summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/avahi/avahi_0.8.bb121
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch58
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch48
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch65
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch59
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch52
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch73
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch52
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch46
-rw-r--r--meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch110
-rw-r--r--meta/recipes-connectivity/avahi/files/handle-hup.patch41
-rw-r--r--meta/recipes-connectivity/avahi/files/invalid-service.patch29
-rw-r--r--meta/recipes-connectivity/avahi/files/local-ping.patch153
-rw-r--r--meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch35
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch)2
-rw-r--r--meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch35
-rw-r--r--meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch)28
-rw-r--r--meta/recipes-connectivity/bind/bind/bind9 (renamed from meta/recipes-connectivity/bind/bind-9.16.7/bind9)0
-rw-r--r--meta/recipes-connectivity/bind/bind/conf.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.7/conf.patch)2
-rw-r--r--meta/recipes-connectivity/bind/bind/generate-rndc-key.sh (renamed from meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh)0
-rw-r--r--meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch)0
-rw-r--r--meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch (renamed from meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch)0
-rw-r--r--meta/recipes-connectivity/bind/bind/named.service (renamed from meta/recipes-connectivity/bind/bind-9.16.7/named.service)0
-rw-r--r--meta/recipes-connectivity/bind/bind_9.18.24.bb (renamed from meta/recipes-connectivity/bind/bind_9.16.7.bb)70
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc46
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch10
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch10
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch27
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5_5.72.bb (renamed from meta/recipes-connectivity/bluez5/bluez5_5.55.bb)5
-rw-r--r--meta/recipes-connectivity/connman/connman-conf.bb39
-rw-r--r--meta/recipes-connectivity/connman/connman-conf/main.conf2
-rw-r--r--meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service10
-rw-r--r--meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup16
-rw-r--r--meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config9
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome_0.7.bb8
-rw-r--r--meta/recipes-connectivity/connman/connman.inc110
-rw-r--r--meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch29
-rw-r--r--meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch55
-rw-r--r--meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch152
-rw-r--r--meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch18
-rw-r--r--meta/recipes-connectivity/connman/connman/connman40
-rw-r--r--meta/recipes-connectivity/connman/connman_1.38.bb17
-rw-r--r--meta/recipes-connectivity/connman/connman_1.42.bb17
-rw-r--r--meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb (renamed from meta/recipes-connectivity/dhcpcd/dhcpcd_9.3.2.bb)32
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch82
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch44
-rw-r--r--meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch14
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch58
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch31
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch25
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch83
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch29
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch14
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch26
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch40
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils/version.patch17
-rw-r--r--meta/recipes-connectivity/inetutils/inetutils_2.5.bb (renamed from meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb)155
-rw-r--r--meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb11
-rw-r--r--meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb (renamed from meta/recipes-connectivity/iproute2/iproute2.inc)63
-rw-r--r--meta/recipes-connectivity/iw/iw_6.7.bb (renamed from meta/recipes-connectivity/iw/iw_5.9.bb)2
-rw-r--r--meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch62
-rw-r--r--meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch39
-rw-r--r--meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch28
-rw-r--r--meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch55
-rw-r--r--meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch27
-rw-r--r--meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service1
-rw-r--r--meta/recipes-connectivity/kea/kea_2.4.1.bb (renamed from meta/recipes-connectivity/kea/kea_1.7.10.bb)65
-rw-r--r--meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb (renamed from meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb)15
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb (renamed from meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb)13
-rw-r--r--meta/recipes-connectivity/libuv/libuv_1.40.0.bb19
-rw-r--r--meta/recipes-connectivity/libuv/libuv_1.48.0.bb22
-rw-r--r--meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb8
-rw-r--r--meta/recipes-connectivity/neard/neard_0.19.bb (renamed from meta/recipes-connectivity/neard/neard_0.16.bb)27
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch2
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch36
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch34
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch53
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service1
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service1
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service2
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb (renamed from meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb)71
-rw-r--r--meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch28
-rw-r--r--meta/recipes-connectivity/ofono/ofono_2.4.bb (renamed from meta/recipes-connectivity/ofono/ofono_1.31.bb)31
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch61
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch99
-rwxr-xr-xmeta/recipes-connectivity/openssh/openssh/run-ptest16
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config14
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.service17
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys4
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config17
-rw-r--r--meta/recipes-connectivity/openssh/openssh_9.6p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_8.4p1.bb)126
-rw-r--r--meta/recipes-connectivity/openssl/files/environment.d-openssl.sh4
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch374
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch39
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch42
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch46
-rw-r--r--meta/recipes-connectivity/openssl/openssl/afalg.patch31
-rw-r--r--meta/recipes-connectivity/openssl/openssl/reproducible.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl/run-ptest2
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1h.bb216
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.2.1.bb262
-rw-r--r--meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb6
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch124
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch43
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch47
-rw-r--r--meta/recipes-connectivity/ppp/ppp/copts.patch21
-rw-r--r--meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch30
-rw-r--r--meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch34
-rw-r--r--meta/recipes-connectivity/ppp/ppp/makefile.patch115
-rw-r--r--meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch45
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.4.8.bb103
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.5.0.bb75
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch37
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch20
-rw-r--r--meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb (renamed from meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb)21
-rw-r--r--meta/recipes-connectivity/slirp/libslirp_git.bb18
-rw-r--r--meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch62
-rw-r--r--meta/recipes-connectivity/socat/socat_1.8.0.0.bb (renamed from meta/recipes-connectivity/socat/socat_1.7.3.4.bb)14
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch82
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch33
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch213
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch151
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch73
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch52
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch26
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch62
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch50
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig552
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb138
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb113
130 files changed, 3695 insertions, 3132 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index c8a3f876aa..1f18d4491d 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -5,35 +5,47 @@ with no specific configuration. This tool implements IPv4LL, "Dynamic Configurat
5IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ 5IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
6configuration from the link-local 169.254.0.0/16 range without the need for a central \ 6configuration from the link-local 169.254.0.0/16 range without the need for a central \
7server.' 7server.'
8AUTHOR = "Lennart Poettering <lennart@poettering.net>"
9HOMEPAGE = "http://avahi.org" 8HOMEPAGE = "http://avahi.org"
10BUGTRACKER = "https://github.com/lathiat/avahi/issues" 9BUGTRACKER = "https://github.com/avahi/avahi/issues"
11SECTION = "network" 10SECTION = "network"
12 11
13# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and 12# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and
14# python scripts are under GPLv2+ 13# python scripts are under GPL-2.0-or-later
15LICENSE = "GPLv2+ & LGPLv2.1+" 14LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
16LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ 15LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
17 file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ 16 file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
18 file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ 17 file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
19 file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ 18 file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
20 file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" 19 file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
21 20
22SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ 21SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
23 file://00avahi-autoipd \ 22 file://00avahi-autoipd \
24 file://99avahi-autoipd \ 23 file://99avahi-autoipd \
25 file://initscript.patch \ 24 file://initscript.patch \
26 file://0001-Fix-opening-etc-resolv.conf-error.patch \ 25 file://0001-Fix-opening-etc-resolv.conf-error.patch \
26 file://handle-hup.patch \
27 file://local-ping.patch \
28 file://invalid-service.patch \
29 file://CVE-2023-1981.patch \
30 file://CVE-2023-38469-1.patch \
31 file://CVE-2023-38469-2.patch \
32 file://CVE-2023-38470-1.patch \
33 file://CVE-2023-38470-2.patch \
34 file://CVE-2023-38471-1.patch \
35 file://CVE-2023-38471-2.patch \
36 file://CVE-2023-38472.patch \
37 file://CVE-2023-38473.patch \
27 " 38 "
28 39
29UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" 40GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
30SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
31SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" 41SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
32 42
33DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" 43CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
44
45DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native"
34 46
35# For gtk related PACKAGECONFIGs: gtk, gtk3 47# For gtk related PACKAGECONFIGs: gtk, gtk3
36AVAHI_GTK ?= "gtk3" 48AVAHI_GTK ?= ""
37 49
38PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" 50PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}"
39PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" 51PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
@@ -43,7 +55,7 @@ PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
43PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" 55PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent"
44PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" 56PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase"
45 57
46inherit autotools pkgconfig gettext gobject-introspection 58inherit autotools pkgconfig gettext gobject-introspection github-releases
47 59
48EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ 60EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
49 --disable-stack-protector \ 61 --disable-stack-protector \
@@ -62,23 +74,22 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
62 74
63# The distro choice determines what init scripts are installed 75# The distro choice determines what init scripts are installed
64EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" 76EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
65EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" 77EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}"
66 78
67do_configure_prepend() { 79do_configure:prepend() {
68 # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes 80 # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
69 rm "${S}/common/introspection.m4" || true 81 rm "${S}/common/introspection.m4" || true
70} 82}
71 83
72do_compile_prepend() { 84do_compile:prepend() {
73 export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" 85 export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
74} 86}
75 87
76RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" 88RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns"
77 89
78do_install() { 90do_install() {
79 autotools_do_install 91 autotools_do_install
80 rm -rf ${D}/run 92 rm -rf ${D}/run
81 rm -rf ${D}${datadir}/dbus-1/interfaces
82 test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 93 test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
83 rm -rf ${D}${libdir}/avahi 94 rm -rf ${D}${libdir}/avahi
84 95
@@ -90,88 +101,88 @@ do_install() {
90 101
91PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" 102PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
92 103
93FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" 104FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
94 105
95RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" 106RPROVIDES:libavahi-compat-libdnssd = "libdns-sd"
96 107
97inherit update-rc.d systemd useradd 108inherit update-rc.d systemd useradd
98 109
99PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" 110PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui"
100 111
101FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*" 112FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*"
102FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ 113FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \
103 ${datadir}/avahi/interfaces/avahi-discover.ui \ 114 ${datadir}/avahi/interfaces/avahi-discover.ui \
104 ${bindir}/avahi-discover-standalone \ 115 ${bindir}/avahi-discover-standalone \
105 " 116 "
106 117
107LICENSE_libavahi-gobject = "LGPLv2.1+" 118LICENSE:libavahi-gobject = "LGPL-2.1-or-later"
108LICENSE_avahi-daemon = "LGPLv2.1+" 119LICENSE:avahi-daemon = "LGPL-2.1-or-later"
109LICENSE_libavahi-common = "LGPLv2.1+" 120LICENSE:libavahi-common = "LGPL-2.1-or-later"
110LICENSE_libavahi-core = "LGPLv2.1+" 121LICENSE:libavahi-core = "LGPL-2.1-or-later"
111LICENSE_libavahi-client = "LGPLv2.1+" 122LICENSE:libavahi-client = "LGPL-2.1-or-later"
112LICENSE_avahi-dnsconfd = "LGPLv2.1+" 123LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later"
113LICENSE_libavahi-glib = "LGPLv2.1+" 124LICENSE:libavahi-glib = "LGPL-2.1-or-later"
114LICENSE_avahi-autoipd = "LGPLv2.1+" 125LICENSE:avahi-autoipd = "LGPL-2.1-or-later"
115LICENSE_avahi-utils = "LGPLv2.1+" 126LICENSE:avahi-utils = "LGPL-2.1-or-later"
116 127
117# As avahi doesn't put any files into PN, clear the files list to avoid problems 128# As avahi doesn't put any files into PN, clear the files list to avoid problems
118# if extra libraries appear. 129# if extra libraries appear.
119FILES_${PN} = "" 130FILES:${PN} = ""
120FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ 131FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \
121 ${sysconfdir}/avahi/avahi-autoipd.action \ 132 ${sysconfdir}/avahi/avahi-autoipd.action \
122 ${sysconfdir}/dhcp/*/avahi-autoipd \ 133 ${sysconfdir}/dhcp/*/avahi-autoipd \
123 ${sysconfdir}/udhcpc.d/00avahi-autoipd \ 134 ${sysconfdir}/udhcpc.d/00avahi-autoipd \
124 ${sysconfdir}/udhcpc.d/99avahi-autoipd" 135 ${sysconfdir}/udhcpc.d/99avahi-autoipd"
125FILES_libavahi-common = "${libdir}/libavahi-common.so.*" 136FILES:libavahi-common = "${libdir}/libavahi-common.so.*"
126FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" 137FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
127FILES_avahi-daemon = "${sbindir}/avahi-daemon \ 138FILES:avahi-daemon = "${sbindir}/avahi-daemon \
128 ${sysconfdir}/avahi/avahi-daemon.conf \ 139 ${sysconfdir}/avahi/avahi-daemon.conf \
129 ${sysconfdir}/avahi/hosts \ 140 ${sysconfdir}/avahi/hosts \
130 ${sysconfdir}/avahi/services \ 141 ${sysconfdir}/avahi/services \
131 ${sysconfdir}/dbus-1 \ 142 ${sysconfdir}/dbus-1 \
132 ${sysconfdir}/init.d/avahi-daemon \ 143 ${sysconfdir}/init.d/avahi-daemon \
133 ${datadir}/avahi/introspection/*.introspect \ 144 ${datadir}/dbus-1/interfaces \
134 ${datadir}/avahi/avahi-service.dtd \ 145 ${datadir}/avahi/avahi-service.dtd \
135 ${datadir}/avahi/service-types \ 146 ${datadir}/avahi/service-types \
136 ${datadir}/dbus-1/system-services" 147 ${datadir}/dbus-1/system-services"
137FILES_libavahi-client = "${libdir}/libavahi-client.so.*" 148FILES:libavahi-client = "${libdir}/libavahi-client.so.*"
138FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ 149FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
139 ${sysconfdir}/avahi/avahi-dnsconfd.action \ 150 ${sysconfdir}/avahi/avahi-dnsconfd.action \
140 ${sysconfdir}/init.d/avahi-dnsconfd" 151 ${sysconfdir}/init.d/avahi-dnsconfd"
141FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" 152FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*"
142FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" 153FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib"
143FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" 154FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*"
144 155
145RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" 156DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
146RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" 157DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
147RDEPENDS_${PN}-dnsconfd = "${PN}-daemon" 158RDEPENDS:${PN}-dnsconfd = "${PN}-daemon"
148 159
149RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" 160RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns"
150 161
151CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" 162CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
152 163
153USERADD_PACKAGES = "avahi-daemon avahi-autoipd" 164USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
154USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ 165USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \
155 --no-create-home --shell /bin/false \ 166 --no-create-home --shell /bin/false \
156 --user-group avahi" 167 --user-group avahi"
157 168
158USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ 169USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \
159 --no-create-home --shell /bin/false \ 170 --no-create-home --shell /bin/false \
160 --user-group \ 171 --user-group \
161 -c \"Avahi autoip daemon\" \ 172 -c \"Avahi autoip daemon\" \
162 avahi-autoipd" 173 avahi-autoipd"
163 174
164INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" 175INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
165INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" 176INITSCRIPT_NAME:avahi-daemon = "avahi-daemon"
166INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" 177INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19"
167INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" 178INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd"
168INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" 179INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19"
169 180
170SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" 181SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
171SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" 182SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service"
172SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" 183SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service"
173 184
174do_install_append() { 185do_install:append() {
175 install -d ${D}${sysconfdir}/udhcpc.d 186 install -d ${D}${sysconfdir}/udhcpc.d
176 install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d 187 install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
177 install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d 188 install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
@@ -179,7 +190,7 @@ do_install_append() {
179 190
180# At the time the postinst runs, dbus might not be setup so only restart if running 191# At the time the postinst runs, dbus might not be setup so only restart if running
181# Don't exit early, because update-rc.d needs to run subsequently. 192# Don't exit early, because update-rc.d needs to run subsequently.
182pkg_postinst_avahi-daemon () { 193pkg_postinst:avahi-daemon () {
183if [ -z "$D" ]; then 194if [ -z "$D" ]; then
184 killall -q -HUP dbus-daemon || true 195 killall -q -HUP dbus-daemon || true
185fi 196fi
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
new file mode 100644
index 0000000000..4d7924d13a
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,58 @@
1From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Thu, 17 Nov 2022 01:51:53 +0100
4Subject: [PATCH] Emit error if requested service is not found
5
6It currently just crashes instead of replying with error. Check return
7value and emit error instead of passing NULL pointer to reply.
8
9Fixes #375
10
11Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security
12Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
13CVE: CVE-2023-1981
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------
17 1 file changed, 14 insertions(+), 6 deletions(-)
18
19diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c
20index 70d7687bc..406d0b441 100644
21--- a/avahi-daemon/dbus-protocol.c
22+++ b/avahi-daemon/dbus-protocol.c
23@@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM
24 }
25
26 t = avahi_alternative_host_name(n);
27- avahi_dbus_respond_string(c, m, t);
28- avahi_free(t);
29+ if (t) {
30+ avahi_dbus_respond_string(c, m, t);
31+ avahi_free(t);
32
33- return DBUS_HANDLER_RESULT_HANDLED;
34+ return DBUS_HANDLER_RESULT_HANDLED;
35+ } else {
36+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found");
37+ }
38 }
39
40 static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) {
41@@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB
42 }
43
44 t = avahi_alternative_service_name(n);
45- avahi_dbus_respond_string(c, m, t);
46- avahi_free(t);
47+ if (t) {
48+ avahi_dbus_respond_string(c, m, t);
49+ avahi_free(t);
50
51- return DBUS_HANDLER_RESULT_HANDLED;
52+ return DBUS_HANDLER_RESULT_HANDLED;
53+ } else {
54+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found");
55+ }
56 }
57
58 static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) {
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
new file mode 100644
index 0000000000..a078f66102
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
@@ -0,0 +1,48 @@
1From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Mon, 23 Oct 2023 20:29:31 +0000
4Subject: [PATCH] avahi: core: reject overly long TXT resource records
5
6Closes https://github.com/lathiat/avahi/issues/455
7
8Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
9CVE: CVE-2023-38469
10
11Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
12---
13 avahi-core/rr.c | 9 ++++++++-
14 1 file changed, 8 insertions(+), 1 deletion(-)
15
16diff --git a/avahi-core/rr.c b/avahi-core/rr.c
17index 7fa0bee..b03a24c 100644
18--- a/avahi-core/rr.c
19+++ b/avahi-core/rr.c
20@@ -32,6 +32,7 @@
21 #include <avahi-common/malloc.h>
22 #include <avahi-common/defs.h>
23
24+#include "dns.h"
25 #include "rr.h"
26 #include "log.h"
27 #include "util.h"
28@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
29 case AVAHI_DNS_TYPE_TXT: {
30
31 AvahiStringList *strlst;
32+ size_t used = 0;
33
34- for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next)
35+ for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) {
36 if (strlst->size > 255 || strlst->size <= 0)
37 return 0;
38
39+ used += 1+strlst->size;
40+ if (used > AVAHI_DNS_RDATA_MAX)
41+ return 0;
42+ }
43+
44 return 1;
45 }
46 }
47--
482.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
new file mode 100644
index 0000000000..f8f60ddca1
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
@@ -0,0 +1,65 @@
1From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Wed, 25 Oct 2023 18:15:42 +0000
4Subject: [PATCH] tests: pass overly long TXT resource records
5
6to make sure they don't crash avahi any more.
7It reproduces https://github.com/lathiat/avahi/issues/455
8
9Canonical notes:
10nickgalanis> removed first hunk since there is no .github dir in this release
11
12Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security
13Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237]
14CVE: CVE-2023-38469
15Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
16---
17 avahi-client/client-test.c | 14 ++++++++++++++
18 1 files changed, 14 insertions(+)
19
20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -22,6 +22,7 @@
25 #endif
26
27 #include <stdio.h>
28+#include <string.h>
29 #include <assert.h>
30
31 #include <avahi-client/client.h>
32@@ -33,6 +34,8 @@
33 #include <avahi-common/malloc.h>
34 #include <avahi-common/timeval.h>
35
36+#include <avahi-core/dns.h>
37+
38 static const AvahiPoll *poll_api = NULL;
39 static AvahiSimplePoll *simple_poll = NULL;
40
41@@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
42 uint32_t cookie;
43 struct timeval tv;
44 AvahiAddress a;
45+ uint8_t rdata[AVAHI_DNS_RDATA_MAX+1];
46+ AvahiStringList *txt = NULL;
47+ int r;
48
49 simple_poll = avahi_simple_poll_new();
50 poll_api = avahi_simple_poll_get(simple_poll);
51@@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
52 printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL)));
53 printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6));
54
55+ memset(rdata, 1, sizeof(rdata));
56+ r = avahi_string_list_parse(rdata, sizeof(rdata), &txt);
57+ assert(r >= 0);
58+ assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata));
59+ error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt);
60+ assert(error == AVAHI_ERR_INVALID_RECORD);
61+ avahi_string_list_free(txt);
62+
63 avahi_entry_group_commit (group);
64
65 domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
new file mode 100644
index 0000000000..91f9e677ac
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
@@ -0,0 +1,59 @@
1From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
3Date: Tue, 11 Apr 2023 15:29:59 +0200
4Subject: [PATCH] avahi: Ensure each label is at least one byte long
5
6The only allowed exception is single dot, where it should return empty
7string.
8
9Fixes #454.
10
11Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c]
12CVE: CVE-2023-38470
13
14Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
15---
16 avahi-common/domain-test.c | 14 ++++++++++++++
17 avahi-common/domain.c | 2 +-
18 2 files changed, 15 insertions(+), 1 deletion(-)
19
20diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
21index cf763ec..3acc1c1 100644
22--- a/avahi-common/domain-test.c
23+++ b/avahi-common/domain-test.c
24@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
25 printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo."));
26 avahi_free(s);
27
28+ printf("%s\n", s = avahi_normalize_name_strdup("."));
29+ avahi_free(s);
30+
31+ s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
32+ "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
33+ ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
34+ "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
35+ "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
36+ "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
37+ "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
38+ "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
39+ "}.?.?.?.}.=.?.?.}");
40+ assert(s == NULL);
41+
42 printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff"));
43 printf("%i\n", avahi_domain_equal("A", "a"));
44
45diff --git a/avahi-common/domain.c b/avahi-common/domain.c
46index 3b1ab68..e66d241 100644
47--- a/avahi-common/domain.c
48+++ b/avahi-common/domain.c
49@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) {
50 }
51
52 if (!empty) {
53- if (size < 1)
54+ if (size < 2)
55 return NULL;
56
57 *(r++) = '.';
58--
592.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
new file mode 100644
index 0000000000..e0736bf210
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
@@ -0,0 +1,52 @@
1From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Tue, 19 Sep 2023 03:21:25 +0000
4Subject: [PATCH] [common] bail out when escaped labels can't fit into ret
5
6Fixes:
7```
8==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8
9READ of size 1110 at 0x7f9e76f14c16 thread T0
10 #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba)
11 #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12
12 #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12
13```
14and
15```
16fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed.
17==101571== ERROR: libFuzzer: deadly signal
18 #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
19 #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
20 #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8)
21 #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
22 #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
23 #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
24 #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
25 #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
26 #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25)
27 #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9
28```
29
30It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c
31
32Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security
33CVE: CVE-2023-38470 #Follow-up patch
34Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
35---
36 avahi-common/domain.c | 3 ++-
37 1 file changed, 2 insertions(+), 1 deletion(-)
38
39Index: avahi-0.8/avahi-common/domain.c
40===================================================================
41--- avahi-0.8.orig/avahi-common/domain.c
42+++ avahi-0.8/avahi-common/domain.c
43@@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s
44 } else
45 empty = 0;
46
47- avahi_escape_label(label, strlen(label), &r, &size);
48+ if (!(avahi_escape_label(label, strlen(label), &r, &size)))
49+ return NULL;
50 }
51
52 return ret_s;
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
new file mode 100644
index 0000000000..b3f716495d
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
@@ -0,0 +1,73 @@
1From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Mon, 23 Oct 2023 13:38:35 +0200
4Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label()
5
6Previously we could create invalid escape sequence when we split the
7string on dot. For example, from valid host name "foo\\.bar" we have
8created invalid name "foo\\" and tried to set that as the host name
9which crashed the daemon.
10
11Fixes #453
12
13Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09]
14CVE: CVE-2023-38471
15
16Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
17---
18 avahi-core/server.c | 27 +++++++++++++++++++++------
19 1 file changed, 21 insertions(+), 6 deletions(-)
20
21diff --git a/avahi-core/server.c b/avahi-core/server.c
22index e507750..40f1d68 100644
23--- a/avahi-core/server.c
24+++ b/avahi-core/server.c
25@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) {
26 }
27
28 int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
29- char *hn = NULL;
30+ char label_escaped[AVAHI_LABEL_MAX*4+1];
31+ char label[AVAHI_LABEL_MAX];
32+ char *hn = NULL, *h;
33+ size_t len;
34+
35 assert(s);
36
37 AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME);
38@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
39 else
40 hn = avahi_normalize_name_strdup(host_name);
41
42- hn[strcspn(hn, ".")] = 0;
43+ h = hn;
44+ if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
45+ avahi_free(h);
46+ return AVAHI_ERR_INVALID_HOST_NAME;
47+ }
48+
49+ avahi_free(h);
50+
51+ h = label_escaped;
52+ len = sizeof(label_escaped);
53+ if (!avahi_escape_label(label, strlen(label), &h, &len))
54+ return AVAHI_ERR_INVALID_HOST_NAME;
55
56- if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) {
57- avahi_free(hn);
58+ if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
59 return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
60- }
61
62 withdraw_host_rrs(s);
63
64 avahi_free(s->host_name);
65- s->host_name = hn;
66+ s->host_name = avahi_strdup(label_escaped);
67+ if (!s->host_name)
68+ return AVAHI_ERR_NO_MEMORY;
69
70 update_fqdn(s);
71
72--
732.40.0
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
new file mode 100644
index 0000000000..44737bfc2e
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
@@ -0,0 +1,52 @@
1From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001
2From: Evgeny Vereshchagin <evvers@ya.ru>
3Date: Tue, 24 Oct 2023 22:04:51 +0000
4Subject: [PATCH] core: return errors from avahi_server_set_host_name properly
5
6It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09
7
8Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security
9Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460]
10CVE: CVE-2023-38471 #Follow-up Patch
11Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
12---
13 avahi-core/server.c | 9 ++++++---
14 1 file changed, 6 insertions(+), 3 deletions(-)
15
16Index: avahi-0.8/avahi-core/server.c
17===================================================================
18--- avahi-0.8.orig/avahi-core/server.c
19+++ avahi-0.8/avahi-core/server.c
20@@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ
21 else
22 hn = avahi_normalize_name_strdup(host_name);
23
24+ if (!hn)
25+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
26+
27 h = hn;
28 if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
29 avahi_free(h);
30- return AVAHI_ERR_INVALID_HOST_NAME;
31+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
32 }
33
34 avahi_free(h);
35@@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ
36 h = label_escaped;
37 len = sizeof(label_escaped);
38 if (!avahi_escape_label(label, strlen(label), &h, &len))
39- return AVAHI_ERR_INVALID_HOST_NAME;
40+ return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME);
41
42 if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION)
43 return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
44@@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ
45 avahi_free(s->host_name);
46 s->host_name = avahi_strdup(label_escaped);
47 if (!s->host_name)
48- return AVAHI_ERR_NO_MEMORY;
49+ return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY);
50
51 update_fqdn(s);
52
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
new file mode 100644
index 0000000000..85dbded73b
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
@@ -0,0 +1,46 @@
1From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Thu, 19 Oct 2023 17:36:44 +0200
4Subject: [PATCH] core: make sure there is rdata to process before parsing it
5
6Fixes #452
7
8CVE-2023-38472
9
10Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security
11Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
12CVE: CVE-2023-38472
13Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 avahi-client/client-test.c | 3 +++
17 avahi-daemon/dbus-entry-group.c | 2 +-
18 2 files changed, 4 insertions(+), 1 deletion(-)
19
20Index: avahi-0.8/avahi-client/client-test.c
21===================================================================
22--- avahi-0.8.orig/avahi-client/client-test.c
23+++ avahi-0.8/avahi-client/client-test.c
24@@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA
25 assert(error == AVAHI_ERR_INVALID_RECORD);
26 avahi_string_list_free(txt);
27
28+ error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
29+ assert(error != AVAHI_OK);
30+
31 avahi_entry_group_commit (group);
32
33 domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u");
34Index: avahi-0.8/avahi-daemon/dbus-entry-group.c
35===================================================================
36--- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c
37+++ avahi-0.8/avahi-daemon/dbus-entry-group.c
38@@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g
39 if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
40 return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
41
42- if (avahi_rdata_parse (r, rdata, size) < 0) {
43+ if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
44 avahi_record_unref (r);
45 return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL);
46 }
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
new file mode 100644
index 0000000000..707acb60fe
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
@@ -0,0 +1,110 @@
1From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001
2From: Michal Sekletar <msekleta@redhat.com>
3Date: Wed, 11 Oct 2023 17:45:44 +0200
4Subject: [PATCH] avahi: common: derive alternative host name from its
5 unescaped version
6
7Normalization of input makes sure we don't have to deal with special
8cases like unescaped dot at the end of label.
9
10Fixes #451 #487
11
12Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]
13CVE: CVE-2023-38473
14
15Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
16---
17 avahi-common/alternative-test.c | 3 +++
18 avahi-common/alternative.c | 27 +++++++++++++++++++--------
19 2 files changed, 22 insertions(+), 8 deletions(-)
20
21diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c
22index 9255435..681fc15 100644
23--- a/avahi-common/alternative-test.c
24+++ b/avahi-common/alternative-test.c
25@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) {
26 const char* const test_strings[] = {
27 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
28 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü",
29+ ").",
30+ "\\.",
31+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\",
32 "gurke",
33 "-",
34 " #",
35diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c
36index b3d39f0..a094e6d 100644
37--- a/avahi-common/alternative.c
38+++ b/avahi-common/alternative.c
39@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) {
40 }
41
42 char *avahi_alternative_host_name(const char *s) {
43+ char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
44+ char *alt, *r, *ret;
45 const char *e;
46- char *r;
47+ size_t len;
48
49 assert(s);
50
51 if (!avahi_is_valid_host_name(s))
52 return NULL;
53
54- if ((e = strrchr(s, '-'))) {
55+ if (!avahi_unescape_label(&s, label, sizeof(label)))
56+ return NULL;
57+
58+ if ((e = strrchr(label, '-'))) {
59 const char *p;
60
61 e++;
62@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) {
63
64 if (e) {
65 char *c, *m;
66- size_t l;
67 int n;
68
69 n = atoi(e)+1;
70 if (!(m = avahi_strdup_printf("%i", n)))
71 return NULL;
72
73- l = e-s-1;
74+ len = e-label-1;
75
76- if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
77- l = AVAHI_LABEL_MAX-1-strlen(m)-1;
78+ if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
79+ len = AVAHI_LABEL_MAX-1-strlen(m)-1;
80
81- if (!(c = avahi_strndup(s, l))) {
82+ if (!(c = avahi_strndup(label, len))) {
83 avahi_free(m);
84 return NULL;
85 }
86@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) {
87 } else {
88 char *c;
89
90- if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
91+ if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
92 return NULL;
93
94 drop_incomplete_utf8(c);
95@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) {
96 avahi_free(c);
97 }
98
99+ alt = alternative;
100+ len = sizeof(alternative);
101+ ret = avahi_escape_label(r, strlen(r), &alt, &len);
102+
103+ avahi_free(r);
104+ r = avahi_strdup(ret);
105+
106 assert(avahi_is_valid_host_name(r));
107
108 return r;
109--
1102.40.0
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch
new file mode 100644
index 0000000000..26632e5443
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch
@@ -0,0 +1,41 @@
1CVE: CVE-2021-3468
2Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330]
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
6From: Riccardo Schirone <sirmy15@gmail.com>
7Date: Fri, 26 Mar 2021 11:50:24 +0100
8Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
9 client_work
10
11If a client fills the input buffer, client_work() disables the
12AVAHI_WATCH_IN event, thus preventing the function from executing the
13`read` syscall the next times it is called. However, if the client then
14terminates the connection, the socket file descriptor receives a HUP
15event, which is not handled, thus the kernel keeps marking the HUP event
16as occurring. While iterating over the file descriptors that triggered
17an event, the client file descriptor will keep having the HUP event and
18the client_work() function is always called with AVAHI_WATCH_HUP but
19without nothing being done, thus entering an infinite loop.
20
21See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
22---
23 avahi-daemon/simple-protocol.c | 5 +++++
24 1 file changed, 5 insertions(+)
25
26diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
27index 3e0ebb11..6c0274d6 100644
28--- a/avahi-daemon/simple-protocol.c
29+++ b/avahi-daemon/simple-protocol.c
30@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
31 }
32 }
33
34+ if (events & AVAHI_WATCH_HUP) {
35+ client_free(c);
36+ return;
37+ }
38+
39 c->server->poll_api->watch_update(
40 watch,
41 (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch
new file mode 100644
index 0000000000..8f188aff2c
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/invalid-service.patch
@@ -0,0 +1,29 @@
1From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001
2From: Asger Hautop Drewsen <asger@princh.com>
3Date: Mon, 9 Aug 2021 14:25:08 +0200
4Subject: [PATCH] Fix avahi-browse: Invalid service type
5
6Invalid service types will stop the browse from completing, or
7in simple terms "my washing machine stops me from printing".
8
9Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472]
10Signed-off-by: Ross Burton <ross.burton@arm.com>
11---
12 avahi-core/browse-service.c | 4 +++-
13 1 file changed, 3 insertions(+), 1 deletion(-)
14
15diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
16index 63e0275a..ac3d2ecb 100644
17--- a/avahi-core/browse-service.c
18+++ b/avahi-core/browse-service.c
19@@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare(
20 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL);
21 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME);
22 AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS);
23- AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE);
24+
25+ if (!avahi_is_valid_service_type_generic(service_type))
26+ service_type = "_invalid._tcp";
27
28 if (!domain)
29 domain = server->domain_name;
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
new file mode 100644
index 0000000000..29c192d296
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -0,0 +1,153 @@
1CVE: CVE-2021-36217
2CVE: CVE-2021-3502
3Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@arm.com>
5
6From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
7From: Tommi Rantala <tommi.t.rantala@nokia.com>
8Date: Mon, 8 Feb 2021 11:04:43 +0200
9Subject: [PATCH] Fix NULL pointer crashes from #175
10
11avahi-daemon is crashing when running "ping .local".
12The crash is due to failing assertion from NULL pointer.
13Add missing NULL pointer checks to fix it.
14
15Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
16---
17 avahi-core/browse-dns-server.c | 5 ++++-
18 avahi-core/browse-domain.c | 5 ++++-
19 avahi-core/browse-service-type.c | 3 +++
20 avahi-core/browse-service.c | 3 +++
21 avahi-core/browse.c | 3 +++
22 avahi-core/resolve-address.c | 5 ++++-
23 avahi-core/resolve-host-name.c | 5 ++++-
24 avahi-core/resolve-service.c | 5 ++++-
25 8 files changed, 29 insertions(+), 5 deletions(-)
26
27diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
28index 049752e9..c2d914fa 100644
29--- a/avahi-core/browse-dns-server.c
30+++ b/avahi-core/browse-dns-server.c
31@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
32 AvahiSDNSServerBrowser* b;
33
34 b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
35+ if (!b)
36+ return NULL;
37+
38 avahi_s_dns_server_browser_start(b);
39
40 return b;
41-}
42\ No newline at end of file
43+}
44diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
45index f145d56a..06fa70c0 100644
46--- a/avahi-core/browse-domain.c
47+++ b/avahi-core/browse-domain.c
48@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
49 AvahiSDomainBrowser *b;
50
51 b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
52+ if (!b)
53+ return NULL;
54+
55 avahi_s_domain_browser_start(b);
56
57 return b;
58-}
59\ No newline at end of file
60+}
61diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
62index fdd22dcd..b1fc7af8 100644
63--- a/avahi-core/browse-service-type.c
64+++ b/avahi-core/browse-service-type.c
65@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
66 AvahiSServiceTypeBrowser *b;
67
68 b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
69+ if (!b)
70+ return NULL;
71+
72 avahi_s_service_type_browser_start(b);
73
74 return b;
75diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
76index 5531360c..63e0275a 100644
77--- a/avahi-core/browse-service.c
78+++ b/avahi-core/browse-service.c
79@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
80 AvahiSServiceBrowser *b;
81
82 b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
83+ if (!b)
84+ return NULL;
85+
86 avahi_s_service_browser_start(b);
87
88 return b;
89diff --git a/avahi-core/browse.c b/avahi-core/browse.c
90index 2941e579..e8a915e9 100644
91--- a/avahi-core/browse.c
92+++ b/avahi-core/browse.c
93@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
94 AvahiSRecordBrowser *b;
95
96 b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
97+ if (!b)
98+ return NULL;
99+
100 avahi_s_record_browser_start_query(b);
101
102 return b;
103diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
104index ac0b29b1..e61dd242 100644
105--- a/avahi-core/resolve-address.c
106+++ b/avahi-core/resolve-address.c
107@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
108 AvahiSAddressResolver *b;
109
110 b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
111+ if (!b)
112+ return NULL;
113+
114 avahi_s_address_resolver_start(b);
115
116 return b;
117-}
118\ No newline at end of file
119+}
120diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
121index 808b0e72..4e8e5973 100644
122--- a/avahi-core/resolve-host-name.c
123+++ b/avahi-core/resolve-host-name.c
124@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
125 AvahiSHostNameResolver *b;
126
127 b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
128+ if (!b)
129+ return NULL;
130+
131 avahi_s_host_name_resolver_start(b);
132
133 return b;
134-}
135\ No newline at end of file
136+}
137diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
138index 66bf3cae..43771763 100644
139--- a/avahi-core/resolve-service.c
140+++ b/avahi-core/resolve-service.c
141@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
142 AvahiSServiceResolver *b;
143
144 b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
145+ if (!b)
146+ return NULL;
147+
148 avahi_s_service_resolver_start(b);
149
150 return b;
151-}
152\ No newline at end of file
153+}
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
deleted file mode 100644
index 5bcc16c9b2..0000000000
--- a/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Mon, 27 Aug 2018 21:24:20 +0800
4Subject: [PATCH] `named/lwresd -V' and start log hide build options
5
6The build options expose build path directories, so hide them.
7[snip]
8$ named -V
9|built by make with *** (options are hidden)
10[snip]
11
12Upstream-Status: Inappropriate [oe-core specific]
13
14Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
15
16Refreshed for 9.16.0
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 bin/named/include/named/globals.h | 2 +-
21 1 file changed, 1 insertion(+), 1 deletion(-)
22
23Index: bind-9.16.0/bin/named/include/named/globals.h
24===================================================================
25--- bind-9.16.0.orig/bin/named/include/named/globals.h
26+++ bind-9.16.0/bin/named/include/named/globals.h
27@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I
28 EXTERN const char *named_g_product INIT(PRODUCT);
29 EXTERN const char *named_g_description INIT(DESCRIPTION);
30 EXTERN const char *named_g_srcid INIT(SRCID);
31-EXTERN const char *named_g_configargs INIT(CONFIGARGS);
32+EXTERN const char *named_g_configargs INIT("*** (options are hidden)");
33 EXTERN const char *named_g_builder INIT(BUILDER);
34 EXTERN in_port_t named_g_port INIT(0);
35 EXTERN isc_dscp_t named_g_dscp INIT(-1);
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
index 8db96ec049..ec1bc7b567 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch
+++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
@@ -17,7 +17,7 @@ index b2eec60..6e03936 100644
17@@ -57,6 +57,7 @@ case "$1" in 17@@ -57,6 +57,7 @@ case "$1" in
18 modprobe capability >/dev/null 2>&1 || true 18 modprobe capability >/dev/null 2>&1 || true
19 if [ ! -f /etc/bind/rndc.key ]; then 19 if [ ! -f /etc/bind/rndc.key ]; then
20 /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom 20 /usr/sbin/rndc-confgen -a -b 512
21+ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true 21+ chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
22 chmod 0640 /etc/bind/rndc.key 22 chmod 0640 /etc/bind/rndc.key
23 fi 23 fi
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 0000000000..4c10f33f04
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,35 @@
1From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Mon, 27 Aug 2018 21:24:20 +0800
4Subject: [PATCH] `named/lwresd -V' and start log hide build options
5
6The build options expose build path directories, so hide them.
7[snip]
8$ named -V
9|built by make with *** (options are hidden)
10[snip]
11
12Upstream-Status: Inappropriate [oe-core specific]
13
14Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
15
16Refreshed for 9.16.0
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 configure.ac | 2 +-
21 1 file changed, 1 insertion(+), 1 deletion(-)
22
23diff --git a/configure.ac b/configure.ac
24index bf20690..c5d330f 100644
25--- a/configure.ac
26+++ b/configure.ac
27@@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par
28 AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING])
29 AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git])
30
31-bind_CONFIGARGS="${ac_configure_args:-default}"
32+bind_CONFIGARGS="(removed for reproducibility)"
33 AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options])
34
35 AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio])
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index f9cdc7ca4d..38d07cae39 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
1From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001 1From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001
2From: Paul Gortmaker <paul.gortmaker@windriver.com> 2From: Paul Gortmaker <paul.gortmaker@windriver.com>
3Date: Tue, 9 Jun 2015 11:22:00 -0400 3Date: Tue, 9 Jun 2015 11:22:00 -0400
4Subject: [PATCH] bind: ensure searching for json headers searches sysroot 4Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -32,16 +32,16 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
32 configure.ac | 2 +- 32 configure.ac | 2 +-
33 1 file changed, 1 insertion(+), 1 deletion(-) 33 1 file changed, 1 insertion(+), 1 deletion(-)
34 34
35Index: bind-9.16.4/configure.ac 35diff --git a/configure.ac b/configure.ac
36=================================================================== 36index 2ab8ddd..92fe983 100644
37--- bind-9.16.4.orig/configure.ac 37--- a/configure.ac
38+++ bind-9.16.4/configure.ac 38+++ b/configure.ac
39@@ -1232,7 +1232,7 @@ case "$use_lmdb" in 39@@ -761,7 +761,7 @@ AS_CASE([$with_lmdb],
40 LMDB_LIBS="" 40 [no],[],
41 ;; 41 [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb],
42 auto|yes) 42 [ac_lib_lmdb_found=yes],
43- for d in /usr /usr/local /opt/local 43- [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do
44+ for d in "${STAGING_INCDIR}" 44+ [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do
45 do 45 AX_LIB_LMDB([$ac_lib_lmdb_path],
46 if test -f "${d}/include/lmdb.h" 46 [ac_lib_lmdb_found=yes
47 then 47 break])
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/bind9 b/meta/recipes-connectivity/bind/bind/bind9
index 968679ff7f..968679ff7f 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/bind9
+++ b/meta/recipes-connectivity/bind/bind/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch
index aad345f9fc..aa3642acec 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch
+++ b/meta/recipes-connectivity/bind/bind/conf.patch
@@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
276+ 276+
277+ modprobe capability >/dev/null 2>&1 || true 277+ modprobe capability >/dev/null 2>&1 || true
278+ if [ ! -f /etc/bind/rndc.key ]; then 278+ if [ ! -f /etc/bind/rndc.key ]; then
279+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom 279+ /usr/sbin/rndc-confgen -a -b 512
280+ chmod 0640 /etc/bind/rndc.key 280+ chmod 0640 /etc/bind/rndc.key
281+ fi 281+ fi
282+ if [ -f /var/run/named/named.pid ]; then 282+ if [ -f /var/run/named/named.pid ]; then
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
index 633e29c0e6..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
index 11db95ede1..11db95ede1 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch
+++ b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
index 146f3e35db..146f3e35db 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch
+++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/named.service b/meta/recipes-connectivity/bind/bind/named.service
index cda56ef015..cda56ef015 100644
--- a/meta/recipes-connectivity/bind/bind-9.16.7/named.service
+++ b/meta/recipes-connectivity/bind/bind/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.16.7.bb b/meta/recipes-connectivity/bind/bind_9.18.24.bb
index fbe3de63cb..2874990320 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.7.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb
@@ -1,9 +1,10 @@
1SUMMARY = "ISC Internet Domain Name Server" 1SUMMARY = "ISC Internet Domain Name Server"
2HOMEPAGE = "https://www.isc.org/bind/" 2HOMEPAGE = "https://www.isc.org/bind/"
3DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
3SECTION = "console/network" 4SECTION = "console/network"
4 5
5LICENSE = "MPL-2.0" 6LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=188b8d0644bd6835df43b84e3f180be1" 7LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43"
7 8
8DEPENDS = "openssl libcap zlib libuv" 9DEPENDS = "openssl libcap zlib libuv"
9 10
@@ -19,66 +20,60 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
19 file://0001-avoid-start-failure-with-bind-user.patch \ 20 file://0001-avoid-start-failure-with-bind-user.patch \
20 " 21 "
21 22
22SRC_URI[sha256sum] = "9f7d1812ebbd26a699f62b6fa8522d5dec57e4bf43af0042a0d60d39ed8314d1" 23SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
23 24
24UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" 25UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
25# stay at 9.16 follow the ESV versions divisible by 4 26# follow the ESV versions divisible by 2
26UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/" 27UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
28
29# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
30# so the issue doesn't affect us.
31CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore."
27 32
28inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives 33inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
29 34
30# PACKAGECONFIGs readline and libedit should NOT be set at same time 35# PACKAGECONFIGs readline and libedit should NOT be set at same time
31PACKAGECONFIG ?= "readline" 36PACKAGECONFIG ?= "readline"
32PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" 37PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
33PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" 38PACKAGECONFIG[readline] = "--with-readline=readline,,readline"
34PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" 39PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit"
35PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," 40PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2"
36 41
37EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \ 42EXTRA_OECONF = " --disable-auto-validation \
38 --with-gssapi=no --with-lmdb=no --with-zlib \ 43 --with-gssapi=no --with-lmdb=no --with-zlib \
39 --sysconfdir=${sysconfdir}/bind \ 44 --sysconfdir=${sysconfdir}/bind \
40 --with-openssl=${STAGING_DIR_HOST}${prefix} \ 45 --with-openssl=${STAGING_DIR_HOST}${prefix} \
41 " 46 "
42LDFLAGS_append = " -lz" 47LDFLAGS:append = " -lz"
43
44inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
45 48
46# dhcp needs .la so keep them 49# dhcp needs .la so keep them
47REMOVE_LIBTOOL_LA = "0" 50REMOVE_LIBTOOL_LA = "0"
48 51
49USERADD_PACKAGES = "${PN}" 52USERADD_PACKAGES = "${PN}"
50USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ 53USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
51 --user-group bind" 54 --user-group bind"
52 55
53INITSCRIPT_NAME = "bind" 56INITSCRIPT_NAME = "bind"
54INITSCRIPT_PARAMS = "defaults" 57INITSCRIPT_PARAMS = "defaults"
55 58
56SYSTEMD_SERVICE_${PN} = "named.service" 59SYSTEMD_SERVICE:${PN} = "named.service"
57 60
58do_install_append() { 61do_install:append() {
59 62
60 rmdir "${D}${localstatedir}/run"
61 rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
62 install -d -o bind "${D}${localstatedir}/cache/bind" 63 install -d -o bind "${D}${localstatedir}/cache/bind"
63 install -d "${D}${sysconfdir}/bind" 64 install -d "${D}${sysconfdir}/bind"
64 install -d "${D}${sysconfdir}/init.d" 65 install -d "${D}${sysconfdir}/init.d"
65 install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" 66 install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
66 install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" 67 install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
67 if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
68 sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \
69 ${D}${sbindir}/dnssec-coverage \
70 ${D}${sbindir}/dnssec-checkds \
71 ${D}${sbindir}/dnssec-keymgr
72 fi
73 68
74 # Install systemd related files 69 # Install systemd related files
75 install -d ${D}${sbindir} 70 install -d ${D}${sbindir}
76 install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} 71 install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
77 install -d ${D}${systemd_unitdir}/system 72 install -d ${D}${systemd_system_unitdir}
78 install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system 73 install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir}
79 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ 74 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
80 -e 's,@SBINDIR@,${sbindir},g' \ 75 -e 's,@SBINDIR@,${sbindir},g' \
81 ${D}${systemd_unitdir}/system/named.service 76 ${D}${systemd_system_unitdir}/named.service
82 77
83 install -d ${D}${sysconfdir}/default 78 install -d ${D}${sysconfdir}/default
84 install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default 79 install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
@@ -87,11 +82,9 @@ do_install_append() {
87 install -d ${D}${sysconfdir}/tmpfiles.d 82 install -d ${D}${sysconfdir}/tmpfiles.d
88 echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf 83 echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
89 fi 84 fi
90
91 oe_multilib_header isc/platform.h
92} 85}
93 86
94CONFFILES_${PN} = " \ 87CONFFILES:${PN} = " \
95 ${sysconfdir}/bind/named.conf \ 88 ${sysconfdir}/bind/named.conf \
96 ${sysconfdir}/bind/named.conf.local \ 89 ${sysconfdir}/bind/named.conf.local \
97 ${sysconfdir}/bind/named.conf.options \ 90 ${sysconfdir}/bind/named.conf.options \
@@ -102,22 +95,19 @@ CONFFILES_${PN} = " \
102 ${sysconfdir}/bind/db.root \ 95 ${sysconfdir}/bind/db.root \
103 " 96 "
104 97
105ALTERNATIVE_${PN}-utils = "nslookup" 98ALTERNATIVE:${PN}-utils = "nslookup"
106ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" 99ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
107ALTERNATIVE_PRIORITY = "100" 100ALTERNATIVE_PRIORITY = "100"
108 101
109PACKAGE_BEFORE_PN += "${PN}-utils" 102PACKAGE_BEFORE_PN += "${PN}-utils"
110FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" 103FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
111FILES_${PN}-dev += "${bindir}/isc-config.h" 104FILES:${PN}-dev += "${bindir}/isc-config.h"
112FILES_${PN} += "${sbindir}/generate-rndc-key.sh" 105FILES:${PN} += "${sbindir}/generate-rndc-key.sh"
113 106
114PACKAGE_BEFORE_PN += "${PN}-libs" 107PACKAGE_BEFORE_PN += "${PN}-libs"
115FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*" 108# special arrangement below due to
116FILES_${PN}-staticdev += "${libdir}/*.la" 109# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88
117 110FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
118PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" 111FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
119FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
120 ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
121 112
122RDEPENDS_${PN}-dev = "" 113DEV_PKG_DEPENDENCY = ""
123RDEPENDS_python3-bind = "python3-core python3-ply"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 4c1156c67c..a31d7076ba 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -2,15 +2,16 @@ SUMMARY = "Linux Bluetooth Stack Userland V5"
2DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." 2DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries."
3HOMEPAGE = "http://www.bluez.org" 3HOMEPAGE = "http://www.bluez.org"
4SECTION = "libs" 4SECTION = "libs"
5LICENSE = "GPLv2+ & LGPLv2.1+" 5LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
6LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ 6LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
7 file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ 7 file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
8 file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" 8 file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac"
9DEPENDS = "dbus glib-2.0" 9DEPENDS = "dbus glib-2.0"
10RDEPENDS:${PN} += "dbus"
10PROVIDES += "bluez-hcidump" 11PROVIDES += "bluez-hcidump"
11RPROVIDES_${PN} += "bluez-hcidump" 12RPROVIDES:${PN} += "bluez-hcidump"
12 13
13RCONFLICTS_${PN} = "bluez4" 14RCONFLICTS:${PN} = "bluez4"
14 15
15PACKAGECONFIG ??= "obex-profiles \ 16PACKAGECONFIG ??= "obex-profiles \
16 readline \ 17 readline \
@@ -45,6 +46,7 @@ PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
45PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" 46PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
46PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" 47PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
47PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" 48PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
49PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native"
48 50
49SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ 51SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
50 file://init \ 52 file://init \
@@ -52,6 +54,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
52 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ 54 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
53 file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ 55 file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
54 file://0001-test-gatt-Fix-hung-issue.patch \ 56 file://0001-test-gatt-Fix-hung-issue.patch \
57 file://0004-src-shared-util.c-include-linux-limits.h.patch \
55 " 58 "
56S = "${WORKDIR}/bluez-${PV}" 59S = "${WORKDIR}/bluez-${PV}"
57 60
@@ -63,9 +66,12 @@ EXTRA_OECONF = "\
63 --enable-test \ 66 --enable-test \
64 --enable-datafiles \ 67 --enable-datafiles \
65 --enable-library \ 68 --enable-library \
69 --enable-pie \
66 --without-zsh-completion-dir \ 70 --without-zsh-completion-dir \
67" 71"
68 72
73CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\""
74
69# bluez5 builds a large number of useful utilities but does not 75# bluez5 builds a large number of useful utilities but does not
70# install them. Specify which ones we want put into ${PN}-noinst-tools. 76# install them. Specify which ones we want put into ${PN}-noinst-tools.
71NOINST_TOOLS_READLINE ??= "" 77NOINST_TOOLS_READLINE ??= ""
@@ -77,18 +83,10 @@ NOINST_TOOLS = " \
77 ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ 83 ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
78" 84"
79 85
80do_install_append() { 86do_install:append() {
81 install -d ${D}${INIT_D_DIR} 87 install -d ${D}${INIT_D_DIR}
82 install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth 88 install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
83 89
84 install -d ${D}${sysconfdir}/bluetooth/
85 if [ -f ${S}/profiles/network/network.conf ]; then
86 install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
87 fi
88 if [ -f ${S}/profiles/input/input.conf ]; then
89 install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
90 fi
91
92 if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then 90 if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
93 sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth 91 sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
94 fi 92 fi
@@ -105,25 +103,25 @@ do_install_append() {
105 103
106PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" 104PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
107 105
108FILES_${PN} += " \ 106FILES:${PN} += " \
109 ${libdir}/bluetooth/plugins/*.so \ 107 ${libdir}/bluetooth/plugins/*.so \
110 ${systemd_unitdir}/ ${datadir}/dbus-1 \ 108 ${systemd_unitdir}/ ${datadir}/dbus-1 \
111 ${libdir}/cups \ 109 ${libdir}/cups \
112" 110"
113FILES_${PN}-dev += " \ 111FILES:${PN}-dev += " \
114 ${libdir}/bluetooth/plugins/*.la \ 112 ${libdir}/bluetooth/plugins/*.la \
115" 113"
116 114
117FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ 115FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \
118 ${exec_prefix}/lib/systemd/user/obex.service \ 116 ${exec_prefix}/lib/systemd/user/obex.service \
119 ${systemd_system_unitdir}/obex.service \ 117 ${systemd_system_unitdir}/obex.service \
120 ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ 118 ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
121 ${datadir}/dbus-1/services/org.bluez.obex.service \ 119 ${datadir}/dbus-1/services/org.bluez.obex.service \
122 ${sysconfdir}/dbus-1/system.d/obexd.conf \ 120 ${sysconfdir}/dbus-1/system.d/obexd.conf \
123 " 121 "
124SYSTEMD_SERVICE_${PN}-obex = "obex.service" 122SYSTEMD_SERVICE:${PN}-obex = "obex.service"
125 123
126FILES_${PN}-testtools = "${libdir}/bluez/test/*" 124FILES:${PN}-testtools = "${libdir}/bluez/test/*"
127 125
128def get_noinst_tools_paths (d, bb, tools): 126def get_noinst_tools_paths (d, bb, tools):
129 s = list() 127 s = list()
@@ -133,14 +131,14 @@ def get_noinst_tools_paths (d, bb, tools):
133 s.append("%s/%s" % (bindir, f)) 131 s.append("%s/%s" % (bindir, f))
134 return "\n".join(s) 132 return "\n".join(s)
135 133
136FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" 134FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
137 135
138RDEPENDS_${PN}-testtools += "python3-core python3-dbus" 136RDEPENDS:${PN}-testtools += "python3-core python3-dbus"
139RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" 137RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
140 138
141SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" 139SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
142INITSCRIPT_PACKAGES = "${PN}" 140INITSCRIPT_PACKAGES = "${PN}"
143INITSCRIPT_NAME_${PN} = "bluetooth" 141INITSCRIPT_NAME:${PN} = "bluetooth"
144 142
145do_compile_ptest() { 143do_compile_ptest() {
146 oe_runmake buildtests 144 oe_runmake buildtests
@@ -151,4 +149,4 @@ do_install_ptest() {
151 rm -f ${D}${PTEST_PATH}/unit/*.o 149 rm -f ${D}${PTEST_PATH}/unit/*.o
152} 150}
153 151
154RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16" 152RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
index e90b6a546f..b1e93dbe19 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
@@ -1,4 +1,4 @@
1From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001 1From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001
2From: Mingli Yu <Mingli.Yu@windriver.com> 2From: Mingli Yu <Mingli.Yu@windriver.com>
3Date: Fri, 24 Aug 2018 12:04:03 +0800 3Date: Fri, 24 Aug 2018 12:04:03 +0800
4Subject: [PATCH] test-gatt: Fix hung issue 4Subject: [PATCH] test-gatt: Fix hung issue
@@ -21,15 +21,16 @@ no action.
21Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] 21Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2]
22 22
23Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> 23Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
24
24--- 25---
25 unit/test-gatt.c | 2 +- 26 unit/test-gatt.c | 2 +-
26 1 file changed, 1 insertion(+), 1 deletion(-) 27 1 file changed, 1 insertion(+), 1 deletion(-)
27 28
28diff --git a/unit/test-gatt.c b/unit/test-gatt.c 29diff --git a/unit/test-gatt.c b/unit/test-gatt.c
29index c7e28f8..b57373b 100644 30index 5e06d4e..4864d36 100644
30--- a/unit/test-gatt.c 31--- a/unit/test-gatt.c
31+++ b/unit/test-gatt.c 32+++ b/unit/test-gatt.c
32@@ -4463,7 +4463,7 @@ int main(int argc, char *argv[]) 33@@ -4546,7 +4546,7 @@ int main(int argc, char *argv[])
33 test_server, service_db_1, NULL, 34 test_server, service_db_1, NULL,
34 raw_pdu(0x03, 0x00, 0x02), 35 raw_pdu(0x03, 0x00, 0x02),
35 raw_pdu(0xbf, 0x00), 36 raw_pdu(0xbf, 0x00),
@@ -38,6 +39,3 @@ index c7e28f8..b57373b 100644
38 39
39 define_test_server("/robustness/unkown-command", 40 define_test_server("/robustness/unkown-command",
40 test_server, service_db_1, NULL, 41 test_server, service_db_1, NULL,
41--
422.7.4
43
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
index 24ddae6b63..881494a354 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
@@ -1,19 +1,20 @@
1From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 1From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com> 2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Fri, 1 Apr 2016 17:07:34 +0300 3Date: Fri, 1 Apr 2016 17:07:34 +0300
4Subject: [PATCH] tests: add a target for building tests without running them 4Subject: [PATCH] tests: add a target for building tests without running them
5 5
6Upstream-Status: Inappropriate [oe specific] 6Upstream-Status: Inappropriate [oe specific]
7Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 7Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
8
8--- 9---
9 Makefile.am | 3 +++ 10 Makefile.am | 3 +++
10 1 file changed, 3 insertions(+) 11 1 file changed, 3 insertions(+)
11 12
12diff --git a/Makefile.am b/Makefile.am 13diff --git a/Makefile.am b/Makefile.am
13index 1a48a71..ba3b92f 100644 14index e738eb3..dab17dd 100644
14--- a/Makefile.am 15--- a/Makefile.am
15+++ b/Makefile.am 16+++ b/Makefile.am
16@@ -425,6 +425,9 @@ endif 17@@ -710,6 +710,9 @@ endif
17 TESTS = $(unit_tests) 18 TESTS = $(unit_tests)
18 AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 19 AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69
19 20
@@ -23,6 +24,3 @@ index 1a48a71..ba3b92f 100644
23 if DBUS_RUN_SESSION 24 if DBUS_RUN_SESSION
24 AM_TESTS_ENVIRONMENT += dbus-run-session -- 25 AM_TESTS_ENVIRONMENT += dbus-run-session --
25 endif 26 endif
26--
272.8.0.rc3
28
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
new file mode 100644
index 0000000000..516d859069
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch
@@ -0,0 +1,27 @@
1From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Mon, 12 Dec 2022 13:10:19 +0100
4Subject: [PATCH] src/shared/util.c: include linux/limits.h
5
6MAX_INPUT is defined in that file. This matters on non-glibc
7systems such as those using musl.
8
9Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com]
10Signed-off-by: Alexander Kanavin <alex@linutronix.de>
11
12---
13 src/shared/util.c | 1 +
14 1 file changed, 1 insertion(+)
15
16diff --git a/src/shared/util.c b/src/shared/util.c
17index c0c2c4a..036dc0d 100644
18--- a/src/shared/util.c
19+++ b/src/shared/util.c
20@@ -23,6 +23,7 @@
21 #include <unistd.h>
22 #include <dirent.h>
23 #include <limits.h>
24+#include <linux/limits.h>
25 #include <string.h>
26
27 #ifdef HAVE_SYS_RANDOM_H
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
index 8190924562..9fda960ea7 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb
@@ -1,7 +1,8 @@
1require bluez5.inc 1require bluez5.inc
2 2
3SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a" 3SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e"
4SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88" 4
5CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes"
5 6
6# noinst programs in Makefile.tools that are conditional on READLINE 7# noinst programs in Makefile.tools that are conditional on READLINE
7# support 8# support
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
index 9a519ec866..a1a0e08faa 100644
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -1,36 +1,21 @@
1SUMMARY = "Connman config to setup wired interface on qemu machines" 1SUMMARY = "Connman config to ignore wired interface on qemu machines"
2DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ 2DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \
3network interface for a qemu machine." 3network interface inside qemu machines."
4LICENSE = "GPLv2" 4LICENSE = "GPL-2.0-only"
5LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" 5LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
6 6
7inherit systemd
8 7
9SRC_URI_append_qemuall = " file://wired.config \ 8SRC_URI = "file://main.conf \
10 file://wired-setup \ 9 "
11 file://wired-connection.service \
12"
13PR = "r2"
14 10
15S = "${WORKDIR}" 11S = "${WORKDIR}"
16 12
17PACKAGE_ARCH = "${MACHINE_ARCH}" 13PACKAGE_ARCH = "${MACHINE_ARCH}"
18 14
19FILES_${PN} = "${localstatedir}/* ${datadir}/*" 15FILES:${PN} = "${sysconfdir}/*"
20 16
21do_install() { 17# Kernel IP-Config is perfectly capable of setting up networking passed in via ip=
22 #Configure Wired network interface in case of qemu* machines 18do_install:append:qemuall() {
23 if test -e ${WORKDIR}/wired.config && 19 mkdir -p ${D}${sysconfdir}/connman
24 test -e ${WORKDIR}/wired-setup && 20 cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf
25 test -e ${WORKDIR}/wired-connection.service; then
26 install -d ${D}${localstatedir}/lib/connman
27 install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman
28 install -d ${D}${datadir}/connman
29 install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman
30 install -d ${D}${systemd_system_unitdir}
31 install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir}
32 sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service
33 fi
34} 21}
35
36SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service"
diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf
new file mode 100644
index 0000000000..3c9dd396f6
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-conf/main.conf
@@ -0,0 +1,2 @@
1[General]
2NetworkInterfaceBlacklist = eth,en
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
deleted file mode 100644
index 48adfc08ac..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
+++ /dev/null
@@ -1,10 +0,0 @@
1[Unit]
2Description=Setup a wired interface
3Before=connman.service
4
5[Service]
6Type=oneshot
7ExecStart=@SCRIPTDIR@/wired-setup
8
9[Install]
10WantedBy=network.target
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
deleted file mode 100644
index c46899ef32..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
+++ /dev/null
@@ -1,16 +0,0 @@
1#!/bin/sh
2
3CONFIGF=/var/lib/connman/wired.config
4
5# Extract wired network config from /proc/cmdline
6NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'`
7
8# Check if eth0 is already set via kernel cmdline
9if [ "x$NET_CONF" = "x" ]; then
10 # Wired interface is not configured via kernel cmdline
11 # Remove connman config file template
12 rm -f ${CONFIGF}
13else
14 # Setup a connman config accordingly
15 sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF}
16fi
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
deleted file mode 100644
index 42998ce897..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
+++ /dev/null
@@ -1,9 +0,0 @@
1[global]
2Name = Wired
3Description = Wired network configuration
4
5[service_ethernet]
6Type = ethernet
7IPv4 =
8MAC = 52:54:00:12:34:56
9Nameservers = 8.8.8.8
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index af986c4eab..fcd154b4b0 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -1,7 +1,7 @@
1SUMMARY = "GTK+ frontend for the ConnMan network connection manager" 1SUMMARY = "GTK+ frontend for the ConnMan network connection manager"
2HOMEPAGE = "http://connman.net/" 2HOMEPAGE = "http://connman.net/"
3SECTION = "libs/network" 3SECTION = "libs/network"
4LICENSE = "GPLv2 & LGPLv2.1" 4LICENSE = "GPL-2.0-only & LGPL-2.1-only"
5LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ 5LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
6 file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ 6 file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
7 file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" 7 file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
@@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
10 10
11# 0.7 tag 11# 0.7 tag
12SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" 12SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
13SRC_URI = "git://github.com/connectivity/connman-gnome.git \ 13SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \
14 file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ 14 file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
15 file://null_check_for_ipv4_config.patch \ 15 file://null_check_for_ipv4_config.patch \
16 file://images/ \ 16 file://images/ \
@@ -23,8 +23,8 @@ S = "${WORKDIR}/git"
23inherit autotools-brokensep gtk-icon-cache pkgconfig features_check 23inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
24ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" 24ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
25 25
26RDEPENDS_${PN} = "connman" 26RDEPENDS:${PN} = "connman"
27 27
28do_install_append() { 28do_install:append() {
29 install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ 29 install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
30} 30}
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 776bbfbff2..7487ca0d0c 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -9,12 +9,14 @@ configuration methods, like DHCP and domain name resolving, are \
9implemented using plug-ins." 9implemented using plug-ins."
10HOMEPAGE = "http://connman.net/" 10HOMEPAGE = "http://connman.net/"
11BUGTRACKER = "https://01.org/jira/browse/CM" 11BUGTRACKER = "https://01.org/jira/browse/CM"
12LICENSE = "GPLv2" 12LICENSE = "GPL-2.0-only"
13LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ 13LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
14 file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" 14 file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
15 15
16inherit autotools pkgconfig systemd update-rc.d update-alternatives 16inherit autotools pkgconfig systemd update-rc.d update-alternatives
17 17
18CVE_PRODUCT = "connman connection_manager"
19
18DEPENDS = "dbus glib-2.0 ppp" 20DEPENDS = "dbus glib-2.0 ppp"
19 21
20EXTRA_OECONF += "\ 22EXTRA_OECONF += "\
@@ -25,21 +27,29 @@ EXTRA_OECONF += "\
25 --enable-ethernet \ 27 --enable-ethernet \
26 --enable-tools \ 28 --enable-tools \
27 --disable-polkit \ 29 --disable-polkit \
30 --runstatedir=/run \
28" 31"
32# For smooth operation it would be best to start only one wireless daemon at a time.
33# If wpa-supplicant is running, connman will use it preferentially.
34# Select either wpa-supplicant or iwd
35WIRELESS_DAEMON ??= "wpa-supplicant"
29 36
30PACKAGECONFIG ??= "wispr iptables client\ 37PACKAGECONFIG ??= "wispr iptables client\
31 ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ 38 ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \
32 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ 39 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
40 ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \
33" 41"
34 42
35# If you want ConnMan to support VPN, add following statement into 43# If you want ConnMan to support VPN, add following statement into
36# local.conf or distro config 44# local.conf or distro config
37# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" 45# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp"
38 46
39PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" 47PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
40PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" 48PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi"
41PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" 49PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
42PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" 50PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
51PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant"
52PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd"
43PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," 53PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
44PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" 54PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
45PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" 55PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc"
@@ -64,16 +74,16 @@ python __anonymous () {
64 d.setVar('SYSTEMD_PACKAGES', systemd_packages) 74 d.setVar('SYSTEMD_PACKAGES', systemd_packages)
65} 75}
66 76
67SYSTEMD_SERVICE_${PN} = "connman.service" 77SYSTEMD_SERVICE:${PN} = "connman.service"
68SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" 78SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service"
69SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" 79SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service"
70 80
71ALTERNATIVE_PRIORITY = "100" 81ALTERNATIVE_PRIORITY = "100"
72ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" 82ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
73ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" 83ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
74ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" 84ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
75 85
76do_install_append() { 86do_install:append() {
77 if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then 87 if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
78 install -d ${D}${sysconfdir}/init.d 88 install -d ${D}${sysconfdir}/init.d
79 install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman 89 install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman
@@ -100,7 +110,7 @@ do_install_append() {
100} 110}
101 111
102# These used to be plugins, but now they are core 112# These used to be plugins, but now they are core
103RPROVIDES_${PN} = "\ 113RPROVIDES:${PN} = "\
104 connman-plugin-loopback \ 114 connman-plugin-loopback \
105 connman-plugin-ethernet \ 115 connman-plugin-ethernet \
106 ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ 116 ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \
@@ -108,7 +118,7 @@ RPROVIDES_${PN} = "\
108 ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ 118 ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \
109 " 119 "
110 120
111RDEPENDS_${PN} = "\ 121RDEPENDS:${PN} = "\
112 dbus \ 122 dbus \
113 " 123 "
114 124
@@ -119,11 +129,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
119 if plugintype in depmap: 129 if plugintype in depmap:
120 rdepends = map(lambda x: multilib_prefix + x, \ 130 rdepends = map(lambda x: multilib_prefix + x, \
121 depmap[plugintype].split()) 131 depmap[plugintype].split())
122 d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) 132 d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends))
123 if add_insane_skip: 133 if add_insane_skip:
124 d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") 134 d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so")
125 135
126python populate_packages_prepend() { 136python populate_packages:prepend() {
127 depmap = dict(pppd="ppp") 137 depmap = dict(pppd="ppp")
128 multilib_prefix = (d.getVar("MLPREFIX") or "") 138 multilib_prefix = (d.getVar("MLPREFIX") or "")
129 139
@@ -144,72 +154,72 @@ python populate_packages_prepend() {
144 154
145PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" 155PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
146 156
147FILES_${PN}-tools = "${bindir}/wispr" 157FILES:${PN}-tools = "${bindir}/wispr"
148RDEPENDS_${PN}-tools ="${PN}" 158RDEPENDS:${PN}-tools ="${PN}"
149 159
150FILES_${PN}-tests = "${bindir}/*-test" 160FILES:${PN}-tests = "${bindir}/*-test"
151 161
152FILES_${PN}-client = "${bindir}/connmanctl" 162FILES:${PN}-client = "${bindir}/connmanctl"
153RDEPENDS_${PN}-client ="${PN}" 163RDEPENDS:${PN}-client ="${PN}"
154 164
155FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ 165FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
156 ${libdir}/connman/plugins \ 166 ${libdir}/connman/plugins \
157 ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ 167 ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
158 ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ 168 ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
159 ${datadir}/dbus-1/system-services/* \ 169 ${datadir}/dbus-1/system-services/* \
160 ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" 170 ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
161 171
162FILES_${PN}-dev += "${libdir}/connman/*/*.la" 172FILES:${PN}-dev += "${libdir}/connman/*/*.la"
163 173
164PACKAGES =+ "${PN}-vpn ${PN}-wait-online" 174PACKAGES =+ "${PN}-vpn ${PN}-wait-online"
165 175
166SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" 176SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
167DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ 177DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \
168managing VPN connections within embedded devices running the Linux \ 178managing VPN connections within embedded devices running the Linux \
169operating system. The connman-vpnd handles all the VPN connections \ 179operating system. The connman-vpnd handles all the VPN connections \
170and starts/stops VPN client processes when necessary. The connman-vpnd \ 180and starts/stops VPN client processes when necessary. The connman-vpnd \
171provides a DBus API for managing VPN connections. All the different \ 181provides a DBus API for managing VPN connections. All the different \
172VPN technogies are implemented using plug-ins." 182VPN technogies are implemented using plug-ins."
173FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ 183FILES:${PN}-vpn += "${sbindir}/connman-vpnd \
174 ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ 184 ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \
175 ${datadir}/dbus-1/system-services/net.connman.vpn.service \ 185 ${datadir}/dbus-1/system-services/net.connman.vpn.service \
176 ${systemd_unitdir}/system/connman-vpn.service" 186 ${systemd_system_unitdir}/connman-vpn.service"
177 187
178SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" 188SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
179DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ 189DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \
180the system waits until a network connection is established." 190the system waits until a network connection is established."
181FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ 191FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \
182 ${systemd_unitdir}/system/connman-wait-online.service" 192 ${systemd_system_unitdir}/connman-wait-online.service"
183 193
184SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" 194SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
185DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ 195DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
186to create a VPN connection to OpenVPN server." 196to create a VPN connection to OpenVPN server."
187FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ 197FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
188 ${libdir}/connman/plugins-vpn/openvpn.so" 198 ${libdir}/connman/plugins-vpn/openvpn.so"
189RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" 199RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn"
190RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" 200RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
191 201
192SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" 202SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
193DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ 203DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
194to create a VPN connection to Cisco3000 VPN Concentrator." 204to create a VPN connection to Cisco3000 VPN Concentrator."
195FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ 205FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
196 ${libdir}/connman/plugins-vpn/vpnc.so \ 206 ${libdir}/connman/plugins-vpn/vpnc.so \
197 ${libdir}/connman/scripts/vpn-script" 207 ${libdir}/connman/scripts/vpn-script"
198RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" 208RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn"
199RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" 209RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
200 210
201SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" 211SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
202DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ 212DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
203to create a VPN connection to L2TP server." 213to create a VPN connection to L2TP server."
204FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ 214FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
205 ${libdir}/connman/plugins-vpn/l2tp.so" 215 ${libdir}/connman/plugins-vpn/l2tp.so"
206RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" 216RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn"
207RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" 217RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
208 218
209SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" 219SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
210DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ 220DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
211to create a VPN connection to PPTP server." 221to create a VPN connection to PPTP server."
212FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ 222FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
213 ${libdir}/connman/plugins-vpn/pptp.so" 223 ${libdir}/connman/plugins-vpn/pptp.so"
214RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" 224RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn"
215RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" 225RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
diff --git a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch
deleted file mode 100644
index dd012750a4..0000000000
--- a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-networkd-when-using-con.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 9fea099d0a3ece37d80ad70d32ebb8a93f8f3280 Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Fri, 30 Oct 2020 13:48:45 +0800
4Subject: [PATCH] connman.service: stop systemd-networkd when using connman
5
6Stop systemd-networkd service when we use connman as network manager.
7
8Upstream-Status: Inappropriate [configuration]
9
10Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
11---
12 src/connman.service.in | 1 +
13 1 file changed, 1 insertion(+)
14
15diff --git a/src/connman.service.in b/src/connman.service.in
16index 79e75d6..014eafe 100644
17--- a/src/connman.service.in
18+++ b/src/connman.service.in
19@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman
20 After=dbus.service network-pre.target systemd-sysusers.service
21 Before=network.target multi-user.target shutdown.target
22 Wants=network.target
23+Conflicts=systemd-networkd.service systemd-networkd.socket
24 Conflicts=systemd-resolved.service
25
26 [Service]
27--
282.17.1
29
diff --git a/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch
new file mode 100644
index 0000000000..8012606db7
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch
@@ -0,0 +1,55 @@
1From cbba6638986c2de763981bf6fc59df6a86fed44f Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 1 Jan 2024 17:42:21 -0800
4Subject: [PATCH v2] src/log.c: Include libgen.h for basename API
5
6Use POSIX version of basename. This comes to front with latest musl
7which dropped the declaration from string.h [1] it fails to build with
8clang-17+ because it treats implicit function declaration as error.
9
10Fix it by applying the basename on a copy of string since posix version
11may modify the input string.
12
13[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7
14
15Upstream-Status: Submitted [https://lore.kernel.org/connman/20240102015917.3732089-1-raj.khem@gmail.com/T/#u]
16Signed-off-by: Khem Raj <raj.khem@gmail.com>
17---
18
19 src/log.c | 6 ++++--
20 1 file changed, 4 insertions(+), 2 deletions(-)
21
22diff --git a/src/log.c b/src/log.c
23index 554b046..2df3af7 100644
24--- a/src/log.c
25+++ b/src/log.c
26@@ -24,6 +24,7 @@
27 #endif
28
29 #include <stdio.h>
30+#include <libgen.h>
31 #include <unistd.h>
32 #include <stdarg.h>
33 #include <stdlib.h>
34@@ -196,6 +197,7 @@ int __connman_log_init(const char *program, const char *debug,
35 const char *program_name, const char *program_version)
36 {
37 static char path[PATH_MAX];
38+ char* tmp = strdup(program);
39 int option = LOG_NDELAY | LOG_PID;
40
41 program_exec = program;
42@@ -212,8 +214,8 @@ int __connman_log_init(const char *program, const char *debug,
43 if (backtrace)
44 signal_setup(signal_handler);
45
46- openlog(basename(program), option, LOG_DAEMON);
47-
48+ openlog(basename(tmp), option, LOG_DAEMON);
49+ free(tmp);
50 syslog(LOG_INFO, "%s version %s", program_name, program_version);
51
52 return 0;
53--
542.43.0
55
diff --git a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
new file mode 100644
index 0000000000..9e5ac8da15
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
@@ -0,0 +1,152 @@
1From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
3Date: Sat, 25 Mar 2023 20:51:52 +0000
4Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release
5
6The API has gone through a significant overhaul, and this change fixes any compile issues.
71) Fixes to configure.ac itself
82) Cleanup in pppd plugin itself
9
10Adding a libppp-compat.h file to mask for any differences in the version.
11
12Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f]
13Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
14
15---
16 scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++
17 1 file changed, 127 insertions(+)
18 create mode 100644 scripts/libppp-compat.h
19
20diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h
21new file mode 100644
22index 0000000..eee1d09
23--- /dev/null
24+++ b/scripts/libppp-compat.h
25@@ -0,0 +1,127 @@
26+/* Copyright (C) Eivind Naess, eivnaes@yahoo.com */
27+/* SPDX-License-Identifier: GPL-2.0-or-later */
28+
29+#ifndef __LIBPPP_COMPAT_H__
30+#define __LIBPPP_COMPAT_H__
31+
32+/* Define USE_EAPTLS compile with EAP TLS support against older pppd headers,
33+ * pppd >= 2.5.0 use PPP_WITH_EAPTLS and is defined in pppdconf.h */
34+#define USE_EAPTLS 1
35+
36+/* Define INET6 to compile with IPv6 support against older pppd headers,
37+ * pppd >= 2.5.0 use PPP_WITH_IPV6CP and is defined in pppdconf.h */
38+#define INET6 1
39+
40+/* PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define.
41+ * this silly macro magic is to work around that. */
42+#undef VERSION
43+#include <pppd/pppd.h>
44+
45+#ifndef PPPD_VERSION
46+#define PPPD_VERSION VERSION
47+#endif
48+
49+#include <pppd/fsm.h>
50+#include <pppd/ccp.h>
51+#include <pppd/eui64.h>
52+#include <pppd/ipcp.h>
53+#include <pppd/ipv6cp.h>
54+#include <pppd/eap.h>
55+#include <pppd/upap.h>
56+
57+#ifdef HAVE_PPPD_CHAP_H
58+#include <pppd/chap.h>
59+#endif
60+
61+#ifdef HAVE_PPPD_CHAP_NEW_H
62+#include <pppd/chap-new.h>
63+#endif
64+
65+#ifdef HAVE_PPPD_CHAP_MS_H
66+#include <pppd/chap_ms.h>
67+#endif
68+
69+#ifndef PPP_PROTO_CHAP
70+#define PPP_PROTO_CHAP 0xc223
71+#endif
72+
73+#ifndef PPP_PROTO_EAP
74+#define PPP_PROTO_EAP 0xc227
75+#endif
76+
77+
78+#if WITH_PPP_VERSION < PPP_VERSION(2,5,0)
79+
80+static inline bool
81+debug_on (void)
82+{
83+ return debug;
84+}
85+
86+static inline const char
87+*ppp_ipparam (void)
88+{
89+ return ipparam;
90+}
91+
92+static inline int
93+ppp_ifunit (void)
94+{
95+ return ifunit;
96+}
97+
98+static inline const char *
99+ppp_ifname (void)
100+{
101+ return ifname;
102+}
103+
104+static inline int
105+ppp_get_mtu (int idx)
106+{
107+ return netif_get_mtu(idx);
108+}
109+
110+typedef enum ppp_notify
111+{
112+ NF_PID_CHANGE,
113+ NF_PHASE_CHANGE,
114+ NF_EXIT,
115+ NF_SIGNALED,
116+ NF_IP_UP,
117+ NF_IP_DOWN,
118+ NF_IPV6_UP,
119+ NF_IPV6_DOWN,
120+ NF_AUTH_UP,
121+ NF_LINK_DOWN,
122+ NF_FORK,
123+ NF_MAX_NOTIFY
124+} ppp_notify_t;
125+
126+typedef void (ppp_notify_fn) (void *ctx, int arg);
127+
128+static inline void
129+ppp_add_notify (ppp_notify_t type, ppp_notify_fn *func, void *ctx)
130+{
131+ struct notifier **list[NF_MAX_NOTIFY] = {
132+ [NF_PID_CHANGE ] = &pidchange,
133+ [NF_PHASE_CHANGE] = &phasechange,
134+ [NF_EXIT ] = &exitnotify,
135+ [NF_SIGNALED ] = &sigreceived,
136+ [NF_IP_UP ] = &ip_up_notifier,
137+ [NF_IP_DOWN ] = &ip_down_notifier,
138+ [NF_IPV6_UP ] = &ipv6_up_notifier,
139+ [NF_IPV6_DOWN ] = &ipv6_down_notifier,
140+ [NF_AUTH_UP ] = &auth_up_notifier,
141+ [NF_LINK_DOWN ] = &link_down_notifier,
142+ [NF_FORK ] = &fork_notifier,
143+ };
144+
145+ struct notifier **notify = list[type];
146+ if (notify) {
147+ add_notifier(notify, func, ctx);
148+ }
149+}
150+
151+#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */
152+#endif /* #if__LIBPPP_COMPAT_H__ */
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 942b9c97b6..aefdd3aa06 100644
--- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -1,4 +1,4 @@
1From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 1From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com> 2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 6 Apr 2015 23:02:21 -0700 3Date: Mon, 6 Apr 2015 23:02:21 -0700
4Subject: [PATCH] resolve: musl does not implement res_ninit 4Subject: [PATCH] resolve: musl does not implement res_ninit
@@ -15,18 +15,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
15 1 file changed, 13 insertions(+), 21 deletions(-) 15 1 file changed, 13 insertions(+), 21 deletions(-)
16 16
17diff --git a/gweb/gresolv.c b/gweb/gresolv.c 17diff --git a/gweb/gresolv.c b/gweb/gresolv.c
18index 38a554e..a9e8740 100644 18index 954e7cf..2a9bc51 100644
19--- a/gweb/gresolv.c 19--- a/gweb/gresolv.c
20+++ b/gweb/gresolv.c 20+++ b/gweb/gresolv.c
21@@ -36,6 +36,7 @@ 21@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index)
22 #include <arpa/inet.h>
23 #include <arpa/nameser.h>
24 #include <net/if.h>
25+#include <ctype.h>
26
27 #include "gresolv.h"
28
29@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index)
30 resolv->index = index; 22 resolv->index = index;
31 resolv->nameserver_list = NULL; 23 resolv->nameserver_list = NULL;
32 24
@@ -35,7 +27,7 @@ index 38a554e..a9e8740 100644
35 return resolv; 27 return resolv;
36 } 28 }
37 29
38@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) 30@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv)
39 31
40 flush_nameservers(resolv); 32 flush_nameservers(resolv);
41 33
@@ -44,7 +36,7 @@ index 38a554e..a9e8740 100644
44 g_free(resolv); 36 g_free(resolv);
45 } 37 }
46 38
47@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, 39@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
48 debug(resolv, "hostname %s", hostname); 40 debug(resolv, "hostname %s", hostname);
49 41
50 if (!resolv->nameserver_list) { 42 if (!resolv->nameserver_list) {
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman
index c64fa0d715..a021fd4655 100644
--- a/meta/recipes-connectivity/connman/connman/connman
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -10,49 +10,11 @@ fi
10 10
11set -e 11set -e
12 12
13nfsroot=0
14
15exec 9<&0 < /proc/mounts
16while read dev mtpt fstype rest; do
17 if test $mtpt = "/" ; then
18 case $fstype in
19 nfs | nfs4)
20 nfsroot=1
21 break
22 ;;
23 *)
24 ;;
25 esac
26 fi
27done
28
29do_start() { 13do_start() {
30 EXTRA_PARAM=""
31 if test $nfsroot -eq 1 ; then
32 NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'`
33 NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
34
35 if [ ! -z "$NET_ADDR" ]; then
36 if [ "$NET_ADDR" = dhcp ]; then
37 ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"`
38 if [ ! -z "$ethn" ]; then
39 EXTRA_PARAM="-I $ethn"
40 fi
41 else
42 for i in $NET_DEVS; do
43 ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'`
44 if [ "$NET_ADDR" = "$ADDR" ]; then
45 EXTRA_PARAM="-I $i"
46 break
47 fi
48 done
49 fi
50 fi
51 fi
52 if [ -f @DATADIR@/connman/wired-setup ] ; then 14 if [ -f @DATADIR@/connman/wired-setup ] ; then
53 . @DATADIR@/connman/wired-setup 15 . @DATADIR@/connman/wired-setup
54 fi 16 fi
55 $DAEMON $EXTRA_PARAM 17 $DAEMON
56} 18}
57 19
58do_stop() { 20do_stop() {
diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb b/meta/recipes-connectivity/connman/connman_1.38.bb
deleted file mode 100644
index 45c2934dec..0000000000
--- a/meta/recipes-connectivity/connman/connman_1.38.bb
+++ /dev/null
@@ -1,17 +0,0 @@
1require connman.inc
2
3SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
4 file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
5 file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
6 file://0001-connman.service-stop-systemd-networkd-when-using-con.patch \
7 file://connman \
8 file://no-version-scripts.patch \
9 "
10
11SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
12
13SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
14SRC_URI[sha256sum] = "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
15
16RRECOMMENDS_${PN} = "connman-conf"
17RCONFLICTS_${PN} = "networkmanager"
diff --git a/meta/recipes-connectivity/connman/connman_1.42.bb b/meta/recipes-connectivity/connman/connman_1.42.bb
new file mode 100644
index 0000000000..91ab9895ac
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman_1.42.bb
@@ -0,0 +1,17 @@
1require connman.inc
2
3SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
4 file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
5 file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
6 file://connman \
7 file://no-version-scripts.patch \
8 file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \
9 file://0001-src-log.c-Include-libgen.h-for-basename-API.patch \
10 "
11
12SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
13
14SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa"
15
16RRECOMMENDS:${PN} = "connman-conf"
17RCONFLICTS:${PN} = "networkmanager"
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.3.2.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
index cca60ddae2..6bde9b1f51 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.3.2.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
@@ -7,21 +7,22 @@ DESCRIPTION = "dhcpcd runs on your machine and silently configures your \
7HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" 7HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/"
8 8
9LICENSE = "BSD-2-Clause" 9LICENSE = "BSD-2-Clause"
10LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2" 10LIC_FILES_CHKSUM = "file://LICENSE;md5=ba9c7e534853aaf3de76c905b2410ffd"
11 11
12UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" 12SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \
13
14SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
15 file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ 13 file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
14 file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
16 file://dhcpcd.service \ 15 file://dhcpcd.service \
17 file://dhcpcd@.service \ 16 file://dhcpcd@.service \
17 file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
18 " 18 "
19 19
20SRC_URI[sha256sum] = "6d49af5e766a2515e6366e4f669663df04ecdf90a1a60ddb1d7a2feb4b5d2566" 20SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
21S = "${WORKDIR}/git"
21 22
22inherit pkgconfig autotools-brokensep systemd useradd 23inherit pkgconfig autotools-brokensep systemd useradd
23 24
24SYSTEMD_SERVICE_${PN} = "dhcpcd.service" 25SYSTEMD_SERVICE:${PN} = "dhcpcd.service"
25 26
26PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" 27PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
27 28
@@ -32,8 +33,11 @@ PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp"
32PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" 33PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony"
33PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" 34PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt"
34 35
36# add option to override DBDIR location
37DBDIR ?= "${localstatedir}/lib/${BPN}"
38
35EXTRA_OECONF = "--enable-ipv4 \ 39EXTRA_OECONF = "--enable-ipv4 \
36 --dbdir=${localstatedir}/lib/${BPN} \ 40 --dbdir=${DBDIR} \
37 --sbindir=${base_sbindir} \ 41 --sbindir=${base_sbindir} \
38 --runstatedir=/run \ 42 --runstatedir=/run \
39 --enable-privsep \ 43 --enable-privsep \
@@ -43,15 +47,15 @@ EXTRA_OECONF = "--enable-ipv4 \
43 " 47 "
44 48
45USERADD_PACKAGES = "${PN}" 49USERADD_PACKAGES = "${PN}"
46USERADD_PARAM_${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd" 50USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd"
47 51
48do_install_append () { 52do_install:append () {
49 # install systemd unit files 53 # install systemd unit files
50 install -d ${D}${systemd_unitdir}/system 54 install -d ${D}${systemd_system_unitdir}
51 install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_unitdir}/system 55 install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir}
52 56
53 chmod 700 ${D}${localstatedir}/lib/${BPN} 57 chmod 700 ${D}${DBDIR}
54 chown dhcpcd:dhcpcd ${D}${localstatedir}/lib/${BPN} 58 chown dhcpcd:dhcpcd ${D}${DBDIR}
55} 59}
56 60
57FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" 61FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug"
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
new file mode 100644
index 0000000000..8d1ed6671a
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
@@ -0,0 +1,82 @@
1From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Wed, 9 Nov 2022 16:33:18 +0800
4Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd
5
6systemd's resolvconf implementation ignores the protocol part.
7See https://github.com/systemd/systemd/issues/25032.
8
9When using 'dhcp server + dns server + dhcpcd + systemd', we
10get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra',
11yet systemd's resolvconf treats it as eth0. This will delete the
12DNS information set by 'resolvconf -a eth0.dhcp'.
13
14Fortunately, 20-resolv.conf has the ability to build the resolv.conf
15file contents itself. We can just pass the generated contents to
16systemd's resolvconf. This way, the DNS information is not incorrectly
17deleted. Also, it does not cause behavior regression for dhcpcd
18in other cases.
19
20Upstream-Status: Inappropriate [OE Specific]
21This patch has been rejected by dhcpcd upstream.
22See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152
23
24Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
25---
26 hooks/20-resolv.conf | 17 +++++++++++++----
27 1 file changed, 13 insertions(+), 4 deletions(-)
28
29diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf
30index 7c29e276..becc019f 100644
31--- a/hooks/20-resolv.conf
32+++ b/hooks/20-resolv.conf
33@@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming"
34 NL="
35 "
36 : ${resolvconf:=resolvconf}
37+resolvconf_from_systemd=false
38 if command -v "$resolvconf" >/dev/null 2>&1; then
39 have_resolvconf=true
40+ if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then
41+ resolvconf_from_systemd=true
42+ fi
43 else
44 have_resolvconf=false
45 fi
46@@ -69,8 +73,13 @@ build_resolv_conf()
47 else
48 echo "# /etc/resolv.conf.tail can replace this line" >> "$cf"
49 fi
50- if change_file /etc/resolv.conf "$cf"; then
51- chmod 644 /etc/resolv.conf
52+ if $resolvconf_from_systemd; then
53+ [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
54+ "$resolvconf" -a "$ifname" <"$cf"
55+ else
56+ if change_file /etc/resolv.conf "$cf"; then
57+ chmod 644 /etc/resolv.conf
58+ fi
59 fi
60 rm -f "$cf"
61 }
62@@ -170,7 +179,7 @@ add_resolv_conf()
63 for x in ${new_domain_name_servers}; do
64 conf="${conf}nameserver $x$NL"
65 done
66- if $have_resolvconf; then
67+ if $have_resolvconf && ! $resolvconf_from_systemd; then
68 [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric"
69 printf %s "$conf" | "$resolvconf" -a "$ifname"
70 return $?
71@@ -186,7 +195,7 @@ add_resolv_conf()
72
73 remove_resolv_conf()
74 {
75- if $have_resolvconf; then
76+ if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then
77 "$resolvconf" -d "$ifname" -f
78 else
79 if [ -e "$resolv_conf_dir/$ifname" ]; then
80--
812.17.1
82
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
new file mode 100644
index 0000000000..461d04bd1d
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch
@@ -0,0 +1,44 @@
1From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001
2From: Lei Maohui <leimaohui@fujitsu.com>
3Date: Fri, 10 Mar 2023 03:48:46 +0000
4Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib.
5
6Error: Transaction test error:
7 file /usr/share/man/man8/dhcpcd.8 conflicts between attempted
8 installs of dhcpcd-doc-9.4.1-r0.cortexa57 and
9 lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon
10
11The differences between the two files are as follows:
12@@ -821,7 +821,7 @@
13 If you always use the same options, put them here.
14 .It Pa /usr/libexec/dhcpcd-run-hooks
15 Bourne shell script that is run to configure or de-configure an interface.
16-.It Pa /usr/lib64/dhcpcd/dev
17+.It Pa /usr/lib/dhcpcd/dev
18 Linux
19 .Pa /dev
20 management modules.
21
22It is just a man file, there is no necessary to manage multiple
23versions.
24
25Upstream-Status: Inappropriate [oe specific]
26Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
27
28---
29 src/dhcpcd.8.in | 2 +-
30 1 file changed, 1 insertion(+), 1 deletion(-)
31
32diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
33index 93232840..09930a31 100644
34--- a/src/dhcpcd.8.in
35+++ b/src/dhcpcd.8.in
36@@ -824,7 +824,7 @@ Configuration file for dhcpcd.
37 If you always use the same options, put them here.
38 .It Pa @SCRIPT@
39 Bourne shell script that is run to configure or de-configure an interface.
40-.It Pa @LIBDIR@/dhcpcd/dev
41+.It Pa /usr/<libdir>/dhcpcd/dev
42 Linux
43 .Pa /dev
44 management modules.
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
index 37d2344438..c54942be4b 100644
--- a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
@@ -1,4 +1,4 @@
1From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001 1From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001
2From: Stefano Cappa <stefano.cappa.ks89@gmail.com> 2From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
3Date: Sun, 13 Jan 2019 01:50:52 +0100 3Date: Sun, 13 Jan 2019 01:50:52 +0100
4Subject: [PATCH] remove INCLUDEDIR to prevent build issues 4Subject: [PATCH] remove INCLUDEDIR to prevent build issues
@@ -6,15 +6,16 @@ Subject: [PATCH] remove INCLUDEDIR to prevent build issues
6Upstream-Status: Pending 6Upstream-Status: Pending
7 7
8Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> 8Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
9
9--- 10---
10 configure | 5 ----- 11 configure | 5 -----
11 1 file changed, 5 deletions(-) 12 1 file changed, 5 deletions(-)
12 13
13diff --git a/configure b/configure 14diff --git a/configure b/configure
14index 6c81e0db..32dea2b4 100755 15index 5237b0e2..7220718b 100755
15--- a/configure 16--- a/configure
16+++ b/configure 17+++ b/configure
17@@ -20,7 +20,6 @@ BUILD= 18@@ -26,7 +26,6 @@ BUILD=
18 HOST= 19 HOST=
19 HOSTCC= 20 HOSTCC=
20 TARGET= 21 TARGET=
@@ -22,7 +23,7 @@ index 6c81e0db..32dea2b4 100755
22 DEBUG= 23 DEBUG=
23 FORK= 24 FORK=
24 STATIC= 25 STATIC=
25@@ -72,7 +71,6 @@ for x do 26@@ -86,7 +85,6 @@ for x do
26 --mandir) MANDIR=$var;; 27 --mandir) MANDIR=$var;;
27 --datadir) DATADIR=$var;; 28 --datadir) DATADIR=$var;;
28 --with-ccopts|CFLAGS) CFLAGS=$var;; 29 --with-ccopts|CFLAGS) CFLAGS=$var;;
@@ -30,7 +31,7 @@ index 6c81e0db..32dea2b4 100755
30 CC) CC=$var;; 31 CC) CC=$var;;
31 CPPFLAGS) CPPFLAGS=$var;; 32 CPPFLAGS) CPPFLAGS=$var;;
32 PKG_CONFIG) PKG_CONFIG=$var;; 33 PKG_CONFIG) PKG_CONFIG=$var;;
33@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then 34@@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then
34 echo "CPPFLAGS=" >>$CONFIG_MK 35 echo "CPPFLAGS=" >>$CONFIG_MK
35 echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK 36 echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK
36 fi 37 fi
@@ -40,6 +41,3 @@ index 6c81e0db..32dea2b4 100755
40 if [ -n "$LDFLAGS" ]; then 41 if [ -n "$LDFLAGS" ]; then
41 echo "LDFLAGS=" >>$CONFIG_MK 42 echo "LDFLAGS=" >>$CONFIG_MK
42 echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK 43 echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK
43--
442.17.2 (Apple Git-113)
45
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
deleted file mode 100644
index 49d319f59d..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
+++ /dev/null
@@ -1,58 +0,0 @@
1From 7d39930468e272c740b0eed3c7e5b7fb3abf29e8 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Wed, 5 Aug 2020 10:36:22 -0700
4Subject: [PATCH] ftpd,telnetd: Fix multiple definitions of errcatch and not42
5
6This helps fix build failures when -fno-common option is used
7
8Upstream-Status: Pending
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10
11Signed-off-by: Khem Raj <raj.khem@gmail.com>
12---
13 ftpd/extern.h | 2 +-
14 ftpd/ftpcmd.c | 1 +
15 telnetd/utility.c | 2 +-
16 3 files changed, 3 insertions(+), 2 deletions(-)
17
18diff --git a/ftpd/extern.h b/ftpd/extern.h
19index ab33cf3..91dbbee 100644
20--- a/ftpd/extern.h
21+++ b/ftpd/extern.h
22@@ -90,7 +90,7 @@ extern void user (const char *);
23 extern char *sgetsave (const char *);
24
25 /* Exported from ftpd.c. */
26-jmp_buf errcatch;
27+extern jmp_buf errcatch;
28 extern struct sockaddr_storage data_dest;
29 extern socklen_t data_dest_len;
30 extern struct sockaddr_storage his_addr;
31diff --git a/ftpd/ftpcmd.c b/ftpd/ftpcmd.c
32index beb1f06..d272e9d 100644
33--- a/ftpd/ftpcmd.c
34+++ b/ftpd/ftpcmd.c
35@@ -106,6 +106,7 @@
36 #endif
37
38 off_t restart_point;
39+jmp_buf errcatch;
40
41 static char cbuf[512]; /* Command Buffer. */
42 static char *fromname;
43diff --git a/telnetd/utility.c b/telnetd/utility.c
44index e7ffb8e..46bf91e 100644
45--- a/telnetd/utility.c
46+++ b/telnetd/utility.c
47@@ -63,7 +63,7 @@ static int ncc;
48 static char ptyibuf[BUFSIZ], *ptyip;
49 static int pcc;
50
51-int not42;
52+extern int not42;
53
54 static int
55 readstream (int p, char *ibuf, int bufsize)
56--
572.28.0
58
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
deleted file mode 100644
index d4764f5867..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1Upstream-Status: Pending
2
3Subject: rcp: fix to work with large files
4
5When we copy file by rcp command, if the file > 2GB, it will fail.
6The cause is that it used incorrect data type on file size in sink() of rcp.
7
8Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9---
10 src/rcp.c | 4 ++--
11 1 file changed, 2 insertions(+), 2 deletions(-)
12
13diff --git a/src/rcp.c b/src/rcp.c
14index 21f55b6..bafa35f 100644
15--- a/src/rcp.c
16+++ b/src/rcp.c
17@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
18 enum
19 { YES, NO, DISPLAYED } wrerr;
20 BUF *bp;
21- off_t i, j;
22+ off_t i, j, size;
23 int amt, count, exists, first, mask, mode, ofd, omode;
24- int setimes, size, targisdir, wrerrno;
25+ int setimes, targisdir, wrerrno;
26 char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
27 const char *why;
28
29--
301.9.1
31
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
deleted file mode 100644
index a91913cb51..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
+++ /dev/null
@@ -1,25 +0,0 @@
1tftpd: Fix abort on error path
2
3When trying to fetch a non existent file, the app crashes with:
4
5*** buffer overflow detected ***:
6Aborted
7
8
9Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
10Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
11diff --git a/src/tftpd.c b/src/tftpd.c
12index 56002a0..144012f 100644
13--- a/src/tftpd.c
14+++ b/src/tftpd.c
15@@ -864,9 +864,8 @@ nak (int error)
16 pe->e_msg = strerror (error - 100);
17 tp->th_code = EUNDEF; /* set 'undef' errorcode */
18 }
19- strcpy (tp->th_msg, pe->e_msg);
20 length = strlen (pe->e_msg);
21- tp->th_msg[length] = '\0';
22+ memcpy(tp->th_msg, pe->e_msg, length + 1);
23 length += 5;
24 if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
25 syslog (LOG_ERR, "nak: %m\n");
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
deleted file mode 100644
index 24c134fcac..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
+++ /dev/null
@@ -1,83 +0,0 @@
1Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
2
3Upstream-Status: Pending
4
5Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
6---
7 ping/ping_common.h | 20 ++++++++++++++++++++
8 1 file changed, 20 insertions(+)
9
10diff --git a/ping/ping_common.h b/ping/ping_common.h
11index 1dfd1b5..3bfbd12 100644
12--- a/ping/ping_common.h
13+++ b/ping/ping_common.h
14@@ -17,10 +17,14 @@
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see `http://www.gnu.org/licenses/'. */
17
18+#include <config.h>
19+
20 #include <netinet/in_systm.h>
21 #include <netinet/in.h>
22 #include <netinet/ip.h>
23+#ifdef HAVE_IPV6
24 #include <netinet/icmp6.h>
25+#endif
26 #include <icmp.h>
27 #include <error.h>
28 #include <progname.h>
29@@ -62,7 +66,12 @@ struct ping_stat
30 want to follow the traditional behaviour of ping. */
31 #define DEFAULT_PING_COUNT 0
32
33+#ifdef HAVE_IPV6
34 #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
35+#else
36+#define PING_HEADER_LEN (ICMP_MINLEN)
37+#endif
38+
39 #define PING_TIMING(s) ((s) >= sizeof (struct timeval))
40 #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */
41
42@@ -74,13 +83,20 @@ struct ping_stat
43 (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
44 } while (0)
45
46+#ifdef HAVE_IPV6
47 /* FIXME: Adjust IPv6 case for options and their consumption. */
48 #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
49 (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
50
51+#else
52+#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
53+#endif
54+
55+#ifdef HAVE_IPV6
56 typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
57 struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
58 int datalen);
59+#endif
60
61 typedef int (*ping_efp) (int code,
62 void *closure,
63@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
64 struct ip * ip, icmphdr_t * icmp, int datalen);
65
66 union event {
67+#ifdef HAVE_IPV6
68 ping_efp6 handler6;
69+#endif
70 ping_efp handler;
71 };
72
73 union ping_address {
74 struct sockaddr_in ping_sockaddr;
75+#ifdef HAVE_IPV6
76 struct sockaddr_in6 ping_sockaddr6;
77+#endif
78 };
79
80 typedef struct ping_data PING;
81--
822.8.3
83
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
deleted file mode 100644
index 3da4e9f55a..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
2From: Mike Frysinger <vapier at gentoo.org>
3Date: Thu, 18 Nov 2010 16:59:14 -0500
4Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
5
6Upstream-Status: Pending
7
8Signed-off-by: Mike Frysinger <vapier at gentoo.org>
9---
10 lib/printf-parse.h | 3 +++
11 1 files changed, 3 insertions(+), 0 deletions(-)
12
13diff --git a/lib/printf-parse.h b/lib/printf-parse.h
14index 67a4a2a..3bd6152 100644
15--- a/lib/printf-parse.h
16+++ b/lib/printf-parse.h
17@@ -25,6 +25,9 @@
18
19 #include "printf-args.h"
20
21+#ifdef HAVE_FEATURES_H
22+# include <features.h> /* for __GLIBC__ */
23+#endif
24
25 /* Flags */
26 #define FLAG_GROUP 1 /* ' flag */
27--
281.7.3.2
29
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
deleted file mode 100644
index b13bb9229f..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
+++ /dev/null
@@ -1,14 +0,0 @@
1Upstream-Status: Pending
2
3--- inetutils-1.8/lib/wchar.in.h
4+++ inetutils-1.8/lib/wchar.in.h
5@@ -70,6 +70,9 @@
6 /* The include_next requires a split double-inclusion guard. */
7 #if @HAVE_WCHAR_H@
8 # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
9+#else
10+# include <stddef.h>
11+# define MB_CUR_MAX 1
12 #endif
13
14 #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
deleted file mode 100644
index 2592989a90..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1inetutils: define PATH_PROCNET_DEV if not already defined
2
3this prevents the following compilation error :
4system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
5
6this patch comes from :
7 http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
8
9Upstream-Status: Inappropriate [not author]
10
11Signed-of-by: Eric Bénard <eric@eukrea.com>
12---
13diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
14--- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500
15+++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500
16@@ -49,6 +49,10 @@
17 #include "../ifconfig.h"
18
19
20+#ifndef PATH_PROCNET_DEV
21+ #define PATH_PROCNET_DEV "/proc/net/dev"
22+#endif
23+
24 /* ARPHRD stuff. */
25
26 static void
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
deleted file mode 100644
index ff3abd86aa..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
+++ /dev/null
@@ -1,40 +0,0 @@
1Only check security/pam_appl.h which is provided by package libpam when pam is
2enabled.
3
4Upstream-Status: Pending
5
6Signed-off-by: Kai Kang <kai.kang@windriver.com>
7---
8diff --git a/configure.ac b/configure.ac
9index b35e672..e78a751 100644
10--- a/configure.ac
11+++ b/configure.ac
12@@ -195,6 +195,19 @@ fi
13
14 # See if we have libpam.a. Investigate PAM versus Linux-PAM.
15 if test "$with_pam" = yes ; then
16+ AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
17+#include <sys/types.h>
18+#ifdef HAVE_NETINET_IN_SYSTM_H
19+# include <netinet/in_systm.h>
20+#endif
21+#include <netinet/in.h>
22+#ifdef HAVE_NETINET_IP_H
23+# include <netinet/ip.h>
24+#endif
25+#ifdef HAVE_SYS_PARAM_H
26+# include <sys/param.h>
27+#endif
28+])
29 AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
30 AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
31 if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
32@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
33 AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
34 glob.h memory.h netinet/ether.h netinet/in_systm.h \
35 netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
36- security/pam_appl.h shadow.h \
37+ shadow.h \
38 stdarg.h stdlib.h string.h stropts.h sys/tty.h \
39 sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
40 sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch
deleted file mode 100644
index 532a0e5c08..0000000000
--- a/meta/recipes-connectivity/inetutils/inetutils/version.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1Upstream-Status: Pending
2
3remove m4_esyscmd function
4
5Signed-off-by: Chunrong Guo <b40290@freescale.com>
6--- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800
7+++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800
8@@ -20,8 +20,7 @@
9
10 AC_PREREQ(2.59)
11
12-AC_INIT([GNU inetutils],
13- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
14+AC_INIT([GNU inetutils],[1.9.4],
15 [bug-inetutils@gnu.org])
16
17 AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb
index adf6d4414e..0f1a0736bd 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb
@@ -1,3 +1,4 @@
1SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers."
1DESCRIPTION = "The GNU inetutils are a collection of common \ 2DESCRIPTION = "The GNU inetutils are a collection of common \
2networking utilities and servers including ftp, ftpd, rcp, \ 3networking utilities and servers including ftp, ftpd, rcp, \
3rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ 4rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
@@ -6,35 +7,23 @@ HOMEPAGE = "http://www.gnu.org/software/inetutils"
6SECTION = "net" 7SECTION = "net"
7DEPENDS = "ncurses netbase readline virtual/crypt" 8DEPENDS = "ncurses netbase readline virtual/crypt"
8 9
9LICENSE = "GPLv3" 10LICENSE = "GPL-3.0-only"
10 11
11LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" 12LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
12 13
13SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ 14SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6"
14 file://version.patch \ 15SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
15 file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ 16 file://rexec.xinetd.inetutils \
16 file://inetutils-1.8-0003-wchar.patch \
17 file://rexec.xinetd.inetutils \
18 file://rlogin.xinetd.inetutils \ 17 file://rlogin.xinetd.inetutils \
19 file://rsh.xinetd.inetutils \ 18 file://rsh.xinetd.inetutils \
20 file://telnet.xinetd.inetutils \ 19 file://telnet.xinetd.inetutils \
21 file://tftpd.xinetd.inetutils \ 20 file://tftpd.xinetd.inetutils \
22 file://inetutils-1.9-PATH_PROCNET_DEV.patch \ 21 "
23 file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
24 file://0001-rcp-fix-to-work-with-large-files.patch \
25 file://fix-buffer-fortify-tfpt.patch \
26 file://0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch \
27"
28
29SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
30SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
31 22
32inherit autotools gettext update-alternatives texinfo 23inherit autotools gettext update-alternatives texinfo
33 24
34acpaths = "-I ./m4" 25acpaths = "-I ./m4"
35 26
36SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
37
38PACKAGECONFIG ??= "ftp uucpd \ 27PACKAGECONFIG ??= "ftp uucpd \
39 ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ 28 ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
40 ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ 29 ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
@@ -46,24 +35,36 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
46PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," 35PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
47 36
48EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ 37EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
49 inetutils_cv_path_login=${base_bindir}/login \
50 --with-libreadline-prefix=${STAGING_LIBDIR} \ 38 --with-libreadline-prefix=${STAGING_LIBDIR} \
51 --enable-rpath=no \ 39 --enable-rpath=no \
52" 40 --with-path-login=${base_bindir}/login \
41 --with-path-cp=${base_bindir}/cp \
42 --with-path-uucico=${libexecdir}/uuico \
43 --with-path-procnet-dev=/proc/net/dev \
44 "
45
46EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx"
53 47
54# These are horrible for security, disable them 48# These are horrible for security, disable them
55EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ 49EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
56 --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" 50 --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
57 51
58do_configure_prepend () { 52# The configure script guesses many paths in cross builds, check for this happening
53do_configure_cross_check() {
54 if grep "may be incorrect because of cross-compilation" ${B}/config.log; then
55 bberror Default path values used, these must be set explicitly
56 fi
57}
58do_configure[postfuncs] += "do_configure_cross_check"
59
60# The --with-path options are not actually options, so this check needs to be silenced
61ERROR_QA:remove = "unknown-configure-option"
62
63do_configure:prepend () {
59 export HELP2MAN='true' 64 export HELP2MAN='true'
60 cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
61 install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
62 install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
63 rm -f ${S}/glob/configure*
64} 65}
65 66
66do_install_append () { 67do_install:append () {
67 install -m 0755 -d ${D}${base_sbindir} 68 install -m 0755 -d ${D}${base_sbindir}
68 install -m 0755 -d ${D}${sbindir} 69 install -m 0755 -d ${D}${sbindir}
69 install -m 0755 -d ${D}${sysconfdir}/xinetd.d 70 install -m 0755 -d ${D}${sysconfdir}/xinetd.d
@@ -71,6 +72,7 @@ do_install_append () {
71 install -m 0755 -d ${D}${base_bindir} 72 install -m 0755 -d ${D}${base_bindir}
72 mv ${D}${bindir}/ping* ${D}${base_bindir}/ 73 mv ${D}${bindir}/ping* ${D}${base_bindir}/
73 mv ${D}${bindir}/hostname ${D}${base_bindir}/ 74 mv ${D}${bindir}/hostname ${D}${base_bindir}/
75 mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/
74 fi 76 fi
75 mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ 77 mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
76 mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ 78 mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
@@ -118,33 +120,34 @@ PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
118NOAUTOPACKAGEDEBUG = "1" 120NOAUTOPACKAGEDEBUG = "1"
119 121
120ALTERNATIVE_PRIORITY = "79" 122ALTERNATIVE_PRIORITY = "79"
121ALTERNATIVE_${PN} = "whois" 123ALTERNATIVE:${PN} = "whois dnsdomainname"
122ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" 124ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd"
125ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname"
123 126
124ALTERNATIVE_PRIORITY_${PN}-logger = "60" 127ALTERNATIVE_PRIORITY_${PN}-logger = "60"
125ALTERNATIVE_${PN}-logger = "logger" 128ALTERNATIVE:${PN}-logger = "logger"
126ALTERNATIVE_${PN}-syslogd = "syslogd" 129ALTERNATIVE:${PN}-syslogd = "syslogd"
127ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" 130ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
128 131
129ALTERNATIVE_${PN}-ftp = "ftp" 132ALTERNATIVE:${PN}-ftp = "ftp"
130ALTERNATIVE_${PN}-ftpd = "ftpd" 133ALTERNATIVE:${PN}-ftpd = "ftpd"
131ALTERNATIVE_${PN}-tftp = "tftp" 134ALTERNATIVE:${PN}-tftp = "tftp"
132ALTERNATIVE_${PN}-tftpd = "tftpd" 135ALTERNATIVE:${PN}-tftpd = "tftpd"
133ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" 136ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
134ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" 137ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd"
135 138
136ALTERNATIVE_${PN}-telnet = "telnet" 139ALTERNATIVE:${PN}-telnet = "telnet"
137ALTERNATIVE_${PN}-telnetd = "telnetd" 140ALTERNATIVE:${PN}-telnetd = "telnetd"
138ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" 141ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
139ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" 142ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
140 143
141ALTERNATIVE_${PN}-inetd= "inetd" 144ALTERNATIVE:${PN}-inetd= "inetd"
142ALTERNATIVE_${PN}-traceroute = "traceroute" 145ALTERNATIVE:${PN}-traceroute = "traceroute"
143 146
144ALTERNATIVE_${PN}-hostname = "hostname" 147ALTERNATIVE:${PN}-hostname = "hostname"
145ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" 148ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
146 149
147ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ 150ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
148 tftpd.8 tftp.1 telnetd.8" 151 tftpd.8 tftp.1 telnetd.8"
149ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" 152ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
150ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" 153ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
@@ -154,62 +157,62 @@ ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
154ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" 157ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
155ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" 158ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
156 159
157ALTERNATIVE_${PN}-ifconfig = "ifconfig" 160ALTERNATIVE:${PN}-ifconfig = "ifconfig"
158ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" 161ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
159 162
160ALTERNATIVE_${PN}-ping = "ping" 163ALTERNATIVE:${PN}-ping = "ping"
161ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" 164ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
162 165
163ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" 166ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
164ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" 167ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6"
165 168
166 169
167FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" 170FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
168FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" 171FILES:${PN}-ping = "${base_bindir}/ping.${BPN}"
169FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" 172FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
170FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" 173FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}"
171FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" 174FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
172FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" 175FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}"
173FILES_${PN}-logger = "${bindir}/logger.${BPN}" 176FILES:${PN}-logger = "${bindir}/logger.${BPN}"
174 177
175FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" 178FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
176RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" 179RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
177 180
178FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" 181FILES:${PN}-ftp = "${bindir}/ftp.${BPN}"
179 182
180FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" 183FILES:${PN}-tftp = "${bindir}/tftp.${BPN}"
181FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" 184FILES:${PN}-telnet = "${bindir}/telnet.${BPN}"
182 185
183# We make us of RCONFLICTS / RPROVIDES here rather than using the normal 186# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
184# alternatives method as this leads to packaging QA issues when using 187# alternatives method as this leads to packaging QA issues when using
185# musl as that library does not provide what these applications need to 188# musl as that library does not provide what these applications need to
186# build. 189# build.
187FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" 190FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
188RCONFLICTS_${PN}-rsh += "netkit-rsh-client" 191RCONFLICTS:${PN}-rsh += "netkit-rsh-client"
189RPROVIDES_${PN}-rsh = "rsh" 192RPROVIDES:${PN}-rsh = "rsh"
190 193
191FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ 194FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
192 ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" 195 ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
193FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" 196FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
194RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" 197RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers"
195RCONFLICTS_${PN}-rshd += "netkit-rshd-server" 198RCONFLICTS:${PN}-rshd += "netkit-rshd-server"
196RPROVIDES_${PN}-rshd = "rshd" 199RPROVIDES:${PN}-rshd = "rshd"
197 200
198FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" 201FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}"
199FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" 202FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
200RDEPENDS_${PN}-ftpd += "xinetd" 203RDEPENDS:${PN}-ftpd += "xinetd"
201 204
202FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" 205FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
203FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" 206FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
204RCONFLICTS_${PN}-tftpd += "netkit-tftpd" 207RCONFLICTS:${PN}-tftpd += "netkit-tftpd"
205RDEPENDS_${PN}-tftpd += "xinetd" 208RDEPENDS:${PN}-tftpd += "xinetd"
206 209
207FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" 210FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
208FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" 211FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
209RCONFLICTS_${PN}-telnetd += "netkit-telnet" 212RCONFLICTS:${PN}-telnetd += "netkit-telnet"
210RPROVIDES_${PN}-telnetd = "telnetd" 213RPROVIDES:${PN}-telnetd = "telnetd"
211RDEPENDS_${PN}-telnetd += "xinetd" 214RDEPENDS:${PN}-telnetd += "xinetd"
212 215
213FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" 216FILES:${PN}-inetd = "${bindir}/inetd.${BPN}"
214 217
215RDEPENDS_${PN} = "xinetd" 218RDEPENDS:${PN} = "xinetd"
diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb
deleted file mode 100644
index 0e6a53e6a4..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2_5.9.0.bb
+++ /dev/null
@@ -1,11 +0,0 @@
1require iproute2.inc
2
3SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
4 file://0001-libc-compat.h-add-musl-workaround.patch \
5 "
6
7SRC_URI[sha256sum] = "a25dac94bcdcf2f73316c7f812115ea7a5710580bad892b08a83d00c6b33dacf"
8
9# CFLAGS are computed in Makefile and reference CCOPTS
10#
11EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb
index 403d264308..640b3013f1 100644
--- a/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/meta/recipes-connectivity/iproute2/iproute2_6.7.0.bb
@@ -5,31 +5,43 @@ and tc are the most important. ip controls IPv4 and IPv6 \
5configuration and tc stands for traffic control." 5configuration and tc stands for traffic control."
6HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" 6HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
7SECTION = "base" 7SECTION = "base"
8LICENSE = "GPLv2+" 8LICENSE = "GPL-2.0-or-later"
9LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ 9LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
10 file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" 10 "
11 11
12DEPENDS = "flex-native bison-native iptables libcap" 12DEPENDS = "flex-native bison-native iptables libcap"
13 13
14inherit update-alternatives bash-completion pkgconfig 14SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
15 file://0001-libc-compat.h-add-musl-workaround.patch \
16 "
17
18SRC_URI[sha256sum] = "ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d"
15 19
16CLEANBROKEN = "1" 20inherit update-alternatives bash-completion pkgconfig
17 21
18PACKAGECONFIG ??= "tipc elf devlink" 22PACKAGECONFIG ??= "tipc elf devlink"
19PACKAGECONFIG[tipc] = ",,libmnl," 23PACKAGECONFIG[tipc] = ",,libmnl,"
20PACKAGECONFIG[elf] = ",,elfutils," 24PACKAGECONFIG[elf] = ",,elfutils,"
21PACKAGECONFIG[devlink] = ",,libmnl," 25PACKAGECONFIG[devlink] = ",,libmnl,"
26PACKAGECONFIG[rdma] = ",,libmnl,"
27PACKAGECONFIG[selinux] = ",,libselinux"
28
29IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}"
22 30
31# CFLAGS are computed in Makefile and reference CCOPTS
32#
23EXTRA_OEMAKE = "\ 33EXTRA_OEMAKE = "\
24 CC='${CC}' \ 34 CC='${CC}' \
25 KERNEL_INCLUDE=${STAGING_INCDIR} \ 35 KERNEL_INCLUDE=${STAGING_INCDIR} \
26 DOCDIR=${docdir}/iproute2 \ 36 DOCDIR=${docdir}/iproute2 \
27 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \ 37 SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \
28 SBINDIR='${base_sbindir}' \ 38 SBINDIR='${base_sbindir}' \
39 CONF_USR_DIR='${libdir}/iproute2' \
29 LIBDIR='${libdir}' \ 40 LIBDIR='${libdir}' \
41 CCOPTS='${CFLAGS}' \
30" 42"
31 43
32do_configure_append () { 44do_configure:append () {
33 sh configure ${STAGING_INCDIR} 45 sh configure ${STAGING_INCDIR}
34 # Explicitly disable ATM support 46 # Explicitly disable ATM support
35 sed -i -e '/TC_CONFIG_ATM/d' config.mk 47 sed -i -e '/TC_CONFIG_ATM/d' config.mk
@@ -44,38 +56,49 @@ do_install () {
44} 56}
45 57
46# The .so files in iproute2-tc are modules, not traditional libraries 58# The .so files in iproute2-tc are modules, not traditional libraries
47INSANE_SKIP_${PN}-tc = "dev-so" 59INSANE_SKIP:${PN}-tc = "dev-so"
48 60
49PACKAGES =+ "\ 61IPROUTE2_PACKAGES =+ "\
50 ${PN}-devlink \ 62 ${PN}-devlink \
51 ${PN}-genl \ 63 ${PN}-genl \
52 ${PN}-ifstat \ 64 ${PN}-ifstat \
65 ${PN}-ip \
53 ${PN}-lnstat \ 66 ${PN}-lnstat \
54 ${PN}-nstat \ 67 ${PN}-nstat \
68 ${PN}-routel \
55 ${PN}-rtacct \ 69 ${PN}-rtacct \
56 ${PN}-ss \ 70 ${PN}-ss \
57 ${PN}-tc \ 71 ${PN}-tc \
58 ${PN}-tipc \ 72 ${PN}-tipc \
73 ${PN}-rdma \
59" 74"
60 75
61FILES_${PN}-tc = "${base_sbindir}/tc* \ 76PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}"
77RDEPENDS:${PN} += "${PN}-ip"
78
79FILES:${PN}-tc = "${base_sbindir}/tc* \
62 ${libdir}/tc/*.so" 80 ${libdir}/tc/*.so"
63FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ 81FILES:${PN}-lnstat = "${base_sbindir}/lnstat \
64 ${base_sbindir}/ctstat \ 82 ${base_sbindir}/ctstat \
65 ${base_sbindir}/rtstat" 83 ${base_sbindir}/rtstat"
66FILES_${PN}-ifstat = "${base_sbindir}/ifstat" 84FILES:${PN}-ifstat = "${base_sbindir}/ifstat"
67FILES_${PN}-genl = "${base_sbindir}/genl" 85FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2"
68FILES_${PN}-rtacct = "${base_sbindir}/rtacct" 86FILES:${PN}-genl = "${base_sbindir}/genl"
69FILES_${PN}-nstat = "${base_sbindir}/nstat" 87FILES:${PN}-rtacct = "${base_sbindir}/rtacct"
70FILES_${PN}-ss = "${base_sbindir}/ss" 88FILES:${PN}-nstat = "${base_sbindir}/nstat"
71FILES_${PN}-tipc = "${base_sbindir}/tipc" 89FILES:${PN}-ss = "${base_sbindir}/ss"
72FILES_${PN}-devlink = "${base_sbindir}/devlink" 90FILES:${PN}-tipc = "${base_sbindir}/tipc"
73 91FILES:${PN}-devlink = "${base_sbindir}/devlink"
74ALTERNATIVE_${PN} = "ip" 92FILES:${PN}-rdma = "${base_sbindir}/rdma"
93FILES:${PN}-routel = "${base_sbindir}/routel"
94
95RDEPENDS:${PN}-routel = "python3-core"
96
97ALTERNATIVE:${PN}-ip = "ip"
75ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" 98ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
76ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" 99ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
77ALTERNATIVE_PRIORITY = "100" 100ALTERNATIVE_PRIORITY = "100"
78 101
79ALTERNATIVE_${PN}-tc = "tc" 102ALTERNATIVE:${PN}-tc = "tc"
80ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" 103ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
81ALTERNATIVE_PRIORITY_${PN}-tc = "100" 104ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/meta/recipes-connectivity/iw/iw_5.9.bb b/meta/recipes-connectivity/iw/iw_6.7.bb
index 3d1e1c7e79..b46b54bc93 100644
--- a/meta/recipes-connectivity/iw/iw_5.9.bb
+++ b/meta/recipes-connectivity/iw/iw_6.7.bb
@@ -14,7 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
14 file://separate-objdir.patch \ 14 file://separate-objdir.patch \
15" 15"
16 16
17SRC_URI[sha256sum] = "6e7d3c9f8b4ee68e412f20fe229c9854c2dba383e3e650ce6af8eb8dbd12efc3" 17SRC_URI[sha256sum] = "b3ef3fa85fa1177b11d3e97d6d38cdfe10ee250ca31482b581f3bd0fc79cb015"
18 18
19inherit pkgconfig 19inherit pkgconfig
20 20
diff --git a/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch b/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
new file mode 100644
index 0000000000..8a5bd00302
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-kea-fix-reproducible-build-failure.patch
@@ -0,0 +1,62 @@
1From f9bcfed5a1d44d9211c5f6eba403a9898c8c9057 Mon Sep 17 00:00:00 2001
2From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
3Date: Tue, 8 Aug 2023 19:03:13 +0100
4Subject: [PATCH] kea: fix reproducible build failure
5
6New version of Kea has started using path of build-dir instead of
7src-dir which results in reproducible builds failure.
8Use src-dir as is used in v2.2.0
9
10Upstream-Status: Pending
11https://gitlab.isc.org/isc-projects/kea/-/issues/3007
12
13Upstream has confirmed the patch will not be accepted but discussions
14with upstream is still going on, we might have a proper solution later.
15
16Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
17---
18 src/bin/admin/kea-admin.in | 8 ++++----
19 1 file changed, 4 insertions(+), 4 deletions(-)
20
21diff --git a/src/bin/admin/kea-admin.in b/src/bin/admin/kea-admin.in
22index 034a0ee..8ab11ab 100644
23--- a/src/bin/admin/kea-admin.in
24+++ b/src/bin/admin/kea-admin.in
25@@ -51,14 +51,14 @@ dump_qry=""
26 if test -f "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"; then
27 . "@datarootdir@/@PACKAGE_NAME@/scripts/admin-utils.sh"
28 else
29- . "@abs_top_builddir@/src/bin/admin/admin-utils.sh"
30+ . "@abs_top_srcdir@/src/bin/admin/admin-utils.sh"
31 fi
32
33 # Find the installed kea-lfc if available. Fallback to sources otherwise.
34 if test -x "@sbindir@/kea-lfc"; then
35 kea_lfc="@sbindir@/kea-lfc"
36 else
37- kea_lfc="@abs_top_builddir@/src/bin/lfc/kea-lfc"
38+ kea_lfc="@abs_top_srcdir@/src/bin/lfc/kea-lfc"
39 fi
40
41 # Prints out usage version.
42@@ -355,7 +355,7 @@ mysql_upgrade() {
43 # Check if there are any files in it
44 num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
45 if [ "$num_files" -eq 0 ]; then
46- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/mysql
47+ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/mysql
48
49 # Check if the scripts directory exists at all.
50 if [ ! -d ${upgrade_scripts_dir} ]; then
51@@ -405,7 +405,7 @@ pgsql_upgrade() {
52 # Check if there are any files in it
53 num_files=$(find "${upgrade_scripts_dir}" -name 'upgrade*.sh' -type f | wc -l)
54 if [ "$num_files" -eq 0 ]; then
55- upgrade_scripts_dir=@abs_top_builddir@/src/share/database/scripts/pgsql
56+ upgrade_scripts_dir=@abs_top_srcdir@/src/share/database/scripts/pgsql
57
58 # Check if the scripts directory exists at all.
59 if [ ! -d ${upgrade_scripts_dir} ]; then
60--
612.39.2
62
diff --git a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch
deleted file mode 100644
index ab3fd83946..0000000000
--- a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1From 639dc25cdabc9d1846000a542c8cc19158b69994 Mon Sep 17 00:00:00 2001
2From: Mingli Yu <mingli.yu@windriver.com>
3Date: Fri, 18 Sep 2020 08:18:08 +0000
4Subject: [PATCH] keactrl.in: create /var/lib/kea and /var/run/kea folder
5
6Create /var/lib/kea and /var/run/kea folder to fix below error:
7 # keactrl start
8 INFO/keactrl: Starting /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
9 INFO/keactrl: Starting /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
10 INFO/keactrl: Starting /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
11 Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile
12 Service failed: Launch failed: Unable to open PID file '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write
13 [snip]
14 ERROR [kea-dhcp4.dhcp4/615.140641792751488] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv'
15 [snip]
16
17Upstream-Status: Inappropriate [config specific]
18
19Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
20---
21 src/bin/keactrl/keactrl.in | 2 ++
22 1 file changed, 2 insertions(+)
23
24diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in
25index 12b2b3f..47cf6f9 100644
26--- a/src/bin/keactrl/keactrl.in
27+++ b/src/bin/keactrl/keactrl.in
28@@ -482,6 +482,8 @@ case ${command} in
29 # The variables (dhcp4_srv, dhcp6_serv, dhcp_ddns_srv etc) are set in the
30 # keactrl.conf file that shellcheck is unable to read.
31 # shellcheck disable=SC2154
32+ [ -d @LOCALSTATEDIR@/run/kea ] || mkdir -p @LOCALSTATEDIR@/run/kea
33+ [ -d @LOCALSTATEDIR@/lib/kea ] || mkdir -p @LOCALSTATEDIR@/lib/kea
34 run_conditional "dhcp4" "start_server ${dhcp4_srv} -c ${kea_dhcp4_config_file} ${args}" 1
35 run_conditional "dhcp6" "start_server ${dhcp6_srv} -c ${kea_dhcp6_config_file} ${args}" 1
36 # shellcheck disable=SC2154
37--
382.26.2
39
diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
new file mode 100644
index 0000000000..94fbd12737
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
@@ -0,0 +1,28 @@
1From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Tue, 10 Nov 2020 15:57:03 +0000
4Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build
5 path into binary
6
7This breaks reproducibility and is needed only in unit testing.
8
9Upstream-Status: Inappropriate [oe-core specific]
10Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
11
12---
13 src/lib/log/logger_unittest_support.cc | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc
17index fc01c6e..f46d17e 100644
18--- a/src/lib/log/logger_unittest_support.cc
19+++ b/src/lib/log/logger_unittest_support.cc
20@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) {
21 const char* localfile = getenv("KEA_LOGGER_LOCALMSG");
22
23 // Set a directory for creating lockfiles when running tests
24- setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
25+ //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
26
27 // Initialize logging
28 initLogger(root, severity, dbglevel, localfile);
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
index 733adf5536..5b135b3aee 100644
--- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
+++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -1,4 +1,7 @@
1There are conflict of config files between kea and lib32-kea: 1From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001
2From: Kai Kang <kai.kang@windriver.com>
3Date: Tue, 22 Sep 2020 15:02:33 +0800
4Subject: [PATCH] There are conflict of config files between kea and lib32-kea:
2 5
3| Error: Transaction test error: 6| Error: Transaction test error:
4| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of 7| file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of
@@ -9,17 +12,19 @@ There are conflict of config files between kea and lib32-kea:
9Because they are all commented out, replace the expanded libdir path with 12Because they are all commented out, replace the expanded libdir path with
10'$libdir' in the config files to avoid conflict. 13'$libdir' in the config files to avoid conflict.
11 14
15Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602]
12Signed-off-by: Kai Kang <kai.kang@windriver.com> 16Signed-off-by: Kai Kang <kai.kang@windriver.com>
17
13--- 18---
14 src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- 19 src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++-
15 src/bin/keactrl/kea-dhcp4.conf.pre | 6 ++++-- 20 src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++--
16 2 files changed, 6 insertions(+), 3 deletions(-) 21 2 files changed, 4 insertions(+), 3 deletions(-)
17 22
18diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre 23diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
19index 211b7ff..d710ec7 100644 24index e6ae8b8..50a3092 100644
20--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre 25--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
21+++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre 26+++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
22@@ -45,7 +45,8 @@ 27@@ -51,7 +51,8 @@
23 // Agent will fail to start. 28 // Agent will fail to start.
24 "hooks-libraries": [ 29 "hooks-libraries": [
25 // { 30 // {
@@ -30,26 +35,24 @@ index 211b7ff..d710ec7 100644
30 // "param1": "foo" 35 // "param1": "foo"
31 // } 36 // }
32diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre 37diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre
33index 5f77a32..70ae3d9 100644 38index 6edb8a1..b2a7385 100644
34--- a/src/bin/keactrl/kea-dhcp4.conf.pre 39--- a/src/bin/keactrl/kea-dhcp4.conf.pre
35+++ b/src/bin/keactrl/kea-dhcp4.conf.pre 40+++ b/src/bin/keactrl/kea-dhcp4.conf.pre
36@@ -252,7 +252,8 @@ 41@@ -255,7 +255,7 @@
37 // // of all devices serviced by Kea, including their identifiers 42 // // of all devices serviced by Kea, including their identifiers
38 // // (like MAC address), their location in the network, times 43 // // (like MAC address), their location in the network, times
39 // // when they were active etc. 44 // // when they were active etc.
40- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so" 45- // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so",
41+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 46+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so",
42+ // "library": "$libdir/kea/hooks/libdhcp_legal_log.so" 47 // "parameters": {
43 // "parameters": { 48 // "path": "/var/lib/kea",
44 // "path": "/var/lib/kea", 49 // "base-name": "kea-forensic4"
45 // "base-name": "kea-forensic4" 50@@ -272,7 +272,7 @@
46@@ -269,7 +270,8 @@ 51 // // of specific options or perhaps even a combination of several
47 // // of specific options or perhaps even a combination of several 52 // // options and fields to uniquely identify a client. Those scenarios
48 // // options and fields to uniquely identify a client. Those scenarios 53 // // are addressed by the Flexible Identifiers hook application.
49 // // are addressed by the Flexible Identifiers hook application. 54- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so",
50- // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", 55+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so",
51+ // // Replace $libdir with real library path /usr/lib or /usr/lib64 56 // "parameters": {
52+ // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", 57 // "identifier-expression": "relay4[2].hex"
53 // "parameters": { 58 // }
54 // "identifier-expression": "substring(relay6[0].option[18],0,8)"
55 // }
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
index eeeb89942b..63a6a2805b 100644
--- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
+++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
@@ -1,22 +1,29 @@
1Busybox does not support ps -p so use pgrep 1From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001
2From: Armin kuster <akuster808@gmail.com>
3Date: Wed, 14 Oct 2020 22:48:31 -0700
4Subject: [PATCH] Busybox does not support ps -p so use pgrep
2 5
3Upstream-Status: Inappropriate [embedded specific] 6Upstream-Status: Inappropriate [embedded specific]
4Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> 7Based on changes from Diego Sueiro <Diego.Sueiro@arm.com>
5 8
6Signed-off-by: Armin kuster <akuster808@gmail.com> 9Signed-off-by: Armin kuster <akuster808@gmail.com>
7 10
8Index: kea-1.7.10/src/bin/keactrl/keactrl.in 11---
9=================================================================== 12 src/bin/keactrl/keactrl.in | 4 ++--
10--- kea-1.7.10.orig/src/bin/keactrl/keactrl.in 13 1 file changed, 2 insertions(+), 2 deletions(-)
11+++ kea-1.7.10/src/bin/keactrl/keactrl.in 14
12@@ -137,8 +137,8 @@ check_running() { 15diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in
16index 450e997..c353ca9 100644
17--- a/src/bin/keactrl/keactrl.in
18+++ b/src/bin/keactrl/keactrl.in
19@@ -149,8 +149,8 @@ check_running() {
13 # Get the PID from the PID file (if it exists) 20 # Get the PID from the PID file (if it exists)
14 get_pid_from_file "${proc_name}" 21 get_pid_from_file "${proc_name}"
15 if [ ${_pid} -gt 0 ]; then 22 if [ ${_pid} -gt 0 ]; then
16- # Use ps to check if PID is alive 23- # Use ps to check if PID is alive
17- ps -p ${_pid} 1>/dev/null 24- if ps -p ${_pid} 1>/dev/null; then
18+ # Use pgrep and grep to check if PID is alive 25+ # Use pgrep and grep to check if PID is alive
19+ pgrep -v 1 | grep ${_pid} 1>/dev/null 26+ if pgrep -v 1 | grep ${_pid} 1>/dev/null; then
20 retcode=$?
21 if [ $retcode -eq 0 ]; then
22 # No error, so PID IS ALIVE 27 # No error, so PID IS ALIVE
28 _running=1
29 fi
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
index 91aa2eb14f..f6059d73cb 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -6,7 +6,6 @@ After=time-sync.target
6 6
7[Service] 7[Service]
8ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ 8ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
9ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea
10ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf 9ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
11 10
12[Install] 11[Install]
diff --git a/meta/recipes-connectivity/kea/kea_1.7.10.bb b/meta/recipes-connectivity/kea/kea_2.4.1.bb
index 1d011ace78..c3aa4dc8f0 100644
--- a/meta/recipes-connectivity/kea/kea_1.7.10.bb
+++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb
@@ -2,55 +2,60 @@ SUMMARY = "ISC Kea DHCP Server"
2DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." 2DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS."
3HOMEPAGE = "http://kea.isc.org" 3HOMEPAGE = "http://kea.isc.org"
4SECTION = "connectivity" 4SECTION = "connectivity"
5LICENSE = "MPL-2.0 & Apache-2.0" 5LICENSE = "MPL-2.0"
6LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa" 6LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131"
7 7
8DEPENDS = "boost log4cplus openssl" 8DEPENDS = "boost log4cplus openssl"
9 9
10SRC_URI = "\ 10SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
11 http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ 11 file://kea-dhcp4.service \
12 file://0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch \ 12 file://kea-dhcp6.service \
13 file://kea-dhcp4.service \ 13 file://kea-dhcp-ddns.service \
14 file://kea-dhcp6.service \ 14 file://kea-dhcp4-server \
15 file://kea-dhcp-ddns.service \ 15 file://kea-dhcp6-server \
16 file://kea-dhcp4-server \ 16 file://kea-dhcp-ddns-server \
17 file://kea-dhcp6-server \ 17 file://fix-multilib-conflict.patch \
18 file://kea-dhcp-ddns-server \ 18 file://fix_pid_keactrl.patch \
19 file://fix-multilib-conflict.patch \ 19 file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
20 file://fix_pid_keactrl.patch \ 20 file://0001-kea-fix-reproducible-build-failure.patch \
21" 21 "
22SRC_URI[sha256sum] = "4e121f0e58b175a827581c69cb1d60778647049fa47f142940dddc9ce58f3c82" 22SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a"
23 23
24inherit autotools systemd update-rc.d upstream-version-is-even 24inherit autotools systemd update-rc.d upstream-version-is-even
25 25
26INITSCRIPT_NAME = "kea-dhcp4-server" 26INITSCRIPT_NAME = "kea-dhcp4-server"
27INITSCRIPT_PARAMS = "defaults 30" 27INITSCRIPT_PARAMS = "defaults 30"
28 28
29SYSTEMD_SERVICE_${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" 29SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service"
30SYSTEMD_AUTO_ENABLE = "disable" 30SYSTEMD_AUTO_ENABLE = "disable"
31 31
32DEBUG_OPTIMIZATION_remove_mips = " -Og" 32DEBUG_OPTIMIZATION:remove:mips = " -Og"
33DEBUG_OPTIMIZATION_append_mips = " -O" 33DEBUG_OPTIMIZATION:append:mips = " -O"
34BUILD_OPTIMIZATION_remove_mips = " -Og" 34BUILD_OPTIMIZATION:remove:mips = " -Og"
35BUILD_OPTIMIZATION_append_mips = " -O" 35BUILD_OPTIMIZATION:append:mips = " -O"
36 36
37DEBUG_OPTIMIZATION_remove_mipsel = " -Og" 37DEBUG_OPTIMIZATION:remove:mipsel = " -Og"
38DEBUG_OPTIMIZATION_append_mipsel = " -O" 38DEBUG_OPTIMIZATION:append:mipsel = " -O"
39BUILD_OPTIMIZATION_remove_mipsel = " -Og" 39BUILD_OPTIMIZATION:remove:mipsel = " -Og"
40BUILD_OPTIMIZATION_append_mipsel = " -O" 40BUILD_OPTIMIZATION:append:mipsel = " -O"
41 41
42EXTRA_OECONF = "--with-boost-libs=-lboost_system \ 42EXTRA_OECONF = "--with-boost-libs=-lboost_system \
43 --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ 43 --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \
44 --with-openssl=${STAGING_DIR_TARGET}${prefix}" 44 --with-openssl=${STAGING_DIR_TARGET}${prefix}"
45 45
46do_configure_prepend() { 46do_configure:prepend() {
47 # replace abs_top_builddir to avoid introducing the build path 47 # replace abs_top_builddir to avoid introducing the build path
48 # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target 48 # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target
49 find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" 49 find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g"
50 sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in 50 sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
51} 51}
52 52
53do_install_append() { 53# patch out build host paths for reproducibility
54do_compile:prepend:class-target() {
55 sed -i -e "s,${WORKDIR},,g" ${B}/config.report
56}
57
58do_install:append() {
54 install -d ${D}${sysconfdir}/init.d 59 install -d ${D}${sysconfdir}/init.d
55 install -d ${D}${systemd_system_unitdir} 60 install -d ${D}${systemd_system_unitdir}
56 61
@@ -61,13 +66,13 @@ do_install_append() {
61 ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl 66 ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl
62} 67}
63 68
64do_install_append() { 69do_install:append() {
65 rm -rf "${D}${localstatedir}" 70 rm -rf "${D}${localstatedir}"
66} 71}
67 72
68CONFFILES_${PN} = "${sysconfdir}/kea/keactrl.conf" 73CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf"
69 74
70FILES_${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" 75FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a"
71FILES_${PN} += "${libdir}/hooks/*.so" 76FILES:${PN} += "${libdir}/hooks/*.so"
72 77
73PARALLEL_MAKEINST = "" 78PARALLEL_MAKEINST = ""
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
index 5e4460045b..0db609fc47 100644
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
@@ -1,28 +1,29 @@
1SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" 1SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
2HOMEPAGE = "https://github.com/lathiat/nss-mdns" 2HOMEPAGE = "https://github.com/lathiat/nss-mdns"
3DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local."
3SECTION = "libs" 4SECTION = "libs"
4 5
5LICENSE = "LGPLv2.1+" 6LICENSE = "LGPL-2.1-or-later"
6LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" 7LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
7 8
8DEPENDS = "avahi" 9DEPENDS = "avahi"
9 10
10SRC_URI = "git://github.com/lathiat/nss-mdns \ 11SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \
11 " 12 "
12 13
13SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" 14SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633"
14 15
15S = "${WORKDIR}/git" 16S = "${WORKDIR}/git"
16 17
17inherit autotools pkgconfig 18inherit autotools pkgconfig
18 19
19COMPATIBLE_HOST_libc-musl = 'null' 20COMPATIBLE_HOST:libc-musl = 'null'
20 21
21EXTRA_OECONF = "--libdir=${base_libdir}" 22EXTRA_OECONF = "--libdir=${base_libdir}"
22 23
23RDEPENDS_${PN} = "avahi-daemon" 24RDEPENDS:${PN} = "avahi-daemon"
24 25
25pkg_postinst_${PN} () { 26pkg_postinst:${PN} () {
26 sed ' 27 sed '
27 /^hosts:/ !b 28 /^hosts:/ !b
28 /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b 29 /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
@@ -30,7 +31,7 @@ pkg_postinst_${PN} () {
30 ' -i $D${sysconfdir}/nsswitch.conf 31 ' -i $D${sysconfdir}/nsswitch.conf
31} 32}
32 33
33pkg_prerm_${PN} () { 34pkg_prerm:${PN} () {
34 sed ' 35 sed '
35 /^hosts:/ !b 36 /^hosts:/ !b
36 s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g 37 s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
index 35bb5650b3..166654e280 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
@@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
10 file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" 10 file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
11DEPENDS = "flex-native bison-native" 11DEPENDS = "flex-native bison-native"
12 12
13SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ 13SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz"
14 " 14SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f"
15SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
16SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
17 15
18inherit autotools binconfig-disabled pkgconfig 16inherit autotools binconfig-disabled pkgconfig
19 17
@@ -21,10 +19,11 @@ BINCONFIG = "${bindir}/pcap-config"
21 19
22# Explicitly disable dag support. We don't have recipe for it and if enabled here, 20# Explicitly disable dag support. We don't have recipe for it and if enabled here,
23# configure script poisons the include dirs with /usr/local/include even when the 21# configure script poisons the include dirs with /usr/local/include even when the
24# support hasn't been detected. 22# support hasn't been detected. Do the same thing for DPDK.
25EXTRA_OECONF = " \ 23EXTRA_OECONF = " \
26 --with-pcap=linux \ 24 --with-pcap=linux \
27 --without-dag \ 25 --without-dag \
26 --without-dpdk \
28 " 27 "
29EXTRA_AUTORECONF += "--exclude=aclocal" 28EXTRA_AUTORECONF += "--exclude=aclocal"
30 29
@@ -36,9 +35,9 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
36PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," 35PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
37PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" 36PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
38 37
39do_configure_prepend () { 38do_configure:prepend () {
40 #remove hardcoded references to /usr/include 39 #remove hardcoded references to /usr/include
41 sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac 40 sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
42} 41}
43 42
44BBCLASSEXTEND = "native" 43BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb b/meta/recipes-connectivity/libuv/libuv_1.40.0.bb
deleted file mode 100644
index f793db09be..0000000000
--- a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb
+++ /dev/null
@@ -1,19 +0,0 @@
1SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
2HOMEPAGE = "https://github.com/libuv/libuv"
3BUGTRACKER = "https://github.com/libuv/libuv/issues"
4LICENSE = "MIT"
5LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
6
7SRCREV = "4e69e333252693bd82d6338d6124f0416538dbfc"
8SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
9
10S = "${WORKDIR}/git"
11
12inherit autotools
13
14do_configure() {
15 ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
16 oe_runconf
17}
18
19BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.48.0.bb b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb
new file mode 100644
index 0000000000..87a2c22a7c
--- /dev/null
+++ b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb
@@ -0,0 +1,22 @@
1SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
2HOMEPAGE = "https://github.com/libuv/libuv"
3DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others."
4BUGTRACKER = "https://github.com/libuv/libuv/issues"
5LICENSE = "MIT"
6LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \
7 file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324"
8
9SRCREV = "e9f29cb984231524e3931aa0ae2c5dae1a32884e"
10SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https"
11UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
12
13S = "${WORKDIR}/git"
14
15inherit autotools
16
17do_configure() {
18 ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
19 oe_runconf
20}
21
22BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 0b0bbab168..a4030b7b32 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -1,13 +1,15 @@
1SUMMARY = "Mobile Broadband Service Provider Database" 1SUMMARY = "Mobile Broadband Service Provider Database"
2HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" 2HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
3DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there"
3SECTION = "network" 4SECTION = "network"
4LICENSE = "PD" 5LICENSE = "PD"
5LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" 6LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
6SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228" 7
7PV = "20190618" 8SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe"
9PV = "20230416"
8PE = "1" 10PE = "1"
9 11
10SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" 12SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
11S = "${WORKDIR}/git" 13S = "${WORKDIR}/git"
12 14
13inherit autotools 15inherit autotools
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.19.bb
index 7c124a3c0b..a98f436b98 100644
--- a/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/meta/recipes-connectivity/neard/neard_0.19.bb
@@ -1,33 +1,34 @@
1SUMMARY = "Linux NFC daemon" 1SUMMARY = "Linux NFC daemon"
2DESCRIPTION = "A daemon for the Linux Near Field Communication stack" 2DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
3HOMEPAGE = "http://01.org/linux-nfc" 3HOMEPAGE = "http://01.org/linux-nfc"
4LICENSE = "GPLv2" 4LICENSE = "GPL-2.0-only"
5LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
6 file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
7 "
5 8
6DEPENDS = "dbus glib-2.0 libnl" 9DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native"
7 10
8SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \ 11SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=https;branch=master \
9 file://neard.in \ 12 file://neard.in \
10 file://Makefile.am-fix-parallel-issue.patch \ 13 file://Makefile.am-fix-parallel-issue.patch \
11 file://Makefile.am-do-not-ship-version.h.patch \ 14 file://Makefile.am-do-not-ship-version.h.patch \
12 file://0001-Add-header-dependency-to-nciattach.o.patch \ 15 file://0001-Add-header-dependency-to-nciattach.o.patch \
13 " 16 "
14SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
15SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
16 17
17LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ 18SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7"
18 file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ 19
19 " 20S = "${WORKDIR}/git"
20 21
21inherit autotools pkgconfig systemd update-rc.d 22inherit autotools pkgconfig systemd update-rc.d
22 23
23PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" 24PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
24 25
25PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" 26PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
26 27
27EXTRA_OECONF += "--enable-tools" 28EXTRA_OECONF += "--enable-tools"
28 29
29# This would copy neard start-stop shell and test scripts 30# This would copy neard start-stop shell and test scripts
30do_install_append() { 31do_install:append() {
31 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then 32 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
32 install -d ${D}${sysconfdir}/init.d/ 33 install -d ${D}${sysconfdir}/init.d/
33 sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ 34 sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \
@@ -36,10 +37,10 @@ do_install_append() {
36 fi 37 fi
37} 38}
38 39
39RDEPENDS_${PN} = "dbus" 40RDEPENDS:${PN} = "dbus"
40 41
41# Bluez & Wifi are not mandatory except for handover 42# Bluez & Wifi are not mandatory except for handover
42RRECOMMENDS_${PN} = "\ 43RRECOMMENDS:${PN} = "\
43 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ 44 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
44 ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ 45 ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
45 " 46 "
@@ -47,4 +48,4 @@ RRECOMMENDS_${PN} = "\
47INITSCRIPT_NAME = "neard" 48INITSCRIPT_NAME = "neard"
48INITSCRIPT_PARAMS = "defaults 64" 49INITSCRIPT_PARAMS = "defaults 64"
49 50
50SYSTEMD_SERVICE_${PN} = "neard.service" 51SYSTEMD_SERVICE:${PN} = "neard.service"
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
index bd350144e3..7603eb680d 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -19,7 +19,7 @@ As there is already one source file named file.c
19as support/nsm/file.c in support/nsm/Makefile.am, 19as support/nsm/file.c in support/nsm/Makefile.am,
20so rename ../support/misc/file.c to ../support/misc/misc.c. 20so rename ../support/misc/file.c to ../support/misc/misc.c.
21 21
22Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] 22Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
23 23
24Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> 24Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
25 25
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch
new file mode 100644
index 0000000000..351407ddcd
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch
@@ -0,0 +1,36 @@
1From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 24 Jul 2023 20:39:16 -0700
4Subject: [PATCH] locktest: Makefile.am: Do not use build flags
5
6Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags
7when thse flags are speficied different than target flags which
8is common when cross-building. It can pass wrong paths to linker
9and it would find incompatible libraries during link since they
10are from host system and target maybe not same as build host.
11
12Fixes subtle errors like
13| aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64
14
15Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2]
16Signed-off-by: Khem Raj <raj.khem@gmail.com>
17---
18 tools/locktest/Makefile.am | 3 ---
19 1 file changed, 3 deletions(-)
20
21diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
22index e8914655..2fd36971 100644
23--- a/tools/locktest/Makefile.am
24+++ b/tools/locktest/Makefile.am
25@@ -2,8 +2,5 @@
26
27 noinst_PROGRAMS = testlk
28 testlk_SOURCES = testlk.c
29-testlk_CFLAGS=$(CFLAGS_FOR_BUILD)
30-testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD)
31-testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD)
32
33 MAINTAINERCLEANFILES = Makefile.in
34--
352.41.0
36
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
new file mode 100644
index 0000000000..57d4660571
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
@@ -0,0 +1,34 @@
1From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001
2From: Robert Yang <liezhi.yang@windriver.com>
3Date: Sat, 9 Dec 2023 23:34:08 -0800
4Subject: [PATCH] reexport.h: Include unistd.h to compile with musl
5
6Fixed error when compile with musl
7reexport.c: In function 'reexpdb_init':
8reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration]
9 62 | sleep(1);
10
11
12Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2]
13
14Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
15---
16 support/reexport/reexport.h | 1 +
17 1 files changed, 1 insertions(+)
18
19diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h
20index 85fd59c..02f8684 100644
21--- a/support/reexport/reexport.h
22+++ b/support/reexport/reexport.h
23@@ -1,6 +1,8 @@
24 #ifndef REEXPORT_H
25 #define REEXPORT_H
26
27+#include <unistd.h>
28+
29 #include "nfslib.h"
30
31 enum {
32--
332.42.0
34
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch
new file mode 100644
index 0000000000..7d903e04bc
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch
@@ -0,0 +1,53 @@
1From e2e9251dbeb452f5382179023d8ae18b511167a1 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 25 Jul 2023 23:47:08 -0700
4Subject: [PATCH] tools/locktest: Use intmax_t to print off_t
5
6off_t could be 64bit on 32bit architectures which means using %z printf
7modifier is not enough to print it and compiler will complain about
8format mismatch
9
10Fixes
11| testlk.c:84:66: error: format '%zd' expects argument of type 'signed size_t', but argument 4 has type '__off64_t' {aka 'long long int'} [-Werror=format=]
12| 84 | printf("%s: conflicting lock by %d on (%zd;%zd)\n",
13| | ~~^
14| | |
15| | int
16| | %lld
17| 85 | fname, fl.l_pid, fl.l_start, fl.l_len);
18| | ~~~~~~~~~~
19| | |
20| | __off64_t {aka long long int}
21
22Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169035457128067&w=2]
23Signed-off-by: Khem Raj <raj.khem@gmail.com>
24---
25 tools/locktest/testlk.c | 5 +++--
26 1 file changed, 3 insertions(+), 2 deletions(-)
27
28diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c
29index ea51f788..9d4c88c4 100644
30--- a/tools/locktest/testlk.c
31+++ b/tools/locktest/testlk.c
32@@ -2,6 +2,7 @@
33 #include <config.h>
34 #endif
35
36+#include <stdint.h>
37 #include <stdlib.h>
38 #include <stdio.h>
39 #include <unistd.h>
40@@ -81,8 +82,8 @@ main(int argc, char **argv)
41 if (fl.l_type == F_UNLCK) {
42 printf("%s: no conflicting lock\n", fname);
43 } else {
44- printf("%s: conflicting lock by %d on (%zd;%zd)\n",
45- fname, fl.l_pid, fl.l_start, fl.l_len);
46+ printf("%s: conflicting lock by %d on (%jd;%jd)\n",
47+ fname, fl.l_pid, (intmax_t)fl.l_start, (intmax_t)fl.l_len);
48 }
49 return 0;
50 }
51--
522.41.0
53
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index c01415de84..ebfe64b9ce 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -12,6 +12,7 @@ ConditionPathExists=@SYSCONFDIR@/exports
12EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf 12EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
13ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS 13ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
14LimitNOFILE=@HIGH_RLIMIT_NOFILE@ 14LimitNOFILE=@HIGH_RLIMIT_NOFILE@
15StateDirectory=nfs
15 16
16[Install] 17[Install]
17WantedBy=multi-user.target 18WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
index 5c845b7e82..15ceee04d0 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -18,6 +18,7 @@ ExecStopPost=@SBINDIR@/exportfs -au
18ExecStopPost=@SBINDIR@/exportfs -f 18ExecStopPost=@SBINDIR@/exportfs -f
19ExecReload=@SBINDIR@/exportfs -r 19ExecReload=@SBINDIR@/exportfs -r
20RemainAfterExit=yes 20RemainAfterExit=yes
21StateDirectory=nfs
21 22
22[Install] 23[Install]
23WantedBy=multi-user.target 24WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 4fa64e1998..b519194121 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -4,11 +4,13 @@ DefaultDependencies=no
4Conflicts=umount.target 4Conflicts=umount.target
5Requires=nss-lookup.target rpcbind.service 5Requires=nss-lookup.target rpcbind.service
6After=network.target nss-lookup.target rpcbind.service 6After=network.target nss-lookup.target rpcbind.service
7ConditionPathExists=@SYSCONFDIR@/exports
7 8
8[Service] 9[Service]
9EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf 10EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
10ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS 11ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
11LimitNOFILE=@HIGH_RLIMIT_NOFILE@ 12LimitNOFILE=@HIGH_RLIMIT_NOFILE@
13StateDirectory=nfs
12 14
13[Install] 15[Install]
14WantedBy=multi-user.target 16WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
index c7ac67cf31..2f2644f9a8 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
@@ -4,18 +4,18 @@ NFS server and related tools."
4HOMEPAGE = "http://nfs.sourceforge.net/" 4HOMEPAGE = "http://nfs.sourceforge.net/"
5SECTION = "console/network" 5SECTION = "console/network"
6 6
7LICENSE = "MIT & GPLv2+ & BSD" 7LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause"
8LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" 8LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
9 9
10# util-linux for libblkid 10# util-linux for libblkid
11DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" 11DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
12RDEPENDS_${PN} = "${PN}-client" 12RDEPENDS:${PN} = "${PN}-client"
13RRECOMMENDS_${PN} = "kernel-module-nfsd" 13RRECOMMENDS:${PN} = "kernel-module-nfsd"
14 14
15inherit useradd 15inherit useradd
16 16
17USERADD_PACKAGES = "${PN}-client" 17USERADD_PACKAGES = "${PN}-client"
18USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ 18USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \
19 --shell /bin/false --user-group rpcuser" 19 --shell /bin/false --user-group rpcuser"
20 20
21SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ 21SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
@@ -30,8 +30,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
30 file://bugfix-adjust-statd-service-name.patch \ 30 file://bugfix-adjust-statd-service-name.patch \
31 file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ 31 file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
32 file://clang-warnings.patch \ 32 file://clang-warnings.patch \
33 file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
34 file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \
35 file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \
33 " 36 "
34SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea65d9de" 37SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d"
35 38
36# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will 39# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
37# pull in the remainder of the dependencies. 40# pull in the remainder of the dependencies.
@@ -39,14 +42,14 @@ SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea
39INITSCRIPT_PACKAGES = "${PN} ${PN}-client" 42INITSCRIPT_PACKAGES = "${PN} ${PN}-client"
40INITSCRIPT_NAME = "nfsserver" 43INITSCRIPT_NAME = "nfsserver"
41INITSCRIPT_PARAMS = "defaults" 44INITSCRIPT_PARAMS = "defaults"
42INITSCRIPT_NAME_${PN}-client = "nfscommon" 45INITSCRIPT_NAME:${PN}-client = "nfscommon"
43INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" 46INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21"
44 47
45inherit autotools-brokensep update-rc.d systemd pkgconfig 48inherit autotools-brokensep update-rc.d systemd pkgconfig
46 49
47SYSTEMD_PACKAGES = "${PN} ${PN}-client" 50SYSTEMD_PACKAGES = "${PN} ${PN}-client"
48SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" 51SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service"
49SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" 52SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service"
50 53
51# --enable-uuid is need for cross-compiling 54# --enable-uuid is need for cross-compiling
52EXTRA_OECONF = "--with-statduser=rpcuser \ 55EXTRA_OECONF = "--with-statduser=rpcuser \
@@ -59,10 +62,12 @@ EXTRA_OECONF = "--with-statduser=rpcuser \
59 --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ 62 --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \
60 " 63 "
61 64
65LDFLAGS:append = " -lsqlite3 -levent"
66
62PACKAGECONFIG ??= "tcp-wrappers \ 67PACKAGECONFIG ??= "tcp-wrappers \
63 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ 68 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
64" 69"
65PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" 70PACKAGECONFIG:remove:libc-musl = "tcp-wrappers"
66PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" 71PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
67PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," 72PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
68# libdevmapper is available in meta-oe 73# libdevmapper is available in meta-oe
@@ -70,48 +75,52 @@ PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmap
70# keyutils is available in meta-oe 75# keyutils is available in meta-oe
71PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" 76PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core"
72 77
73PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" 78PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl"
74 79
75CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ 80CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \
76 ${localstatedir}/lib/nfs/rmtab \ 81 ${localstatedir}/lib/nfs/rmtab \
77 ${localstatedir}/lib/nfs/xtab \ 82 ${localstatedir}/lib/nfs/xtab \
78 ${localstatedir}/lib/nfs/statd/state \ 83 ${localstatedir}/lib/nfs/statd/state \
79 ${sysconfdir}/nfsmount.conf" 84 ${sysconfdir}/nfsmount.conf"
80 85
81FILES_${PN}-client = "${sbindir}/*statd \ 86FILES:${PN}-client = "${sbindir}/*statd \
87 ${libdir}/libnfsidmap.so.* \
82 ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ 88 ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
83 ${sbindir}/showmount ${sbindir}/nfsstat \ 89 ${sbindir}/showmount ${sbindir}/nfsstat \
84 ${localstatedir}/lib/nfs \ 90 ${localstatedir}/lib/nfs \
85 ${sysconfdir}/nfs-utils.conf \ 91 ${sysconfdir}/nfs-utils.conf \
86 ${sysconfdir}/nfsmount.conf \ 92 ${sysconfdir}/nfsmount.conf \
87 ${sysconfdir}/init.d/nfscommon \ 93 ${sysconfdir}/init.d/nfscommon \
88 ${systemd_unitdir}/system/nfs-statd.service" 94 ${systemd_system_unitdir}/nfs-statd.service"
89RDEPENDS_${PN}-client = "${PN}-mount rpcbind" 95RDEPENDS:${PN}-client = "${PN}-mount rpcbind"
96
97FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*"
90 98
91FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" 99FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts"
100RDEPENDS:${PN}-stats = "python3-core"
92 101
93FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" 102FILES:${PN}-rpcctl = "${sbindir}/rpcctl"
94RDEPENDS_${PN}-stats = "python3-core" 103RDEPENDS:${PN}-rpcctl = "python3-core"
95 104
96FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" 105FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a"
97 106
98FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" 107FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d"
99 108
100do_configure_prepend() { 109do_configure:prepend() {
101 sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ 110 sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
102 ${S}/utils/mount/Makefile.am 111 ${S}/utils/mount/Makefile.am
103} 112}
104 113
105# Make clean needed because the package comes with 114# Make clean needed because the package comes with
106# precompiled 64-bit objects that break the build 115# precompiled 64-bit objects that break the build
107do_compile_prepend() { 116do_compile:prepend() {
108 make clean 117 make clean
109} 118}
110 119
111# Works on systemd only 120# Works on systemd only
112HIGH_RLIMIT_NOFILE ??= "4096" 121HIGH_RLIMIT_NOFILE ??= "4096"
113 122
114do_install_append () { 123do_install:append () {
115 install -d ${D}${sysconfdir}/init.d 124 install -d ${D}${sysconfdir}/init.d
116 install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver 125 install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
117 install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon 126 install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon
@@ -119,18 +128,18 @@ do_install_append () {
119 install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} 128 install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir}
120 install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} 129 install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir}
121 130
122 install -d ${D}${systemd_unitdir}/system 131 install -d ${D}${systemd_system_unitdir}
123 install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ 132 install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/
124 install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ 133 install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/
125 install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ 134 install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/
126 sed -i -e 's,@SBINDIR@,${sbindir},g' \ 135 sed -i -e 's,@SBINDIR@,${sbindir},g' \
127 -e 's,@SYSCONFDIR@,${sysconfdir},g' \ 136 -e 's,@SYSCONFDIR@,${sysconfdir},g' \
128 -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ 137 -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \
129 ${D}${systemd_unitdir}/system/*.service 138 ${D}${systemd_system_unitdir}/*.service
130 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then 139 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
131 install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ 140 install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/
132 install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ 141 install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/
133 ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount 142 ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount
134 fi 143 fi
135 144
136 # kernel code as of 3.8 hard-codes this path as a default 145 # kernel code as of 3.8 hard-codes this path as a default
diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
new file mode 100644
index 0000000000..3655b3fd66
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
@@ -0,0 +1,28 @@
1From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001
2From: Martin Jansa <Martin.Jansa@gmail.com>
3Date: Wed, 21 Apr 2021 11:01:34 +0000
4Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro
5 from ell/util.h
6
7Upstream-Status: Pending
8
9Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
10---
11 drivers/mbimmodem/mbim-private.h | 4 ++++
12 1 file changed, 4 insertions(+)
13
14diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
15index 51693eae..d917312c 100644
16--- a/drivers/mbimmodem/mbim-private.h
17+++ b/drivers/mbimmodem/mbim-private.h
18@@ -30,6 +30,10 @@
19 __result; })
20 #endif
21
22+/* used to be part of ell/util.h before 0.39:
23+ https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */
24+#define unlikely(x) __builtin_expect(!!(x), 0)
25+
26 enum mbim_control_message {
27 MBIM_OPEN_MSG = 0x1,
28 MBIM_CLOSE_MSG = 0x2,
diff --git a/meta/recipes-connectivity/ofono/ofono_1.31.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index 7d0976ad7f..dae5cc3c25 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.31.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -2,7 +2,7 @@ SUMMARY = "open source telephony"
2DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." 2DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
3HOMEPAGE = "http://www.ofono.org" 3HOMEPAGE = "http://www.ofono.org"
4BUGTRACKER = "https://01.org/jira/browse/OF" 4BUGTRACKER = "https://01.org/jira/browse/OF"
5LICENSE = "GPLv2" 5LICENSE = "GPL-2.0-only"
6LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ 6LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
7 file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" 7 file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
8DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" 8DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
@@ -11,40 +11,45 @@ SRC_URI = "\
11 ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ 11 ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
12 file://ofono \ 12 file://ofono \
13 file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ 13 file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
14 file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
14" 15"
15SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc" 16SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
16SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
17 17
18inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data 18inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
19 19
20INITSCRIPT_NAME = "ofono" 20INITSCRIPT_NAME = "ofono"
21INITSCRIPT_PARAMS = "defaults 22" 21INITSCRIPT_PARAMS = "defaults 22"
22SYSTEMD_SERVICE_${PN} = "ofono.service" 22SYSTEMD_SERVICE:${PN} = "ofono.service"
23 23
24PACKAGECONFIG ??= "\ 24PACKAGECONFIG ??= "\
25 ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ 25 ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
26 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ 26 ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
27" 27"
28PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" 28PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir="
29PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" 29PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
30 30
31EXTRA_OECONF += "--enable-test --enable-external-ell" 31EXTRA_OECONF += "--enable-test --enable-external-ell"
32 32
33do_install_append() { 33do_configure:prepend() {
34 install -d ${D}${sysconfdir}/init.d/ 34 bbnote "Removing bundled ell from ${S}/ell to prevent including it"
35 install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono 35 rm -rf ${S}/ell
36}
37
38do_install:append() {
39 install -d ${D}${sysconfdir}/init.d/
40 install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
36} 41}
37 42
38PACKAGES =+ "${PN}-tests" 43PACKAGES =+ "${PN}-tests"
39 44
40FILES_${PN} += "${systemd_unitdir}" 45FILES:${PN} += "${systemd_unitdir}"
41FILES_${PN}-tests = "${libdir}/${BPN}/test" 46FILES:${PN}-tests = "${libdir}/${BPN}/test"
42 47
43RDEPENDS_${PN} += "dbus" 48RDEPENDS:${PN} += "dbus"
44RDEPENDS_${PN}-tests = "\ 49RDEPENDS:${PN}-tests = "\
45 python3-core \ 50 python3-core \
46 python3-dbus \ 51 python3-dbus \
47 ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ 52 ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
48" 53"
49 54
50RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" 55RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
new file mode 100644
index 0000000000..8763f30f4b
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
@@ -0,0 +1,61 @@
1From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001
2From: Mikko Rapeli <mikko.rapeli@linaro.org>
3Date: Mon, 11 Sep 2023 09:55:21 +0100
4Subject: [PATCH] regress/banner.sh: log input and output files on error
5
6Some test environments like yocto with qemu are seeing these
7tests failing. There may be additional error messages in the
8stderr of ssh cloent command. busybox cmp shows this error when
9first input file has less new line characters then second
10input file:
11
12cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
13
14Logging the full banner.out will show what other error messages
15are captured in addition of the expected banner.
16
17Full log of a failing banner test runs is:
18
19run test banner.sh ...
20test banner: missing banner file
21test banner: size 0
22cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
23banner size 0 mismatch
24test banner: size 10
25test banner: size 100
26cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
27banner size 100 mismatch
28test banner: size 1000
29test banner: size 10000
30test banner: size 100000
31test banner: suppress banner (-q)
32FAIL: banner
33return value: 1
34
35See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
36
37Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437]
38
39Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
40---
41 regress/banner.sh | 4 +++-
42 1 file changed, 3 insertions(+), 1 deletion(-)
43
44diff --git a/regress/banner.sh b/regress/banner.sh
45index a84feb5a..de84957a 100644
46--- a/regress/banner.sh
47+++ b/regress/banner.sh
48@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do
49 verbose "test $tid: size $s"
50 ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
51 cmp $OBJ/banner.in $OBJ/banner.out ) || \
52- fail "banner size $s mismatch"
53+ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \
54+ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \
55+ fail "banner size $s mismatch" )
56 done
57
58 trace "test suppress banner (-q)"
59--
602.34.1
61
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
new file mode 100644
index 0000000000..acda8f1ce9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
@@ -0,0 +1,99 @@
1From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001
2From: Matt Jolly <Matt.Jolly@footclan.ninja>
3Date: Thu, 2 Feb 2023 21:05:40 +1100
4Subject: [PATCH] systemd: Add optional support for systemd `sd_notify`
5
6This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org>
7patch based on Jakub Jelen's <jjelen@redhat.com> original patch
8
9Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56]
10
11Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
12---
13 configure.ac | 24 ++++++++++++++++++++++++
14 sshd.c | 13 +++++++++++++
15 2 files changed, 37 insertions(+)
16
17diff --git a/configure.ac b/configure.ac
18index 22fee70f..486c189f 100644
19--- a/configure.ac
20+++ b/configure.ac
21@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS])
22 AC_SUBST([K5LIBS])
23 AC_SUBST([CHANNELLIBS])
24
25+# Check whether user wants systemd support
26+SYSTEMD_MSG="no"
27+AC_ARG_WITH(systemd,
28+ [ --with-systemd Enable systemd support],
29+ [ if test "x$withval" != "xno" ; then
30+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
31+ if test "$PKGCONFIG" != "no"; then
32+ AC_MSG_CHECKING([for libsystemd])
33+ if $PKGCONFIG --exists libsystemd; then
34+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
35+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
36+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
37+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
38+ AC_MSG_RESULT([yes])
39+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
40+ SYSTEMD_MSG="yes"
41+ else
42+ AC_MSG_RESULT([no])
43+ fi
44+ fi
45+ fi ]
46+)
47+
48 # Looking for programs, paths and files
49
50 PRIVSEP_PATH=/var/empty
51@@ -5634,6 +5657,7 @@ echo " libldns support: $LDNS_MSG"
52 echo " Solaris process contract support: $SPC_MSG"
53 echo " Solaris project support: $SP_MSG"
54 echo " Solaris privilege support: $SPP_MSG"
55+echo " systemd support: $SYSTEMD_MSG"
56 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
57 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
58 echo " BSD Auth support: $BSD_AUTH_MSG"
59diff --git a/sshd.c b/sshd.c
60index 6321936c..859d6a0b 100644
61--- a/sshd.c
62+++ b/sshd.c
63@@ -88,6 +88,10 @@
64 #include <prot.h>
65 #endif
66
67+#ifdef HAVE_SYSTEMD
68+#include <systemd/sd-daemon.h>
69+#endif
70+
71 #include "xmalloc.h"
72 #include "ssh.h"
73 #include "ssh2.h"
74@@ -310,6 +314,10 @@ static void
75 sighup_restart(void)
76 {
77 logit("Received SIGHUP; restarting.");
78+#ifdef HAVE_SYSTEMD
79+ /* Signal systemd that we are reloading */
80+ sd_notify(0, "RELOADING=1");
81+#endif
82 if (options.pid_file != NULL)
83 unlink(options.pid_file);
84 platform_pre_restart();
85@@ -2086,6 +2094,11 @@ main(int ac, char **av)
86 }
87 }
88
89+#ifdef HAVE_SYSTEMD
90+ /* Signal systemd that we are ready to accept connections */
91+ sd_notify(0, "READY=1");
92+#endif
93+
94 /* Accept a connection and return in a forked child */
95 server_accept_loop(&sock_in, &sock_out,
96 &newsock, config_s);
97--
982.25.1
99
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index ae03e929b2..b2244d725a 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -4,8 +4,22 @@ export TEST_SHELL=sh
4export SKIP_UNIT=1 4export SKIP_UNIT=1
5 5
6cd regress 6cd regress
7
8# copied from openssh-portable/.github/run_test.sh
9output_failed_logs() {
10 for i in failed*.log; do
11 if [ -f "$i" ]; then
12 echo -------------------------------------------------------------------------
13 echo LOGFILE $i
14 cat $i
15 echo -------------------------------------------------------------------------
16 fi
17 done
18}
19trap output_failed_logs 0
20
7sed -i "/\t\tagent-ptrace /d" Makefile 21sed -i "/\t\tagent-ptrace /d" Makefile
8make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ 22make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \
9 | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' 23 | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
10 24
11SSHAGENT=`which ssh-agent` 25SSHAGENT=`which ssh-agent`
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index e0d023803e..cb2774a163 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ 1# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -17,11 +17,11 @@
17# list of available options, their meanings and defaults, please see the 17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page. 18# ssh_config(5) man page.
19 19
20Host * 20Include /etc/ssh/ssh_config.d/*.conf
21 ForwardAgent yes 21
22 ForwardX11 yes 22# Host *
23# RhostsRSAAuthentication no 23# ForwardAgent no
24# RSAAuthentication yes 24# ForwardX11 no
25# PasswordAuthentication yes 25# PasswordAuthentication yes
26# HostbasedAuthentication no 26# HostbasedAuthentication no
27# GSSAPIAuthentication no 27# GSSAPIAuthentication no
@@ -36,7 +36,6 @@ Host *
36# IdentityFile ~/.ssh/id_ecdsa 36# IdentityFile ~/.ssh/id_ecdsa
37# IdentityFile ~/.ssh/id_ed25519 37# IdentityFile ~/.ssh/id_ed25519
38# Port 22 38# Port 22
39# Protocol 2
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc 39# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com 40# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
42# EscapeChar ~ 41# EscapeChar ~
@@ -46,3 +45,4 @@ Host *
46# VisualHostKey no 45# VisualHostKey no
47# ProxyCommand ssh -q -W %h:%p gateway.example.com 46# ProxyCommand ssh -q -W %h:%p gateway.example.com
48# RekeyLimit 1G 1h 47# RekeyLimit 1G 1h
48# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
new file mode 100644
index 0000000000..2a997b656a
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -0,0 +1,17 @@
1[Unit]
2Description=OpenSSH server daemon
3Wants=sshdgenkeys.service
4After=sshdgenkeys.service
5
6[Service]
7Environment="SSHD_OPTS="
8EnvironmentFile=-/etc/default/ssh
9ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
10ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS
11ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
12KillMode=process
13Restart=on-failure
14RestartSec=42s
15
16[Install]
17WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 1931dc7153..606d1894b5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -6,6 +6,7 @@ generate_key() {
6 local DIR="$(dirname "$FILE")" 6 local DIR="$(dirname "$FILE")"
7 7
8 mkdir -p "$DIR" 8 mkdir -p "$DIR"
9 rm -f ${FILE}.tmp
9 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE 10 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
10 11
11 # Atomically rename file public key 12 # Atomically rename file public key
@@ -56,8 +57,7 @@ while true ; do
56 esac 57 esac
57done 58done
58 59
59HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") 60HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ')
60[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
61 61
62for key in ${HOST_KEYS} ; do 62for key in ${HOST_KEYS} ; do
63 [ -f $key ] && continue 63 [ -f $key ] && continue
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 15f061b570..e9eaf93157 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ 1# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -10,6 +10,8 @@
10# possible, but leave them commented. Uncommented options override the 10# possible, but leave them commented. Uncommented options override the
11# default value. 11# default value.
12 12
13Include /etc/ssh/sshd_config.d/*.conf
14
13#Port 22 15#Port 22
14#AddressFamily any 16#AddressFamily any
15#ListenAddress 0.0.0.0 17#ListenAddress 0.0.0.0
@@ -57,9 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys
57#PasswordAuthentication yes 59#PasswordAuthentication yes
58#PermitEmptyPasswords no 60#PermitEmptyPasswords no
59 61
60# Change to yes to enable challenge-response passwords (beware issues with 62# Change to yes to enable keyboard-interactive authentication (beware issues
61# some PAM modules and threads) 63# with some PAM modules and threads)
62ChallengeResponseAuthentication no 64KbdInteractiveAuthentication no
63 65
64# Kerberos options 66# Kerberos options
65#KerberosAuthentication no 67#KerberosAuthentication no
@@ -73,13 +75,13 @@ ChallengeResponseAuthentication no
73 75
74# Set this to 'yes' to enable PAM authentication, account processing, 76# Set this to 'yes' to enable PAM authentication, account processing,
75# and session processing. If this is enabled, PAM authentication will 77# and session processing. If this is enabled, PAM authentication will
76# be allowed through the ChallengeResponseAuthentication and 78# be allowed through the KbdInteractiveAuthentication and
77# PasswordAuthentication. Depending on your PAM configuration, 79# PasswordAuthentication. Depending on your PAM configuration,
78# PAM authentication via ChallengeResponseAuthentication may bypass 80# PAM authentication via KbdInteractiveAuthentication may bypass
79# the setting of "PermitRootLogin without-password". 81# the setting of "PermitRootLogin without-password".
80# If you just want the PAM account and session checks to run without 82# If you just want the PAM account and session checks to run without
81# PAM authentication, then enable this but set PasswordAuthentication 83# PAM authentication, then enable this but set PasswordAuthentication
82# and ChallengeResponseAuthentication to 'no'. 84# and KbdInteractiveAuthentication to 'no'.
83#UsePAM no 85#UsePAM no
84 86
85#AllowAgentForwarding yes 87#AllowAgentForwarding yes
@@ -92,7 +94,6 @@ ChallengeResponseAuthentication no
92#PrintMotd yes 94#PrintMotd yes
93#PrintLastLog yes 95#PrintLastLog yes
94#TCPKeepAlive yes 96#TCPKeepAlive yes
95#UseLogin no
96#PermitUserEnvironment no 97#PermitUserEnvironment no
97Compression no 98Compression no
98ClientAliveInterval 15 99ClientAliveInterval 15
diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index 676a8a6533..edd8e8c2d1 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -5,8 +5,8 @@ Ssh (Secure Shell) is a program for logging into a remote machine \
5and for executing commands on a remote machine." 5and for executing commands on a remote machine."
6HOMEPAGE = "http://www.openssh.com/" 6HOMEPAGE = "http://www.openssh.com/"
7SECTION = "console/network" 7SECTION = "console/network"
8LICENSE = "BSD & ISC & MIT" 8LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT"
9LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" 9LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394"
10 10
11DEPENDS = "zlib openssl virtual/crypt" 11DEPENDS = "zlib openssl virtual/crypt"
12DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" 12DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -16,6 +16,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
16 file://ssh_config \ 16 file://ssh_config \
17 file://init \ 17 file://init \
18 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ 18 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
19 file://sshd.service \
19 file://sshd.socket \ 20 file://sshd.socket \
20 file://sshd@.service \ 21 file://sshd@.service \
21 file://sshdgenkeys.service \ 22 file://sshdgenkeys.service \
@@ -24,36 +25,45 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
24 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ 25 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
25 file://sshd_check_keys \ 26 file://sshd_check_keys \
26 file://add-test-support-for-busybox.patch \ 27 file://add-test-support-for-busybox.patch \
28 file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
29 file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
27 " 30 "
28SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" 31SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
32
33CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
29 34
30# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 35# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
31# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded 36# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
32CVE_CHECK_WHITELIST += "CVE-2014-9278" 37CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
38Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
39
40CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
33 41
34PAM_SRC_URI = "file://sshd" 42PAM_SRC_URI = "file://sshd"
35 43
36inherit manpages useradd update-rc.d update-alternatives systemd 44inherit manpages useradd update-rc.d update-alternatives systemd
37 45
38USERADD_PACKAGES = "${PN}-sshd" 46USERADD_PACKAGES = "${PN}-sshd"
39USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" 47USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
40INITSCRIPT_PACKAGES = "${PN}-sshd" 48INITSCRIPT_PACKAGES = "${PN}-sshd"
41INITSCRIPT_NAME_${PN}-sshd = "sshd" 49INITSCRIPT_NAME:${PN}-sshd = "sshd"
42INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" 50INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
43 51
44SYSTEMD_PACKAGES = "${PN}-sshd" 52SYSTEMD_PACKAGES = "${PN}-sshd"
45SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" 53SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}"
46 54
47inherit autotools-brokensep ptest 55inherit autotools-brokensep ptest pkgconfig
56DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
48 57
49PACKAGECONFIG ??= "rng-tools" 58# systemd-sshd-socket-mode means installing sshd.socket
59# and systemd-sshd-service-mode corresponding to sshd.service
60PACKAGECONFIG ??= "systemd-sshd-socket-mode"
50PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" 61PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
51PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" 62PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
52PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" 63PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
53PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" 64PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
54 65PACKAGECONFIG[systemd-sshd-socket-mode] = ""
55# Add RRECOMMENDS to rng-tools for sshd package 66PACKAGECONFIG[systemd-sshd-service-mode] = ""
56PACKAGECONFIG[rng-tools] = ""
57 67
58EXTRA_AUTORECONF += "--exclude=aclocal" 68EXTRA_AUTORECONF += "--exclude=aclocal"
59 69
@@ -65,10 +75,18 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
65 --sysconfdir=${sysconfdir}/ssh \ 75 --sysconfdir=${sysconfdir}/ssh \
66 --with-xauth=${bindir}/xauth \ 76 --with-xauth=${bindir}/xauth \
67 --disable-strip \ 77 --disable-strip \
78 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \
68 " 79 "
69 80
70# musl doesn't implement wtmp/utmp 81# musl doesn't implement wtmp/utmp and logwtmp
71EXTRA_OECONF_append_libc-musl = " --disable-wtmp" 82EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
83
84# Work around ICE on mips/mips64 starting in 9.6p1
85EXTRA_OECONF:append:mips = " --without-hardening"
86EXTRA_OECONF:append:mips64 = " --without-hardening"
87
88# Work around ICE on powerpc64le starting in 9.6p1
89EXTRA_OECONF:append:powerpc64le = " --without-hardening"
72 90
73# Since we do not depend on libbsd, we do not want configure to use it 91# Since we do not depend on libbsd, we do not want configure to use it
74# just because it finds libutil.h. But, specifying --disable-libutil 92# just because it finds libutil.h. But, specifying --disable-libutil
@@ -81,20 +99,17 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
81# We don't want to depend on libblockfile 99# We don't want to depend on libblockfile
82CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" 100CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
83 101
84do_configure_prepend () { 102do_configure:prepend () {
85 export LD="${CC}" 103 export LD="${CC}"
86 install -m 0644 ${WORKDIR}/sshd_config ${B}/ 104 install -m 0644 ${WORKDIR}/sshd_config ${B}/
87 install -m 0644 ${WORKDIR}/ssh_config ${B}/ 105 install -m 0644 ${WORKDIR}/ssh_config ${B}/
88} 106}
89 107
90do_compile_ptest() { 108do_compile_ptest() {
91 # skip regress/unittests/ binaries: this will silently skip 109 oe_runmake regress-binaries regress-unit-binaries
92 # unittests in run-ptests which is good because they are so slow.
93 oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
94 regress/check-perm regress/mkdtemp
95} 110}
96 111
97do_install_append () { 112do_install:append () {
98 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then 113 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
99 install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd 114 install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
100 sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config 115 sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
@@ -120,15 +135,25 @@ do_install_append () {
120 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly 135 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
121 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly 136 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
122 137
123 install -d ${D}${systemd_unitdir}/system 138 install -d ${D}${systemd_system_unitdir}
124 install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system 139 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
125 install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system 140 install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir}
126 install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system 141 install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir}
142 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
143 -e 's,@SBINDIR@,${sbindir},g' \
144 -e 's,@BINDIR@,${bindir},g' \
145 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
146 ${D}${systemd_system_unitdir}/sshd.socket
147 fi
148 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then
149 install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir}
150 fi
151 install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
127 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ 152 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
128 -e 's,@SBINDIR@,${sbindir},g' \ 153 -e 's,@SBINDIR@,${sbindir},g' \
129 -e 's,@BINDIR@,${bindir},g' \ 154 -e 's,@BINDIR@,${bindir},g' \
130 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ 155 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
131 ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service 156 ${D}${systemd_system_unitdir}/*.service
132 157
133 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ 158 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
134 ${D}${sysconfdir}/init.d/sshd 159 ${D}${sysconfdir}/init.d/sshd
@@ -139,41 +164,38 @@ do_install_append () {
139do_install_ptest () { 164do_install_ptest () {
140 sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh 165 sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
141 cp -r regress ${D}${PTEST_PATH} 166 cp -r regress ${D}${PTEST_PATH}
167 cp config.h ${D}${PTEST_PATH}
142} 168}
143 169
144ALLOW_EMPTY_${PN} = "1" 170ALLOW_EMPTY:${PN} = "1"
145 171
146PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" 172PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
147FILES_${PN}-scp = "${bindir}/scp.${BPN}" 173FILES:${PN}-scp = "${bindir}/scp.${BPN}"
148FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" 174FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
149FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" 175FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
150FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" 176FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
151FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" 177FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
152FILES_${PN}-sftp = "${bindir}/sftp" 178FILES:${PN}-sftp = "${bindir}/sftp"
153FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" 179FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
154FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" 180FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
155FILES_${PN}-keygen = "${bindir}/ssh-keygen" 181FILES:${PN}-keygen = "${bindir}/ssh-keygen"
156 182
157RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" 183RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
158RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" 184RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
159RRECOMMENDS_${PN}-sshd_append_class-target = "\
160 ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
161"
162
163# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies 185# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
164RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" 186RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin"
165 187
166RPROVIDES_${PN}-ssh = "ssh" 188RPROVIDES:${PN}-ssh = "ssh"
167RPROVIDES_${PN}-sshd = "sshd" 189RPROVIDES:${PN}-sshd = "sshd"
168 190
169RCONFLICTS_${PN} = "dropbear" 191RCONFLICTS:${PN} = "dropbear"
170RCONFLICTS_${PN}-sshd = "dropbear" 192RCONFLICTS:${PN}-sshd = "dropbear"
171 193
172CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" 194CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
173CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" 195CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
174 196
175ALTERNATIVE_PRIORITY = "90" 197ALTERNATIVE_PRIORITY = "90"
176ALTERNATIVE_${PN}-scp = "scp" 198ALTERNATIVE:${PN}-scp = "scp"
177ALTERNATIVE_${PN}-ssh = "ssh" 199ALTERNATIVE:${PN}-ssh = "ssh"
178 200
179BBCLASSEXTEND += "nativesdk" 201BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index b9cc24a7ac..6f23490c87 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1 +1,5 @@
1export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" 1export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
2export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
3export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
4export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
5export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
new file mode 100644
index 0000000000..aa2e5bb800
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
@@ -0,0 +1,374 @@
1From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001
2From: William Lyu <William.Lyu@windriver.com>
3Date: Fri, 20 Oct 2023 16:22:37 -0400
4Subject: [PATCH] Added handshake history reporting when test fails
5
6Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481]
7
8Signed-off-by: William Lyu <William.Lyu@windriver.com>
9---
10 test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++----------
11 test/helpers/handshake.h | 70 +++++++++++++++++++-
12 test/ssl_test.c | 44 +++++++++++++
13 3 files changed, 218 insertions(+), 35 deletions(-)
14
15diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
16index e0422469e4..ae2ad59dd4 100644
17--- a/test/helpers/handshake.c
18+++ b/test/helpers/handshake.c
19@@ -1,5 +1,5 @@
20 /*
21- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
22+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
23 *
24 * Licensed under the Apache License 2.0 (the "License"). You may not use
25 * this file except in compliance with the License. You can obtain a copy
26@@ -24,6 +24,102 @@
27 #include <netinet/sctp.h>
28 #endif
29
30+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
31+/* Maps string names to various enumeration type */
32+typedef struct {
33+ const char *name;
34+ int value;
35+} enum_name_map;
36+
37+static const enum_name_map connect_phase_names[] = {
38+ {"Handshake", HANDSHAKE},
39+ {"RenegAppData", RENEG_APPLICATION_DATA},
40+ {"RenegSetup", RENEG_SETUP},
41+ {"RenegHandshake", RENEG_HANDSHAKE},
42+ {"AppData", APPLICATION_DATA},
43+ {"Shutdown", SHUTDOWN},
44+ {"ConnectionDone", CONNECTION_DONE}
45+};
46+
47+static const enum_name_map peer_status_names[] = {
48+ {"PeerSuccess", PEER_SUCCESS},
49+ {"PeerRetry", PEER_RETRY},
50+ {"PeerError", PEER_ERROR},
51+ {"PeerWaiting", PEER_WAITING},
52+ {"PeerTestFail", PEER_TEST_FAILURE}
53+};
54+
55+static const enum_name_map handshake_status_names[] = {
56+ {"HandshakeSuccess", HANDSHAKE_SUCCESS},
57+ {"ClientError", CLIENT_ERROR},
58+ {"ServerError", SERVER_ERROR},
59+ {"InternalError", INTERNAL_ERROR},
60+ {"HandshakeRetry", HANDSHAKE_RETRY}
61+};
62+
63+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
64+static const char *enum_name(const enum_name_map *enums, size_t num_enums,
65+ int value)
66+{
67+ size_t i;
68+ for (i = 0; i < num_enums; i++) {
69+ if (enums[i].value == value) {
70+ return enums[i].name;
71+ }
72+ }
73+ return "InvalidValue";
74+}
75+
76+const char *handshake_connect_phase_name(connect_phase_t phase)
77+{
78+ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names),
79+ (int)phase);
80+}
81+
82+const char *handshake_status_name(handshake_status_t handshake_status)
83+{
84+ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names),
85+ (int)handshake_status);
86+}
87+
88+const char *handshake_peer_status_name(peer_status_t peer_status)
89+{
90+ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names),
91+ (int)peer_status);
92+}
93+
94+static void save_loop_history(HANDSHAKE_HISTORY *history,
95+ connect_phase_t phase,
96+ handshake_status_t handshake_status,
97+ peer_status_t server_status,
98+ peer_status_t client_status,
99+ int client_turn_count,
100+ int is_client_turn)
101+{
102+ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL;
103+
104+ /*
105+ * Create a new history entry for a handshake loop with statuses given in
106+ * the arguments. Potentially evicting the oldest entry when the
107+ * ring buffer is full.
108+ */
109+ ++(history->last_idx);
110+ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
111+
112+ new_entry = &((history->entries)[history->last_idx]);
113+ new_entry->phase = phase;
114+ new_entry->handshake_status = handshake_status;
115+ new_entry->server_status = server_status;
116+ new_entry->client_status = client_status;
117+ new_entry->client_turn_count = client_turn_count;
118+ new_entry->is_client_turn = is_client_turn;
119+
120+ /* Evict the oldest handshake loop entry when the ring buffer is full. */
121+ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) {
122+ ++(history->entry_count);
123+ }
124+}
125+
126 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
127 {
128 HANDSHAKE_RESULT *ret;
129@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
130 SSL_set_post_handshake_auth(client, 1);
131 }
132
133-/* The status for each connection phase. */
134-typedef enum {
135- PEER_SUCCESS,
136- PEER_RETRY,
137- PEER_ERROR,
138- PEER_WAITING,
139- PEER_TEST_FAILURE
140-} peer_status_t;
141-
142 /* An SSL object and associated read-write buffers. */
143 typedef struct peer_st {
144 SSL *ssl;
145@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer)
146 }
147 }
148
149-typedef enum {
150- HANDSHAKE,
151- RENEG_APPLICATION_DATA,
152- RENEG_SETUP,
153- RENEG_HANDSHAKE,
154- APPLICATION_DATA,
155- SHUTDOWN,
156- CONNECTION_DONE
157-} connect_phase_t;
158-
159-
160 static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
161 {
162 switch (test_ctx->handshake_mode) {
163@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
164 }
165 }
166
167-typedef enum {
168- /* Both parties succeeded. */
169- HANDSHAKE_SUCCESS,
170- /* Client errored. */
171- CLIENT_ERROR,
172- /* Server errored. */
173- SERVER_ERROR,
174- /* Peers are in inconsistent state. */
175- INTERNAL_ERROR,
176- /* One or both peers not done. */
177- HANDSHAKE_RETRY
178-} handshake_status_t;
179-
180 /*
181 * Determine the handshake outcome.
182 * last_status: the status of the peer to have acted last.
183@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
184
185 start = time(NULL);
186
187+ save_loop_history(&(ret->history),
188+ phase, status, server.status, client.status,
189+ client_turn_count, client_turn);
190+
191 /*
192 * Half-duplex handshake loop.
193 * Client and server speak to each other synchronously in the same process.
194@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
195 0 /* server went last */);
196 }
197
198+ save_loop_history(&(ret->history),
199+ phase, status, server.status, client.status,
200+ client_turn_count, client_turn);
201+
202 switch (status) {
203 case HANDSHAKE_SUCCESS:
204 client_turn_count = 0;
205diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h
206index 78b03f9f4b..b9967c2623 100644
207--- a/test/helpers/handshake.h
208+++ b/test/helpers/handshake.h
209@@ -1,5 +1,5 @@
210 /*
211- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
212+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
213 *
214 * Licensed under the Apache License 2.0 (the "License"). You may not use
215 * this file except in compliance with the License. You can obtain a copy
216@@ -12,6 +12,11 @@
217
218 #include "ssl_test_ctx.h"
219
220+#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4
221+#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT)
222+#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \
223+ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1)
224+
225 typedef struct ctx_data_st {
226 unsigned char *npn_protocols;
227 size_t npn_protocols_len;
228@@ -22,6 +27,63 @@ typedef struct ctx_data_st {
229 char *session_ticket_app_data;
230 } CTX_DATA;
231
232+typedef enum {
233+ HANDSHAKE,
234+ RENEG_APPLICATION_DATA,
235+ RENEG_SETUP,
236+ RENEG_HANDSHAKE,
237+ APPLICATION_DATA,
238+ SHUTDOWN,
239+ CONNECTION_DONE
240+} connect_phase_t;
241+
242+/* The status for each connection phase. */
243+typedef enum {
244+ PEER_SUCCESS,
245+ PEER_RETRY,
246+ PEER_ERROR,
247+ PEER_WAITING,
248+ PEER_TEST_FAILURE
249+} peer_status_t;
250+
251+typedef enum {
252+ /* Both parties succeeded. */
253+ HANDSHAKE_SUCCESS,
254+ /* Client errored. */
255+ CLIENT_ERROR,
256+ /* Server errored. */
257+ SERVER_ERROR,
258+ /* Peers are in inconsistent state. */
259+ INTERNAL_ERROR,
260+ /* One or both peers not done. */
261+ HANDSHAKE_RETRY
262+} handshake_status_t;
263+
264+/* Stores the various status information in a handshake loop. */
265+typedef struct handshake_history_entry_st {
266+ connect_phase_t phase;
267+ handshake_status_t handshake_status;
268+ peer_status_t server_status;
269+ peer_status_t client_status;
270+ int client_turn_count;
271+ int is_client_turn;
272+} HANDSHAKE_HISTORY_ENTRY;
273+
274+typedef struct handshake_history_st {
275+ /* Implemented using ring buffer. */
276+ /*
277+ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|,
278+ * ..., etc., going up to |entry_count| number of entries. Note that when
279+ * the index into the array |entries| becomes < 0, we wrap around to
280+ * the end of |entries|.
281+ */
282+ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY];
283+ /* The number of valid entries in |entries| array. */
284+ size_t entry_count;
285+ /* The index of the last valid entry in the |entries| array. */
286+ size_t last_idx;
287+} HANDSHAKE_HISTORY;
288+
289 typedef struct handshake_result {
290 ssl_test_result_t result;
291 /* These alerts are in the 2-byte format returned by the info_callback. */
292@@ -77,6 +139,8 @@ typedef struct handshake_result {
293 char *cipher;
294 /* session ticket application data */
295 char *result_session_ticket_app_data;
296+ /* handshake loop history */
297+ HANDSHAKE_HISTORY history;
298 } HANDSHAKE_RESULT;
299
300 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
301@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
302 CTX_DATA *server2_ctx_data,
303 CTX_DATA *client_ctx_data);
304
305+const char *handshake_connect_phase_name(connect_phase_t phase);
306+const char *handshake_status_name(handshake_status_t handshake_status);
307+const char *handshake_peer_status_name(peer_status_t peer_status);
308+
309 #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */
310diff --git a/test/ssl_test.c b/test/ssl_test.c
311index ea608518f9..9d6b093c81 100644
312--- a/test/ssl_test.c
313+++ b/test/ssl_test.c
314@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL;
315 /* Currently the section names are of the form test-<number>, e.g. test-15. */
316 #define MAX_TESTCASE_NAME_LENGTH 100
317
318+static void print_handshake_history(const HANDSHAKE_HISTORY *history)
319+{
320+ size_t first_idx;
321+ size_t i;
322+ size_t cur_idx;
323+ const HANDSHAKE_HISTORY_ENTRY *cur_entry;
324+ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|";
325+ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|";
326+
327+ TEST_info("The following is the server/client state "
328+ "in the most recent %d handshake loops.",
329+ MAX_HANDSHAKE_HISTORY_ENTRY);
330+
331+ TEST_note("=================================================="
332+ "==================================================");
333+ TEST_note(header_template,
334+ "phase", "handshake status", "server status",
335+ "client status", "client turn count", "is client turn");
336+ TEST_note("+--------------+----------------+----------------"
337+ "+----------------+-----------------+--------------+");
338+
339+ first_idx = (history->last_idx - history->entry_count + 1) &
340+ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
341+ for (i = 0; i < history->entry_count; ++i) {
342+ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
343+ cur_entry = &(history->entries)[cur_idx];
344+ TEST_note(body_template,
345+ handshake_connect_phase_name(cur_entry->phase),
346+ handshake_status_name(cur_entry->handshake_status),
347+ handshake_peer_status_name(cur_entry->server_status),
348+ handshake_peer_status_name(cur_entry->client_status),
349+ cur_entry->client_turn_count,
350+ cur_entry->is_client_turn ? "true" : "false");
351+ }
352+ TEST_note("=================================================="
353+ "==================================================");
354+}
355+
356 static const char *print_alert(int alert)
357 {
358 return alert ? SSL_alert_desc_string_long(alert) : "no alert";
359@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
360 ret &= check_client_sign_type(result, test_ctx);
361 ret &= check_client_ca_names(result, test_ctx);
362 }
363+
364+ /* Print handshake loop history if any check fails. */
365+ if (!ret) {
366+ print_handshake_history(&(result->history));
367+ }
368+
369 return ret;
370 }
371
372--
3732.25.1
374
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
new file mode 100644
index 0000000000..502a7aaf32
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -0,0 +1,39 @@
1From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Tue, 30 May 2023 09:11:27 -0700
4Subject: [PATCH] Configure: do not tweak mips cflags
5
6This conflicts with mips machine definitons from yocto,
7e.g.
8| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
9
10Upstream-Status: Inappropriate [oe-core specific]
11Signed-off-by: Alexander Kanavin <alex@linutronix.de>
12
13Refreshed for openssl-3.1.1
14Signed-off-by: Tim Orling <tim.orling@konsulko.com>
15---
16 Configure | 10 ----------
17 1 file changed, 10 deletions(-)
18
19diff --git a/Configure b/Configure
20index 4569952..adf019b 100755
21--- a/Configure
22+++ b/Configure
23@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
24 push @{$config{shared_ldflag}}, "-mno-cygwin";
25 }
26
27-if ($target =~ /linux.*-mips/ && !$disabled{asm}
28- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
29- # minimally required architecture flags for assembly modules
30- my $value;
31- $value = '-mips2' if ($target =~ /mips32/);
32- $value = '-mips3' if ($target =~ /mips64/);
33- unshift @{$config{cflags}}, $value;
34- unshift @{$config{cxxflags}}, $value if $config{CXX};
35-}
36-
37 # If threads aren't disabled, check how possible they are
38 unless ($disabled{threads}) {
39 if ($auto_threads) {
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 949c788344..bafdbaa46f 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -1,4 +1,4 @@
1From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 1From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> 2From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
3Date: Tue, 6 Nov 2018 14:50:47 +0100 3Date: Tue, 6 Nov 2018 14:50:47 +0100
4Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler 4Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
@@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/
21Upstream-Status: Inappropriate [OE specific] 21Upstream-Status: Inappropriate [OE specific]
22Signed-off-by: Martin Hundebøll <martin@geanix.com> 22Signed-off-by: Martin Hundebøll <martin@geanix.com>
23 23
24
25Update to fix buildpaths qa issue for '-fmacro-prefix-map'. 24Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
26 25
27Signed-off-by: Kai Kang <kai.kang@windriver.com> 26Signed-off-by: Kai Kang <kai.kang@windriver.com>
27
28Update to fix buildpaths qa issue for '-ffile-prefix-map'.
29
30Signed-off-by: Khem Raj <raj.khem@gmail.com>
31
28--- 32---
29 Configurations/unix-Makefile.tmpl | 10 +++++++++- 33 Configurations/unix-Makefile.tmpl | 12 +++++++++++-
30 crypto/build.info | 2 +- 34 crypto/build.info | 2 +-
31 2 files changed, 10 insertions(+), 2 deletions(-) 35 2 files changed, 12 insertions(+), 2 deletions(-)
32 36
33diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl 37Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
34index 16af4d2087..54c162784c 100644 38===================================================================
35--- a/Configurations/unix-Makefile.tmpl 39--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
36+++ b/Configurations/unix-Makefile.tmpl 40+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
37@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), 41@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
38 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} 42 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
39 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) 43 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
40 44
@@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644
49+CFLAGS_Q={- for (@{$config{CFLAGS}}) { 53+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
50+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; 54+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
51+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; 55+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
56+ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
52+ } 57+ }
53+ join(' ', @{$config{CFLAGS}}) -} 58+ join(' ', @{$config{CFLAGS}}) -}
54+ 59+
@@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644
58 PERLASM_SCHEME= {- $target{perlasm_scheme} -} 63 PERLASM_SCHEME= {- $target{perlasm_scheme} -}
59 64
60 # For x86 assembler: Set PROCESSOR to 386 if you want to support 65 # For x86 assembler: Set PROCESSOR to 386 if you want to support
61diff --git a/crypto/build.info b/crypto/build.info 66Index: openssl-3.0.4/crypto/build.info
62index b515b7318e..8c9cee2a09 100644 67===================================================================
63--- a/crypto/build.info 68--- openssl-3.0.4.orig/crypto/build.info
64+++ b/crypto/build.info 69+++ openssl-3.0.4/crypto/build.info
65@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ 70@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
66 ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
67 71
72 DEPEND[info.o]=buildinf.h
68 DEPEND[cversion.o]=buildinf.h 73 DEPEND[cversion.o]=buildinf.h
69-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" 74-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
70+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" 75+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
71 DEPEND[buildinf.h]=../configdata.pm
72 76
73 GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) 77 GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
74-- 78 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
752.19.1
76
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
deleted file mode 100644
index d8d9651b64..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Tue, 2 Oct 2018 23:58:24 +0800
4Subject: [PATCH] skip test_symbol_presence
5
6We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared'
7as INSTALL told us the shared libraries will not be built.
8
9[INSTALL snip]
10 Notes on shared libraries
11 -------------------------
12
13 For most systems the OpenSSL Configure script knows what is needed to
14 build shared libraries for libcrypto and libssl. On these systems
15 the shared libraries will be created by default. This can be suppressed and
16 only static libraries created by using the "no-shared" option. On systems
17 where OpenSSL does not know how to build shared libraries the "no-shared"
18 option will be forced and only static libraries will be created.
19[INSTALL snip]
20
21Hence directly modification the case to skip it.
22
23Upstream-Status: Inappropriate [OE Specific]
24
25Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
26---
27 test/recipes/01-test_symbol_presence.t | 3 +--
28 1 file changed, 1 insertion(+), 2 deletions(-)
29
30diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
31index 7f2a2d7..0b93745 100644
32--- a/test/recipes/01-test_symbol_presence.t
33+++ b/test/recipes/01-test_symbol_presence.t
34@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
35
36 setup("test_symbol_presence");
37
38-plan skip_all => "Only useful when building shared libraries"
39- if disabled("shared");
40+plan skip_all => "The case needs debug symbols then we just disable it";
41
42 my @libnames = ("crypto", "ssl");
43 my $testcount = scalar @libnames;
44--
452.7.4
46
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
deleted file mode 100644
index b7c0e9697f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/afalg.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
2
3Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
4Signed-off-by: Ross Burton <ross.burton@intel.com>
5
6diff --git a/Configure b/Configure
7index 3baa8ce..9ef52ed 100755
8--- a/Configure
9+++ b/Configure
10@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
11 unless ($disabled{afalgeng}) {
12 $config{afalgeng}="";
13 if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
14- my $minver = 4*10000 + 1*100 + 0;
15- if ($config{CROSS_COMPILE} eq "") {
16- my $verstr = `uname -r`;
17- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
18- ($mi2) = $mi2 =~ /(\d+)/;
19- my $ver = $ma*10000 + $mi1*100 + $mi2;
20- if ($ver < $minver) {
21- disable('too-old-kernel', 'afalgeng');
22- } else {
23- push @{$config{engdirs}}, "afalg";
24- }
25- } else {
26- disable('cross-compiling', 'afalgeng');
27- }
28+ push @{$config{engdirs}}, "afalg";
29 } else {
30 disable('not-linux', 'afalgeng');
31 }
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
deleted file mode 100644
index a24260c95d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1The value for perl_archname can vary depending on the host, e.g.
2x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
3makes the ptest package non-reproducible. Its unused other than
4these references so drop it.
5
6RP 2020/2/6
7
8Upstream-Status: Pending
9Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
10
11Index: openssl-1.1.1d/Configure
12===================================================================
13--- openssl-1.1.1d.orig/Configure
14+++ openssl-1.1.1d/Configure
15@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
16 # Save away perl command information
17 $config{perl_cmd} = $^X;
18 $config{perl_version} = $Config{version};
19-$config{perl_archname} = $Config{archname};
20+#$config{perl_archname} = $Config{archname};
21
22 $config{prefix}="";
23 $config{openssldir}="";
24@@ -2517,7 +2517,7 @@ _____
25 @{$config{perlargv}}), "\n";
26 print "\nPerl information:\n\n";
27 print ' ',$config{perl_cmd},"\n";
28- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
29+ print ' ',$config{perl_version},"\n";
30 }
31 if ($dump || $options) {
32 my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 3fb22471f8..c89ec5afa1 100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@ export TOP=.
9# OPENSSL_ENGINES is relative from the test binaries 9# OPENSSL_ENGINES is relative from the test binaries
10export OPENSSL_ENGINES=../engines 10export OPENSSL_ENGINES=../engines
11 11
12perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' 12{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb
deleted file mode 100644
index 1827167201..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb
+++ /dev/null
@@ -1,216 +0,0 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7# "openssl" here actually means both OpenSSL and SSLeay licenses apply
8# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
9LICENSE = "openssl"
10LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
11
12DEPENDS = "hostperl-runtime-native"
13
14SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
15 file://run-ptest \
16 file://0001-skip-test_symbol_presence.patch \
17 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
18 file://afalg.patch \
19 file://reproducible.patch \
20 "
21
22SRC_URI_append_class-nativesdk = " \
23 file://environment.d-openssl.sh \
24 "
25
26SRC_URI[sha256sum] = "5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9"
27
28inherit lib_package multilib_header multilib_script ptest
29MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
30
31PACKAGECONFIG ?= ""
32PACKAGECONFIG_class-native = ""
33PACKAGECONFIG_class-nativesdk = ""
34
35PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
36
37B = "${WORKDIR}/build"
38do_configure[cleandirs] = "${B}"
39
40#| ./libcrypto.so: undefined reference to `getcontext'
41#| ./libcrypto.so: undefined reference to `setcontext'
42#| ./libcrypto.so: undefined reference to `makecontext'
43EXTRA_OECONF_append_libc-musl = " no-async"
44EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
45
46# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
47# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
48EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
49EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
50
51# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
52CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
53CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
54
55do_configure () {
56 os=${HOST_OS}
57 case $os in
58 linux-gnueabi |\
59 linux-gnuspe |\
60 linux-musleabi |\
61 linux-muslspe |\
62 linux-musl )
63 os=linux
64 ;;
65 *)
66 ;;
67 esac
68 target="$os-${HOST_ARCH}"
69 case $target in
70 linux-arm*)
71 target=linux-armv4
72 ;;
73 linux-aarch64*)
74 target=linux-aarch64
75 ;;
76 linux-i?86 | linux-viac3)
77 target=linux-x86
78 ;;
79 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
80 target=linux-x32
81 ;;
82 linux-gnu64-x86_64)
83 target=linux-x86_64
84 ;;
85 linux-mips | linux-mipsel)
86 # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
87 target="linux-mips32 ${TARGET_CC_ARCH}"
88 ;;
89 linux-gnun32-mips*)
90 target=linux-mips64
91 ;;
92 linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
93 target=linux64-mips64
94 ;;
95 linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
96 target=linux-generic32
97 ;;
98 linux-powerpc)
99 target=linux-ppc
100 ;;
101 linux-powerpc64)
102 target=linux-ppc64
103 ;;
104 linux-powerpc64le)
105 target=linux-ppc64le
106 ;;
107 linux-riscv32)
108 target=linux-generic32
109 ;;
110 linux-riscv64)
111 target=linux-generic64
112 ;;
113 linux-sparc | linux-supersparc)
114 target=linux-sparcv9
115 ;;
116 esac
117
118 useprefix=${prefix}
119 if [ "x$useprefix" = "x" ]; then
120 useprefix=/
121 fi
122 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
123 # environment variables set by bitbake. Adjust the environment variables instead.
124 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
125 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
126 perl ${B}/configdata.pm --dump
127}
128
129do_install () {
130 oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
131
132 oe_multilib_header openssl/opensslconf.h
133
134 # Create SSL structure for packages such as ca-certificates which
135 # contain hard-coded paths to /etc/ssl. Debian does the same.
136 install -d ${D}${sysconfdir}/ssl
137 mv ${D}${libdir}/ssl-1.1/certs \
138 ${D}${libdir}/ssl-1.1/private \
139 ${D}${libdir}/ssl-1.1/openssl.cnf \
140 ${D}${sysconfdir}/ssl/
141
142 # Although absolute symlinks would be OK for the target, they become
143 # invalid if native or nativesdk are relocated from sstate.
144 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
145 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
146 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
147}
148
149do_install_append_class-native () {
150 create_wrapper ${D}${bindir}/openssl \
151 OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
152 SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
153 SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
154 OPENSSL_ENGINES=${libdir}/engines-1.1
155}
156
157do_install_append_class-nativesdk () {
158 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
159 install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
160 sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
161}
162
163PTEST_BUILD_HOST_FILES += "configdata.pm"
164PTEST_BUILD_HOST_PATTERN = "perl_version ="
165do_install_ptest () {
166 # Prune the build tree
167 rm -f ${B}/fuzz/*.* ${B}/test/*.*
168
169 cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
170 cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
171
172 # For test_shlibload
173 ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
174 ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
175
176 install -d ${D}${PTEST_PATH}/apps
177 ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
178 install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
179 install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
180
181 install -d ${D}${PTEST_PATH}/engines
182 install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
183}
184
185# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
186# package RRECOMMENDS on this package. This will enable the configuration
187# file to be installed for both the openssl-bin package and the libcrypto
188# package since the openssl-bin package depends on the libcrypto package.
189
190PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
191
192FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
193FILES_libssl = "${libdir}/libssl${SOLIBS}"
194FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
195 ${libdir}/ssl-1.1/openssl.cnf* \
196 "
197FILES_${PN}-engines = "${libdir}/engines-1.1"
198FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"
199FILES_${PN} =+ "${libdir}/ssl-1.1/*"
200FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
201
202CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
203
204RRECOMMENDS_libcrypto += "openssl-conf"
205RDEPENDS_${PN}-misc = "perl"
206RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
207
208RDEPENDS_${PN}-bin += "openssl-conf"
209
210BBCLASSEXTEND = "native nativesdk"
211
212CVE_PRODUCT = "openssl:openssl"
213
214# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
215# Apache in meta-webserver is already recent enough
216CVE_CHECK_WHITELIST += "CVE-2019-0190"
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
new file mode 100644
index 0000000000..1682b6f8cc
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
@@ -0,0 +1,262 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7LICENSE = "Apache-2.0"
8LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
9
10SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
11 file://run-ptest \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://0001-Configure-do-not-tweak-mips-cflags.patch \
14 file://0001-Added-handshake-history-reporting-when-test-fails.patch \
15 "
16
17SRC_URI:append:class-nativesdk = " \
18 file://environment.d-openssl.sh \
19 "
20
21SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39"
22
23inherit lib_package multilib_header multilib_script ptest perlnative manpages
24MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
25
26PACKAGECONFIG ?= ""
27PACKAGECONFIG:class-native = ""
28PACKAGECONFIG:class-nativesdk = ""
29
30PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
31PACKAGECONFIG[no-tls1] = "no-tls1"
32PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
33PACKAGECONFIG[manpages] = ""
34
35B = "${WORKDIR}/build"
36do_configure[cleandirs] = "${B}"
37
38#| ./libcrypto.so: undefined reference to `getcontext'
39#| ./libcrypto.so: undefined reference to `setcontext'
40#| ./libcrypto.so: undefined reference to `makecontext'
41EXTRA_OECONF:append:libc-musl = " no-async"
42EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
43
44# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
45# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
46EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
47EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
48
49# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
50CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
51CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
52
53# This allows disabling deprecated or undesirable crypto algorithms.
54# The default is to trust upstream choices.
55DEPRECATED_CRYPTO_FLAGS ?= ""
56
57do_configure () {
58 # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
59 # the issue really clear that perl isn't functional due to symbol mismatch issues.
60 cat <<- EOF > ${WORKDIR}/perltest
61 #!/usr/bin/env perl
62 use POSIX;
63 EOF
64 chmod a+x ${WORKDIR}/perltest
65 ${WORKDIR}/perltest
66
67 os=${HOST_OS}
68 case $os in
69 linux-gnueabi |\
70 linux-gnuspe |\
71 linux-musleabi |\
72 linux-muslspe |\
73 linux-musl )
74 os=linux
75 ;;
76 *)
77 ;;
78 esac
79 target="$os-${HOST_ARCH}"
80 case $target in
81 linux-arc | linux-microblaze*)
82 target=linux-latomic
83 ;;
84 linux-arm*)
85 target=linux-armv4
86 ;;
87 linux-aarch64*)
88 target=linux-aarch64
89 ;;
90 linux-i?86 | linux-viac3)
91 target=linux-x86
92 ;;
93 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
94 target=linux-x32
95 ;;
96 linux-gnu64-x86_64)
97 target=linux-x86_64
98 ;;
99 linux-loongarch64)
100 target=linux64-loongarch64
101 ;;
102 linux-mips | linux-mipsel)
103 # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
104 target="linux-mips32 ${TARGET_CC_ARCH}"
105 ;;
106 linux-gnun32-mips*)
107 target=linux-mips64
108 ;;
109 linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
110 target=linux64-mips64
111 ;;
112 linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
113 target=linux-generic32
114 ;;
115 linux-powerpc)
116 target=linux-ppc
117 ;;
118 linux-powerpc64)
119 target=linux-ppc64
120 ;;
121 linux-powerpc64le)
122 target=linux-ppc64le
123 ;;
124 linux-riscv32)
125 target=linux32-riscv32
126 ;;
127 linux-riscv64)
128 target=linux64-riscv64
129 ;;
130 linux-sparc | linux-supersparc)
131 target=linux-sparcv9
132 ;;
133 mingw32-x86_64)
134 target=mingw64
135 ;;
136 esac
137
138 useprefix=${prefix}
139 if [ "x$useprefix" = "x" ]; then
140 useprefix=/
141 fi
142 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
143 # environment variables set by bitbake. Adjust the environment variables instead.
144 PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
145 test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
146 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
147 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
148 perl ${B}/configdata.pm --dump
149}
150
151do_install () {
152 oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)}
153
154 oe_multilib_header openssl/opensslconf.h
155 oe_multilib_header openssl/configuration.h
156
157 # Create SSL structure for packages such as ca-certificates which
158 # contain hard-coded paths to /etc/ssl. Debian does the same.
159 install -d ${D}${sysconfdir}/ssl
160 mv ${D}${libdir}/ssl-3/certs \
161 ${D}${libdir}/ssl-3/private \
162 ${D}${libdir}/ssl-3/openssl.cnf \
163 ${D}${sysconfdir}/ssl/
164
165 # Although absolute symlinks would be OK for the target, they become
166 # invalid if native or nativesdk are relocated from sstate.
167 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
168 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
169 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
170}
171
172do_install:append:class-native () {
173 create_wrapper ${D}${bindir}/openssl \
174 OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
175 SSL_CERT_DIR=${libdir}/ssl-3/certs \
176 SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
177 OPENSSL_ENGINES=${libdir}/engines-3 \
178 OPENSSL_MODULES=${libdir}/ossl-modules
179}
180
181do_install:append:class-nativesdk () {
182 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
183 install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
184 sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
185}
186
187PTEST_BUILD_HOST_FILES += "configdata.pm"
188PTEST_BUILD_HOST_PATTERN = "perl_version ="
189do_install_ptest () {
190 install -d ${D}${PTEST_PATH}/test
191 install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
192 install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
193 install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
194
195 # Prune the build tree
196 rm -f ${B}/fuzz/*.* ${B}/test/*.*
197
198 cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
199 sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
200 cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
201
202 # For test_shlibload
203 ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
204 ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
205
206 install -d ${D}${PTEST_PATH}/apps
207 ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
208 install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
209 install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
210
211 install -d ${D}${PTEST_PATH}/engines
212 install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
213 install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
214 install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
215
216 install -d ${D}${PTEST_PATH}/providers
217 install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
218
219 install -d ${D}${PTEST_PATH}/Configurations
220 cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
221
222 # seems to be needed with perl 5.32.1
223 install -d ${D}${PTEST_PATH}/util/perl/recipes
224 cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
225
226 sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
227}
228
229# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
230# package RRECOMMENDS on this package. This will enable the configuration
231# file to be installed for both the openssl-bin package and the libcrypto
232# package since the openssl-bin package depends on the libcrypto package.
233
234PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
235
236FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
237FILES:libssl = "${libdir}/libssl${SOLIBS}"
238FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
239 ${libdir}/ssl-3/openssl.cnf* \
240 "
241FILES:${PN}-engines = "${libdir}/engines-3"
242# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
243FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
244FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
245FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
246FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
247FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
248
249CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
250
251RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
252RDEPENDS:${PN}-misc = "perl"
253RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
254
255RDEPENDS:${PN}-bin += "openssl-conf"
256
257BBCLASSEXTEND = "native nativesdk"
258
259CVE_PRODUCT = "openssl:openssl"
260
261CVE_VERSION_SUFFIX = "alphabetical"
262
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index b5f68951d7..099c58bfc7 100644
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -1,8 +1,8 @@
1SUMMARY = "Enables PPP dial-in through a serial connection" 1SUMMARY = "Enables PPP dial-in through a serial connection"
2SECTION = "console/network" 2SECTION = "console/network"
3DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks."
3DEPENDS = "ppp" 4DEPENDS = "ppp"
4RDEPENDS_${PN} = "ppp" 5RDEPENDS:${PN} = "ppp"
5PR = "r8"
6LICENSE = "MIT" 6LICENSE = "MIT"
7LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" 7LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
8 8
@@ -22,6 +22,6 @@ do_install() {
22} 22}
23 23
24USERADD_PACKAGES = "${PN}" 24USERADD_PACKAGES = "${PN}"
25USERADD_PARAM_${PN} = "--system --home /dev/null \ 25USERADD_PARAM:${PN} = "--system --home /dev/null \
26 --no-create-home --shell ${sbindir}/ppp-dialin \ 26 --no-create-home --shell ${sbindir}/ppp-dialin \
27 --no-user-group --gid nogroup ppp" 27 --no-user-group --gid nogroup ppp"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
deleted file mode 100644
index 65291368bd..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
+++ /dev/null
@@ -1,124 +0,0 @@
1From e50cdaed07e51f2508f94eb1f34fe43776e4ca78 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Fri, 29 May 2015 14:57:05 -0700
4Subject: [PATCH] Fix build with musl
5
6There are several assumption about glibc
7
8Signed-off-by: Khem Raj <raj.khem@gmail.com>
9Upstream-Status: Pending
10---
11 include/net/ppp_defs.h | 2 ++
12 pppd/Makefile.linux | 2 +-
13 pppd/plugins/rp-pppoe/config.h | 3 ++-
14 pppd/plugins/rp-pppoe/plugin.c | 1 -
15 pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++----
16 pppd/plugins/rp-pppoe/pppoe.h | 2 +-
17 pppd/sys-linux.c | 3 ++-
18 7 files changed, 12 insertions(+), 9 deletions(-)
19
20diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h
21index b06eda5..dafa36c 100644
22--- a/include/net/ppp_defs.h
23+++ b/include/net/ppp_defs.h
24@@ -38,6 +38,8 @@
25 #ifndef _PPP_DEFS_H_
26 #define _PPP_DEFS_H_
27
28+#include <sys/time.h>
29+
30 /*
31 * The basic PPP frame.
32 */
33diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
34index 4e485a1..76411bc 100644
35--- a/pppd/Makefile.linux
36+++ b/pppd/Makefile.linux
37@@ -131,7 +131,7 @@ LIBS += -lcrypt
38 endif
39
40 ifdef USE_LIBUTIL
41-CFLAGS += -DHAVE_LOGWTMP=1
42+#CFLAGS += -DHAVE_LOGWTMP=1
43 LIBS += -lutil
44 endif
45
46diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h
47index a708859..4a16a88 100644
48--- a/pppd/plugins/rp-pppoe/config.h
49+++ b/pppd/plugins/rp-pppoe/config.h
50@@ -78,8 +78,9 @@
51 #define HAVE_NET_IF_ARP_H 1
52
53 /* Define if you have the <net/ethernet.h> header file. */
54+#ifdef __GLIBC__
55 #define HAVE_NET_ETHERNET_H 1
56-
57+#endif
58 /* Define if you have the <net/if.h> header file. */
59 #define HAVE_NET_IF_H 1
60
61diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
62index 44e0c31..93c0906 100644
63--- a/pppd/plugins/rp-pppoe/plugin.c
64+++ b/pppd/plugins/rp-pppoe/plugin.c
65@@ -46,7 +46,6 @@ static char const RCSID[] =
66 #include <unistd.h>
67 #include <fcntl.h>
68 #include <signal.h>
69-#include <net/ethernet.h>
70 #include <net/if_arp.h>
71 #include <linux/ppp_defs.h>
72 #include <linux/if_pppox.h>
73diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
74index f19c6d8..f45df2c 100644
75--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
76+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
77@@ -29,10 +29,6 @@
78 #include <linux/if_packet.h>
79 #endif
80
81-#ifdef HAVE_NET_ETHERNET_H
82-#include <net/ethernet.h>
83-#endif
84-
85 #ifdef HAVE_ASM_TYPES_H
86 #include <asm/types.h>
87 #endif
88diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
89index a4e7d5c..de191c8 100644
90--- a/pppd/plugins/rp-pppoe/pppoe.h
91+++ b/pppd/plugins/rp-pppoe/pppoe.h
92@@ -90,7 +90,7 @@ typedef unsigned long UINT32_t;
93 #ifdef HAVE_SYS_SOCKET_H
94 #include <sys/socket.h>
95 #endif
96-#ifndef HAVE_SYS_DLPI_H
97+#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H
98 #include <netinet/if_ether.h>
99 #endif
100 #endif
101diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
102index a0531e9..84ee394 100644
103--- a/pppd/sys-linux.c
104+++ b/pppd/sys-linux.c
105@@ -112,7 +112,7 @@
106 #include <linux/types.h>
107 #include <linux/if.h>
108 #include <linux/if_arp.h>
109-#include <linux/route.h>
110+/* #include <linux/route.h> */
111 #include <linux/if_ether.h>
112 #endif
113 #include <netinet/in.h>
114@@ -145,6 +145,7 @@
115 #endif
116
117 #ifdef INET6
118+#include <net/route.h>
119 #ifndef _LINUX_IN6_H
120 /*
121 * This is in linux/include/net/ipv6.h.
122--
1232.17.1
124
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
deleted file mode 100644
index a32f89fbc8..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1commit cd90fd147844a0cfec101f1e2db7a3c59d236621
2Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
3Date: Wed Dec 28 14:11:22 2016 +0200
4
5pppol2tp plugin: Remove unneeded include
6
7The include is not required and will break compile on musl libc with
8
9| In file included from pppol2tp.c:34:0:
10| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant
11| IFF_LOWER_UP = 1<<16, /* __volatile__ */
12
13Patch originally from Khem Raj.
14
15Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73]
16Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
17
18diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
19index 9643b96..458316b 100644
20--- a/pppd/plugins/pppol2tp/openl2tp.c
21+++ b/pppd/plugins/pppol2tp/openl2tp.c
22@@ -47,7 +47,6 @@
23 #include <linux/if_ether.h>
24 #include <linux/ppp_defs.h>
25 #include <linux/if_ppp.h>
26-#include <linux/if_pppox.h>
27 #include <linux/if_pppol2tp.h>
28
29 #include "l2tp_event.h"
30diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
31index 0e28606..4f6d98c 100644
32--- a/pppd/plugins/pppol2tp/pppol2tp.c
33+++ b/pppd/plugins/pppol2tp/pppol2tp.c
34@@ -46,7 +46,6 @@
35 #include <linux/if_ether.h>
36 #include <linux/ppp_defs.h>
37 #include <linux/if_ppp.h>
38-#include <linux/if_pppox.h>
39 #include <linux/if_pppol2tp.h>
40
41 /* should be added to system's socket.h... */
42---
43
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
deleted file mode 100644
index b7ba7ba643..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
+++ /dev/null
@@ -1,47 +0,0 @@
1From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
2From: Paul Mackerras <paulus@ozlabs.org>
3Date: Mon, 3 Feb 2020 15:53:28 +1100
4Subject: [PATCH] pppd: Fix bounds check in EAP code
5
6Given that we have just checked vallen < len, it can never be the case
7that vallen >= len + sizeof(rhostname). This fixes the check so we
8actually avoid overflowing the rhostname array.
9
10Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
11Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
12
13Upstream-Status: Backport
14[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
15
16CVE: CVE-2020-8597
17
18Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
19---
20 pppd/eap.c | 4 ++--
21 1 file changed, 2 insertions(+), 2 deletions(-)
22
23diff --git a/pppd/eap.c b/pppd/eap.c
24index 94407f5..1b93db0 100644
25--- a/pppd/eap.c
26+++ b/pppd/eap.c
27@@ -1420,7 +1420,7 @@ int len;
28 }
29
30 /* Not so likely to happen. */
31- if (vallen >= len + sizeof (rhostname)) {
32+ if (len - vallen >= sizeof (rhostname)) {
33 dbglog("EAP: trimming really long peer name down");
34 BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
35 rhostname[sizeof (rhostname) - 1] = '\0';
36@@ -1846,7 +1846,7 @@ int len;
37 }
38
39 /* Not so likely to happen. */
40- if (vallen >= len + sizeof (rhostname)) {
41+ if (len - vallen >= sizeof (rhostname)) {
42 dbglog("EAP: trimming really long peer name down");
43 BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
44 rhostname[sizeof (rhostname) - 1] = '\0';
45--
462.17.1
47
diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch
deleted file mode 100644
index 53ff06e03e..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/copts.patch
+++ /dev/null
@@ -1,21 +0,0 @@
1ppp: use build system CFLAGS when compiling
2
3Upstream-Status: Pending
4
5Override the hard-coded COPTS make variables with
6CFLAGS. Add COPTS into one Makefile that did not
7use it.
8
9Signed-off-by: Joe Slater <jslater@windriver.com>
10
11--- a/pppd/plugins/radius/Makefile.linux
12+++ b/pppd/plugins/radius/Makefile.linux
13@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/
14 INSTALL = install
15
16 PLUGIN=radius.so radattr.so radrealms.so
17-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
18+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
19
20 # Uncomment the next line to include support for Microsoft's
21 # MS-CHAP authentication protocol.
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
deleted file mode 100644
index c5a0be86f5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ /dev/null
@@ -1,30 +0,0 @@
1ppp: Buffer overflow in radius plugin
2
3From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
4
5Upstream-Status: Backport
6CVE: CVE-2015-3310
7
8On systems with more than 65535 processes running, pppd aborts when
9sending a "start" accounting message to the RADIUS server because of a
10buffer overflow in rc_mksid.
11
12The process id is used in rc_mksid to generate a pseudo-unique string,
13assuming that the hex representation of the pid will be at most 4
14characters (FFFF). __sprintf_chk(), used when compiling with
15optimization levels greater than 0 and FORTIFY_SOURCE, detects the
16buffer overflow and makes pppd crash.
17
18The following patch fixes the problem.
19
20--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
21+++ ppp-2.4.6/pppd/plugins/radius/util.c
22@@ -77,7 +77,7 @@ rc_mksid (void)
23 static unsigned short int cnt = 0;
24 sprintf (buf, "%08lX%04X%02hX",
25 (unsigned long int) time (NULL),
26- (unsigned int) getpid (),
27+ (unsigned int) getpid () % 65535,
28 cnt & 0xFF);
29 cnt++;
30 return buf;
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
deleted file mode 100644
index 614a474c37..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From 505705d0e1b55ce3fdc10d0e5eab5488f869adb6 Mon Sep 17 00:00:00 2001
2From: Andreas Oberritter <obi@opendreambox.org>
3Date: Thu, 1 Jul 2010 14:34:12 +0800
4Subject: [PATCH] ppp: Upgraded to version 2.4.5
5
6The patch comes from OpenEmbedded.
7Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
8
9Updated from OE-Classic to include the pcap hunk.
10Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
11
12Upstream-Status: Inappropriate [configuration]
13
14---
15 pppd/Makefile.linux | 4 ++--
16 1 file changed, 2 insertions(+), 2 deletions(-)
17
18diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
19index 4e485a1..44c4193 100644
20--- a/pppd/Makefile.linux
21+++ b/pppd/Makefile.linux
22@@ -188,10 +188,10 @@ LIBS += -ldl
23 endif
24
25 ifdef FILTER
26-ifneq ($(wildcard /usr/include/pcap-bpf.h),)
27+#ifneq ($(wildcard /usr/include/pcap-bpf.h),)
28 LIBS += -lpcap
29 CFLAGS += -DPPP_FILTER
30-endif
31+#endif
32 endif
33
34 ifdef HAVE_INET6
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch
deleted file mode 100644
index 25b8ded441..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefile.patch
+++ /dev/null
@@ -1,115 +0,0 @@
1From f7fb1d1abfa6d208fb40fca1602e0c488108f1b5 Mon Sep 17 00:00:00 2001
2From: Richard Purdie <richard@openedhand.com>
3Date: Wed, 31 Aug 2005 10:45:47 +0000
4Subject: [PATCH] Initial population
5
6The patch comes from OpenEmbedded
7Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
8
9Upstream-Status: Inappropriate [configuration]
10
11---
12 chat/Makefile.linux | 2 +-
13 pppd/Makefile.linux | 4 ++--
14 pppd/plugins/radius/Makefile.linux | 10 +++++-----
15 pppd/plugins/rp-pppoe/Makefile.linux | 4 ++--
16 pppdump/Makefile.linux | 2 +-
17 pppstats/Makefile.linux | 2 +-
18 6 files changed, 12 insertions(+), 12 deletions(-)
19
20diff --git a/chat/Makefile.linux b/chat/Makefile.linux
21index 0732ec8..f082dab 100644
22--- a/chat/Makefile.linux
23+++ b/chat/Makefile.linux
24@@ -25,7 +25,7 @@ chat.o: chat.c
25
26 install: chat
27 mkdir -p $(BINDIR) $(MANDIR)
28- $(INSTALL) -s -c chat $(BINDIR)
29+ $(INSTALL) -c chat $(BINDIR)
30 $(INSTALL) -c -m 644 chat.8 $(MANDIR)
31
32 clean:
33diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
34index 9664f70..4e485a1 100644
35--- a/pppd/Makefile.linux
36+++ b/pppd/Makefile.linux
37@@ -107,7 +107,7 @@ ifdef USE_SRP
38 CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
39 LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
40 TARGETS += srp-entry
41-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
42+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
43 MANPAGES += srp-entry.8
44 EXTRACLEAN += srp-entry.o
45 NEEDDES=y
46@@ -219,7 +219,7 @@ all: $(TARGETS)
47 install: pppd
48 mkdir -p $(BINDIR) $(MANDIR)
49 $(EXTRAINSTALL)
50- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
51+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
52 if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
53 chmod o-rx,u+s $(BINDIR)/pppd; fi
54 $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
55diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
56index e702263..af57ae3 100644
57--- a/pppd/plugins/radius/Makefile.linux
58+++ b/pppd/plugins/radius/Makefile.linux
59@@ -36,11 +36,11 @@ all: $(PLUGIN)
60
61 install: all
62 $(INSTALL) -d -m 755 $(LIBDIR)
63- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
64- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
65- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
66- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
67- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
68+ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
69+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
70+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
71+ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR)
72+ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR)
73
74 radius.so: radius.o libradiusclient.a
75 $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
76diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
77index 749ccc2..2c93f4a 100644
78--- a/pppd/plugins/rp-pppoe/Makefile.linux
79+++ b/pppd/plugins/rp-pppoe/Makefile.linux
80@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
81
82 install: all
83 $(INSTALL) -d -m 755 $(LIBDIR)
84- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
85+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
86 $(INSTALL) -d -m 755 $(BINDIR)
87- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
88+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
89
90 clean:
91 rm -f *.o *.so pppoe-discovery
92diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
93index cdf7ac4..0457561 100644
94--- a/pppdump/Makefile.linux
95+++ b/pppdump/Makefile.linux
96@@ -17,5 +17,5 @@ clean:
97
98 install:
99 mkdir -p $(BINDIR) $(MANDIR)
100- $(INSTALL) -s -c pppdump $(BINDIR)
101+ $(INSTALL) -c pppdump $(BINDIR)
102 $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
103diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
104index 71afbe6..1819370 100644
105--- a/pppstats/Makefile.linux
106+++ b/pppstats/Makefile.linux
107@@ -22,7 +22,7 @@ all: pppstats
108
109 install: pppstats
110 -mkdir -p $(MANDIR)
111- $(INSTALL) -s -c pppstats $(BINDIR)
112+ $(INSTALL) -c pppstats $(BINDIR)
113 $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
114
115 pppstats: $(PPPSTATSRCS)
diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
deleted file mode 100644
index a72414ff8a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1The patch comes from OpenEmbedded
2Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
3
4Upstream-Status: Inappropriate [embedded specific]
5
6diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
7--- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800
8+++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800
9@@ -55,6 +55,8 @@
10 #include <sys/socket.h>
11 #include <netinet/in.h>
12 #include <arpa/inet.h>
13+#include <sys/stat.h>
14+#include <unistd.h>
15
16 #include "pppd.h"
17 #include "fsm.h"
18@@ -2095,6 +2097,14 @@
19 u_int32_t peerdns1, peerdns2;
20 {
21 FILE *f;
22+ struct stat dirinfo;
23+
24+ if(stat(_PATH_OUTDIR, &dirinfo)) {
25+ if(mkdir(_PATH_OUTDIR, 0775)) {
26+ error("Failed to create directory %s: %m", _PATH_OUTDIR);
27+ return;
28+ }
29+ }
30
31 f = fopen(_PATH_RESOLV, "w");
32 if (f == NULL) {
33diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h
34--- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800
35+++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800
36@@ -30,7 +30,8 @@
37 #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
38 #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
39 #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
40-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
41+#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp"
42+#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf"
43
44 #define _PATH_USEROPT ".ppprc"
45 #define _PATH_PSEUDONYM ".ppp_pseudonym"
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.8.bb b/meta/recipes-connectivity/ppp/ppp_2.4.8.bb
deleted file mode 100644
index f9c60d6bad..0000000000
--- a/meta/recipes-connectivity/ppp/ppp_2.4.8.bb
+++ /dev/null
@@ -1,103 +0,0 @@
1SUMMARY = "Point-to-Point Protocol (PPP) support"
2DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \
3the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
4SECTION = "console/network"
5HOMEPAGE = "http://samba.org/ppp/"
6BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
7DEPENDS = "libpcap openssl virtual/crypt"
8LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
9LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
10 file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
11 file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
12 file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
13
14SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
15 file://makefile.patch \
16 file://pppd-resolv-varrun.patch \
17 file://makefile-remove-hard-usr-reference.patch \
18 file://pon \
19 file://poff \
20 file://init \
21 file://ip-up \
22 file://ip-down \
23 file://08setupdns \
24 file://92removedns \
25 file://copts.patch \
26 file://pap \
27 file://ppp_on_boot \
28 file://provider \
29 file://ppp@.service \
30 file://fix-CVE-2015-3310.patch \
31 file://0001-ppp-Remove-unneeded-include.patch \
32 file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
33 "
34
35SRC_URI_append_libc-musl = "\
36 file://0001-Fix-build-with-musl.patch \
37"
38SRC_URI[md5sum] = "2ca8342b9804be15103fd3f687af701c"
39SRC_URI[sha256sum] = "f6bf89beae26b2943dff8f1003533d6a5a4909a0fa6edfbec44fe039bbe61bc6"
40
41inherit autotools-brokensep systemd
42
43TARGET_CC_ARCH += " ${LDFLAGS}"
44EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
45EXTRA_OECONF = "--disable-strip"
46
47# Package Makefile computes CFLAGS, referencing COPTS.
48# Typically hard-coded to '-O2 -g' in the Makefile's.
49#
50EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
51
52do_configure () {
53 oe_runconf
54}
55
56do_install_append () {
57 make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
58 mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
59 mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
60 mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
61 install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon
62 install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff
63 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp
64 install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/
65 install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/
66 install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/
67 install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/
68 mkdir -p ${D}${sysconfdir}/chatscripts
69 mkdir -p ${D}${sysconfdir}/ppp/peers
70 install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts
71 install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
72 install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
73 install -d ${D}${systemd_unitdir}/system
74 install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system
75 sed -i -e 's,@SBINDIR@,${sbindir},g' \
76 ${D}${systemd_unitdir}/system/ppp@.service
77 rm -rf ${D}/${mandir}/man8/man8
78 chmod u+s ${D}${sbindir}/pppd
79}
80
81do_install_append_libc-musl () {
82 install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
83}
84
85CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
86PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
87FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
88FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so"
89FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so"
90FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
91FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so"
92FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so"
93FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
94FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so"
95FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump"
96SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support"
97SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support"
98SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support"
99SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows"
100SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies"
101SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe"
102SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support"
103SUMMARY_${PN}-tools = "Additional tools for the PPP package"
diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
new file mode 100644
index 0000000000..4b052f8ed9
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -0,0 +1,75 @@
1SUMMARY = "Point-to-Point Protocol (PPP) support"
2DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \
3the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
4SECTION = "console/network"
5HOMEPAGE = "http://samba.org/ppp/"
6BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
7DEPENDS = "libpcap openssl virtual/crypt"
8LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD"
9LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
10 file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
11 file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
12 file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
13
14SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
15 file://pon \
16 file://poff \
17 file://init \
18 file://ip-up \
19 file://ip-down \
20 file://08setupdns \
21 file://92removedns \
22 file://pap \
23 file://ppp_on_boot \
24 file://provider \
25 file://ppp@.service \
26 "
27
28SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff"
29
30inherit autotools systemd
31
32EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}"
33
34do_install:append () {
35 mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
36 mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
37 mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
38 install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon
39 install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff
40 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp
41 install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/
42 install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/
43 install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/
44 install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/
45 mkdir -p ${D}${sysconfdir}/chatscripts
46 mkdir -p ${D}${sysconfdir}/ppp/peers
47 install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts
48 install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
49 install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
50 install -d ${D}${systemd_system_unitdir}
51 install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}
52 sed -i -e 's,@SBINDIR@,${sbindir},g' \
53 ${D}${systemd_system_unitdir}/ppp@.service
54}
55
56CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
57PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
58FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service"
59FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so"
60FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so"
61FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
62FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so"
63FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so"
64FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
65FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so"
66FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump"
67SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support"
68SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support"
69SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support"
70SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows"
71SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies"
72SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
73SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support"
74SUMMARY:${PN}-tools = "Additional tools for the PPP package"
75
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
new file mode 100644
index 0000000000..ab32f26754
--- /dev/null
+++ b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
@@ -0,0 +1,37 @@
1From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 17 Nov 2022 17:26:30 +0800
4Subject: [PATCH] avoid using -m option for readlink
5
6Use a more widely used option '-f' instead of '-m' here to
7avoid dependency on coreutils.
8
9Looking at the git history of the resolvconf repo, the '-m'
10is deliberately used. And it wants to depend on coreutils.
11But in case of OE, the existence of /etc is ensured, and busybox
12readlink provides '-f' option, so we can just use '-f'. In this
13way, the coreutils dependency is not necessary any more.
14
15Upstream-Status: Inappropriate [OE Specific]
16
17Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
18---
19 etc/resolvconf/update.d/libc | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc
23index 1c4f6bc..f75d22c 100755
24--- a/etc/resolvconf/update.d/libc
25+++ b/etc/resolvconf/update.d/libc
26@@ -57,7 +57,7 @@ fi
27 report_warning() { echo "$0: Warning: $*" >&2 ; }
28
29 resolv_conf_is_symlinked_to_dynamic_file() {
30- [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
31+ [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ]
32 }
33
34 if ! resolv_conf_is_symlinked_to_dynamic_file ; then
35--
362.17.1
37
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
deleted file mode 100644
index 1aead07869..0000000000
--- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
+++ /dev/null
@@ -1,20 +0,0 @@
1
2busybox installs readlink into /usr/bin, so ensure /usr/bin
3is in the path.
4
5Upstream-Status: Submitted
6Signed-off-by: Saul Wold <sgw@linux.intel.com>
7
8Index: resolvconf-1.76/etc/resolvconf/update.d/libc
9===================================================================
10--- resolvconf-1.76.orig/etc/resolvconf/update.d/libc
11+++ resolvconf-1.76/etc/resolvconf/update.d/libc
12@@ -16,7 +16,7 @@
13 #
14
15 set -e
16-PATH=/sbin:/bin
17+PATH=/sbin:/bin:/usr/bin
18
19 [ -x /lib/resolvconf/list-records ] || exit 1
20
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb
index 33ee553d19..226cb7ee77 100644
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb
@@ -5,18 +5,17 @@ itself up as the intermediary between programs that supply \
5nameserver information and programs that need nameserver \ 5nameserver information and programs that need nameserver \
6information." 6information."
7SECTION = "console/network" 7SECTION = "console/network"
8LICENSE = "GPLv2+" 8LICENSE = "GPL-2.0-or-later"
9LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" 9LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
10AUTHOR = "Thomas Hood"
11HOMEPAGE = "http://packages.debian.org/resolvconf" 10HOMEPAGE = "http://packages.debian.org/resolvconf"
12RDEPENDS_${PN} = "bash" 11RDEPENDS:${PN} = "bash sed util-linux-flock"
13 12
14SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ 13SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
15 file://fix-path-for-busybox.patch \
16 file://99_resolvconf \ 14 file://99_resolvconf \
17 " 15 file://0001-avoid-using-m-option-for-readlink.patch \
16 "
18 17
19SRCREV = "d001dd2b7ce4c854eaa29e46b9640ab66c6e70bb" 18SRCREV = "86047276c80705c51859a19f0c472102e0822f34"
20 19
21S = "${WORKDIR}/git" 20S = "${WORKDIR}/git"
22 21
@@ -24,8 +23,6 @@ S = "${WORKDIR}/git"
24# so we check the latest upstream from a directory that does get updated 23# so we check the latest upstream from a directory that does get updated
25UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" 24UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
26 25
27inherit allarch
28
29do_compile () { 26do_compile () {
30 : 27 :
31} 28}
@@ -40,12 +37,14 @@ do_install () {
40 fi 37 fi
41 install -d ${D}${base_libdir}/${BPN} 38 install -d ${D}${base_libdir}/${BPN}
42 install -d ${D}${sysconfdir}/${BPN} 39 install -d ${D}${sysconfdir}/${BPN}
40 install -d ${D}${nonarch_base_libdir}/${BPN}
43 ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run 41 ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
44 install -d ${D}${sysconfdir} ${D}${base_sbindir} 42 install -d ${D}${sysconfdir} ${D}${base_sbindir}
45 install -d ${D}${mandir}/man8 ${D}${docdir}/${P} 43 install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
46 cp -pPR etc/resolvconf ${D}${sysconfdir}/ 44 cp -pPR etc/resolvconf ${D}${sysconfdir}/
47 chown -R root:root ${D}${sysconfdir}/ 45 chown -R root:root ${D}${sysconfdir}/
48 install -m 0755 bin/resolvconf ${D}${base_sbindir}/ 46 install -m 0755 bin/resolvconf ${D}${base_sbindir}/
47 install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN}
49 install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} 48 install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
50 install -d ${D}/${sysconfdir}/network/if-up.d 49 install -d ${D}/${sysconfdir}/network/if-up.d
51 install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf 50 install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
@@ -55,7 +54,7 @@ do_install () {
55 install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ 54 install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/
56} 55}
57 56
58pkg_postinst_${PN} () { 57pkg_postinst:${PN} () {
59 if [ -z "$D" ]; then 58 if [ -z "$D" ]; then
60 if command -v systemd-tmpfiles >/dev/null; then 59 if command -v systemd-tmpfiles >/dev/null; then
61 systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf 60 systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf
@@ -65,4 +64,4 @@ pkg_postinst_${PN} () {
65 fi 64 fi
66} 65}
67 66
68FILES_${PN} += "${base_libdir}/${BPN}" 67FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}"
diff --git a/meta/recipes-connectivity/slirp/libslirp_git.bb b/meta/recipes-connectivity/slirp/libslirp_git.bb
new file mode 100644
index 0000000000..334b786b9b
--- /dev/null
+++ b/meta/recipes-connectivity/slirp/libslirp_git.bb
@@ -0,0 +1,18 @@
1SUMMARY = "A general purpose TCP-IP emulator"
2DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services."
3HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp"
4LICENSE = "BSD-3-Clause & MIT"
5LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727"
6
7SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master"
8SRCREV = "3ad1710a96678fe79066b1469cead4058713a1d9"
9PV = "4.7.0"
10S = "${WORKDIR}/git"
11
12DEPENDS = " \
13 glib-2.0 \
14"
15
16inherit meson pkgconfig
17
18BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
new file mode 100644
index 0000000000..9051ae1abe
--- /dev/null
+++ b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch
@@ -0,0 +1,62 @@
1From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@eng.windriver.com>
3Date: Tue, 5 Dec 2023 23:02:22 -0800
4Subject: [PATCH v2] fix compile procan.c failed
5
61. Compile socat failed if out of tree build (build dir != source dir)
7...
8gcc -c -D CC="gcc" -o procan.o procan.c
9cc1: fatal error: procan.c: No such file or directory
10...
11Explicitly add $srcdir to makefile rule
12
132. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64"
14...
15from ../socat-1.8.0.0/procan.c:10:
16../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory
17 18 | #include <inttypes.h> /* uint16_t */
18...
19
20In commit [Procan: print umask, CC, and couple more new infos][1],
21it defeines marcro CC in C source, the space in CC will break
22C source compile. Use first word of $(CC) to defeine marco CC
23
24[1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185
25
26Upstream-Status: Submitted [socat@dest-unreach.org]
27Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
28---
29 Makefile.in | 10 +++++-----
30 1 file changed, 5 insertions(+), 5 deletions(-)
31
32diff --git a/Makefile.in b/Makefile.in
33index c01b1a4..48dad69 100644
34--- a/Makefile.in
35+++ b/Makefile.in
36@@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES)
37 socat: socat.o libxio.a
38 $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS)
39
40-procan.o: procan.c
41- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c
42+procan.o: $(srcdir)/procan.c
43+ $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c
44
45 PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
46 procan: $(PROCAN_OBJS)
47@@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1
48 mkdir -p $(DESTDIR)$(BINDEST)
49 $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1
50 ln -sf socat1 $(DESTDIR)$(BINDEST)/socat
51- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST)
52- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST)
53- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST)
54+ $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST)
55+ $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST)
56+ $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST)
57 $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST)
58 $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST)
59 mkdir -p $(DESTDIR)$(MANDEST)/man1
60--
612.42.0
62
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
index f3f569d262..912605c95c 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb
+++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -7,13 +7,13 @@ SECTION = "console/network"
7 7
8LICENSE = "GPL-2.0-with-OpenSSL-exception" 8LICENSE = "GPL-2.0-with-OpenSSL-exception"
9LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ 9LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
10 file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" 10 file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f"
11 11
12SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ 12SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
13 file://0001-fix-compile-procan.c-failed.patch \
13" 14"
14 15
15SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9" 16SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"
16SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc"
17 17
18inherit autotools 18inherit autotools
19 19
@@ -29,15 +29,15 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \
29 sc_cv_sys_tabdly_shift=11 \ 29 sc_cv_sys_tabdly_shift=11 \
30 sc_cv_sys_csize_shift=4" 30 sc_cv_sys_csize_shift=4"
31 31
32TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ 32TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \
33 sc_cv_sys_tabdly_shift=10 \ 33 sc_cv_sys_tabdly_shift=10 \
34 sc_cv_sys_csize_shift=8" 34 sc_cv_sys_csize_shift=8"
35 35
36TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ 36TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \
37 sc_cv_sys_tabdly_shift=10 \ 37 sc_cv_sys_tabdly_shift=10 \
38 sc_cv_sys_csize_shift=8" 38 sc_cv_sys_csize_shift=8"
39 39
40PACKAGECONFIG_class-target ??= "tcp-wrappers readline openssl" 40PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl"
41PACKAGECONFIG ??= "readline openssl" 41PACKAGECONFIG ??= "readline openssl"
42PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" 42PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
43PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" 43PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
@@ -45,7 +45,7 @@ PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl"
45 45
46CFLAGS += "-fcommon" 46CFLAGS += "-fcommon"
47 47
48do_install_prepend () { 48do_install:prepend () {
49 mkdir -p ${D}${bindir} 49 mkdir -p ${D}${bindir}
50 install -d ${D}${bindir} ${D}${mandir}/man1 50 install -d ${D}${bindir} ${D}${mandir}/man1
51} 51}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
deleted file mode 100644
index 7b0713cf6d..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
+++ /dev/null
@@ -1,82 +0,0 @@
1hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
2of disconnection in certain situations because source address validation is
3mishandled. This is a denial of service that should have been prevented by PMF
4(aka management frame protection). The attacker must send a crafted 802.11 frame
5from a location that is within the 802.11 communications range.
6
7CVE: CVE-2019-16275
8Upstream-Status: Backport
9Signed-off-by: Ross Burton <ross.burton@intel.com>
10
11From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
12From: Jouni Malinen <j@w1.fi>
13Date: Thu, 29 Aug 2019 11:52:04 +0300
14Subject: [PATCH] AP: Silently ignore management frame from unexpected source
15 address
16
17Do not process any received Management frames with unexpected/invalid SA
18so that we do not add any state for unexpected STA addresses or end up
19sending out frames to unexpected destination. This prevents unexpected
20sequences where an unprotected frame might end up causing the AP to send
21out a response to another device and that other device processing the
22unexpected response.
23
24In particular, this prevents some potential denial of service cases
25where the unexpected response frame from the AP might result in a
26connected station dropping its association.
27
28Signed-off-by: Jouni Malinen <j@w1.fi>
29---
30 src/ap/drv_callbacks.c | 13 +++++++++++++
31 src/ap/ieee802_11.c | 12 ++++++++++++
32 2 files changed, 25 insertions(+)
33
34diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
35index 31587685fe3b..34ca379edc3d 100644
36--- a/src/ap/drv_callbacks.c
37+++ b/src/ap/drv_callbacks.c
38@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
39 "hostapd_notif_assoc: Skip event with no address");
40 return -1;
41 }
42+
43+ if (is_multicast_ether_addr(addr) ||
44+ is_zero_ether_addr(addr) ||
45+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
46+ /* Do not process any frames with unexpected/invalid SA so that
47+ * we do not add any state for unexpected STA addresses or end
48+ * up sending out frames to unexpected destination. */
49+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
50+ " in received indication - ignore this indication silently",
51+ __func__, MAC2STR(addr));
52+ return 0;
53+ }
54+
55 random_add_randomness(addr, ETH_ALEN);
56
57 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
58diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
59index c85a28db44b7..e7065372e158 100644
60--- a/src/ap/ieee802_11.c
61+++ b/src/ap/ieee802_11.c
62@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
63 fc = le_to_host16(mgmt->frame_control);
64 stype = WLAN_FC_GET_STYPE(fc);
65
66+ if (is_multicast_ether_addr(mgmt->sa) ||
67+ is_zero_ether_addr(mgmt->sa) ||
68+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
69+ /* Do not process any frames with unexpected/invalid SA so that
70+ * we do not add any state for unexpected STA addresses or end
71+ * up sending out frames to unexpected destination. */
72+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
73+ " in received frame - ignore this frame silently",
74+ MAC2STR(mgmt->sa));
75+ return 0;
76+ }
77+
78 if (stype == WLAN_FC_STYPE_BEACON) {
79 handle_beacon(hapd, mgmt, len, fi);
80 return 1;
81--
822.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch
new file mode 100644
index 0000000000..c04c608bde
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch
@@ -0,0 +1,33 @@
1From 57b12a1e43605f71239a21488cb9b541f0751dda Mon Sep 17 00:00:00 2001
2From: Alex Kiernan <alexk@zuma.ai>
3Date: Thu, 21 Apr 2022 10:15:29 +0100
4Subject: [PATCH] Install wpa_passphrase when not disabled
5
6As part of fixing CONFIG_NO_WPA_PASSPHRASE, whilst wpa_passphrase gets
7built, its not installed during `make install`.
8
9Fixes: cb41c214b78d ("build: Re-enable options for libwpa_client.so and wpa_passphrase")
10Signed-off-by: Alex Kiernan <alexk@zuma.ai>
11Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
12Upstream-Status: Submitted [http://lists.infradead.org/pipermail/hostap/2022-April/040448.html]
13---
14 wpa_supplicant/Makefile | 3 +++
15 1 file changed, 3 insertions(+)
16
17diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
18index 0bab313f2355..12787c0c7d0f 100644
19--- a/wpa_supplicant/Makefile
20+++ b/wpa_supplicant/Makefile
21@@ -73,6 +73,9 @@ $(DESTDIR)$(BINDIR)/%: %
22
23 install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
24 $(MAKE) -C ../src install
25+ifndef CONFIG_NO_WPA_PASSPHRASE
26+ install -D wpa_passphrase $(DESTDIR)/$(BINDIR)/wpa_passphrase
27+endif
28 ifdef CONFIG_BUILD_WPA_CLIENT_SO
29 install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so
30 install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h
31--
322.35.1
33
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
new file mode 100644
index 0000000000..620560d3c7
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
@@ -0,0 +1,213 @@
1From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Sat, 8 Jul 2023 19:55:32 +0300
4Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements
5
6The previous PEAP client behavior allowed the server to skip Phase 2
7authentication with the expectation that the server was authenticated
8during Phase 1 through TLS server certificate validation. Various PEAP
9specifications are not exactly clear on what the behavior on this front
10is supposed to be and as such, this ended up being more flexible than
11the TTLS/FAST/TEAP cases. However, this is not really ideal when
12unfortunately common misconfiguration of PEAP is used in deployed
13devices where the server trust root (ca_cert) is not configured or the
14user has an easy option for allowing this validation step to be skipped.
15
16Change the default PEAP client behavior to be to require Phase 2
17authentication to be successfully completed for cases where TLS session
18resumption is not used and the client certificate has not been
19configured. Those two exceptions are the main cases where a deployed
20authentication server might skip Phase 2 and as such, where a more
21strict default behavior could result in undesired interoperability
22issues. Requiring Phase 2 authentication will end up disabling TLS
23session resumption automatically to avoid interoperability issues.
24
25Allow Phase 2 authentication behavior to be configured with a new phase1
26configuration parameter option:
27'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
28tunnel) behavior for PEAP:
29 * 0 = do not require Phase 2 authentication
30 * 1 = require Phase 2 authentication when client certificate
31 (private_key/client_cert) is no used and TLS session resumption was
32 not used (default)
33 * 2 = require Phase 2 authentication in all cases
34
35Signed-off-by: Jouni Malinen <j@w1.fi>
36
37CVE: CVE-2023-52160
38Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c]
39
40Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
41
42---
43 src/eap_peer/eap_config.h | 8 ++++++
44 src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++---
45 src/eap_peer/eap_tls_common.c | 6 +++++
46 src/eap_peer/eap_tls_common.h | 5 ++++
47 wpa_supplicant/wpa_supplicant.conf | 7 ++++++
48 5 files changed, 63 insertions(+), 3 deletions(-)
49
50diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
51index 3238f74..047eec2 100644
52--- a/src/eap_peer/eap_config.h
53+++ b/src/eap_peer/eap_config.h
54@@ -469,6 +469,14 @@ struct eap_peer_config {
55 * 1 = use cryptobinding if server supports it
56 * 2 = require cryptobinding
57 *
58+ * phase2_auth option can be used to control Phase 2 (i.e., within TLS
59+ * tunnel) behavior for PEAP:
60+ * 0 = do not require Phase 2 authentication
61+ * 1 = require Phase 2 authentication when client certificate
62+ * (private_key/client_cert) is no used and TLS session resumption was
63+ * not used (default)
64+ * 2 = require Phase 2 authentication in all cases
65+ *
66 * EAP-WSC (WPS) uses following options: pin=Device_Password and
67 * uuid=Device_UUID
68 *
69diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
70index 12e30df..6080697 100644
71--- a/src/eap_peer/eap_peap.c
72+++ b/src/eap_peer/eap_peap.c
73@@ -67,6 +67,7 @@ struct eap_peap_data {
74 u8 cmk[20];
75 int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
76 * is enabled. */
77+ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
78 };
79
80
81@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
82 wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
83 }
84
85+ if (os_strstr(phase1, "phase2_auth=0")) {
86+ data->phase2_auth = NO_AUTH;
87+ wpa_printf(MSG_DEBUG,
88+ "EAP-PEAP: Do not require Phase 2 authentication");
89+ } else if (os_strstr(phase1, "phase2_auth=1")) {
90+ data->phase2_auth = FOR_INITIAL;
91+ wpa_printf(MSG_DEBUG,
92+ "EAP-PEAP: Require Phase 2 authentication for initial connection");
93+ } else if (os_strstr(phase1, "phase2_auth=2")) {
94+ data->phase2_auth = ALWAYS;
95+ wpa_printf(MSG_DEBUG,
96+ "EAP-PEAP: Require Phase 2 authentication for all cases");
97+ }
98 #ifdef EAP_TNC
99 if (os_strstr(phase1, "tnc=soh2")) {
100 data->soh = 2;
101@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
102 data->force_peap_version = -1;
103 data->peap_outer_success = 2;
104 data->crypto_binding = OPTIONAL_BINDING;
105+ data->phase2_auth = FOR_INITIAL;
106
107 if (config && config->phase1)
108 eap_peap_parse_phase1(data, config->phase1);
109@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
110 }
111
112
113+static bool peap_phase2_sufficient(struct eap_sm *sm,
114+ struct eap_peap_data *data)
115+{
116+ if ((data->phase2_auth == ALWAYS ||
117+ (data->phase2_auth == FOR_INITIAL &&
118+ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
119+ !data->ssl.client_cert_conf) ||
120+ data->phase2_eap_started) &&
121+ !data->phase2_eap_success)
122+ return false;
123+ return true;
124+}
125+
126+
127 /**
128 * eap_tlv_process - Process a received EAP-TLV message and generate a response
129 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
130@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
131 " - force failed Phase 2");
132 resp_status = EAP_TLV_RESULT_FAILURE;
133 ret->decision = DECISION_FAIL;
134+ } else if (!peap_phase2_sufficient(sm, data)) {
135+ wpa_printf(MSG_INFO,
136+ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
137+ resp_status = EAP_TLV_RESULT_FAILURE;
138+ ret->decision = DECISION_FAIL;
139 } else {
140 resp_status = EAP_TLV_RESULT_SUCCESS;
141 ret->decision = DECISION_UNCOND_SUCC;
142@@ -887,8 +921,7 @@ continue_req:
143 /* EAP-Success within TLS tunnel is used to indicate
144 * shutdown of the TLS channel. The authentication has
145 * been completed. */
146- if (data->phase2_eap_started &&
147- !data->phase2_eap_success) {
148+ if (!peap_phase2_sufficient(sm, data)) {
149 wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
150 "Success used to indicate success, "
151 "but Phase 2 EAP was not yet "
152@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
153 static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
154 {
155 struct eap_peap_data *data = priv;
156+
157 return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
158- data->phase2_success;
159+ data->phase2_success && data->phase2_auth != ALWAYS;
160 }
161
162
163diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
164index c1837db..a53eeb1 100644
165--- a/src/eap_peer/eap_tls_common.c
166+++ b/src/eap_peer/eap_tls_common.c
167@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
168
169 sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
170
171+ if (!phase2)
172+ data->client_cert_conf = params->client_cert ||
173+ params->client_cert_blob ||
174+ params->private_key ||
175+ params->private_key_blob;
176+
177 return 0;
178 }
179
180diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
181index 9ac0012..3348634 100644
182--- a/src/eap_peer/eap_tls_common.h
183+++ b/src/eap_peer/eap_tls_common.h
184@@ -79,6 +79,11 @@ struct eap_ssl_data {
185 * tls_v13 - Whether TLS v1.3 or newer is used
186 */
187 int tls_v13;
188+
189+ /**
190+ * client_cert_conf: Whether client certificate has been configured
191+ */
192+ bool client_cert_conf;
193 };
194
195
196diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
197index 6619d6b..d63f73c 100644
198--- a/wpa_supplicant/wpa_supplicant.conf
199+++ b/wpa_supplicant/wpa_supplicant.conf
200@@ -1321,6 +1321,13 @@ fast_reauth=1
201 # * 0 = do not use cryptobinding (default)
202 # * 1 = use cryptobinding if server supports it
203 # * 2 = require cryptobinding
204+# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
205+# tunnel) behavior for PEAP:
206+# * 0 = do not require Phase 2 authentication
207+# * 1 = require Phase 2 authentication when client certificate
208+# (private_key/client_cert) is no used and TLS session resumption was
209+# not used (default)
210+# * 2 = require Phase 2 authentication in all cases
211 # EAP-WSC (WPS) uses following options: pin=<Device Password> or
212 # pbc=1.
213 #
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
deleted file mode 100644
index 53ad5d028a..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
+++ /dev/null
@@ -1,151 +0,0 @@
1From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Wed, 3 Jun 2020 23:17:35 +0300
4Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
5 other networks
6
7The UPnP Device Architecture 2.0 specification errata ("UDA errata
816-04-2020.docx") addresses a problem with notifications being allowed
9to go out to other domains by disallowing such cases. Do such filtering
10for the notification callback URLs to avoid undesired connections to
11external networks based on subscriptions that any device in the local
12network could request when WPS support for external registrars is
13enabled (the upnp_iface parameter in hostapd configuration).
14
15Upstream-Status: Backport
16CVE: CVE-2020-12695 patch #1
17Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
18Signed-off-by: Armin Kuster <akuster@mvista.com>
19
20---
21 src/wps/wps_er.c | 2 +-
22 src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
23 src/wps/wps_upnp_i.h | 3 ++-
24 3 files changed, 39 insertions(+), 4 deletions(-)
25
26Index: wpa_supplicant-2.9/src/wps/wps_er.c
27===================================================================
28--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
29+++ wpa_supplicant-2.9/src/wps/wps_er.c
30@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
31 "with %s", filter);
32 }
33 if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
34- er->mac_addr)) {
35+ NULL, er->mac_addr)) {
36 wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
37 "for %s. Does it have IP address?", er->ifname);
38 wps_er_deinit(er, NULL, NULL);
39Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
40===================================================================
41--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
42+++ wpa_supplicant-2.9/src/wps/wps_upnp.c
43@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
44 }
45
46
47+static int local_network_addr(struct upnp_wps_device_sm *sm,
48+ struct sockaddr_in *addr)
49+{
50+ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
51+ (sm->ip_addr & sm->netmask.s_addr);
52+}
53+
54+
55 /* subscr_addr_add_url -- add address(es) for one url to subscription */
56 static void subscr_addr_add_url(struct subscription *s, const char *url,
57 size_t url_len)
58@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
59
60 for (rp = result; rp; rp = rp->ai_next) {
61 struct subscr_addr *a;
62+ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
63
64 /* Limit no. of address to avoid denial of service attack */
65 if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
66@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
67 break;
68 }
69
70+ if (!local_network_addr(s->sm, addr)) {
71+ wpa_printf(MSG_INFO,
72+ "WPS UPnP: Ignore a delivery URL that points to another network %s",
73+ inet_ntoa(addr->sin_addr));
74+ continue;
75+ }
76+
77 a = os_zalloc(sizeof(*a) + alloc_len);
78 if (a == NULL)
79 break;
80@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
81 * @net_if: Selected network interface name
82 * @ip_addr: Buffer for returning IP address in network byte order
83 * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
84+ * @netmask: Buffer for returning netmask or %NULL if not needed
85 * @mac: Buffer for returning MAC address
86 * Returns: 0 on success, -1 on failure
87 */
88 int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
89- u8 mac[ETH_ALEN])
90+ struct in_addr *netmask, u8 mac[ETH_ALEN])
91 {
92 struct ifreq req;
93 int sock = -1;
94@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u
95 in_addr.s_addr = *ip_addr;
96 os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
97
98+ if (netmask) {
99+ os_memset(&req, 0, sizeof(req));
100+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
101+ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
102+ wpa_printf(MSG_ERROR,
103+ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
104+ errno, strerror(errno));
105+ goto fail;
106+ }
107+ addr = (struct sockaddr_in *) &req.ifr_netmask;
108+ netmask->s_addr = addr->sin_addr.s_addr;
109+ }
110+
111 #ifdef __linux__
112 os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
113 if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
114@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct
115
116 /* Determine which IP and mac address we're using */
117 if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
118- sm->mac_addr)) {
119+ &sm->netmask, sm->mac_addr)) {
120 wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
121 "for %s. Does it have IP address?", net_if);
122 goto fail;
123 }
124+ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
125+ MACSTR,
126+ sm->ip_addr_text, inet_ntoa(sm->netmask),
127+ MAC2STR(sm->mac_addr));
128
129 /* Listen for incoming TCP connections so that others
130 * can fetch our "xml files" from us.
131Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h
132===================================================================
133--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h
134+++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h
135@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
136 u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
137 char *ip_addr_text; /* IP address of network i.f. we use */
138 unsigned ip_addr; /* IP address of network i.f. we use (host order) */
139+ struct in_addr netmask;
140 int multicast_sd; /* send multicast messages over this socket */
141 int ssdp_sd; /* receive discovery UPD packets on socket */
142 int ssdp_sd_registered; /* nonzero if we must unregister */
143@@ -158,7 +159,7 @@ struct subscription * subscription_find(
144 const u8 uuid[UUID_LEN]);
145 void subscr_addr_delete(struct subscr_addr *a);
146 int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
147- u8 mac[ETH_ALEN]);
148+ struct in_addr *netmask, u8 mac[ETH_ALEN]);
149
150 /* wps_upnp_ssdp.c */
151 void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
new file mode 100644
index 0000000000..6e930fc98d
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
@@ -0,0 +1,73 @@
1From cb41c214b78d6df187a31950342e48a403dbd769 Mon Sep 17 00:00:00 2001
2From: Sergey Matyukevich <geomatsi@gmail.com>
3Date: Tue, 22 Feb 2022 11:52:19 +0300
4Subject: [PATCH 1/2] build: Re-enable options for libwpa_client.so and
5 wpa_passphrase
6
7Commit a41a29192e5d ("build: Pull common fragments into a build.rules
8file") introduced a regression into wpa_supplicant build process. The
9build target libwpa_client.so is not built regardless of whether the
10option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because
11this config option is used before it is imported from the configuration
12file. Moving its use after including build.rules does not help: the
13variable ALL is processed by build.rules and further changes are not
14applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work
15as expected: wpa_passphrase is always built regardless of whether the
16option is set or not.
17
18Re-enable these options by adding both build targets to _all
19dependencies.
20
21Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file")
22Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
23Upstream-Status: Backport
24Signed-off-by: Alex Kiernan <alexk@zuma.ai>
25Signed-off-by: Alex Kiernan <alexk@gmail.com>
26---
27 wpa_supplicant/Makefile | 19 ++++++++++++-------
28 1 file changed, 12 insertions(+), 7 deletions(-)
29
30diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
31index cb66defac7c8..c456825ae75f 100644
32--- a/wpa_supplicant/Makefile
33+++ b/wpa_supplicant/Makefile
34@@ -1,24 +1,29 @@
35 BINALL=wpa_supplicant wpa_cli
36
37-ifndef CONFIG_NO_WPA_PASSPHRASE
38-BINALL += wpa_passphrase
39-endif
40-
41 ALL = $(BINALL)
42 ALL += systemd/wpa_supplicant.service
43 ALL += systemd/wpa_supplicant@.service
44 ALL += systemd/wpa_supplicant-nl80211@.service
45 ALL += systemd/wpa_supplicant-wired@.service
46 ALL += dbus/fi.w1.wpa_supplicant1.service
47-ifdef CONFIG_BUILD_WPA_CLIENT_SO
48-ALL += libwpa_client.so
49-endif
50
51 EXTRA_TARGETS=dynamic_eap_methods
52
53 CONFIG_FILE=.config
54 include ../src/build.rules
55
56+ifdef CONFIG_BUILD_WPA_CLIENT_SO
57+# add the dependency this way to allow CONFIG_BUILD_WPA_CLIENT_SO
58+# being set in the config which is read by build.rules
59+_all: libwpa_client.so
60+endif
61+
62+ifndef CONFIG_NO_WPA_PASSPHRASE
63+# add the dependency this way to allow CONFIG_NO_WPA_PASSPHRASE
64+# being set in the config which is read by build.rules
65+_all: wpa_passphrase
66+endif
67+
68 ifdef LIBS
69 # If LIBS is set with some global build system defaults, clone those for
70 # LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well.
71--
722.35.1
73
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
deleted file mode 100644
index a476cf040e..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
2From: Joshua DeWeese <jdeweese@hennypenny.com>
3Date: Wed, 30 Jan 2019 16:19:47 -0500
4Subject: [PATCH] replace systemd install Alias with WantedBy
5
6According to the systemd documentation "WantedBy=foo.service in a
7service bar.service is mostly equivalent to
8Alias=foo.service.wants/bar.service in the same file." However,
9this is not really the intended purpose of install Aliases.
10
11Upstream-Status: Submitted [hostap@lists.infradead.org]
12
13Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
14---
15 wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
16 wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +-
17 wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +-
18 3 files changed, 3 insertions(+), 3 deletions(-)
19
20diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
21index 03ac507..da69a87 100644
22--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
23+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
24@@ -12,4 +12,4 @@ Type=simple
25 ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
26
27 [Install]
28-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
29+WantedBy=multi-user.target
30diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
31index c8a744d..ca3054b 100644
32--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
33+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
34@@ -12,4 +12,4 @@ Type=simple
35 ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
36
37 [Install]
38-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
39+WantedBy=multi-user.target
40diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
41index 7788b38..55d2b9c 100644
42--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
43+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
44@@ -12,4 +12,4 @@ Type=simple
45 ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
46
47 [Install]
48-Alias=multi-user.target.wants/wpa_supplicant@%i.service
49+WantedBy=multi-user.target
50--
512.7.4
52
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
new file mode 100644
index 0000000000..53b0fcdf53
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
@@ -0,0 +1,26 @@
1From d001b301ba7987f4b39453a211631b85c48f2ff8 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <quic_jouni@quicinc.com>
3Date: Thu, 3 Mar 2022 13:26:42 +0200
4Subject: [PATCH 2/2] Fix removal of wpa_passphrase on 'make clean'
5
6Fixes: 0430bc8267b4 ("build: Add a common-clean target")
7Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
8Upstream-Status: Backport
9Signed-off-by: Alex Kiernan <alexk@zuma.ai>
10Signed-off-by: Alex Kiernan <alexk@gmail.com>
11---
12 wpa_supplicant/Makefile | 1 +
13 1 file changed, 1 insertion(+)
14
15diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
16index c456825ae75f..4b4688931b1d 100644
17--- a/wpa_supplicant/Makefile
18+++ b/wpa_supplicant/Makefile
19@@ -2077,3 +2077,4 @@ clean: common-clean
20 rm -f libwpa_client.a
21 rm -f libwpa_client.so
22 rm -f libwpa_test1 libwpa_test2
23+ rm -f wpa_passphrase
24--
252.35.1
26
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
deleted file mode 100644
index 59640859dd..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
+++ /dev/null
@@ -1,62 +0,0 @@
1From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Wed, 3 Jun 2020 22:41:02 +0300
4Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
5 path
6
7More than about 700 character URL ended up overflowing the wpabuf used
8for building the event notification and this resulted in the wpabuf
9buffer overflow checks terminating the hostapd process. Fix this by
10allocating the buffer to be large enough to contain the full URL path.
11However, since that around 700 character limit has been the practical
12limit for more than ten years, start explicitly enforcing that as the
13limit or the callback URLs since any longer ones had not worked before
14and there is no need to enable them now either.
15
16Upstream-Status: Backport
17CVE: CVE-2020-12695 patch #2
18Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
19Signed-off-by: Armin Kuster <akuster@mvista.com>
20
21---
22 src/wps/wps_upnp.c | 9 +++++++--
23 src/wps/wps_upnp_event.c | 3 ++-
24 2 files changed, 9 insertions(+), 3 deletions(-)
25
26diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
27index 7d4b7439940e..ab685d52ecab 100644
28--- a/src/wps/wps_upnp.c
29+++ b/src/wps/wps_upnp.c
30@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
31 int rerr;
32 size_t host_len, path_len;
33
34- /* url MUST begin with http: */
35- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
36+ /* URL MUST begin with HTTP scheme. In addition, limit the length of
37+ * the URL to 700 characters which is around the limit that was
38+ * implicitly enforced for more than 10 years due to a bug in
39+ * generating the event messages. */
40+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
41+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
42 goto fail;
43+ }
44 url += 7;
45 url_len -= 7;
46
47diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
48index d7e6edcc6503..08a23612f338 100644
49--- a/src/wps/wps_upnp_event.c
50+++ b/src/wps/wps_upnp_event.c
51@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
52 struct wpabuf *buf;
53 char *b;
54
55- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
56+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
57+ wpabuf_len(e->data));
58 if (buf == NULL)
59 return NULL;
60 wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
61--
622.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
deleted file mode 100644
index 8a014ef28a..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <jouni@codeaurora.org>
3Date: Thu, 4 Jun 2020 21:24:04 +0300
4Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
5 properly
6
7While it is appropriate to try to retransmit the event to another
8callback URL on a failure to initiate the HTTP client connection, there
9is no point in trying the exact same operation multiple times in a row.
10Replve the event_retry() calls with event_addr_failure() for these cases
11to avoid busy loops trying to repeat the same failing operation.
12
13These potential busy loops would go through eloop callbacks, so the
14process is not completely stuck on handling them, but unnecessary CPU
15would be used to process the continues retries that will keep failing
16for the same reason.
17
18Upstream-Status: Backport
19CVE: CVE-2020-12695 patch #2
20Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
21Signed-off-by: Armin Kuster <akuster@mvista.com>
22
23---
24 src/wps/wps_upnp_event.c | 4 ++--
25 1 file changed, 2 insertions(+), 2 deletions(-)
26
27diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
28index 08a23612f338..c0d9e41d9a38 100644
29--- a/src/wps/wps_upnp_event.c
30+++ b/src/wps/wps_upnp_event.c
31@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
32
33 buf = event_build_message(e);
34 if (buf == NULL) {
35- event_retry(e, 0);
36+ event_addr_failure(e);
37 return -1;
38 }
39
40@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
41 event_http_cb, e);
42 if (e->http_event == NULL) {
43 wpabuf_free(buf);
44- event_retry(e, 0);
45+ event_addr_failure(e);
46 return -1;
47 }
48
49--
502.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
deleted file mode 100644
index f04e398fdb..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
+++ /dev/null
@@ -1,552 +0,0 @@
1# Example wpa_supplicant build time configuration
2#
3# This file lists the configuration options that are used when building the
4# hostapd binary. All lines starting with # are ignored. Configuration option
5# lines must be commented out complete, if they are not to be included, i.e.,
6# just setting VARIABLE=n is not disabling that variable.
7#
8# This file is included in Makefile, so variables like CFLAGS and LIBS can also
9# be modified from here. In most cases, these lines should use += in order not
10# to override previous values of the variables.
11
12
13# Uncomment following two lines and fix the paths if you have installed OpenSSL
14# or GnuTLS in non-default location
15#CFLAGS += -I/usr/local/openssl/include
16#LIBS += -L/usr/local/openssl/lib
17
18# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
19# the kerberos files are not in the default include path. Following line can be
20# used to fix build issues on such systems (krb5.h not found).
21#CFLAGS += -I/usr/include/kerberos
22
23# Example configuration for various cross-compilation platforms
24
25#### sveasoft (e.g., for Linksys WRT54G) ######################################
26#CC=mipsel-uclibc-gcc
27#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
28#CFLAGS += -Os
29#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
30#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
31###############################################################################
32
33#### openwrt (e.g., for Linksys WRT54G) #######################################
34#CC=mipsel-uclibc-gcc
35#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
36#CFLAGS += -Os
37#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
38# -I../WRT54GS/release/src/include
39#LIBS = -lssl
40###############################################################################
41
42
43# Driver interface for Host AP driver
44CONFIG_DRIVER_HOSTAP=y
45
46# Driver interface for Agere driver
47#CONFIG_DRIVER_HERMES=y
48# Change include directories to match with the local setup
49#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
50#CFLAGS += -I../../include/wireless
51
52# Driver interface for madwifi driver
53# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
54#CONFIG_DRIVER_MADWIFI=y
55# Set include directory to the madwifi source tree
56#CFLAGS += -I../../madwifi
57
58# Driver interface for ndiswrapper
59# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
60#CONFIG_DRIVER_NDISWRAPPER=y
61
62# Driver interface for Atmel driver
63# CONFIG_DRIVER_ATMEL=y
64
65# Driver interface for old Broadcom driver
66# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
67# Linux wireless extensions and does not need (or even work) with the old
68# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
69#CONFIG_DRIVER_BROADCOM=y
70# Example path for wlioctl.h; change to match your configuration
71#CFLAGS += -I/opt/WRT54GS/release/src/include
72
73# Driver interface for Intel ipw2100/2200 driver
74# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
75#CONFIG_DRIVER_IPW=y
76
77# Driver interface for Ralink driver
78#CONFIG_DRIVER_RALINK=y
79
80# Driver interface for generic Linux wireless extensions
81# Note: WEXT is deprecated in the current Linux kernel version and no new
82# functionality is added to it. nl80211-based interface is the new
83# replacement for WEXT and its use allows wpa_supplicant to properly control
84# the driver to improve existing functionality like roaming and to support new
85# functionality.
86CONFIG_DRIVER_WEXT=y
87
88# Driver interface for Linux drivers using the nl80211 kernel interface
89CONFIG_DRIVER_NL80211=y
90
91# driver_nl80211.c requires libnl. If you are compiling it yourself
92# you may need to point hostapd to your version of libnl.
93#
94#CFLAGS += -I$<path to libnl include files>
95#LIBS += -L$<path to libnl library files>
96
97# Use libnl v2.0 (or 3.0) libraries.
98#CONFIG_LIBNL20=y
99
100# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
101CONFIG_LIBNL32=y
102
103
104# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
105#CONFIG_DRIVER_BSD=y
106#CFLAGS += -I/usr/local/include
107#LIBS += -L/usr/local/lib
108#LIBS_p += -L/usr/local/lib
109#LIBS_c += -L/usr/local/lib
110
111# Driver interface for Windows NDIS
112#CONFIG_DRIVER_NDIS=y
113#CFLAGS += -I/usr/include/w32api/ddk
114#LIBS += -L/usr/local/lib
115# For native build using mingw
116#CONFIG_NATIVE_WINDOWS=y
117# Additional directories for cross-compilation on Linux host for mingw target
118#CFLAGS += -I/opt/mingw/mingw32/include/ddk
119#LIBS += -L/opt/mingw/mingw32/lib
120#CC=mingw32-gcc
121# By default, driver_ndis uses WinPcap for low-level operations. This can be
122# replaced with the following option which replaces WinPcap calls with NDISUIO.
123# However, this requires that WZC is disabled (net stop wzcsvc) before starting
124# wpa_supplicant.
125# CONFIG_USE_NDISUIO=y
126
127# Driver interface for development testing
128#CONFIG_DRIVER_TEST=y
129
130# Driver interface for wired Ethernet drivers
131CONFIG_DRIVER_WIRED=y
132
133# Driver interface for the Broadcom RoboSwitch family
134#CONFIG_DRIVER_ROBOSWITCH=y
135
136# Driver interface for no driver (e.g., WPS ER only)
137#CONFIG_DRIVER_NONE=y
138
139# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
140# included)
141CONFIG_IEEE8021X_EAPOL=y
142
143# EAP-MD5
144CONFIG_EAP_MD5=y
145
146# EAP-MSCHAPv2
147CONFIG_EAP_MSCHAPV2=y
148
149# EAP-TLS
150CONFIG_EAP_TLS=y
151
152# EAL-PEAP
153CONFIG_EAP_PEAP=y
154
155# EAP-TTLS
156CONFIG_EAP_TTLS=y
157
158# EAP-FAST
159# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
160# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
161# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
162#CONFIG_EAP_FAST=y
163
164# EAP-GTC
165CONFIG_EAP_GTC=y
166
167# EAP-OTP
168CONFIG_EAP_OTP=y
169
170# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
171#CONFIG_EAP_SIM=y
172
173# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
174#CONFIG_EAP_PSK=y
175
176# EAP-pwd (secure authentication using only a password)
177#CONFIG_EAP_PWD=y
178
179# EAP-PAX
180#CONFIG_EAP_PAX=y
181
182# LEAP
183CONFIG_EAP_LEAP=y
184
185# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
186#CONFIG_EAP_AKA=y
187
188# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
189# This requires CONFIG_EAP_AKA to be enabled, too.
190#CONFIG_EAP_AKA_PRIME=y
191
192# Enable USIM simulator (Milenage) for EAP-AKA
193#CONFIG_USIM_SIMULATOR=y
194
195# EAP-SAKE
196#CONFIG_EAP_SAKE=y
197
198# EAP-GPSK
199#CONFIG_EAP_GPSK=y
200# Include support for optional SHA256 cipher suite in EAP-GPSK
201#CONFIG_EAP_GPSK_SHA256=y
202
203# EAP-TNC and related Trusted Network Connect support (experimental)
204#CONFIG_EAP_TNC=y
205
206# Wi-Fi Protected Setup (WPS)
207CONFIG_WPS=y
208# Enable WSC 2.0 support
209#CONFIG_WPS2=y
210# Enable WPS external registrar functionality
211#CONFIG_WPS_ER=y
212# Disable credentials for an open network by default when acting as a WPS
213# registrar.
214#CONFIG_WPS_REG_DISABLE_OPEN=y
215# Enable WPS support with NFC config method
216#CONFIG_WPS_NFC=y
217
218# EAP-IKEv2
219#CONFIG_EAP_IKEV2=y
220
221# EAP-EKE
222#CONFIG_EAP_EKE=y
223
224# PKCS#12 (PFX) support (used to read private key and certificate file from
225# a file that usually has extension .p12 or .pfx)
226CONFIG_PKCS12=y
227
228# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
229# engine.
230CONFIG_SMARTCARD=y
231
232# PC/SC interface for smartcards (USIM, GSM SIM)
233# Enable this if EAP-SIM or EAP-AKA is included
234#CONFIG_PCSC=y
235
236# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
237#CONFIG_HT_OVERRIDES=y
238
239# Support VHT overrides (disable VHT, mask MCS rates, etc.)
240#CONFIG_VHT_OVERRIDES=y
241
242# Development testing
243#CONFIG_EAPOL_TEST=y
244
245# Select control interface backend for external programs, e.g, wpa_cli:
246# unix = UNIX domain sockets (default for Linux/*BSD)
247# udp = UDP sockets using localhost (127.0.0.1)
248# named_pipe = Windows Named Pipe (default for Windows)
249# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
250# y = use default (backwards compatibility)
251# If this option is commented out, control interface is not included in the
252# build.
253CONFIG_CTRL_IFACE=y
254
255# Include support for GNU Readline and History Libraries in wpa_cli.
256# When building a wpa_cli binary for distribution, please note that these
257# libraries are licensed under GPL and as such, BSD license may not apply for
258# the resulting binary.
259#CONFIG_READLINE=y
260
261# Include internal line edit mode in wpa_cli. This can be used as a replacement
262# for GNU Readline to provide limited command line editing and history support.
263#CONFIG_WPA_CLI_EDIT=y
264
265# Remove debugging code that is printing out debug message to stdout.
266# This can be used to reduce the size of the wpa_supplicant considerably
267# if debugging code is not needed. The size reduction can be around 35%
268# (e.g., 90 kB).
269#CONFIG_NO_STDOUT_DEBUG=y
270
271# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
272# 35-50 kB in code size.
273#CONFIG_NO_WPA=y
274
275# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
276# This option can be used to reduce code size by removing support for
277# converting ASCII passphrases into PSK. If this functionality is removed, the
278# PSK can only be configured as the 64-octet hexstring (e.g., from
279# wpa_passphrase). This saves about 0.5 kB in code size.
280#CONFIG_NO_WPA_PASSPHRASE=y
281
282# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
283# This can be used if ap_scan=1 mode is never enabled.
284#CONFIG_NO_SCAN_PROCESSING=y
285
286# Select configuration backend:
287# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
288# path is given on command line, not here; this option is just used to
289# select the backend that allows configuration files to be used)
290# winreg = Windows registry (see win_example.reg for an example)
291CONFIG_BACKEND=file
292
293# Remove configuration write functionality (i.e., to allow the configuration
294# file to be updated based on runtime configuration changes). The runtime
295# configuration can still be changed, the changes are just not going to be
296# persistent over restarts. This option can be used to reduce code size by
297# about 3.5 kB.
298#CONFIG_NO_CONFIG_WRITE=y
299
300# Remove support for configuration blobs to reduce code size by about 1.5 kB.
301#CONFIG_NO_CONFIG_BLOBS=y
302
303# Select program entry point implementation:
304# main = UNIX/POSIX like main() function (default)
305# main_winsvc = Windows service (read parameters from registry)
306# main_none = Very basic example (development use only)
307#CONFIG_MAIN=main
308
309# Select wrapper for operatins system and C library specific functions
310# unix = UNIX/POSIX like systems (default)
311# win32 = Windows systems
312# none = Empty template
313#CONFIG_OS=unix
314
315# Select event loop implementation
316# eloop = select() loop (default)
317# eloop_win = Windows events and WaitForMultipleObject() loop
318#CONFIG_ELOOP=eloop
319
320# Should we use poll instead of select? Select is used by default.
321#CONFIG_ELOOP_POLL=y
322
323# Select layer 2 packet implementation
324# linux = Linux packet socket (default)
325# pcap = libpcap/libdnet/WinPcap
326# freebsd = FreeBSD libpcap
327# winpcap = WinPcap with receive thread
328# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
329# none = Empty template
330#CONFIG_L2_PACKET=linux
331
332# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
333CONFIG_PEERKEY=y
334
335# IEEE 802.11w (management frame protection), also known as PMF
336# Driver support is also needed for IEEE 802.11w.
337#CONFIG_IEEE80211W=y
338
339# Select TLS implementation
340# openssl = OpenSSL (default)
341# gnutls = GnuTLS
342# internal = Internal TLSv1 implementation (experimental)
343# none = Empty template
344#CONFIG_TLS=openssl
345
346# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
347# can be enabled to get a stronger construction of messages when block ciphers
348# are used. It should be noted that some existing TLS v1.0 -based
349# implementation may not be compatible with TLS v1.1 message (ClientHello is
350# sent prior to negotiating which version will be used)
351#CONFIG_TLSV11=y
352
353# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
354# can be enabled to enable use of stronger crypto algorithms. It should be
355# noted that some existing TLS v1.0 -based implementation may not be compatible
356# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
357# will be used)
358#CONFIG_TLSV12=y
359
360# If CONFIG_TLS=internal is used, additional library and include paths are
361# needed for LibTomMath. Alternatively, an integrated, minimal version of
362# LibTomMath can be used. See beginning of libtommath.c for details on benefits
363# and drawbacks of this option.
364#CONFIG_INTERNAL_LIBTOMMATH=y
365#ifndef CONFIG_INTERNAL_LIBTOMMATH
366#LTM_PATH=/usr/src/libtommath-0.39
367#CFLAGS += -I$(LTM_PATH)
368#LIBS += -L$(LTM_PATH)
369#LIBS_p += -L$(LTM_PATH)
370#endif
371# At the cost of about 4 kB of additional binary size, the internal LibTomMath
372# can be configured to include faster routines for exptmod, sqr, and div to
373# speed up DH and RSA calculation considerably
374#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
375
376# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
377# This is only for Windows builds and requires WMI-related header files and
378# WbemUuid.Lib from Platform SDK even when building with MinGW.
379#CONFIG_NDIS_EVENTS_INTEGRATED=y
380#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
381
382# Add support for old DBus control interface
383# (fi.epitest.hostap.WPASupplicant)
384#CONFIG_CTRL_IFACE_DBUS=y
385
386# Add support for new DBus control interface
387# (fi.w1.hostap.wpa_supplicant1)
388CONFIG_CTRL_IFACE_DBUS_NEW=y
389
390# Add introspection support for new DBus control interface
391#CONFIG_CTRL_IFACE_DBUS_INTRO=y
392
393# Add support for loading EAP methods dynamically as shared libraries.
394# When this option is enabled, each EAP method can be either included
395# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
396# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
397# be loaded in the beginning of the wpa_supplicant configuration file
398# (see load_dynamic_eap parameter in the example file) before being used in
399# the network blocks.
400#
401# Note that some shared parts of EAP methods are included in the main program
402# and in order to be able to use dynamic EAP methods using these parts, the
403# main program must have been build with the EAP method enabled (=y or =dyn).
404# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
405# unless at least one of them was included in the main build to force inclusion
406# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
407# in the main build to be able to load these methods dynamically.
408#
409# Please also note that using dynamic libraries will increase the total binary
410# size. Thus, it may not be the best option for targets that have limited
411# amount of memory/flash.
412#CONFIG_DYNAMIC_EAP_METHODS=y
413
414# IEEE Std 802.11r-2008 (Fast BSS Transition)
415#CONFIG_IEEE80211R=y
416
417# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
418#CONFIG_DEBUG_FILE=y
419
420# Send debug messages to syslog instead of stdout
421#CONFIG_DEBUG_SYSLOG=y
422# Set syslog facility for debug messages
423#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
424
425# Add support for sending all debug messages (regardless of debug verbosity)
426# to the Linux kernel tracing facility. This helps debug the entire stack by
427# making it easy to record everything happening from the driver up into the
428# same file, e.g., using trace-cmd.
429#CONFIG_DEBUG_LINUX_TRACING=y
430
431# Enable privilege separation (see README 'Privilege separation' for details)
432#CONFIG_PRIVSEP=y
433
434# Enable mitigation against certain attacks against TKIP by delaying Michael
435# MIC error reports by a random amount of time between 0 and 60 seconds
436#CONFIG_DELAYED_MIC_ERROR_REPORT=y
437
438# Enable tracing code for developer debugging
439# This tracks use of memory allocations and other registrations and reports
440# incorrect use with a backtrace of call (or allocation) location.
441#CONFIG_WPA_TRACE=y
442# For BSD, uncomment these.
443#LIBS += -lexecinfo
444#LIBS_p += -lexecinfo
445#LIBS_c += -lexecinfo
446
447# Use libbfd to get more details for developer debugging
448# This enables use of libbfd to get more detailed symbols for the backtraces
449# generated by CONFIG_WPA_TRACE=y.
450#CONFIG_WPA_TRACE_BFD=y
451# For BSD, uncomment these.
452#LIBS += -lbfd -liberty -lz
453#LIBS_p += -lbfd -liberty -lz
454#LIBS_c += -lbfd -liberty -lz
455
456CONFIG_TLS = %ssl%
457CONFIG_CTRL_IFACE_DBUS=y
458CONFIG_CTRL_IFACE_DBUS_NEW=y
459
460# wpa_supplicant depends on strong random number generation being available
461# from the operating system. os_get_random() function is used to fetch random
462# data when needed, e.g., for key generation. On Linux and BSD systems, this
463# works by reading /dev/urandom. It should be noted that the OS entropy pool
464# needs to be properly initialized before wpa_supplicant is started. This is
465# important especially on embedded devices that do not have a hardware random
466# number generator and may by default start up with minimal entropy available
467# for random number generation.
468#
469# As a safety net, wpa_supplicant is by default trying to internally collect
470# additional entropy for generating random data to mix in with the data fetched
471# from the OS. This by itself is not considered to be very strong, but it may
472# help in cases where the system pool is not initialized properly. However, it
473# is very strongly recommended that the system pool is initialized with enough
474# entropy either by using hardware assisted random number generator or by
475# storing state over device reboots.
476#
477# wpa_supplicant can be configured to maintain its own entropy store over
478# restarts to enhance random number generation. This is not perfect, but it is
479# much more secure than using the same sequence of random numbers after every
480# reboot. This can be enabled with -e<entropy file> command line option. The
481# specified file needs to be readable and writable by wpa_supplicant.
482#
483# If the os_get_random() is known to provide strong random data (e.g., on
484# Linux/BSD, the board in question is known to have reliable source of random
485# data from /dev/urandom), the internal wpa_supplicant random pool can be
486# disabled. This will save some in binary size and CPU use. However, this
487# should only be considered for builds that are known to be used on devices
488# that meet the requirements described above.
489#CONFIG_NO_RANDOM_POOL=y
490
491# IEEE 802.11n (High Throughput) support (mainly for AP mode)
492#CONFIG_IEEE80211N=y
493
494# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
495# (depends on CONFIG_IEEE80211N)
496#CONFIG_IEEE80211AC=y
497
498# Wireless Network Management (IEEE Std 802.11v-2011)
499# Note: This is experimental and not complete implementation.
500#CONFIG_WNM=y
501
502# Interworking (IEEE 802.11u)
503# This can be used to enable functionality to improve interworking with
504# external networks (GAS/ANQP to learn more about the networks and network
505# selection based on available credentials).
506#CONFIG_INTERWORKING=y
507
508# Hotspot 2.0
509#CONFIG_HS20=y
510
511# Disable roaming in wpa_supplicant
512#CONFIG_NO_ROAMING=y
513
514# AP mode operations with wpa_supplicant
515# This can be used for controlling AP mode operations with wpa_supplicant. It
516# should be noted that this is mainly aimed at simple cases like
517# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
518# external RADIUS server can be supported with hostapd.
519CONFIG_AP=y
520
521CONFIG_BGSCAN_SIMPLE=y
522
523# P2P (Wi-Fi Direct)
524# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
525# more information on P2P operations.
526#CONFIG_P2P=y
527
528# Enable TDLS support
529#CONFIG_TDLS=y
530
531# Wi-Fi Direct
532# This can be used to enable Wi-Fi Direct extensions for P2P using an external
533# program to control the additional information exchanges in the messages.
534#CONFIG_WIFI_DISPLAY=y
535
536# Autoscan
537# This can be used to enable automatic scan support in wpa_supplicant.
538# See wpa_supplicant.conf for more information on autoscan usage.
539#
540# Enabling directly a module will enable autoscan support.
541# For exponential module:
542CONFIG_AUTOSCAN_EXPONENTIAL=y
543# For periodic module:
544#CONFIG_AUTOSCAN_PERIODIC=y
545
546# Password (and passphrase, etc.) backend for external storage
547# These optional mechanisms can be used to add support for storing passwords
548# and other secrets in external (to wpa_supplicant) location. This allows, for
549# example, operating system specific key storage to be used
550#
551# External password backend for testing purposes (developer use)
552#CONFIG_EXT_PASSWORD_TEST=y
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
new file mode 100644
index 0000000000..22028ce957
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -0,0 +1,138 @@
1SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
2DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver."
3HOMEPAGE = "http://w1.fi/wpa_supplicant/"
4BUGTRACKER = "http://w1.fi/security/"
5SECTION = "network"
6LICENSE = "BSD-3-Clause"
7LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \
8 file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \
9 file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705"
10
11DEPENDS = "dbus libnl"
12
13SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
14 file://wpa-supplicant.sh \
15 file://wpa_supplicant.conf \
16 file://wpa_supplicant.conf-sane \
17 file://99_wpa_supplicant \
18 file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \
19 file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \
20 file://0001-Install-wpa_passphrase-when-not-disabled.patch \
21 file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \
22 "
23SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
24
25S = "${WORKDIR}/wpa_supplicant-${PV}"
26
27inherit pkgconfig systemd
28
29PACKAGECONFIG ?= "openssl"
30PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
31PACKAGECONFIG[openssl] = ",,openssl"
32
33CVE_PRODUCT = "wpa_supplicant"
34
35EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'"
36
37do_configure () {
38 ${MAKE} -C wpa_supplicant clean
39 sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config
40
41 if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then
42 echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config
43 elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then
44 echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config
45 sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \
46 -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \
47 -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config
48 fi
49
50 # For rebuild
51 rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
52}
53
54do_compile () {
55 oe_runmake -C wpa_supplicant
56 if [ -z "${DISABLE_STATIC}" ]; then
57 oe_runmake -C wpa_supplicant libwpa_client.a
58 fi
59}
60
61do_install () {
62 oe_runmake -C wpa_supplicant DESTDIR="${D}" install
63
64 install -d ${D}${docdir}/wpa_supplicant
65 install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
66
67 install -d ${D}${sysconfdir}
68 install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
69
70 install -d ${D}${sysconfdir}/network/if-pre-up.d/
71 install -d ${D}${sysconfdir}/network/if-post-down.d/
72 install -d ${D}${sysconfdir}/network/if-down.d/
73 install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
74 ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant
75
76 install -d ${D}/${sysconfdir}/dbus-1/system.d
77 install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
78 install -d ${D}/${datadir}/dbus-1/system-services
79 install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
80
81 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
82 install -d ${D}/${systemd_system_unitdir}
83 install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir}
84 fi
85
86 install -d ${D}/etc/default/volatiles
87 install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
88
89 install -d ${D}${includedir}
90 install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir}
91
92 if [ -z "${DISABLE_STATIC}" ]; then
93 install -d ${D}${libdir}
94 install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir}
95 fi
96}
97
98pkg_postinst:${PN} () {
99 # If we're offline, we don't need to do this.
100 if [ "x$D" = "x" ]; then
101 killall -q -HUP dbus-daemon || true
102 fi
103}
104
105PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli"
106PACKAGES =+ "${PN}-lib"
107PACKAGES += "${PN}-plugins"
108ALLOW_EMPTY:${PN}-plugins = "1"
109
110PACKAGES_DYNAMIC += "^${PN}-plugin-.*$"
111NOAUTOPACKAGEDEBUG = "1"
112
113FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase"
114FILES:${PN}-cli = "${sbindir}/wpa_cli"
115FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}"
116FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
117FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug"
118
119CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf"
120
121RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins"
122
123SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service"
124SYSTEMD_AUTO_ENABLE = "disable"
125
126python split_wpa_supplicant_libs () {
127 libdir = d.expand('${libdir}/wpa_supplicant')
128 dbglibdir = os.path.join(libdir, '.debug')
129
130 split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True)
131 split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg')
132
133 if split_packages:
134 pn = d.getVar('PN')
135 d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages))
136 d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages))
137}
138PACKAGESPLITFUNCS += "split_wpa_supplicant_libs"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
deleted file mode 100644
index 7cc03fef7d..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ /dev/null
@@ -1,113 +0,0 @@
1SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
2HOMEPAGE = "http://w1.fi/wpa_supplicant/"
3BUGTRACKER = "http://w1.fi/security/"
4SECTION = "network"
5LICENSE = "BSD-3-Clause"
6LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
7 file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \
8 file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b"
9DEPENDS = "dbus libnl"
10RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
11
12PACKAGECONFIG ??= "gnutls"
13PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
14PACKAGECONFIG[openssl] = ",,openssl"
15
16inherit pkgconfig systemd
17
18SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service"
19SYSTEMD_AUTO_ENABLE = "disable"
20
21SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
22 file://defconfig \
23 file://wpa-supplicant.sh \
24 file://wpa_supplicant.conf \
25 file://wpa_supplicant.conf-sane \
26 file://99_wpa_supplicant \
27 file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
28 file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
29 file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
30 file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
31 file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
32 "
33SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
34SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
35
36CVE_PRODUCT = "wpa_supplicant"
37
38S = "${WORKDIR}/wpa_supplicant-${PV}"
39
40PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
41FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
42FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
43FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
44CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
45
46do_configure () {
47 ${MAKE} -C wpa_supplicant clean
48 install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
49
50 if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
51 ssl=openssl
52 elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
53 ssl=gnutls
54 fi
55 if [ -n "$ssl" ]; then
56 sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config
57 fi
58
59 # For rebuild
60 rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
61}
62
63export EXTRA_CFLAGS = "${CFLAGS}"
64export BINDIR = "${sbindir}"
65
66do_compile () {
67 unset CFLAGS CPPFLAGS CXXFLAGS
68 sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules
69 oe_runmake -C wpa_supplicant
70}
71
72do_install () {
73 install -d ${D}${sbindir}
74 install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
75 install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir}
76
77 install -d ${D}${bindir}
78 install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir}
79
80 install -d ${D}${docdir}/wpa_supplicant
81 install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
82
83 install -d ${D}${sysconfdir}
84 install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
85
86 install -d ${D}${sysconfdir}/network/if-pre-up.d/
87 install -d ${D}${sysconfdir}/network/if-post-down.d/
88 install -d ${D}${sysconfdir}/network/if-down.d/
89 install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
90 cd ${D}${sysconfdir}/network/ && \
91 ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant
92
93 install -d ${D}/${sysconfdir}/dbus-1/system.d
94 install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
95 install -d ${D}/${datadir}/dbus-1/system-services
96 install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
97
98 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
99 install -d ${D}/${systemd_unitdir}/system
100 install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system
101 fi
102
103 install -d ${D}/etc/default/volatiles
104 install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
105}
106
107pkg_postinst_wpa-supplicant () {
108 # If we're offline, we don't need to do this.
109 if [ "x$D" = "x" ]; then
110 killall -q -HUP dbus-daemon || true
111 fi
112
113}