | + need_addname = ISC_TRUE; | ||
116 | + } | ||
117 | ISC_LIST_UNLINK(cfname.list, crdataset, link); | ||
118 | ISC_LIST_APPEND(fname->list, crdataset, link); | ||
119 | added_something = ISC_TRUE; | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch new file mode 100644 index 0000000..19d8df1 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch | |||
@@ -0,0 +1,89 @@ | |||
1 | The patch to fix CVE-2011-4313 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html | ||
6 | |||
7 | query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV | ||
8 | through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 | ||
9 | through 9.9.0b1 allows remote attackers to cause a denial of service | ||
10 | (assertion failure and named exit) via unknown vectors related to recursive DNS | ||
11 | queries, error logging, and the caching of an invalid record by the resolver. | ||
12 | |||
13 | Signed-off-by Ming Liu <ming.liu@windriver.com> | ||
14 | --- | ||
15 | bin/named/query.c | 19 ++++++++----------- | ||
16 | lib/dns/rbtdb.c | 4 ++-- | ||
17 | 2 files changed, 10 insertions(+), 13 deletions(-) | ||
18 | |||
19 | --- a/bin/named/query.c | ||
20 | +++ b/bin/named/query.c | ||
21 | @@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_ | ||
22 | goto addname; | ||
23 | if (result == DNS_R_NCACHENXRRSET) { | ||
24 | dns_rdataset_disassociate(rdataset); | ||
25 | - /* | ||
26 | - * Negative cache entries don't have sigrdatasets. | ||
27 | - */ | ||
28 | - INSIST(sigrdataset == NULL || | ||
29 | - ! dns_rdataset_isassociated(sigrdataset)); | ||
30 | + if (sigrdataset != NULL && | ||
31 | + dns_rdataset_isassociated(sigrdataset)) | ||
32 | + dns_rdataset_disassociate(sigrdataset); | ||
33 | } | ||
34 | if (result == ISC_R_SUCCESS) { | ||
35 | mname = NULL; | ||
36 | @@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_ | ||
37 | goto addname; | ||
38 | if (result == DNS_R_NCACHENXRRSET) { | ||
39 | dns_rdataset_disassociate(rdataset); | ||
40 | - INSIST(sigrdataset == NULL || | ||
41 | - ! dns_rdataset_isassociated(sigrdataset)); | ||
42 | + if (sigrdataset != NULL && | ||
43 | + dns_rdataset_isassociated(sigrdataset)) | ||
44 | + dns_rdataset_disassociate(sigrdataset); | ||
45 | } | ||
46 | if (result == ISC_R_SUCCESS) { | ||
47 | mname = NULL; | ||
48 | @@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name | ||
49 | goto setcache; | ||
50 | if (result == DNS_R_NCACHENXRRSET) { | ||
51 | dns_rdataset_disassociate(rdataset); | ||
52 | - /* | ||
53 | - * Negative cache entries don't have sigrdatasets. | ||
54 | - */ | ||
55 | - INSIST(! dns_rdataset_isassociated(sigrdataset)); | ||
56 | + if (dns_rdataset_isassociated(sigrdataset)) | ||
57 | + dns_rdataset_disassociate(sigrdataset); | ||
58 | } | ||
59 | if (result == ISC_R_SUCCESS) { | ||
60 | /* Remember the result as a cache */ | ||
61 | --- a/lib/dns/rbtdb.c | ||
62 | +++ b/lib/dns/rbtdb.c | ||
63 | @@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam | ||
64 | rdataset); | ||
65 | if (need_headerupdate(found, search.now)) | ||
66 | update = found; | ||
67 | - if (foundsig != NULL) { | ||
68 | + if (!NEGATIVE(found) && foundsig != NULL) { | ||
69 | bind_rdataset(search.rbtdb, node, foundsig, search.now, | ||
70 | sigrdataset); | ||
71 | if (need_headerupdate(foundsig, search.now)) | ||
72 | @@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno | ||
73 | } | ||
74 | if (found != NULL) { | ||
75 | bind_rdataset(rbtdb, rbtnode, found, now, rdataset); | ||
76 | - if (foundsig != NULL) | ||
77 | + if (!NEGATIVE(found) && foundsig != NULL) | ||
78 | bind_rdataset(rbtdb, rbtnode, foundsig, now, | ||
79 | sigrdataset); | ||
80 | } | ||
81 | @@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn | ||
82 | } | ||
83 | if (found != NULL) { | ||
84 | bind_rdataset(rbtdb, rbtnode, found, now, rdataset); | ||
85 | - if (foundsig != NULL) | ||
86 | + if (!NEGATIVE(found) && foundsig != NULL) | ||
87 | bind_rdataset(rbtdb, rbtnode, foundsig, now, | ||
88 | sigrdataset); | ||
89 | } | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch new file mode 100644 index 0000000..c441eab --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch | |||
@@ -0,0 +1,92 @@ | |||
1 | bind CVE-2012-1667 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, | ||
6 | and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource | ||
7 | records with a zero-length RDATA section, which allows remote DNS servers to | ||
8 | cause a denial of service (daemon crash or data corruption) or obtain | ||
9 | sensitive information from process memory via a crafted record. | ||
10 | |||
11 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667 | ||
12 | |||
13 | The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package. | ||
14 | |||
15 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
16 | --- | ||
17 | lib/dns/rdata.c | 8 ++++---- | ||
18 | lib/dns/rdataslab.c | 11 ++++++++--- | ||
19 | 2 files changed, 12 insertions(+), 7 deletions(-) | ||
20 | |||
21 | diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c | ||
22 | index 063b1f6..9337a80 100644 | ||
23 | --- a/lib/dns/rdata.c | ||
24 | +++ b/lib/dns/rdata.c | ||
25 | @@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { | ||
26 | |||
27 | REQUIRE(rdata1 != NULL); | ||
28 | REQUIRE(rdata2 != NULL); | ||
29 | - REQUIRE(rdata1->data != NULL); | ||
30 | - REQUIRE(rdata2->data != NULL); | ||
31 | + REQUIRE(rdata1->length == 0 || rdata1->data != NULL); | ||
32 | + REQUIRE(rdata2->length == 0 || rdata2->data != NULL); | ||
33 | REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); | ||
34 | REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); | ||
35 | |||
36 | @@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) { | ||
37 | |||
38 | REQUIRE(rdata1 != NULL); | ||
39 | REQUIRE(rdata2 != NULL); | ||
40 | - REQUIRE(rdata1->data != NULL); | ||
41 | - REQUIRE(rdata2->data != NULL); | ||
42 | + REQUIRE(rdata1->length == 0 || rdata1->data != NULL); | ||
43 | + REQUIRE(rdata2->length == 0 || rdata2->data != NULL); | ||
44 | REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1)); | ||
45 | REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2)); | ||
46 | |||
47 | diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c | ||
48 | index a41f16f..ed13b30 100644 | ||
49 | --- a/lib/dns/rdataslab.c | ||
50 | +++ b/lib/dns/rdataslab.c | ||
51 | @@ -125,6 +125,11 @@ isc_result_t | ||
52 | dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, | ||
53 | isc_region_t *region, unsigned int reservelen) | ||
54 | { | ||
55 | + /* | ||
56 | + * Use &removed as a sentinal pointer for duplicate | ||
57 | + * rdata as rdata.data == NULL is valid. | ||
58 | + */ | ||
59 | + static unsigned char removed; | ||
60 | struct xrdata *x; | ||
61 | unsigned char *rawbuf; | ||
62 | #if DNS_RDATASET_FIXED | ||
63 | @@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, | ||
64 | INSIST(result == ISC_R_SUCCESS); | ||
65 | dns_rdata_init(&x[i].rdata); | ||
66 | dns_rdataset_current(rdataset, &x[i].rdata); | ||
67 | + INSIST(x[i].rdata.data != &removed); | ||
68 | #if DNS_RDATASET_FIXED | ||
69 | x[i].order = i; | ||
70 | #endif | ||
71 | @@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, | ||
72 | */ | ||
73 | for (i = 1; i < nalloc; i++) { | ||
74 | if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { | ||
75 | - x[i-1].rdata.data = NULL; | ||
76 | - x[i-1].rdata.length = 0; | ||
77 | + x[i-1].rdata.data = &removed; | ||
78 | #if DNS_RDATASET_FIXED | ||
79 | /* | ||
80 | * Preserve the least order so A, B, A -> A, B | ||
81 | @@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, | ||
82 | #endif | ||
83 | |||
84 | for (i = 0; i < nalloc; i++) { | ||
85 | - if (x[i].rdata.data == NULL) | ||
86 | + if (x[i].rdata.data == &removed) | ||
87 | continue; | ||
88 | #if DNS_RDATASET_FIXED | ||
89 | offsettable[x[i].order] = rawbuf - offsetbase; | ||
90 | -- | ||
91 | 1.7.0.5 | ||
92 | |||
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch new file mode 100644 index 0000000..1e159bd --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | bind: fix for CVE-2012-3817 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; | ||
6 | 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation | ||
7 | is enabled, does not properly initialize the failing-query cache, which allows | ||
8 | remote attackers to cause a denial of service (assertion failure and daemon exit) | ||
9 | by sending many queries. | ||
10 | |||
11 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817 | ||
12 | |||
13 | This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package. | ||
14 | |||
15 | Signed-off-by: Ming Liu <ming.liu@windriver.com> | ||
16 | --- | ||
17 | resolver.c | 5 +++-- | ||
18 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
19 | |||
20 | --- a/lib/dns/resolver.c | ||
21 | +++ b/lib/dns/resolver.c | ||
22 | @@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t | ||
23 | goto cleanup; | ||
24 | bad->type = type; | ||
25 | bad->hashval = hashval; | ||
26 | + bad->expire = *expire; | ||
27 | isc_buffer_init(&buffer, bad + 1, name->length); | ||
28 | dns_name_init(&bad->name, NULL); | ||
29 | dns_name_copy(name, &bad->name, &buffer); | ||
30 | @@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t | ||
31 | if (resolver->badcount < resolver->badhash * 2 && | ||
32 | resolver->badhash > DNS_BADCACHE_SIZE) | ||
33 | resizehash(resolver, &now, ISC_FALSE); | ||
34 | - } | ||
35 | - bad->expire = *expire; | ||
36 | + } else | ||
37 | + bad->expire = *expire; | ||
38 | cleanup: | ||
39 | UNLOCK(&resolver->lock); | ||
40 | } | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch new file mode 100644 index 0000000..7ec6deb --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | bind: fix for CVE-2013-2266 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, | ||
6 | 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows | ||
7 | remote attackers to cause a denial of service (memory consumption) via a | ||
8 | crafted regular expression, as demonstrated by a memory-exhaustion attack | ||
9 | against a machine running a named process. | ||
10 | |||
11 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266 | ||
12 | |||
13 | Signed-off-by Ming Liu <ming.liu@windriver.com> | ||
14 | --- | ||
15 | config.h.in | 3 --- | ||
16 | configure.in | 2 +- | ||
17 | 2 files changed, 1 insertion(+), 4 deletions(-) | ||
18 | |||
19 | --- a/config.h.in | ||
20 | +++ b/config.h.in | ||
21 | @@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int | ||
22 | /* Define if your OpenSSL version supports GOST. */ | ||
23 | #undef HAVE_OPENSSL_GOST | ||
24 | |||
25 | -/* Define to 1 if you have the <regex.h> header file. */ | ||
26 | -#undef HAVE_REGEX_H | ||
27 | - | ||
28 | /* Define to 1 if you have the `setegid' function. */ | ||
29 | #undef HAVE_SETEGID | ||
30 | |||
31 | --- a/configure.in | ||
32 | +++ b/configure.in | ||
33 | @@ -279,7 +279,7 @@ esac | ||
34 | |||
35 | AC_HEADER_STDC | ||
36 | |||
37 | -AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, | ||
38 | +AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,, | ||
39 | [$ac_includes_default | ||
40 | #ifdef HAVE_SYS_PARAM_H | ||
41 | # include <sys/param.h> | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch new file mode 100644 index 0000000..5dd6f69 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch | |||
@@ -0,0 +1,141 @@ | |||
1 | bind_Fix_for_CVE-2012-4244 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit | ||
6 | |||
7 | ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, | ||
8 | and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to | ||
9 | cause a denial of service (assertion failure and named daemon exit) via | ||
10 | a query for a long resource record. | ||
11 | |||
12 | Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> | ||
13 | |||
14 | diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h | ||
15 | --- a/lib/dns/include/dns/rdata.h 2012-10-08 12:19:42.000000000 +0800 | ||
16 | +++ b/lib/dns/include/dns/rdata.h 2012-10-08 11:26:43.000000000 +0800 | ||
17 | @@ -147,6 +147,17 @@ struct dns_rdata { | ||
18 | (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0) | ||
19 | |||
20 | /* | ||
21 | + * The maximum length of a RDATA that can be sent on the wire. | ||
22 | + * Max packet size (65535) less header (12), less name (1), type (2), | ||
23 | + * class (2), ttl(4), length (2). | ||
24 | + * | ||
25 | + * None of the defined types that support name compression can exceed | ||
26 | + * this and all new types are to be sent uncompressed. | ||
27 | + */ | ||
28 | + | ||
29 | +#define DNS_RDATA_MAXLENGTH 65512U | ||
30 | + | ||
31 | +/* | ||
32 | * Flags affecting rdata formatting style. Flags 0xFFFF0000 | ||
33 | * are used by masterfile-level formatting and defined elsewhere. | ||
34 | * See additional comments at dns_rdata_tofmttext(). | ||
35 | diff -urpN a/lib/dns/master.c b/lib/dns/master.c | ||
36 | --- a/lib/dns/master.c 2012-10-08 12:19:42.000000000 +0800 | ||
37 | +++ b/lib/dns/master.c 2012-10-08 11:27:06.000000000 +0800 | ||
38 | @@ -75,7 +75,7 @@ | ||
39 | /*% | ||
40 | * max message size - header - root - type - class - ttl - rdlen | ||
41 | */ | ||
42 | -#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) | ||
43 | +#define MINTSIZ DNS_RDATA_MAXLENGTH | ||
44 | /*% | ||
45 | * Size for tokens in the presentation format, | ||
46 | * The largest tokens are the base64 blocks in KEY and CERT records, | ||
47 | diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c | ||
48 | --- a/lib/dns/rdata.c 2012-10-08 12:19:42.000000000 +0800 | ||
49 | +++ b/lib/dns/rdata.c 2012-10-08 11:27:27.000000000 +0800 | ||
50 | @@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d | ||
51 | isc_buffer_t st; | ||
52 | isc_boolean_t use_default = ISC_FALSE; | ||
53 | isc_uint32_t activelength; | ||
54 | + size_t length; | ||
55 | |||
56 | REQUIRE(dctx != NULL); | ||
57 | if (rdata != NULL) { | ||
58 | @@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d | ||
59 | } | ||
60 | |||
61 | /* | ||
62 | + * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH | ||
63 | + * as we cannot transmit it. | ||
64 | + */ | ||
65 | + length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); | ||
66 | + if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) | ||
67 | + result = DNS_R_FORMERR; | ||
68 | + | ||
69 | + /* | ||
70 | * We should have consumed all of our buffer. | ||
71 | */ | ||
72 | if (result == ISC_R_SUCCESS && !buffer_empty(source)) | ||
73 | @@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d | ||
74 | |||
75 | if (rdata != NULL && result == ISC_R_SUCCESS) { | ||
76 | region.base = isc_buffer_used(&st); | ||
77 | - region.length = isc_buffer_usedlength(target) - | ||
78 | - isc_buffer_usedlength(&st); | ||
79 | + region.length = length; | ||
80 | dns_rdata_fromregion(rdata, rdclass, type, ®ion); | ||
81 | } | ||
82 | |||
83 | @@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d | ||
84 | unsigned long line; | ||
85 | void (*callback)(dns_rdatacallbacks_t *, const char *, ...); | ||
86 | isc_result_t tresult; | ||
87 | + size_t length; | ||
88 | |||
89 | REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); | ||
90 | if (rdata != NULL) { | ||
91 | @@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d | ||
92 | } | ||
93 | } while (1); | ||
94 | |||
95 | + length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); | ||
96 | + if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) | ||
97 | + result = ISC_R_NOSPACE; | ||
98 | + | ||
99 | if (rdata != NULL && result == ISC_R_SUCCESS) { | ||
100 | region.base = isc_buffer_used(&st); | ||
101 | - region.length = isc_buffer_usedlength(target) - | ||
102 | - isc_buffer_usedlength(&st); | ||
103 | + region.length = length; | ||
104 | dns_rdata_fromregion(rdata, rdclass, type, ®ion); | ||
105 | } | ||
106 | if (result != ISC_R_SUCCESS) { | ||
107 | @@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, | ||
108 | isc_buffer_t st; | ||
109 | isc_region_t region; | ||
110 | isc_boolean_t use_default = ISC_FALSE; | ||
111 | + size_t length; | ||
112 | |||
113 | REQUIRE(source != NULL); | ||
114 | if (rdata != NULL) { | ||
115 | @@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, | ||
116 | if (use_default) | ||
117 | (void)NULL; | ||
118 | |||
119 | + length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st); | ||
120 | + if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH) | ||
121 | + result = ISC_R_NOSPACE; | ||
122 | + | ||
123 | if (rdata != NULL && result == ISC_R_SUCCESS) { | ||
124 | region.base = isc_buffer_used(&st); | ||
125 | - region.length = isc_buffer_usedlength(target) - | ||
126 | - isc_buffer_usedlength(&st); | ||
127 | + region.length = length; | ||
128 | dns_rdata_fromregion(rdata, rdclass, type, ®ion); | ||
129 | } | ||
130 | if (result != ISC_R_SUCCESS) | ||
131 | diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c | ||
132 | --- a/lib/dns/rdataslab.c 2012-10-08 12:19:42.000000000 +0800 | ||
133 | +++ b/lib/dns/rdataslab.c 2012-10-08 11:27:54.000000000 +0800 | ||
134 | @@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_ | ||
135 | length = x[i].rdata.length; | ||
136 | if (rdataset->type == dns_rdatatype_rrsig) | ||
137 | length++; | ||
138 | + INSIST(length <= 0xffff); | ||
139 | *rawbuf++ = (length & 0xff00) >> 8; | ||
140 | *rawbuf++ = (length & 0x00ff); | ||
141 | #if DNS_RDATASET_FIXED | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind/bind9 new file mode 100644 index 0000000..968679f --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind9 | |||
@@ -0,0 +1,2 @@ | |||
1 | # startup options for the server | ||
2 | OPTIONS="-u bind" | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch new file mode 100644 index 0000000..62142d2 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch | |||
@@ -0,0 +1,990 @@ | |||
1 | From 603a0e2637b35a2da820bc807f69bcf09c682dce Mon Sep 17 00:00:00 2001 | ||
2 | From: Evan Hunt <each@isc.org> | ||
3 | Date: Mon, 17 Nov 2014 23:49:07 -0800 | ||
4 | Subject: [PATCH] [v9_9] limit recursion depth and iterative queries | ||
5 | |||
6 | 4006. [security] A flaw in delegation handling could be exploited | ||
7 | to put named into an infinite loop. This has | ||
8 | been addressed by placing limits on the number | ||
9 | of levels of recursion named will allow (default 7), | ||
10 | and the number of iterative queries that it will | ||
11 | send (default 50) before terminating a recursive | ||
12 | query (CVE-2014-8500). | ||
13 | |||
14 | The recursion depth limit is configured via the | ||
15 | "max-recursion-depth" option. [RT #35780] | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | |||
19 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
20 | --- | ||
21 | bin/named/config.c | 3 +- | ||
22 | bin/named/include/named/query.h | 2 - | ||
23 | bin/named/query.c | 7 ++- | ||
24 | bin/named/server.c | 5 ++ | ||
25 | bin/tests/system/many/clean.sh | 7 +++ | ||
26 | bin/tests/system/many/ns1/named.conf | 33 +++++++++++++ | ||
27 | bin/tests/system/many/ns2/named.conf | 30 ++++++++++++ | ||
28 | bin/tests/system/many/ns3/named.conf | 32 +++++++++++++ | ||
29 | bin/tests/system/many/ns4/named.conf | 30 ++++++++++++ | ||
30 | bin/tests/system/many/ns5/hints.db | 2 + | ||
31 | bin/tests/system/many/ns5/named.conf | 29 ++++++++++++ | ||
32 | bin/tests/system/many/setup.sh | 75 ++++++++++++++++++++++++++++++ | ||
33 | bin/tests/system/many/tests.sh | 48 +++++++++++++++++++ | ||
34 | doc/arm/Bv9ARM-book.xml | 12 +++++ | ||
35 | lib/dns/adb.c | 58 ++++++++++++++++------- | ||
36 | lib/dns/include/dns/adb.h | 8 ++++ | ||
37 | lib/dns/include/dns/resolver.h | 25 ++++++++++ | ||
38 | lib/dns/resolver.c | 90 ++++++++++++++++++++++++++++++------ | ||
39 | lib/isccfg/namedconf.c | 1 + | ||
40 | 20 files changed, 471 insertions(+), 37 deletions(-) | ||
41 | create mode 100644 bin/tests/system/many/clean.sh | ||
42 | create mode 100644 bin/tests/system/many/ns1/named.conf | ||
43 | create mode 100644 bin/tests/system/many/ns2/named.conf | ||
44 | create mode 100644 bin/tests/system/many/ns3/named.conf | ||
45 | create mode 100644 bin/tests/system/many/ns4/named.conf | ||
46 | create mode 100644 bin/tests/system/many/ns5/hints.db | ||
47 | create mode 100644 bin/tests/system/many/ns5/named.conf | ||
48 | create mode 100644 bin/tests/system/many/setup.sh | ||
49 | create mode 100644 bin/tests/system/many/tests.sh | ||
50 | |||
51 | diff --git a/bin/named/config.c b/bin/named/config.c | ||
52 | index 2782720..5ee8c4e 100644 | ||
53 | --- a/bin/named/config.c | ||
54 | +++ b/bin/named/config.c | ||
55 | @@ -15,8 +15,6 @@ | ||
56 | * PERFORMANCE OF THIS SOFTWARE. | ||
57 | */ | ||
58 | |||
59 | -/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */ | ||
60 | - | ||
61 | /*! \file */ | ||
62 | |||
63 | #include <config.h> | ||
64 | @@ -160,6 +158,7 @@ options {\n\ | ||
65 | dnssec-accept-expired no;\n\ | ||
66 | clients-per-query 10;\n\ | ||
67 | max-clients-per-query 100;\n\ | ||
68 | + max-recursion-depth 7;\n\ | ||
69 | zero-no-soa-ttl-cache no;\n\ | ||
70 | nsec3-test-zone no;\n\ | ||
71 | allow-new-zones no;\n\ | ||
72 | diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h | ||
73 | index 3beabb8..b5e3900 100644 | ||
74 | --- a/bin/named/include/named/query.h | ||
75 | +++ b/bin/named/include/named/query.h | ||
76 | @@ -15,8 +15,6 @@ | ||
77 | * PERFORMANCE OF THIS SOFTWARE. | ||
78 | */ | ||
79 | |||
80 | -/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */ | ||
81 | - | ||
82 | #ifndef NAMED_QUERY_H | ||
83 | #define NAMED_QUERY_H 1 | ||
84 | |||
85 | diff --git a/bin/named/query.c b/bin/named/query.c | ||
86 | index 982f76d..47bfc6a 100644 | ||
87 | --- a/bin/named/query.c | ||
88 | +++ b/bin/named/query.c | ||
89 | @@ -3877,12 +3877,11 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, | ||
90 | peeraddr = &client->peeraddr; | ||
91 | else | ||
92 | peeraddr = NULL; | ||
93 | - result = dns_resolver_createfetch2(client->view->resolver, | ||
94 | + result = dns_resolver_createfetch3(client->view->resolver, | ||
95 | qname, qtype, qdomain, nameservers, | ||
96 | NULL, peeraddr, client->message->id, | ||
97 | - client->query.fetchoptions, | ||
98 | - client->task, | ||
99 | - query_resume, client, | ||
100 | + client->query.fetchoptions, 0, | ||
101 | + client->task, query_resume, client, | ||
102 | rdataset, sigrdataset, | ||
103 | &client->query.fetch); | ||
104 | |||
105 | diff --git a/bin/named/server.c b/bin/named/server.c | ||
106 | index ac015a4..0559977 100644 | ||
107 | --- a/bin/named/server.c | ||
108 | +++ b/bin/named/server.c | ||
109 | @@ -3161,6 +3161,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, | ||
110 | cfg_obj_asuint32(obj), | ||
111 | max_clients_per_query); | ||
112 | |||
113 | + obj = NULL; | ||
114 | + result = ns_config_get(maps, "max-recursion-depth", &obj); | ||
115 | + INSIST(result == ISC_R_SUCCESS); | ||
116 | + dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj)); | ||
117 | + | ||
118 | #ifdef ALLOW_FILTER_AAAA_ON_V4 | ||
119 | obj = NULL; | ||
120 | result = ns_config_get(maps, "filter-aaaa-on-v4", &obj); | ||
121 | diff --git a/bin/tests/system/many/clean.sh b/bin/tests/system/many/clean.sh | ||
122 | new file mode 100644 | ||
123 | index 0000000..119b1f5 | ||
124 | --- /dev/null | ||
125 | +++ b/bin/tests/system/many/clean.sh | ||
126 | @@ -0,0 +1,7 @@ | ||
127 | +rm -f ns1/[1-9]*example.tld?.db | ||
128 | +rm -f ns2/[1-9]*example.tld?.db | ||
129 | +rm -f ns1/zones.conf | ||
130 | +rm -f ns2/zones.conf | ||
131 | +rm -f */root.db | ||
132 | +rm -f ns3/tld1.db | ||
133 | +rm -f ns4/tld2.db | ||
134 | diff --git a/bin/tests/system/many/ns1/named.conf b/bin/tests/system/many/ns1/named.conf | ||
135 | new file mode 100644 | ||
136 | index 0000000..abc9dca | ||
137 | --- /dev/null | ||
138 | +++ b/bin/tests/system/many/ns1/named.conf | ||
139 | @@ -0,0 +1,33 @@ | ||
140 | +/* | ||
141 | + * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
142 | + * | ||
143 | + * Permission to use, copy, modify, and/or distribute this software for any | ||
144 | + * purpose with or without fee is hereby granted, provided that the above | ||
145 | + * copyright notice and this permission notice appear in all copies. | ||
146 | + * | ||
147 | + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
148 | + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
149 | + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
150 | + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
151 | + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
152 | + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
153 | + * PERFORMANCE OF THIS SOFTWARE. | ||
154 | + */ | ||
155 | + | ||
156 | +controls { /* empty */ }; | ||
157 | + | ||
158 | +options { | ||
159 | + query-source address 10.53.0.1; | ||
160 | + notify-source 10.53.0.1; | ||
161 | + transfer-source 10.53.0.1; | ||
162 | + port 5300; | ||
163 | + pid-file "named.pid"; | ||
164 | + listen-on { 10.53.0.1; }; | ||
165 | + listen-on-v6 { none; }; | ||
166 | + recursion no; | ||
167 | +}; | ||
168 | + | ||
169 | +include "zones.conf"; | ||
170 | + | ||
171 | +// zone "tld1" { type master; file "tld1.db"; }; | ||
172 | +// zone "tld2" { type master; file "tld2.db"; }; | ||
173 | diff --git a/bin/tests/system/many/ns2/named.conf b/bin/tests/system/many/ns2/named.conf | ||
174 | new file mode 100644 | ||
175 | index 0000000..16266e2 | ||
176 | --- /dev/null | ||
177 | +++ b/bin/tests/system/many/ns2/named.conf | ||
178 | @@ -0,0 +1,30 @@ | ||
179 | +/* | ||
180 | + * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
181 | + * | ||
182 | + * Permission to use, copy, modify, and/or distribute this software for any | ||
183 | + * purpose with or without fee is hereby granted, provided that the above | ||
184 | + * copyright notice and this permission notice appear in all copies. | ||
185 | + * | ||
186 | + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
187 | + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
188 | + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
189 | + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
190 | + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
191 | + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
192 | + * PERFORMANCE OF THIS SOFTWARE. | ||
193 | + */ | ||
194 | + | ||
195 | +controls { /* empty */ }; | ||
196 | + | ||
197 | +options { | ||
198 | + query-source address 10.53.0.2; | ||
199 | + notify-source 10.53.0.2; | ||
200 | + transfer-source 10.53.0.2; | ||
201 | + port 5300; | ||
202 | + pid-file "named.pid"; | ||
203 | + listen-on { 10.53.0.2; }; | ||
204 | + listen-on-v6 { none; }; | ||
205 | + recursion no; | ||
206 | +}; | ||
207 | + | ||
208 | +include "zones.conf"; | ||
209 | diff --git a/bin/tests/system/many/ns3/named.conf b/bin/tests/system/many/ns3/named.conf | ||
210 | new file mode 100644 | ||
211 | index 0000000..b950afe | ||
212 | --- /dev/null | ||
213 | +++ b/bin/tests/system/many/ns3/named.conf | ||
214 | @@ -0,0 +1,32 @@ | ||
215 | +/* | ||
216 | + * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
217 | + * | ||
218 | + * Permission to use, copy, modify, and/or distribute this software for any | ||
219 | + * purpose with or without fee is hereby granted, provided that the above | ||
220 | + * copyright notice and this permission notice appear in all copies. | ||
221 | + * | ||
222 | + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
223 | + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
224 | + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
225 | + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
226 | + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
227 | + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
228 | + * PERFORMANCE OF THIS SOFTWARE. | ||
229 | + */ | ||
230 | + | ||
231 | +controls { /* empty */ }; | ||
232 | + | ||
233 | +options { | ||
234 | + query-source address 10.53.0.3; | ||
235 | + notify-source 10.53.0.3; | ||
236 | + transfer-source 10.53.0.3; | ||
237 | + port 5300; | ||
238 | + pid-file "named.pid"; | ||
239 | + listen-on { 10.53.0.3; }; | ||
240 | + listen-on-v6 { none; }; | ||
241 | + recursion no; | ||
242 | +}; | ||
243 | + | ||
244 | +zone "." { type master; file "root.db"; }; | ||
245 | + | ||
246 | +zone "tld1" { type master; file "tld1.db"; }; | ||
247 | diff --git a/bin/tests/system/many/ns4/named.conf b/bin/tests/system/many/ns4/named.conf | ||
248 | new file mode 100644 | ||
249 | index 0000000..ca9aa6a | ||
250 | --- /dev/null | ||
251 | +++ b/bin/tests/system/many/ns4/named.conf | ||
252 | @@ -0,0 +1,30 @@ | ||
253 | +/* | ||
254 | + * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
255 | + * | ||
256 | + * Permission to use, copy, modify, and/or distribute this software for any | ||
257 | + * purpose with or without fee is hereby granted, provided that the above | ||
258 | + * copyright notice and this permission notice appear in all copies. | ||
259 | + * | ||
260 | + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
261 | + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
262 | + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
263 | + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
264 | + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
265 | + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
266 | + * PERFORMANCE OF THIS SOFTWARE. | ||
267 | + */ | ||
268 | + | ||
269 | +controls { /* empty */ }; | ||
270 | + | ||
271 | +options { | ||
272 | + query-source address 10.53.0.4; | ||
273 | + notify-source 10.53.0.4; | ||
274 | + transfer-source 10.53.0.4; | ||
275 | + port 5300; | ||
276 | + pid-file "named.pid"; | ||
277 | + listen-on { 10.53.0.4; }; | ||
278 | + listen-on-v6 { none; }; | ||
279 | + recursion no; | ||
280 | +}; | ||
281 | + | ||
282 | +zone "tld2" { type master; file "tld2.db"; }; | ||
283 | diff --git a/bin/tests/system/many/ns5/hints.db b/bin/tests/system/many/ns5/hints.db | ||
284 | new file mode 100644 | ||
285 | index 0000000..c05809b | ||
286 | --- /dev/null | ||
287 | +++ b/bin/tests/system/many/ns5/hints.db | ||
288 | @@ -0,0 +1,2 @@ | ||
289 | +. 60 in ns ns.nil. | ||
290 | +ns.nil. 60 in A 10.53.0.3 | ||
291 | diff --git a/bin/tests/system/many/ns5/named.conf b/bin/tests/system/many/ns5/named.conf | ||
292 | new file mode 100644 | ||
293 | index 0000000..fce7d59 | ||
294 | --- /dev/null | ||
295 | +++ b/bin/tests/system/many/ns5/named.conf | ||
296 | @@ -0,0 +1,29 @@ | ||
297 | +/* | ||
298 | + * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
299 | + * | ||
300 | + * Permission to use, copy, modify, and/or distribute this software for any | ||
301 | + * purpose with or without fee is hereby granted, provided that the above | ||
302 | + * copyright notice and this permission notice appear in all copies. | ||
303 | + * | ||
304 | + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
305 | + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
306 | + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
307 | + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
308 | + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
309 | + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
310 | + * PERFORMANCE OF THIS SOFTWARE. | ||
311 | + */ | ||
312 | + | ||
313 | +controls { /* empty */ }; | ||
314 | + | ||
315 | +options { | ||
316 | + query-source address 10.53.0.5; | ||
317 | + notify-source 10.53.0.5; | ||
318 | + transfer-source 10.53.0.5; | ||
319 | + port 5300; | ||
320 | + pid-file "named.pid"; | ||
321 | + listen-on { 10.53.0.5; }; | ||
322 | + listen-on-v6 { none; }; | ||
323 | +}; | ||
324 | + | ||
325 | +zone "." { type hint; file "hints.db"; }; | ||
326 | diff --git a/bin/tests/system/many/setup.sh b/bin/tests/system/many/setup.sh | ||
327 | new file mode 100644 | ||
328 | index 0000000..80695b5 | ||
329 | --- /dev/null | ||
330 | +++ b/bin/tests/system/many/setup.sh | ||
331 | @@ -0,0 +1,75 @@ | ||
332 | +i=1 | ||
333 | + | ||
334 | +cat > ns3/root.db << EOF | ||
335 | +. 60 in soa ns.nil. hostmaster.ns.nil. 1 0 0 0 0 | ||
336 | +. 60 in ns ns.nil. | ||
337 | +ns.nil. 60 in a 10.53.0.3 | ||
338 | +tld1. 60 in ns ns.tld1. | ||
339 | +ns.tld1. 60 in a 10.53.0.3 | ||
340 | +tld2. 60 in ns ns.tld2. | ||
341 | +ns.tld2. 60 in a 10.53.0.4 | ||
342 | +EOF | ||
343 | + | ||
344 | +cat > ns3/tld1.db << EOF | ||
345 | +tld1. 60 in soa ns.tld1. hostmaster.ns.tld1. 1 0 0 0 0 | ||
346 | +tld1. 60 in ns ns.tld1. | ||
347 | +ns.tld1. 60 in a 10.53.0.1 | ||
348 | +EOF | ||
349 | + | ||
350 | +cat > ns4/tld2.db << EOF | ||
351 | +tld2. 60 in soa ns.tld2. hostmaster.ns.tld4. 1 0 0 0 0 | ||
352 | +tld2. 60 in ns ns.tld2. | ||
353 | +ns.tld2. 60 in a 10.53.0.1 | ||
354 | +EOF | ||
355 | + | ||
356 | +: > ns1/zones.conf | ||
357 | +: > ns2/zones.conf | ||
358 | + | ||
359 | +while [ $i -lt 1000 ] | ||
360 | +do | ||
361 | +j=`expr $i + 1` | ||
362 | +s=`expr $j % 2 + 1` | ||
363 | +n=`expr $i % 2 + 1` | ||
364 | +t=`expr $s + 2` | ||
365 | + | ||
366 | +# i=1 j=2 s=1 n=2 | ||
367 | +# i=2 j=3 s=1 n=2 | ||
368 | +# i=3 j=4 s=1 n=2 | ||
369 | + | ||
370 | +cat > ns1/${i}example.tld${s}.db << EOF | ||
371 | +${i}example.tld${s}. 60 in soa ns.${j}example.tld${n}. hostmaster 1 0 0 0 0 | ||
372 | +${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}. | ||
373 | +ns.${i}example.tld${s}. 60 in a 10.53.0.1 | ||
374 | +EOF | ||
375 | + | ||
376 | +cat >> ns1/zones.conf << EOF | ||
377 | +zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; }; | ||
378 | +EOF | ||
379 | + | ||
380 | +cat >> ns${t}/tld${s}.db << EOF | ||
381 | +${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}. | ||
382 | +EOF | ||
383 | + | ||
384 | +i=$j | ||
385 | + | ||
386 | +done | ||
387 | + | ||
388 | +j=`expr $i + 1` | ||
389 | +s=`expr $j % 2 + 1` | ||
390 | +n=`expr $s % 2 + 1` | ||
391 | +t=`expr $s + 2` | ||
392 | + | ||
393 | +cat > ns1/${i}example.tld${s}.db << EOF | ||
394 | +${i}example.tld${s}. 60 in soa ns.${i}example.tld${s}. hostmaster 1 0 0 0 0 | ||
395 | +${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}. | ||
396 | +ns.${i}example.tld${s}. 60 in a 10.53.0.1 | ||
397 | +EOF | ||
398 | + | ||
399 | +cat >> ns1/zones.conf << EOF | ||
400 | +zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; }; | ||
401 | +EOF | ||
402 | + | ||
403 | +cat >> ns${t}/tld${s}.db << EOF | ||
404 | +${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}. | ||
405 | +ns.${i}example.tld${s}. 60 in a 10.53.0.1 | ||
406 | +EOF | ||
407 | diff --git a/bin/tests/system/many/tests.sh b/bin/tests/system/many/tests.sh | ||
408 | new file mode 100644 | ||
409 | index 0000000..37964e2 | ||
410 | --- /dev/null | ||
411 | +++ b/bin/tests/system/many/tests.sh | ||
412 | @@ -0,0 +1,48 @@ | ||
413 | +#!/bin/sh | ||
414 | +# | ||
415 | +# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") | ||
416 | +# | ||
417 | +# Permission to use, copy, modify, and/or distribute this software for any | ||
418 | +# purpose with or without fee is hereby granted, provided that the above | ||
419 | +# copyright notice and this permission notice appear in all copies. | ||
420 | +# | ||
421 | +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH | ||
422 | +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
423 | +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, | ||
424 | +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM | ||
425 | +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE | ||
426 | +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | ||
427 | +# PERFORMANCE OF THIS SOFTWARE. | ||
428 | + | ||
429 | +SYSTEMTESTTOP=.. | ||
430 | +. $SYSTEMTESTTOP/conf.sh | ||
431 | + | ||
432 | +status=0 | ||
433 | +n=0 | ||
434 | + | ||
435 | +n=`expr $n + 1` | ||
436 | +echo "I: attempt lookup 1example.tld2 soa ($n)" | ||
437 | +ret=0 | ||
438 | +$DIG +tcp 1example.tld1 soa @10.53.0.5 -p 5300 > dig.out.test$n | ||
439 | +grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1 | ||
440 | +if [ $ret != 0 ]; then echo "I:failed"; fi | ||
441 | +status=`expr $status + $ret` | ||
442 | + | ||
443 | +n=`expr $n + 1` | ||
444 | +echo "I: attempt lookup 992example.tld2 soa ($n)" | ||
445 | +ret=0 | ||
446 | +$DIG +tcp 992example.tld2 soa @10.53.0.5 -p 5300 > dig.out.test$n | ||
447 | +grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1 | ||
448 | +if [ $ret != 0 ]; then echo "I:failed"; fi | ||
449 | +status=`expr $status + $ret` | ||
450 | + | ||
451 | +n=`expr $n + 1` | ||
452 | +echo "I: attempt lookup 993example.tld1 soa ($n)" | ||
453 | +ret=0 | ||
454 | +$DIG +tcp 993example.tld1 soa @10.53.0.5 -p 5300 > dig.out.test$n | ||
455 | +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 | ||
456 | +if [ $ret != 0 ]; then echo "I:failed"; fi | ||
457 | +status=`expr $status + $ret` | ||
458 | + | ||
459 | +echo "I:exit status: $status" | ||
460 | +exit $status | ||
461 | diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml | ||
462 | index 9f7bd38..fff4249 100644 | ||
463 | --- a/doc/arm/Bv9ARM-book.xml | ||
464 | +++ b/doc/arm/Bv9ARM-book.xml | ||
465 | @@ -4861,6 +4861,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] | ||
466 | <optional> max-acache-size <replaceable>size_spec</replaceable> ; </optional> | ||
467 | <optional> clients-per-query <replaceable>number</replaceable> ; </optional> | ||
468 | <optional> max-clients-per-query <replaceable>number</replaceable> ; </optional> | ||
469 | + <optional> max-recursion-depth <replaceable>number</replaceable> ; </optional> | ||
470 | <optional> masterfile-format (<constant>text</constant>|<constant>raw</constant>) ; </optional> | ||
471 | <optional> empty-server <replaceable>name</replaceable> ; </optional> | ||
472 | <optional> empty-contact <replaceable>name</replaceable> ; </optional> | ||
473 | @@ -8680,6 +8681,17 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; | ||
474 | </listitem> | ||
475 | </varlistentry> | ||
476 | |||
477 | + <varlistentry id="max-recursion-depth"> | ||
478 | + <term><command>max-recursion-depth</command></term> | ||
479 | + <listitem> | ||
480 | + <para> | ||
481 | + Sets the maximum number of levels of recursion | ||
482 | + permitted at any one time while resolving a name. | ||
483 | + The default is 7. | ||
484 | + </para> | ||
485 | + </listitem> | ||
486 | + </varlistentry> | ||
487 | + | ||
488 | <varlistentry> | ||
489 | <term><command>notify-delay</command></term> | ||
490 | <listitem> | ||
491 | diff --git a/lib/dns/adb.c b/lib/dns/adb.c | ||
492 | index 2ccb51e..fe9b3f7 100644 | ||
493 | --- a/lib/dns/adb.c | ||
494 | +++ b/lib/dns/adb.c | ||
495 | @@ -199,6 +199,7 @@ struct dns_adbfetch { | ||
496 | unsigned int magic; | ||
497 | dns_fetch_t *fetch; | ||
498 | dns_rdataset_t rdataset; | ||
499 | + unsigned int depth; | ||
500 | }; | ||
501 | |||
502 | /*% | ||
503 | @@ -300,7 +301,7 @@ static inline void violate_locking_hierarchy(isc_mutex_t *, isc_mutex_t *); | ||
504 | static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *); | ||
505 | static void clean_target(dns_adb_t *, dns_name_t *); | ||
506 | static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t, | ||
507 | - unsigned int); | ||
508 | + isc_uint32_t, unsigned int); | ||
509 | static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t); | ||
510 | static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **, | ||
511 | isc_stdtime_t); | ||
512 | @@ -308,7 +309,7 @@ static void cancel_fetches_at_name(dns_adbname_t *); | ||
513 | static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t, | ||
514 | dns_rdatatype_t); | ||
515 | static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t, | ||
516 | - dns_rdatatype_t); | ||
517 | + unsigned int, dns_rdatatype_t); | ||
518 | static inline void check_exit(dns_adb_t *); | ||
519 | static void destroy(dns_adb_t *); | ||
520 | static isc_boolean_t shutdown_names(dns_adb_t *); | ||
521 | @@ -984,7 +985,7 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) { | ||
522 | * Clean up the name's various lists. These two are destructive | ||
523 | * in that they will always empty the list. | ||
524 | */ | ||
525 | - clean_finds_at_name(name, ev, DNS_ADBFIND_ADDRESSMASK); | ||
526 | + clean_finds_at_name(name, ev, 0, DNS_ADBFIND_ADDRESSMASK); | ||
527 | result4 = clean_namehooks(adb, &name->v4); | ||
528 | result6 = clean_namehooks(adb, &name->v6); | ||
529 | clean_target(adb, &name->target); | ||
530 | @@ -1409,7 +1410,7 @@ event_free(isc_event_t *event) { | ||
531 | */ | ||
532 | static void | ||
533 | clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype, | ||
534 | - unsigned int addrs) | ||
535 | + isc_uint32_t qtotal, unsigned int addrs) | ||
536 | { | ||
537 | isc_event_t *ev; | ||
538 | isc_task_t *task; | ||
539 | @@ -1469,6 +1470,7 @@ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype, | ||
540 | ev->ev_sender = find; | ||
541 | find->result_v4 = find_err_map[name->fetch_err]; | ||
542 | find->result_v6 = find_err_map[name->fetch6_err]; | ||
543 | + find->qtotal += qtotal; | ||
544 | ev->ev_type = evtype; | ||
545 | ev->ev_destroy = event_free; | ||
546 | ev->ev_destroy_arg = find; | ||
547 | @@ -1827,6 +1829,7 @@ new_adbfind(dns_adb_t *adb) { | ||
548 | h->flags = 0; | ||
549 | h->result_v4 = ISC_R_UNEXPECTED; | ||
550 | h->result_v6 = ISC_R_UNEXPECTED; | ||
551 | + h->qtotal = 0; | ||
552 | ISC_LINK_INIT(h, publink); | ||
553 | ISC_LINK_INIT(h, plink); | ||
554 | ISC_LIST_INIT(h->list); | ||
555 | @@ -2799,6 +2802,19 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
556 | isc_stdtime_t now, dns_name_t *target, | ||
557 | in_port_t port, dns_adbfind_t **findp) | ||
558 | { | ||
559 | + return (dns_adb_createfind2(adb, task, action, arg, name, | ||
560 | + qname, qtype, options, now, | ||
561 | + target, port, 0, findp)); | ||
562 | +} | ||
563 | + | ||
564 | +isc_result_t | ||
565 | +dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
566 | + void *arg, dns_name_t *name, dns_name_t *qname, | ||
567 | + dns_rdatatype_t qtype, unsigned int options, | ||
568 | + isc_stdtime_t now, dns_name_t *target, | ||
569 | + in_port_t port, unsigned int depth, | ||
570 | + dns_adbfind_t **findp) | ||
571 | +{ | ||
572 | dns_adbfind_t *find; | ||
573 | dns_adbname_t *adbname; | ||
574 | int bucket; | ||
575 | @@ -3029,7 +3045,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
576 | * Start V4. | ||
577 | */ | ||
578 | if (WANT_INET(wanted_fetches) && | ||
579 | - fetch_name(adbname, start_at_zone, | ||
580 | + fetch_name(adbname, start_at_zone, depth, | ||
581 | dns_rdatatype_a) == ISC_R_SUCCESS) { | ||
582 | DP(DEF_LEVEL, | ||
583 | "dns_adb_createfind: started A fetch for name %p", | ||
584 | @@ -3040,7 +3056,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
585 | * Start V6. | ||
586 | */ | ||
587 | if (WANT_INET6(wanted_fetches) && | ||
588 | - fetch_name(adbname, start_at_zone, | ||
589 | + fetch_name(adbname, start_at_zone, depth, | ||
590 | dns_rdatatype_aaaa) == ISC_R_SUCCESS) { | ||
591 | DP(DEF_LEVEL, | ||
592 | "dns_adb_createfind: " | ||
593 | @@ -3656,6 +3672,7 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { | ||
594 | isc_result_t result; | ||
595 | unsigned int address_type; | ||
596 | isc_boolean_t want_check_exit = ISC_FALSE; | ||
597 | + isc_uint32_t qtotal = 0; | ||
598 | |||
599 | UNUSED(task); | ||
600 | |||
601 | @@ -3666,6 +3683,8 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { | ||
602 | adb = name->adb; | ||
603 | INSIST(DNS_ADB_VALID(adb)); | ||
604 | |||
605 | + qtotal = dev->qtotal; | ||
606 | + | ||
607 | bucket = name->lock_bucket; | ||
608 | LOCK(&adb->namelocks[bucket]); | ||
609 | |||
610 | @@ -3783,6 +3802,12 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { | ||
611 | DP(DEF_LEVEL, "adb: fetch of '%s' %s failed: %s", | ||
612 | buf, address_type == DNS_ADBFIND_INET ? "A" : "AAAA", | ||
613 | dns_result_totext(dev->result)); | ||
614 | + /* | ||
615 | + * Don't record a failure unless this is the initial | ||
616 | + * fetch of a chain. | ||
617 | + */ | ||
618 | + if (fetch->depth > 1) | ||
619 | + goto out; | ||
620 | /* XXXMLG Don't pound on bad servers. */ | ||
621 | if (address_type == DNS_ADBFIND_INET) { | ||
622 | name->expire_v4 = ISC_MIN(name->expire_v4, now + 300); | ||
623 | @@ -3814,15 +3839,14 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { | ||
624 | free_adbfetch(adb, &fetch); | ||
625 | isc_event_free(&ev); | ||
626 | |||
627 | - clean_finds_at_name(name, ev_status, address_type); | ||
628 | + clean_finds_at_name(name, ev_status, qtotal, address_type); | ||
629 | |||
630 | UNLOCK(&adb->namelocks[bucket]); | ||
631 | } | ||
632 | |||
633 | static isc_result_t | ||
634 | -fetch_name(dns_adbname_t *adbname, | ||
635 | - isc_boolean_t start_at_zone, | ||
636 | - dns_rdatatype_t type) | ||
637 | +fetch_name(dns_adbname_t *adbname, isc_boolean_t start_at_zone, | ||
638 | + unsigned int depth, dns_rdatatype_t type) | ||
639 | { | ||
640 | isc_result_t result; | ||
641 | dns_adbfetch_t *fetch = NULL; | ||
642 | @@ -3867,12 +3891,14 @@ fetch_name(dns_adbname_t *adbname, | ||
643 | result = ISC_R_NOMEMORY; | ||
644 | goto cleanup; | ||
645 | } | ||
646 | - | ||
647 | - result = dns_resolver_createfetch(adb->view->resolver, &adbname->name, | ||
648 | - type, name, nameservers, NULL, | ||
649 | - options, adb->task, fetch_callback, | ||
650 | - adbname, &fetch->rdataset, NULL, | ||
651 | - &fetch->fetch); | ||
652 | + fetch->depth = depth; | ||
653 | + | ||
654 | + result = dns_resolver_createfetch3(adb->view->resolver, &adbname->name, | ||
655 | + type, name, nameservers, NULL, | ||
656 | + NULL, 0, options, depth, adb->task, | ||
657 | + fetch_callback, adbname, | ||
658 | + &fetch->rdataset, NULL, | ||
659 | + &fetch->fetch); | ||
660 | if (result != ISC_R_SUCCESS) | ||
661 | goto cleanup; | ||
662 | |||
663 | diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h | ||
664 | index 35350ff..7501f01 100644 | ||
665 | --- a/lib/dns/include/dns/adb.h | ||
666 | +++ b/lib/dns/include/dns/adb.h | ||
667 | @@ -118,6 +118,8 @@ struct dns_adbfind { | ||
668 | isc_result_t result_v6; /*%< RO: v6 result */ | ||
669 | ISC_LINK(dns_adbfind_t) publink; /*%< RW: client use */ | ||
670 | |||
671 | + isc_uint32_t qtotal; | ||
672 | + | ||
673 | /* Private */ | ||
674 | isc_mutex_t lock; /* locks all below */ | ||
675 | in_port_t port; | ||
676 | @@ -334,6 +336,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
677 | dns_rdatatype_t qtype, unsigned int options, | ||
678 | isc_stdtime_t now, dns_name_t *target, | ||
679 | in_port_t port, dns_adbfind_t **find); | ||
680 | +isc_result_t | ||
681 | +dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, | ||
682 | + void *arg, dns_name_t *name, dns_name_t *qname, | ||
683 | + dns_rdatatype_t qtype, unsigned int options, | ||
684 | + isc_stdtime_t now, dns_name_t *target, in_port_t port, | ||
685 | + unsigned int depth, dns_adbfind_t **find); | ||
686 | /*%< | ||
687 | * Main interface for clients. The adb will look up the name given in | ||
688 | * "name" and will build up a list of found addresses, and perhaps start | ||
689 | diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h | ||
690 | index 4e20eb6..c256049 100644 | ||
691 | --- a/lib/dns/include/dns/resolver.h | ||
692 | +++ b/lib/dns/include/dns/resolver.h | ||
693 | @@ -82,6 +82,7 @@ typedef struct dns_fetchevent { | ||
694 | isc_sockaddr_t * client; | ||
695 | dns_messageid_t id; | ||
696 | isc_result_t vresult; | ||
697 | + isc_uint32_t qtotal; | ||
698 | } dns_fetchevent_t; | ||
699 | |||
700 | /* | ||
701 | @@ -275,6 +276,18 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, | ||
702 | dns_rdataset_t *rdataset, | ||
703 | dns_rdataset_t *sigrdataset, | ||
704 | dns_fetch_t **fetchp); | ||
705 | +isc_result_t | ||
706 | +dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name, | ||
707 | + dns_rdatatype_t type, | ||
708 | + dns_name_t *domain, dns_rdataset_t *nameservers, | ||
709 | + dns_forwarders_t *forwarders, | ||
710 | + isc_sockaddr_t *client, isc_uint16_t id, | ||
711 | + unsigned int options, unsigned int depth, | ||
712 | + isc_task_t *task, | ||
713 | + isc_taskaction_t action, void *arg, | ||
714 | + dns_rdataset_t *rdataset, | ||
715 | + dns_rdataset_t *sigrdataset, | ||
716 | + dns_fetch_t **fetchp); | ||
717 | /*%< | ||
718 | * Recurse to answer a question. | ||
719 | * | ||
720 | @@ -576,6 +589,18 @@ dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp); | ||
721 | * \li resolver to be valid. | ||
722 | */ | ||
723 | |||
724 | +void | ||
725 | +dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth); | ||
726 | +unsigned int | ||
727 | +dns_resolver_getmaxdepth(dns_resolver_t *resolver); | ||
728 | +/*% | ||
729 | + * Get and set how many NS indirections will be followed when looking for | ||
730 | + * nameserver addresses. | ||
731 | + * | ||
732 | + * Requires: | ||
733 | + * \li resolver to be valid. | ||
734 | + */ | ||
735 | + | ||
736 | ISC_LANG_ENDDECLS | ||
737 | |||
738 | #endif /* DNS_RESOLVER_H */ | ||
739 | diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c | ||
740 | index e517dad..6a635b2 100644 | ||
741 | --- a/lib/dns/resolver.c | ||
742 | +++ b/lib/dns/resolver.c | ||
743 | @@ -131,6 +131,16 @@ | ||
744 | #define MAXIMUM_QUERY_TIMEOUT 30 /* The maximum time in seconds for the whole query to live. */ | ||
745 | #endif | ||
746 | |||
747 | +/* The default maximum number of recursions to follow before giving up. */ | ||
748 | +#ifndef DEFAULT_RECURSION_DEPTH | ||
749 | +#define DEFAULT_RECURSION_DEPTH 7 | ||
750 | +#endif | ||
751 | + | ||
752 | +/* The default maximum number of iterative queries to allow before giving up. */ | ||
753 | +#ifndef DEFAULT_MAX_QUERIES | ||
754 | +#define DEFAULT_MAX_QUERIES 50 | ||
755 | +#endif | ||
756 | + | ||
757 | /*% | ||
758 | * Maximum EDNS0 input packet size. | ||
759 | */ | ||
760 | @@ -297,6 +307,7 @@ struct fetchctx { | ||
761 | isc_uint64_t duration; | ||
762 | isc_boolean_t logged; | ||
763 | unsigned int querysent; | ||
764 | + unsigned int totalqueries; | ||
765 | unsigned int referrals; | ||
766 | unsigned int lamecount; | ||
767 | unsigned int neterr; | ||
768 | @@ -307,6 +318,7 @@ struct fetchctx { | ||
769 | isc_boolean_t timeout; | ||
770 | dns_adbaddrinfo_t *addrinfo; | ||
771 | isc_sockaddr_t *client; | ||
772 | + unsigned int depth; | ||
773 | }; | ||
774 | |||
775 | #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!') | ||
776 | @@ -419,6 +431,7 @@ struct dns_resolver { | ||
777 | isc_timer_t * spillattimer; | ||
778 | isc_boolean_t zero_no_soa_ttl; | ||
779 | unsigned int query_timeout; | ||
780 | + unsigned int maxdepth; | ||
781 | |||
782 | /* Locked by lock. */ | ||
783 | unsigned int references; | ||
784 | @@ -1097,6 +1110,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result, int line) { | ||
785 | event->result == DNS_R_NCACHENXRRSET); | ||
786 | } | ||
787 | |||
788 | + event->qtotal = fctx->totalqueries; | ||
789 | isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event)); | ||
790 | count++; | ||
791 | } | ||
792 | @@ -1537,7 +1551,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, | ||
793 | if (result != ISC_R_SUCCESS) | ||
794 | goto cleanup_dispatch; | ||
795 | } | ||
796 | + | ||
797 | fctx->querysent++; | ||
798 | + fctx->totalqueries++; | ||
799 | |||
800 | ISC_LIST_APPEND(fctx->queries, query, link); | ||
801 | query->fctx->nqueries++; | ||
802 | @@ -2194,9 +2210,10 @@ fctx_finddone(isc_task_t *task, isc_event_t *event) { | ||
803 | */ | ||
804 | INSIST(!SHUTTINGDOWN(fctx)); | ||
805 | fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; | ||
806 | - if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) | ||
807 | + if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) { | ||
808 | want_try = ISC_TRUE; | ||
809 | - else { | ||
810 | + fctx->totalqueries += find->qtotal; | ||
811 | + } else { | ||
812 | fctx->findfail++; | ||
813 | if (fctx->pending == 0) { | ||
814 | /* | ||
815 | @@ -2479,12 +2496,13 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, | ||
816 | * See what we know about this address. | ||
817 | */ | ||
818 | find = NULL; | ||
819 | - result = dns_adb_createfind(fctx->adb, | ||
820 | - res->buckets[fctx->bucketnum].task, | ||
821 | - fctx_finddone, fctx, name, | ||
822 | - &fctx->name, fctx->type, | ||
823 | - options, now, NULL, | ||
824 | - res->view->dstport, &find); | ||
825 | + result = dns_adb_createfind2(fctx->adb, | ||
826 | + res->buckets[fctx->bucketnum].task, | ||
827 | + fctx_finddone, fctx, name, | ||
828 | + &fctx->name, fctx->type, | ||
829 | + options, now, NULL, | ||
830 | + res->view->dstport, | ||
831 | + fctx->depth + 1, &find); | ||
832 | if (result != ISC_R_SUCCESS) { | ||
833 | if (result == DNS_R_ALIAS) { | ||
834 | /* | ||
835 | @@ -2592,6 +2610,11 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { | ||
836 | |||
837 | res = fctx->res; | ||
838 | |||
839 | + if (fctx->depth > res->maxdepth) { | ||
840 | + FCTXTRACE("too much NS indirection"); | ||
841 | + return (DNS_R_SERVFAIL); | ||
842 | + } | ||
843 | + | ||
844 | /* | ||
845 | * Forwarders. | ||
846 | */ | ||
847 | @@ -3030,6 +3053,9 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) { | ||
848 | |||
849 | REQUIRE(!ADDRWAIT(fctx)); | ||
850 | |||
851 | + if (fctx->totalqueries > DEFAULT_MAX_QUERIES) | ||
852 | + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); | ||
853 | + | ||
854 | addrinfo = fctx_nextaddress(fctx); | ||
855 | if (addrinfo == NULL) { | ||
856 | /* | ||
857 | @@ -3388,6 +3414,7 @@ fctx_start(isc_task_t *task, isc_event_t *event) { | ||
858 | * Normal fctx startup. | ||
859 | */ | ||
860 | fctx->state = fetchstate_active; | ||
861 | + fctx->totalqueries = 0; | ||
862 | /* | ||
863 | * Reset the control event for later use in shutting down | ||
864 | * the fctx. | ||
865 | @@ -3457,6 +3484,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client, | ||
866 | event->fetch = fetch; | ||
867 | event->client = client; | ||
868 | event->id = id; | ||
869 | + event->qtotal = 0; | ||
870 | dns_fixedname_init(&event->foundname); | ||
871 | |||
872 | /* | ||
873 | @@ -3493,7 +3521,8 @@ log_ns_ttl(fetchctx_t *fctx, const char *where) { | ||
874 | static isc_result_t | ||
875 | fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, | ||
876 | dns_name_t *domain, dns_rdataset_t *nameservers, | ||
877 | - unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp) | ||
878 | + unsigned int options, unsigned int bucketnum, unsigned int depth, | ||
879 | + fetchctx_t **fctxp) | ||
880 | { | ||
881 | fetchctx_t *fctx; | ||
882 | isc_result_t result; | ||
883 | @@ -3545,6 +3574,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, | ||
884 | fctx->state = fetchstate_init; | ||
885 | fctx->want_shutdown = ISC_FALSE; | ||
886 | fctx->cloned = ISC_FALSE; | ||
887 | + fctx->depth = depth; | ||
888 | ISC_LIST_INIT(fctx->queries); | ||
889 | ISC_LIST_INIT(fctx->finds); | ||
890 | ISC_LIST_INIT(fctx->altfinds); | ||
891 | @@ -3563,6 +3593,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, | ||
892 | fctx->pending = 0; | ||
893 | fctx->restarts = 0; | ||
894 | fctx->querysent = 0; | ||
895 | + fctx->totalqueries = 0; | ||
896 | fctx->referrals = 0; | ||
897 | TIME_NOW(&fctx->start); | ||
898 | fctx->timeouts = 0; | ||
899 | @@ -7781,6 +7812,7 @@ dns_resolver_create(dns_view_t *view, | ||
900 | res->spillattimer = NULL; | ||
901 | res->zero_no_soa_ttl = ISC_FALSE; | ||
902 | res->query_timeout = DEFAULT_QUERY_TIMEOUT; | ||
903 | + res->maxdepth = DEFAULT_RECURSION_DEPTH; | ||
904 | res->nbuckets = ntasks; | ||
905 | res->activebuckets = ntasks; | ||
906 | res->buckets = isc_mem_get(view->mctx, | ||
907 | @@ -8219,9 +8251,9 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, | ||
908 | dns_rdataset_t *sigrdataset, | ||
909 | dns_fetch_t **fetchp) | ||
910 | { | ||
911 | - return (dns_resolver_createfetch2(res, name, type, domain, | ||
912 | + return (dns_resolver_createfetch3(res, name, type, domain, | ||
913 | nameservers, forwarders, NULL, 0, | ||
914 | - options, task, action, arg, | ||
915 | + options, 0, task, action, arg, | ||
916 | rdataset, sigrdataset, fetchp)); | ||
917 | } | ||
918 | |||
919 | @@ -8237,6 +8269,25 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, | ||
920 | dns_rdataset_t *sigrdataset, | ||
921 | dns_fetch_t **fetchp) | ||
922 | { | ||
923 | + return (dns_resolver_createfetch3(res, name, type, domain, | ||
924 | + nameservers, forwarders, client, id, | ||
925 | + options, 0, task, action, arg, | ||
926 | + rdataset, sigrdataset, fetchp)); | ||
927 | +} | ||
928 | + | ||
929 | +isc_result_t | ||
930 | +dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name, | ||
931 | + dns_rdatatype_t type, | ||
932 | + dns_name_t *domain, dns_rdataset_t *nameservers, | ||
933 | + dns_forwarders_t *forwarders, | ||
934 | + isc_sockaddr_t *client, dns_messageid_t id, | ||
935 | + unsigned int options, unsigned int depth, | ||
936 | + isc_task_t *task, | ||
937 | + isc_taskaction_t action, void *arg, | ||
938 | + dns_rdataset_t *rdataset, | ||
939 | + dns_rdataset_t *sigrdataset, | ||
940 | + dns_fetch_t **fetchp) | ||
941 | +{ | ||
942 | dns_fetch_t *fetch; | ||
943 | fetchctx_t *fctx = NULL; | ||
944 | isc_result_t result = ISC_R_SUCCESS; | ||
945 | @@ -8325,11 +8376,12 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, | ||
946 | |||
947 | if (fctx == NULL) { | ||
948 | result = fctx_create(res, name, type, domain, nameservers, | ||
949 | - options, bucketnum, &fctx); | ||
950 | + options, bucketnum, depth, &fctx); | ||
951 | if (result != ISC_R_SUCCESS) | ||
952 | goto unlock; | ||
953 | new_fctx = ISC_TRUE; | ||
954 | - } | ||
955 | + } else if (fctx->depth > depth) | ||
956 | + fctx->depth = depth; | ||
957 | |||
958 | result = fctx_join(fctx, task, client, id, action, arg, | ||
959 | rdataset, sigrdataset, fetch); | ||
960 | @@ -9101,3 +9153,15 @@ dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds) { | ||
961 | |||
962 | resolver->query_timeout = seconds; | ||
963 | } | ||
964 | + | ||
965 | +void | ||
966 | +dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth) { | ||
967 | + REQUIRE(VALID_RESOLVER(resolver)); | ||
968 | + resolver->maxdepth = maxdepth; | ||
969 | +} | ||
970 | + | ||
971 | +unsigned int | ||
972 | +dns_resolver_getmaxdepth(dns_resolver_t *resolver) { | ||
973 | + REQUIRE(VALID_RESOLVER(resolver)); | ||
974 | + return (resolver->maxdepth); | ||
975 | +} | ||
976 | diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c | ||
977 | index bfd4bab..5f8b037 100644 | ||
978 | --- a/lib/isccfg/namedconf.c | ||
979 | +++ b/lib/isccfg/namedconf.c | ||
980 | @@ -1393,6 +1393,7 @@ view_clauses[] = { | ||
981 | { "max-cache-ttl", &cfg_type_uint32, 0 }, | ||
982 | { "max-clients-per-query", &cfg_type_uint32, 0 }, | ||
983 | { "max-ncache-ttl", &cfg_type_uint32, 0 }, | ||
984 | + { "max-recursion-depth", &cfg_type_uint32, 0 }, | ||
985 | { "max-udp-size", &cfg_type_uint32, 0 }, | ||
986 | { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, | ||
987 | { "minimal-responses", &cfg_type_boolean, 0 }, | ||
988 | -- | ||
989 | 1.9.1 | ||
990 | |||
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch new file mode 100644 index 0000000..896272a --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Andrews <marka@isc.org> | ||
3 | Date: Tue, 14 Jul 2015 14:48:42 +1000 | ||
4 | Subject: [PATCH] 4165. [bug] An failure to reset a value to NULL | ||
5 | in tkey.c could result in an assertion failure. | ||
6 | (CVE-2015-5477) [RT #40046] | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | [CHANGES file has been edited manually to add CVE-2015-5477 and | ||
10 | an already applied CVE (CVE-2014-8500)]. | ||
11 | |||
12 | Referenc: https://kb.isc.org/article/AA-01272 | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | |||
16 | diff -ruN a/CHANGES b/CHANGES | ||
17 | --- a/CHANGES 2014-01-27 19:58:24.000000000 +0100 | ||
18 | +++ b/CHANGES 2015-07-30 11:03:18.871670769 +0200 | ||
19 | @@ -1,4 +1,15 @@ | ||
20 | --- 9.9.5 released --- | ||
21 | +4165. [security] An failure to reset a value to NULL in tkey.c could | ||
22 | + result in an assertion failure. (CVE-2015-5477) | ||
23 | + [RT #40046] | ||
24 | + | ||
25 | +4006. [security] A flaw in delegation handling could be exploited | ||
26 | + to put named into an infinite loop. This has | ||
27 | + been addressed by placing limits on the number | ||
28 | + of levels of recursion named will allow (default 7), | ||
29 | + and the number of iterative queries that it will | ||
30 | + send (default 50) before terminating a recursive | ||
31 | + query (CVE-2014-8500). | ||
32 | |||
33 | --- 9.9.5rc2 released --- | ||
34 | |||
35 | diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c | ||
36 | --- a/lib/dns/tkey.c 2014-01-27 19:58:24.000000000 +0100 | ||
37 | +++ b/lib/dns/tkey.c 2015-07-30 10:58:30.647945942 +0200 | ||
38 | @@ -650,6 +650,7 @@ | ||
39 | * Try the answer section, since that's where Win2000 | ||
40 | * puts it. | ||
41 | */ | ||
42 | + name = NULL; | ||
43 | if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, | ||
44 | dns_rdatatype_tkey, 0, &name, | ||
45 | &tkeyset) != ISC_R_SUCCESS) { | ||
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch new file mode 100644 index 0000000..432c874 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/conf.patch | |||
@@ -0,0 +1,314 @@ | |||
1 | Upstream-Status: Inappropriate [configuration] | ||
2 | |||
3 | the patch is imported from openembedded project | ||
4 | |||
5 | 11/30/2010 - Qing He <qing.he@intel.com> | ||
6 | |||
7 | diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0 | ||
8 | --- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100 | ||
9 | +++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200 | ||
10 | @@ -0,0 +1,12 @@ | ||
11 | +; | ||
12 | +; BIND reverse data file for broadcast zone | ||
13 | +; | ||
14 | +$TTL 604800 | ||
15 | +@ IN SOA localhost. root.localhost. ( | ||
16 | + 1 ; Serial | ||
17 | + 604800 ; Refresh | ||
18 | + 86400 ; Retry | ||
19 | + 2419200 ; Expire | ||
20 | + 604800 ) ; Negative Cache TTL | ||
21 | +; | ||
22 | +@ IN NS localhost. | ||
23 | diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127 | ||
24 | --- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100 | ||
25 | +++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200 | ||
26 | @@ -0,0 +1,13 @@ | ||
27 | +; | ||
28 | +; BIND reverse data file for local loopback interface | ||
29 | +; | ||
30 | +$TTL 604800 | ||
31 | +@ IN SOA localhost. root.localhost. ( | ||
32 | + 1 ; Serial | ||
33 | + 604800 ; Refresh | ||
34 | + 86400 ; Retry | ||
35 | + 2419200 ; Expire | ||
36 | + 604800 ) ; Negative Cache TTL | ||
37 | +; | ||
38 | +@ IN NS localhost. | ||
39 | +1.0.0 IN PTR localhost. | ||
40 | diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty | ||
41 | --- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100 | ||
42 | +++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200 | ||
43 | @@ -0,0 +1,14 @@ | ||
44 | +; BIND reverse data file for empty rfc1918 zone | ||
45 | +; | ||
46 | +; DO NOT EDIT THIS FILE - it is used for multiple zones. | ||
47 | +; Instead, copy it, edit named.conf, and use that copy. | ||
48 | +; | ||
49 | +$TTL 86400 | ||
50 | +@ IN SOA localhost. root.localhost. ( | ||
51 | + 1 ; Serial | ||
52 | + 604800 ; Refresh | ||
53 | + 86400 ; Retry | ||
54 | + 2419200 ; Expire | ||
55 | + 86400 ) ; Negative Cache TTL | ||
56 | +; | ||
57 | +@ IN NS localhost. | ||
58 | diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local | ||
59 | --- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100 | ||
60 | +++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200 | ||
61 | @@ -0,0 +1,13 @@ | ||
62 | +; | ||
63 | +; BIND data file for local loopback interface | ||
64 | +; | ||
65 | +$TTL 604800 | ||
66 | +@ IN SOA localhost. root.localhost. ( | ||
67 | + 1 ; Serial | ||
68 | + 604800 ; Refresh | ||
69 | + 86400 ; Retry | ||
70 | + 2419200 ; Expire | ||
71 | + 604800 ) ; Negative Cache TTL | ||
72 | +; | ||
73 | +@ IN NS localhost. | ||
74 | +@ IN A 127.0.0.1 | ||
75 | diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root | ||
76 | --- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100 | ||
77 | +++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200 | ||
78 | @@ -0,0 +1,45 @@ | ||
79 | + | ||
80 | +; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. | ||
81 | +;; global options: printcmd | ||
82 | +;; Got answer: | ||
83 | +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 | ||
84 | +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 | ||
85 | + | ||
86 | +;; QUESTION SECTION: | ||
87 | +;. IN NS | ||
88 | + | ||
89 | +;; ANSWER SECTION: | ||
90 | +. 518400 IN NS A.ROOT-SERVERS.NET. | ||
91 | +. 518400 IN NS B.ROOT-SERVERS.NET. | ||
92 | +. 518400 IN NS C.ROOT-SERVERS.NET. | ||
93 | +. 518400 IN NS D.ROOT-SERVERS.NET. | ||
94 | +. 518400 IN NS E.ROOT-SERVERS.NET. | ||
95 | +. 518400 IN NS F.ROOT-SERVERS.NET. | ||
96 | +. 518400 IN NS G.ROOT-SERVERS.NET. | ||
97 | +. 518400 IN NS H.ROOT-SERVERS.NET. | ||
98 | +. 518400 IN NS I.ROOT-SERVERS.NET. | ||
99 | +. 518400 IN NS J.ROOT-SERVERS.NET. | ||
100 | +. 518400 IN NS K.ROOT-SERVERS.NET. | ||
101 | +. 518400 IN NS L.ROOT-SERVERS.NET. | ||
102 | +. 518400 IN NS M.ROOT-SERVERS.NET. | ||
103 | + | ||
104 | +;; ADDITIONAL SECTION: | ||
105 | +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 | ||
106 | +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 | ||
107 | +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 | ||
108 | +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 | ||
109 | +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 | ||
110 | +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 | ||
111 | +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 | ||
112 | +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 | ||
113 | +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 | ||
114 | +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 | ||
115 | +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 | ||
116 | +L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 | ||
117 | +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 | ||
118 | + | ||
119 | +;; Query time: 81 msec | ||
120 | +;; SERVER: 198.41.0.4#53(a.root-servers.net.) | ||
121 | +;; WHEN: Sun Feb 1 11:27:14 2004 | ||
122 | +;; MSG SIZE rcvd: 436 | ||
123 | + | ||
124 | diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf | ||
125 | --- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100 | ||
126 | +++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200 | ||
127 | @@ -0,0 +1,49 @@ | ||
128 | +// This is the primary configuration file for the BIND DNS server named. | ||
129 | +// | ||
130 | +// If you are just adding zones, please do that in /etc/bind/named.conf.local | ||
131 | + | ||
132 | +include "/etc/bind/named.conf.options"; | ||
133 | + | ||
134 | +// prime the server with knowledge of the root servers | ||
135 | +zone "." { | ||
136 | + type hint; | ||
137 | + file "/etc/bind/db.root"; | ||
138 | +}; | ||
139 | + | ||
140 | +// be authoritative for the localhost forward and reverse zones, and for | ||
141 | +// broadcast zones as per RFC 1912 | ||
142 | + | ||
143 | +zone "localhost" { | ||
144 | + type master; | ||
145 | + file "/etc/bind/db.local"; | ||
146 | +}; | ||
147 | + | ||
148 | +zone "127.in-addr.arpa" { | ||
149 | + type master; | ||
150 | + file "/etc/bind/db.127"; | ||
151 | +}; | ||
152 | + | ||
153 | +zone "0.in-addr.arpa" { | ||
154 | + type master; | ||
155 | + file "/etc/bind/db.0"; | ||
156 | +}; | ||
157 | + | ||
158 | +zone "255.in-addr.arpa" { | ||
159 | + type master; | ||
160 | + file "/etc/bind/db.255"; | ||
161 | +}; | ||
162 | + | ||
163 | +// zone "com" { type delegation-only; }; | ||
164 | +// zone "net" { type delegation-only; }; | ||
165 | + | ||
166 | +// From the release notes: | ||
167 | +// Because many of our users are uncomfortable receiving undelegated answers | ||
168 | +// from root or top level domains, other than a few for whom that behaviour | ||
169 | +// has been trusted and expected for quite some length of time, we have now | ||
170 | +// introduced the "root-delegations-only" feature which applies delegation-only | ||
171 | +// logic to all top level domains, and to the root domain. An exception list | ||
172 | +// should be specified, including "MUSEUM" and "DE", and any other top level | ||
173 | +// domains from whom undelegated responses are expected and trusted. | ||
174 | +// root-delegation-only exclude { "DE"; "MUSEUM"; }; | ||
175 | + | ||
176 | +include "/etc/bind/named.conf.local"; | ||
177 | diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local | ||
178 | --- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100 | ||
179 | +++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200 | ||
180 | @@ -0,0 +1,8 @@ | ||
181 | +// | ||
182 | +// Do any local configuration here | ||
183 | +// | ||
184 | + | ||
185 | +// Consider adding the 1918 zones here, if they are not used in your | ||
186 | +// organization | ||
187 | +//include "/etc/bind/zones.rfc1918"; | ||
188 | + | ||
189 | diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options | ||
190 | --- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100 | ||
191 | +++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200 | ||
192 | @@ -0,0 +1,24 @@ | ||
193 | +options { | ||
194 | + directory "/var/cache/bind"; | ||
195 | + | ||
196 | + // If there is a firewall between you and nameservers you want | ||
197 | + // to talk to, you might need to uncomment the query-source | ||
198 | + // directive below. Previous versions of BIND always asked | ||
199 | + // questions using port 53, but BIND 8.1 and later use an unprivileged | ||
200 | + // port by default. | ||
201 | + | ||
202 | + // query-source address * port 53; | ||
203 | + | ||
204 | + // If your ISP provided one or more IP addresses for stable | ||
205 | + // nameservers, you probably want to use them as forwarders. | ||
206 | + // Uncomment the following block, and insert the addresses replacing | ||
207 | + // the all-0's placeholder. | ||
208 | + | ||
209 | + // forwarders { | ||
210 | + // 0.0.0.0; | ||
211 | + // }; | ||
212 | + | ||
213 | + auth-nxdomain no; # conform to RFC1035 | ||
214 | + | ||
215 | +}; | ||
216 | + | ||
217 | diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918 | ||
218 | --- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100 | ||
219 | +++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200 | ||
220 | @@ -0,0 +1,20 @@ | ||
221 | +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
222 | + | ||
223 | +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
224 | +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
225 | +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
226 | +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
227 | +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
228 | +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
229 | +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
230 | +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
231 | +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
232 | +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
233 | +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
234 | +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
235 | +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
236 | +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
237 | +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
238 | +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
239 | + | ||
240 | +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
241 | diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d | ||
242 | --- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100 | ||
243 | +++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200 | ||
244 | @@ -0,0 +1,70 @@ | ||
245 | +#!/bin/sh | ||
246 | + | ||
247 | +PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
248 | + | ||
249 | +# for a chrooted server: "-u bind -t /var/lib/named" | ||
250 | +# Don't modify this line, change or create /etc/default/bind9. | ||
251 | +OPTIONS="" | ||
252 | + | ||
253 | +test -f /etc/default/bind9 && . /etc/default/bind9 | ||
254 | + | ||
255 | +test -x /usr/sbin/rndc || exit 0 | ||
256 | + | ||
257 | +case "$1" in | ||
258 | + start) | ||
259 | + echo -n "Starting domain name service: named" | ||
260 | + | ||
261 | + modprobe capability >/dev/null 2>&1 || true | ||
262 | + if [ ! -f /etc/bind/rndc.key ]; then | ||
263 | + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom | ||
264 | + chmod 0640 /etc/bind/rndc.key | ||
265 | + fi | ||
266 | + if [ -f /var/run/named/named.pid ]; then | ||
267 | + ps `cat /var/run/named/named.pid` > /dev/null && exit 1 | ||
268 | + fi | ||
269 | + | ||
270 | + # dirs under /var/run can go away on reboots. | ||
271 | + mkdir -p /var/run/named | ||
272 | + mkdir -p /var/cache/bind | ||
273 | + chmod 775 /var/run/named | ||
274 | + chown root:bind /var/run/named >/dev/null 2>&1 || true | ||
275 | + | ||
276 | + if [ ! -x /usr/sbin/named ]; then | ||
277 | + echo "named binary missing - not starting" | ||
278 | + exit 1 | ||
279 | + fi | ||
280 | + if start-stop-daemon --start --quiet --exec /usr/sbin/named \ | ||
281 | + --pidfile /var/run/named/named.pid -- $OPTIONS; then | ||
282 | + if [ -x /sbin/resolvconf ] ; then | ||
283 | + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo | ||
284 | + fi | ||
285 | + fi | ||
286 | + echo "." | ||
287 | + ;; | ||
288 | + | ||
289 | + stop) | ||
290 | + echo -n "Stopping domain name service: named" | ||
291 | + if [ -x /sbin/resolvconf ]; then | ||
292 | + /sbin/resolvconf -d lo | ||
293 | + fi | ||
294 | + /usr/sbin/rndc stop >/dev/null 2>&1 | ||
295 | + echo "." | ||
296 | + ;; | ||
297 | + | ||
298 | + reload) | ||
299 | + /usr/sbin/rndc reload | ||
300 | + ;; | ||
301 | + | ||
302 | + restart|force-reload) | ||
303 | + $0 stop | ||
304 | + sleep 2 | ||
305 | + $0 start | ||
306 | + ;; | ||
307 | + | ||
308 | + *) | ||
309 | + echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 | ||
310 | + exit 1 | ||
311 | + ;; | ||
312 | +esac | ||
313 | + | ||
314 | +exit 0 | ||
diff --git a/meta/recipes-connectivity/bind/bind/cross-build-fix.patch b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch new file mode 100644 index 0000000..4c37b6b --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch | |||
@@ -0,0 +1,21 @@ | |||
1 | Upstream-Status: Inappropriate [configuration] | ||
2 | |||
3 | 11/30/2010 | ||
4 | gen.c should be build by ${BUILD_CC} | ||
5 | |||
6 | Signed-off-by: Qing He <qing.he@intel.com> | ||
7 | |||
8 | diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in | ||
9 | index aeadf57..d3fae74 100644 | ||
10 | --- a/lib/export/dns/Makefile.in | ||
11 | +++ b/lib/export/dns/Makefile.in | ||
12 | @@ -166,7 +166,8 @@ code.h: gen | ||
13 | ./gen -s ${srcdir} > code.h | ||
14 | |||
15 | gen: ${srcdir}/gen.c | ||
16 | - ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS} | ||
17 | + ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ | ||
18 | + ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} | ||
19 | |||
20 | #We don't need rbtdb64 for this library | ||
21 | #rbtdb64.@O@: rbtdb.c | ||
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch new file mode 100644 index 0000000..288e58b --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch | |||
@@ -0,0 +1,17 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Signed-off-by Saul Wold <sgw@linux.intel.com> | ||
4 | |||
5 | Index: bind-9.9.5/bin/Makefile.in | ||
6 | =================================================================== | ||
7 | --- bind-9.9.5.orig/bin/Makefile.in | ||
8 | +++ bind-9.9.5/bin/Makefile.in | ||
9 | @@ -19,7 +19,7 @@ srcdir = @srcdir@ | ||
10 | VPATH = @srcdir@ | ||
11 | top_srcdir = @top_srcdir@ | ||
12 | |||
13 | -SUBDIRS = named rndc dig dnssec tools tests nsupdate \ | ||
14 | +SUBDIRS = named rndc dig dnssec tools nsupdate \ | ||
15 | check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ | ||
16 | TARGETS = | ||
17 | |||
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh new file mode 100644 index 0000000..db20127 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh | |||
@@ -0,0 +1,7 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | if [ ! -s /etc/bind/rndc.key ]; then | ||
4 | echo -n "Generating /etc/bind/rndc.key:" | ||
5 | /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom | ||
6 | chmod 0640 /etc/bind/rndc.key | ||
7 | fi | ||
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch new file mode 100644 index 0000000..11db95e --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | Subject: init.d: add support for read-only rootfs | ||
2 | |||
3 | Upstream-Status: Inappropriate [oe specific] | ||
4 | |||
5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
6 | --- | ||
7 | init.d | 40 ++++++++++++++++++++++++++++++++++++++++ | ||
8 | 1 file changed, 40 insertions(+) | ||
9 | |||
10 | diff --git a/init.d b/init.d | ||
11 | index 0111ed4..24677c8 100644 | ||
12 | --- a/init.d | ||
13 | +++ b/init.d | ||
14 | @@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
15 | # Don't modify this line, change or create /etc/default/bind9. | ||
16 | OPTIONS="" | ||
17 | |||
18 | +test -f /etc/default/rcS && . /etc/default/rcS | ||
19 | test -f /etc/default/bind9 && . /etc/default/bind9 | ||
20 | |||
21 | +# This function is here because it's possible that /var and / are on different partitions. | ||
22 | +is_on_read_only_partition () { | ||
23 | + DIRECTORY=$1 | ||
24 | + dir=`readlink -f $DIRECTORY` | ||
25 | + while true; do | ||
26 | + if [ ! -d "$dir" ]; then | ||
27 | + echo "ERROR: $dir is not a directory" | ||
28 | + exit 1 | ||
29 | + else | ||
30 | + for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ | ||
31 | + END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do | ||
32 | + [ "$flag" = "FOUND" ] && partition="read-write" | ||
33 | + [ "$flag" = "ro" ] && { partition="read-only"; break; } | ||
34 | + done | ||
35 | + if [ "$dir" = "/" -o -n "$partition" ]; then | ||
36 | + break | ||
37 | + else | ||
38 | + dir=`dirname $dir` | ||
39 | + fi | ||
40 | + fi | ||
41 | + done | ||
42 | + [ "$partition" = "read-only" ] && echo "yes" || echo "no" | ||
43 | +} | ||
44 | + | ||
45 | +bind_mount () { | ||
46 | + olddir=$1 | ||
47 | + newdir=$2 | ||
48 | + mkdir -p $olddir | ||
49 | + cp -a $newdir/* $olddir | ||
50 | + mount --bind $olddir $newdir | ||
51 | +} | ||
52 | + | ||
53 | +# Deal with read-only rootfs | ||
54 | +if [ "$ROOTFS_READ_ONLY" = "yes" ]; then | ||
55 | + [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" | ||
56 | + [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind | ||
57 | + [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named | ||
58 | +fi | ||
59 | + | ||
60 | test -x /usr/sbin/rndc || exit 0 | ||
61 | |||
62 | case "$1" in | ||
63 | -- | ||
64 | 1.7.9.5 | ||
65 | |||
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch new file mode 100644 index 0000000..146f3e3 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | bind: make "/etc/init.d/bind stop" work | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | Add some configurations, make rndc command be able to controls | ||
6 | the named daemon. | ||
7 | |||
8 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
9 | --- | ||
10 | conf/named.conf | 5 +++++ | ||
11 | conf/rndc.conf | 5 +++++ | ||
12 | 2 files changed, 10 insertions(+), 0 deletions(-) | ||
13 | create mode 100644 conf/rndc.conf | ||
14 | |||
15 | diff --git a/conf/named.conf b/conf/named.conf | ||
16 | index 95829cf..c8899e7 100644 | ||
17 | --- a/conf/named.conf | ||
18 | +++ b/conf/named.conf | ||
19 | @@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { | ||
20 | // root-delegation-only exclude { "DE"; "MUSEUM"; }; | ||
21 | |||
22 | include "/etc/bind/named.conf.local"; | ||
23 | +include "/etc/bind/rndc.key" ; | ||
24 | +controls { | ||
25 | + inet 127.0.0.1 allow { localhost; } | ||
26 | + keys { rndc-key; }; | ||
27 | +}; | ||
28 | diff --git a/conf/rndc.conf b/conf/rndc.conf | ||
29 | new file mode 100644 | ||
30 | index 0000000..a0b481d | ||
31 | --- /dev/null | ||
32 | +++ b/conf/rndc.conf | ||
33 | @@ -0,0 +1,5 @@ | ||
34 | +include "/etc/bind/rndc.key"; | ||
35 | +options { | ||
36 | + default-server localhost; | ||
37 | + default-key rndc-key; | ||
38 | +}; | ||
39 | |||
40 | -- | ||
41 | 1.7.5.4 | ||
42 | |||
diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff new file mode 100644 index 0000000..2930796 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff | |||
@@ -0,0 +1,104 @@ | |||
1 | bind: port a patch to fix a build failure | ||
2 | |||
3 | mips1 does not support ll and sc instructions, and lead to below error, now | ||
4 | we port a patch from debian to fix it | ||
5 | [http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz] | ||
6 | |||
7 | | {standard input}: Assembler messages: | ||
8 | | {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)' | ||
9 | | {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)' | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | |||
13 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
14 | |||
15 | --- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h | ||
16 | +++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h | ||
17 | @@ -31,18 +31,20 @@ | ||
18 | isc_atomic_xadd(isc_int32_t *p, int val) { | ||
19 | isc_int32_t orig; | ||
20 | |||
21 | - /* add is a cheat, since MIPS has no mov instruction */ | ||
22 | - __asm__ volatile ( | ||
23 | - "1:" | ||
24 | - "ll $3, %1\n" | ||
25 | - "add %0, $0, $3\n" | ||
26 | - "add $3, $3, %2\n" | ||
27 | - "sc $3, %1\n" | ||
28 | - "beq $3, 0, 1b" | ||
29 | - : "=&r"(orig) | ||
30 | - : "m"(*p), "r"(val) | ||
31 | - : "memory", "$3" | ||
32 | - ); | ||
33 | + __asm__ __volatile__ ( | ||
34 | + " .set push \n" | ||
35 | + " .set mips2 \n" | ||
36 | + " .set noreorder \n" | ||
37 | + " .set noat \n" | ||
38 | + "1: ll $1, %1 \n" | ||
39 | + " addu %0, $1, %2 \n" | ||
40 | + " sc %0, %1 \n" | ||
41 | + " beqz %0, 1b \n" | ||
42 | + " move %0, $1 \n" | ||
43 | + " .set pop \n" | ||
44 | + : "=&r" (orig), "+R" (*p) | ||
45 | + : "r" (val) | ||
46 | + : "memory"); | ||
47 | |||
48 | return (orig); | ||
49 | } | ||
50 | @@ -52,16 +54,7 @@ | ||
51 | */ | ||
52 | static inline void | ||
53 | isc_atomic_store(isc_int32_t *p, isc_int32_t val) { | ||
54 | - __asm__ volatile ( | ||
55 | - "1:" | ||
56 | - "ll $3, %0\n" | ||
57 | - "add $3, $0, %1\n" | ||
58 | - "sc $3, %0\n" | ||
59 | - "beq $3, 0, 1b" | ||
60 | - : | ||
61 | - : "m"(*p), "r"(val) | ||
62 | - : "memory", "$3" | ||
63 | - ); | ||
64 | + *p = val; | ||
65 | } | ||
66 | |||
67 | /* | ||
68 | @@ -72,20 +65,23 @@ | ||
69 | static inline isc_int32_t | ||
70 | isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { | ||
71 | isc_int32_t orig; | ||
72 | + isc_int32_t tmp; | ||
73 | |||
74 | - __asm__ volatile( | ||
75 | - "1:" | ||
76 | - "ll $3, %1\n" | ||
77 | - "add %0, $0, $3\n" | ||
78 | - "bne $3, %2, 2f\n" | ||
79 | - "add $3, $0, %3\n" | ||
80 | - "sc $3, %1\n" | ||
81 | - "beq $3, 0, 1b\n" | ||
82 | - "2:" | ||
83 | - : "=&r"(orig) | ||
84 | - : "m"(*p), "r"(cmpval), "r"(val) | ||
85 | - : "memory", "$3" | ||
86 | - ); | ||
87 | + __asm__ __volatile__ ( | ||
88 | + " .set push \n" | ||
89 | + " .set mips2 \n" | ||
90 | + " .set noreorder \n" | ||
91 | + " .set noat \n" | ||
92 | + "1: ll $1, %1 \n" | ||
93 | + " bne $1, %3, 2f \n" | ||
94 | + " move %2, %4 \n" | ||
95 | + " sc %2, %1 \n" | ||
96 | + " beqz %2, 1b \n" | ||
97 | + "2: move %0, $1 \n" | ||
98 | + " .set pop \n" | ||
99 | + : "=&r"(orig), "+R" (*p), "=r" (tmp) | ||
100 | + : "r"(cmpval), "r"(val) | ||
101 | + : "memory"); | ||
102 | |||
103 | return (orig); | ||
104 | } | ||
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind/named.service new file mode 100644 index 0000000..cda56ef --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/named.service | |||
@@ -0,0 +1,22 @@ | |||
1 | [Unit] | ||
2 | Description=Berkeley Internet Name Domain (DNS) | ||
3 | Wants=nss-lookup.target | ||
4 | Before=nss-lookup.target | ||
5 | After=network.target | ||
6 | |||
7 | [Service] | ||
8 | Type=forking | ||
9 | EnvironmentFile=-/etc/default/bind9 | ||
10 | PIDFile=/run/named/named.pid | ||
11 | |||
12 | ExecStartPre=@SBINDIR@/generate-rndc-key.sh | ||
13 | ExecStart=@SBINDIR@/named $OPTIONS | ||
14 | |||
15 | ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' | ||
16 | |||
17 | ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' | ||
18 | |||
19 | PrivateTmp=true | ||
20 | |||
21 | [Install] | ||
22 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb new file mode 100644 index 0000000..e206cc4 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb | |||
@@ -0,0 +1,99 @@ | |||
1 | SUMMARY = "ISC Internet Domain Name Server" | ||
2 | HOMEPAGE = "http://www.isc.org/sw/bind/" | ||
3 | SECTION = "console/network" | ||
4 | |||
5 | LICENSE = "ISC & BSD" | ||
6 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=a3df5f651469919a0e6cb42f84fb6ff1" | ||
7 | |||
8 | DEPENDS = "openssl libcap" | ||
9 | |||
10 | SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ | ||
11 | file://conf.patch \ | ||
12 | file://cross-build-fix.patch \ | ||
13 | file://make-etc-initd-bind-stop-work.patch \ | ||
14 | file://mips1-not-support-opcode.diff \ | ||
15 | file://dont-test-on-host.patch \ | ||
16 | file://generate-rndc-key.sh \ | ||
17 | file://named.service \ | ||
18 | file://bind9 \ | ||
19 | file://init.d-add-support-for-read-only-rootfs.patch \ | ||
20 | file://bind9_9_5-CVE-2014-8500.patch \ | ||
21 | file://bind9_9_5-CVE-2015-5477.patch \ | ||
22 | " | ||
23 | |||
24 | SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" | ||
25 | SRC_URI[sha256sum] = "d4b64c1dde442145a316679acff2df4008aa117ae52dfa3a6bc69efecc7840d1" | ||
26 | |||
27 | # --enable-exportlib is necessary for building dhcp | ||
28 | ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}" | ||
29 | EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \ | ||
30 | --disable-devpoll --disable-epoll --with-gost=no \ | ||
31 | --with-gssapi=no --with-ecdsa=yes \ | ||
32 | --sysconfdir=${sysconfdir}/bind \ | ||
33 | --with-openssl=${STAGING_LIBDIR}/.. --with-libxml2=${STAGING_LIBDIR}/.. \ | ||
34 | --enable-exportlib --with-export-includedir=${includedir} --with-export-libdir=${libdir} \ | ||
35 | " | ||
36 | inherit autotools-brokensep update-rc.d systemd useradd | ||
37 | |||
38 | USERADD_PACKAGES = "${PN}" | ||
39 | USERADD_PARAM_${PN} = "--system --home /var/cache/bind --no-create-home \ | ||
40 | --user-group bind" | ||
41 | |||
42 | INITSCRIPT_NAME = "bind" | ||
43 | INITSCRIPT_PARAMS = "defaults" | ||
44 | |||
45 | SYSTEMD_SERVICE_${PN} = "named.service" | ||
46 | |||
47 | PARALLEL_MAKE = "" | ||
48 | |||
49 | RDEPENDS_${PN} = "python-core" | ||
50 | |||
51 | PACKAGE_BEFORE_PN += "${PN}-utils" | ||
52 | FILES_${PN}-utils = "${bindir}/host ${bindir}/dig" | ||
53 | FILES_${PN}-dev += "${bindir}/isc-config.h" | ||
54 | FILES_${PN} += "${sbindir}/generate-rndc-key.sh" | ||
55 | |||
56 | do_install_prepend() { | ||
57 | # clean host path in isc-config.sh before the hardlink created | ||
58 | # by "make install": | ||
59 | # bind9-config -> isc-config.sh | ||
60 | sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${S}/isc-config.sh | ||
61 | } | ||
62 | |||
63 | do_install_append() { | ||
64 | rm "${D}${bindir}/nslookup" | ||
65 | rm "${D}${mandir}/man1/nslookup.1" | ||
66 | rmdir "${D}${localstatedir}/run" | ||
67 | rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" | ||
68 | install -d "${D}${localstatedir}/cache/bind" | ||
69 | install -d "${D}${sysconfdir}/bind" | ||
70 | install -d "${D}${sysconfdir}/init.d" | ||
71 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | ||
72 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | ||
73 | sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds | ||
74 | |||
75 | # Install systemd related files | ||
76 | install -d ${D}${localstatedir}/cache/bind | ||
77 | install -d ${D}${sbindir} | ||
78 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} | ||
79 | install -d ${D}${systemd_unitdir}/system | ||
80 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system | ||
81 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
82 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
83 | ${D}${systemd_unitdir}/system/named.service | ||
84 | |||
85 | install -d ${D}${sysconfdir}/default | ||
86 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default | ||
87 | } | ||
88 | |||
89 | CONFFILES_${PN} = " \ | ||
90 | ${sysconfdir}/bind/named.conf \ | ||
91 | ${sysconfdir}/bind/named.conf.local \ | ||
92 | ${sysconfdir}/bind/named.conf.options \ | ||
93 | ${sysconfdir}/bind/db.0 \ | ||
94 | ${sysconfdir}/bind/db.127 \ | ||
95 | ${sysconfdir}/bind/db.empty \ | ||
96 | ${sysconfdir}/bind/db.local \ | ||
97 | ${sysconfdir}/bind/db.root \ | ||
98 | " | ||
99 | |||
diff --git a/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch b/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch new file mode 100644 index 0000000..0c77f1a --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch | |||
@@ -0,0 +1,14 @@ | |||
1 | Upstream-Status: Pending [package obsolete/not maintained by upstream] | ||
2 | |||
3 | Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> | ||
4 | diff -Nurd bluez-hcidump-2.5/configure.ac bluez-hcidump-2.5/configure.ac | ||
5 | --- bluez-hcidump-2.5/configure.ac 2012-11-30 10:29:41.000000000 +0200 | ||
6 | +++ bluez-hcidump-2.5/configure.ac 2013-01-12 10:02:10.609511463 +0200 | ||
7 | @@ -2,7 +2,7 @@ | ||
8 | AC_INIT(bluez-hcidump, 2.5) | ||
9 | |||
10 | AM_INIT_AUTOMAKE([foreign subdir-objects]) | ||
11 | -AM_CONFIG_HEADER(config.h) | ||
12 | +AC_CONFIG_HEADERS(config.h) | ||
13 | |||
14 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
diff --git a/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb b/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb new file mode 100644 index 0000000..3950630 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb | |||
@@ -0,0 +1,22 @@ | |||
1 | SUMMARY = "Linux Bluetooth Stack HCI Debugger Tool" | ||
2 | DESCRIPTION = "The hcidump tool reads raw HCI data coming from and going to a Bluetooth device \ | ||
3 | and displays the commands, events and data in a human-readable form." | ||
4 | |||
5 | SECTION = "console" | ||
6 | # hcidump was integrated into bluez5 | ||
7 | DEPENDS = "bluez4" | ||
8 | RCONFLICTS_${PN} = "bluez5" | ||
9 | LICENSE = "GPLv2+" | ||
10 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | ||
11 | file://src/hcidump.c;beginline=1;endline=23;md5=3bee3a162dff43a5be7470710b99fbcf" | ||
12 | PR = "r1" | ||
13 | |||
14 | SRC_URI = "http://www.kernel.org/pub/linux/bluetooth/bluez-hcidump-${PV}.tar.gz \ | ||
15 | file://obsolete_automake_macros.patch \ | ||
16 | " | ||
17 | |||
18 | SRC_URI[md5sum] = "2eab54bbd2b59a2ed4274ebb9390cf18" | ||
19 | SRC_URI[sha256sum] = "9b7c52b375081883738cf049ecabc103b97d094b19c6544fb241267905d88881" | ||
20 | S = "${WORKDIR}/bluez-hcidump-${PV}" | ||
21 | |||
22 | inherit autotools | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf b/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf new file mode 100644 index 0000000..ca5e9e4 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf | |||
@@ -0,0 +1,16 @@ | |||
1 | <!-- This configuration file specifies the required security policies | ||
2 | for Bluetooth core daemon to work. --> | ||
3 | |||
4 | <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" | ||
5 | "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> | ||
6 | <busconfig> | ||
7 | |||
8 | <!-- ../system.conf have denied everything, so we just punch some holes --> | ||
9 | |||
10 | <policy context="default"> | ||
11 | <allow own="org.bluez"/> | ||
12 | <allow send_destination="org.bluez"/> | ||
13 | <allow send_interface="org.bluez.Agent"/> | ||
14 | </policy> | ||
15 | |||
16 | </busconfig> | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch new file mode 100644 index 0000000..8089914 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | Add udevdir/udevrulesdir options | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | Signed-off-by: Constantin Musca <constantinx.musca@intel.com> | ||
5 | |||
6 | Index: bluez-4.101/Makefile.am | ||
7 | =================================================================== | ||
8 | --- bluez-4.101.orig/Makefile.am | ||
9 | +++ bluez-4.101/Makefile.am | ||
10 | @@ -395,7 +395,7 @@ EXTRA_DIST += audio/bluetooth.conf | ||
11 | include Makefile.tools | ||
12 | |||
13 | if DATAFILES | ||
14 | -rulesdir = @UDEV_DIR@/rules.d | ||
15 | +rulesdir = @UDEV_RULES_DIR@ | ||
16 | |||
17 | udev_files = | ||
18 | |||
19 | Index: bluez-4.101/configure.ac | ||
20 | =================================================================== | ||
21 | --- bluez-4.101.orig/configure.ac | ||
22 | +++ bluez-4.101/configure.ac | ||
23 | @@ -61,4 +61,14 @@ if (test -n "${path_systemdunit}"); then | ||
24 | fi | ||
25 | AM_CONDITIONAL(SYSTEMD, test -n "${path_systemdunit}") | ||
26 | |||
27 | +AC_ARG_WITH([udevdir], | ||
28 | + AS_HELP_STRING([--with-udevdir=DIR], [udev directory]), | ||
29 | + [], [with_udevdir=/lib/udev/]) | ||
30 | +AC_SUBST([UDEV_DIR], [$with_udevdir]) | ||
31 | + | ||
32 | +AC_ARG_WITH([udevrulesdir], | ||
33 | + AS_HELP_STRING([--with-udevrulesdir=DIR], [udev rules directory]), | ||
34 | + [], [with_udevrulesdir=/lib/udev/rules.d]) | ||
35 | +AC_SUBST([UDEV_RULES_DIR], [$with_udevrulesdir]) | ||
36 | + | ||
37 | AC_OUTPUT(Makefile doc/version.xml src/bluetoothd.8 src/bluetooth.service bluez.pc) | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch new file mode 100644 index 0000000..23f7d99 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | Upstream-Status: Inappropriate | ||
2 | |||
3 | Install the bluez's test scripts | ||
4 | |||
5 | Signed-off-by: Zhong Hongbo <hongbo.zhong@windriver.com> | ||
6 | diff -Nurd bluez-4.101.orig/Makefile.tools bluez-4.101/Makefile.tools | ||
7 | --- bluez-4.101.orig/Makefile.tools 2013-11-19 15:49:07.688838000 +0800 | ||
8 | +++ bluez-4.101/Makefile.tools 2013-11-19 15:50:09.256837848 +0800 | ||
9 | @@ -227,6 +227,17 @@ | ||
10 | test/service-spp.xml test/service-opp.xml test/service-ftp.xml \ | ||
11 | test/simple-player test/test-nap | ||
12 | |||
13 | +bluez4_testdir = $(libdir)/bluez4/test/ | ||
14 | +dist_bluez4_test_SCRIPTS = test/sap-client test/hsplay test/hsmicro \ | ||
15 | + test/monitor-bluetooth test/list-devices \ | ||
16 | + test/test-discovery test/test-manager test/test-adapter \ | ||
17 | + test/test-device test/test-service test/test-serial \ | ||
18 | + test/test-telephony test/test-network test/simple-agent \ | ||
19 | + test/simple-service test/simple-endpoint test/test-audio \ | ||
20 | + test/test-input test/test-sap-server test/test-oob \ | ||
21 | + test/test-attrib test/test-proximity test/test-thermometer \ | ||
22 | + test/test-serial-proxy test/test-health test/test-health-sink \ | ||
23 | + test/simple-player test/test-nap | ||
24 | if HIDD | ||
25 | bin_PROGRAMS += compat/hidd | ||
26 | |||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch new file mode 100644 index 0000000..37f9199 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | Upstream-Status: Backport | ||
2 | Signed-off-by: Peter A. Bigot <pab@pabigot.com> | ||
3 | |||
4 | From 57170b311f1468330f4a9961dc0b3ac45f97bc13 Mon Sep 17 00:00:00 2001 | ||
5 | From: Gustavo Padovan <gustavo.padovan@collabora.co.uk> | ||
6 | Date: Sat, 30 Jun 2012 00:39:05 -0300 | ||
7 | Subject: [PATCH] network: fix network Connect() method parameters | ||
8 | |||
9 | --- | ||
10 | network/connection.c | 4 +++- | ||
11 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/network/connection.c b/network/connection.c | ||
14 | index 544ec3a..59423a9 100644 | ||
15 | --- a/network/connection.c | ||
16 | +++ b/network/connection.c | ||
17 | @@ -554,7 +554,9 @@ static void path_unregister(void *data) | ||
18 | |||
19 | static const GDBusMethodTable connection_methods[] = { | ||
20 | { GDBUS_ASYNC_METHOD("Connect", | ||
21 | - NULL, NULL, connection_connect) }, | ||
22 | + GDBUS_ARGS({"uuid", "s"}), | ||
23 | + GDBUS_ARGS({"interface", "s"}), | ||
24 | + connection_connect) }, | ||
25 | { GDBUS_METHOD("Disconnect", | ||
26 | NULL, NULL, connection_disconnect) }, | ||
27 | { GDBUS_METHOD("GetProperties", | ||
28 | -- | ||
29 | 1.7.9.5 | ||
30 | |||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch new file mode 100644 index 0000000..1068f24 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch | |||
@@ -0,0 +1,14 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> | ||
4 | diff -Nurd bluez-4.101/configure.ac bluez-4.101/configure.ac | ||
5 | --- bluez-4.101/configure.ac 2012-06-22 19:36:49.000000000 +0300 | ||
6 | +++ bluez-4.101/configure.ac 2013-01-07 06:13:18.385888966 +0200 | ||
7 | @@ -2,7 +2,7 @@ | ||
8 | AC_INIT(bluez, 4.101) | ||
9 | |||
10 | AM_INIT_AUTOMAKE([foreign subdir-objects color-tests]) | ||
11 | -AM_CONFIG_HEADER(config.h) | ||
12 | +AC_CONFIG_HEADERS(config.h) | ||
13 | |||
14 | m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch new file mode 100644 index 0000000..98fab45 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | on x86 and x86_64 gcc 4.7 complains | ||
2 | |||
3 | sbc/sbc_primitives_mmx.c: In function 'sbc_calc_scalefactors_mmx': | ||
4 | sbc/sbc_primitives_mmx.c:294:4: warning: asm operand 2 probably doesn't match constraints [enabled by default] | ||
5 | sbc/sbc_primitives_mmx.c:294:4: error: impossible constraint in 'asm' | ||
6 | |||
7 | This patch is taken from https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/911871 | ||
8 | |||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | Index: bluez-4.98/sbc/sbc_primitives_mmx.c | ||
13 | =================================================================== | ||
14 | --- bluez-4.98.orig/sbc/sbc_primitives_mmx.c 2011-12-21 14:53:54.000000000 -0800 | ||
15 | +++ bluez-4.98/sbc/sbc_primitives_mmx.c 2012-02-24 10:07:03.422073800 -0800 | ||
16 | @@ -318,7 +318,7 @@ | ||
17 | "movl %k0, 4(%3)\n" | ||
18 | : "+r" (blk) | ||
19 | : "r" (&sb_sample_f[0][ch][sb]), | ||
20 | - "i" ((char *) &sb_sample_f[1][0][0] - | ||
21 | + "r" ((char *) &sb_sample_f[1][0][0] - | ||
22 | (char *) &sb_sample_f[0][0][0]), | ||
23 | "r" (&scale_factor[ch][sb]), | ||
24 | "r" (&consts), | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch new file mode 100644 index 0000000..37037f5 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | Upstream-Status: Inappropriate | ||
2 | |||
3 | use legacy pygobject instead of gobject-introspection | ||
4 | |||
5 | Signed-off-by: Zhong Hongbo <hongbo.zhong@windriver.com> | ||
6 | --- | ||
7 | diff -Nurd bluez-4.101.orig/test/simple-agent bluez-4.101/test/simple-agent | ||
8 | --- bluez-4.101.orig/test/simple-agent 2013-11-13 17:14:08.138118159 +0800 | ||
9 | +++ bluez-4.101/test/simple-agent 2013-11-13 17:14:29.034118107 +0800 | ||
10 | @@ -2,7 +2,7 @@ | ||
11 | |||
12 | from __future__ import absolute_import, print_function, unicode_literals | ||
13 | |||
14 | -from gi.repository import GObject | ||
15 | +import gobject | ||
16 | |||
17 | import sys | ||
18 | import dbus | ||
19 | @@ -122,7 +122,7 @@ | ||
20 | path = "/test/agent" | ||
21 | agent = Agent(bus, path) | ||
22 | |||
23 | - mainloop = GObject.MainLoop() | ||
24 | + mainloop = gobject.MainLoop() | ||
25 | |||
26 | if len(args) > 1: | ||
27 | if len(args) > 2: | ||
diff --git a/meta/recipes-connectivity/bluez/bluez4.inc b/meta/recipes-connectivity/bluez/bluez4.inc new file mode 100644 index 0000000..11c9616 --- /dev/null +++ b/meta/recipes-connectivity/bluez/bluez4.inc | |||
@@ -0,0 +1,46 @@ | |||