diff options
Diffstat (limited to 'meta/recipes-connectivity')
122 files changed, 3487 insertions, 2555 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index c8a3f876aa..1f18d4491d 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb | |||
@@ -5,35 +5,47 @@ with no specific configuration. This tool implements IPv4LL, "Dynamic Configurat | |||
5 | IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ | 5 | IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ |
6 | configuration from the link-local 169.254.0.0/16 range without the need for a central \ | 6 | configuration from the link-local 169.254.0.0/16 range without the need for a central \ |
7 | server.' | 7 | server.' |
8 | AUTHOR = "Lennart Poettering <lennart@poettering.net>" | ||
9 | HOMEPAGE = "http://avahi.org" | 8 | HOMEPAGE = "http://avahi.org" |
10 | BUGTRACKER = "https://github.com/lathiat/avahi/issues" | 9 | BUGTRACKER = "https://github.com/avahi/avahi/issues" |
11 | SECTION = "network" | 10 | SECTION = "network" |
12 | 11 | ||
13 | # major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and | 12 | # major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and |
14 | # python scripts are under GPLv2+ | 13 | # python scripts are under GPL-2.0-or-later |
15 | LICENSE = "GPLv2+ & LGPLv2.1+" | 14 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" |
16 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | 15 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ |
17 | file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ | 16 | file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ |
18 | file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ | 17 | file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ |
19 | file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ | 18 | file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ |
20 | file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" | 19 | file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" |
21 | 20 | ||
22 | SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ | 21 | SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ |
23 | file://00avahi-autoipd \ | 22 | file://00avahi-autoipd \ |
24 | file://99avahi-autoipd \ | 23 | file://99avahi-autoipd \ |
25 | file://initscript.patch \ | 24 | file://initscript.patch \ |
26 | file://0001-Fix-opening-etc-resolv.conf-error.patch \ | 25 | file://0001-Fix-opening-etc-resolv.conf-error.patch \ |
26 | file://handle-hup.patch \ | ||
27 | file://local-ping.patch \ | ||
28 | file://invalid-service.patch \ | ||
29 | file://CVE-2023-1981.patch \ | ||
30 | file://CVE-2023-38469-1.patch \ | ||
31 | file://CVE-2023-38469-2.patch \ | ||
32 | file://CVE-2023-38470-1.patch \ | ||
33 | file://CVE-2023-38470-2.patch \ | ||
34 | file://CVE-2023-38471-1.patch \ | ||
35 | file://CVE-2023-38471-2.patch \ | ||
36 | file://CVE-2023-38472.patch \ | ||
37 | file://CVE-2023-38473.patch \ | ||
27 | " | 38 | " |
28 | 39 | ||
29 | UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" | 40 | GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" |
30 | SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" | ||
31 | SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" | 41 | SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" |
32 | 42 | ||
33 | DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native" | 43 | CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" |
44 | |||
45 | DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" | ||
34 | 46 | ||
35 | # For gtk related PACKAGECONFIGs: gtk, gtk3 | 47 | # For gtk related PACKAGECONFIGs: gtk, gtk3 |
36 | AVAHI_GTK ?= "gtk3" | 48 | AVAHI_GTK ?= "" |
37 | 49 | ||
38 | PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" | 50 | PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" |
39 | PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" | 51 | PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" |
@@ -43,7 +55,7 @@ PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" | |||
43 | PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" | 55 | PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" |
44 | PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" | 56 | PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" |
45 | 57 | ||
46 | inherit autotools pkgconfig gettext gobject-introspection | 58 | inherit autotools pkgconfig gettext gobject-introspection github-releases |
47 | 59 | ||
48 | EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ | 60 | EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ |
49 | --disable-stack-protector \ | 61 | --disable-stack-protector \ |
@@ -62,23 +74,22 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ | |||
62 | 74 | ||
63 | # The distro choice determines what init scripts are installed | 75 | # The distro choice determines what init scripts are installed |
64 | EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" | 76 | EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" |
65 | EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}" | 77 | EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" |
66 | 78 | ||
67 | do_configure_prepend() { | 79 | do_configure:prepend() { |
68 | # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes | 80 | # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes |
69 | rm "${S}/common/introspection.m4" || true | 81 | rm "${S}/common/introspection.m4" || true |
70 | } | 82 | } |
71 | 83 | ||
72 | do_compile_prepend() { | 84 | do_compile:prepend() { |
73 | export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" | 85 | export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" |
74 | } | 86 | } |
75 | 87 | ||
76 | RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns" | 88 | RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" |
77 | 89 | ||
78 | do_install() { | 90 | do_install() { |
79 | autotools_do_install | 91 | autotools_do_install |
80 | rm -rf ${D}/run | 92 | rm -rf ${D}/run |
81 | rm -rf ${D}${datadir}/dbus-1/interfaces | ||
82 | test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 | 93 | test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 |
83 | rm -rf ${D}${libdir}/avahi | 94 | rm -rf ${D}${libdir}/avahi |
84 | 95 | ||
@@ -90,88 +101,88 @@ do_install() { | |||
90 | 101 | ||
91 | PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" | 102 | PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" |
92 | 103 | ||
93 | FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" | 104 | FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" |
94 | 105 | ||
95 | RPROVIDES_libavahi-compat-libdnssd = "libdns-sd" | 106 | RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" |
96 | 107 | ||
97 | inherit update-rc.d systemd useradd | 108 | inherit update-rc.d systemd useradd |
98 | 109 | ||
99 | PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" | 110 | PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" |
100 | 111 | ||
101 | FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*" | 112 | FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" |
102 | FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \ | 113 | FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ |
103 | ${datadir}/avahi/interfaces/avahi-discover.ui \ | 114 | ${datadir}/avahi/interfaces/avahi-discover.ui \ |
104 | ${bindir}/avahi-discover-standalone \ | 115 | ${bindir}/avahi-discover-standalone \ |
105 | " | 116 | " |
106 | 117 | ||
107 | LICENSE_libavahi-gobject = "LGPLv2.1+" | 118 | LICENSE:libavahi-gobject = "LGPL-2.1-or-later" |
108 | LICENSE_avahi-daemon = "LGPLv2.1+" | 119 | LICENSE:avahi-daemon = "LGPL-2.1-or-later" |
109 | LICENSE_libavahi-common = "LGPLv2.1+" | 120 | LICENSE:libavahi-common = "LGPL-2.1-or-later" |
110 | LICENSE_libavahi-core = "LGPLv2.1+" | 121 | LICENSE:libavahi-core = "LGPL-2.1-or-later" |
111 | LICENSE_libavahi-client = "LGPLv2.1+" | 122 | LICENSE:libavahi-client = "LGPL-2.1-or-later" |
112 | LICENSE_avahi-dnsconfd = "LGPLv2.1+" | 123 | LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" |
113 | LICENSE_libavahi-glib = "LGPLv2.1+" | 124 | LICENSE:libavahi-glib = "LGPL-2.1-or-later" |
114 | LICENSE_avahi-autoipd = "LGPLv2.1+" | 125 | LICENSE:avahi-autoipd = "LGPL-2.1-or-later" |
115 | LICENSE_avahi-utils = "LGPLv2.1+" | 126 | LICENSE:avahi-utils = "LGPL-2.1-or-later" |
116 | 127 | ||
117 | # As avahi doesn't put any files into PN, clear the files list to avoid problems | 128 | # As avahi doesn't put any files into PN, clear the files list to avoid problems |
118 | # if extra libraries appear. | 129 | # if extra libraries appear. |
119 | FILES_${PN} = "" | 130 | FILES:${PN} = "" |
120 | FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \ | 131 | FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ |
121 | ${sysconfdir}/avahi/avahi-autoipd.action \ | 132 | ${sysconfdir}/avahi/avahi-autoipd.action \ |
122 | ${sysconfdir}/dhcp/*/avahi-autoipd \ | 133 | ${sysconfdir}/dhcp/*/avahi-autoipd \ |
123 | ${sysconfdir}/udhcpc.d/00avahi-autoipd \ | 134 | ${sysconfdir}/udhcpc.d/00avahi-autoipd \ |
124 | ${sysconfdir}/udhcpc.d/99avahi-autoipd" | 135 | ${sysconfdir}/udhcpc.d/99avahi-autoipd" |
125 | FILES_libavahi-common = "${libdir}/libavahi-common.so.*" | 136 | FILES:libavahi-common = "${libdir}/libavahi-common.so.*" |
126 | FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" | 137 | FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" |
127 | FILES_avahi-daemon = "${sbindir}/avahi-daemon \ | 138 | FILES:avahi-daemon = "${sbindir}/avahi-daemon \ |
128 | ${sysconfdir}/avahi/avahi-daemon.conf \ | 139 | ${sysconfdir}/avahi/avahi-daemon.conf \ |
129 | ${sysconfdir}/avahi/hosts \ | 140 | ${sysconfdir}/avahi/hosts \ |
130 | ${sysconfdir}/avahi/services \ | 141 | ${sysconfdir}/avahi/services \ |
131 | ${sysconfdir}/dbus-1 \ | 142 | ${sysconfdir}/dbus-1 \ |
132 | ${sysconfdir}/init.d/avahi-daemon \ | 143 | ${sysconfdir}/init.d/avahi-daemon \ |
133 | ${datadir}/avahi/introspection/*.introspect \ | 144 | ${datadir}/dbus-1/interfaces \ |
134 | ${datadir}/avahi/avahi-service.dtd \ | 145 | ${datadir}/avahi/avahi-service.dtd \ |
135 | ${datadir}/avahi/service-types \ | 146 | ${datadir}/avahi/service-types \ |
136 | ${datadir}/dbus-1/system-services" | 147 | ${datadir}/dbus-1/system-services" |
137 | FILES_libavahi-client = "${libdir}/libavahi-client.so.*" | 148 | FILES:libavahi-client = "${libdir}/libavahi-client.so.*" |
138 | FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ | 149 | FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ |
139 | ${sysconfdir}/avahi/avahi-dnsconfd.action \ | 150 | ${sysconfdir}/avahi/avahi-dnsconfd.action \ |
140 | ${sysconfdir}/init.d/avahi-dnsconfd" | 151 | ${sysconfdir}/init.d/avahi-dnsconfd" |
141 | FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*" | 152 | FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" |
142 | FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" | 153 | FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" |
143 | FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" | 154 | FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" |
144 | 155 | ||
145 | RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" | 156 | DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" |
146 | RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" | 157 | DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" |
147 | RDEPENDS_${PN}-dnsconfd = "${PN}-daemon" | 158 | RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" |
148 | 159 | ||
149 | RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns" | 160 | RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns" |
150 | 161 | ||
151 | CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" | 162 | CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" |
152 | 163 | ||
153 | USERADD_PACKAGES = "avahi-daemon avahi-autoipd" | 164 | USERADD_PACKAGES = "avahi-daemon avahi-autoipd" |
154 | USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \ | 165 | USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ |
155 | --no-create-home --shell /bin/false \ | 166 | --no-create-home --shell /bin/false \ |
156 | --user-group avahi" | 167 | --user-group avahi" |
157 | 168 | ||
158 | USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \ | 169 | USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ |
159 | --no-create-home --shell /bin/false \ | 170 | --no-create-home --shell /bin/false \ |
160 | --user-group \ | 171 | --user-group \ |
161 | -c \"Avahi autoip daemon\" \ | 172 | -c \"Avahi autoip daemon\" \ |
162 | avahi-autoipd" | 173 | avahi-autoipd" |
163 | 174 | ||
164 | INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" | 175 | INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" |
165 | INITSCRIPT_NAME_avahi-daemon = "avahi-daemon" | 176 | INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" |
166 | INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19" | 177 | INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" |
167 | INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd" | 178 | INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" |
168 | INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19" | 179 | INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" |
169 | 180 | ||
170 | SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" | 181 | SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" |
171 | SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service" | 182 | SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" |
172 | SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service" | 183 | SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" |
173 | 184 | ||
174 | do_install_append() { | 185 | do_install:append() { |
175 | install -d ${D}${sysconfdir}/udhcpc.d | 186 | install -d ${D}${sysconfdir}/udhcpc.d |
176 | install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d | 187 | install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d |
177 | install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d | 188 | install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d |
@@ -179,7 +190,7 @@ do_install_append() { | |||
179 | 190 | ||
180 | # At the time the postinst runs, dbus might not be setup so only restart if running | 191 | # At the time the postinst runs, dbus might not be setup so only restart if running |
181 | # Don't exit early, because update-rc.d needs to run subsequently. | 192 | # Don't exit early, because update-rc.d needs to run subsequently. |
182 | pkg_postinst_avahi-daemon () { | 193 | pkg_postinst:avahi-daemon () { |
183 | if [ -z "$D" ]; then | 194 | if [ -z "$D" ]; then |
184 | killall -q -HUP dbus-daemon || true | 195 | killall -q -HUP dbus-daemon || true |
185 | fi | 196 | fi |
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch new file mode 100644 index 0000000000..4d7924d13a --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
3 | Date: Thu, 17 Nov 2022 01:51:53 +0100 | ||
4 | Subject: [PATCH] Emit error if requested service is not found | ||
5 | |||
6 | It currently just crashes instead of replying with error. Check return | ||
7 | value and emit error instead of passing NULL pointer to reply. | ||
8 | |||
9 | Fixes #375 | ||
10 | |||
11 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security | ||
12 | Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] | ||
13 | CVE: CVE-2023-1981 | ||
14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
15 | --- | ||
16 | avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ | ||
17 | 1 file changed, 14 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c | ||
20 | index 70d7687bc..406d0b441 100644 | ||
21 | --- a/avahi-daemon/dbus-protocol.c | ||
22 | +++ b/avahi-daemon/dbus-protocol.c | ||
23 | @@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM | ||
24 | } | ||
25 | |||
26 | t = avahi_alternative_host_name(n); | ||
27 | - avahi_dbus_respond_string(c, m, t); | ||
28 | - avahi_free(t); | ||
29 | + if (t) { | ||
30 | + avahi_dbus_respond_string(c, m, t); | ||
31 | + avahi_free(t); | ||
32 | |||
33 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
34 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
35 | + } else { | ||
36 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); | ||
37 | + } | ||
38 | } | ||
39 | |||
40 | static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
41 | @@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB | ||
42 | } | ||
43 | |||
44 | t = avahi_alternative_service_name(n); | ||
45 | - avahi_dbus_respond_string(c, m, t); | ||
46 | - avahi_free(t); | ||
47 | + if (t) { | ||
48 | + avahi_dbus_respond_string(c, m, t); | ||
49 | + avahi_free(t); | ||
50 | |||
51 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
52 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
53 | + } else { | ||
54 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); | ||
55 | + } | ||
56 | } | ||
57 | |||
58 | static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch new file mode 100644 index 0000000000..a078f66102 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Mon, 23 Oct 2023 20:29:31 +0000 | ||
4 | Subject: [PATCH] avahi: core: reject overly long TXT resource records | ||
5 | |||
6 | Closes https://github.com/lathiat/avahi/issues/455 | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] | ||
9 | CVE: CVE-2023-38469 | ||
10 | |||
11 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
12 | --- | ||
13 | avahi-core/rr.c | 9 ++++++++- | ||
14 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/avahi-core/rr.c b/avahi-core/rr.c | ||
17 | index 7fa0bee..b03a24c 100644 | ||
18 | --- a/avahi-core/rr.c | ||
19 | +++ b/avahi-core/rr.c | ||
20 | @@ -32,6 +32,7 @@ | ||
21 | #include <avahi-common/malloc.h> | ||
22 | #include <avahi-common/defs.h> | ||
23 | |||
24 | +#include "dns.h" | ||
25 | #include "rr.h" | ||
26 | #include "log.h" | ||
27 | #include "util.h" | ||
28 | @@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { | ||
29 | case AVAHI_DNS_TYPE_TXT: { | ||
30 | |||
31 | AvahiStringList *strlst; | ||
32 | + size_t used = 0; | ||
33 | |||
34 | - for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) | ||
35 | + for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { | ||
36 | if (strlst->size > 255 || strlst->size <= 0) | ||
37 | return 0; | ||
38 | |||
39 | + used += 1+strlst->size; | ||
40 | + if (used > AVAHI_DNS_RDATA_MAX) | ||
41 | + return 0; | ||
42 | + } | ||
43 | + | ||
44 | return 1; | ||
45 | } | ||
46 | } | ||
47 | -- | ||
48 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch new file mode 100644 index 0000000000..f8f60ddca1 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Wed, 25 Oct 2023 18:15:42 +0000 | ||
4 | Subject: [PATCH] tests: pass overly long TXT resource records | ||
5 | |||
6 | to make sure they don't crash avahi any more. | ||
7 | It reproduces https://github.com/lathiat/avahi/issues/455 | ||
8 | |||
9 | Canonical notes: | ||
10 | nickgalanis> removed first hunk since there is no .github dir in this release | ||
11 | |||
12 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security | ||
13 | Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] | ||
14 | CVE: CVE-2023-38469 | ||
15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
16 | --- | ||
17 | avahi-client/client-test.c | 14 ++++++++++++++ | ||
18 | 1 files changed, 14 insertions(+) | ||
19 | |||
20 | Index: avahi-0.8/avahi-client/client-test.c | ||
21 | =================================================================== | ||
22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
23 | +++ avahi-0.8/avahi-client/client-test.c | ||
24 | @@ -22,6 +22,7 @@ | ||
25 | #endif | ||
26 | |||
27 | #include <stdio.h> | ||
28 | +#include <string.h> | ||
29 | #include <assert.h> | ||
30 | |||
31 | #include <avahi-client/client.h> | ||
32 | @@ -33,6 +34,8 @@ | ||
33 | #include <avahi-common/malloc.h> | ||
34 | #include <avahi-common/timeval.h> | ||
35 | |||
36 | +#include <avahi-core/dns.h> | ||
37 | + | ||
38 | static const AvahiPoll *poll_api = NULL; | ||
39 | static AvahiSimplePoll *simple_poll = NULL; | ||
40 | |||
41 | @@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
42 | uint32_t cookie; | ||
43 | struct timeval tv; | ||
44 | AvahiAddress a; | ||
45 | + uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; | ||
46 | + AvahiStringList *txt = NULL; | ||
47 | + int r; | ||
48 | |||
49 | simple_poll = avahi_simple_poll_new(); | ||
50 | poll_api = avahi_simple_poll_get(simple_poll); | ||
51 | @@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
52 | printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); | ||
53 | printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); | ||
54 | |||
55 | + memset(rdata, 1, sizeof(rdata)); | ||
56 | + r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); | ||
57 | + assert(r >= 0); | ||
58 | + assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); | ||
59 | + error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); | ||
60 | + assert(error == AVAHI_ERR_INVALID_RECORD); | ||
61 | + avahi_string_list_free(txt); | ||
62 | + | ||
63 | avahi_entry_group_commit (group); | ||
64 | |||
65 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch new file mode 100644 index 0000000000..91f9e677ac --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
3 | Date: Tue, 11 Apr 2023 15:29:59 +0200 | ||
4 | Subject: [PATCH] avahi: Ensure each label is at least one byte long | ||
5 | |||
6 | The only allowed exception is single dot, where it should return empty | ||
7 | string. | ||
8 | |||
9 | Fixes #454. | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] | ||
12 | CVE: CVE-2023-38470 | ||
13 | |||
14 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
15 | --- | ||
16 | avahi-common/domain-test.c | 14 ++++++++++++++ | ||
17 | avahi-common/domain.c | 2 +- | ||
18 | 2 files changed, 15 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c | ||
21 | index cf763ec..3acc1c1 100644 | ||
22 | --- a/avahi-common/domain-test.c | ||
23 | +++ b/avahi-common/domain-test.c | ||
24 | @@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
25 | printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); | ||
26 | avahi_free(s); | ||
27 | |||
28 | + printf("%s\n", s = avahi_normalize_name_strdup(".")); | ||
29 | + avahi_free(s); | ||
30 | + | ||
31 | + s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." | ||
32 | + "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" | ||
33 | + ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" | ||
34 | + "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." | ||
35 | + "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." | ||
36 | + "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" | ||
37 | + "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." | ||
38 | + "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." | ||
39 | + "}.?.?.?.}.=.?.?.}"); | ||
40 | + assert(s == NULL); | ||
41 | + | ||
42 | printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); | ||
43 | printf("%i\n", avahi_domain_equal("A", "a")); | ||
44 | |||
45 | diff --git a/avahi-common/domain.c b/avahi-common/domain.c | ||
46 | index 3b1ab68..e66d241 100644 | ||
47 | --- a/avahi-common/domain.c | ||
48 | +++ b/avahi-common/domain.c | ||
49 | @@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { | ||
50 | } | ||
51 | |||
52 | if (!empty) { | ||
53 | - if (size < 1) | ||
54 | + if (size < 2) | ||
55 | return NULL; | ||
56 | |||
57 | *(r++) = '.'; | ||
58 | -- | ||
59 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch new file mode 100644 index 0000000000..e0736bf210 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Tue, 19 Sep 2023 03:21:25 +0000 | ||
4 | Subject: [PATCH] [common] bail out when escaped labels can't fit into ret | ||
5 | |||
6 | Fixes: | ||
7 | ``` | ||
8 | ==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 | ||
9 | READ of size 1110 at 0x7f9e76f14c16 thread T0 | ||
10 | #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) | ||
11 | #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 | ||
12 | #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 | ||
13 | ``` | ||
14 | and | ||
15 | ``` | ||
16 | fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. | ||
17 | ==101571== ERROR: libFuzzer: deadly signal | ||
18 | #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
19 | #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
20 | #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
21 | #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
22 | #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
23 | #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
24 | #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
25 | #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
26 | #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
27 | #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 | ||
28 | ``` | ||
29 | |||
30 | It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c | ||
31 | |||
32 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security | ||
33 | CVE: CVE-2023-38470 #Follow-up patch | ||
34 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
35 | --- | ||
36 | avahi-common/domain.c | 3 ++- | ||
37 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
38 | |||
39 | Index: avahi-0.8/avahi-common/domain.c | ||
40 | =================================================================== | ||
41 | --- avahi-0.8.orig/avahi-common/domain.c | ||
42 | +++ avahi-0.8/avahi-common/domain.c | ||
43 | @@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s | ||
44 | } else | ||
45 | empty = 0; | ||
46 | |||
47 | - avahi_escape_label(label, strlen(label), &r, &size); | ||
48 | + if (!(avahi_escape_label(label, strlen(label), &r, &size))) | ||
49 | + return NULL; | ||
50 | } | ||
51 | |||
52 | return ret_s; | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch new file mode 100644 index 0000000000..b3f716495d --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Mon, 23 Oct 2023 13:38:35 +0200 | ||
4 | Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() | ||
5 | |||
6 | Previously we could create invalid escape sequence when we split the | ||
7 | string on dot. For example, from valid host name "foo\\.bar" we have | ||
8 | created invalid name "foo\\" and tried to set that as the host name | ||
9 | which crashed the daemon. | ||
10 | |||
11 | Fixes #453 | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] | ||
14 | CVE: CVE-2023-38471 | ||
15 | |||
16 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
17 | --- | ||
18 | avahi-core/server.c | 27 +++++++++++++++++++++------ | ||
19 | 1 file changed, 21 insertions(+), 6 deletions(-) | ||
20 | |||
21 | diff --git a/avahi-core/server.c b/avahi-core/server.c | ||
22 | index e507750..40f1d68 100644 | ||
23 | --- a/avahi-core/server.c | ||
24 | +++ b/avahi-core/server.c | ||
25 | @@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { | ||
26 | } | ||
27 | |||
28 | int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
29 | - char *hn = NULL; | ||
30 | + char label_escaped[AVAHI_LABEL_MAX*4+1]; | ||
31 | + char label[AVAHI_LABEL_MAX]; | ||
32 | + char *hn = NULL, *h; | ||
33 | + size_t len; | ||
34 | + | ||
35 | assert(s); | ||
36 | |||
37 | AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); | ||
38 | @@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
39 | else | ||
40 | hn = avahi_normalize_name_strdup(host_name); | ||
41 | |||
42 | - hn[strcspn(hn, ".")] = 0; | ||
43 | + h = hn; | ||
44 | + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
45 | + avahi_free(h); | ||
46 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
47 | + } | ||
48 | + | ||
49 | + avahi_free(h); | ||
50 | + | ||
51 | + h = label_escaped; | ||
52 | + len = sizeof(label_escaped); | ||
53 | + if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
54 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
55 | |||
56 | - if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { | ||
57 | - avahi_free(hn); | ||
58 | + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
59 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
60 | - } | ||
61 | |||
62 | withdraw_host_rrs(s); | ||
63 | |||
64 | avahi_free(s->host_name); | ||
65 | - s->host_name = hn; | ||
66 | + s->host_name = avahi_strdup(label_escaped); | ||
67 | + if (!s->host_name) | ||
68 | + return AVAHI_ERR_NO_MEMORY; | ||
69 | |||
70 | update_fqdn(s); | ||
71 | |||
72 | -- | ||
73 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch new file mode 100644 index 0000000000..44737bfc2e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 | ||
2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
3 | Date: Tue, 24 Oct 2023 22:04:51 +0000 | ||
4 | Subject: [PATCH] core: return errors from avahi_server_set_host_name properly | ||
5 | |||
6 | It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 | ||
7 | |||
8 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security | ||
9 | Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] | ||
10 | CVE: CVE-2023-38471 #Follow-up Patch | ||
11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
12 | --- | ||
13 | avahi-core/server.c | 9 ++++++--- | ||
14 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
15 | |||
16 | Index: avahi-0.8/avahi-core/server.c | ||
17 | =================================================================== | ||
18 | --- avahi-0.8.orig/avahi-core/server.c | ||
19 | +++ avahi-0.8/avahi-core/server.c | ||
20 | @@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ | ||
21 | else | ||
22 | hn = avahi_normalize_name_strdup(host_name); | ||
23 | |||
24 | + if (!hn) | ||
25 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
26 | + | ||
27 | h = hn; | ||
28 | if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
29 | avahi_free(h); | ||
30 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
31 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
32 | } | ||
33 | |||
34 | avahi_free(h); | ||
35 | @@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ | ||
36 | h = label_escaped; | ||
37 | len = sizeof(label_escaped); | ||
38 | if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
39 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
40 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
41 | |||
42 | if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
43 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
44 | @@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ | ||
45 | avahi_free(s->host_name); | ||
46 | s->host_name = avahi_strdup(label_escaped); | ||
47 | if (!s->host_name) | ||
48 | - return AVAHI_ERR_NO_MEMORY; | ||
49 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
50 | |||
51 | update_fqdn(s); | ||
52 | |||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch new file mode 100644 index 0000000000..85dbded73b --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Thu, 19 Oct 2023 17:36:44 +0200 | ||
4 | Subject: [PATCH] core: make sure there is rdata to process before parsing it | ||
5 | |||
6 | Fixes #452 | ||
7 | |||
8 | CVE-2023-38472 | ||
9 | |||
10 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security | ||
11 | Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] | ||
12 | CVE: CVE-2023-38472 | ||
13 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
15 | --- | ||
16 | avahi-client/client-test.c | 3 +++ | ||
17 | avahi-daemon/dbus-entry-group.c | 2 +- | ||
18 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
19 | |||
20 | Index: avahi-0.8/avahi-client/client-test.c | ||
21 | =================================================================== | ||
22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
23 | +++ avahi-0.8/avahi-client/client-test.c | ||
24 | @@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
25 | assert(error == AVAHI_ERR_INVALID_RECORD); | ||
26 | avahi_string_list_free(txt); | ||
27 | |||
28 | + error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); | ||
29 | + assert(error != AVAHI_OK); | ||
30 | + | ||
31 | avahi_entry_group_commit (group); | ||
32 | |||
33 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
34 | Index: avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
35 | =================================================================== | ||
36 | --- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c | ||
37 | +++ avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
38 | @@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g | ||
39 | if (!(r = avahi_record_new_full (name, clazz, type, ttl))) | ||
40 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); | ||
41 | |||
42 | - if (avahi_rdata_parse (r, rdata, size) < 0) { | ||
43 | + if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { | ||
44 | avahi_record_unref (r); | ||
45 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); | ||
46 | } | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch new file mode 100644 index 0000000000..707acb60fe --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch | |||
@@ -0,0 +1,110 @@ | |||
1 | From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Sekletar <msekleta@redhat.com> | ||
3 | Date: Wed, 11 Oct 2023 17:45:44 +0200 | ||
4 | Subject: [PATCH] avahi: common: derive alternative host name from its | ||
5 | unescaped version | ||
6 | |||
7 | Normalization of input makes sure we don't have to deal with special | ||
8 | cases like unescaped dot at the end of label. | ||
9 | |||
10 | Fixes #451 #487 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] | ||
13 | CVE: CVE-2023-38473 | ||
14 | |||
15 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
16 | --- | ||
17 | avahi-common/alternative-test.c | 3 +++ | ||
18 | avahi-common/alternative.c | 27 +++++++++++++++++++-------- | ||
19 | 2 files changed, 22 insertions(+), 8 deletions(-) | ||
20 | |||
21 | diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c | ||
22 | index 9255435..681fc15 100644 | ||
23 | --- a/avahi-common/alternative-test.c | ||
24 | +++ b/avahi-common/alternative-test.c | ||
25 | @@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
26 | const char* const test_strings[] = { | ||
27 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | ||
28 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", | ||
29 | + ").", | ||
30 | + "\\.", | ||
31 | + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", | ||
32 | "gurke", | ||
33 | "-", | ||
34 | " #", | ||
35 | diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c | ||
36 | index b3d39f0..a094e6d 100644 | ||
37 | --- a/avahi-common/alternative.c | ||
38 | +++ b/avahi-common/alternative.c | ||
39 | @@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { | ||
40 | } | ||
41 | |||
42 | char *avahi_alternative_host_name(const char *s) { | ||
43 | + char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; | ||
44 | + char *alt, *r, *ret; | ||
45 | const char *e; | ||
46 | - char *r; | ||
47 | + size_t len; | ||
48 | |||
49 | assert(s); | ||
50 | |||
51 | if (!avahi_is_valid_host_name(s)) | ||
52 | return NULL; | ||
53 | |||
54 | - if ((e = strrchr(s, '-'))) { | ||
55 | + if (!avahi_unescape_label(&s, label, sizeof(label))) | ||
56 | + return NULL; | ||
57 | + | ||
58 | + if ((e = strrchr(label, '-'))) { | ||
59 | const char *p; | ||
60 | |||
61 | e++; | ||
62 | @@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { | ||
63 | |||
64 | if (e) { | ||
65 | char *c, *m; | ||
66 | - size_t l; | ||
67 | int n; | ||
68 | |||
69 | n = atoi(e)+1; | ||
70 | if (!(m = avahi_strdup_printf("%i", n))) | ||
71 | return NULL; | ||
72 | |||
73 | - l = e-s-1; | ||
74 | + len = e-label-1; | ||
75 | |||
76 | - if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
77 | - l = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
78 | + if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
79 | + len = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
80 | |||
81 | - if (!(c = avahi_strndup(s, l))) { | ||
82 | + if (!(c = avahi_strndup(label, len))) { | ||
83 | avahi_free(m); | ||
84 | return NULL; | ||
85 | } | ||
86 | @@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { | ||
87 | } else { | ||
88 | char *c; | ||
89 | |||
90 | - if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) | ||
91 | + if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) | ||
92 | return NULL; | ||
93 | |||
94 | drop_incomplete_utf8(c); | ||
95 | @@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { | ||
96 | avahi_free(c); | ||
97 | } | ||
98 | |||
99 | + alt = alternative; | ||
100 | + len = sizeof(alternative); | ||
101 | + ret = avahi_escape_label(r, strlen(r), &alt, &len); | ||
102 | + | ||
103 | + avahi_free(r); | ||
104 | + r = avahi_strdup(ret); | ||
105 | + | ||
106 | assert(avahi_is_valid_host_name(r)); | ||
107 | |||
108 | return r; | ||
109 | -- | ||
110 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | CVE: CVE-2021-3468 | ||
2 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] | ||
3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
4 | |||
5 | From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 | ||
6 | From: Riccardo Schirone <sirmy15@gmail.com> | ||
7 | Date: Fri, 26 Mar 2021 11:50:24 +0100 | ||
8 | Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in | ||
9 | client_work | ||
10 | |||
11 | If a client fills the input buffer, client_work() disables the | ||
12 | AVAHI_WATCH_IN event, thus preventing the function from executing the | ||
13 | `read` syscall the next times it is called. However, if the client then | ||
14 | terminates the connection, the socket file descriptor receives a HUP | ||
15 | event, which is not handled, thus the kernel keeps marking the HUP event | ||
16 | as occurring. While iterating over the file descriptors that triggered | ||
17 | an event, the client file descriptor will keep having the HUP event and | ||
18 | the client_work() function is always called with AVAHI_WATCH_HUP but | ||
19 | without nothing being done, thus entering an infinite loop. | ||
20 | |||
21 | See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 | ||
22 | --- | ||
23 | avahi-daemon/simple-protocol.c | 5 +++++ | ||
24 | 1 file changed, 5 insertions(+) | ||
25 | |||
26 | diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c | ||
27 | index 3e0ebb11..6c0274d6 100644 | ||
28 | --- a/avahi-daemon/simple-protocol.c | ||
29 | +++ b/avahi-daemon/simple-protocol.c | ||
30 | @@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv | ||
31 | } | ||
32 | } | ||
33 | |||
34 | + if (events & AVAHI_WATCH_HUP) { | ||
35 | + client_free(c); | ||
36 | + return; | ||
37 | + } | ||
38 | + | ||
39 | c->server->poll_api->watch_update( | ||
40 | watch, | ||
41 | (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | | ||
diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch new file mode 100644 index 0000000000..8f188aff2c --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/invalid-service.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 | ||
2 | From: Asger Hautop Drewsen <asger@princh.com> | ||
3 | Date: Mon, 9 Aug 2021 14:25:08 +0200 | ||
4 | Subject: [PATCH] Fix avahi-browse: Invalid service type | ||
5 | |||
6 | Invalid service types will stop the browse from completing, or | ||
7 | in simple terms "my washing machine stops me from printing". | ||
8 | |||
9 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] | ||
10 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
11 | --- | ||
12 | avahi-core/browse-service.c | 4 +++- | ||
13 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
16 | index 63e0275a..ac3d2ecb 100644 | ||
17 | --- a/avahi-core/browse-service.c | ||
18 | +++ b/avahi-core/browse-service.c | ||
19 | @@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( | ||
20 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); | ||
21 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); | ||
22 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); | ||
23 | - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); | ||
24 | + | ||
25 | + if (!avahi_is_valid_service_type_generic(service_type)) | ||
26 | + service_type = "_invalid._tcp"; | ||
27 | |||
28 | if (!domain) | ||
29 | domain = server->domain_name; | ||
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch new file mode 100644 index 0000000000..29c192d296 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/local-ping.patch | |||
@@ -0,0 +1,153 @@ | |||
1 | CVE: CVE-2021-36217 | ||
2 | CVE: CVE-2021-3502 | ||
3 | Upstream-Status: Backport | ||
4 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
5 | |||
6 | From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 | ||
7 | From: Tommi Rantala <tommi.t.rantala@nokia.com> | ||
8 | Date: Mon, 8 Feb 2021 11:04:43 +0200 | ||
9 | Subject: [PATCH] Fix NULL pointer crashes from #175 | ||
10 | |||
11 | avahi-daemon is crashing when running "ping .local". | ||
12 | The crash is due to failing assertion from NULL pointer. | ||
13 | Add missing NULL pointer checks to fix it. | ||
14 | |||
15 | Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd | ||
16 | --- | ||
17 | avahi-core/browse-dns-server.c | 5 ++++- | ||
18 | avahi-core/browse-domain.c | 5 ++++- | ||
19 | avahi-core/browse-service-type.c | 3 +++ | ||
20 | avahi-core/browse-service.c | 3 +++ | ||
21 | avahi-core/browse.c | 3 +++ | ||
22 | avahi-core/resolve-address.c | 5 ++++- | ||
23 | avahi-core/resolve-host-name.c | 5 ++++- | ||
24 | avahi-core/resolve-service.c | 5 ++++- | ||
25 | 8 files changed, 29 insertions(+), 5 deletions(-) | ||
26 | |||
27 | diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c | ||
28 | index 049752e9..c2d914fa 100644 | ||
29 | --- a/avahi-core/browse-dns-server.c | ||
30 | +++ b/avahi-core/browse-dns-server.c | ||
31 | @@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( | ||
32 | AvahiSDNSServerBrowser* b; | ||
33 | |||
34 | b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); | ||
35 | + if (!b) | ||
36 | + return NULL; | ||
37 | + | ||
38 | avahi_s_dns_server_browser_start(b); | ||
39 | |||
40 | return b; | ||
41 | -} | ||
42 | \ No newline at end of file | ||
43 | +} | ||
44 | diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c | ||
45 | index f145d56a..06fa70c0 100644 | ||
46 | --- a/avahi-core/browse-domain.c | ||
47 | +++ b/avahi-core/browse-domain.c | ||
48 | @@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( | ||
49 | AvahiSDomainBrowser *b; | ||
50 | |||
51 | b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); | ||
52 | + if (!b) | ||
53 | + return NULL; | ||
54 | + | ||
55 | avahi_s_domain_browser_start(b); | ||
56 | |||
57 | return b; | ||
58 | -} | ||
59 | \ No newline at end of file | ||
60 | +} | ||
61 | diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c | ||
62 | index fdd22dcd..b1fc7af8 100644 | ||
63 | --- a/avahi-core/browse-service-type.c | ||
64 | +++ b/avahi-core/browse-service-type.c | ||
65 | @@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( | ||
66 | AvahiSServiceTypeBrowser *b; | ||
67 | |||
68 | b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); | ||
69 | + if (!b) | ||
70 | + return NULL; | ||
71 | + | ||
72 | avahi_s_service_type_browser_start(b); | ||
73 | |||
74 | return b; | ||
75 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
76 | index 5531360c..63e0275a 100644 | ||
77 | --- a/avahi-core/browse-service.c | ||
78 | +++ b/avahi-core/browse-service.c | ||
79 | @@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( | ||
80 | AvahiSServiceBrowser *b; | ||
81 | |||
82 | b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); | ||
83 | + if (!b) | ||
84 | + return NULL; | ||
85 | + | ||
86 | avahi_s_service_browser_start(b); | ||
87 | |||
88 | return b; | ||
89 | diff --git a/avahi-core/browse.c b/avahi-core/browse.c | ||
90 | index 2941e579..e8a915e9 100644 | ||
91 | --- a/avahi-core/browse.c | ||
92 | +++ b/avahi-core/browse.c | ||
93 | @@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( | ||
94 | AvahiSRecordBrowser *b; | ||
95 | |||
96 | b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); | ||
97 | + if (!b) | ||
98 | + return NULL; | ||
99 | + | ||
100 | avahi_s_record_browser_start_query(b); | ||
101 | |||
102 | return b; | ||
103 | diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c | ||
104 | index ac0b29b1..e61dd242 100644 | ||
105 | --- a/avahi-core/resolve-address.c | ||
106 | +++ b/avahi-core/resolve-address.c | ||
107 | @@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( | ||
108 | AvahiSAddressResolver *b; | ||
109 | |||
110 | b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); | ||
111 | + if (!b) | ||
112 | + return NULL; | ||
113 | + | ||
114 | avahi_s_address_resolver_start(b); | ||
115 | |||
116 | return b; | ||
117 | -} | ||
118 | \ No newline at end of file | ||
119 | +} | ||
120 | diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c | ||
121 | index 808b0e72..4e8e5973 100644 | ||
122 | --- a/avahi-core/resolve-host-name.c | ||
123 | +++ b/avahi-core/resolve-host-name.c | ||
124 | @@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( | ||
125 | AvahiSHostNameResolver *b; | ||
126 | |||
127 | b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); | ||
128 | + if (!b) | ||
129 | + return NULL; | ||
130 | + | ||
131 | avahi_s_host_name_resolver_start(b); | ||
132 | |||
133 | return b; | ||
134 | -} | ||
135 | \ No newline at end of file | ||
136 | +} | ||
137 | diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c | ||
138 | index 66bf3cae..43771763 100644 | ||
139 | --- a/avahi-core/resolve-service.c | ||
140 | +++ b/avahi-core/resolve-service.c | ||
141 | @@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( | ||
142 | AvahiSServiceResolver *b; | ||
143 | |||
144 | b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); | ||
145 | + if (!b) | ||
146 | + return NULL; | ||
147 | + | ||
148 | avahi_s_service_resolver_start(b); | ||
149 | |||
150 | return b; | ||
151 | -} | ||
152 | \ No newline at end of file | ||
153 | +} | ||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5bcc16c9b2..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.16.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Mon, 27 Aug 2018 21:24:20 +0800 | ||
4 | Subject: [PATCH] `named/lwresd -V' and start log hide build options | ||
5 | |||
6 | The build options expose build path directories, so hide them. | ||
7 | [snip] | ||
8 | $ named -V | ||
9 | |built by make with *** (options are hidden) | ||
10 | [snip] | ||
11 | |||
12 | Upstream-Status: Inappropriate [oe-core specific] | ||
13 | |||
14 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
15 | |||
16 | Refreshed for 9.16.0 | ||
17 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
18 | |||
19 | --- | ||
20 | bin/named/include/named/globals.h | 2 +- | ||
21 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
22 | |||
23 | Index: bind-9.16.0/bin/named/include/named/globals.h | ||
24 | =================================================================== | ||
25 | --- bind-9.16.0.orig/bin/named/include/named/globals.h | ||
26 | +++ bind-9.16.0/bin/named/include/named/globals.h | ||
27 | @@ -69,7 +69,7 @@ EXTERN const char *named_g_version I | ||
28 | EXTERN const char *named_g_product INIT(PRODUCT); | ||
29 | EXTERN const char *named_g_description INIT(DESCRIPTION); | ||
30 | EXTERN const char *named_g_srcid INIT(SRCID); | ||
31 | -EXTERN const char *named_g_configargs INIT(CONFIGARGS); | ||
32 | +EXTERN const char *named_g_configargs INIT("*** (options are hidden)"); | ||
33 | EXTERN const char *named_g_builder INIT(BUILDER); | ||
34 | EXTERN in_port_t named_g_port INIT(0); | ||
35 | EXTERN isc_dscp_t named_g_dscp INIT(-1); | ||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch index 8db96ec049..ec1bc7b567 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/0001-avoid-start-failure-with-bind-user.patch +++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch | |||
@@ -17,7 +17,7 @@ index b2eec60..6e03936 100644 | |||
17 | @@ -57,6 +57,7 @@ case "$1" in | 17 | @@ -57,6 +57,7 @@ case "$1" in |
18 | modprobe capability >/dev/null 2>&1 || true | 18 | modprobe capability >/dev/null 2>&1 || true |
19 | if [ ! -f /etc/bind/rndc.key ]; then | 19 | if [ ! -f /etc/bind/rndc.key ]; then |
20 | /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom | 20 | /usr/sbin/rndc-confgen -a -b 512 |
21 | + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true | 21 | + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true |
22 | chmod 0640 /etc/bind/rndc.key | 22 | chmod 0640 /etc/bind/rndc.key |
23 | fi | 23 | fi |
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch new file mode 100644 index 0000000000..4c10f33f04 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 4e83392e840fa7b05e778710b8c202d102477a13 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Mon, 27 Aug 2018 21:24:20 +0800 | ||
4 | Subject: [PATCH] `named/lwresd -V' and start log hide build options | ||
5 | |||
6 | The build options expose build path directories, so hide them. | ||
7 | [snip] | ||
8 | $ named -V | ||
9 | |built by make with *** (options are hidden) | ||
10 | [snip] | ||
11 | |||
12 | Upstream-Status: Inappropriate [oe-core specific] | ||
13 | |||
14 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
15 | |||
16 | Refreshed for 9.16.0 | ||
17 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
18 | |||
19 | --- | ||
20 | configure.ac | 2 +- | ||
21 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
22 | |||
23 | diff --git a/configure.ac b/configure.ac | ||
24 | index bf20690..c5d330f 100644 | ||
25 | --- a/configure.ac | ||
26 | +++ b/configure.ac | ||
27 | @@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par | ||
28 | AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) | ||
29 | AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) | ||
30 | |||
31 | -bind_CONFIGARGS="${ac_configure_args:-default}" | ||
32 | +bind_CONFIGARGS="(removed for reproducibility)" | ||
33 | AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) | ||
34 | |||
35 | AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) | ||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch index f9cdc7ca4d..38d07cae39 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001 | 1 | From 5ae30329f168c1e8d2e0c3831988a4f3e9096e39 Mon Sep 17 00:00:00 2001 |
2 | From: Paul Gortmaker <paul.gortmaker@windriver.com> | 2 | From: Paul Gortmaker <paul.gortmaker@windriver.com> |
3 | Date: Tue, 9 Jun 2015 11:22:00 -0400 | 3 | Date: Tue, 9 Jun 2015 11:22:00 -0400 |
4 | Subject: [PATCH] bind: ensure searching for json headers searches sysroot | 4 | Subject: [PATCH] bind: ensure searching for json headers searches sysroot |
@@ -32,16 +32,16 @@ Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> | |||
32 | configure.ac | 2 +- | 32 | configure.ac | 2 +- |
33 | 1 file changed, 1 insertion(+), 1 deletion(-) | 33 | 1 file changed, 1 insertion(+), 1 deletion(-) |
34 | 34 | ||
35 | Index: bind-9.16.4/configure.ac | 35 | diff --git a/configure.ac b/configure.ac |
36 | =================================================================== | 36 | index 2ab8ddd..92fe983 100644 |
37 | --- bind-9.16.4.orig/configure.ac | 37 | --- a/configure.ac |
38 | +++ bind-9.16.4/configure.ac | 38 | +++ b/configure.ac |
39 | @@ -1232,7 +1232,7 @@ case "$use_lmdb" in | 39 | @@ -761,7 +761,7 @@ AS_CASE([$with_lmdb], |
40 | LMDB_LIBS="" | 40 | [no],[], |
41 | ;; | 41 | [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], |
42 | auto|yes) | 42 | [ac_lib_lmdb_found=yes], |
43 | - for d in /usr /usr/local /opt/local | 43 | - [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do |
44 | + for d in "${STAGING_INCDIR}" | 44 | + [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do |
45 | do | 45 | AX_LIB_LMDB([$ac_lib_lmdb_path], |
46 | if test -f "${d}/include/lmdb.h" | 46 | [ac_lib_lmdb_found=yes |
47 | then | 47 | break]) |
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/bind9 b/meta/recipes-connectivity/bind/bind/bind9 index 968679ff7f..968679ff7f 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/bind9 +++ b/meta/recipes-connectivity/bind/bind/bind9 | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch index aad345f9fc..aa3642acec 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/conf.patch +++ b/meta/recipes-connectivity/bind/bind/conf.patch | |||
@@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d | |||
276 | + | 276 | + |
277 | + modprobe capability >/dev/null 2>&1 || true | 277 | + modprobe capability >/dev/null 2>&1 || true |
278 | + if [ ! -f /etc/bind/rndc.key ]; then | 278 | + if [ ! -f /etc/bind/rndc.key ]; then |
279 | + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom | 279 | + /usr/sbin/rndc-confgen -a -b 512 |
280 | + chmod 0640 /etc/bind/rndc.key | 280 | + chmod 0640 /etc/bind/rndc.key |
281 | + fi | 281 | + fi |
282 | + if [ -f /var/run/named/named.pid ]; then | 282 | + if [ -f /var/run/named/named.pid ]; then |
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/generate-rndc-key.sh +++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/init.d-add-support-for-read-only-rootfs.patch +++ b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/make-etc-initd-bind-stop-work.patch +++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch | |||
diff --git a/meta/recipes-connectivity/bind/bind-9.16.10/named.service b/meta/recipes-connectivity/bind/bind/named.service index cda56ef015..cda56ef015 100644 --- a/meta/recipes-connectivity/bind/bind-9.16.10/named.service +++ b/meta/recipes-connectivity/bind/bind/named.service | |||
diff --git a/meta/recipes-connectivity/bind/bind_9.16.10.bb b/meta/recipes-connectivity/bind/bind_9.18.26.bb index 71194a61bf..2784f3bdd9 100644 --- a/meta/recipes-connectivity/bind/bind_9.16.10.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.26.bb | |||
@@ -1,9 +1,10 @@ | |||
1 | SUMMARY = "ISC Internet Domain Name Server" | 1 | SUMMARY = "ISC Internet Domain Name Server" |
2 | HOMEPAGE = "https://www.isc.org/bind/" | 2 | HOMEPAGE = "https://www.isc.org/bind/" |
3 | DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" | ||
3 | SECTION = "console/network" | 4 | SECTION = "console/network" |
4 | 5 | ||
5 | LICENSE = "MPL-2.0" | 6 | LICENSE = "MPL-2.0" |
6 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4673dc07337cace3b93c65e9ffe57b60" | 7 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" |
7 | 8 | ||
8 | DEPENDS = "openssl libcap zlib libuv" | 9 | DEPENDS = "openssl libcap zlib libuv" |
9 | 10 | ||
@@ -19,66 +20,60 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | |||
19 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
20 | " | 21 | " |
21 | 22 | ||
22 | SRC_URI[sha256sum] = "bc47fc019c6205e6a6bfb839c544a1472321df0537ba905b846a4cbffe3362b3" | 23 | SRC_URI[sha256sum] = "75ffee52731e9604c849b658df29e927f1c4f01d5a71ea3ebcbeb63702cb6651" |
23 | 24 | ||
24 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" |
25 | # stay at 9.16 follow the ESV versions divisible by 4 | 26 | # follow the ESV versions divisible by 2 |
26 | UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/" | 27 | UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" |
28 | |||
29 | # Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore | ||
30 | # so the issue doesn't affect us. | ||
31 | CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore." | ||
27 | 32 | ||
28 | inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives | 33 | inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives |
29 | 34 | ||
30 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | 35 | # PACKAGECONFIGs readline and libedit should NOT be set at same time |
31 | PACKAGECONFIG ?= "readline" | 36 | PACKAGECONFIG ?= "readline" |
32 | PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" | 37 | PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2" |
33 | PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline" | 38 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" |
34 | PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit" | 39 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" |
35 | PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native," | 40 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" |
36 | 41 | ||
37 | EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \ | 42 | EXTRA_OECONF = " --disable-auto-validation \ |
38 | --with-gssapi=no --with-lmdb=no --with-zlib \ | 43 | --with-gssapi=no --with-lmdb=no --with-zlib \ |
39 | --sysconfdir=${sysconfdir}/bind \ | 44 | --sysconfdir=${sysconfdir}/bind \ |
40 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ | 45 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ |
41 | " | 46 | " |
42 | LDFLAGS_append = " -lz" | 47 | LDFLAGS:append = " -lz" |
43 | |||
44 | inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)} | ||
45 | 48 | ||
46 | # dhcp needs .la so keep them | 49 | # dhcp needs .la so keep them |
47 | REMOVE_LIBTOOL_LA = "0" | 50 | REMOVE_LIBTOOL_LA = "0" |
48 | 51 | ||
49 | USERADD_PACKAGES = "${PN}" | 52 | USERADD_PACKAGES = "${PN}" |
50 | USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ | 53 | USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ |
51 | --user-group bind" | 54 | --user-group bind" |
52 | 55 | ||
53 | INITSCRIPT_NAME = "bind" | 56 | INITSCRIPT_NAME = "bind" |
54 | INITSCRIPT_PARAMS = "defaults" | 57 | INITSCRIPT_PARAMS = "defaults" |
55 | 58 | ||
56 | SYSTEMD_SERVICE_${PN} = "named.service" | 59 | SYSTEMD_SERVICE:${PN} = "named.service" |
57 | 60 | ||
58 | do_install_append() { | 61 | do_install:append() { |
59 | 62 | ||
60 | rmdir "${D}${localstatedir}/run" | ||
61 | rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" | ||
62 | install -d -o bind "${D}${localstatedir}/cache/bind" | 63 | install -d -o bind "${D}${localstatedir}/cache/bind" |
63 | install -d "${D}${sysconfdir}/bind" | 64 | install -d "${D}${sysconfdir}/bind" |
64 | install -d "${D}${sysconfdir}/init.d" | 65 | install -d "${D}${sysconfdir}/init.d" |
65 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | 66 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" |
66 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | 67 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" |
67 | if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then | ||
68 | sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \ | ||
69 | ${D}${sbindir}/dnssec-coverage \ | ||
70 | ${D}${sbindir}/dnssec-checkds \ | ||
71 | ${D}${sbindir}/dnssec-keymgr | ||
72 | fi | ||
73 | 68 | ||
74 | # Install systemd related files | 69 | # Install systemd related files |
75 | install -d ${D}${sbindir} | 70 | install -d ${D}${sbindir} |
76 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} | 71 | install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir} |
77 | install -d ${D}${systemd_unitdir}/system | 72 | install -d ${D}${systemd_system_unitdir} |
78 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system | 73 | install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir} |
79 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | 74 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ |
80 | -e 's,@SBINDIR@,${sbindir},g' \ | 75 | -e 's,@SBINDIR@,${sbindir},g' \ |
81 | ${D}${systemd_unitdir}/system/named.service | 76 | ${D}${systemd_system_unitdir}/named.service |
82 | 77 | ||
83 | install -d ${D}${sysconfdir}/default | 78 | install -d ${D}${sysconfdir}/default |
84 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default | 79 | install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default |
@@ -87,11 +82,9 @@ do_install_append() { | |||
87 | install -d ${D}${sysconfdir}/tmpfiles.d | 82 | install -d ${D}${sysconfdir}/tmpfiles.d |
88 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf | 83 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf |
89 | fi | 84 | fi |
90 | |||
91 | oe_multilib_header isc/platform.h | ||
92 | } | 85 | } |
93 | 86 | ||
94 | CONFFILES_${PN} = " \ | 87 | CONFFILES:${PN} = " \ |
95 | ${sysconfdir}/bind/named.conf \ | 88 | ${sysconfdir}/bind/named.conf \ |
96 | ${sysconfdir}/bind/named.conf.local \ | 89 | ${sysconfdir}/bind/named.conf.local \ |
97 | ${sysconfdir}/bind/named.conf.options \ | 90 | ${sysconfdir}/bind/named.conf.options \ |
@@ -102,22 +95,19 @@ CONFFILES_${PN} = " \ | |||
102 | ${sysconfdir}/bind/db.root \ | 95 | ${sysconfdir}/bind/db.root \ |
103 | " | 96 | " |
104 | 97 | ||
105 | ALTERNATIVE_${PN}-utils = "nslookup" | 98 | ALTERNATIVE:${PN}-utils = "nslookup" |
106 | ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" | 99 | ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" |
107 | ALTERNATIVE_PRIORITY = "100" | 100 | ALTERNATIVE_PRIORITY = "100" |
108 | 101 | ||
109 | PACKAGE_BEFORE_PN += "${PN}-utils" | 102 | PACKAGE_BEFORE_PN += "${PN}-utils" |
110 | FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" | 103 | FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" |
111 | FILES_${PN}-dev += "${bindir}/isc-config.h" | 104 | FILES:${PN}-dev += "${bindir}/isc-config.h" |
112 | FILES_${PN} += "${sbindir}/generate-rndc-key.sh" | 105 | FILES:${PN} += "${sbindir}/generate-rndc-key.sh" |
113 | 106 | ||
114 | PACKAGE_BEFORE_PN += "${PN}-libs" | 107 | PACKAGE_BEFORE_PN += "${PN}-libs" |
115 | FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*" | 108 | # special arrangement below due to |
116 | FILES_${PN}-staticdev += "${libdir}/*.la" | 109 | # https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 |
117 | 110 | FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" | |
118 | PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}" | 111 | FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" |
119 | FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \ | ||
120 | ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}" | ||
121 | 112 | ||
122 | RDEPENDS_${PN}-dev = "" | 113 | DEV_PKG_DEPENDENCY = "" |
123 | RDEPENDS_python3-bind = "python3-core python3-ply" | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 4c1156c67c..a31d7076ba 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc | |||
@@ -2,15 +2,16 @@ SUMMARY = "Linux Bluetooth Stack Userland V5" | |||
2 | DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." | 2 | DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." |
3 | HOMEPAGE = "http://www.bluez.org" | 3 | HOMEPAGE = "http://www.bluez.org" |
4 | SECTION = "libs" | 4 | SECTION = "libs" |
5 | LICENSE = "GPLv2+ & LGPLv2.1+" | 5 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ |
7 | file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ | 7 | file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ |
8 | file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e" | 8 | file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" |
9 | DEPENDS = "dbus glib-2.0" | 9 | DEPENDS = "dbus glib-2.0" |
10 | RDEPENDS:${PN} += "dbus" | ||
10 | PROVIDES += "bluez-hcidump" | 11 | PROVIDES += "bluez-hcidump" |
11 | RPROVIDES_${PN} += "bluez-hcidump" | 12 | RPROVIDES:${PN} += "bluez-hcidump" |
12 | 13 | ||
13 | RCONFLICTS_${PN} = "bluez4" | 14 | RCONFLICTS:${PN} = "bluez4" |
14 | 15 | ||
15 | PACKAGECONFIG ??= "obex-profiles \ | 16 | PACKAGECONFIG ??= "obex-profiles \ |
16 | readline \ | 17 | readline \ |
@@ -45,6 +46,7 @@ PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" | |||
45 | PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" | 46 | PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" |
46 | PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" | 47 | PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" |
47 | PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" | 48 | PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" |
49 | PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" | ||
48 | 50 | ||
49 | SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ | 51 | SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ |
50 | file://init \ | 52 | file://init \ |
@@ -52,6 +54,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ | |||
52 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ | 54 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ |
53 | file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ | 55 | file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ |
54 | file://0001-test-gatt-Fix-hung-issue.patch \ | 56 | file://0001-test-gatt-Fix-hung-issue.patch \ |
57 | file://0004-src-shared-util.c-include-linux-limits.h.patch \ | ||
55 | " | 58 | " |
56 | S = "${WORKDIR}/bluez-${PV}" | 59 | S = "${WORKDIR}/bluez-${PV}" |
57 | 60 | ||
@@ -63,9 +66,12 @@ EXTRA_OECONF = "\ | |||
63 | --enable-test \ | 66 | --enable-test \ |
64 | --enable-datafiles \ | 67 | --enable-datafiles \ |
65 | --enable-library \ | 68 | --enable-library \ |
69 | --enable-pie \ | ||
66 | --without-zsh-completion-dir \ | 70 | --without-zsh-completion-dir \ |
67 | " | 71 | " |
68 | 72 | ||
73 | CFLAGS += "-DFIRMWARE_DIR=\\"${nonarch_base_libdir}/firmware\\"" | ||
74 | |||
69 | # bluez5 builds a large number of useful utilities but does not | 75 | # bluez5 builds a large number of useful utilities but does not |
70 | # install them. Specify which ones we want put into ${PN}-noinst-tools. | 76 | # install them. Specify which ones we want put into ${PN}-noinst-tools. |
71 | NOINST_TOOLS_READLINE ??= "" | 77 | NOINST_TOOLS_READLINE ??= "" |
@@ -77,18 +83,10 @@ NOINST_TOOLS = " \ | |||
77 | ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ | 83 | ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ |
78 | " | 84 | " |
79 | 85 | ||
80 | do_install_append() { | 86 | do_install:append() { |
81 | install -d ${D}${INIT_D_DIR} | 87 | install -d ${D}${INIT_D_DIR} |
82 | install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth | 88 | install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth |
83 | 89 | ||
84 | install -d ${D}${sysconfdir}/bluetooth/ | ||
85 | if [ -f ${S}/profiles/network/network.conf ]; then | ||
86 | install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/ | ||
87 | fi | ||
88 | if [ -f ${S}/profiles/input/input.conf ]; then | ||
89 | install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/ | ||
90 | fi | ||
91 | |||
92 | if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then | 90 | if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then |
93 | sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth | 91 | sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth |
94 | fi | 92 | fi |
@@ -105,25 +103,25 @@ do_install_append() { | |||
105 | 103 | ||
106 | PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" | 104 | PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" |
107 | 105 | ||
108 | FILES_${PN} += " \ | 106 | FILES:${PN} += " \ |
109 | ${libdir}/bluetooth/plugins/*.so \ | 107 | ${libdir}/bluetooth/plugins/*.so \ |
110 | ${systemd_unitdir}/ ${datadir}/dbus-1 \ | 108 | ${systemd_unitdir}/ ${datadir}/dbus-1 \ |
111 | ${libdir}/cups \ | 109 | ${libdir}/cups \ |
112 | " | 110 | " |
113 | FILES_${PN}-dev += " \ | 111 | FILES:${PN}-dev += " \ |
114 | ${libdir}/bluetooth/plugins/*.la \ | 112 | ${libdir}/bluetooth/plugins/*.la \ |
115 | " | 113 | " |
116 | 114 | ||
117 | FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \ | 115 | FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ |
118 | ${exec_prefix}/lib/systemd/user/obex.service \ | 116 | ${exec_prefix}/lib/systemd/user/obex.service \ |
119 | ${systemd_system_unitdir}/obex.service \ | 117 | ${systemd_system_unitdir}/obex.service \ |
120 | ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ | 118 | ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ |
121 | ${datadir}/dbus-1/services/org.bluez.obex.service \ | 119 | ${datadir}/dbus-1/services/org.bluez.obex.service \ |
122 | ${sysconfdir}/dbus-1/system.d/obexd.conf \ | 120 | ${sysconfdir}/dbus-1/system.d/obexd.conf \ |
123 | " | 121 | " |
124 | SYSTEMD_SERVICE_${PN}-obex = "obex.service" | 122 | SYSTEMD_SERVICE:${PN}-obex = "obex.service" |
125 | 123 | ||
126 | FILES_${PN}-testtools = "${libdir}/bluez/test/*" | 124 | FILES:${PN}-testtools = "${libdir}/bluez/test/*" |
127 | 125 | ||
128 | def get_noinst_tools_paths (d, bb, tools): | 126 | def get_noinst_tools_paths (d, bb, tools): |
129 | s = list() | 127 | s = list() |
@@ -133,14 +131,14 @@ def get_noinst_tools_paths (d, bb, tools): | |||
133 | s.append("%s/%s" % (bindir, f)) | 131 | s.append("%s/%s" % (bindir, f)) |
134 | return "\n".join(s) | 132 | return "\n".join(s) |
135 | 133 | ||
136 | FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" | 134 | FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" |
137 | 135 | ||
138 | RDEPENDS_${PN}-testtools += "python3-core python3-dbus" | 136 | RDEPENDS:${PN}-testtools += "python3-core python3-dbus" |
139 | RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" | 137 | RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" |
140 | 138 | ||
141 | SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" | 139 | SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" |
142 | INITSCRIPT_PACKAGES = "${PN}" | 140 | INITSCRIPT_PACKAGES = "${PN}" |
143 | INITSCRIPT_NAME_${PN} = "bluetooth" | 141 | INITSCRIPT_NAME:${PN} = "bluetooth" |
144 | 142 | ||
145 | do_compile_ptest() { | 143 | do_compile_ptest() { |
146 | oe_runmake buildtests | 144 | oe_runmake buildtests |
@@ -151,4 +149,4 @@ do_install_ptest() { | |||
151 | rm -f ${D}${PTEST_PATH}/unit/*.o | 149 | rm -f ${D}${PTEST_PATH}/unit/*.o |
152 | } | 150 | } |
153 | 151 | ||
154 | RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16" | 152 | RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" |
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch index e90b6a546f..b1e93dbe19 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001 | 1 | From fb583a57f9f4ab956a09e9bb96d89aa13553bf21 Mon Sep 17 00:00:00 2001 |
2 | From: Mingli Yu <Mingli.Yu@windriver.com> | 2 | From: Mingli Yu <Mingli.Yu@windriver.com> |
3 | Date: Fri, 24 Aug 2018 12:04:03 +0800 | 3 | Date: Fri, 24 Aug 2018 12:04:03 +0800 |
4 | Subject: [PATCH] test-gatt: Fix hung issue | 4 | Subject: [PATCH] test-gatt: Fix hung issue |
@@ -21,15 +21,16 @@ no action. | |||
21 | Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] | 21 | Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2] |
22 | 22 | ||
23 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> | 23 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> |
24 | |||
24 | --- | 25 | --- |
25 | unit/test-gatt.c | 2 +- | 26 | unit/test-gatt.c | 2 +- |
26 | 1 file changed, 1 insertion(+), 1 deletion(-) | 27 | 1 file changed, 1 insertion(+), 1 deletion(-) |
27 | 28 | ||
28 | diff --git a/unit/test-gatt.c b/unit/test-gatt.c | 29 | diff --git a/unit/test-gatt.c b/unit/test-gatt.c |
29 | index c7e28f8..b57373b 100644 | 30 | index 5e06d4e..4864d36 100644 |
30 | --- a/unit/test-gatt.c | 31 | --- a/unit/test-gatt.c |
31 | +++ b/unit/test-gatt.c | 32 | +++ b/unit/test-gatt.c |
32 | @@ -4463,7 +4463,7 @@ int main(int argc, char *argv[]) | 33 | @@ -4546,7 +4546,7 @@ int main(int argc, char *argv[]) |
33 | test_server, service_db_1, NULL, | 34 | test_server, service_db_1, NULL, |
34 | raw_pdu(0x03, 0x00, 0x02), | 35 | raw_pdu(0x03, 0x00, 0x02), |
35 | raw_pdu(0xbf, 0x00), | 36 | raw_pdu(0xbf, 0x00), |
@@ -38,6 +39,3 @@ index c7e28f8..b57373b 100644 | |||
38 | 39 | ||
39 | define_test_server("/robustness/unkown-command", | 40 | define_test_server("/robustness/unkown-command", |
40 | test_server, service_db_1, NULL, | 41 | test_server, service_db_1, NULL, |
41 | -- | ||
42 | 2.7.4 | ||
43 | |||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch index 24ddae6b63..881494a354 100644 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch | |||
@@ -1,19 +1,20 @@ | |||
1 | From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001 | 1 | From 738e73b386352fd90f1f26cc1ee75427cf4dc23b Mon Sep 17 00:00:00 2001 |
2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> |
3 | Date: Fri, 1 Apr 2016 17:07:34 +0300 | 3 | Date: Fri, 1 Apr 2016 17:07:34 +0300 |
4 | Subject: [PATCH] tests: add a target for building tests without running them | 4 | Subject: [PATCH] tests: add a target for building tests without running them |
5 | 5 | ||
6 | Upstream-Status: Inappropriate [oe specific] | 6 | Upstream-Status: Inappropriate [oe specific] |
7 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | 7 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> |
8 | |||
8 | --- | 9 | --- |
9 | Makefile.am | 3 +++ | 10 | Makefile.am | 3 +++ |
10 | 1 file changed, 3 insertions(+) | 11 | 1 file changed, 3 insertions(+) |
11 | 12 | ||
12 | diff --git a/Makefile.am b/Makefile.am | 13 | diff --git a/Makefile.am b/Makefile.am |
13 | index 1a48a71..ba3b92f 100644 | 14 | index e738eb3..dab17dd 100644 |
14 | --- a/Makefile.am | 15 | --- a/Makefile.am |
15 | +++ b/Makefile.am | 16 | +++ b/Makefile.am |
16 | @@ -425,6 +425,9 @@ endif | 17 | @@ -710,6 +710,9 @@ endif |
17 | TESTS = $(unit_tests) | 18 | TESTS = $(unit_tests) |
18 | AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 | 19 | AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 |
19 | 20 | ||
@@ -23,6 +24,3 @@ index 1a48a71..ba3b92f 100644 | |||
23 | if DBUS_RUN_SESSION | 24 | if DBUS_RUN_SESSION |
24 | AM_TESTS_ENVIRONMENT += dbus-run-session -- | 25 | AM_TESTS_ENVIRONMENT += dbus-run-session -- |
25 | endif | 26 | endif |
26 | -- | ||
27 | 2.8.0.rc3 | ||
28 | |||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch new file mode 100644 index 0000000000..516d859069 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/0004-src-shared-util.c-include-linux-limits.h.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From b53df61b41088b68c127ac76cc71683ac3453b9d Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex@linutronix.de> | ||
3 | Date: Mon, 12 Dec 2022 13:10:19 +0100 | ||
4 | Subject: [PATCH] src/shared/util.c: include linux/limits.h | ||
5 | |||
6 | MAX_INPUT is defined in that file. This matters on non-glibc | ||
7 | systems such as those using musl. | ||
8 | |||
9 | Upstream-Status: Submitted [to linux-bluetooth@vger.kernel.org,luiz.von.dentz@intel.com,frederic.danis@collabora.com] | ||
10 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
11 | |||
12 | --- | ||
13 | src/shared/util.c | 1 + | ||
14 | 1 file changed, 1 insertion(+) | ||
15 | |||
16 | diff --git a/src/shared/util.c b/src/shared/util.c | ||
17 | index c0c2c4a..036dc0d 100644 | ||
18 | --- a/src/shared/util.c | ||
19 | +++ b/src/shared/util.c | ||
20 | @@ -23,6 +23,7 @@ | ||
21 | #include <unistd.h> | ||
22 | #include <dirent.h> | ||
23 | #include <limits.h> | ||
24 | +#include <linux/limits.h> | ||
25 | #include <string.h> | ||
26 | |||
27 | #ifdef HAVE_SYS_RANDOM_H | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb index 8190924562..9fda960ea7 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.55.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.72.bb | |||
@@ -1,7 +1,8 @@ | |||
1 | require bluez5.inc | 1 | require bluez5.inc |
2 | 2 | ||
3 | SRC_URI[md5sum] = "94972b8bc7ade60c72b0ffa6ccff2c0a" | 3 | SRC_URI[sha256sum] = "499d7fa345a996c1bb650f5c6749e1d929111fa6ece0be0e98687fee6124536e" |
4 | SRC_URI[sha256sum] = "8863717113c4897e2ad3271fc808ea245319e6fd95eed2e934fae8e0894e9b88" | 4 | |
5 | CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" | ||
5 | 6 | ||
6 | # noinst programs in Makefile.tools that are conditional on READLINE | 7 | # noinst programs in Makefile.tools that are conditional on READLINE |
7 | # support | 8 | # support |
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb index 9a519ec866..a1a0e08faa 100644 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ b/meta/recipes-connectivity/connman/connman-conf.bb | |||
@@ -1,36 +1,21 @@ | |||
1 | SUMMARY = "Connman config to setup wired interface on qemu machines" | 1 | SUMMARY = "Connman config to ignore wired interface on qemu machines" |
2 | DESCRIPTION = "This is the ConnMan configuration to set up a Wired \ | 2 | DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ |
3 | network interface for a qemu machine." | 3 | network interface inside qemu machines." |
4 | LICENSE = "GPLv2" | 4 | LICENSE = "GPL-2.0-only" |
5 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | 5 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" |
6 | 6 | ||
7 | inherit systemd | ||
8 | 7 | ||
9 | SRC_URI_append_qemuall = " file://wired.config \ | 8 | SRC_URI = "file://main.conf \ |
10 | file://wired-setup \ | 9 | " |
11 | file://wired-connection.service \ | ||
12 | " | ||
13 | PR = "r2" | ||
14 | 10 | ||
15 | S = "${WORKDIR}" | 11 | S = "${WORKDIR}" |
16 | 12 | ||
17 | PACKAGE_ARCH = "${MACHINE_ARCH}" | 13 | PACKAGE_ARCH = "${MACHINE_ARCH}" |
18 | 14 | ||
19 | FILES_${PN} = "${localstatedir}/* ${datadir}/*" | 15 | FILES:${PN} = "${sysconfdir}/*" |
20 | 16 | ||
21 | do_install() { | 17 | # Kernel IP-Config is perfectly capable of setting up networking passed in via ip= |
22 | #Configure Wired network interface in case of qemu* machines | 18 | do_install:append:qemuall() { |
23 | if test -e ${WORKDIR}/wired.config && | 19 | mkdir -p ${D}${sysconfdir}/connman |
24 | test -e ${WORKDIR}/wired-setup && | 20 | cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf |
25 | test -e ${WORKDIR}/wired-connection.service; then | ||
26 | install -d ${D}${localstatedir}/lib/connman | ||
27 | install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman | ||
28 | install -d ${D}${datadir}/connman | ||
29 | install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman | ||
30 | install -d ${D}${systemd_system_unitdir} | ||
31 | install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir} | ||
32 | sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service | ||
33 | fi | ||
34 | } | 21 | } |
35 | |||
36 | SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service" | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf new file mode 100644 index 0000000000..3c9dd396f6 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman-conf/main.conf | |||
@@ -0,0 +1,2 @@ | |||
1 | [General] | ||
2 | NetworkInterfaceBlacklist = eth,en | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service deleted file mode 100644 index 48adfc08ac..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | [Unit] | ||
2 | Description=Setup a wired interface | ||
3 | Before=connman.service | ||
4 | |||
5 | [Service] | ||
6 | Type=oneshot | ||
7 | ExecStart=@SCRIPTDIR@/wired-setup | ||
8 | |||
9 | [Install] | ||
10 | WantedBy=network.target | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup deleted file mode 100644 index c46899ef32..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | CONFIGF=/var/lib/connman/wired.config | ||
4 | |||
5 | # Extract wired network config from /proc/cmdline | ||
6 | NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'` | ||
7 | |||
8 | # Check if eth0 is already set via kernel cmdline | ||
9 | if [ "x$NET_CONF" = "x" ]; then | ||
10 | # Wired interface is not configured via kernel cmdline | ||
11 | # Remove connman config file template | ||
12 | rm -f ${CONFIGF} | ||
13 | else | ||
14 | # Setup a connman config accordingly | ||
15 | sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF} | ||
16 | fi | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config deleted file mode 100644 index 42998ce897..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | [global] | ||
2 | Name = Wired | ||
3 | Description = Wired network configuration | ||
4 | |||
5 | [service_ethernet] | ||
6 | Type = ethernet | ||
7 | IPv4 = | ||
8 | MAC = 52:54:00:12:34:56 | ||
9 | Nameservers = 8.8.8.8 | ||
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb index af986c4eab..fcd154b4b0 100644 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb | |||
@@ -1,7 +1,7 @@ | |||
1 | SUMMARY = "GTK+ frontend for the ConnMan network connection manager" | 1 | SUMMARY = "GTK+ frontend for the ConnMan network connection manager" |
2 | HOMEPAGE = "http://connman.net/" | 2 | HOMEPAGE = "http://connman.net/" |
3 | SECTION = "libs/network" | 3 | SECTION = "libs/network" |
4 | LICENSE = "GPLv2 & LGPLv2.1" | 4 | LICENSE = "GPL-2.0-only & LGPL-2.1-only" |
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | 5 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ |
6 | file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ | 6 | file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ |
7 | file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" | 7 | file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" |
@@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" | |||
10 | 10 | ||
11 | # 0.7 tag | 11 | # 0.7 tag |
12 | SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" | 12 | SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" |
13 | SRC_URI = "git://github.com/connectivity/connman-gnome.git \ | 13 | SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ |
14 | file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ | 14 | file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ |
15 | file://null_check_for_ipv4_config.patch \ | 15 | file://null_check_for_ipv4_config.patch \ |
16 | file://images/ \ | 16 | file://images/ \ |
@@ -23,8 +23,8 @@ S = "${WORKDIR}/git" | |||
23 | inherit autotools-brokensep gtk-icon-cache pkgconfig features_check | 23 | inherit autotools-brokensep gtk-icon-cache pkgconfig features_check |
24 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" | 24 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" |
25 | 25 | ||
26 | RDEPENDS_${PN} = "connman" | 26 | RDEPENDS:${PN} = "connman" |
27 | 27 | ||
28 | do_install_append() { | 28 | do_install:append() { |
29 | install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ | 29 | install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ |
30 | } | 30 | } |
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc index 776bbfbff2..7487ca0d0c 100644 --- a/meta/recipes-connectivity/connman/connman.inc +++ b/meta/recipes-connectivity/connman/connman.inc | |||
@@ -9,12 +9,14 @@ configuration methods, like DHCP and domain name resolving, are \ | |||
9 | implemented using plug-ins." | 9 | implemented using plug-ins." |
10 | HOMEPAGE = "http://connman.net/" | 10 | HOMEPAGE = "http://connman.net/" |
11 | BUGTRACKER = "https://01.org/jira/browse/CM" | 11 | BUGTRACKER = "https://01.org/jira/browse/CM" |
12 | LICENSE = "GPLv2" | 12 | LICENSE = "GPL-2.0-only" |
13 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | 13 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ |
14 | file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" | 14 | file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" |
15 | 15 | ||
16 | inherit autotools pkgconfig systemd update-rc.d update-alternatives | 16 | inherit autotools pkgconfig systemd update-rc.d update-alternatives |
17 | 17 | ||
18 | CVE_PRODUCT = "connman connection_manager" | ||
19 | |||
18 | DEPENDS = "dbus glib-2.0 ppp" | 20 | DEPENDS = "dbus glib-2.0 ppp" |
19 | 21 | ||
20 | EXTRA_OECONF += "\ | 22 | EXTRA_OECONF += "\ |
@@ -25,21 +27,29 @@ EXTRA_OECONF += "\ | |||
25 | --enable-ethernet \ | 27 | --enable-ethernet \ |
26 | --enable-tools \ | 28 | --enable-tools \ |
27 | --disable-polkit \ | 29 | --disable-polkit \ |
30 | --runstatedir=/run \ | ||
28 | " | 31 | " |
32 | # For smooth operation it would be best to start only one wireless daemon at a time. | ||
33 | # If wpa-supplicant is running, connman will use it preferentially. | ||
34 | # Select either wpa-supplicant or iwd | ||
35 | WIRELESS_DAEMON ??= "wpa-supplicant" | ||
29 | 36 | ||
30 | PACKAGECONFIG ??= "wispr iptables client\ | 37 | PACKAGECONFIG ??= "wispr iptables client\ |
31 | ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \ | 38 | ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \ |
32 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ | 39 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ |
40 | ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \ | ||
33 | " | 41 | " |
34 | 42 | ||
35 | # If you want ConnMan to support VPN, add following statement into | 43 | # If you want ConnMan to support VPN, add following statement into |
36 | # local.conf or distro config | 44 | # local.conf or distro config |
37 | # PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp" | 45 | # PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" |
38 | 46 | ||
39 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" | 47 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" |
40 | PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant" | 48 | PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi" |
41 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" | 49 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" |
42 | PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" | 50 | PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" |
51 | PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant" | ||
52 | PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd" | ||
43 | PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," | 53 | PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," |
44 | PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" | 54 | PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" |
45 | PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" | 55 | PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" |
@@ -64,16 +74,16 @@ python __anonymous () { | |||
64 | d.setVar('SYSTEMD_PACKAGES', systemd_packages) | 74 | d.setVar('SYSTEMD_PACKAGES', systemd_packages) |
65 | } | 75 | } |
66 | 76 | ||
67 | SYSTEMD_SERVICE_${PN} = "connman.service" | 77 | SYSTEMD_SERVICE:${PN} = "connman.service" |
68 | SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service" | 78 | SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" |
69 | SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service" | 79 | SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" |
70 | 80 | ||
71 | ALTERNATIVE_PRIORITY = "100" | 81 | ALTERNATIVE_PRIORITY = "100" |
72 | ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" | 82 | ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" |
73 | ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" | 83 | ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" |
74 | ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" | 84 | ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" |
75 | 85 | ||
76 | do_install_append() { | 86 | do_install:append() { |
77 | if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then | 87 | if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then |
78 | install -d ${D}${sysconfdir}/init.d | 88 | install -d ${D}${sysconfdir}/init.d |
79 | install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman | 89 | install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman |
@@ -100,7 +110,7 @@ do_install_append() { | |||
100 | } | 110 | } |
101 | 111 | ||
102 | # These used to be plugins, but now they are core | 112 | # These used to be plugins, but now they are core |
103 | RPROVIDES_${PN} = "\ | 113 | RPROVIDES:${PN} = "\ |
104 | connman-plugin-loopback \ | 114 | connman-plugin-loopback \ |
105 | connman-plugin-ethernet \ | 115 | connman-plugin-ethernet \ |
106 | ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ | 116 | ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ |
@@ -108,7 +118,7 @@ RPROVIDES_${PN} = "\ | |||
108 | ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ | 118 | ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ |
109 | " | 119 | " |
110 | 120 | ||
111 | RDEPENDS_${PN} = "\ | 121 | RDEPENDS:${PN} = "\ |
112 | dbus \ | 122 | dbus \ |
113 | " | 123 | " |
114 | 124 | ||
@@ -119,11 +129,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): | |||
119 | if plugintype in depmap: | 129 | if plugintype in depmap: |
120 | rdepends = map(lambda x: multilib_prefix + x, \ | 130 | rdepends = map(lambda x: multilib_prefix + x, \ |
121 | depmap[plugintype].split()) | 131 | depmap[plugintype].split()) |
122 | d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends)) | 132 | d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) |
123 | if add_insane_skip: | 133 | if add_insane_skip: |
124 | d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so") | 134 | d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") |
125 | 135 | ||
126 | python populate_packages_prepend() { | 136 | python populate_packages:prepend() { |
127 | depmap = dict(pppd="ppp") | 137 | depmap = dict(pppd="ppp") |
128 | multilib_prefix = (d.getVar("MLPREFIX") or "") | 138 | multilib_prefix = (d.getVar("MLPREFIX") or "") |
129 | 139 | ||
@@ -144,72 +154,72 @@ python populate_packages_prepend() { | |||
144 | 154 | ||
145 | PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" | 155 | PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" |
146 | 156 | ||
147 | FILES_${PN}-tools = "${bindir}/wispr" | 157 | FILES:${PN}-tools = "${bindir}/wispr" |
148 | RDEPENDS_${PN}-tools ="${PN}" | 158 | RDEPENDS:${PN}-tools ="${PN}" |
149 | 159 | ||
150 | FILES_${PN}-tests = "${bindir}/*-test" | 160 | FILES:${PN}-tests = "${bindir}/*-test" |
151 | 161 | ||
152 | FILES_${PN}-client = "${bindir}/connmanctl" | 162 | FILES:${PN}-client = "${bindir}/connmanctl" |
153 | RDEPENDS_${PN}-client ="${PN}" | 163 | RDEPENDS:${PN}-client ="${PN}" |
154 | 164 | ||
155 | FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ | 165 | FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ |
156 | ${libdir}/connman/plugins \ | 166 | ${libdir}/connman/plugins \ |
157 | ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ | 167 | ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ |
158 | ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ | 168 | ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ |
159 | ${datadir}/dbus-1/system-services/* \ | 169 | ${datadir}/dbus-1/system-services/* \ |
160 | ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" | 170 | ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" |
161 | 171 | ||
162 | FILES_${PN}-dev += "${libdir}/connman/*/*.la" | 172 | FILES:${PN}-dev += "${libdir}/connman/*/*.la" |
163 | 173 | ||
164 | PACKAGES =+ "${PN}-vpn ${PN}-wait-online" | 174 | PACKAGES =+ "${PN}-vpn ${PN}-wait-online" |
165 | 175 | ||
166 | SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices" | 176 | SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" |
167 | DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \ | 177 | DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ |
168 | managing VPN connections within embedded devices running the Linux \ | 178 | managing VPN connections within embedded devices running the Linux \ |
169 | operating system. The connman-vpnd handles all the VPN connections \ | 179 | operating system. The connman-vpnd handles all the VPN connections \ |
170 | and starts/stops VPN client processes when necessary. The connman-vpnd \ | 180 | and starts/stops VPN client processes when necessary. The connman-vpnd \ |
171 | provides a DBus API for managing VPN connections. All the different \ | 181 | provides a DBus API for managing VPN connections. All the different \ |
172 | VPN technogies are implemented using plug-ins." | 182 | VPN technogies are implemented using plug-ins." |
173 | FILES_${PN}-vpn += "${sbindir}/connman-vpnd \ | 183 | FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ |
174 | ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ | 184 | ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ |
175 | ${datadir}/dbus-1/system-services/net.connman.vpn.service \ | 185 | ${datadir}/dbus-1/system-services/net.connman.vpn.service \ |
176 | ${systemd_unitdir}/system/connman-vpn.service" | 186 | ${systemd_system_unitdir}/connman-vpn.service" |
177 | 187 | ||
178 | SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network" | 188 | SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" |
179 | DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \ | 189 | DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ |
180 | the system waits until a network connection is established." | 190 | the system waits until a network connection is established." |
181 | FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \ | 191 | FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ |
182 | ${systemd_unitdir}/system/connman-wait-online.service" | 192 | ${systemd_system_unitdir}/connman-wait-online.service" |
183 | 193 | ||
184 | SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" | 194 | SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" |
185 | DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ | 195 | DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ |
186 | to create a VPN connection to OpenVPN server." | 196 | to create a VPN connection to OpenVPN server." |
187 | FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ | 197 | FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ |
188 | ${libdir}/connman/plugins-vpn/openvpn.so" | 198 | ${libdir}/connman/plugins-vpn/openvpn.so" |
189 | RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn" | 199 | RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" |
190 | RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" | 200 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" |
191 | 201 | ||
192 | SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" | 202 | SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" |
193 | DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ | 203 | DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ |
194 | to create a VPN connection to Cisco3000 VPN Concentrator." | 204 | to create a VPN connection to Cisco3000 VPN Concentrator." |
195 | FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ | 205 | FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ |
196 | ${libdir}/connman/plugins-vpn/vpnc.so \ | 206 | ${libdir}/connman/plugins-vpn/vpnc.so \ |
197 | ${libdir}/connman/scripts/vpn-script" | 207 | ${libdir}/connman/scripts/vpn-script" |
198 | RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn" | 208 | RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" |
199 | RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" | 209 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" |
200 | 210 | ||
201 | SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" | 211 | SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" |
202 | DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ | 212 | DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ |
203 | to create a VPN connection to L2TP server." | 213 | to create a VPN connection to L2TP server." |
204 | FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ | 214 | FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ |
205 | ${libdir}/connman/plugins-vpn/l2tp.so" | 215 | ${libdir}/connman/plugins-vpn/l2tp.so" |
206 | RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn" | 216 | RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" |
207 | RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" | 217 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" |
208 | 218 | ||
209 | SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" | 219 | SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" |
210 | DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ | 220 | DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ |
211 | to create a VPN connection to PPTP server." | 221 | to create a VPN connection to PPTP server." |
212 | FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ | 222 | FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ |
213 | ${libdir}/connman/plugins-vpn/pptp.so" | 223 | ${libdir}/connman/plugins-vpn/pptp.so" |
214 | RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn" | 224 | RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" |
215 | RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" | 225 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" |
diff --git a/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch new file mode 100644 index 0000000000..8012606db7 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-src-log.c-Include-libgen.h-for-basename-API.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | From cbba6638986c2de763981bf6fc59df6a86fed44f Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Mon, 1 Jan 2024 17:42:21 -0800 | ||
4 | Subject: [PATCH v2] src/log.c: Include libgen.h for basename API | ||
5 | |||
6 | Use POSIX version of basename. This comes to front with latest musl | ||
7 | which dropped the declaration from string.h [1] it fails to build with | ||
8 | clang-17+ because it treats implicit function declaration as error. | ||
9 | |||
10 | Fix it by applying the basename on a copy of string since posix version | ||
11 | may modify the input string. | ||
12 | |||
13 | [1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7 | ||
14 | |||
15 | Upstream-Status: Submitted [https://lore.kernel.org/connman/20240102015917.3732089-1-raj.khem@gmail.com/T/#u] | ||
16 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
17 | --- | ||
18 | |||
19 | src/log.c | 6 ++++-- | ||
20 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/src/log.c b/src/log.c | ||
23 | index 554b046..2df3af7 100644 | ||
24 | --- a/src/log.c | ||
25 | +++ b/src/log.c | ||
26 | @@ -24,6 +24,7 @@ | ||
27 | #endif | ||
28 | |||
29 | #include <stdio.h> | ||
30 | +#include <libgen.h> | ||
31 | #include <unistd.h> | ||
32 | #include <stdarg.h> | ||
33 | #include <stdlib.h> | ||
34 | @@ -196,6 +197,7 @@ int __connman_log_init(const char *program, const char *debug, | ||
35 | const char *program_name, const char *program_version) | ||
36 | { | ||
37 | static char path[PATH_MAX]; | ||
38 | + char* tmp = strdup(program); | ||
39 | int option = LOG_NDELAY | LOG_PID; | ||
40 | |||
41 | program_exec = program; | ||
42 | @@ -212,8 +214,8 @@ int __connman_log_init(const char *program, const char *debug, | ||
43 | if (backtrace) | ||
44 | signal_setup(signal_handler); | ||
45 | |||
46 | - openlog(basename(program), option, LOG_DAEMON); | ||
47 | - | ||
48 | + openlog(basename(tmp), option, LOG_DAEMON); | ||
49 | + free(tmp); | ||
50 | syslog(LOG_INFO, "%s version %s", program_name, program_version); | ||
51 | |||
52 | return 0; | ||
53 | -- | ||
54 | 2.43.0 | ||
55 | |||
diff --git a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch new file mode 100644 index 0000000000..9e5ac8da15 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch | |||
@@ -0,0 +1,152 @@ | |||
1 | From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com> | ||
3 | Date: Sat, 25 Mar 2023 20:51:52 +0000 | ||
4 | Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release | ||
5 | |||
6 | The API has gone through a significant overhaul, and this change fixes any compile issues. | ||
7 | 1) Fixes to configure.ac itself | ||
8 | 2) Cleanup in pppd plugin itself | ||
9 | |||
10 | Adding a libppp-compat.h file to mask for any differences in the version. | ||
11 | |||
12 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f] | ||
13 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> | ||
14 | |||
15 | --- | ||
16 | scripts/libppp-compat.h | 127 ++++++++++++++++++++++++++++++++++++++++ | ||
17 | 1 file changed, 127 insertions(+) | ||
18 | create mode 100644 scripts/libppp-compat.h | ||
19 | |||
20 | diff --git a/scripts/libppp-compat.h b/scripts/libppp-compat.h | ||
21 | new file mode 100644 | ||
22 | index 0000000..eee1d09 | ||
23 | --- /dev/null | ||
24 | +++ b/scripts/libppp-compat.h | ||
25 | @@ -0,0 +1,127 @@ | ||
26 | +/* Copyright (C) Eivind Naess, eivnaes@yahoo.com */ | ||
27 | +/* SPDX-License-Identifier: GPL-2.0-or-later */ | ||
28 | + | ||
29 | +#ifndef __LIBPPP_COMPAT_H__ | ||
30 | +#define __LIBPPP_COMPAT_H__ | ||
31 | + | ||
32 | +/* Define USE_EAPTLS compile with EAP TLS support against older pppd headers, | ||
33 | + * pppd >= 2.5.0 use PPP_WITH_EAPTLS and is defined in pppdconf.h */ | ||
34 | +#define USE_EAPTLS 1 | ||
35 | + | ||
36 | +/* Define INET6 to compile with IPv6 support against older pppd headers, | ||
37 | + * pppd >= 2.5.0 use PPP_WITH_IPV6CP and is defined in pppdconf.h */ | ||
38 | +#define INET6 1 | ||
39 | + | ||
40 | +/* PPP < 2.5.0 defines and exports VERSION which overlaps with current package VERSION define. | ||
41 | + * this silly macro magic is to work around that. */ | ||
42 | +#undef VERSION | ||
43 | +#include <pppd/pppd.h> | ||
44 | + | ||
45 | +#ifndef PPPD_VERSION | ||
46 | +#define PPPD_VERSION VERSION | ||
47 | +#endif | ||
48 | + | ||
49 | +#include <pppd/fsm.h> | ||
50 | +#include <pppd/ccp.h> | ||
51 | +#include <pppd/eui64.h> | ||
52 | +#include <pppd/ipcp.h> | ||
53 | +#include <pppd/ipv6cp.h> | ||
54 | +#include <pppd/eap.h> | ||
55 | +#include <pppd/upap.h> | ||
56 | + | ||
57 | +#ifdef HAVE_PPPD_CHAP_H | ||
58 | +#include <pppd/chap.h> | ||
59 | +#endif | ||
60 | + | ||
61 | +#ifdef HAVE_PPPD_CHAP_NEW_H | ||
62 | +#include <pppd/chap-new.h> | ||
63 | +#endif | ||
64 | + | ||
65 | +#ifdef HAVE_PPPD_CHAP_MS_H | ||
66 | +#include <pppd/chap_ms.h> | ||
67 | +#endif | ||
68 | + | ||
69 | +#ifndef PPP_PROTO_CHAP | ||
70 | +#define PPP_PROTO_CHAP 0xc223 | ||
71 | +#endif | ||
72 | + | ||
73 | +#ifndef PPP_PROTO_EAP | ||
74 | +#define PPP_PROTO_EAP 0xc227 | ||
75 | +#endif | ||
76 | + | ||
77 | + | ||
78 | +#if WITH_PPP_VERSION < PPP_VERSION(2,5,0) | ||
79 | + | ||
80 | +static inline bool | ||
81 | +debug_on (void) | ||
82 | +{ | ||
83 | + return debug; | ||
84 | +} | ||
85 | + | ||
86 | +static inline const char | ||
87 | +*ppp_ipparam (void) | ||
88 | +{ | ||
89 | + return ipparam; | ||
90 | +} | ||
91 | + | ||
92 | +static inline int | ||
93 | +ppp_ifunit (void) | ||
94 | +{ | ||
95 | + return ifunit; | ||
96 | +} | ||
97 | + | ||
98 | +static inline const char * | ||
99 | +ppp_ifname (void) | ||
100 | +{ | ||
101 | + return ifname; | ||
102 | +} | ||
103 | + | ||
104 | +static inline int | ||
105 | +ppp_get_mtu (int idx) | ||
106 | +{ | ||
107 | + return netif_get_mtu(idx); | ||
108 | +} | ||
109 | + | ||
110 | +typedef enum ppp_notify | ||
111 | +{ | ||
112 | + NF_PID_CHANGE, | ||
113 | + NF_PHASE_CHANGE, | ||
114 | + NF_EXIT, | ||
115 | + NF_SIGNALED, | ||
116 | + NF_IP_UP, | ||
117 | + NF_IP_DOWN, | ||
118 | + NF_IPV6_UP, | ||
119 | + NF_IPV6_DOWN, | ||
120 | + NF_AUTH_UP, | ||
121 | + NF_LINK_DOWN, | ||
122 | + NF_FORK, | ||
123 | + NF_MAX_NOTIFY | ||
124 | +} ppp_notify_t; | ||
125 | + | ||
126 | +typedef void (ppp_notify_fn) (void *ctx, int arg); | ||
127 | + | ||
128 | +static inline void | ||
129 | +ppp_add_notify (ppp_notify_t type, ppp_notify_fn *func, void *ctx) | ||
130 | +{ | ||
131 | + struct notifier **list[NF_MAX_NOTIFY] = { | ||
132 | + [NF_PID_CHANGE ] = &pidchange, | ||
133 | + [NF_PHASE_CHANGE] = &phasechange, | ||
134 | + [NF_EXIT ] = &exitnotify, | ||
135 | + [NF_SIGNALED ] = &sigreceived, | ||
136 | + [NF_IP_UP ] = &ip_up_notifier, | ||
137 | + [NF_IP_DOWN ] = &ip_down_notifier, | ||
138 | + [NF_IPV6_UP ] = &ipv6_up_notifier, | ||
139 | + [NF_IPV6_DOWN ] = &ipv6_down_notifier, | ||
140 | + [NF_AUTH_UP ] = &auth_up_notifier, | ||
141 | + [NF_LINK_DOWN ] = &link_down_notifier, | ||
142 | + [NF_FORK ] = &fork_notifier, | ||
143 | + }; | ||
144 | + | ||
145 | + struct notifier **notify = list[type]; | ||
146 | + if (notify) { | ||
147 | + add_notifier(notify, func, ctx); | ||
148 | + } | ||
149 | +} | ||
150 | + | ||
151 | +#endif /* #if WITH_PPP_VERSION < PPP_VERSION(2,5,0) */ | ||
152 | +#endif /* #if__LIBPPP_COMPAT_H__ */ | ||
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 942b9c97b6..9e2cc34995 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch | |||
@@ -1,83 +1,88 @@ | |||
1 | From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 | 1 | From 60783f0d885c9a0db8b6f1d528786321e53f1512 Mon Sep 17 00:00:00 2001 |
2 | From: Khem Raj <raj.khem@gmail.com> | 2 | From: Khem Raj <raj.khem@gmail.com> |
3 | Date: Mon, 6 Apr 2015 23:02:21 -0700 | 3 | Date: Mon, 6 Apr 2015 23:02:21 -0700 |
4 | Subject: [PATCH] resolve: musl does not implement res_ninit | 4 | Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to |
5 | __RES | ||
5 | 6 | ||
6 | ported from | 7 | Not all libc implementation have those functions, and the way to determine |
8 | if they do is to check __RES which is explained in resolv.h thusly: | ||
9 | |||
10 | /* | ||
11 | * Revision information. This is the release date in YYYYMMDD format. | ||
12 | * It can change every day so the right thing to do with it is use it | ||
13 | * in preprocessor commands such as "#if (__RES > 19931104)". Do not | ||
14 | * compare for equality; rather, use it to determine whether your resolver | ||
15 | * is new enough to contain a certain feature. | ||
16 | */ | ||
17 | |||
18 | Indeed, it needs to be at least 19991006. | ||
19 | |||
20 | The portion of the patch that implements a fallback is ported from | ||
21 | Alpine Linux: | ||
7 | http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch | 22 | http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch |
8 | 23 | ||
9 | Upstream-Status: Pending | 24 | Upstream-Status: Submitted [to connman@lists.linux.dev,marcel@holtmann.org] |
10 | 25 | ||
11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 26 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
12 | |||
13 | --- | 27 | --- |
14 | gweb/gresolv.c | 34 +++++++++++++--------------------- | 28 | gweb/gresolv.c | 21 +++++++++++++++++++++ |
15 | 1 file changed, 13 insertions(+), 21 deletions(-) | 29 | 1 file changed, 21 insertions(+) |
16 | 30 | ||
17 | diff --git a/gweb/gresolv.c b/gweb/gresolv.c | 31 | diff --git a/gweb/gresolv.c b/gweb/gresolv.c |
18 | index 38a554e..a9e8740 100644 | 32 | index 8101d71..9f1477c 100644 |
19 | --- a/gweb/gresolv.c | 33 | --- a/gweb/gresolv.c |
20 | +++ b/gweb/gresolv.c | 34 | +++ b/gweb/gresolv.c |
21 | @@ -36,6 +36,7 @@ | 35 | @@ -879,7 +879,9 @@ GResolv *g_resolv_new(int index) |
22 | #include <arpa/inet.h> | ||
23 | #include <arpa/nameser.h> | ||
24 | #include <net/if.h> | ||
25 | +#include <ctype.h> | ||
26 | |||
27 | #include "gresolv.h" | ||
28 | |||
29 | @@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index) | ||
30 | resolv->index = index; | 36 | resolv->index = index; |
31 | resolv->nameserver_list = NULL; | 37 | resolv->nameserver_list = NULL; |
32 | 38 | ||
33 | - res_ninit(&resolv->res); | 39 | +#if (__RES >= 19991006) |
34 | - | 40 | res_ninit(&resolv->res); |
41 | +#endif | ||
42 | |||
35 | return resolv; | 43 | return resolv; |
36 | } | 44 | } |
37 | 45 | @@ -920,7 +922,9 @@ void g_resolv_unref(GResolv *resolv) | |
38 | @@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) | ||
39 | 46 | ||
40 | flush_nameservers(resolv); | 47 | flush_nameservers(resolv); |
41 | 48 | ||
42 | - res_nclose(&resolv->res); | 49 | +#if (__RES >= 19991006) |
43 | - | 50 | res_nclose(&resolv->res); |
51 | +#endif | ||
52 | |||
44 | g_free(resolv); | 53 | g_free(resolv); |
45 | } | 54 | } |
46 | 55 | @@ -1024,6 +1028,7 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, | |
47 | @@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, | ||
48 | debug(resolv, "hostname %s", hostname); | 56 | debug(resolv, "hostname %s", hostname); |
49 | 57 | ||
50 | if (!resolv->nameserver_list) { | 58 | if (!resolv->nameserver_list) { |
51 | - int i; | 59 | +#if (__RES >= 19991006) |
52 | - | 60 | int i; |
53 | - for (i = 0; i < resolv->res.nscount; i++) { | 61 | |
54 | - char buf[100]; | 62 | for (i = 0; i < resolv->res.nscount; i++) { |
55 | - int family = resolv->res.nsaddr_list[i].sin_family; | 63 | @@ -1043,6 +1048,22 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, |
56 | - void *sa_addr = &resolv->res.nsaddr_list[i].sin_addr; | 64 | if (inet_ntop(family, sa_addr, buf, sizeof(buf))) |
57 | - | 65 | g_resolv_add_nameserver(resolv, buf, 53, 0); |
58 | - if (family != AF_INET && | ||
59 | - resolv->res._u._ext.nsaddrs[i]) { | ||
60 | - family = AF_INET6; | ||
61 | - sa_addr = &resolv->res._u._ext.nsaddrs[i]->sin6_addr; | ||
62 | + FILE *f = fopen("/etc/resolv.conf", "r"); | ||
63 | + if (f) { | ||
64 | + char line[256], *s; | ||
65 | + int i; | ||
66 | + while (fgets(line, sizeof(line), f)) { | ||
67 | + if (strncmp(line, "nameserver", 10) || !isspace(line[10])) | ||
68 | + continue; | ||
69 | + for (s = &line[11]; isspace(s[0]); s++); | ||
70 | + for (i = 0; s[i] && !isspace(s[i]); i++); | ||
71 | + s[i] = 0; | ||
72 | + g_resolv_add_nameserver(resolv, s, 53, 0); | ||
73 | } | ||
74 | - | ||
75 | - if (family != AF_INET && family != AF_INET6) | ||
76 | - continue; | ||
77 | - | ||
78 | - if (inet_ntop(family, sa_addr, buf, sizeof(buf))) | ||
79 | - g_resolv_add_nameserver(resolv, buf, 53, 0); | ||
80 | + fclose(f); | ||
81 | } | 66 | } |
67 | +#else | ||
68 | + FILE *f = fopen("/etc/resolv.conf", "r"); | ||
69 | + if (f) { | ||
70 | + char line[256], *s; | ||
71 | + int i; | ||
72 | + while (fgets(line, sizeof(line), f)) { | ||
73 | + if (strncmp(line, "nameserver", 10) || !isspace(line[10])) | ||
74 | + continue; | ||
75 | + for (s = &line[11]; isspace(s[0]); s++); | ||
76 | + for (i = 0; s[i] && !isspace(s[i]); i++); | ||
77 | + s[i] = 0; | ||
78 | + g_resolv_add_nameserver(resolv, s, 53, 0); | ||
79 | + } | ||
80 | + fclose(f); | ||
81 | + } | ||
82 | +#endif | ||
82 | 83 | ||
83 | if (!resolv->nameserver_list) | 84 | if (!resolv->nameserver_list) |
85 | g_resolv_add_nameserver(resolv, "127.0.0.1", 53, 0); | ||
86 | -- | ||
87 | 2.39.2 | ||
88 | |||
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman index c64fa0d715..a021fd4655 100644 --- a/meta/recipes-connectivity/connman/connman/connman +++ b/meta/recipes-connectivity/connman/connman/connman | |||
@@ -10,49 +10,11 @@ fi | |||
10 | 10 | ||
11 | set -e | 11 | set -e |
12 | 12 | ||
13 | nfsroot=0 | ||
14 | |||
15 | exec 9<&0 < /proc/mounts | ||
16 | while read dev mtpt fstype rest; do | ||
17 | if test $mtpt = "/" ; then | ||
18 | case $fstype in | ||
19 | nfs | nfs4) | ||
20 | nfsroot=1 | ||
21 | break | ||
22 | ;; | ||
23 | *) | ||
24 | ;; | ||
25 | esac | ||
26 | fi | ||
27 | done | ||
28 | |||
29 | do_start() { | 13 | do_start() { |
30 | EXTRA_PARAM="" | ||
31 | if test $nfsroot -eq 1 ; then | ||
32 | NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'` | ||
33 | NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'` | ||
34 | |||
35 | if [ ! -z "$NET_ADDR" ]; then | ||
36 | if [ "$NET_ADDR" = dhcp ]; then | ||
37 | ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"` | ||
38 | if [ ! -z "$ethn" ]; then | ||
39 | EXTRA_PARAM="-I $ethn" | ||
40 | fi | ||
41 | else | ||
42 | for i in $NET_DEVS; do | ||
43 | ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'` | ||
44 | if [ "$NET_ADDR" = "$ADDR" ]; then | ||
45 | EXTRA_PARAM="-I $i" | ||
46 | break | ||
47 | fi | ||
48 | done | ||
49 | fi | ||
50 | fi | ||
51 | fi | ||
52 | if [ -f @DATADIR@/connman/wired-setup ] ; then | 14 | if [ -f @DATADIR@/connman/wired-setup ] ; then |
53 | . @DATADIR@/connman/wired-setup | 15 | . @DATADIR@/connman/wired-setup |
54 | fi | 16 | fi |
55 | $DAEMON $EXTRA_PARAM | 17 | $DAEMON |
56 | } | 18 | } |
57 | 19 | ||
58 | do_stop() { | 20 | do_stop() { |
diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb b/meta/recipes-connectivity/connman/connman_1.38.bb deleted file mode 100644 index 027c41e9af..0000000000 --- a/meta/recipes-connectivity/connman/connman_1.38.bb +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | require connman.inc | ||
2 | |||
3 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | ||
4 | file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ | ||
5 | file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ | ||
6 | file://connman \ | ||
7 | file://no-version-scripts.patch \ | ||
8 | " | ||
9 | |||
10 | SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" | ||
11 | |||
12 | SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94" | ||
13 | SRC_URI[sha256sum] = "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b" | ||
14 | |||
15 | RRECOMMENDS_${PN} = "connman-conf" | ||
16 | RCONFLICTS_${PN} = "networkmanager" | ||
diff --git a/meta/recipes-connectivity/connman/connman_1.42.bb b/meta/recipes-connectivity/connman/connman_1.42.bb new file mode 100644 index 0000000000..5c60b9cb83 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman_1.42.bb | |||
@@ -0,0 +1,17 @@ | |||
1 | require connman.inc | ||
2 | |||
3 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | ||
4 | file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ | ||
5 | file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ | ||
6 | file://connman \ | ||
7 | file://no-version-scripts.patch \ | ||
8 | file://0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch \ | ||
9 | file://0001-src-log.c-Include-libgen.h-for-basename-API.patch \ | ||
10 | file://0002-resolve-musl-does-not-implement-res_ninit.patch \ | ||
11 | " | ||
12 | |||
13 | |||
14 | SRC_URI[sha256sum] = "a3e6bae46fc081ef2e9dae3caa4f7649de892c3de622c20283ac0ca81423c2aa" | ||
15 | |||
16 | RRECOMMENDS:${PN} = "connman-conf" | ||
17 | RCONFLICTS:${PN} = "networkmanager" | ||
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb index 56fcf5cc0b..6bde9b1f51 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.0.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb | |||
@@ -7,21 +7,22 @@ DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ | |||
7 | HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" | 7 | HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" |
8 | 8 | ||
9 | LICENSE = "BSD-2-Clause" | 9 | LICENSE = "BSD-2-Clause" |
10 | LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2" | 10 | LIC_FILES_CHKSUM = "file://LICENSE;md5=ba9c7e534853aaf3de76c905b2410ffd" |
11 | 11 | ||
12 | UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" | 12 | SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \ |
13 | |||
14 | SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ | ||
15 | file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ | 13 | file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ |
14 | file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ | ||
16 | file://dhcpcd.service \ | 15 | file://dhcpcd.service \ |
17 | file://dhcpcd@.service \ | 16 | file://dhcpcd@.service \ |
17 | file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ | ||
18 | " | 18 | " |
19 | 19 | ||
20 | SRC_URI[sha256sum] = "41a69297f380bf15ee8f94f73154f8c2bca7157a087c0d5aca8de000ba1d4513" | 20 | SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" |
21 | S = "${WORKDIR}/git" | ||
21 | 22 | ||
22 | inherit pkgconfig autotools-brokensep systemd useradd | 23 | inherit pkgconfig autotools-brokensep systemd useradd |
23 | 24 | ||
24 | SYSTEMD_SERVICE_${PN} = "dhcpcd.service" | 25 | SYSTEMD_SERVICE:${PN} = "dhcpcd.service" |
25 | 26 | ||
26 | PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" | 27 | PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" |
27 | 28 | ||
@@ -32,8 +33,11 @@ PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" | |||
32 | PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" | 33 | PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" |
33 | PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" | 34 | PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" |
34 | 35 | ||
36 | # add option to override DBDIR location | ||
37 | DBDIR ?= "${localstatedir}/lib/${BPN}" | ||
38 | |||
35 | EXTRA_OECONF = "--enable-ipv4 \ | 39 | EXTRA_OECONF = "--enable-ipv4 \ |
36 | --dbdir=${localstatedir}/lib/${BPN} \ | 40 | --dbdir=${DBDIR} \ |
37 | --sbindir=${base_sbindir} \ | 41 | --sbindir=${base_sbindir} \ |
38 | --runstatedir=/run \ | 42 | --runstatedir=/run \ |
39 | --enable-privsep \ | 43 | --enable-privsep \ |
@@ -43,15 +47,15 @@ EXTRA_OECONF = "--enable-ipv4 \ | |||
43 | " | 47 | " |
44 | 48 | ||
45 | USERADD_PACKAGES = "${PN}" | 49 | USERADD_PACKAGES = "${PN}" |
46 | USERADD_PARAM_${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd" | 50 | USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" |
47 | 51 | ||
48 | do_install_append () { | 52 | do_install:append () { |
49 | # install systemd unit files | 53 | # install systemd unit files |
50 | install -d ${D}${systemd_unitdir}/system | 54 | install -d ${D}${systemd_system_unitdir} |
51 | install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_unitdir}/system | 55 | install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} |
52 | 56 | ||
53 | chmod 700 ${D}${localstatedir}/lib/${BPN} | 57 | chmod 700 ${D}${DBDIR} |
54 | chown dhcpcd:dhcpcd ${D}${localstatedir}/lib/${BPN} | 58 | chown dhcpcd:dhcpcd ${D}${DBDIR} |
55 | } | 59 | } |
56 | 60 | ||
57 | FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" | 61 | FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" |
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch new file mode 100644 index 0000000000..8d1ed6671a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch | |||
@@ -0,0 +1,82 @@ | |||
1 | From 02acc4d875ee81e6fd19ef66d69c9f55b4b4a7e7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Wed, 9 Nov 2022 16:33:18 +0800 | ||
4 | Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd | ||
5 | |||
6 | systemd's resolvconf implementation ignores the protocol part. | ||
7 | See https://github.com/systemd/systemd/issues/25032. | ||
8 | |||
9 | When using 'dhcp server + dns server + dhcpcd + systemd', we | ||
10 | get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', | ||
11 | yet systemd's resolvconf treats it as eth0. This will delete the | ||
12 | DNS information set by 'resolvconf -a eth0.dhcp'. | ||
13 | |||
14 | Fortunately, 20-resolv.conf has the ability to build the resolv.conf | ||
15 | file contents itself. We can just pass the generated contents to | ||
16 | systemd's resolvconf. This way, the DNS information is not incorrectly | ||
17 | deleted. Also, it does not cause behavior regression for dhcpcd | ||
18 | in other cases. | ||
19 | |||
20 | Upstream-Status: Inappropriate [OE Specific] | ||
21 | This patch has been rejected by dhcpcd upstream. | ||
22 | See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 | ||
23 | |||
24 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
25 | --- | ||
26 | hooks/20-resolv.conf | 17 +++++++++++++---- | ||
27 | 1 file changed, 13 insertions(+), 4 deletions(-) | ||
28 | |||
29 | diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf | ||
30 | index 7c29e276..becc019f 100644 | ||
31 | --- a/hooks/20-resolv.conf | ||
32 | +++ b/hooks/20-resolv.conf | ||
33 | @@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" | ||
34 | NL=" | ||
35 | " | ||
36 | : ${resolvconf:=resolvconf} | ||
37 | +resolvconf_from_systemd=false | ||
38 | if command -v "$resolvconf" >/dev/null 2>&1; then | ||
39 | have_resolvconf=true | ||
40 | + if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then | ||
41 | + resolvconf_from_systemd=true | ||
42 | + fi | ||
43 | else | ||
44 | have_resolvconf=false | ||
45 | fi | ||
46 | @@ -69,8 +73,13 @@ build_resolv_conf() | ||
47 | else | ||
48 | echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" | ||
49 | fi | ||
50 | - if change_file /etc/resolv.conf "$cf"; then | ||
51 | - chmod 644 /etc/resolv.conf | ||
52 | + if $resolvconf_from_systemd; then | ||
53 | + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" | ||
54 | + "$resolvconf" -a "$ifname" <"$cf" | ||
55 | + else | ||
56 | + if change_file /etc/resolv.conf "$cf"; then | ||
57 | + chmod 644 /etc/resolv.conf | ||
58 | + fi | ||
59 | fi | ||
60 | rm -f "$cf" | ||
61 | } | ||
62 | @@ -170,7 +179,7 @@ add_resolv_conf() | ||
63 | for x in ${new_domain_name_servers}; do | ||
64 | conf="${conf}nameserver $x$NL" | ||
65 | done | ||
66 | - if $have_resolvconf; then | ||
67 | + if $have_resolvconf && ! $resolvconf_from_systemd; then | ||
68 | [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" | ||
69 | printf %s "$conf" | "$resolvconf" -a "$ifname" | ||
70 | return $? | ||
71 | @@ -186,7 +195,7 @@ add_resolv_conf() | ||
72 | |||
73 | remove_resolv_conf() | ||
74 | { | ||
75 | - if $have_resolvconf; then | ||
76 | + if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then | ||
77 | "$resolvconf" -d "$ifname" -f | ||
78 | else | ||
79 | if [ -e "$resolv_conf_dir/$ifname" ]; then | ||
80 | -- | ||
81 | 2.17.1 | ||
82 | |||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch new file mode 100644 index 0000000000..461d04bd1d --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From 5d5ba8a2b8010db6bee68bd712f829cb737c9ac1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lei Maohui <leimaohui@fujitsu.com> | ||
3 | Date: Fri, 10 Mar 2023 03:48:46 +0000 | ||
4 | Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. | ||
5 | |||
6 | Error: Transaction test error: | ||
7 | file /usr/share/man/man8/dhcpcd.8 conflicts between attempted | ||
8 | installs of dhcpcd-doc-9.4.1-r0.cortexa57 and | ||
9 | lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon | ||
10 | |||
11 | The differences between the two files are as follows: | ||
12 | @@ -821,7 +821,7 @@ | ||
13 | If you always use the same options, put them here. | ||
14 | .It Pa /usr/libexec/dhcpcd-run-hooks | ||
15 | Bourne shell script that is run to configure or de-configure an interface. | ||
16 | -.It Pa /usr/lib64/dhcpcd/dev | ||
17 | +.It Pa /usr/lib/dhcpcd/dev | ||
18 | Linux | ||
19 | .Pa /dev | ||
20 | management modules. | ||
21 | |||
22 | It is just a man file, there is no necessary to manage multiple | ||
23 | versions. | ||
24 | |||
25 | Upstream-Status: Inappropriate [oe specific] | ||
26 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | ||
27 | |||
28 | --- | ||
29 | src/dhcpcd.8.in | 2 +- | ||
30 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
31 | |||
32 | diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in | ||
33 | index 93232840..09930a31 100644 | ||
34 | --- a/src/dhcpcd.8.in | ||
35 | +++ b/src/dhcpcd.8.in | ||
36 | @@ -824,7 +824,7 @@ Configuration file for dhcpcd. | ||
37 | If you always use the same options, put them here. | ||
38 | .It Pa @SCRIPT@ | ||
39 | Bourne shell script that is run to configure or de-configure an interface. | ||
40 | -.It Pa @LIBDIR@/dhcpcd/dev | ||
41 | +.It Pa /usr/<libdir>/dhcpcd/dev | ||
42 | Linux | ||
43 | .Pa /dev | ||
44 | management modules. | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch index 37d2344438..c54942be4b 100644 --- a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch +++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001 | 1 | From ec9fc4e6086e1dbe0ac2f94a8a088a571596a581 Mon Sep 17 00:00:00 2001 |
2 | From: Stefano Cappa <stefano.cappa.ks89@gmail.com> | 2 | From: Stefano Cappa <stefano.cappa.ks89@gmail.com> |
3 | Date: Sun, 13 Jan 2019 01:50:52 +0100 | 3 | Date: Sun, 13 Jan 2019 01:50:52 +0100 |
4 | Subject: [PATCH] remove INCLUDEDIR to prevent build issues | 4 | Subject: [PATCH] remove INCLUDEDIR to prevent build issues |
@@ -6,15 +6,16 @@ Subject: [PATCH] remove INCLUDEDIR to prevent build issues | |||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Pending |
7 | 7 | ||
8 | Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> | 8 | Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> |
9 | |||
9 | --- | 10 | --- |
10 | configure | 5 ----- | 11 | configure | 5 ----- |
11 | 1 file changed, 5 deletions(-) | 12 | 1 file changed, 5 deletions(-) |
12 | 13 | ||
13 | diff --git a/configure b/configure | 14 | diff --git a/configure b/configure |
14 | index 6c81e0db..32dea2b4 100755 | 15 | index 5237b0e2..7220718b 100755 |
15 | --- a/configure | 16 | --- a/configure |
16 | +++ b/configure | 17 | +++ b/configure |
17 | @@ -20,7 +20,6 @@ BUILD= | 18 | @@ -26,7 +26,6 @@ BUILD= |
18 | HOST= | 19 | HOST= |
19 | HOSTCC= | 20 | HOSTCC= |
20 | TARGET= | 21 | TARGET= |
@@ -22,7 +23,7 @@ index 6c81e0db..32dea2b4 100755 | |||
22 | DEBUG= | 23 | DEBUG= |
23 | FORK= | 24 | FORK= |
24 | STATIC= | 25 | STATIC= |
25 | @@ -72,7 +71,6 @@ for x do | 26 | @@ -86,7 +85,6 @@ for x do |
26 | --mandir) MANDIR=$var;; | 27 | --mandir) MANDIR=$var;; |
27 | --datadir) DATADIR=$var;; | 28 | --datadir) DATADIR=$var;; |
28 | --with-ccopts|CFLAGS) CFLAGS=$var;; | 29 | --with-ccopts|CFLAGS) CFLAGS=$var;; |
@@ -30,7 +31,7 @@ index 6c81e0db..32dea2b4 100755 | |||
30 | CC) CC=$var;; | 31 | CC) CC=$var;; |
31 | CPPFLAGS) CPPFLAGS=$var;; | 32 | CPPFLAGS) CPPFLAGS=$var;; |
32 | PKG_CONFIG) PKG_CONFIG=$var;; | 33 | PKG_CONFIG) PKG_CONFIG=$var;; |
33 | @@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then | 34 | @@ -343,9 +341,6 @@ if [ -n "$CPPFLAGS" ]; then |
34 | echo "CPPFLAGS=" >>$CONFIG_MK | 35 | echo "CPPFLAGS=" >>$CONFIG_MK |
35 | echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK | 36 | echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK |
36 | fi | 37 | fi |
@@ -40,6 +41,3 @@ index 6c81e0db..32dea2b4 100755 | |||
40 | if [ -n "$LDFLAGS" ]; then | 41 | if [ -n "$LDFLAGS" ]; then |
41 | echo "LDFLAGS=" >>$CONFIG_MK | 42 | echo "LDFLAGS=" >>$CONFIG_MK |
42 | echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK | 43 | echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK |
43 | -- | ||
44 | 2.17.2 (Apple Git-113) | ||
45 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch deleted file mode 100644 index 49d319f59d..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch +++ /dev/null | |||
@@ -1,58 +0,0 @@ | |||
1 | From 7d39930468e272c740b0eed3c7e5b7fb3abf29e8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Wed, 5 Aug 2020 10:36:22 -0700 | ||
4 | Subject: [PATCH] ftpd,telnetd: Fix multiple definitions of errcatch and not42 | ||
5 | |||
6 | This helps fix build failures when -fno-common option is used | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | |||
11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
12 | --- | ||
13 | ftpd/extern.h | 2 +- | ||
14 | ftpd/ftpcmd.c | 1 + | ||
15 | telnetd/utility.c | 2 +- | ||
16 | 3 files changed, 3 insertions(+), 2 deletions(-) | ||
17 | |||
18 | diff --git a/ftpd/extern.h b/ftpd/extern.h | ||
19 | index ab33cf3..91dbbee 100644 | ||
20 | --- a/ftpd/extern.h | ||
21 | +++ b/ftpd/extern.h | ||
22 | @@ -90,7 +90,7 @@ extern void user (const char *); | ||
23 | extern char *sgetsave (const char *); | ||
24 | |||
25 | /* Exported from ftpd.c. */ | ||
26 | -jmp_buf errcatch; | ||
27 | +extern jmp_buf errcatch; | ||
28 | extern struct sockaddr_storage data_dest; | ||
29 | extern socklen_t data_dest_len; | ||
30 | extern struct sockaddr_storage his_addr; | ||
31 | diff --git a/ftpd/ftpcmd.c b/ftpd/ftpcmd.c | ||
32 | index beb1f06..d272e9d 100644 | ||
33 | --- a/ftpd/ftpcmd.c | ||
34 | +++ b/ftpd/ftpcmd.c | ||
35 | @@ -106,6 +106,7 @@ | ||
36 | #endif | ||
37 | |||
38 | off_t restart_point; | ||
39 | +jmp_buf errcatch; | ||
40 | |||
41 | static char cbuf[512]; /* Command Buffer. */ | ||
42 | static char *fromname; | ||
43 | diff --git a/telnetd/utility.c b/telnetd/utility.c | ||
44 | index e7ffb8e..46bf91e 100644 | ||
45 | --- a/telnetd/utility.c | ||
46 | +++ b/telnetd/utility.c | ||
47 | @@ -63,7 +63,7 @@ static int ncc; | ||
48 | static char ptyibuf[BUFSIZ], *ptyip; | ||
49 | static int pcc; | ||
50 | |||
51 | -int not42; | ||
52 | +extern int not42; | ||
53 | |||
54 | static int | ||
55 | readstream (int p, char *ibuf, int bufsize) | ||
56 | -- | ||
57 | 2.28.0 | ||
58 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch deleted file mode 100644 index d4764f5867..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Subject: rcp: fix to work with large files | ||
4 | |||
5 | When we copy file by rcp command, if the file > 2GB, it will fail. | ||
6 | The cause is that it used incorrect data type on file size in sink() of rcp. | ||
7 | |||
8 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
9 | --- | ||
10 | src/rcp.c | 4 ++-- | ||
11 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/src/rcp.c b/src/rcp.c | ||
14 | index 21f55b6..bafa35f 100644 | ||
15 | --- a/src/rcp.c | ||
16 | +++ b/src/rcp.c | ||
17 | @@ -876,9 +876,9 @@ sink (int argc, char *argv[]) | ||
18 | enum | ||
19 | { YES, NO, DISPLAYED } wrerr; | ||
20 | BUF *bp; | ||
21 | - off_t i, j; | ||
22 | + off_t i, j, size; | ||
23 | int amt, count, exists, first, mask, mode, ofd, omode; | ||
24 | - int setimes, size, targisdir, wrerrno; | ||
25 | + int setimes, targisdir, wrerrno; | ||
26 | char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ]; | ||
27 | const char *why; | ||
28 | |||
29 | -- | ||
30 | 1.9.1 | ||
31 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch deleted file mode 100644 index a91913cb51..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | tftpd: Fix abort on error path | ||
2 | |||
3 | When trying to fetch a non existent file, the app crashes with: | ||
4 | |||
5 | *** buffer overflow detected ***: | ||
6 | Aborted | ||
7 | |||
8 | |||
9 | Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205] | ||
10 | Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> | ||
11 | diff --git a/src/tftpd.c b/src/tftpd.c | ||
12 | index 56002a0..144012f 100644 | ||
13 | --- a/src/tftpd.c | ||
14 | +++ b/src/tftpd.c | ||
15 | @@ -864,9 +864,8 @@ nak (int error) | ||
16 | pe->e_msg = strerror (error - 100); | ||
17 | tp->th_code = EUNDEF; /* set 'undef' errorcode */ | ||
18 | } | ||
19 | - strcpy (tp->th_msg, pe->e_msg); | ||
20 | length = strlen (pe->e_msg); | ||
21 | - tp->th_msg[length] = '\0'; | ||
22 | + memcpy(tp->th_msg, pe->e_msg, length + 1); | ||
23 | length += 5; | ||
24 | if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length) | ||
25 | syslog (LOG_ERR, "nak: %m\n"); | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch deleted file mode 100644 index 24c134fcac..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
6 | --- | ||
7 | ping/ping_common.h | 20 ++++++++++++++++++++ | ||
8 | 1 file changed, 20 insertions(+) | ||
9 | |||
10 | diff --git a/ping/ping_common.h b/ping/ping_common.h | ||
11 | index 1dfd1b5..3bfbd12 100644 | ||
12 | --- a/ping/ping_common.h | ||
13 | +++ b/ping/ping_common.h | ||
14 | @@ -17,10 +17,14 @@ | ||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with this program. If not, see `http://www.gnu.org/licenses/'. */ | ||
17 | |||
18 | +#include <config.h> | ||
19 | + | ||
20 | #include <netinet/in_systm.h> | ||
21 | #include <netinet/in.h> | ||
22 | #include <netinet/ip.h> | ||
23 | +#ifdef HAVE_IPV6 | ||
24 | #include <netinet/icmp6.h> | ||
25 | +#endif | ||
26 | #include <icmp.h> | ||
27 | #include <error.h> | ||
28 | #include <progname.h> | ||
29 | @@ -62,7 +66,12 @@ struct ping_stat | ||
30 | want to follow the traditional behaviour of ping. */ | ||
31 | #define DEFAULT_PING_COUNT 0 | ||
32 | |||
33 | +#ifdef HAVE_IPV6 | ||
34 | #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN) | ||
35 | +#else | ||
36 | +#define PING_HEADER_LEN (ICMP_MINLEN) | ||
37 | +#endif | ||
38 | + | ||
39 | #define PING_TIMING(s) ((s) >= sizeof (struct timeval)) | ||
40 | #define PING_DATALEN (64 - PING_HEADER_LEN) /* default data length */ | ||
41 | |||
42 | @@ -74,13 +83,20 @@ struct ping_stat | ||
43 | (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\ | ||
44 | } while (0) | ||
45 | |||
46 | +#ifdef HAVE_IPV6 | ||
47 | /* FIXME: Adjust IPv6 case for options and their consumption. */ | ||
48 | #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \ | ||
49 | (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)) | ||
50 | |||
51 | +#else | ||
52 | +#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN) | ||
53 | +#endif | ||
54 | + | ||
55 | +#ifdef HAVE_IPV6 | ||
56 | typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest, | ||
57 | struct sockaddr_in6 * from, struct icmp6_hdr * icmp, | ||
58 | int datalen); | ||
59 | +#endif | ||
60 | |||
61 | typedef int (*ping_efp) (int code, | ||
62 | void *closure, | ||
63 | @@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code, | ||
64 | struct ip * ip, icmphdr_t * icmp, int datalen); | ||
65 | |||
66 | union event { | ||
67 | +#ifdef HAVE_IPV6 | ||
68 | ping_efp6 handler6; | ||
69 | +#endif | ||
70 | ping_efp handler; | ||
71 | }; | ||
72 | |||
73 | union ping_address { | ||
74 | struct sockaddr_in ping_sockaddr; | ||
75 | +#ifdef HAVE_IPV6 | ||
76 | struct sockaddr_in6 ping_sockaddr6; | ||
77 | +#endif | ||
78 | }; | ||
79 | |||
80 | typedef struct ping_data PING; | ||
81 | -- | ||
82 | 2.8.3 | ||
83 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch deleted file mode 100644 index 3da4e9f55a..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mike Frysinger <vapier at gentoo.org> | ||
3 | Date: Thu, 18 Nov 2010 16:59:14 -0500 | ||
4 | Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__ | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Mike Frysinger <vapier at gentoo.org> | ||
9 | --- | ||
10 | lib/printf-parse.h | 3 +++ | ||
11 | 1 files changed, 3 insertions(+), 0 deletions(-) | ||
12 | |||
13 | diff --git a/lib/printf-parse.h b/lib/printf-parse.h | ||
14 | index 67a4a2a..3bd6152 100644 | ||
15 | --- a/lib/printf-parse.h | ||
16 | +++ b/lib/printf-parse.h | ||
17 | @@ -25,6 +25,9 @@ | ||
18 | |||
19 | #include "printf-args.h" | ||
20 | |||
21 | +#ifdef HAVE_FEATURES_H | ||
22 | +# include <features.h> /* for __GLIBC__ */ | ||
23 | +#endif | ||
24 | |||
25 | /* Flags */ | ||
26 | #define FLAG_GROUP 1 /* ' flag */ | ||
27 | -- | ||
28 | 1.7.3.2 | ||
29 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch deleted file mode 100644 index b13bb9229f..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | --- inetutils-1.8/lib/wchar.in.h | ||
4 | +++ inetutils-1.8/lib/wchar.in.h | ||
5 | @@ -70,6 +70,9 @@ | ||
6 | /* The include_next requires a split double-inclusion guard. */ | ||
7 | #if @HAVE_WCHAR_H@ | ||
8 | # @INCLUDE_NEXT@ @NEXT_WCHAR_H@ | ||
9 | +#else | ||
10 | +# include <stddef.h> | ||
11 | +# define MB_CUR_MAX 1 | ||
12 | #endif | ||
13 | |||
14 | #undef _GL_ALREADY_INCLUDING_WCHAR_H | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch deleted file mode 100644 index 2592989a90..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | inetutils: define PATH_PROCNET_DEV if not already defined | ||
2 | |||
3 | this prevents the following compilation error : | ||
4 | system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function) | ||
5 | |||
6 | this patch comes from : | ||
7 | http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/ | ||
8 | |||
9 | Upstream-Status: Inappropriate [not author] | ||
10 | |||
11 | Signed-of-by: Eric Bénard <eric@eukrea.com> | ||
12 | --- | ||
13 | diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c | ||
14 | --- inetutils-1.9.orig/ifconfig/system/linux.c 2012-01-04 16:31:36.000000000 -0500 | ||
15 | +++ inetutils-1.9/ifconfig/system/linux.c 2012-01-04 16:40:53.000000000 -0500 | ||
16 | @@ -49,6 +49,10 @@ | ||
17 | #include "../ifconfig.h" | ||
18 | |||
19 | |||
20 | +#ifndef PATH_PROCNET_DEV | ||
21 | + #define PATH_PROCNET_DEV "/proc/net/dev" | ||
22 | +#endif | ||
23 | + | ||
24 | /* ARPHRD stuff. */ | ||
25 | |||
26 | static void | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch deleted file mode 100644 index ff3abd86aa..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | Only check security/pam_appl.h which is provided by package libpam when pam is | ||
2 | enabled. | ||
3 | |||
4 | Upstream-Status: Pending | ||
5 | |||
6 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
7 | --- | ||
8 | diff --git a/configure.ac b/configure.ac | ||
9 | index b35e672..e78a751 100644 | ||
10 | --- a/configure.ac | ||
11 | +++ b/configure.ac | ||
12 | @@ -195,6 +195,19 @@ fi | ||
13 | |||
14 | # See if we have libpam.a. Investigate PAM versus Linux-PAM. | ||
15 | if test "$with_pam" = yes ; then | ||
16 | + AC_CHECK_HEADERS([security/pam_appl.h], [], [], [ | ||
17 | +#include <sys/types.h> | ||
18 | +#ifdef HAVE_NETINET_IN_SYSTM_H | ||
19 | +# include <netinet/in_systm.h> | ||
20 | +#endif | ||
21 | +#include <netinet/in.h> | ||
22 | +#ifdef HAVE_NETINET_IP_H | ||
23 | +# include <netinet/ip.h> | ||
24 | +#endif | ||
25 | +#ifdef HAVE_SYS_PARAM_H | ||
26 | +# include <sys/param.h> | ||
27 | +#endif | ||
28 | +]) | ||
29 | AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) | ||
30 | AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam) | ||
31 | if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then | ||
32 | @@ -587,7 +600,7 @@ AC_HEADER_DIRENT | ||
33 | AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \ | ||
34 | glob.h memory.h netinet/ether.h netinet/in_systm.h \ | ||
35 | netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \ | ||
36 | - security/pam_appl.h shadow.h \ | ||
37 | + shadow.h \ | ||
38 | stdarg.h stdlib.h string.h stropts.h sys/tty.h \ | ||
39 | sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \ | ||
40 | sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \ | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch deleted file mode 100644 index 532a0e5c08..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/version.patch +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | remove m4_esyscmd function | ||
4 | |||
5 | Signed-off-by: Chunrong Guo <b40290@freescale.com> | ||
6 | --- inetutils-1.9.1/configure.ac 2012-01-06 22:05:05.000000000 +0800 | ||
7 | +++ inetutils-1.9.1/configure.ac 2012-11-12 14:01:11.732957019 +0800 | ||
8 | @@ -20,8 +20,7 @@ | ||
9 | |||
10 | AC_PREREQ(2.59) | ||
11 | |||
12 | -AC_INIT([GNU inetutils], | ||
13 | - m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']), | ||
14 | +AC_INIT([GNU inetutils],[1.9.4], | ||
15 | [bug-inetutils@gnu.org]) | ||
16 | |||
17 | AC_CONFIG_SRCDIR([src/inetd.c]) | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb index 09a196ad9d..0f1a0736bd 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb | |||
@@ -1,3 +1,4 @@ | |||
1 | SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers." | ||
1 | DESCRIPTION = "The GNU inetutils are a collection of common \ | 2 | DESCRIPTION = "The GNU inetutils are a collection of common \ |
2 | networking utilities and servers including ftp, ftpd, rcp, \ | 3 | networking utilities and servers including ftp, ftpd, rcp, \ |
3 | rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ | 4 | rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ |
@@ -6,35 +7,23 @@ HOMEPAGE = "http://www.gnu.org/software/inetutils" | |||
6 | SECTION = "net" | 7 | SECTION = "net" |
7 | DEPENDS = "ncurses netbase readline virtual/crypt" | 8 | DEPENDS = "ncurses netbase readline virtual/crypt" |
8 | 9 | ||
9 | LICENSE = "GPLv3" | 10 | LICENSE = "GPL-3.0-only" |
10 | 11 | ||
11 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" | 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" |
12 | 13 | ||
13 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \ | 14 | SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" |
14 | file://version.patch \ | 15 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ |
15 | file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ | 16 | file://rexec.xinetd.inetutils \ |
16 | file://inetutils-1.8-0003-wchar.patch \ | ||
17 | file://rexec.xinetd.inetutils \ | ||
18 | file://rlogin.xinetd.inetutils \ | 17 | file://rlogin.xinetd.inetutils \ |
19 | file://rsh.xinetd.inetutils \ | 18 | file://rsh.xinetd.inetutils \ |
20 | file://telnet.xinetd.inetutils \ | 19 | file://telnet.xinetd.inetutils \ |
21 | file://tftpd.xinetd.inetutils \ | 20 | file://tftpd.xinetd.inetutils \ |
22 | file://inetutils-1.9-PATH_PROCNET_DEV.patch \ | 21 | " |
23 | file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ | ||
24 | file://0001-rcp-fix-to-work-with-large-files.patch \ | ||
25 | file://fix-buffer-fortify-tfpt.patch \ | ||
26 | file://0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch \ | ||
27 | " | ||
28 | |||
29 | SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52" | ||
30 | SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616" | ||
31 | 22 | ||
32 | inherit autotools gettext update-alternatives texinfo | 23 | inherit autotools gettext update-alternatives texinfo |
33 | 24 | ||
34 | acpaths = "-I ./m4" | 25 | acpaths = "-I ./m4" |
35 | 26 | ||
36 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}" | ||
37 | |||
38 | PACKAGECONFIG ??= "ftp uucpd \ | 27 | PACKAGECONFIG ??= "ftp uucpd \ |
39 | ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ | 28 | ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ |
40 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ | 29 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ |
@@ -46,24 +35,36 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," | |||
46 | PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," | 35 | PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," |
47 | 36 | ||
48 | EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ | 37 | EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ |
49 | inetutils_cv_path_login=${base_bindir}/login \ | ||
50 | --with-libreadline-prefix=${STAGING_LIBDIR} \ | 38 | --with-libreadline-prefix=${STAGING_LIBDIR} \ |
51 | --enable-rpath=no \ | 39 | --enable-rpath=no \ |
52 | " | 40 | --with-path-login=${base_bindir}/login \ |
41 | --with-path-cp=${base_bindir}/cp \ | ||
42 | --with-path-uucico=${libexecdir}/uuico \ | ||
43 | --with-path-procnet-dev=/proc/net/dev \ | ||
44 | " | ||
45 | |||
46 | EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx" | ||
53 | 47 | ||
54 | # These are horrible for security, disable them | 48 | # These are horrible for security, disable them |
55 | EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \ | 49 | EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ |
56 | --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" | 50 | --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" |
57 | 51 | ||
58 | do_configure_prepend () { | 52 | # The configure script guesses many paths in cross builds, check for this happening |
53 | do_configure_cross_check() { | ||
54 | if grep "may be incorrect because of cross-compilation" ${B}/config.log; then | ||
55 | bberror Default path values used, these must be set explicitly | ||
56 | fi | ||
57 | } | ||
58 | do_configure[postfuncs] += "do_configure_cross_check" | ||
59 | |||
60 | # The --with-path options are not actually options, so this check needs to be silenced | ||
61 | ERROR_QA:remove = "unknown-configure-option" | ||
62 | |||
63 | do_configure:prepend () { | ||
59 | export HELP2MAN='true' | 64 | export HELP2MAN='true' |
60 | cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath | ||
61 | install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} | ||
62 | install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} | ||
63 | rm -f ${S}/glob/configure* | ||
64 | } | 65 | } |
65 | 66 | ||
66 | do_install_append () { | 67 | do_install:append () { |
67 | install -m 0755 -d ${D}${base_sbindir} | 68 | install -m 0755 -d ${D}${base_sbindir} |
68 | install -m 0755 -d ${D}${sbindir} | 69 | install -m 0755 -d ${D}${sbindir} |
69 | install -m 0755 -d ${D}${sysconfdir}/xinetd.d | 70 | install -m 0755 -d ${D}${sysconfdir}/xinetd.d |
@@ -119,34 +120,34 @@ PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" | |||
119 | NOAUTOPACKAGEDEBUG = "1" | 120 | NOAUTOPACKAGEDEBUG = "1" |
120 | 121 | ||
121 | ALTERNATIVE_PRIORITY = "79" | 122 | ALTERNATIVE_PRIORITY = "79" |
122 | ALTERNATIVE_${PN} = "whois dnsdomainname" | 123 | ALTERNATIVE:${PN} = "whois dnsdomainname" |
123 | ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" | 124 | ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" |
124 | ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" | 125 | ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" |
125 | 126 | ||
126 | ALTERNATIVE_PRIORITY_${PN}-logger = "60" | 127 | ALTERNATIVE_PRIORITY_${PN}-logger = "60" |
127 | ALTERNATIVE_${PN}-logger = "logger" | 128 | ALTERNATIVE:${PN}-logger = "logger" |
128 | ALTERNATIVE_${PN}-syslogd = "syslogd" | 129 | ALTERNATIVE:${PN}-syslogd = "syslogd" |
129 | ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" | 130 | ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" |
130 | 131 | ||
131 | ALTERNATIVE_${PN}-ftp = "ftp" | 132 | ALTERNATIVE:${PN}-ftp = "ftp" |
132 | ALTERNATIVE_${PN}-ftpd = "ftpd" | 133 | ALTERNATIVE:${PN}-ftpd = "ftpd" |
133 | ALTERNATIVE_${PN}-tftp = "tftp" | 134 | ALTERNATIVE:${PN}-tftp = "tftp" |
134 | ALTERNATIVE_${PN}-tftpd = "tftpd" | 135 | ALTERNATIVE:${PN}-tftpd = "tftpd" |
135 | ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" | 136 | ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" |
136 | ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" | 137 | ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" |
137 | 138 | ||
138 | ALTERNATIVE_${PN}-telnet = "telnet" | 139 | ALTERNATIVE:${PN}-telnet = "telnet" |
139 | ALTERNATIVE_${PN}-telnetd = "telnetd" | 140 | ALTERNATIVE:${PN}-telnetd = "telnetd" |
140 | ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" | 141 | ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" |
141 | ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" | 142 | ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" |
142 | 143 | ||
143 | ALTERNATIVE_${PN}-inetd= "inetd" | 144 | ALTERNATIVE:${PN}-inetd= "inetd" |
144 | ALTERNATIVE_${PN}-traceroute = "traceroute" | 145 | ALTERNATIVE:${PN}-traceroute = "traceroute" |
145 | 146 | ||
146 | ALTERNATIVE_${PN}-hostname = "hostname" | 147 | ALTERNATIVE:${PN}-hostname = "hostname" |
147 | ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" | 148 | ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" |
148 | 149 | ||
149 | ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ | 150 | ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ |
150 | tftpd.8 tftp.1 telnetd.8" | 151 | tftpd.8 tftp.1 telnetd.8" |
151 | ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" | 152 | ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" |
152 | ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" | 153 | ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" |
@@ -156,62 +157,62 @@ ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" | |||
156 | ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" | 157 | ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" |
157 | ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" | 158 | ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" |
158 | 159 | ||
159 | ALTERNATIVE_${PN}-ifconfig = "ifconfig" | 160 | ALTERNATIVE:${PN}-ifconfig = "ifconfig" |
160 | ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" | 161 | ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" |
161 | 162 | ||
162 | ALTERNATIVE_${PN}-ping = "ping" | 163 | ALTERNATIVE:${PN}-ping = "ping" |
163 | ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" | 164 | ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" |
164 | 165 | ||
165 | ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" | 166 | ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" |
166 | ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" | 167 | ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" |
167 | 168 | ||
168 | 169 | ||
169 | FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" | 170 | FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" |
170 | FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" | 171 | FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" |
171 | FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}" | 172 | FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" |
172 | FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}" | 173 | FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" |
173 | FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" | 174 | FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" |
174 | FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}" | 175 | FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" |
175 | FILES_${PN}-logger = "${bindir}/logger.${BPN}" | 176 | FILES:${PN}-logger = "${bindir}/logger.${BPN}" |
176 | 177 | ||
177 | FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" | 178 | FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" |
178 | RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" | 179 | RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" |
179 | 180 | ||
180 | FILES_${PN}-ftp = "${bindir}/ftp.${BPN}" | 181 | FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" |
181 | 182 | ||
182 | FILES_${PN}-tftp = "${bindir}/tftp.${BPN}" | 183 | FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" |
183 | FILES_${PN}-telnet = "${bindir}/telnet.${BPN}" | 184 | FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" |
184 | 185 | ||
185 | # We make us of RCONFLICTS / RPROVIDES here rather than using the normal | 186 | # We make us of RCONFLICTS / RPROVIDES here rather than using the normal |
186 | # alternatives method as this leads to packaging QA issues when using | 187 | # alternatives method as this leads to packaging QA issues when using |
187 | # musl as that library does not provide what these applications need to | 188 | # musl as that library does not provide what these applications need to |
188 | # build. | 189 | # build. |
189 | FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" | 190 | FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" |
190 | RCONFLICTS_${PN}-rsh += "netkit-rsh-client" | 191 | RCONFLICTS:${PN}-rsh += "netkit-rsh-client" |
191 | RPROVIDES_${PN}-rsh = "rsh" | 192 | RPROVIDES:${PN}-rsh = "rsh" |
192 | 193 | ||
193 | FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ | 194 | FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ |
194 | ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" | 195 | ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" |
195 | FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" | 196 | FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" |
196 | RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers" | 197 | RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" |
197 | RCONFLICTS_${PN}-rshd += "netkit-rshd-server" | 198 | RCONFLICTS:${PN}-rshd += "netkit-rshd-server" |
198 | RPROVIDES_${PN}-rshd = "rshd" | 199 | RPROVIDES:${PN}-rshd = "rshd" |
199 | 200 | ||
200 | FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}" | 201 | FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" |
201 | FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" | 202 | FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" |
202 | RDEPENDS_${PN}-ftpd += "xinetd" | 203 | RDEPENDS:${PN}-ftpd += "xinetd" |
203 | 204 | ||
204 | FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" | 205 | FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" |
205 | FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" | 206 | FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" |
206 | RCONFLICTS_${PN}-tftpd += "netkit-tftpd" | 207 | RCONFLICTS:${PN}-tftpd += "netkit-tftpd" |
207 | RDEPENDS_${PN}-tftpd += "xinetd" | 208 | RDEPENDS:${PN}-tftpd += "xinetd" |
208 | 209 | ||
209 | FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" | 210 | FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" |
210 | FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" | 211 | FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" |
211 | RCONFLICTS_${PN}-telnetd += "netkit-telnet" | 212 | RCONFLICTS:${PN}-telnetd += "netkit-telnet" |
212 | RPROVIDES_${PN}-telnetd = "telnetd" | 213 | RPROVIDES:${PN}-telnetd = "telnetd" |
213 | RDEPENDS_${PN}-telnetd += "xinetd" | 214 | RDEPENDS:${PN}-telnetd += "xinetd" |
214 | 215 | ||
215 | FILES_${PN}-inetd = "${bindir}/inetd.${BPN}" | 216 | FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" |
216 | 217 | ||
217 | RDEPENDS_${PN} = "xinetd" | 218 | RDEPENDS:${PN} = "xinetd" |
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch deleted file mode 100644 index 74e3de1ce9..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001 | ||
2 | From: Baruch Siach <baruch@tkos.co.il> | ||
3 | Date: Thu, 22 Dec 2016 15:26:30 +0200 | ||
4 | Subject: [PATCH] libc-compat.h: add musl workaround | ||
5 | |||
6 | The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and | ||
7 | __USE_MISC) to solve conflicts with libc provided headers. This patch makes | ||
8 | libc-compat.h work for musl libc as well. | ||
9 | |||
10 | Upstream-Status: Pending | ||
11 | |||
12 | Taken From: | ||
13 | https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch | ||
14 | |||
15 | Signed-off-by: Baruch Siach <baruch@tkos.co.il> | ||
16 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
17 | |||
18 | --- | ||
19 | include/uapi/linux/libc-compat.h | 4 +++- | ||
20 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h | ||
23 | index a159991..22198fa 100644 | ||
24 | --- a/include/uapi/linux/libc-compat.h | ||
25 | +++ b/include/uapi/linux/libc-compat.h | ||
26 | @@ -50,10 +50,12 @@ | ||
27 | #define _LIBC_COMPAT_H | ||
28 | |||
29 | /* We have included glibc headers... */ | ||
30 | -#if defined(__GLIBC__) | ||
31 | +#if 1 | ||
32 | +#define __USE_MISC | ||
33 | |||
34 | /* Coordinate with glibc net/if.h header. */ | ||
35 | #if defined(_NET_IF_H) && defined(__USE_MISC) | ||
36 | +#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 | ||
37 | |||
38 | /* GLIBC headers included first so don't define anything | ||
39 | * that would already be defined. */ | ||
diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.10.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.10.0.bb deleted file mode 100644 index 4be9c82474..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2_5.10.0.bb +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | require iproute2.inc | ||
2 | |||
3 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ | ||
4 | file://0001-libc-compat.h-add-musl-workaround.patch \ | ||
5 | " | ||
6 | |||
7 | SRC_URI[sha256sum] = "a54a34ae309c0406b2d1fb3a46158613ffb83d33fefd5d4a27f0010237ac53e9" | ||
8 | |||
9 | # CFLAGS are computed in Makefile and reference CCOPTS | ||
10 | # | ||
11 | EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'" | ||
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb index 6a5dafaa35..68f7611943 100644 --- a/meta/recipes-connectivity/iproute2/iproute2.inc +++ b/meta/recipes-connectivity/iproute2/iproute2_6.8.0.bb | |||
@@ -5,33 +5,41 @@ and tc are the most important. ip controls IPv4 and IPv6 \ | |||
5 | configuration and tc stands for traffic control." | 5 | configuration and tc stands for traffic control." |
6 | HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" | 6 | HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" |
7 | SECTION = "base" | 7 | SECTION = "base" |
8 | LICENSE = "GPLv2+" | 8 | LICENSE = "GPL-2.0-or-later" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ |
10 | file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817" | 10 | " |
11 | 11 | ||
12 | DEPENDS = "flex-native bison-native iptables libcap" | 12 | DEPENDS = "flex-native bison-native iptables libcap" |
13 | 13 | ||
14 | inherit update-alternatives bash-completion pkgconfig | 14 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz" |
15 | |||
16 | SRC_URI[sha256sum] = "03a6cca3d71a908d1f15f7b495be2b8fe851f941458dc4664900d7f45fcf68ce" | ||
15 | 17 | ||
16 | CLEANBROKEN = "1" | 18 | inherit update-alternatives bash-completion pkgconfig |
17 | 19 | ||
18 | PACKAGECONFIG ??= "tipc elf devlink" | 20 | PACKAGECONFIG ??= "tipc elf devlink" |
19 | PACKAGECONFIG[tipc] = ",,libmnl," | 21 | PACKAGECONFIG[tipc] = ",,libmnl," |
20 | PACKAGECONFIG[elf] = ",,elfutils," | 22 | PACKAGECONFIG[elf] = ",,elfutils," |
21 | PACKAGECONFIG[devlink] = ",,libmnl," | 23 | PACKAGECONFIG[devlink] = ",,libmnl," |
24 | PACKAGECONFIG[rdma] = ",,libmnl," | ||
25 | PACKAGECONFIG[selinux] = ",,libselinux" | ||
22 | 26 | ||
23 | IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}" | 27 | IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" |
24 | 28 | ||
29 | # CFLAGS are computed in Makefile and reference CCOPTS | ||
30 | # | ||
25 | EXTRA_OEMAKE = "\ | 31 | EXTRA_OEMAKE = "\ |
26 | CC='${CC}' \ | 32 | CC='${CC}' \ |
27 | KERNEL_INCLUDE=${STAGING_INCDIR} \ | 33 | KERNEL_INCLUDE=${STAGING_INCDIR} \ |
28 | DOCDIR=${docdir}/iproute2 \ | 34 | DOCDIR=${docdir}/iproute2 \ |
29 | SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ | 35 | SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ |
30 | SBINDIR='${base_sbindir}' \ | 36 | SBINDIR='${base_sbindir}' \ |
37 | CONF_USR_DIR='${libdir}/iproute2' \ | ||
31 | LIBDIR='${libdir}' \ | 38 | LIBDIR='${libdir}' \ |
39 | CCOPTS='${CFLAGS}' \ | ||
32 | " | 40 | " |
33 | 41 | ||
34 | do_configure_append () { | 42 | do_configure:append () { |
35 | sh configure ${STAGING_INCDIR} | 43 | sh configure ${STAGING_INCDIR} |
36 | # Explicitly disable ATM support | 44 | # Explicitly disable ATM support |
37 | sed -i -e '/TC_CONFIG_ATM/d' config.mk | 45 | sed -i -e '/TC_CONFIG_ATM/d' config.mk |
@@ -43,46 +51,57 @@ do_install () { | |||
43 | install -d ${D}${datadir} | 51 | install -d ${D}${datadir} |
44 | mv ${D}/share/* ${D}${datadir}/ || true | 52 | mv ${D}/share/* ${D}${datadir}/ || true |
45 | rm ${D}/share -rf || true | 53 | rm ${D}/share -rf || true |
54 | |||
55 | # Remove support fot ipt and xt in tc. So tc library directory is not needed. | ||
56 | rm ${D}${libdir}/tc -rf | ||
46 | } | 57 | } |
47 | 58 | ||
48 | # The .so files in iproute2-tc are modules, not traditional libraries | 59 | # The .so files in iproute2-tc are modules, not traditional libraries |
49 | INSANE_SKIP_${PN}-tc = "dev-so" | 60 | INSANE_SKIP:${PN}-tc = "dev-so" |
50 | 61 | ||
51 | IPROUTE2_PACKAGES =+ "\ | 62 | IPROUTE2_PACKAGES =+ "\ |
63 | ${PN}-bridge \ | ||
52 | ${PN}-devlink \ | 64 | ${PN}-devlink \ |
53 | ${PN}-genl \ | 65 | ${PN}-genl \ |
54 | ${PN}-ifstat \ | 66 | ${PN}-ifstat \ |
55 | ${PN}-ip \ | 67 | ${PN}-ip \ |
56 | ${PN}-lnstat \ | 68 | ${PN}-lnstat \ |
57 | ${PN}-nstat \ | 69 | ${PN}-nstat \ |
70 | ${PN}-routel \ | ||
58 | ${PN}-rtacct \ | 71 | ${PN}-rtacct \ |
59 | ${PN}-ss \ | 72 | ${PN}-ss \ |
60 | ${PN}-tc \ | 73 | ${PN}-tc \ |
61 | ${PN}-tipc \ | 74 | ${PN}-tipc \ |
75 | ${PN}-rdma \ | ||
62 | " | 76 | " |
63 | 77 | ||
64 | PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" | 78 | PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" |
65 | RDEPENDS_${PN} += "${PN}-ip" | 79 | RDEPENDS:${PN} += "${PN}-ip" |
66 | 80 | ||
67 | FILES_${PN}-tc = "${base_sbindir}/tc* \ | 81 | FILES:${PN}-tc = "${base_sbindir}/tc* \ |
68 | ${libdir}/tc/*.so" | 82 | ${libdir}/tc/*.so" |
69 | FILES_${PN}-lnstat = "${base_sbindir}/lnstat \ | 83 | FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ |
70 | ${base_sbindir}/ctstat \ | 84 | ${base_sbindir}/ctstat \ |
71 | ${base_sbindir}/rtstat" | 85 | ${base_sbindir}/rtstat" |
72 | FILES_${PN}-ifstat = "${base_sbindir}/ifstat" | 86 | FILES:${PN}-ifstat = "${base_sbindir}/ifstat" |
73 | FILES_${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2" | 87 | FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2" |
74 | FILES_${PN}-genl = "${base_sbindir}/genl" | 88 | FILES:${PN}-genl = "${base_sbindir}/genl" |
75 | FILES_${PN}-rtacct = "${base_sbindir}/rtacct" | 89 | FILES:${PN}-rtacct = "${base_sbindir}/rtacct" |
76 | FILES_${PN}-nstat = "${base_sbindir}/nstat" | 90 | FILES:${PN}-nstat = "${base_sbindir}/nstat" |
77 | FILES_${PN}-ss = "${base_sbindir}/ss" | 91 | FILES:${PN}-ss = "${base_sbindir}/ss" |
78 | FILES_${PN}-tipc = "${base_sbindir}/tipc" | 92 | FILES:${PN}-tipc = "${base_sbindir}/tipc" |
79 | FILES_${PN}-devlink = "${base_sbindir}/devlink" | 93 | FILES:${PN}-devlink = "${base_sbindir}/devlink" |
80 | 94 | FILES:${PN}-rdma = "${base_sbindir}/rdma" | |
81 | ALTERNATIVE_${PN}-ip = "ip" | 95 | FILES:${PN}-routel = "${base_sbindir}/routel" |
96 | FILES:${PN}-bridge = "${base_sbindir}/bridge" | ||
97 | |||
98 | RDEPENDS:${PN}-routel = "python3-core" | ||
99 | |||
100 | ALTERNATIVE:${PN}-ip = "ip" | ||
82 | ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" | 101 | ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" |
83 | ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" | 102 | ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" |
84 | ALTERNATIVE_PRIORITY = "100" | 103 | ALTERNATIVE_PRIORITY = "100" |
85 | 104 | ||
86 | ALTERNATIVE_${PN}-tc = "tc" | 105 | ALTERNATIVE:${PN}-tc = "tc" |
87 | ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" | 106 | ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" |
88 | ALTERNATIVE_PRIORITY_${PN}-tc = "100" | 107 | ALTERNATIVE_PRIORITY_${PN}-tc = "100" |
diff --git a/meta/recipes-connectivity/iw/iw_5.9.bb b/meta/recipes-connectivity/iw/iw_6.7.bb index 3d1e1c7e79..b46b54bc93 100644 --- a/meta/recipes-connectivity/iw/iw_5.9.bb +++ b/meta/recipes-connectivity/iw/iw_6.7.bb | |||
@@ -14,7 +14,7 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ | |||
14 | file://separate-objdir.patch \ | 14 | file://separate-objdir.patch \ |
15 | " | 15 | " |
16 | 16 | ||
17 | SRC_URI[sha256sum] = "6e7d3c9f8b4ee68e412f20fe229c9854c2dba383e3e650ce6af8eb8dbd12efc3" | 17 | SRC_URI[sha256sum] = "b3ef3fa85fa1177b11d3e97d6d38cdfe10ee250ca31482b581f3bd0fc79cb015" |
18 | 18 | ||
19 | inherit pkgconfig | 19 | inherit pkgconfig |
20 | 20 | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch deleted file mode 100644 index ab3fd83946..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 639dc25cdabc9d1846000a542c8cc19158b69994 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mingli Yu <mingli.yu@windriver.com> | ||
3 | Date: Fri, 18 Sep 2020 08:18:08 +0000 | ||
4 | Subject: [PATCH] keactrl.in: create /var/lib/kea and /var/run/kea folder | ||
5 | |||
6 | Create /var/lib/kea and /var/run/kea folder to fix below error: | ||
7 | # keactrl start | ||
8 | INFO/keactrl: Starting /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf | ||
9 | INFO/keactrl: Starting /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf | ||
10 | INFO/keactrl: Starting /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf | ||
11 | Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile | ||
12 | Service failed: Launch failed: Unable to open PID file '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write | ||
13 | [snip] | ||
14 | ERROR [kea-dhcp4.dhcp4/615.140641792751488] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv' | ||
15 | [snip] | ||
16 | |||
17 | Upstream-Status: Inappropriate [config specific] | ||
18 | |||
19 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
20 | --- | ||
21 | src/bin/keactrl/keactrl.in | 2 ++ | ||
22 | 1 file changed, 2 insertions(+) | ||
23 | |||
24 | diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in | ||
25 | index 12b2b3f..47cf6f9 100644 | ||
26 | --- a/src/bin/keactrl/keactrl.in | ||
27 | +++ b/src/bin/keactrl/keactrl.in | ||
28 | @@ -482,6 +482,8 @@ case ${command} in | ||
29 | # The variables (dhcp4_srv, dhcp6_serv, dhcp_ddns_srv etc) are set in the | ||
30 | # keactrl.conf file that shellcheck is unable to read. | ||
31 | # shellcheck disable=SC2154 | ||
32 | + [ -d @LOCALSTATEDIR@/run/kea ] || mkdir -p @LOCALSTATEDIR@/run/kea | ||
33 | + [ -d @LOCALSTATEDIR@/lib/kea ] || mkdir -p @LOCALSTATEDIR@/lib/kea | ||
34 | run_conditional "dhcp4" "start_server ${dhcp4_srv} -c ${kea_dhcp4_config_file} ${args}" 1 | ||
35 | run_conditional "dhcp6" "start_server ${dhcp6_srv} -c ${kea_dhcp6_config_file} ${args}" 1 | ||
36 | # shellcheck disable=SC2154 | ||
37 | -- | ||
38 | 2.26.2 | ||
39 | |||
diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch index 226bc5b311..94fbd12737 100644 --- a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch +++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9985a03f13da4d7bb0a433f7305d2ffae3d82a27 Mon Sep 17 00:00:00 2001 | 1 | From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 |
2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> |
3 | Date: Tue, 10 Nov 2020 15:57:03 +0000 | 3 | Date: Tue, 10 Nov 2020 15:57:03 +0000 |
4 | Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build | 4 | Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build |
@@ -8,12 +8,13 @@ This breaks reproducibility and is needed only in unit testing. | |||
8 | 8 | ||
9 | Upstream-Status: Inappropriate [oe-core specific] | 9 | Upstream-Status: Inappropriate [oe-core specific] |
10 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | 10 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> |
11 | |||
11 | --- | 12 | --- |
12 | src/lib/log/logger_unittest_support.cc | 2 +- | 13 | src/lib/log/logger_unittest_support.cc | 2 +- |
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | 14 | 1 file changed, 1 insertion(+), 1 deletion(-) |
14 | 15 | ||
15 | diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc | 16 | diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc |
16 | index 58dbef8..9a2929c 100644 | 17 | index fc01c6e..f46d17e 100644 |
17 | --- a/src/lib/log/logger_unittest_support.cc | 18 | --- a/src/lib/log/logger_unittest_support.cc |
18 | +++ b/src/lib/log/logger_unittest_support.cc | 19 | +++ b/src/lib/log/logger_unittest_support.cc |
19 | @@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { | 20 | @@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) { |
@@ -24,4 +25,4 @@ index 58dbef8..9a2929c 100644 | |||
24 | + //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); | 25 | + //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); |
25 | 26 | ||
26 | // Initialize logging | 27 | // Initialize logging |
27 | initLogger(root, isc::log::DEBUG, isc::log::MAX_DEBUG_LEVEL, localfile); | 28 | initLogger(root, severity, dbglevel, localfile); |
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch index 733adf5536..5b135b3aee 100644 --- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch | |||
@@ -1,4 +1,7 @@ | |||
1 | There are conflict of config files between kea and lib32-kea: | 1 | From 06ebd1b2ced426c420ed162980eca194f9f918ae Mon Sep 17 00:00:00 2001 |
2 | From: Kai Kang <kai.kang@windriver.com> | ||
3 | Date: Tue, 22 Sep 2020 15:02:33 +0800 | ||
4 | Subject: [PATCH] There are conflict of config files between kea and lib32-kea: | ||
2 | 5 | ||
3 | | Error: Transaction test error: | 6 | | Error: Transaction test error: |
4 | | file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of | 7 | | file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of |
@@ -9,17 +12,19 @@ There are conflict of config files between kea and lib32-kea: | |||
9 | Because they are all commented out, replace the expanded libdir path with | 12 | Because they are all commented out, replace the expanded libdir path with |
10 | '$libdir' in the config files to avoid conflict. | 13 | '$libdir' in the config files to avoid conflict. |
11 | 14 | ||
15 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] | ||
12 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 16 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
17 | |||
13 | --- | 18 | --- |
14 | src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- | 19 | src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- |
15 | src/bin/keactrl/kea-dhcp4.conf.pre | 6 ++++-- | 20 | src/bin/keactrl/kea-dhcp4.conf.pre | 4 ++-- |
16 | 2 files changed, 6 insertions(+), 3 deletions(-) | 21 | 2 files changed, 4 insertions(+), 3 deletions(-) |
17 | 22 | ||
18 | diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre | 23 | diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre |
19 | index 211b7ff..d710ec7 100644 | 24 | index e6ae8b8..50a3092 100644 |
20 | --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre | 25 | --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre |
21 | +++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre | 26 | +++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre |
22 | @@ -45,7 +45,8 @@ | 27 | @@ -51,7 +51,8 @@ |
23 | // Agent will fail to start. | 28 | // Agent will fail to start. |
24 | "hooks-libraries": [ | 29 | "hooks-libraries": [ |
25 | // { | 30 | // { |
@@ -30,26 +35,24 @@ index 211b7ff..d710ec7 100644 | |||
30 | // "param1": "foo" | 35 | // "param1": "foo" |
31 | // } | 36 | // } |
32 | diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre | 37 | diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre |
33 | index 5f77a32..70ae3d9 100644 | 38 | index 6edb8a1..b2a7385 100644 |
34 | --- a/src/bin/keactrl/kea-dhcp4.conf.pre | 39 | --- a/src/bin/keactrl/kea-dhcp4.conf.pre |
35 | +++ b/src/bin/keactrl/kea-dhcp4.conf.pre | 40 | +++ b/src/bin/keactrl/kea-dhcp4.conf.pre |
36 | @@ -252,7 +252,8 @@ | 41 | @@ -255,7 +255,7 @@ |
37 | // // of all devices serviced by Kea, including their identifiers | 42 | // // of all devices serviced by Kea, including their identifiers |
38 | // // (like MAC address), their location in the network, times | 43 | // // (like MAC address), their location in the network, times |
39 | // // when they were active etc. | 44 | // // when they were active etc. |
40 | - // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so" | 45 | - // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", |
41 | + // // Replace $libdir with real library path /usr/lib or /usr/lib64 | 46 | + // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", |
42 | + // "library": "$libdir/kea/hooks/libdhcp_legal_log.so" | 47 | // "parameters": { |
43 | // "parameters": { | 48 | // "path": "/var/lib/kea", |
44 | // "path": "/var/lib/kea", | 49 | // "base-name": "kea-forensic4" |
45 | // "base-name": "kea-forensic4" | 50 | @@ -272,7 +272,7 @@ |
46 | @@ -269,7 +270,8 @@ | 51 | // // of specific options or perhaps even a combination of several |
47 | // // of specific options or perhaps even a combination of several | 52 | // // options and fields to uniquely identify a client. Those scenarios |
48 | // // options and fields to uniquely identify a client. Those scenarios | 53 | // // are addressed by the Flexible Identifiers hook application. |
49 | // // are addressed by the Flexible Identifiers hook application. | 54 | - // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", |
50 | - // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", | 55 | + // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", |
51 | + // // Replace $libdir with real library path /usr/lib or /usr/lib64 | 56 | // "parameters": { |
52 | + // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", | 57 | // "identifier-expression": "relay4[2].hex" |
53 | // "parameters": { | 58 | // } |
54 | // "identifier-expression": "substring(relay6[0].option[18],0,8)" | ||
55 | // } | ||
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch index eeeb89942b..63a6a2805b 100644 --- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch | |||
@@ -1,22 +1,29 @@ | |||
1 | Busybox does not support ps -p so use pgrep | 1 | From c878a356712606549f7f188b62f7d1cae08a176e Mon Sep 17 00:00:00 2001 |
2 | From: Armin kuster <akuster808@gmail.com> | ||
3 | Date: Wed, 14 Oct 2020 22:48:31 -0700 | ||
4 | Subject: [PATCH] Busybox does not support ps -p so use pgrep | ||
2 | 5 | ||
3 | Upstream-Status: Inappropriate [embedded specific] | 6 | Upstream-Status: Inappropriate [embedded specific] |
4 | Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> | 7 | Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> |
5 | 8 | ||
6 | Signed-off-by: Armin kuster <akuster808@gmail.com> | 9 | Signed-off-by: Armin kuster <akuster808@gmail.com> |
7 | 10 | ||
8 | Index: kea-1.7.10/src/bin/keactrl/keactrl.in | 11 | --- |
9 | =================================================================== | 12 | src/bin/keactrl/keactrl.in | 4 ++-- |
10 | --- kea-1.7.10.orig/src/bin/keactrl/keactrl.in | 13 | 1 file changed, 2 insertions(+), 2 deletions(-) |
11 | +++ kea-1.7.10/src/bin/keactrl/keactrl.in | 14 | |
12 | @@ -137,8 +137,8 @@ check_running() { | 15 | diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in |
16 | index 450e997..c353ca9 100644 | ||
17 | --- a/src/bin/keactrl/keactrl.in | ||
18 | +++ b/src/bin/keactrl/keactrl.in | ||
19 | @@ -149,8 +149,8 @@ check_running() { | ||
13 | # Get the PID from the PID file (if it exists) | 20 | # Get the PID from the PID file (if it exists) |
14 | get_pid_from_file "${proc_name}" | 21 | get_pid_from_file "${proc_name}" |
15 | if [ ${_pid} -gt 0 ]; then | 22 | if [ ${_pid} -gt 0 ]; then |
16 | - # Use ps to check if PID is alive | 23 | - # Use ps to check if PID is alive |
17 | - ps -p ${_pid} 1>/dev/null | 24 | - if ps -p ${_pid} 1>/dev/null; then |
18 | + # Use pgrep and grep to check if PID is alive | 25 | + # Use pgrep and grep to check if PID is alive |
19 | + pgrep -v 1 | grep ${_pid} 1>/dev/null | 26 | + if pgrep -v 1 | grep ${_pid} 1>/dev/null; then |
20 | retcode=$? | ||
21 | if [ $retcode -eq 0 ]; then | ||
22 | # No error, so PID IS ALIVE | 27 | # No error, so PID IS ALIVE |
28 | _running=1 | ||
29 | fi | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service index 91aa2eb14f..f6059d73cb 100644 --- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service +++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service | |||
@@ -6,7 +6,6 @@ After=time-sync.target | |||
6 | 6 | ||
7 | [Service] | 7 | [Service] |
8 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ | 8 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ |
9 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea | ||
10 | ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf | 9 | ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf |
11 | 10 | ||
12 | [Install] | 11 | [Install] |
diff --git a/meta/recipes-connectivity/kea/kea_1.8.2.bb b/meta/recipes-connectivity/kea/kea_2.4.1.bb index 3dc4f6af70..9f8758f379 100644 --- a/meta/recipes-connectivity/kea/kea_1.8.2.bb +++ b/meta/recipes-connectivity/kea/kea_2.4.1.bb | |||
@@ -2,13 +2,12 @@ SUMMARY = "ISC Kea DHCP Server" | |||
2 | DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." | 2 | DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." |
3 | HOMEPAGE = "http://kea.isc.org" | 3 | HOMEPAGE = "http://kea.isc.org" |
4 | SECTION = "connectivity" | 4 | SECTION = "connectivity" |
5 | LICENSE = "MPL-2.0 & Apache-2.0" | 5 | LICENSE = "MPL-2.0" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=ea061fa0188838072c4248c1318ec131" |
7 | 7 | ||
8 | DEPENDS = "boost log4cplus openssl" | 8 | DEPENDS = "boost log4cplus openssl" |
9 | 9 | ||
10 | SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ | 10 | SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ |
11 | file://0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch \ | ||
12 | file://kea-dhcp4.service \ | 11 | file://kea-dhcp4.service \ |
13 | file://kea-dhcp6.service \ | 12 | file://kea-dhcp6.service \ |
14 | file://kea-dhcp-ddns.service \ | 13 | file://kea-dhcp-ddns.service \ |
@@ -19,43 +18,43 @@ SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \ | |||
19 | file://fix_pid_keactrl.patch \ | 18 | file://fix_pid_keactrl.patch \ |
20 | file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ | 19 | file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ |
21 | " | 20 | " |
22 | SRC_URI[sha256sum] = "486ca7abedb9d6fdf8e4344ad8688d1171f2ef0f5506d118988aadeae80a1d39" | 21 | SRC_URI[sha256sum] = "815c61f5c271caa4a1db31dd656eb50a7f6ea973da3690f7c8581408e180131a" |
23 | 22 | ||
24 | inherit autotools systemd update-rc.d upstream-version-is-even | 23 | inherit autotools systemd update-rc.d upstream-version-is-even |
25 | 24 | ||
26 | INITSCRIPT_NAME = "kea-dhcp4-server" | 25 | INITSCRIPT_NAME = "kea-dhcp4-server" |
27 | INITSCRIPT_PARAMS = "defaults 30" | 26 | INITSCRIPT_PARAMS = "defaults 30" |
28 | 27 | ||
29 | SYSTEMD_SERVICE_${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" | 28 | SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" |
30 | SYSTEMD_AUTO_ENABLE = "disable" | 29 | SYSTEMD_AUTO_ENABLE = "disable" |
31 | 30 | ||
32 | DEBUG_OPTIMIZATION_remove_mips = " -Og" | 31 | DEBUG_OPTIMIZATION:remove:mips = " -Og" |
33 | DEBUG_OPTIMIZATION_append_mips = " -O" | 32 | DEBUG_OPTIMIZATION:append:mips = " -O" |
34 | BUILD_OPTIMIZATION_remove_mips = " -Og" | 33 | BUILD_OPTIMIZATION:remove:mips = " -Og" |
35 | BUILD_OPTIMIZATION_append_mips = " -O" | 34 | BUILD_OPTIMIZATION:append:mips = " -O" |
36 | 35 | ||
37 | DEBUG_OPTIMIZATION_remove_mipsel = " -Og" | 36 | DEBUG_OPTIMIZATION:remove:mipsel = " -Og" |
38 | DEBUG_OPTIMIZATION_append_mipsel = " -O" | 37 | DEBUG_OPTIMIZATION:append:mipsel = " -O" |
39 | BUILD_OPTIMIZATION_remove_mipsel = " -Og" | 38 | BUILD_OPTIMIZATION:remove:mipsel = " -Og" |
40 | BUILD_OPTIMIZATION_append_mipsel = " -O" | 39 | BUILD_OPTIMIZATION:append:mipsel = " -O" |
41 | 40 | ||
42 | EXTRA_OECONF = "--with-boost-libs=-lboost_system \ | 41 | EXTRA_OECONF = "--with-boost-libs=-lboost_system \ |
43 | --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ | 42 | --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \ |
44 | --with-openssl=${STAGING_DIR_TARGET}${prefix}" | 43 | --with-openssl=${STAGING_DIR_TARGET}${prefix}" |
45 | 44 | ||
46 | do_configure_prepend() { | 45 | do_configure:prepend() { |
47 | # replace abs_top_builddir to avoid introducing the build path | 46 | # replace abs_top_builddir to avoid introducing the build path |
48 | # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target | 47 | # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target |
49 | find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" | 48 | find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" |
50 | sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in | 49 | sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in |
51 | } | 50 | } |
52 | 51 | ||
53 | # patch out build host paths for reproducibility | 52 | # patch out build host paths for reproducibility |
54 | do_compile_prepend_class-target() { | 53 | do_compile:prepend:class-target() { |
55 | sed -i -e "s,${WORKDIR},,g" ${B}/config.report | 54 | sed -i -e "s,${WORKDIR},,g" ${B}/config.report |
56 | } | 55 | } |
57 | 56 | ||
58 | do_install_append() { | 57 | do_install:append() { |
59 | install -d ${D}${sysconfdir}/init.d | 58 | install -d ${D}${sysconfdir}/init.d |
60 | install -d ${D}${systemd_system_unitdir} | 59 | install -d ${D}${systemd_system_unitdir} |
61 | 60 | ||
@@ -66,13 +65,13 @@ do_install_append() { | |||
66 | ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl | 65 | ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl |
67 | } | 66 | } |
68 | 67 | ||
69 | do_install_append() { | 68 | do_install:append() { |
70 | rm -rf "${D}${localstatedir}" | 69 | rm -rf "${D}${localstatedir}" |
71 | } | 70 | } |
72 | 71 | ||
73 | CONFFILES_${PN} = "${sysconfdir}/kea/keactrl.conf" | 72 | CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" |
74 | 73 | ||
75 | FILES_${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" | 74 | FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" |
76 | FILES_${PN} += "${libdir}/hooks/*.so" | 75 | FILES:${PN} += "${libdir}/hooks/*.so" |
77 | 76 | ||
78 | PARALLEL_MAKEINST = "" | 77 | PARALLEL_MAKEINST = "" |
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb index 5e4460045b..0db609fc47 100644 --- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb +++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb | |||
@@ -1,28 +1,29 @@ | |||
1 | SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" | 1 | SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" |
2 | HOMEPAGE = "https://github.com/lathiat/nss-mdns" | 2 | HOMEPAGE = "https://github.com/lathiat/nss-mdns" |
3 | DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." | ||
3 | SECTION = "libs" | 4 | SECTION = "libs" |
4 | 5 | ||
5 | LICENSE = "LGPLv2.1+" | 6 | LICENSE = "LGPL-2.1-or-later" |
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" |
7 | 8 | ||
8 | DEPENDS = "avahi" | 9 | DEPENDS = "avahi" |
9 | 10 | ||
10 | SRC_URI = "git://github.com/lathiat/nss-mdns \ | 11 | SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ |
11 | " | 12 | " |
12 | 13 | ||
13 | SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae" | 14 | SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" |
14 | 15 | ||
15 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |
16 | 17 | ||
17 | inherit autotools pkgconfig | 18 | inherit autotools pkgconfig |
18 | 19 | ||
19 | COMPATIBLE_HOST_libc-musl = 'null' | 20 | COMPATIBLE_HOST:libc-musl = 'null' |
20 | 21 | ||
21 | EXTRA_OECONF = "--libdir=${base_libdir}" | 22 | EXTRA_OECONF = "--libdir=${base_libdir}" |
22 | 23 | ||
23 | RDEPENDS_${PN} = "avahi-daemon" | 24 | RDEPENDS:${PN} = "avahi-daemon" |
24 | 25 | ||
25 | pkg_postinst_${PN} () { | 26 | pkg_postinst:${PN} () { |
26 | sed ' | 27 | sed ' |
27 | /^hosts:/ !b | 28 | /^hosts:/ !b |
28 | /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b | 29 | /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b |
@@ -30,7 +31,7 @@ pkg_postinst_${PN} () { | |||
30 | ' -i $D${sysconfdir}/nsswitch.conf | 31 | ' -i $D${sysconfdir}/nsswitch.conf |
31 | } | 32 | } |
32 | 33 | ||
33 | pkg_prerm_${PN} () { | 34 | pkg_prerm:${PN} () { |
34 | sed ' | 35 | sed ' |
35 | /^hosts:/ !b | 36 | /^hosts:/ !b |
36 | s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g | 37 | s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g |
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb index 967eabcc13..166654e280 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb | |||
@@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ | |||
10 | file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" | 10 | file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" |
11 | DEPENDS = "flex-native bison-native" | 11 | DEPENDS = "flex-native bison-native" |
12 | 12 | ||
13 | SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ | 13 | SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" |
14 | " | 14 | SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" |
15 | SRC_URI[md5sum] = "8c12dc19dd7e0d02d2bb6596eb5a71c7" | ||
16 | SRC_URI[sha256sum] = "8d12b42623eeefee872f123bd0dc85d535b00df4d42e865f993c40f7bfc92b1e" | ||
17 | 15 | ||
18 | inherit autotools binconfig-disabled pkgconfig | 16 | inherit autotools binconfig-disabled pkgconfig |
19 | 17 | ||
@@ -21,10 +19,11 @@ BINCONFIG = "${bindir}/pcap-config" | |||
21 | 19 | ||
22 | # Explicitly disable dag support. We don't have recipe for it and if enabled here, | 20 | # Explicitly disable dag support. We don't have recipe for it and if enabled here, |
23 | # configure script poisons the include dirs with /usr/local/include even when the | 21 | # configure script poisons the include dirs with /usr/local/include even when the |
24 | # support hasn't been detected. | 22 | # support hasn't been detected. Do the same thing for DPDK. |
25 | EXTRA_OECONF = " \ | 23 | EXTRA_OECONF = " \ |
26 | --with-pcap=linux \ | 24 | --with-pcap=linux \ |
27 | --without-dag \ | 25 | --without-dag \ |
26 | --without-dpdk \ | ||
28 | " | 27 | " |
29 | EXTRA_AUTORECONF += "--exclude=aclocal" | 28 | EXTRA_AUTORECONF += "--exclude=aclocal" |
30 | 29 | ||
@@ -36,9 +35,9 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" | |||
36 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | 35 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
37 | PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" | 36 | PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" |
38 | 37 | ||
39 | do_configure_prepend () { | 38 | do_configure:prepend () { |
40 | #remove hardcoded references to /usr/include | 39 | #remove hardcoded references to /usr/include |
41 | sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac | 40 | sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac |
42 | } | 41 | } |
43 | 42 | ||
44 | BBCLASSEXTEND = "native" | 43 | BBCLASSEXTEND = "native nativesdk" |
diff --git a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb b/meta/recipes-connectivity/libuv/libuv_1.40.0.bb deleted file mode 100644 index f793db09be..0000000000 --- a/meta/recipes-connectivity/libuv/libuv_1.40.0.bb +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" | ||
2 | HOMEPAGE = "https://github.com/libuv/libuv" | ||
3 | BUGTRACKER = "https://github.com/libuv/libuv/issues" | ||
4 | LICENSE = "MIT" | ||
5 | LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" | ||
6 | |||
7 | SRCREV = "4e69e333252693bd82d6338d6124f0416538dbfc" | ||
8 | SRC_URI = "git://github.com/libuv/libuv;branch=v1.x" | ||
9 | |||
10 | S = "${WORKDIR}/git" | ||
11 | |||
12 | inherit autotools | ||
13 | |||
14 | do_configure() { | ||
15 | ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" | ||
16 | oe_runconf | ||
17 | } | ||
18 | |||
19 | BBCLASSEXTEND = "native" | ||
diff --git a/meta/recipes-connectivity/libuv/libuv_1.48.0.bb b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb new file mode 100644 index 0000000000..87a2c22a7c --- /dev/null +++ b/meta/recipes-connectivity/libuv/libuv_1.48.0.bb | |||
@@ -0,0 +1,22 @@ | |||
1 | SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" | ||
2 | HOMEPAGE = "https://github.com/libuv/libuv" | ||
3 | DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." | ||
4 | BUGTRACKER = "https://github.com/libuv/libuv/issues" | ||
5 | LICENSE = "MIT" | ||
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ | ||
7 | file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" | ||
8 | |||
9 | SRCREV = "e9f29cb984231524e3931aa0ae2c5dae1a32884e" | ||
10 | SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https" | ||
11 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" | ||
12 | |||
13 | S = "${WORKDIR}/git" | ||
14 | |||
15 | inherit autotools | ||
16 | |||
17 | do_configure() { | ||
18 | ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" | ||
19 | oe_runconf | ||
20 | } | ||
21 | |||
22 | BBCLASSEXTEND = "native" | ||
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 7dccc15e03..a4030b7b32 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb | |||
@@ -1,13 +1,15 @@ | |||
1 | SUMMARY = "Mobile Broadband Service Provider Database" | 1 | SUMMARY = "Mobile Broadband Service Provider Database" |
2 | HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" | 2 | HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" |
3 | DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" | ||
3 | SECTION = "network" | 4 | SECTION = "network" |
4 | LICENSE = "PD" | 5 | LICENSE = "PD" |
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" |
6 | SRCREV = "90f3fe28aa25135b7e4a54a7816388913bfd4a2a" | 7 | |
7 | PV = "20201225" | 8 | SRCREV = "aae7c68671d225e6d35224613d5b98192b9b2ffe" |
9 | PV = "20230416" | ||
8 | PE = "1" | 10 | PE = "1" |
9 | 11 | ||
10 | SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https" | 12 | SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" |
11 | S = "${WORKDIR}/git" | 13 | S = "${WORKDIR}/git" |
12 | 14 | ||
13 | inherit autotools | 15 | inherit autotools |
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.19.bb index 7c124a3c0b..a98f436b98 100644 --- a/meta/recipes-connectivity/neard/neard_0.16.bb +++ b/meta/recipes-connectivity/neard/neard_0.19.bb | |||
@@ -1,33 +1,34 @@ | |||
1 | SUMMARY = "Linux NFC daemon" | 1 | SUMMARY = "Linux NFC daemon" |
2 | DESCRIPTION = "A daemon for the Linux Near Field Communication stack" | 2 | DESCRIPTION = "A daemon for the Linux Near Field Communication stack" |
3 | HOMEPAGE = "http://01.org/linux-nfc" | 3 | HOMEPAGE = "http://01.org/linux-nfc" |
4 | LICENSE = "GPLv2" | 4 | LICENSE = "GPL-2.0-only" |
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | ||
6 | file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ | ||
7 | " | ||
5 | 8 | ||
6 | DEPENDS = "dbus glib-2.0 libnl" | 9 | DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" |
7 | 10 | ||
8 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \ | 11 | SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=https;branch=master \ |
9 | file://neard.in \ | 12 | file://neard.in \ |
10 | file://Makefile.am-fix-parallel-issue.patch \ | 13 | file://Makefile.am-fix-parallel-issue.patch \ |
11 | file://Makefile.am-do-not-ship-version.h.patch \ | 14 | file://Makefile.am-do-not-ship-version.h.patch \ |
12 | file://0001-Add-header-dependency-to-nciattach.o.patch \ | 15 | file://0001-Add-header-dependency-to-nciattach.o.patch \ |
13 | " | 16 | " |
14 | SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41" | ||
15 | SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36" | ||
16 | 17 | ||
17 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | 18 | SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7" |
18 | file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ | 19 | |
19 | " | 20 | S = "${WORKDIR}/git" |
20 | 21 | ||
21 | inherit autotools pkgconfig systemd update-rc.d | 22 | inherit autotools pkgconfig systemd update-rc.d |
22 | 23 | ||
23 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" | 24 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" |
24 | 25 | ||
25 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" | 26 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" |
26 | 27 | ||
27 | EXTRA_OECONF += "--enable-tools" | 28 | EXTRA_OECONF += "--enable-tools" |
28 | 29 | ||
29 | # This would copy neard start-stop shell and test scripts | 30 | # This would copy neard start-stop shell and test scripts |
30 | do_install_append() { | 31 | do_install:append() { |
31 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then | 32 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then |
32 | install -d ${D}${sysconfdir}/init.d/ | 33 | install -d ${D}${sysconfdir}/init.d/ |
33 | sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ | 34 | sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \ |
@@ -36,10 +37,10 @@ do_install_append() { | |||
36 | fi | 37 | fi |
37 | } | 38 | } |
38 | 39 | ||
39 | RDEPENDS_${PN} = "dbus" | 40 | RDEPENDS:${PN} = "dbus" |
40 | 41 | ||
41 | # Bluez & Wifi are not mandatory except for handover | 42 | # Bluez & Wifi are not mandatory except for handover |
42 | RRECOMMENDS_${PN} = "\ | 43 | RRECOMMENDS:${PN} = "\ |
43 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ | 44 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ |
44 | ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ | 45 | ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \ |
45 | " | 46 | " |
@@ -47,4 +48,4 @@ RRECOMMENDS_${PN} = "\ | |||
47 | INITSCRIPT_NAME = "neard" | 48 | INITSCRIPT_NAME = "neard" |
48 | INITSCRIPT_PARAMS = "defaults 64" | 49 | INITSCRIPT_PARAMS = "defaults 64" |
49 | 50 | ||
50 | SYSTEMD_SERVICE_${PN} = "neard.service" | 51 | SYSTEMD_SERVICE:${PN} = "neard.service" |
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch index bd350144e3..7603eb680d 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch | |||
@@ -19,7 +19,7 @@ As there is already one source file named file.c | |||
19 | as support/nsm/file.c in support/nsm/Makefile.am, | 19 | as support/nsm/file.c in support/nsm/Makefile.am, |
20 | so rename ../support/misc/file.c to ../support/misc/misc.c. | 20 | so rename ../support/misc/file.c to ../support/misc/misc.c. |
21 | 21 | ||
22 | Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2] | 22 | Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2] |
23 | 23 | ||
24 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> | 24 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> |
25 | 25 | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch new file mode 100644 index 0000000000..351407ddcd --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Mon, 24 Jul 2023 20:39:16 -0700 | ||
4 | Subject: [PATCH] locktest: Makefile.am: Do not use build flags | ||
5 | |||
6 | Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags | ||
7 | when thse flags are speficied different than target flags which | ||
8 | is common when cross-building. It can pass wrong paths to linker | ||
9 | and it would find incompatible libraries during link since they | ||
10 | are from host system and target maybe not same as build host. | ||
11 | |||
12 | Fixes subtle errors like | ||
13 | | aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64 | ||
14 | |||
15 | Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2] | ||
16 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
17 | --- | ||
18 | tools/locktest/Makefile.am | 3 --- | ||
19 | 1 file changed, 3 deletions(-) | ||
20 | |||
21 | diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am | ||
22 | index e8914655..2fd36971 100644 | ||
23 | --- a/tools/locktest/Makefile.am | ||
24 | +++ b/tools/locktest/Makefile.am | ||
25 | @@ -2,8 +2,5 @@ | ||
26 | |||
27 | noinst_PROGRAMS = testlk | ||
28 | testlk_SOURCES = testlk.c | ||
29 | -testlk_CFLAGS=$(CFLAGS_FOR_BUILD) | ||
30 | -testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD) | ||
31 | -testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD) | ||
32 | |||
33 | MAINTAINERCLEANFILES = Makefile.in | ||
34 | -- | ||
35 | 2.41.0 | ||
36 | |||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch new file mode 100644 index 0000000000..57d4660571 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001 | ||
2 | From: Robert Yang <liezhi.yang@windriver.com> | ||
3 | Date: Sat, 9 Dec 2023 23:34:08 -0800 | ||
4 | Subject: [PATCH] reexport.h: Include unistd.h to compile with musl | ||
5 | |||
6 | Fixed error when compile with musl | ||
7 | reexport.c: In function 'reexpdb_init': | ||
8 | reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration] | ||
9 | 62 | sleep(1); | ||
10 | |||
11 | |||
12 | Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=170254661824522&w=2] | ||
13 | |||
14 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
15 | --- | ||
16 | support/reexport/reexport.h | 1 + | ||
17 | 1 files changed, 1 insertions(+) | ||
18 | |||
19 | diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h | ||
20 | index 85fd59c..02f8684 100644 | ||
21 | --- a/support/reexport/reexport.h | ||
22 | +++ b/support/reexport/reexport.h | ||
23 | @@ -1,6 +1,8 @@ | ||
24 | #ifndef REEXPORT_H | ||
25 | #define REEXPORT_H | ||
26 | |||
27 | +#include <unistd.h> | ||
28 | + | ||
29 | #include "nfslib.h" | ||
30 | |||
31 | enum { | ||
32 | -- | ||
33 | 2.42.0 | ||
34 | |||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch new file mode 100644 index 0000000000..7d903e04bc --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-tools-locktest-Use-intmax_t-to-print-off_t.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From e2e9251dbeb452f5382179023d8ae18b511167a1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Tue, 25 Jul 2023 23:47:08 -0700 | ||
4 | Subject: [PATCH] tools/locktest: Use intmax_t to print off_t | ||
5 | |||
6 | off_t could be 64bit on 32bit architectures which means using %z printf | ||
7 | modifier is not enough to print it and compiler will complain about | ||
8 | format mismatch | ||
9 | |||
10 | Fixes | ||
11 | | testlk.c:84:66: error: format '%zd' expects argument of type 'signed size_t', but argument 4 has type '__off64_t' {aka 'long long int'} [-Werror=format=] | ||
12 | | 84 | printf("%s: conflicting lock by %d on (%zd;%zd)\n", | ||
13 | | | ~~^ | ||
14 | | | | | ||
15 | | | int | ||
16 | | | %lld | ||
17 | | 85 | fname, fl.l_pid, fl.l_start, fl.l_len); | ||
18 | | | ~~~~~~~~~~ | ||
19 | | | | | ||
20 | | | __off64_t {aka long long int} | ||
21 | |||
22 | Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169035457128067&w=2] | ||
23 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
24 | --- | ||
25 | tools/locktest/testlk.c | 5 +++-- | ||
26 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
27 | |||
28 | diff --git a/tools/locktest/testlk.c b/tools/locktest/testlk.c | ||
29 | index ea51f788..9d4c88c4 100644 | ||
30 | --- a/tools/locktest/testlk.c | ||
31 | +++ b/tools/locktest/testlk.c | ||
32 | @@ -2,6 +2,7 @@ | ||
33 | #include <config.h> | ||
34 | #endif | ||
35 | |||
36 | +#include <stdint.h> | ||
37 | #include <stdlib.h> | ||
38 | #include <stdio.h> | ||
39 | #include <unistd.h> | ||
40 | @@ -81,8 +82,8 @@ main(int argc, char **argv) | ||
41 | if (fl.l_type == F_UNLCK) { | ||
42 | printf("%s: no conflicting lock\n", fname); | ||
43 | } else { | ||
44 | - printf("%s: conflicting lock by %d on (%zd;%zd)\n", | ||
45 | - fname, fl.l_pid, fl.l_start, fl.l_len); | ||
46 | + printf("%s: conflicting lock by %d on (%jd;%jd)\n", | ||
47 | + fname, fl.l_pid, (intmax_t)fl.l_start, (intmax_t)fl.l_len); | ||
48 | } | ||
49 | return 0; | ||
50 | } | ||
51 | -- | ||
52 | 2.41.0 | ||
53 | |||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service index c01415de84..ebfe64b9ce 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service | |||
@@ -12,6 +12,7 @@ ConditionPathExists=@SYSCONFDIR@/exports | |||
12 | EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf | 12 | EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf |
13 | ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS | 13 | ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS |
14 | LimitNOFILE=@HIGH_RLIMIT_NOFILE@ | 14 | LimitNOFILE=@HIGH_RLIMIT_NOFILE@ |
15 | StateDirectory=nfs | ||
15 | 16 | ||
16 | [Install] | 17 | [Install] |
17 | WantedBy=multi-user.target | 18 | WantedBy=multi-user.target |
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service index 5c845b7e82..15ceee04d0 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service | |||
@@ -18,6 +18,7 @@ ExecStopPost=@SBINDIR@/exportfs -au | |||
18 | ExecStopPost=@SBINDIR@/exportfs -f | 18 | ExecStopPost=@SBINDIR@/exportfs -f |
19 | ExecReload=@SBINDIR@/exportfs -r | 19 | ExecReload=@SBINDIR@/exportfs -r |
20 | RemainAfterExit=yes | 20 | RemainAfterExit=yes |
21 | StateDirectory=nfs | ||
21 | 22 | ||
22 | [Install] | 23 | [Install] |
23 | WantedBy=multi-user.target | 24 | WantedBy=multi-user.target |
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service index 4fa64e1998..b519194121 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service | |||
@@ -4,11 +4,13 @@ DefaultDependencies=no | |||
4 | Conflicts=umount.target | 4 | Conflicts=umount.target |
5 | Requires=nss-lookup.target rpcbind.service | 5 | Requires=nss-lookup.target rpcbind.service |
6 | After=network.target nss-lookup.target rpcbind.service | 6 | After=network.target nss-lookup.target rpcbind.service |
7 | ConditionPathExists=@SYSCONFDIR@/exports | ||
7 | 8 | ||
8 | [Service] | 9 | [Service] |
9 | EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf | 10 | EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf |
10 | ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS | 11 | ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS |
11 | LimitNOFILE=@HIGH_RLIMIT_NOFILE@ | 12 | LimitNOFILE=@HIGH_RLIMIT_NOFILE@ |
13 | StateDirectory=nfs | ||
12 | 14 | ||
13 | [Install] | 15 | [Install] |
14 | WantedBy=multi-user.target | 16 | WantedBy=multi-user.target |
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb index c7ac67cf31..2f2644f9a8 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.2.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb | |||
@@ -4,18 +4,18 @@ NFS server and related tools." | |||
4 | HOMEPAGE = "http://nfs.sourceforge.net/" | 4 | HOMEPAGE = "http://nfs.sourceforge.net/" |
5 | SECTION = "console/network" | 5 | SECTION = "console/network" |
6 | 6 | ||
7 | LICENSE = "MIT & GPLv2+ & BSD" | 7 | LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" |
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" |
9 | 9 | ||
10 | # util-linux for libblkid | 10 | # util-linux for libblkid |
11 | DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" | 11 | DEPENDS = "libcap libevent util-linux sqlite3 libtirpc" |
12 | RDEPENDS_${PN} = "${PN}-client" | 12 | RDEPENDS:${PN} = "${PN}-client" |
13 | RRECOMMENDS_${PN} = "kernel-module-nfsd" | 13 | RRECOMMENDS:${PN} = "kernel-module-nfsd" |
14 | 14 | ||
15 | inherit useradd | 15 | inherit useradd |
16 | 16 | ||
17 | USERADD_PACKAGES = "${PN}-client" | 17 | USERADD_PACKAGES = "${PN}-client" |
18 | USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \ | 18 | USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ |
19 | --shell /bin/false --user-group rpcuser" | 19 | --shell /bin/false --user-group rpcuser" |
20 | 20 | ||
21 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ | 21 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ |
@@ -30,8 +30,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x | |||
30 | file://bugfix-adjust-statd-service-name.patch \ | 30 | file://bugfix-adjust-statd-service-name.patch \ |
31 | file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ | 31 | file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ |
32 | file://clang-warnings.patch \ | 32 | file://clang-warnings.patch \ |
33 | file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ | ||
34 | file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \ | ||
35 | file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \ | ||
33 | " | 36 | " |
34 | SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea65d9de" | 37 | SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d" |
35 | 38 | ||
36 | # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will | 39 | # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will |
37 | # pull in the remainder of the dependencies. | 40 | # pull in the remainder of the dependencies. |
@@ -39,14 +42,14 @@ SRC_URI[sha256sum] = "d493b81c9d3ffce5d10af701a63ed2b8a21768c23da4a2eceb4d708aea | |||
39 | INITSCRIPT_PACKAGES = "${PN} ${PN}-client" | 42 | INITSCRIPT_PACKAGES = "${PN} ${PN}-client" |
40 | INITSCRIPT_NAME = "nfsserver" | 43 | INITSCRIPT_NAME = "nfsserver" |
41 | INITSCRIPT_PARAMS = "defaults" | 44 | INITSCRIPT_PARAMS = "defaults" |
42 | INITSCRIPT_NAME_${PN}-client = "nfscommon" | 45 | INITSCRIPT_NAME:${PN}-client = "nfscommon" |
43 | INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21" | 46 | INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" |
44 | 47 | ||
45 | inherit autotools-brokensep update-rc.d systemd pkgconfig | 48 | inherit autotools-brokensep update-rc.d systemd pkgconfig |
46 | 49 | ||
47 | SYSTEMD_PACKAGES = "${PN} ${PN}-client" | 50 | SYSTEMD_PACKAGES = "${PN} ${PN}-client" |
48 | SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service" | 51 | SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service" |
49 | SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service" | 52 | SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service" |
50 | 53 | ||
51 | # --enable-uuid is need for cross-compiling | 54 | # --enable-uuid is need for cross-compiling |
52 | EXTRA_OECONF = "--with-statduser=rpcuser \ | 55 | EXTRA_OECONF = "--with-statduser=rpcuser \ |
@@ -59,10 +62,12 @@ EXTRA_OECONF = "--with-statduser=rpcuser \ | |||
59 | --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ | 62 | --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ |
60 | " | 63 | " |
61 | 64 | ||
65 | LDFLAGS:append = " -lsqlite3 -levent" | ||
66 | |||
62 | PACKAGECONFIG ??= "tcp-wrappers \ | 67 | PACKAGECONFIG ??= "tcp-wrappers \ |
63 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ | 68 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ |
64 | " | 69 | " |
65 | PACKAGECONFIG_remove_libc-musl = "tcp-wrappers" | 70 | PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" |
66 | PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" | 71 | PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" |
67 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | 72 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
68 | # libdevmapper is available in meta-oe | 73 | # libdevmapper is available in meta-oe |
@@ -70,48 +75,52 @@ PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmap | |||
70 | # keyutils is available in meta-oe | 75 | # keyutils is available in meta-oe |
71 | PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" | 76 | PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core" |
72 | 77 | ||
73 | PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats" | 78 | PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl" |
74 | 79 | ||
75 | CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \ | 80 | CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ |
76 | ${localstatedir}/lib/nfs/rmtab \ | 81 | ${localstatedir}/lib/nfs/rmtab \ |
77 | ${localstatedir}/lib/nfs/xtab \ | 82 | ${localstatedir}/lib/nfs/xtab \ |
78 | ${localstatedir}/lib/nfs/statd/state \ | 83 | ${localstatedir}/lib/nfs/statd/state \ |
79 | ${sysconfdir}/nfsmount.conf" | 84 | ${sysconfdir}/nfsmount.conf" |
80 | 85 | ||
81 | FILES_${PN}-client = "${sbindir}/*statd \ | 86 | FILES:${PN}-client = "${sbindir}/*statd \ |
87 | ${libdir}/libnfsidmap.so.* \ | ||
82 | ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ | 88 | ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ |
83 | ${sbindir}/showmount ${sbindir}/nfsstat \ | 89 | ${sbindir}/showmount ${sbindir}/nfsstat \ |
84 | ${localstatedir}/lib/nfs \ | 90 | ${localstatedir}/lib/nfs \ |
85 | ${sysconfdir}/nfs-utils.conf \ | 91 | ${sysconfdir}/nfs-utils.conf \ |
86 | ${sysconfdir}/nfsmount.conf \ | 92 | ${sysconfdir}/nfsmount.conf \ |
87 | ${sysconfdir}/init.d/nfscommon \ | 93 | ${sysconfdir}/init.d/nfscommon \ |
88 | ${systemd_unitdir}/system/nfs-statd.service" | 94 | ${systemd_system_unitdir}/nfs-statd.service" |
89 | RDEPENDS_${PN}-client = "${PN}-mount rpcbind" | 95 | RDEPENDS:${PN}-client = "${PN}-mount rpcbind" |
96 | |||
97 | FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" | ||
90 | 98 | ||
91 | FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*" | 99 | FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" |
100 | RDEPENDS:${PN}-stats = "python3-core" | ||
92 | 101 | ||
93 | FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" | 102 | FILES:${PN}-rpcctl = "${sbindir}/rpcctl" |
94 | RDEPENDS_${PN}-stats = "python3-core" | 103 | RDEPENDS:${PN}-rpcctl = "python3-core" |
95 | 104 | ||
96 | FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a" | 105 | FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" |
97 | 106 | ||
98 | FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/" | 107 | FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d" |
99 | 108 | ||
100 | do_configure_prepend() { | 109 | do_configure:prepend() { |
101 | sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ | 110 | sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \ |
102 | ${S}/utils/mount/Makefile.am | 111 | ${S}/utils/mount/Makefile.am |
103 | } | 112 | } |
104 | 113 | ||
105 | # Make clean needed because the package comes with | 114 | # Make clean needed because the package comes with |
106 | # precompiled 64-bit objects that break the build | 115 | # precompiled 64-bit objects that break the build |
107 | do_compile_prepend() { | 116 | do_compile:prepend() { |
108 | make clean | 117 | make clean |
109 | } | 118 | } |
110 | 119 | ||
111 | # Works on systemd only | 120 | # Works on systemd only |
112 | HIGH_RLIMIT_NOFILE ??= "4096" | 121 | HIGH_RLIMIT_NOFILE ??= "4096" |
113 | 122 | ||
114 | do_install_append () { | 123 | do_install:append () { |
115 | install -d ${D}${sysconfdir}/init.d | 124 | install -d ${D}${sysconfdir}/init.d |
116 | install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver | 125 | install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver |
117 | install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon | 126 | install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon |
@@ -119,18 +128,18 @@ do_install_append () { | |||
119 | install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} | 128 | install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir} |
120 | install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} | 129 | install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir} |
121 | 130 | ||
122 | install -d ${D}${systemd_unitdir}/system | 131 | install -d ${D}${systemd_system_unitdir} |
123 | install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/ | 132 | install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/ |
124 | install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/ | 133 | install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/ |
125 | install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/ | 134 | install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/ |
126 | sed -i -e 's,@SBINDIR@,${sbindir},g' \ | 135 | sed -i -e 's,@SBINDIR@,${sbindir},g' \ |
127 | -e 's,@SYSCONFDIR@,${sysconfdir},g' \ | 136 | -e 's,@SYSCONFDIR@,${sysconfdir},g' \ |
128 | -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ | 137 | -e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \ |
129 | ${D}${systemd_unitdir}/system/*.service | 138 | ${D}${systemd_system_unitdir}/*.service |
130 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | 139 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then |
131 | install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/ | 140 | install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/ |
132 | install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/ | 141 | install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/ |
133 | ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount | 142 | ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount |
134 | fi | 143 | fi |
135 | 144 | ||
136 | # kernel code as of 3.8 hard-codes this path as a default | 145 | # kernel code as of 3.8 hard-codes this path as a default |
diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch new file mode 100644 index 0000000000..3655b3fd66 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001 | ||
2 | From: Martin Jansa <Martin.Jansa@gmail.com> | ||
3 | Date: Wed, 21 Apr 2021 11:01:34 +0000 | ||
4 | Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro | ||
5 | from ell/util.h | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> | ||
10 | --- | ||
11 | drivers/mbimmodem/mbim-private.h | 4 ++++ | ||
12 | 1 file changed, 4 insertions(+) | ||
13 | |||
14 | diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h | ||
15 | index 51693eae..d917312c 100644 | ||
16 | --- a/drivers/mbimmodem/mbim-private.h | ||
17 | +++ b/drivers/mbimmodem/mbim-private.h | ||
18 | @@ -30,6 +30,10 @@ | ||
19 | __result; }) | ||
20 | #endif | ||
21 | |||
22 | +/* used to be part of ell/util.h before 0.39: | ||
23 | + https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */ | ||
24 | +#define unlikely(x) __builtin_expect(!!(x), 0) | ||
25 | + | ||
26 | enum mbim_control_message { | ||
27 | MBIM_OPEN_MSG = 0x1, | ||
28 | MBIM_CLOSE_MSG = 0x2, | ||
diff --git a/meta/recipes-connectivity/ofono/ofono_1.31.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb index 7d0976ad7f..dae5cc3c25 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.31.bb +++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb | |||
@@ -2,7 +2,7 @@ SUMMARY = "open source telephony" | |||
2 | DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." | 2 | DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." |
3 | HOMEPAGE = "http://www.ofono.org" | 3 | HOMEPAGE = "http://www.ofono.org" |
4 | BUGTRACKER = "https://01.org/jira/browse/OF" | 4 | BUGTRACKER = "https://01.org/jira/browse/OF" |
5 | LICENSE = "GPLv2" | 5 | LICENSE = "GPL-2.0-only" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ |
7 | file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" | 7 | file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee" |
8 | DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" | 8 | DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" |
@@ -11,40 +11,45 @@ SRC_URI = "\ | |||
11 | ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | 11 | ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ |
12 | file://ofono \ | 12 | file://ofono \ |
13 | file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ | 13 | file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \ |
14 | file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \ | ||
14 | " | 15 | " |
15 | SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc" | 16 | SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" |
16 | SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b" | ||
17 | 17 | ||
18 | inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data | 18 | inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data |
19 | 19 | ||
20 | INITSCRIPT_NAME = "ofono" | 20 | INITSCRIPT_NAME = "ofono" |
21 | INITSCRIPT_PARAMS = "defaults 22" | 21 | INITSCRIPT_PARAMS = "defaults 22" |
22 | SYSTEMD_SERVICE_${PN} = "ofono.service" | 22 | SYSTEMD_SERVICE:${PN} = "ofono.service" |
23 | 23 | ||
24 | PACKAGECONFIG ??= "\ | 24 | PACKAGECONFIG ??= "\ |
25 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ | 25 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ |
26 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ | 26 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ |
27 | " | 27 | " |
28 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir=" | 28 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" |
29 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" | 29 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" |
30 | 30 | ||
31 | EXTRA_OECONF += "--enable-test --enable-external-ell" | 31 | EXTRA_OECONF += "--enable-test --enable-external-ell" |
32 | 32 | ||
33 | do_install_append() { | 33 | do_configure:prepend() { |
34 | install -d ${D}${sysconfdir}/init.d/ | 34 | bbnote "Removing bundled ell from ${S}/ell to prevent including it" |
35 | install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono | 35 | rm -rf ${S}/ell |
36 | } | ||
37 | |||
38 | do_install:append() { | ||
39 | install -d ${D}${sysconfdir}/init.d/ | ||
40 | install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono | ||
36 | } | 41 | } |
37 | 42 | ||
38 | PACKAGES =+ "${PN}-tests" | 43 | PACKAGES =+ "${PN}-tests" |
39 | 44 | ||
40 | FILES_${PN} += "${systemd_unitdir}" | 45 | FILES:${PN} += "${systemd_unitdir}" |
41 | FILES_${PN}-tests = "${libdir}/${BPN}/test" | 46 | FILES:${PN}-tests = "${libdir}/${BPN}/test" |
42 | 47 | ||
43 | RDEPENDS_${PN} += "dbus" | 48 | RDEPENDS:${PN} += "dbus" |
44 | RDEPENDS_${PN}-tests = "\ | 49 | RDEPENDS:${PN}-tests = "\ |
45 | python3-core \ | 50 | python3-core \ |
46 | python3-dbus \ | 51 | python3-dbus \ |
47 | ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ | 52 | ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ |
48 | " | 53 | " |
49 | 54 | ||
50 | RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info" | 55 | RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" |
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch new file mode 100644 index 0000000000..8763f30f4b --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mikko Rapeli <mikko.rapeli@linaro.org> | ||
3 | Date: Mon, 11 Sep 2023 09:55:21 +0100 | ||
4 | Subject: [PATCH] regress/banner.sh: log input and output files on error | ||
5 | |||
6 | Some test environments like yocto with qemu are seeing these | ||
7 | tests failing. There may be additional error messages in the | ||
8 | stderr of ssh cloent command. busybox cmp shows this error when | ||
9 | first input file has less new line characters then second | ||
10 | input file: | ||
11 | |||
12 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
13 | |||
14 | Logging the full banner.out will show what other error messages | ||
15 | are captured in addition of the expected banner. | ||
16 | |||
17 | Full log of a failing banner test runs is: | ||
18 | |||
19 | run test banner.sh ... | ||
20 | test banner: missing banner file | ||
21 | test banner: size 0 | ||
22 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
23 | banner size 0 mismatch | ||
24 | test banner: size 10 | ||
25 | test banner: size 100 | ||
26 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
27 | banner size 100 mismatch | ||
28 | test banner: size 1000 | ||
29 | test banner: size 10000 | ||
30 | test banner: size 100000 | ||
31 | test banner: suppress banner (-q) | ||
32 | FAIL: banner | ||
33 | return value: 1 | ||
34 | |||
35 | See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 | ||
36 | |||
37 | Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] | ||
38 | |||
39 | Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> | ||
40 | --- | ||
41 | regress/banner.sh | 4 +++- | ||
42 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
43 | |||
44 | diff --git a/regress/banner.sh b/regress/banner.sh | ||
45 | index a84feb5a..de84957a 100644 | ||
46 | --- a/regress/banner.sh | ||
47 | +++ b/regress/banner.sh | ||
48 | @@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do | ||
49 | verbose "test $tid: size $s" | ||
50 | ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ | ||
51 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ | ||
52 | - fail "banner size $s mismatch" | ||
53 | + ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ | ||
54 | + verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ | ||
55 | + fail "banner size $s mismatch" ) | ||
56 | done | ||
57 | |||
58 | trace "test suppress banner (-q)" | ||
59 | -- | ||
60 | 2.34.1 | ||
61 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch new file mode 100644 index 0000000000..f079d936a4 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch | |||
@@ -0,0 +1,96 @@ | |||
1 | From b02ef7621758f06eb686ef4f620636dbad086eda Mon Sep 17 00:00:00 2001 | ||
2 | From: Matt Jolly <Matt.Jolly@footclan.ninja> | ||
3 | Date: Thu, 2 Feb 2023 21:05:40 +1100 | ||
4 | Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` | ||
5 | |||
6 | This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org> | ||
7 | patch based on Jakub Jelen's <jjelen@redhat.com> original patch | ||
8 | |||
9 | Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] | ||
10 | |||
11 | Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> | ||
12 | --- | ||
13 | configure.ac | 24 ++++++++++++++++++++++++ | ||
14 | sshd.c | 13 +++++++++++++ | ||
15 | 2 files changed, 37 insertions(+) | ||
16 | |||
17 | diff --git a/configure.ac b/configure.ac | ||
18 | index 82e8bb7..d1145d3 100644 | ||
19 | --- a/configure.ac | ||
20 | +++ b/configure.ac | ||
21 | @@ -4870,6 +4870,29 @@ AC_SUBST([GSSLIBS]) | ||
22 | AC_SUBST([K5LIBS]) | ||
23 | AC_SUBST([CHANNELLIBS]) | ||
24 | |||
25 | +# Check whether user wants systemd support | ||
26 | +SYSTEMD_MSG="no" | ||
27 | +AC_ARG_WITH(systemd, | ||
28 | + [ --with-systemd Enable systemd support], | ||
29 | + [ if test "x$withval" != "xno" ; then | ||
30 | + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
31 | + if test "$PKGCONFIG" != "no"; then | ||
32 | + AC_MSG_CHECKING([for libsystemd]) | ||
33 | + if $PKGCONFIG --exists libsystemd; then | ||
34 | + SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` | ||
35 | + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` | ||
36 | + CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" | ||
37 | + SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" | ||
38 | + AC_MSG_RESULT([yes]) | ||
39 | + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) | ||
40 | + SYSTEMD_MSG="yes" | ||
41 | + else | ||
42 | + AC_MSG_RESULT([no]) | ||
43 | + fi | ||
44 | + fi | ||
45 | + fi ] | ||
46 | +) | ||
47 | + | ||
48 | # Looking for programs, paths and files | ||
49 | |||
50 | PRIVSEP_PATH=/var/empty | ||
51 | @@ -5688,6 +5711,7 @@ echo " libldns support: $LDNS_MSG" | ||
52 | echo " Solaris process contract support: $SPC_MSG" | ||
53 | echo " Solaris project support: $SP_MSG" | ||
54 | echo " Solaris privilege support: $SPP_MSG" | ||
55 | +echo " systemd support: $SYSTEMD_MSG" | ||
56 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
57 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
58 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
59 | diff --git a/sshd.c b/sshd.c | ||
60 | index b4f2b97..6820a41 100644 | ||
61 | --- a/sshd.c | ||
62 | +++ b/sshd.c | ||
63 | @@ -88,6 +88,10 @@ | ||
64 | #include <prot.h> | ||
65 | #endif | ||
66 | |||
67 | +#ifdef HAVE_SYSTEMD | ||
68 | +#include <systemd/sd-daemon.h> | ||
69 | +#endif | ||
70 | + | ||
71 | #include "xmalloc.h" | ||
72 | #include "ssh.h" | ||
73 | #include "ssh2.h" | ||
74 | @@ -308,6 +312,10 @@ static void | ||
75 | sighup_restart(void) | ||
76 | { | ||
77 | logit("Received SIGHUP; restarting."); | ||
78 | +#ifdef HAVE_SYSTEMD | ||
79 | + /* Signal systemd that we are reloading */ | ||
80 | + sd_notify(0, "RELOADING=1"); | ||
81 | +#endif | ||
82 | if (options.pid_file != NULL) | ||
83 | unlink(options.pid_file); | ||
84 | platform_pre_restart(); | ||
85 | @@ -2093,6 +2101,11 @@ main(int ac, char **av) | ||
86 | } | ||
87 | } | ||
88 | |||
89 | +#ifdef HAVE_SYSTEMD | ||
90 | + /* Signal systemd that we are ready to accept connections */ | ||
91 | + sd_notify(0, "READY=1"); | ||
92 | +#endif | ||
93 | + | ||
94 | /* Accept a connection and return in a forked child */ | ||
95 | server_accept_loop(&sock_in, &sock_out, | ||
96 | &newsock, config_s); | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest index ae03e929b2..b2244d725a 100755 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ b/meta/recipes-connectivity/openssh/openssh/run-ptest | |||
@@ -4,8 +4,22 @@ export TEST_SHELL=sh | |||
4 | export SKIP_UNIT=1 | 4 | export SKIP_UNIT=1 |
5 | 5 | ||
6 | cd regress | 6 | cd regress |
7 | |||
8 | # copied from openssh-portable/.github/run_test.sh | ||
9 | output_failed_logs() { | ||
10 | for i in failed*.log; do | ||
11 | if [ -f "$i" ]; then | ||
12 | echo ------------------------------------------------------------------------- | ||
13 | echo LOGFILE $i | ||
14 | cat $i | ||
15 | echo ------------------------------------------------------------------------- | ||
16 | fi | ||
17 | done | ||
18 | } | ||
19 | trap output_failed_logs 0 | ||
20 | |||
7 | sed -i "/\t\tagent-ptrace /d" Makefile | 21 | sed -i "/\t\tagent-ptrace /d" Makefile |
8 | make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ | 22 | make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \ |
9 | | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' | 23 | | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' |
10 | 24 | ||
11 | SSHAGENT=`which ssh-agent` | 25 | SSHAGENT=`which ssh-agent` |
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index e0d023803e..cb2774a163 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ | 1 | # $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -17,11 +17,11 @@ | |||
17 | # list of available options, their meanings and defaults, please see the | 17 | # list of available options, their meanings and defaults, please see the |
18 | # ssh_config(5) man page. | 18 | # ssh_config(5) man page. |
19 | 19 | ||
20 | Host * | 20 | Include /etc/ssh/ssh_config.d/*.conf |
21 | ForwardAgent yes | 21 | |
22 | ForwardX11 yes | 22 | # Host * |
23 | # RhostsRSAAuthentication no | 23 | # ForwardAgent no |
24 | # RSAAuthentication yes | 24 | # ForwardX11 no |
25 | # PasswordAuthentication yes | 25 | # PasswordAuthentication yes |
26 | # HostbasedAuthentication no | 26 | # HostbasedAuthentication no |
27 | # GSSAPIAuthentication no | 27 | # GSSAPIAuthentication no |
@@ -36,7 +36,6 @@ Host * | |||
36 | # IdentityFile ~/.ssh/id_ecdsa | 36 | # IdentityFile ~/.ssh/id_ecdsa |
37 | # IdentityFile ~/.ssh/id_ed25519 | 37 | # IdentityFile ~/.ssh/id_ed25519 |
38 | # Port 22 | 38 | # Port 22 |
39 | # Protocol 2 | ||
40 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc | 39 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc |
41 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com | 40 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com |
42 | # EscapeChar ~ | 41 | # EscapeChar ~ |
@@ -46,3 +45,4 @@ Host * | |||
46 | # VisualHostKey no | 45 | # VisualHostKey no |
47 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 46 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
48 | # RekeyLimit 1G 1h | 47 | # RekeyLimit 1G 1h |
48 | # UserKnownHostsFile ~/.ssh/known_hosts.d/%k | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service new file mode 100644 index 0000000000..3e570ab1e5 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service | |||
@@ -0,0 +1,18 @@ | |||
1 | [Unit] | ||
2 | Description=OpenSSH server daemon | ||
3 | Wants=sshdgenkeys.service | ||
4 | After=sshdgenkeys.service | ||
5 | After=nss-user-lookup.target | ||
6 | |||
7 | [Service] | ||
8 | Environment="SSHD_OPTS=" | ||
9 | EnvironmentFile=-/etc/default/ssh | ||
10 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | ||
11 | ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS | ||
12 | ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID | ||
13 | KillMode=process | ||
14 | Restart=on-failure | ||
15 | RestartSec=42s | ||
16 | |||
17 | [Install] | ||
18 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 8d76d62309..7dd2ed0626 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket | |||
@@ -1,6 +1,7 @@ | |||
1 | [Unit] | 1 | [Unit] |
2 | Conflicts=sshd.service | 2 | Conflicts=sshd.service |
3 | Wants=sshdgenkeys.service | 3 | Wants=sshdgenkeys.service |
4 | After=nss-user-lookup.target | ||
4 | 5 | ||
5 | [Socket] | 6 | [Socket] |
6 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | 7 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd |
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys index 1931dc7153..606d1894b5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys | |||
@@ -6,6 +6,7 @@ generate_key() { | |||
6 | local DIR="$(dirname "$FILE")" | 6 | local DIR="$(dirname "$FILE")" |
7 | 7 | ||
8 | mkdir -p "$DIR" | 8 | mkdir -p "$DIR" |
9 | rm -f ${FILE}.tmp | ||
9 | ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE | 10 | ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE |
10 | 11 | ||
11 | # Atomically rename file public key | 12 | # Atomically rename file public key |
@@ -56,8 +57,7 @@ while true ; do | |||
56 | esac | 57 | esac |
57 | done | 58 | done |
58 | 59 | ||
59 | HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") | 60 | HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') |
60 | [ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" | ||
61 | 61 | ||
62 | for key in ${HOST_KEYS} ; do | 62 | for key in ${HOST_KEYS} ; do |
63 | [ -f $key ] && continue | 63 | [ -f $key ] && continue |
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 15f061b570..e9eaf93157 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -10,6 +10,8 @@ | |||
10 | # possible, but leave them commented. Uncommented options override the | 10 | # possible, but leave them commented. Uncommented options override the |
11 | # default value. | 11 | # default value. |
12 | 12 | ||
13 | Include /etc/ssh/sshd_config.d/*.conf | ||
14 | |||
13 | #Port 22 | 15 | #Port 22 |
14 | #AddressFamily any | 16 | #AddressFamily any |
15 | #ListenAddress 0.0.0.0 | 17 | #ListenAddress 0.0.0.0 |
@@ -57,9 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
57 | #PasswordAuthentication yes | 59 | #PasswordAuthentication yes |
58 | #PermitEmptyPasswords no | 60 | #PermitEmptyPasswords no |
59 | 61 | ||
60 | # Change to yes to enable challenge-response passwords (beware issues with | 62 | # Change to yes to enable keyboard-interactive authentication (beware issues |
61 | # some PAM modules and threads) | 63 | # with some PAM modules and threads) |
62 | ChallengeResponseAuthentication no | 64 | KbdInteractiveAuthentication no |
63 | 65 | ||
64 | # Kerberos options | 66 | # Kerberos options |
65 | #KerberosAuthentication no | 67 | #KerberosAuthentication no |
@@ -73,13 +75,13 @@ ChallengeResponseAuthentication no | |||
73 | 75 | ||
74 | # Set this to 'yes' to enable PAM authentication, account processing, | 76 | # Set this to 'yes' to enable PAM authentication, account processing, |
75 | # and session processing. If this is enabled, PAM authentication will | 77 | # and session processing. If this is enabled, PAM authentication will |
76 | # be allowed through the ChallengeResponseAuthentication and | 78 | # be allowed through the KbdInteractiveAuthentication and |
77 | # PasswordAuthentication. Depending on your PAM configuration, | 79 | # PasswordAuthentication. Depending on your PAM configuration, |
78 | # PAM authentication via ChallengeResponseAuthentication may bypass | 80 | # PAM authentication via KbdInteractiveAuthentication may bypass |
79 | # the setting of "PermitRootLogin without-password". | 81 | # the setting of "PermitRootLogin without-password". |
80 | # If you just want the PAM account and session checks to run without | 82 | # If you just want the PAM account and session checks to run without |
81 | # PAM authentication, then enable this but set PasswordAuthentication | 83 | # PAM authentication, then enable this but set PasswordAuthentication |
82 | # and ChallengeResponseAuthentication to 'no'. | 84 | # and KbdInteractiveAuthentication to 'no'. |
83 | #UsePAM no | 85 | #UsePAM no |
84 | 86 | ||
85 | #AllowAgentForwarding yes | 87 | #AllowAgentForwarding yes |
@@ -92,7 +94,6 @@ ChallengeResponseAuthentication no | |||
92 | #PrintMotd yes | 94 | #PrintMotd yes |
93 | #PrintLastLog yes | 95 | #PrintLastLog yes |
94 | #TCPKeepAlive yes | 96 | #TCPKeepAlive yes |
95 | #UseLogin no | ||
96 | #PermitUserEnvironment no | 97 | #PermitUserEnvironment no |
97 | Compression no | 98 | Compression no |
98 | ClientAliveInterval 15 | 99 | ClientAliveInterval 15 |
diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb index 688fc8a024..d1468c59fc 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb | |||
@@ -5,8 +5,8 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ | |||
5 | and for executing commands on a remote machine." | 5 | and for executing commands on a remote machine." |
6 | HOMEPAGE = "http://www.openssh.com/" | 6 | HOMEPAGE = "http://www.openssh.com/" |
7 | SECTION = "console/network" | 7 | SECTION = "console/network" |
8 | LICENSE = "BSD & ISC & MIT" | 8 | LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" |
9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" | 9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394" |
10 | 10 | ||
11 | DEPENDS = "zlib openssl virtual/crypt" | 11 | DEPENDS = "zlib openssl virtual/crypt" |
12 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | 12 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" |
@@ -16,6 +16,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
16 | file://ssh_config \ | 16 | file://ssh_config \ |
17 | file://init \ | 17 | file://init \ |
18 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | 18 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
19 | file://sshd.service \ | ||
19 | file://sshd.socket \ | 20 | file://sshd.socket \ |
20 | file://sshd@.service \ | 21 | file://sshd@.service \ |
21 | file://sshdgenkeys.service \ | 22 | file://sshdgenkeys.service \ |
@@ -24,36 +25,46 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
24 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | 25 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ |
25 | file://sshd_check_keys \ | 26 | file://sshd_check_keys \ |
26 | file://add-test-support-for-busybox.patch \ | 27 | file://add-test-support-for-busybox.patch \ |
28 | file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ | ||
29 | file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ | ||
27 | " | 30 | " |
28 | SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" | 31 | SRC_URI[sha256sum] = "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd" |
32 | |||
33 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." | ||
29 | 34 | ||
30 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 | 35 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 |
31 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded | 36 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded |
32 | CVE_CHECK_WHITELIST += "CVE-2014-9278" | 37 | CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ |
38 | Red Hat Enterprise Linux 7 and when running in a Kerberos environment" | ||
39 | |||
40 | CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." | ||
33 | 41 | ||
34 | PAM_SRC_URI = "file://sshd" | 42 | PAM_SRC_URI = "file://sshd" |
35 | 43 | ||
36 | inherit manpages useradd update-rc.d update-alternatives systemd | 44 | inherit manpages useradd update-rc.d update-alternatives systemd |
37 | 45 | ||
38 | USERADD_PACKAGES = "${PN}-sshd" | 46 | USERADD_PACKAGES = "${PN}-sshd" |
39 | USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" | 47 | USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" |
40 | INITSCRIPT_PACKAGES = "${PN}-sshd" | 48 | INITSCRIPT_PACKAGES = "${PN}-sshd" |
41 | INITSCRIPT_NAME_${PN}-sshd = "sshd" | 49 | INITSCRIPT_NAME:${PN}-sshd = "sshd" |
42 | INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9" | 50 | INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" |
43 | 51 | ||
44 | SYSTEMD_PACKAGES = "${PN}-sshd" | 52 | SYSTEMD_PACKAGES = "${PN}-sshd" |
45 | SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" | 53 | SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" |
46 | 54 | ||
47 | inherit autotools-brokensep ptest | 55 | inherit autotools-brokensep ptest pkgconfig |
56 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" | ||
48 | 57 | ||
49 | PACKAGECONFIG ??= "rng-tools" | 58 | # systemd-sshd-socket-mode means installing sshd.socket |
59 | # and systemd-sshd-service-mode corresponding to sshd.service | ||
60 | PACKAGECONFIG ??= "systemd-sshd-socket-mode" | ||
61 | PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2" | ||
50 | PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" | 62 | PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" |
51 | PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" | 63 | PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" |
52 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" | 64 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" |
53 | PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" | 65 | PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" |
54 | 66 | PACKAGECONFIG[systemd-sshd-socket-mode] = "" | |
55 | # Add RRECOMMENDS to rng-tools for sshd package | 67 | PACKAGECONFIG[systemd-sshd-service-mode] = "" |
56 | PACKAGECONFIG[rng-tools] = "" | ||
57 | 68 | ||
58 | EXTRA_AUTORECONF += "--exclude=aclocal" | 69 | EXTRA_AUTORECONF += "--exclude=aclocal" |
59 | 70 | ||
@@ -65,10 +76,18 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ | |||
65 | --sysconfdir=${sysconfdir}/ssh \ | 76 | --sysconfdir=${sysconfdir}/ssh \ |
66 | --with-xauth=${bindir}/xauth \ | 77 | --with-xauth=${bindir}/xauth \ |
67 | --disable-strip \ | 78 | --disable-strip \ |
79 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \ | ||
68 | " | 80 | " |
69 | 81 | ||
70 | # musl doesn't implement wtmp/utmp and logwtmp | 82 | # musl doesn't implement wtmp/utmp and logwtmp |
71 | EXTRA_OECONF_append_libc-musl = " --disable-wtmp --disable-lastlog" | 83 | EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" |
84 | |||
85 | # Work around ICE on mips/mips64 starting in 9.6p1 | ||
86 | EXTRA_OECONF:append:mips = " --without-hardening" | ||
87 | EXTRA_OECONF:append:mips64 = " --without-hardening" | ||
88 | |||
89 | # Work around ICE on powerpc64le starting in 9.6p1 | ||
90 | EXTRA_OECONF:append:powerpc64le = " --without-hardening" | ||
72 | 91 | ||
73 | # Since we do not depend on libbsd, we do not want configure to use it | 92 | # Since we do not depend on libbsd, we do not want configure to use it |
74 | # just because it finds libutil.h. But, specifying --disable-libutil | 93 | # just because it finds libutil.h. But, specifying --disable-libutil |
@@ -81,20 +100,17 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" | |||
81 | # We don't want to depend on libblockfile | 100 | # We don't want to depend on libblockfile |
82 | CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" | 101 | CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" |
83 | 102 | ||
84 | do_configure_prepend () { | 103 | do_configure:prepend () { |
85 | export LD="${CC}" | 104 | export LD="${CC}" |
86 | install -m 0644 ${WORKDIR}/sshd_config ${B}/ | 105 | install -m 0644 ${WORKDIR}/sshd_config ${B}/ |
87 | install -m 0644 ${WORKDIR}/ssh_config ${B}/ | 106 | install -m 0644 ${WORKDIR}/ssh_config ${B}/ |
88 | } | 107 | } |
89 | 108 | ||
90 | do_compile_ptest() { | 109 | do_compile_ptest() { |
91 | # skip regress/unittests/ binaries: this will silently skip | 110 | oe_runmake regress-binaries regress-unit-binaries |
92 | # unittests in run-ptests which is good because they are so slow. | ||
93 | oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \ | ||
94 | regress/check-perm regress/mkdtemp | ||
95 | } | 111 | } |
96 | 112 | ||
97 | do_install_append () { | 113 | do_install:append () { |
98 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then | 114 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then |
99 | install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd | 115 | install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd |
100 | sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config | 116 | sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config |
@@ -120,15 +136,25 @@ do_install_append () { | |||
120 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | 136 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly |
121 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | 137 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly |
122 | 138 | ||
123 | install -d ${D}${systemd_unitdir}/system | 139 | install -d ${D}${systemd_system_unitdir} |
124 | install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system | 140 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then |
125 | install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system | 141 | install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} |
126 | install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system | 142 | install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} |
143 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
144 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
145 | -e 's,@BINDIR@,${bindir},g' \ | ||
146 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
147 | ${D}${systemd_system_unitdir}/sshd.socket | ||
148 | fi | ||
149 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then | ||
150 | install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir} | ||
151 | fi | ||
152 | install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} | ||
127 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | 153 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ |
128 | -e 's,@SBINDIR@,${sbindir},g' \ | 154 | -e 's,@SBINDIR@,${sbindir},g' \ |
129 | -e 's,@BINDIR@,${bindir},g' \ | 155 | -e 's,@BINDIR@,${bindir},g' \ |
130 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | 156 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ |
131 | ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service | 157 | ${D}${systemd_system_unitdir}/*.service |
132 | 158 | ||
133 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | 159 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ |
134 | ${D}${sysconfdir}/init.d/sshd | 160 | ${D}${sysconfdir}/init.d/sshd |
@@ -139,41 +165,38 @@ do_install_append () { | |||
139 | do_install_ptest () { | 165 | do_install_ptest () { |
140 | sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh | 166 | sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh |
141 | cp -r regress ${D}${PTEST_PATH} | 167 | cp -r regress ${D}${PTEST_PATH} |
168 | cp config.h ${D}${PTEST_PATH} | ||
142 | } | 169 | } |
143 | 170 | ||
144 | ALLOW_EMPTY_${PN} = "1" | 171 | ALLOW_EMPTY:${PN} = "1" |
145 | 172 | ||
146 | PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" | 173 | PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" |
147 | FILES_${PN}-scp = "${bindir}/scp.${BPN}" | 174 | FILES:${PN}-scp = "${bindir}/scp.${BPN}" |
148 | FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" | 175 | FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" |
149 | FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" | 176 | FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" |
150 | FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" | 177 | FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" |
151 | FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" | 178 | FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" |
152 | FILES_${PN}-sftp = "${bindir}/sftp" | 179 | FILES:${PN}-sftp = "${bindir}/sftp" |
153 | FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" | 180 | FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" |
154 | FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" | 181 | FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" |
155 | FILES_${PN}-keygen = "${bindir}/ssh-keygen" | 182 | FILES:${PN}-keygen = "${bindir}/ssh-keygen" |
156 | 183 | ||
157 | RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" | 184 | RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" |
158 | RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" | 185 | RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" |
159 | RRECOMMENDS_${PN}-sshd_append_class-target = "\ | ||
160 | ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ | ||
161 | " | ||
162 | |||
163 | # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies | 186 | # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies |
164 | RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" | 187 | RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin" |
165 | 188 | ||
166 | RPROVIDES_${PN}-ssh = "ssh" | 189 | RPROVIDES:${PN}-ssh = "ssh" |
167 | RPROVIDES_${PN}-sshd = "sshd" | 190 | RPROVIDES:${PN}-sshd = "sshd" |
168 | 191 | ||
169 | RCONFLICTS_${PN} = "dropbear" | 192 | RCONFLICTS:${PN} = "dropbear" |
170 | RCONFLICTS_${PN}-sshd = "dropbear" | 193 | RCONFLICTS:${PN}-sshd = "dropbear" |
171 | 194 | ||
172 | CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" | 195 | CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" |
173 | CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" | 196 | CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" |
174 | 197 | ||
175 | ALTERNATIVE_PRIORITY = "90" | 198 | ALTERNATIVE_PRIORITY = "90" |
176 | ALTERNATIVE_${PN}-scp = "scp" | 199 | ALTERNATIVE:${PN}-scp = "scp" |
177 | ALTERNATIVE_${PN}-ssh = "ssh" | 200 | ALTERNATIVE:${PN}-ssh = "ssh" |
178 | 201 | ||
179 | BBCLASSEXTEND += "nativesdk" | 202 | BBCLASSEXTEND += "nativesdk" |
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index b9cc24a7ac..6f23490c87 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | |||
@@ -1 +1,5 @@ | |||
1 | export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" | 1 | export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" |
2 | export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" | ||
3 | export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" | ||
4 | export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" | ||
5 | export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | |||
@@ -0,0 +1,374 @@ | |||
1 | From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 | ||
2 | From: William Lyu <William.Lyu@windriver.com> | ||
3 | Date: Fri, 20 Oct 2023 16:22:37 -0400 | ||
4 | Subject: [PATCH] Added handshake history reporting when test fails | ||
5 | |||
6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | ||
7 | |||
8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | ||
9 | --- | ||
10 | test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- | ||
11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | ||
12 | test/ssl_test.c | 44 +++++++++++++ | ||
13 | 3 files changed, 218 insertions(+), 35 deletions(-) | ||
14 | |||
15 | diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | ||
16 | index e0422469e4..ae2ad59dd4 100644 | ||
17 | --- a/test/helpers/handshake.c | ||
18 | +++ b/test/helpers/handshake.c | ||
19 | @@ -1,5 +1,5 @@ | ||
20 | /* | ||
21 | - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | ||
22 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
23 | * | ||
24 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
25 | * this file except in compliance with the License. You can obtain a copy | ||
26 | @@ -24,6 +24,102 @@ | ||
27 | #include <netinet/sctp.h> | ||
28 | #endif | ||
29 | |||
30 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
31 | +/* Maps string names to various enumeration type */ | ||
32 | +typedef struct { | ||
33 | + const char *name; | ||
34 | + int value; | ||
35 | +} enum_name_map; | ||
36 | + | ||
37 | +static const enum_name_map connect_phase_names[] = { | ||
38 | + {"Handshake", HANDSHAKE}, | ||
39 | + {"RenegAppData", RENEG_APPLICATION_DATA}, | ||
40 | + {"RenegSetup", RENEG_SETUP}, | ||
41 | + {"RenegHandshake", RENEG_HANDSHAKE}, | ||
42 | + {"AppData", APPLICATION_DATA}, | ||
43 | + {"Shutdown", SHUTDOWN}, | ||
44 | + {"ConnectionDone", CONNECTION_DONE} | ||
45 | +}; | ||
46 | + | ||
47 | +static const enum_name_map peer_status_names[] = { | ||
48 | + {"PeerSuccess", PEER_SUCCESS}, | ||
49 | + {"PeerRetry", PEER_RETRY}, | ||
50 | + {"PeerError", PEER_ERROR}, | ||
51 | + {"PeerWaiting", PEER_WAITING}, | ||
52 | + {"PeerTestFail", PEER_TEST_FAILURE} | ||
53 | +}; | ||
54 | + | ||
55 | +static const enum_name_map handshake_status_names[] = { | ||
56 | + {"HandshakeSuccess", HANDSHAKE_SUCCESS}, | ||
57 | + {"ClientError", CLIENT_ERROR}, | ||
58 | + {"ServerError", SERVER_ERROR}, | ||
59 | + {"InternalError", INTERNAL_ERROR}, | ||
60 | + {"HandshakeRetry", HANDSHAKE_RETRY} | ||
61 | +}; | ||
62 | + | ||
63 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
64 | +static const char *enum_name(const enum_name_map *enums, size_t num_enums, | ||
65 | + int value) | ||
66 | +{ | ||
67 | + size_t i; | ||
68 | + for (i = 0; i < num_enums; i++) { | ||
69 | + if (enums[i].value == value) { | ||
70 | + return enums[i].name; | ||
71 | + } | ||
72 | + } | ||
73 | + return "InvalidValue"; | ||
74 | +} | ||
75 | + | ||
76 | +const char *handshake_connect_phase_name(connect_phase_t phase) | ||
77 | +{ | ||
78 | + return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), | ||
79 | + (int)phase); | ||
80 | +} | ||
81 | + | ||
82 | +const char *handshake_status_name(handshake_status_t handshake_status) | ||
83 | +{ | ||
84 | + return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), | ||
85 | + (int)handshake_status); | ||
86 | +} | ||
87 | + | ||
88 | +const char *handshake_peer_status_name(peer_status_t peer_status) | ||
89 | +{ | ||
90 | + return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), | ||
91 | + (int)peer_status); | ||
92 | +} | ||
93 | + | ||
94 | +static void save_loop_history(HANDSHAKE_HISTORY *history, | ||
95 | + connect_phase_t phase, | ||
96 | + handshake_status_t handshake_status, | ||
97 | + peer_status_t server_status, | ||
98 | + peer_status_t client_status, | ||
99 | + int client_turn_count, | ||
100 | + int is_client_turn) | ||
101 | +{ | ||
102 | + HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; | ||
103 | + | ||
104 | + /* | ||
105 | + * Create a new history entry for a handshake loop with statuses given in | ||
106 | + * the arguments. Potentially evicting the oldest entry when the | ||
107 | + * ring buffer is full. | ||
108 | + */ | ||
109 | + ++(history->last_idx); | ||
110 | + history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
111 | + | ||
112 | + new_entry = &((history->entries)[history->last_idx]); | ||
113 | + new_entry->phase = phase; | ||
114 | + new_entry->handshake_status = handshake_status; | ||
115 | + new_entry->server_status = server_status; | ||
116 | + new_entry->client_status = client_status; | ||
117 | + new_entry->client_turn_count = client_turn_count; | ||
118 | + new_entry->is_client_turn = is_client_turn; | ||
119 | + | ||
120 | + /* Evict the oldest handshake loop entry when the ring buffer is full. */ | ||
121 | + if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { | ||
122 | + ++(history->entry_count); | ||
123 | + } | ||
124 | +} | ||
125 | + | ||
126 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) | ||
127 | { | ||
128 | HANDSHAKE_RESULT *ret; | ||
129 | @@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, | ||
130 | SSL_set_post_handshake_auth(client, 1); | ||
131 | } | ||
132 | |||
133 | -/* The status for each connection phase. */ | ||
134 | -typedef enum { | ||
135 | - PEER_SUCCESS, | ||
136 | - PEER_RETRY, | ||
137 | - PEER_ERROR, | ||
138 | - PEER_WAITING, | ||
139 | - PEER_TEST_FAILURE | ||
140 | -} peer_status_t; | ||
141 | - | ||
142 | /* An SSL object and associated read-write buffers. */ | ||
143 | typedef struct peer_st { | ||
144 | SSL *ssl; | ||
145 | @@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) | ||
146 | } | ||
147 | } | ||
148 | |||
149 | -typedef enum { | ||
150 | - HANDSHAKE, | ||
151 | - RENEG_APPLICATION_DATA, | ||
152 | - RENEG_SETUP, | ||
153 | - RENEG_HANDSHAKE, | ||
154 | - APPLICATION_DATA, | ||
155 | - SHUTDOWN, | ||
156 | - CONNECTION_DONE | ||
157 | -} connect_phase_t; | ||
158 | - | ||
159 | - | ||
160 | static int renegotiate_op(const SSL_TEST_CTX *test_ctx) | ||
161 | { | ||
162 | switch (test_ctx->handshake_mode) { | ||
163 | @@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, | ||
164 | } | ||
165 | } | ||
166 | |||
167 | -typedef enum { | ||
168 | - /* Both parties succeeded. */ | ||
169 | - HANDSHAKE_SUCCESS, | ||
170 | - /* Client errored. */ | ||
171 | - CLIENT_ERROR, | ||
172 | - /* Server errored. */ | ||
173 | - SERVER_ERROR, | ||
174 | - /* Peers are in inconsistent state. */ | ||
175 | - INTERNAL_ERROR, | ||
176 | - /* One or both peers not done. */ | ||
177 | - HANDSHAKE_RETRY | ||
178 | -} handshake_status_t; | ||
179 | - | ||
180 | /* | ||
181 | * Determine the handshake outcome. | ||
182 | * last_status: the status of the peer to have acted last. | ||
183 | @@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
184 | |||
185 | start = time(NULL); | ||
186 | |||
187 | + save_loop_history(&(ret->history), | ||
188 | + phase, status, server.status, client.status, | ||
189 | + client_turn_count, client_turn); | ||
190 | + | ||
191 | /* | ||
192 | * Half-duplex handshake loop. | ||
193 | * Client and server speak to each other synchronously in the same process. | ||
194 | @@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
195 | 0 /* server went last */); | ||
196 | } | ||
197 | |||
198 | + save_loop_history(&(ret->history), | ||
199 | + phase, status, server.status, client.status, | ||
200 | + client_turn_count, client_turn); | ||
201 | + | ||
202 | switch (status) { | ||
203 | case HANDSHAKE_SUCCESS: | ||
204 | client_turn_count = 0; | ||
205 | diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h | ||
206 | index 78b03f9f4b..b9967c2623 100644 | ||
207 | --- a/test/helpers/handshake.h | ||
208 | +++ b/test/helpers/handshake.h | ||
209 | @@ -1,5 +1,5 @@ | ||
210 | /* | ||
211 | - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | ||
212 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
213 | * | ||
214 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
215 | * this file except in compliance with the License. You can obtain a copy | ||
216 | @@ -12,6 +12,11 @@ | ||
217 | |||
218 | #include "ssl_test_ctx.h" | ||
219 | |||
220 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 | ||
221 | +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) | ||
222 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ | ||
223 | + ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) | ||
224 | + | ||
225 | typedef struct ctx_data_st { | ||
226 | unsigned char *npn_protocols; | ||
227 | size_t npn_protocols_len; | ||
228 | @@ -22,6 +27,63 @@ typedef struct ctx_data_st { | ||
229 | char *session_ticket_app_data; | ||
230 | } CTX_DATA; | ||
231 | |||
232 | +typedef enum { | ||
233 | + HANDSHAKE, | ||
234 | + RENEG_APPLICATION_DATA, | ||
235 | + RENEG_SETUP, | ||
236 | + RENEG_HANDSHAKE, | ||
237 | + APPLICATION_DATA, | ||
238 | + SHUTDOWN, | ||
239 | + CONNECTION_DONE | ||
240 | +} connect_phase_t; | ||
241 | + | ||
242 | +/* The status for each connection phase. */ | ||
243 | +typedef enum { | ||
244 | + PEER_SUCCESS, | ||
245 | + PEER_RETRY, | ||
246 | + PEER_ERROR, | ||
247 | + PEER_WAITING, | ||
248 | + PEER_TEST_FAILURE | ||
249 | +} peer_status_t; | ||
250 | + | ||
251 | +typedef enum { | ||
252 | + /* Both parties succeeded. */ | ||
253 | + HANDSHAKE_SUCCESS, | ||
254 | + /* Client errored. */ | ||
255 | + CLIENT_ERROR, | ||
256 | + /* Server errored. */ | ||
257 | + SERVER_ERROR, | ||
258 | + /* Peers are in inconsistent state. */ | ||
259 | + INTERNAL_ERROR, | ||
260 | + /* One or both peers not done. */ | ||
261 | + HANDSHAKE_RETRY | ||
262 | +} handshake_status_t; | ||
263 | + | ||
264 | +/* Stores the various status information in a handshake loop. */ | ||
265 | +typedef struct handshake_history_entry_st { | ||
266 | + connect_phase_t phase; | ||
267 | + handshake_status_t handshake_status; | ||
268 | + peer_status_t server_status; | ||
269 | + peer_status_t client_status; | ||
270 | + int client_turn_count; | ||
271 | + int is_client_turn; | ||
272 | +} HANDSHAKE_HISTORY_ENTRY; | ||
273 | + | ||
274 | +typedef struct handshake_history_st { | ||
275 | + /* Implemented using ring buffer. */ | ||
276 | + /* | ||
277 | + * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, | ||
278 | + * ..., etc., going up to |entry_count| number of entries. Note that when | ||
279 | + * the index into the array |entries| becomes < 0, we wrap around to | ||
280 | + * the end of |entries|. | ||
281 | + */ | ||
282 | + HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; | ||
283 | + /* The number of valid entries in |entries| array. */ | ||
284 | + size_t entry_count; | ||
285 | + /* The index of the last valid entry in the |entries| array. */ | ||
286 | + size_t last_idx; | ||
287 | +} HANDSHAKE_HISTORY; | ||
288 | + | ||
289 | typedef struct handshake_result { | ||
290 | ssl_test_result_t result; | ||
291 | /* These alerts are in the 2-byte format returned by the info_callback. */ | ||
292 | @@ -77,6 +139,8 @@ typedef struct handshake_result { | ||
293 | char *cipher; | ||
294 | /* session ticket application data */ | ||
295 | char *result_session_ticket_app_data; | ||
296 | + /* handshake loop history */ | ||
297 | + HANDSHAKE_HISTORY history; | ||
298 | } HANDSHAKE_RESULT; | ||
299 | |||
300 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); | ||
301 | @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, | ||
302 | CTX_DATA *server2_ctx_data, | ||
303 | CTX_DATA *client_ctx_data); | ||
304 | |||
305 | +const char *handshake_connect_phase_name(connect_phase_t phase); | ||
306 | +const char *handshake_status_name(handshake_status_t handshake_status); | ||
307 | +const char *handshake_peer_status_name(peer_status_t peer_status); | ||
308 | + | ||
309 | #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ | ||
310 | diff --git a/test/ssl_test.c b/test/ssl_test.c | ||
311 | index ea608518f9..9d6b093c81 100644 | ||
312 | --- a/test/ssl_test.c | ||
313 | +++ b/test/ssl_test.c | ||
314 | @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; | ||
315 | /* Currently the section names are of the form test-<number>, e.g. test-15. */ | ||
316 | #define MAX_TESTCASE_NAME_LENGTH 100 | ||
317 | |||
318 | +static void print_handshake_history(const HANDSHAKE_HISTORY *history) | ||
319 | +{ | ||
320 | + size_t first_idx; | ||
321 | + size_t i; | ||
322 | + size_t cur_idx; | ||
323 | + const HANDSHAKE_HISTORY_ENTRY *cur_entry; | ||
324 | + const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; | ||
325 | + const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; | ||
326 | + | ||
327 | + TEST_info("The following is the server/client state " | ||
328 | + "in the most recent %d handshake loops.", | ||
329 | + MAX_HANDSHAKE_HISTORY_ENTRY); | ||
330 | + | ||
331 | + TEST_note("==================================================" | ||
332 | + "=================================================="); | ||
333 | + TEST_note(header_template, | ||
334 | + "phase", "handshake status", "server status", | ||
335 | + "client status", "client turn count", "is client turn"); | ||
336 | + TEST_note("+--------------+----------------+----------------" | ||
337 | + "+----------------+-----------------+--------------+"); | ||
338 | + | ||
339 | + first_idx = (history->last_idx - history->entry_count + 1) & | ||
340 | + MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
341 | + for (i = 0; i < history->entry_count; ++i) { | ||
342 | + cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
343 | + cur_entry = &(history->entries)[cur_idx]; | ||
344 | + TEST_note(body_template, | ||
345 | + handshake_connect_phase_name(cur_entry->phase), | ||
346 | + handshake_status_name(cur_entry->handshake_status), | ||
347 | + handshake_peer_status_name(cur_entry->server_status), | ||
348 | + handshake_peer_status_name(cur_entry->client_status), | ||
349 | + cur_entry->client_turn_count, | ||
350 | + cur_entry->is_client_turn ? "true" : "false"); | ||
351 | + } | ||
352 | + TEST_note("==================================================" | ||
353 | + "=================================================="); | ||
354 | +} | ||
355 | + | ||
356 | static const char *print_alert(int alert) | ||
357 | { | ||
358 | return alert ? SSL_alert_desc_string_long(alert) : "no alert"; | ||
359 | @@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) | ||
360 | ret &= check_client_sign_type(result, test_ctx); | ||
361 | ret &= check_client_ca_names(result, test_ctx); | ||
362 | } | ||
363 | + | ||
364 | + /* Print handshake loop history if any check fails. */ | ||
365 | + if (!ret) { | ||
366 | + print_handshake_history(&(result->history)); | ||
367 | + } | ||
368 | + | ||
369 | return ret; | ||
370 | } | ||
371 | |||
372 | -- | ||
373 | 2.25.1 | ||
374 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..502a7aaf32 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex@linutronix.de> | ||
3 | Date: Tue, 30 May 2023 09:11:27 -0700 | ||
4 | Subject: [PATCH] Configure: do not tweak mips cflags | ||
5 | |||
6 | This conflicts with mips machine definitons from yocto, | ||
7 | e.g. | ||
8 | | Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 | ||
9 | |||
10 | Upstream-Status: Inappropriate [oe-core specific] | ||
11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
12 | |||
13 | Refreshed for openssl-3.1.1 | ||
14 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
15 | --- | ||
16 | Configure | 10 ---------- | ||
17 | 1 file changed, 10 deletions(-) | ||
18 | |||
19 | diff --git a/Configure b/Configure | ||
20 | index 4569952..adf019b 100755 | ||
21 | --- a/Configure | ||
22 | +++ b/Configure | ||
23 | @@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) | ||
24 | push @{$config{shared_ldflag}}, "-mno-cygwin"; | ||
25 | } | ||
26 | |||
27 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} | ||
28 | - && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { | ||
29 | - # minimally required architecture flags for assembly modules | ||
30 | - my $value; | ||
31 | - $value = '-mips2' if ($target =~ /mips32/); | ||
32 | - $value = '-mips3' if ($target =~ /mips64/); | ||
33 | - unshift @{$config{cflags}}, $value; | ||
34 | - unshift @{$config{cxxflags}}, $value if $config{CXX}; | ||
35 | -} | ||
36 | - | ||
37 | # If threads aren't disabled, check how possible they are | ||
38 | unless ($disabled{threads}) { | ||
39 | if ($auto_threads) { | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..bafdbaa46f 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 | 1 | From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> | 2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> |
3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 | 3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 |
4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler | 4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler |
@@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ | |||
21 | Upstream-Status: Inappropriate [OE specific] | 21 | Upstream-Status: Inappropriate [OE specific] |
22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> | 22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> |
23 | 23 | ||
24 | |||
25 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. | 24 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. |
26 | 25 | ||
27 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 26 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
27 | |||
28 | Update to fix buildpaths qa issue for '-ffile-prefix-map'. | ||
29 | |||
30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
31 | |||
28 | --- | 32 | --- |
29 | Configurations/unix-Makefile.tmpl | 10 +++++++++- | 33 | Configurations/unix-Makefile.tmpl | 12 +++++++++++- |
30 | crypto/build.info | 2 +- | 34 | crypto/build.info | 2 +- |
31 | 2 files changed, 10 insertions(+), 2 deletions(-) | 35 | 2 files changed, 12 insertions(+), 2 deletions(-) |
32 | 36 | ||
33 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | 37 | Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl |
34 | index 16af4d2087..54c162784c 100644 | 38 | =================================================================== |
35 | --- a/Configurations/unix-Makefile.tmpl | 39 | --- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl |
36 | +++ b/Configurations/unix-Makefile.tmpl | 40 | +++ openssl-3.0.4/Configurations/unix-Makefile.tmpl |
37 | @@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | 41 | @@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl |
38 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | 42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} |
39 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | 43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) |
40 | 44 | ||
@@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 | |||
49 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { | 53 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { |
50 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | 54 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; |
51 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; | 55 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; |
56 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; | ||
52 | + } | 57 | + } |
53 | + join(' ', @{$config{CFLAGS}}) -} | 58 | + join(' ', @{$config{CFLAGS}}) -} |
54 | + | 59 | + |
@@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644 | |||
58 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} | 63 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} |
59 | 64 | ||
60 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | 65 | # For x86 assembler: Set PROCESSOR to 386 if you want to support |
61 | diff --git a/crypto/build.info b/crypto/build.info | 66 | Index: openssl-3.0.4/crypto/build.info |
62 | index b515b7318e..8c9cee2a09 100644 | 67 | =================================================================== |
63 | --- a/crypto/build.info | 68 | --- openssl-3.0.4.orig/crypto/build.info |
64 | +++ b/crypto/build.info | 69 | +++ openssl-3.0.4/crypto/build.info |
65 | @@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ | 70 | @@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF |
66 | ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl | ||
67 | 71 | ||
72 | DEPEND[info.o]=buildinf.h | ||
68 | DEPEND[cversion.o]=buildinf.h | 73 | DEPEND[cversion.o]=buildinf.h |
69 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | 74 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" |
70 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | 75 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" |
71 | DEPEND[buildinf.h]=../configdata.pm | ||
72 | 76 | ||
73 | GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) | 77 | GENERATE[uplink-x86.S]=../ms/uplink-x86.pl |
74 | -- | 78 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl |
75 | 2.19.1 | ||
76 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Tue, 2 Oct 2018 23:58:24 +0800 | ||
4 | Subject: [PATCH] skip test_symbol_presence | ||
5 | |||
6 | We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' | ||
7 | as INSTALL told us the shared libraries will not be built. | ||
8 | |||
9 | [INSTALL snip] | ||
10 | Notes on shared libraries | ||
11 | ------------------------- | ||
12 | |||
13 | For most systems the OpenSSL Configure script knows what is needed to | ||
14 | build shared libraries for libcrypto and libssl. On these systems | ||
15 | the shared libraries will be created by default. This can be suppressed and | ||
16 | only static libraries created by using the "no-shared" option. On systems | ||
17 | where OpenSSL does not know how to build shared libraries the "no-shared" | ||
18 | option will be forced and only static libraries will be created. | ||
19 | [INSTALL snip] | ||
20 | |||
21 | Hence directly modification the case to skip it. | ||
22 | |||
23 | Upstream-Status: Inappropriate [OE Specific] | ||
24 | |||
25 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
26 | --- | ||
27 | test/recipes/01-test_symbol_presence.t | 3 +-- | ||
28 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t | ||
31 | index 7f2a2d7..0b93745 100644 | ||
32 | --- a/test/recipes/01-test_symbol_presence.t | ||
33 | +++ b/test/recipes/01-test_symbol_presence.t | ||
34 | @@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; | ||
35 | |||
36 | setup("test_symbol_presence"); | ||
37 | |||
38 | -plan skip_all => "Only useful when building shared libraries" | ||
39 | - if disabled("shared"); | ||
40 | +plan skip_all => "The case needs debug symbols then we just disable it"; | ||
41 | |||
42 | my @libnames = ("crypto", "ssl"); | ||
43 | my $testcount = scalar @libnames; | ||
44 | -- | ||
45 | 2.7.4 | ||
46 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index b7c0e9697f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. | ||
2 | |||
3 | Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | diff --git a/Configure b/Configure | ||
7 | index 3baa8ce..9ef52ed 100755 | ||
8 | --- a/Configure | ||
9 | +++ b/Configure | ||
10 | @@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) | ||
11 | unless ($disabled{afalgeng}) { | ||
12 | $config{afalgeng}=""; | ||
13 | if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { | ||
14 | - my $minver = 4*10000 + 1*100 + 0; | ||
15 | - if ($config{CROSS_COMPILE} eq "") { | ||
16 | - my $verstr = `uname -r`; | ||
17 | - my ($ma, $mi1, $mi2) = split("\\.", $verstr); | ||
18 | - ($mi2) = $mi2 =~ /(\d+)/; | ||
19 | - my $ver = $ma*10000 + $mi1*100 + $mi2; | ||
20 | - if ($ver < $minver) { | ||
21 | - disable('too-old-kernel', 'afalgeng'); | ||
22 | - } else { | ||
23 | - push @{$config{engdirs}}, "afalg"; | ||
24 | - } | ||
25 | - } else { | ||
26 | - disable('cross-compiling', 'afalgeng'); | ||
27 | - } | ||
28 | + push @{$config{engdirs}}, "afalg"; | ||
29 | } else { | ||
30 | disable('not-linux', 'afalgeng'); | ||
31 | } | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 | ||
2 | From: Tom Cosgrove <tom.cosgrove@arm.com> | ||
3 | Date: Tue, 26 Mar 2024 13:18:00 +0000 | ||
4 | Subject: [PATCH] aarch64: fix BTI in bsaes assembly code | ||
5 | |||
6 | In Arm systems where BTI is enabled but the Crypto extensions are not (more | ||
7 | likely in FVPs than in real hardware), the bit-sliced assembler code will | ||
8 | be used. However, this wasn't annotated with BTI instructions when BTI was | ||
9 | enabled, so the moment libssl jumps into this code it (correctly) aborts. | ||
10 | |||
11 | Solve this by adding the missing BTI landing pads. | ||
12 | |||
13 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] | ||
14 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
15 | --- | ||
16 | crypto/aes/asm/bsaes-armv8.pl | 5 ++++- | ||
17 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl | ||
20 | index b3c97e439f..c3c5ff3e05 100644 | ||
21 | --- a/crypto/aes/asm/bsaes-armv8.pl | ||
22 | +++ b/crypto/aes/asm/bsaes-armv8.pl | ||
23 | @@ -1018,6 +1018,7 @@ _bsaes_key_convert: | ||
24 | // Initialisation vector overwritten with last quadword of ciphertext | ||
25 | // No output registers, usual AAPCS64 register preservation | ||
26 | ossl_bsaes_cbc_encrypt: | ||
27 | + AARCH64_VALID_CALL_TARGET | ||
28 | cmp x2, #128 | ||
29 | bhs .Lcbc_do_bsaes | ||
30 | b AES_cbc_encrypt | ||
31 | @@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: | ||
32 | // Output text filled in | ||
33 | // No output registers, usual AAPCS64 register preservation | ||
34 | ossl_bsaes_ctr32_encrypt_blocks: | ||
35 | - | ||
36 | + AARCH64_VALID_CALL_TARGET | ||
37 | cmp x2, #8 // use plain AES for | ||
38 | blo .Lctr_enc_short // small sizes | ||
39 | |||
40 | @@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: | ||
41 | // Output ciphertext filled in | ||
42 | // No output registers, usual AAPCS64 register preservation | ||
43 | ossl_bsaes_xts_encrypt: | ||
44 | + AARCH64_VALID_CALL_TARGET | ||
45 | // Stack layout: | ||
46 | // sp -> | ||
47 | // nrounds*128-96 bytes: key schedule | ||
48 | @@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: | ||
49 | // Output plaintext filled in | ||
50 | // No output registers, usual AAPCS64 register preservation | ||
51 | ossl_bsaes_xts_decrypt: | ||
52 | + AARCH64_VALID_CALL_TARGET | ||
53 | // Stack layout: | ||
54 | // sp -> | ||
55 | // nrounds*128-96 bytes: key schedule | ||
56 | -- | ||
57 | 2.34.1 | ||
58 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch deleted file mode 100644 index a24260c95d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | The value for perl_archname can vary depending on the host, e.g. | ||
2 | x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which | ||
3 | makes the ptest package non-reproducible. Its unused other than | ||
4 | these references so drop it. | ||
5 | |||
6 | RP 2020/2/6 | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
10 | |||
11 | Index: openssl-1.1.1d/Configure | ||
12 | =================================================================== | ||
13 | --- openssl-1.1.1d.orig/Configure | ||
14 | +++ openssl-1.1.1d/Configure | ||
15 | @@ -286,7 +286,7 @@ if (defined env($local_config_envname)) | ||
16 | # Save away perl command information | ||
17 | $config{perl_cmd} = $^X; | ||
18 | $config{perl_version} = $Config{version}; | ||
19 | -$config{perl_archname} = $Config{archname}; | ||
20 | +#$config{perl_archname} = $Config{archname}; | ||
21 | |||
22 | $config{prefix}=""; | ||
23 | $config{openssldir}=""; | ||
24 | @@ -2517,7 +2517,7 @@ _____ | ||
25 | @{$config{perlargv}}), "\n"; | ||
26 | print "\nPerl information:\n\n"; | ||
27 | print ' ',$config{perl_cmd},"\n"; | ||
28 | - print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; | ||
29 | + print ' ',$config{perl_version},"\n"; | ||
30 | } | ||
31 | if ($dump || $options) { | ||
32 | my $longest = 0; | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..c89ec5afa1 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest | |||
@@ -9,4 +9,4 @@ export TOP=. | |||
9 | # OPENSSL_ENGINES is relative from the test binaries | 9 | # OPENSSL_ENGINES is relative from the test binaries |
10 | export OPENSSL_ENGINES=../engines | 10 | export OPENSSL_ENGINES=../engines |
11 | 11 | ||
12 | perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' | 12 | { HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' |
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb index 52e96b7831..2cdaf4c75d 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb | |||
@@ -4,37 +4,34 @@ HOMEPAGE = "http://www.openssl.org/" | |||
4 | BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" | 4 | BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" |
5 | SECTION = "libs/network" | 5 | SECTION = "libs/network" |
6 | 6 | ||
7 | # "openssl" here actually means both OpenSSL and SSLeay licenses apply | 7 | LICENSE = "Apache-2.0" |
8 | # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) | 8 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" |
9 | LICENSE = "openssl" | ||
10 | LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" | ||
11 | |||
12 | DEPENDS = "hostperl-runtime-native" | ||
13 | 9 | ||
14 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | 10 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ |
15 | file://run-ptest \ | 11 | file://run-ptest \ |
16 | file://0001-skip-test_symbol_presence.patch \ | ||
17 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
18 | file://afalg.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
19 | file://reproducible.patch \ | 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ |
15 | file://bti.patch \ | ||
20 | " | 16 | " |
21 | 17 | ||
22 | SRC_URI_append_class-nativesdk = " \ | 18 | SRC_URI:append:class-nativesdk = " \ |
23 | file://environment.d-openssl.sh \ | 19 | file://environment.d-openssl.sh \ |
24 | " | 20 | " |
25 | 21 | ||
26 | SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" | 22 | SRC_URI[sha256sum] = "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" |
27 | 23 | ||
28 | inherit lib_package multilib_header multilib_script ptest | 24 | inherit lib_package multilib_header multilib_script ptest perlnative manpages |
29 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | 25 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" |
30 | 26 | ||
31 | PACKAGECONFIG ?= "" | 27 | PACKAGECONFIG ?= "" |
32 | PACKAGECONFIG_class-native = "" | 28 | PACKAGECONFIG:class-native = "" |
33 | PACKAGECONFIG_class-nativesdk = "" | 29 | PACKAGECONFIG:class-nativesdk = "" |
34 | 30 | ||
35 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" | 31 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" |
36 | PACKAGECONFIG[no-tls1] = "no-tls1" | 32 | PACKAGECONFIG[no-tls1] = "no-tls1" |
37 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" | 33 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" |
34 | PACKAGECONFIG[manpages] = "" | ||
38 | 35 | ||
39 | B = "${WORKDIR}/build" | 36 | B = "${WORKDIR}/build" |
40 | do_configure[cleandirs] = "${B}" | 37 | do_configure[cleandirs] = "${B}" |
@@ -42,31 +39,32 @@ do_configure[cleandirs] = "${B}" | |||
42 | #| ./libcrypto.so: undefined reference to `getcontext' | 39 | #| ./libcrypto.so: undefined reference to `getcontext' |
43 | #| ./libcrypto.so: undefined reference to `setcontext' | 40 | #| ./libcrypto.so: undefined reference to `setcontext' |
44 | #| ./libcrypto.so: undefined reference to `makecontext' | 41 | #| ./libcrypto.so: undefined reference to `makecontext' |
45 | EXTRA_OECONF_append_libc-musl = " no-async" | 42 | EXTRA_OECONF:append:libc-musl = " no-async" |
46 | EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" | 43 | EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" |
47 | 44 | ||
48 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions | 45 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions |
49 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) | 46 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) |
50 | EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" | 47 | EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" |
51 | EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" | 48 | EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" |
52 | 49 | ||
53 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. | 50 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. |
54 | CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 51 | CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" |
55 | CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 52 | CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" |
56 | 53 | ||
57 | # Disable deprecated crypto algorithms | 54 | # This allows disabling deprecated or undesirable crypto algorithms. |
58 | # Retained for compatibilty | 55 | # The default is to trust upstream choices. |
59 | # des (curl) | 56 | DEPRECATED_CRYPTO_FLAGS ?= "" |
60 | # dh (python-ssl) | ||
61 | # dsa (rpm) | ||
62 | # md4 (cyrus-sasl freeradius hostapd) | ||
63 | # bf (wvstreams postgresql x11vnc crda znc cfengine) | ||
64 | # rc4 (freerdp librtorrent ettercap xrdp transmission pam-ssh-agent-auth php) | ||
65 | # rc2 (mailx) | ||
66 | # psk (qt5) | ||
67 | DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-srp no-camellia no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool" | ||
68 | 57 | ||
69 | do_configure () { | 58 | do_configure () { |
59 | # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make | ||
60 | # the issue really clear that perl isn't functional due to symbol mismatch issues. | ||
61 | cat <<- EOF > ${WORKDIR}/perltest | ||
62 | #!/usr/bin/env perl | ||
63 | use POSIX; | ||
64 | EOF | ||
65 | chmod a+x ${WORKDIR}/perltest | ||
66 | ${WORKDIR}/perltest | ||
67 | |||
70 | os=${HOST_OS} | 68 | os=${HOST_OS} |
71 | case $os in | 69 | case $os in |
72 | linux-gnueabi |\ | 70 | linux-gnueabi |\ |
@@ -81,6 +79,9 @@ do_configure () { | |||
81 | esac | 79 | esac |
82 | target="$os-${HOST_ARCH}" | 80 | target="$os-${HOST_ARCH}" |
83 | case $target in | 81 | case $target in |
82 | linux-arc | linux-microblaze*) | ||
83 | target=linux-latomic | ||
84 | ;; | ||
84 | linux-arm*) | 85 | linux-arm*) |
85 | target=linux-armv4 | 86 | target=linux-armv4 |
86 | ;; | 87 | ;; |
@@ -96,6 +97,9 @@ do_configure () { | |||
96 | linux-gnu64-x86_64) | 97 | linux-gnu64-x86_64) |
97 | target=linux-x86_64 | 98 | target=linux-x86_64 |
98 | ;; | 99 | ;; |
100 | linux-loongarch64) | ||
101 | target=linux64-loongarch64 | ||
102 | ;; | ||
99 | linux-mips | linux-mipsel) | 103 | linux-mips | linux-mipsel) |
100 | # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags | 104 | # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags |
101 | target="linux-mips32 ${TARGET_CC_ARCH}" | 105 | target="linux-mips32 ${TARGET_CC_ARCH}" |
@@ -106,7 +110,7 @@ do_configure () { | |||
106 | linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) | 110 | linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) |
107 | target=linux64-mips64 | 111 | target=linux64-mips64 |
108 | ;; | 112 | ;; |
109 | linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) | 113 | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) |
110 | target=linux-generic32 | 114 | target=linux-generic32 |
111 | ;; | 115 | ;; |
112 | linux-powerpc) | 116 | linux-powerpc) |
@@ -119,10 +123,10 @@ do_configure () { | |||
119 | target=linux-ppc64le | 123 | target=linux-ppc64le |
120 | ;; | 124 | ;; |
121 | linux-riscv32) | 125 | linux-riscv32) |
122 | target=linux-generic32 | 126 | target=linux32-riscv32 |
123 | ;; | 127 | ;; |
124 | linux-riscv64) | 128 | linux-riscv64) |
125 | target=linux-generic64 | 129 | target=linux64-riscv64 |
126 | ;; | 130 | ;; |
127 | linux-sparc | linux-supersparc) | 131 | linux-sparc | linux-supersparc) |
128 | target=linux-sparcv9 | 132 | target=linux-sparcv9 |
@@ -138,52 +142,62 @@ do_configure () { | |||
138 | fi | 142 | fi |
139 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the | 143 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the |
140 | # environment variables set by bitbake. Adjust the environment variables instead. | 144 | # environment variables set by bitbake. Adjust the environment variables instead. |
141 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ | 145 | PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" |
142 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target | 146 | test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" |
147 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ | ||
148 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target | ||
143 | perl ${B}/configdata.pm --dump | 149 | perl ${B}/configdata.pm --dump |
144 | } | 150 | } |
145 | 151 | ||
146 | do_install () { | 152 | do_install () { |
147 | oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install | 153 | oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} |
148 | 154 | ||
149 | oe_multilib_header openssl/opensslconf.h | 155 | oe_multilib_header openssl/opensslconf.h |
156 | oe_multilib_header openssl/configuration.h | ||
150 | 157 | ||
151 | # Create SSL structure for packages such as ca-certificates which | 158 | # Create SSL structure for packages such as ca-certificates which |
152 | # contain hard-coded paths to /etc/ssl. Debian does the same. | 159 | # contain hard-coded paths to /etc/ssl. Debian does the same. |
153 | install -d ${D}${sysconfdir}/ssl | 160 | install -d ${D}${sysconfdir}/ssl |
154 | mv ${D}${libdir}/ssl-1.1/certs \ | 161 | mv ${D}${libdir}/ssl-3/certs \ |
155 | ${D}${libdir}/ssl-1.1/private \ | 162 | ${D}${libdir}/ssl-3/private \ |
156 | ${D}${libdir}/ssl-1.1/openssl.cnf \ | 163 | ${D}${libdir}/ssl-3/openssl.cnf \ |
157 | ${D}${sysconfdir}/ssl/ | 164 | ${D}${sysconfdir}/ssl/ |
158 | 165 | ||
159 | # Although absolute symlinks would be OK for the target, they become | 166 | # Although absolute symlinks would be OK for the target, they become |
160 | # invalid if native or nativesdk are relocated from sstate. | 167 | # invalid if native or nativesdk are relocated from sstate. |
161 | ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs | 168 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs |
162 | ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private | 169 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private |
163 | ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf | 170 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf |
164 | } | 171 | } |
165 | 172 | ||
166 | do_install_append_class-native () { | 173 | do_install:append:class-native () { |
167 | create_wrapper ${D}${bindir}/openssl \ | 174 | create_wrapper ${D}${bindir}/openssl \ |
168 | OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ | 175 | OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ |
169 | SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ | 176 | SSL_CERT_DIR=${libdir}/ssl-3/certs \ |
170 | SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ | 177 | SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ |
171 | OPENSSL_ENGINES=${libdir}/engines-1.1 | 178 | OPENSSL_ENGINES=${libdir}/engines-3 \ |
179 | OPENSSL_MODULES=${libdir}/ossl-modules | ||
172 | } | 180 | } |
173 | 181 | ||
174 | do_install_append_class-nativesdk () { | 182 | do_install:append:class-nativesdk () { |
175 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d | 183 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d |
176 | install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | 184 | install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh |
177 | sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | 185 | sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh |
178 | } | 186 | } |
179 | 187 | ||
180 | PTEST_BUILD_HOST_FILES += "configdata.pm" | 188 | PTEST_BUILD_HOST_FILES += "configdata.pm" |
181 | PTEST_BUILD_HOST_PATTERN = "perl_version =" | 189 | PTEST_BUILD_HOST_PATTERN = "perl_version =" |
182 | do_install_ptest () { | 190 | do_install_ptest () { |
191 | install -d ${D}${PTEST_PATH}/test | ||
192 | install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test | ||
193 | install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test | ||
194 | install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test | ||
195 | |||
183 | # Prune the build tree | 196 | # Prune the build tree |
184 | rm -f ${B}/fuzz/*.* ${B}/test/*.* | 197 | rm -f ${B}/fuzz/*.* ${B}/test/*.* |
185 | 198 | ||
186 | cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} | 199 | cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} |
200 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm | ||
187 | cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} | 201 | cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} |
188 | 202 | ||
189 | # For test_shlibload | 203 | # For test_shlibload |
@@ -196,7 +210,21 @@ do_install_ptest () { | |||
196 | install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps | 210 | install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps |
197 | 211 | ||
198 | install -d ${D}${PTEST_PATH}/engines | 212 | install -d ${D}${PTEST_PATH}/engines |
213 | install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines | ||
214 | install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines | ||
199 | install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines | 215 | install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines |
216 | |||
217 | install -d ${D}${PTEST_PATH}/providers | ||
218 | install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers | ||
219 | |||
220 | install -d ${D}${PTEST_PATH}/Configurations | ||
221 | cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ | ||
222 | |||
223 | # seems to be needed with perl 5.32.1 | ||
224 | install -d ${D}${PTEST_PATH}/util/perl/recipes | ||
225 | cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ | ||
226 | |||
227 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl | ||
200 | } | 228 | } |
201 | 229 | ||
202 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | 230 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto |
@@ -204,32 +232,32 @@ do_install_ptest () { | |||
204 | # file to be installed for both the openssl-bin package and the libcrypto | 232 | # file to be installed for both the openssl-bin package and the libcrypto |
205 | # package since the openssl-bin package depends on the libcrypto package. | 233 | # package since the openssl-bin package depends on the libcrypto package. |
206 | 234 | ||
207 | PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" | 235 | PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy" |
208 | 236 | ||
209 | FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" | 237 | FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" |
210 | FILES_libssl = "${libdir}/libssl${SOLIBS}" | 238 | FILES:libssl = "${libdir}/libssl${SOLIBS}" |
211 | FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ | 239 | FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ |
212 | ${libdir}/ssl-1.1/openssl.cnf* \ | 240 | ${libdir}/ssl-3/openssl.cnf* \ |
213 | " | 241 | " |
214 | FILES_${PN}-engines = "${libdir}/engines-1.1" | 242 | FILES:${PN}-engines = "${libdir}/engines-3" |
215 | # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) | 243 | # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) |
216 | FILES_${PN}-engines_append_mingw32_class-nativesdk = " ${prefix}${libdir}/engines-1_1" | 244 | FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" |
217 | FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash" | 245 | FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" |
218 | FILES_${PN} =+ "${libdir}/ssl-1.1/*" | 246 | FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" |
219 | FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | 247 | FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" |
248 | FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | ||
220 | 249 | ||
221 | CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" | 250 | CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" |
222 | 251 | ||
223 | RRECOMMENDS_libcrypto += "openssl-conf" | 252 | RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" |
224 | RDEPENDS_${PN}-misc = "perl" | 253 | RDEPENDS:${PN}-misc = "perl" |
225 | RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" | 254 | RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed" |
226 | 255 | ||
227 | RDEPENDS_${PN}-bin += "openssl-conf" | 256 | RDEPENDS:${PN}-bin += "openssl-conf" |
228 | 257 | ||
229 | BBCLASSEXTEND = "native nativesdk" | 258 | BBCLASSEXTEND = "native nativesdk" |
230 | 259 | ||
231 | CVE_PRODUCT = "openssl:openssl" | 260 | CVE_PRODUCT = "openssl:openssl" |
232 | 261 | ||
233 | # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 | 262 | CVE_VERSION_SUFFIX = "alphabetical" |
234 | # Apache in meta-webserver is already recent enough | 263 | |
235 | CVE_CHECK_WHITELIST += "CVE-2019-0190" | ||
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb index b5f68951d7..099c58bfc7 100644 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb | |||
@@ -1,8 +1,8 @@ | |||
1 | SUMMARY = "Enables PPP dial-in through a serial connection" | 1 | SUMMARY = "Enables PPP dial-in through a serial connection" |
2 | SECTION = "console/network" | 2 | SECTION = "console/network" |
3 | DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." | ||
3 | DEPENDS = "ppp" | 4 | DEPENDS = "ppp" |
4 | RDEPENDS_${PN} = "ppp" | 5 | RDEPENDS:${PN} = "ppp" |
5 | PR = "r8" | ||
6 | LICENSE = "MIT" | 6 | LICENSE = "MIT" |
7 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | 7 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
8 | 8 | ||
@@ -22,6 +22,6 @@ do_install() { | |||
22 | } | 22 | } |
23 | 23 | ||
24 | USERADD_PACKAGES = "${PN}" | 24 | USERADD_PACKAGES = "${PN}" |
25 | USERADD_PARAM_${PN} = "--system --home /dev/null \ | 25 | USERADD_PARAM:${PN} = "--system --home /dev/null \ |
26 | --no-create-home --shell ${sbindir}/ppp-dialin \ | 26 | --no-create-home --shell ${sbindir}/ppp-dialin \ |
27 | --no-user-group --gid nogroup ppp" | 27 | --no-user-group --gid nogroup ppp" |
diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch deleted file mode 100644 index fce068cae0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefix.patch +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | We were seeing reproducibility issues where one host would use the internal | ||
2 | logwtmp wrapper, another would use the one in libutil. The issue was that in | ||
3 | some cases the "\#include" was making it to CC, in others, "#include". The | ||
4 | issue seems to be related to shell escaping. | ||
5 | |||
6 | The root cause looks to be: | ||
7 | http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4 | ||
8 | |||
9 | Instead of relying on shell quoting, use make to indirect the variable | ||
10 | and avoid the problem. | ||
11 | |||
12 | See https://github.com/paulusmack/ppp/issues/233 | ||
13 | |||
14 | Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686] | ||
15 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
16 | |||
17 | Index: ppp-2.4.9/pppd/Makefile.linux | ||
18 | =================================================================== | ||
19 | --- ppp-2.4.9.orig/pppd/Makefile.linux | ||
20 | +++ ppp-2.4.9/pppd/Makefile.linux | ||
21 | @@ -80,7 +80,8 @@ PLUGIN=y | ||
22 | #USE_SRP=y | ||
23 | |||
24 | # Use libutil; test if logwtmp is declared in <utmp.h> to detect | ||
25 | -ifeq ($(shell echo '\#include <utmp.h>' | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes) | ||
26 | +UTMPHEADER = "\#include <utmp.h>" | ||
27 | +ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes) | ||
28 | USE_LIBUTIL=y | ||
29 | endif | ||
30 | |||
31 | @@ -143,7 +144,8 @@ CFLAGS += -DHAS_SHADOW | ||
32 | #LIBS += -lshadow $(LIBS) | ||
33 | endif | ||
34 | |||
35 | -ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) | ||
36 | +CRYPTHEADER = "\#include <crypt.h>" | ||
37 | +ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) | ||
38 | CFLAGS += -DHAVE_CRYPT_H=1 | ||
39 | LIBS += -lcrypt | ||
40 | endif | ||
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb index a78992fa5e..5f0c75de83 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb | |||
@@ -5,14 +5,13 @@ SECTION = "console/network" | |||
5 | HOMEPAGE = "http://samba.org/ppp/" | 5 | HOMEPAGE = "http://samba.org/ppp/" |
6 | BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" | 6 | BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" |
7 | DEPENDS = "libpcap openssl virtual/crypt" | 7 | DEPENDS = "libpcap openssl virtual/crypt" |
8 | LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" | 8 | LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD" |
9 | LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ | 9 | LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ |
10 | file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ | 10 | file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ |
11 | file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ | 11 | file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ |
12 | file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" | 12 | file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" |
13 | 13 | ||
14 | SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ | 14 | SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ |
15 | file://makefix.patch \ | ||
16 | file://pon \ | 15 | file://pon \ |
17 | file://poff \ | 16 | file://poff \ |
18 | file://init \ | 17 | file://init \ |
@@ -26,25 +25,13 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ | |||
26 | file://ppp@.service \ | 25 | file://ppp@.service \ |
27 | " | 26 | " |
28 | 27 | ||
29 | SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" | 28 | SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff" |
30 | 29 | ||
31 | inherit autotools-brokensep systemd | 30 | inherit autotools systemd |
32 | 31 | ||
33 | TARGET_CC_ARCH += " ${LDFLAGS}" | 32 | EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}" |
34 | EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}" | ||
35 | EXTRA_OECONF = "--disable-strip" | ||
36 | 33 | ||
37 | # Package Makefile computes CFLAGS, referencing COPTS. | 34 | do_install:append () { |
38 | # Typically hard-coded to '-O2 -g' in the Makefile's. | ||
39 | # | ||
40 | EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' | ||
41 | |||
42 | do_configure () { | ||
43 | oe_runconf | ||
44 | } | ||
45 | |||
46 | do_install_append () { | ||
47 | make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp | ||
48 | mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d | 35 | mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d |
49 | mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ | 36 | mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ |
50 | mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ | 37 | mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ |
@@ -60,37 +47,29 @@ do_install_append () { | |||
60 | install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts | 47 | install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts |
61 | install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot | 48 | install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot |
62 | install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider | 49 | install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider |
63 | install -d ${D}${systemd_unitdir}/system | 50 | install -d ${D}${systemd_system_unitdir} |
64 | install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system | 51 | install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} |
65 | sed -i -e 's,@SBINDIR@,${sbindir},g' \ | 52 | sed -i -e 's,@SBINDIR@,${sbindir},g' \ |
66 | ${D}${systemd_unitdir}/system/ppp@.service | 53 | ${D}${systemd_system_unitdir}/ppp@.service |
67 | rm -rf ${D}/${mandir}/man8/man8 | ||
68 | chmod u+s ${D}${sbindir}/pppd | ||
69 | } | ||
70 | |||
71 | do_install_append_libc-musl () { | ||
72 | install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h | ||
73 | } | 54 | } |
74 | 55 | ||
75 | CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" | 56 | CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" |
76 | PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" | 57 | PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" |
77 | FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service" | 58 | FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" |
78 | FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" | 59 | FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" |
79 | FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" | 60 | FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" |
80 | FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" | 61 | FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" |
81 | FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" | 62 | FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" |
82 | FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" | 63 | FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" |
83 | FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so" | 64 | FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" |
84 | FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" | 65 | FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" |
85 | FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" | 66 | FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" |
86 | SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support" | 67 | SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" |
87 | SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" | 68 | SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" |
88 | SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support" | 69 | SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" |
89 | SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" | 70 | SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" |
90 | SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" | 71 | SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" |
91 | SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe" | 72 | SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" |
92 | SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support" | 73 | SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" |
93 | SUMMARY_${PN}-tools = "Additional tools for the PPP package" | 74 | SUMMARY:${PN}-tools = "Additional tools for the PPP package" |
94 | 75 | ||
95 | # Ignore compatibility symlink rp-pppoe.so->pppoe.so | ||
96 | INSANE_SKIP_${PN}-oe += "dev-so" | ||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch new file mode 100644 index 0000000000..ab32f26754 --- /dev/null +++ b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Thu, 17 Nov 2022 17:26:30 +0800 | ||
4 | Subject: [PATCH] avoid using -m option for readlink | ||
5 | |||
6 | Use a more widely used option '-f' instead of '-m' here to | ||
7 | avoid dependency on coreutils. | ||
8 | |||
9 | Looking at the git history of the resolvconf repo, the '-m' | ||
10 | is deliberately used. And it wants to depend on coreutils. | ||
11 | But in case of OE, the existence of /etc is ensured, and busybox | ||
12 | readlink provides '-f' option, so we can just use '-f'. In this | ||
13 | way, the coreutils dependency is not necessary any more. | ||
14 | |||
15 | Upstream-Status: Inappropriate [OE Specific] | ||
16 | |||
17 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
18 | --- | ||
19 | etc/resolvconf/update.d/libc | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc | ||
23 | index 1c4f6bc..f75d22c 100755 | ||
24 | --- a/etc/resolvconf/update.d/libc | ||
25 | +++ b/etc/resolvconf/update.d/libc | ||
26 | @@ -57,7 +57,7 @@ fi | ||
27 | report_warning() { echo "$0: Warning: $*" >&2 ; } | ||
28 | |||
29 | resolv_conf_is_symlinked_to_dynamic_file() { | ||
30 | - [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] | ||
31 | + [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] | ||
32 | } | ||
33 | |||
34 | if ! resolv_conf_is_symlinked_to_dynamic_file ; then | ||
35 | -- | ||
36 | 2.17.1 | ||
37 | |||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch deleted file mode 100644 index 1aead07869..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | |||
2 | busybox installs readlink into /usr/bin, so ensure /usr/bin | ||
3 | is in the path. | ||
4 | |||
5 | Upstream-Status: Submitted | ||
6 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
7 | |||
8 | Index: resolvconf-1.76/etc/resolvconf/update.d/libc | ||
9 | =================================================================== | ||
10 | --- resolvconf-1.76.orig/etc/resolvconf/update.d/libc | ||
11 | +++ resolvconf-1.76/etc/resolvconf/update.d/libc | ||
12 | @@ -16,7 +16,7 @@ | ||
13 | # | ||
14 | |||
15 | set -e | ||
16 | -PATH=/sbin:/bin | ||
17 | +PATH=/sbin:/bin:/usr/bin | ||
18 | |||
19 | [ -x /lib/resolvconf/list-records ] || exit 1 | ||
20 | |||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb index 33ee553d19..226cb7ee77 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.92.bb | |||
@@ -5,18 +5,17 @@ itself up as the intermediary between programs that supply \ | |||
5 | nameserver information and programs that need nameserver \ | 5 | nameserver information and programs that need nameserver \ |
6 | information." | 6 | information." |
7 | SECTION = "console/network" | 7 | SECTION = "console/network" |
8 | LICENSE = "GPLv2+" | 8 | LICENSE = "GPL-2.0-or-later" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" |
10 | AUTHOR = "Thomas Hood" | ||
11 | HOMEPAGE = "http://packages.debian.org/resolvconf" | 10 | HOMEPAGE = "http://packages.debian.org/resolvconf" |
12 | RDEPENDS_${PN} = "bash" | 11 | RDEPENDS:${PN} = "bash sed util-linux-flock" |
13 | 12 | ||
14 | SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \ | 13 | SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ |
15 | file://fix-path-for-busybox.patch \ | ||
16 | file://99_resolvconf \ | 14 | file://99_resolvconf \ |
17 | " | 15 | file://0001-avoid-using-m-option-for-readlink.patch \ |
16 | " | ||
18 | 17 | ||
19 | SRCREV = "d001dd2b7ce4c854eaa29e46b9640ab66c6e70bb" | 18 | SRCREV = "86047276c80705c51859a19f0c472102e0822f34" |
20 | 19 | ||
21 | S = "${WORKDIR}/git" | 20 | S = "${WORKDIR}/git" |
22 | 21 | ||
@@ -24,8 +23,6 @@ S = "${WORKDIR}/git" | |||
24 | # so we check the latest upstream from a directory that does get updated | 23 | # so we check the latest upstream from a directory that does get updated |
25 | UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" | 24 | UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" |
26 | 25 | ||
27 | inherit allarch | ||
28 | |||
29 | do_compile () { | 26 | do_compile () { |
30 | : | 27 | : |
31 | } | 28 | } |
@@ -40,12 +37,14 @@ do_install () { | |||
40 | fi | 37 | fi |
41 | install -d ${D}${base_libdir}/${BPN} | 38 | install -d ${D}${base_libdir}/${BPN} |
42 | install -d ${D}${sysconfdir}/${BPN} | 39 | install -d ${D}${sysconfdir}/${BPN} |
40 | install -d ${D}${nonarch_base_libdir}/${BPN} | ||
43 | ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run | 41 | ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run |
44 | install -d ${D}${sysconfdir} ${D}${base_sbindir} | 42 | install -d ${D}${sysconfdir} ${D}${base_sbindir} |
45 | install -d ${D}${mandir}/man8 ${D}${docdir}/${P} | 43 | install -d ${D}${mandir}/man8 ${D}${docdir}/${P} |
46 | cp -pPR etc/resolvconf ${D}${sysconfdir}/ | 44 | cp -pPR etc/resolvconf ${D}${sysconfdir}/ |
47 | chown -R root:root ${D}${sysconfdir}/ | 45 | chown -R root:root ${D}${sysconfdir}/ |
48 | install -m 0755 bin/resolvconf ${D}${base_sbindir}/ | 46 | install -m 0755 bin/resolvconf ${D}${base_sbindir}/ |
47 | install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} | ||
49 | install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} | 48 | install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} |
50 | install -d ${D}/${sysconfdir}/network/if-up.d | 49 | install -d ${D}/${sysconfdir}/network/if-up.d |
51 | install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf | 50 | install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf |
@@ -55,7 +54,7 @@ do_install () { | |||
55 | install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ | 54 | install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ |
56 | } | 55 | } |
57 | 56 | ||
58 | pkg_postinst_${PN} () { | 57 | pkg_postinst:${PN} () { |
59 | if [ -z "$D" ]; then | 58 | if [ -z "$D" ]; then |
60 | if command -v systemd-tmpfiles >/dev/null; then | 59 | if command -v systemd-tmpfiles >/dev/null; then |
61 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf | 60 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf |
@@ -65,4 +64,4 @@ pkg_postinst_${PN} () { | |||
65 | fi | 64 | fi |
66 | } | 65 | } |
67 | 66 | ||
68 | FILES_${PN} += "${base_libdir}/${BPN}" | 67 | FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" |
diff --git a/meta/recipes-connectivity/slirp/libslirp_git.bb b/meta/recipes-connectivity/slirp/libslirp_git.bb new file mode 100644 index 0000000000..334b786b9b --- /dev/null +++ b/meta/recipes-connectivity/slirp/libslirp_git.bb | |||
@@ -0,0 +1,18 @@ | |||
1 | SUMMARY = "A general purpose TCP-IP emulator" | ||
2 | DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services." | ||
3 | HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp" | ||
4 | LICENSE = "BSD-3-Clause & MIT" | ||
5 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727" | ||
6 | |||
7 | SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master" | ||
8 | SRCREV = "3ad1710a96678fe79066b1469cead4058713a1d9" | ||
9 | PV = "4.7.0" | ||
10 | S = "${WORKDIR}/git" | ||
11 | |||
12 | DEPENDS = " \ | ||
13 | glib-2.0 \ | ||
14 | " | ||
15 | |||
16 | inherit meson pkgconfig | ||
17 | |||
18 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch new file mode 100644 index 0000000000..9051ae1abe --- /dev/null +++ b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From 4f887cc665c9a48b83e20ef4abe57afa7e365e0e Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@eng.windriver.com> | ||
3 | Date: Tue, 5 Dec 2023 23:02:22 -0800 | ||
4 | Subject: [PATCH v2] fix compile procan.c failed | ||
5 | |||
6 | 1. Compile socat failed if out of tree build (build dir != source dir) | ||
7 | ... | ||
8 | gcc -c -D CC="gcc" -o procan.o procan.c | ||
9 | cc1: fatal error: procan.c: No such file or directory | ||
10 | ... | ||
11 | Explicitly add $srcdir to makefile rule | ||
12 | |||
13 | 2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" | ||
14 | ... | ||
15 | from ../socat-1.8.0.0/procan.c:10: | ||
16 | ../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory | ||
17 | 18 | #include <inttypes.h> /* uint16_t */ | ||
18 | ... | ||
19 | |||
20 | In commit [Procan: print umask, CC, and couple more new infos][1], | ||
21 | it defeines marcro CC in C source, the space in CC will break | ||
22 | C source compile. Use first word of $(CC) to defeine marco CC | ||
23 | |||
24 | [1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 | ||
25 | |||
26 | Upstream-Status: Submitted [socat@dest-unreach.org] | ||
27 | Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com> | ||
28 | --- | ||
29 | Makefile.in | 10 +++++----- | ||
30 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
31 | |||
32 | diff --git a/Makefile.in b/Makefile.in | ||
33 | index c01b1a4..48dad69 100644 | ||
34 | --- a/Makefile.in | ||
35 | +++ b/Makefile.in | ||
36 | @@ -109,8 +109,8 @@ depend: $(CFILES) $(HFILES) | ||
37 | socat: socat.o libxio.a | ||
38 | $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) | ||
39 | |||
40 | -procan.o: procan.c | ||
41 | - $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c | ||
42 | +procan.o: $(srcdir)/procan.c | ||
43 | + $(CC) $(CFLAGS) -c -D CC=\"$(firstword $(CC))\" -o $@ $(srcdir)/procan.c | ||
44 | |||
45 | PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o | ||
46 | procan: $(PROCAN_OBJS) | ||
47 | @@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 | ||
48 | mkdir -p $(DESTDIR)$(BINDEST) | ||
49 | $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 | ||
50 | ln -sf socat1 $(DESTDIR)$(BINDEST)/socat | ||
51 | - $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) | ||
52 | - $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) | ||
53 | - $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) | ||
54 | + $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) | ||
55 | + $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) | ||
56 | + $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) | ||
57 | $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) | ||
58 | $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) | ||
59 | mkdir -p $(DESTDIR)$(MANDEST)/man1 | ||
60 | -- | ||
61 | 2.42.0 | ||
62 | |||
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb index f3f569d262..912605c95c 100644 --- a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb +++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb | |||
@@ -7,13 +7,13 @@ SECTION = "console/network" | |||
7 | 7 | ||
8 | LICENSE = "GPL-2.0-with-OpenSSL-exception" | 8 | LICENSE = "GPL-2.0-with-OpenSSL-exception" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ |
10 | file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f" | 10 | file://README;beginline=241;endline=271;md5=338c05eadd013872abb1d6e198e10a3f" |
11 | 11 | ||
12 | SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ | 12 | SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ |
13 | file://0001-fix-compile-procan.c-failed.patch \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9" | 16 | SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7" |
16 | SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc" | ||
17 | 17 | ||
18 | inherit autotools | 18 | inherit autotools |
19 | 19 | ||
@@ -29,15 +29,15 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ | |||
29 | sc_cv_sys_tabdly_shift=11 \ | 29 | sc_cv_sys_tabdly_shift=11 \ |
30 | sc_cv_sys_csize_shift=4" | 30 | sc_cv_sys_csize_shift=4" |
31 | 31 | ||
32 | TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \ | 32 | TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ |
33 | sc_cv_sys_tabdly_shift=10 \ | 33 | sc_cv_sys_tabdly_shift=10 \ |
34 | sc_cv_sys_csize_shift=8" | 34 | sc_cv_sys_csize_shift=8" |
35 | 35 | ||
36 | TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \ | 36 | TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ |
37 | sc_cv_sys_tabdly_shift=10 \ | 37 | sc_cv_sys_tabdly_shift=10 \ |
38 | sc_cv_sys_csize_shift=8" | 38 | sc_cv_sys_csize_shift=8" |
39 | 39 | ||
40 | PACKAGECONFIG_class-target ??= "tcp-wrappers readline openssl" | 40 | PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" |
41 | PACKAGECONFIG ??= "readline openssl" | 41 | PACKAGECONFIG ??= "readline openssl" |
42 | PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" | 42 | PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" |
43 | PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" | 43 | PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" |
@@ -45,7 +45,7 @@ PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" | |||
45 | 45 | ||
46 | CFLAGS += "-fcommon" | 46 | CFLAGS += "-fcommon" |
47 | 47 | ||
48 | do_install_prepend () { | 48 | do_install:prepend () { |
49 | mkdir -p ${D}${bindir} | 49 | mkdir -p ${D}${bindir} |
50 | install -d ${D}${bindir} ${D}${mandir}/man1 | 50 | install -d ${D}${bindir} ${D}${mandir}/man1 |
51 | } | 51 | } |
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch deleted file mode 100644 index 7b0713cf6d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +++ /dev/null | |||
@@ -1,82 +0,0 @@ | |||
1 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication | ||
2 | of disconnection in certain situations because source address validation is | ||
3 | mishandled. This is a denial of service that should have been prevented by PMF | ||
4 | (aka management frame protection). The attacker must send a crafted 802.11 frame | ||
5 | from a location that is within the 802.11 communications range. | ||
6 | |||
7 | CVE: CVE-2019-16275 | ||
8 | Upstream-Status: Backport | ||
9 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
10 | |||
11 | From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 | ||
12 | From: Jouni Malinen <j@w1.fi> | ||
13 | Date: Thu, 29 Aug 2019 11:52:04 +0300 | ||
14 | Subject: [PATCH] AP: Silently ignore management frame from unexpected source | ||
15 | address | ||
16 | |||
17 | Do not process any received Management frames with unexpected/invalid SA | ||
18 | so that we do not add any state for unexpected STA addresses or end up | ||
19 | sending out frames to unexpected destination. This prevents unexpected | ||
20 | sequences where an unprotected frame might end up causing the AP to send | ||
21 | out a response to another device and that other device processing the | ||
22 | unexpected response. | ||
23 | |||
24 | In particular, this prevents some potential denial of service cases | ||
25 | where the unexpected response frame from the AP might result in a | ||
26 | connected station dropping its association. | ||
27 | |||
28 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
29 | --- | ||
30 | src/ap/drv_callbacks.c | 13 +++++++++++++ | ||
31 | src/ap/ieee802_11.c | 12 ++++++++++++ | ||
32 | 2 files changed, 25 insertions(+) | ||
33 | |||
34 | diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c | ||
35 | index 31587685fe3b..34ca379edc3d 100644 | ||
36 | --- a/src/ap/drv_callbacks.c | ||
37 | +++ b/src/ap/drv_callbacks.c | ||
38 | @@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, | ||
39 | "hostapd_notif_assoc: Skip event with no address"); | ||
40 | return -1; | ||
41 | } | ||
42 | + | ||
43 | + if (is_multicast_ether_addr(addr) || | ||
44 | + is_zero_ether_addr(addr) || | ||
45 | + os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { | ||
46 | + /* Do not process any frames with unexpected/invalid SA so that | ||
47 | + * we do not add any state for unexpected STA addresses or end | ||
48 | + * up sending out frames to unexpected destination. */ | ||
49 | + wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR | ||
50 | + " in received indication - ignore this indication silently", | ||
51 | + __func__, MAC2STR(addr)); | ||
52 | + return 0; | ||
53 | + } | ||
54 | + | ||
55 | random_add_randomness(addr, ETH_ALEN); | ||
56 | |||
57 | hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, | ||
58 | diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c | ||
59 | index c85a28db44b7..e7065372e158 100644 | ||
60 | --- a/src/ap/ieee802_11.c | ||
61 | +++ b/src/ap/ieee802_11.c | ||
62 | @@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, | ||
63 | fc = le_to_host16(mgmt->frame_control); | ||
64 | stype = WLAN_FC_GET_STYPE(fc); | ||
65 | |||
66 | + if (is_multicast_ether_addr(mgmt->sa) || | ||
67 | + is_zero_ether_addr(mgmt->sa) || | ||
68 | + os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { | ||
69 | + /* Do not process any frames with unexpected/invalid SA so that | ||
70 | + * we do not add any state for unexpected STA addresses or end | ||
71 | + * up sending out frames to unexpected destination. */ | ||
72 | + wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR | ||
73 | + " in received frame - ignore this frame silently", | ||
74 | + MAC2STR(mgmt->sa)); | ||
75 | + return 0; | ||
76 | + } | ||
77 | + | ||
78 | if (stype == WLAN_FC_STYPE_BEACON) { | ||
79 | handle_beacon(hapd, mgmt, len, fi); | ||
80 | return 1; | ||
81 | -- | ||
82 | 2.20.1 | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch new file mode 100644 index 0000000000..c04c608bde --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 57b12a1e43605f71239a21488cb9b541f0751dda Mon Sep 17 00:00:00 2001 | ||
2 | From: Alex Kiernan <alexk@zuma.ai> | ||
3 | Date: Thu, 21 Apr 2022 10:15:29 +0100 | ||
4 | Subject: [PATCH] Install wpa_passphrase when not disabled | ||
5 | |||
6 | As part of fixing CONFIG_NO_WPA_PASSPHRASE, whilst wpa_passphrase gets | ||
7 | built, its not installed during `make install`. | ||
8 | |||
9 | Fixes: cb41c214b78d ("build: Re-enable options for libwpa_client.so and wpa_passphrase") | ||
10 | Signed-off-by: Alex Kiernan <alexk@zuma.ai> | ||
11 | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> | ||
12 | Upstream-Status: Submitted [http://lists.infradead.org/pipermail/hostap/2022-April/040448.html] | ||
13 | --- | ||
14 | wpa_supplicant/Makefile | 3 +++ | ||
15 | 1 file changed, 3 insertions(+) | ||
16 | |||
17 | diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile | ||
18 | index 0bab313f2355..12787c0c7d0f 100644 | ||
19 | --- a/wpa_supplicant/Makefile | ||
20 | +++ b/wpa_supplicant/Makefile | ||
21 | @@ -73,6 +73,9 @@ $(DESTDIR)$(BINDIR)/%: % | ||
22 | |||
23 | install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) | ||
24 | $(MAKE) -C ../src install | ||
25 | +ifndef CONFIG_NO_WPA_PASSPHRASE | ||
26 | + install -D wpa_passphrase $(DESTDIR)/$(BINDIR)/wpa_passphrase | ||
27 | +endif | ||
28 | ifdef CONFIG_BUILD_WPA_CLIENT_SO | ||
29 | install -m 0644 -D libwpa_client.so $(DESTDIR)/$(LIBDIR)/libwpa_client.so | ||
30 | install -m 0644 -D ../src/common/wpa_ctrl.h $(DESTDIR)/$(INCDIR)/wpa_ctrl.h | ||
31 | -- | ||
32 | 2.35.1 | ||
33 | |||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch new file mode 100644 index 0000000000..620560d3c7 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch | |||
@@ -0,0 +1,213 @@ | |||
1 | From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001 | ||
2 | From: Jouni Malinen <j@w1.fi> | ||
3 | Date: Sat, 8 Jul 2023 19:55:32 +0300 | ||
4 | Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements | ||
5 | |||
6 | The previous PEAP client behavior allowed the server to skip Phase 2 | ||
7 | authentication with the expectation that the server was authenticated | ||
8 | during Phase 1 through TLS server certificate validation. Various PEAP | ||
9 | specifications are not exactly clear on what the behavior on this front | ||
10 | is supposed to be and as such, this ended up being more flexible than | ||
11 | the TTLS/FAST/TEAP cases. However, this is not really ideal when | ||
12 | unfortunately common misconfiguration of PEAP is used in deployed | ||
13 | devices where the server trust root (ca_cert) is not configured or the | ||
14 | user has an easy option for allowing this validation step to be skipped. | ||
15 | |||
16 | Change the default PEAP client behavior to be to require Phase 2 | ||
17 | authentication to be successfully completed for cases where TLS session | ||
18 | resumption is not used and the client certificate has not been | ||
19 | configured. Those two exceptions are the main cases where a deployed | ||
20 | authentication server might skip Phase 2 and as such, where a more | ||
21 | strict default behavior could result in undesired interoperability | ||
22 | issues. Requiring Phase 2 authentication will end up disabling TLS | ||
23 | session resumption automatically to avoid interoperability issues. | ||
24 | |||
25 | Allow Phase 2 authentication behavior to be configured with a new phase1 | ||
26 | configuration parameter option: | ||
27 | 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS | ||
28 | tunnel) behavior for PEAP: | ||
29 | * 0 = do not require Phase 2 authentication | ||
30 | * 1 = require Phase 2 authentication when client certificate | ||
31 | (private_key/client_cert) is no used and TLS session resumption was | ||
32 | not used (default) | ||
33 | * 2 = require Phase 2 authentication in all cases | ||
34 | |||
35 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
36 | |||
37 | CVE: CVE-2023-52160 | ||
38 | Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c] | ||
39 | |||
40 | Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> | ||
41 | |||
42 | --- | ||
43 | src/eap_peer/eap_config.h | 8 ++++++ | ||
44 | src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++--- | ||
45 | src/eap_peer/eap_tls_common.c | 6 +++++ | ||
46 | src/eap_peer/eap_tls_common.h | 5 ++++ | ||
47 | wpa_supplicant/wpa_supplicant.conf | 7 ++++++ | ||
48 | 5 files changed, 63 insertions(+), 3 deletions(-) | ||
49 | |||
50 | diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h | ||
51 | index 3238f74..047eec2 100644 | ||
52 | --- a/src/eap_peer/eap_config.h | ||
53 | +++ b/src/eap_peer/eap_config.h | ||
54 | @@ -469,6 +469,14 @@ struct eap_peer_config { | ||
55 | * 1 = use cryptobinding if server supports it | ||
56 | * 2 = require cryptobinding | ||
57 | * | ||
58 | + * phase2_auth option can be used to control Phase 2 (i.e., within TLS | ||
59 | + * tunnel) behavior for PEAP: | ||
60 | + * 0 = do not require Phase 2 authentication | ||
61 | + * 1 = require Phase 2 authentication when client certificate | ||
62 | + * (private_key/client_cert) is no used and TLS session resumption was | ||
63 | + * not used (default) | ||
64 | + * 2 = require Phase 2 authentication in all cases | ||
65 | + * | ||
66 | * EAP-WSC (WPS) uses following options: pin=Device_Password and | ||
67 | * uuid=Device_UUID | ||
68 | * | ||
69 | diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c | ||
70 | index 12e30df..6080697 100644 | ||
71 | --- a/src/eap_peer/eap_peap.c | ||
72 | +++ b/src/eap_peer/eap_peap.c | ||
73 | @@ -67,6 +67,7 @@ struct eap_peap_data { | ||
74 | u8 cmk[20]; | ||
75 | int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) | ||
76 | * is enabled. */ | ||
77 | + enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; | ||
78 | }; | ||
79 | |||
80 | |||
81 | @@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, | ||
82 | wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); | ||
83 | } | ||
84 | |||
85 | + if (os_strstr(phase1, "phase2_auth=0")) { | ||
86 | + data->phase2_auth = NO_AUTH; | ||
87 | + wpa_printf(MSG_DEBUG, | ||
88 | + "EAP-PEAP: Do not require Phase 2 authentication"); | ||
89 | + } else if (os_strstr(phase1, "phase2_auth=1")) { | ||
90 | + data->phase2_auth = FOR_INITIAL; | ||
91 | + wpa_printf(MSG_DEBUG, | ||
92 | + "EAP-PEAP: Require Phase 2 authentication for initial connection"); | ||
93 | + } else if (os_strstr(phase1, "phase2_auth=2")) { | ||
94 | + data->phase2_auth = ALWAYS; | ||
95 | + wpa_printf(MSG_DEBUG, | ||
96 | + "EAP-PEAP: Require Phase 2 authentication for all cases"); | ||
97 | + } | ||
98 | #ifdef EAP_TNC | ||
99 | if (os_strstr(phase1, "tnc=soh2")) { | ||
100 | data->soh = 2; | ||
101 | @@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) | ||
102 | data->force_peap_version = -1; | ||
103 | data->peap_outer_success = 2; | ||
104 | data->crypto_binding = OPTIONAL_BINDING; | ||
105 | + data->phase2_auth = FOR_INITIAL; | ||
106 | |||
107 | if (config && config->phase1) | ||
108 | eap_peap_parse_phase1(data, config->phase1); | ||
109 | @@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, | ||
110 | } | ||
111 | |||
112 | |||
113 | +static bool peap_phase2_sufficient(struct eap_sm *sm, | ||
114 | + struct eap_peap_data *data) | ||
115 | +{ | ||
116 | + if ((data->phase2_auth == ALWAYS || | ||
117 | + (data->phase2_auth == FOR_INITIAL && | ||
118 | + !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && | ||
119 | + !data->ssl.client_cert_conf) || | ||
120 | + data->phase2_eap_started) && | ||
121 | + !data->phase2_eap_success) | ||
122 | + return false; | ||
123 | + return true; | ||
124 | +} | ||
125 | + | ||
126 | + | ||
127 | /** | ||
128 | * eap_tlv_process - Process a received EAP-TLV message and generate a response | ||
129 | * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() | ||
130 | @@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, | ||
131 | " - force failed Phase 2"); | ||
132 | resp_status = EAP_TLV_RESULT_FAILURE; | ||
133 | ret->decision = DECISION_FAIL; | ||
134 | + } else if (!peap_phase2_sufficient(sm, data)) { | ||
135 | + wpa_printf(MSG_INFO, | ||
136 | + "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); | ||
137 | + resp_status = EAP_TLV_RESULT_FAILURE; | ||
138 | + ret->decision = DECISION_FAIL; | ||
139 | } else { | ||
140 | resp_status = EAP_TLV_RESULT_SUCCESS; | ||
141 | ret->decision = DECISION_UNCOND_SUCC; | ||
142 | @@ -887,8 +921,7 @@ continue_req: | ||
143 | /* EAP-Success within TLS tunnel is used to indicate | ||
144 | * shutdown of the TLS channel. The authentication has | ||
145 | * been completed. */ | ||
146 | - if (data->phase2_eap_started && | ||
147 | - !data->phase2_eap_success) { | ||
148 | + if (!peap_phase2_sufficient(sm, data)) { | ||
149 | wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " | ||
150 | "Success used to indicate success, " | ||
151 | "but Phase 2 EAP was not yet " | ||
152 | @@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, | ||
153 | static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) | ||
154 | { | ||
155 | struct eap_peap_data *data = priv; | ||
156 | + | ||
157 | return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && | ||
158 | - data->phase2_success; | ||
159 | + data->phase2_success && data->phase2_auth != ALWAYS; | ||
160 | } | ||
161 | |||
162 | |||
163 | diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c | ||
164 | index c1837db..a53eeb1 100644 | ||
165 | --- a/src/eap_peer/eap_tls_common.c | ||
166 | +++ b/src/eap_peer/eap_tls_common.c | ||
167 | @@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, | ||
168 | |||
169 | sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); | ||
170 | |||
171 | + if (!phase2) | ||
172 | + data->client_cert_conf = params->client_cert || | ||
173 | + params->client_cert_blob || | ||
174 | + params->private_key || | ||
175 | + params->private_key_blob; | ||
176 | + | ||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h | ||
181 | index 9ac0012..3348634 100644 | ||
182 | --- a/src/eap_peer/eap_tls_common.h | ||
183 | +++ b/src/eap_peer/eap_tls_common.h | ||
184 | @@ -79,6 +79,11 @@ struct eap_ssl_data { | ||
185 | * tls_v13 - Whether TLS v1.3 or newer is used | ||
186 | */ | ||
187 | int tls_v13; | ||
188 | + | ||
189 | + /** | ||
190 | + * client_cert_conf: Whether client certificate has been configured | ||
191 | + */ | ||
192 | + bool client_cert_conf; | ||
193 | }; | ||
194 | |||
195 | |||
196 | diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf | ||
197 | index 6619d6b..d63f73c 100644 | ||
198 | --- a/wpa_supplicant/wpa_supplicant.conf | ||
199 | +++ b/wpa_supplicant/wpa_supplicant.conf | ||
200 | @@ -1321,6 +1321,13 @@ fast_reauth=1 | ||
201 | # * 0 = do not use cryptobinding (default) | ||
202 | # * 1 = use cryptobinding if server supports it | ||
203 | # * 2 = require cryptobinding | ||
204 | +# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS | ||
205 | +# tunnel) behavior for PEAP: | ||
206 | +# * 0 = do not require Phase 2 authentication | ||
207 | +# * 1 = require Phase 2 authentication when client certificate | ||
208 | +# (private_key/client_cert) is no used and TLS session resumption was | ||
209 | +# not used (default) | ||
210 | +# * 2 = require Phase 2 authentication in all cases | ||
211 | # EAP-WSC (WPS) uses following options: pin=<Device Password> or | ||
212 | # pbc=1. | ||
213 | # | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch deleted file mode 100644 index 53ad5d028a..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch +++ /dev/null | |||
@@ -1,151 +0,0 @@ | |||
1 | From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jouni Malinen <jouni@codeaurora.org> | ||
3 | Date: Wed, 3 Jun 2020 23:17:35 +0300 | ||
4 | Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to | ||
5 | other networks | ||
6 | |||
7 | The UPnP Device Architecture 2.0 specification errata ("UDA errata | ||
8 | 16-04-2020.docx") addresses a problem with notifications being allowed | ||
9 | to go out to other domains by disallowing such cases. Do such filtering | ||
10 | for the notification callback URLs to avoid undesired connections to | ||
11 | external networks based on subscriptions that any device in the local | ||
12 | network could request when WPS support for external registrars is | ||
13 | enabled (the upnp_iface parameter in hostapd configuration). | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | CVE: CVE-2020-12695 patch #1 | ||
17 | Signed-off-by: Jouni Malinen <jouni@codeaurora.org> | ||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | --- | ||
21 | src/wps/wps_er.c | 2 +- | ||
22 | src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++-- | ||
23 | src/wps/wps_upnp_i.h | 3 ++- | ||
24 | 3 files changed, 39 insertions(+), 4 deletions(-) | ||
25 | |||
26 | Index: wpa_supplicant-2.9/src/wps/wps_er.c | ||
27 | =================================================================== | ||
28 | --- wpa_supplicant-2.9.orig/src/wps/wps_er.c | ||
29 | +++ wpa_supplicant-2.9/src/wps/wps_er.c | ||
30 | @@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con | ||
31 | "with %s", filter); | ||
32 | } | ||
33 | if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text, | ||
34 | - er->mac_addr)) { | ||
35 | + NULL, er->mac_addr)) { | ||
36 | wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " | ||
37 | "for %s. Does it have IP address?", er->ifname); | ||
38 | wps_er_deinit(er, NULL, NULL); | ||
39 | Index: wpa_supplicant-2.9/src/wps/wps_upnp.c | ||
40 | =================================================================== | ||
41 | --- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c | ||
42 | +++ wpa_supplicant-2.9/src/wps/wps_upnp.c | ||
43 | @@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct | ||
44 | } | ||
45 | |||
46 | |||
47 | +static int local_network_addr(struct upnp_wps_device_sm *sm, | ||
48 | + struct sockaddr_in *addr) | ||
49 | +{ | ||
50 | + return (addr->sin_addr.s_addr & sm->netmask.s_addr) == | ||
51 | + (sm->ip_addr & sm->netmask.s_addr); | ||
52 | +} | ||
53 | + | ||
54 | + | ||
55 | /* subscr_addr_add_url -- add address(es) for one url to subscription */ | ||
56 | static void subscr_addr_add_url(struct subscription *s, const char *url, | ||
57 | size_t url_len) | ||
58 | @@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s | ||
59 | |||
60 | for (rp = result; rp; rp = rp->ai_next) { | ||
61 | struct subscr_addr *a; | ||
62 | + struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr; | ||
63 | |||
64 | /* Limit no. of address to avoid denial of service attack */ | ||
65 | if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) { | ||
66 | @@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s | ||
67 | break; | ||
68 | } | ||
69 | |||
70 | + if (!local_network_addr(s->sm, addr)) { | ||
71 | + wpa_printf(MSG_INFO, | ||
72 | + "WPS UPnP: Ignore a delivery URL that points to another network %s", | ||
73 | + inet_ntoa(addr->sin_addr)); | ||
74 | + continue; | ||
75 | + } | ||
76 | + | ||
77 | a = os_zalloc(sizeof(*a) + alloc_len); | ||
78 | if (a == NULL) | ||
79 | break; | ||
80 | @@ -889,11 +905,12 @@ static int eth_get(const char *device, u | ||
81 | * @net_if: Selected network interface name | ||
82 | * @ip_addr: Buffer for returning IP address in network byte order | ||
83 | * @ip_addr_text: Buffer for returning a pointer to allocated IP address text | ||
84 | + * @netmask: Buffer for returning netmask or %NULL if not needed | ||
85 | * @mac: Buffer for returning MAC address | ||
86 | * Returns: 0 on success, -1 on failure | ||
87 | */ | ||
88 | int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, | ||
89 | - u8 mac[ETH_ALEN]) | ||
90 | + struct in_addr *netmask, u8 mac[ETH_ALEN]) | ||
91 | { | ||
92 | struct ifreq req; | ||
93 | int sock = -1; | ||
94 | @@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u | ||
95 | in_addr.s_addr = *ip_addr; | ||
96 | os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr)); | ||
97 | |||
98 | + if (netmask) { | ||
99 | + os_memset(&req, 0, sizeof(req)); | ||
100 | + os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); | ||
101 | + if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) { | ||
102 | + wpa_printf(MSG_ERROR, | ||
103 | + "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)", | ||
104 | + errno, strerror(errno)); | ||
105 | + goto fail; | ||
106 | + } | ||
107 | + addr = (struct sockaddr_in *) &req.ifr_netmask; | ||
108 | + netmask->s_addr = addr->sin_addr.s_addr; | ||
109 | + } | ||
110 | + | ||
111 | #ifdef __linux__ | ||
112 | os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); | ||
113 | if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) { | ||
114 | @@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct | ||
115 | |||
116 | /* Determine which IP and mac address we're using */ | ||
117 | if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text, | ||
118 | - sm->mac_addr)) { | ||
119 | + &sm->netmask, sm->mac_addr)) { | ||
120 | wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " | ||
121 | "for %s. Does it have IP address?", net_if); | ||
122 | goto fail; | ||
123 | } | ||
124 | + wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr " | ||
125 | + MACSTR, | ||
126 | + sm->ip_addr_text, inet_ntoa(sm->netmask), | ||
127 | + MAC2STR(sm->mac_addr)); | ||
128 | |||
129 | /* Listen for incoming TCP connections so that others | ||
130 | * can fetch our "xml files" from us. | ||
131 | Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h | ||
132 | =================================================================== | ||
133 | --- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h | ||
134 | +++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h | ||
135 | @@ -128,6 +128,7 @@ struct upnp_wps_device_sm { | ||
136 | u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */ | ||
137 | char *ip_addr_text; /* IP address of network i.f. we use */ | ||
138 | unsigned ip_addr; /* IP address of network i.f. we use (host order) */ | ||
139 | + struct in_addr netmask; | ||
140 | int multicast_sd; /* send multicast messages over this socket */ | ||
141 | int ssdp_sd; /* receive discovery UPD packets on socket */ | ||
142 | int ssdp_sd_registered; /* nonzero if we must unregister */ | ||
143 | @@ -158,7 +159,7 @@ struct subscription * subscription_find( | ||
144 | const u8 uuid[UUID_LEN]); | ||
145 | void subscr_addr_delete(struct subscr_addr *a); | ||
146 | int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, | ||
147 | - u8 mac[ETH_ALEN]); | ||
148 | + struct in_addr *netmask, u8 mac[ETH_ALEN]); | ||
149 | |||
150 | /* wps_upnp_ssdp.c */ | ||
151 | void msearchreply_state_machine_stop(struct advertisement_state_machine *a); | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch new file mode 100644 index 0000000000..6e930fc98d --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From cb41c214b78d6df187a31950342e48a403dbd769 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sergey Matyukevich <geomatsi@gmail.com> | ||
3 | Date: Tue, 22 Feb 2022 11:52:19 +0300 | ||
4 | Subject: [PATCH 1/2] build: Re-enable options for libwpa_client.so and | ||
5 | wpa_passphrase | ||
6 | |||
7 | Commit a41a29192e5d ("build: Pull common fragments into a build.rules | ||
8 | file") introduced a regression into wpa_supplicant build process. The | ||
9 | build target libwpa_client.so is not built regardless of whether the | ||
10 | option CONFIG_BUILD_WPA_CLIENT_SO is set or not. This happens because | ||
11 | this config option is used before it is imported from the configuration | ||
12 | file. Moving its use after including build.rules does not help: the | ||
13 | variable ALL is processed by build.rules and further changes are not | ||
14 | applied. Similarly, option CONFIG_NO_WPA_PASSPHRASE also does not work | ||
15 | as expected: wpa_passphrase is always built regardless of whether the | ||
16 | option is set or not. | ||
17 | |||
18 | Re-enable these options by adding both build targets to _all | ||
19 | dependencies. | ||
20 | |||
21 | Fixes: a41a29192e5d ("build: Pull common fragments into a build.rules file") | ||
22 | Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> | ||
23 | Upstream-Status: Backport | ||
24 | Signed-off-by: Alex Kiernan <alexk@zuma.ai> | ||
25 | Signed-off-by: Alex Kiernan <alexk@gmail.com> | ||
26 | --- | ||
27 | wpa_supplicant/Makefile | 19 ++++++++++++------- | ||
28 | 1 file changed, 12 insertions(+), 7 deletions(-) | ||
29 | |||
30 | diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile | ||
31 | index cb66defac7c8..c456825ae75f 100644 | ||
32 | --- a/wpa_supplicant/Makefile | ||
33 | +++ b/wpa_supplicant/Makefile | ||
34 | @@ -1,24 +1,29 @@ | ||
35 | BINALL=wpa_supplicant wpa_cli | ||
36 | |||
37 | -ifndef CONFIG_NO_WPA_PASSPHRASE | ||
38 | -BINALL += wpa_passphrase | ||
39 | -endif | ||
40 | - | ||
41 | ALL = $(BINALL) | ||
42 | ALL += systemd/wpa_supplicant.service | ||
43 | ALL += systemd/wpa_supplicant@.service | ||
44 | ALL += systemd/wpa_supplicant-nl80211@.service | ||
45 | ALL += systemd/wpa_supplicant-wired@.service | ||
46 | ALL += dbus/fi.w1.wpa_supplicant1.service | ||
47 | -ifdef CONFIG_BUILD_WPA_CLIENT_SO | ||
48 | -ALL += libwpa_client.so | ||
49 | -endif | ||
50 | |||
51 | EXTRA_TARGETS=dynamic_eap_methods | ||
52 | |||
53 | CONFIG_FILE=.config | ||
54 | include ../src/build.rules | ||
55 | |||
56 | +ifdef CONFIG_BUILD_WPA_CLIENT_SO | ||
57 | +# add the dependency this way to allow CONFIG_BUILD_WPA_CLIENT_SO | ||
58 | +# being set in the config which is read by build.rules | ||
59 | +_all: libwpa_client.so | ||
60 | +endif | ||
61 | + | ||
62 | +ifndef CONFIG_NO_WPA_PASSPHRASE | ||
63 | +# add the dependency this way to allow CONFIG_NO_WPA_PASSPHRASE | ||
64 | +# being set in the config which is read by build.rules | ||
65 | +_all: wpa_passphrase | ||
66 | +endif | ||
67 | + | ||
68 | ifdef LIBS | ||
69 | # If LIBS is set with some global build system defaults, clone those for | ||
70 | # LIBS_c and LIBS_p to cover wpa_passphrase and wpa_cli as well. | ||
71 | -- | ||
72 | 2.35.1 | ||
73 | |||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch deleted file mode 100644 index a476cf040e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joshua DeWeese <jdeweese@hennypenny.com> | ||
3 | Date: Wed, 30 Jan 2019 16:19:47 -0500 | ||
4 | Subject: [PATCH] replace systemd install Alias with WantedBy | ||
5 | |||
6 | According to the systemd documentation "WantedBy=foo.service in a | ||
7 | service bar.service is mostly equivalent to | ||
8 | Alias=foo.service.wants/bar.service in the same file." However, | ||
9 | this is not really the intended purpose of install Aliases. | ||
10 | |||
11 | Upstream-Status: Submitted [hostap@lists.infradead.org] | ||
12 | |||
13 | Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> | ||
14 | --- | ||
15 | wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +- | ||
16 | wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 2 +- | ||
17 | wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- | ||
18 | 3 files changed, 3 insertions(+), 3 deletions(-) | ||
19 | |||
20 | diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | ||
21 | index 03ac507..da69a87 100644 | ||
22 | --- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | ||
23 | +++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | ||
24 | @@ -12,4 +12,4 @@ Type=simple | ||
25 | ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I | ||
26 | |||
27 | [Install] | ||
28 | -Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service | ||
29 | +WantedBy=multi-user.target | ||
30 | diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | ||
31 | index c8a744d..ca3054b 100644 | ||
32 | --- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | ||
33 | +++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | ||
34 | @@ -12,4 +12,4 @@ Type=simple | ||
35 | ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I | ||
36 | |||
37 | [Install] | ||
38 | -Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service | ||
39 | +WantedBy=multi-user.target | ||
40 | diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in | ||
41 | index 7788b38..55d2b9c 100644 | ||
42 | --- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in | ||
43 | +++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in | ||
44 | @@ -12,4 +12,4 @@ Type=simple | ||
45 | ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I | ||
46 | |||
47 | [Install] | ||
48 | -Alias=multi-user.target.wants/wpa_supplicant@%i.service | ||
49 | +WantedBy=multi-user.target | ||
50 | -- | ||
51 | 2.7.4 | ||
52 | |||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch new file mode 100644 index 0000000000..53b0fcdf53 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From d001b301ba7987f4b39453a211631b85c48f2ff8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jouni Malinen <quic_jouni@quicinc.com> | ||
3 | Date: Thu, 3 Mar 2022 13:26:42 +0200 | ||
4 | Subject: [PATCH 2/2] Fix removal of wpa_passphrase on 'make clean' | ||
5 | |||
6 | Fixes: 0430bc8267b4 ("build: Add a common-clean target") | ||
7 | Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com> | ||
8 | Upstream-Status: Backport | ||
9 | Signed-off-by: Alex Kiernan <alexk@zuma.ai> | ||
10 | Signed-off-by: Alex Kiernan <alexk@gmail.com> | ||
11 | --- | ||
12 | wpa_supplicant/Makefile | 1 + | ||
13 | 1 file changed, 1 insertion(+) | ||
14 | |||
15 | diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile | ||
16 | index c456825ae75f..4b4688931b1d 100644 | ||
17 | --- a/wpa_supplicant/Makefile | ||
18 | +++ b/wpa_supplicant/Makefile | ||
19 | @@ -2077,3 +2077,4 @@ clean: common-clean | ||
20 | rm -f libwpa_client.a | ||
21 | rm -f libwpa_client.so | ||
22 | rm -f libwpa_test1 libwpa_test2 | ||
23 | + rm -f wpa_passphrase | ||
24 | -- | ||
25 | 2.35.1 | ||
26 | |||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch deleted file mode 100644 index 59640859dd..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch +++ /dev/null | |||
@@ -1,62 +0,0 @@ | |||
1 | From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001 | ||
2 | From: Jouni Malinen <jouni@codeaurora.org> | ||
3 | Date: Wed, 3 Jun 2020 22:41:02 +0300 | ||
4 | Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL | ||
5 | path | ||
6 | |||
7 | More than about 700 character URL ended up overflowing the wpabuf used | ||
8 | for building the event notification and this resulted in the wpabuf | ||
9 | buffer overflow checks terminating the hostapd process. Fix this by | ||
10 | allocating the buffer to be large enough to contain the full URL path. | ||
11 | However, since that around 700 character limit has been the practical | ||
12 | limit for more than ten years, start explicitly enforcing that as the | ||
13 | limit or the callback URLs since any longer ones had not worked before | ||
14 | and there is no need to enable them now either. | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | CVE: CVE-2020-12695 patch #2 | ||
18 | Signed-off-by: Jouni Malinen <jouni@codeaurora.org> | ||
19 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
20 | |||
21 | --- | ||
22 | src/wps/wps_upnp.c | 9 +++++++-- | ||
23 | src/wps/wps_upnp_event.c | 3 ++- | ||
24 | 2 files changed, 9 insertions(+), 3 deletions(-) | ||
25 | |||
26 | diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c | ||
27 | index 7d4b7439940e..ab685d52ecab 100644 | ||
28 | --- a/src/wps/wps_upnp.c | ||
29 | +++ b/src/wps/wps_upnp.c | ||
30 | @@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, | ||
31 | int rerr; | ||
32 | size_t host_len, path_len; | ||
33 | |||
34 | - /* url MUST begin with http: */ | ||
35 | - if (url_len < 7 || os_strncasecmp(url, "http://", 7)) | ||
36 | + /* URL MUST begin with HTTP scheme. In addition, limit the length of | ||
37 | + * the URL to 700 characters which is around the limit that was | ||
38 | + * implicitly enforced for more than 10 years due to a bug in | ||
39 | + * generating the event messages. */ | ||
40 | + if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) { | ||
41 | + wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL"); | ||
42 | goto fail; | ||
43 | + } | ||
44 | url += 7; | ||
45 | url_len -= 7; | ||
46 | |||
47 | diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c | ||
48 | index d7e6edcc6503..08a23612f338 100644 | ||
49 | --- a/src/wps/wps_upnp_event.c | ||
50 | +++ b/src/wps/wps_upnp_event.c | ||
51 | @@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e) | ||
52 | struct wpabuf *buf; | ||
53 | char *b; | ||
54 | |||
55 | - buf = wpabuf_alloc(1000 + wpabuf_len(e->data)); | ||
56 | + buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + | ||
57 | + wpabuf_len(e->data)); | ||
58 | if (buf == NULL) | ||
59 | return NULL; | ||
60 | wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); | ||
61 | -- | ||
62 | 2.20.1 | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch deleted file mode 100644 index 8a014ef28a..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jouni Malinen <jouni@codeaurora.org> | ||
3 | Date: Thu, 4 Jun 2020 21:24:04 +0300 | ||
4 | Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more | ||
5 | properly | ||
6 | |||
7 | While it is appropriate to try to retransmit the event to another | ||
8 | callback URL on a failure to initiate the HTTP client connection, there | ||
9 | is no point in trying the exact same operation multiple times in a row. | ||
10 | Replve the event_retry() calls with event_addr_failure() for these cases | ||
11 | to avoid busy loops trying to repeat the same failing operation. | ||
12 | |||
13 | These potential busy loops would go through eloop callbacks, so the | ||
14 | process is not completely stuck on handling them, but unnecessary CPU | ||
15 | would be used to process the continues retries that will keep failing | ||
16 | for the same reason. | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | CVE: CVE-2020-12695 patch #2 | ||
20 | Signed-off-by: Jouni Malinen <jouni@codeaurora.org> | ||
21 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
22 | |||
23 | --- | ||
24 | src/wps/wps_upnp_event.c | 4 ++-- | ||
25 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
26 | |||
27 | diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c | ||
28 | index 08a23612f338..c0d9e41d9a38 100644 | ||
29 | --- a/src/wps/wps_upnp_event.c | ||
30 | +++ b/src/wps/wps_upnp_event.c | ||
31 | @@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s) | ||
32 | |||
33 | buf = event_build_message(e); | ||
34 | if (buf == NULL) { | ||
35 | - event_retry(e, 0); | ||
36 | + event_addr_failure(e); | ||
37 | return -1; | ||
38 | } | ||
39 | |||
40 | @@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s) | ||
41 | event_http_cb, e); | ||
42 | if (e->http_event == NULL) { | ||
43 | wpabuf_free(buf); | ||
44 | - event_retry(e, 0); | ||
45 | + event_addr_failure(e); | ||
46 | return -1; | ||
47 | } | ||
48 | |||
49 | -- | ||
50 | 2.20.1 | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig deleted file mode 100644 index f04e398fdb..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig +++ /dev/null | |||
@@ -1,552 +0,0 @@ | |||
1 | # Example wpa_supplicant build time configuration | ||
2 | # | ||
3 | # This file lists the configuration options that are used when building the | ||
4 | # hostapd binary. All lines starting with # are ignored. Configuration option | ||
5 | # lines must be commented out complete, if they are not to be included, i.e., | ||
6 | # just setting VARIABLE=n is not disabling that variable. | ||
7 | # | ||
8 | # This file is included in Makefile, so variables like CFLAGS and LIBS can also | ||
9 | # be modified from here. In most cases, these lines should use += in order not | ||
10 | # to override previous values of the variables. | ||
11 | |||
12 | |||
13 | # Uncomment following two lines and fix the paths if you have installed OpenSSL | ||
14 | # or GnuTLS in non-default location | ||
15 | #CFLAGS += -I/usr/local/openssl/include | ||
16 | #LIBS += -L/usr/local/openssl/lib | ||
17 | |||
18 | # Some Red Hat versions seem to include kerberos header files from OpenSSL, but | ||
19 | # the kerberos files are not in the default include path. Following line can be | ||
20 | # used to fix build issues on such systems (krb5.h not found). | ||
21 | #CFLAGS += -I/usr/include/kerberos | ||
22 | |||
23 | # Example configuration for various cross-compilation platforms | ||
24 | |||
25 | #### sveasoft (e.g., for Linksys WRT54G) ###################################### | ||
26 | #CC=mipsel-uclibc-gcc | ||
27 | #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc | ||
28 | #CFLAGS += -Os | ||
29 | #CPPFLAGS += -I../src/include -I../../src/router/openssl/include | ||
30 | #LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl | ||
31 | ############################################################################### | ||
32 | |||
33 | #### openwrt (e.g., for Linksys WRT54G) ####################################### | ||
34 | #CC=mipsel-uclibc-gcc | ||
35 | #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc | ||
36 | #CFLAGS += -Os | ||
37 | #CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ | ||
38 | # -I../WRT54GS/release/src/include | ||
39 | #LIBS = -lssl | ||
40 | ############################################################################### | ||
41 | |||
42 | |||
43 | # Driver interface for Host AP driver | ||
44 | CONFIG_DRIVER_HOSTAP=y | ||
45 | |||
46 | # Driver interface for Agere driver | ||
47 | #CONFIG_DRIVER_HERMES=y | ||
48 | # Change include directories to match with the local setup | ||
49 | #CFLAGS += -I../../hcf -I../../include -I../../include/hcf | ||
50 | #CFLAGS += -I../../include/wireless | ||
51 | |||
52 | # Driver interface for madwifi driver | ||
53 | # Deprecated; use CONFIG_DRIVER_WEXT=y instead. | ||
54 | #CONFIG_DRIVER_MADWIFI=y | ||
55 | # Set include directory to the madwifi source tree | ||
56 | #CFLAGS += -I../../madwifi | ||
57 | |||
58 | # Driver interface for ndiswrapper | ||
59 | # Deprecated; use CONFIG_DRIVER_WEXT=y instead. | ||
60 | #CONFIG_DRIVER_NDISWRAPPER=y | ||
61 | |||
62 | # Driver interface for Atmel driver | ||
63 | # CONFIG_DRIVER_ATMEL=y | ||
64 | |||
65 | # Driver interface for old Broadcom driver | ||
66 | # Please note that the newer Broadcom driver ("hybrid Linux driver") supports | ||
67 | # Linux wireless extensions and does not need (or even work) with the old | ||
68 | # driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. | ||
69 | #CONFIG_DRIVER_BROADCOM=y | ||
70 | # Example path for wlioctl.h; change to match your configuration | ||
71 | #CFLAGS += -I/opt/WRT54GS/release/src/include | ||
72 | |||
73 | # Driver interface for Intel ipw2100/2200 driver | ||
74 | # Deprecated; use CONFIG_DRIVER_WEXT=y instead. | ||
75 | #CONFIG_DRIVER_IPW=y | ||
76 | |||
77 | # Driver interface for Ralink driver | ||
78 | #CONFIG_DRIVER_RALINK=y | ||
79 | |||
80 | # Driver interface for generic Linux wireless extensions | ||
81 | # Note: WEXT is deprecated in the current Linux kernel version and no new | ||
82 | # functionality is added to it. nl80211-based interface is the new | ||
83 | # replacement for WEXT and its use allows wpa_supplicant to properly control | ||
84 | # the driver to improve existing functionality like roaming and to support new | ||
85 | # functionality. | ||
86 | CONFIG_DRIVER_WEXT=y | ||
87 | |||
88 | # Driver interface for Linux drivers using the nl80211 kernel interface | ||
89 | CONFIG_DRIVER_NL80211=y | ||
90 | |||
91 | # driver_nl80211.c requires libnl. If you are compiling it yourself | ||
92 | # you may need to point hostapd to your version of libnl. | ||
93 | # | ||
94 | #CFLAGS += -I$<path to libnl include files> | ||
95 | #LIBS += -L$<path to libnl library files> | ||
96 | |||
97 | # Use libnl v2.0 (or 3.0) libraries. | ||
98 | #CONFIG_LIBNL20=y | ||
99 | |||
100 | # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) | ||
101 | CONFIG_LIBNL32=y | ||
102 | |||
103 | |||
104 | # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) | ||
105 | #CONFIG_DRIVER_BSD=y | ||
106 | #CFLAGS += -I/usr/local/include | ||
107 | #LIBS += -L/usr/local/lib | ||
108 | #LIBS_p += -L/usr/local/lib | ||
109 | #LIBS_c += -L/usr/local/lib | ||
110 | |||
111 | # Driver interface for Windows NDIS | ||
112 | #CONFIG_DRIVER_NDIS=y | ||
113 | #CFLAGS += -I/usr/include/w32api/ddk | ||
114 | #LIBS += -L/usr/local/lib | ||
115 | # For native build using mingw | ||
116 | #CONFIG_NATIVE_WINDOWS=y | ||
117 | # Additional directories for cross-compilation on Linux host for mingw target | ||
118 | #CFLAGS += -I/opt/mingw/mingw32/include/ddk | ||
119 | #LIBS += -L/opt/mingw/mingw32/lib | ||
120 | #CC=mingw32-gcc | ||
121 | # By default, driver_ndis uses WinPcap for low-level operations. This can be | ||
122 | # replaced with the following option which replaces WinPcap calls with NDISUIO. | ||
123 | # However, this requires that WZC is disabled (net stop wzcsvc) before starting | ||
124 | # wpa_supplicant. | ||
125 | # CONFIG_USE_NDISUIO=y | ||
126 | |||
127 | # Driver interface for development testing | ||
128 | #CONFIG_DRIVER_TEST=y | ||
129 | |||
130 | # Driver interface for wired Ethernet drivers | ||
131 | CONFIG_DRIVER_WIRED=y | ||
132 | |||
133 | # Driver interface for the Broadcom RoboSwitch family | ||
134 | #CONFIG_DRIVER_ROBOSWITCH=y | ||
135 | |||
136 | # Driver interface for no driver (e.g., WPS ER only) | ||
137 | #CONFIG_DRIVER_NONE=y | ||
138 | |||
139 | # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is | ||
140 | # included) | ||
141 | CONFIG_IEEE8021X_EAPOL=y | ||
142 | |||
143 | # EAP-MD5 | ||
144 | CONFIG_EAP_MD5=y | ||
145 | |||
146 | # EAP-MSCHAPv2 | ||
147 | CONFIG_EAP_MSCHAPV2=y | ||
148 | |||
149 | # EAP-TLS | ||
150 | CONFIG_EAP_TLS=y | ||
151 | |||
152 | # EAL-PEAP | ||
153 | CONFIG_EAP_PEAP=y | ||
154 | |||
155 | # EAP-TTLS | ||
156 | CONFIG_EAP_TTLS=y | ||
157 | |||
158 | # EAP-FAST | ||
159 | # Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed | ||
160 | # for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., | ||
161 | # with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. | ||
162 | #CONFIG_EAP_FAST=y | ||
163 | |||
164 | # EAP-GTC | ||
165 | CONFIG_EAP_GTC=y | ||
166 | |||
167 | # EAP-OTP | ||
168 | CONFIG_EAP_OTP=y | ||
169 | |||
170 | # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) | ||
171 | #CONFIG_EAP_SIM=y | ||
172 | |||
173 | # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) | ||
174 | #CONFIG_EAP_PSK=y | ||
175 | |||
176 | # EAP-pwd (secure authentication using only a password) | ||
177 | #CONFIG_EAP_PWD=y | ||
178 | |||
179 | # EAP-PAX | ||
180 | #CONFIG_EAP_PAX=y | ||
181 | |||
182 | # LEAP | ||
183 | CONFIG_EAP_LEAP=y | ||
184 | |||
185 | # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) | ||
186 | #CONFIG_EAP_AKA=y | ||
187 | |||
188 | # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). | ||
189 | # This requires CONFIG_EAP_AKA to be enabled, too. | ||
190 | #CONFIG_EAP_AKA_PRIME=y | ||
191 | |||
192 | # Enable USIM simulator (Milenage) for EAP-AKA | ||
193 | #CONFIG_USIM_SIMULATOR=y | ||
194 | |||
195 | # EAP-SAKE | ||
196 | #CONFIG_EAP_SAKE=y | ||
197 | |||
198 | # EAP-GPSK | ||
199 | #CONFIG_EAP_GPSK=y | ||
200 | # Include support for optional SHA256 cipher suite in EAP-GPSK | ||
201 | #CONFIG_EAP_GPSK_SHA256=y | ||
202 | |||
203 | # EAP-TNC and related Trusted Network Connect support (experimental) | ||
204 | #CONFIG_EAP_TNC=y | ||
205 | |||
206 | # Wi-Fi Protected Setup (WPS) | ||
207 | CONFIG_WPS=y | ||
208 | # Enable WSC 2.0 support | ||
209 | #CONFIG_WPS2=y | ||
210 | # Enable WPS external registrar functionality | ||
211 | #CONFIG_WPS_ER=y | ||
212 | # Disable credentials for an open network by default when acting as a WPS | ||
213 | # registrar. | ||
214 | #CONFIG_WPS_REG_DISABLE_OPEN=y | ||
215 | # Enable WPS support with NFC config method | ||
216 | #CONFIG_WPS_NFC=y | ||
217 | |||
218 | # EAP-IKEv2 | ||
219 | #CONFIG_EAP_IKEV2=y | ||
220 | |||
221 | # EAP-EKE | ||
222 | #CONFIG_EAP_EKE=y | ||
223 | |||
224 | # PKCS#12 (PFX) support (used to read private key and certificate file from | ||
225 | # a file that usually has extension .p12 or .pfx) | ||
226 | CONFIG_PKCS12=y | ||
227 | |||
228 | # Smartcard support (i.e., private key on a smartcard), e.g., with openssl | ||
229 | # engine. | ||
230 | CONFIG_SMARTCARD=y | ||
231 | |||
232 | # PC/SC interface for smartcards (USIM, GSM SIM) | ||
233 | # Enable this if EAP-SIM or EAP-AKA is included | ||
234 | #CONFIG_PCSC=y | ||
235 | |||
236 | # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) | ||
237 | #CONFIG_HT_OVERRIDES=y | ||
238 | |||
239 | # Support VHT overrides (disable VHT, mask MCS rates, etc.) | ||
240 | #CONFIG_VHT_OVERRIDES=y | ||
241 | |||
242 | # Development testing | ||
243 | #CONFIG_EAPOL_TEST=y | ||
244 | |||
245 | # Select control interface backend for external programs, e.g, wpa_cli: | ||
246 | # unix = UNIX domain sockets (default for Linux/*BSD) | ||
247 | # udp = UDP sockets using localhost (127.0.0.1) | ||
248 | # named_pipe = Windows Named Pipe (default for Windows) | ||
249 | # udp-remote = UDP sockets with remote access (only for tests systems/purpose) | ||
250 | # y = use default (backwards compatibility) | ||
251 | # If this option is commented out, control interface is not included in the | ||
252 | # build. | ||
253 | CONFIG_CTRL_IFACE=y | ||
254 | |||
255 | # Include support for GNU Readline and History Libraries in wpa_cli. | ||
256 | # When building a wpa_cli binary for distribution, please note that these | ||
257 | # libraries are licensed under GPL and as such, BSD license may not apply for | ||
258 | # the resulting binary. | ||
259 | #CONFIG_READLINE=y | ||
260 | |||
261 | # Include internal line edit mode in wpa_cli. This can be used as a replacement | ||
262 | # for GNU Readline to provide limited command line editing and history support. | ||
263 | #CONFIG_WPA_CLI_EDIT=y | ||
264 | |||
265 | # Remove debugging code that is printing out debug message to stdout. | ||
266 | # This can be used to reduce the size of the wpa_supplicant considerably | ||
267 | # if debugging code is not needed. The size reduction can be around 35% | ||
268 | # (e.g., 90 kB). | ||
269 | #CONFIG_NO_STDOUT_DEBUG=y | ||
270 | |||
271 | # Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save | ||
272 | # 35-50 kB in code size. | ||
273 | #CONFIG_NO_WPA=y | ||
274 | |||
275 | # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support | ||
276 | # This option can be used to reduce code size by removing support for | ||
277 | # converting ASCII passphrases into PSK. If this functionality is removed, the | ||
278 | # PSK can only be configured as the 64-octet hexstring (e.g., from | ||
279 | # wpa_passphrase). This saves about 0.5 kB in code size. | ||
280 | #CONFIG_NO_WPA_PASSPHRASE=y | ||
281 | |||
282 | # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. | ||
283 | # This can be used if ap_scan=1 mode is never enabled. | ||
284 | #CONFIG_NO_SCAN_PROCESSING=y | ||
285 | |||
286 | # Select configuration backend: | ||
287 | # file = text file (e.g., wpa_supplicant.conf; note: the configuration file | ||
288 | # path is given on command line, not here; this option is just used to | ||
289 | # select the backend that allows configuration files to be used) | ||
290 | # winreg = Windows registry (see win_example.reg for an example) | ||
291 | CONFIG_BACKEND=file | ||
292 | |||
293 | # Remove configuration write functionality (i.e., to allow the configuration | ||
294 | # file to be updated based on runtime configuration changes). The runtime | ||
295 | # configuration can still be changed, the changes are just not going to be | ||
296 | # persistent over restarts. This option can be used to reduce code size by | ||
297 | # about 3.5 kB. | ||
298 | #CONFIG_NO_CONFIG_WRITE=y | ||
299 | |||
300 | # Remove support for configuration blobs to reduce code size by about 1.5 kB. | ||
301 | #CONFIG_NO_CONFIG_BLOBS=y | ||
302 | |||
303 | # Select program entry point implementation: | ||
304 | # main = UNIX/POSIX like main() function (default) | ||
305 | # main_winsvc = Windows service (read parameters from registry) | ||
306 | # main_none = Very basic example (development use only) | ||
307 | #CONFIG_MAIN=main | ||
308 | |||
309 | # Select wrapper for operatins system and C library specific functions | ||
310 | # unix = UNIX/POSIX like systems (default) | ||
311 | # win32 = Windows systems | ||
312 | # none = Empty template | ||
313 | #CONFIG_OS=unix | ||
314 | |||
315 | # Select event loop implementation | ||
316 | # eloop = select() loop (default) | ||
317 | # eloop_win = Windows events and WaitForMultipleObject() loop | ||
318 | #CONFIG_ELOOP=eloop | ||
319 | |||
320 | # Should we use poll instead of select? Select is used by default. | ||
321 | #CONFIG_ELOOP_POLL=y | ||
322 | |||
323 | # Select layer 2 packet implementation | ||
324 | # linux = Linux packet socket (default) | ||
325 | # pcap = libpcap/libdnet/WinPcap | ||
326 | # freebsd = FreeBSD libpcap | ||
327 | # winpcap = WinPcap with receive thread | ||
328 | # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) | ||
329 | # none = Empty template | ||
330 | #CONFIG_L2_PACKET=linux | ||
331 | |||
332 | # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) | ||
333 | CONFIG_PEERKEY=y | ||
334 | |||
335 | # IEEE 802.11w (management frame protection), also known as PMF | ||
336 | # Driver support is also needed for IEEE 802.11w. | ||
337 | #CONFIG_IEEE80211W=y | ||
338 | |||
339 | # Select TLS implementation | ||
340 | # openssl = OpenSSL (default) | ||
341 | # gnutls = GnuTLS | ||
342 | # internal = Internal TLSv1 implementation (experimental) | ||
343 | # none = Empty template | ||
344 | #CONFIG_TLS=openssl | ||
345 | |||
346 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) | ||
347 | # can be enabled to get a stronger construction of messages when block ciphers | ||
348 | # are used. It should be noted that some existing TLS v1.0 -based | ||
349 | # implementation may not be compatible with TLS v1.1 message (ClientHello is | ||
350 | # sent prior to negotiating which version will be used) | ||
351 | #CONFIG_TLSV11=y | ||
352 | |||
353 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) | ||
354 | # can be enabled to enable use of stronger crypto algorithms. It should be | ||
355 | # noted that some existing TLS v1.0 -based implementation may not be compatible | ||
356 | # with TLS v1.2 message (ClientHello is sent prior to negotiating which version | ||
357 | # will be used) | ||
358 | #CONFIG_TLSV12=y | ||
359 | |||
360 | # If CONFIG_TLS=internal is used, additional library and include paths are | ||
361 | # needed for LibTomMath. Alternatively, an integrated, minimal version of | ||
362 | # LibTomMath can be used. See beginning of libtommath.c for details on benefits | ||
363 | # and drawbacks of this option. | ||
364 | #CONFIG_INTERNAL_LIBTOMMATH=y | ||
365 | #ifndef CONFIG_INTERNAL_LIBTOMMATH | ||
366 | #LTM_PATH=/usr/src/libtommath-0.39 | ||
367 | #CFLAGS += -I$(LTM_PATH) | ||
368 | #LIBS += -L$(LTM_PATH) | ||
369 | #LIBS_p += -L$(LTM_PATH) | ||
370 | #endif | ||
371 | # At the cost of about 4 kB of additional binary size, the internal LibTomMath | ||
372 | # can be configured to include faster routines for exptmod, sqr, and div to | ||
373 | # speed up DH and RSA calculation considerably | ||
374 | #CONFIG_INTERNAL_LIBTOMMATH_FAST=y | ||
375 | |||
376 | # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. | ||
377 | # This is only for Windows builds and requires WMI-related header files and | ||
378 | # WbemUuid.Lib from Platform SDK even when building with MinGW. | ||
379 | #CONFIG_NDIS_EVENTS_INTEGRATED=y | ||
380 | #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" | ||
381 | |||
382 | # Add support for old DBus control interface | ||
383 | # (fi.epitest.hostap.WPASupplicant) | ||
384 | #CONFIG_CTRL_IFACE_DBUS=y | ||
385 | |||
386 | # Add support for new DBus control interface | ||
387 | # (fi.w1.hostap.wpa_supplicant1) | ||
388 | CONFIG_CTRL_IFACE_DBUS_NEW=y | ||
389 | |||
390 | # Add introspection support for new DBus control interface | ||
391 | #CONFIG_CTRL_IFACE_DBUS_INTRO=y | ||
392 | |||
393 | # Add support for loading EAP methods dynamically as shared libraries. | ||
394 | # When this option is enabled, each EAP method can be either included | ||
395 | # statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). | ||
396 | # Dynamic EAP methods are build as shared objects (eap_*.so) and they need to | ||
397 | # be loaded in the beginning of the wpa_supplicant configuration file | ||
398 | # (see load_dynamic_eap parameter in the example file) before being used in | ||
399 | # the network blocks. | ||
400 | # | ||
401 | # Note that some shared parts of EAP methods are included in the main program | ||
402 | # and in order to be able to use dynamic EAP methods using these parts, the | ||
403 | # main program must have been build with the EAP method enabled (=y or =dyn). | ||
404 | # This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries | ||
405 | # unless at least one of them was included in the main build to force inclusion | ||
406 | # of the shared code. Similarly, at least one of EAP-SIM/AKA must be included | ||
407 | # in the main build to be able to load these methods dynamically. | ||
408 | # | ||
409 | # Please also note that using dynamic libraries will increase the total binary | ||
410 | # size. Thus, it may not be the best option for targets that have limited | ||
411 | # amount of memory/flash. | ||
412 | #CONFIG_DYNAMIC_EAP_METHODS=y | ||
413 | |||
414 | # IEEE Std 802.11r-2008 (Fast BSS Transition) | ||
415 | #CONFIG_IEEE80211R=y | ||
416 | |||
417 | # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) | ||
418 | #CONFIG_DEBUG_FILE=y | ||
419 | |||
420 | # Send debug messages to syslog instead of stdout | ||
421 | #CONFIG_DEBUG_SYSLOG=y | ||
422 | # Set syslog facility for debug messages | ||
423 | #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON | ||
424 | |||
425 | # Add support for sending all debug messages (regardless of debug verbosity) | ||
426 | # to the Linux kernel tracing facility. This helps debug the entire stack by | ||
427 | # making it easy to record everything happening from the driver up into the | ||
428 | # same file, e.g., using trace-cmd. | ||
429 | #CONFIG_DEBUG_LINUX_TRACING=y | ||
430 | |||
431 | # Enable privilege separation (see README 'Privilege separation' for details) | ||
432 | #CONFIG_PRIVSEP=y | ||
433 | |||
434 | # Enable mitigation against certain attacks against TKIP by delaying Michael | ||
435 | # MIC error reports by a random amount of time between 0 and 60 seconds | ||
436 | #CONFIG_DELAYED_MIC_ERROR_REPORT=y | ||
437 | |||
438 | # Enable tracing code for developer debugging | ||
439 | # This tracks use of memory allocations and other registrations and reports | ||
440 | # incorrect use with a backtrace of call (or allocation) location. | ||
441 | #CONFIG_WPA_TRACE=y | ||
442 | # For BSD, uncomment these. | ||
443 | #LIBS += -lexecinfo | ||
444 | #LIBS_p += -lexecinfo | ||
445 | #LIBS_c += -lexecinfo | ||
446 | |||
447 | # Use libbfd to get more details for developer debugging | ||
448 | # This enables use of libbfd to get more detailed symbols for the backtraces | ||
449 | # generated by CONFIG_WPA_TRACE=y. | ||
450 | #CONFIG_WPA_TRACE_BFD=y | ||
451 | # For BSD, uncomment these. | ||
452 | #LIBS += -lbfd -liberty -lz | ||
453 | #LIBS_p += -lbfd -liberty -lz | ||
454 | #LIBS_c += -lbfd -liberty -lz | ||
455 | |||
456 | CONFIG_TLS = %ssl% | ||
457 | CONFIG_CTRL_IFACE_DBUS=y | ||
458 | CONFIG_CTRL_IFACE_DBUS_NEW=y | ||
459 | |||
460 | # wpa_supplicant depends on strong random number generation being available | ||
461 | # from the operating system. os_get_random() function is used to fetch random | ||
462 | # data when needed, e.g., for key generation. On Linux and BSD systems, this | ||
463 | # works by reading /dev/urandom. It should be noted that the OS entropy pool | ||
464 | # needs to be properly initialized before wpa_supplicant is started. This is | ||
465 | # important especially on embedded devices that do not have a hardware random | ||
466 | # number generator and may by default start up with minimal entropy available | ||
467 | # for random number generation. | ||
468 | # | ||
469 | # As a safety net, wpa_supplicant is by default trying to internally collect | ||
470 | # additional entropy for generating random data to mix in with the data fetched | ||
471 | # from the OS. This by itself is not considered to be very strong, but it may | ||
472 | # help in cases where the system pool is not initialized properly. However, it | ||
473 | # is very strongly recommended that the system pool is initialized with enough | ||
474 | # entropy either by using hardware assisted random number generator or by | ||
475 | # storing state over device reboots. | ||
476 | # | ||
477 | # wpa_supplicant can be configured to maintain its own entropy store over | ||
478 | # restarts to enhance random number generation. This is not perfect, but it is | ||
479 | # much more secure than using the same sequence of random numbers after every | ||
480 | # reboot. This can be enabled with -e<entropy file> command line option. The | ||
481 | # specified file needs to be readable and writable by wpa_supplicant. | ||
482 | # | ||
483 | # If the os_get_random() is known to provide strong random data (e.g., on | ||
484 | # Linux/BSD, the board in question is known to have reliable source of random | ||
485 | # data from /dev/urandom), the internal wpa_supplicant random pool can be | ||
486 | # disabled. This will save some in binary size and CPU use. However, this | ||
487 | # should only be considered for builds that are known to be used on devices | ||
488 | # that meet the requirements described above. | ||
489 | #CONFIG_NO_RANDOM_POOL=y | ||
490 | |||
491 | # IEEE 802.11n (High Throughput) support (mainly for AP mode) | ||
492 | #CONFIG_IEEE80211N=y | ||
493 | |||
494 | # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) | ||
495 | # (depends on CONFIG_IEEE80211N) | ||
496 | #CONFIG_IEEE80211AC=y | ||
497 | |||
498 | # Wireless Network Management (IEEE Std 802.11v-2011) | ||
499 | # Note: This is experimental and not complete implementation. | ||
500 | #CONFIG_WNM=y | ||
501 | |||
502 | # Interworking (IEEE 802.11u) | ||
503 | # This can be used to enable functionality to improve interworking with | ||
504 | # external networks (GAS/ANQP to learn more about the networks and network | ||
505 | # selection based on available credentials). | ||
506 | #CONFIG_INTERWORKING=y | ||
507 | |||
508 | # Hotspot 2.0 | ||
509 | #CONFIG_HS20=y | ||
510 | |||
511 | # Disable roaming in wpa_supplicant | ||
512 | #CONFIG_NO_ROAMING=y | ||
513 | |||
514 | # AP mode operations with wpa_supplicant | ||
515 | # This can be used for controlling AP mode operations with wpa_supplicant. It | ||
516 | # should be noted that this is mainly aimed at simple cases like | ||
517 | # WPA2-Personal while more complex configurations like WPA2-Enterprise with an | ||
518 | # external RADIUS server can be supported with hostapd. | ||
519 | CONFIG_AP=y | ||
520 | |||
521 | CONFIG_BGSCAN_SIMPLE=y | ||
522 | |||
523 | # P2P (Wi-Fi Direct) | ||
524 | # This can be used to enable P2P support in wpa_supplicant. See README-P2P for | ||
525 | # more information on P2P operations. | ||
526 | #CONFIG_P2P=y | ||
527 | |||
528 | # Enable TDLS support | ||
529 | #CONFIG_TDLS=y | ||
530 | |||
531 | # Wi-Fi Direct | ||
532 | # This can be used to enable Wi-Fi Direct extensions for P2P using an external | ||
533 | # program to control the additional information exchanges in the messages. | ||
534 | #CONFIG_WIFI_DISPLAY=y | ||
535 | |||
536 | # Autoscan | ||
537 | # This can be used to enable automatic scan support in wpa_supplicant. | ||
538 | # See wpa_supplicant.conf for more information on autoscan usage. | ||
539 | # | ||
540 | # Enabling directly a module will enable autoscan support. | ||
541 | # For exponential module: | ||
542 | CONFIG_AUTOSCAN_EXPONENTIAL=y | ||
543 | # For periodic module: | ||
544 | #CONFIG_AUTOSCAN_PERIODIC=y | ||
545 | |||
546 | # Password (and passphrase, etc.) backend for external storage | ||
547 | # These optional mechanisms can be used to add support for storing passwords | ||
548 | # and other secrets in external (to wpa_supplicant) location. This allows, for | ||
549 | # example, operating system specific key storage to be used | ||
550 | # | ||
551 | # External password backend for testing purposes (developer use) | ||
552 | #CONFIG_EXT_PASSWORD_TEST=y | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb new file mode 100644 index 0000000000..22028ce957 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb | |||
@@ -0,0 +1,138 @@ | |||
1 | SUMMARY = "Client for Wi-Fi Protected Access (WPA)" | ||
2 | DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." | ||
3 | HOMEPAGE = "http://w1.fi/wpa_supplicant/" | ||
4 | BUGTRACKER = "http://w1.fi/security/" | ||
5 | SECTION = "network" | ||
6 | LICENSE = "BSD-3-Clause" | ||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ | ||
8 | file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \ | ||
9 | file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705" | ||
10 | |||
11 | DEPENDS = "dbus libnl" | ||
12 | |||
13 | SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ | ||
14 | file://wpa-supplicant.sh \ | ||
15 | file://wpa_supplicant.conf \ | ||
16 | file://wpa_supplicant.conf-sane \ | ||
17 | file://99_wpa_supplicant \ | ||
18 | file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \ | ||
19 | file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \ | ||
20 | file://0001-Install-wpa_passphrase-when-not-disabled.patch \ | ||
21 | file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \ | ||
22 | " | ||
23 | SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f" | ||
24 | |||
25 | S = "${WORKDIR}/wpa_supplicant-${PV}" | ||
26 | |||
27 | inherit pkgconfig systemd | ||
28 | |||
29 | PACKAGECONFIG ?= "openssl" | ||
30 | PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" | ||
31 | PACKAGECONFIG[openssl] = ",,openssl" | ||
32 | |||
33 | CVE_PRODUCT = "wpa_supplicant" | ||
34 | |||
35 | EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'" | ||
36 | |||
37 | do_configure () { | ||
38 | ${MAKE} -C wpa_supplicant clean | ||
39 | sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config | ||
40 | |||
41 | if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then | ||
42 | echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config | ||
43 | elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then | ||
44 | echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config | ||
45 | sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ | ||
46 | -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ | ||
47 | -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config | ||
48 | fi | ||
49 | |||
50 | # For rebuild | ||
51 | rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d | ||
52 | } | ||
53 | |||
54 | do_compile () { | ||
55 | oe_runmake -C wpa_supplicant | ||
56 | if [ -z "${DISABLE_STATIC}" ]; then | ||
57 | oe_runmake -C wpa_supplicant libwpa_client.a | ||
58 | fi | ||
59 | } | ||
60 | |||
61 | do_install () { | ||
62 | oe_runmake -C wpa_supplicant DESTDIR="${D}" install | ||
63 | |||
64 | install -d ${D}${docdir}/wpa_supplicant | ||
65 | install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant | ||
66 | |||
67 | install -d ${D}${sysconfdir} | ||
68 | install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf | ||
69 | |||
70 | install -d ${D}${sysconfdir}/network/if-pre-up.d/ | ||
71 | install -d ${D}${sysconfdir}/network/if-post-down.d/ | ||
72 | install -d ${D}${sysconfdir}/network/if-down.d/ | ||
73 | install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant | ||
74 | ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant | ||
75 | |||
76 | install -d ${D}/${sysconfdir}/dbus-1/system.d | ||
77 | install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d | ||
78 | install -d ${D}/${datadir}/dbus-1/system-services | ||
79 | install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services | ||
80 | |||
81 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | ||
82 | install -d ${D}/${systemd_system_unitdir} | ||
83 | install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} | ||
84 | fi | ||
85 | |||
86 | install -d ${D}/etc/default/volatiles | ||
87 | install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles | ||
88 | |||
89 | install -d ${D}${includedir} | ||
90 | install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} | ||
91 | |||
92 | if [ -z "${DISABLE_STATIC}" ]; then | ||
93 | install -d ${D}${libdir} | ||
94 | install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir} | ||
95 | fi | ||
96 | } | ||
97 | |||
98 | pkg_postinst:${PN} () { | ||
99 | # If we're offline, we don't need to do this. | ||
100 | if [ "x$D" = "x" ]; then | ||
101 | killall -q -HUP dbus-daemon || true | ||
102 | fi | ||
103 | } | ||
104 | |||
105 | PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli" | ||
106 | PACKAGES =+ "${PN}-lib" | ||
107 | PACKAGES += "${PN}-plugins" | ||
108 | ALLOW_EMPTY:${PN}-plugins = "1" | ||
109 | |||
110 | PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" | ||
111 | NOAUTOPACKAGEDEBUG = "1" | ||
112 | |||
113 | FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase" | ||
114 | FILES:${PN}-cli = "${sbindir}/wpa_cli" | ||
115 | FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}" | ||
116 | FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" | ||
117 | FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug" | ||
118 | |||
119 | CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" | ||
120 | |||
121 | RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins" | ||
122 | |||
123 | SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" | ||
124 | SYSTEMD_AUTO_ENABLE = "disable" | ||
125 | |||
126 | python split_wpa_supplicant_libs () { | ||
127 | libdir = d.expand('${libdir}/wpa_supplicant') | ||
128 | dbglibdir = os.path.join(libdir, '.debug') | ||
129 | |||
130 | split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True) | ||
131 | split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') | ||
132 | |||
133 | if split_packages: | ||
134 | pn = d.getVar('PN') | ||
135 | d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) | ||
136 | d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) | ||
137 | } | ||
138 | PACKAGESPLITFUNCS += "split_wpa_supplicant_libs" | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb deleted file mode 100644 index 7cc03fef7d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ /dev/null | |||
@@ -1,113 +0,0 @@ | |||
1 | SUMMARY = "Client for Wi-Fi Protected Access (WPA)" | ||
2 | HOMEPAGE = "http://w1.fi/wpa_supplicant/" | ||
3 | BUGTRACKER = "http://w1.fi/security/" | ||
4 | SECTION = "network" | ||
5 | LICENSE = "BSD-3-Clause" | ||
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \ | ||
7 | file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \ | ||
8 | file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b" | ||
9 | DEPENDS = "dbus libnl" | ||
10 | RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" | ||
11 | |||
12 | PACKAGECONFIG ??= "gnutls" | ||
13 | PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" | ||
14 | PACKAGECONFIG[openssl] = ",,openssl" | ||
15 | |||
16 | inherit pkgconfig systemd | ||
17 | |||
18 | SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service" | ||
19 | SYSTEMD_AUTO_ENABLE = "disable" | ||
20 | |||
21 | SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ | ||
22 | file://defconfig \ | ||
23 | file://wpa-supplicant.sh \ | ||
24 | file://wpa_supplicant.conf \ | ||
25 | file://wpa_supplicant.conf-sane \ | ||
26 | file://99_wpa_supplicant \ | ||
27 | file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ | ||
28 | file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \ | ||
29 | file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ | ||
30 | file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ | ||
31 | file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ | ||
32 | " | ||
33 | SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" | ||
34 | SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" | ||
35 | |||
36 | CVE_PRODUCT = "wpa_supplicant" | ||
37 | |||
38 | S = "${WORKDIR}/wpa_supplicant-${PV}" | ||
39 | |||
40 | PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli " | ||
41 | FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase" | ||
42 | FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli" | ||
43 | FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" | ||
44 | CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf" | ||
45 | |||
46 | do_configure () { | ||
47 | ${MAKE} -C wpa_supplicant clean | ||
48 | install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config | ||
49 | |||
50 | if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then | ||
51 | ssl=openssl | ||
52 | elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then | ||
53 | ssl=gnutls | ||
54 | fi | ||
55 | if [ -n "$ssl" ]; then | ||
56 | sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config | ||
57 | fi | ||
58 | |||
59 | # For rebuild | ||
60 | rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d | ||
61 | } | ||
62 | |||
63 | export EXTRA_CFLAGS = "${CFLAGS}" | ||
64 | export BINDIR = "${sbindir}" | ||
65 | |||
66 | do_compile () { | ||
67 | unset CFLAGS CPPFLAGS CXXFLAGS | ||
68 | sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules | ||
69 | oe_runmake -C wpa_supplicant | ||
70 | } | ||
71 | |||
72 | do_install () { | ||
73 | install -d ${D}${sbindir} | ||
74 | install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir} | ||
75 | install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir} | ||
76 | |||
77 | install -d ${D}${bindir} | ||
78 | install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir} | ||
79 | |||
80 | install -d ${D}${docdir}/wpa_supplicant | ||
81 | install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant | ||
82 | |||
83 | install -d ${D}${sysconfdir} | ||
84 | install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf | ||
85 | |||
86 | install -d ${D}${sysconfdir}/network/if-pre-up.d/ | ||
87 | install -d ${D}${sysconfdir}/network/if-post-down.d/ | ||
88 | install -d ${D}${sysconfdir}/network/if-down.d/ | ||
89 | install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant | ||
90 | cd ${D}${sysconfdir}/network/ && \ | ||
91 | ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant | ||
92 | |||
93 | install -d ${D}/${sysconfdir}/dbus-1/system.d | ||
94 | install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d | ||
95 | install -d ${D}/${datadir}/dbus-1/system-services | ||
96 | install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services | ||
97 | |||
98 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | ||
99 | install -d ${D}/${systemd_unitdir}/system | ||
100 | install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system | ||
101 | fi | ||
102 | |||
103 | install -d ${D}/etc/default/volatiles | ||
104 | install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles | ||
105 | } | ||
106 | |||
107 | pkg_postinst_wpa-supplicant () { | ||
108 | # If we're offline, we don't need to do this. | ||
109 | if [ "x$D" = "x" ]; then | ||
110 | killall -q -HUP dbus-daemon || true | ||
111 | fi | ||
112 | |||
113 | } | ||