From d106898fbf0e04eb9e9a1d5bf3f337e62b4b65b3 Mon Sep 17 00:00:00 2001 From: Alex Kiernan Date: Tue, 27 May 2025 13:27:59 +0000 Subject: mdns: Upgrade 2600.100.147 -> 2600.120.12 Drop redundant limit declaration patch. Swap issetugid()/getenv() call for secure_getenv() on Linux. Signed-off-by: Alex Kiernan Signed-off-by: Khem Raj --- .../mdns/0001-Use-secure_getenv-on-Linux.patch | 30 +++++ .../mdns/0005-Fix-missing-limit-declarations.patch | 49 -------- .../recipes-protocols/mdns/mdns_2600.100.147.bb | 132 --------------------- .../recipes-protocols/mdns/mdns_2600.120.12.bb | 132 +++++++++++++++++++++ 4 files changed, 162 insertions(+), 181 deletions(-) create mode 100644 meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch delete mode 100644 meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch delete mode 100644 meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb create mode 100644 meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb diff --git a/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch new file mode 100644 index 0000000000..242aa7f7d8 --- /dev/null +++ b/meta-networking/recipes-protocols/mdns/mdns/0001-Use-secure_getenv-on-Linux.patch @@ -0,0 +1,30 @@ +From 1bf3be6cd775635aed95689f97a13fa6a037c741 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan +Date: Tue, 27 May 2025 13:33:30 +0100 +Subject: [PATCH] Use secure_getenv on Linux + +Upstream-Status: Inactive-Upstream [Upstream does not take patches] +Signed-off-by: Alex Kiernan +--- + mDNSShared/dnssd_clientstub.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/mDNSShared/dnssd_clientstub.c b/mDNSShared/dnssd_clientstub.c +index 6667276ee33a..e7b51813664e 100644 +--- a/mDNSShared/dnssd_clientstub.c ++++ b/mDNSShared/dnssd_clientstub.c +@@ -801,10 +801,14 @@ static DNSServiceErrorType ConnectToServer(DNSServiceRef *ref, DNSServiceFlags f + #endif + #ifndef USE_TCP_LOOPBACK + char* uds_serverpath = NULL; ++#ifdef TARGET_OS_LINUX ++ uds_serverpath = secure_getenv(MDNS_UDS_SERVERPATH_ENVVAR); ++#else + if (!issetugid()) + { + uds_serverpath = getenv(MDNS_UDS_SERVERPATH_ENVVAR); + } ++#endif + if (uds_serverpath == NULL) + uds_serverpath = MDNS_UDS_SERVERPATH; + else if (strlen(uds_serverpath) >= MAX_CTLPATH) diff --git a/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch b/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch deleted file mode 100644 index 41b8985e27..0000000000 --- a/meta-networking/recipes-protocols/mdns/mdns/0005-Fix-missing-limit-declarations.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 34285024531adbbc7b67506c9fc2e60f3b36b73b Mon Sep 17 00:00:00 2001 -From: Alex Kiernan -Date: Sat, 26 Oct 2024 13:26:09 +0000 -Subject: [PATCH] Fix missing `limit` declarations - -`put_attribute_tlvs` needs a limit setting which is missing, add it in. - -Upstream-Status: Inactive-Upstream [Upstream does not take patches] -Signed-off-by: Alex Kiernan ---- - mDNSShared/dnssd_clientstub.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/mDNSShared/dnssd_clientstub.c b/mDNSShared/dnssd_clientstub.c -index 89cb90d947c7..316fc49ab078 100644 ---- a/mDNSShared/dnssd_clientstub.c -+++ b/mDNSShared/dnssd_clientstub.c -@@ -2026,6 +2026,7 @@ DNSServiceErrorType DNSServiceRegisterInternal - ipc_msg_hdr *hdr; - DNSServiceErrorType err; - union { uint16_t s; u_char b[2]; } port = { portInNetworkByteOrder }; -+ const uint8_t *limit; - (void)attr; - - if (!sdRef || !regtype) return kDNSServiceErr_BadParam; -@@ -2050,6 +2051,7 @@ DNSServiceErrorType DNSServiceRegisterInternal - if (!hdr) { DNSServiceRefDeallocate(*sdRef); *sdRef = NULL; return kDNSServiceErr_NoMemory; } - if (!callBack) hdr->ipc_flags |= IPC_FLAGS_NOREPLY; - -+ limit = ptr + len; - put_flags(flags, &ptr); - put_uint32(interfaceIndex, &ptr); - put_string(name, &ptr); -@@ -2326,6 +2328,7 @@ DNSServiceErrorType DNSServiceRegisterRecordInternal - ipc_msg_hdr *hdr = NULL; - DNSRecordRef rref = NULL; - DNSRecord **p; -+ const uint8_t *limit; - (void)attr; - - // Verify that only one of the following flags is set. -@@ -2375,6 +2378,7 @@ DNSServiceErrorType DNSServiceRegisterRecordInternal - hdr = create_hdr(reg_record_request, &len, &ptr, !(flags & kDNSServiceFlagsQueueRequest), sdRef); - if (!hdr) return kDNSServiceErr_NoMemory; - -+ limit = ptr + len; - put_flags(flags, &ptr); - put_uint32(interfaceIndex, &ptr); - put_string(fullname, &ptr); diff --git a/meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb b/meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb deleted file mode 100644 index af1400ca6e..0000000000 --- a/meta-networking/recipes-protocols/mdns/mdns_2600.100.147.bb +++ /dev/null @@ -1,132 +0,0 @@ -SUMMARY = "Publishes & browses available services on a link according to the Zeroconf / Bonjour protocol" -DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." -HOMEPAGE = "https://developer.apple.com/bonjour/" -LICENSE = "Apache-2.0 & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" - -DEPENDS:append:libc-musl = " musl-nscd" - -SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH};tag=mDNSResponder-${PV} \ - file://0001-dns-sd-Include-missing-headers.patch \ - file://0002-make-Set-libdns_sd.so-soname-correctly.patch \ - file://0004-make-Separate-TLS-targets-from-libraries.patch \ - file://0005-mDNSCore-Fix-broken-debug-parameter.patch \ - file://0006-make-Add-top-level-Makefile.patch \ - file://0009-remove-unneeded-headers.patch \ - file://0005-Fix-missing-limit-declarations.patch \ - file://0001-Fix-build-with-gcc-15.patch \ - file://mdns.service \ - " -BRANCH = "main" -SRCREV = "d89f8d1d0e001b810d6c055aa2a57b768bcf9aa2" - -# We install a stub Makefile in the top directory so that the various checks -# in base.bbclass pass their tests for a Makefile, this ensures (that amongst -# other things) the sstate checks will clean the build directory when the -# task hashes changes. -# -# We can't use the approach of setting ${S} to mDNSPosix as we need -# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. -S = "${WORKDIR}/git" - -inherit github-releases manpages systemd update-rc.d - -PACKAGECONFIG ?= "tls \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" -PACKAGECONFIG[debug] = "DEBUG=1,DEBUG=0" -PACKAGECONFIG[ipv6] = "HAVE_IPV6=1,HAVE_IPV6=0" -PACKAGECONFIG[manpages] = "" -PACKAGECONFIG[tls] = ",tls=no,mbedtls" - -CVE_PRODUCT = "apple:mdnsresponder" - -CVE_STATUS[CVE-2007-0613] = "not-applicable-platform: Issue affects Apple products \ -i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, \ -https://www.exploit-db.com/exploits/3230 shows the part of code \ -affected by CVE-2007-0613 which is not preset in upstream source code. \ -Hence, CVE-2007-0613 does not affect other Yocto implementations and \ -is not reported for other distros can be marked whitelisted. \ -Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 \ -https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 \ -https://security-tracker.debian.org/tracker/CVE-2007-0613 \ -https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613" - -PARALLEL_MAKE = "" - -EXTRA_OEMAKE = "os=linux 'CC=${CCLD}' 'LD=${CCLD}' 'LINKOPTS=${LDFLAGS}' STRIP=: ${PACKAGECONFIG_CONFARGS}" - -# MDNS_VERSIONSTR_NODTS disables __DATE__ and __TIME__ in the version string, -# which are fixed anyway for build reproducibility. -TARGET_CPPFLAGS += "-DMDNS_VERSIONSTR_NODTS" - -TARGET_CC_ARCH += "${LDFLAGS}" - -MDNS_BUILDDIR = "build/${@bb.utils.contains('PACKAGECONFIG','debug','debug','prod', d)}" - -do_install () { - cd mDNSPosix - - install -d ${D}${sbindir} - install ${MDNS_BUILDDIR}/mdnsd ${D}${sbindir} - - install -d ${D}${libdir} - install -m 0644 ${MDNS_BUILDDIR}/libdns_sd.so ${D}${libdir}/libdns_sd.so.1 - ln -s libdns_sd.so.1 ${D}${libdir}/libdns_sd.so - - install -d ${D}${includedir} - install -m 0644 ../mDNSShared/dns_sd.h ${D}${includedir} - - install -d ${D}${mandir}/man8 - install -m 0644 ../mDNSShared/mDNSResponder.8 ${D}${mandir}/man8/mdnsd.8 - - install -d ${D}${bindir} - install -m 0755 ../Clients/build/dns-sd ${D}${bindir} - - install -d ${D}${libdir} - oe_libinstall -C ${MDNS_BUILDDIR} -so libnss_mdns-0.2 ${D}${libdir} - ln -s libnss_mdns-0.2.so ${D}${libdir}/libnss_mdns.so.2 - - install -d ${D}${sysconfdir} - install -m 0644 nss_mdns.conf ${D}${sysconfdir} - - install -d ${D}${mandir}/man5 - install -m 0644 nss_mdns.conf.5 ${D}${mandir}/man5 - - install -d ${D}${mandir}/man8 - install -m 0644 libnss_mdns.8 ${D}${mandir}/man8 - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${UNPACKDIR}/mdns.service ${D}${systemd_system_unitdir} - - install -d ${D}${INIT_D_DIR} - install mdnsd.sh ${D}${INIT_D_DIR}/mdns -} - -pkg_postinst:${PN}-libnss-mdns () { - if [ -r $D${sysconfdir}/nsswitch.conf ]; then - sed -e '/^hosts:/s/\s*\//' \ - -e 's/\(^hosts:.*\)\(\\)\(.*\)\(\\)\(.*\)/\1\2 mdns\3\4\5/' \ - -i $D${sysconfdir}/nsswitch.conf - fi -} - -pkg_prerm:${PN}-libnss-mdns () { - if [ -r $D${sysconfdir}/nsswitch.conf ]; then - sed -e '/^hosts:/s/\s*\//' \ - -e '/^hosts:/s/\s*mdns//' \ - -i $D${sysconfdir}/nsswitch.conf - fi -} - -SYSTEMD_SERVICE:${PN} = "mdns.service" -INITSCRIPT_NAME = "mdns" - -PACKAGE_BEFORE_PN = "${PN}-libnss-mdns" - -RRECOMMENDS:${PN}:append:libc-glibc = " ${PN}-libnss-mdns" - -FILES_SOLIBSDEV = "${libdir}/libdns_sd.so" -FILES:${PN}-libnss-mdns = "${sysconfdir}/nss_mdns.conf ${libdir}/libnss_mdns*.so*" -RPROVIDES:${PN}-libnss-mdns = "libnss-mdns" - -RPROVIDES:${PN} += "libdns-sd" diff --git a/meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb b/meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb new file mode 100644 index 0000000000..b6efa528d4 --- /dev/null +++ b/meta-networking/recipes-protocols/mdns/mdns_2600.120.12.bb @@ -0,0 +1,132 @@ +SUMMARY = "Publishes & browses available services on a link according to the Zeroconf / Bonjour protocol" +DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." +HOMEPAGE = "https://developer.apple.com/bonjour/" +LICENSE = "Apache-2.0 & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" + +DEPENDS:append:libc-musl = " musl-nscd" + +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH};tag=mDNSResponder-${PV} \ + file://0001-dns-sd-Include-missing-headers.patch \ + file://0002-make-Set-libdns_sd.so-soname-correctly.patch \ + file://0004-make-Separate-TLS-targets-from-libraries.patch \ + file://0005-mDNSCore-Fix-broken-debug-parameter.patch \ + file://0006-make-Add-top-level-Makefile.patch \ + file://0009-remove-unneeded-headers.patch \ + file://0001-Fix-build-with-gcc-15.patch \ + file://0001-Use-secure_getenv-on-Linux.patch \ + file://mdns.service \ + " +BRANCH = "rel/mDNSResponder-2600" +SRCREV = "3a0deda2995d98243dae379bcec10e57928c15e8" + +# We install a stub Makefile in the top directory so that the various checks +# in base.bbclass pass their tests for a Makefile, this ensures (that amongst +# other things) the sstate checks will clean the build directory when the +# task hashes changes. +# +# We can't use the approach of setting ${S} to mDNSPosix as we need +# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. +S = "${WORKDIR}/git" + +inherit github-releases manpages systemd update-rc.d + +PACKAGECONFIG ?= "tls \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" +PACKAGECONFIG[debug] = "DEBUG=1,DEBUG=0" +PACKAGECONFIG[ipv6] = "HAVE_IPV6=1,HAVE_IPV6=0" +PACKAGECONFIG[manpages] = "" +PACKAGECONFIG[tls] = ",tls=no,mbedtls" + +CVE_PRODUCT = "apple:mdnsresponder" + +CVE_STATUS[CVE-2007-0613] = "not-applicable-platform: Issue affects Apple products \ +i.e. ichat,mdnsresponder, instant message framework and MacOS. Also, \ +https://www.exploit-db.com/exploits/3230 shows the part of code \ +affected by CVE-2007-0613 which is not preset in upstream source code. \ +Hence, CVE-2007-0613 does not affect other Yocto implementations and \ +is not reported for other distros can be marked whitelisted. \ +Links: https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613 \ +https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2007-0613 \ +https://security-tracker.debian.org/tracker/CVE-2007-0613 \ +https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613" + +PARALLEL_MAKE = "" + +EXTRA_OEMAKE = "os=linux 'CC=${CCLD}' 'LD=${CCLD}' 'LINKOPTS=${LDFLAGS}' STRIP=: ${PACKAGECONFIG_CONFARGS}" + +# MDNS_VERSIONSTR_NODTS disables __DATE__ and __TIME__ in the version string, +# which are fixed anyway for build reproducibility. +TARGET_CPPFLAGS += "-DMDNS_VERSIONSTR_NODTS" + +TARGET_CC_ARCH += "${LDFLAGS}" + +MDNS_BUILDDIR = "build/${@bb.utils.contains('PACKAGECONFIG','debug','debug','prod', d)}" + +do_install () { + cd mDNSPosix + + install -d ${D}${sbindir} + install ${MDNS_BUILDDIR}/mdnsd ${D}${sbindir} + + install -d ${D}${libdir} + install -m 0644 ${MDNS_BUILDDIR}/libdns_sd.so ${D}${libdir}/libdns_sd.so.1 + ln -s libdns_sd.so.1 ${D}${libdir}/libdns_sd.so + + install -d ${D}${includedir} + install -m 0644 ../mDNSShared/dns_sd.h ${D}${includedir} + + install -d ${D}${mandir}/man8 + install -m 0644 ../mDNSShared/mDNSResponder.8 ${D}${mandir}/man8/mdnsd.8 + + install -d ${D}${bindir} + install -m 0755 ../Clients/build/dns-sd ${D}${bindir} + + install -d ${D}${libdir} + oe_libinstall -C ${MDNS_BUILDDIR} -so libnss_mdns-0.2 ${D}${libdir} + ln -s libnss_mdns-0.2.so ${D}${libdir}/libnss_mdns.so.2 + + install -d ${D}${sysconfdir} + install -m 0644 nss_mdns.conf ${D}${sysconfdir} + + install -d ${D}${mandir}/man5 + install -m 0644 nss_mdns.conf.5 ${D}${mandir}/man5 + + install -d ${D}${mandir}/man8 + install -m 0644 libnss_mdns.8 ${D}${mandir}/man8 + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${UNPACKDIR}/mdns.service ${D}${systemd_system_unitdir} + + install -d ${D}${INIT_D_DIR} + install mdnsd.sh ${D}${INIT_D_DIR}/mdns +} + +pkg_postinst:${PN}-libnss-mdns () { + if [ -r $D${sysconfdir}/nsswitch.conf ]; then + sed -e '/^hosts:/s/\s*\//' \ + -e 's/\(^hosts:.*\)\(\\)\(.*\)\(\\)\(.*\)/\1\2 mdns\3\4\5/' \ + -i $D${sysconfdir}/nsswitch.conf + fi +} + +pkg_prerm:${PN}-libnss-mdns () { + if [ -r $D${sysconfdir}/nsswitch.conf ]; then + sed -e '/^hosts:/s/\s*\//' \ + -e '/^hosts:/s/\s*mdns//' \ + -i $D${sysconfdir}/nsswitch.conf + fi +} + +SYSTEMD_SERVICE:${PN} = "mdns.service" +INITSCRIPT_NAME = "mdns" + +PACKAGE_BEFORE_PN = "${PN}-libnss-mdns" + +RRECOMMENDS:${PN}:append:libc-glibc = " ${PN}-libnss-mdns" + +FILES_SOLIBSDEV = "${libdir}/libdns_sd.so" +FILES:${PN}-libnss-mdns = "${sysconfdir}/nss_mdns.conf ${libdir}/libnss_mdns*.so*" +RPROVIDES:${PN}-libnss-mdns = "libnss-mdns" + +RPROVIDES:${PN} += "libdns-sd" -- cgit v1.2.3-54-g00ecf