diff options
| author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-11-07 13:31:53 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-11-07 13:31:53 +0000 |
| commit | 8c22ff0d8b70d9b12f0487ef696a7e915b9e3173 (patch) | |
| tree | efdc32587159d0050a69009bdf2330a531727d95 /meta/recipes-connectivity | |
| parent | d412d2747595c1cc4a5e3ca975e3adc31b2f7891 (diff) | |
| download | poky-8c22ff0d8b70d9b12f0487ef696a7e915b9e3173.tar.gz | |
The poky repository master branch is no longer being updated.
You can either:
a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs
b) use the new bitbake-setup
You can find information about either approach in our documentation:
https://docs.yoctoproject.org/
Note that "poky" the distro setting is still available in meta-yocto as
before and we continue to use and maintain that.
Long live Poky!
Some further information on the background of this change can be found
in: https://lists.openembedded.org/g/openembedded-architecture/message/2179
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
162 files changed, 0 insertions, 10684 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb deleted file mode 100644 index d45c06357d..0000000000 --- a/meta/recipes-connectivity/avahi/avahi-libnss-mdns_0.15.1.bb +++ /dev/null | |||
| @@ -1,38 +0,0 @@ | |||
| 1 | SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution" | ||
| 2 | HOMEPAGE = "https://github.com/lathiat/nss-mdns" | ||
| 3 | DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local." | ||
| 4 | SECTION = "libs" | ||
| 5 | |||
| 6 | LICENSE = "LGPL-2.1-or-later" | ||
| 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1" | ||
| 8 | |||
| 9 | DEPENDS = "avahi" | ||
| 10 | |||
| 11 | SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \ | ||
| 12 | " | ||
| 13 | |||
| 14 | SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" | ||
| 15 | |||
| 16 | inherit autotools pkgconfig | ||
| 17 | |||
| 18 | COMPATIBLE_HOST:libc-musl = 'null' | ||
| 19 | |||
| 20 | EXTRA_OECONF = "--libdir=${base_libdir}" | ||
| 21 | |||
| 22 | RDEPENDS:${PN} = "avahi-daemon" | ||
| 23 | RPROVIDES:${PN} = "libnss-mdns" | ||
| 24 | |||
| 25 | pkg_postinst:${PN} () { | ||
| 26 | sed ' | ||
| 27 | /^hosts:/ !b | ||
| 28 | /\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b | ||
| 29 | s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g | ||
| 30 | ' -i $D${sysconfdir}/nsswitch.conf | ||
| 31 | } | ||
| 32 | |||
| 33 | pkg_prerm:${PN} () { | ||
| 34 | sed ' | ||
| 35 | /^hosts:/ !b | ||
| 36 | s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g | ||
| 37 | ' -i $D${sysconfdir}/nsswitch.conf | ||
| 38 | } | ||
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb deleted file mode 100644 index 4fe8ba4d28..0000000000 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ /dev/null | |||
| @@ -1,200 +0,0 @@ | |||
| 1 | SUMMARY = "Avahi IPv4LL network address configuration daemon" | ||
| 2 | DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \ | ||
| 3 | allows programs to publish and discover services and hosts running on a local network \ | ||
| 4 | with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \ | ||
| 5 | IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ | ||
| 6 | configuration from the link-local 169.254.0.0/16 range without the need for a central \ | ||
| 7 | server.' | ||
| 8 | HOMEPAGE = "http://avahi.org" | ||
| 9 | BUGTRACKER = "https://github.com/avahi/avahi/issues" | ||
| 10 | SECTION = "network" | ||
| 11 | |||
| 12 | # major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and | ||
| 13 | # python scripts are under GPL-2.0-or-later | ||
| 14 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" | ||
| 15 | LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | ||
| 16 | file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \ | ||
| 17 | file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \ | ||
| 18 | file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \ | ||
| 19 | file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf" | ||
| 20 | |||
| 21 | SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ | ||
| 22 | file://00avahi-autoipd \ | ||
| 23 | file://99avahi-autoipd \ | ||
| 24 | file://initscript.patch \ | ||
| 25 | file://0001-Fix-opening-etc-resolv.conf-error.patch \ | ||
| 26 | file://handle-hup.patch \ | ||
| 27 | file://local-ping.patch \ | ||
| 28 | file://invalid-service.patch \ | ||
| 29 | file://CVE-2023-1981.patch \ | ||
| 30 | file://CVE-2023-38469-1.patch \ | ||
| 31 | file://CVE-2023-38469-2.patch \ | ||
| 32 | file://CVE-2023-38470-1.patch \ | ||
| 33 | file://CVE-2023-38470-2.patch \ | ||
| 34 | file://CVE-2023-38471-1.patch \ | ||
| 35 | file://CVE-2023-38471-2.patch \ | ||
| 36 | file://CVE-2023-38472.patch \ | ||
| 37 | file://CVE-2023-38473.patch \ | ||
| 38 | file://CVE-2024-52616.patch \ | ||
| 39 | file://CVE-2024-52615.patch \ | ||
| 40 | " | ||
| 41 | |||
| 42 | GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" | ||
| 43 | SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" | ||
| 44 | |||
| 45 | CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" | ||
| 46 | |||
| 47 | DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" | ||
| 48 | |||
| 49 | # For gtk related PACKAGECONFIGs: gtk, gtk3 | ||
| 50 | AVAHI_GTK ?= "" | ||
| 51 | |||
| 52 | PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}" | ||
| 53 | PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" | ||
| 54 | PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+" | ||
| 55 | PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3" | ||
| 56 | PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus" | ||
| 57 | PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent" | ||
| 58 | PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase" | ||
| 59 | |||
| 60 | inherit autotools pkgconfig gettext gobject-introspection github-releases | ||
| 61 | |||
| 62 | EXTRA_OECONF = "--with-avahi-priv-access-group=adm \ | ||
| 63 | --disable-stack-protector \ | ||
| 64 | --disable-gdbm \ | ||
| 65 | --disable-dbm \ | ||
| 66 | --disable-mono \ | ||
| 67 | --disable-monodoc \ | ||
| 68 | --disable-qt3 \ | ||
| 69 | --disable-qt4 \ | ||
| 70 | --disable-python \ | ||
| 71 | --disable-doxygen-doc \ | ||
| 72 | --enable-manpages \ | ||
| 73 | ${EXTRA_OECONF_SYSVINIT} \ | ||
| 74 | ${EXTRA_OECONF_SYSTEMD} \ | ||
| 75 | " | ||
| 76 | |||
| 77 | # The distro choice determines what init scripts are installed | ||
| 78 | EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}" | ||
| 79 | EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}" | ||
| 80 | |||
| 81 | do_configure:prepend() { | ||
| 82 | # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes | ||
| 83 | rm "${S}/common/introspection.m4" || true | ||
| 84 | } | ||
| 85 | |||
| 86 | do_compile:prepend() { | ||
| 87 | export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs" | ||
| 88 | } | ||
| 89 | |||
| 90 | RRECOMMENDS:${PN}:append:libc-glibc = " avahi-libnss-mdns" | ||
| 91 | |||
| 92 | do_install() { | ||
| 93 | autotools_do_install | ||
| 94 | rm -rf ${D}/run | ||
| 95 | test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 | ||
| 96 | rm -rf ${D}${libdir}/avahi | ||
| 97 | |||
| 98 | # Move example service files out of /etc/avahi/services so we don't | ||
| 99 | # advertise ssh & sftp-ssh by default | ||
| 100 | install -d ${D}${docdir}/avahi | ||
| 101 | mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi | ||
| 102 | } | ||
| 103 | |||
| 104 | PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}" | ||
| 105 | |||
| 106 | FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*" | ||
| 107 | |||
| 108 | RPROVIDES:libavahi-compat-libdnssd = "libdns-sd" | ||
| 109 | |||
| 110 | inherit update-rc.d systemd useradd | ||
| 111 | |||
| 112 | PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui" | ||
| 113 | |||
| 114 | FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*" | ||
| 115 | FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \ | ||
| 116 | ${datadir}/avahi/interfaces/avahi-discover.ui \ | ||
| 117 | ${bindir}/avahi-discover-standalone \ | ||
| 118 | " | ||
| 119 | |||
| 120 | LICENSE:libavahi-gobject = "LGPL-2.1-or-later" | ||
| 121 | LICENSE:avahi-daemon = "LGPL-2.1-or-later" | ||
| 122 | LICENSE:libavahi-common = "LGPL-2.1-or-later" | ||
| 123 | LICENSE:libavahi-core = "LGPL-2.1-or-later" | ||
| 124 | LICENSE:libavahi-client = "LGPL-2.1-or-later" | ||
| 125 | LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later" | ||
| 126 | LICENSE:libavahi-glib = "LGPL-2.1-or-later" | ||
| 127 | LICENSE:avahi-autoipd = "LGPL-2.1-or-later" | ||
| 128 | LICENSE:avahi-utils = "LGPL-2.1-or-later" | ||
| 129 | |||
| 130 | # As avahi doesn't put any files into PN, clear the files list to avoid problems | ||
| 131 | # if extra libraries appear. | ||
| 132 | FILES:${PN} = "" | ||
| 133 | FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \ | ||
| 134 | ${sysconfdir}/avahi/avahi-autoipd.action \ | ||
| 135 | ${sysconfdir}/dhcp/*/avahi-autoipd \ | ||
| 136 | ${sysconfdir}/udhcpc.d/00avahi-autoipd \ | ||
| 137 | ${sysconfdir}/udhcpc.d/99avahi-autoipd" | ||
| 138 | FILES:libavahi-common = "${libdir}/libavahi-common.so.*" | ||
| 139 | FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib" | ||
| 140 | FILES:avahi-daemon = "${sbindir}/avahi-daemon \ | ||
| 141 | ${sysconfdir}/avahi/avahi-daemon.conf \ | ||
| 142 | ${sysconfdir}/avahi/hosts \ | ||
| 143 | ${sysconfdir}/avahi/services \ | ||
| 144 | ${sysconfdir}/dbus-1 \ | ||
| 145 | ${sysconfdir}/init.d/avahi-daemon \ | ||
| 146 | ${datadir}/dbus-1/interfaces \ | ||
| 147 | ${datadir}/avahi/avahi-service.dtd \ | ||
| 148 | ${datadir}/avahi/service-types \ | ||
| 149 | ${datadir}/dbus-1/system-services" | ||
| 150 | FILES:libavahi-client = "${libdir}/libavahi-client.so.*" | ||
| 151 | FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \ | ||
| 152 | ${sysconfdir}/avahi/avahi-dnsconfd.action \ | ||
| 153 | ${sysconfdir}/init.d/avahi-dnsconfd" | ||
| 154 | FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*" | ||
| 155 | FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib" | ||
| 156 | FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*" | ||
| 157 | |||
| 158 | DEV_PKG_DEPENDENCY = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})" | ||
| 159 | DEV_PKG_DEPENDENCY += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}" | ||
| 160 | RDEPENDS:${PN}-dnsconfd = "${PN}-daemon" | ||
| 161 | |||
| 162 | RRECOMMENDS:avahi-daemon:append:libc-glibc = " avahi-libnss-mdns" | ||
| 163 | |||
| 164 | CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf" | ||
| 165 | |||
| 166 | USERADD_PACKAGES = "avahi-daemon avahi-autoipd" | ||
| 167 | USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \ | ||
| 168 | --no-create-home --shell /bin/false \ | ||
| 169 | --user-group avahi" | ||
| 170 | |||
| 171 | USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \ | ||
| 172 | --no-create-home --shell /bin/false \ | ||
| 173 | --user-group \ | ||
| 174 | -c \"Avahi autoip daemon\" \ | ||
| 175 | avahi-autoipd" | ||
| 176 | |||
| 177 | INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd" | ||
| 178 | INITSCRIPT_NAME:avahi-daemon = "avahi-daemon" | ||
| 179 | INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19" | ||
| 180 | INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd" | ||
| 181 | INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19" | ||
| 182 | |||
| 183 | SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd" | ||
| 184 | SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service" | ||
| 185 | SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service" | ||
| 186 | |||
| 187 | do_install:append() { | ||
| 188 | install -d ${D}${sysconfdir}/udhcpc.d | ||
| 189 | install ${UNPACKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d | ||
| 190 | install ${UNPACKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d | ||
| 191 | } | ||
| 192 | |||
| 193 | # At the time the postinst runs, dbus might not be setup so only restart if running | ||
| 194 | # Don't exit early, because update-rc.d needs to run subsequently. | ||
| 195 | pkg_postinst:avahi-daemon () { | ||
| 196 | if [ -z "$D" ]; then | ||
| 197 | killall -q -HUP dbus-daemon || true | ||
| 198 | fi | ||
| 199 | } | ||
| 200 | |||
diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch deleted file mode 100644 index cb8b83fd23..0000000000 --- a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch +++ /dev/null | |||
| @@ -1,45 +0,0 @@ | |||
| 1 | From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
| 3 | Date: Wed, 20 Jun 2018 13:57:35 +0800 | ||
| 4 | Subject: [PATCH] Fix opening /etc/resolv.conf error | ||
| 5 | |||
| 6 | Fix to start avahi-daemon after systemd-resolved.service. This is because | ||
| 7 | /etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is | ||
| 8 | a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf | ||
| 9 | is created by systemd-resolved.service by default in current OE's systemd | ||
| 10 | based systems. | ||
| 11 | |||
| 12 | This fixes errro like below. | ||
| 13 | |||
| 14 | Failed to open /etc/resolv.conf: Invalid argument | ||
| 15 | |||
| 16 | In fact, handling of /etc/resolv.conf is quite distro specific. So this patch | ||
| 17 | is marked as OE specific. | ||
| 18 | |||
| 19 | Upstream-Status: Inappropriate [OE Specific] | ||
| 20 | |||
| 21 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 22 | |||
| 23 | When connman installed to image, /etc/resolv.conf is link to | ||
| 24 | /etc/resolv-conf.connman. So launch avahi-daemon after connman too. | ||
| 25 | |||
| 26 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
| 27 | --- | ||
| 28 | avahi-daemon/avahi-daemon.service.in | 1 + | ||
| 29 | 1 file changed, 1 insertion(+) | ||
| 30 | |||
| 31 | diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in | ||
| 32 | index 548c834..63e28e4 100644 | ||
| 33 | --- a/avahi-daemon/avahi-daemon.service.in | ||
| 34 | +++ b/avahi-daemon/avahi-daemon.service.in | ||
| 35 | @@ -18,6 +18,7 @@ | ||
| 36 | [Unit] | ||
| 37 | Description=Avahi mDNS/DNS-SD Stack | ||
| 38 | Requires=avahi-daemon.socket | ||
| 39 | +After=systemd-resolved.service connman.service | ||
| 40 | |||
| 41 | [Service] | ||
| 42 | Type=dbus | ||
| 43 | -- | ||
| 44 | 2.11.0 | ||
| 45 | |||
diff --git a/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/meta/recipes-connectivity/avahi/files/00avahi-autoipd deleted file mode 100644 index a0ab814603..0000000000 --- a/meta/recipes-connectivity/avahi/files/00avahi-autoipd +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | [ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 | ||
| 4 | |||
| 5 | case "$1" in | ||
| 6 | |||
| 7 | deconfig|renew|bound) | ||
| 8 | /usr/sbin/avahi-autoipd -k $interface 2> /dev/null | ||
| 9 | ;; | ||
| 10 | esac | ||
diff --git a/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/meta/recipes-connectivity/avahi/files/99avahi-autoipd deleted file mode 100644 index 234cdaa3eb..0000000000 --- a/meta/recipes-connectivity/avahi/files/99avahi-autoipd +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | [ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 | ||
| 4 | |||
| 5 | case "$1" in | ||
| 6 | |||
| 7 | leasefail) | ||
| 8 | /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null | ||
| 9 | ;; | ||
| 10 | esac | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch deleted file mode 100644 index 4d7924d13a..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch +++ /dev/null | |||
| @@ -1,58 +0,0 @@ | |||
| 1 | From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
| 3 | Date: Thu, 17 Nov 2022 01:51:53 +0100 | ||
| 4 | Subject: [PATCH] Emit error if requested service is not found | ||
| 5 | |||
| 6 | It currently just crashes instead of replying with error. Check return | ||
| 7 | value and emit error instead of passing NULL pointer to reply. | ||
| 8 | |||
| 9 | Fixes #375 | ||
| 10 | |||
| 11 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/jammy-security | ||
| 12 | Upstream commit https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f] | ||
| 13 | CVE: CVE-2023-1981 | ||
| 14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 15 | --- | ||
| 16 | avahi-daemon/dbus-protocol.c | 20 ++++++++++++++------ | ||
| 17 | 1 file changed, 14 insertions(+), 6 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/avahi-daemon/dbus-protocol.c b/avahi-daemon/dbus-protocol.c | ||
| 20 | index 70d7687bc..406d0b441 100644 | ||
| 21 | --- a/avahi-daemon/dbus-protocol.c | ||
| 22 | +++ b/avahi-daemon/dbus-protocol.c | ||
| 23 | @@ -375,10 +375,14 @@ static DBusHandlerResult dbus_get_alternative_host_name(DBusConnection *c, DBusM | ||
| 24 | } | ||
| 25 | |||
| 26 | t = avahi_alternative_host_name(n); | ||
| 27 | - avahi_dbus_respond_string(c, m, t); | ||
| 28 | - avahi_free(t); | ||
| 29 | + if (t) { | ||
| 30 | + avahi_dbus_respond_string(c, m, t); | ||
| 31 | + avahi_free(t); | ||
| 32 | |||
| 33 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
| 34 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
| 35 | + } else { | ||
| 36 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Hostname not found"); | ||
| 37 | + } | ||
| 38 | } | ||
| 39 | |||
| 40 | static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
| 41 | @@ -389,10 +393,14 @@ static DBusHandlerResult dbus_get_alternative_service_name(DBusConnection *c, DB | ||
| 42 | } | ||
| 43 | |||
| 44 | t = avahi_alternative_service_name(n); | ||
| 45 | - avahi_dbus_respond_string(c, m, t); | ||
| 46 | - avahi_free(t); | ||
| 47 | + if (t) { | ||
| 48 | + avahi_dbus_respond_string(c, m, t); | ||
| 49 | + avahi_free(t); | ||
| 50 | |||
| 51 | - return DBUS_HANDLER_RESULT_HANDLED; | ||
| 52 | + return DBUS_HANDLER_RESULT_HANDLED; | ||
| 53 | + } else { | ||
| 54 | + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NOT_FOUND, "Service not found"); | ||
| 55 | + } | ||
| 56 | } | ||
| 57 | |||
| 58 | static DBusHandlerResult dbus_create_new_entry_group(DBusConnection *c, DBusMessage *m, DBusError *error) { | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch deleted file mode 100644 index a078f66102..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | From 72842945085cc3adaccfdfa2853771b0e75ef991 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Mon, 23 Oct 2023 20:29:31 +0000 | ||
| 4 | Subject: [PATCH] avahi: core: reject overly long TXT resource records | ||
| 5 | |||
| 6 | Closes https://github.com/lathiat/avahi/issues/455 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf] | ||
| 9 | CVE: CVE-2023-38469 | ||
| 10 | |||
| 11 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
| 12 | --- | ||
| 13 | avahi-core/rr.c | 9 ++++++++- | ||
| 14 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
| 15 | |||
| 16 | diff --git a/avahi-core/rr.c b/avahi-core/rr.c | ||
| 17 | index 7fa0bee..b03a24c 100644 | ||
| 18 | --- a/avahi-core/rr.c | ||
| 19 | +++ b/avahi-core/rr.c | ||
| 20 | @@ -32,6 +32,7 @@ | ||
| 21 | #include <avahi-common/malloc.h> | ||
| 22 | #include <avahi-common/defs.h> | ||
| 23 | |||
| 24 | +#include "dns.h" | ||
| 25 | #include "rr.h" | ||
| 26 | #include "log.h" | ||
| 27 | #include "util.h" | ||
| 28 | @@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) { | ||
| 29 | case AVAHI_DNS_TYPE_TXT: { | ||
| 30 | |||
| 31 | AvahiStringList *strlst; | ||
| 32 | + size_t used = 0; | ||
| 33 | |||
| 34 | - for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) | ||
| 35 | + for (strlst = r->data.txt.string_list; strlst; strlst = strlst->next) { | ||
| 36 | if (strlst->size > 255 || strlst->size <= 0) | ||
| 37 | return 0; | ||
| 38 | |||
| 39 | + used += 1+strlst->size; | ||
| 40 | + if (used > AVAHI_DNS_RDATA_MAX) | ||
| 41 | + return 0; | ||
| 42 | + } | ||
| 43 | + | ||
| 44 | return 1; | ||
| 45 | } | ||
| 46 | } | ||
| 47 | -- | ||
| 48 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch deleted file mode 100644 index f8f60ddca1..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | From c6cab87df290448a63323c8ca759baa516166237 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Wed, 25 Oct 2023 18:15:42 +0000 | ||
| 4 | Subject: [PATCH] tests: pass overly long TXT resource records | ||
| 5 | |||
| 6 | to make sure they don't crash avahi any more. | ||
| 7 | It reproduces https://github.com/lathiat/avahi/issues/455 | ||
| 8 | |||
| 9 | Canonical notes: | ||
| 10 | nickgalanis> removed first hunk since there is no .github dir in this release | ||
| 11 | |||
| 12 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38469-2.patch?h=ubuntu/jammy-security | ||
| 13 | Upstream commit https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237] | ||
| 14 | CVE: CVE-2023-38469 | ||
| 15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 16 | --- | ||
| 17 | avahi-client/client-test.c | 14 ++++++++++++++ | ||
| 18 | 1 files changed, 14 insertions(+) | ||
| 19 | |||
| 20 | Index: avahi-0.8/avahi-client/client-test.c | ||
| 21 | =================================================================== | ||
| 22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
| 23 | +++ avahi-0.8/avahi-client/client-test.c | ||
| 24 | @@ -22,6 +22,7 @@ | ||
| 25 | #endif | ||
| 26 | |||
| 27 | #include <stdio.h> | ||
| 28 | +#include <string.h> | ||
| 29 | #include <assert.h> | ||
| 30 | |||
| 31 | #include <avahi-client/client.h> | ||
| 32 | @@ -33,6 +34,8 @@ | ||
| 33 | #include <avahi-common/malloc.h> | ||
| 34 | #include <avahi-common/timeval.h> | ||
| 35 | |||
| 36 | +#include <avahi-core/dns.h> | ||
| 37 | + | ||
| 38 | static const AvahiPoll *poll_api = NULL; | ||
| 39 | static AvahiSimplePoll *simple_poll = NULL; | ||
| 40 | |||
| 41 | @@ -222,6 +225,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
| 42 | uint32_t cookie; | ||
| 43 | struct timeval tv; | ||
| 44 | AvahiAddress a; | ||
| 45 | + uint8_t rdata[AVAHI_DNS_RDATA_MAX+1]; | ||
| 46 | + AvahiStringList *txt = NULL; | ||
| 47 | + int r; | ||
| 48 | |||
| 49 | simple_poll = avahi_simple_poll_new(); | ||
| 50 | poll_api = avahi_simple_poll_get(simple_poll); | ||
| 51 | @@ -258,6 +264,14 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
| 52 | printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, NULL, 80, "foo=bar", NULL))); | ||
| 53 | printf("add_record: %d\n", avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 6)); | ||
| 54 | |||
| 55 | + memset(rdata, 1, sizeof(rdata)); | ||
| 56 | + r = avahi_string_list_parse(rdata, sizeof(rdata), &txt); | ||
| 57 | + assert(r >= 0); | ||
| 58 | + assert(avahi_string_list_serialize(txt, NULL, 0) == sizeof(rdata)); | ||
| 59 | + error = avahi_entry_group_add_service_strlst(group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", "_qotd._tcp", NULL, NULL, 123, txt); | ||
| 60 | + assert(error == AVAHI_ERR_INVALID_RECORD); | ||
| 61 | + avahi_string_list_free(txt); | ||
| 62 | + | ||
| 63 | avahi_entry_group_commit (group); | ||
| 64 | |||
| 65 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch deleted file mode 100644 index 91f9e677ac..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch +++ /dev/null | |||
| @@ -1,59 +0,0 @@ | |||
| 1 | From af7bfad67ca53a7c4042a4a2d85456b847e9f249 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
| 3 | Date: Tue, 11 Apr 2023 15:29:59 +0200 | ||
| 4 | Subject: [PATCH] avahi: Ensure each label is at least one byte long | ||
| 5 | |||
| 6 | The only allowed exception is single dot, where it should return empty | ||
| 7 | string. | ||
| 8 | |||
| 9 | Fixes #454. | ||
| 10 | |||
| 11 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c] | ||
| 12 | CVE: CVE-2023-38470 | ||
| 13 | |||
| 14 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
| 15 | --- | ||
| 16 | avahi-common/domain-test.c | 14 ++++++++++++++ | ||
| 17 | avahi-common/domain.c | 2 +- | ||
| 18 | 2 files changed, 15 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c | ||
| 21 | index cf763ec..3acc1c1 100644 | ||
| 22 | --- a/avahi-common/domain-test.c | ||
| 23 | +++ b/avahi-common/domain-test.c | ||
| 24 | @@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
| 25 | printf("%s\n", s = avahi_normalize_name_strdup("fo\\\\o\\..f oo.")); | ||
| 26 | avahi_free(s); | ||
| 27 | |||
| 28 | + printf("%s\n", s = avahi_normalize_name_strdup(".")); | ||
| 29 | + avahi_free(s); | ||
| 30 | + | ||
| 31 | + s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}." | ||
| 32 | + "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}" | ||
| 33 | + ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`" | ||
| 34 | + "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?." | ||
| 35 | + "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}." | ||
| 36 | + "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?" | ||
| 37 | + "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM." | ||
| 38 | + "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?." | ||
| 39 | + "}.?.?.?.}.=.?.?.}"); | ||
| 40 | + assert(s == NULL); | ||
| 41 | + | ||
| 42 | printf("%i\n", avahi_domain_equal("\\065aa bbb\\.\\046cc.cc\\\\.dee.fff.", "Aaa BBB\\.\\.cc.cc\\\\.dee.fff")); | ||
| 43 | printf("%i\n", avahi_domain_equal("A", "a")); | ||
| 44 | |||
| 45 | diff --git a/avahi-common/domain.c b/avahi-common/domain.c | ||
| 46 | index 3b1ab68..e66d241 100644 | ||
| 47 | --- a/avahi-common/domain.c | ||
| 48 | +++ b/avahi-common/domain.c | ||
| 49 | @@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, size_t size) { | ||
| 50 | } | ||
| 51 | |||
| 52 | if (!empty) { | ||
| 53 | - if (size < 1) | ||
| 54 | + if (size < 2) | ||
| 55 | return NULL; | ||
| 56 | |||
| 57 | *(r++) = '.'; | ||
| 58 | -- | ||
| 59 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch deleted file mode 100644 index e0736bf210..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch +++ /dev/null | |||
| @@ -1,52 +0,0 @@ | |||
| 1 | From 20dec84b2480821704258bc908e7b2bd2e883b24 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Tue, 19 Sep 2023 03:21:25 +0000 | ||
| 4 | Subject: [PATCH] [common] bail out when escaped labels can't fit into ret | ||
| 5 | |||
| 6 | Fixes: | ||
| 7 | ``` | ||
| 8 | ==93410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f9e76f14c16 at pc 0x00000047208d bp 0x7ffee90a6a00 sp 0x7ffee90a61c8 | ||
| 9 | READ of size 1110 at 0x7f9e76f14c16 thread T0 | ||
| 10 | #0 0x47208c in __interceptor_strlen (out/fuzz-domain+0x47208c) (BuildId: 731b20c1eef22c2104e75a6496a399b10cfc7cba) | ||
| 11 | #1 0x534eb0 in avahi_strdup avahi/avahi-common/malloc.c:167:12 | ||
| 12 | #2 0x53862c in avahi_normalize_name_strdup avahi/avahi-common/domain.c:226:12 | ||
| 13 | ``` | ||
| 14 | and | ||
| 15 | ``` | ||
| 16 | fuzz-domain: fuzz/fuzz-domain.c:38: int LLVMFuzzerTestOneInput(const uint8_t *, size_t): Assertion `avahi_domain_equal(s, t)' failed. | ||
| 17 | ==101571== ERROR: libFuzzer: deadly signal | ||
| 18 | #0 0x501175 in __sanitizer_print_stack_trace (/home/vagrant/avahi/out/fuzz-domain+0x501175) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 19 | #1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 20 | #2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (BuildId: 682bf6400aff9d41b64b6e2cc3ef5ad600216ea8) | ||
| 21 | #3 0x7f1581d7ebaf (/lib64/libc.so.6+0x3dbaf) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 22 | #4 0x7f1581dcf883 in __pthread_kill_implementation (/lib64/libc.so.6+0x8e883) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 23 | #5 0x7f1581d7eafd in gsignal (/lib64/libc.so.6+0x3dafd) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 24 | #6 0x7f1581d6787e in abort (/lib64/libc.so.6+0x2687e) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 25 | #7 0x7f1581d6779a in __assert_fail_base.cold (/lib64/libc.so.6+0x2679a) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 26 | #8 0x7f1581d77186 in __assert_fail (/lib64/libc.so.6+0x36186) (BuildId: c9f62793b9e886eb1b95077d4f26fe2b4aa1ac25) | ||
| 27 | #9 0x5344a4 in LLVMFuzzerTestOneInput /home/vagrant/avahi/fuzz/fuzz-domain.c:38:9 | ||
| 28 | ``` | ||
| 29 | |||
| 30 | It's a follow-up to 94cb6489114636940ac683515417990b55b5d66c | ||
| 31 | |||
| 32 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38470-2.patch?h=ubuntu/jammy-security | ||
| 33 | CVE: CVE-2023-38470 #Follow-up patch | ||
| 34 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 35 | --- | ||
| 36 | avahi-common/domain.c | 3 ++- | ||
| 37 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 38 | |||
| 39 | Index: avahi-0.8/avahi-common/domain.c | ||
| 40 | =================================================================== | ||
| 41 | --- avahi-0.8.orig/avahi-common/domain.c | ||
| 42 | +++ avahi-0.8/avahi-common/domain.c | ||
| 43 | @@ -210,7 +210,8 @@ char *avahi_normalize_name(const char *s | ||
| 44 | } else | ||
| 45 | empty = 0; | ||
| 46 | |||
| 47 | - avahi_escape_label(label, strlen(label), &r, &size); | ||
| 48 | + if (!(avahi_escape_label(label, strlen(label), &r, &size))) | ||
| 49 | + return NULL; | ||
| 50 | } | ||
| 51 | |||
| 52 | return ret_s; | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch deleted file mode 100644 index b3f716495d..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch +++ /dev/null | |||
| @@ -1,73 +0,0 @@ | |||
| 1 | From 48d745db7fd554fc33e96ec86d3675ebd530bb8e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michal Sekletar <msekleta@redhat.com> | ||
| 3 | Date: Mon, 23 Oct 2023 13:38:35 +0200 | ||
| 4 | Subject: [PATCH] avahi: core: extract host name using avahi_unescape_label() | ||
| 5 | |||
| 6 | Previously we could create invalid escape sequence when we split the | ||
| 7 | string on dot. For example, from valid host name "foo\\.bar" we have | ||
| 8 | created invalid name "foo\\" and tried to set that as the host name | ||
| 9 | which crashed the daemon. | ||
| 10 | |||
| 11 | Fixes #453 | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09] | ||
| 14 | CVE: CVE-2023-38471 | ||
| 15 | |||
| 16 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
| 17 | --- | ||
| 18 | avahi-core/server.c | 27 +++++++++++++++++++++------ | ||
| 19 | 1 file changed, 21 insertions(+), 6 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/avahi-core/server.c b/avahi-core/server.c | ||
| 22 | index e507750..40f1d68 100644 | ||
| 23 | --- a/avahi-core/server.c | ||
| 24 | +++ b/avahi-core/server.c | ||
| 25 | @@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) { | ||
| 26 | } | ||
| 27 | |||
| 28 | int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
| 29 | - char *hn = NULL; | ||
| 30 | + char label_escaped[AVAHI_LABEL_MAX*4+1]; | ||
| 31 | + char label[AVAHI_LABEL_MAX]; | ||
| 32 | + char *hn = NULL, *h; | ||
| 33 | + size_t len; | ||
| 34 | + | ||
| 35 | assert(s); | ||
| 36 | |||
| 37 | AVAHI_CHECK_VALIDITY(s, !host_name || avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME); | ||
| 38 | @@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) { | ||
| 39 | else | ||
| 40 | hn = avahi_normalize_name_strdup(host_name); | ||
| 41 | |||
| 42 | - hn[strcspn(hn, ".")] = 0; | ||
| 43 | + h = hn; | ||
| 44 | + if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
| 45 | + avahi_free(h); | ||
| 46 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
| 47 | + } | ||
| 48 | + | ||
| 49 | + avahi_free(h); | ||
| 50 | + | ||
| 51 | + h = label_escaped; | ||
| 52 | + len = sizeof(label_escaped); | ||
| 53 | + if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
| 54 | + return AVAHI_ERR_INVALID_HOST_NAME; | ||
| 55 | |||
| 56 | - if (avahi_domain_equal(s->host_name, hn) && s->state != AVAHI_SERVER_COLLISION) { | ||
| 57 | - avahi_free(hn); | ||
| 58 | + if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
| 59 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
| 60 | - } | ||
| 61 | |||
| 62 | withdraw_host_rrs(s); | ||
| 63 | |||
| 64 | avahi_free(s->host_name); | ||
| 65 | - s->host_name = hn; | ||
| 66 | + s->host_name = avahi_strdup(label_escaped); | ||
| 67 | + if (!s->host_name) | ||
| 68 | + return AVAHI_ERR_NO_MEMORY; | ||
| 69 | |||
| 70 | update_fqdn(s); | ||
| 71 | |||
| 72 | -- | ||
| 73 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch deleted file mode 100644 index 44737bfc2e..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch +++ /dev/null | |||
| @@ -1,52 +0,0 @@ | |||
| 1 | From b675f70739f404342f7f78635d6e2dcd85a13460 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Evgeny Vereshchagin <evvers@ya.ru> | ||
| 3 | Date: Tue, 24 Oct 2023 22:04:51 +0000 | ||
| 4 | Subject: [PATCH] core: return errors from avahi_server_set_host_name properly | ||
| 5 | |||
| 6 | It's a follow-up to 894f085f402e023a98cbb6f5a3d117bd88d93b09 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38471-2.patch?h=ubuntu/jammy-security | ||
| 9 | Upstream commit https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460] | ||
| 10 | CVE: CVE-2023-38471 #Follow-up Patch | ||
| 11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 12 | --- | ||
| 13 | avahi-core/server.c | 9 ++++++--- | ||
| 14 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
| 15 | |||
| 16 | Index: avahi-0.8/avahi-core/server.c | ||
| 17 | =================================================================== | ||
| 18 | --- avahi-0.8.orig/avahi-core/server.c | ||
| 19 | +++ avahi-0.8/avahi-core/server.c | ||
| 20 | @@ -1309,10 +1309,13 @@ int avahi_server_set_host_name(AvahiServ | ||
| 21 | else | ||
| 22 | hn = avahi_normalize_name_strdup(host_name); | ||
| 23 | |||
| 24 | + if (!hn) | ||
| 25 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
| 26 | + | ||
| 27 | h = hn; | ||
| 28 | if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) { | ||
| 29 | avahi_free(h); | ||
| 30 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
| 31 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
| 32 | } | ||
| 33 | |||
| 34 | avahi_free(h); | ||
| 35 | @@ -1320,7 +1323,7 @@ int avahi_server_set_host_name(AvahiServ | ||
| 36 | h = label_escaped; | ||
| 37 | len = sizeof(label_escaped); | ||
| 38 | if (!avahi_escape_label(label, strlen(label), &h, &len)) | ||
| 39 | - return AVAHI_ERR_INVALID_HOST_NAME; | ||
| 40 | + return avahi_server_set_errno(s, AVAHI_ERR_INVALID_HOST_NAME); | ||
| 41 | |||
| 42 | if (avahi_domain_equal(s->host_name, label_escaped) && s->state != AVAHI_SERVER_COLLISION) | ||
| 43 | return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); | ||
| 44 | @@ -1330,7 +1333,7 @@ int avahi_server_set_host_name(AvahiServ | ||
| 45 | avahi_free(s->host_name); | ||
| 46 | s->host_name = avahi_strdup(label_escaped); | ||
| 47 | if (!s->host_name) | ||
| 48 | - return AVAHI_ERR_NO_MEMORY; | ||
| 49 | + return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); | ||
| 50 | |||
| 51 | update_fqdn(s); | ||
| 52 | |||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch deleted file mode 100644 index 85dbded73b..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From b024ae5749f4aeba03478e6391687c3c9c8dee40 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michal Sekletar <msekleta@redhat.com> | ||
| 3 | Date: Thu, 19 Oct 2023 17:36:44 +0200 | ||
| 4 | Subject: [PATCH] core: make sure there is rdata to process before parsing it | ||
| 5 | |||
| 6 | Fixes #452 | ||
| 7 | |||
| 8 | CVE-2023-38472 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-38472.patch?h=ubuntu/jammy-security | ||
| 11 | Upstream commit https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40] | ||
| 12 | CVE: CVE-2023-38472 | ||
| 13 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
| 14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 15 | --- | ||
| 16 | avahi-client/client-test.c | 3 +++ | ||
| 17 | avahi-daemon/dbus-entry-group.c | 2 +- | ||
| 18 | 2 files changed, 4 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | Index: avahi-0.8/avahi-client/client-test.c | ||
| 21 | =================================================================== | ||
| 22 | --- avahi-0.8.orig/avahi-client/client-test.c | ||
| 23 | +++ avahi-0.8/avahi-client/client-test.c | ||
| 24 | @@ -272,6 +272,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVA | ||
| 25 | assert(error == AVAHI_ERR_INVALID_RECORD); | ||
| 26 | avahi_string_list_free(txt); | ||
| 27 | |||
| 28 | + error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0); | ||
| 29 | + assert(error != AVAHI_OK); | ||
| 30 | + | ||
| 31 | avahi_entry_group_commit (group); | ||
| 32 | |||
| 33 | domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, avahi_domain_browser_callback, (char*) "omghai3u"); | ||
| 34 | Index: avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
| 35 | =================================================================== | ||
| 36 | --- avahi-0.8.orig/avahi-daemon/dbus-entry-group.c | ||
| 37 | +++ avahi-0.8/avahi-daemon/dbus-entry-group.c | ||
| 38 | @@ -340,7 +340,7 @@ DBusHandlerResult avahi_dbus_msg_entry_g | ||
| 39 | if (!(r = avahi_record_new_full (name, clazz, type, ttl))) | ||
| 40 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL); | ||
| 41 | |||
| 42 | - if (avahi_rdata_parse (r, rdata, size) < 0) { | ||
| 43 | + if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) { | ||
| 44 | avahi_record_unref (r); | ||
| 45 | return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, NULL); | ||
| 46 | } | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch deleted file mode 100644 index 707acb60fe..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch +++ /dev/null | |||
| @@ -1,110 +0,0 @@ | |||
| 1 | From 88cbbc48d5efff9726694557ca6c3f698f3affe4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michal Sekletar <msekleta@redhat.com> | ||
| 3 | Date: Wed, 11 Oct 2023 17:45:44 +0200 | ||
| 4 | Subject: [PATCH] avahi: common: derive alternative host name from its | ||
| 5 | unescaped version | ||
| 6 | |||
| 7 | Normalization of input makes sure we don't have to deal with special | ||
| 8 | cases like unescaped dot at the end of label. | ||
| 9 | |||
| 10 | Fixes #451 #487 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797] | ||
| 13 | CVE: CVE-2023-38473 | ||
| 14 | |||
| 15 | Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> | ||
| 16 | --- | ||
| 17 | avahi-common/alternative-test.c | 3 +++ | ||
| 18 | avahi-common/alternative.c | 27 +++++++++++++++++++-------- | ||
| 19 | 2 files changed, 22 insertions(+), 8 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c | ||
| 22 | index 9255435..681fc15 100644 | ||
| 23 | --- a/avahi-common/alternative-test.c | ||
| 24 | +++ b/avahi-common/alternative-test.c | ||
| 25 | @@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char *argv[]) { | ||
| 26 | const char* const test_strings[] = { | ||
| 27 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | ||
| 28 | "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXüüüüüüü", | ||
| 29 | + ").", | ||
| 30 | + "\\.", | ||
| 31 | + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\\", | ||
| 32 | "gurke", | ||
| 33 | "-", | ||
| 34 | " #", | ||
| 35 | diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c | ||
| 36 | index b3d39f0..a094e6d 100644 | ||
| 37 | --- a/avahi-common/alternative.c | ||
| 38 | +++ b/avahi-common/alternative.c | ||
| 39 | @@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) { | ||
| 40 | } | ||
| 41 | |||
| 42 | char *avahi_alternative_host_name(const char *s) { | ||
| 43 | + char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1]; | ||
| 44 | + char *alt, *r, *ret; | ||
| 45 | const char *e; | ||
| 46 | - char *r; | ||
| 47 | + size_t len; | ||
| 48 | |||
| 49 | assert(s); | ||
| 50 | |||
| 51 | if (!avahi_is_valid_host_name(s)) | ||
| 52 | return NULL; | ||
| 53 | |||
| 54 | - if ((e = strrchr(s, '-'))) { | ||
| 55 | + if (!avahi_unescape_label(&s, label, sizeof(label))) | ||
| 56 | + return NULL; | ||
| 57 | + | ||
| 58 | + if ((e = strrchr(label, '-'))) { | ||
| 59 | const char *p; | ||
| 60 | |||
| 61 | e++; | ||
| 62 | @@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) { | ||
| 63 | |||
| 64 | if (e) { | ||
| 65 | char *c, *m; | ||
| 66 | - size_t l; | ||
| 67 | int n; | ||
| 68 | |||
| 69 | n = atoi(e)+1; | ||
| 70 | if (!(m = avahi_strdup_printf("%i", n))) | ||
| 71 | return NULL; | ||
| 72 | |||
| 73 | - l = e-s-1; | ||
| 74 | + len = e-label-1; | ||
| 75 | |||
| 76 | - if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
| 77 | - l = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
| 78 | + if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1) | ||
| 79 | + len = AVAHI_LABEL_MAX-1-strlen(m)-1; | ||
| 80 | |||
| 81 | - if (!(c = avahi_strndup(s, l))) { | ||
| 82 | + if (!(c = avahi_strndup(label, len))) { | ||
| 83 | avahi_free(m); | ||
| 84 | return NULL; | ||
| 85 | } | ||
| 86 | @@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) { | ||
| 87 | } else { | ||
| 88 | char *c; | ||
| 89 | |||
| 90 | - if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2))) | ||
| 91 | + if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2))) | ||
| 92 | return NULL; | ||
| 93 | |||
| 94 | drop_incomplete_utf8(c); | ||
| 95 | @@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) { | ||
| 96 | avahi_free(c); | ||
| 97 | } | ||
| 98 | |||
| 99 | + alt = alternative; | ||
| 100 | + len = sizeof(alternative); | ||
| 101 | + ret = avahi_escape_label(r, strlen(r), &alt, &len); | ||
| 102 | + | ||
| 103 | + avahi_free(r); | ||
| 104 | + r = avahi_strdup(ret); | ||
| 105 | + | ||
| 106 | assert(avahi_is_valid_host_name(r)); | ||
| 107 | |||
| 108 | return r; | ||
| 109 | -- | ||
| 110 | 2.40.0 | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch deleted file mode 100644 index 9737f52837..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch +++ /dev/null | |||
| @@ -1,228 +0,0 @@ | |||
| 1 | From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michal Sekletar <msekleta@redhat.com> | ||
| 3 | Date: Wed, 27 Nov 2024 18:07:32 +0100 | ||
| 4 | Subject: [PATCH] core/wide-area: fix for CVE-2024-52615 | ||
| 5 | |||
| 6 | CVE: CVE-2024-52615 | ||
| 7 | Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] | ||
| 8 | |||
| 9 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 10 | --- | ||
| 11 | avahi-core/wide-area.c | 128 ++++++++++++++++++++++------------------- | ||
| 12 | 1 file changed, 69 insertions(+), 59 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c | ||
| 15 | index 00a15056e..06df7afc6 100644 | ||
| 16 | --- a/avahi-core/wide-area.c | ||
| 17 | +++ b/avahi-core/wide-area.c | ||
| 18 | @@ -81,6 +81,10 @@ struct AvahiWideAreaLookup { | ||
| 19 | |||
| 20 | AvahiAddress dns_server_used; | ||
| 21 | |||
| 22 | + int fd; | ||
| 23 | + AvahiWatch *watch; | ||
| 24 | + AvahiProtocol proto; | ||
| 25 | + | ||
| 26 | AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups); | ||
| 27 | AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key); | ||
| 28 | }; | ||
| 29 | @@ -88,9 +92,6 @@ struct AvahiWideAreaLookup { | ||
| 30 | struct AvahiWideAreaLookupEngine { | ||
| 31 | AvahiServer *server; | ||
| 32 | |||
| 33 | - int fd_ipv4, fd_ipv6; | ||
| 34 | - AvahiWatch *watch_ipv4, *watch_ipv6; | ||
| 35 | - | ||
| 36 | /* Cache */ | ||
| 37 | AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); | ||
| 38 | AvahiHashmap *cache_by_key; | ||
| 39 | @@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i | ||
| 40 | return l; | ||
| 41 | } | ||
| 42 | |||
| 43 | +static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata); | ||
| 44 | + | ||
| 45 | static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) { | ||
| 46 | + AvahiWideAreaLookupEngine *e; | ||
| 47 | AvahiAddress *a; | ||
| 48 | + AvahiServer *s; | ||
| 49 | + AvahiWatch *w; | ||
| 50 | + int r; | ||
| 51 | |||
| 52 | assert(l); | ||
| 53 | assert(p); | ||
| 54 | |||
| 55 | - if (l->engine->n_dns_servers <= 0) | ||
| 56 | + e = l->engine; | ||
| 57 | + assert(e); | ||
| 58 | + | ||
| 59 | + s = e->server; | ||
| 60 | + assert(s); | ||
| 61 | + | ||
| 62 | + if (e->n_dns_servers <= 0) | ||
| 63 | return -1; | ||
| 64 | |||
| 65 | - assert(l->engine->current_dns_server < l->engine->n_dns_servers); | ||
| 66 | + assert(e->current_dns_server < e->n_dns_servers); | ||
| 67 | |||
| 68 | - a = &l->engine->dns_servers[l->engine->current_dns_server]; | ||
| 69 | + a = &e->dns_servers[e->current_dns_server]; | ||
| 70 | l->dns_server_used = *a; | ||
| 71 | |||
| 72 | - if (a->proto == AVAHI_PROTO_INET) { | ||
| 73 | + if (l->fd >= 0) { | ||
| 74 | + /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */ | ||
| 75 | + s->poll_api->watch_free(l->watch); | ||
| 76 | + l->watch = NULL; | ||
| 77 | |||
| 78 | - if (l->engine->fd_ipv4 < 0) | ||
| 79 | - return -1; | ||
| 80 | + close(l->fd); | ||
| 81 | + l->fd = -EBADF; | ||
| 82 | + } | ||
| 83 | |||
| 84 | - return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT); | ||
| 85 | + assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6); | ||
| 86 | |||
| 87 | - } else { | ||
| 88 | - assert(a->proto == AVAHI_PROTO_INET6); | ||
| 89 | + if (a->proto == AVAHI_PROTO_INET) | ||
| 90 | + r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; | ||
| 91 | + else | ||
| 92 | + r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; | ||
| 93 | |||
| 94 | - if (l->engine->fd_ipv6 < 0) | ||
| 95 | - return -1; | ||
| 96 | + if (r < 0) { | ||
| 97 | + avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup"); | ||
| 98 | + return -1; | ||
| 99 | + } | ||
| 100 | |||
| 101 | - return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); | ||
| 102 | + w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l); | ||
| 103 | + if (!w) { | ||
| 104 | + close(r); | ||
| 105 | + avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup"); | ||
| 106 | + return -1; | ||
| 107 | } | ||
| 108 | + | ||
| 109 | + l->fd = r; | ||
| 110 | + l->watch = w; | ||
| 111 | + l->proto = a->proto; | ||
| 112 | + | ||
| 113 | + return a->proto == AVAHI_PROTO_INET ? | ||
| 114 | + avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT): | ||
| 115 | + avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); | ||
| 116 | } | ||
| 117 | |||
| 118 | static void next_dns_server(AvahiWideAreaLookupEngine *e) { | ||
| 119 | @@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( | ||
| 120 | l->dead = 0; | ||
| 121 | l->key = avahi_key_ref(key); | ||
| 122 | l->cname_key = avahi_key_new_cname(l->key); | ||
| 123 | + l->fd = -EBADF; | ||
| 124 | + l->watch = NULL; | ||
| 125 | + l->proto = AVAHI_PROTO_UNSPEC; | ||
| 126 | l->callback = callback; | ||
| 127 | l->userdata = userdata; | ||
| 128 | |||
| 129 | @@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) { | ||
| 130 | if (l->cname_key) | ||
| 131 | avahi_key_unref(l->cname_key); | ||
| 132 | |||
| 133 | + if (l->watch) | ||
| 134 | + l->engine->server->poll_api->watch_free(l->watch); | ||
| 135 | + | ||
| 136 | + if (l->fd >= 0) | ||
| 137 | + close(l->fd); | ||
| 138 | + | ||
| 139 | avahi_free(l); | ||
| 140 | } | ||
| 141 | |||
| 142 | @@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) { | ||
| 143 | } | ||
| 144 | |||
| 145 | static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) { | ||
| 146 | - AvahiWideAreaLookupEngine *e = userdata; | ||
| 147 | + AvahiWideAreaLookup *l = userdata; | ||
| 148 | + AvahiWideAreaLookupEngine *e = l->engine; | ||
| 149 | AvahiDnsPacket *p = NULL; | ||
| 150 | |||
| 151 | - if (fd == e->fd_ipv4) | ||
| 152 | - p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL); | ||
| 153 | + assert(l); | ||
| 154 | + assert(e); | ||
| 155 | + assert(l->fd == fd); | ||
| 156 | + | ||
| 157 | + if (l->proto == AVAHI_PROTO_INET) | ||
| 158 | + p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL); | ||
| 159 | else { | ||
| 160 | - assert(fd == e->fd_ipv6); | ||
| 161 | - p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL); | ||
| 162 | + assert(l->proto == AVAHI_PROTO_INET6); | ||
| 163 | + | ||
| 164 | + p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL); | ||
| 165 | } | ||
| 166 | |||
| 167 | if (p) { | ||
| 168 | @@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { | ||
| 169 | e->server = s; | ||
| 170 | e->cleanup_dead = 0; | ||
| 171 | |||
| 172 | - /* Create sockets */ | ||
| 173 | - e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; | ||
| 174 | - e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; | ||
| 175 | - | ||
| 176 | - if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) { | ||
| 177 | - avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno)); | ||
| 178 | - | ||
| 179 | - if (e->fd_ipv6 >= 0) | ||
| 180 | - close(e->fd_ipv6); | ||
| 181 | - | ||
| 182 | - if (e->fd_ipv4 >= 0) | ||
| 183 | - close(e->fd_ipv4); | ||
| 184 | - | ||
| 185 | - avahi_free(e); | ||
| 186 | - return NULL; | ||
| 187 | - } | ||
| 188 | - | ||
| 189 | - /* Create watches */ | ||
| 190 | - | ||
| 191 | - e->watch_ipv4 = e->watch_ipv6 = NULL; | ||
| 192 | - | ||
| 193 | - if (e->fd_ipv4 >= 0) | ||
| 194 | - e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e); | ||
| 195 | - if (e->fd_ipv6 >= 0) | ||
| 196 | - e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); | ||
| 197 | - | ||
| 198 | e->n_dns_servers = e->current_dns_server = 0; | ||
| 199 | |||
| 200 | /* Initialize cache */ | ||
| 201 | @@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) { | ||
| 202 | avahi_hashmap_free(e->lookups_by_id); | ||
| 203 | avahi_hashmap_free(e->lookups_by_key); | ||
| 204 | |||
| 205 | - if (e->watch_ipv4) | ||
| 206 | - e->server->poll_api->watch_free(e->watch_ipv4); | ||
| 207 | - | ||
| 208 | - if (e->watch_ipv6) | ||
| 209 | - e->server->poll_api->watch_free(e->watch_ipv6); | ||
| 210 | - | ||
| 211 | - if (e->fd_ipv6 >= 0) | ||
| 212 | - close(e->fd_ipv6); | ||
| 213 | - | ||
| 214 | - if (e->fd_ipv4 >= 0) | ||
| 215 | - close(e->fd_ipv4); | ||
| 216 | - | ||
| 217 | avahi_free(e); | ||
| 218 | } | ||
| 219 | |||
| 220 | @@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres | ||
| 221 | |||
| 222 | if (a) { | ||
| 223 | for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--) | ||
| 224 | - if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0)) | ||
| 225 | + if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6) | ||
| 226 | e->dns_servers[e->n_dns_servers++] = *a; | ||
| 227 | } else { | ||
| 228 | assert(n == 0); | ||
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch deleted file mode 100644 index a156f98728..0000000000 --- a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch +++ /dev/null | |||
| @@ -1,104 +0,0 @@ | |||
| 1 | From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> | ||
| 3 | Date: Mon, 11 Nov 2024 00:56:09 +0100 | ||
| 4 | Subject: [PATCH] Properly randomize query id of DNS packets | ||
| 5 | |||
| 6 | CVE: CVE-2024-52616 | ||
| 7 | Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] | ||
| 8 | |||
| 9 | Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> | ||
| 10 | --- | ||
| 11 | avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++-------- | ||
| 12 | configure.ac | 3 ++- | ||
| 13 | 2 files changed, 30 insertions(+), 9 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c | ||
| 16 | index 971f5e714..00a15056e 100644 | ||
| 17 | --- a/avahi-core/wide-area.c | ||
| 18 | +++ b/avahi-core/wide-area.c | ||
| 19 | @@ -40,6 +40,13 @@ | ||
| 20 | #include "addr-util.h" | ||
| 21 | #include "rr-util.h" | ||
| 22 | |||
| 23 | +#ifdef HAVE_SYS_RANDOM_H | ||
| 24 | +#include <sys/random.h> | ||
| 25 | +#endif | ||
| 26 | +#ifndef HAVE_GETRANDOM | ||
| 27 | +# define getrandom(d, len, flags) (-1) | ||
| 28 | +#endif | ||
| 29 | + | ||
| 30 | #define CACHE_ENTRIES_MAX 500 | ||
| 31 | |||
| 32 | typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry; | ||
| 33 | @@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine { | ||
| 34 | int fd_ipv4, fd_ipv6; | ||
| 35 | AvahiWatch *watch_ipv4, *watch_ipv6; | ||
| 36 | |||
| 37 | - uint16_t next_id; | ||
| 38 | - | ||
| 39 | /* Cache */ | ||
| 40 | AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); | ||
| 41 | AvahiHashmap *cache_by_key; | ||
| 42 | @@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) { | ||
| 43 | avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0)); | ||
| 44 | } | ||
| 45 | |||
| 46 | +static uint16_t get_random_uint16(void) { | ||
| 47 | + uint16_t next_id; | ||
| 48 | + | ||
| 49 | + if (getrandom(&next_id, sizeof(next_id), 0) == -1) | ||
| 50 | + next_id = (uint16_t) rand(); | ||
| 51 | + return next_id; | ||
| 52 | +} | ||
| 53 | + | ||
| 54 | +static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) { | ||
| 55 | + uint16_t next_id; | ||
| 56 | + | ||
| 57 | + next_id = get_random_uint16(); | ||
| 58 | + while (find_lookup(e, next_id)) { | ||
| 59 | + /* This ID is already used, get new. */ | ||
| 60 | + next_id = get_random_uint16(); | ||
| 61 | + } | ||
| 62 | + return next_id; | ||
| 63 | +} | ||
| 64 | + | ||
| 65 | + | ||
| 66 | AvahiWideAreaLookup *avahi_wide_area_lookup_new( | ||
| 67 | AvahiWideAreaLookupEngine *e, | ||
| 68 | AvahiKey *key, | ||
| 69 | @@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( | ||
| 70 | /* If more than 65K wide area quries are issued simultaneously, | ||
| 71 | * this will break. This should be limited by some higher level */ | ||
| 72 | |||
| 73 | - for (;; e->next_id++) | ||
| 74 | - if (!find_lookup(e, e->next_id)) | ||
| 75 | - break; /* This ID is not yet used. */ | ||
| 76 | - | ||
| 77 | - l->id = e->next_id++; | ||
| 78 | + l->id = avahi_wide_area_next_id(e); | ||
| 79 | |||
| 80 | /* We keep the packet around in case we need to repeat our query */ | ||
| 81 | l->packet = avahi_dns_packet_new(0); | ||
| 82 | @@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { | ||
| 83 | e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); | ||
| 84 | |||
| 85 | e->n_dns_servers = e->current_dns_server = 0; | ||
| 86 | - e->next_id = (uint16_t) rand(); | ||
| 87 | |||
| 88 | /* Initialize cache */ | ||
| 89 | AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache); | ||
| 90 | diff --git a/configure.ac b/configure.ac | ||
| 91 | index a3211b80e..31bce3d76 100644 | ||
| 92 | --- a/configure.ac | ||
| 93 | +++ b/configure.ac | ||
| 94 | @@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES | ||
| 95 | # whether libc's malloc does too. (Same for realloc.) | ||
| 96 | #AC_FUNC_MALLOC | ||
| 97 | #AC_FUNC_REALLOC | ||
| 98 | -AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname]) | ||
| 99 | +AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom]) | ||
| 100 | +AC_CHECK_HEADERS([sys/random.h]) | ||
| 101 | |||
| 102 | AC_FUNC_CHOWN | ||
| 103 | AC_FUNC_STAT | ||
| 104 | |||
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch deleted file mode 100644 index 26632e5443..0000000000 --- a/meta/recipes-connectivity/avahi/files/handle-hup.patch +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | CVE: CVE-2021-3468 | ||
| 2 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] | ||
| 3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 4 | |||
| 5 | From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 | ||
| 6 | From: Riccardo Schirone <sirmy15@gmail.com> | ||
| 7 | Date: Fri, 26 Mar 2021 11:50:24 +0100 | ||
| 8 | Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in | ||
| 9 | client_work | ||
| 10 | |||
| 11 | If a client fills the input buffer, client_work() disables the | ||
| 12 | AVAHI_WATCH_IN event, thus preventing the function from executing the | ||
| 13 | `read` syscall the next times it is called. However, if the client then | ||
| 14 | terminates the connection, the socket file descriptor receives a HUP | ||
| 15 | event, which is not handled, thus the kernel keeps marking the HUP event | ||
| 16 | as occurring. While iterating over the file descriptors that triggered | ||
| 17 | an event, the client file descriptor will keep having the HUP event and | ||
| 18 | the client_work() function is always called with AVAHI_WATCH_HUP but | ||
| 19 | without nothing being done, thus entering an infinite loop. | ||
| 20 | |||
| 21 | See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 | ||
| 22 | --- | ||
| 23 | avahi-daemon/simple-protocol.c | 5 +++++ | ||
| 24 | 1 file changed, 5 insertions(+) | ||
| 25 | |||
| 26 | diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c | ||
| 27 | index 3e0ebb11..6c0274d6 100644 | ||
| 28 | --- a/avahi-daemon/simple-protocol.c | ||
| 29 | +++ b/avahi-daemon/simple-protocol.c | ||
| 30 | @@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv | ||
| 31 | } | ||
| 32 | } | ||
| 33 | |||
| 34 | + if (events & AVAHI_WATCH_HUP) { | ||
| 35 | + client_free(c); | ||
| 36 | + return; | ||
| 37 | + } | ||
| 38 | + | ||
| 39 | c->server->poll_api->watch_update( | ||
| 40 | watch, | ||
| 41 | (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | | ||
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch deleted file mode 100644 index e1176888df..0000000000 --- a/meta/recipes-connectivity/avahi/files/initscript.patch +++ /dev/null | |||
| @@ -1,51 +0,0 @@ | |||
| 1 | Note: upcoming avahi 0.9 drops debian initscripts altogether, | ||
| 2 | so any version update would probably have to copy the last | ||
| 3 | upstream versions into oe-core, and install them from the recipe. | ||
| 4 | |||
| 5 | Upstream-Status: Inappropriate [upstream removed the files] | ||
| 6 | |||
| 7 | Index: avahi-0.7/initscript/debian/avahi-daemon.in | ||
| 8 | =================================================================== | ||
| 9 | --- avahi-0.7.orig/initscript/debian/avahi-daemon.in | ||
| 10 | +++ avahi-0.7/initscript/debian/avahi-daemon.in | ||
| 11 | @@ -1,5 +1,17 @@ | ||
| 12 | #!/bin/sh | ||
| 13 | - | ||
| 14 | +### BEGIN INIT INFO | ||
| 15 | +# Provides: avahi | ||
| 16 | +# Required-Start: $remote_fs dbus | ||
| 17 | +# Required-Stop: $remote_fs dbus | ||
| 18 | +# Should-Start: $syslog | ||
| 19 | +# Should-Stop: $syslog | ||
| 20 | +# Default-Start: 2 3 4 5 | ||
| 21 | +# Default-Stop: 0 1 6 | ||
| 22 | +# Short-Description: Avahi mDNS/DNS-SD Daemon | ||
| 23 | +# Description: Zeroconf daemon for configuring your network | ||
| 24 | +# automatically | ||
| 25 | +### END INIT INFO | ||
| 26 | +# | ||
| 27 | # This file is part of avahi. | ||
| 28 | # | ||
| 29 | # avahi is free software; you can redistribute it and/or modify it | ||
| 30 | Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in | ||
| 31 | =================================================================== | ||
| 32 | --- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in | ||
| 33 | +++ avahi-0.7/initscript/debian/avahi-dnsconfd.in | ||
| 34 | @@ -1,4 +1,17 @@ | ||
| 35 | #!/bin/sh | ||
| 36 | +### BEGIN INIT INFO | ||
| 37 | +# Provides: avahi-dnsconfd | ||
| 38 | +# Required-Start: $remote_fs avahi | ||
| 39 | +# Required-Stop: $remote_fs avahi | ||
| 40 | +# Should-Start: $syslog | ||
| 41 | +# Should-Stop: $syslog | ||
| 42 | +# Default-Start: 2 3 4 5 | ||
| 43 | +# Default-Stop: 0 1 6 | ||
| 44 | +# Short-Description: Avahi mDNS/DNS-SD DNS configuration | ||
| 45 | +# Description: Zeroconf daemon for configuring your network | ||
| 46 | +# automatically | ||
| 47 | +### END INIT INFO | ||
| 48 | +# | ||
| 49 | |||
| 50 | # This file is part of avahi. | ||
| 51 | # | ||
diff --git a/meta/recipes-connectivity/avahi/files/invalid-service.patch b/meta/recipes-connectivity/avahi/files/invalid-service.patch deleted file mode 100644 index 8f188aff2c..0000000000 --- a/meta/recipes-connectivity/avahi/files/invalid-service.patch +++ /dev/null | |||
| @@ -1,29 +0,0 @@ | |||
| 1 | From 46490e95151d415cd22f02565e530eb5efcef680 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Asger Hautop Drewsen <asger@princh.com> | ||
| 3 | Date: Mon, 9 Aug 2021 14:25:08 +0200 | ||
| 4 | Subject: [PATCH] Fix avahi-browse: Invalid service type | ||
| 5 | |||
| 6 | Invalid service types will stop the browse from completing, or | ||
| 7 | in simple terms "my washing machine stops me from printing". | ||
| 8 | |||
| 9 | Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/472] | ||
| 10 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 11 | --- | ||
| 12 | avahi-core/browse-service.c | 4 +++- | ||
| 13 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
| 16 | index 63e0275a..ac3d2ecb 100644 | ||
| 17 | --- a/avahi-core/browse-service.c | ||
| 18 | +++ b/avahi-core/browse-service.c | ||
| 19 | @@ -103,7 +103,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_prepare( | ||
| 20 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); | ||
| 21 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); | ||
| 22 | AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); | ||
| 23 | - AVAHI_CHECK_VALIDITY_RETURN_NULL(server, avahi_is_valid_service_type_generic(service_type), AVAHI_ERR_INVALID_SERVICE_TYPE); | ||
| 24 | + | ||
| 25 | + if (!avahi_is_valid_service_type_generic(service_type)) | ||
| 26 | + service_type = "_invalid._tcp"; | ||
| 27 | |||
| 28 | if (!domain) | ||
| 29 | domain = server->domain_name; | ||
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch deleted file mode 100644 index 29c192d296..0000000000 --- a/meta/recipes-connectivity/avahi/files/local-ping.patch +++ /dev/null | |||
| @@ -1,153 +0,0 @@ | |||
| 1 | CVE: CVE-2021-36217 | ||
| 2 | CVE: CVE-2021-3502 | ||
| 3 | Upstream-Status: Backport | ||
| 4 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 5 | |||
| 6 | From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 | ||
| 7 | From: Tommi Rantala <tommi.t.rantala@nokia.com> | ||
| 8 | Date: Mon, 8 Feb 2021 11:04:43 +0200 | ||
| 9 | Subject: [PATCH] Fix NULL pointer crashes from #175 | ||
| 10 | |||
| 11 | avahi-daemon is crashing when running "ping .local". | ||
| 12 | The crash is due to failing assertion from NULL pointer. | ||
| 13 | Add missing NULL pointer checks to fix it. | ||
| 14 | |||
| 15 | Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd | ||
| 16 | --- | ||
| 17 | avahi-core/browse-dns-server.c | 5 ++++- | ||
| 18 | avahi-core/browse-domain.c | 5 ++++- | ||
| 19 | avahi-core/browse-service-type.c | 3 +++ | ||
| 20 | avahi-core/browse-service.c | 3 +++ | ||
| 21 | avahi-core/browse.c | 3 +++ | ||
| 22 | avahi-core/resolve-address.c | 5 ++++- | ||
| 23 | avahi-core/resolve-host-name.c | 5 ++++- | ||
| 24 | avahi-core/resolve-service.c | 5 ++++- | ||
| 25 | 8 files changed, 29 insertions(+), 5 deletions(-) | ||
| 26 | |||
| 27 | diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c | ||
| 28 | index 049752e9..c2d914fa 100644 | ||
| 29 | --- a/avahi-core/browse-dns-server.c | ||
| 30 | +++ b/avahi-core/browse-dns-server.c | ||
| 31 | @@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( | ||
| 32 | AvahiSDNSServerBrowser* b; | ||
| 33 | |||
| 34 | b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); | ||
| 35 | + if (!b) | ||
| 36 | + return NULL; | ||
| 37 | + | ||
| 38 | avahi_s_dns_server_browser_start(b); | ||
| 39 | |||
| 40 | return b; | ||
| 41 | -} | ||
| 42 | \ No newline at end of file | ||
| 43 | +} | ||
| 44 | diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c | ||
| 45 | index f145d56a..06fa70c0 100644 | ||
| 46 | --- a/avahi-core/browse-domain.c | ||
| 47 | +++ b/avahi-core/browse-domain.c | ||
| 48 | @@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( | ||
| 49 | AvahiSDomainBrowser *b; | ||
| 50 | |||
| 51 | b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); | ||
| 52 | + if (!b) | ||
| 53 | + return NULL; | ||
| 54 | + | ||
| 55 | avahi_s_domain_browser_start(b); | ||
| 56 | |||
| 57 | return b; | ||
| 58 | -} | ||
| 59 | \ No newline at end of file | ||
| 60 | +} | ||
| 61 | diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c | ||
| 62 | index fdd22dcd..b1fc7af8 100644 | ||
| 63 | --- a/avahi-core/browse-service-type.c | ||
| 64 | +++ b/avahi-core/browse-service-type.c | ||
| 65 | @@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( | ||
| 66 | AvahiSServiceTypeBrowser *b; | ||
| 67 | |||
| 68 | b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); | ||
| 69 | + if (!b) | ||
| 70 | + return NULL; | ||
| 71 | + | ||
| 72 | avahi_s_service_type_browser_start(b); | ||
| 73 | |||
| 74 | return b; | ||
| 75 | diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c | ||
| 76 | index 5531360c..63e0275a 100644 | ||
| 77 | --- a/avahi-core/browse-service.c | ||
| 78 | +++ b/avahi-core/browse-service.c | ||
| 79 | @@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( | ||
| 80 | AvahiSServiceBrowser *b; | ||
| 81 | |||
| 82 | b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); | ||
| 83 | + if (!b) | ||
| 84 | + return NULL; | ||
| 85 | + | ||
| 86 | avahi_s_service_browser_start(b); | ||
| 87 | |||
| 88 | return b; | ||
| 89 | diff --git a/avahi-core/browse.c b/avahi-core/browse.c | ||
| 90 | index 2941e579..e8a915e9 100644 | ||
| 91 | --- a/avahi-core/browse.c | ||
| 92 | +++ b/avahi-core/browse.c | ||
| 93 | @@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( | ||
| 94 | AvahiSRecordBrowser *b; | ||
| 95 | |||
| 96 | b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); | ||
| 97 | + if (!b) | ||
| 98 | + return NULL; | ||
| 99 | + | ||
| 100 | avahi_s_record_browser_start_query(b); | ||
| 101 | |||
| 102 | return b; | ||
| 103 | diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c | ||
| 104 | index ac0b29b1..e61dd242 100644 | ||
| 105 | --- a/avahi-core/resolve-address.c | ||
| 106 | +++ b/avahi-core/resolve-address.c | ||
| 107 | @@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( | ||
| 108 | AvahiSAddressResolver *b; | ||
| 109 | |||
| 110 | b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); | ||
| 111 | + if (!b) | ||
| 112 | + return NULL; | ||
| 113 | + | ||
| 114 | avahi_s_address_resolver_start(b); | ||
| 115 | |||
| 116 | return b; | ||
| 117 | -} | ||
| 118 | \ No newline at end of file | ||
| 119 | +} | ||
| 120 | diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c | ||
| 121 | index 808b0e72..4e8e5973 100644 | ||
| 122 | --- a/avahi-core/resolve-host-name.c | ||
| 123 | +++ b/avahi-core/resolve-host-name.c | ||
| 124 | @@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( | ||
| 125 | AvahiSHostNameResolver *b; | ||
| 126 | |||
| 127 | b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); | ||
| 128 | + if (!b) | ||
| 129 | + return NULL; | ||
| 130 | + | ||
| 131 | avahi_s_host_name_resolver_start(b); | ||
| 132 | |||
| 133 | return b; | ||
| 134 | -} | ||
| 135 | \ No newline at end of file | ||
| 136 | +} | ||
| 137 | diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c | ||
| 138 | index 66bf3cae..43771763 100644 | ||
| 139 | --- a/avahi-core/resolve-service.c | ||
| 140 | +++ b/avahi-core/resolve-service.c | ||
| 141 | @@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( | ||
| 142 | AvahiSServiceResolver *b; | ||
| 143 | |||
| 144 | b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); | ||
| 145 | + if (!b) | ||
| 146 | + return NULL; | ||
| 147 | + | ||
| 148 | avahi_s_service_resolver_start(b); | ||
| 149 | |||
| 150 | return b; | ||
| 151 | -} | ||
| 152 | \ No newline at end of file | ||
| 153 | +} | ||
diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch deleted file mode 100644 index dda94c14e7..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch +++ /dev/null | |||
| @@ -1,24 +0,0 @@ | |||
| 1 | From 7128d079b0c315414410c4bcfb18b445cd7afda2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
| 3 | Date: Mon, 15 Oct 2018 16:55:09 +0800 | ||
| 4 | Subject: [PATCH] avoid start failure with bind user | ||
| 5 | |||
| 6 | Upstream-Status: Pending | ||
| 7 | |||
| 8 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 9 | --- | ||
| 10 | init.d | 1 + | ||
| 11 | 1 file changed, 1 insertion(+) | ||
| 12 | |||
| 13 | diff --git a/init.d b/init.d | ||
| 14 | index 95e8909..771d349 100644 | ||
| 15 | --- a/init.d | ||
| 16 | +++ b/init.d | ||
| 17 | @@ -57,6 +57,7 @@ case "$1" in | ||
| 18 | modprobe capability >/dev/null 2>&1 || true | ||
| 19 | if [ ! -f /etc/bind/rndc.key ]; then | ||
| 20 | /usr/sbin/rndc-confgen -a -b 512 | ||
| 21 | + chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true | ||
| 22 | chmod 0640 /etc/bind/rndc.key | ||
| 23 | fi | ||
| 24 | if [ -f /var/run/named/named.pid ]; then | ||
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch deleted file mode 100644 index 5d3bd682f4..0000000000 --- a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | From 56249e557c820a743f1390174bd93104698e70f2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 3 | Date: Mon, 27 Aug 2018 21:24:20 +0800 | ||
| 4 | Subject: [PATCH] `named/lwresd -V' and start log hide build options | ||
| 5 | |||
| 6 | The build options expose build path directories, so hide them. | ||
| 7 | [snip] | ||
| 8 | $ named -V | ||
| 9 | |built by make with *** (options are hidden) | ||
| 10 | [snip] | ||
| 11 | |||
| 12 | Upstream-Status: Inappropriate [oe-core specific] | ||
| 13 | |||
| 14 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 15 | |||
| 16 | Refreshed for 9.16.0 | ||
| 17 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 18 | --- | ||
| 19 | configure.ac | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/configure.ac b/configure.ac | ||
| 23 | index 295bfd6..5c7d7fb 100644 | ||
| 24 | --- a/configure.ac | ||
| 25 | +++ b/configure.ac | ||
| 26 | @@ -35,7 +35,7 @@ AC_DEFINE([PACKAGE_VERSION_EXTRA], ["][bind_VERSION_EXTRA]["], [BIND 9 Extra par | ||
| 27 | AC_DEFINE([PACKAGE_DESCRIPTION], [m4_ifnblank(bind_DESCRIPTION, [" ]bind_DESCRIPTION["], [])], [An extra string to print after PACKAGE_STRING]) | ||
| 28 | AC_DEFINE([PACKAGE_SRCID], ["][bind_SRCID]["], [A short hash from git]) | ||
| 29 | |||
| 30 | -bind_CONFIGARGS="${ac_configure_args:-default}" | ||
| 31 | +bind_CONFIGARGS="(removed for reproducibility)" | ||
| 32 | AC_DEFINE_UNQUOTED([PACKAGE_CONFIGARGS], ["$bind_CONFIGARGS"], [Either 'defaults' or used ./configure options]) | ||
| 33 | |||
| 34 | AC_DEFINE([PACKAGE_BUILDER], ["make"], [make or Visual Studio]) | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch deleted file mode 100644 index 9bbe0998c6..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From fe34ede0bbb0c60624cc281c938b9ca784505f5a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Paul Gortmaker <paul.gortmaker@windriver.com> | ||
| 3 | Date: Tue, 9 Jun 2015 11:22:00 -0400 | ||
| 4 | Subject: [PATCH] bind: ensure searching for json headers searches sysroot | ||
| 5 | |||
| 6 | Bind can fail configure by detecting headers w/o libs[1], or | ||
| 7 | it can fail the host contamination check as per below: | ||
| 8 | |||
| 9 | ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities. | ||
| 10 | Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build' | ||
| 11 | ERROR: Function failed: do_qa_configure | ||
| 12 | ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242 | ||
| 13 | ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1' | ||
| 14 | NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed. | ||
| 15 | No currently running tasks (773 of 781) | ||
| 16 | |||
| 17 | Summary: 1 task failed: | ||
| 18 | /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure | ||
| 19 | |||
| 20 | One way to fix it would be to unconditionally disable json in bind | ||
| 21 | configure[2] but here we fix it by using the path to where we would | ||
| 22 | put the header if we had json in the sysroot, in case someone wants | ||
| 23 | to make use of the combination some day. | ||
| 24 | |||
| 25 | [1] https://trac.macports.org/ticket/45305 | ||
| 26 | [2] https://trac.macports.org/changeset/126406 | ||
| 27 | |||
| 28 | Upstream-Status: Inappropriate [OE Specific] | ||
| 29 | Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> | ||
| 30 | --- | ||
| 31 | configure.ac | 2 +- | ||
| 32 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 33 | |||
| 34 | diff --git a/configure.ac b/configure.ac | ||
| 35 | index 6ee5459..295bfd6 100644 | ||
| 36 | --- a/configure.ac | ||
| 37 | +++ b/configure.ac | ||
| 38 | @@ -863,7 +863,7 @@ AS_CASE([$with_lmdb], | ||
| 39 | [no],[], | ||
| 40 | [auto|yes], [PKG_CHECK_MODULES([LMDB], [lmdb], | ||
| 41 | [ac_lib_lmdb_found=yes], | ||
| 42 | - [for ac_lib_lmdb_path in /usr /usr/local /opt /opt/local; do | ||
| 43 | + [for ac_lib_lmdb_path in "${STAGING_INCDIR}"; do | ||
| 44 | AX_LIB_LMDB([$ac_lib_lmdb_path], | ||
| 45 | [ac_lib_lmdb_found=yes | ||
| 46 | break]) | ||
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind/bind9 deleted file mode 100644 index 968679ff7f..0000000000 --- a/meta/recipes-connectivity/bind/bind/bind9 +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | # startup options for the server | ||
| 2 | OPTIONS="-u bind" | ||
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch deleted file mode 100644 index 8a45667fc4..0000000000 --- a/meta/recipes-connectivity/bind/bind/conf.patch +++ /dev/null | |||
| @@ -1,381 +0,0 @@ | |||
| 1 | From 24452a9a46ba21233925218e4fca066b338ba70d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Qing He <qing.he@intel.com> | ||
| 3 | Date: Tue, 30 Nov 2010 13:35:42 +0800 | ||
| 4 | Subject: [PATCH] bind: add new recipe | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [configuration] | ||
| 7 | |||
| 8 | the patch is imported from openembedded project | ||
| 9 | |||
| 10 | 11/30/2010 - Qing He <qing.he@intel.com> | ||
| 11 | --- | ||
| 12 | conf/db.0 | 12 +++++++ | ||
| 13 | conf/db.127 | 13 ++++++++ | ||
| 14 | conf/db.255 | 12 +++++++ | ||
| 15 | conf/db.empty | 14 +++++++++ | ||
| 16 | conf/db.local | 13 ++++++++ | ||
| 17 | conf/db.root | 45 ++++++++++++++++++++++++++ | ||
| 18 | conf/named.conf | 49 +++++++++++++++++++++++++++++ | ||
| 19 | conf/named.conf.local | 8 +++++ | ||
| 20 | conf/named.conf.options | 24 ++++++++++++++ | ||
| 21 | conf/zones.rfc1918 | 20 ++++++++++++ | ||
| 22 | init.d | 70 +++++++++++++++++++++++++++++++++++++++++ | ||
| 23 | 11 files changed, 280 insertions(+) | ||
| 24 | create mode 100644 conf/db.0 | ||
| 25 | create mode 100644 conf/db.127 | ||
| 26 | create mode 100644 conf/db.255 | ||
| 27 | create mode 100644 conf/db.empty | ||
| 28 | create mode 100644 conf/db.local | ||
| 29 | create mode 100644 conf/db.root | ||
| 30 | create mode 100644 conf/named.conf | ||
| 31 | create mode 100644 conf/named.conf.local | ||
| 32 | create mode 100644 conf/named.conf.options | ||
| 33 | create mode 100644 conf/zones.rfc1918 | ||
| 34 | create mode 100644 init.d | ||
| 35 | |||
| 36 | diff --git a/conf/db.0 b/conf/db.0 | ||
| 37 | new file mode 100644 | ||
| 38 | index 0000000..e3aabdb | ||
| 39 | --- /dev/null | ||
| 40 | +++ b/conf/db.0 | ||
| 41 | @@ -0,0 +1,12 @@ | ||
| 42 | +; | ||
| 43 | +; BIND reverse data file for broadcast zone | ||
| 44 | +; | ||
| 45 | +$TTL 604800 | ||
| 46 | +@ IN SOA localhost. root.localhost. ( | ||
| 47 | + 1 ; Serial | ||
| 48 | + 604800 ; Refresh | ||
| 49 | + 86400 ; Retry | ||
| 50 | + 2419200 ; Expire | ||
| 51 | + 604800 ) ; Negative Cache TTL | ||
| 52 | +; | ||
| 53 | +@ IN NS localhost. | ||
| 54 | diff --git a/conf/db.127 b/conf/db.127 | ||
| 55 | new file mode 100644 | ||
| 56 | index 0000000..cd05bef | ||
| 57 | --- /dev/null | ||
| 58 | +++ b/conf/db.127 | ||
| 59 | @@ -0,0 +1,13 @@ | ||
| 60 | +; | ||
| 61 | +; BIND reverse data file for local loopback interface | ||
| 62 | +; | ||
| 63 | +$TTL 604800 | ||
| 64 | +@ IN SOA localhost. root.localhost. ( | ||
| 65 | + 1 ; Serial | ||
| 66 | + 604800 ; Refresh | ||
| 67 | + 86400 ; Retry | ||
| 68 | + 2419200 ; Expire | ||
| 69 | + 604800 ) ; Negative Cache TTL | ||
| 70 | +; | ||
| 71 | +@ IN NS localhost. | ||
| 72 | +1.0.0 IN PTR localhost. | ||
| 73 | diff --git a/conf/db.255 b/conf/db.255 | ||
| 74 | new file mode 100644 | ||
| 75 | index 0000000..16cd819 | ||
| 76 | --- /dev/null | ||
| 77 | +++ b/conf/db.255 | ||
| 78 | @@ -0,0 +1,12 @@ | ||
| 79 | +; | ||
| 80 | +; BIND reserve data file for broadcast zone | ||
| 81 | +; | ||
| 82 | +$TTL 604800 | ||
| 83 | +@ IN SOA localhost. root.localhost. ( | ||
| 84 | + 1 ; Serial | ||
| 85 | + 604800 ; Refresh | ||
| 86 | + 86400 ; Retry | ||
| 87 | + 2419200 ; Expire | ||
| 88 | + 604800 ) ; Negative Cache TTL | ||
| 89 | +; | ||
| 90 | +@ IN NS localhost. | ||
| 91 | diff --git a/conf/db.empty b/conf/db.empty | ||
| 92 | new file mode 100644 | ||
| 93 | index 0000000..8a12858 | ||
| 94 | --- /dev/null | ||
| 95 | +++ b/conf/db.empty | ||
| 96 | @@ -0,0 +1,14 @@ | ||
| 97 | +; BIND reverse data file for empty rfc1918 zone | ||
| 98 | +; | ||
| 99 | +; DO NOT EDIT THIS FILE - it is used for multiple zones. | ||
| 100 | +; Instead, copy it, edit named.conf, and use that copy. | ||
| 101 | +; | ||
| 102 | +$TTL 86400 | ||
| 103 | +@ IN SOA localhost. root.localhost. ( | ||
| 104 | + 1 ; Serial | ||
| 105 | + 604800 ; Refresh | ||
| 106 | + 86400 ; Retry | ||
| 107 | + 2419200 ; Expire | ||
| 108 | + 86400 ) ; Negative Cache TTL | ||
| 109 | +; | ||
| 110 | +@ IN NS localhost. | ||
| 111 | diff --git a/conf/db.local b/conf/db.local | ||
| 112 | new file mode 100644 | ||
| 113 | index 0000000..66b4892 | ||
| 114 | --- /dev/null | ||
| 115 | +++ b/conf/db.local | ||
| 116 | @@ -0,0 +1,13 @@ | ||
| 117 | +; | ||
| 118 | +; BIND data file for local loopback interface | ||
| 119 | +; | ||
| 120 | +$TTL 604800 | ||
| 121 | +@ IN SOA localhost. root.localhost. ( | ||
| 122 | + 1 ; Serial | ||
| 123 | + 604800 ; Refresh | ||
| 124 | + 86400 ; Retry | ||
| 125 | + 2419200 ; Expire | ||
| 126 | + 604800 ) ; Negative Cache TTL | ||
| 127 | +; | ||
| 128 | +@ IN NS localhost. | ||
| 129 | +@ IN A 127.0.0.1 | ||
| 130 | diff --git a/conf/db.root b/conf/db.root | ||
| 131 | new file mode 100644 | ||
| 132 | index 0000000..01c20f0 | ||
| 133 | --- /dev/null | ||
| 134 | +++ b/conf/db.root | ||
| 135 | @@ -0,0 +1,45 @@ | ||
| 136 | + | ||
| 137 | +; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net. | ||
| 138 | +;; global options: printcmd | ||
| 139 | +;; Got answer: | ||
| 140 | +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944 | ||
| 141 | +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 | ||
| 142 | + | ||
| 143 | +;; QUESTION SECTION: | ||
| 144 | +;. IN NS | ||
| 145 | + | ||
| 146 | +;; ANSWER SECTION: | ||
| 147 | +. 518400 IN NS A.ROOT-SERVERS.NET. | ||
| 148 | +. 518400 IN NS B.ROOT-SERVERS.NET. | ||
| 149 | +. 518400 IN NS C.ROOT-SERVERS.NET. | ||
| 150 | +. 518400 IN NS D.ROOT-SERVERS.NET. | ||
| 151 | +. 518400 IN NS E.ROOT-SERVERS.NET. | ||
| 152 | +. 518400 IN NS F.ROOT-SERVERS.NET. | ||
| 153 | +. 518400 IN NS G.ROOT-SERVERS.NET. | ||
| 154 | +. 518400 IN NS H.ROOT-SERVERS.NET. | ||
| 155 | +. 518400 IN NS I.ROOT-SERVERS.NET. | ||
| 156 | +. 518400 IN NS J.ROOT-SERVERS.NET. | ||
| 157 | +. 518400 IN NS K.ROOT-SERVERS.NET. | ||
| 158 | +. 518400 IN NS L.ROOT-SERVERS.NET. | ||
| 159 | +. 518400 IN NS M.ROOT-SERVERS.NET. | ||
| 160 | + | ||
| 161 | +;; ADDITIONAL SECTION: | ||
| 162 | +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 | ||
| 163 | +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 | ||
| 164 | +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 | ||
| 165 | +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 | ||
| 166 | +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 | ||
| 167 | +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 | ||
| 168 | +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 | ||
| 169 | +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 | ||
| 170 | +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 | ||
| 171 | +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 | ||
| 172 | +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 | ||
| 173 | +L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 | ||
| 174 | +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 | ||
| 175 | + | ||
| 176 | +;; Query time: 81 msec | ||
| 177 | +;; SERVER: 198.41.0.4#53(a.root-servers.net.) | ||
| 178 | +;; WHEN: Sun Feb 1 11:27:14 2004 | ||
| 179 | +;; MSG SIZE rcvd: 436 | ||
| 180 | + | ||
| 181 | diff --git a/conf/named.conf b/conf/named.conf | ||
| 182 | new file mode 100644 | ||
| 183 | index 0000000..95829cf | ||
| 184 | --- /dev/null | ||
| 185 | +++ b/conf/named.conf | ||
| 186 | @@ -0,0 +1,49 @@ | ||
| 187 | +// This is the primary configuration file for the BIND DNS server named. | ||
| 188 | +// | ||
| 189 | +// If you are just adding zones, please do that in /etc/bind/named.conf.local | ||
| 190 | + | ||
| 191 | +include "/etc/bind/named.conf.options"; | ||
| 192 | + | ||
| 193 | +// prime the server with knowledge of the root servers | ||
| 194 | +zone "." { | ||
| 195 | + type hint; | ||
| 196 | + file "/etc/bind/db.root"; | ||
| 197 | +}; | ||
| 198 | + | ||
| 199 | +// be authoritative for the localhost forward and reverse zones, and for | ||
| 200 | +// broadcast zones as per RFC 1912 | ||
| 201 | + | ||
| 202 | +zone "localhost" { | ||
| 203 | + type master; | ||
| 204 | + file "/etc/bind/db.local"; | ||
| 205 | +}; | ||
| 206 | + | ||
| 207 | +zone "127.in-addr.arpa" { | ||
| 208 | + type master; | ||
| 209 | + file "/etc/bind/db.127"; | ||
| 210 | +}; | ||
| 211 | + | ||
| 212 | +zone "0.in-addr.arpa" { | ||
| 213 | + type master; | ||
| 214 | + file "/etc/bind/db.0"; | ||
| 215 | +}; | ||
| 216 | + | ||
| 217 | +zone "255.in-addr.arpa" { | ||
| 218 | + type master; | ||
| 219 | + file "/etc/bind/db.255"; | ||
| 220 | +}; | ||
| 221 | + | ||
| 222 | +// zone "com" { type delegation-only; }; | ||
| 223 | +// zone "net" { type delegation-only; }; | ||
| 224 | + | ||
| 225 | +// From the release notes: | ||
| 226 | +// Because many of our users are uncomfortable receiving undelegated answers | ||
| 227 | +// from root or top level domains, other than a few for whom that behaviour | ||
| 228 | +// has been trusted and expected for quite some length of time, we have now | ||
| 229 | +// introduced the "root-delegations-only" feature which applies delegation-only | ||
| 230 | +// logic to all top level domains, and to the root domain. An exception list | ||
| 231 | +// should be specified, including "MUSEUM" and "DE", and any other top level | ||
| 232 | +// domains from whom undelegated responses are expected and trusted. | ||
| 233 | +// root-delegation-only exclude { "DE"; "MUSEUM"; }; | ||
| 234 | + | ||
| 235 | +include "/etc/bind/named.conf.local"; | ||
| 236 | diff --git a/conf/named.conf.local b/conf/named.conf.local | ||
| 237 | new file mode 100644 | ||
| 238 | index 0000000..7a57b10 | ||
| 239 | --- /dev/null | ||
| 240 | +++ b/conf/named.conf.local | ||
| 241 | @@ -0,0 +1,8 @@ | ||
| 242 | +// | ||
| 243 | +// Do any local configuration here | ||
| 244 | +// | ||
| 245 | + | ||
| 246 | +// Consider adding the 1918 zones here, if they are not used in your | ||
| 247 | +// organization | ||
| 248 | +//include "/etc/bind/zones.rfc1918"; | ||
| 249 | + | ||
| 250 | diff --git a/conf/named.conf.options b/conf/named.conf.options | ||
| 251 | new file mode 100644 | ||
| 252 | index 0000000..813193d | ||
| 253 | --- /dev/null | ||
| 254 | +++ b/conf/named.conf.options | ||
| 255 | @@ -0,0 +1,24 @@ | ||
| 256 | +options { | ||
| 257 | + directory "/var/cache/bind"; | ||
| 258 | + | ||
| 259 | + // If there is a firewall between you and nameservers you want | ||
| 260 | + // to talk to, you might need to uncomment the query-source | ||
| 261 | + // directive below. Previous versions of BIND always asked | ||
| 262 | + // questions using port 53, but BIND 8.1 and later use an unprivileged | ||
| 263 | + // port by default. | ||
| 264 | + | ||
| 265 | + // query-source address * port 53; | ||
| 266 | + | ||
| 267 | + // If your ISP provided one or more IP addresses for stable | ||
| 268 | + // nameservers, you probably want to use them as forwarders. | ||
| 269 | + // Uncomment the following block, and insert the addresses replacing | ||
| 270 | + // the all-0's placeholder. | ||
| 271 | + | ||
| 272 | + // forwarders { | ||
| 273 | + // 0.0.0.0; | ||
| 274 | + // }; | ||
| 275 | + | ||
| 276 | + auth-nxdomain no; # conform to RFC1035 | ||
| 277 | + | ||
| 278 | +}; | ||
| 279 | + | ||
| 280 | diff --git a/conf/zones.rfc1918 b/conf/zones.rfc1918 | ||
| 281 | new file mode 100644 | ||
| 282 | index 0000000..03b5546 | ||
| 283 | --- /dev/null | ||
| 284 | +++ b/conf/zones.rfc1918 | ||
| 285 | @@ -0,0 +1,20 @@ | ||
| 286 | +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 287 | + | ||
| 288 | +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 289 | +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 290 | +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 291 | +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 292 | +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 293 | +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 294 | +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 295 | +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 296 | +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 297 | +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 298 | +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 299 | +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 300 | +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 301 | +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 302 | +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 303 | +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 304 | + | ||
| 305 | +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; | ||
| 306 | diff --git a/init.d b/init.d | ||
| 307 | new file mode 100644 | ||
| 308 | index 0000000..2ef2277 | ||
| 309 | --- /dev/null | ||
| 310 | +++ b/init.d | ||
| 311 | @@ -0,0 +1,70 @@ | ||
| 312 | +#!/bin/sh | ||
| 313 | + | ||
| 314 | +PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
| 315 | + | ||
| 316 | +# for a chrooted server: "-u bind -t /var/lib/named" | ||
| 317 | +# Don't modify this line, change or create /etc/default/bind9. | ||
| 318 | +OPTIONS="" | ||
| 319 | + | ||
| 320 | +test -f /etc/default/bind9 && . /etc/default/bind9 | ||
| 321 | + | ||
| 322 | +test -x /usr/sbin/rndc || exit 0 | ||
| 323 | + | ||
| 324 | +case "$1" in | ||
| 325 | + start) | ||
| 326 | + echo -n "Starting domain name service: named" | ||
| 327 | + | ||
| 328 | + modprobe capability >/dev/null 2>&1 || true | ||
| 329 | + if [ ! -f /etc/bind/rndc.key ]; then | ||
| 330 | + /usr/sbin/rndc-confgen -a -b 512 | ||
| 331 | + chmod 0640 /etc/bind/rndc.key | ||
| 332 | + fi | ||
| 333 | + if [ -f /var/run/named/named.pid ]; then | ||
| 334 | + ps `cat /var/run/named/named.pid` > /dev/null && exit 1 | ||
| 335 | + fi | ||
| 336 | + | ||
| 337 | + # dirs under /var/run can go away on reboots. | ||
| 338 | + mkdir -p /var/run/named | ||
| 339 | + mkdir -p /var/cache/bind | ||
| 340 | + chmod 775 /var/run/named | ||
| 341 | + chown root:bind /var/run/named >/dev/null 2>&1 || true | ||
| 342 | + | ||
| 343 | + if [ ! -x /usr/sbin/named ]; then | ||
| 344 | + echo "named binary missing - not starting" | ||
| 345 | + exit 1 | ||
| 346 | + fi | ||
| 347 | + if start-stop-daemon --start --quiet --exec /usr/sbin/named \ | ||
| 348 | + --pidfile /var/run/named/named.pid -- $OPTIONS; then | ||
| 349 | + if [ -x /sbin/resolvconf ] ; then | ||
| 350 | + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo | ||
| 351 | + fi | ||
| 352 | + fi | ||
| 353 | + echo "." | ||
| 354 | + ;; | ||
| 355 | + | ||
| 356 | + stop) | ||
| 357 | + echo -n "Stopping domain name service: named" | ||
| 358 | + if [ -x /sbin/resolvconf ]; then | ||
| 359 | + /sbin/resolvconf -d lo | ||
| 360 | + fi | ||
| 361 | + /usr/sbin/rndc stop >/dev/null 2>&1 | ||
| 362 | + echo "." | ||
| 363 | + ;; | ||
| 364 | + | ||
| 365 | + reload) | ||
| 366 | + /usr/sbin/rndc reload | ||
| 367 | + ;; | ||
| 368 | + | ||
| 369 | + restart|force-reload) | ||
| 370 | + $0 stop | ||
| 371 | + sleep 2 | ||
| 372 | + $0 start | ||
| 373 | + ;; | ||
| 374 | + | ||
| 375 | + *) | ||
| 376 | + echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 | ||
| 377 | + exit 1 | ||
| 378 | + ;; | ||
| 379 | +esac | ||
| 380 | + | ||
| 381 | +exit 0 | ||
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh deleted file mode 100644 index 633e29c0e6..0000000000 --- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh +++ /dev/null | |||
| @@ -1,8 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | if [ ! -s /etc/bind/rndc.key ]; then | ||
| 4 | echo -n "Generating /etc/bind/rndc.key:" | ||
| 5 | /usr/sbin/rndc-confgen -a -b 512 | ||
| 6 | chown root:bind /etc/bind/rndc.key | ||
| 7 | chmod 0640 /etc/bind/rndc.key | ||
| 8 | fi | ||
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch deleted file mode 100644 index 97fac429dd..0000000000 --- a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | From 2fb98a36b3b35aeaa4852bd8bc268fbf66d0ad2d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
| 3 | Date: Thu, 27 Mar 2014 02:34:41 +0000 | ||
| 4 | Subject: [PATCH] init.d: add support for read-only rootfs | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [oe specific] | ||
| 7 | |||
| 8 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 9 | --- | ||
| 10 | init.d | 40 ++++++++++++++++++++++++++++++++++++++++ | ||
| 11 | 1 file changed, 40 insertions(+) | ||
| 12 | |||
| 13 | diff --git a/init.d b/init.d | ||
| 14 | index 2ef2277..95e8909 100644 | ||
| 15 | --- a/init.d | ||
| 16 | +++ b/init.d | ||
| 17 | @@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
| 18 | # Don't modify this line, change or create /etc/default/bind9. | ||
| 19 | OPTIONS="" | ||
| 20 | |||
| 21 | +test -f /etc/default/rcS && . /etc/default/rcS | ||
| 22 | test -f /etc/default/bind9 && . /etc/default/bind9 | ||
| 23 | |||
| 24 | +# This function is here because it's possible that /var and / are on different partitions. | ||
| 25 | +is_on_read_only_partition () { | ||
| 26 | + DIRECTORY=$1 | ||
| 27 | + dir=`readlink -f $DIRECTORY` | ||
| 28 | + while true; do | ||
| 29 | + if [ ! -d "$dir" ]; then | ||
| 30 | + echo "ERROR: $dir is not a directory" | ||
| 31 | + exit 1 | ||
| 32 | + else | ||
| 33 | + for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \ | ||
| 34 | + END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do | ||
| 35 | + [ "$flag" = "FOUND" ] && partition="read-write" | ||
| 36 | + [ "$flag" = "ro" ] && { partition="read-only"; break; } | ||
| 37 | + done | ||
| 38 | + if [ "$dir" = "/" -o -n "$partition" ]; then | ||
| 39 | + break | ||
| 40 | + else | ||
| 41 | + dir=`dirname $dir` | ||
| 42 | + fi | ||
| 43 | + fi | ||
| 44 | + done | ||
| 45 | + [ "$partition" = "read-only" ] && echo "yes" || echo "no" | ||
| 46 | +} | ||
| 47 | + | ||
| 48 | +bind_mount () { | ||
| 49 | + olddir=$1 | ||
| 50 | + newdir=$2 | ||
| 51 | + mkdir -p $olddir | ||
| 52 | + cp -a $newdir/* $olddir | ||
| 53 | + mount --bind $olddir $newdir | ||
| 54 | +} | ||
| 55 | + | ||
| 56 | +# Deal with read-only rootfs | ||
| 57 | +if [ "$ROOTFS_READ_ONLY" = "yes" ]; then | ||
| 58 | + [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs" | ||
| 59 | + [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind | ||
| 60 | + [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named | ||
| 61 | +fi | ||
| 62 | + | ||
| 63 | test -x /usr/sbin/rndc || exit 0 | ||
| 64 | |||
| 65 | case "$1" in | ||
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch deleted file mode 100644 index 3adb694eaa..0000000000 --- a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | From 3f18a00d627ec06d26d189e7ef1818d2c237274b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Roy Li <rongqing.li@windriver.com> | ||
| 3 | Date: Thu, 15 Nov 2012 02:27:54 +0000 | ||
| 4 | Subject: [PATCH] bind: make "/etc/init.d/bind stop" work | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [configuration] | ||
| 7 | |||
| 8 | Add some configurations, make rndc command be able to controls | ||
| 9 | the named daemon. | ||
| 10 | |||
| 11 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
| 12 | --- | ||
| 13 | conf/named.conf | 5 +++++ | ||
| 14 | conf/rndc.conf | 5 +++++ | ||
| 15 | 2 files changed, 10 insertions(+) | ||
| 16 | create mode 100644 conf/rndc.conf | ||
| 17 | |||
| 18 | diff --git a/conf/named.conf b/conf/named.conf | ||
| 19 | index 95829cf..021dbca 100644 | ||
| 20 | --- a/conf/named.conf | ||
| 21 | +++ b/conf/named.conf | ||
| 22 | @@ -47,3 +47,8 @@ zone "255.in-addr.arpa" { | ||
| 23 | // root-delegation-only exclude { "DE"; "MUSEUM"; }; | ||
| 24 | |||
| 25 | include "/etc/bind/named.conf.local"; | ||
| 26 | +include "/etc/bind/rndc.key" ; | ||
| 27 | +controls { | ||
| 28 | + inet 127.0.0.1 allow { localhost; } | ||
| 29 | + keys { rndc-key; }; | ||
| 30 | +}; | ||
| 31 | diff --git a/conf/rndc.conf b/conf/rndc.conf | ||
| 32 | new file mode 100644 | ||
| 33 | index 0000000..4b43a3d | ||
| 34 | --- /dev/null | ||
| 35 | +++ b/conf/rndc.conf | ||
| 36 | @@ -0,0 +1,5 @@ | ||
| 37 | +include "/etc/bind/rndc.key"; | ||
| 38 | +options { | ||
| 39 | + default-server localhost; | ||
| 40 | + default-key rndc-key; | ||
| 41 | +}; | ||
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind/named.service deleted file mode 100644 index cda56ef015..0000000000 --- a/meta/recipes-connectivity/bind/bind/named.service +++ /dev/null | |||
| @@ -1,22 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Berkeley Internet Name Domain (DNS) | ||
| 3 | Wants=nss-lookup.target | ||
| 4 | Before=nss-lookup.target | ||
| 5 | After=network.target | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | Type=forking | ||
| 9 | EnvironmentFile=-/etc/default/bind9 | ||
| 10 | PIDFile=/run/named/named.pid | ||
| 11 | |||
| 12 | ExecStartPre=@SBINDIR@/generate-rndc-key.sh | ||
| 13 | ExecStart=@SBINDIR@/named $OPTIONS | ||
| 14 | |||
| 15 | ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID' | ||
| 16 | |||
| 17 | ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID' | ||
| 18 | |||
| 19 | PrivateTmp=true | ||
| 20 | |||
| 21 | [Install] | ||
| 22 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/bind/bind_9.20.15.bb b/meta/recipes-connectivity/bind/bind_9.20.15.bb deleted file mode 100644 index 1195b5bdc3..0000000000 --- a/meta/recipes-connectivity/bind/bind_9.20.15.bb +++ /dev/null | |||
| @@ -1,109 +0,0 @@ | |||
| 1 | SUMMARY = "ISC Internet Domain Name Server" | ||
| 2 | HOMEPAGE = "https://www.isc.org/bind/" | ||
| 3 | DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system" | ||
| 4 | SECTION = "console/network" | ||
| 5 | |||
| 6 | LICENSE = "MPL-2.0" | ||
| 7 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c7a0b6d9a1b692a5da9af9d503671f43" | ||
| 8 | |||
| 9 | DEPENDS = "openssl libcap zlib libuv liburcu" | ||
| 10 | |||
| 11 | SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ | ||
| 12 | file://conf.patch \ | ||
| 13 | file://named.service \ | ||
| 14 | file://bind9 \ | ||
| 15 | file://generate-rndc-key.sh \ | ||
| 16 | file://make-etc-initd-bind-stop-work.patch \ | ||
| 17 | file://init.d-add-support-for-read-only-rootfs.patch \ | ||
| 18 | file://bind-ensure-searching-for-json-headers-searches-sysr.patch \ | ||
| 19 | file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ | ||
| 20 | file://0001-avoid-start-failure-with-bind-user.patch \ | ||
| 21 | " | ||
| 22 | |||
| 23 | SRC_URI[sha256sum] = "d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb" | ||
| 24 | |||
| 25 | UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" | ||
| 26 | # follow the ESV versions divisible by 2 | ||
| 27 | UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/" | ||
| 28 | |||
| 29 | inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives | ||
| 30 | |||
| 31 | # PACKAGECONFIGs readline and libedit should NOT be set at same time | ||
| 32 | PACKAGECONFIG ?= "readline" | ||
| 33 | PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2" | ||
| 34 | PACKAGECONFIG[readline] = "--with-readline=readline,,readline" | ||
| 35 | PACKAGECONFIG[libedit] = "--with-readline=libedit,,libedit" | ||
| 36 | PACKAGECONFIG[dns-over-http] = "--enable-doh,--disable-doh,nghttp2" | ||
| 37 | |||
| 38 | EXTRA_OECONF = " --disable-auto-validation \ | ||
| 39 | --with-gssapi=no --with-lmdb=no --with-zlib \ | ||
| 40 | --sysconfdir=${sysconfdir}/bind \ | ||
| 41 | --with-openssl=${STAGING_DIR_HOST}${prefix} \ | ||
| 42 | " | ||
| 43 | LDFLAGS += "-lz" | ||
| 44 | |||
| 45 | # dhcp needs .la so keep them | ||
| 46 | REMOVE_LIBTOOL_LA = "0" | ||
| 47 | |||
| 48 | USERADD_PACKAGES = "${PN}" | ||
| 49 | USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \ | ||
| 50 | --user-group bind" | ||
| 51 | |||
| 52 | INITSCRIPT_NAME = "bind" | ||
| 53 | INITSCRIPT_PARAMS = "defaults" | ||
| 54 | |||
| 55 | SYSTEMD_SERVICE:${PN} = "named.service" | ||
| 56 | |||
| 57 | do_install:append() { | ||
| 58 | |||
| 59 | install -d -o bind "${D}${localstatedir}/cache/bind" | ||
| 60 | install -d "${D}${sysconfdir}/bind" | ||
| 61 | install -d "${D}${sysconfdir}/init.d" | ||
| 62 | install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/" | ||
| 63 | install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind" | ||
| 64 | |||
| 65 | # Install systemd related files | ||
| 66 | install -d ${D}${sbindir} | ||
| 67 | install -m 755 ${UNPACKDIR}/generate-rndc-key.sh ${D}${sbindir} | ||
| 68 | install -d ${D}${systemd_system_unitdir} | ||
| 69 | install -m 0644 ${UNPACKDIR}/named.service ${D}${systemd_system_unitdir} | ||
| 70 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
| 71 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
| 72 | ${D}${systemd_system_unitdir}/named.service | ||
| 73 | |||
| 74 | install -d ${D}${sysconfdir}/default | ||
| 75 | install -m 0644 ${UNPACKDIR}/bind9 ${D}${sysconfdir}/default | ||
| 76 | |||
| 77 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
| 78 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
| 79 | echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf | ||
| 80 | fi | ||
| 81 | } | ||
| 82 | |||
| 83 | CONFFILES:${PN} = " \ | ||
| 84 | ${sysconfdir}/bind/named.conf \ | ||
| 85 | ${sysconfdir}/bind/named.conf.local \ | ||
| 86 | ${sysconfdir}/bind/named.conf.options \ | ||
| 87 | ${sysconfdir}/bind/db.0 \ | ||
| 88 | ${sysconfdir}/bind/db.127 \ | ||
| 89 | ${sysconfdir}/bind/db.empty \ | ||
| 90 | ${sysconfdir}/bind/db.local \ | ||
| 91 | ${sysconfdir}/bind/db.root \ | ||
| 92 | " | ||
| 93 | |||
| 94 | ALTERNATIVE:${PN}-utils = "nslookup" | ||
| 95 | ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup" | ||
| 96 | ALTERNATIVE_PRIORITY = "100" | ||
| 97 | |||
| 98 | PACKAGE_BEFORE_PN += "${PN}-utils" | ||
| 99 | FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate" | ||
| 100 | FILES:${PN}-dev += "${bindir}/isc-config.h" | ||
| 101 | FILES:${PN} += "${sbindir}/generate-rndc-key.sh" | ||
| 102 | |||
| 103 | PACKAGE_BEFORE_PN += "${PN}-libs" | ||
| 104 | # special arrangement below due to | ||
| 105 | # https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88 | ||
| 106 | FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so" | ||
| 107 | FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so" | ||
| 108 | |||
| 109 | DEV_PKG_DEPENDENCY = "" | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc deleted file mode 100644 index aac38a54a9..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ /dev/null | |||
| @@ -1,158 +0,0 @@ | |||
| 1 | SUMMARY = "Linux Bluetooth Stack Userland V5" | ||
| 2 | DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries." | ||
| 3 | HOMEPAGE = "http://www.bluez.org" | ||
| 4 | SECTION = "libs" | ||
| 5 | LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | ||
| 7 | file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \ | ||
| 8 | file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac" | ||
| 9 | DEPENDS = "dbus glib-2.0" | ||
| 10 | PROVIDES += "bluez-hcidump" | ||
| 11 | RPROVIDES:${PN} += "bluez-hcidump" | ||
| 12 | |||
| 13 | PACKAGECONFIG ??= "obex-profiles \ | ||
| 14 | readline \ | ||
| 15 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ | ||
| 16 | a2dp-profiles \ | ||
| 17 | avrcp-profiles \ | ||
| 18 | bap-profiles \ | ||
| 19 | bass-profiles \ | ||
| 20 | mcp-profiles \ | ||
| 21 | ccp-profiles \ | ||
| 22 | vcp-profiles \ | ||
| 23 | micp-profiles \ | ||
| 24 | csip-profiles \ | ||
| 25 | asha-profiles \ | ||
| 26 | network-profiles \ | ||
| 27 | hid-profiles \ | ||
| 28 | hog-profiles \ | ||
| 29 | tools \ | ||
| 30 | deprecated \ | ||
| 31 | udev \ | ||
| 32 | " | ||
| 33 | PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical" | ||
| 34 | PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline," | ||
| 35 | PACKAGECONFIG[testing] = "--enable-testing,--disable-testing" | ||
| 36 | PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib" | ||
| 37 | PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd" | ||
| 38 | PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups" | ||
| 39 | PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc" | ||
| 40 | PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap" | ||
| 41 | PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp" | ||
| 42 | PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp" | ||
| 43 | PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network" | ||
| 44 | PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid" | ||
| 45 | PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog" | ||
| 46 | PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health" | ||
| 47 | PACKAGECONFIG[bap-profiles] = "--enable-bap,--disable-bap" | ||
| 48 | PACKAGECONFIG[bass-profiles] = "--enable-bass,--disable-bass" | ||
| 49 | PACKAGECONFIG[mcp-profiles] = "--enable-mcp,--disable-mcp" | ||
| 50 | PACKAGECONFIG[ccp-profiles] = "--enable-ccp,--disable-ccp" | ||
| 51 | PACKAGECONFIG[vcp-profiles] = "--enable-vcp,--disable-vcp" | ||
| 52 | PACKAGECONFIG[micp-profiles] = "--enable-micp,--disable-micp" | ||
| 53 | PACKAGECONFIG[csip-profiles] = "--enable-csip,--disable-csip" | ||
| 54 | PACKAGECONFIG[asha-profiles] = "--enable-asha,--disable-asha" | ||
| 55 | PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis" | ||
| 56 | PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" | ||
| 57 | PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" | ||
| 58 | PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell" | ||
| 59 | PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell" | ||
| 60 | PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" | ||
| 61 | PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native" | ||
| 62 | |||
| 63 | SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ | ||
| 64 | file://init \ | ||
| 65 | file://run-ptest \ | ||
| 66 | file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ | ||
| 67 | file://0001-media-fix-pac_config_cb-error-code-return.patch \ | ||
| 68 | " | ||
| 69 | S = "${UNPACKDIR}/bluez-${PV}" | ||
| 70 | |||
| 71 | CVE_PRODUCT = "bluez" | ||
| 72 | |||
| 73 | inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data | ||
| 74 | |||
| 75 | EXTRA_OECONF = "\ | ||
| 76 | --enable-test \ | ||
| 77 | --enable-datafiles \ | ||
| 78 | --enable-library \ | ||
| 79 | --enable-pie \ | ||
| 80 | --without-zsh-completion-dir \ | ||
| 81 | " | ||
| 82 | |||
| 83 | CFLAGS += "-DFIRMWARE_DIR='"${nonarch_base_libdir}/firmware"'" | ||
| 84 | |||
| 85 | # bluez5 builds a large number of useful utilities but does not | ||
| 86 | # install them. Specify which ones we want put into ${PN}-noinst-tools. | ||
| 87 | NOINST_TOOLS_READLINE ??= "" | ||
| 88 | NOINST_TOOLS_TESTING ??= "" | ||
| 89 | NOINST_TOOLS_BT ??= "" | ||
| 90 | NOINST_TOOLS = " \ | ||
| 91 | ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \ | ||
| 92 | ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \ | ||
| 93 | ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \ | ||
| 94 | " | ||
| 95 | |||
| 96 | do_install:append() { | ||
| 97 | install -d ${D}${INIT_D_DIR} | ||
| 98 | install -m 0755 ${UNPACKDIR}/init ${D}${INIT_D_DIR}/bluetooth | ||
| 99 | |||
| 100 | if [ -f ${D}${sysconfdir}/init.d/bluetooth ]; then | ||
| 101 | sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${sysconfdir}/init.d/bluetooth | ||
| 102 | fi | ||
| 103 | |||
| 104 | # Install desired tools that upstream leaves in build area | ||
| 105 | for f in ${NOINST_TOOLS} ; do | ||
| 106 | install -m 755 ${B}/$f ${D}${bindir} | ||
| 107 | done | ||
| 108 | } | ||
| 109 | |||
| 110 | PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools" | ||
| 111 | |||
| 112 | FILES:${PN} += " \ | ||
| 113 | ${libdir}/bluetooth/plugins/*.so \ | ||
| 114 | ${systemd_unitdir}/ ${datadir}/dbus-1 \ | ||
| 115 | ${libdir}/cups \ | ||
| 116 | " | ||
| 117 | FILES:${PN}-dev += " \ | ||
| 118 | ${libdir}/bluetooth/plugins/*.la \ | ||
| 119 | " | ||
| 120 | |||
| 121 | FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \ | ||
| 122 | ${exec_prefix}/lib/systemd/user/obex.service \ | ||
| 123 | ${systemd_system_unitdir}/obex.service \ | ||
| 124 | ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \ | ||
| 125 | ${datadir}/dbus-1/services/org.bluez.obex.service \ | ||
| 126 | ${sysconfdir}/dbus-1/system.d/obexd.conf \ | ||
| 127 | " | ||
| 128 | SYSTEMD_SERVICE:${PN}-obex = "obex.service" | ||
| 129 | |||
| 130 | FILES:${PN}-testtools = "${libdir}/bluez/test/*" | ||
| 131 | |||
| 132 | def get_noinst_tools_paths (d, bb, tools): | ||
| 133 | s = list() | ||
| 134 | bindir = d.getVar("bindir") | ||
| 135 | for bdp in tools.split(): | ||
| 136 | f = os.path.basename(bdp) | ||
| 137 | s.append("%s/%s" % (bindir, f)) | ||
| 138 | return "\n".join(s) | ||
| 139 | |||
| 140 | FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}" | ||
| 141 | |||
| 142 | RDEPENDS:${PN}-testtools += "python3-core python3-dbus" | ||
| 143 | RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}" | ||
| 144 | |||
| 145 | SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}" | ||
| 146 | INITSCRIPT_PACKAGES = "${PN}" | ||
| 147 | INITSCRIPT_NAME:${PN} = "bluetooth" | ||
| 148 | |||
| 149 | do_compile_ptest() { | ||
| 150 | oe_runmake buildtests | ||
| 151 | } | ||
| 152 | |||
| 153 | do_install_ptest() { | ||
| 154 | cp -r ${B}/unit/ ${D}${PTEST_PATH} | ||
| 155 | rm -f ${D}${PTEST_PATH}/unit/*.o | ||
| 156 | } | ||
| 157 | |||
| 158 | RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16" | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch deleted file mode 100644 index a67fd07137..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-media-fix-pac_config_cb-error-code-return.patch +++ /dev/null | |||
| @@ -1,29 +0,0 @@ | |||
| 1 | From d7966dbb7bcf39f9615c906c47ef7ad895796756 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Pauli Virtanen <pav@iki.fi> | ||
| 3 | Date: Thu, 18 Sep 2025 20:19:35 +0300 | ||
| 4 | Subject: [PATCH] media: fix pac_config_cb() error code return | ||
| 5 | |||
| 6 | Fixes: a887b1a1b91f ("audio: Add support for specific error codes for A2DP configuration") | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://github.com/bluez/bluez/commit/6b0a08776ae44a9102d7c6875a77e83dc6a11a37] | ||
| 9 | Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> | ||
| 10 | --- | ||
| 11 | profiles/audio/media.c | 2 +- | ||
| 12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 13 | |||
| 14 | diff --git a/profiles/audio/media.c b/profiles/audio/media.c | ||
| 15 | index 332f643bb..deb321e6c 100644 | ||
| 16 | --- a/profiles/audio/media.c | ||
| 17 | +++ b/profiles/audio/media.c | ||
| 18 | @@ -1110,7 +1110,7 @@ static void pac_config_cb(struct media_endpoint *endpoint, void *ret, int size, | ||
| 19 | if (!transport) | ||
| 20 | return; | ||
| 21 | |||
| 22 | - data->cb(data->stream, error_code == 0 ? 0 : -EINVAL); | ||
| 23 | + data->cb(data->stream, (error_code && *error_code == 0) ? 0 : -EINVAL); | ||
| 24 | } | ||
| 25 | |||
| 26 | static struct media_transport *pac_ucast_config(struct bt_bap_stream *stream, | ||
| 27 | -- | ||
| 28 | 2.43.0 | ||
| 29 | |||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch deleted file mode 100644 index cea7c10c3d..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch +++ /dev/null | |||
| @@ -1,25 +0,0 @@ | |||
| 1 | From d8bbdd8e7166f481429b4999f520cd8306685f03 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | ||
| 3 | Date: Fri, 1 Apr 2016 17:07:34 +0300 | ||
| 4 | Subject: [PATCH] tests: add a target for building tests without running them | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [oe specific] | ||
| 7 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||
| 8 | --- | ||
| 9 | Makefile.am | 3 +++ | ||
| 10 | 1 file changed, 3 insertions(+) | ||
| 11 | |||
| 12 | diff --git a/Makefile.am b/Makefile.am | ||
| 13 | index 94f625d..a3c3512 100644 | ||
| 14 | --- a/Makefile.am | ||
| 15 | +++ b/Makefile.am | ||
| 16 | @@ -725,6 +725,9 @@ endif | ||
| 17 | TESTS = $(unit_tests) | ||
| 18 | AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69 | ||
| 19 | |||
| 20 | +# This allows building tests without running them | ||
| 21 | +buildtests: $(TESTS) | ||
| 22 | + | ||
| 23 | if DBUS_RUN_SESSION | ||
| 24 | AM_TESTS_ENVIRONMENT += dbus-run-session -- | ||
| 25 | endif | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init deleted file mode 100644 index ca9fa18549..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/init +++ /dev/null | |||
| @@ -1,61 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | # Source function library | ||
| 4 | . /etc/init.d/functions | ||
| 5 | |||
| 6 | PATH=/sbin:/bin:/usr/sbin:/usr/bin | ||
| 7 | DESC=bluetooth | ||
| 8 | |||
| 9 | DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd | ||
| 10 | |||
| 11 | # If you want to be ignore error of "org.freedesktop.hostname1", | ||
| 12 | # please enable NOPLUGIN_OPTION. | ||
| 13 | # NOPLUGIN_OPTION="--noplugin=hostname" | ||
| 14 | NOPLUGIN_OPTION="" | ||
| 15 | SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION" | ||
| 16 | |||
| 17 | test -f $DAEMON || exit 0 | ||
| 18 | |||
| 19 | # FIXME: any of the sourced files may fail if/with syntax errors | ||
| 20 | test -f /etc/default/bluetooth && . /etc/default/bluetooth | ||
| 21 | test -f /etc/default/rcS && . /etc/default/rcS | ||
| 22 | |||
| 23 | set -e | ||
| 24 | |||
| 25 | case $1 in | ||
| 26 | start) | ||
| 27 | echo -n "Starting $DESC: " | ||
| 28 | if test "$BLUETOOTH_ENABLED" = 0; then | ||
| 29 | echo "disabled (see /etc/default/bluetooth)." | ||
| 30 | exit 0 | ||
| 31 | fi | ||
| 32 | start-stop-daemon --start --background $SSD_OPTIONS | ||
| 33 | echo "${DAEMON##*/}." | ||
| 34 | ;; | ||
| 35 | stop) | ||
| 36 | echo -n "Stopping $DESC: " | ||
| 37 | if test "$BLUETOOTH_ENABLED" = 0; then | ||
| 38 | echo "disabled (see /etc/default/bluetooth)." | ||
| 39 | exit 0 | ||
| 40 | fi | ||
| 41 | start-stop-daemon --stop $SSD_OPTIONS | ||
| 42 | echo "${DAEMON##*/}." | ||
| 43 | ;; | ||
| 44 | restart|force-reload) | ||
| 45 | $0 stop | ||
| 46 | sleep 1 | ||
| 47 | $0 start | ||
| 48 | ;; | ||
| 49 | status) | ||
| 50 | status ${DAEMON} || exit $? | ||
| 51 | ;; | ||
| 52 | *) | ||
| 53 | N=/etc/init.d/bluetooth | ||
| 54 | echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 | ||
| 55 | exit 1 | ||
| 56 | ;; | ||
| 57 | esac | ||
| 58 | |||
| 59 | exit 0 | ||
| 60 | |||
| 61 | # vim:noet | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest deleted file mode 100644 index 0335e68e48..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | #! /bin/sh | ||
| 2 | |||
| 3 | cd unit | ||
| 4 | |||
| 5 | failed=0 | ||
| 6 | all=0 | ||
| 7 | |||
| 8 | for f in test-*; do | ||
| 9 | "./$f" -q | ||
| 10 | case "$?" in | ||
| 11 | 0) | ||
| 12 | echo "PASS: $f" | ||
| 13 | all=$((all + 1)) | ||
| 14 | ;; | ||
| 15 | 77) | ||
| 16 | echo "SKIP: $f" | ||
| 17 | ;; | ||
| 18 | *) | ||
| 19 | echo "FAIL: $f" | ||
| 20 | failed=$((failed + 1)) | ||
| 21 | all=$((all + 1)) | ||
| 22 | ;; | ||
| 23 | esac | ||
| 24 | done | ||
| 25 | |||
| 26 | if [ "$failed" -eq 0 ] ; then | ||
| 27 | echo "All $all tests passed" | ||
| 28 | else | ||
| 29 | echo "$failed of $all tests failed" | ||
| 30 | fi | ||
| 31 | |||
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb b/meta/recipes-connectivity/bluez5/bluez5_5.84.bb deleted file mode 100644 index 874db9df64..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5_5.84.bb +++ /dev/null | |||
| @@ -1,74 +0,0 @@ | |||
| 1 | require bluez5.inc | ||
| 2 | |||
| 3 | SRC_URI[sha256sum] = "5ba73d030f7b00087d67800b0e321601aec0f892827c72e5a2c8390d8c886b11" | ||
| 4 | |||
| 5 | CVE_STATUS[CVE-2020-24490] = "cpe-incorrect: This issue has kernel fixes rather than bluez fixes" | ||
| 6 | |||
| 7 | # noinst programs in Makefile.tools that are conditional on READLINE | ||
| 8 | # support | ||
| 9 | NOINST_TOOLS_READLINE ?= " \ | ||
| 10 | ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \ | ||
| 11 | tools/obex-client-tool \ | ||
| 12 | tools/obex-server-tool \ | ||
| 13 | tools/bluetooth-player \ | ||
| 14 | tools/obexctl \ | ||
| 15 | tools/btmgmt \ | ||
| 16 | " | ||
| 17 | |||
| 18 | # noinst programs in Makefile.tools that are conditional on TESTING | ||
| 19 | # support | ||
| 20 | NOINST_TOOLS_TESTING ?= " \ | ||
| 21 | emulator/btvirt \ | ||
| 22 | emulator/b1ee \ | ||
| 23 | emulator/hfp \ | ||
| 24 | peripheral/btsensor \ | ||
| 25 | tools/3dsp \ | ||
| 26 | tools/mgmt-tester \ | ||
| 27 | tools/gap-tester \ | ||
| 28 | tools/l2cap-tester \ | ||
| 29 | tools/sco-tester \ | ||
| 30 | tools/smp-tester \ | ||
| 31 | tools/hci-tester \ | ||
| 32 | tools/rfcomm-tester \ | ||
| 33 | tools/bnep-tester \ | ||
| 34 | tools/userchan-tester \ | ||
| 35 | tools/iso-tester \ | ||
| 36 | tools/mesh-tester \ | ||
| 37 | tools/ioctl-tester \ | ||
| 38 | " | ||
| 39 | |||
| 40 | # noinst programs in Makefile.tools that are conditional on TOOLS | ||
| 41 | # support | ||
| 42 | NOINST_TOOLS_BT ?= " \ | ||
| 43 | tools/bdaddr \ | ||
| 44 | tools/avinfo \ | ||
| 45 | tools/avtest \ | ||
| 46 | tools/scotest \ | ||
| 47 | tools/hwdb \ | ||
| 48 | tools/hcieventmask \ | ||
| 49 | tools/hcisecfilter \ | ||
| 50 | tools/btinfo \ | ||
| 51 | tools/btconfig \ | ||
| 52 | tools/btsnoop \ | ||
| 53 | tools/btproxy \ | ||
| 54 | tools/btiotest \ | ||
| 55 | tools/bneptest \ | ||
| 56 | tools/mcaptest \ | ||
| 57 | tools/cltest \ | ||
| 58 | tools/oobtest \ | ||
| 59 | tools/advtest \ | ||
| 60 | tools/seq2bseq \ | ||
| 61 | tools/nokfw \ | ||
| 62 | tools/rtlfw \ | ||
| 63 | tools/bcmfw \ | ||
| 64 | tools/create-image \ | ||
| 65 | tools/eddystone \ | ||
| 66 | tools/ibeacon \ | ||
| 67 | tools/btgatt-client \ | ||
| 68 | tools/btgatt-server \ | ||
| 69 | tools/test-runner \ | ||
| 70 | tools/check-selftest \ | ||
| 71 | tools/gatt-service \ | ||
| 72 | profiles/iap/iapd \ | ||
| 73 | ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient tools/btpclientctl', '', d)} \ | ||
| 74 | " | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb deleted file mode 100644 index 854e1f1f29..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf.bb +++ /dev/null | |||
| @@ -1,20 +0,0 @@ | |||
| 1 | SUMMARY = "Connman config to ignore wired interface on qemu machines" | ||
| 2 | DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \ | ||
| 3 | network interface inside qemu machines." | ||
| 4 | LICENSE = "GPL-2.0-only" | ||
| 5 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" | ||
| 6 | |||
| 7 | SRC_URI = "file://main.conf \ | ||
| 8 | " | ||
| 9 | |||
| 10 | S = "${UNPACKDIR}" | ||
| 11 | |||
| 12 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
| 13 | |||
| 14 | FILES:${PN} = "${sysconfdir}/*" | ||
| 15 | |||
| 16 | # Kernel IP-Config is perfectly capable of setting up networking passed in via ip= | ||
| 17 | do_install:append:qemuall() { | ||
| 18 | mkdir -p ${D}${sysconfdir}/connman | ||
| 19 | cp ${S}/main.conf ${D}${sysconfdir}/connman/main.conf | ||
| 20 | } | ||
diff --git a/meta/recipes-connectivity/connman/connman-conf/main.conf b/meta/recipes-connectivity/connman/connman-conf/main.conf deleted file mode 100644 index 3c9dd396f6..0000000000 --- a/meta/recipes-connectivity/connman/connman-conf/main.conf +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | [General] | ||
| 2 | NetworkInterfaceBlacklist = eth,en | ||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch deleted file mode 100644 index c93e9b4654..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch +++ /dev/null | |||
| @@ -1,277 +0,0 @@ | |||
| 1 | From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
| 3 | Date: Wed, 2 Mar 2016 15:47:49 +0200 | ||
| 4 | Subject: [PATCH] Port to Gtk3 | ||
| 5 | |||
| 6 | Some unused (or not useful) code was removed, functionality should stay | ||
| 7 | the same. | ||
| 8 | |||
| 9 | Code still contains quite a few uses of deprecated API. | ||
| 10 | |||
| 11 | Upstream-Status: Submitted | ||
| 12 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
| 13 | --- | ||
| 14 | applet/agent.c | 3 +-- | ||
| 15 | applet/main.c | 43 ------------------------------------------- | ||
| 16 | applet/status.c | 8 -------- | ||
| 17 | configure.ac | 3 +-- | ||
| 18 | properties/ethernet.c | 14 +++++++------- | ||
| 19 | properties/main.c | 2 +- | ||
| 20 | properties/wifi.c | 12 ++++++------ | ||
| 21 | 7 files changed, 16 insertions(+), 69 deletions(-) | ||
| 22 | |||
| 23 | diff --git a/applet/agent.c b/applet/agent.c | ||
| 24 | index 65bed08..04fe86a 100644 | ||
| 25 | --- a/applet/agent.c | ||
| 26 | +++ b/applet/agent.c | ||
| 27 | @@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request, | ||
| 28 | gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); | ||
| 29 | gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); | ||
| 30 | gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE); | ||
| 31 | - gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE); | ||
| 32 | input->dialog = dialog; | ||
| 33 | |||
| 34 | gtk_dialog_add_button(GTK_DIALOG(dialog), | ||
| 35 | @@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request, | ||
| 36 | gtk_table_set_row_spacings(GTK_TABLE(table), 4); | ||
| 37 | gtk_table_set_col_spacings(GTK_TABLE(table), 20); | ||
| 38 | gtk_container_set_border_width(GTK_CONTAINER(table), 12); | ||
| 39 | - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); | ||
| 40 | + gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table); | ||
| 41 | |||
| 42 | label = gtk_label_new(_("Please provide some network information:")); | ||
| 43 | gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0); | ||
| 44 | diff --git a/applet/main.c b/applet/main.c | ||
| 45 | index f12d371..cd16285 100644 | ||
| 46 | --- a/applet/main.c | ||
| 47 | +++ b/applet/main.c | ||
| 48 | @@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name, | ||
| 49 | } | ||
| 50 | } | ||
| 51 | |||
| 52 | -static void open_uri(GtkWindow *parent, const char *uri) | ||
| 53 | -{ | ||
| 54 | - GtkWidget *dialog; | ||
| 55 | - GdkScreen *screen; | ||
| 56 | - GError *error = NULL; | ||
| 57 | - gchar *cmdline; | ||
| 58 | - | ||
| 59 | - screen = gtk_window_get_screen(parent); | ||
| 60 | - | ||
| 61 | - cmdline = g_strconcat("xdg-open ", uri, NULL); | ||
| 62 | - | ||
| 63 | - if (gdk_spawn_command_line_on_screen(screen, | ||
| 64 | - cmdline, &error) == FALSE) { | ||
| 65 | - dialog = gtk_message_dialog_new(parent, | ||
| 66 | - GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, | ||
| 67 | - GTK_BUTTONS_CLOSE, "%s", error->message); | ||
| 68 | - gtk_dialog_run(GTK_DIALOG(dialog)); | ||
| 69 | - gtk_widget_destroy(dialog); | ||
| 70 | - g_error_free(error); | ||
| 71 | - } | ||
| 72 | - | ||
| 73 | - g_free(cmdline); | ||
| 74 | -} | ||
| 75 | - | ||
| 76 | -static void about_url_hook(GtkAboutDialog *dialog, | ||
| 77 | - const gchar *url, gpointer data) | ||
| 78 | -{ | ||
| 79 | - open_uri(GTK_WINDOW(dialog), url); | ||
| 80 | -} | ||
| 81 | - | ||
| 82 | -static void about_email_hook(GtkAboutDialog *dialog, | ||
| 83 | - const gchar *email, gpointer data) | ||
| 84 | -{ | ||
| 85 | - gchar *uri; | ||
| 86 | - | ||
| 87 | - uri = g_strconcat("mailto:", email, NULL); | ||
| 88 | - open_uri(GTK_WINDOW(dialog), uri); | ||
| 89 | - g_free(uri); | ||
| 90 | -} | ||
| 91 | - | ||
| 92 | static void about_callback(GtkWidget *item, gpointer user_data) | ||
| 93 | { | ||
| 94 | const gchar *authors[] = { | ||
| 95 | @@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data) | ||
| 96 | NULL | ||
| 97 | }; | ||
| 98 | |||
| 99 | - gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL); | ||
| 100 | - gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL); | ||
| 101 | - | ||
| 102 | gtk_show_about_dialog(NULL, "version", VERSION, | ||
| 103 | "copyright", "Copyright \xc2\xa9 2008 Intel Corporation", | ||
| 104 | "comments", _("A connection manager for the GNOME desktop"), | ||
| 105 | diff --git a/applet/status.c b/applet/status.c | ||
| 106 | index aed6f1e..015ff29 100644 | ||
| 107 | --- a/applet/status.c | ||
| 108 | +++ b/applet/status.c | ||
| 109 | @@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation, | ||
| 110 | { | ||
| 111 | available = TRUE; | ||
| 112 | |||
| 113 | - gtk_status_icon_set_tooltip(statusicon, NULL); | ||
| 114 | - | ||
| 115 | animation->start = start; | ||
| 116 | animation->end = (end == 0) ? animation->count - 1 : end; | ||
| 117 | |||
| 118 | @@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation) | ||
| 119 | { | ||
| 120 | available = TRUE; | ||
| 121 | |||
| 122 | - gtk_status_icon_set_tooltip(statusicon, NULL); | ||
| 123 | - | ||
| 124 | if (animation->id > 0) | ||
| 125 | g_source_remove(animation->id); | ||
| 126 | |||
| 127 | @@ -251,8 +247,6 @@ void status_unavailable(void) | ||
| 128 | available = FALSE; | ||
| 129 | |||
| 130 | gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier); | ||
| 131 | - gtk_status_icon_set_tooltip(statusicon, | ||
| 132 | - "Connection Manager daemon is not running"); | ||
| 133 | |||
| 134 | gtk_status_icon_set_visible(statusicon, TRUE); | ||
| 135 | } | ||
| 136 | @@ -299,7 +293,6 @@ static void set_ready(gint signal) | ||
| 137 | |||
| 138 | if (signal < 0) { | ||
| 139 | gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired); | ||
| 140 | - gtk_status_icon_set_tooltip(statusicon, NULL); | ||
| 141 | return; | ||
| 142 | } | ||
| 143 | |||
| 144 | @@ -311,7 +304,6 @@ static void set_ready(gint signal) | ||
| 145 | index = 4; | ||
| 146 | |||
| 147 | gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]); | ||
| 148 | - gtk_status_icon_set_tooltip(statusicon, NULL); | ||
| 149 | } | ||
| 150 | |||
| 151 | struct timeout_data { | ||
| 152 | diff --git a/configure.ac b/configure.ac | ||
| 153 | index b972e07..a4dad5d 100644 | ||
| 154 | --- a/configure.ac | ||
| 155 | +++ b/configure.ac | ||
| 156 | @@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS) | ||
| 157 | DBUS_BINDING_TOOL="dbus-binding-tool" | ||
| 158 | AC_SUBST(DBUS_BINDING_TOOL) | ||
| 159 | |||
| 160 | -PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes, | ||
| 161 | - AC_MSG_ERROR(gtk+ >= 2.8 is required)) | ||
| 162 | +PKG_CHECK_MODULES(GTK, gtk+-3.0) | ||
| 163 | AC_SUBST(GTK_CFLAGS) | ||
| 164 | AC_SUBST(GTK_LIBS) | ||
| 165 | |||
| 166 | diff --git a/properties/ethernet.c b/properties/ethernet.c | ||
| 167 | index 31db7a0..0b6b423 100644 | ||
| 168 | --- a/properties/ethernet.c | ||
| 169 | +++ b/properties/ethernet.c | ||
| 170 | @@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter, | ||
| 171 | gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); | ||
| 172 | gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); | ||
| 173 | |||
| 174 | - table = gtk_table_new(1, 1, TRUE); | ||
| 175 | + table = gtk_table_new(1, 1, FALSE); | ||
| 176 | gtk_table_set_row_spacings(GTK_TABLE(table), 10); | ||
| 177 | gtk_table_set_col_spacings(GTK_TABLE(table), 10); | ||
| 178 | gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); | ||
| 179 | @@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d | ||
| 180 | gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); | ||
| 181 | gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); | ||
| 182 | |||
| 183 | - table = gtk_table_new(5, 5, TRUE); | ||
| 184 | + table = gtk_table_new(5, 5, FALSE); | ||
| 185 | gtk_table_set_row_spacings(GTK_TABLE(table), 10); | ||
| 186 | gtk_table_set_col_spacings(GTK_TABLE(table), 10); | ||
| 187 | gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); | ||
| 188 | @@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d | ||
| 189 | label = gtk_label_new(_("Configuration:")); | ||
| 190 | gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1); | ||
| 191 | |||
| 192 | - combo = gtk_combo_box_new_text(); | ||
| 193 | - gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP"); | ||
| 194 | - gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL"); | ||
| 195 | + combo = gtk_combo_box_text_new(); | ||
| 196 | + gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP"); | ||
| 197 | + gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL"); | ||
| 198 | gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo), | ||
| 199 | separator_function, NULL, NULL); | ||
| 200 | gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1); | ||
| 201 | @@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy) | ||
| 202 | case CONNMAN_POLICY_DHCP: | ||
| 203 | gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0); | ||
| 204 | for (i = 0; i < 3; i++) { | ||
| 205 | - gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0); | ||
| 206 | + gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0); | ||
| 207 | gtk_widget_set_sensitive(entry[i], 0); | ||
| 208 | gtk_entry_set_text(GTK_ENTRY(entry[i]), _("")); | ||
| 209 | } | ||
| 210 | @@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy) | ||
| 211 | case CONNMAN_POLICY_MANUAL: | ||
| 212 | gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1); | ||
| 213 | for (i = 0; i < 3; i++) { | ||
| 214 | - gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1); | ||
| 215 | + gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1); | ||
| 216 | gtk_widget_set_sensitive(entry[i], 1); | ||
| 217 | } | ||
| 218 | break; | ||
| 219 | diff --git a/properties/main.c b/properties/main.c | ||
| 220 | index c05f443..6f76361 100644 | ||
| 221 | --- a/properties/main.c | ||
| 222 | +++ b/properties/main.c | ||
| 223 | @@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window) | ||
| 224 | |||
| 225 | scrolled = gtk_scrolled_window_new(NULL, NULL); | ||
| 226 | gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled), | ||
| 227 | - GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); | ||
| 228 | + GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC); | ||
| 229 | gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled), | ||
| 230 | GTK_SHADOW_OUT); | ||
| 231 | gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0); | ||
| 232 | diff --git a/properties/wifi.c b/properties/wifi.c | ||
| 233 | index bd325ef..a5827e0 100644 | ||
| 234 | --- a/properties/wifi.c | ||
| 235 | +++ b/properties/wifi.c | ||
| 236 | @@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter, | ||
| 237 | gtk_container_set_border_width(GTK_CONTAINER(vbox), 24); | ||
| 238 | gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0); | ||
| 239 | |||
| 240 | - table = gtk_table_new(1, 1, TRUE); | ||
| 241 | + table = gtk_table_new(1, 1, FALSE); | ||
| 242 | gtk_table_set_row_spacings(GTK_TABLE(table), 10); | ||
| 243 | gtk_table_set_col_spacings(GTK_TABLE(table), 10); | ||
| 244 | gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0); | ||
| 245 | @@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte | ||
| 246 | gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4); | ||
| 247 | data->ipv4.label[0] = label; | ||
| 248 | |||
| 249 | - combo = gtk_combo_box_new_text(); | ||
| 250 | - gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP"); | ||
| 251 | - gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual"); | ||
| 252 | + combo = gtk_combo_box_text_new(); | ||
| 253 | + gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP"); | ||
| 254 | + gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual"); | ||
| 255 | |||
| 256 | gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo), | ||
| 257 | separator_function, NULL, NULL); | ||
| 258 | @@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy) | ||
| 259 | case CONNMAN_POLICY_DHCP: | ||
| 260 | gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0); | ||
| 261 | for (i = 0; i < 3; i++) { | ||
| 262 | - gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0); | ||
| 263 | + gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0); | ||
| 264 | gtk_widget_set_sensitive(entry[i], 0); | ||
| 265 | } | ||
| 266 | break; | ||
| 267 | case CONNMAN_POLICY_MANUAL: | ||
| 268 | gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1); | ||
| 269 | for (i = 0; i < 3; i++) { | ||
| 270 | - gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1); | ||
| 271 | + gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1); | ||
| 272 | gtk_widget_set_sensitive(entry[i], 1); | ||
| 273 | } | ||
| 274 | break; | ||
| 275 | -- | ||
| 276 | 2.8.1 | ||
| 277 | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch deleted file mode 100644 index 7957500dcf..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
| 3 | Date: Mon, 17 Dec 2012 14:01:18 +0200 | ||
| 4 | Subject: [PATCH] Removed icon from connman-gnome "about" applet | ||
| 5 | |||
| 6 | The connman-gnome "about" applet showed a picture that | ||
| 7 | can not be displayed. There is no designated picture | ||
| 8 | in connman-gnome to be used in the about section, so | ||
| 9 | it was removed. | ||
| 10 | |||
| 11 | [OE-Core #2509] | ||
| 12 | |||
| 13 | Upstream-Status: Pending | ||
| 14 | |||
| 15 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
| 16 | --- | ||
| 17 | applet/main.c | 2 +- | ||
| 18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/applet/main.c b/applet/main.c | ||
| 21 | index f12d371..c7b3c7f 100644 | ||
| 22 | --- a/applet/main.c | ||
| 23 | +++ b/applet/main.c | ||
| 24 | @@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data) | ||
| 25 | "comments", _("A connection manager for the GNOME desktop"), | ||
| 26 | "authors", authors, | ||
| 27 | "translator-credits", _("translator-credits"), | ||
| 28 | - "logo-icon-name", "network-wireless", NULL); | ||
| 29 | + NULL); | ||
| 30 | } | ||
| 31 | |||
| 32 | static void settings_callback(GtkWidget *item, gpointer user_data) | ||
| 33 | -- | ||
| 34 | 1.7.9.5 | ||
| 35 | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch deleted file mode 100644 index f4049fa3e2..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch +++ /dev/null | |||
| @@ -1,187 +0,0 @@ | |||
| 1 | connman-gnome: fix dbus interface name | ||
| 2 | |||
| 3 | This patch resolves following error: | ||
| 4 | |||
| 5 | "connman-dbus.xml": "connman" is not a valid D-Bus interface name | ||
| 6 | |||
| 7 | https://502552.bugs.gentoo.org/attachment.cgi?id=380652 | ||
| 8 | |||
| 9 | Upstream-Status: Backport | ||
| 10 | |||
| 11 | Signed-off-by: Chong Lu <Chong.Lu@windriver.com> | ||
| 12 | --- | ||
| 13 | common/connman-client.c | 24 ++++++++++++------------ | ||
| 14 | common/connman-client.h | 4 ++-- | ||
| 15 | common/connman-dbus.c | 6 +++--- | ||
| 16 | common/connman-dbus.xml | 2 +- | ||
| 17 | 4 files changed, 18 insertions(+), 18 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/common/connman-client.c b/common/connman-client.c | ||
| 20 | index c55e25c..9d818b2 100644 | ||
| 21 | --- a/common/connman-client.c | ||
| 22 | +++ b/common/connman-client.c | ||
| 23 | @@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, | ||
| 24 | |||
| 25 | g_value_init(&value, DBUS_TYPE_G_DICTIONARY); | ||
| 26 | g_value_set_boxed(&value, ipv4); | ||
| 27 | - ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL); | ||
| 28 | + ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL); | ||
| 29 | |||
| 30 | g_object_unref(proxy); | ||
| 31 | |||
| 32 | @@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, | ||
| 33 | g_value_set_boolean(&value, powered); | ||
| 34 | |||
| 35 | error = NULL; | ||
| 36 | - connman_set_property(proxy, "Powered", &value, &error); | ||
| 37 | + net_connman_set_property(proxy, "Powered", &value, &error); | ||
| 38 | if( error ) | ||
| 39 | fprintf (stderr, "error: %s\n", error->message); | ||
| 40 | |||
| 41 | @@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, | ||
| 42 | } | ||
| 43 | |||
| 44 | void connman_client_scan(ConnmanClient *client, const gchar *device, | ||
| 45 | - connman_scan_reply callback, gpointer user_data) | ||
| 46 | + net_connman_scan_reply callback, gpointer user_data) | ||
| 47 | { | ||
| 48 | ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); | ||
| 49 | DBusGProxy *proxy; | ||
| 50 | @@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device, | ||
| 51 | if (proxy == NULL) | ||
| 52 | return; | ||
| 53 | |||
| 54 | - connman_scan_async(proxy, callback, user_data); | ||
| 55 | + net_connman_scan_async(proxy, callback, user_data); | ||
| 56 | |||
| 57 | g_object_unref(proxy); | ||
| 58 | } | ||
| 59 | @@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client) | ||
| 60 | |||
| 61 | DBG("client %p", client); | ||
| 62 | |||
| 63 | - ret = connman_get_properties(priv->manager, &hash, NULL); | ||
| 64 | + ret = net_connman_get_properties(priv->manager, &hash, NULL); | ||
| 65 | |||
| 66 | if (ret == FALSE) | ||
| 67 | goto done; | ||
| 68 | @@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status) | ||
| 69 | g_value_init(&value, G_TYPE_BOOLEAN); | ||
| 70 | g_value_set_boolean(&value, status); | ||
| 71 | |||
| 72 | - connman_set_property(priv->manager, "OfflineMode", &value, NULL); | ||
| 73 | + net_connman_set_property(priv->manager, "OfflineMode", &value, NULL); | ||
| 74 | } | ||
| 75 | |||
| 76 | static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, | ||
| 77 | @@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path, | ||
| 78 | return TRUE; | ||
| 79 | |||
| 80 | if (type == CONNMAN_TYPE_WIFI) | ||
| 81 | - connman_disconnect(proxy, NULL); | ||
| 82 | + net_connman_disconnect(proxy, NULL); | ||
| 83 | |||
| 84 | g_object_unref(proxy); | ||
| 85 | |||
| 86 | @@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network) | ||
| 87 | if (proxy == NULL) | ||
| 88 | return; | ||
| 89 | |||
| 90 | - connman_connect(proxy, NULL); | ||
| 91 | + net_connman_connect(proxy, NULL); | ||
| 92 | |||
| 93 | g_object_unref(proxy); | ||
| 94 | } | ||
| 95 | |||
| 96 | void connman_client_connect_async(ConnmanClient *client, const gchar *network, | ||
| 97 | - connman_connect_reply callback, gpointer userdata) | ||
| 98 | + net_connman_connect_reply callback, gpointer userdata) | ||
| 99 | { | ||
| 100 | ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client); | ||
| 101 | DBusGProxy *proxy; | ||
| 102 | @@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network, | ||
| 103 | if (proxy == NULL) | ||
| 104 | goto done; | ||
| 105 | |||
| 106 | - connman_connect_async(proxy, callback, userdata); | ||
| 107 | + net_connman_connect_async(proxy, callback, userdata); | ||
| 108 | |||
| 109 | done: | ||
| 110 | return; | ||
| 111 | @@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network) | ||
| 112 | if (proxy == NULL) | ||
| 113 | return; | ||
| 114 | |||
| 115 | - connman_disconnect(proxy, NULL); | ||
| 116 | + net_connman_disconnect(proxy, NULL); | ||
| 117 | |||
| 118 | g_object_unref(proxy); | ||
| 119 | } | ||
| 120 | @@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network) | ||
| 121 | if (proxy == NULL) | ||
| 122 | return; | ||
| 123 | |||
| 124 | - connman_remove(proxy, NULL); | ||
| 125 | + net_connman_remove(proxy, NULL); | ||
| 126 | |||
| 127 | g_object_unref(proxy); | ||
| 128 | } | ||
| 129 | diff --git a/common/connman-client.h b/common/connman-client.h | ||
| 130 | index 9e2e6d5..98241de 100644 | ||
| 131 | --- a/common/connman-client.h | ||
| 132 | +++ b/common/connman-client.h | ||
| 133 | @@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device, | ||
| 134 | gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device, | ||
| 135 | struct ipv4_config *ipv4_config); | ||
| 136 | void connman_client_scan(ConnmanClient *client, const gchar *device, | ||
| 137 | - connman_scan_reply callback, gpointer user_data); | ||
| 138 | + net_connman_scan_reply callback, gpointer user_data); | ||
| 139 | |||
| 140 | void connman_client_connect(ConnmanClient *client, const gchar *network); | ||
| 141 | void connman_client_disconnect(ConnmanClient *client, const gchar *network); | ||
| 142 | gchar *connman_client_get_security(ConnmanClient *client, const gchar *network); | ||
| 143 | void connman_client_connect_async(ConnmanClient *client, const gchar *network, | ||
| 144 | - connman_connect_reply callback, gpointer userdata); | ||
| 145 | + net_connman_connect_reply callback, gpointer userdata); | ||
| 146 | void connman_client_set_remember(ConnmanClient *client, const gchar *network, | ||
| 147 | gboolean remember); | ||
| 148 | |||
| 149 | diff --git a/common/connman-dbus.c b/common/connman-dbus.c | ||
| 150 | index b82b3e1..543eb43 100644 | ||
| 151 | --- a/common/connman-dbus.c | ||
| 152 | +++ b/common/connman-dbus.c | ||
| 153 | @@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn, | ||
| 154 | |||
| 155 | DBG("getting manager properties"); | ||
| 156 | |||
| 157 | - connman_get_properties_async(proxy, manager_properties, store); | ||
| 158 | + net_connman_get_properties_async(proxy, manager_properties, store); | ||
| 159 | |||
| 160 | DBG("getting technologies"); | ||
| 161 | |||
| 162 | - connman_get_technologies_async(proxy, manager_technologies, store); | ||
| 163 | + net_connman_get_technologies_async(proxy, manager_technologies, store); | ||
| 164 | |||
| 165 | DBG("getting services"); | ||
| 166 | |||
| 167 | - connman_get_services_async(proxy, manager_services, store); | ||
| 168 | + net_connman_get_services_async(proxy, manager_services, store); | ||
| 169 | |||
| 170 | return proxy; | ||
| 171 | } | ||
| 172 | diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml | ||
| 173 | index 56b9582..0199d52 100644 | ||
| 174 | --- a/common/connman-dbus.xml | ||
| 175 | +++ b/common/connman-dbus.xml | ||
| 176 | @@ -1,7 +1,7 @@ | ||
| 177 | <?xml version="1.0" encoding="UTF-8" ?> | ||
| 178 | |||
| 179 | <node name="/"> | ||
| 180 | - <interface name="connman"> | ||
| 181 | + <interface name="net.connman"> | ||
| 182 | <method name="GetProperties"> | ||
| 183 | <arg type="a{sv}" direction="out"/> | ||
| 184 | </method> | ||
| 185 | -- | ||
| 186 | 1.9.1 | ||
| 187 | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png deleted file mode 100644 index 33247c1e2d..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png deleted file mode 100644 index a94fb952ff..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png deleted file mode 100644 index b5eb405a90..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png deleted file mode 100644 index be54419fa7..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png deleted file mode 100644 index 1c40ac9a10..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch deleted file mode 100644 index 0421cda0b2..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | In networks that don't have a DHCP server configured, ipv4 address | ||
| 2 | allocation fails and the ipv4 structure doesn't get populated. When | ||
| 3 | the GUI is trying to read the ipv4_config.method field to see whether | ||
| 4 | it contains "dhcp" string, a segmentation fault is generated. | ||
| 5 | |||
| 6 | Ethernet manual configuration behavior remains unchanged after this fix. | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | |||
| 10 | Signed-off-by: Emilia Ciobanu <emilia.maria.silvia.ciobanu@intel.com> | ||
| 11 | Index: git/properties/ethernet.c | ||
| 12 | =================================================================== | ||
| 13 | --- git.orig/properties/ethernet.c | ||
| 14 | +++ git/properties/ethernet.c | ||
| 15 | @@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai | ||
| 16 | |||
| 17 | data->button = button; | ||
| 18 | |||
| 19 | - if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) | ||
| 20 | + if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) | ||
| 21 | update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP); | ||
| 22 | else | ||
| 23 | update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL); | ||
| 24 | Index: git/properties/wifi.c | ||
| 25 | =================================================================== | ||
| 26 | --- git.orig/properties/wifi.c | ||
| 27 | +++ git/properties/wifi.c | ||
| 28 | @@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab | ||
| 29 | |||
| 30 | data->ipv4_config = ipv4_config; | ||
| 31 | |||
| 32 | - if (g_str_equal(ipv4_config.method, "dhcp") == TRUE) | ||
| 33 | + if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE) | ||
| 34 | update_wifi_ipv4(data, CONNMAN_POLICY_DHCP); | ||
| 35 | else | ||
| 36 | update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL); | ||
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb deleted file mode 100644 index 8bfc1540b3..0000000000 --- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb +++ /dev/null | |||
| @@ -1,32 +0,0 @@ | |||
| 1 | SUMMARY = "GTK+ frontend for the ConnMan network connection manager" | ||
| 2 | HOMEPAGE = "http://connman.net/" | ||
| 3 | SECTION = "libs/network" | ||
| 4 | LICENSE = "GPL-2.0-only & LGPL-2.1-only" | ||
| 5 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | ||
| 6 | file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \ | ||
| 7 | file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a" | ||
| 8 | |||
| 9 | DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native" | ||
| 10 | |||
| 11 | # 0.7 tag | ||
| 12 | SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143" | ||
| 13 | SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \ | ||
| 14 | file://0001-Removed-icon-from-connman-gnome-about-applet.patch \ | ||
| 15 | file://null_check_for_ipv4_config.patch \ | ||
| 16 | file://images/ \ | ||
| 17 | file://connman-gnome-fix-dbus-interface-name.patch \ | ||
| 18 | file://0001-Port-to-Gtk3.patch \ | ||
| 19 | " | ||
| 20 | |||
| 21 | inherit autotools-brokensep gtk-icon-cache pkgconfig features_check | ||
| 22 | ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" | ||
| 23 | |||
| 24 | RDEPENDS:${PN} = "connman" | ||
| 25 | |||
| 26 | do_install:append() { | ||
| 27 | install -m 0644 ${UNPACKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/ | ||
| 28 | } | ||
| 29 | |||
| 30 | # http://errors.yoctoproject.org/Errors/Details/766926/ | ||
| 31 | # connman-client.c:200:15: error: assignment to 'GtkTreeModel *' {aka 'struct _GtkTreeModel *'} from incompatible pointer type 'GtkTreeStore *' {aka 'struct _GtkTreeStore *'} [-Wincompatible-pointer-types] | ||
| 32 | CFLAGS += "-Wno-error=incompatible-pointer-types" | ||
diff --git a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch b/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch deleted file mode 100755 index 3b7b5a096e..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch +++ /dev/null | |||
| @@ -1,50 +0,0 @@ | |||
| 1 | From eac489c872c775c88bbd85b4cec6c1d47ad9e6a6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Peter Tatrai <peter.tatrai.ext@siemens.com> | ||
| 3 | Date: Sun, 7 Sep 2025 09:25:20 +0200 | ||
| 4 | Subject: [PATCH] connman, vpn: avoid hiding implementation-reserved symbols | ||
| 5 | |||
| 6 | When using 'local: *;' in the version script, all symbols, including those | ||
| 7 | reserved for the implementation (such as _IO_stdin_used), are hidden. This | ||
| 8 | causes glibc's libio to misdetect the libc version, leading to a crash when | ||
| 9 | glibc prints to stdout (e.g., with connmand --help) on PowerPC. | ||
| 10 | |||
| 11 | Change 'local: *;' to 'local: [!_]*;' to avoid hiding symbols starting with an | ||
| 12 | underscore, as recommended in glibc bug 17908 | ||
| 13 | (https://sourceware.org/bugzilla/show_bug.cgi?id=17908). This ensures libio can | ||
| 14 | correctly detect the libc version and prevents the crash. | ||
| 15 | |||
| 16 | Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=17908 | ||
| 17 | |||
| 18 | Upstream-Status: Submitted [https://lore.kernel.org/connman/20250907081844.1558-1-peter.tatrai.ext@siemens.com/] | ||
| 19 | |||
| 20 | Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> | ||
| 21 | --- | ||
| 22 | src/connman.ver | 2 +- | ||
| 23 | vpn/vpn.ver | 2 +- | ||
| 24 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 25 | |||
| 26 | diff --git a/src/connman.ver b/src/connman.ver | ||
| 27 | index 03a0eec..b75e90d 100644 | ||
| 28 | --- a/src/connman.ver | ||
| 29 | +++ b/src/connman.ver | ||
| 30 | @@ -3,5 +3,5 @@ | ||
| 31 | connman_*; | ||
| 32 | g_dbus_*; | ||
| 33 | local: | ||
| 34 | - *; | ||
| 35 | + [!_]*; | ||
| 36 | }; | ||
| 37 | diff --git a/vpn/vpn.ver b/vpn/vpn.ver | ||
| 38 | index b887706..5cad344 100644 | ||
| 39 | --- a/vpn/vpn.ver | ||
| 40 | +++ b/vpn/vpn.ver | ||
| 41 | @@ -4,5 +4,5 @@ | ||
| 42 | vpn_*; | ||
| 43 | g_dbus_*; | ||
| 44 | local: | ||
| 45 | - *; | ||
| 46 | + [!_]*; | ||
| 47 | }; | ||
| 48 | -- | ||
| 49 | 2.47.2 | ||
| 50 | |||
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch deleted file mode 100644 index 2c612039ee..0000000000 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ /dev/null | |||
| @@ -1,85 +0,0 @@ | |||
| 1 | From 4e726a5aaa75d60fab6a56bc37dbec48be53ff79 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Mon, 6 Apr 2015 23:02:21 -0700 | ||
| 4 | Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to | ||
| 5 | __RES | ||
| 6 | |||
| 7 | Not all libc implementation have those functions, and the way to determine | ||
| 8 | if they do is to check __RES which is explained in resolv.h thusly: | ||
| 9 | |||
| 10 | /* | ||
| 11 | * Revision information. This is the release date in YYYYMMDD format. | ||
| 12 | * It can change every day so the right thing to do with it is use it | ||
| 13 | * in preprocessor commands such as "#if (__RES > 19931104)". Do not | ||
| 14 | * compare for equality; rather, use it to determine whether your resolver | ||
| 15 | * is new enough to contain a certain feature. | ||
| 16 | */ | ||
| 17 | |||
| 18 | Indeed, it needs to be at least 19991006. | ||
| 19 | |||
| 20 | The portion of the patch that implements a fallback is ported from | ||
| 21 | Alpine Linux: | ||
| 22 | http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch | ||
| 23 | |||
| 24 | Upstream-Status: Submitted [to connman@lists.linux.dev,marcel@holtmann.org] | ||
| 25 | |||
| 26 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 27 | --- | ||
| 28 | gweb/gresolv.c | 21 +++++++++++++++++++++ | ||
| 29 | 1 file changed, 21 insertions(+) | ||
| 30 | |||
| 31 | diff --git a/gweb/gresolv.c b/gweb/gresolv.c | ||
| 32 | index 8101d71..9f1477c 100644 | ||
| 33 | --- a/gweb/gresolv.c | ||
| 34 | +++ b/gweb/gresolv.c | ||
| 35 | @@ -879,7 +879,9 @@ GResolv *g_resolv_new(int index) | ||
| 36 | resolv->index = index; | ||
| 37 | resolv->nameserver_list = NULL; | ||
| 38 | |||
| 39 | +#if (__RES >= 19991006) | ||
| 40 | res_ninit(&resolv->res); | ||
| 41 | +#endif | ||
| 42 | |||
| 43 | return resolv; | ||
| 44 | } | ||
| 45 | @@ -920,7 +922,9 @@ void g_resolv_unref(GResolv *resolv) | ||
| 46 | |||
| 47 | flush_nameservers(resolv); | ||
| 48 | |||
| 49 | +#if (__RES >= 19991006) | ||
| 50 | res_nclose(&resolv->res); | ||
| 51 | +#endif | ||
| 52 | |||
| 53 | g_free(resolv); | ||
| 54 | } | ||
| 55 | @@ -1024,6 +1028,7 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, | ||
| 56 | debug(resolv, "hostname %s", hostname); | ||
| 57 | |||
| 58 | if (!resolv->nameserver_list) { | ||
| 59 | +#if (__RES >= 19991006) | ||
| 60 | int i; | ||
| 61 | |||
| 62 | for (i = 0; i < resolv->res.nscount; i++) { | ||
| 63 | @@ -1043,6 +1048,22 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, | ||
| 64 | if (inet_ntop(family, sa_addr, buf, sizeof(buf))) | ||
| 65 | g_resolv_add_nameserver(resolv, buf, 53, 0); | ||
| 66 | } | ||
| 67 | +#else | ||
| 68 | + FILE *f = fopen("/etc/resolv.conf", "r"); | ||
| 69 | + if (f) { | ||
| 70 | + char line[256], *s; | ||
| 71 | + int i; | ||
| 72 | + while (fgets(line, sizeof(line), f)) { | ||
| 73 | + if (strncmp(line, "nameserver", 10) || !isspace(line[10])) | ||
| 74 | + continue; | ||
| 75 | + for (s = &line[11]; isspace(s[0]); s++); | ||
| 76 | + for (i = 0; s[i] && !isspace(s[i]); i++); | ||
| 77 | + s[i] = 0; | ||
| 78 | + g_resolv_add_nameserver(resolv, s, 53, 0); | ||
| 79 | + } | ||
| 80 | + fclose(f); | ||
| 81 | + } | ||
| 82 | +#endif | ||
| 83 | |||
| 84 | if (!resolv->nameserver_list) | ||
| 85 | g_resolv_add_nameserver(resolv, "127.0.0.1", 53, 0); | ||
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman deleted file mode 100644 index adb5d44fed..0000000000 --- a/meta/recipes-connectivity/connman/connman/connman +++ /dev/null | |||
| @@ -1,45 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | DAEMON=/usr/sbin/connmand | ||
| 4 | PIDFILE=/var/run/connmand.pid | ||
| 5 | DESC="Connection Manager" | ||
| 6 | |||
| 7 | if [ -f /etc/default/connman ] ; then | ||
| 8 | . /etc/default/connman | ||
| 9 | fi | ||
| 10 | |||
| 11 | set -e | ||
| 12 | |||
| 13 | do_start() { | ||
| 14 | if [ -f @DATADIR@/connman/wired-setup ] ; then | ||
| 15 | . @DATADIR@/connman/wired-setup | ||
| 16 | fi | ||
| 17 | $DAEMON | ||
| 18 | } | ||
| 19 | |||
| 20 | do_stop() { | ||
| 21 | start-stop-daemon --stop --oknodo --name connmand --quiet | ||
| 22 | } | ||
| 23 | |||
| 24 | case "$1" in | ||
| 25 | start) | ||
| 26 | echo "Starting $DESC" | ||
| 27 | do_start | ||
| 28 | ;; | ||
| 29 | stop) | ||
| 30 | echo "Stopping $DESC" | ||
| 31 | do_stop | ||
| 32 | ;; | ||
| 33 | restart|force-reload) | ||
| 34 | echo "Restarting $DESC" | ||
| 35 | do_stop | ||
| 36 | sleep 1 | ||
| 37 | do_start | ||
| 38 | ;; | ||
| 39 | *) | ||
| 40 | echo "Usage: $0 {start|stop|restart|force-reload}" >&2 | ||
| 41 | exit 1 | ||
| 42 | ;; | ||
| 43 | esac | ||
| 44 | |||
| 45 | exit 0 | ||
diff --git a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/meta/recipes-connectivity/connman/connman/no-version-scripts.patch deleted file mode 100644 index c96ab311e5..0000000000 --- a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | From 67f37aafcc8ef5d2eb006387e7bec21f74518727 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Ross Burton <ross.burton@intel.com> | ||
| 3 | Date: Tue, 9 Aug 2016 12:12:02 +0100 | ||
| 4 | Subject: [PATCH] connman: disable version-scripts to fix crashes at startup | ||
| 5 | |||
| 6 | With binutils 2.27 on at least PowerPC, connmand will crash on `connmand --help`. | ||
| 7 | This appears to be due to the symbol visibilty scripts hiding symbols that stdio | ||
| 8 | looks up at runtime, resulting in it segfaulting. | ||
| 9 | |||
| 10 | This certainly appears to be a bug in binutils 2.27 although the problem has | ||
| 11 | been known about for some time: | ||
| 12 | |||
| 13 | https://sourceware.org/bugzilla/show_bug.cgi?id=17908 | ||
| 14 | |||
| 15 | As the version scripts are only used to hide symbols from plugins we can safely | ||
| 16 | remove the scripts to work around the problem until binutils is fixed. | ||
| 17 | |||
| 18 | Upstream-Status: Inappropriate | ||
| 19 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 20 | Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com> | ||
| 21 | --- | ||
| 22 | Makefile.am | 6 ++---- | ||
| 23 | 1 file changed, 2 insertions(+), 4 deletions(-) | ||
| 24 | |||
| 25 | diff --git a/Makefile.am b/Makefile.am | ||
| 26 | index 3dc3bb5..3be5ccb 100644 | ||
| 27 | --- a/Makefile.am | ||
| 28 | +++ b/Makefile.am | ||
| 29 | @@ -143,8 +143,7 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \ | ||
| 30 | @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \ | ||
| 31 | -lresolv -ldl -lrt | ||
| 32 | |||
| 33 | -src_connmand_LDFLAGS = -Wl,--export-dynamic \ | ||
| 34 | - -Wl,--version-script=$(srcdir)/src/connman.ver | ||
| 35 | +src_connmand_LDFLAGS = -Wl,--export-dynamic | ||
| 36 | |||
| 37 | src_connmand_wait_online_SOURCES = src/connmand-wait-online.c | ||
| 38 | |||
| 39 | @@ -187,8 +186,7 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \ | ||
| 40 | @GIO_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @GNUTLS_LIBS@ \ | ||
| 41 | -lresolv -ldl | ||
| 42 | |||
| 43 | -vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \ | ||
| 44 | - -Wl,--version-script=$(srcdir)/vpn/vpn.ver | ||
| 45 | +vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic | ||
| 46 | endif | ||
| 47 | |||
| 48 | BUILT_SOURCES = $(local_headers) src/builtin.h $(service_files) \ | ||
diff --git a/meta/recipes-connectivity/connman/connman_1.45.bb b/meta/recipes-connectivity/connman/connman_1.45.bb deleted file mode 100644 index ca0337b4d3..0000000000 --- a/meta/recipes-connectivity/connman/connman_1.45.bb +++ /dev/null | |||
| @@ -1,237 +0,0 @@ | |||
| 1 | SUMMARY = "A daemon for managing internet connections within embedded devices" | ||
| 2 | DESCRIPTION = "The ConnMan project provides a daemon for managing \ | ||
| 3 | internet connections within embedded devices running the Linux \ | ||
| 4 | operating system. The Connection Manager is designed to be slim and \ | ||
| 5 | to use as few resources as possible, so it can be easily integrated. \ | ||
| 6 | It is a fully modular system that can be extended, through plug-ins, \ | ||
| 7 | to support all kinds of wired or wireless technologies. Also, \ | ||
| 8 | configuration methods, like DHCP and domain name resolving, are \ | ||
| 9 | implemented using plug-ins." | ||
| 10 | HOMEPAGE = "https://web.git.kernel.org/pub/scm/network/connman/connman.git/about/" | ||
| 11 | LICENSE = "GPL-2.0-only" | ||
| 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | ||
| 13 | file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36" | ||
| 14 | |||
| 15 | inherit autotools pkgconfig systemd update-rc.d update-alternatives | ||
| 16 | |||
| 17 | CVE_PRODUCT = "connman connection_manager" | ||
| 18 | |||
| 19 | DEPENDS = "dbus glib-2.0" | ||
| 20 | |||
| 21 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | ||
| 22 | file://connman \ | ||
| 23 | file://no-version-scripts.patch \ | ||
| 24 | file://0001-connman-vpn-avoid-hiding-implementation-reserved-sym.patch \ | ||
| 25 | file://0002-resolve-musl-does-not-implement-res_ninit.patch \ | ||
| 26 | " | ||
| 27 | |||
| 28 | SRC_URI[sha256sum] = "77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913" | ||
| 29 | |||
| 30 | RRECOMMENDS:${PN} = "connman-conf" | ||
| 31 | RCONFLICTS:${PN} = "networkmanager" | ||
| 32 | |||
| 33 | EXTRA_OECONF += "\ | ||
| 34 | ac_cv_path_IP6TABLES_SAVE=${sbindir}/ip6tables-save \ | ||
| 35 | ac_cv_path_IPTABLES_SAVE=${sbindir}/iptables-save \ | ||
| 36 | ac_cv_path_PPPD=${sbindir}/pppd \ | ||
| 37 | ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \ | ||
| 38 | --enable-debug \ | ||
| 39 | --enable-loopback \ | ||
| 40 | --enable-ethernet \ | ||
| 41 | --enable-tools \ | ||
| 42 | --disable-polkit \ | ||
| 43 | --runstatedir='${runtimedir}' \ | ||
| 44 | --with-dns-backend='${@bb.utils.contains("DISTRO_FEATURES", "systemd-resolved", "systemd-resolved", "internal", d)}' \ | ||
| 45 | " | ||
| 46 | # For smooth operation it would be best to start only one wireless daemon at a time. | ||
| 47 | # If wpa-supplicant is running, connman will use it preferentially. | ||
| 48 | # Select either wpa-supplicant or iwd | ||
| 49 | WIRELESS_DAEMON ??= "wpa-supplicant" | ||
| 50 | |||
| 51 | PACKAGECONFIG ??= "wispr iptables client\ | ||
| 52 | ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd', d)} \ | ||
| 53 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ | ||
| 54 | ${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'wifi ${WIRELESS_DAEMON}', '', d)} \ | ||
| 55 | " | ||
| 56 | |||
| 57 | # If you want ConnMan to support VPN, add following statement into | ||
| 58 | # local.conf or distro config | ||
| 59 | # PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp" | ||
| 60 | |||
| 61 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''" | ||
| 62 | PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi" | ||
| 63 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5" | ||
| 64 | PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono" | ||
| 65 | PACKAGECONFIG[wpa-supplicant] = ",,wpa-supplicant,wpa-supplicant" | ||
| 66 | PACKAGECONFIG[iwd] = "--enable-iwd,--disable-iwd,,iwd" | ||
| 67 | PACKAGECONFIG[tist] = "--enable-tist,--disable-tist," | ||
| 68 | PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn" | ||
| 69 | PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc" | ||
| 70 | PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,ppp,xl2tpd" | ||
| 71 | PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,ppp,pptp-linux" | ||
| 72 | # WISPr support for logging into hotspots, requires TLS | ||
| 73 | PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls," | ||
| 74 | PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat,iptables" | ||
| 75 | PACKAGECONFIG[iptables] = "--with-firewall=iptables,,iptables,,,nftables" | ||
| 76 | PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard" | ||
| 77 | PACKAGECONFIG[client] = "--enable-client,--disable-client,readline" | ||
| 78 | PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl" | ||
| 79 | |||
| 80 | INITSCRIPT_NAME = "connman" | ||
| 81 | INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ." | ||
| 82 | |||
| 83 | python __anonymous () { | ||
| 84 | systemd_packages = "${PN} ${PN}-wait-online" | ||
| 85 | pkgconfig = d.getVar('PACKAGECONFIG') | ||
| 86 | if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split(): | ||
| 87 | systemd_packages += " ${PN}-vpn" | ||
| 88 | d.setVar('SYSTEMD_PACKAGES', systemd_packages) | ||
| 89 | } | ||
| 90 | |||
| 91 | SYSTEMD_SERVICE:${PN} = "connman.service" | ||
| 92 | SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service" | ||
| 93 | SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service" | ||
| 94 | |||
| 95 | ALTERNATIVE_PRIORITY = "${@bb.utils.contains('DISTRO_FEATURES','systemd-resolved','10','100',d)}" | ||
| 96 | ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}" | ||
| 97 | ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}" | ||
| 98 | ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}" | ||
| 99 | |||
| 100 | do_install:append() { | ||
| 101 | if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then | ||
| 102 | install -d ${D}${sysconfdir}/init.d | ||
| 103 | install -m 0755 ${UNPACKDIR}/connman ${D}${sysconfdir}/init.d/connman | ||
| 104 | sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman | ||
| 105 | fi | ||
| 106 | |||
| 107 | install -d ${D}${bindir} | ||
| 108 | install -m 0755 ${B}/tools/*-test ${D}${bindir} | ||
| 109 | if [ -e ${B}/tools/wispr ]; then | ||
| 110 | install -m 0755 ${B}/tools/wispr ${D}${bindir} | ||
| 111 | fi | ||
| 112 | |||
| 113 | # We don't need to package an empty directory | ||
| 114 | rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts | ||
| 115 | |||
| 116 | # Automake 1.12 won't install empty directories, but we need the | ||
| 117 | # plugins directory to be present for ownership | ||
| 118 | mkdir -p ${D}${libdir}/connman/plugins | ||
| 119 | |||
| 120 | # For read-only filesystem, do not create links during bootup | ||
| 121 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | ||
| 122 | install -d ${D}${sysconfdir} | ||
| 123 | ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman | ||
| 124 | fi | ||
| 125 | } | ||
| 126 | |||
| 127 | # These used to be plugins, but now they are core | ||
| 128 | RPROVIDES:${PN} = "\ | ||
| 129 | connman-plugin-loopback \ | ||
| 130 | connman-plugin-ethernet \ | ||
| 131 | ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \ | ||
| 132 | ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \ | ||
| 133 | ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \ | ||
| 134 | " | ||
| 135 | |||
| 136 | PACKAGES_DYNAMIC += "^${PN}-plugin-.*" | ||
| 137 | |||
| 138 | def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip): | ||
| 139 | plugintype = pkg.split( '-' )[-1] | ||
| 140 | if plugintype in depmap: | ||
| 141 | rdepends = map(lambda x: multilib_prefix + x, \ | ||
| 142 | depmap[plugintype].split()) | ||
| 143 | d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends)) | ||
| 144 | if add_insane_skip: | ||
| 145 | d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so") | ||
| 146 | |||
| 147 | python populate_packages:prepend() { | ||
| 148 | depmap = dict(pppd="ppp") | ||
| 149 | multilib_prefix = (d.getVar("MLPREFIX") or "") | ||
| 150 | |||
| 151 | hook = lambda file,pkg,x,y,z: \ | ||
| 152 | add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False) | ||
| 153 | plugin_dir = d.expand('${libdir}/connman/plugins/') | ||
| 154 | plugin_name = d.expand('${PN}-plugin-%s') | ||
| 155 | do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ | ||
| 156 | '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True ) | ||
| 157 | |||
| 158 | hook = lambda file,pkg,x,y,z: \ | ||
| 159 | add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True) | ||
| 160 | plugin_dir = d.expand('${libdir}/connman/plugins-vpn/') | ||
| 161 | plugin_name = d.expand('${PN}-plugin-vpn-%s') | ||
| 162 | do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \ | ||
| 163 | '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True ) | ||
| 164 | } | ||
| 165 | |||
| 166 | PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client" | ||
| 167 | |||
| 168 | FILES:${PN}-tools = "${bindir}/wispr" | ||
| 169 | RDEPENDS:${PN}-tools = "${PN}" | ||
| 170 | |||
| 171 | FILES:${PN}-tests = "${bindir}/*-test" | ||
| 172 | RDEPENDS:${PN}-tests = "${@bb.utils.contains('PACKAGECONFIG', 'iptables', 'iptables', '', d)}" | ||
| 173 | |||
| 174 | FILES:${PN}-client = "${bindir}/connmanctl" | ||
| 175 | RDEPENDS:${PN}-client = "${PN}" | ||
| 176 | |||
| 177 | FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \ | ||
| 178 | ${libdir}/connman/plugins \ | ||
| 179 | ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \ | ||
| 180 | ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \ | ||
| 181 | ${datadir}/dbus-1/system-services/* \ | ||
| 182 | ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf" | ||
| 183 | |||
| 184 | FILES:${PN}-dev += "${libdir}/connman/*/*.la" | ||
| 185 | |||
| 186 | PACKAGES =+ "${PN}-vpn ${PN}-wait-online" | ||
| 187 | |||
| 188 | SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices" | ||
| 189 | DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \ | ||
| 190 | managing VPN connections within embedded devices running the Linux \ | ||
| 191 | operating system. The connman-vpnd handles all the VPN connections \ | ||
| 192 | and starts/stops VPN client processes when necessary. The connman-vpnd \ | ||
| 193 | provides a DBus API for managing VPN connections. All the different \ | ||
| 194 | VPN technogies are implemented using plug-ins." | ||
| 195 | FILES:${PN}-vpn += "${sbindir}/connman-vpnd \ | ||
| 196 | ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \ | ||
| 197 | ${datadir}/dbus-1/system-services/net.connman.vpn.service \ | ||
| 198 | ${systemd_system_unitdir}/connman-vpn.service" | ||
| 199 | |||
| 200 | SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network" | ||
| 201 | DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \ | ||
| 202 | the system waits until a network connection is established." | ||
| 203 | FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \ | ||
| 204 | ${systemd_system_unitdir}/connman-wait-online.service" | ||
| 205 | |||
| 206 | SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN" | ||
| 207 | DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \ | ||
| 208 | to create a VPN connection to OpenVPN server." | ||
| 209 | FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \ | ||
| 210 | ${libdir}/connman/plugins-vpn/openvpn.so" | ||
| 211 | RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn" | ||
| 212 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}" | ||
| 213 | |||
| 214 | SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN" | ||
| 215 | DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \ | ||
| 216 | to create a VPN connection to Cisco3000 VPN Concentrator." | ||
| 217 | FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \ | ||
| 218 | ${libdir}/connman/plugins-vpn/vpnc.so \ | ||
| 219 | ${libdir}/connman/scripts/vpn-script" | ||
| 220 | RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn" | ||
| 221 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}" | ||
| 222 | |||
| 223 | SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN" | ||
| 224 | DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \ | ||
| 225 | to create a VPN connection to L2TP server." | ||
| 226 | FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \ | ||
| 227 | ${libdir}/connman/plugins-vpn/l2tp.so" | ||
| 228 | RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn" | ||
| 229 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}" | ||
| 230 | |||
| 231 | SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN" | ||
| 232 | DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \ | ||
| 233 | to create a VPN connection to PPTP server." | ||
| 234 | FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \ | ||
| 235 | ${libdir}/connman/plugins-vpn/pptp.so" | ||
| 236 | RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn" | ||
| 237 | RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}" | ||
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb deleted file mode 100644 index bfb24aa58c..0000000000 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.2.4.bb +++ /dev/null | |||
| @@ -1,67 +0,0 @@ | |||
| 1 | SECTION = "console/network" | ||
| 2 | SUMMARY = "dhcpcd - a DHCP client" | ||
| 3 | DESCRIPTION = "dhcpcd runs on your machine and silently configures your \ | ||
| 4 | computer to work on the attached networks without trouble \ | ||
| 5 | and mostly without configuration." | ||
| 6 | |||
| 7 | HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" | ||
| 8 | |||
| 9 | LICENSE = "BSD-2-Clause" | ||
| 10 | LIC_FILES_CHKSUM = "file://LICENSE;md5=4dda5beb433a809f2e0aeffbf9da3d91" | ||
| 11 | |||
| 12 | SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=master \ | ||
| 13 | file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ | ||
| 14 | file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ | ||
| 15 | file://dhcpcd.service \ | ||
| 16 | file://dhcpcd@.service \ | ||
| 17 | file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ | ||
| 18 | " | ||
| 19 | |||
| 20 | SRCREV = "93df2b254caf9639f9ffb66e0fe2b584eeba6220" | ||
| 21 | |||
| 22 | # Doesn't use automake so we can't do out-of-tree builds | ||
| 23 | inherit pkgconfig autotools-brokensep systemd useradd | ||
| 24 | |||
| 25 | SYSTEMD_SERVICE:${PN} = "dhcpcd.service" | ||
| 26 | |||
| 27 | PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" | ||
| 28 | |||
| 29 | PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev" | ||
| 30 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6" | ||
| 31 | # ntp conflicts with chrony | ||
| 32 | PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp" | ||
| 33 | PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony" | ||
| 34 | PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt" | ||
| 35 | |||
| 36 | # add option to override DBDIR location | ||
| 37 | DBDIR ?= "${localstatedir}/lib/${BPN}" | ||
| 38 | |||
| 39 | EXTRA_OECONF = "--enable-ipv4 \ | ||
| 40 | --dbdir=${DBDIR} \ | ||
| 41 | --sbindir=${base_sbindir} \ | ||
| 42 | --runstatedir=/run \ | ||
| 43 | --enable-privsep \ | ||
| 44 | --privsepuser=dhcpcd \ | ||
| 45 | --with-hooks \ | ||
| 46 | --with-eghooks \ | ||
| 47 | " | ||
| 48 | |||
| 49 | USERADD_PACKAGES = "${PN}" | ||
| 50 | USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd" | ||
| 51 | |||
| 52 | # This isn't autoconf but is instead a configure script that tries to look like | ||
| 53 | # autoconf, so just run it directly. | ||
| 54 | do_configure() { | ||
| 55 | oe_runconf | ||
| 56 | } | ||
| 57 | |||
| 58 | do_install:append () { | ||
| 59 | # install systemd unit files | ||
| 60 | install -d ${D}${systemd_system_unitdir} | ||
| 61 | install -m 0644 ${UNPACKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir} | ||
| 62 | |||
| 63 | chmod 700 ${D}${DBDIR} | ||
| 64 | chown dhcpcd:dhcpcd ${D}${DBDIR} | ||
| 65 | } | ||
| 66 | |||
| 67 | FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug" | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch b/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch deleted file mode 100644 index 512e33aebf..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch +++ /dev/null | |||
| @@ -1,79 +0,0 @@ | |||
| 1 | From d1581ce103db0a5db0b1761907fff9ddd6b55a8a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
| 3 | Date: Wed, 9 Nov 2022 16:33:18 +0800 | ||
| 4 | Subject: [PATCH] 20-resolv.conf: improve the sitation of working with systemd | ||
| 5 | |||
| 6 | systemd's resolvconf implementation ignores the protocol part. | ||
| 7 | See https://github.com/systemd/systemd/issues/25032. | ||
| 8 | |||
| 9 | When using 'dhcp server + dns server + dhcpcd + systemd', we | ||
| 10 | get an integration issue, that is dhcpcd runs 'resolvconf -d eth0.ra', | ||
| 11 | yet systemd's resolvconf treats it as eth0. This will delete the | ||
| 12 | DNS information set by 'resolvconf -a eth0.dhcp'. | ||
| 13 | |||
| 14 | Fortunately, 20-resolv.conf has the ability to build the resolv.conf | ||
| 15 | file contents itself. We can just pass the generated contents to | ||
| 16 | systemd's resolvconf. This way, the DNS information is not incorrectly | ||
| 17 | deleted. Also, it does not cause behavior regression for dhcpcd | ||
| 18 | in other cases. | ||
| 19 | |||
| 20 | Upstream-Status: Inappropriate [OE Specific] | ||
| 21 | This patch has been rejected by dhcpcd upstream. | ||
| 22 | See details in https://github.com/NetworkConfiguration/dhcpcd/pull/152 | ||
| 23 | |||
| 24 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 25 | --- | ||
| 26 | hooks/20-resolv.conf | 17 +++++++++++++---- | ||
| 27 | 1 file changed, 13 insertions(+), 4 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/hooks/20-resolv.conf b/hooks/20-resolv.conf | ||
| 30 | index bd0b0df5..9c7721de 100644 | ||
| 31 | --- a/hooks/20-resolv.conf | ||
| 32 | +++ b/hooks/20-resolv.conf | ||
| 33 | @@ -11,8 +11,12 @@ nocarrier_roaming_dir="$state_dir/roaming" | ||
| 34 | NL=" | ||
| 35 | " | ||
| 36 | : ${resolvconf:=resolvconf} | ||
| 37 | +resolvconf_from_systemd=false | ||
| 38 | if command -v "$resolvconf" >/dev/null 2>&1; then | ||
| 39 | have_resolvconf=true | ||
| 40 | + if [ $(basename $(readlink -f $(which $resolvconf))) = resolvectl ]; then | ||
| 41 | + resolvconf_from_systemd=true | ||
| 42 | + fi | ||
| 43 | else | ||
| 44 | have_resolvconf=false | ||
| 45 | fi | ||
| 46 | @@ -69,8 +73,13 @@ build_resolv_conf() | ||
| 47 | else | ||
| 48 | echo "# /etc/resolv.conf.tail can replace this line" >> "$cf" | ||
| 49 | fi | ||
| 50 | - if change_file /etc/resolv.conf "$cf"; then | ||
| 51 | - chmod 644 /etc/resolv.conf | ||
| 52 | + if $resolvconf_from_systemd; then | ||
| 53 | + [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" | ||
| 54 | + "$resolvconf" -a "$ifname" <"$cf" | ||
| 55 | + else | ||
| 56 | + if change_file /etc/resolv.conf "$cf"; then | ||
| 57 | + chmod 644 /etc/resolv.conf | ||
| 58 | + fi | ||
| 59 | fi | ||
| 60 | rm -f "$cf" | ||
| 61 | } | ||
| 62 | @@ -179,7 +188,7 @@ add_resolv_conf() | ||
| 63 | for x in ${new_domain_name_servers}; do | ||
| 64 | conf="${conf}nameserver $x$NL" | ||
| 65 | done | ||
| 66 | - if $have_resolvconf; then | ||
| 67 | + if $have_resolvconf && ! $resolvconf_from_systemd; then | ||
| 68 | [ -n "$ifmetric" ] && export IF_METRIC="$ifmetric" | ||
| 69 | printf %s "$conf" | "$resolvconf" -a "$ifname" | ||
| 70 | return $? | ||
| 71 | @@ -195,7 +204,7 @@ add_resolv_conf() | ||
| 72 | |||
| 73 | remove_resolv_conf() | ||
| 74 | { | ||
| 75 | - if $have_resolvconf; then | ||
| 76 | + if $have_resolvconf && ($if_down || ! $resolvconf_from_systemd); then | ||
| 77 | "$resolvconf" -d "$ifname" -f | ||
| 78 | else | ||
| 79 | if [ -e "$resolv_conf_dir/$ifname" ]; then | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch b/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch deleted file mode 100644 index 484b84f94a..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch +++ /dev/null | |||
| @@ -1,43 +0,0 @@ | |||
| 1 | From e9b1376c59b15e7b03611429187d9d89167154b5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Lei Maohui <leimaohui@fujitsu.com> | ||
| 3 | Date: Fri, 10 Mar 2023 03:48:46 +0000 | ||
| 4 | Subject: [PATCH] dhcpcd.8: Fix conflict error when enable multilib. | ||
| 5 | |||
| 6 | Error: Transaction test error: | ||
| 7 | file /usr/share/man/man8/dhcpcd.8 conflicts between attempted | ||
| 8 | installs of dhcpcd-doc-9.4.1-r0.cortexa57 and | ||
| 9 | lib32-dhcpcd-doc-9.4.1-r0.armv7ahf_neon | ||
| 10 | |||
| 11 | The differences between the two files are as follows: | ||
| 12 | @@ -821,7 +821,7 @@ | ||
| 13 | If you always use the same options, put them here. | ||
| 14 | .It Pa /usr/libexec/dhcpcd-run-hooks | ||
| 15 | Bourne shell script that is run to configure or de-configure an interface. | ||
| 16 | -.It Pa /usr/lib64/dhcpcd/dev | ||
| 17 | +.It Pa /usr/lib/dhcpcd/dev | ||
| 18 | Linux | ||
| 19 | .Pa /dev | ||
| 20 | management modules. | ||
| 21 | |||
| 22 | It is just a man file, there is no necessary to manage multiple | ||
| 23 | versions. | ||
| 24 | |||
| 25 | Upstream-Status: Inappropriate [oe specific] | ||
| 26 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | ||
| 27 | --- | ||
| 28 | src/dhcpcd.8.in | 2 +- | ||
| 29 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 30 | |||
| 31 | diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in | ||
| 32 | index 91fdde2c..b467dc3b 100644 | ||
| 33 | --- a/src/dhcpcd.8.in | ||
| 34 | +++ b/src/dhcpcd.8.in | ||
| 35 | @@ -826,7 +826,7 @@ Configuration file for dhcpcd. | ||
| 36 | If you always use the same options, put them here. | ||
| 37 | .It Pa @SCRIPT@ | ||
| 38 | Bourne shell script that is run to configure or de-configure an interface. | ||
| 39 | -.It Pa @LIBDIR@/dhcpcd/dev | ||
| 40 | +.It Pa /usr/<libdir>/dhcpcd/dev | ||
| 41 | Linux | ||
| 42 | .Pa /dev | ||
| 43 | management modules. | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch deleted file mode 100644 index fd3fae7e7e..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | From c2ebc32112e0cd29390b4dc951b65efae36d607b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Stefano Cappa <stefano.cappa.ks89@gmail.com> | ||
| 3 | Date: Sun, 13 Jan 2019 01:50:52 +0100 | ||
| 4 | Subject: [PATCH] remove INCLUDEDIR to prevent build issues | ||
| 5 | |||
| 6 | Upstream-Status: Pending | ||
| 7 | |||
| 8 | Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com> | ||
| 9 | --- | ||
| 10 | configure | 5 ----- | ||
| 11 | 1 file changed, 5 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/configure b/configure | ||
| 14 | index a60da137..3673de8b 100755 | ||
| 15 | --- a/configure | ||
| 16 | +++ b/configure | ||
| 17 | @@ -26,7 +26,6 @@ BUILD= | ||
| 18 | HOST= | ||
| 19 | HOSTCC= | ||
| 20 | TARGET= | ||
| 21 | -INCLUDEDIR= | ||
| 22 | DEBUG= | ||
| 23 | FORK= | ||
| 24 | STATIC= | ||
| 25 | @@ -89,7 +88,6 @@ for x do | ||
| 26 | --mandir) MANDIR=$var;; | ||
| 27 | --datadir) DATADIR=$var;; | ||
| 28 | --with-ccopts|CFLAGS) CFLAGS=$var;; | ||
| 29 | - -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";; | ||
| 30 | CC) CC=$var;; | ||
| 31 | CPPFLAGS) CPPFLAGS=$var;; | ||
| 32 | PKG_CONFIG) PKG_CONFIG=$var;; | ||
| 33 | @@ -346,9 +344,6 @@ if [ -n "$CPPFLAGS" ]; then | ||
| 34 | echo "CPPFLAGS=" >>$CONFIG_MK | ||
| 35 | echo "CPPFLAGS+= $CPPFLAGS" >>$CONFIG_MK | ||
| 36 | fi | ||
| 37 | -if [ -n "$INCLUDEDIR" ]; then | ||
| 38 | - echo "CPPFLAGS+= $INCLUDEDIR" >>$CONFIG_MK | ||
| 39 | -fi | ||
| 40 | if [ -n "$LDFLAGS" ]; then | ||
| 41 | echo "LDFLAGS=" >>$CONFIG_MK | ||
| 42 | echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service deleted file mode 100644 index 6c967ddaf0..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service +++ /dev/null | |||
| @@ -1,11 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support | ||
| 3 | Wants=network.target | ||
| 4 | Before=network.target | ||
| 5 | Conflicts=connman.service | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | ExecStart=/sbin/dhcpcd -q --nobackground | ||
| 9 | |||
| 10 | [Install] | ||
| 11 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service deleted file mode 100644 index 845b83b9e5..0000000000 --- a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=dhcpcd on %I | ||
| 3 | Wants=network.target | ||
| 4 | Before=network.target | ||
| 5 | BindsTo=sys-subsystem-net-devices-%i.device | ||
| 6 | After=sys-subsystem-net-devices-%i.device | ||
| 7 | Conflicts=connman.service | ||
| 8 | |||
| 9 | [Service] | ||
| 10 | Type=forking | ||
| 11 | PIDFile=/run/dhcpcd/%I.pid | ||
| 12 | ExecStart=/sbin/dhcpcd -q %I | ||
| 13 | ExecStop=/sbin/dhcpcd -x %I | ||
| 14 | |||
| 15 | [Install] | ||
| 16 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils deleted file mode 100644 index 30e81ef450..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils +++ /dev/null | |||
| @@ -1,20 +0,0 @@ | |||
| 1 | # default: off | ||
| 2 | # description: | ||
| 3 | # Rexecd is the server for the rexec program. The server provides remote | ||
| 4 | # execution facilities with authentication based on user names and | ||
| 5 | # passwords. | ||
| 6 | # | ||
| 7 | service exec | ||
| 8 | { | ||
| 9 | socket_type = stream | ||
| 10 | protocol = tcp | ||
| 11 | flags = NAMEINARGS | ||
| 12 | wait = no | ||
| 13 | user = root | ||
| 14 | group = root | ||
| 15 | log_on_success += USERID | ||
| 16 | log_on_failure += USERID | ||
| 17 | server = @SBINDIR@/tcpd | ||
| 18 | server_args = @SBINDIR@/in.rexecd | ||
| 19 | disable = yes | ||
| 20 | } | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils deleted file mode 100644 index 21b55da9a9..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils +++ /dev/null | |||
| @@ -1,23 +0,0 @@ | |||
| 1 | # default: off | ||
| 2 | # description: | ||
| 3 | # Rlogind is a server for the rlogin program. The server provides remote | ||
| 4 | # execution with authentication based on privileged port numbers from trusted | ||
| 5 | # host | ||
| 6 | # | ||
| 7 | service login | ||
| 8 | { | ||
| 9 | socket_type = stream | ||
| 10 | protocol = tcp | ||
| 11 | flags = NAMEINARGS | ||
| 12 | wait = no | ||
| 13 | user = root | ||
| 14 | group = root | ||
| 15 | log_on_success += USERID | ||
| 16 | log_on_failure += USERID | ||
| 17 | server = @SBINDIR@/tcpd | ||
| 18 | server_args = @SBINDIR@/in.rlogind -a | ||
| 19 | disable = yes | ||
| 20 | } | ||
| 21 | |||
| 22 | |||
| 23 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils deleted file mode 100644 index 2b894a74bd..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils +++ /dev/null | |||
| @@ -1,21 +0,0 @@ | |||
| 1 | # default: off | ||
| 2 | # description: | ||
| 3 | # The rshd server is a server for the rcmd(3) routine and, | ||
| 4 | # consequently, for the rsh(1) program. The server provides | ||
| 5 | # remote execution facilities with authentication based on | ||
| 6 | # privileged port numbers from trusted hosts. | ||
| 7 | # | ||
| 8 | service shell | ||
| 9 | { | ||
| 10 | socket_type = stream | ||
| 11 | protocol = tcp | ||
| 12 | flags = NAMEINARGS | ||
| 13 | wait = no | ||
| 14 | user = root | ||
| 15 | group = root | ||
| 16 | log_on_success += USERID | ||
| 17 | log_on_failure += USERID | ||
| 18 | server = @SBINDIR@/tcpd | ||
| 19 | server_args = @SBINDIR@/in.rshd -aL | ||
| 20 | disable = yes | ||
| 21 | } | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils deleted file mode 100644 index 2d9a0408c0..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils +++ /dev/null | |||
| @@ -1,13 +0,0 @@ | |||
| 1 | # default: on | ||
| 2 | # description: The telnet server serves telnet sessions; it uses \ | ||
| 3 | # unencrypted username/password pairs for authentication. | ||
| 4 | service telnet | ||
| 5 | { | ||
| 6 | disable = no | ||
| 7 | flags = REUSE | ||
| 8 | socket_type = stream | ||
| 9 | wait = no | ||
| 10 | user = root | ||
| 11 | server = @SBINDIR@/in.telnetd | ||
| 12 | log_on_failure += USERID | ||
| 13 | } | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils deleted file mode 100644 index 67b44c43e8..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils +++ /dev/null | |||
| @@ -1,19 +0,0 @@ | |||
| 1 | # default: off | ||
| 2 | # description: | ||
| 3 | # Tftpd is a server which supports the Internet Trivial File Transfer | ||
| 4 | # Pro-tocol (RFC 783). The TFTP server operates at the port indicated | ||
| 5 | # in the tftp service description; see services(5). | ||
| 6 | # | ||
| 7 | service tftp | ||
| 8 | { | ||
| 9 | disable = yes | ||
| 10 | socket_type = dgram | ||
| 11 | protocol = udp | ||
| 12 | flags = IPv6 | ||
| 13 | wait = yes | ||
| 14 | user = root | ||
| 15 | group = root | ||
| 16 | server = @SBINDIR@/in.tftpd | ||
| 17 | server_args = /tftpboot | ||
| 18 | } | ||
| 19 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb b/meta/recipes-connectivity/inetutils/inetutils_2.6.bb deleted file mode 100644 index 6e03195f2d..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb +++ /dev/null | |||
| @@ -1,216 +0,0 @@ | |||
| 1 | SUMMARY = "The GNU inetutils are a collection of common networking utilities and servers." | ||
| 2 | DESCRIPTION = "The GNU inetutils are a collection of common \ | ||
| 3 | networking utilities and servers including ftp, ftpd, rcp, \ | ||
| 4 | rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \ | ||
| 5 | talkd, telnet, telnetd, tftp, tftpd, and uucpd." | ||
| 6 | HOMEPAGE = "http://www.gnu.org/software/inetutils" | ||
| 7 | SECTION = "net" | ||
| 8 | DEPENDS = "ncurses netbase readline virtual/crypt" | ||
| 9 | |||
| 10 | LICENSE = "GPL-3.0-only" | ||
| 11 | |||
| 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" | ||
| 13 | |||
| 14 | SRC_URI[sha256sum] = "68bedbfeaf73f7d86be2a7d99bcfbd4093d829f52770893919ae174c0b2357ca" | ||
| 15 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ | ||
| 16 | file://rexec.xinetd.inetutils \ | ||
| 17 | file://rlogin.xinetd.inetutils \ | ||
| 18 | file://rsh.xinetd.inetutils \ | ||
| 19 | file://telnet.xinetd.inetutils \ | ||
| 20 | file://tftpd.xinetd.inetutils \ | ||
| 21 | " | ||
| 22 | |||
| 23 | inherit autotools gettext update-alternatives texinfo | ||
| 24 | |||
| 25 | PACKAGECONFIG ??= "ftp uucpd \ | ||
| 26 | ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ | ||
| 27 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \ | ||
| 28 | " | ||
| 29 | PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline" | ||
| 30 | PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline" | ||
| 31 | PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" | ||
| 32 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no," | ||
| 33 | PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6," | ||
| 34 | |||
| 35 | EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \ | ||
| 36 | --with-libreadline-prefix=${STAGING_LIBDIR} \ | ||
| 37 | --enable-rpath=no \ | ||
| 38 | --with-path-login=${base_bindir}/login \ | ||
| 39 | --with-path-cp=${base_bindir}/cp \ | ||
| 40 | --with-path-uucico=${libexecdir}/uuico \ | ||
| 41 | --with-path-procnet-dev=/proc/net/dev \ | ||
| 42 | " | ||
| 43 | |||
| 44 | EXTRA_OECONF:append:libc-musl = " --with-path-utmpx=/dev/null/utmpx --with-path-wtmpx=/dev/null/wtmpx" | ||
| 45 | |||
| 46 | # These are horrible for security, disable them | ||
| 47 | EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \ | ||
| 48 | --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd" | ||
| 49 | |||
| 50 | # The configure script guesses many paths in cross builds, check for this happening | ||
| 51 | do_configure_cross_check() { | ||
| 52 | if grep "may be incorrect because of cross-compilation" ${B}/config.log; then | ||
| 53 | bberror Default path values used, these must be set explicitly | ||
| 54 | fi | ||
| 55 | } | ||
| 56 | do_configure[postfuncs] += "do_configure_cross_check" | ||
| 57 | |||
| 58 | # The --with-path options are not actually options, so this check needs to be silenced | ||
| 59 | ERROR_QA:remove = "unknown-configure-option" | ||
| 60 | |||
| 61 | do_configure:prepend () { | ||
| 62 | export HELP2MAN='true' | ||
| 63 | } | ||
| 64 | |||
| 65 | do_install:append () { | ||
| 66 | install -m 0755 -d ${D}${base_sbindir} | ||
| 67 | install -m 0755 -d ${D}${sbindir} | ||
| 68 | install -m 0755 -d ${D}${sysconfdir}/xinetd.d | ||
| 69 | if [ "${base_bindir}" != "${bindir}" ] ; then | ||
| 70 | install -m 0755 -d ${D}${base_bindir} | ||
| 71 | mv ${D}${bindir}/ping* ${D}${base_bindir}/ | ||
| 72 | mv ${D}${bindir}/hostname ${D}${base_bindir}/ | ||
| 73 | mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/ | ||
| 74 | fi | ||
| 75 | mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/ | ||
| 76 | mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/ | ||
| 77 | mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd | ||
| 78 | mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd | ||
| 79 | if [ -e ${D}${libexecdir}/rexecd ]; then | ||
| 80 | mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd | ||
| 81 | cp ${UNPACKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec | ||
| 82 | fi | ||
| 83 | if [ -e ${D}${libexecdir}/rlogind ]; then | ||
| 84 | mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind | ||
| 85 | cp ${UNPACKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin | ||
| 86 | fi | ||
| 87 | if [ -e ${D}${libexecdir}/rshd ]; then | ||
| 88 | mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd | ||
| 89 | cp ${UNPACKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh | ||
| 90 | fi | ||
| 91 | if [ -e ${D}${libexecdir}/talkd ]; then | ||
| 92 | mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd | ||
| 93 | fi | ||
| 94 | mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd | ||
| 95 | mv ${D}${libexecdir}/* ${D}${bindir}/ | ||
| 96 | cp ${UNPACKDIR}/telnet.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/telnet | ||
| 97 | cp ${UNPACKDIR}/tftpd.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/tftpd | ||
| 98 | |||
| 99 | sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/* | ||
| 100 | if [ -e ${D}${libdir}/charset.alias ]; then | ||
| 101 | rm -rf ${D}${libdir}/charset.alias | ||
| 102 | fi | ||
| 103 | rm -rf ${D}${libexecdir}/ | ||
| 104 | # remove usr/lib if empty | ||
| 105 | rmdir ${D}${libdir} || true | ||
| 106 | } | ||
| 107 | |||
| 108 | PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \ | ||
| 109 | ${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \ | ||
| 110 | ${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \ | ||
| 111 | ${PN}-rsh ${PN}-rshd" | ||
| 112 | |||
| 113 | # The packages tftpd, telnetd and rshd conflict with the ones | ||
| 114 | # provided by netkit, so add the corresponding -dbg packages | ||
| 115 | # for them to avoid the confliction between the dbg package | ||
| 116 | # of inetutils and netkit. | ||
| 117 | PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg" | ||
| 118 | NOAUTOPACKAGEDEBUG = "1" | ||
| 119 | |||
| 120 | ALTERNATIVE_PRIORITY = "79" | ||
| 121 | ALTERNATIVE:${PN} = "whois dnsdomainname" | ||
| 122 | ALTERNATIVE_LINK_NAME[uucpd] = "${sbindir}/in.uucpd" | ||
| 123 | ALTERNATIVE_LINK_NAME[dnsdomainname] = "${base_bindir}/dnsdomainname" | ||
| 124 | |||
| 125 | ALTERNATIVE_PRIORITY_${PN}-logger = "60" | ||
| 126 | ALTERNATIVE:${PN}-logger = "logger" | ||
| 127 | ALTERNATIVE:${PN}-syslogd = "syslogd" | ||
| 128 | ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd" | ||
| 129 | |||
| 130 | ALTERNATIVE:${PN}-ftp = "ftp" | ||
| 131 | ALTERNATIVE:${PN}-ftpd = "ftpd" | ||
| 132 | ALTERNATIVE:${PN}-tftp = "tftp" | ||
| 133 | ALTERNATIVE:${PN}-tftpd = "tftpd" | ||
| 134 | ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd" | ||
| 135 | ALTERNATIVE_TARGET[tftpd] = "${sbindir}/in.tftpd" | ||
| 136 | |||
| 137 | ALTERNATIVE:${PN}-telnet = "telnet" | ||
| 138 | ALTERNATIVE:${PN}-telnetd = "telnetd" | ||
| 139 | ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd" | ||
| 140 | ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd" | ||
| 141 | |||
| 142 | ALTERNATIVE:${PN}-inetd = "inetd" | ||
| 143 | ALTERNATIVE:${PN}-traceroute = "traceroute" | ||
| 144 | |||
| 145 | ALTERNATIVE:${PN}-hostname = "hostname" | ||
| 146 | ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" | ||
| 147 | ALTERNATIVE_PRIORITY[hostname] = "100" | ||
| 148 | |||
| 149 | ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ | ||
| 150 | tftpd.8 tftp.1 telnetd.8" | ||
| 151 | ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" | ||
| 152 | ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" | ||
| 153 | ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" | ||
| 154 | ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" | ||
| 155 | ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" | ||
| 156 | ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" | ||
| 157 | ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" | ||
| 158 | |||
| 159 | ALTERNATIVE:${PN}-ifconfig = "ifconfig" | ||
| 160 | ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" | ||
| 161 | |||
| 162 | ALTERNATIVE:${PN}-ping = "ping" | ||
| 163 | ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping" | ||
| 164 | |||
| 165 | ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}" | ||
| 166 | ALTERNATIVE_LINK_NAME[ping6] = "${base_bindir}/ping6" | ||
| 167 | |||
| 168 | FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug" | ||
| 169 | FILES:${PN}-ping = "${base_bindir}/ping.${BPN}" | ||
| 170 | FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}" | ||
| 171 | FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}" | ||
| 172 | FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}" | ||
| 173 | FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}" | ||
| 174 | FILES:${PN}-logger = "${bindir}/logger.${BPN}" | ||
| 175 | |||
| 176 | FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}" | ||
| 177 | RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng" | ||
| 178 | |||
| 179 | FILES:${PN}-ftp = "${bindir}/ftp.${BPN}" | ||
| 180 | |||
| 181 | FILES:${PN}-tftp = "${bindir}/tftp.${BPN}" | ||
| 182 | FILES:${PN}-telnet = "${bindir}/telnet.${BPN}" | ||
| 183 | |||
| 184 | # We make us of RCONFLICTS / RPROVIDES here rather than using the normal | ||
| 185 | # alternatives method as this leads to packaging QA issues when using | ||
| 186 | # musl as that library does not provide what these applications need to | ||
| 187 | # build. | ||
| 188 | FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp" | ||
| 189 | RCONFLICTS:${PN}-rsh += "netkit-rsh-client" | ||
| 190 | RPROVIDES:${PN}-rsh = "rsh" | ||
| 191 | |||
| 192 | FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \ | ||
| 193 | ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec" | ||
| 194 | FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd" | ||
| 195 | RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers" | ||
| 196 | RCONFLICTS:${PN}-rshd += "netkit-rshd-server" | ||
| 197 | RPROVIDES:${PN}-rshd = "rshd" | ||
| 198 | |||
| 199 | FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}" | ||
| 200 | FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}" | ||
| 201 | RDEPENDS:${PN}-ftpd += "xinetd" | ||
| 202 | |||
| 203 | FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd" | ||
| 204 | FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd" | ||
| 205 | RCONFLICTS:${PN}-tftpd += "netkit-tftpd" | ||
| 206 | RDEPENDS:${PN}-tftpd += "xinetd" | ||
| 207 | |||
| 208 | FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet" | ||
| 209 | FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd" | ||
| 210 | RCONFLICTS:${PN}-telnetd += "netkit-telnet" | ||
| 211 | RPROVIDES:${PN}-telnetd = "telnetd" | ||
| 212 | RDEPENDS:${PN}-telnetd += "xinetd" | ||
| 213 | |||
| 214 | FILES:${PN}-inetd = "${bindir}/inetd.${BPN}" | ||
| 215 | |||
| 216 | RDEPENDS:${PN} = "xinetd" | ||
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch deleted file mode 100644 index c4dea39676..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2/0001-include-libnetlink.h-add-missing-include-for-htobe64.patch +++ /dev/null | |||
| @@ -1,24 +0,0 @@ | |||
| 1 | From 9e427aa1c647f741b08a1f0c44483ea974c7fc61 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex@linutronix.de> | ||
| 3 | Date: Sat, 24 Aug 2024 15:32:25 +0200 | ||
| 4 | Subject: [PATCH] include/libnetlink.h: add missing include for htobe64 | ||
| 5 | definitions | ||
| 6 | |||
| 7 | Upstream-Status: Submitted [by email to stephen@networkplumber.org netdev@vger.kernel.org] | ||
| 8 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 9 | --- | ||
| 10 | include/libnetlink.h | 1 + | ||
| 11 | 1 file changed, 1 insertion(+) | ||
| 12 | |||
| 13 | diff --git a/include/libnetlink.h b/include/libnetlink.h | ||
| 14 | index 7074e91..3dbfa42 100644 | ||
| 15 | --- a/include/libnetlink.h | ||
| 16 | +++ b/include/libnetlink.h | ||
| 17 | @@ -13,6 +13,7 @@ | ||
| 18 | #include <linux/neighbour.h> | ||
| 19 | #include <linux/netconf.h> | ||
| 20 | #include <arpa/inet.h> | ||
| 21 | +#include <endian.h> | ||
| 22 | |||
| 23 | struct rtnl_handle { | ||
| 24 | int fd; | ||
diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb b/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb deleted file mode 100644 index dc7106902c..0000000000 --- a/meta/recipes-connectivity/iproute2/iproute2_6.16.0.bb +++ /dev/null | |||
| @@ -1,112 +0,0 @@ | |||
| 1 | SUMMARY = "TCP / IP networking and traffic control utilities" | ||
| 2 | DESCRIPTION = "Iproute2 is a collection of utilities for controlling \ | ||
| 3 | TCP / IP networking and traffic control in Linux. Of the utilities ip \ | ||
| 4 | and tc are the most important. ip controls IPv4 and IPv6 \ | ||
| 5 | configuration and tc stands for traffic control." | ||
| 6 | HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" | ||
| 7 | SECTION = "base" | ||
| 8 | LICENSE = "GPL-2.0-or-later" | ||
| 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | ||
| 10 | " | ||
| 11 | |||
| 12 | DEPENDS = "flex-native bison-native libcap" | ||
| 13 | |||
| 14 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \ | ||
| 15 | file://0001-include-libnetlink.h-add-missing-include-for-htobe64.patch \ | ||
| 16 | " | ||
| 17 | |||
| 18 | SRC_URI[sha256sum] = "5900ccc15f9ac3bf7b7eae81deb5937123df35e99347a7f11a22818482f0a8d0" | ||
| 19 | |||
| 20 | inherit update-alternatives bash-completion pkgconfig | ||
| 21 | |||
| 22 | PACKAGECONFIG ??= "tipc elf devlink iptables" | ||
| 23 | PACKAGECONFIG[tipc] = ",,libmnl," | ||
| 24 | PACKAGECONFIG[elf] = ",,elfutils," | ||
| 25 | PACKAGECONFIG[devlink] = ",,libmnl," | ||
| 26 | PACKAGECONFIG[iptables] = ",,iptables" | ||
| 27 | PACKAGECONFIG[rdma] = ",,libmnl," | ||
| 28 | PACKAGECONFIG[selinux] = ",,libselinux" | ||
| 29 | |||
| 30 | IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}" | ||
| 31 | |||
| 32 | # This is needed with GCC-14 and musl | ||
| 33 | CFLAGS += "-Wno-error=incompatible-pointer-types" | ||
| 34 | # CFLAGS are computed in Makefile and reference CCOPTS | ||
| 35 | # | ||
| 36 | EXTRA_OEMAKE = "\ | ||
| 37 | CC='${CC}' \ | ||
| 38 | KERNEL_INCLUDE=${STAGING_INCDIR} \ | ||
| 39 | DOCDIR=${docdir}/iproute2 \ | ||
| 40 | SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \ | ||
| 41 | SBINDIR='${base_sbindir}' \ | ||
| 42 | CONF_USR_DIR='${libdir}/iproute2' \ | ||
| 43 | LIBDIR='${libdir}' \ | ||
| 44 | CCOPTS='${CFLAGS}' \ | ||
| 45 | " | ||
| 46 | |||
| 47 | do_configure:append () { | ||
| 48 | sh configure ${STAGING_INCDIR} | ||
| 49 | # Explicitly disable ATM support | ||
| 50 | sed -i -e '/TC_CONFIG_ATM/d' config.mk | ||
| 51 | } | ||
| 52 | |||
| 53 | do_install () { | ||
| 54 | oe_runmake DESTDIR=${D} install | ||
| 55 | mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2 | ||
| 56 | install -d ${D}${datadir} | ||
| 57 | mv ${D}/share/* ${D}${datadir}/ || true | ||
| 58 | rm ${D}/share -rf || true | ||
| 59 | |||
| 60 | # Remove support fot ipt and xt in tc. So tc library directory is not needed. | ||
| 61 | rm ${D}${libdir}/tc -rf | ||
| 62 | } | ||
| 63 | |||
| 64 | # The .so files in iproute2-tc are modules, not traditional libraries | ||
| 65 | INSANE_SKIP:${PN}-tc = "dev-so" | ||
| 66 | |||
| 67 | IPROUTE2_PACKAGES =+ "\ | ||
| 68 | ${PN}-bridge \ | ||
| 69 | ${PN}-devlink \ | ||
| 70 | ${PN}-genl \ | ||
| 71 | ${PN}-ifstat \ | ||
| 72 | ${PN}-ip \ | ||
| 73 | ${PN}-lnstat \ | ||
| 74 | ${PN}-nstat \ | ||
| 75 | ${PN}-routel \ | ||
| 76 | ${PN}-rtacct \ | ||
| 77 | ${PN}-ss \ | ||
| 78 | ${PN}-tc \ | ||
| 79 | ${PN}-tipc \ | ||
| 80 | ${PN}-rdma \ | ||
| 81 | " | ||
| 82 | |||
| 83 | PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}" | ||
| 84 | RDEPENDS:${PN} += "${PN}-ip" | ||
| 85 | |||
| 86 | FILES:${PN}-tc = "${base_sbindir}/tc* \ | ||
| 87 | ${libdir}/tc/*.so" | ||
| 88 | FILES:${PN}-lnstat = "${base_sbindir}/lnstat \ | ||
| 89 | ${base_sbindir}/ctstat \ | ||
| 90 | ${base_sbindir}/rtstat" | ||
| 91 | FILES:${PN}-ifstat = "${base_sbindir}/ifstat" | ||
| 92 | FILES:${PN}-ip = "${base_sbindir}/ip.* ${libdir}/iproute2" | ||
| 93 | FILES:${PN}-genl = "${base_sbindir}/genl" | ||
| 94 | FILES:${PN}-rtacct = "${base_sbindir}/rtacct" | ||
| 95 | FILES:${PN}-nstat = "${base_sbindir}/nstat" | ||
| 96 | FILES:${PN}-ss = "${base_sbindir}/ss" | ||
| 97 | FILES:${PN}-tipc = "${base_sbindir}/tipc" | ||
| 98 | FILES:${PN}-devlink = "${base_sbindir}/devlink" | ||
| 99 | FILES:${PN}-rdma = "${base_sbindir}/rdma" | ||
| 100 | FILES:${PN}-routel = "${base_sbindir}/routel" | ||
| 101 | FILES:${PN}-bridge = "${base_sbindir}/bridge" | ||
| 102 | |||
| 103 | RDEPENDS:${PN}-routel = "python3-core" | ||
| 104 | |||
| 105 | ALTERNATIVE:${PN}-ip = "ip" | ||
| 106 | ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}" | ||
| 107 | ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip" | ||
| 108 | ALTERNATIVE_PRIORITY = "100" | ||
| 109 | |||
| 110 | ALTERNATIVE:${PN}-tc = "tc" | ||
| 111 | ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc" | ||
| 112 | ALTERNATIVE_PRIORITY_${PN}-tc = "100" | ||
diff --git a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch deleted file mode 100644 index 715b88d466..0000000000 --- a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | Subject: [PATCH] iw: version.sh: don't use git describe for versioning | ||
| 2 | |||
| 3 | It will detect top-level git repositories like the Angstrom setup-scripts and break. | ||
| 4 | |||
| 5 | Upstream-Status: Pending | ||
| 6 | |||
| 7 | Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> | ||
| 8 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
| 9 | --- | ||
| 10 | diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh | ||
| 11 | --- iw-4.7-orig/version.sh 2016-05-31 12:52:46.000000000 +0300 | ||
| 12 | +++ iw-4.7/version.sh 2016-06-01 11:21:58.307409060 +0300 | ||
| 13 | @@ -15,27 +15,7 @@ | ||
| 14 | SRC_DIR=$(cd ${SRC_DIR}; pwd) | ||
| 15 | cd "${SRC_DIR}" | ||
| 16 | |||
| 17 | -v="" | ||
| 18 | -if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then | ||
| 19 | - git update-index --refresh --unmerged > /dev/null | ||
| 20 | - descr=$(git describe --match=v* 2>/dev/null) | ||
| 21 | - if [ $? -eq 0 ]; then | ||
| 22 | - # on git builds check that the version number above | ||
| 23 | - # is correct... | ||
| 24 | - if [ "${descr%%-*}" = "v$VERSION" ]; then | ||
| 25 | - v="${descr#v}" | ||
| 26 | - if git diff-index --name-only HEAD | read dummy ; then | ||
| 27 | - v="$v"-dirty | ||
| 28 | - fi | ||
| 29 | - fi | ||
| 30 | - fi | ||
| 31 | -fi | ||
| 32 | - | ||
| 33 | -# set to the default version when failed to get the version | ||
| 34 | -# information with git | ||
| 35 | -if [ -z "${v}" ]; then | ||
| 36 | - v="$VERSION" | ||
| 37 | -fi | ||
| 38 | +v="$VERSION" | ||
| 39 | |||
| 40 | echo '#include "iw.h"' > "$OUT" | ||
| 41 | echo "const char iw_version[] = \"$v\";" >> "$OUT" | ||
diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch deleted file mode 100644 index 179fd90124..0000000000 --- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch +++ /dev/null | |||
| @@ -1,50 +0,0 @@ | |||
| 1 | From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Changhyeok Bae <changhyeok.bae@gmail.com> | ||
| 3 | Date: Mon, 27 Jan 2020 22:48:03 +0100 | ||
| 4 | Subject: [PATCH] Support separation of SRCDIR and OBJDIR | ||
| 5 | |||
| 6 | Typical use of VPATH to locate the sources. | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | |||
| 10 | Signed-off-by: Christopher Larson <chris_larson@mentor.com> | ||
| 11 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
| 12 | --- | ||
| 13 | Makefile | 8 ++++++-- | ||
| 14 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/Makefile b/Makefile | ||
| 17 | index 90f2251..714cdb9 100644 | ||
| 18 | --- a/Makefile | ||
| 19 | +++ b/Makefile | ||
| 20 | @@ -1,5 +1,9 @@ | ||
| 21 | MAKEFLAGS += --no-print-directory | ||
| 22 | |||
| 23 | +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST))) | ||
| 24 | +OBJDIR ?= $(PWD) | ||
| 25 | +VPATH = $(SRCDIR) | ||
| 26 | + | ||
| 27 | PREFIX ?= /usr | ||
| 28 | SBINDIR ?= $(PREFIX)/sbin | ||
| 29 | MANDIR ?= $(PREFIX)/share/man | ||
| 30 | @@ -92,7 +96,7 @@ all: $(ALL) | ||
| 31 | version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \ | ||
| 32 | $(wildcard .git/index .git/refs/tags) | ||
| 33 | @$(NQ) ' GEN ' $@ | ||
| 34 | - $(Q)./version.sh $@ | ||
| 35 | + $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@ | ||
| 36 | |||
| 37 | nl80211-commands.inc: nl80211.h | ||
| 38 | @$(NQ) ' GEN ' $@ | ||
| 39 | @@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h | ||
| 40 | |||
| 41 | %.o: %.c iw.h nl80211.h nl80211-commands.inc | ||
| 42 | @$(NQ) ' CC ' $@ | ||
| 43 | - $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< | ||
| 44 | + $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< | ||
| 45 | |||
| 46 | ifeq ($(IW_ANDROID_BUILD),) | ||
| 47 | iw: $(OBJS) | ||
| 48 | -- | ||
| 49 | 2.23.0 | ||
| 50 | |||
diff --git a/meta/recipes-connectivity/iw/iw_6.17.bb b/meta/recipes-connectivity/iw/iw_6.17.bb deleted file mode 100644 index a9a4695d39..0000000000 --- a/meta/recipes-connectivity/iw/iw_6.17.bb +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | SUMMARY = "nl80211 based CLI configuration utility for wireless devices" | ||
| 2 | DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \ | ||
| 3 | wireless devices. It supports almost all new drivers that have been added \ | ||
| 4 | to the kernel recently. " | ||
| 5 | HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw" | ||
| 6 | SECTION = "base" | ||
| 7 | LICENSE = "ISC" | ||
| 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774" | ||
| 9 | |||
| 10 | DEPENDS = "libnl" | ||
| 11 | |||
| 12 | SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \ | ||
| 13 | file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \ | ||
| 14 | file://separate-objdir.patch \ | ||
| 15 | " | ||
| 16 | |||
| 17 | SRC_URI[sha256sum] = "aebdcfa3691aa5065a9b0d7def66c761c8b01a59dd81bc315d0305e05c3b04de" | ||
| 18 | |||
| 19 | inherit pkgconfig | ||
| 20 | |||
| 21 | EXTRA_OEMAKE = "\ | ||
| 22 | -f '${S}/Makefile' \ | ||
| 23 | \ | ||
| 24 | 'PREFIX=${prefix}' \ | ||
| 25 | 'SBINDIR=${sbindir}' \ | ||
| 26 | 'MANDIR=${mandir}' \ | ||
| 27 | " | ||
| 28 | |||
| 29 | do_install() { | ||
| 30 | oe_runmake 'DESTDIR=${D}' install | ||
| 31 | } | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch b/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch deleted file mode 100644 index fba2f5a573..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-build-boost-1.89.0-fixes.patch +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | From cf6af9219ba688fcd01d73a392dd1306d2b7a9e6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Wed, 27 Aug 2025 22:20:09 -0700 | ||
| 4 | Subject: [PATCH] build: boost 1.89.0 fixes | ||
| 5 | |||
| 6 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/merge_requests/2771/] | ||
| 7 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 8 | --- | ||
| 9 | meson.build | 2 +- | ||
| 10 | src/lib/asiodns/io_fetch.cc | 1 + | ||
| 11 | src/lib/asiolink/interval_timer.cc | 1 + | ||
| 12 | 3 files changed, 3 insertions(+), 1 deletion(-) | ||
| 13 | |||
| 14 | --- a/meson.build | ||
| 15 | +++ b/meson.build | ||
| 16 | @@ -189,7 +189,7 @@ message(f'Detected system "@SYSTEM@".') | ||
| 17 | |||
| 18 | #### Dependencies | ||
| 19 | |||
| 20 | -boost_dep = dependency('boost', version: '>=1.66', modules: ['system']) | ||
| 21 | +boost_dep = dependency('boost', version: '>=1.66') | ||
| 22 | dl_dep = dependency('dl') | ||
| 23 | threads_dep = dependency('threads') | ||
| 24 | add_project_dependencies(boost_dep, dl_dep, threads_dep, language: ['cpp']) | ||
| 25 | @@ -1094,7 +1094,7 @@ pkg.generate( | ||
| 26 | if TARGETS_GEN_MESSAGES.length() > 0 | ||
| 27 | alias_target('messages', TARGETS_GEN_MESSAGES) | ||
| 28 | else | ||
| 29 | - error( | ||
| 30 | + warning( | ||
| 31 | 'No messages to generate. This is probably an error in the meson.build files.', | ||
| 32 | ) | ||
| 33 | endif | ||
| 34 | --- a/src/lib/asiodns/io_fetch.cc | ||
| 35 | +++ b/src/lib/asiodns/io_fetch.cc | ||
| 36 | @@ -22,6 +22,7 @@ | ||
| 37 | #include <dns/rcode.h> | ||
| 38 | #include <util/io.h> | ||
| 39 | |||
| 40 | +#include <boost/asio/deadline_timer.hpp> | ||
| 41 | #include <boost/scoped_ptr.hpp> | ||
| 42 | #include <boost/date_time/posix_time/posix_time_types.hpp> | ||
| 43 | |||
| 44 | --- a/src/lib/asiolink/interval_timer.cc | ||
| 45 | +++ b/src/lib/asiolink/interval_timer.cc | ||
| 46 | @@ -9,6 +9,7 @@ | ||
| 47 | #include <asiolink/interval_timer.h> | ||
| 48 | #include <asiolink/io_service.h> | ||
| 49 | |||
| 50 | +#include <boost/asio/deadline_timer.hpp> | ||
| 51 | #include <boost/enable_shared_from_this.hpp> | ||
| 52 | #include <boost/noncopyable.hpp> | ||
| 53 | #include <boost/shared_ptr.hpp> | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch b/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch deleted file mode 100644 index 6facc4d32d..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch +++ /dev/null | |||
| @@ -1,348 +0,0 @@ | |||
| 1 | From e3a0d181a279334c7d7a10c5b09fd1610384101c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Wed, 3 Sep 2025 12:52:51 -0700 | ||
| 4 | Subject: [PATCH] d2/dhcp[46]/radius/dhcpsrv: Avoid Boost lexical_cast on enums | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | Clang with libc++ hardening (-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST) | ||
| 10 | rejects Boost's enum trait probe used by `boost::lexical_cast`: | ||
| 11 | `boost::type_traits::is_signed/is_unsigned` defines | ||
| 12 | `static const T minus_one = (T)-1;`, which is ill-formed for scoped/limited | ||
| 13 | enums whose valid range does not include −1 (e.g. enums with values [0..3]). | ||
| 14 | When an enum is passed to `lexical_cast<std::string>`, this triggers errors like: | ||
| 15 | |||
| 16 | error: in-class initializer for static data member is not a constant expression | ||
| 17 | ... minus_one = (static_cast<no_cv_t>(-1)); | ||
| 18 | |||
| 19 | In Kea this surfaced via logging `.arg(enum_value)` and when writing | ||
| 20 | `Lease6::type_` to CSV. | ||
| 21 | |||
| 22 | This change makes all such call sites avoid `lexical_cast` on enums: | ||
| 23 | |||
| 24 | * d2 transactions (`check_exists_*`, `nc_*`, `simple_*`): | ||
| 25 | cast `getDnsUpdateStatus()` to `int` before passing to `.arg(...)`. | ||
| 26 | |||
| 27 | * d2 queue manager (`d2_queue_mgr.cc`): | ||
| 28 | cast `mgr_state_` to `int` before logging. | ||
| 29 | |||
| 30 | * DHCPv4/6 servers (`dhcp4_srv.cc`, `dhcp6_srv.cc`): | ||
| 31 | cast `dhcp_ddns::NameChangeSender::Result` to `int` before logging. | ||
| 32 | |||
| 33 | * RADIUS hook (`radius_accounting.cc`): | ||
| 34 | cast `env.event_` to `int` for the numeric field; we still log the textual | ||
| 35 | form via `eventToText(event_)` in the next argument. | ||
| 36 | |||
| 37 | * DHCPv6 CSV writer (`csv_lease_file6.cc`): | ||
| 38 | write `lease_type` using `isc::dhcp::Lease::typeToText(lease.type_)` | ||
| 39 | instead of passing the enum directly. This is human-readable and uses Kea’s | ||
| 40 | own canonical stringifier, while avoiding the Boost enum path entirely. | ||
| 41 | |||
| 42 | why: | ||
| 43 | |||
| 44 | - Prevents Boost from instantiating enum trait checks that cast −1 to an enum. | ||
| 45 | - Unblocks builds with recent Clang/libc++ hardening. | ||
| 46 | - Keeps log output stable (numeric codes retained) and improves CSV clarity | ||
| 47 | for lease type by using the provided textual converter. | ||
| 48 | |||
| 49 | No functional/ABI changes; only formatting of certain log/CSV values. | ||
| 50 | If a downstream consumer expects a numeric `lease_type`, it can be adjusted | ||
| 51 | to parse the textual value or the change can be trivially flipped to | ||
| 52 | `static_cast<unsigned>(lease.type_)`. | ||
| 53 | |||
| 54 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4100] | ||
| 55 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 56 | --- | ||
| 57 | src/bin/d2/check_exists_add.cc | 6 +++--- | ||
| 58 | src/bin/d2/check_exists_remove.cc | 6 +++--- | ||
| 59 | src/bin/d2/d2_queue_mgr.cc | 2 +- | ||
| 60 | src/bin/d2/nc_add.cc | 6 +++--- | ||
| 61 | src/bin/d2/nc_remove.cc | 6 +++--- | ||
| 62 | src/bin/d2/simple_add.cc | 4 ++-- | ||
| 63 | src/bin/d2/simple_add_without_dhcid.cc | 4 ++-- | ||
| 64 | src/bin/d2/simple_remove.cc | 4 ++-- | ||
| 65 | src/bin/d2/simple_remove_without_dhcid.cc | 4 ++-- | ||
| 66 | src/bin/dhcp4/dhcp4_srv.cc | 2 +- | ||
| 67 | src/bin/dhcp6/dhcp6_srv.cc | 2 +- | ||
| 68 | src/hooks/dhcp/radius/radius_accounting.cc | 2 +- | ||
| 69 | src/lib/dhcpsrv/csv_lease_file6.cc | 2 +- | ||
| 70 | 13 files changed, 25 insertions(+), 25 deletions(-) | ||
| 71 | |||
| 72 | diff --git a/src/bin/d2/check_exists_add.cc b/src/bin/d2/check_exists_add.cc | ||
| 73 | index 11bb29f..edfef31 100644 | ||
| 74 | --- a/src/bin/d2/check_exists_add.cc | ||
| 75 | +++ b/src/bin/d2/check_exists_add.cc | ||
| 76 | @@ -270,7 +270,7 @@ CheckExistsAddTransaction::addingFwdAddrsHandler() { | ||
| 77 | // bigger is wrong. | ||
| 78 | LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) | ||
| 79 | .arg(getRequestId()) | ||
| 80 | - .arg(getDnsUpdateStatus()) | ||
| 81 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 82 | .arg(getNcr()->getFqdn()) | ||
| 83 | .arg(getCurrentServer()->toText()); | ||
| 84 | |||
| 85 | @@ -397,7 +397,7 @@ CheckExistsAddTransaction::replacingFwdAddrsHandler() { | ||
| 86 | LOG_ERROR(d2_to_dns_logger, | ||
| 87 | DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 88 | .arg(getRequestId()) | ||
| 89 | - .arg(getDnsUpdateStatus()) | ||
| 90 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 91 | .arg(getNcr()->getFqdn()) | ||
| 92 | .arg(getCurrentServer()->toText()); | ||
| 93 | |||
| 94 | @@ -541,7 +541,7 @@ CheckExistsAddTransaction::replacingRevPtrsHandler() { | ||
| 95 | LOG_ERROR(d2_to_dns_logger, | ||
| 96 | DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 97 | .arg(getRequestId()) | ||
| 98 | - .arg(getDnsUpdateStatus()) | ||
| 99 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 100 | .arg(getNcr()->getFqdn()) | ||
| 101 | .arg(getCurrentServer()->toText()); | ||
| 102 | |||
| 103 | diff --git a/src/bin/d2/check_exists_remove.cc b/src/bin/d2/check_exists_remove.cc | ||
| 104 | index 8ae5296..8b6b221 100644 | ||
| 105 | --- a/src/bin/d2/check_exists_remove.cc | ||
| 106 | +++ b/src/bin/d2/check_exists_remove.cc | ||
| 107 | @@ -268,7 +268,7 @@ CheckExistsRemoveTransaction::removingFwdAddrsHandler() { | ||
| 108 | LOG_ERROR(d2_to_dns_logger, | ||
| 109 | DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS) | ||
| 110 | .arg(getRequestId()) | ||
| 111 | - .arg(getDnsUpdateStatus()) | ||
| 112 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 113 | .arg(getNcr()->getFqdn()) | ||
| 114 | .arg(getCurrentServer()->toText()); | ||
| 115 | |||
| 116 | @@ -404,7 +404,7 @@ CheckExistsRemoveTransaction::removingFwdRRsHandler() { | ||
| 117 | LOG_ERROR(d2_to_dns_logger, | ||
| 118 | DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) | ||
| 119 | .arg(getRequestId()) | ||
| 120 | - .arg(getDnsUpdateStatus()) | ||
| 121 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 122 | .arg(getNcr()->getFqdn()) | ||
| 123 | .arg(getCurrentServer()->toText()); | ||
| 124 | |||
| 125 | @@ -556,7 +556,7 @@ CheckExistsRemoveTransaction::removingRevPtrsHandler() { | ||
| 126 | LOG_ERROR(d2_to_dns_logger, | ||
| 127 | DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) | ||
| 128 | .arg(getRequestId()) | ||
| 129 | - .arg(getDnsUpdateStatus()) | ||
| 130 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 131 | .arg(getNcr()->getFqdn()) | ||
| 132 | .arg(getCurrentServer()->toText()); | ||
| 133 | |||
| 134 | diff --git a/src/bin/d2/d2_queue_mgr.cc b/src/bin/d2/d2_queue_mgr.cc | ||
| 135 | index f902b22..effa56b 100644 | ||
| 136 | --- a/src/bin/d2/d2_queue_mgr.cc | ||
| 137 | +++ b/src/bin/d2/d2_queue_mgr.cc | ||
| 138 | @@ -78,7 +78,7 @@ D2QueueMgr::operator()(const dhcp_ddns::NameChangeListener::Result result, | ||
| 139 | // this is unexpected so we will treat it as a receive error. | ||
| 140 | // This is most likely an unforeseen programmatic issue. | ||
| 141 | LOG_ERROR(dhcp_to_d2_logger, DHCP_DDNS_QUEUE_MGR_UNEXPECTED_STOP) | ||
| 142 | - .arg(mgr_state_); | ||
| 143 | + .arg(static_cast<int>(mgr_state_)); | ||
| 144 | stopListening(STOPPED_RECV_ERROR); | ||
| 145 | } | ||
| 146 | |||
| 147 | diff --git a/src/bin/d2/nc_add.cc b/src/bin/d2/nc_add.cc | ||
| 148 | index 7bffc16..1d17bb2 100644 | ||
| 149 | --- a/src/bin/d2/nc_add.cc | ||
| 150 | +++ b/src/bin/d2/nc_add.cc | ||
| 151 | @@ -272,7 +272,7 @@ NameAddTransaction::addingFwdAddrsHandler() { | ||
| 152 | // bigger is wrong. | ||
| 153 | LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) | ||
| 154 | .arg(getRequestId()) | ||
| 155 | - .arg(getDnsUpdateStatus()) | ||
| 156 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 157 | .arg(getNcr()->getFqdn()) | ||
| 158 | .arg(getCurrentServer()->toText()); | ||
| 159 | |||
| 160 | @@ -399,7 +399,7 @@ NameAddTransaction::replacingFwdAddrsHandler() { | ||
| 161 | LOG_ERROR(d2_to_dns_logger, | ||
| 162 | DHCP_DDNS_FORWARD_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 163 | .arg(getRequestId()) | ||
| 164 | - .arg(getDnsUpdateStatus()) | ||
| 165 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 166 | .arg(getNcr()->getFqdn()) | ||
| 167 | .arg(getCurrentServer()->toText()); | ||
| 168 | |||
| 169 | @@ -542,7 +542,7 @@ NameAddTransaction::replacingRevPtrsHandler() { | ||
| 170 | LOG_ERROR(d2_to_dns_logger, | ||
| 171 | DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 172 | .arg(getRequestId()) | ||
| 173 | - .arg(getDnsUpdateStatus()) | ||
| 174 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 175 | .arg(getNcr()->getFqdn()) | ||
| 176 | .arg(getCurrentServer()->toText()); | ||
| 177 | |||
| 178 | diff --git a/src/bin/d2/nc_remove.cc b/src/bin/d2/nc_remove.cc | ||
| 179 | index 874e43b..182343c 100644 | ||
| 180 | --- a/src/bin/d2/nc_remove.cc | ||
| 181 | +++ b/src/bin/d2/nc_remove.cc | ||
| 182 | @@ -268,7 +268,7 @@ NameRemoveTransaction::removingFwdAddrsHandler() { | ||
| 183 | LOG_ERROR(d2_to_dns_logger, | ||
| 184 | DHCP_DDNS_FORWARD_REMOVE_ADDRS_BAD_DNSCLIENT_STATUS) | ||
| 185 | .arg(getRequestId()) | ||
| 186 | - .arg(getDnsUpdateStatus()) | ||
| 187 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 188 | .arg(getNcr()->getFqdn()) | ||
| 189 | .arg(getCurrentServer()->toText()); | ||
| 190 | |||
| 191 | @@ -404,7 +404,7 @@ NameRemoveTransaction::removingFwdRRsHandler() { | ||
| 192 | LOG_ERROR(d2_to_dns_logger, | ||
| 193 | DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) | ||
| 194 | .arg(getRequestId()) | ||
| 195 | - .arg(getDnsUpdateStatus()) | ||
| 196 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 197 | .arg(getNcr()->getFqdn()) | ||
| 198 | .arg(getCurrentServer()->toText()); | ||
| 199 | |||
| 200 | @@ -555,7 +555,7 @@ NameRemoveTransaction::removingRevPtrsHandler() { | ||
| 201 | LOG_ERROR(d2_to_dns_logger, | ||
| 202 | DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) | ||
| 203 | .arg(getRequestId()) | ||
| 204 | - .arg(getDnsUpdateStatus()) | ||
| 205 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 206 | .arg(getNcr()->getFqdn()) | ||
| 207 | .arg(getCurrentServer()->toText()); | ||
| 208 | |||
| 209 | diff --git a/src/bin/d2/simple_add.cc b/src/bin/d2/simple_add.cc | ||
| 210 | index 6113b4d..73aa5b4 100644 | ||
| 211 | --- a/src/bin/d2/simple_add.cc | ||
| 212 | +++ b/src/bin/d2/simple_add.cc | ||
| 213 | @@ -259,7 +259,7 @@ SimpleAddTransaction::replacingFwdAddrsHandler() { | ||
| 214 | // bigger is wrong. | ||
| 215 | LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) | ||
| 216 | .arg(getRequestId()) | ||
| 217 | - .arg(getDnsUpdateStatus()) | ||
| 218 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 219 | .arg(getNcr()->getFqdn()) | ||
| 220 | .arg(getCurrentServer()->toText()); | ||
| 221 | |||
| 222 | @@ -404,7 +404,7 @@ SimpleAddTransaction::replacingRevPtrsHandler() { | ||
| 223 | LOG_ERROR(d2_to_dns_logger, | ||
| 224 | DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 225 | .arg(getRequestId()) | ||
| 226 | - .arg(getDnsUpdateStatus()) | ||
| 227 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 228 | .arg(getNcr()->getFqdn()) | ||
| 229 | .arg(getCurrentServer()->toText()); | ||
| 230 | |||
| 231 | diff --git a/src/bin/d2/simple_add_without_dhcid.cc b/src/bin/d2/simple_add_without_dhcid.cc | ||
| 232 | index ccea83a..97918ad 100644 | ||
| 233 | --- a/src/bin/d2/simple_add_without_dhcid.cc | ||
| 234 | +++ b/src/bin/d2/simple_add_without_dhcid.cc | ||
| 235 | @@ -260,7 +260,7 @@ SimpleAddWithoutDHCIDTransaction::replacingFwdAddrsHandler() { | ||
| 236 | // bigger is wrong. | ||
| 237 | LOG_ERROR(d2_to_dns_logger, DHCP_DDNS_FORWARD_ADD_BAD_DNSCLIENT_STATUS) | ||
| 238 | .arg(getRequestId()) | ||
| 239 | - .arg(getDnsUpdateStatus()) | ||
| 240 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 241 | .arg(getNcr()->getFqdn()) | ||
| 242 | .arg(getCurrentServer()->toText()); | ||
| 243 | |||
| 244 | @@ -406,7 +406,7 @@ SimpleAddWithoutDHCIDTransaction::replacingRevPtrsHandler() { | ||
| 245 | LOG_ERROR(d2_to_dns_logger, | ||
| 246 | DHCP_DDNS_REVERSE_REPLACE_BAD_DNSCLIENT_STATUS) | ||
| 247 | .arg(getRequestId()) | ||
| 248 | - .arg(getDnsUpdateStatus()) | ||
| 249 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 250 | .arg(getNcr()->getFqdn()) | ||
| 251 | .arg(getCurrentServer()->toText()); | ||
| 252 | |||
| 253 | diff --git a/src/bin/d2/simple_remove.cc b/src/bin/d2/simple_remove.cc | ||
| 254 | index e1d9a78..14f416b 100644 | ||
| 255 | --- a/src/bin/d2/simple_remove.cc | ||
| 256 | +++ b/src/bin/d2/simple_remove.cc | ||
| 257 | @@ -272,7 +272,7 @@ SimpleRemoveTransaction::removingFwdRRsHandler() { | ||
| 258 | LOG_ERROR(d2_to_dns_logger, | ||
| 259 | DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) | ||
| 260 | .arg(getRequestId()) | ||
| 261 | - .arg(getDnsUpdateStatus()) | ||
| 262 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 263 | .arg(getNcr()->getFqdn()) | ||
| 264 | .arg(getCurrentServer()->toText()); | ||
| 265 | |||
| 266 | @@ -423,7 +423,7 @@ SimpleRemoveTransaction::removingRevPtrsHandler() { | ||
| 267 | LOG_ERROR(d2_to_dns_logger, | ||
| 268 | DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) | ||
| 269 | .arg(getRequestId()) | ||
| 270 | - .arg(getDnsUpdateStatus()) | ||
| 271 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 272 | .arg(getNcr()->getFqdn()) | ||
| 273 | .arg(getCurrentServer()->toText()); | ||
| 274 | |||
| 275 | diff --git a/src/bin/d2/simple_remove_without_dhcid.cc b/src/bin/d2/simple_remove_without_dhcid.cc | ||
| 276 | index 04fe4df..cefdda8 100644 | ||
| 277 | --- a/src/bin/d2/simple_remove_without_dhcid.cc | ||
| 278 | +++ b/src/bin/d2/simple_remove_without_dhcid.cc | ||
| 279 | @@ -273,7 +273,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingFwdRRsHandler() { | ||
| 280 | LOG_ERROR(d2_to_dns_logger, | ||
| 281 | DHCP_DDNS_FORWARD_REMOVE_RRS_BAD_DNSCLIENT_STATUS) | ||
| 282 | .arg(getRequestId()) | ||
| 283 | - .arg(getDnsUpdateStatus()) | ||
| 284 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 285 | .arg(getNcr()->getFqdn()) | ||
| 286 | .arg(getCurrentServer()->toText()); | ||
| 287 | |||
| 288 | @@ -425,7 +425,7 @@ SimpleRemoveWithoutDHCIDTransaction::removingRevPtrsHandler() { | ||
| 289 | LOG_ERROR(d2_to_dns_logger, | ||
| 290 | DHCP_DDNS_REVERSE_REMOVE_BAD_DNSCLIENT_STATUS) | ||
| 291 | .arg(getRequestId()) | ||
| 292 | - .arg(getDnsUpdateStatus()) | ||
| 293 | + .arg(static_cast<int>(getDnsUpdateStatus())) | ||
| 294 | .arg(getNcr()->getFqdn()) | ||
| 295 | .arg(getCurrentServer()->toText()); | ||
| 296 | |||
| 297 | diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc | ||
| 298 | index 0701ed4..471e94c 100644 | ||
| 299 | --- a/src/bin/dhcp4/dhcp4_srv.cc | ||
| 300 | +++ b/src/bin/dhcp4/dhcp4_srv.cc | ||
| 301 | @@ -5101,7 +5101,7 @@ Dhcpv4Srv::d2ClientErrorHandler(const | ||
| 302 | dhcp_ddns::NameChangeSender::Result result, | ||
| 303 | dhcp_ddns::NameChangeRequestPtr& ncr) { | ||
| 304 | LOG_ERROR(ddns4_logger, DHCP4_DDNS_REQUEST_SEND_FAILED). | ||
| 305 | - arg(result).arg((ncr ? ncr->toText() : " NULL ")); | ||
| 306 | + arg(static_cast<int>(result)).arg((ncr ? ncr->toText() : " NULL ")); | ||
| 307 | // We cannot communicate with kea-dhcp-ddns, suspend further updates. | ||
| 308 | /// @todo We may wish to revisit this, but for now we will simply turn | ||
| 309 | /// them off. | ||
| 310 | diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc | ||
| 311 | index 417960b..818046d 100644 | ||
| 312 | --- a/src/bin/dhcp6/dhcp6_srv.cc | ||
| 313 | +++ b/src/bin/dhcp6/dhcp6_srv.cc | ||
| 314 | @@ -5054,7 +5054,7 @@ Dhcpv6Srv::d2ClientErrorHandler(const | ||
| 315 | dhcp_ddns::NameChangeSender::Result result, | ||
| 316 | dhcp_ddns::NameChangeRequestPtr& ncr) { | ||
| 317 | LOG_ERROR(ddns6_logger, DHCP6_DDNS_REQUEST_SEND_FAILED). | ||
| 318 | - arg(result).arg((ncr ? ncr->toText() : " NULL ")); | ||
| 319 | + arg(static_cast<int>(result)).arg((ncr ? ncr->toText() : " NULL ")); | ||
| 320 | // We cannot communicate with kea-dhcp-ddns, suspend further updates. | ||
| 321 | /// @todo We may wish to revisit this, but for now we will simply turn | ||
| 322 | /// them off. | ||
| 323 | diff --git a/src/hooks/dhcp/radius/radius_accounting.cc b/src/hooks/dhcp/radius/radius_accounting.cc | ||
| 324 | index 30eb07e..31f6d5e 100644 | ||
| 325 | --- a/src/hooks/dhcp/radius/radius_accounting.cc | ||
| 326 | +++ b/src/hooks/dhcp/radius/radius_accounting.cc | ||
| 327 | @@ -760,7 +760,7 @@ RadiusAccounting::terminate(RadiusAcctEnv env, int result) { | ||
| 328 | if (result != OK_RC) { | ||
| 329 | LOG_ERROR(radius_logger, RADIUS_ACCOUNTING_ERROR) | ||
| 330 | .arg(env.session_id_) | ||
| 331 | - .arg(env.event_) | ||
| 332 | + .arg(static_cast<int>(env.event_)) | ||
| 333 | .arg(eventToText(env.event_)) | ||
| 334 | .arg(result) | ||
| 335 | .arg(exchangeRCtoText(result)); | ||
| 336 | diff --git a/src/lib/dhcpsrv/csv_lease_file6.cc b/src/lib/dhcpsrv/csv_lease_file6.cc | ||
| 337 | index 830d2e5..a899aef 100644 | ||
| 338 | --- a/src/lib/dhcpsrv/csv_lease_file6.cc | ||
| 339 | +++ b/src/lib/dhcpsrv/csv_lease_file6.cc | ||
| 340 | @@ -51,7 +51,7 @@ CSVLeaseFile6::append(const Lease6& lease) { | ||
| 341 | row.writeAt(getColumnIndex("expire"), static_cast<uint64_t>(lease.cltt_) + lease.valid_lft_); | ||
| 342 | row.writeAt(getColumnIndex("subnet_id"), lease.subnet_id_); | ||
| 343 | row.writeAt(getColumnIndex("pref_lifetime"), lease.preferred_lft_); | ||
| 344 | - row.writeAt(getColumnIndex("lease_type"), lease.type_); | ||
| 345 | + row.writeAt(getColumnIndex("lease_type"), isc::dhcp::Lease::typeToText(lease.type_)); | ||
| 346 | row.writeAt(getColumnIndex("iaid"), lease.iaid_); | ||
| 347 | row.writeAt(getColumnIndex("prefix_len"), | ||
| 348 | static_cast<int>(lease.prefixlen_)); | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch b/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch deleted file mode 100644 index 44fe82bce0..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-meson-use-a-runtime-safe-interpreter-string.patch +++ /dev/null | |||
| @@ -1,123 +0,0 @@ | |||
| 1 | From 5ec5e08edc059ed0c0d430dc8e02cd64bebc8d1c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Thu, 28 Aug 2025 17:02:49 -0700 | ||
| 4 | Subject: [PATCH] meson: use a runtime-safe interpreter string | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | In cross builds, python.find_installation() (what | ||
| 10 | PYTHON usually comes from) must be a native | ||
| 11 | interpreter (since Meson runs it during configure), | ||
| 12 | but you don’t want that absolute native path baked | ||
| 13 | into target files. You want a runtime/target path | ||
| 14 | such as /usr/bin/env python3 (portable) or | ||
| 15 | /usr/bin/python3 | ||
| 16 | |||
| 17 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087] | ||
| 18 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 19 | --- | ||
| 20 | doc/sphinx/meson.build | 8 +++++++- | ||
| 21 | meson.build | 8 +++++++- | ||
| 22 | src/bin/shell/tests/meson.build | 8 +++++++- | ||
| 23 | src/lib/util/python/meson.build | 8 +++++++- | ||
| 24 | 4 files changed, 28 insertions(+), 4 deletions(-) | ||
| 25 | |||
| 26 | --- a/doc/sphinx/meson.build | ||
| 27 | +++ b/doc/sphinx/meson.build | ||
| 28 | @@ -70,7 +70,13 @@ doc_conf.set('builddir', meson.current_b | ||
| 29 | doc_conf.set('srcdir', meson.current_source_dir()) | ||
| 30 | doc_conf.set('sphinxbuilddir', sphinxbuilddir) | ||
| 31 | doc_conf.set('abs_sphinxbuilddir', abs_sphinxbuilddir) | ||
| 32 | -doc_conf.set('PYTHON', PYTHON.full_path()) | ||
| 33 | +# During cross builds, avoid embedding the native Python path into target artifacts. | ||
| 34 | +# Use a runtime-safe interpreter path for the target. | ||
| 35 | +py_for_runtime = '/usr/bin/env python3' | ||
| 36 | +if not meson.is_cross_build() | ||
| 37 | + py_for_runtime = PYTHON.full_path() | ||
| 38 | +endif | ||
| 39 | +doc_conf.set('PYTHON', py_for_runtime) | ||
| 40 | doc_conf.set('TOP_SOURCE_DIR', TOP_SOURCE_DIR) | ||
| 41 | if PDFLATEX.found() | ||
| 42 | doc_conf.set('HAVE_PDFLATEX', 'yes') | ||
| 43 | --- a/meson.build | ||
| 44 | +++ b/meson.build | ||
| 45 | @@ -638,9 +638,13 @@ link_args = [] | ||
| 46 | # Also, Meson might use it by default, but might not use it on all systems, so lots of variables... | ||
| 47 | # EXECUTABLE_RPATH = f'$ORIGIN/../@LIBDIR@' | ||
| 48 | # HOOK_RPATH = '$ORIGIN/../..' | ||
| 49 | - | ||
| 50 | +if not meson.is_cross_build() | ||
| 51 | BUILD_RPATH = TOP_BUILD_DIR / 'src/lib' | ||
| 52 | INSTALL_RPATH = LIBDIR_INSTALLED | ||
| 53 | +else | ||
| 54 | +BUILD_RPATH = '' | ||
| 55 | +INSTALL_RPATH = '' | ||
| 56 | +endif | ||
| 57 | |||
| 58 | # Add rpaths for NETCONF dependencies. | ||
| 59 | if NETCONF_DEP.found() | ||
| 60 | @@ -759,7 +763,13 @@ report_conf_data.set('CXX_ARGS', ' '.joi | ||
| 61 | report_conf_data.set('LD_ID', cpp.get_linker_id()) | ||
| 62 | link_args += get_option('cpp_link_args') | ||
| 63 | report_conf_data.set('LD_ARGS', ' '.join(link_args)) | ||
| 64 | -report_conf_data.set('PYTHON_PATH', PYTHON.full_path()) | ||
| 65 | +# During cross builds, avoid embedding the native Python path into target artifacts. | ||
| 66 | +# Use a runtime-safe interpreter path for the target. | ||
| 67 | +py_for_runtime = '/usr/bin/env python3' | ||
| 68 | +if not meson.is_cross_build() | ||
| 69 | + py_for_runtime = PYTHON.full_path() | ||
| 70 | +endif | ||
| 71 | +report_conf_data.set('PYTHON_PATH', py_for_runtime) | ||
| 72 | report_conf_data.set('PYTHON_VERSION', PYTHON.version()) | ||
| 73 | report_conf_data.set('PKGPYTHONDIR', PKGPYTHONDIR) | ||
| 74 | result = cpp.run( | ||
| 75 | --- a/src/bin/shell/tests/meson.build | ||
| 76 | +++ b/src/bin/shell/tests/meson.build | ||
| 77 | @@ -3,7 +3,13 @@ if not TESTS_OPT.enabled() | ||
| 78 | endif | ||
| 79 | |||
| 80 | shell_tests_conf_data = configuration_data() | ||
| 81 | -shell_tests_conf_data.set('PYTHON', PYTHON.full_path()) | ||
| 82 | +# During cross builds, avoid embedding the native Python path into target artifacts. | ||
| 83 | +# Use a runtime-safe interpreter path for the target. | ||
| 84 | +py_for_runtime = '/usr/bin/env python3' | ||
| 85 | +if not meson.is_cross_build() | ||
| 86 | + py_for_runtime = PYTHON.full_path() | ||
| 87 | +endif | ||
| 88 | +shell_tests_conf_data.set('PYTHON', py_for_runtime) | ||
| 89 | shell_tests_conf_data.set('abs_top_builddir', TOP_BUILD_DIR) | ||
| 90 | shell_tests_conf_data.set('abs_top_srcdir', TOP_SOURCE_DIR) | ||
| 91 | shell_unittest = configure_file( | ||
| 92 | --- a/src/lib/util/python/meson.build | ||
| 93 | +++ b/src/lib/util/python/meson.build | ||
| 94 | @@ -4,7 +4,13 @@ endif | ||
| 95 | |||
| 96 | configure_file(input: 'const2hdr.py', output: 'const2hdr.py', copy: true) | ||
| 97 | util_python_conf_data = configuration_data() | ||
| 98 | -util_python_conf_data.set('PYTHON', PYTHON.full_path()) | ||
| 99 | +# During cross builds, avoid embedding the native Python path into target artifacts. | ||
| 100 | +# Use a runtime-safe interpreter path for the target. | ||
| 101 | +py_for_runtime = '/usr/bin/env python3' | ||
| 102 | +if not meson.is_cross_build() | ||
| 103 | + py_for_runtime = PYTHON.full_path() | ||
| 104 | +endif | ||
| 105 | +util_python_conf_data.set('PYTHON', py_for_runtime) | ||
| 106 | configure_file( | ||
| 107 | input: 'gen_wiredata.py.in', | ||
| 108 | output: 'gen_wiredata.py', | ||
| 109 | --- a/src/bin/shell/meson.build | ||
| 110 | +++ b/src/bin/shell/meson.build | ||
| 111 | @@ -1,5 +1,11 @@ | ||
| 112 | kea_shell_conf_data = configuration_data() | ||
| 113 | -kea_shell_conf_data.set('PYTHON', PYTHON.full_path()) | ||
| 114 | +# During cross builds, avoid embedding the native Python path into target artifacts. | ||
| 115 | +# Use a runtime-safe interpreter path for the target. | ||
| 116 | +py_for_runtime = '/usr/bin/env python3' | ||
| 117 | +if not meson.is_cross_build() | ||
| 118 | + py_for_runtime = PYTHON.full_path() | ||
| 119 | +endif | ||
| 120 | +kea_shell_conf_data.set('PYTHON', py_for_runtime) | ||
| 121 | kea_shell_conf_data.set('PACKAGE_VERSION', PROJECT_VERSION) | ||
| 122 | kea_shell_conf_data.set( | ||
| 123 | 'EXTENDED_VERSION', | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch b/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch deleted file mode 100644 index 521fac4629..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-mk_cfgrpt.sh-strip-prefixes.patch +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | From c8a1f0b9c17c8485bdeac045e5afdcd4467c1c14 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Thu, 28 Aug 2025 17:31:39 -0700 | ||
| 4 | Subject: [PATCH] mk_cfgrpt.sh: strip prefixes | ||
| 5 | |||
| 6 | Add support for a STRIP_PREFIXES env var (colon-separated list). | ||
| 7 | The script will pipe its output through sed to remove any of those prefixes. | ||
| 8 | |||
| 9 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/4087] | ||
| 10 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 11 | --- | ||
| 12 | tools/mk_cfgrpt.sh | 22 +++++++++++++++++++++- | ||
| 13 | 1 file changed, 21 insertions(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/tools/mk_cfgrpt.sh b/tools/mk_cfgrpt.sh | ||
| 16 | index bc0cc41..8f41ce1 100755 | ||
| 17 | --- a/tools/mk_cfgrpt.sh | ||
| 18 | +++ b/tools/mk_cfgrpt.sh | ||
| 19 | @@ -43,6 +43,26 @@ then | ||
| 20 | exit 2 | ||
| 21 | fi | ||
| 22 | |||
| 23 | +# Optional: strip absolute path prefixes from generated output to make | ||
| 24 | +# cross-builds reproducible (e.g. Yocto sysroot/work dirs). | ||
| 25 | +# Provide colon-separated prefixes via STRIP_PREFIXES. | ||
| 26 | +strip_paths() { | ||
| 27 | + if [ -z "${STRIP_PREFIXES:-}" ]; then | ||
| 28 | + cat | ||
| 29 | + return | ||
| 30 | + fi | ||
| 31 | + # Build a sed script that removes each prefix wherever it appears. | ||
| 32 | + SED_SCRIPT= | ||
| 33 | + IFS=':'; for p in $STRIP_PREFIXES; do | ||
| 34 | + [ -n "$p" ] || continue | ||
| 35 | + # Escape forward slashes | ||
| 36 | + ep=$(printf '%s' "$p" | sed 's,/,\\/,g') | ||
| 37 | + SED_SCRIPT="${SED_SCRIPT}s/${ep}//g;" | ||
| 38 | + done | ||
| 39 | + IFS=' ' | ||
| 40 | + sed -e "$SED_SCRIPT" | ||
| 41 | +} | ||
| 42 | + | ||
| 43 | # Header | ||
| 44 | cat >> "${dest}" << END | ||
| 45 | // config_report.cc. Generated from config.report by tools/mk_cfgrpt.sh | ||
| 46 | @@ -55,7 +75,7 @@ END | ||
| 47 | |||
| 48 | # Body: escape '\'s and '"'s, preprend ' ";;;; ' and append '",' | ||
| 49 | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/^/ ";;;; /' -e 's/$/",/' \ | ||
| 50 | - < "${report_file}" >> "${dest}" | ||
| 51 | + < "${report_file}" | strip_paths >> "${dest}" | ||
| 52 | |||
| 53 | # Trailer | ||
| 54 | cat >> "${dest}" <<END | ||
diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch deleted file mode 100644 index 1ab09e39a2..0000000000 --- a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch +++ /dev/null | |||
| @@ -1,26 +0,0 @@ | |||
| 1 | From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | ||
| 3 | Date: Tue, 10 Nov 2020 15:57:03 +0000 | ||
| 4 | Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build | ||
| 5 | path into binary | ||
| 6 | |||
| 7 | This breaks reproducibility and is needed only in unit testing. | ||
| 8 | |||
| 9 | Upstream-Status: Inappropriate [oe-core specific] | ||
| 10 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||
| 11 | |||
| 12 | --- | ||
| 13 | src/lib/log/logger_unittest_support.cc | 2 +- | ||
| 14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 15 | |||
| 16 | --- a/src/lib/log/logger_unittest_support.cc | ||
| 17 | +++ b/src/lib/log/logger_unittest_support.cc | ||
| 18 | @@ -84,7 +84,7 @@ void initLogger(isc::log::Severity sever | ||
| 19 | const char* localfile = getenv("KEA_LOGGER_LOCALMSG"); | ||
| 20 | |||
| 21 | // Set a directory for creating lockfiles when running tests | ||
| 22 | - setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); | ||
| 23 | + //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0); | ||
| 24 | |||
| 25 | // Initialize logging | ||
| 26 | initLogger(root, severity, dbglevel, localfile); | ||
diff --git a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch b/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch deleted file mode 100644 index 659627deba..0000000000 --- a/meta/recipes-connectivity/kea/files/CVE-2025-11232.patch +++ /dev/null | |||
| @@ -1,474 +0,0 @@ | |||
| 1 | From 92b65b2345e07d826b56ffd65cf47538f1c7a271 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Thomas Markwalder <tmark@isc.org> | ||
| 3 | Date: Tue, 7 Oct 2025 14:41:16 -0400 | ||
| 4 | Subject: [PATCH] [#4155] Backport #4142 to v3_0 | ||
| 5 | |||
| 6 | Invalid characters cause assert | ||
| 7 | |||
| 8 | To trigger the issue, three configuration parameters must have | ||
| 9 | specific settings: "hostname-char-set" must be left at the default | ||
| 10 | setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must | ||
| 11 | be empty (the default); and "ddns-qualifying-suffix" must NOT be empty | ||
| 12 | (the default is empty). DDNS updates do not need to be enabled for | ||
| 13 | this issue to manifest. A client that sends certain option content | ||
| 14 | would then cause kea-dhcp4 to exit unexpectedly. | ||
| 15 | |||
| 16 | CVE: CVE-2025-11232 | ||
| 17 | Upstream-Status: Backport [https://github.com/isc-projects/kea/commit/92b65b2345e07d826b56ffd65cf47538f1c7a271] | ||
| 18 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 19 | |||
| 20 | new file: changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname | ||
| 21 | modified: src/bin/dhcp4/dhcp4_messages.cc | ||
| 22 | modified: src/bin/dhcp4/dhcp4_messages.h | ||
| 23 | modified: src/bin/dhcp4/dhcp4_messages.mes | ||
| 24 | modified: src/bin/dhcp4/dhcp4_srv.cc | ||
| 25 | modified: src/bin/dhcp4/tests/fqdn_unittest.cc | ||
| 26 | modified: src/bin/dhcp6/dhcp6_messages.cc | ||
| 27 | modified: src/bin/dhcp6/dhcp6_messages.h | ||
| 28 | modified: src/bin/dhcp6/dhcp6_messages.mes | ||
| 29 | modified: src/bin/dhcp6/dhcp6_srv.cc | ||
| 30 | modified: src/bin/dhcp6/tests/fqdn_unittest.cc | ||
| 31 | modified: src/lib/dhcpsrv/d2_client_mgr.cc | ||
| 32 | modified: src/lib/dhcpsrv/d2_client_mgr.h | ||
| 33 | modified: src/lib/dhcpsrv/tests/d2_client_unittest.cc | ||
| 34 | --- | ||
| 35 | ...-2025-11232-catch-empty-sanitized-hostname | 6 +++ | ||
| 36 | src/bin/dhcp4/dhcp4_messages.cc | 4 ++ | ||
| 37 | src/bin/dhcp4/dhcp4_messages.h | 2 + | ||
| 38 | src/bin/dhcp4/dhcp4_messages.mes | 14 +++++ | ||
| 39 | src/bin/dhcp4/dhcp4_srv.cc | 21 ++++++-- | ||
| 40 | src/bin/dhcp4/tests/fqdn_unittest.cc | 54 ++++++++++++++++++- | ||
| 41 | src/bin/dhcp6/dhcp6_messages.cc | 2 + | ||
| 42 | src/bin/dhcp6/dhcp6_messages.h | 1 + | ||
| 43 | src/bin/dhcp6/dhcp6_messages.mes | 7 +++ | ||
| 44 | src/bin/dhcp6/dhcp6_srv.cc | 9 +++- | ||
| 45 | src/bin/dhcp6/tests/fqdn_unittest.cc | 23 ++++++++ | ||
| 46 | src/lib/dhcpsrv/d2_client_mgr.cc | 9 +++- | ||
| 47 | src/lib/dhcpsrv/d2_client_mgr.h | 19 ++++++- | ||
| 48 | src/lib/dhcpsrv/tests/d2_client_unittest.cc | 42 +++++++++++++++ | ||
| 49 | 14 files changed, 205 insertions(+), 8 deletions(-) | ||
| 50 | create mode 100644 changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname | ||
| 51 | |||
| 52 | diff --git a/src/bin/dhcp4/dhcp4_messages.cc b/src/bin/dhcp4/dhcp4_messages.cc | ||
| 53 | index e06ce6a121..5c6a334bad 100644 | ||
| 54 | --- a/src/bin/dhcp4/dhcp4_messages.cc | ||
| 55 | +++ b/src/bin/dhcp4/dhcp4_messages.cc | ||
| 56 | @@ -26,9 +26,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED = "DHCP4_CLASS_UNCONFI | ||
| 57 | extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES = "DHCP4_CLIENTID_IGNORED_FOR_LEASES"; | ||
| 58 | extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA = "DHCP4_CLIENT_FQDN_DATA"; | ||
| 59 | extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS = "DHCP4_CLIENT_FQDN_PROCESS"; | ||
| 60 | +extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY"; | ||
| 61 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA = "DHCP4_CLIENT_HOSTNAME_DATA"; | ||
| 62 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED = "DHCP4_CLIENT_HOSTNAME_MALFORMED"; | ||
| 63 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS = "DHCP4_CLIENT_HOSTNAME_PROCESS"; | ||
| 64 | +extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY"; | ||
| 65 | extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL = "DHCP4_CLIENT_NAME_PROC_FAIL"; | ||
| 66 | extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE = "DHCP4_CONFIG_COMPLETE"; | ||
| 67 | extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL = "DHCP4_CONFIG_LOAD_FAIL"; | ||
| 68 | @@ -206,9 +208,11 @@ const char* values[] = { | ||
| 69 | "DHCP4_CLIENTID_IGNORED_FOR_LEASES", "%1: not using client identifier for lease allocation for subnet %2", | ||
| 70 | "DHCP4_CLIENT_FQDN_DATA", "%1: Client sent FQDN option: %2", | ||
| 71 | "DHCP4_CLIENT_FQDN_PROCESS", "%1: processing Client FQDN option", | ||
| 72 | + "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string", | ||
| 73 | "DHCP4_CLIENT_HOSTNAME_DATA", "%1: client sent Hostname option: %2", | ||
| 74 | "DHCP4_CLIENT_HOSTNAME_MALFORMED", "%1: client hostname option malformed: %2", | ||
| 75 | "DHCP4_CLIENT_HOSTNAME_PROCESS", "%1: processing client's Hostname option", | ||
| 76 | + "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY", "%1: sanitizing client's Hostname option '%2' yielded an empty string", | ||
| 77 | "DHCP4_CLIENT_NAME_PROC_FAIL", "%1: failed to process the fqdn or hostname sent by a client: %2", | ||
| 78 | "DHCP4_CONFIG_COMPLETE", "DHCPv4 server has completed configuration: %1", | ||
| 79 | "DHCP4_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2", | ||
| 80 | diff --git a/src/bin/dhcp4/dhcp4_messages.h b/src/bin/dhcp4/dhcp4_messages.h | ||
| 81 | index 9a4d0cda21..6e45c63053 100644 | ||
| 82 | --- a/src/bin/dhcp4/dhcp4_messages.h | ||
| 83 | +++ b/src/bin/dhcp4/dhcp4_messages.h | ||
| 84 | @@ -27,9 +27,11 @@ extern const isc::log::MessageID DHCP4_CLASS_UNCONFIGURED; | ||
| 85 | extern const isc::log::MessageID DHCP4_CLIENTID_IGNORED_FOR_LEASES; | ||
| 86 | extern const isc::log::MessageID DHCP4_CLIENT_FQDN_DATA; | ||
| 87 | extern const isc::log::MessageID DHCP4_CLIENT_FQDN_PROCESS; | ||
| 88 | +extern const isc::log::MessageID DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY; | ||
| 89 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_DATA; | ||
| 90 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_MALFORMED; | ||
| 91 | extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_PROCESS; | ||
| 92 | +extern const isc::log::MessageID DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY; | ||
| 93 | extern const isc::log::MessageID DHCP4_CLIENT_NAME_PROC_FAIL; | ||
| 94 | extern const isc::log::MessageID DHCP4_CONFIG_COMPLETE; | ||
| 95 | extern const isc::log::MessageID DHCP4_CONFIG_LOAD_FAIL; | ||
| 96 | diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes | ||
| 97 | index 1deb2e6074..b359d09616 100644 | ||
| 98 | --- a/src/bin/dhcp4/dhcp4_messages.mes | ||
| 99 | +++ b/src/bin/dhcp4/dhcp4_messages.mes | ||
| 100 | @@ -164,6 +164,20 @@ This debug message is issued when the server starts processing the Hostname | ||
| 101 | option sent in the client's query. The argument includes the client and | ||
| 102 | transaction identification information. | ||
| 103 | |||
| 104 | +% DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY %1: sanitizing client's Hostname option '%2' yielded an empty string | ||
| 105 | +Logged at debug log level 50. | ||
| 106 | +This debug message is issued when the result of sanitizing the | ||
| 107 | +hostname option(12) sent by the client is an empty string. When this occurs | ||
| 108 | +the server will ignore the hostname option. The arguments include the | ||
| 109 | +client and the hostname option it sent. | ||
| 110 | + | ||
| 111 | +% DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string | ||
| 112 | +Logged at debug log level 50. | ||
| 113 | +This debug message is issued when the result of sanitizing the | ||
| 114 | +FQDN option(81) sent by the client is an empty string. When this occurs | ||
| 115 | +the server will ignore the FQDN option. The arguments include the | ||
| 116 | +client and the FQDN option it sent. | ||
| 117 | + | ||
| 118 | % DHCP4_CLIENT_NAME_PROC_FAIL %1: failed to process the fqdn or hostname sent by a client: %2 | ||
| 119 | Logged at debug log level 55. | ||
| 120 | This debug message is issued when the DHCP server was unable to process the | ||
| 121 | diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc | ||
| 122 | index 0701ed41e9..a6be662889 100644 | ||
| 123 | --- a/src/bin/dhcp4/dhcp4_srv.cc | ||
| 124 | +++ b/src/bin/dhcp4/dhcp4_srv.cc | ||
| 125 | @@ -2714,8 +2714,15 @@ Dhcpv4Srv::processClientFqdnOption(Dhcpv4Exchange& ex) { | ||
| 126 | } else { | ||
| 127 | // Adjust the domain name based on domain name value and type sent by the | ||
| 128 | // client and current configuration. | ||
| 129 | - d2_mgr.adjustDomainName<Option4ClientFqdn>(*fqdn, *fqdn_resp, | ||
| 130 | - *(ex.getContext()->getDdnsParams())); | ||
| 131 | + try { | ||
| 132 | + d2_mgr.adjustDomainName<Option4ClientFqdn>(*fqdn, *fqdn_resp, | ||
| 133 | + *(ex.getContext()->getDdnsParams())); | ||
| 134 | + } catch (const FQDNScrubbedEmpty& scrubbed) { | ||
| 135 | + LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY) | ||
| 136 | + .arg(ex.getQuery()->getLabel()) | ||
| 137 | + .arg(scrubbed.what()); | ||
| 138 | + return; | ||
| 139 | + } | ||
| 140 | } | ||
| 141 | |||
| 142 | // Add FQDN option to the response message. Note that, there may be some | ||
| 143 | @@ -2857,7 +2864,15 @@ Dhcpv4Srv::processHostnameOption(Dhcpv4Exchange& ex) { | ||
| 144 | ex.getContext()->getDdnsParams()->getHostnameSanitizer(); | ||
| 145 | |||
| 146 | if (sanitizer) { | ||
| 147 | - hostname = sanitizer->scrub(hostname); | ||
| 148 | + auto tmp = sanitizer->scrub(hostname); | ||
| 149 | + if (tmp.empty()) { | ||
| 150 | + LOG_DEBUG(ddns4_logger, DBG_DHCP4_DETAIL, DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY) | ||
| 151 | + .arg(ex.getQuery()->getLabel()) | ||
| 152 | + .arg(hostname); | ||
| 153 | + return; | ||
| 154 | + } | ||
| 155 | + | ||
| 156 | + hostname = tmp; | ||
| 157 | } | ||
| 158 | |||
| 159 | // Convert hostname to lower case. | ||
| 160 | diff --git a/src/bin/dhcp4/tests/fqdn_unittest.cc b/src/bin/dhcp4/tests/fqdn_unittest.cc | ||
| 161 | index a5d3e4c21a..18e4c6d4b9 100644 | ||
| 162 | --- a/src/bin/dhcp4/tests/fqdn_unittest.cc | ||
| 163 | +++ b/src/bin/dhcp4/tests/fqdn_unittest.cc | ||
| 164 | @@ -2253,7 +2253,7 @@ TEST_F(NameDhcpv4SrvTest, sanitizeHostDefault) { | ||
| 165 | }, | ||
| 166 | { | ||
| 167 | "qualified host name with nuls", | ||
| 168 | - std::string("four-ok-host\000.other.org",23), | ||
| 169 | + std::string("four-ok-host\000.other.org", 23), | ||
| 170 | "four-ok-host.other.org" | ||
| 171 | } | ||
| 172 | }; | ||
| 173 | @@ -3203,4 +3203,56 @@ TEST_F(NameDhcpv4SrvTest, poolDdnsParametersTest) { | ||
| 174 | } | ||
| 175 | } | ||
| 176 | |||
| 177 | +// Verifies that when the FQDN option is scrubbed empty it is logged | ||
| 178 | +// and ignored. | ||
| 179 | +TEST_F(NameDhcpv4SrvTest, hostnameScrubbedEmpty) { | ||
| 180 | + Dhcp4Client client(srv_, Dhcp4Client::SELECTING); | ||
| 181 | + | ||
| 182 | + // Configure DHCP server. | ||
| 183 | + configure(CONFIGS[2], *client.getServer()); | ||
| 184 | + | ||
| 185 | + // Set the hostname option. | ||
| 186 | + ASSERT_NO_THROW(client.includeHostname("___")); | ||
| 187 | + | ||
| 188 | + // Send the DHCPDISCOVER and make sure that the server responded. | ||
| 189 | + ASSERT_NO_THROW(client.doDiscover()); | ||
| 190 | + auto resp = client.getContext().response_; | ||
| 191 | + ASSERT_TRUE(resp); | ||
| 192 | + ASSERT_EQ(DHCPOFFER, static_cast<int>(resp->getType())); | ||
| 193 | + | ||
| 194 | + // Should have logged that it was scrubbed empty. | ||
| 195 | + std::string log = "DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY"; | ||
| 196 | + EXPECT_EQ(1, countFile(log)); | ||
| 197 | + | ||
| 198 | + // Hostname should not be in the response. | ||
| 199 | + ASSERT_FALSE(resp->getOption(DHO_HOST_NAME)); | ||
| 200 | +} | ||
| 201 | + | ||
| 202 | +// Verifies that when the FQDN option is scrubbed empty it is logged | ||
| 203 | +// and ignored. | ||
| 204 | +TEST_F(NameDhcpv4SrvTest, fqdnScrubbedEmpty) { | ||
| 205 | + Dhcp4Client client(srv_, Dhcp4Client::SELECTING); | ||
| 206 | + | ||
| 207 | + // Configure DHCP server. | ||
| 208 | + configure(CONFIGS[2], *client.getServer()); | ||
| 209 | + | ||
| 210 | + // Include the Client FQDN option. | ||
| 211 | + ASSERT_NO_THROW(client.includeFQDN(Option4ClientFqdn::FLAG_S | Option4ClientFqdn::FLAG_E, | ||
| 212 | + "___", Option4ClientFqdn::PARTIAL)); | ||
| 213 | + | ||
| 214 | + // Send the DHCPDISCOVER and make sure that the server responded. | ||
| 215 | + ASSERT_NO_THROW(client.doDiscover()); | ||
| 216 | + auto resp = client.getContext().response_; | ||
| 217 | + ASSERT_TRUE(resp); | ||
| 218 | + ASSERT_EQ(DHCPOFFER, static_cast<int>(resp->getType())); | ||
| 219 | + | ||
| 220 | + // Should have logged that it was scrubbed empty. | ||
| 221 | + std::string log = "DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY"; | ||
| 222 | + EXPECT_EQ(1, countFile(log)); | ||
| 223 | + | ||
| 224 | + // Hostname should not be in the response. | ||
| 225 | + ASSERT_FALSE(resp->getOption(DHO_FQDN)); | ||
| 226 | +} | ||
| 227 | + | ||
| 228 | + | ||
| 229 | } // end of anonymous namespace | ||
| 230 | diff --git a/src/bin/dhcp6/dhcp6_messages.cc b/src/bin/dhcp6/dhcp6_messages.cc | ||
| 231 | index 229ba74450..9619481aba 100644 | ||
| 232 | --- a/src/bin/dhcp6/dhcp6_messages.cc | ||
| 233 | +++ b/src/bin/dhcp6/dhcp6_messages.cc | ||
| 234 | @@ -27,6 +27,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED = "DHCP6_CLASSES_ASSIGNE | ||
| 235 | extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION = "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION"; | ||
| 236 | extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED = "DHCP6_CLASS_ASSIGNED"; | ||
| 237 | extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED = "DHCP6_CLASS_UNCONFIGURED"; | ||
| 238 | +extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY = "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY"; | ||
| 239 | extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE = "DHCP6_CONFIG_COMPLETE"; | ||
| 240 | extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL = "DHCP6_CONFIG_LOAD_FAIL"; | ||
| 241 | extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE = "DHCP6_CONFIG_PACKET_QUEUE"; | ||
| 242 | @@ -203,6 +204,7 @@ const char* values[] = { | ||
| 243 | "DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION", "%1: client packet has been assigned to the following classes: %2", | ||
| 244 | "DHCP6_CLASS_ASSIGNED", "%1: client packet has been assigned to the following class: %2", | ||
| 245 | "DHCP6_CLASS_UNCONFIGURED", "%1: client packet belongs to an unconfigured class: %2", | ||
| 246 | + "DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY", "%1: sanitizing client's FQDN option '%2' yielded an empty string", | ||
| 247 | "DHCP6_CONFIG_COMPLETE", "DHCPv6 server has completed configuration: %1", | ||
| 248 | "DHCP6_CONFIG_LOAD_FAIL", "configuration error using file: %1, reason: %2", | ||
| 249 | "DHCP6_CONFIG_PACKET_QUEUE", "DHCPv6 packet queue info after configuration: %1", | ||
| 250 | diff --git a/src/bin/dhcp6/dhcp6_messages.h b/src/bin/dhcp6/dhcp6_messages.h | ||
| 251 | index 186f7d557a..7af56e716a 100644 | ||
| 252 | --- a/src/bin/dhcp6/dhcp6_messages.h | ||
| 253 | +++ b/src/bin/dhcp6/dhcp6_messages.h | ||
| 254 | @@ -28,6 +28,7 @@ extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED; | ||
| 255 | extern const isc::log::MessageID DHCP6_CLASSES_ASSIGNED_AFTER_SUBNET_SELECTION; | ||
| 256 | extern const isc::log::MessageID DHCP6_CLASS_ASSIGNED; | ||
| 257 | extern const isc::log::MessageID DHCP6_CLASS_UNCONFIGURED; | ||
| 258 | +extern const isc::log::MessageID DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY; | ||
| 259 | extern const isc::log::MessageID DHCP6_CONFIG_COMPLETE; | ||
| 260 | extern const isc::log::MessageID DHCP6_CONFIG_LOAD_FAIL; | ||
| 261 | extern const isc::log::MessageID DHCP6_CONFIG_PACKET_QUEUE; | ||
| 262 | diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes | ||
| 263 | index fff50ed367..79fc984ff5 100644 | ||
| 264 | --- a/src/bin/dhcp6/dhcp6_messages.mes | ||
| 265 | +++ b/src/bin/dhcp6/dhcp6_messages.mes | ||
| 266 | @@ -1167,3 +1167,10 @@ such modification. The clients will remember previous server-id, and will | ||
| 267 | use it to extend their leases. As a result, they will have to go through | ||
| 268 | a rebinding phase to re-acquire their leases and associate them with a | ||
| 269 | new server id. | ||
| 270 | + | ||
| 271 | +% DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string | ||
| 272 | +Logged at debug log level 50. | ||
| 273 | +This debug message is issued when the result of sanitizing the | ||
| 274 | +FQDN option(39) sent by the client is an empty string. When this occurs | ||
| 275 | +the server will ignore the FQDN option. The arguments include the | ||
| 276 | +client and the FQDN option it sent. | ||
| 277 | diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc | ||
| 278 | index 417960b126..f999c3178f 100644 | ||
| 279 | --- a/src/bin/dhcp6/dhcp6_srv.cc | ||
| 280 | +++ b/src/bin/dhcp6/dhcp6_srv.cc | ||
| 281 | @@ -2332,7 +2332,14 @@ Dhcpv6Srv::processClientFqdn(const Pkt6Ptr& question, const Pkt6Ptr& answer, | ||
| 282 | } else { | ||
| 283 | // Adjust the domain name based on domain name value and type sent by | ||
| 284 | // the client and current configuration. | ||
| 285 | - d2_mgr.adjustDomainName<Option6ClientFqdn>(*fqdn, *fqdn_resp, *ddns_params); | ||
| 286 | + try { | ||
| 287 | + d2_mgr.adjustDomainName<Option6ClientFqdn>(*fqdn, *fqdn_resp, *ddns_params); | ||
| 288 | + } catch(const FQDNScrubbedEmpty& scrubbed) { | ||
| 289 | + LOG_DEBUG(ddns6_logger, DBG_DHCP6_DETAIL, DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY) | ||
| 290 | + .arg(question->getLabel()) | ||
| 291 | + .arg(scrubbed.what()); | ||
| 292 | + return; | ||
| 293 | + } | ||
| 294 | } | ||
| 295 | |||
| 296 | // Once we have the FQDN setup to use it for the lease hostname. This | ||
| 297 | diff --git a/src/bin/dhcp6/tests/fqdn_unittest.cc b/src/bin/dhcp6/tests/fqdn_unittest.cc | ||
| 298 | index ca51856e67..7891c1f5e6 100644 | ||
| 299 | --- a/src/bin/dhcp6/tests/fqdn_unittest.cc | ||
| 300 | +++ b/src/bin/dhcp6/tests/fqdn_unittest.cc | ||
| 301 | @@ -2425,4 +2425,27 @@ TEST_F(FqdnDhcpv6SrvTest, poolDdnsParametersTest) { | ||
| 302 | } | ||
| 303 | } | ||
| 304 | |||
| 305 | +// Verify an FQDN with all invalid chars is ignored. | ||
| 306 | +TEST_F(FqdnDhcpv6SrvTest, fqdnScrubbedEmpty) { | ||
| 307 | + // Create the query. | ||
| 308 | + Pkt6Ptr question = generateMessage(DHCPV6_SOLICIT, Option6ClientFqdn::FLAG_S, | ||
| 309 | + "___" , Option6ClientFqdn::FULL, true); | ||
| 310 | + ASSERT_TRUE(getClientFqdnOption(question)); | ||
| 311 | + subnet_->setHostnameCharReplacement(""); | ||
| 312 | + | ||
| 313 | + // Create the response with an "assigned" lease. | ||
| 314 | + // Set the selected subnet so ddns params get returned correctly. | ||
| 315 | + AllocEngine::ClientContext6 ctx; | ||
| 316 | + ctx.subnet_ = subnet_; | ||
| 317 | + Pkt6Ptr answer = generateMessageWithIds(DHCPV6_ADVERTISE); | ||
| 318 | + addIA(1234, IOAddress("2001:db8:1::1"), answer, ctx); | ||
| 319 | + | ||
| 320 | + // Process the client's FQDN. | ||
| 321 | + ASSERT_NO_THROW(srv_->processClientFqdn(question, answer, ctx)); | ||
| 322 | + | ||
| 323 | + // Should not have an FQDN option in the answer. | ||
| 324 | + EXPECT_FALSE(answer->getOption(D6O_CLIENT_FQDN)); | ||
| 325 | + countFile("DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY"); | ||
| 326 | +} | ||
| 327 | + | ||
| 328 | } // end of anonymous namespace | ||
| 329 | diff --git a/src/lib/dhcpsrv/d2_client_mgr.cc b/src/lib/dhcpsrv/d2_client_mgr.cc | ||
| 330 | index 84ee11d9fb..54c815176e 100644 | ||
| 331 | --- a/src/lib/dhcpsrv/d2_client_mgr.cc | ||
| 332 | +++ b/src/lib/dhcpsrv/d2_client_mgr.cc | ||
| 333 | @@ -186,10 +186,15 @@ std::string | ||
| 334 | D2ClientMgr::qualifyName(const std::string& partial_name, | ||
| 335 | const DdnsParams& ddns_params, | ||
| 336 | const bool trailing_dot) const { | ||
| 337 | + if (partial_name.empty()) { | ||
| 338 | + isc_throw(BadValue, "D2ClientMgr::qualifyName" | ||
| 339 | + " - partial_name cannot be an empty string"); | ||
| 340 | + } | ||
| 341 | + | ||
| 342 | std::ostringstream gen_name; | ||
| 343 | gen_name << partial_name; | ||
| 344 | std::string suffix = ddns_params.getQualifyingSuffix(); | ||
| 345 | - if (!suffix.empty() && partial_name.back() != '.') { | ||
| 346 | + if (!suffix.empty() && (partial_name.back() != '.')) { | ||
| 347 | bool suffix_present = true; | ||
| 348 | std::string str = gen_name.str(); | ||
| 349 | auto suffix_rit = suffix.rbegin(); | ||
| 350 | @@ -241,7 +246,7 @@ D2ClientMgr::qualifyName(const std::string& partial_name, | ||
| 351 | // If the trailing dot should not be appended but it is present, | ||
| 352 | // remove it. | ||
| 353 | if ((len > 0) && (str[len - 1] == '.')) { | ||
| 354 | - gen_name.str(str.substr(0,len-1)); | ||
| 355 | + gen_name.str(str.substr(0, len-1)); | ||
| 356 | } | ||
| 357 | |||
| 358 | } | ||
| 359 | diff --git a/src/lib/dhcpsrv/d2_client_mgr.h b/src/lib/dhcpsrv/d2_client_mgr.h | ||
| 360 | index 7344f19a40..238fd0a415 100644 | ||
| 361 | --- a/src/lib/dhcpsrv/d2_client_mgr.h | ||
| 362 | +++ b/src/lib/dhcpsrv/d2_client_mgr.h | ||
| 363 | @@ -30,6 +30,14 @@ | ||
| 364 | namespace isc { | ||
| 365 | namespace dhcp { | ||
| 366 | |||
| 367 | +/// @brief Exception thrown when host name sanitizing reduces | ||
| 368 | +/// the domain name to an empty string. | ||
| 369 | +class FQDNScrubbedEmpty : public Exception { | ||
| 370 | +public: | ||
| 371 | + FQDNScrubbedEmpty(const char* file, size_t line, const char* what) : | ||
| 372 | + isc::Exception(file, line, what) { } | ||
| 373 | +}; | ||
| 374 | + | ||
| 375 | /// @brief Defines the type for D2 IO error handler. | ||
| 376 | /// This callback is invoked when a send to kea-dhcp-ddns completes with a | ||
| 377 | /// failed status. This provides the application layer (Kea) with a means to | ||
| 378 | @@ -197,6 +205,7 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler, | ||
| 379 | /// suffix itself is empty (i.e. ""). | ||
| 380 | /// | ||
| 381 | /// @return std::string containing the qualified name. | ||
| 382 | + /// @throw BadValue if partial_name is empty. | ||
| 383 | std::string qualifyName(const std::string& partial_name, | ||
| 384 | const DdnsParams& ddns_params, | ||
| 385 | const bool trailing_dot) const; | ||
| 386 | @@ -264,6 +273,9 @@ class D2ClientMgr : public dhcp_ddns::NameChangeSender::RequestSendHandler, | ||
| 387 | /// @param ddns_params DDNS behavioral configuration parameters | ||
| 388 | /// @tparam T FQDN Option class containing the FQDN data such as | ||
| 389 | /// dhcp::Option4ClientFqdn or dhcp::Option6ClientFqdn | ||
| 390 | + /// | ||
| 391 | + /// @throw FQDNScrubbedEmpty if hostname sanitizing reduces the input domain | ||
| 392 | + /// name to an empty string. | ||
| 393 | template <class T> | ||
| 394 | void adjustDomainName(const T& fqdn, T& fqdn_resp, | ||
| 395 | const DdnsParams& ddns_params); | ||
| 396 | @@ -515,7 +527,12 @@ D2ClientMgr::adjustDomainName(const T& fqdn, T& fqdn_resp, const DdnsParams& ddn | ||
| 397 | ss << sanitizer->scrub(label); | ||
| 398 | } | ||
| 399 | |||
| 400 | - client_name = ss.str(); | ||
| 401 | + std::string clean_name = ss.str(); | ||
| 402 | + if (clean_name.empty() || clean_name == ".") { | ||
| 403 | + isc_throw(FQDNScrubbedEmpty, client_name); | ||
| 404 | + } | ||
| 405 | + | ||
| 406 | + client_name = clean_name; | ||
| 407 | } | ||
| 408 | |||
| 409 | // If the supplied name is partial, qualify it by adding the suffix. | ||
| 410 | diff --git a/src/lib/dhcpsrv/tests/d2_client_unittest.cc b/src/lib/dhcpsrv/tests/d2_client_unittest.cc | ||
| 411 | index 68ad2189d6..00375d0066 100644 | ||
| 412 | --- a/src/lib/dhcpsrv/tests/d2_client_unittest.cc | ||
| 413 | +++ b/src/lib/dhcpsrv/tests/d2_client_unittest.cc | ||
| 414 | @@ -9,6 +9,7 @@ | ||
| 415 | #include <dhcp/option6_client_fqdn.h> | ||
| 416 | #include <dhcpsrv/d2_client_mgr.h> | ||
| 417 | #include <testutils/test_to_element.h> | ||
| 418 | +#include <testutils/gtest_utils.h> | ||
| 419 | #include <exceptions/exceptions.h> | ||
| 420 | #include <util/str.h> | ||
| 421 | |||
| 422 | @@ -627,6 +628,10 @@ TEST_F(D2ClientMgrParamsTest, qualifyName) { | ||
| 423 | qualified_name = mgr.qualifyName(partial_name, *ddns_params_, do_not_dot); | ||
| 424 | EXPECT_EQ("somehost.suffix.com", qualified_name); | ||
| 425 | |||
| 426 | + // Verify that an empty name throws. | ||
| 427 | + partial_name = ""; | ||
| 428 | + ASSERT_THROW(mgr.qualifyName(partial_name, *ddns_params_, do_not_dot), BadValue); | ||
| 429 | + | ||
| 430 | // Verify that an empty suffix and false flag, does not change the name | ||
| 431 | subnet_->setDdnsQualifyingSuffix(""); | ||
| 432 | partial_name = "somehost"; | ||
| 433 | @@ -1257,4 +1262,41 @@ TEST_F(D2ClientMgrParamsTest, sanitizeFqdnV6) { | ||
| 434 | } | ||
| 435 | } | ||
| 436 | |||
| 437 | +/// @brief Tests adjustDomainName template method with Option4ClientFqdn | ||
| 438 | +/// when sanitizing scrubs input name empty. | ||
| 439 | +TEST_F(D2ClientMgrParamsTest, adjustDomainNameV4ScrubbedEmpty) { | ||
| 440 | + D2ClientMgr mgr; | ||
| 441 | + | ||
| 442 | + // Create enabled configuration | ||
| 443 | + subnet_->setDdnsSendUpdates(false); | ||
| 444 | + subnet_->setDdnsQualifyingSuffix("suffix.com"); | ||
| 445 | + subnet_->setHostnameCharSet("[^A-Za-z0-9.-]"); | ||
| 446 | + subnet_->setHostnameCharReplacement(""); | ||
| 447 | + | ||
| 448 | + Option4ClientFqdn request(0, Option4ClientFqdn::RCODE_CLIENT(), | ||
| 449 | + "___", Option4ClientFqdn::FULL); | ||
| 450 | + | ||
| 451 | + Option4ClientFqdn response(request); | ||
| 452 | + ASSERT_THROW_MSG(mgr.adjustDomainName<Option4ClientFqdn>(request, response, *ddns_params_), | ||
| 453 | + FQDNScrubbedEmpty, "___."); | ||
| 454 | +} | ||
| 455 | + | ||
| 456 | +/// @brief Tests adjustDomainName template method with Option4ClientFqdn | ||
| 457 | +/// when sanitizing scrubs input name empty. | ||
| 458 | +TEST_F(D2ClientMgrParamsTest, adjustDomainNameV6ScrubbedEmpty) { | ||
| 459 | + D2ClientMgr mgr; | ||
| 460 | + | ||
| 461 | + // Create enabled configuration | ||
| 462 | + subnet_->setDdnsSendUpdates(false); | ||
| 463 | + subnet_->setDdnsQualifyingSuffix("suffix.com"); | ||
| 464 | + subnet_->setHostnameCharSet("[^A-Za-z0-9.-]"); | ||
| 465 | + subnet_->setHostnameCharReplacement(""); | ||
| 466 | + | ||
| 467 | + Option6ClientFqdn request(0, "___", Option6ClientFqdn::FULL); | ||
| 468 | + | ||
| 469 | + Option6ClientFqdn response(request); | ||
| 470 | + ASSERT_THROW_MSG(mgr.adjustDomainName<Option6ClientFqdn>(request, response, *ddns_params_), | ||
| 471 | + FQDNScrubbedEmpty, "___."); | ||
| 472 | +} | ||
| 473 | + | ||
| 474 | } // end of anonymous namespace | ||
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch deleted file mode 100644 index 68a566773a..0000000000 --- a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch +++ /dev/null | |||
| @@ -1,104 +0,0 @@ | |||
| 1 | From cdef313bd34c5abd897b80f25554b0c66737ed05 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kai Kang <kai.kang@windriver.com> | ||
| 3 | Date: Tue, 14 Oct 2025 01:37:35 +0000 | ||
| 4 | Subject: [PATCH] There are conflict of config files between | ||
| 5 | kea and lib32-kea: | ||
| 6 | |||
| 7 | | Error: Transaction test error: | ||
| 8 | | file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of | ||
| 9 | lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 | ||
| 10 | | file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of | ||
| 11 | lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64 | ||
| 12 | | file /etc/kea/kea-dhcp6.conf conflicts between attempted installs of | ||
| 13 | lib32-kea-2.6.1-r0.core2_32 and kea-2.6.1-r0.core2_64 | ||
| 14 | |||
| 15 | Because they are all commented out, replace the expanded libdir path with | ||
| 16 | '$libdir' in the config files to avoid conflict. | ||
| 17 | |||
| 18 | Upstream-Status: Submitted [https://gitlab.isc.org/isc-projects/kea/-/issues/2602] | ||
| 19 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
| 20 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | ||
| 21 | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> | ||
| 22 | --- | ||
| 23 | src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++- | ||
| 24 | src/bin/keactrl/kea-dhcp4.conf.pre | 6 +++--- | ||
| 25 | src/bin/keactrl/kea-dhcp6.conf.pre | 6 +++--- | ||
| 26 | 3 files changed, 8 insertions(+), 7 deletions(-) | ||
| 27 | |||
| 28 | diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre | ||
| 29 | index 29d8111..de71f41 100644 | ||
| 30 | --- a/src/bin/keactrl/kea-ctrl-agent.conf.pre | ||
| 31 | +++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre | ||
| 32 | @@ -85,7 +85,8 @@ | ||
| 33 | // Agent will fail to start. | ||
| 34 | "hooks-libraries": [ | ||
| 35 | // { | ||
| 36 | -// "library": "@libdir@/kea/hooks/control-agent-commands.so", | ||
| 37 | +// // Replace $libdir with real library path /usr/lib or /usr/lib64 | ||
| 38 | +// "library": "$libdir/kea/hooks/control-agent-commands.so", | ||
| 39 | // "parameters": { | ||
| 40 | // "param1": "foo" | ||
| 41 | // } | ||
| 42 | diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre | ||
| 43 | index 2a58507..86b5abf 100644 | ||
| 44 | --- a/src/bin/keactrl/kea-dhcp4.conf.pre | ||
| 45 | +++ b/src/bin/keactrl/kea-dhcp4.conf.pre | ||
| 46 | @@ -255,7 +255,7 @@ | ||
| 47 | // // of all devices serviced by Kea, including their identifiers | ||
| 48 | // // (like MAC address), their location in the network, times | ||
| 49 | // // when they were active etc. | ||
| 50 | - // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", | ||
| 51 | + // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", | ||
| 52 | // "parameters": { | ||
| 53 | // "base-name": "kea-forensic4" | ||
| 54 | // } | ||
| 55 | @@ -271,14 +271,14 @@ | ||
| 56 | // // of specific options or perhaps even a combination of several | ||
| 57 | // // options and fields to uniquely identify a client. Those scenarios | ||
| 58 | // // are addressed by the Flexible Identifiers hook application. | ||
| 59 | - // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", | ||
| 60 | + // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", | ||
| 61 | // "parameters": { | ||
| 62 | // "identifier-expression": "relay4[2].hex" | ||
| 63 | // } | ||
| 64 | // }, | ||
| 65 | // { | ||
| 66 | // // the MySQL host backend hook library required for host storage. | ||
| 67 | - // "library": "@libdir@/kea/hooks/libdhcp_mysql.so" | ||
| 68 | + // "library": "$libdir/kea/hooks/libdhcp_mysql.so" | ||
| 69 | // } | ||
| 70 | // ], | ||
| 71 | |||
| 72 | diff --git a/src/bin/keactrl/kea-dhcp6.conf.pre b/src/bin/keactrl/kea-dhcp6.conf.pre | ||
| 73 | index c69a508..2bb488f 100644 | ||
| 74 | --- a/src/bin/keactrl/kea-dhcp6.conf.pre | ||
| 75 | +++ b/src/bin/keactrl/kea-dhcp6.conf.pre | ||
| 76 | @@ -201,7 +201,7 @@ | ||
| 77 | // // of all devices serviced by Kea, including their identifiers | ||
| 78 | // // (like MAC address), their location in the network, times | ||
| 79 | // // when they were active etc. | ||
| 80 | - // "library": "@libdir@/kea/hooks/libdhcp_legal_log.so", | ||
| 81 | + // "library": "$libdir/kea/hooks/libdhcp_legal_log.so", | ||
| 82 | // "parameters": { | ||
| 83 | // "base-name": "kea-forensic6" | ||
| 84 | // } | ||
| 85 | @@ -217,14 +217,14 @@ | ||
| 86 | // // of specific options or perhaps even a combination of several | ||
| 87 | // // options and fields to uniquely identify a client. Those scenarios | ||
| 88 | // // are addressed by the Flexible Identifiers hook application. | ||
| 89 | - // "library": "@libdir@/kea/hooks/libdhcp_flex_id.so", | ||
| 90 | + // "library": "$libdir/kea/hooks/libdhcp_flex_id.so", | ||
| 91 | // "parameters": { | ||
| 92 | // "identifier-expression": "relay6[0].option[37].hex" | ||
| 93 | // } | ||
| 94 | // }, | ||
| 95 | // { | ||
| 96 | // // the MySQL host backend hook library required for host storage. | ||
| 97 | - // "library": "@libdir@/kea/hooks/libdhcp_mysql.so" | ||
| 98 | + // "library": "$libdir/kea/hooks/libdhcp_mysql.so" | ||
| 99 | // } | ||
| 100 | // ], | ||
| 101 | |||
| 102 | -- | ||
| 103 | 2.43.0 | ||
| 104 | |||
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch deleted file mode 100644 index 9cc91bdddf..0000000000 --- a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch +++ /dev/null | |||
| @@ -1,30 +0,0 @@ | |||
| 1 | From f5125725e4e2e250ccc78a17a8b77431100e7c15 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Armin kuster <akuster808@gmail.com> | ||
| 3 | Date: Wed, 14 Oct 2020 22:48:31 -0700 | ||
| 4 | Subject: [PATCH] Busybox does not support ps -p so use pgrep | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [embedded specific] | ||
| 7 | Based on changes from Diego Sueiro <Diego.Sueiro@arm.com> | ||
| 8 | |||
| 9 | Signed-off-by: Armin kuster <akuster808@gmail.com> | ||
| 10 | |||
| 11 | Refresh to apply on top of 2.6.1. | ||
| 12 | |||
| 13 | Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> | ||
| 14 | --- | ||
| 15 | src/bin/keactrl/keactrl.in | 4 ++-- | ||
| 16 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 17 | |||
| 18 | --- a/src/bin/keactrl/keactrl.in | ||
| 19 | +++ b/src/bin/keactrl/keactrl.in | ||
| 20 | @@ -157,8 +157,8 @@ check_running() { | ||
| 21 | # Get the PID from the PID file (if it exists) | ||
| 22 | get_pid_from_file "${proc_name}" | ||
| 23 | if [ "${_pid}" -gt 0 ]; then | ||
| 24 | - # Use ps to check if PID is alive | ||
| 25 | - if ps -p "${_pid}" 1>/dev/null; then | ||
| 26 | + # Use pgrep and grep to check if PID is alive | ||
| 27 | + if pgrep -v 1 | grep ${_pid} 1>/dev/null; then | ||
| 28 | # No error, so PID IS ALIVE | ||
| 29 | _running=1 | ||
| 30 | fi | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server deleted file mode 100644 index 50fe40d439..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | ### BEGIN INIT INFO | ||
| 3 | # Provides: kea-dhcp-ddns-server | ||
| 4 | # Required-Start: $local_fs $network $remote_fs $syslog | ||
| 5 | # Required-Stop: $local_fs $network $remote_fs $syslog | ||
| 6 | # Default-Start: 2 3 4 5 | ||
| 7 | # Default-Stop: 0 1 6 | ||
| 8 | # Short-Description: ISC KEA DHCP IPv6 Server | ||
| 9 | ### END INIT INFO | ||
| 10 | |||
| 11 | PATH=/sbin:/usr/sbin:/bin:/usr/bin | ||
| 12 | DESC="kea-dhcp-ddns-server" | ||
| 13 | NAME=kea-dhcp-ddns | ||
| 14 | DAEMON=/usr/sbin/keactrl | ||
| 15 | DAEMON_ARGS=" -s dhcp_ddns" | ||
| 16 | |||
| 17 | set -e | ||
| 18 | |||
| 19 | # Exit if the package is not installed | ||
| 20 | [ -x "$DAEMON" ] || exit 0 | ||
| 21 | |||
| 22 | # Source function library. | ||
| 23 | . /etc/init.d/functions | ||
| 24 | |||
| 25 | case "$1" in | ||
| 26 | start) | ||
| 27 | echo -n "Starting $DESC: " | ||
| 28 | start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS | ||
| 29 | echo "done." | ||
| 30 | ;; | ||
| 31 | stop) | ||
| 32 | echo -n "Stopping $DESC: " | ||
| 33 | kpid=`pidof $NAME` | ||
| 34 | kill $kpid | ||
| 35 | echo "done." | ||
| 36 | ;; | ||
| 37 | restart|force-reload) | ||
| 38 | # | ||
| 39 | $0 stop | ||
| 40 | $0 start | ||
| 41 | ;; | ||
| 42 | *) | ||
| 43 | echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 | ||
| 44 | exit 1 | ||
| 45 | ;; | ||
| 46 | esac | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service deleted file mode 100644 index aec6446f0e..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service +++ /dev/null | |||
| @@ -1,13 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Kea DHCP-DDNS Server | ||
| 3 | Wants=network-online.target | ||
| 4 | After=network-online.target | ||
| 5 | After=time-sync.target | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ | ||
| 9 | ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ | ||
| 10 | ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf | ||
| 11 | |||
| 12 | [Install] | ||
| 13 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server deleted file mode 100644 index e83e51025d..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp4-server +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | ### BEGIN INIT INFO | ||
| 3 | # Provides: kea-dhcp4-server | ||
| 4 | # Required-Start: $local_fs $network $remote_fs $syslog | ||
| 5 | # Required-Stop: $local_fs $network $remote_fs $syslog | ||
| 6 | # Default-Start: 2 3 4 5 | ||
| 7 | # Default-Stop: 0 1 6 | ||
| 8 | # Short-Description: ISC KEA DHCP IPv6 Server | ||
| 9 | ### END INIT INFO | ||
| 10 | |||
| 11 | PATH=/sbin:/usr/sbin:/bin:/usr/bin | ||
| 12 | DESC="kea-dhcp4-server" | ||
| 13 | NAME=kea-dhcp4 | ||
| 14 | DAEMON=/usr/sbin/keactrl | ||
| 15 | DAEMON_ARGS=" -s dhcp4" | ||
| 16 | |||
| 17 | set -e | ||
| 18 | |||
| 19 | # Exit if the package is not installed | ||
| 20 | [ -x "$DAEMON" ] || exit 0 | ||
| 21 | |||
| 22 | # Source function library. | ||
| 23 | . /etc/init.d/functions | ||
| 24 | |||
| 25 | case "$1" in | ||
| 26 | start) | ||
| 27 | echo -n "Starting $DESC: " | ||
| 28 | start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS | ||
| 29 | echo "done." | ||
| 30 | ;; | ||
| 31 | stop) | ||
| 32 | echo -n "Stopping $DESC: " | ||
| 33 | kpid=`pidof $NAME` | ||
| 34 | kill $kpid | ||
| 35 | echo "done." | ||
| 36 | ;; | ||
| 37 | restart|force-reload) | ||
| 38 | # | ||
| 39 | $0 stop | ||
| 40 | $0 start | ||
| 41 | ;; | ||
| 42 | *) | ||
| 43 | echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 | ||
| 44 | exit 1 | ||
| 45 | ;; | ||
| 46 | esac | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service deleted file mode 100644 index a2ed4edb59..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp4.service +++ /dev/null | |||
| @@ -1,14 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Kea DHCPv4 Server | ||
| 3 | Wants=network-online.target | ||
| 4 | After=network-online.target | ||
| 5 | After=time-sync.target | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ | ||
| 9 | ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ | ||
| 10 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea | ||
| 11 | ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf | ||
| 12 | |||
| 13 | [Install] | ||
| 14 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server deleted file mode 100644 index 10f2d22641..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp6-server +++ /dev/null | |||
| @@ -1,47 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | ### BEGIN INIT INFO | ||
| 3 | # Provides: kea-dhcp6-server | ||
| 4 | # Required-Start: $local_fs $network $remote_fs $syslog | ||
| 5 | # Required-Stop: $local_fs $network $remote_fs $syslog | ||
| 6 | # Default-Start: 2 3 4 5 | ||
| 7 | # Default-Stop: 0 1 6 | ||
| 8 | # Short-Description: ISC KEA DHCP IPv6 Server | ||
| 9 | ### END INIT INFO | ||
| 10 | |||
| 11 | # PATH should only include /usr/* if it runs after the mountnfs.sh script | ||
| 12 | PATH=/sbin:/usr/sbin:/bin:/usr/bin | ||
| 13 | DESC="kea-dhcp6-server" | ||
| 14 | NAME=kea-dhcp6 | ||
| 15 | DAEMON=/usr/sbin/keactrl | ||
| 16 | DAEMON_ARGS=" -s dhcp6" | ||
| 17 | |||
| 18 | set -e | ||
| 19 | |||
| 20 | # Exit if the package is not installed | ||
| 21 | [ -x "$DAEMON" ] || exit 0 | ||
| 22 | |||
| 23 | # Source function library. | ||
| 24 | . /etc/init.d/functions | ||
| 25 | |||
| 26 | case "$1" in | ||
| 27 | start) | ||
| 28 | echo -n "Starting $DESC: " | ||
| 29 | start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS | ||
| 30 | echo "done." | ||
| 31 | ;; | ||
| 32 | stop) | ||
| 33 | echo -n "Stopping $DESC: " | ||
| 34 | kpid=`pidof $NAME` | ||
| 35 | kill $kpid | ||
| 36 | echo "done." | ||
| 37 | ;; | ||
| 38 | restart|force-reload) | ||
| 39 | # | ||
| 40 | $0 stop | ||
| 41 | $0 start | ||
| 42 | ;; | ||
| 43 | *) | ||
| 44 | echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 | ||
| 45 | exit 1 | ||
| 46 | ;; | ||
| 47 | esac | ||
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service deleted file mode 100644 index ed6e017d0c..0000000000 --- a/meta/recipes-connectivity/kea/files/kea-dhcp6.service +++ /dev/null | |||
| @@ -1,14 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Kea DHCPv6 Server | ||
| 3 | Wants=network-online.target | ||
| 4 | After=network-online.target | ||
| 5 | After=time-sync.target | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/ | ||
| 9 | ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/ | ||
| 10 | ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea | ||
| 11 | ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf | ||
| 12 | |||
| 13 | [Install] | ||
| 14 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/kea/kea_3.0.1.bb b/meta/recipes-connectivity/kea/kea_3.0.1.bb deleted file mode 100644 index 8729b1162e..0000000000 --- a/meta/recipes-connectivity/kea/kea_3.0.1.bb +++ /dev/null | |||
| @@ -1,90 +0,0 @@ | |||
| 1 | SUMMARY = "ISC Kea DHCP Server" | ||
| 2 | DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS." | ||
| 3 | HOMEPAGE = "http://kea.isc.org" | ||
| 4 | SECTION = "connectivity" | ||
| 5 | LICENSE = "MPL-2.0" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=fb634ed1d923b8b8fd1ed7ffc9b70ae4" | ||
| 7 | |||
| 8 | DEPENDS = "boost log4cplus openssl" | ||
| 9 | |||
| 10 | SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.xz \ | ||
| 11 | file://kea-dhcp4.service \ | ||
| 12 | file://kea-dhcp6.service \ | ||
| 13 | file://kea-dhcp-ddns.service \ | ||
| 14 | file://kea-dhcp4-server \ | ||
| 15 | file://kea-dhcp6-server \ | ||
| 16 | file://kea-dhcp-ddns-server \ | ||
| 17 | file://fix-multilib-conflict.patch \ | ||
| 18 | file://fix_pid_keactrl.patch \ | ||
| 19 | file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \ | ||
| 20 | file://0001-build-boost-1.89.0-fixes.patch \ | ||
| 21 | file://0001-meson-use-a-runtime-safe-interpreter-string.patch \ | ||
| 22 | file://0001-mk_cfgrpt.sh-strip-prefixes.patch \ | ||
| 23 | file://0001-d2-dhcp-46-radius-dhcpsrv-Avoid-Boost-lexical_cast-o.patch \ | ||
| 24 | file://CVE-2025-11232.patch \ | ||
| 25 | " | ||
| 26 | SRC_URI[sha256sum] = "ec84fec4bb7f6b9d15a82e755a571e9348eb4d6fbc62bb3f6f1296cd7a24c566" | ||
| 27 | |||
| 28 | inherit meson pkgconfig systemd update-rc.d upstream-version-is-even | ||
| 29 | |||
| 30 | EXTRA_OEMESON += "-Dcrypto=openssl -Drunstatedir=${runtimedir} -Dkrb5=disabled -Dnetconf=disabled --install-umask=0022" | ||
| 31 | |||
| 32 | INITSCRIPT_NAME = "kea-dhcp4-server" | ||
| 33 | INITSCRIPT_PARAMS = "defaults 30" | ||
| 34 | |||
| 35 | SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service" | ||
| 36 | SYSTEMD_AUTO_ENABLE = "disable" | ||
| 37 | |||
| 38 | DEBUG_OPTIMIZATION:remove:mips = " -Og" | ||
| 39 | DEBUG_OPTIMIZATION:append:mips = " -O" | ||
| 40 | BUILD_OPTIMIZATION:remove:mips = " -Og" | ||
| 41 | BUILD_OPTIMIZATION:append:mips = " -O" | ||
| 42 | |||
| 43 | DEBUG_OPTIMIZATION:remove:mipsel = " -Og" | ||
| 44 | DEBUG_OPTIMIZATION:append:mipsel = " -O" | ||
| 45 | BUILD_OPTIMIZATION:remove:mipsel = " -Og" | ||
| 46 | BUILD_OPTIMIZATION:append:mipsel = " -O" | ||
| 47 | |||
| 48 | CXXFLAGS:remove = "-fvisibility-inlines-hidden" | ||
| 49 | |||
| 50 | do_configure:prepend() { | ||
| 51 | # replace abs_top_builddir to avoid introducing the build path | ||
| 52 | # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target | ||
| 53 | find ${S} -type f -name *.sh.in | xargs sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" | ||
| 54 | sed -i "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in | ||
| 55 | export STRIP_PREFIXES="${RECIPE_SYSROOT_NATIVE}:${RECIPE_SYSROOT}:${WORKDIR}:${B}" | ||
| 56 | } | ||
| 57 | |||
| 58 | # patch out build host paths for reproducibility | ||
| 59 | do_compile:prepend:class-target() { | ||
| 60 | sed -i -e "s,${WORKDIR},,g" ${B}/config.report | ||
| 61 | } | ||
| 62 | |||
| 63 | do_install:append() { | ||
| 64 | install -d ${D}${sysconfdir}/init.d | ||
| 65 | install -d ${D}${systemd_system_unitdir} | ||
| 66 | |||
| 67 | install -m 0644 ${UNPACKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir} | ||
| 68 | install -m 0755 ${UNPACKDIR}/kea-*-server ${D}${sysconfdir}/init.d | ||
| 69 | sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
| 70 | -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \ | ||
| 71 | ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl | ||
| 72 | sed -i -e "s:${B}:@abs_top_builddir_placeholder@:g" \ | ||
| 73 | -e "s:${S}:@abs_top_srcdir_placeholder@:g" \ | ||
| 74 | ${D}${sbindir}/kea-admin | ||
| 75 | rm -rf ${D}${datadir}/${BPN}/meson-info | ||
| 76 | rm -rf ${D}${runtimedir} | ||
| 77 | } | ||
| 78 | |||
| 79 | do_install:append() { | ||
| 80 | rm -rf "${D}${localstatedir}" | ||
| 81 | } | ||
| 82 | |||
| 83 | CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf" | ||
| 84 | |||
| 85 | PACKAGES =+ "${PN}-python" | ||
| 86 | FILES:${PN}-python = "${nonarch_libdir}/python*/site-packages/*" | ||
| 87 | RDEPENDS:${PN}-python = "python3" | ||
| 88 | |||
| 89 | FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a" | ||
| 90 | FILES:${PN} += "${libdir}/hooks/*.so" | ||
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb deleted file mode 100644 index 7ad52acd06..0000000000 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.5.bb +++ /dev/null | |||
| @@ -1,43 +0,0 @@ | |||
| 1 | SUMMARY = "Interface for user-level network packet capture" | ||
| 2 | DESCRIPTION = "Libpcap provides a portable framework for low-level network \ | ||
| 3 | monitoring. Libpcap can provide network statistics collection, \ | ||
| 4 | security monitoring and network debugging." | ||
| 5 | HOMEPAGE = "http://www.tcpdump.org/" | ||
| 6 | BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577" | ||
| 7 | SECTION = "libs/network" | ||
| 8 | LICENSE = "BSD-3-Clause" | ||
| 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ | ||
| 10 | file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" | ||
| 11 | DEPENDS = "flex-native bison-native" | ||
| 12 | |||
| 13 | SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.xz" | ||
| 14 | SRC_URI[sha256sum] = "84fa89ac6d303028c1c5b754abff77224f45eca0a94eb1a34ff0aa9ceece3925" | ||
| 15 | |||
| 16 | inherit autotools binconfig-disabled pkgconfig | ||
| 17 | |||
| 18 | BINCONFIG = "${bindir}/pcap-config" | ||
| 19 | |||
| 20 | # Explicitly disable dag support. We don't have recipe for it and if enabled here, | ||
| 21 | # configure script poisons the include dirs with /usr/local/include even when the | ||
| 22 | # support hasn't been detected. Do the same thing for DPDK. | ||
| 23 | EXTRA_OECONF = " \ | ||
| 24 | --with-pcap=linux \ | ||
| 25 | --without-dag \ | ||
| 26 | --without-dpdk \ | ||
| 27 | " | ||
| 28 | EXTRA_AUTORECONF += "--exclude=aclocal" | ||
| 29 | |||
| 30 | PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ | ||
| 31 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ | ||
| 32 | " | ||
| 33 | PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5" | ||
| 34 | PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus" | ||
| 35 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
| 36 | PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl" | ||
| 37 | |||
| 38 | do_configure:prepend () { | ||
| 39 | #remove hardcoded references to /usr/include | ||
| 40 | sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac | ||
| 41 | } | ||
| 42 | |||
| 43 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb b/meta/recipes-connectivity/libuv/libuv_1.51.0.bb deleted file mode 100644 index 9ff9cf35e2..0000000000 --- a/meta/recipes-connectivity/libuv/libuv_1.51.0.bb +++ /dev/null | |||
| @@ -1,20 +0,0 @@ | |||
| 1 | SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" | ||
| 2 | HOMEPAGE = "https://github.com/libuv/libuv" | ||
| 3 | DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others." | ||
| 4 | BUGTRACKER = "https://github.com/libuv/libuv/issues" | ||
| 5 | LICENSE = "MIT" | ||
| 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=74b6f2f7818a4e3a80d03556f71b129b \ | ||
| 7 | file://LICENSE-extra;md5=f9307417749e19bd1d6d68a394b49324" | ||
| 8 | |||
| 9 | SRCREV = "5152db2cbfeb5582e9c27c5ea1dba2cd9e10759b" | ||
| 10 | SRC_URI = "git://github.com/libuv/libuv.git;branch=v1.x;protocol=https;tag=v${PV}" | ||
| 11 | UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" | ||
| 12 | |||
| 13 | inherit autotools | ||
| 14 | |||
| 15 | do_configure() { | ||
| 16 | ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" | ||
| 17 | oe_runconf | ||
| 18 | } | ||
| 19 | |||
| 20 | BBCLASSEXTEND = "native" | ||
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb deleted file mode 100644 index 72663c7e0a..0000000000 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_20250613.bb +++ /dev/null | |||
| @@ -1,15 +0,0 @@ | |||
| 1 | SUMMARY = "Mobile Broadband Service Provider Database" | ||
| 2 | HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders" | ||
| 3 | DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there" | ||
| 4 | SECTION = "network" | ||
| 5 | LICENSE = "PD" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" | ||
| 7 | |||
| 8 | PE = "1" | ||
| 9 | |||
| 10 | SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main;tag=${PV}" | ||
| 11 | SRCREV = "2a1b409491a531aedcf3eb3ba907929d96bd181a" | ||
| 12 | |||
| 13 | inherit meson | ||
| 14 | |||
| 15 | DEPENDS += "libxslt-native" | ||
diff --git a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch deleted file mode 100644 index d8e8a5e5da..0000000000 --- a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
| 3 | Date: Fri, 17 Mar 2017 14:24:29 +0200 | ||
| 4 | Subject: [PATCH] Add header dependency to nciattach.o | ||
| 5 | |||
| 6 | This can happen when compiling nciattach.o: | ||
| 7 | |||
| 8 | | In file included from ../neard-0.16/tools/nciattach.c:47:0: | ||
| 9 | | ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such | ||
| 10 | file or directory | ||
| 11 | | #include <near/nfc_copy.h> | ||
| 12 | |||
| 13 | Add the missing dependency to local headers. | ||
| 14 | |||
| 15 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
| 16 | Upstream-Status: Submitted [mailinglist] | ||
| 17 | --- | ||
| 18 | Makefile.am | 1 + | ||
| 19 | 1 file changed, 1 insertion(+) | ||
| 20 | |||
| 21 | diff --git a/Makefile.am b/Makefile.am | ||
| 22 | index fa552ee..acef6ba 100644 | ||
| 23 | --- a/Makefile.am | ||
| 24 | +++ b/Makefile.am | ||
| 25 | @@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources) | ||
| 26 | |||
| 27 | $(src_neard_OBJECTS) \ | ||
| 28 | $(tools_nfctool_nfctool_OBJECTS) \ | ||
| 29 | +$(tools_nciattach_OBJECTS) \ | ||
| 30 | $(plugin_objects) \ | ||
| 31 | $(se_seeld_OBJECTS) \ | ||
| 32 | $(unit_test_ndef_parse_OBJECTS) \ | ||
| 33 | -- | ||
| 34 | 2.11.0 | ||
| 35 | |||
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch deleted file mode 100644 index 16875e0543..0000000000 --- a/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | From bfd32d68cfc9f1e31dab88e07446d1c02bc80b5e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Robert Yang <liezhi.yang@windriver.com> | ||
| 3 | Date: Thu, 12 Feb 2015 00:39:29 -0800 | ||
| 4 | Subject: [PATCH] Makefile.am: do not ship version.h | ||
| 5 | |||
| 6 | The HEADERS' name has been changed to pkginclude_HEADERS, so use | ||
| 7 | nodist_pkginclude_HEADERS, otherwise version.h would be shipped. | ||
| 8 | |||
| 9 | Upstream-Status: Pending | ||
| 10 | |||
| 11 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
| 12 | --- | ||
| 13 | Makefile.am | 4 ++-- | ||
| 14 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/Makefile.am b/Makefile.am | ||
| 17 | index 3334790..69cd58f 100644 | ||
| 18 | --- a/Makefile.am | ||
| 19 | +++ b/Makefile.am | ||
| 20 | @@ -10,11 +10,11 @@ pkginclude_HEADERS = include/types.h include/log.h include/plugin.h \ | ||
| 21 | include/tlv.h include/setting.h include/device.h \ | ||
| 22 | include/nfc_copy.h include/snep.h | ||
| 23 | |||
| 24 | -nodist_include_HEADERS = include/version.h | ||
| 25 | +nodist_pkginclude_HEADERS = include/version.h | ||
| 26 | |||
| 27 | noinst_HEADERS = include/dbus.h | ||
| 28 | |||
| 29 | -local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_include_HEADERS) \ | ||
| 30 | +local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_pkginclude_HEADERS) \ | ||
| 31 | $(noinst_HEADERS), include/near/$(notdir $(file))) | ||
| 32 | |||
| 33 | gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \ | ||
| 34 | -- | ||
| 35 | 1.7.9.5 | ||
| 36 | |||
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch deleted file mode 100644 index aeb33a5bdc..0000000000 --- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch +++ /dev/null | |||
| @@ -1,30 +0,0 @@ | |||
| 1 | From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Robert Yang <liezhi.yang@windriver.com> | ||
| 3 | Date: Thu, 15 Jan 2015 18:12:07 -0800 | ||
| 4 | Subject: [PATCH] Makefile.am: fix parallel issue | ||
| 5 | |||
| 6 | There might be no src dir if src/builtin.h runs earlier, create it to | ||
| 7 | fix the race issue: | ||
| 8 | |||
| 9 | src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h | ||
| 10 | /bin/sh: src/builtin.h: No such file or directory | ||
| 11 | |||
| 12 | Upstream-Status: Backport [d39f8c0eee659743b4425d395c2f7ab1949e9c71] | ||
| 13 | |||
| 14 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
| 15 | --- | ||
| 16 | Makefile.am | 1 + | ||
| 17 | 1 file changed, 1 insertion(+) | ||
| 18 | |||
| 19 | Index: neard-0.16/Makefile.am | ||
| 20 | =================================================================== | ||
| 21 | --- neard-0.16.orig/Makefile.am | ||
| 22 | +++ neard-0.16/Makefile.am | ||
| 23 | @@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di | ||
| 24 | src/plugin.$(OBJEXT): src/builtin.h | ||
| 25 | |||
| 26 | src/builtin.h: src/genbuiltin $(builtin_sources) | ||
| 27 | + $(AM_V_at)$(MKDIR_P) src | ||
| 28 | $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@ | ||
| 29 | |||
| 30 | se/plugin.$(OBJEXT): se/builtin.h | ||
diff --git a/meta/recipes-connectivity/neard/neard/neard.in b/meta/recipes-connectivity/neard/neard/neard.in deleted file mode 100644 index a47d4d96c9..0000000000 --- a/meta/recipes-connectivity/neard/neard/neard.in +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # | ||
| 3 | # start/stop neard daemon. | ||
| 4 | |||
| 5 | ### BEGIN INIT INFO | ||
| 6 | # Provides: neard | ||
| 7 | # Required-Start: $network | ||
| 8 | # Required-Stop: $network | ||
| 9 | # Default-Start: S 2 3 4 5 | ||
| 10 | # Default-Stop: 0 1 6 | ||
| 11 | # Short-Description: NFC daemon | ||
| 12 | # Description: neard is a daemon used to enable NFC features | ||
| 13 | ### END INIT INFO | ||
| 14 | |||
| 15 | DAEMON=@installpath@/neard | ||
| 16 | PIDFILE=/var/run/neard.pid | ||
| 17 | DESC="Linux NFC daemon" | ||
| 18 | |||
| 19 | if [ -f /etc/default/neard ] ; then | ||
| 20 | . /etc/default/neard | ||
| 21 | fi | ||
| 22 | |||
| 23 | set -e | ||
| 24 | |||
| 25 | do_start() { | ||
| 26 | $DAEMON | ||
| 27 | } | ||
| 28 | |||
| 29 | do_stop() { | ||
| 30 | start-stop-daemon --stop --name neard --quiet | ||
| 31 | } | ||
| 32 | |||
| 33 | case "$1" in | ||
| 34 | start) | ||
| 35 | echo "Starting $DESC" | ||
| 36 | do_start | ||
| 37 | ;; | ||
| 38 | stop) | ||
| 39 | echo "Stopping $DESC" | ||
| 40 | do_stop | ||
| 41 | ;; | ||
| 42 | restart|force-reload) | ||
| 43 | echo "Restarting $DESC" | ||
| 44 | do_stop | ||
| 45 | sleep 1 | ||
| 46 | do_start | ||
| 47 | ;; | ||
| 48 | *) | ||
| 49 | echo "Usage: $0 {start|stop|restart|force-reload}" >&2 | ||
| 50 | exit 1 | ||
| 51 | ;; | ||
| 52 | esac | ||
| 53 | |||
| 54 | exit 0 | ||
diff --git a/meta/recipes-connectivity/neard/neard_0.19.bb b/meta/recipes-connectivity/neard/neard_0.19.bb deleted file mode 100644 index c1149e7631..0000000000 --- a/meta/recipes-connectivity/neard/neard_0.19.bb +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | SUMMARY = "Linux NFC daemon" | ||
| 2 | DESCRIPTION = "A daemon for the Linux Near Field Communication stack" | ||
| 3 | HOMEPAGE = "https://github.com/linux-nfc/neard" | ||
| 4 | LICENSE = "GPL-2.0-only" | ||
| 5 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ | ||
| 6 | file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ | ||
| 7 | " | ||
| 8 | |||
| 9 | DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" | ||
| 10 | |||
| 11 | SRC_URI = "git://github.com/linux-nfc/neard;protocol=https;branch=master \ | ||
| 12 | file://neard.in \ | ||
| 13 | file://Makefile.am-fix-parallel-issue.patch \ | ||
| 14 | file://Makefile.am-do-not-ship-version.h.patch \ | ||
| 15 | file://0001-Add-header-dependency-to-nciattach.o.patch \ | ||
| 16 | " | ||
| 17 | |||
| 18 | SRCREV = "a1dc8a75cba999728e154a0f811ab9dd50c809f7" | ||
| 19 | |||
| 20 | inherit autotools pkgconfig systemd update-rc.d | ||
| 21 | |||
| 22 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" | ||
| 23 | |||
| 24 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd" | ||
| 25 | |||
| 26 | EXTRA_OECONF += "--enable-tools" | ||
| 27 | |||
| 28 | # This would copy neard start-stop shell and test scripts | ||
| 29 | do_install:append() { | ||
| 30 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then | ||
| 31 | install -d ${D}${sysconfdir}/init.d/ | ||
| 32 | sed "s:@installpath@:${libexecdir}/nfc:" ${UNPACKDIR}/neard.in \ | ||
| 33 | > ${D}${sysconfdir}/init.d/neard | ||
| 34 | chmod 0755 ${D}${sysconfdir}/init.d/neard | ||
| 35 | fi | ||
| 36 | } | ||
| 37 | |||
| 38 | # Bluez & Wifi are not mandatory except for handover | ||
| 39 | WIRELESS_DAEMON ??= "wpa-supplicant" | ||
| 40 | RRECOMMENDS:${PN} = "\ | ||
| 41 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \ | ||
| 42 | ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','${WIRELESS_DAEMON}', '', d)} \ | ||
| 43 | " | ||
| 44 | |||
| 45 | INITSCRIPT_NAME = "neard" | ||
| 46 | INITSCRIPT_PARAMS = "defaults 64" | ||
| 47 | |||
| 48 | SYSTEMD_SERVICE:${PN} = "neard.service" | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch deleted file mode 100644 index 351407ddcd..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-locktest-Makefile.am-Do-not-use-build-flags.patch +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | From 9efa7a0d37665d9bb0f46d2407883a5ab42c2b84 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Mon, 24 Jul 2023 20:39:16 -0700 | ||
| 4 | Subject: [PATCH] locktest: Makefile.am: Do not use build flags | ||
| 5 | |||
| 6 | Using CFLAGS_FOR_BUILD etc. here means it is using wrong flags | ||
| 7 | when thse flags are speficied different than target flags which | ||
| 8 | is common when cross-building. It can pass wrong paths to linker | ||
| 9 | and it would find incompatible libraries during link since they | ||
| 10 | are from host system and target maybe not same as build host. | ||
| 11 | |||
| 12 | Fixes subtle errors like | ||
| 13 | | aarch64-yoe-linux-ld.lld: error: /mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/nfs-utils/2.6.3-r0/recipe-sysroot-native/usr/lib/libsqlite3.so is incompatible with elf64-littleaarch64 | ||
| 14 | |||
| 15 | Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=169025681008001&w=2] | ||
| 16 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 17 | --- | ||
| 18 | tools/locktest/Makefile.am | 3 --- | ||
| 19 | 1 file changed, 3 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am | ||
| 22 | index e8914655..2fd36971 100644 | ||
| 23 | --- a/tools/locktest/Makefile.am | ||
| 24 | +++ b/tools/locktest/Makefile.am | ||
| 25 | @@ -2,8 +2,5 @@ | ||
| 26 | |||
| 27 | noinst_PROGRAMS = testlk | ||
| 28 | testlk_SOURCES = testlk.c | ||
| 29 | -testlk_CFLAGS=$(CFLAGS_FOR_BUILD) | ||
| 30 | -testlk_CPPFLAGS=$(CPPFLAGS_FOR_BUILD) | ||
| 31 | -testlk_LDFLAGS=$(LDFLAGS_FOR_BUILD) | ||
| 32 | |||
| 33 | MAINTAINERCLEANFILES = Makefile.in | ||
| 34 | -- | ||
| 35 | 2.41.0 | ||
| 36 | |||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch deleted file mode 100644 index bbf44d5977..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0004-Use-nogroup-for-nobody-group.patch +++ /dev/null | |||
| @@ -1,38 +0,0 @@ | |||
| 1 | From 001913c5eb0aad933a93ee966252905cd46d776b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel McGregor <daniel.mcgregor@vecima.com> | ||
| 3 | Date: Tue, 6 Jun 2023 16:07:53 -0600 | ||
| 4 | Subject: [PATCH] Use "nogroup" for nobody group | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [oe-core specific, configuration] | ||
| 7 | Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> | ||
| 8 | --- | ||
| 9 | support/nfsidmap/idmapd.conf | 2 +- | ||
| 10 | utils/idmapd/idmapd.c | 2 +- | ||
| 11 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/support/nfsidmap/idmapd.conf b/support/nfsidmap/idmapd.conf | ||
| 14 | index 2a2f79a1..e6f3724f 100644 | ||
| 15 | --- a/support/nfsidmap/idmapd.conf | ||
| 16 | +++ b/support/nfsidmap/idmapd.conf | ||
| 17 | @@ -41,7 +41,7 @@ | ||
| 18 | [Mapping] | ||
| 19 | |||
| 20 | #Nobody-User = nobody | ||
| 21 | -#Nobody-Group = nobody | ||
| 22 | +#Nobody-Group = nogroup | ||
| 23 | |||
| 24 | [Translation] | ||
| 25 | |||
| 26 | diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c | ||
| 27 | index cd9a965f..3be805e9 100644 | ||
| 28 | --- a/utils/idmapd/idmapd.c | ||
| 29 | +++ b/utils/idmapd/idmapd.c | ||
| 30 | @@ -89,7 +89,7 @@ | ||
| 31 | #endif | ||
| 32 | |||
| 33 | #ifndef NFS4NOBODY_GROUP | ||
| 34 | -#define NFS4NOBODY_GROUP "nobody" | ||
| 35 | +#define NFS4NOBODY_GROUP "nogroup" | ||
| 36 | #endif | ||
| 37 | |||
| 38 | /* From Niels */ | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch deleted file mode 100644 index 3241e8e859..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0005-find-OE-provided-Kerberos.patch +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | From a2af266f013722a64c5d04e0fe097cd711393a53 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel McGregor <daniel.mcgregor@vecima.com> | ||
| 3 | Date: Wed, 8 Nov 2023 16:24:20 -0600 | ||
| 4 | Subject: [PATCH] find OE provided Kerberos | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [oe-core specific] | ||
| 7 | Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> | ||
| 8 | --- | ||
| 9 | aclocal/kerberos5.m4 | 6 ++++-- | ||
| 10 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
| 11 | |||
| 12 | diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 | ||
| 13 | index f96f0fd4..ad85fdf2 100644 | ||
| 14 | --- a/aclocal/kerberos5.m4 | ||
| 15 | +++ b/aclocal/kerberos5.m4 | ||
| 16 | @@ -22,8 +22,8 @@ AC_DEFUN([AC_KERBEROS_V5],[ | ||
| 17 | dnl This ugly hack brought on by the split installation of | ||
| 18 | dnl MIT Kerberos on Fedora Core 1 | ||
| 19 | K5CONFIG="" | ||
| 20 | - if test -f $dir/bin/krb5-config; then | ||
| 21 | - K5CONFIG=$dir/bin/krb5-config | ||
| 22 | + if test -f $dir/bin/crossscripts/krb5-config; then | ||
| 23 | + K5CONFIG=$dir/bin/crossscripts/krb5-config | ||
| 24 | elif test -f "/usr/kerberos/bin/krb5-config"; then | ||
| 25 | K5CONFIG="/usr/kerberos/bin/krb5-config" | ||
| 26 | elif test -f "/usr/lib/mit/bin/krb5-config"; then | ||
| 27 | @@ -72,6 +72,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ | ||
| 28 | AC_MSG_RESULT($KRBDIR) | ||
| 29 | |||
| 30 | dnl Check if -rpath=$(KRBDIR)/lib is needed | ||
| 31 | + if false; then | ||
| 32 | echo "The current KRBDIR is $KRBDIR" | ||
| 33 | if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \ | ||
| 34 | -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then | ||
| 35 | @@ -81,6 +82,7 @@ AC_DEFUN([AC_KERBEROS_V5],[ | ||
| 36 | else | ||
| 37 | KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib" | ||
| 38 | fi | ||
| 39 | + fi | ||
| 40 | |||
| 41 | dnl Now check for functions within gssapi library | ||
| 42 | AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon deleted file mode 100644 index 9b7fd17b41..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon +++ /dev/null | |||
| @@ -1,279 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | ### BEGIN INIT INFO | ||
| 4 | # Provides: nfs-common | ||
| 5 | # Required-Start: $portmap $time | ||
| 6 | # Required-Stop: $portmap $time | ||
| 7 | # Default-Start: S | ||
| 8 | # Default-Stop: 0 1 6 | ||
| 9 | # Short-Description: NFS support files common to client and server | ||
| 10 | # Description: NFS is a popular protocol for file sharing across | ||
| 11 | # TCP/IP networks. This service provides various | ||
| 12 | # support functions for NFS mounts. | ||
| 13 | ### END INIT INFO | ||
| 14 | |||
| 15 | # What is this? | ||
| 16 | DESC="NFS common utilities" | ||
| 17 | |||
| 18 | # Read config | ||
| 19 | DEFAULTFILE=/etc/default/nfs-utils | ||
| 20 | NEED_STATD= | ||
| 21 | NEED_GSSD= | ||
| 22 | if nfsconf --isset general pipefs-directory; then | ||
| 23 | PIPEFS_MOUNTPOINT=$(nfsconf --get general pipefs-directory) | ||
| 24 | else | ||
| 25 | PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs | ||
| 26 | fi | ||
| 27 | if [ -f $DEFAULTFILE ]; then | ||
| 28 | . $DEFAULTFILE | ||
| 29 | fi | ||
| 30 | |||
| 31 | . /etc/init.d/functions | ||
| 32 | |||
| 33 | # Exit if required binaries are missing. | ||
| 34 | [ -x /usr/sbin/rpc.statd ] || exit 0 | ||
| 35 | |||
| 36 | # | ||
| 37 | # Parse the fstab file, and determine whether we need gssd. (The | ||
| 38 | # /etc/defaults settings, if any, will override our autodetection.) This code | ||
| 39 | # is partially adapted from the mountnfs.sh script in the sysvinit package. | ||
| 40 | # | ||
| 41 | AUTO_NEED_GSSD=no | ||
| 42 | |||
| 43 | if [ -f /etc/fstab ]; then | ||
| 44 | exec 9<&0 </etc/fstab | ||
| 45 | |||
| 46 | while read -r DEV _ _ OPTS _ | ||
| 47 | do | ||
| 48 | case $DEV in | ||
| 49 | ''|\#*) | ||
| 50 | continue | ||
| 51 | ;; | ||
| 52 | esac | ||
| 53 | OLDIFS="$IFS" | ||
| 54 | IFS="," | ||
| 55 | for OPT in $OPTS; do | ||
| 56 | case "$OPT" in | ||
| 57 | sec=krb5|sec=krb5i|sec=krb5p) | ||
| 58 | AUTO_NEED_GSSD=yes | ||
| 59 | ;; | ||
| 60 | esac | ||
| 61 | done | ||
| 62 | IFS="$OLDIFS" | ||
| 63 | done | ||
| 64 | |||
| 65 | exec 0<&9 9<&- | ||
| 66 | fi | ||
| 67 | |||
| 68 | case "$NEED_STATD" in | ||
| 69 | yes|no) | ||
| 70 | ;; | ||
| 71 | *) | ||
| 72 | NEED_STATD=yes | ||
| 73 | ;; | ||
| 74 | esac | ||
| 75 | |||
| 76 | case "$NEED_IDMAPD" in | ||
| 77 | yes|no) | ||
| 78 | ;; | ||
| 79 | *) | ||
| 80 | NEED_IDMAPD=yes | ||
| 81 | ;; | ||
| 82 | esac | ||
| 83 | |||
| 84 | case "$NEED_GSSD" in | ||
| 85 | yes|no) | ||
| 86 | ;; | ||
| 87 | *) | ||
| 88 | NEED_GSSD=$AUTO_NEED_GSSD | ||
| 89 | ;; | ||
| 90 | esac | ||
| 91 | |||
| 92 | do_modprobe() { | ||
| 93 | if [ -x /sbin/modprobe ] && [ -f /proc/modules ] | ||
| 94 | then | ||
| 95 | modprobe -q "$1" || true | ||
| 96 | fi | ||
| 97 | } | ||
| 98 | |||
| 99 | do_mount() { | ||
| 100 | if ! grep -E -qs "$1\$" /proc/filesystems | ||
| 101 | then | ||
| 102 | return 1 | ||
| 103 | fi | ||
| 104 | if ! mountpoint -q "$2" | ||
| 105 | then | ||
| 106 | mount -t "$1" "$1" "$2" | ||
| 107 | return | ||
| 108 | fi | ||
| 109 | return 0 | ||
| 110 | } | ||
| 111 | |||
| 112 | do_umount() { | ||
| 113 | if mountpoint -q "$1" | ||
| 114 | then | ||
| 115 | umount "$1" | ||
| 116 | fi | ||
| 117 | return 0 | ||
| 118 | } | ||
| 119 | |||
| 120 | # See how we were called. | ||
| 121 | case "$1" in | ||
| 122 | start) | ||
| 123 | echo -n "Starting $DESC ..." | ||
| 124 | |||
| 125 | if [ "$NEED_STATD" = yes ]; then | ||
| 126 | echo -n " statd" | ||
| 127 | |||
| 128 | # See if rpcbind is running | ||
| 129 | if [ -x /usr/sbin/rpcinfo ]; then | ||
| 130 | /usr/sbin/rpcinfo -p >/dev/null 2>&1 | ||
| 131 | RET=$? | ||
| 132 | if [ $RET != 0 ]; then | ||
| 133 | echo | ||
| 134 | echo "Not starting: portmapper is not running" | ||
| 135 | exit 0 | ||
| 136 | fi | ||
| 137 | fi | ||
| 138 | start-stop-daemon --start --oknodo --quiet \ | ||
| 139 | --pidfile /run/rpc.statd.pid \ | ||
| 140 | --exec /usr/sbin/rpc.statd | ||
| 141 | RET=$? | ||
| 142 | if [ $RET != 0 ]; then | ||
| 143 | echo " failed" $RET | ||
| 144 | exit $RET | ||
| 145 | else | ||
| 146 | if [ -d /run/sendsigs.omit.d ]; then | ||
| 147 | rm -f /run/sendsigs.omit.d/statd | ||
| 148 | ln -s /run/rpc.statd.pid /run/sendsigs.omit.d/statd | ||
| 149 | fi | ||
| 150 | fi | ||
| 151 | fi | ||
| 152 | |||
| 153 | # Don't start idmapd and gssd if we don't have them (say, if /usr is not | ||
| 154 | # up yet). | ||
| 155 | [ -x /usr/sbin/rpc.idmapd ] || NEED_IDMAPD=no | ||
| 156 | [ -x /usr/sbin/rpc.gssd ] || NEED_GSSD=no | ||
| 157 | |||
| 158 | if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ] | ||
| 159 | then | ||
| 160 | do_modprobe sunrpc | ||
| 161 | do_modprobe nfs | ||
| 162 | do_modprobe nfsd | ||
| 163 | mkdir -p "$PIPEFS_MOUNTPOINT" | ||
| 164 | if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT | ||
| 165 | then | ||
| 166 | if [ "$NEED_IDMAPD" = yes ] | ||
| 167 | then | ||
| 168 | ecno -n " idmapd" | ||
| 169 | start-stop-daemon --start --oknodo --quiet \ | ||
| 170 | --exec /usr/sbin/rpc.idmapd | ||
| 171 | RET=$? | ||
| 172 | if [ $RET != 0 ]; then | ||
| 173 | echo " failed" $RET | ||
| 174 | exit $RET | ||
| 175 | fi | ||
| 176 | fi | ||
| 177 | if [ "$NEED_GSSD" = yes ] | ||
| 178 | then | ||
| 179 | do_modprobe rpcsec_gss_krb5 | ||
| 180 | echo -n " gssd" | ||
| 181 | |||
| 182 | start-stop-daemon --start --oknodo --quiet \ | ||
| 183 | --exec /usr/sbin/rpc.gssd | ||
| 184 | RET=$? | ||
| 185 | if [ $RET != 0 ]; then | ||
| 186 | echo " failed" $RET | ||
| 187 | exit $RET | ||
| 188 | fi | ||
| 189 | fi | ||
| 190 | fi | ||
| 191 | fi | ||
| 192 | echo " done" | ||
| 193 | ;; | ||
| 194 | |||
| 195 | stop) | ||
| 196 | echo -n "Stopping $DESC ..." | ||
| 197 | |||
| 198 | if [ "$NEED_GSSD" = yes ] | ||
| 199 | then | ||
| 200 | echo -n " gssd" | ||
| 201 | start-stop-daemon --stop --oknodo --quiet \ | ||
| 202 | --name rpc.gssd | ||
| 203 | RET=$? | ||
| 204 | if [ $RET != 0 ]; then | ||
| 205 | echo " failed" $RET | ||
| 206 | exit $RET | ||
| 207 | fi | ||
| 208 | fi | ||
| 209 | if [ "$NEED_IDMAPD" = yes ] | ||
| 210 | then | ||
| 211 | echo -n " idmapd" | ||
| 212 | start-stop-daemon --stop --oknodo --quiet \ | ||
| 213 | --name rpc.idmapd | ||
| 214 | RET=$? | ||
| 215 | if [ $RET != 0 ]; then | ||
| 216 | echo " failed" $RET | ||
| 217 | exit $RET | ||
| 218 | fi | ||
| 219 | fi | ||
| 220 | if [ "$NEED_STATD" = yes ] | ||
| 221 | then | ||
| 222 | echo -n " statd" | ||
| 223 | start-stop-daemon --stop --oknodo --quiet \ | ||
| 224 | --name rpc.statd | ||
| 225 | RET=$? | ||
| 226 | if [ $RET != 0 ]; then | ||
| 227 | echo " failed" $RET | ||
| 228 | exit $RET | ||
| 229 | fi | ||
| 230 | fi | ||
| 231 | do_umount $PIPEFS_MOUNTPOINT 2>/dev/null || true | ||
| 232 | echo " done" | ||
| 233 | ;; | ||
| 234 | |||
| 235 | status) | ||
| 236 | if [ "$NEED_STATD" = yes ] | ||
| 237 | then | ||
| 238 | if ! pidof rpc.statd >/dev/null | ||
| 239 | then | ||
| 240 | echo "rpc.statd not running" | ||
| 241 | exit 3 | ||
| 242 | fi | ||
| 243 | fi | ||
| 244 | |||
| 245 | if [ "$NEED_GSSD" = yes ] | ||
| 246 | then | ||
| 247 | if ! pidof rpc.gssd >/dev/null | ||
| 248 | then | ||
| 249 | echo "rpc.gssd not running" | ||
| 250 | exit 3 | ||
| 251 | fi | ||
| 252 | fi | ||
| 253 | |||
| 254 | if [ "$NEED_IDMAPD" = yes ] | ||
| 255 | then | ||
| 256 | if ! pidof rpc.idmapd >/dev/null | ||
| 257 | then | ||
| 258 | echo "rpc.idmapd not running" | ||
| 259 | exit 3 | ||
| 260 | fi | ||
| 261 | fi | ||
| 262 | |||
| 263 | echo "all daemons running" | ||
| 264 | exit 0 | ||
| 265 | ;; | ||
| 266 | |||
| 267 | restart | force-reload) | ||
| 268 | $0 stop | ||
| 269 | sleep 1 | ||
| 270 | $0 start | ||
| 271 | ;; | ||
| 272 | |||
| 273 | *) | ||
| 274 | echo "Usage: nfscommon {start|stop|status|restart}" | ||
| 275 | exit 1 | ||
| 276 | ;; | ||
| 277 | esac | ||
| 278 | |||
| 279 | exit 0 | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver deleted file mode 100644 index 99ec280b35..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver +++ /dev/null | |||
| @@ -1,135 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | ### BEGIN INIT INFO | ||
| 4 | # Provides: nfs-kernel-server | ||
| 5 | # Required-Start: $remote_fs nfs-common $portmap $time | ||
| 6 | # Required-Stop: $remote_fs nfs-common $portmap $time | ||
| 7 | # Should-Start: $named | ||
| 8 | # Default-Start: 2 3 4 5 | ||
| 9 | # Default-Stop: 0 1 6 | ||
| 10 | # Short-Description: Kernel NFS server support | ||
| 11 | # Description: NFS is a popular protocol for file sharing across | ||
| 12 | # TCP/IP networks. This service provides NFS server | ||
| 13 | # functionality, which is configured via the | ||
| 14 | # /etc/exports file. | ||
| 15 | ### END INIT INFO | ||
| 16 | # | ||
| 17 | # Startup script for nfs-utils | ||
| 18 | # | ||
| 19 | # Source function library. | ||
| 20 | . /etc/init.d/functions | ||
| 21 | # | ||
| 22 | # The environment variable NFS_SERVERS may be set in /etc/default/nfsd | ||
| 23 | # Other control variables may be overridden here too | ||
| 24 | test -r /etc/default/nfs-utils && . /etc/default/nfs-utils | ||
| 25 | # | ||
| 26 | # Location of executables: | ||
| 27 | test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd | ||
| 28 | test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd | ||
| 29 | test -x "$NFS_SVCGSSD" || NFS_SVCGSSD=/usr/sbin/rpc.svcgssd | ||
| 30 | # | ||
| 31 | # The user mode program must also exist (it just starts the kernel | ||
| 32 | # threads using the kernel module code). | ||
| 33 | test -x "$NFS_MOUNTD" || exit 0 | ||
| 34 | test -x "$NFS_NFSD" || exit 0 | ||
| 35 | |||
| 36 | case "$NEED_SVCGSSD" in | ||
| 37 | yes|no) | ||
| 38 | ;; | ||
| 39 | *) | ||
| 40 | NEED_SVCGSSD=no | ||
| 41 | ;; | ||
| 42 | esac | ||
| 43 | # | ||
| 44 | #---------------------------------------------------------------------- | ||
| 45 | # Startup and shutdown functions. | ||
| 46 | # Actual startup/shutdown is at the end of this file. | ||
| 47 | #mountd | ||
| 48 | start_mountd(){ | ||
| 49 | echo -n 'starting mountd: ' | ||
| 50 | start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@" | ||
| 51 | echo done | ||
| 52 | } | ||
| 53 | stop_mountd(){ | ||
| 54 | echo -n 'stopping mountd: ' | ||
| 55 | start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD" | ||
| 56 | echo done | ||
| 57 | } | ||
| 58 | # | ||
| 59 | #svcgssd | ||
| 60 | start_svcgssd(){ | ||
| 61 | modprobe -q rpcsec_gss_krb5 | ||
| 62 | if [ "$NEED_SVCGSSD" = "yes" ]; then | ||
| 63 | echo -n "starting svcgssd: " | ||
| 64 | start-stop-daemon --start --exec "$NFS_SVCGSSD" -- "$@" | ||
| 65 | echo done | ||
| 66 | fi | ||
| 67 | } | ||
| 68 | stop_svcgssd(){ | ||
| 69 | if [ "$NEED_SVCGSSD" = "yes" ]; then | ||
| 70 | echo -n "stop svcgssd: " | ||
| 71 | start-stop-daemon --stop --exec "$NFS_SVCGSSD" | ||
| 72 | echo done | ||
| 73 | fi | ||
| 74 | } | ||
| 75 | #nfsd | ||
| 76 | start_nfsd(){ | ||
| 77 | modprobe -q nfsd | ||
| 78 | grep -q nfsd /proc/filesystems || { | ||
| 79 | echo NFS daemon support not enabled in kernel | ||
| 80 | exit 1 | ||
| 81 | } | ||
| 82 | grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd | ||
| 83 | grep -q nfsd /proc/mounts || { | ||
| 84 | echo nfsd filesystem could not be mounted at /proc/fs/nfsd | ||
| 85 | exit 1 | ||
| 86 | } | ||
| 87 | |||
| 88 | echo -n "starting nfsd: " | ||
| 89 | start-stop-daemon --start --exec "$NFS_NFSD" -- "$@" | ||
| 90 | echo done | ||
| 91 | } | ||
| 92 | stop_nfsd(){ | ||
| 93 | echo -n 'stopping nfsd: ' | ||
| 94 | $NFS_NFSD 0 | ||
| 95 | if pidof nfsd | ||
| 96 | then | ||
| 97 | echo failed | ||
| 98 | else | ||
| 99 | echo done | ||
| 100 | fi | ||
| 101 | } | ||
| 102 | |||
| 103 | #---------------------------------------------------------------------- | ||
| 104 | # | ||
| 105 | # supported options: | ||
| 106 | # start | ||
| 107 | # stop | ||
| 108 | # reload: reloads the exports file | ||
| 109 | # restart: stops and starts mountd | ||
| 110 | #FIXME: need to create the /var/lib/nfs/... directories | ||
| 111 | case "$1" in | ||
| 112 | start) | ||
| 113 | test -r /etc/exports && exportfs -r | ||
| 114 | start_nfsd | ||
| 115 | start_svcgssd | ||
| 116 | start_mountd | ||
| 117 | test -r /etc/exports && exportfs -a;; | ||
| 118 | stop) exportfs -ua | ||
| 119 | stop_mountd | ||
| 120 | stop_svcgssd | ||
| 121 | stop_nfsd;; | ||
| 122 | status) | ||
| 123 | status /usr/sbin/rpc.mountd | ||
| 124 | RETVAL=$? | ||
| 125 | status nfsd | ||
| 126 | rval=$? | ||
| 127 | [ $RETVAL -eq 0 ] && exit $rval | ||
| 128 | exit $RETVAL;; | ||
| 129 | reload) test -r /etc/exports && exportfs -r;; | ||
| 130 | restart) | ||
| 131 | $0 stop | ||
| 132 | $0 start;; | ||
| 133 | *) echo "Usage: $0 {start|stop|status|reload|restart}" | ||
| 134 | exit 1;; | ||
| 135 | esac | ||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb deleted file mode 100644 index b68a55edcd..0000000000 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.8.4.bb +++ /dev/null | |||
| @@ -1,159 +0,0 @@ | |||
| 1 | SUMMARY = "userspace utilities for kernel nfs" | ||
| 2 | DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \ | ||
| 3 | NFS server and related tools." | ||
| 4 | HOMEPAGE = "http://nfs.sourceforge.net/" | ||
| 5 | SECTION = "console/network" | ||
| 6 | |||
| 7 | LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause" | ||
| 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84" | ||
| 9 | |||
| 10 | # util-linux for libblkid | ||
| 11 | DEPENDS = "libcap libevent util-linux sqlite3 libtirpc libxml2" | ||
| 12 | RDEPENDS:${PN} = "${PN}-client" | ||
| 13 | RRECOMMENDS:${PN} = "kernel-module-nfsd" | ||
| 14 | |||
| 15 | inherit useradd | ||
| 16 | |||
| 17 | USERADD_PACKAGES = "${PN}-client" | ||
| 18 | USERADD_PARAM:${PN}-client = "--system --home-dir /var/lib/nfs \ | ||
| 19 | --shell /bin/false --user-group rpcuser" | ||
| 20 | |||
| 21 | SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \ | ||
| 22 | file://nfsserver \ | ||
| 23 | file://nfscommon \ | ||
| 24 | file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \ | ||
| 25 | file://0004-Use-nogroup-for-nobody-group.patch \ | ||
| 26 | file://0005-find-OE-provided-Kerberos.patch \ | ||
| 27 | " | ||
| 28 | |||
| 29 | SRC_URI[sha256sum] = "11c4cc598a434d7d340bad3e072a373ba1dcc2c49f855d44b202222b78ecdbf5" | ||
| 30 | |||
| 31 | # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will | ||
| 32 | # pull in the remainder of the dependencies. | ||
| 33 | |||
| 34 | INITSCRIPT_PACKAGES = "${PN} ${PN}-client" | ||
| 35 | INITSCRIPT_NAME = "nfsserver" | ||
| 36 | INITSCRIPT_PARAMS = "defaults" | ||
| 37 | INITSCRIPT_NAME:${PN}-client = "nfscommon" | ||
| 38 | INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21" | ||
| 39 | |||
| 40 | inherit autotools-brokensep update-rc.d systemd pkgconfig | ||
| 41 | |||
| 42 | SYSTEMD_PACKAGES = "${PN} ${PN}-client" | ||
| 43 | SYSTEMD_SERVICE:${PN} = "nfs-server.service" | ||
| 44 | SYSTEMD_SERVICE:${PN}-client = "nfs-client.target" | ||
| 45 | |||
| 46 | # --enable-uuid is need for cross-compiling | ||
| 47 | EXTRA_OECONF = "--with-statduser=rpcuser \ | ||
| 48 | --enable-mountconfig \ | ||
| 49 | --enable-libmount-mount \ | ||
| 50 | --enable-uuid \ | ||
| 51 | --with-statdpath=/var/lib/nfs/statd \ | ||
| 52 | --with-pluginpath=${libdir}/libnfsidmap \ | ||
| 53 | --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \ | ||
| 54 | " | ||
| 55 | |||
| 56 | LDFLAGS += "-lsqlite3 -levent" | ||
| 57 | |||
| 58 | PACKAGECONFIG ??= "tcp-wrappers \ | ||
| 59 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} \ | ||
| 60 | " | ||
| 61 | |||
| 62 | PACKAGECONFIG:remove:libc-musl = "tcp-wrappers" | ||
| 63 | #krb5 is available in meta-oe | ||
| 64 | PACKAGECONFIG[gssapi] = "--with-krb5=${STAGING_EXECPREFIXDIR} --enable-gss --enable-svcgss,--disable-gss --disable-svcgss,krb5" | ||
| 65 | PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers" | ||
| 66 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
| 67 | # libdevmapper is available in meta-oe | ||
| 68 | PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper" | ||
| 69 | # keyutils is available in meta-oe | ||
| 70 | PACKAGECONFIG[nfsv4] = "--enable-nfsv4 --enable-nfsdcltrack,--disable-nfsv4 --disable-nfsdcltrack,keyutils,python3-core" | ||
| 71 | PACKAGECONFIG[nfsdctl] = "--enable-nfsdctl,--disable-nfsdctl,libnl readline," | ||
| 72 | PACKAGECONFIG[systemd] = "--with-systemd=${systemd_unitdir}/system,--without-systemd" | ||
| 73 | |||
| 74 | PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats ${PN}-rpcctl" | ||
| 75 | |||
| 76 | CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \ | ||
| 77 | ${localstatedir}/lib/nfs/rmtab \ | ||
| 78 | ${localstatedir}/lib/nfs/xtab \ | ||
| 79 | ${localstatedir}/lib/nfs/statd/state \ | ||
| 80 | ${sysconfdir}/idmapd.conf \ | ||
| 81 | ${sysconfdir}/nfs.conf \ | ||
| 82 | ${sysconfdir}/nfsmount.conf" | ||
| 83 | |||
| 84 | FILES:${PN}-client = "${sbindir}/*statd \ | ||
| 85 | ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \ | ||
| 86 | ${sbindir}/showmount ${sbindir}/nfsstat \ | ||
| 87 | ${sbindir}/rpc.gssd \ | ||
| 88 | ${sbindir}/nfsconf \ | ||
| 89 | ${libdir}/libnfsidmap.so.* \ | ||
| 90 | ${libdir}/libnfsidmap/*.so \ | ||
| 91 | ${libexecdir}/nfsrahead \ | ||
| 92 | ${localstatedir}/lib/nfs \ | ||
| 93 | ${sysconfdir}/idmapd.conf \ | ||
| 94 | ${sysconfdir}/init.d/nfscommon \ | ||
| 95 | ${sysconfdir}/nfs.conf \ | ||
| 96 | ${sysconfdir}/nfsmount.conf \ | ||
| 97 | ${systemd_system_unitdir}/auth-rpcgss-module.service \ | ||
| 98 | ${systemd_system_unitdir}/nfs-client.target \ | ||
| 99 | ${systemd_system_unitdir}/nfs-idmapd.service \ | ||
| 100 | ${systemd_system_unitdir}/nfs-statd.service \ | ||
| 101 | ${systemd_system_unitdir}/nfscommon.service \ | ||
| 102 | ${systemd_system_unitdir}/rpc-gssd.service \ | ||
| 103 | ${systemd_system_unitdir}/rpc-statd-notify.service \ | ||
| 104 | ${systemd_system_unitdir}/rpc-statd.service \ | ||
| 105 | ${systemd_system_unitdir}/rpc_pipefs.target \ | ||
| 106 | ${systemd_system_unitdir}/var-lib-nfs-rpc_pipefs.mount \ | ||
| 107 | ${nonarch_libdir}/udev/rules.d/*" | ||
| 108 | RDEPENDS:${PN}-client = "${PN}-mount rpcbind" | ||
| 109 | |||
| 110 | FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*" | ||
| 111 | |||
| 112 | FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts" | ||
| 113 | RDEPENDS:${PN}-stats = "python3-core" | ||
| 114 | |||
| 115 | FILES:${PN}-rpcctl = "${sbindir}/rpcctl" | ||
| 116 | RDEPENDS:${PN}-rpcctl = "python3-core" | ||
| 117 | |||
| 118 | FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a" | ||
| 119 | |||
| 120 | FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/ ${nonarch_libdir}/modprobe.d" | ||
| 121 | |||
| 122 | do_configure:prepend() { | ||
| 123 | sed -i -e 's,sbindir = .*,sbindir = ${base_sbindir},g' \ | ||
| 124 | -e 's,udev_rulesdir = .*,udev_rulesdir = ${nonarch_base_libdir}/udev/rules.d/,g' \ | ||
| 125 | ${S}/utils/mount/Makefile.am ${S}/utils/nfsdcltrack/Makefile.am \ | ||
| 126 | ${S}/systemd/Makefile.am ${S}/tools/nfsrahead/Makefile.am | ||
| 127 | } | ||
| 128 | |||
| 129 | # Make clean needed because the package comes with | ||
| 130 | # precompiled 64-bit objects that break the build | ||
| 131 | do_compile:prepend() { | ||
| 132 | make clean | ||
| 133 | } | ||
| 134 | |||
| 135 | # Works on systemd only | ||
| 136 | HIGH_RLIMIT_NOFILE ??= "4096" | ||
| 137 | |||
| 138 | do_install:append () { | ||
| 139 | install -d ${D}${sysconfdir}/init.d | ||
| 140 | install -m 0755 ${UNPACKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver | ||
| 141 | install -m 0755 ${UNPACKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon | ||
| 142 | |||
| 143 | install -m 0644 ${S}/support/nfsidmap/idmapd.conf ${D}${sysconfdir} | ||
| 144 | install -m 0644 ${S}/nfs.conf ${D}${sysconfdir} | ||
| 145 | |||
| 146 | install -d ${D}${systemd_system_unitdir} | ||
| 147 | # Retain historical service name so old scripts keep working | ||
| 148 | ln -s rpc-statd.service ${D}${systemd_system_unitdir}/nfs-statd.service | ||
| 149 | # Add compatibility symlinks for the sysvinit scripts | ||
| 150 | ln -s nfs-server.service ${D}${systemd_system_unitdir}/nfsserver.service | ||
| 151 | ln -s /dev/null ${D}${systemd_system_unitdir}/nfscommon.service | ||
| 152 | |||
| 153 | # kernel code as of 3.8 hard-codes this path as a default | ||
| 154 | install -d ${D}/var/lib/nfs/v4recovery | ||
| 155 | |||
| 156 | # chown the directories and files | ||
| 157 | chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd | ||
| 158 | chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state | ||
| 159 | } | ||
diff --git a/meta/recipes-connectivity/ofono/ofono/ofono b/meta/recipes-connectivity/ofono/ofono/ofono deleted file mode 100644 index cc9970929c..0000000000 --- a/meta/recipes-connectivity/ofono/ofono/ofono +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | DAEMON=/usr/sbin/ofonod | ||
| 4 | PIDFILE=/var/run/ofonod.pid | ||
| 5 | DESC="Telephony daemon" | ||
| 6 | |||
| 7 | if [ -f /etc/default/ofono ] ; then | ||
| 8 | . /etc/default/ofono | ||
| 9 | fi | ||
| 10 | |||
| 11 | set -e | ||
| 12 | |||
| 13 | do_start() { | ||
| 14 | $DAEMON | ||
| 15 | } | ||
| 16 | |||
| 17 | do_stop() { | ||
| 18 | start-stop-daemon --stop --name ofonod --quiet | ||
| 19 | } | ||
| 20 | |||
| 21 | case "$1" in | ||
| 22 | start) | ||
| 23 | echo "Starting $DESC" | ||
| 24 | do_start | ||
| 25 | ;; | ||
| 26 | stop) | ||
| 27 | echo "Stopping $DESC" | ||
| 28 | do_stop | ||
| 29 | ;; | ||
| 30 | restart|force-reload) | ||
| 31 | echo "Restarting $DESC" | ||
| 32 | do_stop | ||
| 33 | sleep 1 | ||
| 34 | do_start | ||
| 35 | ;; | ||
| 36 | *) | ||
| 37 | echo "Usage: $0 {start|stop|restart|force-reload}" >&2 | ||
| 38 | exit 1 | ||
| 39 | ;; | ||
| 40 | esac | ||
| 41 | |||
| 42 | exit 0 | ||
diff --git a/meta/recipes-connectivity/ofono/ofono_2.18.bb b/meta/recipes-connectivity/ofono/ofono_2.18.bb deleted file mode 100644 index e2666b3e7e..0000000000 --- a/meta/recipes-connectivity/ofono/ofono_2.18.bb +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | SUMMARY = "open source telephony" | ||
| 2 | DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands." | ||
| 3 | HOMEPAGE = "http://www.ofono.org" | ||
| 4 | BUGTRACKER = "https://01.org/jira/browse/OF" | ||
| 5 | LICENSE = "GPL-2.0-only" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \ | ||
| 7 | file://src/ofono.h;beginline=1;endline=6;md5=13e42133935ceecfc9bcb547f256e277" | ||
| 8 | DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell" | ||
| 9 | |||
| 10 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | ||
| 11 | file://ofono \ | ||
| 12 | " | ||
| 13 | SRC_URI[sha256sum] = "f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00" | ||
| 14 | |||
| 15 | inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data | ||
| 16 | |||
| 17 | INITSCRIPT_NAME = "ofono" | ||
| 18 | INITSCRIPT_PARAMS = "defaults 22" | ||
| 19 | SYSTEMD_SERVICE:${PN} = "ofono.service" | ||
| 20 | |||
| 21 | PACKAGECONFIG ??= "\ | ||
| 22 | ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ | ||
| 23 | ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ | ||
| 24 | " | ||
| 25 | PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir=" | ||
| 26 | PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5" | ||
| 27 | |||
| 28 | EXTRA_OECONF += "--enable-test --enable-external-ell" | ||
| 29 | |||
| 30 | do_install:append() { | ||
| 31 | install -d ${D}${sysconfdir}/init.d/ | ||
| 32 | install -m 0755 ${UNPACKDIR}/ofono ${D}${sysconfdir}/init.d/ofono | ||
| 33 | } | ||
| 34 | |||
| 35 | PACKAGES =+ "${PN}-tests" | ||
| 36 | |||
| 37 | FILES:${PN} += "${systemd_unitdir}" | ||
| 38 | FILES:${PN}-tests = "${libdir}/${BPN}/test" | ||
| 39 | |||
| 40 | RDEPENDS:${PN}-tests = "\ | ||
| 41 | python3-core \ | ||
| 42 | python3-dbus \ | ||
| 43 | ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \ | ||
| 44 | " | ||
| 45 | |||
| 46 | RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info" | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch deleted file mode 100644 index f424288e37..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch +++ /dev/null | |||
| @@ -1,59 +0,0 @@ | |||
| 1 | From 5cc897fe2effe549e1e280c2f606bce8b532b61e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mikko Rapeli <mikko.rapeli@linaro.org> | ||
| 3 | Date: Mon, 11 Sep 2023 09:55:21 +0100 | ||
| 4 | Subject: [PATCH] regress/banner.sh: log input and output files on error | ||
| 5 | |||
| 6 | Some test environments like yocto with qemu are seeing these | ||
| 7 | tests failing. There may be additional error messages in the | ||
| 8 | stderr of ssh cloent command. busybox cmp shows this error when | ||
| 9 | first input file has less new line characters then second | ||
| 10 | input file: | ||
| 11 | |||
| 12 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
| 13 | |||
| 14 | Logging the full banner.out will show what other error messages | ||
| 15 | are captured in addition of the expected banner. | ||
| 16 | |||
| 17 | Full log of a failing banner test runs is: | ||
| 18 | |||
| 19 | run test banner.sh ... | ||
| 20 | test banner: missing banner file | ||
| 21 | test banner: size 0 | ||
| 22 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
| 23 | banner size 0 mismatch | ||
| 24 | test banner: size 10 | ||
| 25 | test banner: size 100 | ||
| 26 | cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in | ||
| 27 | banner size 100 mismatch | ||
| 28 | test banner: size 1000 | ||
| 29 | test banner: size 10000 | ||
| 30 | test banner: size 100000 | ||
| 31 | test banner: suppress banner (-q) | ||
| 32 | FAIL: banner | ||
| 33 | return value: 1 | ||
| 34 | |||
| 35 | See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 | ||
| 36 | |||
| 37 | Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] | ||
| 38 | |||
| 39 | Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> | ||
| 40 | Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | ||
| 41 | --- | ||
| 42 | regress/banner.sh | 4 +++- | ||
| 43 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 44 | |||
| 45 | diff --git a/regress/banner.sh b/regress/banner.sh | ||
| 46 | index a84feb5..de84957 100644 | ||
| 47 | --- a/regress/banner.sh | ||
| 48 | +++ b/regress/banner.sh | ||
| 49 | @@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do | ||
| 50 | verbose "test $tid: size $s" | ||
| 51 | ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ | ||
| 52 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ | ||
| 53 | - fail "banner size $s mismatch" | ||
| 54 | + ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ | ||
| 55 | + verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ | ||
| 56 | + fail "banner size $s mismatch" ) | ||
| 57 | done | ||
| 58 | |||
| 59 | trace "test suppress banner (-q)" | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch deleted file mode 100644 index 360b62af34..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | From 9dcccafe44ea17e972e7cddea205bbe9fe71d8d6 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jose Quaresma <jose.quaresma@foundries.io> | ||
| 3 | Date: Mon, 15 Jul 2024 18:43:08 +0100 | ||
| 4 | Subject: [PATCH] regress/test-exec: use the absolute path in the SSH env | ||
| 5 | |||
| 6 | The SSHAGENT_BIN was changed in [1] to SSH_BIN but | ||
| 7 | the last one don't use the absolute path and consequently | ||
| 8 | the function increase_datafile_size can loops forever | ||
| 9 | if the binary not found. | ||
| 10 | |||
| 11 | [1] https://github.com/openssh/openssh-portable/commit/a68f80f2511f0e0c5cef737a8284cc2dfabad818 | ||
| 12 | |||
| 13 | Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/510] | ||
| 14 | |||
| 15 | Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> | ||
| 16 | --- | ||
| 17 | regress/test-exec.sh | 5 +++++ | ||
| 18 | 1 file changed, 5 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh | ||
| 21 | index 8a00c72..2891f27 100644 | ||
| 22 | --- a/regress/test-exec.sh | ||
| 23 | +++ b/regress/test-exec.sh | ||
| 24 | @@ -179,6 +179,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then | ||
| 25 | fi | ||
| 26 | |||
| 27 | # Path to sshd must be absolute for rexec | ||
| 28 | +case "$SSH" in | ||
| 29 | +/*) ;; | ||
| 30 | +*) SSH=`which $SSH` ;; | ||
| 31 | +esac | ||
| 32 | + | ||
| 33 | case "$SSHD" in | ||
| 34 | /*) ;; | ||
| 35 | *) SSHD=`which $SSHD` ;; | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init deleted file mode 100644 index 8887e3af13..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/init +++ /dev/null | |||
| @@ -1,90 +0,0 @@ | |||
| 1 | #! /bin/sh | ||
| 2 | set -e | ||
| 3 | |||
| 4 | PIDFILE=/var/run/sshd.pid | ||
| 5 | |||
| 6 | # source function library | ||
| 7 | . /etc/init.d/functions | ||
| 8 | |||
| 9 | # /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon | ||
| 10 | |||
| 11 | test -x /usr/sbin/sshd || exit 0 | ||
| 12 | ( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 | ||
| 13 | |||
| 14 | # /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS | ||
| 15 | if test -f /etc/default/ssh; then | ||
| 16 | . /etc/default/ssh | ||
| 17 | fi | ||
| 18 | |||
| 19 | [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh | ||
| 20 | mkdir -p $SYSCONFDIR | ||
| 21 | |||
| 22 | check_for_no_start() { | ||
| 23 | # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists | ||
| 24 | if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then | ||
| 25 | echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)" | ||
| 26 | exit 0 | ||
| 27 | fi | ||
| 28 | } | ||
| 29 | |||
| 30 | check_privsep_dir() { | ||
| 31 | # Create the PrivSep empty dir if necessary | ||
| 32 | if [ ! -d /var/run/sshd ]; then | ||
| 33 | mkdir /var/run/sshd | ||
| 34 | chmod 0755 /var/run/sshd | ||
| 35 | fi | ||
| 36 | } | ||
| 37 | |||
| 38 | check_config() { | ||
| 39 | /usr/sbin/sshd $SSHD_OPTS -t || exit 1 | ||
| 40 | } | ||
| 41 | |||
| 42 | export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" | ||
| 43 | |||
| 44 | case "$1" in | ||
| 45 | start) | ||
| 46 | check_for_no_start | ||
| 47 | echo "Starting OpenBSD Secure Shell server: sshd" | ||
| 48 | @LIBEXECDIR@/sshd_check_keys | ||
| 49 | check_privsep_dir | ||
| 50 | start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS | ||
| 51 | echo "done." | ||
| 52 | ;; | ||
| 53 | stop) | ||
| 54 | echo -n "Stopping OpenBSD Secure Shell server: sshd" | ||
| 55 | start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd | ||
| 56 | echo "." | ||
| 57 | ;; | ||
| 58 | |||
| 59 | reload|force-reload) | ||
| 60 | check_for_no_start | ||
| 61 | @LIBEXECDIR@/sshd_check_keys | ||
| 62 | check_config | ||
| 63 | echo -n "Reloading OpenBSD Secure Shell server's configuration" | ||
| 64 | start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd | ||
| 65 | echo "." | ||
| 66 | ;; | ||
| 67 | |||
| 68 | restart) | ||
| 69 | @LIBEXECDIR@/sshd_check_keys | ||
| 70 | check_config | ||
| 71 | echo -n "Restarting OpenBSD Secure Shell server: sshd" | ||
| 72 | start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd | ||
| 73 | check_for_no_start | ||
| 74 | check_privsep_dir | ||
| 75 | sleep 2 | ||
| 76 | start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS | ||
| 77 | echo "." | ||
| 78 | ;; | ||
| 79 | |||
| 80 | status) | ||
| 81 | status /usr/sbin/sshd | ||
| 82 | exit $? | ||
| 83 | ;; | ||
| 84 | |||
| 85 | *) | ||
| 86 | echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}" | ||
| 87 | exit 1 | ||
| 88 | esac | ||
| 89 | |||
| 90 | exit 0 | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest deleted file mode 100755 index c9100f9f37..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/run-ptest +++ /dev/null | |||
| @@ -1,60 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | export TEST_SSH_SSH=ssh | ||
| 4 | export TEST_SHELL=sh | ||
| 5 | export SKIP_UNIT=1 | ||
| 6 | |||
| 7 | cd regress | ||
| 8 | |||
| 9 | # copied from openssh-portable/.github/run_test.sh | ||
| 10 | output_failed_logs() { | ||
| 11 | for i in failed*.log; do | ||
| 12 | if [ -f "$i" ]; then | ||
| 13 | echo ------------------------------------------------------------------------- | ||
| 14 | echo LOGFILE $i | ||
| 15 | cat $i | ||
| 16 | echo ------------------------------------------------------------------------- | ||
| 17 | fi | ||
| 18 | done | ||
| 19 | } | ||
| 20 | trap output_failed_logs 0 | ||
| 21 | |||
| 22 | sed -i "/\t\tagent-ptrace /d" Makefile | ||
| 23 | make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \ | ||
| 24 | | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' | ||
| 25 | |||
| 26 | SSHAGENT=`which ssh-agent` | ||
| 27 | GDB=`which gdb` | ||
| 28 | |||
| 29 | if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then | ||
| 30 | echo "SKIP: agent-ptrace" | ||
| 31 | exit | ||
| 32 | fi | ||
| 33 | |||
| 34 | useradd openssh-test | ||
| 35 | |||
| 36 | eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null | ||
| 37 | r=$? | ||
| 38 | if [ $r -ne 0 ]; then | ||
| 39 | echo "FAIL: could not start ssh-agent: exit code $r" | ||
| 40 | else | ||
| 41 | su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF | ||
| 42 | quit | ||
| 43 | EOF | ||
| 44 | r=$? | ||
| 45 | if [ $r -ne 0 ]; then | ||
| 46 | echo "gdb failed: exit code $r" | ||
| 47 | fi | ||
| 48 | egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out | ||
| 49 | r=$? | ||
| 50 | rm -f /tmp/gdb.out | ||
| 51 | if [ $r -ne 0 ]; then | ||
| 52 | echo "FAIL: ptrace agent" | ||
| 53 | else | ||
| 54 | echo "PASS: ptrace agent" | ||
| 55 | fi | ||
| 56 | |||
| 57 | ${SSHAGENT} -k > /dev/null | ||
| 58 | fi | ||
| 59 | userdel openssh-test | ||
| 60 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config deleted file mode 100644 index cb2774a163..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | # $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ | ||
| 2 | |||
| 3 | # This is the ssh client system-wide configuration file. See | ||
| 4 | # ssh_config(5) for more information. This file provides defaults for | ||
| 5 | # users, and the values can be changed in per-user configuration files | ||
| 6 | # or on the command line. | ||
| 7 | |||
| 8 | # Configuration data is parsed as follows: | ||
| 9 | # 1. command line options | ||
| 10 | # 2. user-specific file | ||
| 11 | # 3. system-wide file | ||
| 12 | # Any configuration value is only changed the first time it is set. | ||
| 13 | # Thus, host-specific definitions should be at the beginning of the | ||
| 14 | # configuration file, and defaults at the end. | ||
| 15 | |||
| 16 | # Site-wide defaults for some commonly used options. For a comprehensive | ||
| 17 | # list of available options, their meanings and defaults, please see the | ||
| 18 | # ssh_config(5) man page. | ||
| 19 | |||
| 20 | Include /etc/ssh/ssh_config.d/*.conf | ||
| 21 | |||
| 22 | # Host * | ||
| 23 | # ForwardAgent no | ||
| 24 | # ForwardX11 no | ||
| 25 | # PasswordAuthentication yes | ||
| 26 | # HostbasedAuthentication no | ||
| 27 | # GSSAPIAuthentication no | ||
| 28 | # GSSAPIDelegateCredentials no | ||
| 29 | # BatchMode no | ||
| 30 | # CheckHostIP yes | ||
| 31 | # AddressFamily any | ||
| 32 | # ConnectTimeout 0 | ||
| 33 | # StrictHostKeyChecking ask | ||
| 34 | # IdentityFile ~/.ssh/id_rsa | ||
| 35 | # IdentityFile ~/.ssh/id_dsa | ||
| 36 | # IdentityFile ~/.ssh/id_ecdsa | ||
| 37 | # IdentityFile ~/.ssh/id_ed25519 | ||
| 38 | # Port 22 | ||
| 39 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc | ||
| 40 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com | ||
| 41 | # EscapeChar ~ | ||
| 42 | # Tunnel no | ||
| 43 | # TunnelDevice any:any | ||
| 44 | # PermitLocalCommand no | ||
| 45 | # VisualHostKey no | ||
| 46 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | ||
| 47 | # RekeyLimit 1G 1h | ||
| 48 | # UserKnownHostsFile ~/.ssh/known_hosts.d/%k | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd b/meta/recipes-connectivity/openssh/openssh/sshd deleted file mode 100644 index cf675a4dad..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | #%PAM-1.0 | ||
| 2 | |||
| 3 | auth include common-auth | ||
| 4 | account required pam_nologin.so | ||
| 5 | account include common-account | ||
| 6 | password include common-password | ||
| 7 | session optional pam_keyinit.so force revoke | ||
| 8 | session include common-session | ||
| 9 | session required pam_loginuid.so | ||
| 10 | session required pam_env.so | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service deleted file mode 100644 index c71fff1cc1..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd.service +++ /dev/null | |||
| @@ -1,18 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=OpenSSH server daemon | ||
| 3 | Wants=sshdgenkeys.service | ||
| 4 | After=sshdgenkeys.service | ||
| 5 | After=nss-user-lookup.target | ||
| 6 | |||
| 7 | [Service] | ||
| 8 | Type=notify-reload | ||
| 9 | Environment="SSHD_OPTS=" | ||
| 10 | EnvironmentFile=-/etc/default/ssh | ||
| 11 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | ||
| 12 | ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS | ||
| 13 | KillMode=process | ||
| 14 | Restart=on-failure | ||
| 15 | RestartSec=42s | ||
| 16 | |||
| 17 | [Install] | ||
| 18 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket deleted file mode 100644 index 7dd2ed0626..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Conflicts=sshd.service | ||
| 3 | Wants=sshdgenkeys.service | ||
| 4 | After=nss-user-lookup.target | ||
| 5 | |||
| 6 | [Socket] | ||
| 7 | ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd | ||
| 8 | ListenStream=22 | ||
| 9 | Accept=yes | ||
| 10 | |||
| 11 | [Install] | ||
| 12 | WantedBy=sockets.target | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service deleted file mode 100644 index 9d9965e624..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd@.service +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=OpenSSH Per-Connection Daemon | ||
| 3 | After=sshdgenkeys.service | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | Environment="SSHD_OPTS=" | ||
| 7 | EnvironmentFile=-/etc/default/ssh | ||
| 8 | ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS | ||
| 9 | StandardInput=socket | ||
| 10 | KillMode=process | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys deleted file mode 100644 index bbb6a14908..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | #! /bin/sh | ||
| 2 | |||
| 3 | generate_key() { | ||
| 4 | local FILE=$1 | ||
| 5 | local TYPE=$2 | ||
| 6 | local DIR="$(dirname "$FILE")" | ||
| 7 | |||
| 8 | mkdir -p "$DIR" | ||
| 9 | rm -f ${FILE}.tmp | ||
| 10 | ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE | ||
| 11 | chmod go-rwx "$FILE.tmp" | ||
| 12 | # Atomically rename file public key | ||
| 13 | mv -f "${FILE}.tmp.pub" "${FILE}.pub" | ||
| 14 | |||
| 15 | # This sync does double duty: Ensuring that the data in the temporary | ||
| 16 | # private key file is on disk before the rename, and ensuring that the | ||
| 17 | # public key rename is completed before the private key rename, since we | ||
| 18 | # switch on the existence of the private key to trigger key generation. | ||
| 19 | # This does mean it is possible for the public key to exist, but be garbage | ||
| 20 | # but this is OK because in that case the private key won't exist and the | ||
| 21 | # keys will be regenerated. | ||
| 22 | # | ||
| 23 | # In the event that sync understands arguments that limit what it tries to | ||
| 24 | # fsync(), we provided them. If it does not, it will simply call sync() | ||
| 25 | # which is just as well | ||
| 26 | sync "${FILE}.pub" "$DIR" "${FILE}.tmp" | ||
| 27 | |||
| 28 | mv "${FILE}.tmp" "$FILE" | ||
| 29 | |||
| 30 | # sync to ensure the atomic rename is committed | ||
| 31 | sync "$DIR" | ||
| 32 | } | ||
| 33 | |||
| 34 | # /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS | ||
| 35 | if test -f /etc/default/ssh; then | ||
| 36 | . /etc/default/ssh | ||
| 37 | fi | ||
| 38 | |||
| 39 | [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh | ||
| 40 | mkdir -p $SYSCONFDIR | ||
| 41 | |||
| 42 | # parse sshd options | ||
| 43 | set -- ${SSHD_OPTS} -- | ||
| 44 | sshd_config=/etc/ssh/sshd_config | ||
| 45 | while true ; do | ||
| 46 | case "$1" in | ||
| 47 | -f*) if [ "$1" = "-f" ] ; then | ||
| 48 | sshd_config="$2" | ||
| 49 | shift | ||
| 50 | else | ||
| 51 | sshd_config="${1#-f}" | ||
| 52 | fi | ||
| 53 | shift | ||
| 54 | ;; | ||
| 55 | --) shift; break;; | ||
| 56 | *) shift;; | ||
| 57 | esac | ||
| 58 | done | ||
| 59 | |||
| 60 | HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ') | ||
| 61 | |||
| 62 | for key in ${HOST_KEYS} ; do | ||
| 63 | [ -f $key ] && continue | ||
| 64 | case $key in | ||
| 65 | *_rsa_key) | ||
| 66 | echo " generating ssh RSA host key..." | ||
| 67 | generate_key $key rsa | ||
| 68 | ;; | ||
| 69 | *_ecdsa_key) | ||
| 70 | echo " generating ssh ECDSA host key..." | ||
| 71 | generate_key $key ecdsa | ||
| 72 | ;; | ||
| 73 | *_ed25519_key) | ||
| 74 | echo " generating ssh ED25519 host key..." | ||
| 75 | generate_key $key ed25519 | ||
| 76 | ;; | ||
| 77 | esac | ||
| 78 | done | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config deleted file mode 100644 index e9eaf93157..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ /dev/null | |||
| @@ -1,119 +0,0 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ | ||
| 2 | |||
| 3 | # This is the sshd server system-wide configuration file. See | ||
| 4 | # sshd_config(5) for more information. | ||
| 5 | |||
| 6 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||
| 7 | |||
| 8 | # The strategy used for options in the default sshd_config shipped with | ||
| 9 | # OpenSSH is to specify options with their default value where | ||
| 10 | # possible, but leave them commented. Uncommented options override the | ||
| 11 | # default value. | ||
| 12 | |||
| 13 | Include /etc/ssh/sshd_config.d/*.conf | ||
| 14 | |||
| 15 | #Port 22 | ||
| 16 | #AddressFamily any | ||
| 17 | #ListenAddress 0.0.0.0 | ||
| 18 | #ListenAddress :: | ||
| 19 | |||
| 20 | #HostKey /etc/ssh/ssh_host_rsa_key | ||
| 21 | #HostKey /etc/ssh/ssh_host_ecdsa_key | ||
| 22 | #HostKey /etc/ssh/ssh_host_ed25519_key | ||
| 23 | |||
| 24 | # Ciphers and keying | ||
| 25 | #RekeyLimit default none | ||
| 26 | |||
| 27 | # Logging | ||
| 28 | #SyslogFacility AUTH | ||
| 29 | #LogLevel INFO | ||
| 30 | |||
| 31 | # Authentication: | ||
| 32 | |||
| 33 | #LoginGraceTime 2m | ||
| 34 | #PermitRootLogin prohibit-password | ||
| 35 | #StrictModes yes | ||
| 36 | #MaxAuthTries 6 | ||
| 37 | #MaxSessions 10 | ||
| 38 | |||
| 39 | #PubkeyAuthentication yes | ||
| 40 | |||
| 41 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | ||
| 42 | # but this is overridden so installations will only check .ssh/authorized_keys | ||
| 43 | AuthorizedKeysFile .ssh/authorized_keys | ||
| 44 | |||
| 45 | #AuthorizedPrincipalsFile none | ||
| 46 | |||
| 47 | #AuthorizedKeysCommand none | ||
| 48 | #AuthorizedKeysCommandUser nobody | ||
| 49 | |||
| 50 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||
| 51 | #HostbasedAuthentication no | ||
| 52 | # Change to yes if you don't trust ~/.ssh/known_hosts for | ||
| 53 | # HostbasedAuthentication | ||
| 54 | #IgnoreUserKnownHosts no | ||
| 55 | # Don't read the user's ~/.rhosts and ~/.shosts files | ||
| 56 | #IgnoreRhosts yes | ||
| 57 | |||
| 58 | # To disable tunneled clear text passwords, change to no here! | ||
| 59 | #PasswordAuthentication yes | ||
| 60 | #PermitEmptyPasswords no | ||
| 61 | |||
| 62 | # Change to yes to enable keyboard-interactive authentication (beware issues | ||
| 63 | # with some PAM modules and threads) | ||
| 64 | KbdInteractiveAuthentication no | ||
| 65 | |||
| 66 | # Kerberos options | ||
| 67 | #KerberosAuthentication no | ||
| 68 | #KerberosOrLocalPasswd yes | ||
| 69 | #KerberosTicketCleanup yes | ||
| 70 | #KerberosGetAFSToken no | ||
| 71 | |||
| 72 | # GSSAPI options | ||
| 73 | #GSSAPIAuthentication no | ||
| 74 | #GSSAPICleanupCredentials yes | ||
| 75 | |||
| 76 | # Set this to 'yes' to enable PAM authentication, account processing, | ||
| 77 | # and session processing. If this is enabled, PAM authentication will | ||
| 78 | # be allowed through the KbdInteractiveAuthentication and | ||
| 79 | # PasswordAuthentication. Depending on your PAM configuration, | ||
| 80 | # PAM authentication via KbdInteractiveAuthentication may bypass | ||
| 81 | # the setting of "PermitRootLogin without-password". | ||
| 82 | # If you just want the PAM account and session checks to run without | ||
| 83 | # PAM authentication, then enable this but set PasswordAuthentication | ||
| 84 | # and KbdInteractiveAuthentication to 'no'. | ||
| 85 | #UsePAM no | ||
| 86 | |||
| 87 | #AllowAgentForwarding yes | ||
| 88 | #AllowTcpForwarding yes | ||
| 89 | #GatewayPorts no | ||
| 90 | #X11Forwarding no | ||
| 91 | #X11DisplayOffset 10 | ||
| 92 | #X11UseLocalhost yes | ||
| 93 | #PermitTTY yes | ||
| 94 | #PrintMotd yes | ||
| 95 | #PrintLastLog yes | ||
| 96 | #TCPKeepAlive yes | ||
| 97 | #PermitUserEnvironment no | ||
| 98 | Compression no | ||
| 99 | ClientAliveInterval 15 | ||
| 100 | ClientAliveCountMax 4 | ||
| 101 | #UseDNS no | ||
| 102 | #PidFile /var/run/sshd.pid | ||
| 103 | #MaxStartups 10:30:100 | ||
| 104 | #PermitTunnel no | ||
| 105 | #ChrootDirectory none | ||
| 106 | #VersionAddendum none | ||
| 107 | |||
| 108 | # no default banner path | ||
| 109 | #Banner none | ||
| 110 | |||
| 111 | # override default of no subsystems | ||
| 112 | Subsystem sftp /usr/libexec/sftp-server | ||
| 113 | |||
| 114 | # Example of overriding settings on a per-user basis | ||
| 115 | #Match User anoncvs | ||
| 116 | # X11Forwarding no | ||
| 117 | # AllowTcpForwarding no | ||
| 118 | # PermitTTY no | ||
| 119 | # ForceCommand cvs server | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service deleted file mode 100644 index fd81793d51..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=OpenSSH Key Generation | ||
| 3 | RequiresMountsFor=/var /run | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | ExecStart=@LIBEXECDIR@/sshd_check_keys | ||
| 7 | Type=oneshot | ||
| 8 | RemainAfterExit=yes | ||
| 9 | Nice=10 | ||
diff --git a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd deleted file mode 100644 index a0d2af3c65..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | d root root 0755 /var/run/sshd none | ||
| 2 | f root root 0644 /var/log/lastlog none | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb b/meta/recipes-connectivity/openssh/openssh_10.1p1.bb deleted file mode 100644 index 83b6183858..0000000000 --- a/meta/recipes-connectivity/openssh/openssh_10.1p1.bb +++ /dev/null | |||
| @@ -1,227 +0,0 @@ | |||
| 1 | SUMMARY = "A suite of security-related network utilities based on \ | ||
| 2 | the SSH protocol including the ssh client and sshd server" | ||
| 3 | DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ | ||
| 4 | Ssh (Secure Shell) is a program for logging into a remote machine \ | ||
| 5 | and for executing commands on a remote machine." | ||
| 6 | HOMEPAGE = "http://www.openssh.com/" | ||
| 7 | SECTION = "console/network" | ||
| 8 | LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" | ||
| 9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=78ffb36e5a48c0d8c5648603a3b6c8eb" | ||
| 10 | |||
| 11 | DEPENDS = "zlib openssl virtual/crypt" | ||
| 12 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
| 13 | |||
| 14 | SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ | ||
| 15 | file://sshd_config \ | ||
| 16 | file://ssh_config \ | ||
| 17 | file://init \ | ||
| 18 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | ||
| 19 | file://sshd.service \ | ||
| 20 | file://sshd.socket \ | ||
| 21 | file://sshd@.service \ | ||
| 22 | file://sshdgenkeys.service \ | ||
| 23 | file://volatiles.99_sshd \ | ||
| 24 | file://run-ptest \ | ||
| 25 | file://sshd_check_keys \ | ||
| 26 | file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ | ||
| 27 | file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \ | ||
| 28 | " | ||
| 29 | SRC_URI[sha256sum] = "b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758" | ||
| 30 | |||
| 31 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." | ||
| 32 | |||
| 33 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 | ||
| 34 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded | ||
| 35 | CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ | ||
| 36 | Red Hat Enterprise Linux 7 and when running in a Kerberos environment" | ||
| 37 | |||
| 38 | CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." | ||
| 39 | CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1." | ||
| 40 | |||
| 41 | PAM_SRC_URI = "file://sshd" | ||
| 42 | |||
| 43 | inherit manpages useradd update-rc.d update-alternatives systemd | ||
| 44 | |||
| 45 | USERADD_PACKAGES = "${PN}-sshd" | ||
| 46 | USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" | ||
| 47 | INITSCRIPT_PACKAGES = "${PN}-sshd" | ||
| 48 | INITSCRIPT_NAME:${PN}-sshd = "sshd" | ||
| 49 | INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" | ||
| 50 | |||
| 51 | SYSTEMD_PACKAGES = "${PN}-sshd" | ||
| 52 | SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}" | ||
| 53 | |||
| 54 | inherit autotools-brokensep ptest pkgconfig | ||
| 55 | |||
| 56 | # systemd-sshd-socket-mode means installing sshd.socket | ||
| 57 | # and systemd-sshd-service-mode corresponding to sshd.service | ||
| 58 | PACKAGECONFIG ??= "systemd-sshd-socket-mode hostkey-ecdsa" | ||
| 59 | PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2" | ||
| 60 | PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" | ||
| 61 | PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" | ||
| 62 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" | ||
| 63 | PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" | ||
| 64 | PACKAGECONFIG[systemd-sshd-socket-mode] = "" | ||
| 65 | PACKAGECONFIG[systemd-sshd-service-mode] = "" | ||
| 66 | PACKAGECONFIG[hostkey-rsa] = "" | ||
| 67 | PACKAGECONFIG[hostkey-ecdsa] = "" | ||
| 68 | PACKAGECONFIG[hostkey-ed25519] = "" | ||
| 69 | |||
| 70 | EXTRA_AUTORECONF += "--exclude=aclocal" | ||
| 71 | |||
| 72 | # login path is hardcoded in sshd | ||
| 73 | EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ | ||
| 74 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ | ||
| 75 | --without-zlib-version-check \ | ||
| 76 | --with-privsep-path=${localstatedir}/run/sshd \ | ||
| 77 | --sysconfdir=${sysconfdir}/ssh \ | ||
| 78 | --with-xauth=${bindir}/xauth \ | ||
| 79 | --disable-strip \ | ||
| 80 | " | ||
| 81 | |||
| 82 | # musl doesn't implement wtmp/utmp and logwtmp | ||
| 83 | EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" | ||
| 84 | |||
| 85 | # Work around ICE on mips/mips64 starting in 9.6p1 | ||
| 86 | EXTRA_OECONF:append:mips = " --without-hardening" | ||
| 87 | EXTRA_OECONF:append:mips64 = " --without-hardening" | ||
| 88 | |||
| 89 | # Work around ICE on powerpc64le starting in 9.6p1 | ||
| 90 | EXTRA_OECONF:append:powerpc64le = " --without-hardening" | ||
| 91 | |||
| 92 | # Since we do not depend on libbsd, we do not want configure to use it | ||
| 93 | # just because it finds libutil.h. But, specifying --disable-libutil | ||
| 94 | # causes compile errors, so... | ||
| 95 | CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" | ||
| 96 | |||
| 97 | # passwd path is hardcoded in sshd | ||
| 98 | CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" | ||
| 99 | |||
| 100 | # We don't want to depend on libblockfile | ||
| 101 | CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" | ||
| 102 | |||
| 103 | do_configure:prepend () { | ||
| 104 | export LD="${CC}" | ||
| 105 | install -m 0600 ${UNPACKDIR}/sshd_config ${B}/ | ||
| 106 | install -m 0644 ${UNPACKDIR}/ssh_config ${B}/ | ||
| 107 | } | ||
| 108 | |||
| 109 | do_compile_ptest() { | ||
| 110 | oe_runmake regress-binaries regress-unit-binaries | ||
| 111 | } | ||
| 112 | |||
| 113 | sshd_hostkey_setup() { | ||
| 114 | # Enable specific ssh host keys | ||
| 115 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config | ||
| 116 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 117 | echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 118 | fi | ||
| 119 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 120 | echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 121 | fi | ||
| 122 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 123 | echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 124 | fi | ||
| 125 | |||
| 126 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 127 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 128 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 129 | fi | ||
| 130 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 131 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 132 | fi | ||
| 133 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 134 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 135 | fi | ||
| 136 | } | ||
| 137 | |||
| 138 | do_install:append () { | ||
| 139 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then | ||
| 140 | install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd | ||
| 141 | sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config | ||
| 142 | fi | ||
| 143 | |||
| 144 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then | ||
| 145 | sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config | ||
| 146 | fi | ||
| 147 | |||
| 148 | install -d ${D}${sysconfdir}/init.d | ||
| 149 | install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/sshd | ||
| 150 | rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin | ||
| 151 | rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} | ||
| 152 | install -d ${D}/${sysconfdir}/default/volatiles | ||
| 153 | install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd | ||
| 154 | install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} | ||
| 155 | |||
| 156 | # Limit sshd_config access to the owner (default is 0644) | ||
| 157 | chmod 0600 ${D}${sysconfdir}/ssh/sshd_config | ||
| 158 | |||
| 159 | # Create config files for read-only rootfs | ||
| 160 | install -d ${D}${sysconfdir}/ssh | ||
| 161 | install -m 0600 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 162 | |||
| 163 | install -d ${D}${systemd_system_unitdir} | ||
| 164 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then | ||
| 165 | install -c -m 0644 ${UNPACKDIR}/sshd.socket ${D}${systemd_system_unitdir} | ||
| 166 | install -c -m 0644 ${UNPACKDIR}/sshd@.service ${D}${systemd_system_unitdir} | ||
| 167 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
| 168 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
| 169 | -e 's,@BINDIR@,${bindir},g' \ | ||
| 170 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
| 171 | ${D}${systemd_system_unitdir}/sshd.socket | ||
| 172 | fi | ||
| 173 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then | ||
| 174 | install -c -m 0644 ${UNPACKDIR}/sshd.service ${D}${systemd_system_unitdir} | ||
| 175 | fi | ||
| 176 | install -c -m 0644 ${UNPACKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} | ||
| 177 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
| 178 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
| 179 | -e 's,@BINDIR@,${bindir},g' \ | ||
| 180 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
| 181 | ${D}${systemd_system_unitdir}/*.service | ||
| 182 | |||
| 183 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
| 184 | ${D}${sysconfdir}/init.d/sshd | ||
| 185 | |||
| 186 | install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys | ||
| 187 | sshd_hostkey_setup | ||
| 188 | } | ||
| 189 | |||
| 190 | do_install_ptest () { | ||
| 191 | sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh | ||
| 192 | cp -r regress ${D}${PTEST_PATH} | ||
| 193 | cp config.h ${D}${PTEST_PATH} | ||
| 194 | } | ||
| 195 | |||
| 196 | ALLOW_EMPTY:${PN} = "1" | ||
| 197 | |||
| 198 | PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" | ||
| 199 | FILES:${PN}-scp = "${bindir}/scp.${BPN}" | ||
| 200 | FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" | ||
| 201 | FILES:${PN}-sshd = "${sbindir}/sshd ${libexecdir}/sshd-session ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" | ||
| 202 | FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" | ||
| 203 | FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys ${libexecdir}/sshd-auth" | ||
| 204 | FILES:${PN}-sftp = "${bindir}/sftp" | ||
| 205 | FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" | ||
| 206 | FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" | ||
| 207 | FILES:${PN}-keygen = "${bindir}/ssh-keygen" | ||
| 208 | |||
| 209 | RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" | ||
| 210 | RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" | ||
| 211 | # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies | ||
| 212 | RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin" | ||
| 213 | |||
| 214 | RPROVIDES:${PN}-ssh = "ssh" | ||
| 215 | RPROVIDES:${PN}-sshd = "sshd" | ||
| 216 | |||
| 217 | RCONFLICTS:${PN} = "dropbear" | ||
| 218 | RCONFLICTS:${PN}-sshd = "dropbear" | ||
| 219 | |||
| 220 | CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" | ||
| 221 | CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" | ||
| 222 | |||
| 223 | ALTERNATIVE_PRIORITY = "90" | ||
| 224 | ALTERNATIVE:${PN}-scp = "scp" | ||
| 225 | ALTERNATIVE:${PN}-ssh = "ssh" | ||
| 226 | |||
| 227 | BBCLASSEXTEND += "nativesdk" | ||
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh deleted file mode 100644 index 0e75e34f9d..0000000000 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ /dev/null | |||
| @@ -1,24 +0,0 @@ | |||
| 1 | export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf" | ||
| 2 | export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" | ||
| 3 | export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" | ||
| 4 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" | ||
| 5 | |||
| 6 | # Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools | ||
| 7 | # CAFILE/CAPATH is auto-deteced when source buildtools | ||
| 8 | if [ -z "${SSL_CERT_FILE:-}" ]; then | ||
| 9 | if [ -n "${CAFILE:-}" ];then | ||
| 10 | export SSL_CERT_FILE="$CAFILE" | ||
| 11 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
| 12 | export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" | ||
| 13 | fi | ||
| 14 | fi | ||
| 15 | |||
| 16 | if [ -z "${SSL_CERT_DIR:-}" ]; then | ||
| 17 | if [ -n "${CAPATH:-}" ];then | ||
| 18 | export SSL_CERT_DIR="$CAPATH" | ||
| 19 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
| 20 | export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" | ||
| 21 | fi | ||
| 22 | fi | ||
| 23 | |||
| 24 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch deleted file mode 100644 index 5b7365a353..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch +++ /dev/null | |||
| @@ -1,367 +0,0 @@ | |||
| 1 | From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: William Lyu <William.Lyu@windriver.com> | ||
| 3 | Date: Fri, 20 Oct 2023 16:22:37 -0400 | ||
| 4 | Subject: [PATCH] Added handshake history reporting when test fails | ||
| 5 | |||
| 6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | ||
| 7 | |||
| 8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | ||
| 9 | --- | ||
| 10 | test/helpers/handshake.c | 137 +++++++++++++++++++++++++++++---------- | ||
| 11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | ||
| 12 | test/ssl_test.c | 44 +++++++++++++ | ||
| 13 | 3 files changed, 217 insertions(+), 34 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | ||
| 16 | index f611b3a..5703b48 100644 | ||
| 17 | --- a/test/helpers/handshake.c | ||
| 18 | +++ b/test/helpers/handshake.c | ||
| 19 | @@ -25,6 +25,102 @@ | ||
| 20 | #include <netinet/sctp.h> | ||
| 21 | #endif | ||
| 22 | |||
| 23 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
| 24 | +/* Maps string names to various enumeration type */ | ||
| 25 | +typedef struct { | ||
| 26 | + const char *name; | ||
| 27 | + int value; | ||
| 28 | +} enum_name_map; | ||
| 29 | + | ||
| 30 | +static const enum_name_map connect_phase_names[] = { | ||
| 31 | + {"Handshake", HANDSHAKE}, | ||
| 32 | + {"RenegAppData", RENEG_APPLICATION_DATA}, | ||
| 33 | + {"RenegSetup", RENEG_SETUP}, | ||
| 34 | + {"RenegHandshake", RENEG_HANDSHAKE}, | ||
| 35 | + {"AppData", APPLICATION_DATA}, | ||
| 36 | + {"Shutdown", SHUTDOWN}, | ||
| 37 | + {"ConnectionDone", CONNECTION_DONE} | ||
| 38 | +}; | ||
| 39 | + | ||
| 40 | +static const enum_name_map peer_status_names[] = { | ||
| 41 | + {"PeerSuccess", PEER_SUCCESS}, | ||
| 42 | + {"PeerRetry", PEER_RETRY}, | ||
| 43 | + {"PeerError", PEER_ERROR}, | ||
| 44 | + {"PeerWaiting", PEER_WAITING}, | ||
| 45 | + {"PeerTestFail", PEER_TEST_FAILURE} | ||
| 46 | +}; | ||
| 47 | + | ||
| 48 | +static const enum_name_map handshake_status_names[] = { | ||
| 49 | + {"HandshakeSuccess", HANDSHAKE_SUCCESS}, | ||
| 50 | + {"ClientError", CLIENT_ERROR}, | ||
| 51 | + {"ServerError", SERVER_ERROR}, | ||
| 52 | + {"InternalError", INTERNAL_ERROR}, | ||
| 53 | + {"HandshakeRetry", HANDSHAKE_RETRY} | ||
| 54 | +}; | ||
| 55 | + | ||
| 56 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
| 57 | +static const char *enum_name(const enum_name_map *enums, size_t num_enums, | ||
| 58 | + int value) | ||
| 59 | +{ | ||
| 60 | + size_t i; | ||
| 61 | + for (i = 0; i < num_enums; i++) { | ||
| 62 | + if (enums[i].value == value) { | ||
| 63 | + return enums[i].name; | ||
| 64 | + } | ||
| 65 | + } | ||
| 66 | + return "InvalidValue"; | ||
| 67 | +} | ||
| 68 | + | ||
| 69 | +const char *handshake_connect_phase_name(connect_phase_t phase) | ||
| 70 | +{ | ||
| 71 | + return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), | ||
| 72 | + (int)phase); | ||
| 73 | +} | ||
| 74 | + | ||
| 75 | +const char *handshake_status_name(handshake_status_t handshake_status) | ||
| 76 | +{ | ||
| 77 | + return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), | ||
| 78 | + (int)handshake_status); | ||
| 79 | +} | ||
| 80 | + | ||
| 81 | +const char *handshake_peer_status_name(peer_status_t peer_status) | ||
| 82 | +{ | ||
| 83 | + return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), | ||
| 84 | + (int)peer_status); | ||
| 85 | +} | ||
| 86 | + | ||
| 87 | +static void save_loop_history(HANDSHAKE_HISTORY *history, | ||
| 88 | + connect_phase_t phase, | ||
| 89 | + handshake_status_t handshake_status, | ||
| 90 | + peer_status_t server_status, | ||
| 91 | + peer_status_t client_status, | ||
| 92 | + int client_turn_count, | ||
| 93 | + int is_client_turn) | ||
| 94 | +{ | ||
| 95 | + HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; | ||
| 96 | + | ||
| 97 | + /* | ||
| 98 | + * Create a new history entry for a handshake loop with statuses given in | ||
| 99 | + * the arguments. Potentially evicting the oldest entry when the | ||
| 100 | + * ring buffer is full. | ||
| 101 | + */ | ||
| 102 | + ++(history->last_idx); | ||
| 103 | + history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 104 | + | ||
| 105 | + new_entry = &((history->entries)[history->last_idx]); | ||
| 106 | + new_entry->phase = phase; | ||
| 107 | + new_entry->handshake_status = handshake_status; | ||
| 108 | + new_entry->server_status = server_status; | ||
| 109 | + new_entry->client_status = client_status; | ||
| 110 | + new_entry->client_turn_count = client_turn_count; | ||
| 111 | + new_entry->is_client_turn = is_client_turn; | ||
| 112 | + | ||
| 113 | + /* Evict the oldest handshake loop entry when the ring buffer is full. */ | ||
| 114 | + if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { | ||
| 115 | + ++(history->entry_count); | ||
| 116 | + } | ||
| 117 | +} | ||
| 118 | + | ||
| 119 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) | ||
| 120 | { | ||
| 121 | HANDSHAKE_RESULT *ret; | ||
| 122 | @@ -726,15 +822,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, | ||
| 123 | SSL_set_post_handshake_auth(client, 1); | ||
| 124 | } | ||
| 125 | |||
| 126 | -/* The status for each connection phase. */ | ||
| 127 | -typedef enum { | ||
| 128 | - PEER_SUCCESS, | ||
| 129 | - PEER_RETRY, | ||
| 130 | - PEER_ERROR, | ||
| 131 | - PEER_WAITING, | ||
| 132 | - PEER_TEST_FAILURE | ||
| 133 | -} peer_status_t; | ||
| 134 | - | ||
| 135 | /* An SSL object and associated read-write buffers. */ | ||
| 136 | typedef struct peer_st { | ||
| 137 | SSL *ssl; | ||
| 138 | @@ -1081,17 +1168,6 @@ static void do_shutdown_step(PEER *peer) | ||
| 139 | } | ||
| 140 | } | ||
| 141 | |||
| 142 | -typedef enum { | ||
| 143 | - HANDSHAKE, | ||
| 144 | - RENEG_APPLICATION_DATA, | ||
| 145 | - RENEG_SETUP, | ||
| 146 | - RENEG_HANDSHAKE, | ||
| 147 | - APPLICATION_DATA, | ||
| 148 | - SHUTDOWN, | ||
| 149 | - CONNECTION_DONE | ||
| 150 | -} connect_phase_t; | ||
| 151 | - | ||
| 152 | - | ||
| 153 | static int renegotiate_op(const SSL_TEST_CTX *test_ctx) | ||
| 154 | { | ||
| 155 | switch (test_ctx->handshake_mode) { | ||
| 156 | @@ -1169,19 +1245,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, | ||
| 157 | } | ||
| 158 | } | ||
| 159 | |||
| 160 | -typedef enum { | ||
| 161 | - /* Both parties succeeded. */ | ||
| 162 | - HANDSHAKE_SUCCESS, | ||
| 163 | - /* Client errored. */ | ||
| 164 | - CLIENT_ERROR, | ||
| 165 | - /* Server errored. */ | ||
| 166 | - SERVER_ERROR, | ||
| 167 | - /* Peers are in inconsistent state. */ | ||
| 168 | - INTERNAL_ERROR, | ||
| 169 | - /* One or both peers not done. */ | ||
| 170 | - HANDSHAKE_RETRY | ||
| 171 | -} handshake_status_t; | ||
| 172 | - | ||
| 173 | /* | ||
| 174 | * Determine the handshake outcome. | ||
| 175 | * last_status: the status of the peer to have acted last. | ||
| 176 | @@ -1546,6 +1609,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
| 177 | |||
| 178 | start = time(NULL); | ||
| 179 | |||
| 180 | + save_loop_history(&(ret->history), | ||
| 181 | + phase, status, server.status, client.status, | ||
| 182 | + client_turn_count, client_turn); | ||
| 183 | + | ||
| 184 | /* | ||
| 185 | * Half-duplex handshake loop. | ||
| 186 | * Client and server speak to each other synchronously in the same process. | ||
| 187 | @@ -1567,6 +1634,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
| 188 | 0 /* server went last */); | ||
| 189 | } | ||
| 190 | |||
| 191 | + save_loop_history(&(ret->history), | ||
| 192 | + phase, status, server.status, client.status, | ||
| 193 | + client_turn_count, client_turn); | ||
| 194 | + | ||
| 195 | switch (status) { | ||
| 196 | case HANDSHAKE_SUCCESS: | ||
| 197 | client_turn_count = 0; | ||
| 198 | diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h | ||
| 199 | index 78b03f9..b9967c2 100644 | ||
| 200 | --- a/test/helpers/handshake.h | ||
| 201 | +++ b/test/helpers/handshake.h | ||
| 202 | @@ -1,5 +1,5 @@ | ||
| 203 | /* | ||
| 204 | - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | ||
| 205 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
| 206 | * | ||
| 207 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| 208 | * this file except in compliance with the License. You can obtain a copy | ||
| 209 | @@ -12,6 +12,11 @@ | ||
| 210 | |||
| 211 | #include "ssl_test_ctx.h" | ||
| 212 | |||
| 213 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 | ||
| 214 | +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) | ||
| 215 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ | ||
| 216 | + ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) | ||
| 217 | + | ||
| 218 | typedef struct ctx_data_st { | ||
| 219 | unsigned char *npn_protocols; | ||
| 220 | size_t npn_protocols_len; | ||
| 221 | @@ -22,6 +27,63 @@ typedef struct ctx_data_st { | ||
| 222 | char *session_ticket_app_data; | ||
| 223 | } CTX_DATA; | ||
| 224 | |||
| 225 | +typedef enum { | ||
| 226 | + HANDSHAKE, | ||
| 227 | + RENEG_APPLICATION_DATA, | ||
| 228 | + RENEG_SETUP, | ||
| 229 | + RENEG_HANDSHAKE, | ||
| 230 | + APPLICATION_DATA, | ||
| 231 | + SHUTDOWN, | ||
| 232 | + CONNECTION_DONE | ||
| 233 | +} connect_phase_t; | ||
| 234 | + | ||
| 235 | +/* The status for each connection phase. */ | ||
| 236 | +typedef enum { | ||
| 237 | + PEER_SUCCESS, | ||
| 238 | + PEER_RETRY, | ||
| 239 | + PEER_ERROR, | ||
| 240 | + PEER_WAITING, | ||
| 241 | + PEER_TEST_FAILURE | ||
| 242 | +} peer_status_t; | ||
| 243 | + | ||
| 244 | +typedef enum { | ||
| 245 | + /* Both parties succeeded. */ | ||
| 246 | + HANDSHAKE_SUCCESS, | ||
| 247 | + /* Client errored. */ | ||
| 248 | + CLIENT_ERROR, | ||
| 249 | + /* Server errored. */ | ||
| 250 | + SERVER_ERROR, | ||
| 251 | + /* Peers are in inconsistent state. */ | ||
| 252 | + INTERNAL_ERROR, | ||
| 253 | + /* One or both peers not done. */ | ||
| 254 | + HANDSHAKE_RETRY | ||
| 255 | +} handshake_status_t; | ||
| 256 | + | ||
| 257 | +/* Stores the various status information in a handshake loop. */ | ||
| 258 | +typedef struct handshake_history_entry_st { | ||
| 259 | + connect_phase_t phase; | ||
| 260 | + handshake_status_t handshake_status; | ||
| 261 | + peer_status_t server_status; | ||
| 262 | + peer_status_t client_status; | ||
| 263 | + int client_turn_count; | ||
| 264 | + int is_client_turn; | ||
| 265 | +} HANDSHAKE_HISTORY_ENTRY; | ||
| 266 | + | ||
| 267 | +typedef struct handshake_history_st { | ||
| 268 | + /* Implemented using ring buffer. */ | ||
| 269 | + /* | ||
| 270 | + * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, | ||
| 271 | + * ..., etc., going up to |entry_count| number of entries. Note that when | ||
| 272 | + * the index into the array |entries| becomes < 0, we wrap around to | ||
| 273 | + * the end of |entries|. | ||
| 274 | + */ | ||
| 275 | + HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; | ||
| 276 | + /* The number of valid entries in |entries| array. */ | ||
| 277 | + size_t entry_count; | ||
| 278 | + /* The index of the last valid entry in the |entries| array. */ | ||
| 279 | + size_t last_idx; | ||
| 280 | +} HANDSHAKE_HISTORY; | ||
| 281 | + | ||
| 282 | typedef struct handshake_result { | ||
| 283 | ssl_test_result_t result; | ||
| 284 | /* These alerts are in the 2-byte format returned by the info_callback. */ | ||
| 285 | @@ -77,6 +139,8 @@ typedef struct handshake_result { | ||
| 286 | char *cipher; | ||
| 287 | /* session ticket application data */ | ||
| 288 | char *result_session_ticket_app_data; | ||
| 289 | + /* handshake loop history */ | ||
| 290 | + HANDSHAKE_HISTORY history; | ||
| 291 | } HANDSHAKE_RESULT; | ||
| 292 | |||
| 293 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); | ||
| 294 | @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, | ||
| 295 | CTX_DATA *server2_ctx_data, | ||
| 296 | CTX_DATA *client_ctx_data); | ||
| 297 | |||
| 298 | +const char *handshake_connect_phase_name(connect_phase_t phase); | ||
| 299 | +const char *handshake_status_name(handshake_status_t handshake_status); | ||
| 300 | +const char *handshake_peer_status_name(peer_status_t peer_status); | ||
| 301 | + | ||
| 302 | #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ | ||
| 303 | diff --git a/test/ssl_test.c b/test/ssl_test.c | ||
| 304 | index ea60851..9d6b093 100644 | ||
| 305 | --- a/test/ssl_test.c | ||
| 306 | +++ b/test/ssl_test.c | ||
| 307 | @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; | ||
| 308 | /* Currently the section names are of the form test-<number>, e.g. test-15. */ | ||
| 309 | #define MAX_TESTCASE_NAME_LENGTH 100 | ||
| 310 | |||
| 311 | +static void print_handshake_history(const HANDSHAKE_HISTORY *history) | ||
| 312 | +{ | ||
| 313 | + size_t first_idx; | ||
| 314 | + size_t i; | ||
| 315 | + size_t cur_idx; | ||
| 316 | + const HANDSHAKE_HISTORY_ENTRY *cur_entry; | ||
| 317 | + const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; | ||
| 318 | + const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; | ||
| 319 | + | ||
| 320 | + TEST_info("The following is the server/client state " | ||
| 321 | + "in the most recent %d handshake loops.", | ||
| 322 | + MAX_HANDSHAKE_HISTORY_ENTRY); | ||
| 323 | + | ||
| 324 | + TEST_note("==================================================" | ||
| 325 | + "=================================================="); | ||
| 326 | + TEST_note(header_template, | ||
| 327 | + "phase", "handshake status", "server status", | ||
| 328 | + "client status", "client turn count", "is client turn"); | ||
| 329 | + TEST_note("+--------------+----------------+----------------" | ||
| 330 | + "+----------------+-----------------+--------------+"); | ||
| 331 | + | ||
| 332 | + first_idx = (history->last_idx - history->entry_count + 1) & | ||
| 333 | + MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 334 | + for (i = 0; i < history->entry_count; ++i) { | ||
| 335 | + cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 336 | + cur_entry = &(history->entries)[cur_idx]; | ||
| 337 | + TEST_note(body_template, | ||
| 338 | + handshake_connect_phase_name(cur_entry->phase), | ||
| 339 | + handshake_status_name(cur_entry->handshake_status), | ||
| 340 | + handshake_peer_status_name(cur_entry->server_status), | ||
| 341 | + handshake_peer_status_name(cur_entry->client_status), | ||
| 342 | + cur_entry->client_turn_count, | ||
| 343 | + cur_entry->is_client_turn ? "true" : "false"); | ||
| 344 | + } | ||
| 345 | + TEST_note("==================================================" | ||
| 346 | + "=================================================="); | ||
| 347 | +} | ||
| 348 | + | ||
| 349 | static const char *print_alert(int alert) | ||
| 350 | { | ||
| 351 | return alert ? SSL_alert_desc_string_long(alert) : "no alert"; | ||
| 352 | @@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) | ||
| 353 | ret &= check_client_sign_type(result, test_ctx); | ||
| 354 | ret &= check_client_ca_names(result, test_ctx); | ||
| 355 | } | ||
| 356 | + | ||
| 357 | + /* Print handshake loop history if any check fails. */ | ||
| 358 | + if (!ret) { | ||
| 359 | + print_handshake_history(&(result->history)); | ||
| 360 | + } | ||
| 361 | + | ||
| 362 | return ret; | ||
| 363 | } | ||
| 364 | |||
| 365 | -- | ||
| 366 | 2.25.1 | ||
| 367 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch deleted file mode 100644 index cf5ff356ee..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ /dev/null | |||
| @@ -1,39 +0,0 @@ | |||
| 1 | From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex@linutronix.de> | ||
| 3 | Date: Tue, 30 May 2023 09:11:27 -0700 | ||
| 4 | Subject: [PATCH] Configure: do not tweak mips cflags | ||
| 5 | |||
| 6 | This conflicts with mips machine definitons from yocto, | ||
| 7 | e.g. | ||
| 8 | | Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 | ||
| 9 | |||
| 10 | Upstream-Status: Inappropriate [oe-core specific] | ||
| 11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 12 | |||
| 13 | Refreshed for openssl-3.1.1 | ||
| 14 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
| 15 | --- | ||
| 16 | Configure | 10 ---------- | ||
| 17 | 1 file changed, 10 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/Configure b/Configure | ||
| 20 | index fff97bd..5ee54c1 100755 | ||
| 21 | --- a/Configure | ||
| 22 | +++ b/Configure | ||
| 23 | @@ -1552,16 +1552,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) | ||
| 24 | push @{$config{shared_ldflag}}, "-mno-cygwin"; | ||
| 25 | } | ||
| 26 | |||
| 27 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} | ||
| 28 | - && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { | ||
| 29 | - # minimally required architecture flags for assembly modules | ||
| 30 | - my $value; | ||
| 31 | - $value = '-mips2' if ($target =~ /mips32/); | ||
| 32 | - $value = '-mips3' if ($target =~ /mips64/); | ||
| 33 | - unshift @{$config{cflags}}, $value; | ||
| 34 | - unshift @{$config{cxxflags}}, $value if $config{CXX}; | ||
| 35 | -} | ||
| 36 | - | ||
| 37 | # If threads aren't disabled, check how possible they are | ||
| 38 | unless ($disabled{threads}) { | ||
| 39 | if ($auto_threads) { | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch deleted file mode 100644 index dadc034c91..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ /dev/null | |||
| @@ -1,82 +0,0 @@ | |||
| 1 | From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> | ||
| 3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 | ||
| 4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler | ||
| 5 | info | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | The openssl build system generates buildinf.h containing the full | ||
| 11 | compiler command line used to compile objects. This breaks | ||
| 12 | reproducibility, as the compile command is baked into libcrypto, where | ||
| 13 | it is used when running `openssl version -f`. | ||
| 14 | |||
| 15 | Add stripped build variables for the compiler and cflags lines, and use | ||
| 16 | those when generating buildinfo.h. | ||
| 17 | |||
| 18 | This is based on a similar patch for older openssl versions: | ||
| 19 | https://patchwork.openembedded.org/patch/147229/ | ||
| 20 | |||
| 21 | Upstream-Status: Inappropriate [OE specific] | ||
| 22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> | ||
| 23 | |||
| 24 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. | ||
| 25 | |||
| 26 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
| 27 | |||
| 28 | Update to fix buildpaths qa issue for '-ffile-prefix-map'. | ||
| 29 | |||
| 30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 31 | |||
| 32 | --- | ||
| 33 | Configurations/unix-Makefile.tmpl | 16 +++++++++++++++- | ||
| 34 | crypto/build.info | 2 +- | ||
| 35 | 2 files changed, 16 insertions(+), 2 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | ||
| 38 | index 09303c4..011bda1 100644 | ||
| 39 | --- a/Configurations/unix-Makefile.tmpl | ||
| 40 | +++ b/Configurations/unix-Makefile.tmpl | ||
| 41 | @@ -513,13 +513,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | ||
| 42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | ||
| 43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | ||
| 44 | |||
| 45 | -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h | ||
| 46 | +# *_Q variables are used for one thing only: to build up buildinf.h | ||
| 47 | CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; | ||
| 48 | + $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g; | ||
| 49 | $cppflags2 =~ s|([\\"])|\\$1|g; | ||
| 50 | + $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g; | ||
| 51 | $lib_cppflags =~ s|([\\"])|\\$1|g; | ||
| 52 | + $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g; | ||
| 53 | join(' ', $lib_cppflags || (), $cppflags2 || (), | ||
| 54 | $cppflags1 || ()) -} | ||
| 55 | |||
| 56 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { | ||
| 57 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | ||
| 58 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; | ||
| 59 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; | ||
| 60 | + s|-isystem/[^ ]+/usr/include ||g; | ||
| 61 | + } | ||
| 62 | + join(' ', @{$config{CFLAGS}}) -} | ||
| 63 | + | ||
| 64 | +CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g; | ||
| 65 | + join(' ', $config{CC}) -} | ||
| 66 | + | ||
| 67 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} | ||
| 68 | |||
| 69 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | ||
| 70 | diff --git a/crypto/build.info b/crypto/build.info | ||
| 71 | index aee5c46..95c9577 100644 | ||
| 72 | --- a/crypto/build.info | ||
| 73 | +++ b/crypto/build.info | ||
| 74 | @@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF | ||
| 75 | |||
| 76 | DEPEND[info.o]=buildinf.h | ||
| 77 | DEPEND[cversion.o]=buildinf.h | ||
| 78 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | ||
| 79 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | ||
| 80 | |||
| 81 | GENERATE[uplink-x86.S]=../ms/uplink-x86.pl | ||
| 82 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch b/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch deleted file mode 100644 index d02d42f1b5..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch +++ /dev/null | |||
| @@ -1,32 +0,0 @@ | |||
| 1 | From c7000672296f4c367341aa3415f26c4d9f5e4749 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 3 | Date: Thu, 23 Oct 2025 11:24:36 +0200 | ||
| 4 | Subject: [PATCH] extend check_cwm test timeout | ||
| 5 | |||
| 6 | The default, 3s long test timeout isn't always enough for this | ||
| 7 | particular test in case there is a high load on the host machine | ||
| 8 | (assuming it is running in qemu). Extend the default timeout to 6s | ||
| 9 | for the check_cwm test to avoid timeouts. | ||
| 10 | |||
| 11 | Upstream-Status: Inappropriate [upstream issue: https://github.com/openssl/openssl/issues/28983] | ||
| 12 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 13 | --- | ||
| 14 | test/radix/main.c | 5 +++++ | ||
| 15 | 1 file changed, 5 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/test/radix/main.c b/test/radix/main.c | ||
| 18 | index 4a1e886a71..39f8c61ef9 100644 | ||
| 19 | --- a/test/radix/main.c | ||
| 20 | +++ b/test/radix/main.c | ||
| 21 | @@ -25,6 +25,11 @@ static int test_script(int idx) | ||
| 22 | int testresult; | ||
| 23 | TERP_CONFIG cfg = {0}; | ||
| 24 | |||
| 25 | + // check_cwm test sometimes times out, the default 3000ms is | ||
| 26 | + // not enough if the test execution starves for CPU | ||
| 27 | + if (!strncmp("check_cwm", script_info->name, strlen("check_cwm"))) | ||
| 28 | + cfg.max_execution_time = ossl_ms2time(6000); | ||
| 29 | + | ||
| 30 | if (!TEST_true(bindings_process_init(0, 0))) | ||
| 31 | return 0; | ||
| 32 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest deleted file mode 100644 index cd29bb1446..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ /dev/null | |||
| @@ -1,19 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | set -eu | ||
| 4 | |||
| 5 | # Optional arguments are 'list' to lists the tests, or the test name (base name | ||
| 6 | # ie test_evp, not 03_test_evp.t). Without any arguments we run all tests. | ||
| 7 | |||
| 8 | if test $# -gt 0; then | ||
| 9 | TESTS=$* | ||
| 10 | else | ||
| 11 | # Skip test_symbol_presence as this is for developers | ||
| 12 | TESTS="alltests -test_symbol_presence" | ||
| 13 | fi | ||
| 14 | |||
| 15 | export TOP=. | ||
| 16 | # Run four jobs in parallel | ||
| 17 | export HARNESS_JOBS=4 | ||
| 18 | |||
| 19 | { perl ./test/run_tests.pl $TESTS || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb b/meta/recipes-connectivity/openssl/openssl_3.5.4.bb deleted file mode 100644 index e760baf3a0..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_3.5.4.bb +++ /dev/null | |||
| @@ -1,289 +0,0 @@ | |||
| 1 | SUMMARY = "Secure Socket Layer" | ||
| 2 | DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." | ||
| 3 | HOMEPAGE = "http://www.openssl.org/" | ||
| 4 | BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" | ||
| 5 | SECTION = "libs/network" | ||
| 6 | |||
| 7 | LICENSE = "Apache-2.0" | ||
| 8 | LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" | ||
| 9 | |||
| 10 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | ||
| 11 | file://run-ptest \ | ||
| 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | ||
| 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | ||
| 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ | ||
| 15 | file://0001-extend-check_cwm-test-timeout.patch \ | ||
| 16 | " | ||
| 17 | |||
| 18 | SRC_URI:append:class-nativesdk = " \ | ||
| 19 | file://environment.d-openssl.sh \ | ||
| 20 | " | ||
| 21 | |||
| 22 | SRC_URI[sha256sum] = "967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99" | ||
| 23 | |||
| 24 | inherit lib_package multilib_header multilib_script ptest perlnative manpages | ||
| 25 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | ||
| 26 | |||
| 27 | PACKAGECONFIG ?= "" | ||
| 28 | PACKAGECONFIG:class-native = "" | ||
| 29 | PACKAGECONFIG:class-nativesdk = "" | ||
| 30 | |||
| 31 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" | ||
| 32 | PACKAGECONFIG[no-tls1] = "no-tls1" | ||
| 33 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" | ||
| 34 | PACKAGECONFIG[manpages] = "" | ||
| 35 | PACKAGECONFIG[fips] = "enable-fips" | ||
| 36 | |||
| 37 | B = "${WORKDIR}/build" | ||
| 38 | do_configure[cleandirs] = "${B}" | ||
| 39 | |||
| 40 | EXTRA_OECONF = "${@bb.utils.contains('PTEST_ENABLED', '1', '', 'no-tests', d)}" | ||
| 41 | |||
| 42 | #| ./libcrypto.so: undefined reference to `getcontext' | ||
| 43 | #| ./libcrypto.so: undefined reference to `setcontext' | ||
| 44 | #| ./libcrypto.so: undefined reference to `makecontext' | ||
| 45 | EXTRA_OECONF:append:libc-musl = " no-async" | ||
| 46 | EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" | ||
| 47 | |||
| 48 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions | ||
| 49 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) | ||
| 50 | EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom" | ||
| 51 | EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom" | ||
| 52 | |||
| 53 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. | ||
| 54 | EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' | ||
| 55 | EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' | ||
| 56 | |||
| 57 | #| threads_pthread.c:(.text+0x372): undefined reference to `__atomic_is_lock_free' | ||
| 58 | EXTRA_OECONF:append:toolchain-clang:x86 = " -latomic" | ||
| 59 | |||
| 60 | # This allows disabling deprecated or undesirable crypto algorithms. | ||
| 61 | # The default is to trust upstream choices. | ||
| 62 | DEPRECATED_CRYPTO_FLAGS ?= "" | ||
| 63 | |||
| 64 | do_configure () { | ||
| 65 | # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make | ||
| 66 | # the issue really clear that perl isn't functional due to symbol mismatch issues. | ||
| 67 | cat <<- EOF > ${WORKDIR}/perltest | ||
| 68 | #!/usr/bin/env perl | ||
| 69 | use POSIX; | ||
| 70 | EOF | ||
| 71 | chmod a+x ${WORKDIR}/perltest | ||
| 72 | ${WORKDIR}/perltest | ||
| 73 | |||
| 74 | os=${HOST_OS} | ||
| 75 | case $os in | ||
| 76 | linux-gnueabi |\ | ||
| 77 | linux-gnuspe |\ | ||
| 78 | linux-musleabi |\ | ||
| 79 | linux-muslspe |\ | ||
| 80 | linux-musl ) | ||
| 81 | os=linux | ||
| 82 | ;; | ||
| 83 | *) | ||
| 84 | ;; | ||
| 85 | esac | ||
| 86 | target="$os-${HOST_ARCH}" | ||
| 87 | case $target in | ||
| 88 | linux-arc | linux-microblaze*) | ||
| 89 | target=linux-latomic | ||
| 90 | ;; | ||
| 91 | linux-arm*) | ||
| 92 | target=linux-armv4 | ||
| 93 | ;; | ||
| 94 | linux-aarch64*) | ||
| 95 | target=linux-aarch64 | ||
| 96 | ;; | ||
| 97 | linux-i?86 | linux-viac3) | ||
| 98 | target=linux-x86 | ||
| 99 | ;; | ||
| 100 | linux-gnux32-x86_64 | linux-muslx32-x86_64 ) | ||
| 101 | target=linux-x32 | ||
| 102 | ;; | ||
| 103 | linux-gnu64-x86_64) | ||
| 104 | target=linux-x86_64 | ||
| 105 | ;; | ||
| 106 | linux-loongarch64) | ||
| 107 | target=linux64-loongarch64 | ||
| 108 | ;; | ||
| 109 | linux-mips | linux-mipsel) | ||
| 110 | # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags | ||
| 111 | target="linux-mips32 ${TARGET_CC_ARCH}" | ||
| 112 | ;; | ||
| 113 | linux-gnun32-mips*) | ||
| 114 | target=linux-mips64 | ||
| 115 | ;; | ||
| 116 | linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) | ||
| 117 | target=linux64-mips64 | ||
| 118 | ;; | ||
| 119 | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) | ||
| 120 | target=linux-generic32 | ||
| 121 | ;; | ||
| 122 | linux-powerpc) | ||
| 123 | target=linux-ppc | ||
| 124 | ;; | ||
| 125 | linux-powerpc64) | ||
| 126 | target=linux-ppc64 | ||
| 127 | ;; | ||
| 128 | linux-powerpc64le) | ||
| 129 | target=linux-ppc64le | ||
| 130 | ;; | ||
| 131 | linux-riscv32) | ||
| 132 | target=linux32-riscv32 | ||
| 133 | ;; | ||
| 134 | linux-riscv64) | ||
| 135 | target=linux64-riscv64 | ||
| 136 | ;; | ||
| 137 | linux-sparc | linux-supersparc) | ||
| 138 | target=linux-sparcv9 | ||
| 139 | ;; | ||
| 140 | mingw32-x86_64) | ||
| 141 | target=mingw64 | ||
| 142 | ;; | ||
| 143 | esac | ||
| 144 | |||
| 145 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the | ||
| 146 | # environment variables set by bitbake. Adjust the environment variables instead. | ||
| 147 | PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" | ||
| 148 | test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" | ||
| 149 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ | ||
| 150 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target | ||
| 151 | perl ${B}/configdata.pm --dump | ||
| 152 | } | ||
| 153 | |||
| 154 | do_compile:append () { | ||
| 155 | # The test suite binaries are large and we don't need the debugging in them | ||
| 156 | if test -d ${B}/test; then | ||
| 157 | find ${B}/test -type f -executable -exec ${STRIP} {} \; | ||
| 158 | fi | ||
| 159 | } | ||
| 160 | |||
| 161 | do_install () { | ||
| 162 | oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs \ | ||
| 163 | ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} \ | ||
| 164 | ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'install_fips', '', d)} | ||
| 165 | |||
| 166 | oe_multilib_header openssl/opensslconf.h | ||
| 167 | oe_multilib_header openssl/configuration.h | ||
| 168 | |||
| 169 | # Create SSL structure for packages such as ca-certificates which | ||
| 170 | # contain hard-coded paths to /etc/ssl. Debian does the same. | ||
| 171 | install -d ${D}${sysconfdir}/ssl | ||
| 172 | mv ${D}${libdir}/ssl-3/certs \ | ||
| 173 | ${D}${libdir}/ssl-3/private \ | ||
| 174 | ${D}${libdir}/ssl-3/openssl.cnf \ | ||
| 175 | ${D}${sysconfdir}/ssl/ | ||
| 176 | |||
| 177 | # Although absolute symlinks would be OK for the target, they become | ||
| 178 | # invalid if native or nativesdk are relocated from sstate. | ||
| 179 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs | ||
| 180 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private | ||
| 181 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf | ||
| 182 | |||
| 183 | # Generate fipsmodule.cnf in pkg_postinst_ontarget | ||
| 184 | if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then | ||
| 185 | rm -f ${D}${libdir}/ssl-3/fipsmodule.cnf | ||
| 186 | fi | ||
| 187 | } | ||
| 188 | |||
| 189 | do_install:append:class-native () { | ||
| 190 | create_wrapper ${D}${bindir}/openssl \ | ||
| 191 | OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \ | ||
| 192 | SSL_CERT_DIR=\${SSL_CERT_DIR:-${libdir}/ssl-3/certs} \ | ||
| 193 | SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \ | ||
| 194 | OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \ | ||
| 195 | OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules} | ||
| 196 | |||
| 197 | # Setting ENGINESDIR and MODULESDIR to invalid paths prevents host contamination, | ||
| 198 | # but also breaks the generated libcrypto.pc file. Post-Fix it manually here. | ||
| 199 | sed -i 's|^enginesdir=\($.libdir.\)/.*|enginesdir=\1/engines-3|' ${D}${libdir}/pkgconfig/libcrypto.pc | ||
| 200 | sed -i 's|^modulesdir=\($.libdir.\)/.*|modulesdir=\1/ossl-modules|' ${D}${libdir}/pkgconfig/libcrypto.pc | ||
| 201 | } | ||
| 202 | |||
| 203 | do_install:append:class-nativesdk () { | ||
| 204 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d | ||
| 205 | install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | ||
| 206 | } | ||
| 207 | |||
| 208 | PTEST_BUILD_HOST_FILES += "configdata.pm" | ||
| 209 | PTEST_BUILD_HOST_PATTERN = "perl_version =" | ||
| 210 | do_install_ptest() { | ||
| 211 | install -m644 ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} | ||
| 212 | cp -rf ${S}/Configurations ${S}/external ${D}${PTEST_PATH}/ | ||
| 213 | |||
| 214 | install -d ${D}${PTEST_PATH}/apps | ||
| 215 | ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps | ||
| 216 | |||
| 217 | cd ${S} | ||
| 218 | find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 219 | find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 220 | find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 221 | find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 222 | find util -name \*.p[lm] -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 223 | |||
| 224 | cd ${B} | ||
| 225 | # Everything but .? (.o and .d) | ||
| 226 | find test -type f -name \*[^.]? -exec install -m755 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 227 | find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 228 | find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 229 | find apps test -name \*.srl -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
| 230 | install -m755 ${B}/util/*wrap.* ${D}${PTEST_PATH}/util/ | ||
| 231 | |||
| 232 | install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps/ | ||
| 233 | install -m755 ${S}/test/*.pl ${D}${PTEST_PATH}/test/ | ||
| 234 | install -m755 ${S}/test/shibboleth.pfx ${D}${PTEST_PATH}/test/ | ||
| 235 | install -m755 ${S}/test/*.bin ${D}${PTEST_PATH}/test/ | ||
| 236 | install -m755 ${S}/test/dane*.in ${D}${PTEST_PATH}/test/ | ||
| 237 | install -m755 ${S}/test/smcont*.txt ${D}${PTEST_PATH}/test/ | ||
| 238 | install -m755 ${S}/test/ssl_test.tmpl ${D}${PTEST_PATH}/test/ | ||
| 239 | |||
| 240 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm ${D}${PTEST_PATH}/util/wrap.pl | ||
| 241 | |||
| 242 | install -d ${D}${PTEST_PATH}/engines | ||
| 243 | install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines/ | ||
| 244 | install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines/ | ||
| 245 | ln -s ${libdir}/engines-3/loader_attic.so ${D}${PTEST_PATH}/engines/ | ||
| 246 | ln -s ${libdir}/ossl-modules/ ${D}${PTEST_PATH}/providers | ||
| 247 | } | ||
| 248 | |||
| 249 | pkg_postinst_ontarget:${PN}-ossl-module-fips () { | ||
| 250 | if test -f ${libdir}/ossl-modules/fips.so; then | ||
| 251 | ${bindir}/openssl fipsinstall -out ${libdir}/ssl-3/fipsmodule.cnf -module ${libdir}/ossl-modules/fips.so | ||
| 252 | fi | ||
| 253 | } | ||
| 254 | |||
| 255 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | ||
| 256 | # package RRECOMMENDS on this package. This will enable the configuration | ||
| 257 | # file to be installed for both the openssl-bin package and the libcrypto | ||
| 258 | # package since the openssl-bin package depends on the libcrypto package. | ||
| 259 | |||
| 260 | PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy ${PN}-ossl-module-fips" | ||
| 261 | |||
| 262 | FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" | ||
| 263 | FILES:libssl = "${libdir}/libssl${SOLIBS}" | ||
| 264 | FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ | ||
| 265 | ${libdir}/ssl-3/openssl.cnf* \ | ||
| 266 | " | ||
| 267 | FILES:${PN}-engines = "${libdir}/engines-3" | ||
| 268 | # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) | ||
| 269 | FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" | ||
| 270 | FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" | ||
| 271 | FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" | ||
| 272 | FILES:${PN}-ossl-module-fips = "${libdir}/ossl-modules/fips.so" | ||
| 273 | FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" | ||
| 274 | FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | ||
| 275 | |||
| 276 | CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" | ||
| 277 | |||
| 278 | RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" | ||
| 279 | RDEPENDS:${PN}-misc = "perl" | ||
| 280 | RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy" | ||
| 281 | |||
| 282 | RDEPENDS:${PN}-bin += "openssl-conf" | ||
| 283 | |||
| 284 | # The test suite is installed stripped | ||
| 285 | INSANE_SKIP:${PN} = "already-stripped" | ||
| 286 | |||
| 287 | BBCLASSEXTEND = "native nativesdk" | ||
| 288 | |||
| 289 | CVE_PRODUCT = "openssl:openssl" | ||
diff --git a/meta/recipes-connectivity/ppp-dialin/files/host-peer b/meta/recipes-connectivity/ppp-dialin/files/host-peer deleted file mode 100644 index e7e2e11d49..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/files/host-peer +++ /dev/null | |||
| @@ -1,11 +0,0 @@ | |||
| 1 | -detach | ||
| 2 | defaultroute | ||
| 3 | nocrtscts | ||
| 4 | lock | ||
| 5 | noauth | ||
| 6 | lcp-echo-interval 5 | ||
| 7 | lcp-echo-failure 3 | ||
| 8 | usepeerdns | ||
| 9 | 115200 | ||
| 10 | local | ||
| 11 | asyncmap 0 | ||
diff --git a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin deleted file mode 100644 index ea2771311a..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | /usr/sbin/pppd call host | ||
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb deleted file mode 100644 index 5c9c8219d7..0000000000 --- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb +++ /dev/null | |||
| @@ -1,27 +0,0 @@ | |||
| 1 | SUMMARY = "Enables PPP dial-in through a serial connection" | ||
| 2 | SECTION = "console/network" | ||
| 3 | DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks." | ||
| 4 | DEPENDS = "ppp" | ||
| 5 | RDEPENDS:${PN} = "ppp" | ||
| 6 | LICENSE = "MIT" | ||
| 7 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
| 8 | |||
| 9 | SRC_URI = "file://host-peer \ | ||
| 10 | file://ppp-dialin" | ||
| 11 | |||
| 12 | inherit allarch useradd | ||
| 13 | |||
| 14 | S = "${UNPACKDIR}" | ||
| 15 | |||
| 16 | do_install() { | ||
| 17 | install -d ${D}${sysconfdir}/ppp/peers | ||
| 18 | install -m 0644 ${S}/host-peer ${D}${sysconfdir}/ppp/peers/host | ||
| 19 | |||
| 20 | install -d ${D}${sbindir} | ||
| 21 | install -m 0755 ${S}/ppp-dialin ${D}${sbindir} | ||
| 22 | } | ||
| 23 | |||
| 24 | USERADD_PACKAGES = "${PN}" | ||
| 25 | USERADD_PARAM:${PN} = "--system --home /dev/null \ | ||
| 26 | --no-create-home --shell ${sbindir}/ppp-dialin \ | ||
| 27 | --no-user-group --gid nogroup ppp" | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch deleted file mode 100644 index a00706c184..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch +++ /dev/null | |||
| @@ -1,98 +0,0 @@ | |||
| 1 | From a6eb65162db5bcc5ec26cff7361885c0a44cbbfa Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex@linutronix.de> | ||
| 3 | Date: Mon, 17 Mar 2025 11:12:07 +0100 | ||
| 4 | Subject: [PATCH] pppd/pppdconf.h: remove erroneous generated header | ||
| 5 | |||
| 6 | Upstream-Status: Inappropriate [tarball generation issue tracked at https://github.com/ppp-project/ppp/issues/541] | ||
| 7 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 8 | --- | ||
| 9 | pppd/pppdconf.h | 80 ------------------------------------------------- | ||
| 10 | 1 file changed, 80 deletions(-) | ||
| 11 | delete mode 100644 pppd/pppdconf.h | ||
| 12 | |||
| 13 | diff --git a/pppd/pppdconf.h b/pppd/pppdconf.h | ||
| 14 | deleted file mode 100644 | ||
| 15 | index 51a8f02..0000000 | ||
| 16 | --- a/pppd/pppdconf.h | ||
| 17 | +++ /dev/null | ||
| 18 | @@ -1,80 +0,0 @@ | ||
| 19 | -/* pppd/pppdconf.h. Generated from pppdconf.h.in by configure. */ | ||
| 20 | -/* | ||
| 21 | - * Copyright (c) 2022 Eivind Næss. All rights reserved. | ||
| 22 | - * | ||
| 23 | - * Redistribution and use in source and binary forms, with or without | ||
| 24 | - * modification, are permitted provided that the following conditions | ||
| 25 | - * are met: | ||
| 26 | - * | ||
| 27 | - * 1. Redistributions of source code must retain the above copyright | ||
| 28 | - * notice, this list of conditions and the following disclaimer. | ||
| 29 | - * | ||
| 30 | - * 2. Redistributions in binary form must reproduce the above copyright | ||
| 31 | - * notice, this list of conditions and the following disclaimer in | ||
| 32 | - * the documentation and/or other materials provided with the | ||
| 33 | - * distribution. | ||
| 34 | - * | ||
| 35 | - * 3. The name(s) of the authors of this software must not be used to | ||
| 36 | - * endorse or promote products derived from this software without | ||
| 37 | - * prior written permission. | ||
| 38 | - * | ||
| 39 | - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO | ||
| 40 | - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY | ||
| 41 | - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY | ||
| 42 | - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 43 | - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | ||
| 44 | - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING | ||
| 45 | - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 46 | - */ | ||
| 47 | - | ||
| 48 | -/* | ||
| 49 | - * This file is generated by configure and sets the features enabled | ||
| 50 | - * in pppd when configured. | ||
| 51 | - */ | ||
| 52 | - | ||
| 53 | -#ifndef PPP_PPPDCONF_H | ||
| 54 | -#define PPP_PPPDCONF_H | ||
| 55 | - | ||
| 56 | -/* Have Microsoft CHAP support */ | ||
| 57 | -#define PPP_WITH_CHAPMS 1 | ||
| 58 | - | ||
| 59 | -/* Have Microsoft LAN Manager support */ | ||
| 60 | -/* #undef PPP_WITH_MSLANMAN */ | ||
| 61 | - | ||
| 62 | -/* Have Microsoft MPPE support */ | ||
| 63 | -#define PPP_WITH_MPPE 1 | ||
| 64 | - | ||
| 65 | -/* Have multilink support */ | ||
| 66 | -#define PPP_WITH_MULTILINK 1 | ||
| 67 | - | ||
| 68 | -/* Have packet activity filter support */ | ||
| 69 | -#define PPP_WITH_FILTER 1 | ||
| 70 | - | ||
| 71 | -/* Have support for loadable plugins */ | ||
| 72 | -#define PPP_WITH_PLUGINS 1 | ||
| 73 | - | ||
| 74 | -/* Have Callback Protocol support */ | ||
| 75 | -/* #undef PPP_WITH_CBCP */ | ||
| 76 | - | ||
| 77 | -/* Include TDB support */ | ||
| 78 | -#define PPP_WITH_TDB 1 | ||
| 79 | - | ||
| 80 | -/* Have IPv6 Control Protocol */ | ||
| 81 | -#define PPP_WITH_IPV6CP 1 | ||
| 82 | - | ||
| 83 | -/* Support for Pluggable Authentication Modules */ | ||
| 84 | -/* #undef PPP_WITH_PAM */ | ||
| 85 | - | ||
| 86 | -/* Have EAP-SRP authentication support */ | ||
| 87 | -/* #undef PPP_WITH_SRP */ | ||
| 88 | - | ||
| 89 | -/* Have EAP-TLS authentication support */ | ||
| 90 | -#define PPP_WITH_EAPTLS 1 | ||
| 91 | - | ||
| 92 | -/* Have PEAP authentication support */ | ||
| 93 | -#define PPP_WITH_PEAP 1 | ||
| 94 | - | ||
| 95 | -/* The pppd version */ | ||
| 96 | -#define PPPD_VERSION "2.5.2" | ||
| 97 | - | ||
| 98 | -#endif | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch deleted file mode 100644 index d95c72e96b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppd-session-Fixed-building-with-GCC-15.patch +++ /dev/null | |||
| @@ -1,33 +0,0 @@ | |||
| 1 | From 5edcb01f1d8d521c819d45df1f1bb87697252130 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Khem Raj <raj.khem@gmail.com> | ||
| 3 | Date: Mon, 17 Mar 2025 14:38:26 -0700 | ||
| 4 | Subject: [PATCH] pppd/session: Fixed building with GCC 15 | ||
| 5 | |||
| 6 | Fixed building with GCC 15 which defaults to C23 | ||
| 7 | and find conflicting declration of getspnam() here | ||
| 8 | with the one provided by shadow.h (extern struct spwd *getspnam (const char *__name);) | ||
| 9 | |||
| 10 | Fixes | ||
| 11 | ../../ppp-2.5.2/pppd/session.c: In function 'session_start': | ||
| 12 | ../../ppp-2.5.2/pppd/session.c:185:18: error: conflicting types for 'getspnam'; have 'struct spwd *(void)' | ||
| 13 | 185 | struct spwd *getspnam(); | ||
| 14 | | ^~~~~~~~ | ||
| 15 | |||
| 16 | Upstream-Status: Submitted [https://github.com/ppp-project/ppp/pull/553] | ||
| 17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 18 | --- | ||
| 19 | pppd/session.c | 1 - | ||
| 20 | 1 file changed, 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/pppd/session.c b/pppd/session.c | ||
| 23 | index f08d8e1..9cc7538 100644 | ||
| 24 | --- a/pppd/session.c | ||
| 25 | +++ b/pppd/session.c | ||
| 26 | @@ -182,7 +182,6 @@ session_start(const int flags, const char *user, const char *passwd, const char | ||
| 27 | char *cbuf; | ||
| 28 | #ifdef HAVE_SHADOW_H | ||
| 29 | struct spwd *spwd; | ||
| 30 | - struct spwd *getspnam(); | ||
| 31 | long now = 0; | ||
| 32 | #endif /* #ifdef HAVE_SHADOW_H */ | ||
| 33 | #endif /* #ifdef PPP_WITH_PAM */ | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch deleted file mode 100644 index 2a3b3cc84a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-pppdump-Fixed-building-with-GCC-15-548.patch +++ /dev/null | |||
| @@ -1,75 +0,0 @@ | |||
| 1 | From 44a766a3d086f10cb584a0c423e5bed6af2e3615 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com> | ||
| 3 | Date: Thu, 27 Feb 2025 23:00:16 +0100 | ||
| 4 | Subject: [PATCH] pppdump: Fixed building with GCC 15 (#548) | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | GCC 15 defaults to C23 which does not allow K&R declarations. | ||
| 10 | |||
| 11 | Credit Yaakov Selkowitz in: | ||
| 12 | https://src.fedoraproject.org/rpms/ppp/pull-request/12 | ||
| 13 | |||
| 14 | Upstream-Status: Backport [https://github.com/ppp-project/ppp/pull/548] | ||
| 15 | |||
| 16 | Signed-off-by: Jaroslav Å karvada <jskarvad@redhat.com> | ||
| 17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 18 | --- | ||
| 19 | pppdump/pppdump.c | 20 +++++++------------- | ||
| 20 | 1 file changed, 7 insertions(+), 13 deletions(-) | ||
| 21 | |||
| 22 | diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c | ||
| 23 | index c24208a..1534036 100644 | ||
| 24 | --- a/pppdump/pppdump.c | ||
| 25 | +++ b/pppdump/pppdump.c | ||
| 26 | @@ -42,14 +42,12 @@ int tot_sent, tot_rcvd; | ||
| 27 | extern int optind; | ||
| 28 | extern char *optarg; | ||
| 29 | |||
| 30 | -void dumplog(); | ||
| 31 | -void dumpppp(); | ||
| 32 | -void show_time(); | ||
| 33 | +void dumplog(FILE *); | ||
| 34 | +void dumpppp(FILE *); | ||
| 35 | +void show_time(FILE *, int); | ||
| 36 | |||
| 37 | int | ||
| 38 | -main(ac, av) | ||
| 39 | - int ac; | ||
| 40 | - char **av; | ||
| 41 | +main(int ac, char **av) | ||
| 42 | { | ||
| 43 | int i; | ||
| 44 | char *p; | ||
| 45 | @@ -97,8 +95,7 @@ main(ac, av) | ||
| 46 | } | ||
| 47 | |||
| 48 | void | ||
| 49 | -dumplog(f) | ||
| 50 | - FILE *f; | ||
| 51 | +dumplog(FILE *f) | ||
| 52 | { | ||
| 53 | int c, n, k, col; | ||
| 54 | int nb, c2; | ||
| 55 | @@ -241,8 +238,7 @@ struct pkt { | ||
| 56 | unsigned char dbuf[8192]; | ||
| 57 | |||
| 58 | void | ||
| 59 | -dumpppp(f) | ||
| 60 | - FILE *f; | ||
| 61 | +dumpppp(FILE *f) | ||
| 62 | { | ||
| 63 | int c, n, k; | ||
| 64 | int nb, nl, dn, proto, rv; | ||
| 65 | @@ -375,9 +371,7 @@ dumpppp(f) | ||
| 66 | } | ||
| 67 | |||
| 68 | void | ||
| 69 | -show_time(f, c) | ||
| 70 | - FILE *f; | ||
| 71 | - int c; | ||
| 72 | +show_time(FILE *f, int c) | ||
| 73 | { | ||
| 74 | time_t t; | ||
| 75 | int n; | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/08setupdns b/meta/recipes-connectivity/ppp/ppp/08setupdns deleted file mode 100644 index 998219de97..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/08setupdns +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | ACTUALCONF=/var/run/resolv.conf | ||
| 3 | PPPCONF=/var/run/ppp/resolv.conf | ||
| 4 | if [ -f $PPPCONF ] ; then | ||
| 5 | if [ -f $ACTUALCONF ] ; then | ||
| 6 | if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then | ||
| 7 | mv $ACTUALCONF $ACTUALCONF.ppporig | ||
| 8 | fi | ||
| 9 | fi | ||
| 10 | |||
| 11 | ln -sf $PPPCONF $ACTUALCONF | ||
| 12 | fi | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/92removedns b/meta/recipes-connectivity/ppp/ppp/92removedns deleted file mode 100644 index 2eadec6899..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/92removedns +++ /dev/null | |||
| @@ -1,5 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | ACTUALCONF=/var/run/resolv.conf | ||
| 3 | if [ -f $ACTUALCONF.ppporig ] ; then | ||
| 4 | mv $ACTUALCONF.ppporig $ACTUALCONF | ||
| 5 | fi | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/init b/meta/recipes-connectivity/ppp/ppp/init deleted file mode 100755 index 0c0136049b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/init +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # | ||
| 3 | # /etc/init.d/ppp: start or stop PPP link. | ||
| 4 | # | ||
| 5 | # If you want PPP started on boot time (most dialup systems won't need it) | ||
| 6 | # rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and | ||
| 7 | # follow the instructions in the comments in that file. | ||
| 8 | |||
| 9 | # Source function library. | ||
| 10 | . /etc/init.d/functions | ||
| 11 | |||
| 12 | test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0 | ||
| 13 | if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi | ||
| 14 | |||
| 15 | case "$1" in | ||
| 16 | start) | ||
| 17 | echo -n "Starting up PPP link: pppd" | ||
| 18 | if [ "$RUNFILE" = "1" ]; then | ||
| 19 | /etc/ppp/ppp_on_boot | ||
| 20 | else | ||
| 21 | pppd call provider | ||
| 22 | fi | ||
| 23 | echo "." | ||
| 24 | ;; | ||
| 25 | stop) | ||
| 26 | echo -n "Shutting down PPP link: pppd" | ||
| 27 | if [ "$RUNFILE" = "1" ]; then | ||
| 28 | poff | ||
| 29 | else | ||
| 30 | poff provider | ||
| 31 | fi | ||
| 32 | echo "." | ||
| 33 | ;; | ||
| 34 | status) | ||
| 35 | status /usr/sbin/pppd; | ||
| 36 | exit $? | ||
| 37 | ;; | ||
| 38 | restart|force-reload) | ||
| 39 | echo -n "Restarting PPP link: pppd" | ||
| 40 | if [ "$RUNFILE" = "1" ]; then | ||
| 41 | poff | ||
| 42 | sleep 5 | ||
| 43 | /etc/ppp/ppp_on_boot | ||
| 44 | else | ||
| 45 | poff provider | ||
| 46 | sleep 5 | ||
| 47 | pppd call provider | ||
| 48 | fi | ||
| 49 | echo "." | ||
| 50 | ;; | ||
| 51 | *) | ||
| 52 | echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}" | ||
| 53 | exit 1 | ||
| 54 | ;; | ||
| 55 | esac | ||
| 56 | |||
| 57 | exit 0 | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-down b/meta/recipes-connectivity/ppp/ppp/ip-down deleted file mode 100755 index 06d35487a5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ip-down +++ /dev/null | |||
| @@ -1,43 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # | ||
| 3 | # $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $ | ||
| 4 | # | ||
| 5 | # This script is run by the pppd _after_ the link is brought down. | ||
| 6 | # It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete | ||
| 7 | # routes, unset IP addresses etc. you should create script(s) there. | ||
| 8 | # | ||
| 9 | # Be aware that other packages may include /etc/ppp/ip-down.d scripts (named | ||
| 10 | # after that package), so choose local script names with that in mind. | ||
| 11 | # | ||
| 12 | # This script is called with the following arguments: | ||
| 13 | # Arg Name Example | ||
| 14 | # $1 Interface name ppp0 | ||
| 15 | # $2 The tty ttyS1 | ||
| 16 | # $3 The link speed 38400 | ||
| 17 | # $4 Local IP number 12.34.56.78 | ||
| 18 | # $5 Peer IP number 12.34.56.99 | ||
| 19 | # $6 Optional ``ipparam'' value foo | ||
| 20 | |||
| 21 | # The environment is cleared before executing this script | ||
| 22 | # so the path must be reset | ||
| 23 | PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin | ||
| 24 | export PATH | ||
| 25 | # These variables are for the use of the scripts run by run-parts | ||
| 26 | PPP_IFACE="$1" | ||
| 27 | PPP_TTY="$2" | ||
| 28 | PPP_SPEED="$3" | ||
| 29 | PPP_LOCAL="$4" | ||
| 30 | PPP_REMOTE="$5" | ||
| 31 | PPP_IPPARAM="$6" | ||
| 32 | export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM | ||
| 33 | |||
| 34 | # as an additional convenience, $PPP_TTYNAME is set to the tty name, | ||
| 35 | # stripped of /dev/ (if present) for easier matching. | ||
| 36 | PPP_TTYNAME=`/usr/bin/basename "$2"` | ||
| 37 | export PPP_TTYNAME | ||
| 38 | |||
| 39 | # Main Script starts here | ||
| 40 | |||
| 41 | run-parts /etc/ppp/ip-down.d | ||
| 42 | |||
| 43 | # last line | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-up b/meta/recipes-connectivity/ppp/ppp/ip-up deleted file mode 100755 index fc2fae9fe0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ip-up +++ /dev/null | |||
| @@ -1,44 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # | ||
| 3 | # $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $ | ||
| 4 | # | ||
| 5 | # This script is run by the pppd after the link is established. | ||
| 6 | # It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes, | ||
| 7 | # set IP address, run the mailq etc. you should create script(s) there. | ||
| 8 | # | ||
| 9 | # Be aware that other packages may include /etc/ppp/ip-up.d scripts (named | ||
| 10 | # after that package), so choose local script names with that in mind. | ||
| 11 | # | ||
| 12 | # This script is called with the following arguments: | ||
| 13 | # Arg Name Example | ||
| 14 | # $1 Interface name ppp0 | ||
| 15 | # $2 The tty ttyS1 | ||
| 16 | # $3 The link speed 38400 | ||
| 17 | # $4 Local IP number 12.34.56.78 | ||
| 18 | # $5 Peer IP number 12.34.56.99 | ||
| 19 | # $6 Optional ``ipparam'' value foo | ||
| 20 | |||
| 21 | # The environment is cleared before executing this script | ||
| 22 | # so the path must be reset | ||
| 23 | PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin | ||
| 24 | export PATH | ||
| 25 | # These variables are for the use of the scripts run by run-parts | ||
| 26 | PPP_IFACE="$1" | ||
| 27 | PPP_TTY="$2" | ||
| 28 | PPP_SPEED="$3" | ||
| 29 | PPP_LOCAL="$4" | ||
| 30 | PPP_REMOTE="$5" | ||
| 31 | PPP_IPPARAM="$6" | ||
| 32 | export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM | ||
| 33 | |||
| 34 | |||
| 35 | # as an additional convenience, $PPP_TTYNAME is set to the tty name, | ||
| 36 | # stripped of /dev/ (if present) for easier matching. | ||
| 37 | PPP_TTYNAME=`/usr/bin/basename "$2"` | ||
| 38 | export PPP_TTYNAME | ||
| 39 | |||
| 40 | # Main Script starts here | ||
| 41 | |||
| 42 | run-parts /etc/ppp/ip-up.d | ||
| 43 | |||
| 44 | # last line | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/pap b/meta/recipes-connectivity/ppp/ppp/pap deleted file mode 100644 index 093c32607a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pap +++ /dev/null | |||
| @@ -1,22 +0,0 @@ | |||
| 1 | # You can use this script unmodified to connect to sites which allow | ||
| 2 | # authentication via PAP, CHAP and similar protocols. | ||
| 3 | # This script can be shared among different pppd peer configurations. | ||
| 4 | # To use it, add something like this to your /etc/ppp/peers/ file: | ||
| 5 | # | ||
| 6 | # connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER" | ||
| 7 | # user YOUR-USERNAME-IN-PAP-SECRETS | ||
| 8 | # noauth | ||
| 9 | |||
| 10 | # Uncomment the following line to see the connect speed. | ||
| 11 | # It will be logged to stderr or to the file specified with the -r chat option. | ||
| 12 | #REPORT CONNECT | ||
| 13 | |||
| 14 | ABORT BUSY | ||
| 15 | ABORT VOICE | ||
| 16 | ABORT "NO CARRIER" | ||
| 17 | ABORT "NO DIALTONE" | ||
| 18 | ABORT "NO DIAL TONE" | ||
| 19 | "" ATZ | ||
| 20 | OK ATDT\T | ||
| 21 | CONNECT "" | ||
| 22 | |||
diff --git a/meta/recipes-connectivity/ppp/ppp/poff b/meta/recipes-connectivity/ppp/ppp/poff deleted file mode 100644 index 0521a9406a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/poff +++ /dev/null | |||
| @@ -1,26 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | # Lets see how many pppds are running.... | ||
| 4 | set -- `cat /var/run/ppp*.pid 2>/dev/null` | ||
| 5 | |||
| 6 | case $# in | ||
| 7 | 0) # pppd only creates a pid file once ppp is up, so let's try killing pppd | ||
| 8 | # on the assumption that we've not got that far yet. | ||
| 9 | killall pppd | ||
| 10 | ;; | ||
| 11 | 1) # If only one was running then it can be killed (apparently killall | ||
| 12 | # caused problems for some, so lets try killing the pid from the file) | ||
| 13 | kill $1 | ||
| 14 | ;; | ||
| 15 | *) # More than one! Aieehh.. Dont know which one to kill. | ||
| 16 | echo "More than one pppd running. None stopped" | ||
| 17 | exit 1 | ||
| 18 | ;; | ||
| 19 | esac | ||
| 20 | |||
| 21 | if [ -r /var/run/ppp-quick ] | ||
| 22 | then | ||
| 23 | rm -f /var/run/ppp-quick | ||
| 24 | fi | ||
| 25 | |||
| 26 | exit 0 | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/pon b/meta/recipes-connectivity/ppp/ppp/pon deleted file mode 100644 index 91c059501a..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/pon +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | if [ "$1" = "quick" ] | ||
| 4 | then | ||
| 5 | touch /var/run/ppp-quick | ||
| 6 | shift | ||
| 7 | fi | ||
| 8 | |||
| 9 | /usr/sbin/pppd call ${1:-provider} | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp@.service b/meta/recipes-connectivity/ppp/ppp/ppp@.service deleted file mode 100644 index 2bf0b5e347..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ppp@.service +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=PPP link to %I | ||
| 3 | Before=network.target | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | ExecStart=@SBINDIR@/pppd call %I nodetach nolog | ||
| 7 | |||
| 8 | [Install] | ||
| 9 | WantedBy=multi-user.target | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/meta/recipes-connectivity/ppp/ppp/ppp_on_boot deleted file mode 100644 index 9793761840..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot +++ /dev/null | |||
| @@ -1,21 +0,0 @@ | |||
| 1 | ###!/bin/sh | ||
| 2 | # | ||
| 3 | # Rename this file to ppp_on_boot and pppd will be fired up as | ||
| 4 | # soon as the system comes up, connecting to `provider'. | ||
| 5 | # | ||
| 6 | # If you also make this file executable, and replace the first line | ||
| 7 | # with just "#!/bin/sh", the commands below will be executed instead. | ||
| 8 | # | ||
| 9 | |||
| 10 | # The location of the ppp daemon itself (shouldn't need to be changed) | ||
| 11 | PPPD=/usr/sbin/pppd | ||
| 12 | |||
| 13 | # The default provider to connect to | ||
| 14 | $PPPD call provider | ||
| 15 | |||
| 16 | # Additional connections, which would just use settings from | ||
| 17 | # /etc/ppp/options.<tty> | ||
| 18 | #$PPPD ttyS0 | ||
| 19 | #$PPPD ttyS1 | ||
| 20 | #$PPPD ttyS2 | ||
| 21 | #$PPPD ttyS3 | ||
diff --git a/meta/recipes-connectivity/ppp/ppp/provider b/meta/recipes-connectivity/ppp/ppp/provider deleted file mode 100644 index e74d71a8eb..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/provider +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | # example configuration for a dialup connection authenticated with PAP or CHAP | ||
| 2 | # | ||
| 3 | # This is the default configuration used by pon(1) and poff(1). | ||
| 4 | # See the manual page pppd(8) for information on all the options. | ||
| 5 | |||
| 6 | # MUST CHANGE: replace myusername@realm with the PPP login name given to | ||
| 7 | # your by your provider. | ||
| 8 | # There should be a matching entry with the password in /etc/ppp/pap-secrets | ||
| 9 | # and/or /etc/ppp/chap-secrets. | ||
| 10 | user "myusername@realm" | ||
| 11 | |||
| 12 | # MUST CHANGE: replace ******** with the phone number of your provider. | ||
| 13 | # The /etc/chatscripts/pap chat script may be modified to change the | ||
| 14 | # modem initialization string. | ||
| 15 | connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********" | ||
| 16 | |||
| 17 | # Serial device to which the modem is connected. | ||
| 18 | /dev/modem | ||
| 19 | |||
| 20 | # Speed of the serial line. | ||
| 21 | 115200 | ||
| 22 | |||
| 23 | # Assumes that your IP address is allocated dynamically by the ISP. | ||
| 24 | noipdefault | ||
| 25 | # Try to get the name server addresses from the ISP. | ||
| 26 | usepeerdns | ||
| 27 | # Use this connection as the default route. | ||
| 28 | defaultroute | ||
| 29 | |||
| 30 | # Makes pppd "dial again" when the connection is lost. | ||
| 31 | persist | ||
| 32 | |||
| 33 | # Do not ask the remote to authenticate. | ||
| 34 | noauth | ||
| 35 | |||
diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb b/meta/recipes-connectivity/ppp/ppp_2.5.2.bb deleted file mode 100644 index 607678db8b..0000000000 --- a/meta/recipes-connectivity/ppp/ppp_2.5.2.bb +++ /dev/null | |||
| @@ -1,81 +0,0 @@ | |||
| 1 | SUMMARY = "Point-to-Point Protocol (PPP) support" | ||
| 2 | DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \ | ||
| 3 | the Point-to-Point Protocol (PPP) on Linux and Solaris systems." | ||
| 4 | SECTION = "console/network" | ||
| 5 | HOMEPAGE = "http://samba.org/ppp/" | ||
| 6 | BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" | ||
| 7 | DEPENDS = "libpcap virtual/crypt" | ||
| 8 | LICENSE = "BSD-2-Clause & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD & MIT" | ||
| 9 | LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=25;md5=f0463bd67ae70535c709fca554089bd8 \ | ||
| 10 | file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ | ||
| 11 | file://chat/chat.c;beginline=1;endline=1;md5=234d7d4edd08962c0144e4604050e0b6 \ | ||
| 12 | " | ||
| 13 | |||
| 14 | SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ | ||
| 15 | file://pon \ | ||
| 16 | file://poff \ | ||
| 17 | file://init \ | ||
| 18 | file://ip-up \ | ||
| 19 | file://ip-down \ | ||
| 20 | file://08setupdns \ | ||
| 21 | file://92removedns \ | ||
| 22 | file://pap \ | ||
| 23 | file://ppp_on_boot \ | ||
| 24 | file://provider \ | ||
| 25 | file://ppp@.service \ | ||
| 26 | file://0001-pppdump-Fixed-building-with-GCC-15-548.patch \ | ||
| 27 | file://0001-pppd-pppdconf.h-remove-erroneous-generated-header.patch \ | ||
| 28 | file://0001-pppd-session-Fixed-building-with-GCC-15.patch \ | ||
| 29 | " | ||
| 30 | |||
| 31 | SRC_URI[sha256sum] = "47da358de54a10cb10bf6ff2cf9b1c03c0d3555518f6182e8f701b8e55733cb2" | ||
| 32 | |||
| 33 | inherit autotools pkgconfig systemd | ||
| 34 | |||
| 35 | PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" | ||
| 36 | PACKAGECONFIG[pam] = "--with-pam=yes,--with-pam=no,libpam" | ||
| 37 | PACKAGECONFIG[openssl] = "--with-openssl=yes,--with-openssl=no,openssl" | ||
| 38 | PACKAGECONFIG[multilink] = "--enable-multilink,--disable-multilink" | ||
| 39 | |||
| 40 | do_install:append () { | ||
| 41 | mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d | ||
| 42 | mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ | ||
| 43 | mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ | ||
| 44 | install -m 0755 ${UNPACKDIR}/pon ${D}${bindir}/pon | ||
| 45 | install -m 0755 ${UNPACKDIR}/poff ${D}${bindir}/poff | ||
| 46 | install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/ppp | ||
| 47 | install -m 0755 ${UNPACKDIR}/ip-up ${D}${sysconfdir}/ppp/ | ||
| 48 | install -m 0755 ${UNPACKDIR}/ip-down ${D}${sysconfdir}/ppp/ | ||
| 49 | install -m 0755 ${UNPACKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/ | ||
| 50 | install -m 0755 ${UNPACKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/ | ||
| 51 | mkdir -p ${D}${sysconfdir}/chatscripts | ||
| 52 | mkdir -p ${D}${sysconfdir}/ppp/peers | ||
| 53 | install -m 0755 ${UNPACKDIR}/pap ${D}${sysconfdir}/chatscripts | ||
| 54 | install -m 0755 ${UNPACKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot | ||
| 55 | install -m 0755 ${UNPACKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider | ||
| 56 | install -d ${D}${systemd_system_unitdir} | ||
| 57 | install -m 0644 ${UNPACKDIR}/ppp@.service ${D}${systemd_system_unitdir} | ||
| 58 | sed -i -e 's,@SBINDIR@,${sbindir},g' \ | ||
| 59 | ${D}${systemd_system_unitdir}/ppp@.service | ||
| 60 | } | ||
| 61 | |||
| 62 | CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" | ||
| 63 | PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools" | ||
| 64 | FILES:${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service" | ||
| 65 | FILES:${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so" | ||
| 66 | FILES:${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so" | ||
| 67 | FILES:${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so" | ||
| 68 | FILES:${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so" | ||
| 69 | FILES:${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so" | ||
| 70 | FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so" | ||
| 71 | FILES:${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so" | ||
| 72 | FILES:${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump" | ||
| 73 | SUMMARY:${PN}-oa = "Plugin for PPP for PPP-over-ATM support" | ||
| 74 | SUMMARY:${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support" | ||
| 75 | SUMMARY:${PN}-radius = "Plugin for PPP for RADIUS support" | ||
| 76 | SUMMARY:${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows" | ||
| 77 | SUMMARY:${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies" | ||
| 78 | SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe" | ||
| 79 | SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" | ||
| 80 | SUMMARY:${PN}-tools = "Additional tools for the PPP package" | ||
| 81 | |||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch b/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch deleted file mode 100644 index ab32f26754..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch +++ /dev/null | |||
| @@ -1,37 +0,0 @@ | |||
| 1 | From 6bf2bb136a0b3961339369bc08e58b661fba0edb Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
| 3 | Date: Thu, 17 Nov 2022 17:26:30 +0800 | ||
| 4 | Subject: [PATCH] avoid using -m option for readlink | ||
| 5 | |||
| 6 | Use a more widely used option '-f' instead of '-m' here to | ||
| 7 | avoid dependency on coreutils. | ||
| 8 | |||
| 9 | Looking at the git history of the resolvconf repo, the '-m' | ||
| 10 | is deliberately used. And it wants to depend on coreutils. | ||
| 11 | But in case of OE, the existence of /etc is ensured, and busybox | ||
| 12 | readlink provides '-f' option, so we can just use '-f'. In this | ||
| 13 | way, the coreutils dependency is not necessary any more. | ||
| 14 | |||
| 15 | Upstream-Status: Inappropriate [OE Specific] | ||
| 16 | |||
| 17 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 18 | --- | ||
| 19 | etc/resolvconf/update.d/libc | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/etc/resolvconf/update.d/libc b/etc/resolvconf/update.d/libc | ||
| 23 | index 1c4f6bc..f75d22c 100755 | ||
| 24 | --- a/etc/resolvconf/update.d/libc | ||
| 25 | +++ b/etc/resolvconf/update.d/libc | ||
| 26 | @@ -57,7 +57,7 @@ fi | ||
| 27 | report_warning() { echo "$0: Warning: $*" >&2 ; } | ||
| 28 | |||
| 29 | resolv_conf_is_symlinked_to_dynamic_file() { | ||
| 30 | - [ -L ${ETC}/resolv.conf ] && [ "$(readlink -m ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] | ||
| 31 | + [ -L ${ETC}/resolv.conf ] && [ "$(readlink -f ${ETC}/resolv.conf)" = "$DYNAMICRSLVCNFFILE" ] | ||
| 32 | } | ||
| 33 | |||
| 34 | if ! resolv_conf_is_symlinked_to_dynamic_file ; then | ||
| 35 | -- | ||
| 36 | 2.17.1 | ||
| 37 | |||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf deleted file mode 100644 index 3790d774a7..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf +++ /dev/null | |||
| @@ -1,4 +0,0 @@ | |||
| 1 | d root root 0755 /var/run/resolvconf/interface none | ||
| 2 | f root root 0644 /etc/resolvconf/run/resolv.conf none | ||
| 3 | f root root 0644 /etc/resolvconf/run/enable-updates none | ||
| 4 | l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf | ||
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb deleted file mode 100644 index c10c57267a..0000000000 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.93.bb +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | SUMMARY = "name server information handler" | ||
| 2 | DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \ | ||
| 3 | information about currently available nameservers. It sets \ | ||
| 4 | itself up as the intermediary between programs that supply \ | ||
| 5 | nameserver information and programs that need nameserver \ | ||
| 6 | information." | ||
| 7 | SECTION = "console/network" | ||
| 8 | LICENSE = "GPL-2.0-or-later" | ||
| 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" | ||
| 10 | HOMEPAGE = "http://packages.debian.org/resolvconf" | ||
| 11 | RDEPENDS:${PN} = "bash sed util-linux-flock" | ||
| 12 | |||
| 13 | SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ | ||
| 14 | file://99_resolvconf \ | ||
| 15 | file://0001-avoid-using-m-option-for-readlink.patch \ | ||
| 16 | " | ||
| 17 | |||
| 18 | SRCREV = "ab766fa31f7939f6d879123236b4275320b7ff64" | ||
| 19 | |||
| 20 | # the package is taken from snapshots.debian.org; that source is static and goes stale | ||
| 21 | # so we check the latest upstream from a directory that does get updated | ||
| 22 | UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/" | ||
| 23 | |||
| 24 | do_compile () { | ||
| 25 | : | ||
| 26 | } | ||
| 27 | |||
| 28 | do_install () { | ||
| 29 | install -d ${D}${sysconfdir}/default/volatiles | ||
| 30 | install -m 0644 ${UNPACKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles | ||
| 31 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
| 32 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
| 33 | echo "d /run/${BPN}/interface - - - -" \ | ||
| 34 | > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf | ||
| 35 | fi | ||
| 36 | install -d ${D}${base_libdir}/${BPN} | ||
| 37 | install -d ${D}${sysconfdir}/${BPN} | ||
| 38 | install -d ${D}${nonarch_base_libdir}/${BPN} | ||
| 39 | ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run | ||
| 40 | install -d ${D}${sysconfdir} ${D}${base_sbindir} | ||
| 41 | install -d ${D}${mandir}/man8 ${D}${docdir}/${P} | ||
| 42 | cp -pPR etc/resolvconf ${D}${sysconfdir}/ | ||
| 43 | chown -R root:root ${D}${sysconfdir}/ | ||
| 44 | install -m 0755 bin/resolvconf ${D}${base_sbindir}/ | ||
| 45 | install -m 0755 bin/normalize-resolvconf ${D}${nonarch_base_libdir}/${BPN} | ||
| 46 | install -m 0755 bin/list-records ${D}${base_libdir}/${BPN} | ||
| 47 | install -d ${D}/${sysconfdir}/network/if-up.d | ||
| 48 | install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf | ||
| 49 | install -d ${D}/${sysconfdir}/network/if-down.d | ||
| 50 | install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf | ||
| 51 | install -m 0644 README ${D}${docdir}/${P}/ | ||
| 52 | install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/ | ||
| 53 | } | ||
| 54 | |||
| 55 | pkg_postinst:${PN} () { | ||
| 56 | if [ -z "$D" ]; then | ||
| 57 | if command -v systemd-tmpfiles >/dev/null; then | ||
| 58 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf | ||
| 59 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then | ||
| 60 | ${sysconfdir}/init.d/populate-volatile.sh update | ||
| 61 | fi | ||
| 62 | fi | ||
| 63 | } | ||
| 64 | |||
| 65 | FILES:${PN} += "${base_libdir}/${BPN} ${nonarch_base_libdir}/${BPN}" | ||
diff --git a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb b/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb deleted file mode 100644 index 9f7005d709..0000000000 --- a/meta/recipes-connectivity/slirp/libslirp_4.9.1.bb +++ /dev/null | |||
| @@ -1,14 +0,0 @@ | |||
| 1 | SUMMARY = "A general purpose TCP-IP emulator" | ||
| 2 | DESCRIPTION = "A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services." | ||
| 3 | HOMEPAGE = "https://gitlab.freedesktop.org/slirp/libslirp" | ||
| 4 | LICENSE = "BSD-3-Clause & MIT" | ||
| 5 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bca0186b14e6b05e338e729f106db727" | ||
| 6 | |||
| 7 | SRC_URI = "git://gitlab.freedesktop.org/slirp/libslirp.git;protocol=https;branch=master" | ||
| 8 | SRCREV = "9c744e1e52aa0d9646ed91d789d588696292c21e" | ||
| 9 | |||
| 10 | DEPENDS = "glib-2.0" | ||
| 11 | |||
| 12 | inherit meson pkgconfig | ||
| 13 | |||
| 14 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch b/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch deleted file mode 100644 index ea00dfa0a9..0000000000 --- a/meta/recipes-connectivity/socat/files/0001-fix-compile-procan.c-failed.patch +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | From c4c3d5f2d4dfe8167205e8d20b4cb7a197706c16 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 3 | Date: Wed, 27 Nov 2024 04:09:59 -0800 | ||
| 4 | Subject: [PATCH] fix compile procan.c failed | ||
| 5 | |||
| 6 | 1. Compile socat failed if out of tree build (build dir != source dir) | ||
| 7 | ... | ||
| 8 | gcc -c -D CC="gcc" -o procan.o procan.c | ||
| 9 | cc1: fatal error: procan.c: No such file or directory | ||
| 10 | ... | ||
| 11 | Explicitly add $srcdir to makefile rule | ||
| 12 | |||
| 13 | 2. Compile socat failed if multiple words in $(CC), such as CC="gcc -m64" | ||
| 14 | ... | ||
| 15 | from ../socat-1.8.0.0/procan.c:10: | ||
| 16 | ../socat-1.8.0.0/sysincludes.h:18:10: fatal error: inttypes.h: No such file or directory | ||
| 17 | 18 | #include <inttypes.h> /* uint16_t */ | ||
| 18 | ... | ||
| 19 | |||
| 20 | In commit [Procan: print umask, CC, and couple more new infos][1], | ||
| 21 | it defeines marcro CC in C source, the space in CC will break | ||
| 22 | C source compile. Use first word of $(CC) to defeine marco CC | ||
| 23 | |||
| 24 | [1] https://repo.or.cz/socat.git/commit/cd5673dbd0786c94e0b3ace7e35fab14c01e3185 | ||
| 25 | |||
| 26 | Upstream-Status: Submitted [socat@dest-unreach.org] | ||
| 27 | |||
| 28 | Rebase to 1.8.0.1 | ||
| 29 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 30 | --- | ||
| 31 | Makefile.in | 8 ++++---- | ||
| 32 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
| 33 | |||
| 34 | diff --git a/Makefile.in b/Makefile.in | ||
| 35 | index 631d31d..103d4d1 100644 | ||
| 36 | --- a/Makefile.in | ||
| 37 | +++ b/Makefile.in | ||
| 38 | @@ -110,7 +110,7 @@ socat: socat.o libxio.a | ||
| 39 | $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) | ||
| 40 | |||
| 41 | procan.o: $(srcdir)/procan.c | ||
| 42 | - $(CC) $(CFLAGS) -c -D CC="\"$(CC)\"" -o $@ $(srcdir)/procan.c | ||
| 43 | + $(CC) $(CFLAGS) -c -D CC="\"$(firstword $(CC))\"" -o $@ $(srcdir)/procan.c | ||
| 44 | |||
| 45 | PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o | ||
| 46 | procan: $(PROCAN_OBJS) | ||
| 47 | @@ -132,9 +132,9 @@ install: progs $(srcdir)/doc/socat.1 | ||
| 48 | mkdir -p $(DESTDIR)$(BINDEST) | ||
| 49 | $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 | ||
| 50 | ln -sf socat1 $(DESTDIR)$(BINDEST)/socat | ||
| 51 | - $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) | ||
| 52 | - $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) | ||
| 53 | - $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) | ||
| 54 | + $(INSTALL) -m 755 $(srcdir)/socat-chain.sh $(DESTDIR)$(BINDEST) | ||
| 55 | + $(INSTALL) -m 755 $(srcdir)/socat-mux.sh $(DESTDIR)$(BINDEST) | ||
| 56 | + $(INSTALL) -m 755 $(srcdir)/socat-broker.sh $(DESTDIR)$(BINDEST) | ||
| 57 | $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) | ||
| 58 | $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) | ||
| 59 | mkdir -p $(DESTDIR)$(MANDEST)/man1 | ||
| 60 | -- | ||
| 61 | 2.25.1 | ||
| 62 | |||
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb deleted file mode 100644 index ee6ca1fe44..0000000000 --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | SUMMARY = "Multipurpose relay for bidirectional data transfer" | ||
| 2 | DESCRIPTION = "Socat is a relay for bidirectional data \ | ||
| 3 | transfer between two independent data channels." | ||
| 4 | HOMEPAGE = "http://www.dest-unreach.org/socat/" | ||
| 5 | |||
| 6 | SECTION = "console/network" | ||
| 7 | |||
| 8 | LICENSE = "GPL-2.0-with-OpenSSL-exception" | ||
| 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | ||
| 10 | file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" | ||
| 11 | |||
| 12 | SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ | ||
| 13 | file://0001-fix-compile-procan.c-failed.patch \ | ||
| 14 | " | ||
| 15 | |||
| 16 | SRC_URI[sha256sum] = "01eb017361d95bb3a6941e840b59e4463a3fabf92df4154ed02b16a2ed6a0095" | ||
| 17 | |||
| 18 | inherit autotools | ||
| 19 | |||
| 20 | EXTRA_AUTORECONF += "--exclude=autoheader" | ||
| 21 | |||
| 22 | EXTRA_OECONF += "ac_cv_have_z_modifier=yes \ | ||
| 23 | ac_cv_header_bsd_libutil_h=no \ | ||
| 24 | sc_cv_termios_ispeed=no \ | ||
| 25 | ${TERMBITS_SHIFTS} \ | ||
| 26 | " | ||
| 27 | |||
| 28 | TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \ | ||
| 29 | sc_cv_sys_tabdly_shift=11 \ | ||
| 30 | sc_cv_sys_csize_shift=4" | ||
| 31 | |||
| 32 | TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \ | ||
| 33 | sc_cv_sys_tabdly_shift=10 \ | ||
| 34 | sc_cv_sys_csize_shift=8" | ||
| 35 | |||
| 36 | TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \ | ||
| 37 | sc_cv_sys_tabdly_shift=10 \ | ||
| 38 | sc_cv_sys_csize_shift=8" | ||
| 39 | |||
| 40 | PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl" | ||
| 41 | PACKAGECONFIG ??= "readline openssl" | ||
| 42 | PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" | ||
| 43 | PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline" | ||
| 44 | PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" | ||
| 45 | |||
| 46 | CFLAGS += "-fcommon" | ||
| 47 | |||
| 48 | do_install:prepend () { | ||
| 49 | mkdir -p ${D}${bindir} | ||
| 50 | install -d ${D}${bindir} ${D}${mandir}/man1 | ||
| 51 | } | ||
| 52 | |||
| 53 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key deleted file mode 100644 index 30443c9438..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key +++ /dev/null | |||
| Binary files differ | |||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key deleted file mode 100644 index 86c2104ec8..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | -----BEGIN OPENSSH PRIVATE KEY----- | ||
| 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS | ||
| 3 | 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF | ||
| 4 | rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN | ||
| 5 | uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30 | ||
| 6 | 07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E | ||
| 7 | cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw | ||
| 8 | cwECAw== | ||
| 9 | -----END OPENSSH PRIVATE KEY----- | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub deleted file mode 100644 index a358aeb88a..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key deleted file mode 100644 index 00ed9adae2..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key +++ /dev/null | |||
| @@ -1,7 +0,0 @@ | |||
| 1 | -----BEGIN OPENSSH PRIVATE KEY----- | ||
| 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||
| 3 | QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV | ||
| 4 | dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw | ||
| 5 | AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K | ||
| 6 | awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM= | ||
| 7 | -----END OPENSSH PRIVATE KEY----- | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub deleted file mode 100644 index cc0e2f43ed..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key deleted file mode 100644 index a8e4406ba3..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key +++ /dev/null | |||
| @@ -1,38 +0,0 @@ | |||
| 1 | -----BEGIN OPENSSH PRIVATE KEY----- | ||
| 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn | ||
| 3 | NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC | ||
| 4 | i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8 | ||
| 5 | KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL | ||
| 6 | EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z | ||
| 7 | PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz | ||
| 8 | kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y | ||
| 9 | 59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq | ||
| 10 | tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2 | ||
| 11 | EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO | ||
| 12 | 7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf | ||
| 13 | X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E | ||
| 14 | nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L | ||
| 15 | NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM | ||
| 16 | HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL | ||
| 17 | NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY | ||
| 18 | 9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U | ||
| 19 | mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb | ||
| 20 | N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK | ||
| 21 | m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+ | ||
| 22 | ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/ | ||
| 23 | SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk | ||
| 24 | b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot | ||
| 25 | JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA | ||
| 26 | wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0 | ||
| 27 | jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM | ||
| 28 | lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD | ||
| 29 | 8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52 | ||
| 30 | p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt | ||
| 31 | cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV | ||
| 32 | p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J | ||
| 33 | BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx | ||
| 34 | WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP | ||
| 35 | 2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49 | ||
| 36 | tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F | ||
| 37 | 9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ== | ||
| 38 | -----END OPENSSH PRIVATE KEY----- | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub deleted file mode 100644 index 9eb8c3838f..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen | ||
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb deleted file mode 100644 index 57b0534929..0000000000 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb +++ /dev/null | |||
| @@ -1,23 +0,0 @@ | |||
| 1 | SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests" | ||
| 2 | |||
| 3 | SRC_URI = "file://dropbear_rsa_host_key \ | ||
| 4 | file://openssh" | ||
| 5 | |||
| 6 | LICENSE = "MIT" | ||
| 7 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" | ||
| 8 | |||
| 9 | S = "${UNPACKDIR}" | ||
| 10 | |||
| 11 | INHIBIT_DEFAULT_DEPS = "1" | ||
| 12 | |||
| 13 | COMPATIBLE_MACHINE = "^qemu.*$" | ||
| 14 | |||
| 15 | do_install () { | ||
| 16 | install -d ${D}${sysconfdir}/dropbear | ||
| 17 | install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ | ||
| 18 | |||
| 19 | install -d ${D}${sysconfdir}/ssh | ||
| 20 | install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/ | ||
| 21 | chmod 0600 ${D}${sysconfdir}/ssh/* | ||
| 22 | chmod 0644 ${D}${sysconfdir}/ssh/*.pub | ||
| 23 | } | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch deleted file mode 100644 index f9634e47c9..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | From 809d9d8172db8e2a08ff639875f838b5b86d2641 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Sergey Matyukevich <geomatsi@gmail.com> | ||
| 3 | Date: Thu, 22 Aug 2024 00:03:41 +0300 | ||
| 4 | Subject: [PATCH] macsec_linux: Hardware offload requires Linux headers >= v5.7 | ||
| 5 | |||
| 6 | Hardware offload in Linux macsec driver is enabled in compile time if | ||
| 7 | libnl version is >= v3.6. This is not sufficient for successful build | ||
| 8 | since enum 'macsec_offload' has been added to Linux header if_link.h | ||
| 9 | in kernels v5.6 and v5.7, see commits: | ||
| 10 | - https://github.com/torvalds/linux/commit/21114b7feec29e4425a3ac48a037569c016a46c8 | ||
| 11 | - https://github.com/torvalds/linux/commit/76564261a7db80c5f5c624e0122a28787f266bdf | ||
| 12 | |||
| 13 | New libnl with older Linux headers is a valid combination. This is how | ||
| 14 | hostapd build failure has been detected by Buildroot autobuilder, see: | ||
| 15 | - http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/ | ||
| 16 | |||
| 17 | Extend compile time condition for the enablement of the macsec hardware | ||
| 18 | offload adding Linux headers version check. | ||
| 19 | |||
| 20 | Fixes: 40c139664439 ("macsec_linux: Add support for MACsec hardware offload") | ||
| 21 | Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> | ||
| 22 | |||
| 23 | Upstream-Status: Backport [https://w1.fi/cgit/hostap/patch/?id=809d9d8172db8e2a08ff639875f838b5b86d2641] | ||
| 24 | Signed-off-by: Jon Mason <jdmason@kudzu.us> | ||
| 25 | --- | ||
| 26 | src/drivers/driver_macsec_linux.c | 4 +++- | ||
| 27 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 28 | |||
| 29 | diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c | ||
| 30 | index c867154981e9..fad47a292f9f 100644 | ||
| 31 | --- a/src/drivers/driver_macsec_linux.c | ||
| 32 | +++ b/src/drivers/driver_macsec_linux.c | ||
| 33 | @@ -19,6 +19,7 @@ | ||
| 34 | #include <netlink/route/link.h> | ||
| 35 | #include <netlink/route/link/macsec.h> | ||
| 36 | #include <linux/if_macsec.h> | ||
| 37 | +#include <linux/version.h> | ||
| 38 | #include <inttypes.h> | ||
| 39 | |||
| 40 | #include "utils/common.h" | ||
| 41 | @@ -32,7 +33,8 @@ | ||
| 42 | |||
| 43 | #define UNUSED_SCI 0xffffffffffffffff | ||
| 44 | |||
| 45 | -#if LIBNL_VER_NUM >= LIBNL_VER(3, 6) | ||
| 46 | +#if (LIBNL_VER_NUM >= LIBNL_VER(3, 6) && \ | ||
| 47 | + LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) | ||
| 48 | #define LIBNL_HAS_OFFLOAD | ||
| 49 | #endif | ||
| 50 | |||
| 51 | -- | ||
| 52 | 2.39.2 | ||
| 53 | |||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant deleted file mode 100644 index 6ff4dd8826..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | d root root 0700 /var/run/wpa_supplicant none | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch deleted file mode 100644 index 36660b5880..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch +++ /dev/null | |||
| @@ -1,79 +0,0 @@ | |||
| 1 | From 726432d7622cc0088ac353d073b59628b590ea44 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jouni Malinen <j@w1.fi> | ||
| 3 | Date: Sat, 25 Jan 2025 11:21:16 +0200 | ||
| 4 | Subject: [PATCH] RADIUS: Drop pending request only when accepting the response | ||
| 5 | |||
| 6 | The case of an invalid authenticator in a RADIUS response could imply | ||
| 7 | that the response is not from the correct RADIUS server and as such, | ||
| 8 | such a response should be discarded without changing internal state for | ||
| 9 | the pending request. The case of an unknown response (RADIUS_RX_UNKNOWN) | ||
| 10 | is somewhat more complex since it could have been indicated before | ||
| 11 | validating the authenticator. In any case, it seems better to change the | ||
| 12 | state for the pending request only when we have fully accepted the | ||
| 13 | response. | ||
| 14 | |||
| 15 | Allowing the internal state of pending RADIUS request to change based on | ||
| 16 | responses that are not fully validation could have allow at least a | ||
| 17 | theoretical DoS attack if an attacker were to have means for injecting | ||
| 18 | RADIUS messages to the network using the IP address of the real RADIUS | ||
| 19 | server and being able to do so more quickly than the real server and | ||
| 20 | with the matching identifier from the request header (i.e., either by | ||
| 21 | flooding 256 responses quickly or by having means to capture the RADIUS | ||
| 22 | request). These should not really be realistic options in a properly | ||
| 23 | protected deployment, but nevertheless it is good to be more careful in | ||
| 24 | processing RADIUS responses. | ||
| 25 | |||
| 26 | Remove a pending RADIUS request from the internal list only when having | ||
| 27 | fully accepted a matching RADIUS response, i.e., after one of the | ||
| 28 | registered handlers has confirmed that the authenticator is valid and | ||
| 29 | processing of the response has succeeded. | ||
| 30 | |||
| 31 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
| 32 | |||
| 33 | CVE: CVE-2025-24912 | ||
| 34 | Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44] | ||
| 35 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 36 | --- | ||
| 37 | src/radius/radius_client.c | 15 +++++++-------- | ||
| 38 | 1 file changed, 7 insertions(+), 8 deletions(-) | ||
| 39 | |||
| 40 | diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c | ||
| 41 | index 2a7f36170..7909b29a7 100644 | ||
| 42 | --- a/src/radius/radius_client.c | ||
| 43 | +++ b/src/radius/radius_client.c | ||
| 44 | @@ -1259,13 +1259,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 45 | roundtrip / 100, roundtrip % 100); | ||
| 46 | rconf->round_trip_time = roundtrip; | ||
| 47 | |||
| 48 | - /* Remove ACKed RADIUS packet from retransmit list */ | ||
| 49 | - if (prev_req) | ||
| 50 | - prev_req->next = req->next; | ||
| 51 | - else | ||
| 52 | - radius->msgs = req->next; | ||
| 53 | - radius->num_msgs--; | ||
| 54 | - | ||
| 55 | for (i = 0; i < num_handlers; i++) { | ||
| 56 | RadiusRxResult res; | ||
| 57 | res = handlers[i].handler(msg, req->msg, req->shared_secret, | ||
| 58 | @@ -1276,6 +1269,13 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 59 | radius_msg_free(msg); | ||
| 60 | /* fall through */ | ||
| 61 | case RADIUS_RX_QUEUED: | ||
| 62 | + /* Remove ACKed RADIUS packet from retransmit list */ | ||
| 63 | + if (prev_req) | ||
| 64 | + prev_req->next = req->next; | ||
| 65 | + else | ||
| 66 | + radius->msgs = req->next; | ||
| 67 | + radius->num_msgs--; | ||
| 68 | + | ||
| 69 | radius_client_msg_free(req); | ||
| 70 | return; | ||
| 71 | case RADIUS_RX_INVALID_AUTHENTICATOR: | ||
| 72 | @@ -1297,7 +1297,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 73 | msg_type, hdr->code, hdr->identifier, | ||
| 74 | invalid_authenticator ? " [INVALID AUTHENTICATOR]" : | ||
| 75 | ""); | ||
| 76 | - radius_client_msg_free(req); | ||
| 77 | |||
| 78 | fail: | ||
| 79 | radius_msg_free(msg); | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch deleted file mode 100644 index add2e47048..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch +++ /dev/null | |||
| @@ -1,70 +0,0 @@ | |||
| 1 | From 339a334551ca911187cc870f4f97ef08e11db109 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jouni Malinen <quic_jouni@quicinc.com> | ||
| 3 | Date: Wed, 5 Feb 2025 19:23:39 +0200 | ||
| 4 | Subject: [PATCH] RADIUS: Fix pending request dropping | ||
| 5 | |||
| 6 | A recent change to this moved the place where the processed RADIUS | ||
| 7 | request was removed from the pending list to happen after the message | ||
| 8 | handler had been called. This did not take into account possibility of | ||
| 9 | the handler adding a new pending request in the list and the prev_req | ||
| 10 | pointer not necessarily pointing to the correct entry anymore. As such, | ||
| 11 | some of the pending requests could have been lost and that would result | ||
| 12 | in not being able to process responses to those requests and also, to a | ||
| 13 | memory leak. | ||
| 14 | |||
| 15 | Fix this by determining prev_req at the point when the pending request | ||
| 16 | is being removed, i.e., after the handler function has already added a | ||
| 17 | new entry. | ||
| 18 | |||
| 19 | Fixes: 726432d7622c ("RADIUS: Drop pending request only when accepting the response") | ||
| 20 | Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com> | ||
| 21 | |||
| 22 | CVE: CVE-2025-24912 | ||
| 23 | Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109] | ||
| 24 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
| 25 | --- | ||
| 26 | src/radius/radius_client.c | 10 +++++++--- | ||
| 27 | 1 file changed, 7 insertions(+), 3 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/src/radius/radius_client.c b/src/radius/radius_client.c | ||
| 30 | index 7909b29a7..d4faa7936 100644 | ||
| 31 | --- a/src/radius/radius_client.c | ||
| 32 | +++ b/src/radius/radius_client.c | ||
| 33 | @@ -1099,7 +1099,7 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 34 | struct radius_hdr *hdr; | ||
| 35 | struct radius_rx_handler *handlers; | ||
| 36 | size_t num_handlers, i; | ||
| 37 | - struct radius_msg_list *req, *prev_req; | ||
| 38 | + struct radius_msg_list *req, *prev_req, *r; | ||
| 39 | struct os_reltime now; | ||
| 40 | struct hostapd_radius_server *rconf; | ||
| 41 | int invalid_authenticator = 0; | ||
| 42 | @@ -1224,7 +1224,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 43 | break; | ||
| 44 | } | ||
| 45 | |||
| 46 | - prev_req = NULL; | ||
| 47 | req = radius->msgs; | ||
| 48 | while (req) { | ||
| 49 | /* TODO: also match by src addr:port of the packet when using | ||
| 50 | @@ -1236,7 +1235,6 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 51 | hdr->identifier) | ||
| 52 | break; | ||
| 53 | |||
| 54 | - prev_req = req; | ||
| 55 | req = req->next; | ||
| 56 | } | ||
| 57 | |||
| 58 | @@ -1270,6 +1268,12 @@ static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) | ||
| 59 | /* fall through */ | ||
| 60 | case RADIUS_RX_QUEUED: | ||
| 61 | /* Remove ACKed RADIUS packet from retransmit list */ | ||
| 62 | + prev_req = NULL; | ||
| 63 | + for (r = radius->msgs; r; r = r->next) { | ||
| 64 | + if (r == req) | ||
| 65 | + break; | ||
| 66 | + prev_req = r; | ||
| 67 | + } | ||
| 68 | if (prev_req) | ||
| 69 | prev_req->next = req->next; | ||
| 70 | else | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh deleted file mode 100644 index 35a1aa639e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh +++ /dev/null | |||
| @@ -1,86 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | |||
| 4 | WPA_SUP_BIN="/usr/sbin/wpa_supplicant" | ||
| 5 | WPA_SUP_PNAME="wpa_supplicant" | ||
| 6 | WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid" | ||
| 7 | WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant" | ||
| 8 | WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE" | ||
| 9 | |||
| 10 | VERBOSITY=0 | ||
| 11 | |||
| 12 | |||
| 13 | if [ -s "$IF_WPA_CONF" ]; then | ||
| 14 | WPA_SUP_CONF="-c $IF_WPA_CONF" | ||
| 15 | else | ||
| 16 | exit 0 | ||
| 17 | fi | ||
| 18 | |||
| 19 | if [ ! -x "$WPA_SUP_BIN" ]; then | ||
| 20 | |||
| 21 | if [ "$VERBOSITY" = "1" ]; then | ||
| 22 | echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN" | ||
| 23 | fi | ||
| 24 | |||
| 25 | exit 1 | ||
| 26 | fi | ||
| 27 | |||
| 28 | if [ "$MODE" = "start" ] ; then | ||
| 29 | # driver type of interface, defaults to wext when undefined | ||
| 30 | if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then | ||
| 31 | IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE") | ||
| 32 | elif [ -z "$IF_WPA_DRIVER" ]; then | ||
| 33 | |||
| 34 | if [ "$VERBOSITY" = "1" ]; then | ||
| 35 | echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\"" | ||
| 36 | fi | ||
| 37 | |||
| 38 | IF_WPA_DRIVER="wext" | ||
| 39 | fi | ||
| 40 | |||
| 41 | # if we have passed the criteria, start wpa_supplicant | ||
| 42 | if [ -n "$WPA_SUP_CONF" ]; then | ||
| 43 | |||
| 44 | if [ "$VERBOSITY" = "1" ]; then | ||
| 45 | echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER" | ||
| 46 | fi | ||
| 47 | |||
| 48 | start-stop-daemon --start --quiet \ | ||
| 49 | --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \ | ||
| 50 | -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER | ||
| 51 | fi | ||
| 52 | |||
| 53 | # if the interface socket exists, then wpa_supplicant was invoked successfully | ||
| 54 | if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then | ||
| 55 | |||
| 56 | if [ "$VERBOSITY" = "1" ]; then | ||
| 57 | echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE" | ||
| 58 | fi | ||
| 59 | |||
| 60 | exit 0 | ||
| 61 | |||
| 62 | fi | ||
| 63 | |||
| 64 | elif [ "$MODE" = "stop" ]; then | ||
| 65 | |||
| 66 | if [ -f "$WPA_SUP_PIDFILE" ]; then | ||
| 67 | |||
| 68 | if [ "$VERBOSITY" = "1" ]; then | ||
| 69 | echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon" | ||
| 70 | fi | ||
| 71 | |||
| 72 | start-stop-daemon --stop --quiet \ | ||
| 73 | --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE | ||
| 74 | |||
| 75 | if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then | ||
| 76 | rm -f $WPA_COMMON_CTRL_IFACE/$IFACE | ||
| 77 | fi | ||
| 78 | |||
| 79 | if [ -f "$WPA_SUP_PIDFILE" ]; then | ||
| 80 | rm -f $WPA_SUP_PIDFILE | ||
| 81 | fi | ||
| 82 | fi | ||
| 83 | |||
| 84 | fi | ||
| 85 | |||
| 86 | exit 0 | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf deleted file mode 100644 index 68258f5ee2..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf +++ /dev/null | |||
| @@ -1,690 +0,0 @@ | |||
| 1 | ##### Example wpa_supplicant configuration file ############################### | ||
| 2 | # | ||
| 3 | # This file describes configuration file format and lists all available option. | ||
| 4 | # Please also take a look at simpler configuration examples in 'examples' | ||
| 5 | # subdirectory. | ||
| 6 | # | ||
| 7 | # Empty lines and lines starting with # are ignored | ||
| 8 | |||
| 9 | # NOTE! This file may contain password information and should probably be made | ||
| 10 | # readable only by root user on multiuser systems. | ||
| 11 | |||
| 12 | # Note: All file paths in this configuration file should use full (absolute, | ||
| 13 | # not relative to working directory) path in order to allow working directory | ||
| 14 | # to be changed. This can happen if wpa_supplicant is run in the background. | ||
| 15 | |||
| 16 | # Whether to allow wpa_supplicant to update (overwrite) configuration | ||
| 17 | # | ||
| 18 | # This option can be used to allow wpa_supplicant to overwrite configuration | ||
| 19 | # file whenever configuration is changed (e.g., new network block is added with | ||
| 20 | # wpa_cli or wpa_gui, or a password is changed). This is required for | ||
| 21 | # wpa_cli/wpa_gui to be able to store the configuration changes permanently. | ||
| 22 | # Please note that overwriting configuration file will remove the comments from | ||
| 23 | # it. | ||
| 24 | #update_config=1 | ||
| 25 | |||
| 26 | # global configuration (shared by all network blocks) | ||
| 27 | # | ||
| 28 | # Parameters for the control interface. If this is specified, wpa_supplicant | ||
| 29 | # will open a control interface that is available for external programs to | ||
| 30 | # manage wpa_supplicant. The meaning of this string depends on which control | ||
| 31 | # interface mechanism is used. For all cases, the existence of this parameter | ||
| 32 | # in configuration is used to determine whether the control interface is | ||
| 33 | # enabled. | ||
| 34 | # | ||
| 35 | # For UNIX domain sockets (default on Linux and BSD): This is a directory that | ||
| 36 | # will be created for UNIX domain sockets for listening to requests from | ||
| 37 | # external programs (CLI/GUI, etc.) for status information and configuration. | ||
| 38 | # The socket file will be named based on the interface name, so multiple | ||
| 39 | # wpa_supplicant processes can be run at the same time if more than one | ||
| 40 | # interface is used. | ||
| 41 | # /var/run/wpa_supplicant is the recommended directory for sockets and by | ||
| 42 | # default, wpa_cli will use it when trying to connect with wpa_supplicant. | ||
| 43 | # | ||
| 44 | # Access control for the control interface can be configured by setting the | ||
| 45 | # directory to allow only members of a group to use sockets. This way, it is | ||
| 46 | # possible to run wpa_supplicant as root (since it needs to change network | ||
| 47 | # configuration and open raw sockets) and still allow GUI/CLI components to be | ||
| 48 | # run as non-root users. However, since the control interface can be used to | ||
| 49 | # change the network configuration, this access needs to be protected in many | ||
| 50 | # cases. By default, wpa_supplicant is configured to use gid 0 (root). If you | ||
| 51 | # want to allow non-root users to use the control interface, add a new group | ||
| 52 | # and change this value to match with that group. Add users that should have | ||
| 53 | # control interface access to this group. If this variable is commented out or | ||
| 54 | # not included in the configuration file, group will not be changed from the | ||
| 55 | # value it got by default when the directory or socket was created. | ||
| 56 | # | ||
| 57 | # When configuring both the directory and group, use following format: | ||
| 58 | # DIR=/var/run/wpa_supplicant GROUP=wheel | ||
| 59 | # DIR=/var/run/wpa_supplicant GROUP=0 | ||
| 60 | # (group can be either group name or gid) | ||
| 61 | # | ||
| 62 | # For UDP connections (default on Windows): The value will be ignored. This | ||
| 63 | # variable is just used to select that the control interface is to be created. | ||
| 64 | # The value can be set to, e.g., udp (ctrl_interface=udp) | ||
| 65 | # | ||
| 66 | # For Windows Named Pipe: This value can be used to set the security descriptor | ||
| 67 | # for controlling access to the control interface. Security descriptor can be | ||
| 68 | # set using Security Descriptor String Format (see http://msdn.microsoft.com/ | ||
| 69 | # library/default.asp?url=/library/en-us/secauthz/security/ | ||
| 70 | # security_descriptor_string_format.asp). The descriptor string needs to be | ||
| 71 | # prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty | ||
| 72 | # DACL (which will reject all connections). See README-Windows.txt for more | ||
| 73 | # information about SDDL string format. | ||
| 74 | # | ||
| 75 | ctrl_interface=/var/run/wpa_supplicant | ||
| 76 | |||
| 77 | # IEEE 802.1X/EAPOL version | ||
| 78 | # wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines | ||
| 79 | # EAPOL version 2. However, there are many APs that do not handle the new | ||
| 80 | # version number correctly (they seem to drop the frames completely). In order | ||
| 81 | # to make wpa_supplicant interoperate with these APs, the version number is set | ||
| 82 | # to 1 by default. This configuration value can be used to set it to the new | ||
| 83 | # version (2). | ||
| 84 | eapol_version=1 | ||
| 85 | |||
| 86 | # AP scanning/selection | ||
| 87 | # By default, wpa_supplicant requests driver to perform AP scanning and then | ||
| 88 | # uses the scan results to select a suitable AP. Another alternative is to | ||
| 89 | # allow the driver to take care of AP scanning and selection and use | ||
| 90 | # wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association | ||
| 91 | # information from the driver. | ||
| 92 | # 1: wpa_supplicant initiates scanning and AP selection | ||
| 93 | # 0: driver takes care of scanning, AP selection, and IEEE 802.11 association | ||
| 94 | # parameters (e.g., WPA IE generation); this mode can also be used with | ||
| 95 | # non-WPA drivers when using IEEE 802.1X mode; do not try to associate with | ||
| 96 | # APs (i.e., external program needs to control association). This mode must | ||
| 97 | # also be used when using wired Ethernet drivers. | ||
| 98 | # 2: like 0, but associate with APs using security policy and SSID (but not | ||
| 99 | # BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to | ||
| 100 | # enable operation with hidden SSIDs and optimized roaming; in this mode, | ||
| 101 | # the network blocks in the configuration file are tried one by one until | ||
| 102 | # the driver reports successful association; each network block should have | ||
| 103 | # explicit security policy (i.e., only one option in the lists) for | ||
| 104 | # key_mgmt, pairwise, group, proto variables | ||
| 105 | ap_scan=1 | ||
| 106 | |||
| 107 | # EAP fast re-authentication | ||
| 108 | # By default, fast re-authentication is enabled for all EAP methods that | ||
| 109 | # support it. This variable can be used to disable fast re-authentication. | ||
| 110 | # Normally, there is no need to disable this. | ||
| 111 | fast_reauth=1 | ||
| 112 | |||
| 113 | # OpenSSL Engine support | ||
| 114 | # These options can be used to load OpenSSL engines. | ||
| 115 | # The two engines that are supported currently are shown below: | ||
| 116 | # They are both from the opensc project (http://www.opensc.org/) | ||
| 117 | # By default no engines are loaded. | ||
| 118 | # make the opensc engine available | ||
| 119 | #opensc_engine_path=/usr/lib/opensc/engine_opensc.so | ||
| 120 | # make the pkcs11 engine available | ||
| 121 | #pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so | ||
| 122 | # configure the path to the pkcs11 module required by the pkcs11 engine | ||
| 123 | #pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so | ||
| 124 | |||
| 125 | # Dynamic EAP methods | ||
| 126 | # If EAP methods were built dynamically as shared object files, they need to be | ||
| 127 | # loaded here before being used in the network blocks. By default, EAP methods | ||
| 128 | # are included statically in the build, so these lines are not needed | ||
| 129 | #load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so | ||
| 130 | #load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so | ||
| 131 | |||
| 132 | # Driver interface parameters | ||
| 133 | # This field can be used to configure arbitrary driver interace parameters. The | ||
| 134 | # format is specific to the selected driver interface. This field is not used | ||
| 135 | # in most cases. | ||
| 136 | #driver_param="field=value" | ||
| 137 | |||
| 138 | # Maximum lifetime for PMKSA in seconds; default 43200 | ||
| 139 | #dot11RSNAConfigPMKLifetime=43200 | ||
| 140 | # Threshold for reauthentication (percentage of PMK lifetime); default 70 | ||
| 141 | #dot11RSNAConfigPMKReauthThreshold=70 | ||
| 142 | # Timeout for security association negotiation in seconds; default 60 | ||
| 143 | #dot11RSNAConfigSATimeout=60 | ||
| 144 | |||
| 145 | # network block | ||
| 146 | # | ||
| 147 | # Each network (usually AP's sharing the same SSID) is configured as a separate | ||
| 148 | # block in this configuration file. The network blocks are in preference order | ||
| 149 | # (the first match is used). | ||
| 150 | # | ||
| 151 | # network block fields: | ||
| 152 | # | ||
| 153 | # disabled: | ||
| 154 | # 0 = this network can be used (default) | ||
| 155 | # 1 = this network block is disabled (can be enabled through ctrl_iface, | ||
| 156 | # e.g., with wpa_cli or wpa_gui) | ||
| 157 | # | ||
| 158 | # id_str: Network identifier string for external scripts. This value is passed | ||
| 159 | # to external action script through wpa_cli as WPA_ID_STR environment | ||
| 160 | # variable to make it easier to do network specific configuration. | ||
| 161 | # | ||
| 162 | # ssid: SSID (mandatory); either as an ASCII string with double quotation or | ||
| 163 | # as hex string; network name | ||
| 164 | # | ||
| 165 | # scan_ssid: | ||
| 166 | # 0 = do not scan this SSID with specific Probe Request frames (default) | ||
| 167 | # 1 = scan with SSID-specific Probe Request frames (this can be used to | ||
| 168 | # find APs that do not accept broadcast SSID or use multiple SSIDs; | ||
| 169 | # this will add latency to scanning, so enable this only when needed) | ||
| 170 | # | ||
| 171 | # bssid: BSSID (optional); if set, this network block is used only when | ||
| 172 | # associating with the AP using the configured BSSID | ||
| 173 | # | ||
| 174 | # priority: priority group (integer) | ||
| 175 | # By default, all networks will get same priority group (0). If some of the | ||
| 176 | # networks are more desirable, this field can be used to change the order in | ||
| 177 | # which wpa_supplicant goes through the networks when selecting a BSS. The | ||
| 178 | # priority groups will be iterated in decreasing priority (i.e., the larger the | ||
| 179 | # priority value, the sooner the network is matched against the scan results). | ||
| 180 | # Within each priority group, networks will be selected based on security | ||
| 181 | # policy, signal strength, etc. | ||
| 182 | # Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not | ||
| 183 | # using this priority to select the order for scanning. Instead, they try the | ||
| 184 | # networks in the order that used in the configuration file. | ||
| 185 | # | ||
| 186 | # mode: IEEE 802.11 operation mode | ||
| 187 | # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) | ||
| 188 | # 1 = IBSS (ad-hoc, peer-to-peer) | ||
| 189 | # Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) | ||
| 190 | # and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has | ||
| 191 | # to be set to 2 for IBSS. WPA-None requires following network block options: | ||
| 192 | # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not | ||
| 193 | # both), and psk must also be set. | ||
| 194 | # | ||
| 195 | # proto: list of accepted protocols | ||
| 196 | # WPA = WPA/IEEE 802.11i/D3.0 | ||
| 197 | # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) | ||
| 198 | # If not set, this defaults to: WPA RSN | ||
| 199 | # | ||
| 200 | # key_mgmt: list of accepted authenticated key management protocols | ||
| 201 | # WPA-PSK = WPA pre-shared key (this requires 'psk' field) | ||
| 202 | # WPA-EAP = WPA using EAP authentication (this can use an external | ||
| 203 | # program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication | ||
| 204 | # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically | ||
| 205 | # generated WEP keys | ||
| 206 | # NONE = WPA is not used; plaintext or static WEP could be used | ||
| 207 | # If not set, this defaults to: WPA-PSK WPA-EAP | ||
| 208 | # | ||
| 209 | # auth_alg: list of allowed IEEE 802.11 authentication algorithms | ||
| 210 | # OPEN = Open System authentication (required for WPA/WPA2) | ||
| 211 | # SHARED = Shared Key authentication (requires static WEP keys) | ||
| 212 | # LEAP = LEAP/Network EAP (only used with LEAP) | ||
| 213 | # If not set, automatic selection is used (Open System with LEAP enabled if | ||
| 214 | # LEAP is allowed as one of the EAP methods). | ||
| 215 | # | ||
| 216 | # pairwise: list of accepted pairwise (unicast) ciphers for WPA | ||
| 217 | # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] | ||
| 218 | # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] | ||
| 219 | # NONE = Use only Group Keys (deprecated, should not be included if APs support | ||
| 220 | # pairwise keys) | ||
| 221 | # If not set, this defaults to: CCMP TKIP | ||
| 222 | # | ||
| 223 | # group: list of accepted group (broadcast/multicast) ciphers for WPA | ||
| 224 | # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] | ||
| 225 | # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] | ||
| 226 | # WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key | ||
| 227 | # WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] | ||
| 228 | # If not set, this defaults to: CCMP TKIP WEP104 WEP40 | ||
| 229 | # | ||
| 230 | # psk: WPA preshared key; 256-bit pre-shared key | ||
| 231 | # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., | ||
| 232 | # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be | ||
| 233 | # generated using the passphrase and SSID). ASCII passphrase must be between | ||
| 234 | # 8 and 63 characters (inclusive). | ||
| 235 | # This field is not needed, if WPA-EAP is used. | ||
| 236 | # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys | ||
| 237 | # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant | ||
| 238 | # startup and reconfiguration time can be optimized by generating the PSK only | ||
| 239 | # only when the passphrase or SSID has actually changed. | ||
| 240 | # | ||
| 241 | # eapol_flags: IEEE 802.1X/EAPOL options (bit field) | ||
| 242 | # Dynamic WEP key required for non-WPA mode | ||
| 243 | # bit0 (1): require dynamically generated unicast WEP key | ||
| 244 | # bit1 (2): require dynamically generated broadcast WEP key | ||
| 245 | # (3 = require both keys; default) | ||
| 246 | # Note: When using wired authentication, eapol_flags must be set to 0 for the | ||
| 247 | # authentication to be completed successfully. | ||
| 248 | # | ||
| 249 | # proactive_key_caching: | ||
| 250 | # Enable/disable opportunistic PMKSA caching for WPA2. | ||
| 251 | # 0 = disabled (default) | ||
| 252 | # 1 = enabled | ||
| 253 | # | ||
| 254 | # wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or | ||
| 255 | # hex without quotation, e.g., 0102030405) | ||
| 256 | # wep_tx_keyidx: Default WEP key index (TX) (0..3) | ||
| 257 | # | ||
| 258 | # peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is | ||
| 259 | # allowed. This is only used with RSN/WPA2. | ||
| 260 | # 0 = disabled (default) | ||
| 261 | # 1 = enabled | ||
| 262 | #peerkey=1 | ||
| 263 | # | ||
| 264 | # Following fields are only used with internal EAP implementation. | ||
| 265 | # eap: space-separated list of accepted EAP methods | ||
| 266 | # MD5 = EAP-MD5 (unsecure and does not generate keying material -> | ||
| 267 | # cannot be used with WPA; to be used as a Phase 2 method | ||
| 268 | # with EAP-PEAP or EAP-TTLS) | ||
| 269 | # MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used | ||
| 270 | # as a Phase 2 method with EAP-PEAP or EAP-TTLS) | ||
| 271 | # OTP = EAP-OTP (cannot be used separately with WPA; to be used | ||
| 272 | # as a Phase 2 method with EAP-PEAP or EAP-TTLS) | ||
| 273 | # GTC = EAP-GTC (cannot be used separately with WPA; to be used | ||
| 274 | # as a Phase 2 method with EAP-PEAP or EAP-TTLS) | ||
| 275 | # TLS = EAP-TLS (client and server certificate) | ||
| 276 | # PEAP = EAP-PEAP (with tunnelled EAP authentication) | ||
| 277 | # TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 | ||
| 278 | # authentication) | ||
| 279 | # If not set, all compiled in methods are allowed. | ||
| 280 | # | ||
| 281 | # identity: Identity string for EAP | ||
| 282 | # anonymous_identity: Anonymous identity string for EAP (to be used as the | ||
| 283 | # unencrypted identity with EAP types that support different tunnelled | ||
| 284 | # identity, e.g., EAP-TTLS) | ||
| 285 | # password: Password string for EAP | ||
| 286 | # ca_cert: File path to CA certificate file (PEM/DER). This file can have one | ||
| 287 | # or more trusted CA certificates. If ca_cert and ca_path are not | ||
| 288 | # included, server certificate will not be verified. This is insecure and | ||
| 289 | # a trusted CA certificate should always be configured when using | ||
| 290 | # EAP-TLS/TTLS/PEAP. Full path should be used since working directory may | ||
| 291 | # change when wpa_supplicant is run in the background. | ||
| 292 | # On Windows, trusted CA certificates can be loaded from the system | ||
| 293 | # certificate store by setting this to cert_store://<name>, e.g., | ||
| 294 | # ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". | ||
| 295 | # Note that when running wpa_supplicant as an application, the user | ||
| 296 | # certificate store (My user account) is used, whereas computer store | ||
| 297 | # (Computer account) is used when running wpasvc as a service. | ||
| 298 | # ca_path: Directory path for CA certificate files (PEM). This path may | ||
| 299 | # contain multiple CA certificates in OpenSSL format. Common use for this | ||
| 300 | # is to point to system trusted CA list which is often installed into | ||
| 301 | # directory like /etc/ssl/certs. If configured, these certificates are | ||
| 302 | # added to the list of trusted CAs. ca_cert may also be included in that | ||
| 303 | # case, but it is not required. | ||
| 304 | # client_cert: File path to client certificate file (PEM/DER) | ||
| 305 | # Full path should be used since working directory may change when | ||
| 306 | # wpa_supplicant is run in the background. | ||
| 307 | # Alternatively, a named configuration blob can be used by setting this | ||
| 308 | # to blob://<blob name>. | ||
| 309 | # private_key: File path to client private key file (PEM/DER/PFX) | ||
| 310 | # When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be | ||
| 311 | # commented out. Both the private key and certificate will be read from | ||
| 312 | # the PKCS#12 file in this case. Full path should be used since working | ||
| 313 | # directory may change when wpa_supplicant is run in the background. | ||
| 314 | # Windows certificate store can be used by leaving client_cert out and | ||
| 315 | # configuring private_key in one of the following formats: | ||
| 316 | # cert://substring_to_match | ||
| 317 | # hash://certificate_thumbprint_in_hex | ||
| 318 | # for example: private_key="hash://63093aa9c47f56ae88334c7b65a4" | ||
| 319 | # Note that when running wpa_supplicant as an application, the user | ||
| 320 | # certificate store (My user account) is used, whereas computer store | ||
| 321 | # (Computer account) is used when running wpasvc as a service. | ||
| 322 | # Alternatively, a named configuration blob can be used by setting this | ||
| 323 | # to blob://<blob name>. | ||
| 324 | # private_key_passwd: Password for private key file (if left out, this will be | ||
| 325 | # asked through control interface) | ||
| 326 | # dh_file: File path to DH/DSA parameters file (in PEM format) | ||
| 327 | # This is an optional configuration file for setting parameters for an | ||
| 328 | # ephemeral DH key exchange. In most cases, the default RSA | ||
| 329 | # authentication does not use this configuration. However, it is possible | ||
| 330 | # setup RSA to use ephemeral DH key exchange. In addition, ciphers with | ||
| 331 | # DSA keys always use ephemeral DH keys. This can be used to achieve | ||
| 332 | # forward secrecy. If the file is in DSA parameters format, it will be | ||
| 333 | # automatically converted into DH params. | ||
| 334 | # subject_match: Substring to be matched against the subject of the | ||
| 335 | # authentication server certificate. If this string is set, the server | ||
| 336 | # sertificate is only accepted if it contains this string in the subject. | ||
| 337 | # The subject string is in following format: | ||
| 338 | # /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com | ||
| 339 | # altsubject_match: Semicolon separated string of entries to be matched against | ||
| 340 | # the alternative subject name of the authentication server certificate. | ||
| 341 | # If this string is set, the server sertificate is only accepted if it | ||
| 342 | # contains one of the entries in an alternative subject name extension. | ||
| 343 | # altSubjectName string is in following format: TYPE:VALUE | ||
| 344 | # Example: EMAIL:server@example.com | ||
| 345 | # Example: DNS:server.example.com;DNS:server2.example.com | ||
| 346 | # Following types are supported: EMAIL, DNS, URI | ||
| 347 | # phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters | ||
| 348 | # (string with field-value pairs, e.g., "peapver=0" or | ||
| 349 | # "peapver=1 peaplabel=1") | ||
| 350 | # 'peapver' can be used to force which PEAP version (0 or 1) is used. | ||
| 351 | # 'peaplabel=1' can be used to force new label, "client PEAP encryption", | ||
| 352 | # to be used during key derivation when PEAPv1 or newer. Most existing | ||
| 353 | # PEAPv1 implementation seem to be using the old label, "client EAP | ||
| 354 | # encryption", and wpa_supplicant is now using that as the default value. | ||
| 355 | # Some servers, e.g., Radiator, may require peaplabel=1 configuration to | ||
| 356 | # interoperate with PEAPv1; see eap_testing.txt for more details. | ||
| 357 | # 'peap_outer_success=0' can be used to terminate PEAP authentication on | ||
| 358 | # tunneled EAP-Success. This is required with some RADIUS servers that | ||
| 359 | # implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., | ||
| 360 | # Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode) | ||
| 361 | # include_tls_length=1 can be used to force wpa_supplicant to include | ||
| 362 | # TLS Message Length field in all TLS messages even if they are not | ||
| 363 | # fragmented. | ||
| 364 | # sim_min_num_chal=3 can be used to configure EAP-SIM to require three | ||
| 365 | # challenges (by default, it accepts 2 or 3) | ||
| 366 | # phase2: Phase2 (inner authentication with TLS tunnel) parameters | ||
| 367 | # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or | ||
| 368 | # "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS) | ||
| 369 | # Following certificate/private key fields are used in inner Phase2 | ||
| 370 | # authentication when using EAP-TTLS or EAP-PEAP. | ||
| 371 | # ca_cert2: File path to CA certificate file. This file can have one or more | ||
| 372 | # trusted CA certificates. If ca_cert2 and ca_path2 are not included, | ||
| 373 | # server certificate will not be verified. This is insecure and a trusted | ||
| 374 | # CA certificate should always be configured. | ||
| 375 | # ca_path2: Directory path for CA certificate files (PEM) | ||
| 376 | # client_cert2: File path to client certificate file | ||
| 377 | # private_key2: File path to client private key file | ||
| 378 | # private_key2_passwd: Password for private key file | ||
| 379 | # dh_file2: File path to DH/DSA parameters file (in PEM format) | ||
| 380 | # subject_match2: Substring to be matched against the subject of the | ||
| 381 | # authentication server certificate. | ||
| 382 | # altsubject_match2: Substring to be matched against the alternative subject | ||
| 383 | # name of the authentication server certificate. | ||
| 384 | # | ||
| 385 | # fragment_size: Maximum EAP fragment size in bytes (default 1398). | ||
| 386 | # This value limits the fragment size for EAP methods that support | ||
| 387 | # fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set | ||
| 388 | # small enough to make the EAP messages fit in MTU of the network | ||
| 389 | # interface used for EAPOL. The default value is suitable for most | ||
| 390 | # cases. | ||
| 391 | # | ||
| 392 | # EAP-PSK variables: | ||
| 393 | # eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format | ||
| 394 | # nai: user NAI | ||
| 395 | # | ||
| 396 | # EAP-PAX variables: | ||
| 397 | # eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format | ||
| 398 | # | ||
| 399 | # EAP-SAKE variables: | ||
| 400 | # eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format | ||
| 401 | # (this is concatenation of Root-Secret-A and Root-Secret-B) | ||
| 402 | # nai: user NAI (PEERID) | ||
| 403 | # | ||
| 404 | # EAP-GPSK variables: | ||
| 405 | # eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits) | ||
| 406 | # nai: user NAI (ID_Client) | ||
| 407 | # | ||
| 408 | # EAP-FAST variables: | ||
| 409 | # pac_file: File path for the PAC entries. wpa_supplicant will need to be able | ||
| 410 | # to create this file and write updates to it when PAC is being | ||
| 411 | # provisioned or refreshed. Full path to the file should be used since | ||
| 412 | # working directory may change when wpa_supplicant is run in the | ||
| 413 | # background. Alternatively, a named configuration blob can be used by | ||
| 414 | # setting this to blob://<blob name> | ||
| 415 | # phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST | ||
| 416 | # credentials (PAC) | ||
| 417 | # | ||
| 418 | # wpa_supplicant supports number of "EAP workarounds" to work around | ||
| 419 | # interoperability issues with incorrectly behaving authentication servers. | ||
| 420 | # These are enabled by default because some of the issues are present in large | ||
| 421 | # number of authentication servers. Strict EAP conformance mode can be | ||
| 422 | # configured by disabling workarounds with eap_workaround=0. | ||
| 423 | |||
| 424 | # Example blocks: | ||
| 425 | |||
| 426 | # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers | ||
| 427 | network={ | ||
| 428 | ssid="simple" | ||
| 429 | psk="very secret passphrase" | ||
| 430 | priority=5 | ||
| 431 | } | ||
| 432 | |||
| 433 | # Same as previous, but request SSID-specific scanning (for APs that reject | ||
| 434 | # broadcast SSID) | ||
| 435 | network={ | ||
| 436 | ssid="second ssid" | ||
| 437 | scan_ssid=1 | ||
| 438 | psk="very secret passphrase" | ||
| 439 | priority=2 | ||
| 440 | } | ||
| 441 | |||
| 442 | # Only WPA-PSK is used. Any valid cipher combination is accepted. | ||
| 443 | network={ | ||
| 444 | ssid="example" | ||
| 445 | proto=WPA | ||
| 446 | key_mgmt=WPA-PSK | ||
| 447 | pairwise=CCMP TKIP | ||
| 448 | group=CCMP TKIP WEP104 WEP40 | ||
| 449 | psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb | ||
| 450 | priority=2 | ||
| 451 | } | ||
| 452 | |||
| 453 | # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 | ||
| 454 | # or WEP40 as the group cipher will not be accepted. | ||
| 455 | network={ | ||
| 456 | ssid="example" | ||
| 457 | proto=RSN | ||
| 458 | key_mgmt=WPA-EAP | ||
| 459 | pairwise=CCMP TKIP | ||
| 460 | group=CCMP TKIP | ||
| 461 | eap=TLS | ||
| 462 | identity="user@example.com" | ||
| 463 | ca_cert="/etc/cert/ca.pem" | ||
| 464 | client_cert="/etc/cert/user.pem" | ||
| 465 | private_key="/etc/cert/user.prv" | ||
| 466 | private_key_passwd="password" | ||
| 467 | priority=1 | ||
| 468 | } | ||
| 469 | |||
| 470 | # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel | ||
| 471 | # (e.g., Radiator) | ||
| 472 | network={ | ||
| 473 | ssid="example" | ||
| 474 | key_mgmt=WPA-EAP | ||
| 475 | eap=PEAP | ||
| 476 | identity="user@example.com" | ||
| 477 | password="foobar" | ||
| 478 | ca_cert="/etc/cert/ca.pem" | ||
| 479 | phase1="peaplabel=1" | ||
| 480 | phase2="auth=MSCHAPV2" | ||
| 481 | priority=10 | ||
| 482 | } | ||
| 483 | |||
| 484 | # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the | ||
| 485 | # unencrypted use. Real identity is sent only within an encrypted TLS tunnel. | ||
| 486 | network={ | ||
| 487 | ssid="example" | ||
| 488 | key_mgmt=WPA-EAP | ||
| 489 | eap=TTLS | ||
| 490 | identity="user@example.com" | ||
| 491 | anonymous_identity="anonymous@example.com" | ||
| 492 | password="foobar" | ||
| 493 | ca_cert="/etc/cert/ca.pem" | ||
| 494 | priority=2 | ||
| 495 | } | ||
| 496 | |||
| 497 | # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted | ||
| 498 | # use. Real identity is sent only within an encrypted TLS tunnel. | ||
| 499 | network={ | ||
| 500 | ssid="example" | ||
| 501 | key_mgmt=WPA-EAP | ||
| 502 | eap=TTLS | ||
| 503 | identity="user@example.com" | ||
| 504 | anonymous_identity="anonymous@example.com" | ||
| 505 | password="foobar" | ||
| 506 | ca_cert="/etc/cert/ca.pem" | ||
| 507 | phase2="auth=MSCHAPV2" | ||
| 508 | } | ||
| 509 | |||
| 510 | # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner | ||
| 511 | # authentication. | ||
| 512 | network={ | ||
| 513 | ssid="example" | ||
| 514 | key_mgmt=WPA-EAP | ||
| 515 | eap=TTLS | ||
| 516 | # Phase1 / outer authentication | ||
| 517 | anonymous_identity="anonymous@example.com" | ||
| 518 | ca_cert="/etc/cert/ca.pem" | ||
| 519 | # Phase 2 / inner authentication | ||
| 520 | phase2="autheap=TLS" | ||
| 521 | ca_cert2="/etc/cert/ca2.pem" | ||
| 522 | client_cert2="/etc/cer/user.pem" | ||
| 523 | private_key2="/etc/cer/user.prv" | ||
| 524 | private_key2_passwd="password" | ||
| 525 | priority=2 | ||
| 526 | } | ||
| 527 | |||
| 528 | # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and | ||
| 529 | # group cipher. | ||
| 530 | network={ | ||
| 531 | ssid="example" | ||
| 532 | bssid=00:11:22:33:44:55 | ||
| 533 | proto=WPA RSN | ||
| 534 | key_mgmt=WPA-PSK WPA-EAP | ||
| 535 | pairwise=CCMP | ||
| 536 | group=CCMP | ||
| 537 | psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb | ||
| 538 | } | ||
| 539 | |||
| 540 | # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP | ||
| 541 | # and all valid ciphers. | ||
| 542 | network={ | ||
| 543 | ssid=00010203 | ||
| 544 | psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f | ||
| 545 | } | ||
| 546 | |||
| 547 | |||
| 548 | # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using | ||
| 549 | # EAP-TLS for authentication and key generation; require both unicast and | ||
| 550 | # broadcast WEP keys. | ||
| 551 | network={ | ||
| 552 | ssid="1x-test" | ||
| 553 | key_mgmt=IEEE8021X | ||
| 554 | eap=TLS | ||
| 555 | identity="user@example.com" | ||
| 556 | ca_cert="/etc/cert/ca.pem" | ||
| 557 | client_cert="/etc/cert/user.pem" | ||
| 558 | private_key="/etc/cert/user.prv" | ||
| 559 | private_key_passwd="password" | ||
| 560 | eapol_flags=3 | ||
| 561 | } | ||
| 562 | |||
| 563 | |||
| 564 | # LEAP with dynamic WEP keys | ||
| 565 | network={ | ||
| 566 | ssid="leap-example" | ||
| 567 | key_mgmt=IEEE8021X | ||
| 568 | eap=LEAP | ||
| 569 | identity="user" | ||
| 570 | password="foobar" | ||
| 571 | } | ||
| 572 | |||
| 573 | # Plaintext connection (no WPA, no IEEE 802.1X) | ||
| 574 | network={ | ||
| 575 | ssid="plaintext-test" | ||
| 576 | key_mgmt=NONE | ||
| 577 | } | ||
| 578 | |||
| 579 | |||
| 580 | # Shared WEP key connection (no WPA, no IEEE 802.1X) | ||
| 581 | network={ | ||
| 582 | ssid="static-wep-test" | ||
| 583 | key_mgmt=NONE | ||
| 584 | wep_key0="abcde" | ||
| 585 | wep_key1=0102030405 | ||
| 586 | wep_key2="1234567890123" | ||
| 587 | wep_tx_keyidx=0 | ||
| 588 | priority=5 | ||
| 589 | } | ||
| 590 | |||
| 591 | |||
| 592 | # Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key | ||
| 593 | # IEEE 802.11 authentication | ||
| 594 | network={ | ||
| 595 | ssid="static-wep-test2" | ||
| 596 | key_mgmt=NONE | ||
| 597 | wep_key0="abcde" | ||
| 598 | wep_key1=0102030405 | ||
| 599 | wep_key2="1234567890123" | ||
| 600 | wep_tx_keyidx=0 | ||
| 601 | priority=5 | ||
| 602 | auth_alg=SHARED | ||
| 603 | } | ||
| 604 | |||
| 605 | |||
| 606 | # IBSS/ad-hoc network with WPA-None/TKIP. | ||
| 607 | network={ | ||
| 608 | ssid="test adhoc" | ||
| 609 | mode=1 | ||
| 610 | proto=WPA | ||
| 611 | key_mgmt=WPA-NONE | ||
| 612 | pairwise=NONE | ||
| 613 | group=TKIP | ||
| 614 | psk="secret passphrase" | ||
| 615 | } | ||
| 616 | |||
| 617 | |||
| 618 | # Catch all example that allows more or less all configuration modes | ||
| 619 | network={ | ||
| 620 | ssid="example" | ||
| 621 | scan_ssid=1 | ||
| 622 | key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE | ||
| 623 | pairwise=CCMP TKIP | ||
| 624 | group=CCMP TKIP WEP104 WEP40 | ||
| 625 | psk="very secret passphrase" | ||
| 626 | eap=TTLS PEAP TLS | ||
| 627 | identity="user@example.com" | ||
| 628 | password="foobar" | ||
| 629 | ca_cert="/etc/cert/ca.pem" | ||
| 630 | client_cert="/etc/cert/user.pem" | ||
| 631 | private_key="/etc/cert/user.prv" | ||
| 632 | private_key_passwd="password" | ||
| 633 | phase1="peaplabel=0" | ||
| 634 | } | ||
| 635 | |||
| 636 | # Example of EAP-TLS with smartcard (openssl engine) | ||
| 637 | network={ | ||
| 638 | ssid="example" | ||
| 639 | key_mgmt=WPA-EAP | ||
| 640 | eap=TLS | ||
| 641 | proto=RSN | ||
| 642 | pairwise=CCMP TKIP | ||
| 643 | group=CCMP TKIP | ||
| 644 | identity="user@example.com" | ||
| 645 | ca_cert="/etc/cert/ca.pem" | ||
| 646 | client_cert="/etc/cert/user.pem" | ||
| 647 | |||
| 648 | engine=1 | ||
| 649 | |||
| 650 | # The engine configured here must be available. Look at | ||
| 651 | # OpenSSL engine support in the global section. | ||
| 652 | # The key available through the engine must be the private key | ||
| 653 | # matching the client certificate configured above. | ||
| 654 | |||
| 655 | # use the opensc engine | ||
| 656 | #engine_id="opensc" | ||
| 657 | #key_id="45" | ||
| 658 | |||
| 659 | # use the pkcs11 engine | ||
| 660 | engine_id="pkcs11" | ||
| 661 | key_id="id_45" | ||
| 662 | |||
| 663 | # Optional PIN configuration; this can be left out and PIN will be | ||
| 664 | # asked through the control interface | ||
| 665 | pin="1234" | ||
| 666 | } | ||
| 667 | |||
| 668 | # Example configuration showing how to use an inlined blob as a CA certificate | ||
| 669 | # data instead of using external file | ||
| 670 | network={ | ||
| 671 | ssid="example" | ||
| 672 | key_mgmt=WPA-EAP | ||
| 673 | eap=TTLS | ||
| 674 | identity="user@example.com" | ||
| 675 | anonymous_identity="anonymous@example.com" | ||
| 676 | password="foobar" | ||
| 677 | ca_cert="blob://exampleblob" | ||
| 678 | priority=20 | ||
| 679 | } | ||
| 680 | |||
| 681 | blob-base64-exampleblob={ | ||
| 682 | SGVsbG8gV29ybGQhCg== | ||
| 683 | } | ||
| 684 | |||
| 685 | |||
| 686 | # Wildcard match for SSID (plaintext APs only). This example select any | ||
| 687 | # open AP regardless of its SSID. | ||
| 688 | network={ | ||
| 689 | key_mgmt=NONE | ||
| 690 | } | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane deleted file mode 100644 index c91ffe0c84..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane +++ /dev/null | |||
| @@ -1,7 +0,0 @@ | |||
| 1 | ctrl_interface=/var/run/wpa_supplicant | ||
| 2 | ctrl_interface_group=0 | ||
| 3 | update_config=1 | ||
| 4 | |||
| 5 | network={ | ||
| 6 | key_mgmt=NONE | ||
| 7 | } | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb deleted file mode 100644 index ffb1cf617d..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb +++ /dev/null | |||
| @@ -1,139 +0,0 @@ | |||
| 1 | SUMMARY = "Client for Wi-Fi Protected Access (WPA)" | ||
| 2 | DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver." | ||
| 3 | HOMEPAGE = "http://w1.fi/wpa_supplicant/" | ||
| 4 | BUGTRACKER = "http://w1.fi/security/" | ||
| 5 | SECTION = "network" | ||
| 6 | LICENSE = "BSD-3-Clause" | ||
| 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \ | ||
| 8 | file://README;beginline=1;endline=56;md5=6e4b25e7d74bfc44a32ba37bdf5210a6 \ | ||
| 9 | file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=f5ccd57ea91e04800edb88267bf8eae4" | ||
| 10 | |||
| 11 | DEPENDS = "dbus libnl" | ||
| 12 | |||
| 13 | SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ | ||
| 14 | file://wpa-supplicant.sh \ | ||
| 15 | file://wpa_supplicant.conf \ | ||
| 16 | file://wpa_supplicant.conf-sane \ | ||
| 17 | file://99_wpa_supplicant \ | ||
| 18 | file://0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch \ | ||
| 19 | file://CVE-2025-24912-01.patch \ | ||
| 20 | file://CVE-2025-24912-02.patch \ | ||
| 21 | " | ||
| 22 | SRC_URI[sha256sum] = "912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a" | ||
| 23 | |||
| 24 | S = "${UNPACKDIR}/wpa_supplicant-${PV}" | ||
| 25 | |||
| 26 | inherit pkgconfig systemd | ||
| 27 | |||
| 28 | PACKAGECONFIG ?= "openssl" | ||
| 29 | PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt" | ||
| 30 | PACKAGECONFIG[openssl] = ",,openssl" | ||
| 31 | |||
| 32 | CVE_PRODUCT = "wpa_supplicant" | ||
| 33 | |||
| 34 | CVE_STATUS[CVE-2024-5290] = "not-applicable-platform: this only affects Ubuntu and other platforms patching wpa-supplicant" | ||
| 35 | |||
| 36 | EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'" | ||
| 37 | |||
| 38 | do_configure () { | ||
| 39 | ${MAKE} -C wpa_supplicant clean | ||
| 40 | sed -e '/^CONFIG_TLS=/d' <wpa_supplicant/defconfig >wpa_supplicant/.config | ||
| 41 | |||
| 42 | if ${@ bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d) }; then | ||
| 43 | echo 'CONFIG_TLS=openssl' >>wpa_supplicant/.config | ||
| 44 | elif ${@ bb.utils.contains('PACKAGECONFIG', 'gnutls', 'true', 'false', d) }; then | ||
| 45 | echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config | ||
| 46 | sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ | ||
| 47 | -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ | ||
| 48 | -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config | ||
| 49 | fi | ||
| 50 | |||
| 51 | # For rebuild | ||
| 52 | rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d | ||
| 53 | } | ||
| 54 | |||
| 55 | do_compile () { | ||
| 56 | oe_runmake -C wpa_supplicant | ||
| 57 | if [ -z "${DISABLE_STATIC}" ]; then | ||
| 58 | oe_runmake -C wpa_supplicant libwpa_client.a | ||
| 59 | fi | ||
| 60 | } | ||
| 61 | |||
| 62 | do_install () { | ||
| 63 | oe_runmake -C wpa_supplicant DESTDIR="${D}" install | ||
| 64 | |||
| 65 | install -d ${D}${docdir}/wpa_supplicant | ||
| 66 | install -m 644 wpa_supplicant/README ${UNPACKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant | ||
| 67 | |||
| 68 | install -d ${D}${sysconfdir} | ||
| 69 | install -m 600 ${UNPACKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf | ||
| 70 | |||
| 71 | install -d ${D}${sysconfdir}/network/if-pre-up.d/ | ||
| 72 | install -d ${D}${sysconfdir}/network/if-post-down.d/ | ||
| 73 | install -d ${D}${sysconfdir}/network/if-down.d/ | ||
| 74 | install -m 755 ${UNPACKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant | ||
| 75 | ln -sf ../if-pre-up.d/wpa-supplicant ${D}${sysconfdir}/network/if-post-down.d/wpa-supplicant | ||
| 76 | |||
| 77 | install -d ${D}/${sysconfdir}/dbus-1/system.d | ||
| 78 | install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d | ||
| 79 | install -d ${D}/${datadir}/dbus-1/system-services | ||
| 80 | install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services | ||
| 81 | |||
| 82 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | ||
| 83 | install -d ${D}/${systemd_system_unitdir} | ||
| 84 | install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir} | ||
| 85 | fi | ||
| 86 | |||
| 87 | install -d ${D}/etc/default/volatiles | ||
| 88 | install -m 0644 ${UNPACKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles | ||
| 89 | |||
| 90 | install -d ${D}${includedir} | ||
| 91 | install -m 0644 ${S}/src/common/wpa_ctrl.h ${D}${includedir} | ||
| 92 | |||
| 93 | if [ -z "${DISABLE_STATIC}" ]; then | ||
| 94 | install -d ${D}${libdir} | ||
| 95 | install -m 0644 wpa_supplicant/libwpa_client.a ${D}${libdir} | ||
| 96 | fi | ||
| 97 | } | ||
| 98 | |||
| 99 | pkg_postinst:${PN} () { | ||
| 100 | # If we're offline, we don't need to do this. | ||
| 101 | if [ "x$D" = "x" ]; then | ||
| 102 | killall -q -HUP dbus-daemon || true | ||
| 103 | fi | ||
| 104 | } | ||
| 105 | |||
| 106 | PACKAGE_BEFORE_PN += "${PN}-passphrase ${PN}-cli" | ||
| 107 | PACKAGES =+ "${PN}-lib" | ||
| 108 | PACKAGES += "${PN}-plugins" | ||
| 109 | ALLOW_EMPTY:${PN}-plugins = "1" | ||
| 110 | |||
| 111 | PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" | ||
| 112 | NOAUTOPACKAGEDEBUG = "1" | ||
| 113 | |||
| 114 | FILES:${PN}-passphrase = "${sbindir}/wpa_passphrase" | ||
| 115 | FILES:${PN}-cli = "${sbindir}/wpa_cli" | ||
| 116 | FILES:${PN}-lib = "${libdir}/libwpa_client*${SOLIBSDEV}" | ||
| 117 | FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*" | ||
| 118 | FILES:${PN}-dbg += "${sbindir}/.debug ${libdir}/.debug" | ||
| 119 | |||
| 120 | CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf" | ||
| 121 | |||
| 122 | RRECOMMENDS:${PN} = "${PN}-passphrase ${PN}-cli ${PN}-plugins" | ||
| 123 | |||
| 124 | SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service" | ||
| 125 | SYSTEMD_AUTO_ENABLE = "disable" | ||
| 126 | |||
| 127 | python split_wpa_supplicant_libs () { | ||
| 128 | libdir = d.expand('${libdir}/wpa_supplicant') | ||
| 129 | dbglibdir = os.path.join(libdir, '.debug') | ||
| 130 | |||
| 131 | split_packages = do_split_packages(d, libdir, r'^(.*)\.so', '${PN}-plugin-%s', 'wpa_supplicant %s plugin', prepend=True) | ||
| 132 | split_dbg_packages = do_split_packages(d, dbglibdir, r'^(.*)\.so', '${PN}-plugin-%s-dbg', 'wpa_supplicant %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') | ||
| 133 | |||
| 134 | if split_packages: | ||
| 135 | pn = d.getVar('PN') | ||
| 136 | d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages)) | ||
| 137 | d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages)) | ||
| 138 | } | ||
| 139 | PACKAGESPLITFUNCS += "split_wpa_supplicant_libs" | ||
