diff options
Diffstat (limited to 'meta/recipes-extended/iputils')
3 files changed, 59 insertions, 117 deletions
diff --git a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch deleted file mode 100644 index d7367caf78..0000000000 --- a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alex Kiernan <alex.kiernan@gmail.com> | ||
3 | Date: Thu, 13 Feb 2020 06:08:45 +0000 | ||
4 | Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers | ||
5 | |||
6 | Neither rarpd nor rdisc can gain the necessary capabilities with | ||
7 | PrivateUsers enabled. | ||
8 | |||
9 | Upstream-Status: Pending | ||
10 | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> | ||
11 | --- | ||
12 | systemd/rarpd.service.in | 1 - | ||
13 | systemd/rdisc.service.in | 3 ++- | ||
14 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
15 | |||
16 | diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in | ||
17 | index e600c10c93e6..f5d7621a7ce8 100644 | ||
18 | --- a/systemd/rarpd.service.in | ||
19 | +++ b/systemd/rarpd.service.in | ||
20 | @@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW | ||
21 | DynamicUser=yes | ||
22 | PrivateTmp=yes | ||
23 | PrivateDevices=yes | ||
24 | -PrivateUsers=yes | ||
25 | ProtectSystem=strict | ||
26 | ProtectHome=yes | ||
27 | ProtectControlGroups=yes | ||
28 | diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in | ||
29 | index 4e2a1ec9d0e5..a71b87d36b37 100644 | ||
30 | --- a/systemd/rdisc.service.in | ||
31 | +++ b/systemd/rdisc.service.in | ||
32 | @@ -8,9 +8,10 @@ After=network.target | ||
33 | EnvironmentFile=-/etc/sysconfig/rdisc | ||
34 | ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS | ||
35 | |||
36 | +CapabilityBoundingSet=CAP_NET_RAW | ||
37 | AmbientCapabilities=CAP_NET_RAW | ||
38 | PrivateTmp=yes | ||
39 | -PrivateUsers=yes | ||
40 | +DynamicUser=yes | ||
41 | ProtectSystem=strict | ||
42 | ProtectHome=yes | ||
43 | ProtectControlGroups=yes | ||
44 | -- | ||
45 | 2.17.1 | ||
46 | |||
diff --git a/meta/recipes-extended/iputils/iputils_20240117.bb b/meta/recipes-extended/iputils/iputils_20240117.bb new file mode 100644 index 0000000000..3880689742 --- /dev/null +++ b/meta/recipes-extended/iputils/iputils_20240117.bb | |||
@@ -0,0 +1,59 @@ | |||
1 | SUMMARY = "Network monitoring tools" | ||
2 | DESCRIPTION = "Utilities for the IP protocol, including \ | ||
3 | tracepath, tracepath6, ping, ping6 and arping." | ||
4 | HOMEPAGE = "https://github.com/iputils/iputils" | ||
5 | SECTION = "console/network" | ||
6 | |||
7 | LICENSE = "BSD-3-Clause & GPL-2.0-or-later" | ||
8 | |||
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=627cc07ec86a45951d43e30658bbd819" | ||
10 | |||
11 | DEPENDS = "gnutls" | ||
12 | |||
13 | SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https" | ||
14 | SRCREV = "8372f355bdf7a9b0c79338dd8ef8464c00a5c4e2" | ||
15 | |||
16 | S = "${WORKDIR}/git" | ||
17 | |||
18 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)" | ||
19 | |||
20 | CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." | ||
21 | CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order." | ||
22 | |||
23 | PACKAGECONFIG ??= "libcap" | ||
24 | PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" | ||
25 | PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" | ||
26 | PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" | ||
27 | PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt" | ||
28 | |||
29 | inherit meson update-alternatives pkgconfig | ||
30 | |||
31 | EXTRA_OEMESON += "--prefix=${root_prefix}/ -DSKIP_TESTS=true" | ||
32 | |||
33 | ALTERNATIVE_PRIORITY = "100" | ||
34 | |||
35 | ALTERNATIVE:${PN}-ping = "ping" | ||
36 | ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" | ||
37 | |||
38 | ALTERNATIVE:${PN}-ping6 = "ping6" | ||
39 | ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" | ||
40 | |||
41 | SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff \ | ||
42 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ping6', '', d)}" | ||
43 | PACKAGES += "${SPLITPKGS}" | ||
44 | |||
45 | ALLOW_EMPTY:${PN} = "1" | ||
46 | RDEPENDS:${PN} += "${SPLITPKGS}" | ||
47 | |||
48 | FILES:${PN} = "" | ||
49 | FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" | ||
50 | FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" | ||
51 | FILES:${PN}-arping = "${base_bindir}/arping" | ||
52 | FILES:${PN}-tracepath = "${base_bindir}/tracepath" | ||
53 | FILES:${PN}-clockdiff = "${base_bindir}/clockdiff" | ||
54 | |||
55 | do_install:append() { | ||
56 | if ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'true', 'false', d)}; then | ||
57 | ln -sf ping ${D}/${base_bindir}/ping6 | ||
58 | fi | ||
59 | } | ||
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb deleted file mode 100644 index e43abf2629..0000000000 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ /dev/null | |||
@@ -1,71 +0,0 @@ | |||
1 | SUMMARY = "Network monitoring tools" | ||
2 | DESCRIPTION = "Utilities for the IP protocol, including traceroute6, \ | ||
3 | tracepath, tracepath6, ping, ping6 and arping." | ||
4 | HOMEPAGE = "https://github.com/iputils/iputils" | ||
5 | SECTION = "console/network" | ||
6 | |||
7 | LICENSE = "BSD & GPLv2+" | ||
8 | |||
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390" | ||
10 | |||
11 | DEPENDS = "gnutls" | ||
12 | |||
13 | SRC_URI = "git://github.com/iputils/iputils \ | ||
14 | file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ | ||
15 | " | ||
16 | SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b" | ||
17 | |||
18 | S = "${WORKDIR}/git" | ||
19 | |||
20 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>s\d+)" | ||
21 | |||
22 | # Fixed in 2000-10-10, but the versioning of iputils | ||
23 | # breaks the version order. | ||
24 | CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" | ||
25 | |||
26 | PACKAGECONFIG ??= "libcap rarpd \ | ||
27 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \ | ||
28 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" | ||
29 | PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" | ||
30 | PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" | ||
31 | PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" | ||
32 | PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false," | ||
33 | PACKAGECONFIG[rarpd] = "-DBUILD_RARPD=true,-DBUILD_RARPD=false," | ||
34 | PACKAGECONFIG[systemd] = "-Dsystemdunitdir=${systemd_unitdir}/system,,systemd" | ||
35 | PACKAGECONFIG[tftpd] = "-DBUILD_TFTPD=true, -DBUILD_TFTPD=false," | ||
36 | PACKAGECONFIG[traceroute6] = "-DBUILD_TRACEROUTE6=true,-DBUILD_TRACEROUTE6=false," | ||
37 | PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt" | ||
38 | |||
39 | inherit meson systemd update-alternatives | ||
40 | |||
41 | EXTRA_OEMESON += "--prefix=${root_prefix}/" | ||
42 | |||
43 | ALTERNATIVE_PRIORITY = "100" | ||
44 | |||
45 | ALTERNATIVE_${PN}-ping = "ping" | ||
46 | ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" | ||
47 | |||
48 | SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff ${PN}-rdisc \ | ||
49 | ${@bb.utils.contains('PACKAGECONFIG', 'rarpd', '${PN}-rarpd', '', d)} \ | ||
50 | ${@bb.utils.contains('PACKAGECONFIG', 'tftpd', '${PN}-tftpd', '', d)} \ | ||
51 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-traceroute6 ${PN}-ninfod', '', d)}" | ||
52 | PACKAGES += "${SPLITPKGS}" | ||
53 | |||
54 | ALLOW_EMPTY_${PN} = "1" | ||
55 | RDEPENDS_${PN} += "${SPLITPKGS}" | ||
56 | |||
57 | FILES_${PN} = "" | ||
58 | FILES_${PN}-ping = "${base_bindir}/ping.${BPN}" | ||
59 | FILES_${PN}-arping = "${base_bindir}/arping" | ||
60 | FILES_${PN}-tracepath = "${base_bindir}/tracepath" | ||
61 | FILES_${PN}-traceroute6 = "${base_bindir}/traceroute6" | ||
62 | FILES_${PN}-clockdiff = "${base_bindir}/clockdiff" | ||
63 | FILES_${PN}-tftpd = "${base_bindir}/tftpd ${sysconfdir}/xinetd.d/tftp" | ||
64 | FILES_${PN}-rarpd = "${base_sbindir}/rarpd ${systemd_unitdir}/system/rarpd@.service" | ||
65 | FILES_${PN}-rdisc = "${base_sbindir}/rdisc" | ||
66 | FILES_${PN}-ninfod = "${base_sbindir}/ninfod ${sysconfdir}/init.d/ninfod.sh" | ||
67 | |||
68 | SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ninfod', '', d)} \ | ||
69 | ${PN}-rdisc" | ||
70 | SYSTEMD_SERVICE_${PN}-ninfod = "ninfod.service" | ||
71 | SYSTEMD_SERVICE_${PN}-rdisc = "rdisc.service" | ||